/[mwsec]/trunk
ViewVC logotype

Log of /trunk

View Directory Listing Directory Listing


Sticky Revision:

Revision 18905 - Directory Listing
Modified Mon Sep 20 11:47:11 2021 UTC (3 weeks, 4 days ago) by msalle
OpenSSL 3.0 no longer uses function in error

"function" is no longer used in packed errors, see e.g.
https://github.com/openssl/openssl/pull/9058
We need to make sure that we do not still set them using ERR_PACK(), since that
would overwrite the library name instead.


Revision 18902 - Directory Listing
Modified Wed May 5 19:29:35 2021 UTC (5 months, 1 week ago) by msalle
Update ChangeLog for 1.3.2 release


Revision 18900 - Directory Listing
Modified Wed May 5 19:07:50 2021 UTC (5 months, 1 week ago) by msalle
Further ensure prev_endpoint is initialised

Make sure to initialise prev_endpoint each time we initialise the pep.


Revision 18899 - Directory Listing
Modified Wed May 5 17:11:40 2021 UTC (5 months, 1 week ago) by msalle
Properly re-initialise the statics during cleanup

When cleaning up we need to reset the global statics back to NULL. Failing to do
so can lead to a double free and a failure to re-set the endpoint in the
argus-pep library when the plugin is run more than once in the same binary.


Revision 18894 - Directory Listing
Modified Fri Oct 23 07:29:32 2020 UTC (11 months, 3 weeks ago) by msalle
Update ChangeLog for 0.0.11 release


Revision 18893 - Directory Listing
Modified Wed Oct 21 15:29:36 2020 UTC (11 months, 3 weeks ago) by msalle
Bugfix: need to match also tabs

Need to match serial in index.txt with pre and post tab character or it might
match other parts of the file.


Revision 18890 - Directory Listing
Modified Wed Oct 21 13:15:17 2020 UTC (11 months, 3 weeks ago) by msalle
Update ChangeLog for 0.0.10 release


Revision 18888 - Directory Listing
Modified Tue Oct 20 18:39:19 2020 UTC (11 months, 3 weeks ago) by msalle
Several bugfixes, version now 0.0.10

- The etoken-ca-server MUST also revoke 'its own' serials even if they are
  higher than the current nextserial, since a different backend might have
  revoked it. If a similar but reversed situation exists on the other backend
  this would result in continuous mismatch between the highest-crlnumber CRLs,
  leading to a continuous release of new CRLs. Only if the serial would not yet
  be on a CRL could the etoken-ca-server safely refuse, but the etoken-ca-server
  itself does not reliably know about that. We also remove the restriction from
  revoke-cert which has no knowledge about CRLs. Both restrictions in any case
  were doubtful since one could revoke via a different frontend.
- missing definition of function warn() in etoken-ca-server (not used currently)
- in bash 4.2 as used on CentOS7 it's still necessary to give the bash builtin
  printf "%(datefmt)T" construct a -1 to get the current time. From bash 4.3 not
  giving -1 is equivalent to that but for 4.2 it's equivalent to 0 meaning
  1/1/1970 0:00 UTC.


Revision 18885 - Directory Listing
Modified Tue Oct 20 08:53:15 2020 UTC (11 months, 3 weeks ago) by msalle
Update ChangeLog for 0.0.9 release


Revision 18884 - Directory Listing
Modified Tue Oct 20 08:52:19 2020 UTC (11 months, 3 weeks ago) by msalle
Also log the main PID in the mainloop itself

Logging it ensures it also ends up clearly in the logfile.


Revision 18883 - Directory Listing
Modified Mon Oct 19 21:23:44 2020 UTC (11 months, 3 weeks ago) by msalle
Fix and improve logging

Add separate filelogger instead of just sending to LOG_FILE, such that we can
prefix with the date, prog and pid there instead of in the debug(), info() and
error() functions which are also used for syslog. We move the syslog part to
syslogger().

For both filelogger and syslogger we redirect both stdout and stderr together
(exec &>). The stdout of the tee in the syslogger can go to either stdout or
stderr since both have been redirected by filelogger to file.
Both loggers are setup via setuplogging(). It first redirects both fd 1 and 2
to /dev/null which kills any previous file or syslogger since it needs to be
able to reopen on SIGHUP.

Note: Don't call the date command for each log line since it's very slow. Using
the pure Bash 4.2 printf construct is about 200 times faster than using $(date
...). A perl command is about the same, depending on the number of log entries.
Python would be even faster (+/- 2.5 times) but less clean and more dependent on
python version.


Revision 18882 - Directory Listing
Modified Fri Oct 16 13:48:47 2020 UTC (11 months, 4 weeks ago) by msalle
Update ChangeLog


Revision 18881 - Directory Listing
Modified Fri Oct 16 13:48:26 2020 UTC (11 months, 4 weeks ago) by msalle
Simplify logprefix since it would flood syslog.

- now just log the timestamp in the logfile, that's still duplicate with syslog,
  but fixing that would is more involved.
- expand a tab in revoke-cert


Revision 18880 - Directory Listing
Modified Fri Oct 16 13:39:45 2020 UTC (11 months, 4 weeks ago) by msalle
Update ChangeLog


Revision 18878 - Directory Listing
Modified Fri Oct 16 13:36:26 2020 UTC (11 months, 4 weeks ago) by msalle
Several update for HA and logging

- Bump version to 0.0.9
- bugfix:
    - if there wasn't any CRL yet, the stat command in the etoken-ca cron job
      could fail and error on stderr. Now just redirect its stderr to /dev/null
      and add a comment.
- bugfix:
    - printf "%d" with a float gives correct output but an error on stderr.
      Better just use "%.0f" instead.
- Add support for new 'information' files instead of pem certs, needed for
  revocation in HA setups:
    - The revoke-cert script:
	- update to also handle non-local certificates using information files
	  in ${CA_DIR}/ext
	- for serials matching our period/offset, serial must be < nextserial.
	  Note that we can only do this for those that haven't been issued,
	  since our period or offset might have changed.
	- an information file is created when needed in ${CA_DIR}/ext,
	  containing the date and 'REVOKED ON ${CA_ID}' as the DN.
	- cleanup parsing of input to also handle 0x...
    - The etoken-ca-server:
	- tries to find the first unused serial, since index.txt might now
	  already contain serials higher than our next serial (although that
	  normally shouldn't happen since 'our' serials cannot be revoked if
	  their serial is larger than next).
	- checks whether the symlink points to a pem or not, in the latter case,
	  it parses them as information files and using that information adds an
	  entry to the index.txt file. The revocation time is taken from the
	  info when present, otherwise current time.
	- since our crlserial file sometimes gets updated externally, chown it
	  back to ${CA_USER}:$CA_USER before using it.
    - update revoke-cert.8 manpage
    - add entry in NEWS file
- Add possibility to also log to syslog:
    - simply split stdout and stderr using tee to logger before starting
      mainloop.
    - enable using USE_SYSLOG (default 1), can set also SYSLOG_TAG, SYSLOG_FAC
      (facility) and SYSLOG_LEVEL.
    - defaults can be configured in configure, runtime in sysconfig file
    - update etoken-ca.5 manpage
    - add entry in NEWS file
- fix some typos in etoken-ca-server.8 and add LOG_FILE to the list of files.


Revision 18877 - Directory Listing
Modified Thu Oct 1 22:10:35 2020 UTC (12 months, 2 weeks ago) by msalle
Update ChangeLog


Revision 18873 - Directory Listing
Modified Thu Oct 1 21:13:55 2020 UTC (12 months, 2 weeks ago) by msalle
Add option to force revocation

revoke-cert used to always ask for user confirmation which makes it unsuitable
to call from a cronjob. Add -f option to force to revoke-cert and update
man-page. Also update NEWS file and configure.ac for 0.0.8 version.


Revision 18867 - Directory Listing
Modified Thu Sep 24 09:04:20 2020 UTC (12 months, 3 weeks ago) by msalle
Update ChangeLog for 0.0.7 release


Revision 18866 - Directory Listing
Modified Thu Sep 24 09:03:39 2020 UTC (12 months, 3 weeks ago) by msalle
Touch lock file, add performance options

- By touching the lock file during normal running, we can monitor the health of
  the server and act (e.g. via a cronjob) in case it has stopped. We touch it
  each time we check for the etoken (i.e. every usbsteps)
- Make several timeouts/sleep times configurable via sysconfig and with defaults
  set via configure script:
    - server:
	- USB_TIME_INTERVAL: how long between each check for the eToken
	- SLEEP_TIME: how long to sleep at the end of the inner loop
    - client:
	- REQUEST_SLEEP: how long to wait after pushing a request failed before
	  trying again.
	- CERT_SLEEP: how long to wait after checking for resulting cert before
	  trying again.
  This allows us to improve the performance on fast servers and fast backends
  (the eTokens typically don't reach more than about 1Hz anyway).
- Update etoken-ca.5 man page to reflect the new options and the lock file
  touching.
- Add section on performance tuning in the README.
- Add note on the new lock file touch in the token-ca-server.8 man page
- Update version to 0.0.7
- Update NEWS file for 0.0.7 release


Revision 18865 - Directory Listing
Modified Tue Jun 2 14:59:48 2020 UTC (16 months, 1 week ago) by msalle
Add default_san variable


Revision 18864 - Directory Listing
Modified Tue Jun 2 14:58:24 2020 UTC (16 months, 1 week ago) by msalle
Add support for EC user certs.


Revision 18863 - Directory Listing
Modified Tue Jun 2 14:18:37 2020 UTC (16 months, 1 week ago) by msalle
Add more complete SANs, minor bugfixes


Revision 18848 - Directory Listing
Modified Mon Mar 23 17:10:48 2020 UTC (18 months, 3 weeks ago) by msalle
Update ChangeLog for 0.5.8 release


Revision 18847 - Directory Listing
Modified Mon Mar 23 17:10:12 2020 UTC (18 months, 3 weeks ago) by msalle
Synchronize code with SCAS, update version

- Do not free compression methods explicitly for OpenSSL>=1.1. This is only
  necessary for the SCAS, but we share this part of the code.
- Update version to 0.5.8


Revision 18846 - Directory Listing
Modified Mon Mar 23 17:06:05 2020 UTC (18 months, 3 weeks ago) by msalle
Update ChangeLog for 0.4.5 release


Revision 18845 - Directory Listing
Modified Mon Mar 23 17:05:36 2020 UTC (18 months, 3 weeks ago) by msalle
Prevent double free, minor other fixes

- Do not free compression methods explicitly for OpenSSL>=1.1. This is prevents
  a double free when the SCAS exits. We keep the (now nested)
  #ifndef OPENSSL_NO_COMP for backwards compatibility.
- use 'su' in logrotate to user/group scas
- bump version to 0.4.5
- fix several typos


Revision 18842 - Directory Listing
Modified Mon Mar 23 16:26:47 2020 UTC (18 months, 3 weeks ago) by msalle
Update for release


Revision 18840 - Directory Listing
Modified Mon Mar 23 10:21:29 2020 UTC (18 months, 3 weeks ago) by msalle
Fixes for gSOAP>=2.8.75

Fix for changes introduced in gSOAP 2.8.75.
Building tested for gSOAP versions through 2.8.99.
Both client and server:
gSOAP has changed the vector type for XACMLcontext__AttributeType and
XACMLcontext__AttributeValueType and likewise for subject, resource and also in
the result, such that the push_back functions now need an indirection and the
iterators need to have the indirecton removed.
Due to the extra required indirection, we now need to call the push_back
functions only after the pushed back value is completely filled.
xacml_server.cpp: we cannot compare the subject iterator to NULL, but need to
check it's at the 'end' of the list.
xacml_client.cpp: protect against unset XACMLcontext__Status or
XACMLcontext__Status->XACMLcontext__StatusCode in the XACML results which would
otherwise lead to NULL pointer dereferencing.


Revision 18821 - Directory Listing
Modified Thu Jan 9 15:03:35 2020 UTC (21 months ago) by msalle
Update ChangeLog for 0.0.6 release


Revision 18820 - Directory Listing
Modified Thu Jan 9 15:02:26 2020 UTC (21 months ago) by msalle
Add missing extendedKeyUsage

We missed the extendedKeyUsage in the myproxy-openssl.cnf file.
Updating version and adding entry to NEWS file
--This line, and those below,to  will be ignored--

M    etoken-ca/NEWS
M    etoken-ca/configure.ac
M    etoken-ca/etc/myproxy-openssl.cnf.in


Revision 18815 - Directory Listing
Modified Thu Oct 3 11:11:23 2019 UTC (2 years ago) by msalle
Update ChangeLog for 0.0.5 release


Revision 18814 - Directory Listing
Modified Thu Oct 3 11:10:35 2019 UTC (2 years ago) by msalle
Make dynamic_path in openssl config configurable

The installation directory of the engine library is again changed in
openssl-pkcs11-0.4.10: now make it configurable and use the new
openssl-pkcs11-0.4.10 convention as default.


Revision 18810 - Directory Listing
Modified Tue Jan 8 09:01:41 2019 UTC (2 years, 9 months ago) by msalle
Fix typo


Revision 18809 - Directory Listing
Modified Tue Jan 8 09:00:51 2019 UTC (2 years, 9 months ago) by msalle
Fix typo


Revision 18806 - Directory Listing
Modified Mon Jan 7 13:56:34 2019 UTC (2 years, 9 months ago) by msalle
Numerous small improvements

- support for parallel build with make -j...
- add pepcli and gsi_pep_callout
- move to gridcf based gct instead of globus-toolkit
- do a chmod before removing dir (fixes problem with failed make distcheck)
- use 2.1 version for VOMS (needed for OpenSSL 1.1)
- do most build in a subdirectory to keep the root clean
- no longer support pep-api < 2
- fix gsoap for newer gsoaps
- patch gsoap.m4 for opensuse native gsoap-devel
- no longer support older xacml which had directory xacml-1.0
- fix scas' make_dist which also need the LD_LIBRARY_PATH
- move to canl-c 3.0.0.1 needed for OpenSSL 1.1 and fix build
- move to gridsite master (3.0...) needed for OpenSSL 1.1 and fix building of
  pkg-config file (required prefix= to be set)


Revision 18805 - Directory Listing
Modified Mon Jan 7 11:02:55 2019 UTC (2 years, 9 months ago) by msalle
Add support for pkg-config

- add support for pkg-config for the non-globus flavour
- cleanup code


Revision 18804 - Directory Listing
Modified Sun Jan 6 17:18:46 2019 UTC (2 years, 9 months ago) by msalle
Fix problem with newer gsoap

gsoap's soapcpp2 changed its flag for version info from -v to -V


Revision 18798 - Directory Listing
Modified Sun Dec 23 20:59:16 2018 UTC (2 years, 9 months ago) by msalle
Update ChangeLog for 0.4.4 release (missed file)


Revision 18797 - Directory Listing
Modified Sun Dec 23 20:58:09 2018 UTC (2 years, 9 months ago) by msalle
Add scasc service unit config file


Revision 18796 - Directory Listing
Modified Sun Dec 23 20:53:23 2018 UTC (2 years, 9 months ago) by msalle
Update ChangeLog for 0.4.4 release



Revision 18795 - Directory Listing
Modified Sun Dec 23 20:26:35 2018 UTC (2 years, 9 months ago) by msalle
Add support for systemd via a unit file

- Add choice between using init script or systemd unit configuration file.
- Add scas systemd unit config file template
- minor other improvements in configure.ac


Revision 18793 - Directory Listing
Modified Sun Dec 23 15:14:12 2018 UTC (2 years, 9 months ago) by msalle
Update ChangeLog for 0.2.2 release


Revision 18792 - Directory Listing
Modified Sun Dec 23 15:05:26 2018 UTC (2 years, 9 months ago) by msalle
Several improvements in the unit file

- Cannot really use ExecReload with a daemon that does not keep a 'main PID' as
  the EES does, so cannot use SIGHUP.
- Add Documentation
- remove echo in ExecStartPre, prevents duplicate log entry in journal
- fix bug in Requires and add network.target
- remove network-online.target from WantedBy


Revision 18791 - Directory Listing
Modified Sun Dec 23 15:02:22 2018 UTC (2 years, 9 months ago) by msalle
Should use sa_sigaction with SA_SIGINFO

Since we use SA_SIGINFO, we should use a sa_sigaction() not a sa_handler()
We could use sa_handler() and not set SA_SIGINFO, as we currently don't use more
than the signal number.
Fix one typo in log message for SIGTERM.


Revision 18790 - Directory Listing
Modified Fri Dec 21 11:38:25 2018 UTC (2 years, 9 months ago) by msalle
Add entry for new support for systemd 


Revision 18789 - Directory Listing
Modified Fri Dec 21 11:37:37 2018 UTC (2 years, 9 months ago) by msalle
Add systemd support

- Add choice between using init script or systemd unit configuration file.
- Add ees systemd unit config file template
- minor other improvements in configure.ac


Revision 18788 - Directory Listing
Modified Tue Dec 18 15:13:47 2018 UTC (2 years, 9 months ago) by msalle
Fix parallel compiling

Need to use _LDADD for local .la files, to trigger proper dependency resolution


Revision 18787 - Directory Listing
Modified Tue Dec 18 10:15:13 2018 UTC (2 years, 9 months ago) by msalle
gettimeofday requires sys/time.h, update version


Revision 18783 - Directory Listing
Modified Mon Dec 17 13:59:06 2018 UTC (2 years, 9 months ago) by msalle
Update ChangeLog for release 0.0.2


Revision 18782 - Directory Listing
Modified Mon Dec 17 13:58:44 2018 UTC (2 years, 9 months ago) by msalle
Update for version 0.0.2


Revision 18781 - Directory Listing
Modified Mon Dec 17 13:57:08 2018 UTC (2 years, 9 months ago) by msalle
Update ChangeLog


Revision 18780 - Directory Listing
Modified Mon Dec 17 13:56:31 2018 UTC (2 years, 9 months ago) by msalle
Add Tamas


Revision 18779 - Directory Listing
Modified Mon Dec 17 13:52:59 2018 UTC (2 years, 9 months ago) by msalle
Fix uppercase typo


Revision 18778 - Directory Listing
Modified Mon Oct 29 09:49:30 2018 UTC (2 years, 11 months ago) by msalle
Protect against NULL service name


Revision 18777 - Directory Listing
Modified Fri Sep 14 14:23:03 2018 UTC (3 years, 1 month ago) by msalle
Update version and NEWS file


Revision 18776 - Directory Listing
Modified Fri Sep 14 14:20:45 2018 UTC (3 years, 1 month ago) by msalle
Bump version


Revision 18775 - Directory Listing
Modified Fri Sep 14 14:18:17 2018 UTC (3 years, 1 month ago) by msalle
Fix compiler warnings

- index() requires strings.h
- set explicit define for _XOPEN_SOURCE to prevent problems with e.g. strdup()
  when compiling with -std=c99
- strlen() returns size_t


Revision 18774 - Directory Listing
Modified Fri Sep 14 14:16:10 2018 UTC (3 years, 1 month ago) by msalle
Fix some compiler warnings

- Add explicit _XOPEN_SOURCE macros, to prevent problems with e.g. strdup when
  compiling with -std=c99
- ERR_remove_state() is deprecated, only call it for older OpenSSL
- fix warning about signed/unsigned due to strlen returning size_t


Revision 18770 - Directory Listing
Modified Wed Aug 29 13:50:17 2018 UTC (3 years, 1 month ago) by msalle
Update ChangeLog for 0.0.4 release


Revision 18769 - Directory Listing
Modified Thu Aug 23 14:33:21 2018 UTC (3 years, 1 month ago) by msalle
Support for multiple CAs, small bugfix

- Add support for serial numbers of the form 'period * n + offset' via new
  settings SERIAL_PERIOD and SERIAL_OFFSET.
- Add support for a new configurable CA_ID, which is passed to the notifier hook
  (together with the serial offset and PID of the server) to identify the CA
  instance.
- Update dynamic_path in openssl config for (new) openssl-pkcs11 package
  convention: new path is /usr/lib64/engines-1.1
- Update README, man page and configure.ac and Makefile.am for the new settings.
- Minor additional updates, including:
    * running the 'payload' of runuser in the background instead of runuser
      itself
    * use [[ ]] with =~ instead of echo + grep -q
    * protect some $() statements with ""
Bugfixes:
- PID of etoken-ca-server wasn't reported correctly. Now pass MAINPID along with
  CA_ID and SERIAL_OFFSET to the NOTIFIER_HOOK.


Revision 18764 - Directory Listing
Modified Fri May 18 09:15:17 2018 UTC (3 years, 4 months ago) by msalle
Update ChangeLog for 1.5.11 release


Revision 18763 - Directory Listing
Modified Fri May 18 09:14:02 2018 UTC (3 years, 4 months ago) by msalle
Initialize const char to prevent (harmless) compiler warning.


Revision 18762 - Directory Listing
Modified Thu May 17 14:56:38 2018 UTC (3 years, 5 months ago) by msalle
Add rudimentary demo script for running llgt_test


Revision 18761 - Directory Listing
Modified Fri Mar 23 12:49:32 2018 UTC (3 years, 6 months ago) by msalle
Explicitly give size of arrays, since we have them. This way we get compiler
errors on mismatch


Revision 18760 - Directory Listing
Modified Fri Mar 23 12:43:00 2018 UTC (3 years, 6 months ago) by msalle
Fix few comments


Revision 18759 - Directory Listing
Modified Fri Mar 23 11:59:40 2018 UTC (3 years, 6 months ago) by msalle
Bump version and add NEWS entry


Revision 18758 - Directory Listing
Modified Fri Mar 23 11:57:02 2018 UTC (3 years, 6 months ago) by msalle
Fix segfault relating to our use of ERR_load_strings()

ERR_load_strings registers the library, error and function strings directly,
without making a copy. Hence once our plugin is dlclosed, the memory is no
longer valid. This can be prevented by using the undocumented
ERR_unload_strings(), but a more reliable solution is to allocate all the memory
dynamically and keep it. This results in a fixed and small amount of memory that
is 'still reachable'


Revision 18751 - Directory Listing
Modified Mon Mar 6 10:00:57 2017 UTC (4 years, 7 months ago) by msalle
Update version & NEWS file


Revision 18749 - Directory Listing
Modified Thu Feb 16 15:01:14 2017 UTC (4 years, 7 months ago) by msalle
Fix few typos


Revision 18745 - Directory Listing
Modified Thu Feb 16 14:17:42 2017 UTC (4 years, 7 months ago) by msalle
Update ChangeLog for 0.5.7 release


Revision 18740 - Directory Listing
Modified Thu Feb 16 11:11:28 2017 UTC (4 years, 7 months ago) by msalle
Update ChangeLog for 1.5.2 release


Revision 18739 - Directory Listing
Modified Thu Feb 16 11:10:26 2017 UTC (4 years, 7 months ago) by msalle
Clarify update


Revision 18738 - Directory Listing
Modified Thu Feb 16 10:09:08 2017 UTC (4 years, 7 months ago) by msalle
Fix typo


Revision 18737 - Directory Listing
Modified Fri Feb 3 09:26:38 2017 UTC (4 years, 8 months ago) by msalle
Fix some documentation issues


Revision 18736 - Directory Listing
Modified Fri Feb 3 09:15:35 2017 UTC (4 years, 8 months ago) by msalle
Update version (we already had 1.5.1 released).


Revision 18735 - Directory Listing
Modified Fri Feb 3 09:13:45 2017 UTC (4 years, 8 months ago) by msalle
Update NEWS file


Revision 18734 - Directory Listing
Modified Fri Feb 3 09:09:44 2017 UTC (4 years, 8 months ago) by msalle
Fix two memleaks.
Somehow, these leaks only show when using gsoap-2.8(.42).


Revision 18733 - Directory Listing
Modified Tue Jan 31 14:32:08 2017 UTC (4 years, 8 months ago) by msalle
Sync with scas client


Revision 18732 - Directory Listing
Modified Tue Jan 31 14:30:33 2017 UTC (4 years, 8 months ago) by msalle
Add function name to logging


Revision 18731 - Directory Listing
Modified Mon Jan 30 20:32:04 2017 UTC (4 years, 8 months ago) by msalle
Don't call BIO_free() when ownership is transferred to the ssl object, we can
(should) then rely on SSL_free. Also not needed with SSL_set_bio() to call
BIO_ref_up(), that's only needed when calling SSL_set0_rbio() and
SSL_set0_wbio() separately (which seems the preferred method actually).


Revision 18725 - Directory Listing
Modified Fri Jan 27 13:48:09 2017 UTC (4 years, 8 months ago) by msalle
Trivial change to build against OpenSSL 1.1


Revision 18724 - Directory Listing
Modified Fri Jan 27 13:12:42 2017 UTC (4 years, 8 months ago) by msalle
Add OpenSSL-1.1 fix (of a double free) from scas-client and fix XOPEN_SOURCE
macro, 500 gives implicit declaration gai_strerror among other things. Seems
needs 600 (or POSIX.1-2001) (although Linux manpages seem to say less would be
fine).


Revision 18723 - Directory Listing
Modified Fri Jan 27 12:50:03 2017 UTC (4 years, 8 months ago) by msalle
Fix ref-count to prevent a double free: since we use same bio for rbio and wbio,
we need to manually update the refcount. See e.g. openssl-1.1.0c bio_ssl.c:335


Revision 18722 - Directory Listing
Modified Fri Jan 27 12:45:31 2017 UTC (4 years, 8 months ago) by msalle
Update NEWS file


Revision 18718 - Directory Listing
Modified Fri Jan 27 10:39:51 2017 UTC (4 years, 8 months ago) by msalle
Update ChangeLog for 1.5.10 release


Revision 18717 - Directory Listing
Modified Fri Jan 27 10:02:49 2017 UTC (4 years, 8 months ago) by msalle
Missed two mandatory subdirectories.


Revision 18716 - Directory Listing
Modified Fri Jan 27 09:43:37 2017 UTC (4 years, 8 months ago) by msalle
Add (stripped down) gsoap-2.8.42


Revision 18715 - Directory Listing
Modified Tue Dec 20 17:24:06 2016 UTC (4 years, 9 months ago) by msalle
Fix IPv6 compliance client-side. On server side this was fixed many years ago,
but client still had AF_INET instead of AF_UNSPEC


Revision 18713 - Directory Listing
Modified Fri Sep 23 12:51:20 2016 UTC (5 years ago) by msalle
Updating and syncing private globus structs to match latest OpenSSL 1.1 fixes in
Globus (see globus_gssapi_gsi-12.9).


Revision 18712 - Directory Listing
Modified Fri Sep 23 12:46:11 2016 UTC (5 years ago) by msalle
Sync private structs with updates in Globus (globus_gssapi_gsi-12.9) for OpenSSL
1.1


Revision 18711 - Directory Listing
Modified Thu Aug 25 20:50:54 2016 UTC (5 years, 1 month ago) by msalle
Sync with openssl 1.1.0 fixes in SCAS-client


Revision 18710 - Directory Listing
Modified Thu Aug 25 20:47:41 2016 UTC (5 years, 1 month ago) by msalle
Fix last warnings from released openssl 1.1
ASN1_STRING_data() has been deprecated and replaced with ASN1_STRING_get0_data()
which returns const unsigned char* instead of char of unsigned char*. Easiest to
handle is to rename verify_asn1TimeToTimeT(const char*) into
verify_str_asn1TimeToTimeT and make new verify_asn1TimeToTimeT(ASN1_TIME *)
which does the cast and calls the other.
Also final version of X509_get0_signature() and X509_ALGOR_get0() want resp.
const X509_ALGOR** and const ASN1_OBJECT ** as arguments.


Revision 18709 - Directory Listing
Modified Thu Aug 25 20:08:29 2016 UTC (5 years, 1 month ago) by msalle
Fix deprecation of ASN1_STRING_data in openssl 1.1.0
- ASN1_STRING_data is deprecated in 1.1.0 and replaced with
  ASN1_STRING_get0_data() which returns a const unsigned char* instead of
  unsigned char*. We can still safely put the latter into a const unsigned char*
  so we can use that for both pre-1.1 and 1.1. We still need to cast since we
  want to call strlen and strcasecmp which take char instead of unsigned char.
- by changing prototype of internal xacml_io_asn1TimeToTimeT() to take
  ASN1_TIME* instead of char* we can reduce the number of places to cast and
  call ASN1_STRING_get0_data().


Revision 18705 - Directory Listing
Modified Thu Aug 11 09:37:30 2016 UTC (5 years, 2 months ago) by msalle
Update ChangeLog for 1.5.1 release


Revision 18704 - Directory Listing
Modified Wed Aug 10 15:13:57 2016 UTC (5 years, 2 months ago) by msalle
Make new patch slightly more safe.


Revision 18701 - Directory Listing
Modified Wed Aug 10 14:16:20 2016 UTC (5 years, 2 months ago) by msalle
Fix gsoap path in Makefile.am to build against (at least) gsoap-2.8.28 - 2.8.33.
The 2.8.28 is the version used by Fedora24.


Revision 18696 - Directory Listing
Modified Thu Aug 4 15:09:11 2016 UTC (5 years, 2 months ago) by msalle
Forgot to update the version number.


Revision 18692 - Directory Listing
Modified Thu Aug 4 11:56:14 2016 UTC (5 years, 2 months ago) by msalle
Updating ChangeLog files for next release


Revision 18691 - Directory Listing
Modified Wed Aug 3 15:35:06 2016 UTC (5 years, 2 months ago) by msalle
Add comment concerning ia5 in case they ever become opaque.


Revision 18690 - Directory Listing
Modified Wed Aug 3 15:24:56 2016 UTC (5 years, 2 months ago) by msalle
SSL_set_rbio and SSL_set_wbio have been renamed into SSL_set0_rbio and
SSL_set0_wbio


Revision 18689 - Directory Listing
Modified Tue Aug 2 14:40:35 2016 UTC (5 years, 2 months ago) by msalle
Updating NEWS files to reflect OpenSSL-1.1 API fixes


Revision 18688 - Directory Listing
Modified Tue Aug 2 13:43:58 2016 UTC (5 years, 2 months ago) by msalle
Syncing with OpenSSL-1.1 API changes fixed in scas-client


Revision 18687 - Directory Listing
Modified Tue Aug 2 13:31:36 2016 UTC (5 years, 2 months ago) by msalle
Fix OpenSSL 1.1 API changes, also improve (simplify) subjectAltName
verification.


Revision 18686 - Directory Listing
Modified Tue Aug 2 11:20:20 2016 UTC (5 years, 2 months ago) by msalle
Replace deprecated (in particular i2c_ASN1_INTEGER) serial number to string code
with code from verify-proxy.
Add at least one missing header plus patch namechange in jobrep_test.c


Revision 18685 - Directory Listing
Modified Tue Aug 2 10:48:09 2016 UTC (5 years, 2 months ago) by msalle
Add missing header in _lcmaps_return_poolindex.h, add missing brackets in
_lcmaps.h, add missing pointer reference plus making sure LIBSUFF is defined.


Revision 18684 - Directory Listing
Modified Mon Aug 1 15:15:35 2016 UTC (5 years, 2 months ago) by msalle
Fix typo in openssl version number, remove unused variables and work around
ERR_PACK() mismatch with man-page (args should be unsigned, not signed).


Revision 18683 - Directory Listing
Modified Mon Aug 1 12:33:29 2016 UTC (5 years, 2 months ago) by msalle
Adapt code to work around OpenSSL 1.1 code changes. In OpenSSL 1.1 many struct
members have become private and setters/getters need to be used instead.
Since at the same time also the d2i and i2d macros have been removed
(asn1_mac.h) we rework the init_*_proxy_extension() functions to use an item ref
instead. This is slightly complicated for the GT3 proxy, which can have either a
GT3-style proxy cert info or a RFC-style proxy cert info (when created using
Java-based voms-proxy-init via canl). For that sub-case, we allow temporarily
changing the struct member.


Revision 18680 - Directory Listing
Modified Mon Jul 25 10:43:06 2016 UTC (5 years, 2 months ago) by msalle
Update ChangeLog for 0.0.3 release


Revision 18679 - Directory Listing
Modified Mon Jul 25 09:41:15 2016 UTC (5 years, 2 months ago) by msalle
Need to also remove hashfile in uninstall hook


Revision 18678 - Directory Listing
Modified Mon Jul 25 09:36:01 2016 UTC (5 years, 2 months ago) by msalle
Check private keys: min keylength and reuse
- Add checks for minimal keylength, default 2048, can be set in
  myproxy-server.config file
- Add check, via hashlist, on reuse of keypairs: check whether we have seen the
  public key before and fail if that's the case. File can be specified in
  etoken-ca sysconfig file (default @CA_DIR@/pubkey_hashfile)
- update version to 0.0.3 and NEWS file for these changes



Revision 18677 - Directory Listing
Modified Fri Jul 22 11:20:11 2016 UTC (5 years, 2 months ago) by msalle
Add also entry for VOMS-less proxies into default vo-ca-ap file.


Revision 18676 - Directory Listing
Modified Mon Jun 27 10:09:09 2016 UTC (5 years, 3 months ago) by msalle
Add missing file to dist tarball


Revision 18671 - Directory Listing
Modified Mon May 30 10:04:37 2016 UTC (5 years, 4 months ago) by msalle
Update ChangeLog


Revision 18670 - Directory Listing
Modified Mon May 30 09:18:18 2016 UTC (5 years, 4 months ago) by msalle
Log whether a proxy is a VOMS proxy (contains a VOMS AC extension).


Revision 18669 - Directory Listing
Modified Mon May 30 08:33:59 2016 UTC (5 years, 4 months ago) by msalle
Do proper self-signed cert test for CAs by checking signature.


Revision 18668 - Directory Listing
Modified Sun May 29 19:21:57 2016 UTC (5 years, 4 months ago) by msalle
Update ChangeLog


Revision 18667 - Directory Listing
Modified Sun May 29 19:20:07 2016 UTC (5 years, 4 months ago) by msalle
Fix memleak introduces in 1.5.8


Revision 18665 - Directory Listing
Modified Fri May 27 14:50:59 2016 UTC (5 years, 4 months ago) by msalle
Fix two spelling errors


Revision 18661 - Directory Listing
Modified Fri May 27 14:09:05 2016 UTC (5 years, 4 months ago) by msalle
Updating Changelog


Revision 18660 - Directory Listing
Modified Fri May 27 14:08:39 2016 UTC (5 years, 4 months ago) by msalle
Update BUGS file


Revision 18659 - Directory Listing
Modified Fri May 27 13:59:41 2016 UTC (5 years, 4 months ago) by msalle
Minor updates in the README (mostly URLs)


Revision 18658 - Directory Listing
Modified Fri May 27 13:51:53 2016 UTC (5 years, 4 months ago) by msalle
Update ChangeLog for 1.5.8 release


Revision 18657 - Directory Listing
Modified Thu May 19 14:11:52 2016 UTC (5 years, 4 months ago) by msalle
Fix comment of grid_check_sigalg() to match the actual code


Revision 18656 - Directory Listing
Modified Wed May 18 11:38:43 2016 UTC (5 years, 4 months ago) by msalle
Don't verify/log signing algorithm for root CAs


Revision 18655 - Directory Listing
Modified Tue May 17 11:09:04 2016 UTC (5 years, 5 months ago) by msalle
Update NEWS for key strength


Revision 18654 - Directory Listing
Modified Tue May 17 11:08:10 2016 UTC (5 years, 5 months ago) by msalle
Log key length of all certs, not just the proxies and warn for too small (<2048
for EECs and CAs). Only log once in case of warning. Use one #define for all
OBJ_obj2txt buffers of size 80.


Revision 18653 - Directory Listing
Modified Fri May 13 09:14:24 2016 UTC (5 years, 5 months ago) by msalle
We log the signature algorithm for every certificate in the chain. For MD5 (or
older) algorithms we log on LOG_WARNING. We do not (yet) fail on MD*. Newest
Java already fails by default.


Revision 18650 - Directory Listing
Modified Mon May 9 08:55:16 2016 UTC (5 years, 5 months ago) by msalle
Update NEWS file for OpenSSL DigitialSignature workaround


Revision 18649 - Directory Listing
Modified Mon May 9 08:49:11 2016 UTC (5 years, 5 months ago) by msalle
Only set EXFLAG_PROXY for actual proxy certificates. Otherwise, OpenSSL
verification code fails for CA certificates not containing Digital Signature,
such as the CILogon Basic CA (thanks to Brian for finding it and Jan Just for
verifying why the workaround works).


Revision 18648 - Directory Listing
Modified Wed Apr 13 08:26:33 2016 UTC (5 years, 6 months ago) by msalle
Fix some errors in revoke-cert man page


Revision 18645 - Directory Listing
Modified Tue Apr 12 13:58:05 2016 UTC (5 years, 6 months ago) by msalle
Fix typo.


Revision 18644 - Directory Listing
Modified Tue Apr 12 13:30:04 2016 UTC (5 years, 6 months ago) by msalle
Add default vo-ca-ap-file for CERN VOs. Update NEWS file accordingly. Clarify
syntax in man-page.


Revision 18640 - Directory Listing
Modified Mon Apr 11 07:49:40 2016 UTC (5 years, 6 months ago) by msalle
Update ChangeLog for 0.0.2 release


Revision 18639 - Directory Listing
Modified Mon Apr 11 07:48:23 2016 UTC (5 years, 6 months ago) by msalle
Add ChangeLog


Revision 18638 - Directory Listing
Modified Mon Apr 11 07:47:39 2016 UTC (5 years, 6 months ago) by msalle
bump version


Revision 18637 - Directory Listing
Modified Mon Apr 11 07:47:16 2016 UTC (5 years, 6 months ago) by msalle
Update NEWS file for 0.0.2 release


Revision 18636 - Directory Listing
Modified Thu Mar 17 08:56:47 2016 UTC (5 years, 7 months ago) by msalle
Add instructions on how to get it working with Per-User Sub-Proxies


Revision 18635 - Directory Listing
Modified Tue Mar 15 15:07:34 2016 UTC (5 years, 7 months ago) by msalle
Minor typo fixes


Revision 18634 - Directory Listing
Modified Sun Mar 13 15:29:33 2016 UTC (5 years, 7 months ago) by msalle
Minor improvements to the README file


Revision 18633 - Directory Listing
Modified Fri Mar 11 10:39:55 2016 UTC (5 years, 7 months ago) by msalle
- Keep logs indefinitely, i.e. don't remove logs after either 13 rotations or 90
  days.
- Make crl.pem symlink relative (easier after being backed up)


Revision 18627 - Directory Listing
Modified Wed Mar 9 14:34:40 2016 UTC (5 years, 7 months ago) by msalle
Add NEWS file


Revision 18625 - Directory Listing
Modified Wed Mar 9 13:56:32 2016 UTC (5 years, 7 months ago) by msalle
Add URL to README file


Revision 18624 - Directory Listing
Modified Wed Mar 9 13:54:18 2016 UTC (5 years, 7 months ago) by msalle
Add README and increase default request timeout to 20 seconds.


Revision 18623 - Directory Listing
Modified Wed Mar 9 08:58:35 2016 UTC (5 years, 7 months ago) by msalle
Make sure serial is of the right format, also print both in hex and decimal.


Revision 18622 - Directory Listing
Modified Tue Mar 8 16:34:09 2016 UTC (5 years, 7 months ago) by msalle
Update BUGS


Revision 18621 - Directory Listing
Modified Tue Mar 8 16:23:54 2016 UTC (5 years, 7 months ago) by msalle
Enforce that MYPROXY_USER and CA_USER are distinct.
Also enforce that revoke-cert is only run as root (otherwise we can't send
SIGUSR1)


Revision 18620 - Directory Listing
Modified Tue Mar 8 15:56:15 2016 UTC (5 years, 7 months ago) by msalle
Remove default start lines from config script. Better enable service by hand.


Revision 18618 - Directory Listing
Modified Tue Mar 8 14:22:44 2016 UTC (5 years, 7 months ago) by msalle
Add man-pages for etoken-ca-client, etoken-ca-server, sysconfig file,
revoke-cert and null-mapapp.
Reorder sysconfig file in same order as man-page.
Let client return exit code 1 in case of empty cert.


Revision 18616 - Directory Listing
Modified Mon Mar 7 15:03:36 2016 UTC (5 years, 7 months ago) by msalle
Add (empty) man-pages for now. Will add contents later.


Revision 18615 - Directory Listing
Modified Mon Mar 7 13:55:26 2016 UTC (5 years, 7 months ago) by msalle
Move useronly-mapapp to documentation as example: default mapapp (null-mapapp)
assumes nothing and is only needed for satisfying myproxy.


Revision 18614 - Directory Listing
Modified Sun Mar 6 16:48:11 2016 UTC (5 years, 7 months ago) by msalle
Produce error message when server returned /dev/null as certificate


Revision 18613 - Directory Listing
Modified Sun Mar 6 16:44:00 2016 UTC (5 years, 7 months ago) by msalle
Try to always link to some file, to prevent waiting by the issuer_program.
Log on INFO that the post CRL hook is running, it's only one line per day.



Revision 18611 - Directory Listing
Modified Fri Mar 4 13:21:05 2016 UTC (5 years, 7 months ago) by msalle
Simplify getting the SAN list


Revision 18610 - Directory Listing
Modified Fri Mar 4 13:00:20 2016 UTC (5 years, 7 months ago) by msalle
Need to protect against spaces in email addresses


Revision 18609 - Directory Listing
Modified Fri Mar 4 11:40:36 2016 UTC (5 years, 7 months ago) by msalle
Add support for post-crl hook and multiple email address
- When a POST_CRL_HOOK executable is specified, it will be run after the CRLs
  have been updated, under the POST_CRL_USER account. The requirements on it are
  the same as for the NOTIFIER_HOOK (only writeable by root). This can be used
  for automatically triggering rsync backups.
- Add support for multiple email addresses in the request. They will be set (in
  the same order, although irrelevant) in the subjectAltName extension.


Revision 18607 - Directory Listing
Modified Wed Mar 2 10:34:19 2016 UTC (5 years, 7 months ago) by msalle
Do revocations using a second cachedir, /revocation
- to make sure that only one process is writing the index.txt file we use a
  similar client/server model for the revocation.
- The revoke-cert script now only creates revocation request symlinks and then
  sends a SIGUSR1 when any requests have been filed.
- SIGUSR1 in the server now first triggers processing pending revocation
  requests and then updates the CRL. CRL is updated in any case.
- The request directory also moved to a subdirectory.
- The top-level cache directory is now ${localstatedir}/cache/${PACKAGE}
Slightly improve error handling for revoke-cert script:
- distinguish between invalid serial number or already invalid certificate
For better traceability:
- info and error functions always print the date-stamp



Revision 18606 - Directory Listing
Modified Tue Mar 1 21:32:04 2016 UTC (5 years, 7 months ago) by msalle
Should send USR1, not HUP


Revision 18605 - Directory Listing
Modified Tue Mar 1 20:43:12 2016 UTC (5 years, 7 months ago) by msalle
revoke-cert: 
 Automatically also trigger CRL recreation when we've revoked a certificate
cron-job
 give cron-job a timeout


Revision 18604 - Directory Listing
Modified Tue Mar 1 11:10:45 2016 UTC (5 years, 7 months ago) by msalle
Rename mapapp bins with - instead of _


Revision 18603 - Directory Listing
Modified Tue Mar 1 11:01:53 2016 UTC (5 years, 7 months ago) by msalle
Add simple revocation tool.


Revision 18602 - Directory Listing
Modified Sun Feb 28 17:53:15 2016 UTC (5 years, 7 months ago) by msalle
Missed cert_issuer_program (now etoken-ca-client)


Revision 18601 - Directory Listing
Modified Sun Feb 28 17:46:06 2016 UTC (5 years, 7 months ago) by msalle
Fix missed cert_signer


Revision 18600 - Directory Listing
Modified Sun Feb 28 17:36:07 2016 UTC (5 years, 7 months ago) by msalle
Rename most etoken-ca-server files into just etoken-ca, except for the server
program itself.


Revision 18597 - Directory Listing
Modified Sun Feb 28 17:05:39 2016 UTC (5 years, 7 months ago) by msalle
Rename temporary name cert_signer into etoken-ca
- cert_signer -> etoken-ca-server
- cert_issuer_program -> etoken-ca-client
- generic files just become etoken-ca


Revision 18596 - Directory Listing
Modified Sun Feb 28 16:31:53 2016 UTC (5 years, 7 months ago) by msalle
- Add support for proxy certificate creation: when 'cacert' has CA:FALSE, create
  a proxy cert and take DN_FORMAT to just add the extra /CN=... field, rest
  taken from the 'cacert'
- Add option for certificate_issuer_subca_certfile into the myproxy-server
  config file (although commented out), needed for proxy certificates.
- Use lock file in addition to pid file, instead of using an empty pid file as
  such. This makes systemd and rpmlint happier.
- Add reload option to init script, to send the SIGHUP for reopening log file



Revision 18595 - Directory Listing
Modified Fri Feb 26 09:23:48 2016 UTC (5 years, 7 months ago) by msalle
Add support for all subject RDN components except email. The actual subject is
set by the daemon based on the DN_FORMAT sysconfig variable.


Revision 18594 - Directory Listing
Modified Thu Feb 25 10:26:54 2016 UTC (5 years, 7 months ago) by msalle
Add support for stripping off 'info' parts, following the conventions of the
mapapp-s in http://cilogon.cvs.sourceforge.net/viewvc/cilogon/service/myproxy/
<real username> [email=.+@.+\..+] [info:key1=value1,...]
Even though we don't use info part, we need to strip it off or it will end up in
the email.


Revision 18593 - Directory Listing
Modified Wed Feb 24 20:28:40 2016 UTC (5 years, 7 months ago) by msalle
Missed setting EMAIL variable.


Revision 18592 - Directory Listing
Modified Wed Feb 24 20:08:02 2016 UTC (5 years, 7 months ago) by msalle
Add support for adding email address in subjectAltName. The email address should
be passed in via the 'username' parameter, as a " email=<email address>"
addition. Update openssl.cnf for extensions with and without SAN.
Make the local variables in create_cert() appropriately local


Revision 18591 - Directory Listing
Modified Mon Feb 22 14:49:41 2016 UTC (5 years, 7 months ago) by msalle
Log correct entering of pincode (on info)


Revision 18590 - Directory Listing
Modified Mon Feb 22 14:12:42 2016 UTC (5 years, 7 months ago) by msalle
Use fixed virtual terminal, to be set in the sysconfig file via PIN_TERMINAL.
Default is 8. Using the first free one is problematic with the auto-starting
getty's: we effectively need to block all getty's unless we only start at boot
or getty1. Better just use a VT not used by autostarting getty such as 8 or 9
(also not used by X). Can adjust number of auth-getty's via NAutoVTs in
/etc/systemd/logind.conf when needed.
Add dependency on Makefile in the template-built files.


Revision 18589 - Directory Listing
Modified Fri Feb 19 09:26:59 2016 UTC (5 years, 7 months ago) by msalle
also need to remove index.txt.attr in hook


Revision 18588 - Directory Listing
Modified Tue Feb 16 16:12:54 2016 UTC (5 years, 8 months ago) by msalle
Add also index.txt.attr file


Revision 18587 - Directory Listing
Modified Thu Feb 11 14:05:27 2016 UTC (5 years, 8 months ago) by msalle
Fix typo in local


Revision 18586 - Directory Listing
Modified Thu Feb 11 12:56:43 2016 UTC (5 years, 8 months ago) by msalle
Log which CA files are missing.


Revision 18585 - Directory Listing
Modified Thu Feb 11 12:36:10 2016 UTC (5 years, 8 months ago) by msalle
Cleanup some code:
- check templated variables from sysconfig
- move all checks to the same place (before starting with PIDs)
- move notifier and trap setting into read_pin function, since it is only used
  there (prevent code duplication)
- declare local variables as local



Revision 18583 - Directory Listing
Modified Wed Feb 10 20:53:01 2016 UTC (5 years, 8 months ago) by msalle
Use crlnumber in openssl config file, to produce a CRL serial number (and
automatically make them V2). Store all old ones in directory crls.


Revision 18582 - Directory Listing
Modified Wed Feb 10 17:05:03 2016 UTC (5 years, 8 months ago) by msalle
Add support for CRL creation, triggered via USR1 and running via a cron.daily
cronjob. Actual code is in create_crl(). File is left in CA directory, previous
one is saved as .prev
Also update some settings (mostly naming) for allowing multiple CA OIDs (and
multiple CRL distribution points).



Revision 18581 - Directory Listing
Modified Sat Feb 6 21:35:33 2016 UTC (5 years, 8 months ago) by msalle
Make separate function for notifier hook and run it as a separate user, by
default nobody (as login shell to remove the environment). Check each path
component from the full canonical path of the hook to be root-owned and
writeable only by root.


Revision 18580 - Directory Listing
Modified Fri Feb 5 09:54:43 2016 UTC (5 years, 8 months ago) by msalle
Fix notifier hook code


Revision 18579 - Directory Listing
Modified Fri Feb 5 09:16:29 2016 UTC (5 years, 8 months ago) by msalle
Add support for a notifier hook, which will be called when the token is
unplugged. It must be a full canonical path to a root-owned,
only-root-writeable, non setuid file. Still leaves some room for
non-root-writeable directories.


Revision 18578 - Directory Listing
Modified Thu Feb 4 11:04:54 2016 UTC (5 years, 8 months ago) by msalle
- add support for adding certificate policies to CA certs
- don't create unused certs directory


Revision 18577 - Directory Listing
Modified Wed Feb 3 16:10:26 2016 UTC (5 years, 8 months ago) by msalle
Also create empty index.txt.attr file, sometimes we need it


Revision 18576 - Directory Listing
Modified Wed Feb 3 16:09:25 2016 UTC (5 years, 8 months ago) by msalle
Use bash explicitly, since dash (debian, ubuntu) does not know source


Revision 18575 - Directory Listing
Modified Wed Feb 3 13:28:15 2016 UTC (5 years, 8 months ago) by msalle
Fix bug: need to change variable with variable from sysconfig


Revision 18573 - Directory Listing
Modified Wed Feb 3 10:02:57 2016 UTC (5 years, 8 months ago) by msalle
Fix extra backslash


Revision 18572 - Directory Listing
Modified Wed Feb 3 09:49:12 2016 UTC (5 years, 8 months ago) by msalle
Adapt null_mapapp to do no filtering at all, old null_mapapp becomes
useronly_mapapp.


Revision 18571 - Directory Listing
Modified Wed Feb 3 09:40:58 2016 UTC (5 years, 8 months ago) by msalle
Update configure help and config texts


Revision 18570 - Directory Listing
Modified Wed Feb 3 09:10:53 2016 UTC (5 years, 8 months ago) by msalle
Make maximum number of pin tries a configurable sysconfig variable


Revision 18569 - Directory Listing
Modified Tue Feb 2 15:14:40 2016 UTC (5 years, 8 months ago) by msalle
First change back to old VT, only then kill ourselves (and log in file)


Revision 18568 - Directory Listing
Modified Tue Feb 2 15:11:00 2016 UTC (5 years, 8 months ago) by msalle
Protect against too many wrong tries and don't try pincode when it is empty
(systemd might input /dev/null into the pincode...?)


Revision 18567 - Directory Listing
Modified Tue Feb 2 14:31:52 2016 UTC (5 years, 8 months ago) by msalle
Fix systemd script (forgot to save it): It is necessary to force starting the
daemon only after the getty *service* for tty2 is started. Otherwise it gets
overridden by the new getty.


Revision 18566 - Directory Listing
Modified Tue Feb 2 14:28:14 2016 UTC (5 years, 8 months ago) by msalle
- Add a systemd service, can be disabled using configure. It is necessary to
  force starting the daemon only after the getty *service* for tty2 is started.
  Otherwise it gets overridden by the new getty. 
- Add support for getting lifetime from request (=proxy_lifetime), while setting
  maximum via configure and sysconfig (latter in seconds, or suffixed with h or
  d for hours or days)
- verify pincode using rsautl, to prevent bricking token
- openssl command is wrapped in function, which exports and de-sets pincode in
  env, to prevent leaking via ps
- fix bug in parsing of debug configure flag
- check usb after signing cert and revoke when device was unplugged (also no
  cert returned).
- check usb only once every 10 steps for performance, +/- once per second


Revision 18564 - Directory Listing
Modified Fri Jan 29 14:16:34 2016 UTC (5 years, 8 months ago) by msalle
Use chvt for getting the pincode, monitor replacing of token
- Check USB_DEVICE:
    * token must be plugged in when starting
    * service monitors unplugging: when unplugged, it waits for reinsertion,
      when changed (e.g. via STOP and CONT) it warns. In both cases pin has to
      be re-entered.
    * use lsusb -d $USB_DEVICE for checking, output must remain the same
- Use fgconsole, fgconsole -n and chvt for redirecting the stdio for reading the
  pin. This works at boot and both for init and systemd.
- cleanup pidfile when exiting before mainloop: trap INT, HUP and TERM
- use variable MAINPID instead of BASHPID for consistent logging.
- Can now reenable starting service in runlevels 2345
- Use reasonable defaults for existing DN_FORMAT, CA_OID and new TRUSTED_DN and
  USB_DEVICE:
    * configure (default) sets to a __NAME__ template value.
    * authorized and trusted retrievers are both set to TRUSTED_DN instead of
      testnet example
    * CA_OID is set (to template) instead of empty


Revision 18563 - Directory Listing
Modified Thu Jan 28 11:09:18 2016 UTC (5 years, 8 months ago) by msalle
Forward complete request to cert_signer, as we probably will need more than one
field.
Make request only group readable, as it might contain sensitive information.


Revision 18561 - Directory Listing
Modified Wed Jan 27 13:28:59 2016 UTC (5 years, 8 months ago) by msalle
Need to ignore SIGHUP before daemonizing, otherwise our child might get killed.
Log when there is a stale pidfile in init script.
Don't require syslog



Revision 18560 - Directory Listing
Modified Wed Jan 27 08:32:35 2016 UTC (5 years, 8 months ago) by msalle
Add -l flag to runuser to strip the environment. Also use /bin/sh instead of
/bin/bash


Revision 18559 - Directory Listing
Modified Tue Jan 26 20:17:31 2016 UTC (5 years, 8 months ago) by msalle
Use runuser instead of sudo, since it does not prevent running without tty.
Set shutdown runlevels only.


Revision 18558 - Directory Listing
Modified Tue Jan 26 15:43:43 2016 UTC (5 years, 8 months ago) by msalle
Do not start cert_signer at boot, we need in any case sysadmin intervention


Revision 18557 - Directory Listing
Modified Tue Jan 26 15:09:48 2016 UTC (5 years, 8 months ago) by msalle
Fix copy/paste error ees -> root


Revision 18555 - Directory Listing
Modified Tue Jan 26 14:52:05 2016 UTC (5 years, 8 months ago) by msalle
First check-in of cert_signer tool for myproxy CA, to use eTokens


Revision 18554 - Directory Listing
Modified Thu Jan 21 16:51:39 2016 UTC (5 years, 8 months ago) by msalle
Update manpage for new commandline option


Revision 18553 - Directory Listing
Modified Wed Dec 23 16:17:41 2015 UTC (5 years, 9 months ago) by msalle
Replace also sed by variable


Revision 18552 - Directory Listing
Modified Wed Dec 23 15:58:00 2015 UTC (5 years, 9 months ago) by msalle
Add -utf8 flag to CSR creation, also protect against / in RDNs.


Revision 18551 - Directory Listing
Modified Tue Dec 22 15:34:09 2015 UTC (5 years, 9 months ago) by msalle
Add default variable values in case we don't set them in the env.
Add some extra comments plus some (commented out) options for hardcoding the
DN
Add config for commandline tool (openssl_conf) setting an oid_section, such that
it can reversely lookup the OIDs and resolve into a name.


Revision 18550 - Directory Listing
Modified Tue Dec 22 14:01:55 2015 UTC (5 years, 9 months ago) by msalle
add certificate with CRL revocation time of 1 hour


Revision 18549 - Directory Listing
Modified Tue Dec 22 13:48:35 2015 UTC (5 years, 9 months ago) by msalle
Add flag to create CRL valid for num of hours.
Add -f flag to ln to override existing symlinks


Revision 18548 - Directory Listing
Modified Fri Dec 18 10:56:32 2015 UTC (5 years, 9 months ago) by msalle
Improvements. Version 1.5.8
-   verify-proxy-tool has extra option -t|--atnotbefore to verify the chain at
    the notBefore time (actually 5min afterwards)



Revision 18547 - Directory Listing
Modified Wed Dec 2 15:18:34 2015 UTC (5 years, 10 months ago) by msalle
Set pep_ssl_server_cert to send the proxy as cacert option in libcurl. Needed
for NSS-based cURL such as RH6 and 7.


Revision 18546 - Directory Listing
Modified Wed Dec 2 15:07:14 2015 UTC (5 years, 10 months ago) by msalle
Make argus_test_script somewhat more generic


Revision 18541 - Directory Listing
Modified Thu Nov 19 16:17:58 2015 UTC (5 years, 10 months ago) by msalle
Update ChangeLog for 0.5.6 release


Revision 18540 - Directory Listing
Modified Tue Nov 10 18:08:37 2015 UTC (5 years, 11 months ago) by msalle
Fix memory leak in SCAS client, fixed by Brian.


Revision 18539 - Directory Listing
Modified Tue Nov 10 10:48:40 2015 UTC (5 years, 11 months ago) by msalle
Fix parsing of --en/disable-sslcleanup


Revision 18538 - Directory Listing
Modified Tue Nov 10 10:47:39 2015 UTC (5 years, 11 months ago) by msalle
Fix parsing of --disable/--enable-headers option


Revision 18537 - Directory Listing
Modified Wed Sep 9 14:01:43 2015 UTC (6 years, 1 month ago) by msalle
Use openssl rand instead of dd for generating the 4 random bytes. Also use
slightly more generic tr delete rule.


Revision 18536 - Directory Listing
Modified Tue Sep 8 13:24:02 2015 UTC (6 years, 1 month ago) by msalle
_test.c files return 1 on error and 0 on success
add simple shell script for testing the argus_test


Revision 18535 - Directory Listing
Modified Wed Sep 2 16:00:02 2015 UTC (6 years, 1 month ago) by msalle
Also remove tab chars (needed for Solaris od)


Revision 18534 - Directory Listing
Modified Wed Sep 2 15:56:24 2015 UTC (6 years, 1 month ago) by msalle
Use 4 bytes /dev/(u)random to create a random long int serial number instead of
$RANDOM. Refer to commands via env variables instead of direct command name.



Revision 18533 - Directory Listing
Modified Wed Jul 22 15:36:05 2015 UTC (6 years, 2 months ago) by msalle
Rename command line tool into create_pusp (drop the .sh)


Revision 18532 - Directory Listing
Modified Wed Jul 22 15:25:14 2015 UTC (6 years, 2 months ago) by msalle
Add support for creating limited proxies and for setting a finite proxy
pathlength constraint


Revision 18531 - Directory Listing
Modified Wed Jul 22 14:24:22 2015 UTC (6 years, 2 months ago) by msalle
Update paths for GT6 (and make sure we still work on GT5)


Revision 18530 - Directory Listing
Modified Wed Jul 22 14:18:35 2015 UTC (6 years, 2 months ago) by msalle
Sync with scas-client


Revision 18529 - Directory Listing
Modified Wed Jul 22 14:12:37 2015 UTC (6 years, 2 months ago) by msalle
Remove unused macro


Revision 18528 - Directory Listing
Modified Wed Jul 22 13:31:07 2015 UTC (6 years, 2 months ago) by msalle
Updating NEWS file


Revision 18527 - Directory Listing
Modified Wed Jul 22 13:30:50 2015 UTC (6 years, 2 months ago) by msalle
previous version hadn't yet been released, downgrading.


Revision 18526 - Directory Listing
Modified Wed Jul 22 13:30:08 2015 UTC (6 years, 2 months ago) by msalle
Minor improvement in man-page


Revision 18525 - Directory Listing
Modified Wed Jul 22 11:22:29 2015 UTC (6 years, 2 months ago) by msalle
Cleanup man-page: don't put libs in the FILES section, update the modulesdir


Revision 18524 - Directory Listing
Modified Wed Jul 22 11:10:17 2015 UTC (6 years, 2 months ago) by msalle
Update version, NEWS file and remove modules from FILES section in man page


Revision 18523 - Directory Listing
Modified Wed Jul 22 10:53:54 2015 UTC (6 years, 2 months ago) by msalle
Cleanup man page


Revision 18522 - Directory Listing
Modified Wed Jul 22 10:37:00 2015 UTC (6 years, 2 months ago) by msalle
Update NEWS file for cleanup


Revision 18521 - Directory Listing
Modified Wed Jul 22 10:24:51 2015 UTC (6 years, 2 months ago) by msalle
Remove unused variables


Revision 18520 - Directory Listing
Modified Wed Jul 22 10:23:47 2015 UTC (6 years, 2 months ago) by msalle
Cleanup creation and packaging of docs and man pages. Move unbuild jr to a
subdir and run make inside the doc dir: in that case we don't need to manually
inform that we need to package the .in files.


Revision 18519 - Directory Listing
Modified Wed Jul 22 08:58:14 2015 UTC (6 years, 2 months ago) by msalle
Remove mans from EXTRA_DIST, autotools should sort out


Revision 18518 - Directory Listing
Modified Wed Jul 22 08:44:46 2015 UTC (6 years, 2 months ago) by msalle
Cleanup man-page


Revision 18514 - Directory Listing
Modified Tue Jul 21 15:34:18 2015 UTC (6 years, 2 months ago) by msalle
Add backslash for (not-really needed) hyphens


Revision 18513 - Directory Listing
Modified Tue Jul 21 15:33:16 2015 UTC (6 years, 2 months ago) by msalle
Use moduledir from configure in manpage and install instructions


Revision 18507 - Directory Listing
Modified Tue Jul 21 11:59:11 2015 UTC (6 years, 2 months ago) by msalle
Update ChangeLog for release



Revision 18506 - Directory Listing
Modified Tue Jul 21 11:58:39 2015 UTC (6 years, 2 months ago) by msalle
Comment out use-less NULL-ifying of local variables.


Revision 18495 - Directory Listing
Modified Mon Jul 20 15:22:34 2015 UTC (6 years, 2 months ago) by msalle
Update ChangeLog for release 0.3.1


Revision 18493 - Directory Listing
Modified Mon Jul 20 15:02:57 2015 UTC (6 years, 2 months ago) by msalle
Update ChangeLog for 0.3.1 release


Revision 18487 - Directory Listing
Modified Mon Jul 20 14:30:31 2015 UTC (6 years, 2 months ago) by msalle
Tests 7 & 8 are running lcmaps_voms_localaccount.mod with
--do-not-add-primary-gid-from-mapped-account (and
--add-secondary-gids-from-mapped-account) hence there is NO plugin setting the
pGID. Somehow on older versions of the plugin, this did set a pGID which was
IMHO a bug.


Revision 18486 - Directory Listing
Modified Mon Jul 20 12:59:57 2015 UTC (6 years, 2 months ago) by msalle
Update ChangeLog for release


Revision 18483 - Directory Listing
Modified Mon Jul 20 10:01:31 2015 UTC (6 years, 2 months ago) by msalle
Add ChangeLog


Revision 18482 - Directory Listing
Modified Fri Jul 17 15:14:16 2015 UTC (6 years, 3 months ago) by msalle
Fix typo in man page


Revision 18481 - Directory Listing
Modified Fri Jul 17 14:22:30 2015 UTC (6 years, 3 months ago) by msalle
Update sac_from_source to use globus 6. Fix number of issues


Revision 18479 - Directory Listing
Modified Fri Jul 17 11:07:45 2015 UTC (6 years, 3 months ago) by msalle
Fix a few typos in the manpage


Revision 18478 - Directory Listing
Modified Fri Jul 17 11:00:39 2015 UTC (6 years, 3 months ago) by msalle
Remove unused label


Revision 18477 - Directory Listing
Modified Fri Jul 17 10:58:24 2015 UTC (6 years, 3 months ago) by msalle
Rename man-page to appropriate name, need AC_CONFIG_FILES for man page


Revision 18476 - Directory Listing
Modified Fri Jul 17 10:54:14 2015 UTC (6 years, 3 months ago) by msalle
Add man-page for create_pusp.sh tool to NEWS file


Revision 18475 - Directory Listing
Modified Fri Jul 17 10:53:41 2015 UTC (6 years, 3 months ago) by msalle
Add man-page for create_pusp.sh tool


Revision 18474 - Directory Listing
Modified Fri Jul 17 09:49:26 2015 UTC (6 years, 3 months ago) by msalle
Log when protecting invalid input
Make sure read_mapfile doesn't return a NULL buffer when the file is empty (just
return a malloced "" buffer).


Revision 18471 - Directory Listing
Modified Fri Jul 17 09:41:42 2015 UTC (6 years, 3 months ago) by msalle
Add example VO-CA-AP file


Revision 18470 - Directory Listing
Modified Fri Jul 17 09:21:11 2015 UTC (6 years, 3 months ago) by msalle
Add {} for clarity


Revision 18468 - Directory Listing
Modified Thu Jul 16 09:27:12 2015 UTC (6 years, 3 months ago) by msalle
Clearify code flow.


Revision 18467 - Directory Listing
Modified Thu Jul 16 08:51:37 2015 UTC (6 years, 3 months ago) by msalle
Fix typo


Revision 18466 - Directory Listing
Modified Thu Jul 16 08:49:42 2015 UTC (6 years, 3 months ago) by msalle
Few minor updates:
- protect functions against invalid input
- use prefixed names for public functions to prevent clashes
- restructure few constructions to make the code flow clearer.
- remove remaining references to mapping and mapfile.


Revision 18465 - Directory Listing
Modified Wed Jul 15 12:33:50 2015 UTC (6 years, 3 months ago) by msalle
Add extra test before hardlinking whether we can open the source for the
hardlink in write-only append mode. This is necessary since older linuxes (e.g.
RH5 and RH6) allow making a hardlink to an unwriteable file, as long as the
directory is writeable. The resulting hardlink can then not be touched using
utime(). It is better not to make the lease in such a case and fail early.


Revision 18464 - Directory Listing
Modified Wed Jul 15 07:45:41 2015 UTC (6 years, 3 months ago) by msalle
Fix error message around getsockopt(): whether it's getsockopt itself that fails
or whether it retrieved an error from e.g. connect


Revision 18463 - Directory Listing
Modified Tue Jul 14 15:34:02 2015 UTC (6 years, 3 months ago) by msalle
Update version and add corresponding NEWS file entry


Revision 18462 - Directory Listing
Modified Tue Jul 14 15:33:35 2015 UTC (6 years, 3 months ago) by msalle
Fix default retry count: should be >1 not >2


Revision 18461 - Directory Listing
Modified Mon Jul 13 15:47:26 2015 UTC (6 years, 3 months ago) by msalle
Sync net_common.c with scas-client: use poll() instead of select(). For the
server side, we don't change this (yet).


Revision 18455 - Directory Listing
Modified Mon Jul 13 11:43:02 2015 UTC (6 years, 3 months ago) by msalle
Update ChangeLog for release 0.5.5


Revision 18454 - Directory Listing
Modified Mon Jul 13 11:42:36 2015 UTC (6 years, 3 months ago) by msalle
Move number from beginning to prevent warning about undefined macro


Revision 18453 - Directory Listing
Modified Mon Jul 13 11:37:52 2015 UTC (6 years, 3 months ago) by msalle
Update ChangeLog


Revision 18452 - Directory Listing
Modified Mon Jul 13 11:37:23 2015 UTC (6 years, 3 months ago) by msalle
Improve comment on endpoints. Improve remark in NEWS file.


Revision 18451 - Directory Listing
Modified Wed Jul 1 12:07:16 2015 UTC (6 years, 3 months ago) by msalle
Add robot and vo-ca-ap plugins


Revision 18450 - Directory Listing
Modified Wed Jul 1 11:54:18 2015 UTC (6 years, 3 months ago) by msalle
Update cmdline flag


Revision 18448 - Directory Listing
Modified Wed Jul 1 10:20:37 2015 UTC (6 years, 3 months ago) by msalle
Update name to prevent _


Revision 18447 - Directory Listing
Modified Wed Jul 1 10:16:53 2015 UTC (6 years, 3 months ago) by msalle
Update comments about recursion level


Revision 18446 - Directory Listing
Modified Wed Jul 1 10:13:35 2015 UTC (6 years, 3 months ago) by msalle
- minor updates in manpage:
    * mention '-' for 'pseudo'VO
    * replace _ with - in option
    * note need for whitespace after VO
- log on LOG_INFO if we found the VO
- log on LOG_INFO general 'conclusion' in case of success
- log 'file level' instead of 'recursion level'



Revision 18445 - Directory Listing
Modified Wed Jul 1 09:55:42 2015 UTC (6 years, 3 months ago) by msalle
Prevent memleak


Revision 18444 - Directory Listing
Modified Wed Jul 1 09:13:06 2015 UTC (6 years, 3 months ago) by msalle
Slightly improve the error handling from poll():
- When a remote party is unavailable, connect() will still fail with a
  EINPROGRESS. In some cases poll() will return a POLLHUP, in others, we will
  only notice when actually reading (we could add a read() with size 0).
- When a remote party closes after connect() we get a POLLRDHUP on Linux
- When we have an invalid fd, we shouldn't close the socket.
- When other errors occur, it's generally better to check with getsockopt()
  since it returns more info via errno.


Revision 18443 - Directory Listing
Modified Tue Jun 30 16:10:04 2015 UTC (6 years, 3 months ago) by msalle
Add man page text


Revision 18442 - Directory Listing
Modified Tue Jun 30 15:39:53 2015 UTC (6 years, 3 months ago) by msalle
Log failure to find key (on debug).


Revision 18441 - Directory Listing
Modified Tue Jun 30 15:34:15 2015 UTC (6 years, 3 months ago) by msalle
Remove unused label


Revision 18440 - Directory Listing
Modified Tue Jun 30 15:33:47 2015 UTC (6 years, 3 months ago) by msalle
Protect against unset files in case of empty files. Just make them empty (-;


Revision 18439 - Directory Listing
Modified Tue Jun 30 15:27:24 2015 UTC (6 years, 3 months ago) by msalle
Need protection against empty files.


Revision 18438 - Directory Listing
Modified Tue Jun 30 15:21:13 2015 UTC (6 years, 3 months ago) by msalle
Always fail when file does not exist (configuration error).


Revision 18437 - Directory Listing
Modified Tue Jun 30 15:13:55 2015 UTC (6 years, 3 months ago) by msalle
Need to distribute tools/


Revision 18436 - Directory Listing
Modified Tue Jun 30 15:11:17 2015 UTC (6 years, 3 months ago) by msalle
- protect against infinite recursion when calling file: inside info file
  (currently put RECURSION_MAX at unrealistically high value for debugging)
- Rename mapping -> entry (they aren't really mappings)
- Improve comments
- replace var name tmpfile with something that doesn't shadow on Solaris



Revision 18435 - Directory Listing
Modified Tue Jun 30 14:13:30 2015 UTC (6 years, 3 months ago) by msalle
Use poll() instead of select() since the latter is fundamentally broken: it
breaks unexpectedly when the fd is larger than FD_SETSIZE (== 1024 on Linux).
Also rework the logging of the actual errors so that we never use a previous
errno and simplify the code flow.
Update NEWS file correspondingly.


Revision 18434 - Directory Listing
Modified Thu Jun 25 17:17:49 2015 UTC (6 years, 3 months ago) by msalle
- add dummy group in example DB
- add first start of man page
- don't print whole mappings (which by now is truncated), but only current part.


Revision 18433 - Directory Listing
Modified Thu Jun 25 16:54:38 2015 UTC (6 years, 3 months ago) by msalle
- introduce macro for 'pseudo VO' in absence of VOs: i.e. "-"
- fix two off-by-one errors with malloc and end of strings
- cleanup log messages
- simplify code-flow around obtaining vomsdata
- log when we don't find a match for 'pseudo-VO'
- fix cleanup of voms data (it's not a NULL-terminated list)



Revision 18432 - Directory Listing
Modified Wed Jun 24 16:44:00 2015 UTC (6 years, 3 months ago) by msalle
Add (debug) log messages.
Fix few remaining bugs.


Revision 18431 - Directory Listing
Modified Wed Jun 24 14:39:17 2015 UTC (6 years, 3 months ago) by msalle
Minor bugfixes. Still not fully there...


Revision 18430 - Directory Listing
Modified Wed Jun 24 12:53:59 2015 UTC (6 years, 3 months ago) by msalle
Rename voca -> vo-ca-ap


Revision 18429 - Directory Listing
Modified Wed Jun 24 12:53:30 2015 UTC (6 years, 3 months ago) by msalle
Rename voca -> vo_ca_ap


Revision 18428 - Directory Listing
Modified Wed Jun 24 12:48:38 2015 UTC (6 years, 3 months ago) by msalle
Further cleanup: adding LICENSE/COPYRIGHT statement.
Adding remaining plugin functions including initialize and introspect.
Add (quite trivial) function to prefix relative path with SECURITY_DIR.


Revision 18427 - Directory Listing
Modified Wed Jun 24 12:05:58 2015 UTC (6 years, 3 months ago) by msalle
First checkin of basic code.



Revision 18426 - Directory Listing
Modified Thu Jun 11 12:41:57 2015 UTC (6 years, 4 months ago) by msalle
Install create_pusp.sh script in bin


Revision 18425 - Directory Listing
Modified Thu Jun 11 12:35:54 2015 UTC (6 years, 4 months ago) by msalle
Few small updates: e.g. cleanup usage text, put tempfiles in subdir in $TMPDIR
or /tmp.


Revision 18424 - Directory Listing
Modified Thu Jun 11 12:17:19 2015 UTC (6 years, 4 months ago) by msalle
plugin shouldn't return -1 but LCMAPS_MOD_FAIL, better handle centrally.


Revision 18423 - Directory Listing
Modified Thu Jun 11 12:12:40 2015 UTC (6 years, 4 months ago) by msalle
Adding simple shell script to create PUSP proxies.


Revision 18422 - Directory Listing
Modified Thu Jun 4 10:11:47 2015 UTC (6 years, 4 months ago) by msalle
Make llgt_test.c more generic, almost identical to (new) argus_test.c to test
different gsi-authz.conf type libraries.


Revision 18421 - Directory Listing
Modified Thu Jun 4 09:57:23 2015 UTC (6 years, 4 months ago) by msalle
Enable setting serial numbers for proxies.


Revision 18420 - Directory Listing
Modified Tue Jun 2 14:20:37 2015 UTC (6 years, 4 months ago) by msalle
Add missing space


Revision 18419 - Directory Listing
Modified Tue Jun 2 14:13:04 2015 UTC (6 years, 4 months ago) by msalle
Add missing {


Revision 18418 - Directory Listing
Modified Tue Jun 2 14:07:30 2015 UTC (6 years, 4 months ago) by msalle
First check the credential data set by other plugins (i.e. via
addCredentialData) before checking the run/introspect arguments, both for the
user_dn and the FQANs.


Revision 18417 - Directory Listing
Modified Mon Jun 1 13:10:30 2015 UTC (6 years, 4 months ago) by msalle
Fix definitions of i


Revision 18416 - Directory Listing
Modified Mon Jun 1 13:09:18 2015 UTC (6 years, 4 months ago) by msalle
Fix copy/paste error: missing i and cnt_dn vs dn_cnt


Revision 18415 - Directory Listing
Modified Mon Jun 1 13:07:05 2015 UTC (6 years, 4 months ago) by msalle
Merge getCredential... with old code. Add missing variable definition.


Revision 18414 - Directory Listing
Modified Mon Jun 1 13:01:23 2015 UTC (6 years, 4 months ago) by msalle
When retrieving the user_dn from LCMAPS, first try the credential_data (i.e. the
data registered by other plugins) before trying the run-arguments.


Revision 18413 - Directory Listing
Modified Mon Jun 1 12:23:23 2015 UTC (6 years, 4 months ago) by msalle
Further clarify manpage and NEWS file


Revision 18412 - Directory Listing
Modified Mon Jun 1 12:03:32 2015 UTC (6 years, 4 months ago) by msalle
Do not set the issuer of the subject-x509-id if we use the DN from the
credential data


Revision 18411 - Directory Listing
Modified Mon Jun 1 11:41:39 2015 UTC (6 years, 4 months ago) by msalle
For OSG cert-less scenario: we need to be able to pass the credential-data based
user-dn to the server even when using certificates. We provide a new flag
--use-dn-from-credential-data to trigger this, since we don't want this
behaviour as a default.


Revision 18406 - Directory Listing
Modified Wed May 13 13:31:47 2015 UTC (6 years, 5 months ago) by msalle
Update ChangeLog


Revision 18405 - Directory Listing
Modified Wed May 13 13:31:21 2015 UTC (6 years, 5 months ago) by msalle
Fix calling of verify_error()


Revision 18403 - Directory Listing
Modified Wed May 13 12:18:40 2015 UTC (6 years, 5 months ago) by msalle
Update ChangeLog for release


Revision 18402 - Directory Listing
Modified Wed May 13 12:02:38 2015 UTC (6 years, 5 months ago) by msalle
Fix mem leak.


Revision 18401 - Directory Listing
Modified Wed May 13 11:29:10 2015 UTC (6 years, 5 months ago) by msalle
Initialize verify data to prevent segv.


Revision 18400 - Directory Listing
Modified Wed May 13 11:25:52 2015 UTC (6 years, 5 months ago) by msalle
Missed three...


Revision 18399 - Directory Listing
Modified Wed May 13 11:24:18 2015 UTC (6 years, 5 months ago) by msalle
Fix calls to verify_error


Revision 18398 - Directory Listing
Modified Wed May 13 11:11:02 2015 UTC (6 years, 5 months ago) by msalle
Check return value of stat.


Revision 18397 - Directory Listing
Modified Wed May 13 10:31:27 2015 UTC (6 years, 5 months ago) by msalle
Install commandline tool as verify-proxy-tool to prevent name-clash with Jan
Just's grid-proxy-verify. Add rudimentary manpage, update NEWS file and put
package name and version in manpage.


Revision 18395 - Directory Listing
Modified Thu May 7 19:35:35 2015 UTC (6 years, 5 months ago) by msalle
Further clarify endpoint retry and fix bug introduced when trying to fix this
bug. Should have been >=2 (or >1) instead of >2.


Revision 18394 - Directory Listing
Modified Thu May 7 14:17:09 2015 UTC (6 years, 5 months ago) by msalle
Fix typo in comments


Revision 18393 - Directory Listing
Modified Wed May 6 18:44:19 2015 UTC (6 years, 5 months ago) by msalle
When using DN+FQANs first check the data from other plugins (getCredentialData())
before trying the plugin 'arguments' (lcmaps_getArgValue()).
We check only the FQANs with getCredentialData() iff we have found a DN in the
getCredentialData().


Revision 18389 - Directory Listing
Modified Tue Apr 28 10:03:17 2015 UTC (6 years, 5 months ago) by msalle
Update logged function name to actual current function name.


Revision 18388 - Directory Listing
Modified Fri Apr 24 16:20:40 2015 UTC (6 years, 5 months ago) by tamasb
Fixed typo around .SH 



Revision 18387 - Directory Listing
Modified Wed Apr 22 15:30:58 2015 UTC (6 years, 5 months ago) by msalle
Update version


Revision 18386 - Directory Listing
Modified Wed Apr 22 15:24:00 2015 UTC (6 years, 5 months ago) by msalle
Create proxy from empty-subject certificate


Revision 18385 - Directory Listing
Modified Wed Apr 22 15:23:36 2015 UTC (6 years, 5 months ago) by msalle
- Update lcmaps_plugins_voms which no longer needs VOMS
- Update PEP-API download point


Revision 18384 - Directory Listing
Modified Wed Apr 22 15:21:55 2015 UTC (6 years, 5 months ago) by msalle
Update NEWS files for latest changes.


Revision 18383 - Directory Listing
Modified Wed Apr 22 15:20:48 2015 UTC (6 years, 5 months ago) by msalle
Update NEWS file


Revision 18382 - Directory Listing
Modified Wed Apr 22 15:18:04 2015 UTC (6 years, 5 months ago) by msalle
Update version


Revision 18381 - Directory Listing
Modified Wed Apr 22 15:13:14 2015 UTC (6 years, 5 months ago) by msalle
Update version


Revision 18380 - Directory Listing
Modified Wed Apr 22 15:11:04 2015 UTC (6 years, 5 months ago) by msalle
Update version


Revision 18379 - Directory Listing
Modified Wed Apr 22 15:07:23 2015 UTC (6 years, 5 months ago) by msalle
Update version



Revision 18378 - Directory Listing
Modified Wed Apr 22 15:04:37 2015 UTC (6 years, 5 months ago) by msalle
Update version


Revision 18377 - Directory Listing
Modified Wed Apr 22 15:03:32 2015 UTC (6 years, 5 months ago) by msalle
Update version


Revision 18376 - Directory Listing
Modified Wed Apr 22 14:55:19 2015 UTC (6 years, 5 months ago) by msalle
Update version


Revision 18375 - Directory Listing
Modified Wed Apr 22 14:55:05 2015 UTC (6 years, 5 months ago) by msalle
Update NEWS file


Revision 18374 - Directory Listing
Modified Wed Apr 22 14:40:29 2015 UTC (6 years, 5 months ago) by msalle
Remove long deprecated build.sh script


Revision 18373 - Directory Listing
Modified Wed Apr 22 14:38:22 2015 UTC (6 years, 5 months ago) by msalle
Create differently named binary for --enable-sslcleanup
Use -rdynamic only for linking
Minor changes to prevent implicit casts
Cleanup slightly more SSL memory


Revision 18372 - Directory Listing
Modified Wed Apr 22 13:44:10 2015 UTC (6 years, 5 months ago) by msalle
Update version


Revision 18371 - Directory Listing
Modified Tue Apr 21 16:01:52 2015 UTC (6 years, 5 months ago) by msalle
Update NEWS file and version in configure.ac


Revision 18370 - Directory Listing
Modified Tue Apr 21 11:21:57 2015 UTC (6 years, 5 months ago) by msalle
Clarify comment in lcmaps_scas_client, protect against 0 endpoints in the C-PEP.


Revision 18369 - Directory Listing
Modified Tue Apr 21 11:07:02 2015 UTC (6 years, 5 months ago) by msalle
Update NEWS file


Revision 18368 - Directory Listing
Modified Tue Apr 21 11:03:51 2015 UTC (6 years, 5 months ago) by msalle
Add clarification on the importance of initializing the certcheck counter.


Revision 18367 - Directory Listing
Modified Tue Apr 21 09:32:41 2015 UTC (6 years, 5 months ago) by msalle
Retry count is for whole loop: hence for more than one endpoint we want to use
just 1, not the number of endpoints. 


Revision 18366 - Directory Listing
Modified Tue Apr 21 08:04:05 2015 UTC (6 years, 5 months ago) by msalle
Fix bug when VOMS AC is expired and we use DN+FQANs instead of chain: nfqan is
then -1 and we should handle that accordingly (by passing an empty vomsdata
struct).


Revision 18365 - Directory Listing
Modified Fri Apr 17 11:44:39 2015 UTC (6 years, 6 months ago) by msalle
Fix typo: missing **


Revision 18364 - Directory Listing
Modified Fri Apr 17 09:16:50 2015 UTC (6 years, 6 months ago) by msalle
Remove unused variable


Revision 18363 - Directory Listing
Modified Fri Apr 17 09:15:51 2015 UTC (6 years, 6 months ago) by msalle
Comment out unneeded assignment with explanatory note.


Revision 18362 - Directory Listing
Modified Fri Apr 17 09:12:26 2015 UTC (6 years, 6 months ago) by msalle
Comment out one bit of currently unused code (with clarifying comment).


Revision 18361 - Directory Listing
Modified Thu Apr 16 16:21:59 2015 UTC (6 years, 6 months ago) by msalle
Completely remove major_status variable since it's unused. Also add appropriat
ifdef construction.


Revision 18360 - Directory Listing
Modified Thu Apr 16 15:57:57 2015 UTC (6 years, 6 months ago) by msalle
Log warning when BIO_set_close() does not return 1, mainly to prevent compiler
and cppcheck warnings.


Revision 18359 - Directory Listing
Modified Thu Apr 16 15:47:22 2015 UTC (6 years, 6 months ago) by msalle
Fix typos


Revision 18358 - Directory Listing
Modified Thu Apr 16 15:21:15 2015 UTC (6 years, 6 months ago) by msalle
Fix typo


Revision 18357 - Directory Listing
Modified Thu Apr 16 15:09:33 2015 UTC (6 years, 6 months ago) by msalle
Fix cppcheck warnings:
- properly check realloc (first in tmp) to prevent leaks
- remove unneeded checks and nullifications
- initialize struct sigaction to completely 0
- even close pidfile in case of write error


Revision 18356 - Directory Listing
Modified Thu Apr 16 13:10:18 2015 UTC (6 years, 6 months ago) by msalle
Fix typo


Revision 18355 - Directory Listing
Modified Thu Apr 16 12:50:06 2015 UTC (6 years, 6 months ago) by msalle
Fix warnings from cppcheck:
- scas-client only: pep_obligation_handlers.c
    * check return val of addUid, addPGid and addSGid but don't store.
- scas only:
    * pdp_xacml_authz_process.c:
	remove unused variables (even undeffed)
	cast uid/gid to unsigned before printing. 
    * main.c
	prevent not closing pidfile upon error
- Both:
    * remove dead code xacml_addr2host()
    * move BIO_flush() into the appropriate if block to prevent potential null
      pointer dereferencing



Revision 18354 - Directory Listing
Modified Thu Apr 16 12:42:29 2015 UTC (6 years, 6 months ago) by msalle
- replace ++ after variable with ++ before: according to cppcheck this is more
  efficient for non-basic types.
- fix memory leak in out-of-mem situation with realloc.
- lower scope of variable (for C++ we don't mind doing that).


Revision 18353 - Directory Listing
Modified Thu Apr 16 12:40:11 2015 UTC (6 years, 6 months ago) by msalle
- Just define logstr, don't try to check whether __func__ is defined (we don't
  do with other functions either).
- Check for return val NULL of X509_NAME_oneline()
- unused grid-proxy-verify.c:
    * fix dereferencing bug
    * check for NULL return val of X509_NAME_oneline()
    * don't check for NULL when calling free()
    * reinsert main()



Revision 18352 - Directory Listing
Modified Thu Apr 16 12:37:44 2015 UTC (6 years, 6 months ago) by msalle
No need to check for NULL when calling free()


Revision 18351 - Directory Listing
Modified Thu Apr 16 12:37:03 2015 UTC (6 years, 6 months ago) by msalle
Fix warnings from cppcheck:
- remove unused functions setPEPdurl()/getPEPdurl() and getAccountInfo()
- don't store otherwise (and always ==1) return val of BIO_set_close()


Revision 18350 - Directory Listing
Modified Thu Apr 16 12:34:17 2015 UTC (6 years, 6 months ago) by msalle
- Fix number of issues in lcmaps_ldap.c (still unsupported code):
    * replace unsafe strcpy+strcat with snprintf
    * explicitly cast uid_t/gid_t to unsigned for printing and print as such.
    * fix 2 free+nullification errors (missing {})
    * fix memleak with temppwd (in case of error)
- Fix warnings from cppcheck in posix_enf:
    * explicitly cast uid_t/gid_t to unsigned for printing and print as such.


Revision 18349 - Directory Listing
Modified Thu Apr 16 12:22:30 2015 UTC (6 years, 6 months ago) by msalle
Fix warnings from cppcheck:
- remove unused semi-private function lcmaps_concat_strings()
- remove unused semi-private function lcmaps_get_top_rule()
- remove unused semi-private lcmaps_get_variables()
- fix realloc memleaks
- check for number of out-of-memories with {re,c,m}alloc
- simplify number of construction (around places warned by cppcheck) and remove
  useless nullification of some variables and parameters.


Revision 18348 - Directory Listing
Modified Thu Apr 16 12:16:00 2015 UTC (6 years, 6 months ago) by msalle
Fix warning from cppcheck: properly use realloc


Revision 18347 - Directory Listing
Modified Thu Apr 16 12:13:58 2015 UTC (6 years, 6 months ago) by msalle
Fix warnings from cppcheck, replace if+do/while by while


Revision 18346 - Directory Listing
Modified Thu Apr 16 12:12:52 2015 UTC (6 years, 6 months ago) by msalle
Fix (harmless) warning from cppcheck.


Revision 18345 - Directory Listing
Modified Wed Apr 15 08:15:15 2015 UTC (6 years, 6 months ago) by msalle
- Use safe_id_range_list.h inside safe_is_path_trusted.h
- Explicitly put NULL, 0 inside the snprint testing for the length. This is more
  clear (allowed by POSIX). Remove cast from 0UL to size_t as casting it
  confuses cppcheck.


Revision 18344 - Directory Listing
Modified Wed Apr 15 07:48:27 2015 UTC (6 years, 6 months ago) by msalle
Add include for limits.h which on most platforms defined PATH_MAX. This also
fixes an error from cppcheck.


Revision 18343 - Directory Listing
Modified Tue Apr 14 16:22:15 2015 UTC (6 years, 6 months ago) by msalle
Fix warnings/errors found using cppcheck


Revision 18342 - Directory Listing
Modified Tue Apr 14 16:20:31 2015 UTC (6 years, 6 months ago) by msalle
Fix warnings from cppcheck



Revision 18341 - Directory Listing
Modified Tue Apr 14 16:19:55 2015 UTC (6 years, 6 months ago) by msalle
Fix warnings from cppcheck


Revision 18340 - Directory Listing
Modified Tue Apr 14 12:41:08 2015 UTC (6 years, 6 months ago) by msalle
For newer gSOAP (at least 2.8.16 as used by RH7) we get an ID and Version in the
SAML assertion. If not set, Argus (openSAML actually) fails on this.


Revision 18339 - Directory Listing
Modified Tue Apr 14 09:20:41 2015 UTC (6 years, 6 months ago) by msalle
Fix copy&paste error, found by David Binderman <dcb314@hotmail.com>:
in three places we incorrectly compare
    (rc & LCMAPS_CRED_NO_DN) == LCMAPS_CRED_NO_FQAN
It's (mostly) harmless, since the error would have already been logged elsewhere
and will still be caught later. We might need to remove the errors here in any
case.
Also fix some wording in a few places.


Revision 18338 - Directory Listing
Modified Tue Apr 14 09:04:23 2015 UTC (6 years, 6 months ago) by msalle
Fix recognizing legacy proxies for empty subject EECs
Reuse a few strlen() calls.


Revision 18337 - Directory Listing
Modified Thu Apr 2 15:28:26 2015 UTC (6 years, 6 months ago) by msalle
Latest updates in the example certificate_tester.sh script.


Revision 18336 - Directory Listing
Modified Tue Mar 31 12:09:28 2015 UTC (6 years, 6 months ago) by msalle
Few more additions


Revision 18335 - Directory Listing
Modified Tue Mar 31 12:01:33 2015 UTC (6 years, 6 months ago) by msalle
Update NEWS file with latest updates.


Revision 18334 - Directory Listing
Modified Mon Mar 30 14:20:29 2015 UTC (6 years, 6 months ago) by msalle
Add three bogus proxy types:
1) "ca_proxy" having both CA extensions and proxy extensions
2) "rfc3820_globus_proxy" having both RFC *and* GT3 pci extensions
3) "multi_rfc3820_proxy" having two RFC pci extensions (one with, one without
proxy pathlength constraint.

NOTE: These proxies are supposed to fail since they cannot be handled in a
well-defined way.


Revision 18333 - Directory Listing
Modified Mon Mar 30 14:17:17 2015 UTC (6 years, 6 months ago) by msalle
Continue to check (also) GT3 pci extension when we found a RFC pci, to catch
dual certificates having both (=evil).
Move istype() macro to verify-lib/src_internal/_verify_x509.h and rename in CERTISTYPE()



Revision 18332 - Directory Listing
Modified Fri Mar 27 15:10:42 2015 UTC (6 years, 6 months ago) by msalle
Java voms-proxy-init creates GT3 proxies with RFC-ordered proxycertinfo: make
sure we can handle those. Try first 'official' GT3, then fallback on RFC-type


Revision 18331 - Directory Listing
Modified Fri Mar 27 14:14:47 2015 UTC (6 years, 6 months ago) by msalle
Add comments to clarify compiler warnings coming from incorrect cast, due to
borked openssl macros (known issue).


Revision 18330 - Directory Listing
Modified Fri Mar 27 13:40:52 2015 UTC (6 years, 6 months ago) by msalle
Make CA_dir const char * to suppress compiler warning.


Revision 18329 - Directory Listing
Modified Fri Mar 27 13:15:32 2015 UTC (6 years, 6 months ago) by msalle
Remove unused variable
Move sometimes unused macro to the right place
Fix invalid return of "" instead of strdup(""), since it will be freed.


Revision 18328 - Directory Listing
Modified Fri Mar 27 12:07:55 2015 UTC (6 years, 6 months ago) by msalle
Minor changing in the logging. Also, delay both expired and not-yet-valid errors
till later.


Revision 18327 - Directory Listing
Modified Thu Mar 26 16:12:23 2015 UTC (6 years, 6 months ago) by msalle
- Warn and then replace existing aliases for proxies (for normal certs, the
  subject DN is unique)
- Dump warning (and hence errors) also to the logfile


Revision 18326 - Directory Listing
Modified Thu Mar 26 15:41:55 2015 UTC (6 years, 6 months ago) by msalle
Add few missing entries to the local lines


Revision 18325 - Directory Listing
Modified Thu Mar 26 15:21:15 2015 UTC (6 years, 6 months ago) by msalle
openssl.cnf:
- add proxy_ca section, to be used when signing proxy request using the ca tool
  instead of the x509 -req tool, see the new create_proxy() function
functions:
- new create_proxy function based on the ca tool instead of using x509 -req.
  This allows setting arbitrary start and end times and provides in any case
  more flexibility. The old one is now create_proxy_basic.
- create function getname(), which should be used only by the other functions,
  to obtain a 'filename' from the subject DN, used for making the aliases.
- create aliases/symlinks for all created certs of the form of the subjectDN
- add support for setting the signing hash. Note that this is not automatically
  the one used for creating the CSR.


Revision 18324 - Directory Listing
Modified Wed Mar 25 16:11:28 2015 UTC (6 years, 6 months ago) by msalle
Add support for specifying proxy bit length.


Revision 18323 - Directory Listing
Modified Wed Mar 25 16:07:37 2015 UTC (6 years, 6 months ago) by msalle
openssl.cnf:
- add support for anylang_policy (=1.3.6.1.5.5.7.21.0)

functions:
- add support for specifying a different extensions set, other than one of the
  proxy ones (can then test CA->EEC->EEC, or CA->EEC->CA etc.) and obtain
  subject info for issuing cert only when actually needed.
- create also old-hashes for CAs
- allow setting the bit-length (within restrictions) for subCAs (not only CAs)
  and EECs



Revision 18322 - Directory Listing
Modified Fri Mar 20 15:33:45 2015 UTC (6 years, 6 months ago) by msalle
Only use proxy pathlen error code for newer (-; openssl versions.


Revision 18321 - Directory Listing
Modified Fri Mar 20 15:21:23 2015 UTC (6 years, 6 months ago) by msalle
- Further fix logging of expected proxy:
  when all types of proxy are fine: "any type of ", when any language: "proxy of
  any language". This way we get e.g. 'any type of limited proxy' etc.
- update return values of grid_verifyChain() to be more instructive
- use istype() macro also in other places.


Revision 18320 - Directory Listing
Modified Thu Mar 19 16:50:38 2015 UTC (6 years, 6 months ago) by msalle
- merge OLD_PROXYCERTINFO_OID with identical GLOBUS_PROXY_V3_OID, only use
  latter.
- Fully remove GLOBUS_PROXY_V2_OID
- Add support for Any Language policy language, 1.3.6.1.5.5.7.21.0
- Make much more use of flag structure: check type has limited flag instead of
  actual comparison for all types.
- New function get_proxy_lang() to get add proxy type from the proxy cert info
  extension: can use for both GT3 and RFC. This simplifies
  verify_type_of_proxy()
- fix mem leak when pc pathlen was exceeded (issuer dn)
- remove check for proxy CN for RFC and GT3 proxies, as that's already done
  elsewhere
- make grid_certificate_type_str() public in the form
  verify_certificate_type_str() and rework using macros to make it much cleaner.
- replace grid_generate_proxy_expectation_error_message() into
  grid_get_expected_proxy_string() which is also much cleaner, completer (and
  perhaps faster).
- rename grid_verifyPathLenConstraints() into grid_verifyChain() to reflect the
  actual function
- implement 'caching' for grid_verifyChain, to return X509_V_OK directly if we
  previously returned that: no point in checking the entire chain multiple
  times.


Revision 18319 - Directory Listing
Modified Wed Mar 18 16:54:52 2015 UTC (6 years, 7 months ago) by msalle
- Merge grid_verifyProxy() into grid_verifyPathLenConstraints()
- Fix bug with obtaining proxy pathlen for GT3: have to do by hand, not using
  cert->ex_pcpathlen. We implement a generic get_proxy_pathlength() function.
- Use GLOBUS_PROXY_V3_SN and GLOBUS_PROXY_V3_LN for defining the object
- sync the PROXYPOLICY and PROXYCERTINFO with openssl internal
- use the _new and _free function created using the DECLARE_ASN1_FUNCTIONS() and
  IMPLEMENT_ASN1_FUNCTIONS() macros
- simplify and cleanup verify_X509_verify()
- replace looping over extension and obtaining right ones by hand using
  X509_get_ext_d2i() instead of X509_get_ext(), X509_EXTENSION_get_object(),
  OBJ_obj2txt() etc. 
- Add comments to _verify_proxy_certinfo.c and use the
  IMPLEMENT_ASN1_FUNCTIONS() macros
- only call d2i_myPROXYCERTINFO_v3 for a GT3 proxy, not both with failover.
- fix off-by-one error in myproxycertinfo_i2s()
- Replace bogus cast function into 'log-error-message' function for
  myproxycertinfo_s2i()
- Don't check extension GLOBUS_PROXY_V2_OID, it's defined as RFC. There is no
  GT2 proxy oid.


Revision 18318 - Directory Listing
Modified Mon Mar 16 16:17:52 2015 UTC (6 years, 7 months ago) by msalle
Further memory cleanup:
- should call myPROXYCERTINFO_free() on proxy certinfo, hence make it public.
- should call X509_STORE_CTX_free() and X509_STORE_free() also in case of failure.
Use definitions of PROXYPOLICY and PROXYCERTINFO in verify_x509_datatypes.h
(latter extended with version field) for those in _verify_proxy_certinfo.c



Revision 18317 - Directory Listing
Modified Mon Mar 16 13:47:38 2015 UTC (6 years, 7 months ago) by msalle
Fix few memory leaks.


Revision 18316 - Directory Listing
Modified Mon Mar 16 12:27:37 2015 UTC (6 years, 7 months ago) by msalle
Add comments.


Revision 18315 - Directory Listing
Modified Fri Mar 13 14:37:52 2015 UTC (6 years, 7 months ago) by msalle
Some parameters should be const looking at the openSSL prototypes.


Revision 18314 - Directory Listing
Modified Fri Mar 13 14:08:34 2015 UTC (6 years, 7 months ago) by msalle
Fix building of standalone-tool: it needs the GT3 proxy definition:
- copy and slightly adapt the GT3 and RFC proxy cert info definitions and add as
  two new files: _verify_proxy_certinfo.[ch]
- also build the binary tool grid-proxy-verify
Fix minor two compiler warnings.



Revision 18313 - Directory Listing
Modified Fri Mar 13 09:36:42 2015 UTC (6 years, 7 months ago) by msalle
- Add support for password-less certificate keys, useful for hostcerts.
- Only define OPENSSL_CONF and CONFDIR when they are unset


Revision 18312 - Directory Listing
Modified Thu Mar 12 21:23:23 2015 UTC (6 years, 7 months ago) by msalle
Redefine proxy types in terms of basic proxy certinfo type (e.g. GT2, RFC) and
policy language type (e.g. IMPERSONATION, LIMITED).


Revision 18311 - Directory Listing
Modified Thu Mar 12 19:44:58 2015 UTC (6 years, 7 months ago) by msalle
Use "^ *" instead of "^ \+" in sed which is also fine and makes the native
OpenSolaris happy, since it seems to lack support of the \+


Revision 18310 - Directory Listing
Modified Thu Mar 12 16:26:19 2015 UTC (6 years, 7 months ago) by msalle
Test also restricted and independent proxies


Revision 18309 - Directory Listing
Modified Thu Mar 12 16:26:00 2015 UTC (6 years, 7 months ago) by msalle
Add bogus policy language to test restricted proxies.


Revision 18307 - Directory Listing
Modified Thu Mar 12 15:09:31 2015 UTC (6 years, 7 months ago) by msalle
Next version should be 1.5.7


Revision 18306 - Directory Listing
Modified Thu Mar 12 14:34:25 2015 UTC (6 years, 7 months ago) by msalle
Update NEWS file and version


Revision 18305 - Directory Listing
Modified Thu Mar 12 14:26:25 2015 UTC (6 years, 7 months ago) by msalle
Add support and better logging of non-impersonation proxies such as independent
and limited. The old code would wrongly categorize the less standard proxies due
to undefined NIDs. E.g. an unknown policy language (which is a 'restricted
proxy') would be categorized as limited. We now explicitly check that all used
NIDs for the known types are actually defined.
We currently handle independent and restricted proxies almost identical to the
'normal' ones concerning mixed chains: limited may only be followed by limited,
but can follow anything.
For simplicity we do the same for GT3 proxies as for RFC proxies, although it's
unclear whether independent and restricted proxies make any sense for GT3.
We use grid_certificate_type_str() for logging the type, i.e. code reuse.



Revision 18304 - Directory Listing
Modified Wed Mar 11 11:25:35 2015 UTC (6 years, 7 months ago) by msalle
Fix two typos


Revision 18303 - Directory Listing
Modified Wed Mar 11 10:47:54 2015 UTC (6 years, 7 months ago) by msalle
Add support for independent proxies (OID:1.3.6.1.5.5.7.21.2).
Add test/error for unsupported policy languages in legacy proxies.


Revision 18302 - Directory Listing
Modified Wed Mar 11 09:49:16 2015 UTC (6 years, 7 months ago) by msalle
Remove code duplication for pathlength checks.
Also do pathlength checks for GT3 proxies.


Revision 18301 - Directory Listing
Modified Wed Mar 11 09:18:02 2015 UTC (6 years, 7 months ago) by msalle
Add error message in case of verification failure: log depth and DN of failed
certificate in separate error message.


Revision 18297 - Directory Listing
Modified Mon Mar 9 14:06:59 2015 UTC (6 years, 7 months ago) by msalle
Update ChangeLog for 0.0.3 release


Revision 18296 - Directory Listing
Modified Wed Mar 4 15:09:55 2015 UTC (6 years, 7 months ago) by msalle
Return created serial number to caller to make it easier to keep track of
the serial numbers.


Revision 18295 - Directory Listing
Modified Mon Mar 2 15:07:51 2015 UTC (6 years, 7 months ago) by msalle
Add support for infinite (unset) pathlength constraints for proxies.


Revision 18294 - Directory Listing
Modified Mon Mar 2 14:43:56 2015 UTC (6 years, 7 months ago) by msalle
Add support for pathlength constraints on (root)CA


Revision 18293 - Directory Listing
Modified Mon Mar 2 13:42:26 2015 UTC (6 years, 7 months ago) by msalle
Add few extra proxy-from-proxies


Revision 18292 - Directory Listing
Modified Mon Mar 2 13:41:46 2015 UTC (6 years, 7 months ago) by msalle
- Add log-(mostly)-to-file possibility
- Add possibility for proxy-from-proxy


Revision 18291 - Directory Listing
Modified Mon Mar 2 12:49:22 2015 UTC (6 years, 7 months ago) by msalle
Do basic sanity test for the EEC: check it's not an RFC proxy itself
Add lines in NEWS file


Revision 18289 - Directory Listing
Modified Fri Feb 27 14:39:11 2015 UTC (6 years, 7 months ago) by msalle
Fix typo and don't need to EXTRA_DIST/CLEANFILES the man pages.


Revision 18288 - Directory Listing
Modified Fri Feb 27 14:33:06 2015 UTC (6 years, 7 months ago) by msalle
Need to also move output of the man pages to the subdir


Revision 18287 - Directory Listing
Modified Fri Feb 27 14:12:12 2015 UTC (6 years, 7 months ago) by msalle
First checkin of certificate_tester


Revision 18286 - Directory Listing
Modified Fri Feb 27 13:30:13 2015 UTC (6 years, 7 months ago) by msalle
Update man-pages: add extra text about robot certificates.
Add example lcmaps db file as documentation.


Revision 18285 - Directory Listing
Modified Mon Feb 23 13:34:41 2015 UTC (6 years, 7 months ago) by msalle
Fix regexp for DN: a + needs to be escaped for regex(3), otherwise it matches an
actual +. Also a / (slash) must be excluded in the pattern.


Revision 18277 - Directory Listing
Modified Wed Feb 18 16:25:58 2015 UTC (6 years, 7 months ago) by msalle
Update ChangeLog file


Revision 18276 - Directory Listing
Modified Wed Feb 18 16:09:01 2015 UTC (6 years, 7 months ago) by msalle
Minor addition to NEWS file, add new symbols to (unused) .sym files.


Revision 18270 - Directory Listing
Modified Tue Feb 17 15:51:27 2015 UTC (6 years, 7 months ago) by msalle
Update ChangeLog for release (now correct ChangeLog)


Revision 18267 - Directory Listing
Modified Tue Feb 17 15:45:16 2015 UTC (6 years, 7 months ago) by msalle
Update ChangeLog for release


Revision 18263 - Directory Listing
Modified Tue Feb 17 11:55:43 2015 UTC (6 years, 7 months ago) by msalle
Need e.g. stddef.h for NULL


Revision 18262 - Directory Listing
Modified Tue Feb 17 11:39:00 2015 UTC (6 years, 7 months ago) by msalle
Update NEWS file, fix minor typo.


Revision 18261 - Directory Listing
Modified Tue Feb 17 11:26:37 2015 UTC (6 years, 7 months ago) by msalle
Properly deprecate lcmaps_voms plugin: only print warning that it should be
removed since it's deprecated. Hence we no longer need AC_VOMS, AC_GLOBUS,
lcmaps_voms_gsi_utils.h nor plugin_test.c which tested this lcmaps_voms plugin.


Revision 18260 - Directory Listing
Modified Tue Feb 17 11:00:55 2015 UTC (6 years, 7 months ago) by msalle
Accidentally also removed globus checks.
Need to link lcmaps_voms.mod against globus libs.


Revision 18259 - Directory Listing
Modified Tue Feb 17 10:52:48 2015 UTC (6 years, 7 months ago) by msalle
Remove --{dis,en}able-gsi flag from configure as it only switched between
building or not building the voms plugin.
Also remove plugin_test.h


Revision 18257 - Directory Listing
Modified Tue Feb 17 10:11:10 2015 UTC (6 years, 7 months ago) by msalle
Update ChangeLog files for release


Revision 18256 - Directory Listing
Modified Tue Feb 17 10:04:23 2015 UTC (6 years, 7 months ago) by msalle
Little bit of extra information in the NEWS file.


Revision 18255 - Directory Listing
Modified Tue Feb 17 09:33:12 2015 UTC (6 years, 7 months ago) by msalle
Also remove plugin_test.h from Makefile.am


Revision 18254 - Directory Listing
Modified Tue Feb 17 09:31:00 2015 UTC (6 years, 7 months ago) by msalle
Add some extra clarifying text in NEWS file


Revision 18253 - Directory Listing
Modified Tue Feb 17 09:30:42 2015 UTC (6 years, 7 months ago) by msalle
Cleanup plugin_test files. Use standard lcmaps_plugin_prototypes.h header file.
Add some more clarifying text in NEWS files.


Revision 18249 - Directory Listing
Modified Wed Feb 11 13:34:33 2015 UTC (6 years, 8 months ago) by msalle
Update ChangeLog for release 0.0.2


Revision 18248 - Directory Listing
Modified Wed Feb 11 13:32:29 2015 UTC (6 years, 8 months ago) by msalle
Remove EGEE reference


Revision 18246 - Directory Listing
Modified Wed Feb 11 09:46:55 2015 UTC (6 years, 8 months ago) by msalle
Minor layout cleanup of llgt_{lcas,lcmaps}.c.
Adding some missing env variable descriptions.


Revision 18245 - Directory Listing
Modified Wed Feb 11 09:04:28 2015 UTC (6 years, 8 months ago) by msalle
Minor fixes in manpage


Revision 18244 - Directory Listing
Modified Mon Feb 9 17:01:42 2015 UTC (6 years, 8 months ago) by msalle
Fix doxygen comment


Revision 18243 - Directory Listing
Modified Mon Feb 9 16:42:43 2015 UTC (6 years, 8 months ago) by msalle
Need to define all CPP flags for LDAP plugin


Revision 18242 - Directory Listing
Modified Mon Feb 9 16:30:56 2015 UTC (6 years, 8 months ago) by msalle
Fix missing files in Makefile.am


Revision 18241 - Directory Listing
Modified Mon Feb 9 16:21:45 2015 UTC (6 years, 8 months ago) by msalle
Remove unused Makefile.am


Revision 18240 - Directory Listing
Modified Mon Feb 9 15:39:24 2015 UTC (6 years, 8 months ago) by msalle
Update DNs to be of robot form


Revision 18239 - Directory Listing
Modified Mon Feb 9 15:11:16 2015 UTC (6 years, 8 months ago) by msalle
Add configure/makefile support for LLRUN_SSLCLEANUP


Revision 18237 - Directory Listing
Modified Mon Feb 9 13:57:01 2015 UTC (6 years, 8 months ago) by msalle
Minor man-page fixes


Revision 18236 - Directory Listing
Modified Mon Feb 9 13:36:47 2015 UTC (6 years, 8 months ago) by msalle
Spell checked man pages.


Revision 18235 - Directory Listing
Modified Mon Feb 9 12:55:33 2015 UTC (6 years, 8 months ago) by msalle
Update and synchronize man pages.


Revision 18234 - Directory Listing
Modified Fri Feb 6 15:00:45 2015 UTC (6 years, 8 months ago) by msalle
Numerous updates to the man pages.


Revision 18233 - Directory Listing
Modified Fri Feb 6 14:17:45 2015 UTC (6 years, 8 months ago) by msalle
Update man-pages: escape minus signs and clarify and improve text.
Lower log-level for 'not enough group mappings' to LOG_WARNING.



Revision 18232 - Directory Listing
Modified Fri Feb 6 12:58:40 2015 UTC (6 years, 8 months ago) by msalle
- Synchronize and improve GID mapping options between localaccount and
  poolaccount plugins. We introduce two new options to complete the set:
     --use-account-gid
     --do-not-add-secondary-gids-from-mapped-account
  We have two 'global' options to set the default:
  --use-voms-gid and --use-account-gid (new option). The former
  instructs the plugin not to use the pGID/sGID information of the mapped
  account by default, the latter does the opposite. The former is default for
  the voms_poolaccount plugin the latter is the default for the
  voms_localaccount plugin.
  The actual behaviour can be tuned using the other flags, for the pGID:
     --do-not-add-primary-gid-from-mapped-account,
     --add-primary-gid-from-mapped-account,
     --add-primary-gid-as-secondary-gid-from-mapped
  where the latter two can be combined with eachother. For the sGIDs:
     --do-not-add-secondary-gids-from-mapped-account (new option)
     --add-secondary-gids-from-mapped-account
  We first parse all the cmdline options, checking for consistency, then use
  them to set two variables, pgid_mapping and sgid_mapping which determine what
  we will actually do. This also reduces the number of global variables and
  improves the feedback on inconsistent options.
  The only difference between the voms_localaccount and voms_poolaccount
  plugins is the default: voms_localaccount has --use-account-gid as default
  voms_poolaccount has --use-voms-gid as default.
- Update the man pages to include this information, plus also the env
  variables/defaults for the grid-mapfile/gridmapdir.
  Also update the text for the --(do-not-)require-primary-gid options.
- Update NEWS file.



Revision 18231 - Directory Listing
Modified Thu Feb 5 11:42:39 2015 UTC (6 years, 8 months ago) by msalle
Fix typo


Revision 18230 - Directory Listing
Modified Thu Feb 5 11:39:05 2015 UTC (6 years, 8 months ago) by msalle
Don't log skipping empty mappings, it's misleading...


Revision 18229 - Directory Listing
Modified Thu Feb 5 10:40:12 2015 UTC (6 years, 8 months ago) by msalle
Synchronize and improve logging of matching/non-matching entries between the
plugins:
- when we fail to do a mapping, we log as much as possible (DN, mapcounter,
  req_username, grid-mapfile and -dir) on LOG_NOTICE.
- Otherwise, we log the essential information on LOG_DEBUG.
- Also log the number of the FQAN (on DEBUG) counting from 1.
- Standardize the text and prevent logging NULL grid-mapfiles.


Revision 18228 - Directory Listing
Modified Wed Feb 4 17:06:42 2015 UTC (6 years, 8 months ago) by msalle
Add missing }


Revision 18227 - Directory Listing
Modified Wed Feb 4 17:02:18 2015 UTC (6 years, 8 months ago) by msalle
- Further synchronize and cleanup logging of the different plugins.
- Also introduce new option REQUIRE_MAPFILE to signal to lcmaps_gridmapfile()
  that it should not use the 'own account' in case a default gridmapfile does
  not exist. This option is currently set for all plugins, except the
  lcmaps_localaccount and lcmaps_robot_localaccount plugins.
- Replace few non-standard names with standardized 'per-user sub-proxy'


Revision 18226 - Directory Listing
Modified Tue Feb 3 16:36:46 2015 UTC (6 years, 8 months ago) by msalle
Don't treat backslash as special, just compare as is. Otherwise UTF8 breaks.


Revision 18225 - Directory Listing
Modified Tue Feb 3 15:19:29 2015 UTC (6 years, 8 months ago) by msalle
Enclose in quotes and unify logtext when no matching mapping has been found.


Revision 18224 - Directory Listing
Modified Tue Feb 3 15:08:32 2015 UTC (6 years, 8 months ago) by msalle
Lower log level of non-matching mapping entries to LOG_DEBUG


Revision 18223 - Directory Listing
Modified Tue Feb 3 14:54:55 2015 UTC (6 years, 8 months ago) by msalle
Do not need to test whether username is valid (robot and basic localaccount)
Prevent double logging of username for voms_localaccount


Revision 18222 - Directory Listing
Modified Mon Feb 2 16:24:19 2015 UTC (6 years, 8 months ago) by msalle
Should not pass a 'requested username' for poolgroup


Revision 18221 - Directory Listing
Modified Mon Feb 2 13:57:09 2015 UTC (6 years, 8 months ago) by msalle
Don't print unset mapcounters.


Revision 18220 - Directory Listing
Modified Mon Feb 2 11:51:14 2015 UTC (6 years, 8 months ago) by msalle
Update NEWS file.


Revision 18219 - Directory Listing
Modified Mon Feb 2 11:50:43 2015 UTC (6 years, 8 months ago) by msalle
Add mapcounter option to help.
Add (commented out) ssl cleanup functions.


Revision 18218 - Directory Listing
Modified Mon Feb 2 11:37:13 2015 UTC (6 years, 8 months ago) by msalle
Add support for mapcounter.


Revision 18217 - Directory Listing
Modified Mon Feb 2 11:00:49 2015 UTC (6 years, 8 months ago) by msalle
Fix remaining documentation warnings.


Revision 18216 - Directory Listing
Modified Mon Feb 2 10:46:42 2015 UTC (6 years, 8 months ago) by msalle
Fix minor compiler warnings: documentation mainly.


Revision 18215 - Directory Listing
Modified Mon Feb 2 10:25:33 2015 UTC (6 years, 8 months ago) by msalle
Fix doxygen/documentation compiler warnings (except retval which is a clang
bug).


Revision 18214 - Directory Listing
Modified Mon Feb 2 10:02:44 2015 UTC (6 years, 8 months ago) by msalle
Update version lcmaps-plugins-voms, update NEWS file lcmaps-plugins-basic and
-voms 


Revision 18213 - Directory Listing
Modified Sun Feb 1 13:03:51 2015 UTC (6 years, 8 months ago) by msalle
Stop pluginmanager if starting it failed: this will clean-up e.g. lex/yacc
memory.


Revision 18212 - Directory Listing
Modified Fri Jan 30 14:14:37 2015 UTC (6 years, 8 months ago) by msalle
Syncing back from lcmaps-plugins-{basic,voms}:
Also:
- remove unused variable newleasename


Revision 18211 - Directory Listing
Modified Fri Jan 30 14:10:41 2015 UTC (6 years, 8 months ago) by msalle
Syncing code between lcmaps-plugins-{basic,voms,robot}:
- Makefile.am only in src/ directory.
- use new lcmaps_gridmap{file,dir} code
- use shipped lcmaps_plugin_prototypes.h only when needed
- use only mapdir and mapfile in logmessages that will be used both for
  gridmapping and groupmapping (new lcmaps_gridmap*.c files)
- only require user_dn lcmaps data for lcmaps_voms_poolaccount which actually
  uses it.
- voms localaccount:
  - rework concistency checking of cmdline parms
  - check both requested username and uid
- voms poolaccount:
  - introduce new function get_gid_string() to build-up the gidbuffer.
  - option --require-primary-gid no longer triggers an error when the first FQAN
    did not result in a poolaccount mapping. This brings it in sync with the man
    page. The error was probably a bug. It is unclear what the supposed
    functionality was.
- voms poolgroup:
  - do not require the requested_* lcmaps data, since it wasn't used in any
    case. We should perhaps once properly implement this.


Revision 18210 - Directory Listing
Modified Fri Jan 30 13:47:07 2015 UTC (6 years, 8 months ago) by msalle
Syncing code between lcmaps-plugins-{basic,voms,robot}
Other:
- remove unneeded newleasename in lcmaps_poolaccount.c
- generalize gridmap* -> map* in log messages for use with groupmapping.


Revision 18209 - Directory Listing
Modified Wed Jan 28 10:25:42 2015 UTC (6 years, 8 months ago) by msalle
Update version


Revision 18208 - Directory Listing
Modified Wed Jan 28 10:24:53 2015 UTC (6 years, 8 months ago) by msalle
Minor bug fixes:
- remove unneeded header files
- include config.h before LCMAPS header files.
- set banmapfile=NULL after freeing.
- when plugin fails/succeeds use proper name (i.e. prefixed with robot_)
- casting from value to pem needs to go via char **, also for local- and
  poolaccount.
- replace __func__ for logstr.


Revision 18207 - Directory Listing
Modified Wed Jan 28 10:22:05 2015 UTC (6 years, 8 months ago) by msalle
Syncing code with lcmaps-plugins-robot: in particular move to new
lcmaps_gridmapfile and lcmaps_gridmapdir files and functions.
Also remove per-plugin Makefile.am and instead put everything in src/Makefile.am
Properly use the lcmaps_plugin_prototypes.h function only when needed.


Revision 18201 - Directory Listing
Modified Tue Jan 27 09:48:05 2015 UTC (6 years, 8 months ago) by msalle
Adding ChangeLog


Revision 18200 - Directory Listing
Modified Tue Jan 27 09:42:19 2015 UTC (6 years, 8 months ago) by msalle
Rename lcmaps_gridlist into lcmaps_gridmapfile to prevent potential name clash
with older and incompatible versions of the same function in other plugins.
Strictly speaking the symbol should be resolved only locally due to the absence
of RTLD_GLOBAL in lcmaps' dlopen but we better not rely on that.



Revision 18199 - Directory Listing
Modified Tue Jan 27 09:09:42 2015 UTC (6 years, 8 months ago) by msalle
Need to check for continuation character also in remainder.


Revision 18198 - Directory Listing
Modified Tue Jan 27 08:07:21 2015 UTC (6 years, 8 months ago) by msalle
Remove reference to file for function also used for dirs.


Revision 18197 - Directory Listing
Modified Mon Jan 26 20:27:51 2015 UTC (6 years, 8 months ago) by msalle
Clarify GRIDMAPDIR env var in man page.
spell-out dirname -> directory.


Revision 18196 - Directory Listing
Modified Mon Jan 26 16:57:43 2015 UTC (6 years, 8 months ago) by msalle
Create man pages in configure stage


Revision 18195 - Directory Listing
Modified Mon Jan 26 16:45:30 2015 UTC (6 years, 8 months ago) by msalle
Minor updates to text of man pages.


Revision 18194 - Directory Listing
Modified Mon Jan 26 16:31:44 2015 UTC (6 years, 8 months ago) by msalle
Create man pages in configure stage to get package name and version included.


Revision 18193 - Directory Listing
Modified Mon Jan 26 16:30:34 2015 UTC (6 years, 8 months ago) by msalle
Minor updates to man pages: e.g. properly escape minus signs. 


Revision 18190 - Directory Listing
Modified Mon Jan 26 14:35:48 2015 UTC (6 years, 8 months ago) by msalle
Make sure to use the shipped lcmaps_plugin_prototypes.h when needed and to
always package them.


Revision 18189 - Directory Listing
Modified Fri Jan 23 15:57:06 2015 UTC (6 years, 8 months ago) by tamasb
implementation of third test case with AUTH_METHOD=PROXY



Revision 18187 - Directory Listing
Modified Fri Jan 23 13:55:14 2015 UTC (6 years, 8 months ago) by msalle
Adding NEWS file.


Revision 18186 - Directory Listing
Modified Fri Jan 23 12:31:52 2015 UTC (6 years, 8 months ago) by tamasb
/etc/profile sourced over ssh so that we get the right environment


Revision 18185 - Directory Listing
Modified Fri Jan 23 12:10:43 2015 UTC (6 years, 8 months ago) by msalle
- when freeing gridmap{dir,file} reset to NULL
- fix typo for gridmapdir cleanup: should free gridmapdir, not gridmapfile
- lower one log message to warning instead of err.
- log whether we use the *default* grid-mapfile
- raise level of logging that we cannot open grid-mapfile.
- fix memleak when using 'default' (i.e. from env variable) mapdir.
- should prefix GRIDMAPDIR env variable when applicable: restructure
  get_default_mapdir() for that.


Revision 18184 - Directory Listing
Modified Fri Jan 23 11:37:05 2015 UTC (6 years, 8 months ago) by tamasb
made the 'service' command path agnostic. 
we just update $PATH with the right /sbin dir


Revision 18183 - Directory Listing
Modified Fri Jan 23 10:30:26 2015 UTC (6 years, 8 months ago) by msalle
Rename remove -> remove_lease to prevent warning on Solaris


Revision 18182 - Directory Listing
Modified Fri Jan 23 09:35:10 2015 UTC (6 years, 8 months ago) by msalle
We're building all plugins from src/ dir Makefile.


Revision 18181 - Directory Listing
Modified Thu Jan 22 17:08:15 2015 UTC (6 years, 8 months ago) by msalle
Minor updates to the man-pages. Primarily the naming of the per-user
sub-proxies.


Revision 18180 - Directory Listing
Modified Thu Jan 22 17:06:41 2015 UTC (6 years, 8 months ago) by msalle
- use (already obtained) inode of the pool-entry to check that the hardlinking
  succeeded. This is much more reliable and reduces the need of an additional
  lstat().
- need to utime() after link(): link does not update the time stamp.
- log more in case the wrong lease already exists, typically when link() fails:
  can happen in certain race conditions.
- add extra comments in create_link()


Revision 18179 - Directory Listing
Modified Thu Jan 22 16:34:02 2015 UTC (6 years, 8 months ago) by tamasb
exits with -1 if there is at least one FAILed test


Revision 18178 - Directory Listing
Modified Thu Jan 22 16:09:30 2015 UTC (6 years, 8 months ago) by tamasb
wrong path in CA_PATH
hardcoded path


Revision 18177 - Directory Listing
Modified Thu Jan 22 16:00:56 2015 UTC (6 years, 8 months ago) by tamasb
missed a path 'certificate/' component


Revision 18176 - Directory Listing
Modified Thu Jan 22 15:51:05 2015 UTC (6 years, 8 months ago) by tamasb
export ARGUS_IP and ARGUS_HOST


Revision 18175 - Directory Listing
Modified Thu Jan 22 15:33:05 2015 UTC (6 years, 8 months ago) by tamasb
the TEST_ROOT didn't work out. back to old form



Revision 18174 - Directory Listing
Modified Thu Jan 22 14:47:50 2015 UTC (6 years, 8 months ago) by tamasb
run.sh <- new entry point for the test.
   executes certificates/setup
   sets env for specific AUTH_METHOD
   runs remotetest

the rest of the files got modified to line up with the new path
which is now rooted in $TETS_ROOT


Revision 18173 - Directory Listing
Modified Thu Jan 22 10:36:09 2015 UTC (6 years, 8 months ago) by tamasb
use stop-start instead of restart (restart does not start server if already down)


Revision 18172 - Directory Listing
Modified Wed Jan 21 17:05:20 2015 UTC (6 years, 8 months ago) by tamasb
typo CLINET <-> CLIENT


Revision 18171 - Directory Listing
Modified Wed Jan 21 17:03:14 2015 UTC (6 years, 8 months ago) by msalle
Small updates to man pages to reflect actual code.


Revision 18170 - Directory Listing
Modified Wed Jan 21 17:02:42 2015 UTC (6 years, 8 months ago) by msalle
Update commentary about obtaining default files/relative files.


Revision 18169 - Directory Listing
Modified Wed Jan 21 16:57:00 2015 UTC (6 years, 8 months ago) by tamasb
sleep a little to wait until argus restarts


Revision 18168 - Directory Listing
Modified Wed Jan 21 16:53:25 2015 UTC (6 years, 8 months ago) by tamasb
restart pap instead of start


Revision 18167 - Directory Listing
Modified Wed Jan 21 16:49:48 2015 UTC (6 years, 8 months ago) by tamasb
no more running gracefully



Revision 18166 - Directory Listing
Modified Wed Jan 21 16:41:40 2015 UTC (6 years, 8 months ago) by msalle
- Do lstat() instead of stat() and check that entries are regular files. In
  particular symlinks can cause unexpected problems.


Revision 18165 - Directory Listing
Modified Wed Jan 21 16:38:40 2015 UTC (6 years, 8 months ago) by tamasb
more verbosity


Revision 18164 - Directory Listing
Modified Wed Jan 21 14:18:38 2015 UTC (6 years, 8 months ago) by msalle
- rigorous rewrite of get_pool_mapping(), get_req_pool_mapping() and
  create_link(). Carefully handle different scenarios, and do post-linking
sanity check on the hardlinks.
- revamp otherlink() function into simpler function, leaving the statting to the
  caller: shouldn't do many duplicate checks.
- rename references to user or account into mapping pool-entry.
- check explicitly that mapping_max < 10000
- don't return -1 in (renamed) pool matching function on non-conforming pool
  entry, just return 0
- reorder static functions into more logical order.


Revision 18163 - Directory Listing
Modified Fri Jan 16 14:04:18 2015 UTC (6 years, 9 months ago) by msalle
Fix gridmapdir code:
- split-off requested username from default pool mapping: get_req_pool_mapping()
  we need to check e.g. that the requested user account isn't taken yet. For a
  default pool mapping we would then skip to the next.
- fix mapcounter behaviour and check already in lcmaps_gridmapdir() instead of
  add_mapcount_to_leasename
- fix numerous memory leaks
- use int for options field
- split-off creating actual lease into new function gridmapdir_new_lease_item()
- prevent removing existing leases when we can't make a new one (e.g. wrong
  pool, etc.). For this we also move the removal of solitary leases to
  gridmapdir_new_lease_item.
- add input checks.


Revision 18162 - Directory Listing
Modified Wed Jan 14 16:40:52 2015 UTC (6 years, 9 months ago) by msalle
- Fix two memory leaks.
- Fix two log messages


Revision 18161 - Directory Listing
Modified Wed Jan 14 15:30:14 2015 UTC (6 years, 9 months ago) by msalle
- Don't use a default for gridmapdir, only env var.
- Use filename-prefixed logstring instead of __func__ for static functions.
- Rename get_subuser_dn into lcmaps_ prefixed name
- Lower some of the loglevels to make logging more meaningful, in particular
  only log configuration or internal errors on LOG_ERR. Also log proxy rfc DN on
  LOG_INFO.
- Check not only for unset but also for empty mapfilename
- Don't double-check for unset grid-mapfile.
- Further sync between ban_dn, local and poolaccount
- let lcmaps_gridlist return 0 when using 'self' and let caller check on
  non-NULL username (should set it to NULL itself).
- When using relative path, log that.
- When getting grid-mapfile from getenv, also log name of env var.


Revision 18160 - Directory Listing
Modified Tue Jan 13 20:03:15 2015 UTC (6 years, 9 months ago) by msalle
Unify using defaults for gridmapdir and gridlist.
Move checking for default gridmapdir to separate function, very similar to code
for gridlist.
Move SECURITY_DIR to gridlist header file.
Move code to return 'self' to gridlist itself. No place in mapfile code.
Lookup default in gridlist function itself.
Don't use strlen if we want to check len==0
Check for env vars also if their length > 0, otherwise still invalid.
Add comments to public headers.



Revision 18159 - Directory Listing
Modified Tue Jan 13 11:30:58 2015 UTC (6 years, 9 months ago) by msalle
When fetching the pem_string, value is a char**, not a char*
Free dn


Revision 18158 - Directory Listing
Modified Tue Jan 13 11:28:19 2015 UTC (6 years, 9 months ago) by msalle
Fix few memory leaks:
- certdir/vomsdir are dupped by VOMS_Init, so we can free them straight
  afterwards.
- when selecting leaf cert, don't dup, just store. It's not freed itself in any
  case.
- need to free lcmaps_credential->pem_string
- simplify code-flow in conversion pem->chain


Revision 18157 - Directory Listing
Modified Mon Jan 12 17:00:30 2015 UTC (6 years, 9 months ago) by msalle
Fix few memory issues:
- cleanup chain also in case of failure
- free sub-user-proxy DN
- free requested username also in case of success
- fix off-by-one size bug in malloc for grid-mapfile.
Don't pass gridmapdir via env variable, but via function argument
Cache result of is_normal_user(): simplifies code
Don't prefix relative path in normal_user mode.
Use getpwuid(getuid())->pw_dir instead of HOME/home/Home. That matches newer GT
behaviour in any case.



Revision 18156 - Directory Listing
Modified Fri Jan 9 14:23:44 2015 UTC (6 years, 9 months ago) by msalle
Add same default prefixing to ban_dn plugin


Revision 18155 - Directory Listing
Modified Fri Jan 9 14:22:28 2015 UTC (6 years, 9 months ago) by msalle
No longer need to prefix in get_mapfile, we already do that in the init stage.


Revision 18154 - Directory Listing
Modified Fri Jan 9 14:19:17 2015 UTC (6 years, 9 months ago) by msalle
Make lcmaps_get_prefixed_file() public, use for prefixing grid-mapfile and
grid-mapdir and use stat to check it succeeded. This way we can do this check
already in the init stage.


Revision 18153 - Directory Listing
Modified Fri Jan 9 13:40:19 2015 UTC (6 years, 9 months ago) by msalle
Add manpages for the three plugins.
Ban plugin should not fail if proxy is normal proxy or non-RFC.
Prefix the grid-mapfile in case it is a relative path. We probably need to make
this function get_prefixed_mapfile() public and call it already from the plugin
initialize functions, both for grid-mapfile and grid-mapdir. Remove statting the
grid-mapfile in the init phase for now, until we have properly prefix it there.
Fail for the time-being on non-absolute gridmapdirs.


Revision 18152 - Directory Listing
Modified Thu Jan 8 17:03:24 2015 UTC (6 years, 9 months ago) by msalle
*endptr != '\0' in case of error
check uid has been set, it otherwise returns a -1 value
initialize endptr (probably not needed)



Revision 18151 - Directory Listing
Modified Thu Jan 8 16:48:53 2015 UTC (6 years, 9 months ago) by msalle
Cleanup of primarily lcmaps_robot_poolaccount.c:
Syncing as much as possible between the three plugins.
Check for both requested_username and requested_uid in both localaccount and
poolaccount plugins, both in verify and run mode.
Reorder string matching to have most likely one first
Adding default, fallback lcmaps_plugin_prototypes.h for old LCMAPS
Adding many comments for clarity.
Adding copyright/license texts



Revision 18150 - Directory Listing
Modified Thu Jan 8 10:03:26 2015 UTC (6 years, 9 months ago) by tamasb
removed end of file to match target


Revision 18149 - Directory Listing
Modified Thu Jan 8 09:41:55 2015 UTC (6 years, 9 months ago) by tamasb
Completed scenario 2 with an empty soap envelope
fixed a typo bug in the test code 


Revision 18148 - Directory Listing
Modified Thu Jan 8 09:11:33 2015 UTC (6 years, 9 months ago) by tamasb
redirecting input and output buffers from the ssh command execution to prevent hanging


Revision 18147 - Directory Listing
Modified Wed Jan 7 16:52:27 2015 UTC (6 years, 9 months ago) by tamasb
added & to prevent hanging ssh


Revision 18146 - Directory Listing
Modified Tue Jan 6 17:00:25 2015 UTC (6 years, 9 months ago) by msalle
Do not try to decode quoted characters, we don't know which encoding is supposed
to be used (e.g. t61 or utf8). As long as the grid-mapfile uses the same
encoding, i.e. as obtained via openssl x509 -nameopt compat, we should be fine.


Revision 18145 - Directory Listing
Modified Tue Jan 6 14:17:46 2015 UTC (6 years, 9 months ago) by msalle
Remove further references to removed lcmaps_pemutils.?


Revision 18144 - Directory Listing
Modified Tue Jan 6 14:11:40 2015 UTC (6 years, 9 months ago) by msalle
Merge pem to x509 function into subuserdn file.


Revision 18143 - Directory Listing
Modified Wed Dec 24 17:05:32 2014 UTC (6 years, 9 months ago) by msalle
Cleanup gridmapdir code:
- protect against NULL input
- fix bug in gridmapdir_get_fullname()
- fix bug in add_mapcount_to_leasename()
- add copyright/license text
- add comments
Further fix lcmaps_gridlist.c:
- fix strcmp/fnmatch code
- protect lcmaps_gridlist input
- fix MATCH_ONLY_DN logging
Fix bugs in lcmaps_robot_poolaccount:
- replace old lcmaps_log_debug() 
- replace lcmaps_log(1, -> LOG_ERR
- Add missing get_subuser_dn()
- fix rc of lcmaps_gridmapdir() matching (needs major cleanup)


Revision 18142 - Directory Listing
Modified Wed Dec 24 14:56:16 2014 UTC (6 years, 9 months ago) by msalle
Further improve and cleanup lcmaps_gridlist.c:
- only convert \x.. sequences if the result is printable, otherwise we break
  UTF8 matching, introduce bogus \000 etc.
- improve number of log messages, incl. printing of line number if grid-mapfile
- skip and log lines without mappings (for non-MATCH_ONLY_DN)
- add protection against NULL-valued input
- only use default account when file does not exist (ENOENT)
- already remove leading whitespace and delimiters from mappings part in
  get_line(), which simplifies the rest.
- use NULL for next_buffer and next_mappings to trigger end
- add copyright/license text
- add comments for static function prototypes


Revision 18141 - Directory Listing
Modified Tue Dec 23 19:55:19 2014 UTC (6 years, 9 months ago) by msalle
First check-in of new set of robot plugins (work in progress).
These plugins trigger not on the DN of the EEC but on the DN of the first RFC
proxy delegation if:
1) the EEC is a robot proxy. This can be either due to the presence of the
correct OID (1.2.840.113612.5.2.3.3.1) or if that's absence, if its DN matches
the regexp ".*/CN=[rR]obot[^[:alnum:]]+"
2) the proxy delegation is an RFC proxy.
There will be three different plugins, the first does a simple localaccount
mapping (such as the lcmaps-plugins-basic localaccount plugin). The second can
do a poolaccount mapping, which allows mapping of each unknown robot users on a
unique poolaccount. The last one allows banning of individual (or all)
sub-user-proxy DNs. If the whole robot DN must be banned, it is probably easier
to use the standard ban_dn plugin.


Revision 18140 - Directory Listing
Modified Tue Dec 9 14:10:00 2014 UTC (6 years, 10 months ago) by msalle
Handle difference minus <> hyphen


Revision 18136 - Directory Listing
Modified Mon Dec 8 13:46:11 2014 UTC (6 years, 10 months ago) by msalle
Reorder looking for default tools and glexec, such that we can print help text
even without. Minor change of wording in man page.


Revision 18135 - Directory Listing
Modified Mon Dec 8 13:09:02 2014 UTC (6 years, 10 months ago) by msalle
Add BUGS and bootstrap also to EXTRA_DIST


Revision 18134 - Directory Listing
Modified Mon Dec 8 13:06:46 2014 UTC (6 years, 10 months ago) by msalle
Add generic BUGS file.


Revision 18133 - Directory Listing
Modified Mon Dec 8 12:56:54 2014 UTC (6 years, 10 months ago) by msalle
- Create manpage using make from template: can put in system location.
- Update manpage to include (updated) GLEXEC_LOCATION behaviour
- Use PACKAGE in manpage instead of name itself
- fail (and print error) on missing commands



Revision 18132 - Directory Listing
Modified Mon Dec 8 10:47:11 2014 UTC (6 years, 10 months ago) by msalle
Remove outdated/unneeded check for globus core, add few comments


Revision 18131 - Directory Listing
Modified Mon Dec 8 10:46:04 2014 UTC (6 years, 10 months ago) by msalle
Package BUGS file, replace minus for hyphen


Revision 18130 - Directory Listing
Modified Mon Dec 8 10:45:22 2014 UTC (6 years, 10 months ago) by msalle
Fix man page warnings and update wiki url.


Revision 18128 - Directory Listing
Modified Fri Dec 5 11:31:52 2014 UTC (6 years, 10 months ago) by msalle
Fix minute typo in option.


Revision 18124 - Directory Listing
Modified Fri Dec 5 10:06:45 2014 UTC (6 years, 10 months ago) by msalle
Update ChangeLog for release


Revision 18123 - Directory Listing
Modified Fri Dec 5 09:29:43 2014 UTC (6 years, 10 months ago) by msalle
We make the "don't a the pgid as sgid" default behaviour: only the c-pep plugin
did this hence a user cannot rely on it, since it would be site-dependent in any
case.


Revision 18122 - Directory Listing
Modified Thu Dec 4 16:05:59 2014 UTC (6 years, 10 months ago) by msalle
retry should be functional if the error is due to cURL even if we have only one
endpoint. Otherwise we won't retry in case of SSL setup failure.


Revision 18121 - Directory Listing
Modified Thu Dec 4 13:49:35 2014 UTC (6 years, 10 months ago) by msalle
Make 'not setting pGID as sGID' optional to remain backwards compatible.


Revision 18120 - Directory Listing
Modified Thu Dec 4 12:26:44 2014 UTC (6 years, 10 months ago) by msalle
Document currently undocumented (but often used) -do_not_use_secondary_gids
option. Make the accepted syntax (in the code) a bit more lenient.


Revision 18119 - Directory Listing
Modified Thu Dec 4 07:34:15 2014 UTC (6 years, 10 months ago) by msalle
Further update NEWS file, missed pGID set as sGID fix (profile adherence).


Revision 18118 - Directory Listing
Modified Wed Dec 3 17:07:03 2014 UTC (6 years, 10 months ago) by msalle
Range uses minus, not hyphen


Revision 18117 - Directory Listing
Modified Wed Dec 3 17:06:00 2014 UTC (6 years, 10 months ago) by msalle
Fix some minus <> hyphen issues.


Revision 18116 - Directory Listing
Modified Wed Dec 3 16:57:43 2014 UTC (6 years, 10 months ago) by msalle
change to pure Apache 2.0 license


Revision 18115 - Directory Listing
Modified Wed Dec 3 16:56:17 2014 UTC (6 years, 10 months ago) by msalle
Change to pure Apache 2.0 license


Revision 18114 - Directory Listing
Modified Wed Dec 3 15:42:05 2014 UTC (6 years, 10 months ago) by msalle
Minor text change in NEWS file.


Revision 18113 - Directory Listing
Modified Wed Dec 3 15:08:39 2014 UTC (6 years, 10 months ago) by msalle
Prevent double logging of the added pGID, sGID and UID.


Revision 18112 - Directory Listing
Modified Wed Dec 3 14:24:34 2014 UTC (6 years, 10 months ago) by msalle
Better use int for curr_oblig since the xacml*() functions use int.


Revision 18111 - Directory Listing
Modified Wed Dec 3 13:44:57 2014 UTC (6 years, 10 months ago) by msalle
Update NEWS file.


Revision 18110 - Directory Listing
Modified Wed Dec 3 13:42:14 2014 UTC (6 years, 10 months ago) by msalle
- Fix removal of handled obligation: easiest to use two separate counters: one
  counting from 1 till original number of obligations, only used for logging,
  other to contain current obligation: stays the same when removing an
  obligation, update for unhandled obligation.
- Fix using wrong variable for dummy loop when checking attributes: should use
  attribute counter k.
- Explicitly cast size_t to long unsigned


Revision 18109 - Directory Listing
Modified Wed Dec 3 12:54:08 2014 UTC (6 years, 10 months ago) by msalle
Fix typo URL -> URN
Add missing attributes


Revision 18108 - Directory Listing
Modified Wed Dec 3 12:53:06 2014 UTC (6 years, 10 months ago) by msalle
Remove unused macro, fix renamed macro in code.


Revision 18107 - Directory Listing
Modified Wed Dec 3 12:50:17 2014 UTC (6 years, 10 months ago) by msalle
Merge updates in authorization profile into general profile header file.


Revision 18106 - Directory Listing
Modified Wed Dec 3 12:37:00 2014 UTC (6 years, 10 months ago) by msalle
- Fix behaviour of obligation attribute multiplicities:
    - for interoperability profile, all are optional but uid, pgid and username
      can occur at most once.
    - for Argus profile, see section 3.6, user-id must appear, primary group is
      optional, but if it appears it should be in the list of group-ids.
    - We should remove the primary group from the group-id list before storing
      them as secondary gids.
    - Reset the attribute counters for each found obligation, ie. within the
      obligation for loop: we have a maximum per obligation.
    - Remove unneeded maximum secondary groups.
- Sync code between OHs
- Use size_t for counters, since they should (theoretically) be of the same type
  as the attribute index.
- Simplify/clarify a few log messages.
- strncmp -> strcmp



Revision 18105 - Directory Listing
Modified Tue Dec 2 17:08:04 2014 UTC (6 years, 10 months ago) by msalle
Log attribute adding without func name for clarity


Revision 18104 - Directory Listing
Modified Tue Dec 2 17:02:20 2014 UTC (6 years, 10 months ago) by msalle
pepc_construct_request() does not need pep_handle.



Revision 18103 - Directory Listing
Modified Tue Dec 2 16:39:19 2014 UTC (6 years, 10 months ago) by msalle
- Sending pilot proxy in environment:
    - use new attributeID
      http://authz-interop.org/xacml/environment/pilot-job/cert-chain
    - Optional and depending on setup: only when implicit, X509_USER_PROXY and
      new setting --send-pilot-cert-chain is specified.
- Don't rely on PIP but split profiles by hand: probably better performant and
  only one subject attribute by default.
  Can either use one of the two profiles or both (useful in combi with e.g. EES)
- strncasecmp -> strcasecmp
- don't introspect unused "user_dn"
- fix bug in upgrade/downgrade effective uid: in case file was unreadable we
  might stay downgraded. Cleanup code flow and handle failure.
- check for error conditions during reading of proxy and simplify code flow.
- log which attributes are added.
- log status message in case of errors. This can contain very useful
  information.
- fix log messages missing newlines.
- Update NEWS file
- Update manpage to reflect recent changes:
    - Name space section
    - reorder option alphabetically
    - reformat properly
    - replace minus <> hyphen
    - number of cross-references to different options.
    - new and missing options --send-pilot-cert-chain,
      --override-unhandled-obligations-check
    - actionid and resourceid are namespaced using oasis, not authz-interop.
    - new extra option "both" for --profile
    - reference to OGF doc GWD-CP.205
    - split environment attributes between profiles
    - discuss all currently supported obligations, including new account
      obligation.
    - update multiplicities
    - Update BUGS and AUTHORS texts.


Revision 18102 - Directory Listing
Modified Mon Dec 1 17:15:51 2014 UTC (6 years, 10 months ago) by tamasb
empty string check


Revision 18101 - Directory Listing
Modified Mon Dec 1 16:57:11 2014 UTC (6 years, 10 months ago) by tamasb
replace 'service' with '/usr/sbin/service' because remote ssh call to it does not work otherwise (probably incomplete path)


Revision 18100 - Directory Listing
Modified Mon Dec 1 16:03:44 2014 UTC (6 years, 10 months ago) by tamasb
syntax error


Revision 18099 - Directory Listing
Modified Mon Dec 1 16:01:40 2014 UTC (6 years, 10 months ago) by tamasb
adding empty test case



Revision 18098 - Directory Listing
Modified Mon Dec 1 15:23:25 2014 UTC (6 years, 10 months ago) by tamasb
added executable flag


Revision 18097 - Directory Listing
Modified Mon Dec 1 14:56:53 2014 UTC (6 years, 10 months ago) by tamasb
remote test for distributed setup (forked from the passtest)


Revision 18096 - Directory Listing
Modified Mon Dec 1 13:41:43 2014 UTC (6 years, 10 months ago) by tamasb
debug


Revision 18095 - Directory Listing
Modified Mon Dec 1 12:52:18 2014 UTC (6 years, 10 months ago) by tamasb
synax error correction


Revision 18094 - Directory Listing
Modified Mon Dec 1 12:03:01 2014 UTC (6 years, 10 months ago) by tamasb
Adding local test case using a dummy curl



Revision 18093 - Directory Listing
Modified Fri Nov 28 14:06:31 2014 UTC (6 years, 10 months ago) by tamasb
stderr redirect


Revision 18092 - Directory Listing
Modified Fri Nov 28 13:53:46 2014 UTC (6 years, 10 months ago) by tamasb
tunning 


Revision 18091 - Directory Listing
Modified Fri Nov 28 13:50:33 2014 UTC (6 years, 10 months ago) by msalle
Change LICENSE into standard APL-2.0 (as it should have been)


Revision 18090 - Directory Listing
Modified Fri Nov 28 12:54:01 2014 UTC (6 years, 10 months ago) by tamasb
random certificate serial number


Revision 18088 - Directory Listing
Modified Fri Nov 28 12:30:07 2014 UTC (6 years, 10 months ago) by tamasb
adds argus machine fingerprint to known_hosts


Revision 18087 - Directory Listing
Modified Fri Nov 28 12:03:35 2014 UTC (6 years, 10 months ago) by tamasb
add executable permission


Revision 18086 - Directory Listing
Modified Fri Nov 28 11:53:46 2014 UTC (6 years, 10 months ago) by tamasb
permission and sshkey changes


Revision 18084 - Directory Listing
Modified Fri Nov 28 11:32:13 2014 UTC (6 years, 10 months ago) by tamasb
pimpd' creation script
initial argus config scripts



Revision 18082 - Directory Listing
Modified Fri Nov 28 09:18:45 2014 UTC (6 years, 10 months ago) by msalle
Update ChangeLog for release 0.5.4


Revision 18080 - Directory Listing
Modified Fri Nov 28 08:44:26 2014 UTC (6 years, 10 months ago) by msalle
No known BUGS in latest version, fixed BUGS are in NEWS file.


Revision 18079 - Directory Listing
Modified Fri Nov 28 08:42:39 2014 UTC (6 years, 10 months ago) by msalle
LICENSE files should not contain EMI, not EMI products.


Revision 18078 - Directory Listing
Modified Fri Nov 28 08:40:34 2014 UTC (6 years, 10 months ago) by msalle
LICENSE file incorrectly contained a EMI copyright statement, it's not an EMI
product.


Revision 18077 - Directory Listing
Modified Fri Nov 28 08:39:46 2014 UTC (6 years, 10 months ago) by msalle
LICENSE file incorrectly contained copyright to EMI. SCAS-client is not an EMI
product.


Revision 18076 - Directory Listing
Modified Fri Nov 28 08:34:08 2014 UTC (6 years, 10 months ago) by msalle
Minor clarification and typo fix in NEWS file and BUGS.


Revision 18075 - Directory Listing
Modified Fri Nov 28 08:22:14 2014 UTC (6 years, 10 months ago) by msalle
Explicitly cast size_t to long unsigned in printf.


Revision 18074 - Directory Listing
Modified Thu Nov 27 18:30:02 2014 UTC (6 years, 10 months ago) by tamasb
quote correction



Revision 18073 - Directory Listing
Modified Thu Nov 27 18:11:58 2014 UTC (6 years, 10 months ago) by tamasb
- uptadet JCLOUDS_IPS parsing
- updated sed statements (whitespace safe)



Revision 18072 - Directory Listing
Modified Thu Nov 27 18:09:48 2014 UTC (6 years, 10 months ago) by msalle
Update NEWS file for new cert-chain support


Revision 18071 - Directory Listing
Modified Thu Nov 27 18:08:19 2014 UTC (6 years, 10 months ago) by msalle
Syncing interface with SCAS. No actual functional change in client.


Revision 18070 - Directory Listing
Modified Thu Nov 27 17:57:15 2014 UTC (6 years, 10 months ago) by msalle
Always log on LOG_DEBUG what we are going to do with cert-chain and handle
invalid and unset values.


Revision 18069 - Directory Listing
Modified Thu Nov 27 17:43:47 2014 UTC (6 years, 10 months ago) by msalle
Missed update to set SCAS_CONFIG_FILE in configure script


Revision 18068 - Directory Listing
Modified Thu Nov 27 17:27:27 2014 UTC (6 years, 10 months ago) by msalle
Need to fix interface change for execLCMAPS().


Revision 18067 - Directory Listing
Modified Thu Nov 27 17:24:19 2014 UTC (6 years, 10 months ago) by msalle
Add (optional) support for using the cert-chain subject attribute as input for
LCMAPS. This allows using PEM/cert-chain based LCMAPS plugins such as
verify-proxy and also c-pep to be called from within SCAS. For performance
reasons we don't make this the default (yet...?).
It can be enabled from the cmdline using --use-cert-chain, or by setting in the
config scas_use_cert_chain to yes or true.
Update man pages for the new options.


Revision 18066 - Directory Listing
Modified Thu Nov 27 16:48:44 2014 UTC (6 years, 10 months ago) by tamasb
added debug flag



Revision 18065 - Directory Listing
Modified Thu Nov 27 16:40:55 2014 UTC (6 years, 10 months ago) by tamasb
get-argus-denylist test package
 - adding certificate creation test



Revision 18064 - Directory Listing
Modified Mon Nov 24 13:43:34 2014 UTC (6 years, 10 months ago) by msalle
Update script:
- only check GLEXEC_LOCATION and system default and give useful feedback.
- correctly handle errors from glexec when making targetdir fails.


Revision 18063 - Directory Listing
Modified Mon Nov 24 13:42:11 2014 UTC (6 years, 10 months ago) by msalle
Fix hyphens in man pages


Revision 18062 - Directory Listing
Modified Mon Nov 24 13:41:58 2014 UTC (6 years, 10 months ago) by msalle
Fix hyphens in man page


Revision 18061 - Directory Listing
Modified Mon Nov 24 13:10:39 2014 UTC (6 years, 10 months ago) by msalle
Change default to SCAS setting up the listening socket, it seems to perform
slightly better.


Revision 18060 - Directory Listing
Modified Mon Nov 24 11:35:29 2014 UTC (6 years, 10 months ago) by msalle
Use EES_CONFIG_FILE instead of sysconfigdir/ees.conf


Revision 18059 - Directory Listing
Modified Mon Nov 24 11:13:47 2014 UTC (6 years, 10 months ago) by msalle
Use freopen instead of dup2/open/close for attaching std*


Revision 18058 - Directory Listing
Modified Mon Nov 24 10:20:18 2014 UTC (6 years, 10 months ago) by msalle
Remove unused variable


Revision 18057 - Directory Listing
Modified Mon Nov 24 10:08:34 2014 UTC (6 years, 10 months ago) by msalle
Replace all _log_debug functions by _log(LOG_DEBUG


Revision 18056 - Directory Listing
Modified Mon Nov 24 10:06:49 2014 UTC (6 years, 10 months ago) by msalle
Missed one file...


Revision 18055 - Directory Listing
Modified Mon Nov 24 10:04:17 2014 UTC (6 years, 10 months ago) by msalle
- Bugfix: non-readable key/cert returns rc == 0, resulting in an endless loop
- Replace all _log_debug for log(LOG_DEBUG
- Use default scas.conf when none is specified
- sync and update scas init script with ees script. Add support for
  (force-)reload
- sync with scas-client.
- remove some dead code



Revision 18054 - Directory Listing
Modified Fri Nov 21 13:11:49 2014 UTC (6 years, 10 months ago) by msalle
Sync with lcmaps-plugins-scas-client implementing profile extensions.


Revision 18053 - Directory Listing
Modified Mon Nov 17 16:26:38 2014 UTC (6 years, 10 months ago) by msalle
Cannot initialize struct with &fake_voms in C89. Can easily circumvent...


Revision 18052 - Directory Listing
Modified Mon Nov 17 15:58:47 2014 UTC (6 years, 10 months ago) by msalle
Rename lcmaps_is_set_to_verify_voms_attributes symbol into
lcmapsIsSetToVerifyVomsAttributes to prevent clash with (shadowing of) symbol
defined in lcmaps_basic.h


Revision 18051 - Directory Listing
Modified Mon Nov 17 14:54:21 2014 UTC (6 years, 10 months ago) by msalle
- pass all XACML AuthZ Interop profile: also ca_serial_number, ca_policy_oid,
  and cert_chain when available (see next point). All non-VOMS fields are put in
  a new struct which is passed to the pep_construct_request_subject(). The
  pep_construct_request_subject now only gets a few parameters.
- pep_construct_request_subject() logs all the attributes (on LOG_DEBUG).
- New 'none issuer' element (http://authz-interop.org/xacml/issuer/none) used
  when the issuer of an attribute is known to be unknown.
- Remove http://authz-interop.org/xacml/subject/voms-client-side-verify
  attribute which is not being used.
- Remove check on obligation without attributes, we won't fail on that.
- cert_chain is sent, but only when new cmdline option
  --send-cert-chain-attribute is set
  New static function stack_of_x509_to_pem plus static variable
  use_cert_chain_attribute 
- issuer element of subject attributes is set. For VOMS attribs this is done in
  the following way:
  * when lcmaps is set to NOT verify VOMS, issuer is set to the issuer/none
    value
  * when lcmaps is set to verify VOMS and we are using a proxy as input, issuer
    is set to VOMS issuer
  * otherwise issuer is left unset
  For non-VOMS attribs it is done using new cmdline options:
  * --proxy-is-unverified, issuer is set to the issuer/none value
  * --proxy-has-been-verified, issuer is set to the appropriate issuer
  * otherwise (no cmdline option) issuer is left unset
  new static variable cert_client_side_verified to keep track.

Bug fixes:
- long serial numbers would have failed, since they were converted to int.

Improvements:
- some code-reuse between ssl-common.c and lcmaps_scas_client.c:
  * grid_asn1TimeToTimeT() and lcmaps_scas_client_asn1TimeToTimeT() becomes
    public xacml_io_asn1TimeToTimeT() in ssl-common.[ch]
  * my_timegm() merged into grid_asn1TimeToTimeT/xacml_io_asn1TimeToTimeT
  * grid_get_serialStr() is replaced by (inlined) function using
    ASN1_INTEGER_to_BN() and BN_bn2hex()
- replace lcmaps_log_debug([0-9] with lcmaps_log(LOG_DEBUG
- replace strncasecmp() with strcasecmp, since we want to match the whole
  option.
- cleanup list of introspected args.



Revision 18050 - Directory Listing
Modified Fri Oct 31 12:57:58 2014 UTC (6 years, 11 months ago) by msalle
Add support for passing whether voms verification is done by the client or not.
For this we introduce a new boolean subject attribute:
    http://authz-interop.org/xacml/subject/voms-client-side-verify
The value is determined as follows:
- pem-string input:
    - can we do a dlsym lookup and do we have
      lcmaps_is_set_to_verify_voms_attributes? Set the attr with the result.
    - otherwise: don't set the attribute
- DN+FQANs:
    - set attrib with value false



Revision 18049 - Directory Listing
Modified Thu Oct 30 09:50:41 2014 UTC (6 years, 11 months ago) by msalle
Lower level of few error messages from LOG_ERR to LOG_WARNING.


Revision 18048 - Directory Listing
Modified Thu Oct 30 09:41:19 2014 UTC (6 years, 11 months ago) by msalle
- OH should fail on a non-matching fulfill-on since it will be unfulfilled.
- add functions to get string from fulfillon and decision.
- also log decision in case failure due to OHs failing.



Revision 18047 - Directory Listing
Modified Wed Oct 29 16:24:05 2014 UTC (6 years, 11 months ago) by msalle
Initialize time str in case it will not be determined.


Revision 18046 - Directory Listing
Modified Wed Oct 29 16:04:16 2014 UTC (6 years, 11 months ago) by msalle
Syncing SCAS with new profile functionality


Revision 18045 - Directory Listing
Modified Wed Oct 29 16:02:21 2014 UTC (6 years, 11 months ago) by msalle
Make sure OH only runs on a fulfillon permit


Revision 18044 - Directory Listing
Modified Wed Oct 29 15:00:09 2014 UTC (6 years, 11 months ago) by msalle
Update NEWS file for new OH


Revision 18043 - Directory Listing
Modified Wed Oct 29 14:57:20 2014 UTC (6 years, 11 months ago) by msalle
Update NEWS file for latest bug-fixes


Revision 18042 - Directory Listing
Modified Wed Oct 29 14:04:11 2014 UTC (6 years, 11 months ago) by msalle
Only run obligation handlers if the decision matches the fulfill_on field of the
obligation. They are different enums, since fulfill_on can only be permit or
deny.
This should probably already have been handled in the XACML library but isn't.


Revision 18041 - Directory Listing
Modified Wed Oct 29 12:16:52 2014 UTC (6 years, 11 months ago) by msalle
- Add extra input checking:
    * check that obligations have at least one attribute. Since we also check
      that all attributes are understood, this means that we effectively test
      that we have at least one understood attribute.
    * check values are non-zero (otherwise strtol blows up).
    * check that strtol converted the entire value.
    * do not print potentially NULL datatypes
- Fix copy/paste typo for
  XACML_ATTR_PROFILE_NS_URL_OBLIGATION_ATTRIBUTES_PRIMARY_GROUPNAME attribute:
  should check primary_groupname_attribs.


Revision 18040 - Directory Listing
Modified Wed Oct 29 12:00:47 2014 UTC (6 years, 11 months ago) by msalle
- reorder OHs for clarity.
- check that values used for uid/gid are positive


Revision 18039 - Directory Listing
Modified Tue Oct 28 17:05:21 2014 UTC (6 years, 11 months ago) by msalle
Fix typo: URN->URL


Revision 18038 - Directory Listing
Modified Tue Oct 28 16:53:55 2014 UTC (6 years, 11 months ago) by msalle
Add missing init/destroy functions.


Revision 18037 - Directory Listing
Modified Tue Oct 28 16:50:39 2014 UTC (6 years, 11 months ago) by msalle
Add support for new /account obligation, which is almost identical to the gLite
XACML WN http://glite.org/xacml/obligation/local-environment-map/posix
Replace lcmaps_log_debug() with lcmaps_log(LOG_DEBUG,


Revision 18036 - Directory Listing
Modified Tue Oct 28 16:22:48 2014 UTC (6 years, 11 months ago) by msalle
Cleanup some code, remove dead code, add comments to some functions, clarify log
messages.


Revision 18035 - Directory Listing
Modified Tue Oct 28 15:34:32 2014 UTC (6 years, 11 months ago) by msalle
Update log messages in case of unknown obligations or attributes.


Revision 18034 - Directory Listing
Modified Tue Oct 28 14:29:36 2014 UTC (6 years, 11 months ago) by msalle
Add better and consistent checking for the obligations in the result:
- we store the UID(s), pGID(s) and sGID(s) first ourselves, and test
  the consistency before storing into LCMAPS: if we have >1 UID, this must be
  all the same, if we have >1 pGID, they must all be the same.
  For this we introduce new API
  pep-c-obligation-handlers.h:
    int parse_and_store_creddata(void);
  pep-c-obligation-handlers_helpers.h:
    int addUid(uid_t uid);
    int addPGid(gid_t pgid);
    int addSGid(gid_t sgid[], size_t count);
    
    int get_uid_list(uid_t *uids[], size_t *count);
    int get_pgid_list(gid_t *pgids[], size_t *count);
    int get_sgid_list(gid_t *sgids[], size_t *count);

    void clean_uidgid_lists(void);
- Let pepc_engage return a int: -1 or 0, since not all errors (e.g. and
  indeterminate) can be expressed in a pep_error_t.
- Rework the parsing of the pep_authorize() result and the algorithm to
  determine whether we should retry.
- Check for the different obligations if they have at least one attribute.
- Check for missing or broken attribute values: this lead to a number of SEGV
  situations, since strtol and getpwnam_r do not like NULL pointers.
- Move addCredentialDataFromUsername() function inline in the calling function.
- Remove some dead code such as pepc_get_output() and get_gidlist()



Revision 18033 - Directory Listing
Modified Tue Oct 28 10:37:12 2014 UTC (6 years, 11 months ago) by msalle
Fix broken reload function in ees init script: signal must be last argument, not
first (it's not an option).


Revision 18032 - Directory Listing
Modified Fri Oct 24 14:11:43 2014 UTC (6 years, 11 months ago) by msalle
- Add support for new XACML interoperability profile obligation
    http://authz-interop.org/xacml/obligation/account
  with attributes
    http://authz-interop.org/xacml/attribute/username
    http://authz-interop.org/xacml/attribute/primary-groupname
    http://authz-interop.org/xacml/attribute/secondary-groupname
  New public API calls:
    Account_handler()
    getOHAccountFired()

- reorganise the storing of the credentials into the LCMAPS framework: first
  check the consistency before actually storing them into the LCMAPS framework.
  For this we keep our own lists of credentials in pep_obligation_handlers.c
  with new public API calls
    get_uid_list()
    get_pgid_list()
    get_sgid_list()
    clean_uidgid_lists() 
  The actual parsing and storing is done in the new private function
  parse_and_store_creddata() in pep_obligation_handlers.c

- Properly handle combinations of obligations:
  * when multiple obligations set a uid, they all MUST match.
  * when multiple obligations set a pgid, they all MUST match, except in the
    case that BOTH the username and uidgid obligations are provided but NOT
    the new account obligation. In that latter case, the first set pgid is
    used, which is necessary for certain GUMS servers.

- Handle setting of too many attributes for a given obligation:
  * For uidgid obligation: fail when multiple posix-uid or multiple posix-gid
    attributes are given
  * For username obligation: fail when multiple username attributes are given
  * For account obligation: fail when multiple username or multiple
    primary-groupname attributes are given



Revision 18031 - Directory Listing
Modified Wed Oct 22 10:22:05 2014 UTC (6 years, 11 months ago) by msalle
Fix non-interactive mode: it was missing many (most) of the exports.


Revision 18028 - Directory Listing
Modified Thu Oct 9 14:32:51 2014 UTC (7 years ago) by tamasb
updated version of get-argus-denylist
- support for options (help,key,cert,proxy,output,rawfile,verbose)
- added trap for cleanup management
- validations of preconditions (existing certificate files)
- refined temp file management
- bugfix: xml_grep exits with exit code 0 on error (fixed with an additional check)



Revision 18018 - Directory Listing
Modified Mon Sep 29 15:06:47 2014 UTC (7 years ago) by msalle
Update/fix globus dependencies.


Revision 18017 - Directory Listing
Modified Mon Sep 29 14:46:37 2014 UTC (7 years ago) by msalle
Sync code with lcmaps-plugins-scas-client:
We cannot use the built-in OpenSSL verification, since it cannot handle using
CRLs only when they are available, hence we will only use our own callback.
We effectively revert to pre-0.5.0 and remove also the DISABLE_PROXY_SUPPORT
#ifndefs, as they are misleading and should not be set.


Revision 18014 - Directory Listing
Modified Tue Sep 23 10:24:42 2014 UTC (7 years ago) by tamasb
updated changelog after final rename


Revision 18013 - Directory Listing
Modified Tue Sep 23 10:21:45 2014 UTC (7 years ago) by tamasb
rephrased a line


Revision 18012 - Directory Listing
Modified Tue Sep 23 10:02:15 2014 UTC (7 years ago) by tamasb
final namechange 


Revision 18011 - Directory Listing
Modified Tue Sep 23 09:58:54 2014 UTC (7 years ago) by tamasb
final name change


Revision 18008 - Directory Listing
Modified Mon Sep 22 10:54:58 2014 UTC (7 years ago) by dennisvd
Reformatted the README: typos, line length and minor rephrasing; corrected the copyright holder in the bootstrap script and the man page.


Revision 18006 - Directory Listing
Modified Fri Sep 19 15:31:25 2014 UTC (7 years ago) by tamasb
changelog update after rename


Revision 18005 - Directory Listing
Modified Fri Sep 19 15:27:44 2014 UTC (7 years ago) by tamasb
renamed 'policy-to-banmapfile' to 'fetch-pap-banlist' 


Revision 18004 - Directory Listing
Modified Fri Sep 19 15:23:52 2014 UTC (7 years ago) by tamasb
renamed 'policy-to-banmapfile' to 'fetch-pap-banlist'


Revision 18002 - Directory Listing
Modified Fri Sep 19 14:38:26 2014 UTC (7 years ago) by msalle
We cannot use the built-in OpenSSL verification, since it cannot handle using
CRLs only when they are available, hence we will only use our own callback.
We effectively revert to pre-0.5.0 and remove also the DISABLE_PROXY_SUPPORT
#ifndefs, as they are misleading and should not be set.



Revision 18001 - Directory Listing
Modified Fri Sep 19 14:05:34 2014 UTC (7 years ago) by msalle
Need to make the free in case of failure also dependent on DN/FQAN or PEM input.


Revision 18000 - Directory Listing
Modified Fri Sep 19 14:03:56 2014 UTC (7 years ago) by tamasb
updated changelog 


Revision 17999 - Directory Listing
Modified Fri Sep 19 13:58:25 2014 UTC (7 years ago) by tamasb
example of usage script 


Revision 17998 - Directory Listing
Modified Fri Sep 19 13:57:39 2014 UTC (7 years ago) by tamasb
added copyright notice


Revision 17997 - Directory Listing
Modified Fri Sep 19 13:54:07 2014 UTC (7 years ago) by tamasb
reformulated some documentation


Revision 17994 - Directory Listing
Modified Thu Sep 18 13:58:05 2014 UTC (7 years ago) by tamasb
renamed files: substituted '_' separator with '-'
updated references in configure.ac and Makefile.am
minor modifications on documentation


Revision 17993 - Directory Listing
Modified Thu Sep 18 13:52:55 2014 UTC (7 years ago) by tamasb
Renamed to top directory, changing the '_' separator to '-'


Revision 17989 - Directory Listing
Modified Wed Sep 17 14:20:14 2014 UTC (7 years, 1 month ago) by tamasb
first ChangeLog 


Revision 17988 - Directory Listing
Modified Wed Sep 17 14:13:52 2014 UTC (7 years, 1 month ago) by tamasb
added autoconf makeup 
completed with README and manpage


Revision 17987 - Directory Listing
Modified Wed Sep 17 13:05:17 2014 UTC (7 years, 1 month ago) by msalle
Add new option --use-dn-and-fqans to use only the DN and FQANs as present in the
input credentials to put in the XACML request. Normally the SCAS client add all
the information from the certificate chain as put in by LCMAPS via the PEM
interface. For the LCMAPS-without-GSI interfaces, we only have a DN and FQANs.
Update manpage and NEWS file accordingly.


Revision 17985 - Directory Listing
Modified Wed Sep 10 13:46:37 2014 UTC (7 years, 1 month ago) by msalle
Adding demonstrator policy_to_banmapfile.sh script, see
https://wiki.nikhef.nl/grid/Argus_Global_Banning_Setup_Overview



Revision 17977 - Directory Listing
Modified Fri Aug 22 10:25:36 2014 UTC (7 years, 1 month ago) by msalle
Update ChangeLog for release 0.2.1


Revision 17976 - Directory Listing
Modified Fri Aug 22 10:12:04 2014 UTC (7 years, 1 month ago) by msalle
Fix deprecated token


Revision 17975 - Directory Listing
Modified Fri Aug 22 10:02:18 2014 UTC (7 years, 1 month ago) by msalle
Remove autoconf hints, editors pick it up in any case


Revision 17974 - Directory Listing
Modified Fri Aug 22 09:53:53 2014 UTC (7 years, 1 month ago) by msalle
Enable future-default subdir-objects.


Revision 17973 - Directory Listing
Modified Fri Aug 22 08:46:35 2014 UTC (7 years, 1 month ago) by msalle
Update NEWS file


Revision 17972 - Directory Listing
Modified Fri Aug 22 08:45:33 2014 UTC (7 years, 1 month ago) by msalle
Install eics/eics_common.h


Revision 17971 - Directory Listing
Modified Fri Aug 22 08:38:33 2014 UTC (7 years, 1 month ago) by msalle
Update version


Revision 17970 - Directory Listing
Modified Fri Aug 22 08:37:48 2014 UTC (7 years, 1 month ago) by msalle
Update NEWS file
Don't log stderr from mkdir and chown


Revision 17969 - Directory Listing
Modified Thu Aug 21 20:10:02 2014 UTC (7 years, 1 month ago) by msalle
- Install ees_example_plugin.mod
- Fix init script according to debian lintian:
    * add Default-Start
    * add local_fs to required start and stop (/var)
    * create pidfile and logfile dirs in init script instead of in packaging
      (/var might be created at boot time)
    * add force-reload, identical to reload
- Fix few remaining minusses in the manpages


Revision 17963 - Directory Listing
Modified Thu Aug 21 14:26:08 2014 UTC (7 years, 1 month ago) by msalle
Update ChangeLog for release


Revision 17955 - Directory Listing
Modified Thu Aug 21 11:23:38 2014 UTC (7 years, 1 month ago) by msalle
Update ChangeLog for release



Revision 17954 - Directory Listing
Modified Thu Aug 21 11:01:29 2014 UTC (7 years, 1 month ago) by msalle
Don't build examples/ files, thus removing dependency on gssapi.
Updating copyright statement in source files.



Revision 17953 - Directory Listing
Modified Thu Aug 21 09:59:58 2014 UTC (7 years, 1 month ago) by msalle
Add two debug log messages about found obligation and attributes. Also add some
comments about the magic.


Revision 17952 - Directory Listing
Modified Tue Aug 12 12:30:46 2014 UTC (7 years, 2 months ago) by msalle
Second step renaming m4 in project


Revision 17951 - Directory Listing
Modified Tue Aug 12 12:30:20 2014 UTC (7 years, 2 months ago) by msalle
Update AUTHORS
First step in renaming ees-pepd-oh/m4 into ees-pepd-oh/project


Revision 17950 - Directory Listing
Modified Tue Aug 12 12:24:36 2014 UTC (7 years, 2 months ago) by msalle
Fix LICENSE and Copyright texts.


Revision 17949 - Directory Listing
Modified Mon Aug 11 16:24:35 2014 UTC (7 years, 2 months ago) by msalle
Add Copyright and LICENSE texts to EES files.



Revision 17948 - Directory Listing
Modified Thu Aug 7 16:31:05 2014 UTC (7 years, 2 months ago) by dennisvd
Replaced license text with the Apache License 2.0


Revision 17947 - Directory Listing
Modified Thu Aug 7 08:16:04 2014 UTC (7 years, 2 months ago) by msalle
Bugfix: when the EES does not handle an obligation, it will come back, so all
old obligations need to be removed from the PDP-result, and replaced with those
from the EES-result.
Bumping version to 0.1.5


Revision 17946 - Directory Listing
Modified Wed Aug 6 08:37:34 2014 UTC (7 years, 2 months ago) by msalle
No longer need `found' variable.
Log (debug) for which obligation we are looking for attributes.
Move rewinding of context to place where we are using it.



Revision 17945 - Directory Listing
Modified Wed Aug 6 08:18:34 2014 UTC (7 years, 2 months ago) by msalle
We should not fail if there isn't a embedded attribute: we can have
attribute-less obligations.


Revision 17944 - Directory Listing
Modified Mon Aug 4 19:01:25 2014 UTC (7 years, 2 months ago) by msalle
Need to rewind the context for *every* found obligation, not only at the start.


Revision 17943 - Directory Listing
Modified Fri Aug 1 12:01:24 2014 UTC (7 years, 2 months ago) by msalle
Sync interface between scas and scas-client


Revision 17942 - Directory Listing
Modified Fri Aug 1 11:17:49 2014 UTC (7 years, 2 months ago) by msalle
Add the environment attributes for each understood obligation handler. For XACML
lib 1.5.0 and higher, this is no longer done by the XACML lib, but should be
done by us. We therefore also add the necessary environment attribute to the
profile header file.
We now add the handler and obligationID via a static function, for simplicity.


Revision 17941 - Directory Listing
Modified Fri Aug 1 11:13:35 2014 UTC (7 years, 2 months ago) by msalle
Remove reference to specific profile: the xacml library itself should be
profile-agnostic. The only (real) use was for setting the list of understood
obligations. This should be done by the client, e.g. using the
xacml_request_add_environment_attribute() function.
We bump the version to 1.5.0 and update the NEWS file.


Revision 17940 - Directory Listing
Modified Tue Jul 22 09:26:30 2014 UTC (7 years, 2 months ago) by msalle
Rename send and accept into send_timeout and acpt_timeout (also for receive ->
rcve_timeout) to prevent shadowing global declaration in
/usr/include/sys/socket.h on e.g. Mac


Revision 17939 - Directory Listing
Modified Sun Jul 20 20:23:17 2014 UTC (7 years, 2 months ago) by msalle
Further fix test, old openssl rand only had -base64


Revision 17938 - Directory Listing
Modified Sun Jul 20 15:39:22 2014 UTC (7 years, 2 months ago) by msalle
Define also _XOPEN_SOURCE for gmtime_r even though we already will define
_GNU_SOURCE, this makes Solaris happier


Revision 17937 - Directory Listing
Modified Sun Jul 20 15:05:20 2014 UTC (7 years, 2 months ago) by msalle
Remove unused debugmode and common.h


Revision 17936 - Directory Listing
Modified Sun Jul 20 14:55:16 2014 UTC (7 years, 2 months ago) by msalle
Log the request ID alongside the response ID and do basic check that the
InResponseTo actually matched the request.


Revision 17935 - Directory Listing
Modified Sun Jul 20 14:44:49 2014 UTC (7 years, 2 months ago) by msalle
Log the request ID along with the response ID in the 'response constructed' log
message.


Revision 17934 - Directory Listing
Modified Sun Jul 20 14:43:32 2014 UTC (7 years, 2 months ago) by msalle
Log the request ID alongside the response ID in the EES logs.
Log the ID and issuer in the test script, and create a (different type of)
'uniq' ID using OpenSSL which is hopefully more portable.


Revision 17933 - Directory Listing
Modified Sun Jul 20 14:42:13 2014 UTC (7 years, 2 months ago) by msalle
Add API to also set the InResponseTo field into the response struct, such that
we can log it in the client.
Update the NEWS file.


Revision 17932 - Directory Listing
Modified Fri Jul 18 15:40:43 2014 UTC (7 years, 3 months ago) by msalle
Fixing messed up code


Revision 17931 - Directory Listing
Modified Fri Jul 18 15:33:34 2014 UTC (7 years, 3 months ago) by msalle
Don't retrieve the id, it's done later.


Revision 17930 - Directory Listing
Modified Fri Jul 18 14:32:06 2014 UTC (7 years, 3 months ago) by msalle
Need to adjust the way we handle gSOAP > 2.8.15 (Fedora20 etc.) Prefixing the
ID, Version and IssueInstant will result in different fields in
XACMLsamlp:XACMLAuthzDecisionQuery, namely samlp:ID="..." instead of ID="...".
That would result in a mismatch between old clients and new servers and
vice-versa. We now fix the gsoap file itself.


Revision 17929 - Directory Listing
Modified Fri Jul 18 11:52:12 2014 UTC (7 years, 3 months ago) by msalle
Move initialization of ID from xacml_request_init() to xacml_request_set_id()
and likewise for response. xacml_{request,response}_set_id now returns the
actual value (or NULL on error) and initializes if the passed-in id is NULL.
This way we can have the IDs initialized at the right time both for server and
client. prepare_response and xacml_query_file now use the already set value
or call xacml_response_set_id() to create a new one.
We update the library version to reflect that we have added API.



Revision 17928 - Directory Listing
Modified Fri Jul 18 11:33:51 2014 UTC (7 years, 3 months ago) by msalle
Update to set response ID and issuer just before we construct the actual
response


Revision 17927 - Directory Listing
Modified Fri Jul 18 11:33:01 2014 UTC (7 years, 3 months ago) by msalle
Update to set response ID at the right place


Revision 17926 - Directory Listing
Modified Fri Jul 18 11:18:16 2014 UTC (7 years, 3 months ago) by msalle
Update xacmlqueryscas() to use the (now correct) xacml-1.4.3 api when available:
- add basic input checking to protect against NULL
- set (and get) request-ID
- get subject, which is used as issuer
- log outgoing request before calling xacml_query_file


Revision 17925 - Directory Listing
Modified Thu Jul 17 17:52:23 2014 UTC (7 years, 3 months ago) by msalle
Cannot print request issuer/time before calling xacml_query_file()


Revision 17924 - Directory Listing
Modified Thu Jul 17 17:45:34 2014 UTC (7 years, 3 months ago) by msalle
Fix typo


Revision 17923 - Directory Listing
Modified Thu Jul 17 17:44:04 2014 UTC (7 years, 3 months ago) by msalle
Don't log response if it hasn't come from the remote site.


Revision 17922 - Directory Listing
Modified Thu Jul 17 16:03:49 2014 UTC (7 years, 3 months ago) by msalle
Need to initialize issue_time_str.


Revision 17921 - Directory Listing
Modified Thu Jul 17 15:28:28 2014 UTC (7 years, 3 months ago) by msalle
Need to include config.h 


Revision 17920 - Directory Listing
Modified Thu Jul 17 15:27:05 2014 UTC (7 years, 3 months ago) by msalle
Too much copy&paste from EES, fix EEF_log -> scas_log


Revision 17919 - Directory Listing
Modified Thu Jul 17 15:18:02 2014 UTC (7 years, 3 months ago) by msalle
Name of IssueInstant and ID has changed.


Revision 17918 - Directory Listing
Modified Thu Jul 17 15:06:31 2014 UTC (7 years, 3 months ago) by msalle
Fix typo


Revision 17917 - Directory Listing
Modified Thu Jul 17 14:52:38 2014 UTC (7 years, 3 months ago) by msalle
Update NEWS file


Revision 17916 - Directory Listing
Modified Thu Jul 17 14:51:35 2014 UTC (7 years, 3 months ago) by msalle
Provide ID/issuer/instant logging also in SCAS.
Minor changes in EES to prevent unnecessary code in case we don't have new API.


Revision 17915 - Directory Listing
Modified Thu Jul 17 14:27:44 2014 UTC (7 years, 3 months ago) by msalle
Update NEWS file


Revision 17914 - Directory Listing
Modified Thu Jul 17 14:00:48 2014 UTC (7 years, 3 months ago) by msalle
issuer and id should be declared const char *


Revision 17913 - Directory Listing
Modified Thu Jul 17 13:52:23 2014 UTC (7 years, 3 months ago) by msalle
Fix sign-comparison warning 


Revision 17912 - Directory Listing
Modified Thu Jul 17 13:27:15 2014 UTC (7 years, 3 months ago) by msalle
Fix small leftover bugs


Revision 17910 - Directory Listing
Modified Thu Jul 17 12:45:14 2014 UTC (7 years, 3 months ago) by msalle
Add correct macros to test for the new API 


Revision 17909 - Directory Listing
Modified Thu Jul 17 12:44:36 2014 UTC (7 years, 3 months ago) by msalle
Since notBefore/notAfter are now always non-NULL, also check their length.


Revision 17908 - Directory Listing
Modified Thu Jul 17 12:42:53 2014 UTC (7 years, 3 months ago) by msalle
Use new XACML API (when available) to log the ID, Issuer and IssueInstant of the
request/response.
Simplify conversion from time_t to char *. No need to malloc/free.


Revision 17907 - Directory Listing
Modified Thu Jul 17 12:23:18 2014 UTC (7 years, 3 months ago) by msalle
Implement API to set/get the Issuer, IssueInstant and ID from the SOAP and XACML
requests and responses. Some where already there, but only the issuer for the
response worked. We now also already initialize the ID fields in both the
request and response to a valid ID, such that the XACML server can actually
obtain its own ID. For the client this wasn't necessary, but cleaner.


Revision 17906 - Directory Listing
Modified Thu Jul 17 12:12:20 2014 UTC (7 years, 3 months ago) by msalle
Add support for new XACML API to log the ID, Issuer and Issue time of requests
and responds. Drop support for dynamically looking up the timeout function, only
include a built-time test.


Revision 17905 - Directory Listing
Modified Wed Jul 16 14:36:47 2014 UTC (7 years, 3 months ago) by msalle
Properly set date, issuer and 'unique' id in request.


Revision 17904 - Directory Listing
Modified Wed Jul 16 14:16:46 2014 UTC (7 years, 3 months ago) by msalle
rand() is not initialized, which results in having the same sequence of IDs for
each run, this is especially a problem for clients running once but many times.


Revision 17903 - Directory Listing
Modified Wed Jul 16 10:12:28 2014 UTC (7 years, 3 months ago) by msalle
Solaris needs __EXTENSIONS__ for definition of MAXHOSTNAMELEN


Revision 17902 - Directory Listing
Modified Wed Jul 16 09:50:39 2014 UTC (7 years, 3 months ago) by msalle
Add pkg-config files for eef and eics libraries. Especially the former is useful
for add-on plugins.


Revision 17901 - Directory Listing
Modified Tue Jul 15 12:44:28 2014 UTC (7 years, 3 months ago) by msalle
SCAS is https, not http (as the EES is)


Revision 17900 - Directory Listing
Modified Tue Jul 15 12:22:24 2014 UTC (7 years, 3 months ago) by msalle
Update NEWS and configure for 0.4.4
Fix forgotten static buffer...


Revision 17896 - Directory Listing
Modified Tue Jul 15 11:56:45 2014 UTC (7 years, 3 months ago) by msalle
Update NEWS and configure.ac for 1.4.3


Revision 17895 - Directory Listing
Modified Tue Jul 15 11:54:10 2014 UTC (7 years, 3 months ago) by msalle
Missed definition of ISSUER_MAX


Revision 17894 - Directory Listing
Modified Tue Jul 15 11:50:57 2014 UTC (7 years, 3 months ago) by msalle
Add code from EES to properly set the issuer in the XACML response. This
requires at least XACML 1.4.3 to work, but won't harm otherwise.


Revision 17892 - Directory Listing
Modified Tue Jul 15 10:56:54 2014 UTC (7 years, 3 months ago) by msalle
Fix license: should have been only Apache2.0


Revision 17891 - Directory Listing
Modified Tue Jul 15 10:41:58 2014 UTC (7 years, 3 months ago) by msalle
Add BUGS to dist-tarball
Remove deprecated xacml_test.c and remove empty tools directory


Revision 17890 - Directory Listing
Modified Tue Jul 15 10:30:47 2014 UTC (7 years, 3 months ago) by msalle
Add section about signals in the ees manpage, update NEWS file.


Revision 17889 - Directory Listing
Modified Tue Jul 15 09:42:13 2014 UTC (7 years, 3 months ago) by msalle
Prevent use of uninitialized values even in out-of-mem failure situation.
Properly cleanup memory in case of failure


Revision 17888 - Directory Listing
Modified Tue Jul 15 09:11:01 2014 UTC (7 years, 3 months ago) by msalle
Update README file


Revision 17887 - Directory Listing
Modified Tue Jul 15 08:44:52 2014 UTC (7 years, 3 months ago) by msalle
gridmapfile no longer part of EES (localaccount plugin).
doxygen.cfg is now created by configure


Revision 17886 - Directory Listing
Modified Tue Jul 15 08:40:39 2014 UTC (7 years, 3 months ago) by msalle
Add man-pages for the plugins.
Update EES manpage for the version option.


Revision 17885 - Directory Listing
Modified Tue Jul 15 07:41:17 2014 UTC (7 years, 3 months ago) by msalle
Update help text and add -v/--version option to print the EES version.


Revision 17884 - Directory Listing
Modified Tue Jul 15 07:04:37 2014 UTC (7 years, 3 months ago) by msalle
Fix doxygen build and cleanup.
For doxygen, we make the doxygen.cfg in configure to set the correct paths.
Remove deprecated files, move testing stuff into subdir of test/


Revision 17883 - Directory Listing
Modified Mon Jul 14 20:45:14 2014 UTC (7 years, 3 months ago) by msalle
Further improve the two manpages. Manpages for the three basic plugins are still
to come.


Revision 17882 - Directory Listing
Modified Mon Jul 14 20:36:20 2014 UTC (7 years, 3 months ago) by msalle
Update BUGS file


Revision 17881 - Directory Listing
Modified Mon Jul 14 20:29:09 2014 UTC (7 years, 3 months ago) by msalle
Define EES_HTTP_PORT in configure.ac to make it more configurable, although we
don't have a commandline option yet. We can now use the EES_HTTP_PORT in both
the man-page and the ees.conf template.
Update ees.conf.5 to reflect new EES. Also add some more comment and explanation
about the format.
Update AUTHORS file.



Revision 17880 - Directory Listing
Modified Mon Jul 14 19:28:16 2014 UTC (7 years, 3 months ago) by msalle
Improve manpage bit further with extra explanations.


Revision 17879 - Directory Listing
Modified Mon Jul 14 19:27:34 2014 UTC (7 years, 3 months ago) by msalle
Implement possibility to specify loglevel for AOS_dump plugin:
    --loglevel=4
would dump on LOG_INFO. Default is LOG_NOTICE (3).


Revision 17878 - Directory Listing
Modified Mon Jul 14 15:56:48 2014 UTC (7 years, 3 months ago) by msalle
Update manpage for EES itself only.


Revision 17877 - Directory Listing
Modified Mon Jul 14 15:45:08 2014 UTC (7 years, 3 months ago) by msalle
Fix usage() output


Revision 17876 - Directory Listing
Modified Mon Jul 14 15:21:46 2014 UTC (7 years, 3 months ago) by msalle
Add to-level comments to headers which missed it.


Revision 17875 - Directory Listing
Modified Mon Jul 14 15:10:56 2014 UTC (7 years, 3 months ago) by msalle
Cleanup comments in header files plus plugins.


Revision 17874 - Directory Listing
Modified Mon Jul 14 14:05:31 2014 UTC (7 years, 3 months ago) by msalle
In case of failure, need to free the obligation ID.


Revision 17873 - Directory Listing
Modified Mon Jul 14 13:54:11 2014 UTC (7 years, 3 months ago) by msalle
Missed argument


Revision 17872 - Directory Listing
Modified Mon Jul 14 13:52:47 2014 UTC (7 years, 3 months ago) by msalle
Errors are handled inside createAndSetUpATCPServerSocket(), so don't use errno
afterwards again. Make sure to log actual error on LOG_ERR.


Revision 17871 - Directory Listing
Modified Thu Jul 10 15:53:52 2014 UTC (7 years, 3 months ago) by msalle
Fix change rc <> retval


Revision 17870 - Directory Listing
Modified Thu Jul 10 15:36:45 2014 UTC (7 years, 3 months ago) by msalle
Improve test script to be able to run different types of tests.



Revision 17869 - Directory Listing
Modified Thu Jul 10 15:17:50 2014 UTC (7 years, 3 months ago) by msalle
getaddrinfo() returns gai_strerror type error, not a simple -1 or 0.
Small other changes to make code as close as possible to SCAS(/client) version


Revision 17868 - Directory Listing
Modified Thu Jul 10 15:16:34 2014 UTC (7 years, 3 months ago) by msalle
Merge in improvements in createAndSetUpATCPServerSocket() from EES.
Sync scas and scas-client


Revision 17867 - Directory Listing
Modified Thu Jul 10 14:20:34 2014 UTC (7 years, 3 months ago) by msalle
Change default to 'disable proxy certificate for server'. It can still be 
overridden using the cmdline option --enable-server-proxy-support
Enable CRL checks even when we use plain OpenSSL hostcert checks.
Update man-page for new defaults
Update NEWS file
Update version


Revision 17866 - Directory Listing
Modified Thu Jul 10 10:33:30 2014 UTC (7 years, 3 months ago) by msalle
Fix bug where non-soap messages were also prefixed with the namespaces.


Revision 17865 - Directory Listing
Modified Wed Jul 9 16:01:08 2014 UTC (7 years, 3 months ago) by msalle
Also define glexec_print_defines() with attribute noreturn


Revision 17864 - Directory Listing
Modified Wed Jul 9 15:57:48 2014 UTC (7 years, 3 months ago) by msalle
Define exit function with the attribute of noreturn...


Revision 17863 - Directory Listing
Modified Wed Jul 9 15:35:49 2014 UTC (7 years, 3 months ago) by msalle
Use %p for pointer printing


Revision 17862 - Directory Listing
Modified Wed Jul 9 15:33:46 2014 UTC (7 years, 3 months ago) by msalle
Fix Wformat warnings


Revision 17861 - Directory Listing
Modified Wed Jul 9 15:31:19 2014 UTC (7 years, 3 months ago) by msalle
Fix Wformat warnings


Revision 17860 - Directory Listing
Modified Wed Jul 9 10:51:08 2014 UTC (7 years, 3 months ago) by msalle
Remove extra cmdline args for changed log mesg


Revision 17859 - Directory Listing
Modified Wed Jul 9 10:46:38 2014 UTC (7 years, 3 months ago) by msalle
Print also thread-id at 'response constructed'.
Print successful 'response constructed' at LOG_NOTICE instead of LOG_INFO


Revision 17858 - Directory Listing
Modified Wed Jul 9 10:23:30 2014 UTC (7 years, 3 months ago) by msalle
getnameinfo returns error in return value, parse accordingly, using either
gai_strerror() or strerror_r()
Log issuer string on LOG_DEBUG
Don't log function name in EES Stopped and EES is ready...



Revision 17857 - Directory Listing
Modified Wed Jul 9 08:59:59 2014 UTC (7 years, 3 months ago) by msalle
Call dlerror before and after dlopen() and dlsym(), this prevents a false error
mesg on Solaris.


Revision 17856 - Directory Listing
Modified Tue Jul 8 20:05:13 2014 UTC (7 years, 3 months ago) by msalle
setpgrp returns -1 on error and on Solaris it returns the new process group ID.



Revision 17855 - Directory Listing
Modified Tue Jul 8 19:52:35 2014 UTC (7 years, 3 months ago) by msalle
Use SYS_gettid when available, otherwise (e.g. SUN) use SYS_lwp_self, otherwise
don't try.
Fix few format warnings and add missing header.


Revision 17854 - Directory Listing
Modified Tue Jul 8 19:05:23 2014 UTC (7 years, 3 months ago) by msalle
Need __EXTENSIONS__ for the netdb.h / MAXHOSTNAMELEN


Revision 17853 - Directory Listing
Modified Tue Jul 8 18:59:59 2014 UTC (7 years, 3 months ago) by msalle
MacOS and Solaris don't have HOST_NAME_MAX.


Revision 17852 - Directory Listing
Modified Tue Jul 8 18:34:10 2014 UTC (7 years, 3 months ago) by msalle
Fix missing )


Revision 17851 - Directory Listing
Modified Tue Jul 8 17:23:48 2014 UTC (7 years, 3 months ago) by msalle
Fix compiler warnings resulting from casts, format etc.



Revision 17850 - Directory Listing
Modified Tue Jul 8 09:12:08 2014 UTC (7 years, 3 months ago) by msalle
Remove unneeded fmt variable


Revision 17849 - Directory Listing
Modified Tue Jul 8 09:07:08 2014 UTC (7 years, 3 months ago) by msalle
Always malloc the 1-extra byte such that we can use string literals in the
snprintf and simplify the code.


Revision 17848 - Directory Listing
Modified Tue Jul 8 08:39:48 2014 UTC (7 years, 3 months ago) by msalle
Cast to const void* instead of void* for printing, to prevent compiler warning.


Revision 17847 - Directory Listing
Modified Tue Jul 8 08:31:26 2014 UTC (7 years, 3 months ago) by msalle
Fix return value in case seteuid failed while setegid succeeded.
Also restore errno in that case to that of the failed seteuid().


Revision 17846 - Directory Listing
Modified Mon Jul 7 20:56:51 2014 UTC (7 years, 3 months ago) by msalle
Add comment about the so version


Revision 17845 - Directory Listing
Modified Mon Jul 7 20:50:45 2014 UTC (7 years, 3 months ago) by msalle
Update EES version to 0.2.0. Even though the plugin-API has change backwards
incompatibly, the EES itself is still backwards compatible.


Revision 17844 - Directory Listing
Modified Mon Jul 7 20:49:41 2014 UTC (7 years, 3 months ago) by msalle
Update so version to 1 (i.e. current is 1, release 0, age 0)


Revision 17843 - Directory Listing
Modified Mon Jul 7 20:32:39 2014 UTC (7 years, 3 months ago) by msalle
Cannot print a struct, just skip it.


Revision 17842 - Directory Listing
Modified Mon Jul 7 20:09:47 2014 UTC (7 years, 3 months ago) by msalle
Fix format and cast warnings.
Syncing ssl-common.c with lcmaps-plugins-scas-client.



Revision 17841 - Directory Listing
Modified Mon Jul 7 19:41:18 2014 UTC (7 years, 3 months ago) by msalle
Fix format problems


Revision 17840 - Directory Listing
Modified Mon Jul 7 19:37:56 2014 UTC (7 years, 3 months ago) by msalle
Fix number of cast and format warnings


Revision 17839 - Directory Listing
Modified Mon Jul 7 19:28:25 2014 UTC (7 years, 3 months ago) by msalle
Fix format related cast issues and use %p instead of 0x%x


Revision 17838 - Directory Listing
Modified Mon Jul 7 19:17:46 2014 UTC (7 years, 3 months ago) by msalle
Fix format problems 


Revision 17837 - Directory Listing
Modified Mon Jul 7 19:10:31 2014 UTC (7 years, 3 months ago) by msalle
Print address using %p which is meant for it.


Revision 17836 - Directory Listing
Modified Mon Jul 7 18:49:11 2014 UTC (7 years, 3 months ago) by msalle
Adding format __attribute__ to log function.


Revision 17835 - Directory Listing
Modified Mon Jul 7 16:07:43 2014 UTC (7 years, 3 months ago) by msalle
Also add explicitly eef/eef_polytypes.h although already included by
eef/eef_aos.h


Revision 17834 - Directory Listing
Modified Mon Jul 7 15:53:13 2014 UTC (7 years, 3 months ago) by msalle
Add format attribute to log-type functions


Revision 17833 - Directory Listing
Modified Mon Jul 7 15:39:21 2014 UTC (7 years, 3 months ago) by msalle
Properly set the XACML response issuer.
It is set both in the samlp issuer and the saml attribute containing the saml
statement containing the actual XACML decision. If we did not set a issuer (via
xacml_response_set_issuer() ) we will use the former default XACMLService.


Revision 17832 - Directory Listing
Modified Mon Jul 7 15:24:46 2014 UTC (7 years, 3 months ago) by msalle
Add format __attribute__ to functions with a format string


Revision 17831 - Directory Listing
Modified Mon Jul 7 15:24:01 2014 UTC (7 years, 3 months ago) by msalle
Add correct format __attribute__ to vprintf type functions


Revision 17830 - Directory Listing
Modified Mon Jul 7 15:23:03 2014 UTC (7 years, 3 months ago) by msalle
- Bugfix: should not read and parse X509_USER_PROXY unless implicit mode
- increase pipe size to 1MB on supporting platforms (and when bigger than
  current size).
- Also print attributes and their values in case of unhandled obligations, but
  only log on LOG_DEBUG and when LCMAPS_DEBUG_LEVEL is 5.
  Rename check_unhandled_obligations into unhandled_obligations
- Add format attribute to pepapi_log() on supporting platforms
- Don't call xacml_attributeassignment_values_length() and call
  xacml_attributeassignment_getvalue() with just one arg: Attribute Assignments
  are single-valued.


Revision 17829 - Directory Listing
Modified Mon Jul 7 11:47:47 2014 UTC (7 years, 3 months ago) by msalle
Further simplification:
- eef_plugindl_t:
    - get size of procs from eef_proctype_t enum
    - calloc init_argv dynamically and take over directly from _var_to_argv():
      * add_plugin_struct() and _var_to_argv no longer needs/return argc
      * no longer  need free_args()
      * simplify create_plugin_struct()
    - remove unused args
  move eef_proctype_t enum into eef_plugindl_s.h
- no point in calling _var_to_argv() again in link_rule_to_plugin()
- rename aos_free_key into aos_free_storage_callback() to reflect its function
- update log string for aos_make_key
- log for which thread we're creating storage in aos_create_storage()



Revision 17828 - Directory Listing
Modified Mon Jul 7 09:50:58 2014 UTC (7 years, 3 months ago) by msalle
- Slightly improve _var_to_argv() and use also for extract_policy_names() since
  they are pretty much the same.
- Free address info from getaddrinfo()



Revision 17827 - Directory Listing
Modified Fri Jul 4 16:03:42 2014 UTC (7 years, 3 months ago) by msalle
Rename src/ees into src/main since we otherwise have a clash between the ees
binary and the ees directory. We don't notice this in a out-of-srctree build.


Revision 17826 - Directory Listing
Modified Fri Jul 4 15:53:12 2014 UTC (7 years, 3 months ago) by msalle
Also cast to void* in test tool


Revision 17825 - Directory Listing
Modified Fri Jul 4 15:51:00 2014 UTC (7 years, 3 months ago) by msalle
Change parameters in order no to shadow global vars send and accept


Revision 17824 - Directory Listing
Modified Fri Jul 4 15:47:31 2014 UTC (7 years, 3 months ago) by msalle
Missed one %p: now also casted to (void*)


Revision 17823 - Directory Listing
Modified Fri Jul 4 15:44:45 2014 UTC (7 years, 3 months ago) by msalle
Update ees.conf with commented-out policies template


Revision 17822 - Directory Listing
Modified Fri Jul 4 15:42:06 2014 UTC (7 years, 3 months ago) by msalle
Cast explicitly to (void*) when printing using %p


Revision 17821 - Directory Listing
Modified Fri Jul 4 15:33:46 2014 UTC (7 years, 3 months ago) by msalle
- Add missing include of stdarg.h in ees_log
- Implement setting policies, either on cmdline (-p/--policy) or with an extra
  option policies  in the config file. It should be of the form
    policies = policy1(,policy2)*
- Implement setting the logfile on the cmdline using -L / --logfile, it is also
  set earlier on and upon SIGHUP.
- Implement setting the modulepath on the cmdline using -P / --path
- Solve number of memory and restart issues.



Revision 17820 - Directory Listing
Modified Thu Jul 3 16:15:07 2014 UTC (7 years, 3 months ago) by msalle
- Move logging into EES itself for thread-safety (reopening in particular) and
  simplicity (i.e. don't use cgul).
- Add __attribute__ for GNU C compilers and fix corresponding warnings.
- Implement wrapper around strerror_r() to handle GNU vs XSI
- Set XACML issuer field correctly into response: http://<host>:<port>/, also
  needs patch in libxacml
- Log thread-id in AOS_dump()
- Log function name in many places
- Initialize pthread_mutex_t vars to PTHREAD_MUTEX_INITIALIZER, not ideal, but
  easiest.
- Fix bug with xacml_server_set_timeouts(), should still put in variable.
- Prevent few potential segfaults when parsing fails (when record_t* itself is
  NULL)



Revision 17819 - Directory Listing
Modified Thu Jul 3 11:46:27 2014 UTC (7 years, 3 months ago) by msalle
Fix setting of the xacml issuer in the response. The value is now taken over
from the value set using
xacml_response_set_issuer()/xacml_response_get_issuer().



Revision 17818 - Directory Listing
Modified Thu Jul 3 11:42:13 2014 UTC (7 years, 3 months ago) by msalle
Add printf format attribute for lcmaps_log() functions (and friends).
Fix resulting compiler warnings, mostly casts, few missing or extra arguments.



Revision 17817 - Directory Listing
Modified Thu Jul 3 11:20:41 2014 UTC (7 years, 3 months ago) by msalle
Add printf format attribute for glexec_log() and glexec_signal_log().
Fix resulting compiler warnings.
Remove unused GLEXEC_GLEXEC_PROXY_OPEN_FAILED and add error for missing
GLEXEC_CONF_FAIL_LOCK_MECH.



Revision 17816 - Directory Listing
Modified Mon Jun 23 14:57:01 2014 UTC (7 years, 3 months ago) by msalle
Extensive cleanup/improvement:

- EICS:
    * split-off EIC functionality: HTTP XACML server.
      This includes also data to be used. We still need to have the support for
      the settings in the config file and hence parser.
    * re-publicize the extractRequest*() functions and construct*Response()
      functions in a new header include/eics/eics_common.h
    * The XACML HTTP server specific functions including the new timeout-related
      ones are in include/eics/eics_http.h

- parsing:
    * Add support to directly convert to unsigned int, used for loglevel, port
      and the timeout values.
    * The big data struct is split into a data, config and init_config struct.
      The data is for internal policy data, the config for the config options
      in the config file, the init_config for the cmdline config options.
      The 'normal' config is initialized using the 'init' config values.
    * Rename pdl in many places into eval_manager, including header file,
      function names etc. We now have start_eval_manager() and
      stop_eval_manager() instead of start_pdl_parser() and pdl_term().
    * The config file name is/has to be stored via a function in the init_config
      struct and used by EEF_init()
    * the config data (not init config data) is cleared by calling e.g.
      stop_eval_manager() and should therefore also be called in the
      daemonization.
    * rename wrap_yacc() into parse_config_file()
    * the log file is already opened during parsing (i.e. ASAP).
    * cleaning config is split-off into clean_config_data()
    * The EIC relies on the application (main) to make sure that the config
      settings are obtained from the parser. The evaluation manager does not
      communicate with the EIC and the EIC communicates basically only with the
      AOS and the EEF outer layer (EEF_run and EEF_log).
    * port and loglevel are replaced by the general numval -- [0-9]+ -- in
      lex/yacc which is also used for the new timeouts

- plugin manager:
    * We now base the EEF_run() and run_plugins() functions on a NULL-terminated
      array of strings containing the policy names. The policies are run in the
      specified order.

- Add support for new-XACML timeout setting function.
- Add many explanatory comments to headers
- Add additional 'initial' configuration options: this is needed to allow for
  cmdline options that are re-used upon service restart, when the config file is
  re-parsed. The 'initial' option override those in the config file and can be
  set using the different EEF_set_conf_*() functions. See also above under
  parsing.
- Check return value strdup() and *alloc() and also snprintf() and do much more
  checking on return values and input.
- Use SIGUSR1 and the pidfile in the logrotate
- Duplicate (strdup) input for setContextObligationId(), like we do for the
  setAttribute... functions
- main() has been simplified and so have the ees_* functions which now just call
  primarily the EIC functions
- check return value of write_pidfile()





Revision 17815 - Directory Listing
Modified Mon Jun 16 15:19:00 2014 UTC (7 years, 4 months ago) by msalle
Split off the beta plugins posix_enf and localaccount. This also saves us a lot
of external (unstable) dependencies from cgul
Move log_to_file from src/cgul/ to src/
Improve test_ees_with_curl.sh to allow adding a host/port


Revision 17814 - Directory Listing
Modified Mon Jun 16 15:07:13 2014 UTC (7 years, 4 months ago) by msalle
Split-off from EES: beta-stage plugins. Still need to be properly autotoolized.


Revision 17813 - Directory Listing
Modified Mon Jun 16 14:54:50 2014 UTC (7 years, 4 months ago) by msalle
Create separate tree for the beta plugins posix_enf and localaccount


Revision 17812 - Directory Listing
Modified Mon Jun 16 13:33:30 2014 UTC (7 years, 4 months ago) by msalle
Massive rework of the AOS:
- remove aos_state_t type: can do the same with the aos_storage_t type itself.
  The latter type now has a few extra fields, which allows it to keep track of
  where we are, both thread-locally and globally.
- The pointers for the current context are now arrays of pointers:
  current_context[] and global_current_context[], one for each class.
  We therefore also update rewindContexts() and getNextContext() to work on
  specific class:
    rewindContexts(void)
	-> rewindContexts(aos_context_class_t)
	-> rewindGlobalContexts(aos_context_class_t)
    getNextContext(aos_context_class_t, aos_storage_t *)
	-> getNextContext(aos_context_class_t)
	-> getNextGlobalContext(aos_context_class_t)
- The getNextContext() goes through the thread-local storage and when that runs
  out, continues in the global storage. We can optionally look only in the
  global storage using getNextGlobalContext and rewindGlobalContexts.
  rewindContexts rewinds both the pointers current_context and
  global_current_context for the specified type, or for all if class is ANY.
- Implement two convenience functions
    aos_context_t *getObligation(const char *);
    aos_attribute_t *getAttribute(aos_context_t*, const char *);
- split eef_aos.h into aos_service.h and eef_aos.h, the former contains the API
  which is meant for the EEF and is kept private. The latter contains the API
  which can also be used by the plugins.
- function aos_dump_argslist(void) become AOS_dump(int syslog_level)
- we rename a few (internal) fields in the internal structures to make their
  meaning clearer: e.g. list_contexts -> first_context
- numerous smaller and bigger changes in the implementation of the actual
  functions.

EEF:
- EEF_term() now also calls AOS_clean(), so that the end-user does not need to
  call AOS_clean()



Revision 17811 - Directory Listing
Modified Fri Jun 13 13:01:37 2014 UTC (7 years, 4 months ago) by msalle
Fix https://jira.opensciencegrid.org/browse/SOFTWARE-1507



Revision 17808 - Directory Listing
Modified Mon Jun 9 15:05:29 2014 UTC (7 years, 4 months ago) by msalle
Add destroyContext() function which can be used to (e.g.) remove an obligation.
Fix minor typos and reorder some (prototypes of) functions for clarity.


Revision 17807 - Directory Listing
Modified Mon Jun 9 09:26:06 2014 UTC (7 years, 4 months ago) by msalle
Cleanup ees_eics.h, only include functions we like to be public


Revision 17806 - Directory Listing
Modified Mon Jun 9 09:14:57 2014 UTC (7 years, 4 months ago) by msalle
Remove xacml_attr_obl_profile.h file as it is (currently) not being used.


Revision 17805 - Directory Listing
Modified Fri Jun 6 16:03:46 2014 UTC (7 years, 4 months ago) by msalle
Don't use back tics in Makefile.am or we don't get the proper cleanup/uninstall
targets.


Revision 17804 - Directory Listing
Modified Fri Jun 6 15:40:25 2014 UTC (7 years, 4 months ago) by msalle
'AM_YFLAGS' cannot have conditional contents


Revision 17803 - Directory Listing
Modified Fri Jun 6 15:38:36 2014 UTC (7 years, 4 months ago) by msalle
Need to include ees_config.h if we check for ENABLE_DEBUG
Also: we always set it, either to 0 or 1, so don't use #ifdef but #if
Don't enable -d for yacc when ENABLE_DEBUG is false


Revision 17802 - Directory Listing
Modified Fri Jun 6 15:08:05 2014 UTC (7 years, 4 months ago) by msalle
Feature:
- dummy plugin now supports multiple obligation, and multiple attributes per
  obligation.
- new very-bare-bone example plugin which is build but not installed
Improvements:
- reorganise the header files that will be installed: installed headers refer to
  eachother via <> not via "" and are installed in eef/ subdirectory
- aos_s.h is merged into aos.c itself
- Cleanup memory when parsing fails.
- Add sighandler for SIGINT, does same as SIGTERM, needed for non-daemon/debug
  mode
- Fix some bugs in handling of socket creations, also log reason for failure
  more clearly.
- More logging and cleaner code-flow when extracting attributes from request



Revision 17801 - Directory Listing
Modified Tue Jun 3 16:40:18 2014 UTC (7 years, 4 months ago) by msalle
Major cleanup part 3:
- cleanup of tests in Makefile.am and configure.ac
- add pid file support and fix ees init script
- major cleanup of included headers, comments, ordering of static functions etc.
- sync include/common/xacml_attr_obl_profile.h with SCAS and friends. Not ideal,
  but better than nothing for now
- plugin header is now based on proper prototypes via separate header
- log header and file with all log-related stuff, mostly proper wrappers around
  cgul. Also better wrap around, no direct invocation of cgul_log functions.
- rename _aos.h into aos_s.h
- remove some private header files of which the content can be made into static
  functions.
- revamped ees_dummy_good.c into proper plugin: still todo: make into better
  one, by adding multiple obligations etc.
- rename plugin_example directory into plugins: they aren't examples.
- more consistent naming of the plugins
- moved main.c into separate directory src/ees and test apps into src/tests/
- merged net_server content into main.c, hardly any code was used
- Join eef_xacml_authorize and ees_xacml_authorize, latter now calls former.
- simplify setting log variables in pdl code.



Revision 17800 - Directory Listing
Modified Tue Jun 3 14:32:25 2014 UTC (7 years, 4 months ago) by msalle
Add cgul_get_ident() to get current ident string.


Revision 17799 - Directory Listing
Modified Mon Jun 2 12:08:19 2014 UTC (7 years, 4 months ago) by msalle
ident can be passed as const char *


Revision 17798 - Directory Listing
Modified Fri May 30 12:55:18 2014 UTC (7 years, 4 months ago) by msalle
Update list of plugins


Revision 17797 - Directory Listing
Modified Fri May 30 12:52:36 2014 UTC (7 years, 4 months ago) by msalle
Removing dummy_obligations from Makefile.am


Revision 17796 - Directory Listing
Modified Fri May 30 12:51:07 2014 UTC (7 years, 4 months ago) by msalle
Cleanup part of the plugins: plugin_[ab], example_plugin and
ees_dummy_obligations since ees_dummy_good is a better example plugin providing
more or less the same functionality. Also removing empty directories



Revision 17795 - Directory Listing
Modified Fri May 30 12:21:47 2014 UTC (7 years, 4 months ago) by msalle
Add plugin name to log messages in plugin


Revision 17794 - Directory Listing
Modified Fri May 30 12:19:26 2014 UTC (7 years, 4 months ago) by msalle
More cleanup and bugfixes:
- new feature: relative plugin path w.r.t. libdir
- bugfixes:
    - fix memory leaks / problems in transformer plugin
    - add possibility for multiple attributes within single obligation
    - when signal is caught just before pause(), prevent getting stuck using
      alarm()
    - check return value of running of plugins (in EEF_run())
 
- yylex and yyparse improvements, including wrapper around yyparse()
  also simplifications relating to relative path, basically taken over from
  (corrected and new) LCMAPS code
- _plugin_manager.h can be moved to plugin_manager.c itself
- move EEF_run to eef_common.c
- _aos.h only contains struct definitions, private fcies to aos.c

- extend curl test program with transformer obligations and pipe through xml_pp
  when available



Revision 17793 - Directory Listing
Modified Fri May 30 12:07:34 2014 UTC (7 years, 4 months ago) by msalle
Change to syslog when we close the file.


Revision 17792 - Directory Listing
Modified Thu May 29 16:36:15 2014 UTC (7 years, 4 months ago) by msalle
Fix few small errors, missing headers, unused variables etc.


Revision 17791 - Directory Listing
Modified Thu May 29 16:18:01 2014 UTC (7 years, 4 months ago) by msalle
Missed /src/ 


Revision 17790 - Directory Listing
Modified Thu May 29 16:17:35 2014 UTC (7 years, 4 months ago) by msalle
Need to give relative path for log_to_file.h


Revision 17789 - Directory Listing
Modified Thu May 29 15:46:08 2014 UTC (7 years, 4 months ago) by msalle
Need log_to_file.h
Don't use malloc.h (long depricated)



Revision 17788 - Directory Listing
Modified Thu May 29 15:34:48 2014 UTC (7 years, 4 months ago) by msalle
Massive cleanup and bugfix:
- fix memory issues with PDL parsing, primarily by doing the daemonize() before
  starting the EES, also by freeing some memory such as variable names and
  closing the config file.
  Also by taking over the lex and yacc cleanup from LCMAPS (where we already
  fixed this).
- bugfix: need to setenv XACML_THREAD_MODEL to pthread, otherwise we run in a
  single thread and we run into trouble with the 'thread-local' storage per
  request.
- bugfix: need to reinitialize _aos_key_once=PTHREAD_ONCE_INIT, otherwise no new
  thread is started after a SIGHUP
- new feature: absolute path for plugin means it's not relative to plugin path.
  Should still implement relative plugin path perhaps.
- reorder initialization of components (mostly in EEF_init() ) to start earlier
  with correct logging flags and fail on the more likely failures early on.
- cleanup the signal handler: don't handle inside, but rely on a flag. Still
  need to implement time-out รก la gLExec to prevent race-condition with pause()
- cleanup ees_loop().
- make a debug mode possible from the commandline via -d, also by compiling
  using ENABLE_DEBUG, which enables debug mode (no daemonize, log also to
  stderr).
- also make loglevel and logfacility (only syslog) possible on cmdline
- add entries in the (example) ees.conf for the log_level and log_facility to
  show how they work, also add options to the dummy plugin
- Add many debug log messages to show the flow and actually making debugging
  possible.
- log which type of context we have in the aos
- log the true and false branches when logging the rules.
- parsing of log facility is now in cgul log_to_file
- reorder number of loops and conditionals to improve readability and
  simplicity.
- change the indentation and layout in many places for readability.
- remove dead code, make many variables and functions (probably not all yet)
  static.
- Plugins:
    dummy:
    * add optional arguments to add an obligation with attribute/value pair
    * heavily improve the logging
    transformer:
    * heavily improve the logging and the parsing.
    * (probably) fix a few memory leaks by preventing unneeded strdup's
    * remove dead code
    * dump AOS after running, that's the interesting place



Revision 17787 - Directory Listing
Modified Wed May 28 15:54:11 2014 UTC (7 years, 4 months ago) by msalle
Store errno when opening logfile
When closing log file, also set _log_file_fp to NULL.


Revision 17786 - Directory Listing
Modified Wed May 28 09:36:58 2014 UTC (7 years, 4 months ago) by msalle
Add parsing function to convert log facility name into valid integer value.


Revision 17785 - Directory Listing
Modified Tue May 27 15:43:11 2014 UTC (7 years, 4 months ago) by msalle
Add better configurability of the logging and cleanup the code:
- can now set a log_level (0-5 -> LOG_CRIT-> LOG_DEBUG)
- log_facility: e.g LOG_LOCAL7 etc.
- EES_init no longer takes log_func argument, but will use cgul_log, this
  simplifies the code, and only reduces the usability a little bit. We can think
  about implementing setting a different log function using an API call.
- The logging is setup as soon as we can directly via cgul_...
- process_xacml gets the port number via EEF_get_port() such that we don't need
  to pass it.
- We log the reason when we cannot create the socket (e.g. address in use)
- We add a cmdline option -f/--foreground to prevent forking/daemonizing, might
  need to be done in the sig handler.
- log the module path being used


Revision 17784 - Directory Listing
Modified Tue May 27 15:27:06 2014 UTC (7 years, 4 months ago) by msalle
Implement setting a log level (default LOG_INFO) and log facility (default
LOG_DAEMON) for syslog. For logfile, only the log_level is used. It provides a
cut-off. Don't cache the pid but do cache the hostname and log filename.
Cleanup code to open the log, and provide a cgul_reopenlog() function.
cgul_openlog() can be called multiple times and probably will, as it is called
by cgul_log() when it hasn't been done before.


Revision 17783 - Directory Listing
Modified Thu May 22 11:06:19 2014 UTC (7 years, 4 months ago) by msalle
Fix c&p typo: x


Revision 17782 - Directory Listing
Modified Thu May 22 09:34:18 2014 UTC (7 years, 4 months ago) by msalle
GT6 (at least alpha1) installs headers as /usr/include/*.h, instead of
/usr/include/globus/*.h.


Revision 17781 - Directory Listing
Modified Tue May 20 21:29:12 2014 UTC (7 years, 4 months ago) by msalle
Small fix.


Revision 17780 - Directory Listing
Modified Tue May 20 21:22:48 2014 UTC (7 years, 4 months ago) by msalle
Fix compiler warnings


Revision 17779 - Directory Listing
Modified Tue May 20 21:17:21 2014 UTC (7 years, 4 months ago) by msalle
Fix compiler warnings from incompatible types


Revision 17778 - Directory Listing
Modified Tue May 20 21:01:23 2014 UTC (7 years, 4 months ago) by msalle
Add dependencies for fileutil


Revision 17777 - Directory Listing
Modified Tue May 20 20:50:30 2014 UTC (7 years, 4 months ago) by msalle
Numerous small fixes, plus one new feature: use EES_LOG_LEVEL environment
variable [0-5] to set the EES log_level. Default is LOG_INFO. Simplify log
function.



Revision 17776 - Directory Listing
Modified Tue May 20 20:35:12 2014 UTC (7 years, 4 months ago) by msalle
No need for priority in log_to_file


Revision 17775 - Directory Listing
Modified Tue May 20 20:31:53 2014 UTC (7 years, 4 months ago) by msalle
Fix typo


Revision 17774 - Directory Listing
Modified Tue May 20 20:22:15 2014 UTC (7 years, 4 months ago) by msalle
Re-added support for the stderr logging, removed the stderr debug logging
completely. Moved three function prototypes to the .c file as they are
effectively private.


Revision 17773 - Directory Listing
Modified Tue May 20 20:06:52 2014 UTC (7 years, 4 months ago) by msalle
Simplify cgul_log function: log to syslog and/or logfile and allow setting a
global log_level, which can be set with new function cgul_set_log_level and
cguld_get_log_level, which takes/returns a syslog loglevel. Default is LOG_INFO.


Revision 17772 - Directory Listing
Modified Mon May 19 19:35:11 2014 UTC (7 years, 4 months ago) by msalle
First half of code cleanup. Mostly implicit type conversions and a few missing
_XOPEN_SOURCE macros and the like


Revision 17771 - Directory Listing
Modified Mon May 19 19:05:38 2014 UTC (7 years, 4 months ago) by msalle
bitmasks are combination of options, so not part of enum itself


Revision 17770 - Directory Listing
Modified Mon May 19 18:25:15 2014 UTC (7 years, 4 months ago) by msalle
Fix remaining type conversion problem


Revision 17769 - Directory Listing
Modified Mon May 19 18:08:23 2014 UTC (7 years, 4 months ago) by msalle
Fix typo: doubly defined var


Revision 17768 - Directory Listing
Modified Mon May 19 18:06:38 2014 UTC (7 years, 4 months ago) by msalle
Fix number of conversion problems


Revision 17767 - Directory Listing
Modified Mon May 19 17:41:06 2014 UTC (7 years, 4 months ago) by msalle
Add correct _XOPEN_SOURCE for snprintf and replacing deprecated index() with
strchr()


Revision 17766 - Directory Listing
Modified Mon May 19 17:36:13 2014 UTC (7 years, 4 months ago) by msalle
Add macros for fcie definitions


Revision 17765 - Directory Listing
Modified Mon May 19 14:41:11 2014 UTC (7 years, 4 months ago) by msalle
Add _XOPEN_SOURCE macro for definition of ino_t


Revision 17764 - Directory Listing
Modified Sun May 18 20:25:22 2014 UTC (7 years, 5 months ago) by msalle
When wrapping the obligations in the request to the EES, we need to skip the
obligation that triggered running the EES OH.


Revision 17763 - Directory Listing
Modified Sun May 18 20:05:16 2014 UTC (7 years, 5 months ago) by msalle
Fix adding of obligation:
- obligationID was never set, it was malloced but should just have been
  strdup-ed
- It was added to the wrong context, namely the environment.


Revision 17762 - Directory Listing
Modified Fri May 16 15:34:41 2014 UTC (7 years, 5 months ago) by msalle
Obligation part in special attribute should not be URLencoded.


Revision 17761 - Directory Listing
Modified Fri May 16 15:33:35 2014 UTC (7 years, 5 months ago) by msalle
Test for empty compound was inverted.


Revision 17753 - Directory Listing
Modified Fri May 9 13:37:23 2014 UTC (7 years, 5 months ago) by msalle
Updating ChangeLog


Revision 17745 - Directory Listing
Modified Fri May 9 11:32:14 2014 UTC (7 years, 5 months ago) by msalle
Update version (and URL) in pom file too. We probably need to update the maven
requirements.


Revision 17744 - Directory Listing
Modified Fri May 9 10:43:27 2014 UTC (7 years, 5 months ago) by msalle
Bugfix: in obligationToXACML() the attributes are not put into the new
obligation. Note that this class is a copy of
org.glite.authz.common.model.util.XACMLConverter see
https://github.com/argus-authz/argus-pep-server/blob/EMI-3/src/main/java/org/glite/authz/common/model/util/XACMLConverter.java
Update version to 0.1.4


Revision 17743 - Directory Listing
Modified Thu May 8 14:03:01 2014 UTC (7 years, 5 months ago) by msalle
In case we don't have RTLD_DEFAULT but do have xacml_result_removeobligation we
need to include xacml.h


Revision 17742 - Directory Listing
Modified Thu May 8 13:56:05 2014 UTC (7 years, 5 months ago) by msalle
Add check on unhandled obligations in the result (in case of a Permit): when
unhandled obligations are found, they are logged and we fail.
This only works in combination with Argus PEP-API-C library 2.3.0 or higher.
In case we have RTLD_DEFAULT, the run-time library is dynamically checked for
the presence of the xacml_result_removeobligation() function, otherwise we
determine the presence in the build-time library. In case we cannot use the call
we will give a warning that we cannot check.
In case the check cannot be enforced due to misbehaving Argus services, we
provide an override option: override-unhandled-obligations-check.
Update manpage accordingly
Update NEWS file for 1.2.8


Revision 17741 - Directory Listing
Modified Mon Apr 28 11:01:38 2014 UTC (7 years, 5 months ago) by msalle
Don't mix int-s and enums.


Revision 17740 - Directory Listing
Modified Mon Apr 28 10:33:23 2014 UTC (7 years, 5 months ago) by msalle
Update types to consistently use enums without mixing enums and (unsigned) ints.


Revision 17739 - Directory Listing
Modified Fri Apr 11 14:32:51 2014 UTC (7 years, 6 months ago) by msalle
For the EEC as determined in the grid_verifyPathLenConstraints() function, also
print the CA hash, the serial number, the dNSName and rfc822name Subject
Alternative Names, and the certificate policy OIDs.
Simplify the code for the grid_get_serialStr() using the ASN1_INTEGER_to_BN()
and BN_bn2hex() calls.
Do not write Info: etc. in front of the messages in case we're logging via
LCMAPS, use the __func__ prefix instead.


Revision 17738 - Directory Listing
Modified Thu Apr 10 13:28:41 2014 UTC (7 years, 6 months ago) by msalle
Use (local) defines for flags. At some point we should implement this in a nicer
way via a header file.


Revision 17737 - Directory Listing
Modified Thu Apr 10 13:20:49 2014 UTC (7 years, 6 months ago) by msalle
Fix two typos.


Revision 17736 - Directory Listing
Modified Wed Apr 9 16:06:15 2014 UTC (7 years, 6 months ago) by msalle
Add support for the sharing service. In that case a proxy file must be provided
as extra argument on the cmdline.


Revision 17735 - Directory Listing
Modified Wed Apr 9 15:42:50 2014 UTC (7 years, 6 months ago) by msalle
Change confusing log messages talking about debugging level, change in log
level.


Revision 17734 - Directory Listing
Modified Wed Apr 9 15:31:07 2014 UTC (7 years, 6 months ago) by msalle
voms-proxy-init dates proxies 5 minutes in the past, better use notBefore+5
min+10 sec as verification time.


Revision 17733 - Directory Listing
Modified Wed Apr 9 15:18:18 2014 UTC (7 years, 6 months ago) by msalle
Also add the actual times in the log message about the relative verification
times.


Revision 17732 - Directory Listing
Modified Wed Apr 9 15:13:21 2014 UTC (7 years, 6 months ago) by msalle
Fix typo in lcmaps_set_voms_verification_time name


Revision 17731 - Directory Listing
Modified Wed Apr 9 15:07:45 2014 UTC (7 years, 6 months ago) by msalle
Fix log message


Revision 17730 - Directory Listing
Modified Wed Apr 9 14:59:52 2014 UTC (7 years, 6 months ago) by msalle
For the sharing service, we test the VOMS AC shortly after the notBefore time of
the leaf proxy (last delegation). This requires LCMAPS 1.6.6 to function. It
also requires an update in VOMS, since currently it will fail in case the VOMS
server certificate used to sign the AC has expired.
In case we require enabling or disabling the VOMS check or have the sharing
service, we check for the existence of the required symbols in LCMAPS and fail
if they are absent. In other cases we don't need the symbols, so we don't check
and don't fail.


Revision 17729 - Directory Listing
Modified Wed Apr 9 14:14:36 2014 UTC (7 years, 6 months ago) by msalle
Update version and NEWS file


Revision 17728 - Directory Listing
Modified Wed Apr 9 14:08:07 2014 UTC (7 years, 6 months ago) by msalle
Improve logging to be more concise and at the same time informative both on INFO
and DEBUG level.


Revision 17727 - Directory Listing
Modified Tue Apr 8 14:19:36 2014 UTC (7 years, 6 months ago) by msalle
Add API two set the VOMS AC verification time, i.e. to wrap around the VOMS
VOMS_SetVerificationTime() call.
It can set the time to the UNIX time to use, or relative to the notBefore or
notAfter time of the leaf proxy. Currently this can still fail in case the VOMS
server cert has expired. A patch is submitted to have VOMS use the time also for
the signature check.
Also print the VOMS error together with our own error and print the (numerical)
OpenSSL error stack. Unfortunately we don't have access to the VOMS error
strings (and they are aimed at the voms tools).
Add missing entries for the two functions added in 1.6.5.
Update NEWS file.
Update version.


Revision 17721 - Directory Listing
Modified Wed Apr 2 12:59:54 2014 UTC (7 years, 6 months ago) by msalle
Update ChangeLog files


Revision 17720 - Directory Listing
Modified Wed Apr 2 12:50:32 2014 UTC (7 years, 6 months ago) by msalle
Explicitly cast SSL options to long: SSL_OP_ALL is strictly speaking an unsigned
long constant, which results in a compiler warning.


Revision 17719 - Directory Listing
Modified Wed Apr 2 10:36:00 2014 UTC (7 years, 6 months ago) by msalle
Fix implicit casts between long and unsigned int


Revision 17718 - Directory Listing
Modified Wed Apr 2 07:16:19 2014 UTC (7 years, 6 months ago) by msalle
Only print ERR_{reason,func,lib}_error_string() when reason is non-zero.
Otherwise print ERR_error_string().


Revision 17717 - Directory Listing
Modified Tue Apr 1 13:12:02 2014 UTC (7 years, 6 months ago) by msalle
reason is best used as const char *, not as char *


Revision 17716 - Directory Listing
Modified Tue Apr 1 13:09:56 2014 UTC (7 years, 6 months ago) by msalle
error code should be unsigned long


Revision 17715 - Directory Listing
Modified Tue Apr 1 13:07:11 2014 UTC (7 years, 6 months ago) by msalle
Do not use ERR_reason_error_string() and ERR_get_error() without checking their
values are set. It seems OpenSSL 0.9.8e as used on RH5 does not load the error
strings. Use ERR_error_string(code,NULL) in case ERR_reason_error_string() is
not set.


Revision 17714 - Directory Listing
Modified Tue Apr 1 09:22:54 2014 UTC (7 years, 6 months ago) by msalle
Slight modification in location of debug message.


Revision 17713 - Directory Listing
Modified Mon Mar 31 14:48:35 2014 UTC (7 years, 6 months ago) by msalle
Fix extra { 


Revision 17712 - Directory Listing
Modified Mon Mar 31 14:46:22 2014 UTC (7 years, 6 months ago) by msalle
Even when both the error stack and errno are zero, we can still have an
unrecoverable error, namely when ret==0: see (my own) comment above: If ret ==
0, an EOF was observed that violates the protocol.


Revision 17711 - Directory Listing
Modified Mon Mar 31 14:23:41 2014 UTC (7 years, 6 months ago) by msalle
SCAS:
- set LCAS_LOG_STRING explicitly, if not yet set, since lcas_pem will otherwise
  set it to pem + a fixed time string, especially the latter isn't very good...
SCAS and SCAS client:
- comment out all LCAS references except where it is actually used (i.e. in
  xacml_io_ssl.c).
- don't call lcas_term() in xacml_io_ssl.c, since lcas_pem() will already call
  it.
- When LCAS fails (either due to banning or otherwise) it appears that the
  second SSL_shutdown (to obtain the SSL_RECEIVED_SHUTDOWN) can fail a first
  time with a SSL_ERROR_SYSCALL with errno==0 and ERR_peek_error()==0. We make
  this combination recoverable, which leads to a succeed in a subsequent try.
- Log the value of SSL_get_shutdown() in case of unrecoverable error.


Revision 17709 - Directory Listing
Modified Thu Mar 27 16:06:29 2014 UTC (7 years, 6 months ago) by msalle
Update ChangeLog


Revision 17708 - Directory Listing
Modified Thu Mar 27 16:05:48 2014 UTC (7 years, 6 months ago) by msalle
Need to add BUGS explicitly since docs_data itself is not in EXTRA_DIST 


Revision 17705 - Directory Listing
Modified Thu Mar 27 15:01:25 2014 UTC (7 years, 6 months ago) by msalle
Remove file which should not have been there...


Revision 17704 - Directory Listing
Modified Thu Mar 27 14:49:22 2014 UTC (7 years, 6 months ago) by msalle
Updating ChangeLog
Adapting NEWS file to conform to other components.


Revision 17703 - Directory Listing
Modified Thu Mar 27 12:20:24 2014 UTC (7 years, 6 months ago) by msalle
Add Required-Stop and Default-Stop entries for init script, see e.g.
http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html


Revision 17701 - Directory Listing
Modified Thu Mar 27 08:55:30 2014 UTC (7 years, 6 months ago) by msalle
Fix bug introduced in 1.4.1 which was an attempt to work around a change between
gSOAP 2.8.15 and 2.8.16 (Debian sid currently has 2.8.17): gSOAP now calls
prefixes some fields in XACMLsamlp__XACMLAuthzDecisionQuery with samlp__.
Letting XACMLsamlp__XACMLAuthzDecisionQuery inherit from
samlp__RequestAbstractType seemed to be the way, but caused a segmentation
fault.
We also need to work around a change between 2.8.10 and 2.8.11 (impact Fedora 20
and Debian sid): the order of setting __item or __mixed has changed for the
XACMLcontext__AttributeValueType: for 2.8.11 and higher this means __mixed will
be set, otherwise __item (inherited from xsd__anyType) will be set. Changing the
second parameter from extract_attribute_value() allows to do it in one place.
We now only need to patch one line in the .gsoap file.


Revision 17700 - Directory Listing
Modified Wed Mar 26 14:53:09 2014 UTC (7 years, 6 months ago) by msalle
Due to the non-blocking I/O the SSL_shutdown() sometimes give a
SSL_ERROR_WANT_READ. In general this means we should check whether we have a
recoverable error in the second call to SSL_shutdown() and if needed retry.
Updating NEWS files and configure.ac


Revision 17692 - Directory Listing
Modified Mon Mar 24 11:29:22 2014 UTC (7 years, 6 months ago) by msalle
wsdl2h only needs the import directory, not the srcdir (and doesn't seem to
allow to use two -I flags, at least not on old gSOAPs)


Revision 17691 - Directory Listing
Modified Mon Mar 24 11:14:17 2014 UTC (7 years, 6 months ago) by msalle
Add missing , in AS_IF macro, also add some message output
Add includedir also for wsdl2h


Revision 17690 - Directory Listing
Modified Mon Mar 24 10:51:08 2014 UTC (7 years, 6 months ago) by msalle
Look for importdir in $GSOAP_DIR/share/gsoap/import and
$GSOAP_DIR/include/gsoap. The latter is used by Debian6.


Revision 17689 - Directory Listing
Modified Sun Mar 23 16:51:54 2014 UTC (7 years, 6 months ago) by msalle
Add example files to EXTRA_DIST


Revision 17688 - Directory Listing
Modified Fri Mar 21 15:34:11 2014 UTC (7 years, 6 months ago) by msalle
Need _XOPEN_SOURCE 500 or higher for vsnprintf()


Revision 17684 - Directory Listing
Modified Fri Mar 21 14:41:07 2014 UTC (7 years, 6 months ago) by msalle
Need to install or at least package BUGS file


Revision 17674 - Directory Listing
Modified Fri Mar 21 12:47:36 2014 UTC (7 years, 6 months ago) by msalle
Updating ChangeLog


Revision 17673 - Directory Listing
Modified Fri Mar 21 12:44:00 2014 UTC (7 years, 6 months ago) by msalle
Add LICENSE file to dist tarball (AUTHORS is automatic)


Revision 17672 - Directory Listing
Modified Fri Mar 21 12:38:53 2014 UTC (7 years, 6 months ago) by msalle
Add AUTHORS and LICENSE files


Revision 17671 - Directory Listing
Modified Fri Mar 21 12:20:08 2014 UTC (7 years, 6 months ago) by msalle
Use stlvector.h from gsoap itself (it's the same).


Revision 17670 - Directory Listing
Modified Fri Mar 21 11:48:34 2014 UTC (7 years, 6 months ago) by msalle
Updating ChangeLog files, adding ChangeLog file for xacml


Revision 17669 - Directory Listing
Modified Thu Mar 20 10:57:49 2014 UTC (7 years, 6 months ago) by msalle
Remove need for unrecoverable var, we can do it inline.


Revision 17668 - Directory Listing
Modified Wed Mar 19 21:41:37 2014 UTC (7 years, 6 months ago) by msalle
fix typo


Revision 17667 - Directory Listing
Modified Wed Mar 19 21:38:08 2014 UTC (7 years, 6 months ago) by msalle
Simplify loop.


Revision 17666 - Directory Listing
Modified Wed Mar 19 21:11:52 2014 UTC (7 years, 6 months ago) by msalle
Define XACML_IO_CLOCK_ID only for non-Apple
Sync code between SCAS and lcmaps-plugins-scas-client


Revision 17665 - Directory Listing
Modified Wed Mar 19 20:56:52 2014 UTC (7 years, 6 months ago) by msalle
Fix infinite loop ('this might bite me') in ssl-common.c, xacml_io_SSL_recv()
and replace with maximum 30sec (currently hard-coded). The code is similar to
the connection timeout code in xacml_io_ssl.c. We cannot simply reuse the same
timeout value. Normally we should never hit the timeout, basically only when the
SCAS is extremely slow (we are already connected), or when an error code is
assumed to be recoverable but actually isn't.
Slightly cleanup the similar code in xacml_io_ssl.c in ssl_io_connect().



Revision 17664 - Directory Listing
Modified Wed Mar 19 14:50:58 2014 UTC (7 years, 6 months ago) by msalle
Add _XOPEN_SOURCE macro to silence compiler on Solaris


Revision 17663 - Directory Listing
Modified Wed Mar 19 14:43:56 2014 UTC (7 years, 6 months ago) by msalle
Not all syslog facilities are portable: check their existence.


Revision 17662 - Directory Listing
Modified Wed Mar 19 14:32:36 2014 UTC (7 years, 6 months ago) by msalle
Fix typo in naming of GLOBUS_GSSAPI_GSI_CFLAGS, missed GSI_


Revision 17661 - Directory Listing
Modified Wed Mar 19 12:13:36 2014 UTC (7 years, 6 months ago) by msalle
Do not force -g -Wall -O0 for CXXFLAGS.


Revision 17660 - Directory Listing
Modified Tue Mar 18 13:44:57 2014 UTC (7 years, 7 months ago) by msalle
Remove unused CPP flag setting -DWITH_OPENSSL=1, since it isn't used in the
code.
Update patching of gsoap output to bare minimum and comment why it is needed.


Revision 17659 - Directory Listing
Modified Mon Mar 17 16:35:40 2014 UTC (7 years, 7 months ago) by msalle
Fix issue with testing for libraries: just run 'if ls ... ; then' is fine.


Revision 17658 - Directory Listing
Modified Mon Mar 17 16:27:22 2014 UTC (7 years, 7 months ago) by msalle
Cleanup patching of the gsoap file:
- only patch the XACML* prefixed classes, the others don't need to.
- only patch the definition of the class, not the declaration, otherwise we get
  errors such as
    **ERROR**: class 'saml__StatementAbstractType' has incomplete type
Cleanup gsoap.m4 macro:
- first check path given with --with-gsoap=...
- then check pkg-config for cflags and libs, and via $PKG_CONFIG
  --variable=exec_prefix gsoap++ also the exec prefix to find the wsdl2h etc.
- then check default locations (/usr/lib* and /usr/bin)
- all 'm4 code' is in the gsoap.m4 file, not in the configure.ac
- we define three 'internal' macros to facilitate this.
- we set:
    GSOAP_DIR - the base directory of the gSOAP installation
    GSOAP_CFLAGS - additional flags for compilation against gSOAP
    GSOAP_LIBS - additional flags for linking against gSOAP
    gsoap_version - the version of gSOAP
    have_gsoap - yes/no
  AC_SUBST is NOT called



Revision 17657 - Directory Listing
Modified Fri Mar 14 15:37:54 2014 UTC (7 years, 7 months ago) by msalle
Fix for new 2.8.16 gSOAP: need to patch more classes
Need to add inheritance from samlp__RequestAbstractType
Also remove adding -l... from libxacml_la_LIBADD, some are coming from
AC_CHECK_LIB, others might come from pkg-config, otherwise add in configure.ac
to GSOAP_LIBS.


Revision 17656 - Directory Listing
Modified Thu Mar 13 16:40:10 2014 UTC (7 years, 7 months ago) by msalle
Don't build or install example client/server


Revision 17655 - Directory Listing
Modified Thu Mar 13 16:38:41 2014 UTC (7 years, 7 months ago) by msalle
Fix typo


Revision 17654 - Directory Listing
Modified Thu Mar 13 16:38:23 2014 UTC (7 years, 7 months ago) by msalle
Fix typo


Revision 17653 - Directory Listing
Modified Thu Mar 13 16:33:17 2014 UTC (7 years, 7 months ago) by msalle
Fix typo and add some comments


Revision 17652 - Directory Listing
Modified Thu Mar 13 12:14:40 2014 UTC (7 years, 7 months ago) by msalle
Add Requires.private on gsoap++


Revision 17650 - Directory Listing
Modified Thu Mar 13 11:27:49 2014 UTC (7 years, 7 months ago) by msalle
Adding empty but informative BUGS file


Revision 17649 - Directory Listing
Modified Thu Mar 13 11:24:52 2014 UTC (7 years, 7 months ago) by msalle
Adding empty but informative BUGS file


Revision 17648 - Directory Listing
Modified Thu Mar 13 11:22:36 2014 UTC (7 years, 7 months ago) by msalle
Adding (empty) informative BUGS file


Revision 17647 - Directory Listing
Modified Thu Mar 13 10:56:06 2014 UTC (7 years, 7 months ago) by msalle
Remove definitions of _C variables used to define _STORAGE_CLASS variables,
which were used to declare function prototypes as extern except in the defining
file. However, there is (normally) no need to declare a function prototype as
extern in a header file: see C99 spec 6.2.2 point 5: "If the declaration of an
identifier for a function has no storage-class specifier, its linkage is
determined exactly as if it were declared with the storage-class specifier
extern."



Revision 17646 - Directory Listing
Modified Thu Mar 13 10:12:14 2014 UTC (7 years, 7 months ago) by msalle
Log differently when VERIFY_NONE or noLog differently when VERIFY_NONE or nott


Revision 17645 - Directory Listing
Modified Thu Mar 13 09:59:54 2014 UTC (7 years, 7 months ago) by msalle
Fix two typos


Revision 17644 - Directory Listing
Modified Thu Mar 13 09:55:43 2014 UTC (7 years, 7 months ago) by msalle
Forgot to change definitions from int -> unsigned int


Revision 17643 - Directory Listing
Modified Thu Mar 13 09:51:28 2014 UTC (7 years, 7 months ago) by msalle
Get prototypes for VOMS functions from lcmaps_basic.h


Revision 17642 - Directory Listing
Modified Thu Mar 13 09:36:33 2014 UTC (7 years, 7 months ago) by msalle
All flags are essentially bitmasks and we can therefore better use unsigned int,
unfortunately VOMS_SetVerificationType() expects an int, so we have to cast
somewhere.


Revision 17641 - Directory Listing
Modified Thu Mar 13 09:28:16 2014 UTC (7 years, 7 months ago) by msalle
Missed one variable definition.


Revision 17640 - Directory Listing
Modified Thu Mar 13 09:26:47 2014 UTC (7 years, 7 months ago) by msalle
Fix entry for 1.6.5, part had been put under a (second) 1.6.4 entry


Revision 17639 - Directory Listing
Modified Thu Mar 13 09:20:53 2014 UTC (7 years, 7 months ago) by msalle
Add two new API functions:
    void lcmaps_set_voms_attributes_verification (int verify_flags)
    int lcmaps_get_voms_attributes_verification (void)
which provide more fine-grained setting of the VOMS verification: verify_flags
should be a combination of the flags as specified in voms_apic.h:
 VERIFY_DATE, VERIFY_NOTARGET, VERIFY_KEY, VERIFY_SIGN, VERIFY_ORDER, VERIFY_ID,
 VERIFY_CERTLIST
The old functions still work and behave as follows:
    lcmaps_enable_voms_attributes_verification -> sets VERIFY_FULL
    lcmaps_disable_voms_attributes_verification -> sets VERIFY_NONE
    lcmaps_is_set_to_verify_voms_attributes -> returns whether all *known* flags
					       are set.
The actual setting (overriding) of the flags, using VOMS_SetVerificationType()
is *only* done when at least one of the known flags is unset. So when some
unknown flag is added to the API and is not set, then we still do the full
verification.

Updated the NEWS file.


Revision 17638 - Directory Listing
Modified Wed Mar 12 12:49:17 2014 UTC (7 years, 7 months ago) by msalle
Further improve scas init script to exit with correct exit values according to
http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptfunc.html even though the RH6 /etc/init.d/functions does not comply (fully).


Revision 17637 - Directory Listing
Modified Wed Mar 12 09:52:52 2014 UTC (7 years, 7 months ago) by msalle
Fix return error code from status (and other commands).
Do not fail if we stop an already stopped service.


Revision 17636 - Directory Listing
Modified Tue Mar 11 17:27:09 2014 UTC (7 years, 7 months ago) by msalle
Replace #if HAVE... with #ifdef HAVE...


Revision 17635 - Directory Listing
Modified Tue Mar 11 17:25:07 2014 UTC (7 years, 7 months ago) by msalle
Behaviour of AC_CHECK_DECLS is different from AC_CHECK_LIB in that it actually
defines the HAVE_DECL macro but with value 0 instead of 1. 
Fix the tests for this.


Revision 17634 - Directory Listing
Modified Tue Mar 11 15:24:42 2014 UTC (7 years, 7 months ago) by msalle
Don't use prev_endpoint any more


Revision 17633 - Directory Listing
Modified Tue Mar 11 14:23:56 2014 UTC (7 years, 7 months ago) by msalle
Use vsnprintf() only on copy of specified argument.
Add few clarifying comments.


Revision 17632 - Directory Listing
Modified Tue Mar 11 14:05:20 2014 UTC (7 years, 7 months ago) by msalle
Also reset pfd[1] to -1 in case we do a fclose on f_err.
Cleanup parsing of errno in the reading from the pipe.


Revision 17631 - Directory Listing
Modified Tue Mar 11 13:49:34 2014 UTC (7 years, 7 months ago) by msalle
Add copyright/license text to pep-c-log.?
Move ifndefs for header itself to the top


Revision 17630 - Directory Listing
Modified Tue Mar 11 13:24:26 2014 UTC (7 years, 7 months ago) by msalle
Add check on validity of pipe before using it.


Revision 17629 - Directory Listing
Modified Tue Mar 11 13:21:53 2014 UTC (7 years, 7 months ago) by msalle
Also capture output of cURL via a pipe (same construction as in SCAS client):
- For this we first setup the logging handler for the pep-api-c-library and then
  set the writing end of a pipe-pair as PEP_OPTION_LOG_STDERR.
- After it's setup, we only need to call pep_log_pipe() at times we want to
  flush the pipe, such as just after pep_authorize() and just before calling
  pep_destroy(). Even call it directly from out callback function, but note that
  the handler is only called for sufficiently high loglevel, so don't only rely
  on that.
- Have also to make sure not to close the write-end, since cURL will also do
  that.
- All the logging setup and handling is now moved to a new pep-c-log.c file with
  companion header file.
Move lcmaps_c_pep.h contents into lcmaps_c_pep.c itself, it's effectively just
the ENDPOINT_SELECTION_T enum.
Add missing pep_setoption(PEP_OPTION_ENDPOINT_SSL_CIPHER_LIST,
pep_option_ssl_cipher_list) to old PEP_API 1 version.


Revision 17628 - Directory Listing
Modified Mon Mar 10 20:31:18 2014 UTC (7 years, 7 months ago) by msalle
Update man-page to mention that the cURL output still goes to stderr.
We probably should one day implement the type of pipe workaround like in the
SCAS client.



Revision 17627 - Directory Listing
Modified Mon Mar 10 20:11:58 2014 UTC (7 years, 7 months ago) by msalle
Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC since it automatically sets the
AC_DEFINE


Revision 17626 - Directory Listing
Modified Mon Mar 10 17:48:56 2014 UTC (7 years, 7 months ago) by msalle
Fix small bugs: need to include config file before checking if defined.
Use #ifdef instead of #if ... ==
Initialize peer to prevent warning
Declare variable static (that should have been).



Revision 17625 - Directory Listing
Modified Mon Mar 10 16:32:49 2014 UTC (7 years, 7 months ago) by msalle
Fix typo


Revision 17624 - Directory Listing
Modified Mon Mar 10 14:39:13 2014 UTC (7 years, 7 months ago) by msalle
Fix typo in reverting the CPPFLAGS


Revision 17623 - Directory Listing
Modified Mon Mar 10 14:38:35 2014 UTC (7 years, 7 months ago) by msalle
only use .globus/certificates directory in case uid=euid=suid !=0. Use (GNU)
getresuid() when available.
fix typo in reverting CPPFLAGS after check for lcmaps_plugin_prototypes.h



Revision 17622 - Directory Listing
Modified Mon Mar 10 12:39:28 2014 UTC (7 years, 7 months ago) by msalle
Implement log callback for the Argus PEP-API-C library: we now capture the
library log information and forward it to the LCMAPS log. The former
--pep-c-debug, which would log (part of) the debug output on stderr, is now
deprecated and replaced with a generic --pep-c-loglevel option, which can be set
to error, warning, info or debug.
Update NEWS file and man page accordingly.



Revision 17621 - Directory Listing
Modified Fri Mar 7 13:09:12 2014 UTC (7 years, 7 months ago) by msalle
Minor fix in scas init script, update NEWS files


Revision 17620 - Directory Listing
Modified Fri Mar 7 12:43:56 2014 UTC (7 years, 7 months ago) by msalle
Cleanup init script.


Revision 17619 - Directory Listing
Modified Fri Mar 7 12:10:48 2014 UTC (7 years, 7 months ago) by msalle
Check existence of pidfile directory, otherwise fail


Revision 17618 - Directory Listing
Modified Fri Mar 7 11:11:27 2014 UTC (7 years, 7 months ago) by msalle
Improve log messages, prevent double error messages, log on debug if we change
to a different endpoint.


Revision 17617 - Directory Listing
Modified Fri Mar 7 11:01:53 2014 UTC (7 years, 7 months ago) by msalle
Implement pidfile for cleaner stopping the SCAS service.


Revision 17616 - Directory Listing
Modified Fri Mar 7 10:57:53 2014 UTC (7 years, 7 months ago) by msalle
Fix accidental capitals.


Revision 17615 - Directory Listing
Modified Thu Mar 6 17:09:01 2014 UTC (7 years, 7 months ago) by msalle
Fix few typos in manpage and remove unused variable


Revision 17614 - Directory Listing
Modified Thu Mar 6 17:01:08 2014 UTC (7 years, 7 months ago) by msalle
Update manpage and make a static global local (no need for it to be global).


Revision 17613 - Directory Listing
Modified Thu Mar 6 16:55:47 2014 UTC (7 years, 7 months ago) by msalle
Implement proper round-robin behaviour in the PEP-C plugin, based on the
SCAS-client. The default is round-robin-random-start.
A next entry will be used if there is a valid decision and either
- it is a permit/deny/not-applicable: binding answer.
- or it is indeterminate in case of one endpoint: no point in trying again.
We rework the internals to make this all easier, most of the magic is now inside
the pepc_engage(). We also need access to the actual decision, which we store 
internally.
Update manpage accordingly.
New options:
    --endpoint-strategy round-robin|round-robin-random-start|random
    (existed but didn't do anything)
    --retry <1-9+>
    really new
Also comment out unused pepc_get_output()


Revision 17612 - Directory Listing
Modified Thu Mar 6 10:42:59 2014 UTC (7 years, 7 months ago) by msalle
Add empty BUGS file with information on how to file a bug.


Revision 17611 - Directory Listing
Modified Thu Mar 6 10:38:59 2014 UTC (7 years, 7 months ago) by msalle
Add empty BUGS files for lcmaps-plugins-basic and
lcmaps-plugins-tracking-groupid with basic bug filing information.
Make sure BUGS file is packaged and distributed.


Revision 17610 - Directory Listing
Modified Thu Mar 6 09:36:11 2014 UTC (7 years, 7 months ago) by msalle
Make endpoint variable explicitly the enum type and error out when we have a
non-covered value (that would be a coding bug).
Only add the random wait if we retry the same endpoint directly again.



Revision 17609 - Directory Listing
Modified Wed Mar 5 22:16:56 2014 UTC (7 years, 7 months ago) by msalle
Update NEWS file for lcmaps-plugins-scas-client
Use also seconds in srand48() seeding. srand48() uses only the lowest 32 bits,
so combine them all into a long number of microseconds <= 2147*10^6 which is
smaller than 2^31.


Revision 17608 - Directory Listing
Modified Wed Mar 5 22:05:33 2014 UTC (7 years, 7 months ago) by msalle
Set default timeouts and backoff in the configure.ac and make it switchable. The
actually used defaults are also put in the man page.
Reorganize xacmlqueryscas() versus plugin-run() to have the round-robin flow a
lot clearer and less replication of the same code.
Update version.



Revision 17607 - Directory Listing
Modified Wed Mar 5 16:46:15 2014 UTC (7 years, 7 months ago) by msalle
No longer need seed variable


Revision 17606 - Directory Listing
Modified Wed Mar 5 16:41:28 2014 UTC (7 years, 7 months ago) by msalle
Sync also interface/xacml_io_ssl.h


Revision 17605 - Directory Listing
Modified Wed Mar 5 16:37:37 2014 UTC (7 years, 7 months ago) by msalle
Use new xacml_io_rand() also in xacml_io_ssl.c



Revision 17604 - Directory Listing
Modified Wed Mar 5 16:33:51 2014 UTC (7 years, 7 months ago) by msalle
Sync code with SCAS-client.


Revision 17603 - Directory Listing
Modified Wed Mar 5 16:31:21 2014 UTC (7 years, 7 months ago) by msalle
Implement better random function than rand_r, especially don't seed using
time(): when multiple clients start simultaneously they have the same seed.


Revision 17602 - Directory Listing
Modified Wed Mar 5 13:14:28 2014 UTC (7 years, 7 months ago) by msalle
Define _XOPEN_SOURCE for getaddrinfo, freeaddrinfo and struct addrinfo


Revision 17601 - Directory Listing
Modified Wed Mar 5 13:02:16 2014 UTC (7 years, 7 months ago) by msalle
Don't use variable length arrays, but allocate with initial size and resize when
needed.



Revision 17600 - Directory Listing
Modified Wed Mar 5 12:08:04 2014 UTC (7 years, 7 months ago) by msalle
Fix compiler warnings and remove unused or autotools generated files.
Compiler warnings are due to:
- implicit or incorrect casts.
- not defining internal functions as static


Revision 17598 - Directory Listing
Modified Tue Mar 4 15:54:52 2014 UTC (7 years, 7 months ago) by msalle
Also install and distribute BUGS file.


Revision 17597 - Directory Listing
Modified Tue Mar 4 15:17:33 2014 UTC (7 years, 7 months ago) by msalle
Only set DO_USRLOG: if that fails we automatically fall back to DO_SYSLOG, but
we don't want both in general.


Revision 17596 - Directory Listing
Modified Tue Mar 4 14:46:07 2014 UTC (7 years, 7 months ago) by msalle
Better not log at all when no logfile or pointer is specified: we haven't yet
determined the loglevel.


Revision 17595 - Directory Listing
Modified Tue Mar 4 14:42:31 2014 UTC (7 years, 7 months ago) by msalle
Lower error to debug as it isn't an error: some interfaces always call
lcmaps_log_open with both syslog and usrlog. If we don't have a logfile, just
use syslog only.


Revision 17593 - Directory Listing
Modified Tue Mar 4 14:08:21 2014 UTC (7 years, 7 months ago) by msalle
Fix remaining typos.


Revision 17592 - Directory Listing
Modified Tue Mar 4 14:00:51 2014 UTC (7 years, 7 months ago) by msalle
Fix https://bugzilla.nikhef.nl/show_bug.cgi?id=21
Cleanup log initialization:
- in case no external logfile pointer is passed to LCMAPS, then in the
  lcmaps_*_account_from_pem and lcmaps_return_poolindex* interfaces, LCMAPS
  needs to use the LCMAPS_LOG_FILE environment variable.
- get DO_USRLOG and DO_SYSLOG from _lcmaps_log.h.
- remove related dead code.
Update configure.ac and NEWS.



Revision 17587 - Directory Listing
Modified Mon Mar 3 15:55:01 2014 UTC (7 years, 7 months ago) by msalle
Update ChangeLog


Revision 17586 - Directory Listing
Modified Mon Mar 3 13:32:08 2014 UTC (7 years, 7 months ago) by msalle
Cleanup calling of pep_construct_request_subject():
- the different char** elements are not changed by
  pep_construct_request_subject and are either declared static or malloced in
  LCMAPS, so we don't need a strdup nor a malloc ourselves.
- Don't pass NULL when the first element is NULL, just pass the list.
-> No more cast from char** to const char**


Revision 17569 - Directory Listing
Modified Fri Feb 28 12:39:22 2014 UTC (7 years, 7 months ago) by msalle
Update ChangeLog


Revision 17568 - Directory Listing
Modified Fri Feb 28 12:39:11 2014 UTC (7 years, 7 months ago) by msalle
Update NEWS file


Revision 17567 - Directory Listing
Modified Fri Feb 28 12:37:07 2014 UTC (7 years, 7 months ago) by msalle
Update ChangeLog


Revision 17566 - Directory Listing
Modified Fri Feb 28 12:36:44 2014 UTC (7 years, 7 months ago) by msalle
Update NEWS file


Revision 17565 - Directory Listing
Modified Fri Feb 28 12:31:13 2014 UTC (7 years, 7 months ago) by msalle
Updating ChangeLog


Revision 17564 - Directory Listing
Modified Fri Feb 28 12:29:51 2014 UTC (7 years, 7 months ago) by msalle
Fix remaining compiler warnings


Revision 17563 - Directory Listing
Modified Fri Feb 28 12:27:33 2014 UTC (7 years, 7 months ago) by msalle
Update ChangeLog


Revision 17562 - Directory Listing
Modified Fri Feb 28 12:27:14 2014 UTC (7 years, 7 months ago) by msalle
Update NEWS file


Revision 17561 - Directory Listing
Modified Fri Feb 28 12:24:40 2014 UTC (7 years, 7 months ago) by msalle
Update ChangeLog


Revision 17560 - Directory Listing
Modified Fri Feb 28 12:24:21 2014 UTC (7 years, 7 months ago) by msalle
Update NEWS file


Revision 17559 - Directory Listing
Modified Fri Feb 28 12:21:33 2014 UTC (7 years, 7 months ago) by msalle
Update ChangeLog


Revision 17558 - Directory Listing
Modified Fri Feb 28 12:18:05 2014 UTC (7 years, 7 months ago) by msalle
Update ChangeLog


Revision 17557 - Directory Listing
Modified Fri Feb 28 12:17:39 2014 UTC (7 years, 7 months ago) by msalle
Update NEWS file.


Revision 17556 - Directory Listing
Modified Fri Feb 28 12:13:16 2014 UTC (7 years, 7 months ago) by msalle
Replace hardcoded paths into more flexible variable based paths


Revision 17555 - Directory Listing
Modified Fri Feb 28 09:19:13 2014 UTC (7 years, 7 months ago) by msalle
Add ban_dn and ban_fqan plugins. Make naming of the files/dirs consistent.


Revision 17554 - Directory Listing
Modified Fri Feb 28 09:10:56 2014 UTC (7 years, 7 months ago) by msalle
Clarify option --map-to-secondary-groups


Revision 17553 - Directory Listing
Modified Thu Feb 27 20:04:42 2014 UTC (7 years, 7 months ago) by msalle
Update NEWS and version


Revision 17552 - Directory Listing
Modified Thu Feb 27 16:41:02 2014 UTC (7 years, 7 months ago) by msalle
i2c_ASN1_INTEGER needs a char** and will update it, proper way is via a temp


Revision 17551 - Directory Listing
Modified Thu Feb 27 16:31:58 2014 UTC (7 years, 7 months ago) by msalle
Bug fix for lcmaps-plugins-verify-proxy: declared the wrong variable static
(pointer to buffer instead of buffer itself).
Syncing with scas-client and SCAS



Revision 17550 - Directory Listing
Modified Thu Feb 27 14:32:40 2014 UTC (7 years, 7 months ago) by msalle
tmpval did not get set.


Revision 17549 - Directory Listing
Modified Thu Feb 27 14:26:59 2014 UTC (7 years, 7 months ago) by msalle
Skip tests which don't have the needed proxy: newest GT5.2.5 doesn't create all
the different proxy types. Also make rm and mkdir variables to easily use a
different command (such as /bin/rm, grm etc.)


Revision 17548 - Directory Listing
Modified Thu Feb 27 13:44:15 2014 UTC (7 years, 7 months ago) by msalle
C++ style -> C style


Revision 17547 - Directory Listing
Modified Thu Feb 27 13:42:50 2014 UTC (7 years, 7 months ago) by msalle
C++ comment -> C comment


Revision 17546 - Directory Listing
Modified Thu Feb 27 13:40:10 2014 UTC (7 years, 7 months ago) by msalle
Replace lcmaps_warning into lcmaps_pdl_warning also in non-c/h files


Revision 17545 - Directory Listing
Modified Thu Feb 27 13:10:16 2014 UTC (7 years, 7 months ago) by msalle
Add missing *


Revision 17544 - Directory Listing
Modified Thu Feb 27 13:07:44 2014 UTC (7 years, 7 months ago) by msalle
replace non-standard su user --command with su - user command


Revision 17543 - Directory Listing
Modified Thu Feb 27 13:00:11 2014 UTC (7 years, 7 months ago) by msalle
Fix expected return values for setuid and setgid execs.


Revision 17542 - Directory Listing
Modified Thu Feb 27 12:56:23 2014 UTC (7 years, 7 months ago) by msalle
Install glexec.conf only as glexec user when we are root
Fix test suite:
- should do chown before chmod
- put test exec into compound testdir such that it starts from scratch
- replace numerous root.root by a variable.



Revision 17541 - Directory Listing
Modified Thu Feb 27 11:08:29 2014 UTC (7 years, 7 months ago) by msalle
Install glexec.conf with perms
-r--------   1   glexec root


Revision 17540 - Directory Listing
Modified Thu Feb 27 11:03:47 2014 UTC (7 years, 7 months ago) by msalle
Explicitly cast constants to size_t (where needed)


Revision 17539 - Directory Listing
Modified Thu Feb 27 10:59:39 2014 UTC (7 years, 7 months ago) by msalle
Add missing ;


Revision 17538 - Directory Listing
Modified Thu Feb 27 10:38:17 2014 UTC (7 years, 7 months ago) by msalle
Fix missing *


Revision 17537 - Directory Listing
Modified Thu Feb 27 10:32:39 2014 UTC (7 years, 7 months ago) by msalle
Fix renaming of lcmaps_warning into lcmaps_pdl_warning (it is not a general
LCMAPS warning function)


Revision 17536 - Directory Listing
Modified Thu Feb 27 10:12:15 2014 UTC (7 years, 7 months ago) by msalle
Fix GNU/pedantic compiler warnings


Revision 17535 - Directory Listing
Modified Wed Feb 26 16:32:21 2014 UTC (7 years, 7 months ago) by msalle
Fix (unneeded) warnings


Revision 17534 - Directory Listing
Modified Wed Feb 26 16:13:19 2014 UTC (7 years, 7 months ago) by msalle
Revert to the 'incompatible pointer type' warnings, otherwise we get other
warnings...


Revision 17533 - Directory Listing
Modified Wed Feb 26 16:00:11 2014 UTC (7 years, 7 months ago) by msalle
Add missing header and remove unreachable break;


Revision 17532 - Directory Listing
Modified Wed Feb 26 15:51:25 2014 UTC (7 years, 7 months ago) by msalle
Forgot __func__ arg


Revision 17531 - Directory Listing
Modified Wed Feb 26 15:43:36 2014 UTC (7 years, 7 months ago) by msalle
Remove unreachable break
Remove unused macros
SCAS:
- Make sure to define SCAS mutex only in main.c, declare as extern in header
- Replace non-portable err()



Revision 17530 - Directory Listing
Modified Wed Feb 26 15:05:19 2014 UTC (7 years, 7 months ago) by msalle
Missed header file


Revision 17529 - Directory Listing
Modified Wed Feb 26 15:01:45 2014 UTC (7 years, 7 months ago) by msalle
Fix numerous small warnings:
- break; after a return; is unreachable
- unused macros
Change back signature of the scas obligation handlers to be compatible with the
type in the XACML library.
Sync SCAS with lcmaps-plugins-scas-client


Revision 17528 - Directory Listing
Modified Wed Feb 26 13:46:22 2014 UTC (7 years, 7 months ago) by msalle
Missed updating prototype


Revision 17527 - Directory Listing
Modified Wed Feb 26 13:40:35 2014 UTC (7 years, 7 months ago) by msalle
Fix typo


Revision 17526 - Directory Listing
Modified Wed Feb 26 13:36:18 2014 UTC (7 years, 7 months ago) by msalle
Fix parsing of cmdline args in lcmaps_afs
Fix use of proxy_type_t (when |-ing them they go outside the enum) in
lcmaps-plugins-verify-proxy
Fix use of global variable in lcmaps-plugins-scas-client
Fix (hopefully) casting of char** to const char**: define them
(const char*) const x[] in function and cast the char** explicitly to
a (const char)**



Revision 17525 - Directory Listing
Modified Wed Feb 26 12:17:21 2014 UTC (7 years, 7 months ago) by msalle
Fix unreachable-code


Revision 17524 - Directory Listing
Modified Wed Feb 26 12:02:22 2014 UTC (7 years, 7 months ago) by msalle
Fix few small typos and bugs. Fix one missing initialization.
Make sure lcmaps does not log on stderr in case gridmapdir cannot be opened.


Revision 17523 - Directory Listing
Modified Wed Feb 26 11:39:40 2014 UTC (7 years, 7 months ago) by msalle
Fix typo.


Revision 17522 - Directory Listing
Modified Wed Feb 26 11:34:33 2014 UTC (7 years, 7 months ago) by msalle
Add missing emptyname to other function using it


Revision 17521 - Directory Listing
Modified Wed Feb 26 11:24:08 2014 UTC (7 years, 7 months ago) by msalle
Fix clang compiler warnings, in particular uninitialized variables and char*
const char* inconsistencies:
cgul:
- fix harmless uninitialized vars warnings: we checked with a flag in any case

all plugins:
- char * -> const char * for functions where possible and for char* used only as
  literals.

c-pep:
- treat pep_error_t properly
- use a strdup for the oh.id since we cannot guarantee they are constant
  pepc_initialize() returns number of oh-s so that we can properly clean all
  of them.
  pepc_initialize() also makes sure that oh is properly initialized and that the
  right variable is free-ed (it should have been *oh in the old version, not oh
  itself).
- do not log that addCredentialData() failed as we don't call it.

jobrep:
- define a variable emptyname instead of using the string literal. Note that
  getgrname also reuses the same buffer...

scas-client:
- getnameinfo() is wrongly described in (my) Linux manpage to use a size_t
  hostlen which not only in POSIX is nowadays a socklen_t nodelen, but also in
  the actual Linux header file /usr/include/netdb.h, at least since
  glibc-2.1.91.
- define variable name in order to call X509_PURPOSE_get_by_sname() with a
  char*. The OpenSSL implementation (anything since its introduction in OpenSSL
  0.9.5) only uses it in a strcmp so it could have been a const char *, but we
  don't rely on the implementation.

verify-proxy:
- treat verify_x509_error_t properly
- remove useless statement nfqan = nfqan 



Revision 17520 - Directory Listing
Modified Tue Feb 25 16:24:08 2014 UTC (7 years, 7 months ago) by msalle
Fix missed prototype


Revision 17519 - Directory Listing
Modified Tue Feb 25 16:22:52 2014 UTC (7 years, 7 months ago) by msalle
Add const to char * where possible and applicable


Revision 17518 - Directory Listing
Modified Tue Feb 25 16:00:27 2014 UTC (7 years, 7 months ago) by msalle
Fix few more const char *


Revision 17517 - Directory Listing
Modified Tue Feb 25 15:58:59 2014 UTC (7 years, 7 months ago) by msalle
Fix remaining logstr.


Revision 17516 - Directory Listing
Modified Tue Feb 25 15:42:46 2014 UTC (7 years, 7 months ago) by msalle
Mode should be a const char *


Revision 17515 - Directory Listing
Modified Tue Feb 25 15:39:53 2014 UTC (7 years, 7 months ago) by msalle
logstr should be declared const char *


Revision 17514 - Directory Listing
Modified Tue Feb 25 15:38:20 2014 UTC (7 years, 7 months ago) by msalle
String constant logstr should be declared const char *


Revision 17513 - Directory Listing
Modified Tue Feb 25 15:28:14 2014 UTC (7 years, 7 months ago) by msalle
Add missing }


Revision 17512 - Directory Listing
Modified Tue Feb 25 15:23:05 2014 UTC (7 years, 7 months ago) by msalle
Fix few more incorrect const char uses.


Revision 17511 - Directory Listing
Modified Tue Feb 25 15:11:54 2014 UTC (7 years, 7 months ago) by msalle
Add const to many implicitly constant variables, one exception: also change
argName and argType in lcmaps_argument_t into const char *, since we initialize
them normally with constant char *


Revision 17510 - Directory Listing
Modified Tue Feb 25 14:27:01 2014 UTC (7 years, 7 months ago) by msalle
Define log function prototypes with const char * instead of char *: they are not
changed by the functions.


Revision 17509 - Directory Listing
Modified Tue Feb 25 13:41:22 2014 UTC (7 years, 7 months ago) by msalle
Warn when chdir() failed.


Revision 17508 - Directory Listing
Modified Tue Feb 25 13:39:06 2014 UTC (7 years, 7 months ago) by msalle
Give warning if the return values of BIO_set_close() and BIO_free() are
unexpected. Explicitly cast the sizeof(struct sockaddr_storage) to a socklen_t.
We already do in other places and it must fit: it's a sockaddr_storage.


Revision 17507 - Directory Listing
Modified Tue Feb 25 11:35:19 2014 UTC (7 years, 7 months ago) by msalle
Protect against RH5 defining strdup() as a macro: by default gcc sets flags
which cause strdup to be defined. So also check they aren't defined (as macro).
Worst case then is a duplicate prototype.


Revision 17506 - Directory Listing
Modified Tue Feb 25 11:03:24 2014 UTC (7 years, 7 months ago) by msalle
Explicitly cast pid_t to int before printing.


Revision 17505 - Directory Listing
Modified Tue Feb 25 09:50:39 2014 UTC (7 years, 7 months ago) by msalle
Sync codebase with lcmaps-plugins-scas-client


Revision 17504 - Directory Listing
Modified Tue Feb 25 09:46:49 2014 UTC (7 years, 7 months ago) by msalle
Add prototype for SSL_COMP_get_compression_methods() for versions before 0.9.8.
The function has been there since OpenSSL 0.9.2.
Add #ifdefs for OPENSSL_NO_COMP in which case we shouldn't call the compression
freeing code.


Revision 17503 - Directory Listing
Modified Tue Feb 25 09:19:38 2014 UTC (7 years, 7 months ago) by msalle
MacOS needs sys/time.h for gettimeofday()


Revision 17502 - Directory Listing
Modified Tue Feb 25 09:13:16 2014 UTC (7 years, 7 months ago) by msalle
Split decision_str into decision_str and fulfillon_str to prevent mixing two
different enums, we can now make the parameter opaque.


Revision 17501 - Directory Listing
Modified Tue Feb 25 08:55:05 2014 UTC (7 years, 7 months ago) by msalle
Rename parameter ldap_passwd also in prototype, some older GCC otherwise think
it shadows a global variable.


Revision 17500 - Directory Listing
Modified Tue Feb 25 08:52:41 2014 UTC (7 years, 7 months ago) by msalle
Even though we rely on 'found' to see if gline_tmp is set, better initialize it,
at least to silence the compiler.


Revision 17499 - Directory Listing
Modified Tue Feb 25 08:48:57 2014 UTC (7 years, 7 months ago) by msalle
Remove GNU specific #warning, the text wasn't very clear in any case.


Revision 17498 - Directory Listing
Modified Mon Feb 24 21:42:49 2014 UTC (7 years, 7 months ago) by msalle
MacOS needs no POSIX or _DARWIN_C_SOURCE to have RTLD_DEFAULT


Revision 17497 - Directory Listing
Modified Mon Feb 24 21:28:52 2014 UTC (7 years, 7 months ago) by msalle
Make proxy-cert pathlen checks dependent on OpenSSL version: they don't exist
pre-0.9.8


Revision 17496 - Directory Listing
Modified Mon Feb 24 16:47:58 2014 UTC (7 years, 7 months ago) by msalle
Prototype of ASN1_item_d2i() and the like has changed: should use a non-const
unsigned char before 0.9.8


Revision 17495 - Directory Listing
Modified Mon Feb 24 16:28:38 2014 UTC (7 years, 7 months ago) by msalle
Had missed another clock_gettime()


Revision 17494 - Directory Listing
Modified Mon Feb 24 16:24:58 2014 UTC (7 years, 7 months ago) by msalle
MacOS lacks clock_gettime(), fall back on gettimeofday()


Revision 17493 - Directory Listing
Modified Mon Feb 24 16:05:30 2014 UTC (7 years, 7 months ago) by msalle
Lower back to _XOPEN_SOURCE 500
Add missing errno.h


Revision 17492 - Directory Listing
Modified Mon Feb 24 16:01:49 2014 UTC (7 years, 7 months ago) by msalle
Fix one too many updates: only variable should have been renamed


Revision 17491 - Directory Listing
Modified Mon Feb 24 15:50:37 2014 UTC (7 years, 7 months ago) by msalle
Fix compiler warnings in example files.


Revision 17490 - Directory Listing
Modified Mon Feb 24 14:57:39 2014 UTC (7 years, 7 months ago) by msalle
if test ... then fi all needs to be one line in Makefile: add continuation chars
and ; to end of lines.


Revision 17489 - Directory Listing
Modified Mon Feb 24 14:52:43 2014 UTC (7 years, 7 months ago) by msalle
Fix typo: Need space in ... ; then


Revision 17488 - Directory Listing
Modified Mon Feb 24 14:21:45 2014 UTC (7 years, 7 months ago) by msalle
Add _XOPEN_SOURCE macro for strcasecmp: it's part of POSIX.1-2001


Revision 17487 - Directory Listing
Modified Mon Feb 24 13:56:13 2014 UTC (7 years, 7 months ago) by msalle
Don't use test && construction, as it will return an error if the test condition
is not satisfied: do with if then fi instead


Revision 17486 - Directory Listing
Modified Mon Feb 24 12:19:06 2014 UTC (7 years, 7 months ago) by msalle
Add XOPEN_SOURCE macros to example programs for getopt


Revision 17485 - Directory Listing
Modified Sun Feb 23 16:12:46 2014 UTC (7 years, 7 months ago) by msalle
Make a backup of the glexec.conf and lcmaps.db file if they already exist. Do
this in a portable way, i.e. without --backup of GNUs install.


Revision 17484 - Directory Listing
Modified Sun Feb 23 15:41:58 2014 UTC (7 years, 7 months ago) by msalle
All local lcmaps and lcas variables are now consistently renamed into mylcmaps
and mylcas variables.


Revision 17483 - Directory Listing
Modified Sun Feb 23 14:11:52 2014 UTC (7 years, 7 months ago) by msalle
Rename variables name lcmaps_* since they might clash with symbols from the
LCMAPS libraries (e.g. lcmaps_log).


Revision 17482 - Directory Listing
Modified Fri Feb 21 14:38:00 2014 UTC (7 years, 7 months ago) by msalle
Use set lcmaps.db also in the glexec.conf


Revision 17481 - Directory Listing
Modified Fri Feb 21 14:29:22 2014 UTC (7 years, 7 months ago) by msalle
Fix typo in lcmaps_log line


Revision 17480 - Directory Listing
Modified Fri Feb 21 14:04:47 2014 UTC (7 years, 7 months ago) by msalle
Add support for X509_CERT_DIR into lcmaps-plugins-scas-client: it used to
fallback directly to /etc/grid-security/certificates, now - when no -capath is
given - look first at X509_CERT_DIR. Update manpage and NEWS file.


Revision 17479 - Directory Listing
Modified Fri Feb 21 13:52:41 2014 UTC (7 years, 7 months ago) by msalle
Add better support for (default) CA certificate directory: can now also specify
-capath (or --capath). When unset as commandline arg, look at $X509_CERT_DIR
(e.g. from gLExec and/or LCMAPS) or ultimately at
/etc/grid-security/certificates.
Updating version, NEWS file and manpage



Revision 17478 - Directory Listing
Modified Fri Feb 21 12:44:55 2014 UTC (7 years, 7 months ago) by msalle
Add regression test for https://bugzilla.nikhef.nl/show_bug.cgi?id=16



Revision 17477 - Directory Listing
Modified Fri Feb 21 12:29:18 2014 UTC (7 years, 7 months ago) by msalle
Add extra checks:
- loglevel should be number in interval [0-5]
- cleanly fail if:
    * lcmaps.db cannot be written
    * glexec.conf cannot be setup properly
Fix parsing bug: tried one argument too many
Add -h|--help option



Revision 17476 - Directory Listing
Modified Fri Feb 21 11:56:13 2014 UTC (7 years, 7 months ago) by msalle
Add tests for filenames: they should be absolute


Revision 17475 - Directory Listing
Modified Fri Feb 21 11:45:08 2014 UTC (7 years, 7 months ago) by msalle
Try find unixODBC first via pkg-config, if that fails look for libodbc and sql
header files. If both fail, end with error.


Revision 17474 - Directory Listing
Modified Fri Feb 21 11:27:12 2014 UTC (7 years, 7 months ago) by msalle
Update error mesg for missing sql headers


Revision 17473 - Directory Listing
Modified Fri Feb 21 11:25:04 2014 UTC (7 years, 7 months ago) by msalle
Add test for sql header files, part of unixODBC


Revision 17472 - Directory Listing
Modified Fri Feb 21 10:44:12 2014 UTC (7 years, 7 months ago) by msalle
Comment-out all warning flags: good for development, not for dist tarball.
The non-warning flags remain.


Revision 17471 - Directory Listing
Modified Fri Feb 21 10:28:50 2014 UTC (7 years, 7 months ago) by msalle
Do not by default enable a large set of compiler warning flags: they are good
for development, not for a distribution tarball...
llrun: do enable -g and -O0 for GNU: it's a debug tool


Revision 17470 - Directory Listing
Modified Thu Feb 20 16:17:41 2014 UTC (7 years, 7 months ago) by msalle
Do not use (too Linux specific) getopt in glexec-configure.sh. It's simple
enough to do by hand and more portable.


Revision 17469 - Directory Listing
Modified Thu Feb 20 14:58:27 2014 UTC (7 years, 7 months ago) by msalle
lcmaps-plugins-basic:
- initialize an unitialized variable to silence the compiler. It isn't used,
  since we have flag indicating whether it is initialized.

lcmaps-plugins-voms:
- initialize an unitialized variable to silence the compiler. It isn't used,
  since we have flag indicating whether it is initialized.
- provide appropriate _XOPEN_SOURCE macro to make sure strdup is also known on
  Solaris
- Updating NEWS file and configure.ac

lcmaps-plugins-scas-client:
- update type of incremental_backoff from unsigned to long. It was already used
  as long, now it is consistent everywhere without any cast.
- provide __EXTENSIONS__ macro for IPV6_V6ONLY on Solaris 
- update print fmt strings to print a long correctly.
- updating NEWS file and configure.ac

scas:
- sync code to lcmaps-plugins-scas-client: only __EXTENSIONS__ for IPV6_V6ONLY
  on Solaris is relevant.



Revision 17468 - Directory Listing
Modified Thu Feb 20 13:07:05 2014 UTC (7 years, 7 months ago) by msalle
Minor fix in use of sysconf() plus clean build on Solaris. Updating NEWS file


Revision 17467 - Directory Listing
Modified Thu Feb 20 10:44:51 2014 UTC (7 years, 7 months ago) by msalle
Import gLExec handling of setgroups which is portable to non-linux platform into
posix_enf. Also fix missing strdup definition on Solaris.
Update NEWS file


Revision 17466 - Directory Listing
Modified Wed Feb 19 21:02:06 2014 UTC (7 years, 7 months ago) by msalle
Update ChangeLog


Revision 17465 - Directory Listing
Modified Wed Feb 19 21:00:24 2014 UTC (7 years, 7 months ago) by msalle
Check earlier on id -u == 0 before we need to be root.


Revision 17464 - Directory Listing
Modified Wed Feb 19 20:54:38 2014 UTC (7 years, 7 months ago) by msalle
Install signal handler for SIGINT so that we can safely interrupt the tests.


Revision 17463 - Directory Listing
Modified Wed Feb 19 17:43:32 2014 UTC (7 years, 7 months ago) by msalle
Update ChangeLog


Revision 17462 - Directory Listing
Modified Wed Feb 19 15:48:04 2014 UTC (7 years, 7 months ago) by msalle
Make sure to only use the obtained maximum uid_t or gid_t (i.e. the maximum
which can be contained both in a uid_t and id_t or in a gid_t and id_t) never
the bare maximum of the id_t: that value could be too large to fit in a uid_t or
gid_t. For this we change the parameters for some static functions, but we don't
break the public API.



Revision 17461 - Directory Listing
Modified Wed Feb 19 15:20:06 2014 UTC (7 years, 7 months ago) by msalle
Cleanup the determination of the maxima by defining useful macros.


Revision 17459 - Directory Listing
Modified Tue Feb 18 16:36:05 2014 UTC (7 years, 7 months ago) by msalle
Updating ChangeLog


Revision 17458 - Directory Listing
Modified Tue Feb 18 16:35:18 2014 UTC (7 years, 7 months ago) by msalle
Update manpage for glexec-configure.


Revision 17457 - Directory Listing
Modified Tue Feb 18 16:23:56 2014 UTC (7 years, 7 months ago) by msalle
Fix minor bugs:
- define three global constants: safe_max_id_t, safe_max_uid_t and
  safe_max_gid_t.
    - safe_max_id_t is the maximum id_t
    - safe_max_uid_t and safe_max_gid_t are the minimum of the maxima of uid_t
      and id_t or gid_t and id_t.
  This way we can compare each type with it's proper maximum value.
  We probably still have a problem in case the maximum id_t is *larger* than the
  maximum uid_t or gid_t.
They are defined in safe_id_range_list.c and declared extern in
safe_id_range_list.h.



Revision 17456 - Directory Listing
Modified Tue Feb 18 15:18:54 2014 UTC (7 years, 7 months ago) by msalle
Fix implicitly casting between uid_t/gid_t and id_t: use the maximum of an id_t
to determine whether this is safe.


Revision 17455 - Directory Listing
Modified Tue Feb 18 13:58:29 2014 UTC (7 years, 7 months ago) by msalle
Fix https://bugzilla.nikhef.nl/show_bug.cgi?id=20
- In case curl --version | grep -q NSS/ matches, add the
  --use-pilot-proxy-as-cafile flag to the pepc plugin.
- Fail when doing SCAS or Argus without an endpoint.
- Set default LCAS loglevel to 0 instead of global default loglevel.
- Check plugins exist.
- Print out defaults in usage text.
- Update NEWS file.



Revision 17454 - Directory Listing
Modified Tue Feb 18 13:46:28 2014 UTC (7 years, 7 months ago) by msalle
On Solaris id_t is a signed type, so cannot use UINT_MAX. Now dynamically
determine the correct maximum.


Revision 17453 - Directory Listing
Modified Tue Feb 18 09:37:30 2014 UTC (7 years, 7 months ago) by msalle
Add _XOPEN_SOURCE macro: strcasecmp is POSIX.1-2001. Solaris needs at least XPG4v2, we now effectively set XPG5


Revision 17444 - Directory Listing
Modified Fri Feb 14 10:29:32 2014 UTC (7 years, 8 months ago) by msalle
Set correct macros for setgroups() on SunOS, MacOS and Linux


Revision 17426 - Directory Listing
Modified Thu Feb 13 14:58:10 2014 UTC (7 years, 8 months ago) by msalle
Update ChangeLog


Revision 17424 - Directory Listing
Modified Thu Feb 13 14:50:57 2014 UTC (7 years, 8 months ago) by msalle
Update ChangeLog


Revision 17423 - Directory Listing
Modified Thu Feb 13 13:55:35 2014 UTC (7 years, 8 months ago) by msalle
Cleanup yacc test.


Revision 17422 - Directory Listing
Modified Thu Feb 13 13:12:58 2014 UTC (7 years, 8 months ago) by msalle
Force printing the umask as a unsigned int, not as a long unsigned int.


Revision 17421 - Directory Listing
Modified Thu Feb 13 12:31:05 2014 UTC (7 years, 8 months ago) by msalle
Need to set _DARWIN_SOURCE on MacOS for fcntl/flock locktypes
Also change sun into __sun


Revision 17420 - Directory Listing
Modified Thu Feb 13 12:29:39 2014 UTC (7 years, 8 months ago) by msalle
Fixes for clean building on Solaris and MacOS:
- define __sun instead of sun
- getpwnam_r() on __sun doesn't fully follow POSIX: size_t -> int
- umask() on MacOS gets confused about it's argument: cast it explicitly. 
- need to include unistd.h for setgroups (on all platforms)

Don't check on #if HAVE_... but #ifdef HAVE...


Revision 17419 - Directory Listing
Modified Wed Feb 12 20:51:16 2014 UTC (7 years, 8 months ago) by msalle
Fix implicit cast from int to size_t (only on platforms without getgrouplist).


Revision 17418 - Directory Listing
Modified Wed Feb 12 20:43:35 2014 UTC (7 years, 8 months ago) by msalle
Add missing errno.h header file


Revision 17417 - Directory Listing
Modified Wed Feb 12 19:14:28 2014 UTC (7 years, 8 months ago) by msalle
Fix getgrouplist for MacOS: it has a different signature, needs unistd.h and
should not have _XOPEN_SOURCE.


Revision 17416 - Directory Listing
Modified Wed Feb 12 14:54:08 2014 UTC (7 years, 8 months ago) by msalle
On MacOS at least getgrouplist() needs unistd.h


Revision 17415 - Directory Listing
Modified Wed Feb 12 13:33:56 2014 UTC (7 years, 8 months ago) by msalle
Implement proper cleanup functions for lex, at least for flex.
- after the evaluationmanager is done, we call our own wrapper function
- this wrapper function calls yylex_destroy() when available.
- it calls yy_delete_buffer etc. on older platforms.

When there is no way to pass a correct _XOPEN_SOURCE macro to the lex output
(i.e. flex is missing -D) we need to provide a proper strdup and fileno
prototype to prevent a segfault (strdup will then return an int instead of a
(char*) ). We now also don't need special CFLAGS, AM_CFLAGS is sufficient for
all.

Update NEWS file.


Revision 17414 - Directory Listing
Modified Tue Feb 11 16:28:40 2014 UTC (7 years, 8 months ago) by msalle
Add test for POSIX2008 and use it to determine which macro to set for dirfd
prototype: either _XOPEN_SOURCE 700 or _BSD_SOURCE (and _XOPEN_SOURCE 600)


Revision 17413 - Directory Listing
Modified Tue Feb 11 15:55:28 2014 UTC (7 years, 8 months ago) by msalle
Update versions and NEWS file


Revision 17412 - Directory Listing
Modified Tue Feb 11 15:52:31 2014 UTC (7 years, 8 months ago) by msalle
Update NEWS file and version.


Revision 17411 - Directory Listing
Modified Tue Feb 11 15:31:41 2014 UTC (7 years, 8 months ago) by msalle
Bail out of configure when ldap.h is missing.


Revision 17410 - Directory Listing
Modified Tue Feb 11 15:22:27 2014 UTC (7 years, 8 months ago) by msalle
Do not set *only* _BSD_SOURCE, but also _XOPEN_SOURCE macros. See man
feature_test_macros: when we set both, we don't favour BSD versions.


Revision 17409 - Directory Listing
Modified Tue Feb 11 14:31:07 2014 UTC (7 years, 8 months ago) by msalle
The prototype of i2v() changed in OpenSSL_0_9_8k, see line 82 in
https://github.com/openssl/openssl/blame/babb379849ffb4112792f266f92e9ebb2bd35332/crypto/x509v3/x509v3.h
Hence declare meth as const ONLY for newer versions.



Revision 17408 - Directory Listing
Modified Tue Feb 11 11:47:24 2014 UTC (7 years, 8 months ago) by msalle
Syncing bootstrap file with rest of tools:
- Add --force to autoheader: we do not provide our own headerfile template, so
  we want want to get that from autoheader.
- Update bootstrap scripts: should run libtoolize before aclocal
- chain all commands conditionally



Revision 17407 - Directory Listing
Modified Tue Feb 11 11:43:45 2014 UTC (7 years, 8 months ago) by msalle
Statically declare pdl_yylex() only for FLEX_SCANNER (this is defined in the .c
output from flex). In that case, define yylex() as a wrapper around pdl_yylex().
Note that (older versions of) bison can only call yylex().
We now always declare yylex() in pdl.h, since even for flex we need a
declaration: flex will declare a pdl_yylex() prototype for new flex, and nothing
for old flex.
ALso improve and fix the handling of lcmaps_init_name_args(). Change it's
prototype to return an error value and log on which branch we are. Should not
have initialized *plugin here, as it comes from caller.



Revision 17406 - Directory Listing
Modified Tue Feb 11 09:33:32 2014 UTC (7 years, 8 months ago) by msalle
Fix warnings about prototypes from (f)lex and yacc (bison):
- define wrapper function for yyparse() inside pdl_yacc.y, for which we declare
  our own prototype in pdl.h. This wrapper function is the one called in the
  evaluationmanager.c.
- define our own prototype via YY_DECL for the lexer (when using flex)
  pdl_yylex(). We can then also declare the prototype.


Revision 17405 - Directory Listing
Modified Tue Feb 11 09:32:14 2014 UTC (7 years, 8 months ago) by msalle
Add --force to autoheader: we do not provide our own headerfile template, so we
want want to get that from autoheader.


Revision 17404 - Directory Listing
Modified Mon Feb 10 14:22:09 2014 UTC (7 years, 8 months ago) by msalle
Bugfix:
- protect against hanging child process by cleanup of signalling child:
  Parent:
  * First send a SIGINT, which should trigger a clean shutdown
  * If child doesn't exit after 4 seconds send SIGTERM, which should trigger a
    _exit() in the child.
  * If child doesn't exit after 2 more seconds send a SIGKILL.
  Child:
  * Try a clean shutdown *only* for a SIGINT, on a SIGTERM we exit immediately
    with a _exit() from within the signal handler. It is only safe to call
    _exit() in the child. The two threads in the child process are completely
    inside the XACML library apart from the signal handler and we shouldn't call
    pthread_exit() and the like from there.



Revision 17403 - Directory Listing
Modified Mon Feb 10 10:56:07 2014 UTC (7 years, 8 months ago) by msalle
Update bootstrap scripts: should run libtoolize before aclocal


Revision 17402 - Directory Listing
Modified Mon Feb 10 09:52:41 2014 UTC (7 years, 8 months ago) by msalle
getgrouplist() needs _BSD_SOURCE


Revision 17401 - Directory Listing
Modified Mon Feb 10 09:49:08 2014 UTC (7 years, 8 months ago) by msalle
Accidentally forgot to remove line.


Revision 17400 - Directory Listing
Modified Mon Feb 10 09:40:49 2014 UTC (7 years, 8 months ago) by msalle
Minor bugfixes:
- some mallocs did not check for return value
- need yylex prototype on older systems
- invalid malloc+memcpy.
Update NEWS file and version


Revision 17390 - Directory Listing
Modified Fri Feb 7 14:14:59 2014 UTC (7 years, 8 months ago) by msalle
Fix typo


Revision 17389 - Directory Listing
Modified Fri Feb 7 14:12:40 2014 UTC (7 years, 8 months ago) by msalle
Add missing header file


Revision 17388 - Directory Listing
Modified Fri Feb 7 14:06:43 2014 UTC (7 years, 8 months ago) by msalle
Use CLOCK_MONOTONIC when CLOCK_MONOTONIC_RAW does not exist.


Revision 17378 - Directory Listing
Modified Fri Feb 7 12:42:47 2014 UTC (7 years, 8 months ago) by msalle
Update ChangeLog for release


Revision 17377 - Directory Listing
Modified Fri Feb 7 12:42:17 2014 UTC (7 years, 8 months ago) by msalle
Forgot to update the manpage


Revision 17374 - Directory Listing
Modified Fri Feb 7 12:37:09 2014 UTC (7 years, 8 months ago) by msalle
Updating ChangeLog files


Revision 17373 - Directory Listing
Modified Fri Feb 7 12:19:30 2014 UTC (7 years, 8 months ago) by msalle
Fix cleaning overridden hostname too early in the scas-client. It should not be
done in the connect function itself.


Revision 17372 - Directory Listing
Modified Fri Feb 7 12:02:29 2014 UTC (7 years, 8 months ago) by msalle
It seems that a SSL_ERROR_ZERO_RETURN should be considered unrecoverable, as we
might end up in an endless loop ('this might bite me').


Revision 17371 - Directory Listing
Modified Fri Feb 7 11:37:50 2014 UTC (7 years, 8 months ago) by msalle
Don't free buffer on the stack.


Revision 17370 - Directory Listing
Modified Fri Feb 7 11:11:47 2014 UTC (7 years, 8 months ago) by msalle
Fix bug in lcmaps-plugins-scas-client: don't free override hostname too soon.
Sync SCAS with the xacml_io_ssl.c. Update BUGS and NEWS files.


Revision 17363 - Directory Listing
Modified Fri Feb 7 10:35:19 2014 UTC (7 years, 8 months ago) by msalle
Update ChangeLog


Revision 17362 - Directory Listing
Modified Fri Feb 7 10:34:39 2014 UTC (7 years, 8 months ago) by msalle
Update ChangeLog


Revision 17361 - Directory Listing
Modified Fri Feb 7 10:30:13 2014 UTC (7 years, 8 months ago) by msalle
Set _BSD_SOURCE for main_util.c since it's needed for setgroups


Revision 17360 - Directory Listing
Modified Fri Feb 7 09:50:41 2014 UTC (7 years, 8 months ago) by msalle
Update checks in configure.ac
Put back the GLOBUS CFLAGS, since they are (possibly) needed by lcas and lcmaps
headers.


Revision 17359 - Directory Listing
Modified Fri Feb 7 09:31:26 2014 UTC (7 years, 8 months ago) by msalle
Cleanup and fix Makefile.am: was missing xacml_io_ssl_log.h and does not need 
globus CFLAGS. Also does not need to link against number of libraries.


Revision 17358 - Directory Listing
Modified Fri Feb 7 09:02:44 2014 UTC (7 years, 8 months ago) by msalle
Update ChangeLog


Revision 17357 - Directory Listing
Modified Fri Feb 7 09:01:59 2014 UTC (7 years, 8 months ago) by msalle
Improve parsing of the config file:
- ignore anything from a # onwards
Update scas.conf manpage to be config file specific.
Update scas manpage about memory leakage etc.
Update NEWS file.


Revision 17356 - Directory Listing
Modified Thu Feb 6 16:11:01 2014 UTC (7 years, 8 months ago) by msalle
Update ChangeLog files. We are (hopefully) ready to release.


Revision 17355 - Directory Listing
Modified Thu Feb 6 16:05:25 2014 UTC (7 years, 8 months ago) by msalle
Update NEWS file.


Revision 17354 - Directory Listing
Modified Thu Feb 6 16:04:01 2014 UTC (7 years, 8 months ago) by msalle
- Test for existence of xacml_server_set_timeouts (in xacml lib): when not
  found, SCAS will warn if it is set in the config file.
- Add enable flag --enable-scas-setup-socket to let SCAS setup the socket
  itself, instead of gSOAP. This sets the HAVE_XACML_SERVER_SET_FD flag.


Revision 17353 - Directory Listing
Modified Thu Feb 6 14:31:23 2014 UTC (7 years, 8 months ago) by msalle
Update NEWS for 1.6.2


Revision 17352 - Directory Listing
Modified Thu Feb 6 13:50:28 2014 UTC (7 years, 8 months ago) by msalle
Greatly improved logging:
- Can now log to syslog, file or both, to be set via the scas_log_type option.
  When unset, the value of scas_log_file determines the destination: when set
  file, otherwise syslog.
- Logging is opened as soon as possible. Doesn't log much before, mostly to
  stderr (we're not daemonized).
- New option scas_log_facility, when logging to syslog, this can set the
  facility.
- The scas_debug_level now works on scas_log (and scas_log_debug) to actually
  truncate at that level 1: log only LOG_ERR .. 5: log all including LOG_DEBUG
- scas_log_debug just calls scas_log(LOG_DEBUG
- changed some loglevels to make output more consistent and useful.
- removed tabs from log entries.
Other improvements:
- When child exits due to signal or with non-zero exit value: log on LOG_WARNING
  instead of LOG_NOTICE.
- Can now pass gSOAP's send_timeout, recv_timeout and accept_timeout, as
  implemented in xacml-1.4.0. This is now also the minimum version for the SCAS.
- replaced a few atoi's for strtol
- scas_no_daemonize is now settable from the config file, not only from the
  commandline.
- do not setenv SCAS_ variables, either pass as argument or don't set.

Man pages are updated to reflect the changes.
The Authors file is updated.
Added a NEWS file (starts at current version).


Revision 17347 - Directory Listing
Modified Wed Feb 5 14:43:19 2014 UTC (7 years, 8 months ago) by msalle
Fix typo Jrm -> rm


Revision 17346 - Directory Listing
Modified Wed Feb 5 14:05:21 2014 UTC (7 years, 8 months ago) by msalle
Change next version into 1.4.0.


Revision 17345 - Directory Listing
Modified Wed Feb 5 13:47:03 2014 UTC (7 years, 8 months ago) by msalle
Add missing int


Revision 17344 - Directory Listing
Modified Wed Feb 5 13:14:18 2014 UTC (7 years, 8 months ago) by msalle
Add getter/setter functions for setting the send, receive and accept timeouts in
the xacml_server.
Update NEWS file.


Revision 17343 - Directory Listing
Modified Tue Feb 4 11:54:21 2014 UTC (7 years, 8 months ago) by msalle
Merge in changes from scas: better handling of closing of socket (mostly for
accept). Also: when SSL wants either read or write, log which one it is.



Revision 17342 - Directory Listing
Modified Tue Feb 4 11:52:05 2014 UTC (7 years, 8 months ago) by msalle
When SSL want either read or write, also log which it is.


Revision 17341 - Directory Listing
Modified Tue Feb 4 11:46:39 2014 UTC (7 years, 8 months ago) by msalle
Fix closing of socket:
- in ssl_io_close() close the socket when it's >= 0 (note that 0 is a valid
  socket) and free the state
- initialize socket to -1, which is safe for close()
- set *sock_out to -1 in ssl_io_accept() if we have just closed the socket.
- no more need for SOCKET_CAN_CLOSE / SOCKET_DONT_CLOSE
- no more need for field close_sock in ssl_io_state_t
- replace TRUE / FALSE by their values, clearer with calloc.
Other:
- move variable definitions to top of function.


Revision 17340 - Directory Listing
Modified Mon Feb 3 14:54:32 2014 UTC (7 years, 8 months ago) by msalle
- Add missing header openssl/err.h
- remove unused variable struct hostent * hp
- Bump version for scas


Revision 17339 - Directory Listing
Modified Mon Feb 3 13:51:08 2014 UTC (7 years, 8 months ago) by msalle
Sync with latest improvements from SCAS:
- ssl_io_close() now call ERR_remove_state() since it is probably the last thing
  happening before the thread ends. This might be non-ideal for the scas-client
  but most probably the state has already been read and printed at this point.
- rework net_addr2host(): when calling getnameinfo() without NI_NAMEREQD, we
  automatically get a numerical representation when the hostname lookup fails.
  This makes getIPString() unneeded.
- we can print a good error message for getnameinfo() and getaddrinfo() using
  gai_strerror(), no need for a switch().



Revision 17338 - Directory Listing
Modified Mon Feb 3 13:48:40 2014 UTC (7 years, 8 months ago) by msalle
Fix memory leakage and crash handling:
- when child crashes more than MAX_CRASHES (currently 3) in MAX_CRASHTIME
  seconds (currently 60) then the SCAS will exit.
  A crash for this purpose is a child exiting due to a signal or with a non-zero
  exit status.
- catch (new) exit value from xacml_server_start() such that we can give
  feedback on the reason it failed or succeeded. E.g. when the socket is
  already in use, the SCAS can now gracefully exit.
- We destroy the server before the SSL CTX, to better prevent memory leaks.
- ssl_io_close() now call ERR_remove_state() since it is probably the last thing
  happening before the thread ends. This might be non-ideal for the scas-client
  but most probably the state has already been read and printed at this point.
- rework net_addr2host(): when calling getnameinfo() without NI_NAMEREQD, we
  automatically get a numerical representation when the hostname lookup fails.
  This makes getIPString() unneeded.
- we can print a good error message for getnameinfo() and getaddrinfo() using
  gai_strerror(), no need for a switch().



Revision 17337 - Directory Listing
Modified Mon Feb 3 13:20:55 2014 UTC (7 years, 8 months ago) by msalle
Numerous fixes to solve memory leaks, segv's etc.:
- we should NOT use the soap.user element for different things: always use a
  request_t. For this we initialize a 'dummy' request which we put in
  server->request.
- The accept function fills the 'dummy' request with the proper request and does
  not need to create its own.
- Keep track of a failed (soap_)bind using global (atomic) int thread_failed:
  this makes it possible to end cleanly when the socket is already in use, see
  also next point.
- The thread now properly returns errno which is captured by
  xacml_server_start() and xacml_server_destroy().
- define NDEBUG to prevent the threads from ending with an abort, see man
  assert()



Revision 17336 - Directory Listing
Modified Sun Feb 2 20:28:23 2014 UTC (7 years, 8 months ago) by msalle
Also need to define
    extern SOAP_NMAC struct Namespace xacml_soap_namespaces[];
and explicitly call
    soap_set_namespaces(&soap, xacml_soap_namespaces);
in xacml_server.cpp



Revision 17335 - Directory Listing
Modified Wed Jan 29 14:53:26 2014 UTC (7 years, 8 months ago) by msalle
Remove unused variable


Revision 17334 - Directory Listing
Modified Wed Jan 29 14:35:10 2014 UTC (7 years, 8 months ago) by msalle
Sync scas and lcmaps-plugins-scas-client versions of saml2-xacml2/io_handler
Replace // with /* */


Revision 17333 - Directory Listing
Modified Wed Jan 29 14:30:08 2014 UTC (7 years, 8 months ago) by msalle
Fix memory leaks
- Introduce xacml_io_cleanup_OpenSSL() to cleanup OpenSSL memory
- No need to call both SSL_library_init() and OpenSSL_add_ssl_algorithms(),
  latter is macro to the first
- free state in ssl_io_close()
- don't put empty string in str_sgids when no sgids, instead just put in NULL
- when daemonizing, return pid in pattern, since we need to close and cleanup
  memory.
- Fix reopening of logfile to prevent leaking of memory.
Call wait() from a loop, it might get interrupted




Revision 17332 - Directory Listing
Modified Wed Jan 29 11:27:21 2014 UTC (7 years, 8 months ago) by msalle
Move installing signal handlers to separate function
Rewrite sleep-loop in 'infinite' loop which we go out via break. Needed when the
time is up, which did not work.
Do not free tmp_port_num since it will be freed by free_config_name_value


Revision 17331 - Directory Listing
Modified Tue Jan 28 16:41:19 2014 UTC (7 years, 8 months ago) by msalle
Temporary workaround to prevent a SEGV: The ssl context is still in use, so
shouldn't be free here. Also the ssl will be freed by SSL_free() later. Have to
figure out if this is ok with the scas-client.


Revision 17330 - Directory Listing
Modified Tue Jan 28 14:13:22 2014 UTC (7 years, 8 months ago) by msalle
Fix signal handling and re-starting code:
- act on a SIGCHLD
- restart when child died unexpectedly
- use sigaction instead of signal, since signal is deprecated and doesn't work
  properly for SIGCHLD it seems (seems not to reset properly)
- do not call anything from handler, just set flags.
- the switch() constructs should have used errno, not rc



Revision 17329 - Directory Listing
Modified Tue Jan 28 12:44:16 2014 UTC (7 years, 8 months ago) by msalle
Make sure to initialize state properly, preferably using calloc().


Revision 17328 - Directory Listing
Modified Mon Jan 27 16:22:13 2014 UTC (7 years, 8 months ago) by msalle
Should override invalid CA since it would fail on old-style proxies for the EEC.


Revision 17327 - Directory Listing
Modified Mon Jan 27 15:32:34 2014 UTC (7 years, 8 months ago) by msalle
time t2 could have been used uninitialized due to a continue statement.
Add also extra protection against accidentally uninitialized uids 


Revision 17326 - Directory Listing
Modified Mon Jan 27 15:19:21 2014 UTC (7 years, 8 months ago) by msalle
Add check for clock_gettime in librt since older glibc need -lrt


Revision 17325 - Directory Listing
Modified Mon Jan 27 14:55:13 2014 UTC (7 years, 8 months ago) by msalle
Should include <time.h> instead of <sys/time.h>


Revision 17324 - Directory Listing
Modified Mon Jan 27 14:52:41 2014 UTC (7 years, 8 months ago) by msalle
Replace gettimeofday() by clock_gettime() with CLOCK_MONOTONIC_RAW since it's
not susceptible to jumps in the time due to sysadmins on NTP.


Revision 17323 - Directory Listing
Modified Mon Jan 27 14:19:22 2014 UTC (7 years, 8 months ago) by msalle
Internal changes to prevent clashes and leaking of private symbols:
- Prefix all public functions and variables from saml2-xacml2/io_handler with
  xacml_io_.
- Define openssl_is_initialized in ssl-common.c static
- Move few defines from net_common.h to net_common.c since they aren't used
  elsewhere.
- Reorder ssl-common.c for clarity.
- my_timegm only needs to be defined for ifndef DISABLE_PROXY_SUPPORT


Revision 17309 - Directory Listing
Modified Thu Jan 23 16:57:43 2014 UTC (7 years, 8 months ago) by msalle
- Use nanosleep() instead of usleep() for the backoff since it might overrun the
  1 second. In any case preferred nowadays.
- add missing debugmode symbols (extern in common.h)
- Log errno when SSL_connect has failed
- Log retry when SSL_connect has succeeded or failed finally
- Time the total time using gettimeofday() to get subsecond precision.
- Fix typo in logging of Setting socket timeout to .. and Setting connection
  timeout to  ...: socket has msec, (overall) connection seconds.




Revision 17308 - Directory Listing
Modified Thu Jan 23 14:50:07 2014 UTC (7 years, 8 months ago) by msalle
Number of retries is still per server, not total. Update NEWS and man page
accordingly (scas client)
Replace // for /* */


Revision 17307 - Directory Listing
Modified Thu Jan 23 13:46:44 2014 UTC (7 years, 8 months ago) by msalle
Should also set timeout for sending data, since handshake is two-way. This would
have worked on Linux *only* for connect(), the current non-blocking
connect+select() should be cross platform.
Update NEWS file.
Bump version of scas-client to 0.5.0


Revision 17306 - Directory Listing
Modified Wed Jan 22 21:09:24 2014 UTC (7 years, 8 months ago) by msalle
Add missing headers.
Also remove extern from function prototypes and add extern to variable in
header file.


Revision 17305 - Directory Listing
Modified Wed Jan 22 20:26:49 2014 UTC (7 years, 8 months ago) by msalle
Remove includes from headers.


Revision 17304 - Directory Listing
Modified Wed Jan 22 16:49:01 2014 UTC (7 years, 8 months ago) by msalle
Remove includes from headers and but them in .c files.


Revision 17303 - Directory Listing
Modified Wed Jan 22 16:35:15 2014 UTC (7 years, 8 months ago) by msalle
Synchronize interface for scas-client and scas.
Move scas_log.h out of interface, it's scas specific.
Move includes for headers out of headers themselves (not finished yet).
Fix few warnings when using -c99 for SCAS.



Revision 17302 - Directory Listing
Modified Wed Jan 22 15:42:34 2014 UTC (7 years, 8 months ago) by msalle
- Also add --enable-server-proxy-support (currently still the default)
- Furthermore, enclose these settings in a #ifndef DISABLE_PROXY_SUPPORT
- Update manpage for new options, and for changed behaviour in --socket-timeout
  and --retry
- Update NEWS file
- Default number of retries is now max(number of endpoints, 2)



Revision 17301 - Directory Listing
Modified Wed Jan 22 15:01:03 2014 UTC (7 years, 8 months ago) by msalle
General or Client only:

- Reinsert socket timeout using setsockopt and SO_RCVTIMEO: now we have a
  timeout for connect() and for the rest of the read()s (also SSL handshake)
  after the socket has been connected.
- It's now possible for the client to disable at run-time the proxy-based
  checking for the server certificate. Normally, a host cert should verify fine
  with standard verification. We'll probably should one day add another option
  to actually enable it, and make the default to have disabled. It can be
  disabled altogether by setting the macro DISABLE_PROXY_SUPPORT.
- Improve the behaviour for the client when multiple servers are defined: when
  the first fails, don't try that one again, but go the next server. The # of
  retries is therefore now for all defined servers combined.
- Some errors/warnings/log messages now also log the function name (as most
  already did).
- Fix logging of DN and issuer of cert, and DN of issuer in
  grid_check_issued_wrapper()
- The SSL_ERROR_SYSCALL warning now logs either 'unexpected EOF' or
  strerror(errno), see man SSL_get_error(3ssl)
- Synchronize saml2-xacml2/io_handler between lcmaps-plugins-scas-client and
  scas to ease maintenance and help with improvements:
    * replace _log() and _log_debug() by macros which are different between the two,
      defined in new xacml_io_ssl_log.h
    * include code in both that is only used by one.

SCAS only:
- update logging to use syslog levels LOG_ERR- LOG_DEBUG instead of 1-5...
- remove unused fcies scas_log_time, scas_log_a_string and
  scas_log_a_string_debug
- update some types to fix problematic conversions, also update few function
  with minor changes in the implementation.
- sync the two versions of xacml_io_ssl.h
- define the USE_LCAS_ON_SSL_LAYER in the Makefile
- determine timestring for logging each time.





Revision 17300 - Directory Listing
Modified Mon Jan 20 15:18:12 2014 UTC (7 years, 8 months ago) by msalle
Update NEWS file


Revision 17299 - Directory Listing
Modified Mon Jan 20 15:01:59 2014 UTC (7 years, 8 months ago) by msalle
Explicitly cast to a pointer to const sockaddr ... instead of sockaddr.



Revision 17298 - Directory Listing
Modified Mon Jan 20 14:51:07 2014 UTC (7 years, 8 months ago) by msalle
Improvement: rework connect() in xacml_create_client_socket() to use
non-blocking I/O and select() to be able to use a timeout
Also fix numerous errors and warning from compiler:
- remove unused parameters for xacml_accept_new_client_socket()
- net_addr2host() and getIPString() now use const struct sockaddr * instead of
  struct sockaddr * as getnameinfo() does
- rework scas_client_print_serial() into superior grid_get_serialStr() from
  verify-proxy, which will just print it.
- remove unused remote_host param from SSL_server_accept()
- add missing prototypes
- explicitly cast ssl_io_accept() into xacml_io_accept_t in
  xacml_io_ssl_descriptor struct (one accepts sockaddr pointer, other
  sockaddr_storage pointer, cast should be safe)
- only declare variables for use with USE_LCAS_ON_SSL_LAYER when needed
- move #define USE_LCAS_ON_SSL_LAYER to top
- move global xacml_io_ssl_descriptor definition to top
- replace bzero by memset
- reinsert missing x509_chain_to_dn()
- add USE_LCAS_ON_SSL_LAYER code also to lcmaps-plugins-scas-client but don't
  enable it.



Revision 17297 - Directory Listing
Modified Fri Jan 17 13:53:56 2014 UTC (7 years, 8 months ago) by msalle
Fix few bugs, typos and re-vitalized accidentally removed function


Revision 17296 - Directory Listing
Modified Fri Jan 17 13:25:14 2014 UTC (7 years, 8 months ago) by msalle
Merge saml2-xacml2/io_handler/ for SCAS and lcmaps-plugins-scas-client. Also
merge in the proxy recognition from the verify-proxy plugin.
scas:
- involves merging net_server.c into net_common.c
- making a number of functions private
- when logging to syslog log between LOG_ERR and LOG_DEBUG


Revision 17295 - Directory Listing
Modified Thu Jan 16 16:00:32 2014 UTC (7 years, 9 months ago) by msalle
Replace double glexec loglevel defaults for a #define and print it at the -V
option.


Revision 17294 - Directory Listing
Modified Thu Jan 16 15:19:34 2014 UTC (7 years, 9 months ago) by msalle
Fix typo: LOG_NOTICE should have been LOG_DEBUG


Revision 17293 - Directory Listing
Modified Thu Jan 16 09:47:59 2014 UTC (7 years, 9 months ago) by msalle
Update NEWS file


Revision 17292 - Directory Listing
Modified Thu Jan 16 09:47:01 2014 UTC (7 years, 9 months ago) by msalle
Log info messages from verify lib to LOG_INFO instead of LOG_DEBUG.
Log reason (on LOG_INFO) for ignored verification errors such as missing CRL.


Revision 17291 - Directory Listing
Modified Wed Jan 15 13:47:12 2014 UTC (7 years, 9 months ago) by msalle
Fix bug in print_ssl_error_msg(): when a CRL is expired, SSL_get_error() will
return SSL_ERROR_SSL which should be unrecoverable instead of recoverable. This
bug leads to the verify_callback being called many times, until it hits the max
retries of 222 in case of an expired CRL.



Revision 17290 - Directory Listing
Modified Wed Jan 15 13:04:13 2014 UTC (7 years, 9 months ago) by msalle
Remove accidental debug message


Revision 17289 - Directory Listing
Modified Wed Jan 15 08:49:42 2014 UTC (7 years, 9 months ago) by msalle
Remove lcmaps_voms.mod from the lcmaps.db.ex example in the documentation and
make its policies more standard.


Revision 17278 - Directory Listing
Modified Tue Jan 14 12:00:07 2014 UTC (7 years, 9 months ago) by msalle
Update NEWS file


Revision 17277 - Directory Listing
Modified Tue Jan 14 11:24:35 2014 UTC (7 years, 9 months ago) by msalle
when no log_destination is set, openlog() is not called from glexec_setup_log().
In that case LCMAPS might be the first (at low glexec loglevels) to start
logging to syslog and will then use syslog defaults.



Revision 17276 - Directory Listing
Modified Mon Jan 13 14:36:36 2014 UTC (7 years, 9 months ago) by msalle
Further improve logging of SSL errors (also thanks to Dave). This was already
partially implemented but it now also prints the OpenSSL error queue (when not
empty) in case of an error. Also: SSL_connect sometimes returns -1 when it needs
more data, don't log that on LOG_ERR but on LOG_DEBUG.
Update NEWS file.


Revision 17275 - Directory Listing
Modified Fri Jan 10 13:29:12 2014 UTC (7 years, 9 months ago) by msalle
Replace tabs in log lines


Revision 17274 - Directory Listing
Modified Tue Jan 7 14:53:34 2014 UTC (7 years, 9 months ago) by msalle
Add missing pkey definition.


Revision 17273 - Directory Listing
Modified Tue Jan 7 14:50:46 2014 UTC (7 years, 9 months ago) by msalle
Update with latest from Jan Just's grid-proxy-verify.c, warning when keylength
is less than 1024 bits.


Revision 17272 - Directory Listing
Modified Tue Jan 7 14:37:09 2014 UTC (7 years, 9 months ago) by msalle
Cleanup of compound test:
- properly put back glexec.conf and settings of glexec binary
- put all other files (db, log etc.) in custom temporary directory: only
  glexec.conf is hard-coded
- update some of the errors and warnings printed (or add them).
- all to-be-changed variables are now at the top.



Revision 17271 - Directory Listing
Modified Mon Jan 6 15:09:19 2014 UTC (7 years, 9 months ago) by msalle
Fix bug in mass_proxy_generator: when extending using grid-proxy-init, it
actually used voms-proxy-init


Revision 17270 - Directory Listing
Modified Mon Jan 6 14:39:27 2014 UTC (7 years, 9 months ago) by msalle
Remove reference to Oscar or his uid and make the set as portable as possible.
Extend number of configurable parameters in interactive mode. Replace remaining
hard coded paths, except /tmp locations. Add a README with short getting started
information.


Revision 17269 - Directory Listing
Modified Mon Jan 6 12:43:12 2014 UTC (7 years, 9 months ago) by msalle
Replace hard-coded uid with output of id -u
remove extra l at the end of the file


Revision 17268 - Directory Listing
Modified Fri Dec 20 13:21:28 2013 UTC (7 years, 9 months ago) by msalle
Implement slightly modified version of Brian's patch:
- run soapcpp2 with -n and -pxacml_soap flags, this prevents the need for
  patching the resulting nsmap.
- Need to define
    extern SOAP_NMAC struct Namespace xacml_soap_namespaces[];
  and explicitly call
    soap_set_namespaces(&soap, xacml_soap_namespaces);
  in xacml_client.cpp
- Need to define
    extern SOAP_NMAC struct Namespace xacml_soap_namespaces[];
  in
    xacml_io.cpp
- Still need to define symbol namespaces somewhere in the library, since the
  header file defines it if the library and header where build without defining
  WITH_NONAMESPACES (similar problem to the IPv6).
- need to call xacml_soap_serve() instead of soap_serv() (in xacml_server.cpp)
- autogenerated files are now name xacml_soap_* instead of soap_* so we need to
  adjust Makefile.am
- split off *Lib.cpp files from GSOAP_SOURCE_FILES so that we can use
  GSOAP_SOURCE_FILES for nodist_libxacml_la_SOURCES
- Update NEWS file and version



Revision 17267 - Directory Listing
Modified Fri Dec 20 12:45:34 2013 UTC (7 years, 9 months ago) by msalle
Bugfix: when we run alternative RFC5280 and RFC3820 compliance tests for the
pathlen (i.e. when a X509_V_ERR_PATH_LENGTH_EXCEEDED or
X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED has occurred, and the alternative test
succeeds, we need to set ok to 1.


Revision 17266 - Directory Listing
Modified Thu Dec 19 14:50:57 2013 UTC (7 years, 9 months ago) by msalle
Cast to size_t instead of unsigned...


Revision 17265 - Directory Listing
Modified Thu Dec 19 14:50:22 2013 UTC (7 years, 9 months ago) by msalle
Add comment and move prototype to top.


Revision 17264 - Directory Listing
Modified Thu Dec 19 14:12:40 2013 UTC (7 years, 9 months ago) by msalle
Merge in few updates from verify-proxy. Comment out few unused functions.


Revision 17263 - Directory Listing
Modified Thu Dec 19 13:09:14 2013 UTC (7 years, 9 months ago) by msalle
Add comment to clarify


Revision 17262 - Directory Listing
Modified Thu Dec 19 13:08:57 2013 UTC (7 years, 9 months ago) by msalle
Merge in version as in verify-proxy


Revision 17261 - Directory Listing
Modified Thu Dec 19 11:30:58 2013 UTC (7 years, 9 months ago) by msalle
Few improvements to protect against comparing size_t <0 or subtracting 1 from
potentially zero unsigned variables. Use of multiple strlen -> in variable.



Revision 17260 - Directory Listing
Modified Sun Dec 15 11:37:26 2013 UTC (7 years, 10 months ago) by msalle
Also create gt4-interface-install.8 from template (to get package name in) and
update content.


Revision 17259 - Directory Listing
Modified Sun Dec 15 11:15:14 2013 UTC (7 years, 10 months ago) by msalle
Create dynamic library extension in script from configure


Revision 17258 - Directory Listing
Modified Sun Dec 15 11:14:39 2013 UTC (7 years, 10 months ago) by msalle
Dynamically create symlink lcas_lcmaps_gt4_interface.8 to manpage
lcas_lcmaps_gt_interface.8. Create manpage lcas_lcmaps_gt_interface.8 from
template to fill in library extension.


Revision 17257 - Directory Listing
Modified Thu Dec 12 15:36:09 2013 UTC (7 years, 10 months ago) by msalle
Fix segfault due to an old sprintf


Revision 17256 - Directory Listing
Modified Thu Dec 12 14:59:38 2013 UTC (7 years, 10 months ago) by msalle
Set version to next unreleased version.
Update NEWS file


Revision 17255 - Directory Listing
Modified Thu Dec 12 14:53:19 2013 UTC (7 years, 10 months ago) by msalle
Downgrade version: we never released 0.0.1


Revision 17254 - Directory Listing
Modified Thu Dec 12 14:51:39 2013 UTC (7 years, 10 months ago) by msalle
Update version


Revision 17253 - Directory Listing
Modified Thu Dec 12 14:03:28 2013 UTC (7 years, 10 months ago) by msalle
remove 'action-if-found' for libodbc and libdl to have automatic linking against
them. 


Revision 17252 - Directory Listing
Modified Thu Dec 12 13:57:20 2013 UTC (7 years, 10 months ago) by msalle
localaccount and poolaccount need to link against libdl


Revision 17251 - Directory Listing
Modified Thu Dec 12 13:37:19 2013 UTC (7 years, 10 months ago) by msalle
Fix typo in lcmaps-plugins-lcas/configure.ac
Need to check for dlopen in lcas-lcmaps-gt4-interface/configure.ac


Revision 17250 - Directory Listing
Modified Thu Dec 12 13:32:40 2013 UTC (7 years, 10 months ago) by msalle
Need to check for libdl


Revision 17249 - Directory Listing
Modified Thu Dec 12 13:24:44 2013 UTC (7 years, 10 months ago) by msalle
Cleanup plugin:
- fix compiler warnings
- add lcmaps_plugin_prototype.h and support
- cleanup tests in configure.ac
- cleanup list of used headers and libraries


Revision 17248 - Directory Listing
Modified Thu Dec 12 12:40:53 2013 UTC (7 years, 10 months ago) by msalle
Cleanup logging: too long -> truncate, when error: log that instead. Do not log
on stderr.


Revision 17247 - Directory Listing
Modified Thu Dec 12 12:32:02 2013 UTC (7 years, 10 months ago) by msalle
Cleanup logging to prevent logging on higher than LOG_ERR or on stderr.


Revision 17246 - Directory Listing
Modified Thu Dec 12 10:03:20 2013 UTC (7 years, 10 months ago) by msalle
Update package name (hardcode for now)


Revision 17245 - Directory Listing
Modified Thu Dec 12 10:00:08 2013 UTC (7 years, 10 months ago) by msalle
Improve looking for the llgt library.


Revision 17244 - Directory Listing
Modified Thu Dec 12 09:12:53 2013 UTC (7 years, 10 months ago) by msalle
Cleanup:
- replace README by a manpage for gt4-interface-install and update the
  contents.
- install gt4-interface-install.sh as gt4-interface-install
- remove old and not working example files
- update the example gsi-authz.conf to a working example



Revision 17243 - Directory Listing
Modified Wed Dec 11 21:50:42 2013 UTC (7 years, 10 months ago) by msalle
Need globus_gridmap_callout_error and fix name of cflags


Revision 17242 - Directory Listing
Modified Wed Dec 11 21:43:00 2013 UTC (7 years, 10 months ago) by msalle
Fix usage of HAVE_DECL_GLOBUS_GSI_CRED_READ_CERT_BUFFER


Revision 17241 - Directory Listing
Modified Wed Dec 11 21:35:18 2013 UTC (7 years, 10 months ago) by msalle
Cleanup which libs and headers needed in CFLAGS and LIBADD


Revision 17240 - Directory Listing
Modified Wed Dec 11 21:27:22 2013 UTC (7 years, 10 months ago) by msalle
Cleanup headers.
Only check for libcrypto when we need to implement the
globus_gsi_cred_read_cert_buffer() ourselves.


Revision 17239 - Directory Listing
Modified Wed Dec 11 20:27:08 2013 UTC (7 years, 10 months ago) by msalle
Remove unused and unneeded tests from configure.ac


Revision 17238 - Directory Listing
Modified Wed Dec 11 20:14:26 2013 UTC (7 years, 10 months ago) by msalle
Fix compiler warnings: implicit casts etc. Also fix handling of result of a
AC_CHECK_DECLS()


Revision 17237 - Directory Listing
Modified Wed Dec 11 19:59:05 2013 UTC (7 years, 10 months ago) by msalle
Explicitly cast const value to size_t


Revision 17236 - Directory Listing
Modified Wed Dec 11 19:56:19 2013 UTC (7 years, 10 months ago) by msalle
Fix some implicit casts and replace bzero with memset.


Revision 17235 - Directory Listing
Modified Wed Dec 11 13:57:22 2013 UTC (7 years, 10 months ago) by msalle
Move variable declaration to top (needed for the const int )


Revision 17234 - Directory Listing
Modified Wed Dec 11 12:28:17 2013 UTC (7 years, 10 months ago) by msalle
Remove includes of malloc.h


Revision 17233 - Directory Listing
Modified Wed Dec 11 12:27:29 2013 UTC (7 years, 10 months ago) by msalle
Remove #include malloc.h


Revision 17232 - Directory Listing
Modified Wed Dec 11 11:50:19 2013 UTC (7 years, 10 months ago) by msalle
Removing #include for malloc.h


Revision 17231 - Directory Listing
Modified Wed Dec 11 11:45:39 2013 UTC (7 years, 10 months ago) by msalle
Explicitly cast numerical constants to right type


Revision 17230 - Directory Listing
Modified Wed Dec 11 11:42:12 2013 UTC (7 years, 10 months ago) by msalle
Cast numerical constants to right type


Revision 17229 - Directory Listing
Modified Wed Dec 11 11:30:46 2013 UTC (7 years, 10 months ago) by msalle
Cast numerical constants to correct type


Revision 17228 - Directory Listing
Modified Wed Dec 11 10:19:16 2013 UTC (7 years, 10 months ago) by msalle
Update configure.ac to use the just determined LCMAPS_CFLAGS for checking for
lcmaps_plugin_prototypes.h


Revision 17227 - Directory Listing
Modified Wed Dec 11 10:01:05 2013 UTC (7 years, 10 months ago) by msalle
Explicitly cast numbers to size_t where applicable


Revision 17226 - Directory Listing
Modified Wed Dec 11 09:53:14 2013 UTC (7 years, 10 months ago) by msalle
Explicitly cast to correct type


Revision 17225 - Directory Listing
Modified Wed Dec 11 09:34:58 2013 UTC (7 years, 10 months ago) by msalle
Explicitly cast (already unsigned) argv_count to size_t


Revision 17224 - Directory Listing
Modified Tue Dec 10 16:39:25 2013 UTC (7 years, 10 months ago) by msalle
Replace index name by myindex to prevent shadowing global.


Revision 17223 - Directory Listing
Modified Tue Dec 10 16:38:16 2013 UTC (7 years, 10 months ago) by msalle
Prevent shadowing ldap_passwd and replace // with /* */


Revision 17222 - Directory Listing
Modified Mon Dec 9 16:26:53 2013 UTC (7 years, 10 months ago) by msalle
Add comments to plugin prototypes


Revision 17221 - Directory Listing
Modified Mon Dec 9 14:53:14 2013 UTC (7 years, 10 months ago) by msalle
Provide yyparse protoype in evaluationmanager for bison version pre-2.6


Revision 17220 - Directory Listing
Modified Mon Dec 9 13:09:10 2013 UTC (7 years, 10 months ago) by msalle
Add missing #include for lcmaps_plugin_typedefs.h
Replace if then else with AS_IF


Revision 17219 - Directory Listing
Modified Mon Dec 9 12:57:24 2013 UTC (7 years, 10 months ago) by msalle
Add support for new cmdline option --with-globus-flavorincdir
to set explicitly the includedir for globus_config.h


Revision 17218 - Directory Listing
Modified Mon Dec 9 12:45:23 2013 UTC (7 years, 10 months ago) by msalle
Update globus.m4 macro to:
- only test globus-version when needed, ie when a AC_GLOBUS does not run due to
  a AS_IF() we should not run tests.
- add new cmdline option --with-globus-flavor which will set _CFLAGS and _LIBS
  without THR or NOTHR.



Revision 17217 - Directory Listing
Modified Mon Dec 9 10:24:10 2013 UTC (7 years, 10 months ago) by msalle
- Update list of headers for each without_gsi lib.
- fix some of the #includes for without_gsi mode
- fix implicit cast warnings.


Revision 17216 - Directory Listing
Modified Sun Dec 8 21:06:09 2013 UTC (7 years, 10 months ago) by msalle
Convert printed size_t variables to long unsigned to prevent warning.


Revision 17215 - Directory Listing
Modified Sun Dec 8 21:00:44 2013 UTC (7 years, 10 months ago) by msalle
Add missing #include of stdio.h for NULL


Revision 17214 - Directory Listing
Modified Sun Dec 8 16:34:01 2013 UTC (7 years, 10 months ago) by msalle
Should give full path to headers in interfacedir


Revision 17213 - Directory Listing
Modified Sun Dec 8 15:27:42 2013 UTC (7 years, 10 months ago) by msalle
printf format for size_t should be %u (or %lu)


Revision 17212 - Directory Listing
Modified Sun Dec 8 15:15:30 2013 UTC (7 years, 10 months ago) by msalle
Explicitly cast integer constants to right type.


Revision 17211 - Directory Listing
Modified Fri Dec 6 13:26:28 2013 UTC (7 years, 10 months ago) by msalle
- Cleanup included headers
- Remove commented-out stuff from doc/Makefile.am
- Do not install example plugin, only build it.
- Add directly included headers at _SOURCES



Revision 17210 - Directory Listing
Modified Thu Dec 5 17:12:28 2013 UTC (7 years, 10 months ago) by msalle
Code cleanup and addition of plugin prototypes:
- configure.ac
    * only link against dl when needed
    * remove obsolete of outdated tests
- New headers lcmaps_plugin_prototypes.h (actual prototypes) and
  lcmaps_plugin_typedefs.h (function definition).
  lcmaps_plugin_prototypes.h is to be included by the plugins to provide the
  prototype, see also lcmaps_plugin_example.c
  lcmaps_pluginmanager.c:
    * remove 'general' plugin prototype and replace by proper prototypes
- src/Makefile.am
    * cleanup include paths
    * cleanup EXTRA_DIST
    * set _XOPEN_SOURCE=500 for the lex code
- Include non-standard headers using the proper subdir, we can then remove those
  dirs from the include path
- make local functions static
- add proper _XOPEN_SOURCE macros for -std=c99
- cleanup (partially) list of included headers
- lineno is now always an int
- handle errors in (v)snprintf



Revision 17209 - Directory Listing
Modified Mon Dec 2 12:56:59 2013 UTC (7 years, 10 months ago) by msalle
Add explicit _XOPEN_SOURCE macro to allow compiling with -std=c99


Revision 17208 - Directory Listing
Modified Mon Dec 2 12:56:12 2013 UTC (7 years, 10 months ago) by msalle
Do not use safefile files inside fileutil as externals, but copy them there.
Also because we want to be able to update them.
Remove symlink safefile -> safefile-1.0.5 as we cannot really use it.


Revision 17207 - Directory Listing
Modified Mon Dec 2 12:16:40 2013 UTC (7 years, 10 months ago) by msalle
Update location of safefile files


Revision 17206 - Directory Listing
Modified Mon Dec 2 12:12:46 2013 UTC (7 years, 10 months ago) by msalle
No longer require safefile separately as external, we get what we need via
fileutil.


Revision 17205 - Directory Listing
Modified Mon Dec 2 12:11:36 2013 UTC (7 years, 10 months ago) by msalle
Update #include in fileutil.c to point to local files.


Revision 17204 - Directory Listing
Modified Mon Dec 2 12:10:13 2013 UTC (7 years, 10 months ago) by msalle
add other two safefile files as externals.


Revision 17203 - Directory Listing
Modified Mon Dec 2 12:05:34 2013 UTC (7 years, 10 months ago) by msalle
Updating externals safefile: explicitly adding the directory first.


Revision 17202 - Directory Listing
Modified Mon Dec 2 11:59:49 2013 UTC (7 years, 10 months ago) by msalle
Trying to add externals as file to fileutil/


Revision 17201 - Directory Listing
Modified Mon Dec 2 11:51:43 2013 UTC (7 years, 10 months ago) by msalle
Add header created by configure: only speciality is existence of id_t


Revision 17200 - Directory Listing
Modified Mon Dec 2 11:42:27 2013 UTC (7 years, 10 months ago) by msalle
Update externals, we cannot simply point to the new symlink, or we will only get
a symlink on checkout.



Revision 17199 - Directory Listing
Modified Mon Dec 2 11:38:17 2013 UTC (7 years, 10 months ago) by msalle
Update svn:externals to use the new symlink to the actual safefile library. Also
update the Makefile.am to reflect this change.


Revision 17198 - Directory Listing
Modified Mon Dec 2 11:35:57 2013 UTC (7 years, 10 months ago) by msalle
Add symlink to safefile-1.0.5 and use the symlink in the #include


Revision 17197 - Directory Listing
Modified Mon Dec 2 11:31:02 2013 UTC (7 years, 10 months ago) by msalle
Adding upstream  safefile-1.0.5 from
http://research.cs.wisc.edu/mist/safefile/releases/


Revision 17196 - Directory Listing
Modified Mon Dec 2 10:36:28 2013 UTC (7 years, 10 months ago) by msalle
Remove unneeded cast (and hence removing a warning for -pedantic)


Revision 17195 - Directory Listing
Modified Sun Dec 1 16:11:18 2013 UTC (7 years, 10 months ago) by msalle
Do not use unnamed unions.


Revision 17194 - Directory Listing
Modified Fri Nov 29 12:59:16 2013 UTC (7 years, 10 months ago) by msalle
Set version to 1+(latest released) (we skipped 1.4.1 it seems)


Revision 17193 - Directory Listing
Modified Fri Nov 29 12:48:41 2013 UTC (7 years, 10 months ago) by msalle
Add missing headers, add _XOPEN_SOURCE macro where needed and explicitly cast
port to uint16_t.


Revision 17192 - Directory Listing
Modified Fri Nov 29 11:45:21 2013 UTC (7 years, 10 months ago) by msalle
Add _XOPEN_SOURCE macros and cleanup list of #includes


Revision 17191 - Directory Listing
Modified Fri Nov 29 11:23:41 2013 UTC (7 years, 10 months ago) by msalle
Remove reference to malloc.h


Revision 17190 - Directory Listing
Modified Fri Nov 29 11:19:34 2013 UTC (7 years, 10 months ago) by msalle
Add _XOPEN_SOURCE directives


Revision 17189 - Directory Listing
Modified Fri Nov 29 10:59:13 2013 UTC (7 years, 10 months ago) by msalle
Add #define for _XOPEN_SOURCE
Remove unused variable
Fix prototype for _term() (no K&R)


Revision 17188 - Directory Listing
Modified Fri Nov 29 10:46:05 2013 UTC (7 years, 10 months ago) by msalle
Explicitly add _XOPEN_SOURCE macro to comply with -std=c99
Replace deprecated bzero with memset
Add missing header


Revision 17187 - Directory Listing
Modified Fri Nov 29 10:39:33 2013 UTC (7 years, 10 months ago) by msalle
Add explicit _XOPEN_SOURCE defines
Replace deprecated index() with strchr()



Revision 17186 - Directory Listing
Modified Fri Nov 29 10:32:05 2013 UTC (7 years, 10 months ago) by msalle
Add explicit _XOPEN_SOURCE macros to comply with -std=c99
Add few missing headers
Replace deprecated index() with strchr()


Revision 17185 - Directory Listing
Modified Fri Nov 29 10:18:02 2013 UTC (7 years, 10 months ago) by msalle
Explicitly put #define _XOPEN_SOURCE to 600 for setenv etc.


Revision 17184 - Directory Listing
Modified Fri Nov 29 10:13:23 2013 UTC (7 years, 10 months ago) by msalle
Update NEWS file


Revision 17183 - Directory Listing
Modified Fri Nov 29 10:03:40 2013 UTC (7 years, 10 months ago) by msalle
Add #define _XOPEN_SOURCE lines to allow compilation using -std=c99
Also add missing #include


Revision 17182 - Directory Listing
Modified Fri Nov 29 10:03:03 2013 UTC (7 years, 10 months ago) by msalle
Define _XOPEN_SOURCE to allow compilation using -std=c99


Revision 17181 - Directory Listing
Modified Fri Nov 29 09:05:43 2013 UTC (7 years, 10 months ago) by msalle
Add _XOPEN_SOURCE #define for sigset_t


Revision 17180 - Directory Listing
Modified Thu Nov 28 19:12:57 2013 UTC (7 years, 10 months ago) by msalle
Fix typo in headerfile name


Revision 17179 - Directory Listing
Modified Thu Nov 28 15:17:32 2013 UTC (7 years, 10 months ago) by msalle
General cleanup of the code, few minor bugfixes, cleanup of compiler warnings.

- move grid-proxy-verify.? out of src tree into new util/ dir
- add support for lcmaps_plugin_prototypes.h when available, or use local one
  otherwise
- rename verify-lib/src_internal/log.? into _verify_log.?
- move src_internal/verify_x509_utils.c to src/
- much more comments in code
- cleanup configure.ac:
    * remove unused or obsolete tests
    * add test for lcmaps plugin prototypes
    * enable ENABLE_LCMAPS_LOGGING here instead of always and in the .c file
    * update version to 1.5.5
- cleanup src/verify-proxy/Makefile.am:
    * should not link to libssl and libcrypto already comes from the test in
      configure.ac
    * move some from the EXTRA_DIST to _SOURCES as they are actually used
- src/verify-proxy/lcmaps_verify_proxy.c
    * removal plugin prototypes (moved to header file)
    * update list of #include files
    * move #define to top here since it's only used here
    * atoi -> strtol
    * remove restriction to set at most 9 TTL levels
    * update logging of TTLs
    * fix logging of TTL at wrong place (before it's determined).
    * treat the error/reason codes consistently (see ERR_get_error() and
      friends), see also in other files.
    * flush and log OpenSSL error queue at the end (in case of failure)
    * move static function to end
- src/verify-proxy/proxylifetime/lcmaps_proxylifetime.c and
  src/verify-proxy/proxylifetime/lcmaps_proxylifetime.h
    * renamed from proxylifetime.?
    * functions are properly prefixed with lcmaps_lifetime_
    * update list of headers
    * bugfix: definition of timeIsInBetween: it returned either 1 or 2, changed
      into 1 or 0, so that the test if (time...) actually works
    * check (more) return values for errors, including from malloc/calloc.
    * generally clean up code
- src/verify-proxy/verify-lib/Makefile
    * remove ansi and pedantic flags, replace with Wextra and Wconversion
- src/verify-proxy/verify-lib/main.c
    * cleanup #include headers
    * handle difference between reasons and err-s.
    * dump error queue at end
    * return 1 on param failure, 2 on verification failure
- src/verify-proxy/verify-lib/src_internal/_verify_log.c
  src/verify-proxy/verify-lib/src_internal/_verify_log.h
    * renamed from log.?
    * cleanup #include
    * rename function to start with verify_
    * only define log_level related code in non-LCMAPS
    * include lcmaps header when in LCMAPS mode
    * move VERIFY_LOG_BUFFER_SIZE #define to .c file.
    * define log_level as static
    * bugfix: code did not compile in non-LCMAPS mode due to extra bogus
      vsprintf
    * properly check return value of vsnprintf
- src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
    * cleanup list of #include
    * remove (uninteresting) unused #define
    * change VERIFY_X509_* #defines into enum verify_x509_option_t
    * change ERR_VERIFY_X509_PARAMS_* #defines into part of enum
      verify_x509_error_t with renaming into VER_R_X509_PARAMS_ (they are
      'reasons')
    * Add new reasons to verify_x509_error_t
    * change some types, e.g. short-s cannot be passed into a ... (va_arg) and
      will become int in any case
    * reorder #define for clarity
- src/verify-proxy/verify-lib/interface/verify_x509.h
  src/verify-proxy/verify-lib/src/verify_x509.c
  src/verify-proxy/verify-lib/src/verify_x509_utils.c
    * verify_x509_utils.c is moved from src_internal to src, since it contains
      public fcies.
    * public prototypes for both .c are in same verify_x509.h (utils are moved
      from _verify_x509.h)
    * rename lcmaps_type_of_proxy() into verify_type_of_proxy()
    * different versions of asn1TimeToTimeT() are merged into
      verify_asn1TimeToTimeT() in _utils.c
    * cleanup list of #include
    * properly treat OpenSSL reasons and errors (int and long unsigned) and
      implement our own extensions via ERR_load_strings etc.:
	- errors are pushed onto the error stack and printed at the end of the
	  run.
	- verify_X509_init calls verify_init_library()
	- verify_X509_setParameter() returns verify_x509_error_t, not an int
	- verify_X509_verify() returns ERR_peek_error() or likewise from our
	  library
	- process_internal_verify_data returns ERR_peek_error() or likewise from
	  our library
    * process_internal_verify_data becomes static
- src/verify-proxy/verify-lib/src_internal/_verify_x509.h
    * add verify_func_t enum with function constants, used by the error
      handling.
    * add macros VERIFY_errval() and VERIFY_reasonval() which push the error on
      the stack and return the (long unsigned) error or (int) reason.
    * cleanup list of #include
    * only declare functions that are used outside _verify_x509.c
- src/verify-proxy/verify-lib/src_internal/_verify_x509.c
    * many functions become static as they are only used internally
    * new functions verify_errval() and verify_reasonval() which are called by
      the new macros VERIFY_errval() and VERIFY_reasonval() (see above) and call
      ERR_put_error().
    * new function verify_init_library which initialized our library extensions
      and loads the corresponding error and function strings.
    * public (non-static) function start with verify_, static with grid_
    * consistently and correctly treat the return values of all the functions,
      do not mix int and long unsigned.
    * remove dead functions and code



Revision 17178 - Directory Listing
Modified Mon Nov 25 10:54:01 2013 UTC (7 years, 10 months ago) by dennisvd
remove architecture specific element from path in the example DB file,
which goes to /usr/share. The /usr/lib vs. /usr/lib64 broke multilib
installations.


Revision 17177 - Directory Listing
Modified Mon Nov 25 10:52:26 2013 UTC (7 years, 10 months ago) by msalle
Further cleanup tests to run and remove unused extra defines flags.


Revision 17176 - Directory Listing
Modified Mon Nov 25 10:51:38 2013 UTC (7 years, 10 months ago) by msalle
Further cleanup which tests to run


Revision 17175 - Directory Listing
Modified Tue Nov 19 13:54:05 2013 UTC (7 years, 10 months ago) by msalle
Remove prototypes which are now coming from lcmaps_plugin_prototypes.h
Make private functions static
Remove few unused defines


Revision 17174 - Directory Listing
Modified Tue Nov 19 13:46:40 2013 UTC (7 years, 10 months ago) by msalle
Update NEWS file
Cleanup tests in configure.ac.
Add support for lcmaps_plugin_prototypes.h either from lcmaps or local.


Revision 17173 - Directory Listing
Modified Tue Nov 19 13:24:18 2013 UTC (7 years, 10 months ago) by msalle
Fix numerous implicit type conversions and small bug fixes:
- For conversions, use following conventions:
    * serial numbers -> long: ASN1_INTEGER_get()
    * timeouts -> long: used as time_t and suseconds_t: signed and fits in long
    * backoff -> unsigned: used in usleep(): useconds_t: unsigned
    * endpoint_retrycount -> long: easiest with strtol
    * errors from openssl/x509_vfy.h are int at least in X509_STORE_CTX.
- test strtol() using errno following strtol(3p)
- replace atoi() by strtol
- replace bzero() by memset
- don't initialize uid/gid with -1
Specific functions:
- when counting total FQANs, explicitly test individually > 0
- move some function prototypes from ssl-common.h to ssl-common.c itself and
  make them static: no need for others.
- warn when changeEffectiveToRealUid/restoreEffectiveToRealUid fail
- OpenSSL has a number of error functions and they are not compatible, so don't
  try to mix them as in print_ssl_error_msg(): when there is no ssl object,
  print the ERR_get_error() based error in a log message.
- ssl-common.h is cleaned up to contain only the really needed stuff.



Revision 17172 - Directory Listing
Modified Mon Nov 18 15:02:47 2013 UTC (7 years, 10 months ago) by msalle
Update NEWS file


Revision 17171 - Directory Listing
Modified Mon Nov 18 15:01:56 2013 UTC (7 years, 10 months ago) by msalle
Cleanup of code:
- add support for lcmaps_plugin_prototypes.h when available, or use local one
  otherwise
- cleanup checks on header files
- update NEWS file
- bump version



Revision 17170 - Directory Listing
Modified Mon Nov 18 14:32:49 2013 UTC (7 years, 10 months ago) by msalle
Remove some unneeded (obsolete) tests


Revision 17169 - Directory Listing
Modified Mon Nov 18 14:28:24 2013 UTC (7 years, 10 months ago) by msalle
Code cleanup, using lcmaps_plugin_prototypes.h from either LCMAPS or local
Remove unneeded tests and define, update NEWS file



Revision 17168 - Directory Listing
Modified Mon Nov 18 13:41:17 2013 UTC (7 years, 10 months ago) by msalle
Updating NEWS file


Revision 17167 - Directory Listing
Modified Mon Nov 18 13:38:00 2013 UTC (7 years, 10 months ago) by msalle
Remove unneeded and obsolete tests


Revision 17166 - Directory Listing
Modified Mon Nov 18 13:36:54 2013 UTC (7 years, 10 months ago) by msalle
Remove unneeded or obsolete tests


Revision 17165 - Directory Listing
Modified Mon Nov 18 13:31:52 2013 UTC (7 years, 10 months ago) by msalle
- Remove unneeded or obsolete tests
- Remove unused defines -D ALLOW_EMPTY_CREDENTIALS -D DEBUG_LEVEL=0



Revision 17164 - Directory Listing
Modified Fri Nov 15 13:38:42 2013 UTC (7 years, 11 months ago) by msalle
Add missing header file


Revision 17163 - Directory Listing
Modified Fri Nov 15 13:19:46 2013 UTC (7 years, 11 months ago) by msalle
Fix some implicit casts and a missing prototype


Revision 17162 - Directory Listing
Modified Fri Nov 15 11:42:06 2013 UTC (7 years, 11 months ago) by msalle
Test on HAVE_LCMAPS_LCMAPS_PLUGIN_PROTOTYPES_H using #if defined()


Revision 17161 - Directory Listing
Modified Fri Nov 15 11:40:19 2013 UTC (7 years, 11 months ago) by msalle
Update test for lcmaps_plugins_prototype.h using if defined.
Print uid/gid using %d and explicit cast, since it might be signed.


Revision 17160 - Directory Listing
Modified Fri Nov 15 11:33:15 2013 UTC (7 years, 11 months ago) by msalle
Cleanup of code:
- add support for lcmaps_plugin_prototypes.h when available, or use local one
  otherwise
- cleanup checks on header files
- add missing header files, fix implicit conversions, replace atoi for strtol
- do not rely on or use uid or gid == -1



Revision 17159 - Directory Listing
Modified Fri Nov 15 10:33:07 2013 UTC (7 years, 11 months ago) by msalle
Bug fixes:
- AC_DEFINE_HEADERS only defines HAVE_... when found, so check if #if defined()
- XACML_FULFILLON_DENY and XACML_DECISION_DENY are enum members, not macros,
  hence cannot compare equality with a #if, solve by rewriting the switch as a
  series of if's
- missing var_long definition


Revision 17158 - Directory Listing
Modified Thu Nov 14 15:18:16 2013 UTC (7 years, 11 months ago) by msalle
Test error in strtol using errno (see man strtol)


Revision 17157 - Directory Listing
Modified Thu Nov 14 14:41:11 2013 UTC (7 years, 11 months ago) by msalle
Sync lcmaps_gridlist.c with lcmaps-plugins-voms


Revision 17156 - Directory Listing
Modified Thu Nov 14 14:35:21 2013 UTC (7 years, 11 months ago) by msalle
Update NEWS file


Revision 17155 - Directory Listing
Modified Thu Nov 14 14:30:58 2013 UTC (7 years, 11 months ago) by msalle
Move includes to top
Update NEWS file


Revision 17154 - Directory Listing
Modified Thu Nov 14 14:15:40 2013 UTC (7 years, 11 months ago) by msalle
Add support for lcmaps_plugin_prototypes.h:
- check lcmaps provides it, if not use private one.



Revision 17153 - Directory Listing
Modified Thu Nov 14 14:09:27 2013 UTC (7 years, 11 months ago) by msalle
Add support for lcmaps_plugin_prototypes.h:
- check lcmaps provides it, if not use private one.


Revision 17152 - Directory Listing
Modified Thu Nov 14 13:42:23 2013 UTC (7 years, 11 months ago) by msalle
reorder checking for headers and lcmaps interface.


Revision 17151 - Directory Listing
Modified Thu Nov 14 13:40:19 2013 UTC (7 years, 11 months ago) by msalle
- Add prototypes header file for plugins, can optionally come from LCMAPS itself
  when available.
- Cleanup checks in configure
- remove malloc.h
- cleanup implicit (and incorrect) type conversions
- fix use of unset requested_uid
- bump version


Revision 17150 - Directory Listing
Modified Wed Nov 13 14:43:33 2013 UTC (7 years, 11 months ago) by msalle
Cleanup of unused tests and compile flags


Revision 17149 - Directory Listing
Modified Wed Nov 13 13:25:03 2013 UTC (7 years, 11 months ago) by msalle
Fix compiler warnings from -Wconversion


Revision 17148 - Directory Listing
Modified Wed Nov 13 11:40:32 2013 UTC (7 years, 11 months ago) by msalle
Further cleanup of unused checks and code.


Revision 17147 - Directory Listing
Modified Wed Nov 13 11:31:14 2013 UTC (7 years, 11 months ago) by msalle
Cleanup tests in configure, also prevents unnecessary linking of dl


Revision 17141 - Directory Listing
Modified Tue Nov 12 15:05:13 2013 UTC (7 years, 11 months ago) by msalle
Update ChangeLog


Revision 17140 - Directory Listing
Modified Tue Nov 12 14:57:10 2013 UTC (7 years, 11 months ago) by msalle
Add check for globus-common found


Revision 17134 - Directory Listing
Modified Mon Nov 11 16:36:43 2013 UTC (7 years, 11 months ago) by msalle
Logging reason for failure should be LOG_ERR.


Revision 17133 - Directory Listing
Modified Mon Nov 11 16:33:38 2013 UTC (7 years, 11 months ago) by msalle
Clean up unneeded variable and improve error message when VOMS AC is absent


Revision 17132 - Directory Listing
Modified Mon Nov 11 16:07:59 2013 UTC (7 years, 11 months ago) by msalle
And the other , ...


Revision 17131 - Directory Listing
Modified Mon Nov 11 16:07:25 2013 UTC (7 years, 11 months ago) by msalle
Add missing ,


Revision 17130 - Directory Listing
Modified Mon Nov 11 16:06:03 2013 UTC (7 years, 11 months ago) by msalle
Clean up compiler warning for lcmaps_voms and cleanup library dependencies.


Revision 17128 - Directory Listing
Modified Mon Nov 11 15:04:25 2013 UTC (7 years, 11 months ago) by msalle
Cleanup compiler warnings


Revision 17123 - Directory Listing
Modified Mon Nov 11 11:30:06 2013 UTC (7 years, 11 months ago) by msalle
Update ChangeLog


Revision 17122 - Directory Listing
Modified Mon Nov 11 11:15:34 2013 UTC (7 years, 11 months ago) by msalle
Cleanup memory.


Revision 17121 - Directory Listing
Modified Fri Nov 8 13:52:37 2013 UTC (7 years, 11 months ago) by msalle
Missed ; 


Revision 17120 - Directory Listing
Modified Fri Nov 8 13:51:31 2013 UTC (7 years, 11 months ago) by msalle
Clean up malloc-ed sgids from caller.


Revision 17119 - Directory Listing
Modified Fri Nov 8 11:06:18 2013 UTC (7 years, 11 months ago) by msalle
- Add description of bug https://bugzilla.nikhef.nl/show_bug.cgi?id=17 to BUGS
  file for versions 1.5.4 (when ban_fqan was introduced) - 1.6.1
- Explain (new) behaviour in the manpage



Revision 17118 - Directory Listing
Modified Fri Nov 8 10:56:53 2013 UTC (7 years, 11 months ago) by msalle
- Further fix https://bugzilla.nikhef.nl/show_bug.cgi?id=17: also when we try
  via getCredentialData(LCMAPS_VO_CRED_STRING, &nfqan) we succeed when there are
  no VOMS credentials. This code probably is never reached in current-day LCMAPS
  (which no longer relies on the lcmaps_voms plugin). 
- remove unneeded use of extra variables.
- improve notices when there are no VOMS credentials.



Revision 17117 - Directory Listing
Modified Thu Nov 7 15:36:39 2013 UTC (7 years, 11 months ago) by msalle
Bug fix: when there are no FQANs we should not be banned in ban_fqan.



Revision 17116 - Directory Listing
Modified Wed Nov 6 16:51:57 2013 UTC (7 years, 11 months ago) by msalle
- cgul_getvarindex() returns -3 when index > INT_MAX since it effectively fails.
  This is not true for the other functions returning INT_MAX, since then the
  primary functionality has been successful.
- check for -3 return code from cgul_getvarindex() and act appropriately.
- Improve commentary for functions.
- replace implementation of cgul_env_printf_dst() by a call to
  cgul_env_vprintf_dst()



Revision 17115 - Directory Listing
Modified Wed Nov 6 14:51:45 2013 UTC (7 years, 11 months ago) by msalle
Move globus dependencies to Requires.private


Revision 17114 - Directory Listing
Modified Wed Nov 6 14:43:43 2013 UTC (7 years, 11 months ago) by msalle
- Move pkg-config requires for the interfaces to the Requires.private, cflags
  are still inherited.
- Remove VOMS_CPP_LIBS from LDFLAGS of libraries that don't use VOMS directly.
- Remove Libs.private for vomsapi, since we get it from the Requires.private.


Revision 17113 - Directory Listing
Modified Wed Nov 6 09:08:19 2013 UTC (7 years, 11 months ago) by msalle
Updates:
- globus version 5.2.5
- use 'type' instead of 'which' to find wget, curl etc. 'type' is a posix shell
  builtin, 'which' is not always available
- cleanup and fix saml2-xacml2-c-lib building using platform gsoap.


Revision 17112 - Directory Listing
Modified Fri Nov 1 12:09:57 2013 UTC (7 years, 11 months ago) by msalle
Minimal version which can call us with the new API is in globus_gss_assist 9.0,
no longer 8.9, see http://jira.globus.org/browse/GT-478


Revision 17110 - Directory Listing
Modified Wed Oct 30 15:27:19 2013 UTC (7 years, 11 months ago) by msalle
Update NEWS file to reflect bugfixes.
Update version
Give slightly more information when cleaning environment has failed.


Revision 17109 - Directory Listing
Modified Wed Oct 30 15:21:32 2013 UTC (7 years, 11 months ago) by msalle
Return -2 in cgul_safe_copy_env() if one of MALLOC variable names is too long.


Revision 17108 - Directory Listing
Modified Wed Oct 30 14:56:29 2013 UTC (7 years, 11 months ago) by msalle
Bugfix and improvements:
- cgul_clear_env_pattern() returns the number of entries cleared, so instead of
  checking whether it returns non-zero, we should check whether it negative.
  This fixes https://bugzilla.nikhef.nl/show_bug.cgi?id=16
- cgul_getvarname() incorrectly copies the variable name in certain cases.
- cgul_getvarnamelen() returns size_t instead of int. It now returns 0 when the
  input does not contain a variable name or is otherwise invalid.
- cgul_getvarname() returns size_t instead of int. It returns the length of the
  env variable name. On invalid input it returns 0, when env variable name is 
  >= buffer size, it still returns length of the env variable name, but does NOT
  copy the value.
- Some of the error indicating return values are updated.
- Add more comments on return values at function definitions.



Revision 17107 - Directory Listing
Modified Mon Oct 28 14:54:24 2013 UTC (7 years, 11 months ago) by msalle
Add note in NEWS about fixed bug. Add clarification in comment about other
fields in globus internal struct.


Revision 17106 - Directory Listing
Modified Mon Oct 28 14:16:37 2013 UTC (7 years, 11 months ago) by msalle
Few improvements:
- llgt_front.c:
  * check run-time version of GLOBUS_GSI_GSS_ASSIST_MODULE /
    libglobus_gss_assist to make sure we don't va_arg a non-existent parameter.
  * setup logging before checking for the sharing service.
- llgt_utils.c:
  when LLGT_ENABLE_DEBUG is specified setup debugging mode also in
  logging-to-file mode.
- llgt_lcmaps.h
  Write-out the parameter names in the llgt_run_lcmaps prototype (for clarity
  and for ctags)
- configure.ac:
  only need to set CFLAGS, since we try a include
  


Revision 17105 - Directory Listing
Modified Fri Oct 25 13:53:28 2013 UTC (7 years, 11 months ago) by msalle
Updating NEWS file


Revision 17104 - Directory Listing
Modified Fri Oct 25 13:51:01 2013 UTC (7 years, 11 months ago) by msalle
- Adding support for the new sharing service API, introduced in GT5.2.5. In that
  case, the user credential is obtained from an extra commandline argument to
  the callout, instead of from the gss context. We build up our own
  'gss_cred_id_t' to wrap this other credential, this prevents having to add a
  new LCMAPS and LCAS API. When this LLGT is build against an old GT5 it will
  still have the support but we implement one function differently.
- Also removing code obtaining our own and peer identity from llgt_front, since
  the result is not used. The peer is also obtained later elsewhere.
- Updating version


Revision 17103 - Directory Listing
Modified Fri Oct 25 11:59:23 2013 UTC (7 years, 11 months ago) by msalle
Insert mandatory first argument: name of service


Revision 17095 - Directory Listing
Modified Fri Oct 4 12:39:15 2013 UTC (8 years ago) by msalle
Update ChangeLog for release 0.4.0


Revision 17091 - Directory Listing
Modified Fri Oct 4 11:34:48 2013 UTC (8 years ago) by msalle
Check we have a libxacml providing xacml_query_file().


Revision 17090 - Directory Listing
Modified Fri Oct 4 10:30:55 2013 UTC (8 years ago) by msalle
Provide new function xacml_query_file() extending xacml_query(). The new 
function takes as extra argument an open file pointer used for logging the gSOAP
output. This used to get logged on stderr. The old function now just calls the
new function with stderr as argument.


Revision 17089 - Directory Listing
Modified Fri Oct 4 10:18:02 2013 UTC (8 years ago) by msalle
Fixing problems with the (re)use of stdout/stderr by the libxacml. We now use
the new API from S2X2-C-lib 1.3.0 and onwards, which allows providing our own
open filepointer. Minimal version of that library is also 1.3.0 as we need the
new API call. Updating NEWS, BUGS and version.


Revision 17085 - Directory Listing
Modified Thu Oct 3 13:57:23 2013 UTC (8 years ago) by msalle
Updating ChangeLog


Revision 17084 - Directory Listing
Modified Thu Oct 3 13:56:52 2013 UTC (8 years ago) by msalle
Need to ship BUGS in dist tarball.


Revision 17081 - Directory Listing
Modified Thu Oct 3 13:44:10 2013 UTC (8 years ago) by msalle
Updating ChangeLog


Revision 17080 - Directory Listing
Modified Thu Oct 3 13:43:21 2013 UTC (8 years ago) by msalle
Adding bug concerning llrun -s with new capturing of stdout/stderr from the
S2X2-C-lib.


Revision 17079 - Directory Listing
Modified Thu Oct 3 13:38:35 2013 UTC (8 years ago) by msalle
Updating configure.ac and NEWS file for 0.3.5 release.


Revision 17078 - Directory Listing
Modified Thu Oct 3 13:25:17 2013 UTC (8 years ago) by msalle
Break-up multiline log entries from the 'fake logger' into separate log-entries,
of which the 2nd and later ones are indented.


Revision 17077 - Directory Listing
Modified Thu Oct 3 11:56:49 2013 UTC (8 years ago) by msalle
Applying patch from Brian (with minor non-functional changes) to capture output
from the SAML2-XACML2-C-lib.



Revision 17075 - Directory Listing
Modified Wed Sep 18 11:23:57 2013 UTC (8 years ago) by msalle
Fix small typos in lcmaps_ban_fqan.mod manpage


Revision 17074 - Directory Listing
Modified Wed Sep 18 11:23:21 2013 UTC (8 years ago) by msalle
Add -disablewildcard option to manpage of lcmaps_ban_dn.mod


Revision 17073 - Directory Listing
Modified Wed Sep 18 10:34:08 2013 UTC (8 years ago) by msalle
Update scas.conf file options in install instructions (rest of file still needs
cleanup).


Revision 17070 - Directory Listing
Modified Mon Sep 16 14:19:46 2013 UTC (8 years, 1 month ago) by msalle
Few small updates in manpages.


Revision 17069 - Directory Listing
Modified Mon Sep 16 14:11:03 2013 UTC (8 years, 1 month ago) by msalle
Add missing lcas_db entry to scas.conf template


Revision 17068 - Directory Listing
Modified Mon Sep 16 13:58:14 2013 UTC (8 years, 1 month ago) by msalle
Fix typo


Revision 17067 - Directory Listing
Modified Mon Sep 16 13:43:36 2013 UTC (8 years, 1 month ago) by msalle
Add missing continuation char


Revision 17066 - Directory Listing
Modified Mon Sep 16 13:28:41 2013 UTC (8 years, 1 month ago) by msalle
Make sure to create directories for files from template.


Revision 17065 - Directory Listing
Modified Mon Sep 16 13:17:28 2013 UTC (8 years, 1 month ago) by msalle
Fix spaces -> tabs


Revision 17064 - Directory Listing
Modified Mon Sep 16 13:14:57 2013 UTC (8 years, 1 month ago) by msalle
Remove configuring sed template file


Revision 17063 - Directory Listing
Modified Mon Sep 16 13:12:48 2013 UTC (8 years, 1 month ago) by msalle
Update creating from template using common.am as done for glexec.


Revision 17061 - Directory Listing
Modified Mon Sep 16 12:27:40 2013 UTC (8 years, 1 month ago) by msalle
Further cleanup of scas init.d script: adding some extra fields


Revision 17060 - Directory Listing
Modified Mon Sep 16 12:17:02 2013 UTC (8 years, 1 month ago) by msalle
Update scas.conf to be a proper scas.conf not just example


Revision 17057 - Directory Listing
Modified Mon Sep 16 11:40:30 2013 UTC (8 years, 1 month ago) by msalle
Remove extra #


Revision 17055 - Directory Listing
Modified Mon Sep 16 11:30:03 2013 UTC (8 years, 1 month ago) by msalle
Update init script to LSB notation, remove default start/stop entries (quiet
rpmlint). Add dependency on network.



Revision 17054 - Directory Listing
Modified Mon Sep 16 11:13:02 2013 UTC (8 years, 1 month ago) by msalle
logrotate should not be installed as script but as data


Revision 17051 - Directory Listing
Modified Thu Sep 12 15:41:23 2013 UTC (8 years, 1 month ago) by msalle
Add missing #include for getpid()


Revision 17050 - Directory Listing
Modified Thu Sep 12 15:37:37 2013 UTC (8 years, 1 month ago) by msalle
Bugfix for bug https://bugzilla.nikhef.nl/show_bug.cgi?id=5
Rename scas.init.d into scas, scas.logrotate into scas and update manpage
accordingly.
Also check that scas starts up in init script.



Revision 17049 - Directory Listing
Modified Thu Sep 12 15:24:01 2013 UTC (8 years, 1 month ago) by msalle
Also log SCAS shutdown when not daemonized.


Revision 17048 - Directory Listing
Modified Thu Sep 12 15:17:45 2013 UTC (8 years, 1 month ago) by msalle
Fix for bugs
https://bugzilla.nikhef.nl/show_bug.cgi?id=6
    This should have been a list of all supported LCMAPS and LCAS options
    supported in the scas.conf file. This is now updated to reflect (almost all)
    actually understood variables for LCAS and LCMAPS and the documentation is
    adapted appropriately.
https://bugzilla.nikhef.nl/show_bug.cgi?id=7
    Manpage is update accordingly
https://bugzilla.nikhef.nl/show_bug.cgi?id=9
    The new behaviour is as advertised in the manpage: when set, the
    LCAS_LOG_FILE and/or LCMAPS_LOG_FILE entries or corresponding entries in
    the scas.conf file are used, otherwise output is merged with the scas log
    file. Where logs are left is logged in the scas log.



Revision 17047 - Directory Listing
Modified Thu Sep 12 13:35:14 2013 UTC (8 years, 1 month ago) by msalle
Fix number of bugs:
- main.c:
  signal handling was broken: sending a term to the SCAS would not shutdown the
  parent properly. This is quite considerably reworked. Also recursively calling
  checkpoint should be changed into a while
- scas_log.c:
  strftime returns length without the \0 byte.
  Also log the PID which makes debugging a lot easier.


Revision 17042 - Directory Listing
Modified Wed Sep 11 10:48:38 2013 UTC (8 years, 1 month ago) by msalle
Explicitly set AM_MAINTAINER_MODE to disable, commenting it out removes the
switching possibility.


Revision 17041 - Directory Listing
Modified Wed Sep 11 10:36:29 2013 UTC (8 years, 1 month ago) by msalle
Disable maintainer mode to prevent problems with re-running autotools on EL5,
which fails (to old). Bump version to 1.2.0.


Revision 17040 - Directory Listing
Modified Tue Sep 10 19:03:13 2013 UTC (8 years, 1 month ago) by msalle
Fix bug: also need to reset soap.user when XACML_THREADING==1, but
xacml_threading is unset


Revision 17039 - Directory Listing
Modified Tue Sep 10 14:11:55 2013 UTC (8 years, 1 month ago) by msalle
Bug fix: should be possible to disable threading:
New behaviour: at configure time, the threading code can be completely disabled
using --disable-threading. To actually enable the threading, it needs to be
enabled at configure time (default) AND at runtime by setting the environment
variable XACML_THREAD_MODEL to "pthread". The only other valid value is "none"
which is also the default if the variable is unset. Setting it to an other value
results in an error.


Revision 17034 - Directory Listing
Modified Fri Aug 30 10:51:08 2013 UTC (8 years, 1 month ago) by msalle
Add bugzilla reference for gsoap issue to the NEWS file.


Revision 17032 - Directory Listing
Modified Thu Aug 29 13:31:52 2013 UTC (8 years, 1 month ago) by msalle
Update NEWS file


Revision 17031 - Directory Listing
Modified Thu Aug 29 13:29:55 2013 UTC (8 years, 1 month ago) by msalle
Add output from 'pkg-config --cflags gsoap' to CPPFLAGS.
This is a necessary workaround for a problem in /usr/include/stdsoap2.h. The
headerfile can define 'peer' in two incompatible ways, depending on the
WITH_IPV6 macro. On the other hand, the system version of libgsoap has been
compile with one of these.

Add --force to autoheader to make sure config.h.in is rewritten. This prevents
unnecessary re-running the autotools by make.


Revision 17027 - Directory Listing
Modified Mon Aug 26 15:02:36 2013 UTC (8 years, 1 month ago) by msalle
Updating ChangeLog


Revision 17026 - Directory Listing
Modified Mon Aug 26 11:56:49 2013 UTC (8 years, 1 month ago) by msalle
Adding alias --banning-only-mode for option --treat-notapplicable-as-success.
Adding both to the manpage SYNOPSIS line.


Revision 17025 - Directory Listing
Modified Mon Aug 26 11:31:07 2013 UTC (8 years, 1 month ago) by msalle
Adding support for new option --treat-notapplicable-as-success
With this new option set, a 'Not Applicable' result from the Argus server will
not be interpreted as failure but success. This is necessary when Argus is used
only for banning, since in that case there will be no matching 'permit' lines in
the Argus policy. A setter/getter function is implemented to let the option flow
from the lcmaps_c_pep.c plugin_initialize() to the consuming function
checkResponseSanity() in pep-c-obligation-handlers_helpers.c.
Updating manpage, NEWS file to reflect the new option.
Bumping version.



Revision 17023 - Directory Listing
Modified Wed Aug 21 12:37:35 2013 UTC (8 years, 1 month ago) by msalle
Update NEWS file


Revision 17022 - Directory Listing
Modified Wed Aug 21 12:33:57 2013 UTC (8 years, 1 month ago) by msalle
Use Mattias' fix for the two patches needed for the different gsoap versions:
fix the resulting gsoap output using sed instead of a patch.


Revision 17018 - Directory Listing
Modified Thu Aug 1 11:55:29 2013 UTC (8 years, 2 months ago) by msalle
Updating ChangeLog


Revision 17017 - Directory Listing
Modified Thu Aug 1 11:54:03 2013 UTC (8 years, 2 months ago) by msalle
Adding ChangeLog


Revision 17013 - Directory Listing
Modified Mon Jul 29 15:18:26 2013 UTC (8 years, 2 months ago) by msalle
Remove --install (-i) flag from libtoolize.


Revision 17012 - Directory Listing
Modified Mon Jul 29 15:05:47 2013 UTC (8 years, 2 months ago) by msalle
Bug fix:
- should include both .diff patch files
- update NEWS file
Update version


Revision 17006 - Directory Listing
Modified Mon Jul 29 14:20:33 2013 UTC (8 years, 2 months ago) by msalle
Make sure to return a value in non-void function! Comment-out unused variables.


Revision 17005 - Directory Listing
Modified Mon Jul 29 13:53:41 2013 UTC (8 years, 2 months ago) by msalle
Several bug fixes, adding different patch for new gSOAP versions (e.g.
Fedora19), shipping bootstrap and renaming configure.in in configure.ac.
Bumping version.
Bugs:
- extern "C" should be used with {} for initialized variables, since the
  variables are not extern, see e.g.
  http://www.tldp.org/HOWTO/C++-dlopen/thesolution.html
- Prevent doubly declaring XACML_ADDING_THREADING
- do not typedef a struct, it's automatically typedeffed.
 


Revision 16992 - Directory Listing
Modified Fri May 24 15:38:21 2013 UTC (8 years, 4 months ago) by dennisvd
reorganised the options into uid/user gid/group pairs,
include the missing --dummy-group and --dummy-sec-group
options.


Revision 16991 - Directory Listing
Modified Thu May 23 13:19:35 2013 UTC (8 years, 4 months ago) by dennisvd
Include ctype.h for declaration of 'isdigit'.


Revision 16979 - Directory Listing
Modified Tue Apr 9 13:52:13 2013 UTC (8 years, 6 months ago) by msalle
Bugfix: Some log entries are missing the trailing newline, this used to be fixed
by changing the last character into a newline. Now we try to add a newline if 
there is space in the buffer, otherwise we truncate in the normal way.


Revision 16973 - Directory Listing
Modified Thu Mar 21 11:45:03 2013 UTC (8 years, 6 months ago) by okoeroo
updated changelog

Revision 16972 - Directory Listing
Modified Thu Mar 21 11:26:20 2013 UTC (8 years, 6 months ago) by okoeroo
Updating database schema design, now equipped with gatekeeper_jm_id

Revision 16971 - Directory Listing
Modified Thu Mar 21 11:23:55 2013 UTC (8 years, 6 months ago) by okoeroo
Added the GATEKEEPER_JM_ID into the compute_jobs table to bind that environment variable to my effective credentials (session) id key for GridSAFE.

Revision 16970 - Directory Listing
Modified Thu Mar 21 01:44:05 2013 UTC (8 years, 6 months ago) by okoeroo
fixing a stupid mistake

Revision 16969 - Directory Listing
Modified Thu Mar 21 01:08:26 2013 UTC (8 years, 6 months ago) by okoeroo
Adding the GATEKEEPER_JM_ID

Revision 16968 - Directory Listing
Modified Mon Mar 11 20:14:51 2013 UTC (8 years, 7 months ago) by okoeroo
Removed loading the database with the jobrep-create-CE.sql file. The file is obsoleted as all the SQL commands are in the jobrep-create-basic.sql

Revision 16967 - Directory Listing
Modified Mon Mar 11 12:58:36 2013 UTC (8 years, 7 months ago) by msalle
Use /bin/sh instead of /bin/bash to execute the glexec commands.


Revision 16966 - Directory Listing
Modified Mon Mar 11 12:53:27 2013 UTC (8 years, 7 months ago) by msalle
Lower log level of not-found localaccount to LOG_NOTICE


Revision 16962 - Directory Listing
Modified Fri Mar 8 11:38:43 2013 UTC (8 years, 7 months ago) by msalle
Update ChangeLog


Revision 16961 - Directory Listing
Modified Fri Mar 8 11:38:28 2013 UTC (8 years, 7 months ago) by msalle
Fix list of authors


Revision 16960 - Directory Listing
Modified Fri Mar 8 11:20:55 2013 UTC (8 years, 7 months ago) by msalle
Add that a leading 0 is added to specified modes.


Revision 16959 - Directory Listing
Modified Fri Mar 8 11:15:35 2013 UTC (8 years, 7 months ago) by msalle
Update manpage and use AC_CONF to create it.


Revision 16958 - Directory Listing
Modified Fri Mar 8 10:57:12 2013 UTC (8 years, 7 months ago) by msalle
Fix non-working -t option. Also combine mktemp with chmod (when used) to prevent
the need for a second glexec run.


Revision 16953 - Directory Listing
Modified Mon Mar 4 15:31:43 2013 UTC (8 years, 7 months ago) by msalle
Update ChangeLog


Revision 16952 - Directory Listing
Modified Mon Mar 4 15:31:23 2013 UTC (8 years, 7 months ago) by msalle
Remove -Wconversion flag


Revision 16950 - Directory Listing
Modified Mon Mar 4 15:14:22 2013 UTC (8 years, 7 months ago) by msalle
Update ChangeLog


Revision 16949 - Directory Listing
Modified Mon Mar 4 15:14:01 2013 UTC (8 years, 7 months ago) by msalle
Update BUGS


Revision 16948 - Directory Listing
Modified Mon Mar 4 14:58:50 2013 UTC (8 years, 7 months ago) by msalle
Add LOG_INFO log line when plugin succeeds.
Fix typo in log message.
Update NEWS file.


Revision 16947 - Directory Listing
Modified Mon Mar 4 14:50:15 2013 UTC (8 years, 7 months ago) by msalle
Replace goto-loop with for-loop. Note: we should rework this to prevent relying
on the rowcount. See note on
http://msdn.microsoft.com/en-us/library/windows/desktop/ms711835%28v=vs.85%29.aspx


Revision 16946 - Directory Listing
Modified Mon Mar 4 13:49:33 2013 UTC (8 years, 7 months ago) by msalle
Fix all invalid or implicit type conversions, update return type of SQL_Query
to SQLRETURN, uid and gid data is mostly long, not int. Use macro SQL_SUCCEEDED()


Revision 16944 - Directory Listing
Modified Fri Mar 1 15:14:14 2013 UTC (8 years, 7 months ago) by okoeroo
Removed a lot of conversion errors in the jobrep plugin code which interacts with the SQL layer on CentOS 6 64

Revision 16943 - Directory Listing
Modified Fri Mar 1 14:24:04 2013 UTC (8 years, 7 months ago) by msalle
Add test for libcrypto/OpenSSL-devel


Revision 16942 - Directory Listing
Modified Fri Mar 1 14:13:10 2013 UTC (8 years, 7 months ago) by msalle
Wrong type for certain variables lead to a mismatch on RH6/64 leading to a
SIGABORT. Updating NEWS and version


Revision 16937 - Directory Listing
Modified Thu Feb 28 13:28:57 2013 UTC (8 years, 7 months ago) by dennisvd
Update for 1.5.1 release

Revision 16931 - Directory Listing
Modified Wed Feb 27 16:01:27 2013 UTC (8 years, 7 months ago) by dennisvd
Fixed the manpage header, gLExec spelling and used a UR directive for the link to the Wiki


Revision 16930 - Directory Listing
Modified Wed Feb 27 15:40:15 2013 UTC (8 years, 7 months ago) by msalle
Add NEWS file entry


Revision 16923 - Directory Listing
Modified Wed Feb 27 13:09:27 2013 UTC (8 years, 7 months ago) by msalle
Updating ChangeLog


Revision 16922 - Directory Listing
Modified Wed Feb 27 13:09:12 2013 UTC (8 years, 7 months ago) by msalle
Adding BUGS to the dist tarball.


Revision 16921 - Directory Listing
Modified Wed Feb 27 12:46:07 2013 UTC (8 years, 7 months ago) by msalle
Updating ChangeLog files


Revision 16919 - Directory Listing
Modified Wed Feb 27 12:34:58 2013 UTC (8 years, 7 months ago) by msalle
Fix typo in checking return value strdup.


Revision 16918 - Directory Listing
Modified Wed Feb 27 12:09:12 2013 UTC (8 years, 7 months ago) by msalle
Fix bugs in poolaccount plugin: need to check requested username is non-NULL in
normal mode (not in verify mode) and forgot to include dlfcn.h
Updating NEWS and version


Revision 16917 - Directory Listing
Modified Wed Feb 27 12:08:07 2013 UTC (8 years, 7 months ago) by msalle
Fix bugs in voms_poolaccount: need to check requested username is non-NULL in
normal mode (not in verify mode). Forgot to include dlfcn.h.
Updating NEWS and configure.ac


Revision 16915 - Directory Listing
Modified Wed Feb 27 10:33:42 2013 UTC (8 years, 7 months ago) by msalle
Testing whether plugin is used twice was incomplete, inefficient and printed a
broken error message. This is now fixed:
- test that the actual library handle is different instead of the absolute
  pathname, this extends the error checking in case of symlinks or hardlinks to
  different names (which still don't work).
- only check different plugin entries.
- fix the error message, to print the two shortnames.
- update NEWS file
- update version



Revision 16909 - Directory Listing
Modified Tue Feb 26 15:37:13 2013 UTC (8 years, 7 months ago) by msalle
Updating ChangeLog


Revision 16905 - Directory Listing
Modified Tue Feb 26 15:05:26 2013 UTC (8 years, 7 months ago) by msalle
Update ChangeLog


Revision 16904 - Directory Listing
Modified Tue Feb 26 15:05:14 2013 UTC (8 years, 7 months ago) by msalle
Add missing entry to NEWS file


Revision 16903 - Directory Listing
Modified Tue Feb 26 15:02:38 2013 UTC (8 years, 7 months ago) by msalle
Updating ChangeLog


Revision 16899 - Directory Listing
Modified Tue Feb 26 11:24:55 2013 UTC (8 years, 7 months ago) by msalle
Updating versions for new gsissh features:
- lcas_lcmaps_gt4_interface 0.3.0
- lcmaps 1.6.0
- lcas-plugins-basic 1.6.0
- lcas-plugins-voms 1.6.0


Revision 16896 - Directory Listing
Modified Mon Feb 25 21:25:31 2013 UTC (8 years, 7 months ago) by dennisvd
Added a missing description to the header


Revision 16895 - Directory Listing
Modified Mon Feb 25 20:56:24 2013 UTC (8 years, 7 months ago) by msalle
Lowering log level to LOG_NOTICE from LOG_ERR, as this is not a real error.


Revision 16894 - Directory Listing
Modified Mon Feb 25 18:47:26 2013 UTC (8 years, 7 months ago) by dennisvd
typo: continueing -> continuing


Revision 16886 - Directory Listing
Modified Mon Feb 25 16:26:43 2013 UTC (8 years, 7 months ago) by msalle
Updating ees logrotate to more reasonable values.


Revision 16884 - Directory Listing
Modified Mon Feb 25 16:17:43 2013 UTC (8 years, 7 months ago) by msalle
Update manpage for lcas-lcmaps-gt4-interface to reflect passing of 'requested
username'


Revision 16883 - Directory Listing
Modified Mon Feb 25 16:13:39 2013 UTC (8 years, 7 months ago) by msalle
Updating manpages to reflect new support for requested username. Also
spellchecking them.


Revision 16882 - Directory Listing
Modified Mon Feb 25 15:38:59 2013 UTC (8 years, 7 months ago) by msalle
Spell checked the manpage


Revision 16881 - Directory Listing
Modified Mon Feb 25 15:29:15 2013 UTC (8 years, 7 months ago) by msalle
Also print requested username when grid-mapfile lookup fails (it might be the
reason for failure).


Revision 16873 - Directory Listing
Modified Mon Feb 25 14:54:26 2013 UTC (8 years, 7 months ago) by msalle
Fix logging of requested username: if unset, print unset not NULL. 


Revision 16872 - Directory Listing
Modified Mon Feb 25 13:14:58 2013 UTC (8 years, 7 months ago) by msalle
Make jobrep-admin script posix compliant


Revision 16871 - Directory Listing
Modified Mon Feb 25 13:12:10 2013 UTC (8 years, 7 months ago) by msalle
- Add support for the requested username in the poolaccount plugins: when a
  requested username is provided and does not match a resulting poolaccount
  mapping, the poolaccount plugin should fail. This is necessary to prevent
  LCMAPS to return succesfully with a different account then the requested
  username.
- Update NEWS files with correct syntax for list of usernames (should be
  separated by a comma without any whitespace).
- Make sure not to the a strncmp but a strcmp for the requested username.
- Allow for a larger list of userids before calling realloc (was 4 now 256)
- Clarify logmessage printed when a requested username is specified.


Revision 16870 - Directory Listing
Modified Mon Feb 25 09:53:35 2013 UTC (8 years, 7 months ago) by okoeroo
Removed function prefix to a shell-script function, because its a bash-ism

Revision 16869 - Directory Listing
Modified Mon Feb 25 09:30:32 2013 UTC (8 years, 7 months ago) by okoeroo
LCMAPS config file generator is now fixed to generate chunked files based on the SCAS=yes and PEPC=yes

Revision 16868 - Directory Listing
Modified Mon Feb 25 07:29:11 2013 UTC (8 years, 7 months ago) by okoeroo
Integrated 6 new PEPC deployment scenarios, per test.

Revision 16867 - Directory Listing
Modified Mon Feb 25 07:07:55 2013 UTC (8 years, 7 months ago) by okoeroo
Improved Argus tests

Revision 16866 - Directory Listing
Modified Fri Feb 22 15:25:55 2013 UTC (8 years, 7 months ago) by msalle
Add bugfix to NEWS file


Revision 16865 - Directory Listing
Modified Fri Feb 22 13:45:32 2013 UTC (8 years, 7 months ago) by msalle
For FQANs we need to add MATCH_WILD_CHARS 


Revision 16864 - Directory Listing
Modified Fri Feb 22 13:31:08 2013 UTC (8 years, 7 months ago) by msalle
Fix adding of requested_username to wrong entry in arg list


Revision 16863 - Directory Listing
Modified Fri Feb 22 12:41:36 2013 UTC (8 years, 7 months ago) by msalle
When closing logfile, make sure the flag is set to uninitialized logging.


Revision 16862 - Directory Listing
Modified Fri Feb 22 11:34:39 2013 UTC (8 years, 7 months ago) by msalle
Cleanup code, protect against casting of NULL pointer return value of
lcmaps_getArgValue()


Revision 16861 - Directory Listing
Modified Fri Feb 22 11:16:33 2013 UTC (8 years, 7 months ago) by okoeroo
Fixing a segv by avoiding an unsafe cast.

Revision 16860 - Directory Listing
Modified Fri Feb 22 11:16:22 2013 UTC (8 years, 7 months ago) by msalle
Fix missing variable


Revision 16859 - Directory Listing
Modified Fri Feb 22 11:16:07 2013 UTC (8 years, 7 months ago) by msalle
Fix missing #include and undefined variable.


Revision 16858 - Directory Listing
Modified Fri Feb 22 10:56:44 2013 UTC (8 years, 7 months ago) by msalle
Protect against segfault when lcmaps_getArgValue() returns NULL, should not try
to cast result.


Revision 16857 - Directory Listing
Modified Fri Feb 22 10:52:06 2013 UTC (8 years, 7 months ago) by msalle
Implementing same functionality as for the localaccount plugin, now for VOMS
localaccount:
When LCMAPS has version 1.5.8 or higher, the voms_localaccount plugin will try
to obtain a "requested_username" from the framework. When set, it needs to match
one of the target useraccounts for the FQANs in the grid-mapfile. This enables
support for mapping to e.g. user2 in an entry such as
"/FQAN" user1,user2

gridlist.[ch]:
- new matching type MATCH_EXACT. When used, all found usernames are matched
  exact against the searchstring. For other matching types only the first
  username is used in a comparison.
lcmaps_voms_localaccount.c:
- when LCMAPS version is bigger than 1.5.8, requested_username is obtained from
  the framework.
- when a requested_username is set, a MATCH_EXACT is performed based on the
  input, otherwise a match 'not starting with a .' is performed on the first
  entry in the list of localaccounts in the matched grid-mapfile line.
All plugins:
- protect against segfault when lcmaps_getArgValue() returns NULL, should not
  try to cast result.



Revision 16856 - Directory Listing
Modified Thu Feb 21 19:29:05 2013 UTC (8 years, 7 months ago) by msalle
Revert lcmaps_account_info_t as we decided not to change it in LCMAPS after all.


Revision 16855 - Directory Listing
Modified Thu Feb 21 19:24:33 2013 UTC (8 years, 7 months ago) by msalle
Solve problem of storing requested_username without changing
lcmaps_account_info_t (which would break plugins and gLExec), by passing extra
arguments to internal functions:
 lcmaps_extractRunVars()
 lcmaps_runPluginManager()
- lcmaps_account{.c,.h} are reverted
- lcmaps_runPluginManager in lcmaps_pluginmanager.c only forwards the
  requested_username further to lcmaps_extractRunVars in lcmaps_runvars.c.
- lcmaps_runvars.c now has the statics (needed for storing memory) local in
  lcmaps_extractRunVars instead of global, as long as they are on the heap, it's
  fine.
- lcmaps_extractRunVars uses the input for separate parameter instead of new
  part of lcmaps_cred
- All lcmaps interfaces in lcmaps.c pass NULL except for
  lcmaps_run_and_return_username which passes the req_username.



Revision 16854 - Directory Listing
Modified Thu Feb 21 14:19:27 2013 UTC (8 years, 7 months ago) by msalle
Add proper support for specifying the desired_identity. This is now the only
allowed but optional cmdline argument.



Revision 16853 - Directory Listing
Modified Thu Feb 21 14:16:56 2013 UTC (8 years, 7 months ago) by msalle
When desired identity is an empty string, set it to NULL for LCMAPS, otherwise
we try to match an "" which will always fail.


Revision 16852 - Directory Listing
Modified Thu Feb 21 13:57:09 2013 UTC (8 years, 7 months ago) by msalle
Protect (and warn) against lcmaps handle being NULL.


Revision 16851 - Directory Listing
Modified Thu Feb 21 13:55:40 2013 UTC (8 years, 7 months ago) by msalle
When LCMAPS has version 1.5.8 or higher, the localaccount plugin will try to
obtain a "requested_username" from the framework. When set, it needs to match
one of the target useraccounts for the DN in the grid-mapfile. This enables
support for mapping to e.g. user2 in an entry such as
"/DN" user1,user2

gridlist.[ch]:
- new matching type MATCH_EXACT. When used, all found usernames are matched
  exact against the searchstring. For other matching types only the first
  username is used in a comparison.
lcmaps_localaccount.c:
- when LCMAPS version is bigger than 1.5.8, requested_username is obtained from
  the framework.
- when a requested_username is set, a MATCH_EXACT is performed based on the
  input, otherwise a match 'not starting with a .' is performed on the first
  entry in the list of localaccounts in the matched grid-mapfile line.



Revision 16850 - Directory Listing
Modified Thu Feb 21 13:40:44 2013 UTC (8 years, 7 months ago) by msalle
Support input of a 'desired identity' for lcmaps_run_and_return_username()
interface. LCMAPS will make this available to the plugins, which can use it to
support grid-mapfile entries of the form
    "/DN" user1, user2
lcmaps_account_info_t now has an extra field, the username itself.



Revision 16849 - Directory Listing
Modified Thu Feb 21 13:29:45 2013 UTC (8 years, 7 months ago) by msalle
Add support for the desired_identity coming from the Globus parent program. When
the LCMAPS version is at least 1.5.8, it is passed into LCMAPS which makes it
available to the plugins to ultimately provide support for multi-useraccount
entries in the grid-mapfile


Revision 16848 - Directory Listing
Modified Thu Feb 21 12:10:16 2013 UTC (8 years, 7 months ago) by msalle
Need to update the lcmaps_account structure, as new LCMAPS 1.5.8 has extra field
username in it.


Revision 16832 - Directory Listing
Modified Thu Feb 7 12:54:24 2013 UTC (8 years, 8 months ago) by msalle
Updating ChangeLog


Revision 16830 - Directory Listing
Modified Wed Feb 6 14:01:01 2013 UTC (8 years, 8 months ago) by msalle
Few small fixes relating to implicit typecasts and comparisons. Explicitly check
return value of snprintf in number of cases (can be negative).


Revision 16829 - Directory Listing
Modified Wed Feb 6 13:28:32 2013 UTC (8 years, 8 months ago) by msalle
Update for RH5 bugfix: VOMS may NOT be unloaded via a dlclose and then
reinitialized in a Globus/VOMS/OpenSSL setup on RH5. Fix moves the LCAS Term
which dlcloses the plugins till after LCMAPS has run by adding a new function
llgt_lcas_terminate() that is called after lcmaps has ran.
Also add new env variable LLGT_DLCLOSE_LCAS along the line of the
LLGT_DLCLOSE_LCMAPS. This might be needed at some point if the reordering turns
out insufficient still. Manpage is update to reflect this.
In addition fix cast problems showing from new compiler warning flags.
Bumping version and updating NEWS file.



Revision 16814 - Directory Listing
Modified Mon Dec 17 10:45:00 2012 UTC (8 years, 10 months ago) by msalle
Fix wrong name for disable test file.


Revision 16813 - Directory Listing
Modified Mon Dec 17 10:36:43 2012 UTC (8 years, 10 months ago) by msalle
Add missing files to dist tarball, update version


Revision 16809 - Directory Listing
Modified Mon Dec 3 20:15:18 2012 UTC (8 years, 10 months ago) by okoeroo
Added certification selection by a direct copy-pasta from okoeroo's makeproxy script

Revision 16808 - Directory Listing
Modified Sat Dec 1 12:09:17 2012 UTC (8 years, 10 months ago) by okoeroo
Forgot to remove debug stuff

Revision 16807 - Directory Listing
Modified Sat Dec 1 12:07:51 2012 UTC (8 years, 10 months ago) by okoeroo
Forgot to remove debug stuff

Revision 16806 - Directory Listing
Modified Sat Dec 1 11:56:12 2012 UTC (8 years, 10 months ago) by okoeroo
Added usage information to the lcmaps-compound test script

Revision 16805 - Directory Listing
Modified Sat Dec 1 10:57:55 2012 UTC (8 years, 10 months ago) by okoeroo
Added all the LCMAPS tests for EMI3 testing report

Revision 16804 - Directory Listing
Modified Fri Nov 30 21:29:28 2012 UTC (8 years, 10 months ago) by okoeroo
Forgot the actual tests...

Revision 16803 - Directory Listing
Modified Fri Nov 30 21:24:53 2012 UTC (8 years, 10 months ago) by okoeroo
Adding Generic LCMAPS tests.

Revision 16802 - Directory Listing
Modified Fri Nov 30 14:01:31 2012 UTC (8 years, 10 months ago) by okoeroo
Added new test to the lcmaps compound test to fulfill the EMI-3 testing reports

Revision 16795 - Directory Listing
Modified Sun Nov 18 17:58:53 2012 UTC (8 years, 10 months ago) by msalle
Updating ChangeLog


Revision 16794 - Directory Listing
Modified Sun Nov 18 17:58:32 2012 UTC (8 years, 10 months ago) by msalle
Updating NEWS file (glexec-configure update was missing).


Revision 16793 - Directory Listing
Modified Sun Nov 18 17:54:23 2012 UTC (8 years, 10 months ago) by msalle
Updating ChangeLog


Revision 16792 - Directory Listing
Modified Sun Nov 18 17:53:49 2012 UTC (8 years, 10 months ago) by msalle
Explict cast in fprintf


Revision 16791 - Directory Listing
Modified Sun Nov 18 16:49:16 2012 UTC (8 years, 10 months ago) by msalle
Explicit casts of numerical constants.


Revision 16790 - Directory Listing
Modified Sun Nov 18 16:42:58 2012 UTC (8 years, 10 months ago) by msalle
Explicitly cast 0 to size_t


Revision 16789 - Directory Listing
Modified Sun Nov 18 16:36:48 2012 UTC (8 years, 10 months ago) by msalle
More explicit cast: particular from constants (=int) to size_t (unsigned long).
Protect against errors from (v)snprintf: could return -1.


Revision 16788 - Directory Listing
Modified Sun Nov 18 14:33:36 2012 UTC (8 years, 10 months ago) by msalle
Fix truncation of loglevel before converting to enum (unsigned) and give proper
warnings in main_util.c. In glexec_log.c just in case (can no longer check < 0)
Prototype for setgroups() depends on OS: linux has size_t for first, BSD and
Solaris have int.


Revision 16787 - Directory Listing
Modified Sun Nov 18 13:50:29 2012 UTC (8 years, 10 months ago) by msalle
Explicitly cast the uid/gid to id_t in calls to safe_add_id_to_list().


Revision 16786 - Directory Listing
Modified Sun Nov 18 12:58:40 2012 UTC (8 years, 10 months ago) by msalle
Add few more explicit casts. Check earlier whether log level is within valid
bounds, initialize lock_type. Add _POSIX_PTHREAD_SEMANTICS define also to header
file (it includes pwd.h).


Revision 16785 - Directory Listing
Modified Sun Nov 18 12:09:18 2012 UTC (8 years, 10 months ago) by msalle
Few bugfixes: LCK_* are not of GLEXEC_LOCK_TYPE but defined in fileutil.h, and
basically int. Also don't compare signed value with unsigned value before
guaranteeing it's positive.


Revision 16784 - Directory Listing
Modified Fri Nov 16 14:28:08 2012 UTC (8 years, 11 months ago) by msalle
Updating ChangeLog


Revision 16783 - Directory Listing
Modified Fri Nov 16 14:27:27 2012 UTC (8 years, 11 months ago) by msalle
Updating NEWS file and ChangeLog


Revision 16782 - Directory Listing
Modified Fri Nov 16 14:12:34 2012 UTC (8 years, 11 months ago) by msalle
- Further cleanup of inproper (but usually harmless) casts.
- Do not print destination proxy name if cgul_write_uniq_proxy() failed.
- We now have the additional warning flags -Wconversion -Wextra, which handle a
  number of common issues.



Revision 16781 - Directory Listing
Modified Fri Nov 16 12:34:46 2012 UTC (8 years, 11 months ago) by msalle
Add, commented-out, the RH6 NSS-hack for the LCMAPS plugins-c-pep in the
prototype lcmaps.db file.


Revision 16780 - Directory Listing
Modified Fri Nov 16 11:16:35 2012 UTC (8 years, 11 months ago) by msalle
Initialize config_buffer to NULL for safety.


Revision 16779 - Directory Listing
Modified Fri Nov 16 11:13:40 2012 UTC (8 years, 11 months ago) by msalle
Bug fixes: realloc() needs total size, not just the number of elements,
global_conf_configsize is unsigned and equal 0 when uninitialized.


Revision 16778 - Directory Listing
Modified Thu Nov 15 21:51:33 2012 UTC (8 years, 11 months ago) by msalle
Bumping version


Revision 16777 - Directory Listing
Modified Thu Nov 15 21:50:28 2012 UTC (8 years, 11 months ago) by msalle
Many small updates:
- make sure to initialize target account structure. For this introduce two new
  defines: GLEXEC_UID_UNDEFINED and GLEXEC_GID_UNDEFINED which are set to a very
  large and most probably harmless value. On many systems they will either be
  really undefined gid/uid or be equal to nobody and/or nogroup
- protect against negative values of nsgid.
- protect against calling setgroups with nsgid 0 or even negative when returning
  to caller (linger as caller)
- protect against not having _SC_GETPW_R_SIZE_MAX
- properly initialize pw struct before calling getpwuid_r using the new
  GLEXEC_UID/GID_UNDEFINED
- Many small updates to fix unproper implicit casts from signed to unsigned and
  viceversa:
    - Adding -Wconversion flag to warning flags: it warns about implicit casts
      or initializations that are unsafe or wrong in sign.
    - Some type changes of variables in order to prevent casts.
    - Some explicit casts when it is guaranteed safe.
    - Check snprintf does not return -1
    - Adapt cgul_* functions that now always use proper uid_t / gid_t.
    - define a number of defines as unsigned (using U), e.g. UID_MIN and GID_MIN



Revision 16776 - Directory Listing
Modified Thu Nov 15 21:28:57 2012 UTC (8 years, 11 months ago) by msalle
Fixes to prevent implicit type conversions between signed/unsigned types and
some checks on errors for snprintf.

environ.c
- either explicitly cast when it is guaranteed safe, or change the type prevent
  the need for casting.
- explicitly check that (v)snprintf does not return -1
realpath.c
- explicitly check that snprintf does not return -1
- change type few variables to prevent the need for casting.
fileutil.h/c
- drop support for negative trust_gid in cgul_read_config(). Should be handled
  by caller. This allows making it proper gid_t.
- handle not-used trust_gid in cgul_executable_trusted() using extra flag. That
  allows making trust_gid a proper gid_t.
- drop support for negative write_uid and write_gid in cgul_write_proxy() and
  cgul_write_uniq_proxy(). GLExec did not use it and it allows making them
  proper uid_t / gid_t.
- This also allow static fcie priv_drop() to only except uid_t/gid_t
- fix casting of st_size (off_t) into size_t before adding sizeof (which is
  size_t).
- only define and set switching variable in cgul_read_config when
  DEMAND_CONFIG_IS_CONFIDENTIAL is defined.



Revision 16775 - Directory Listing
Modified Tue Nov 13 13:59:04 2012 UTC (8 years, 11 months ago) by msalle
Only need lcmaps-basic-interface. Also set the SHREXT


Revision 16774 - Directory Listing
Modified Mon Nov 12 08:45:37 2012 UTC (8 years, 11 months ago) by msalle
return value of cgul_getvarnamelen is int, namelen was size_t, so could not
check for negative return value.


Revision 16773 - Directory Listing
Modified Sat Nov 10 20:52:40 2012 UTC (8 years, 11 months ago) by okoeroo
Changed the main() to work with getops() to parse the argv[]. Added --help. Added --conf <conffile>. Fixed a problem where logging to file in an unwriteable location doesn't cast an error anywhere. Now this is at least down by changing the cgul_log_option to add Syslog logging and let the fopen() error be casted there.

Revision 16772 - Directory Listing
Modified Thu Nov 8 16:38:39 2012 UTC (8 years, 11 months ago) by msalle
- Update globus default tag to 5.2.2
- Update svn for argus-pep-c-lib
- Remove jobrepository and globus dependencies for lcmaps-plugins-jobrep (now
  self-contained)
- Add some verbose messages


Revision 16771 - Directory Listing
Modified Thu Nov 8 15:07:36 2012 UTC (8 years, 11 months ago) by okoeroo
Adding more content to the BUGS file

Revision 16770 - Directory Listing
Modified Thu Nov 8 15:06:57 2012 UTC (8 years, 11 months ago) by okoeroo
Adding a BUGS file

Revision 16769 - Directory Listing
Modified Thu Nov 8 14:56:25 2012 UTC (8 years, 11 months ago) by msalle
Install and distribute BUGS


Revision 16768 - Directory Listing
Modified Thu Nov 8 14:55:50 2012 UTC (8 years, 11 months ago) by msalle
Install and distribute BUGS as documentation


Revision 16767 - Directory Listing
Modified Thu Nov 8 14:54:59 2012 UTC (8 years, 11 months ago) by msalle
Adding BUGS to doc_data and hence distribute and install it as doc


Revision 16766 - Directory Listing
Modified Thu Nov 8 14:53:55 2012 UTC (8 years, 11 months ago) by msalle
Adding BUGS to doc_data. Will be distributed and installed as doc


Revision 16765 - Directory Listing
Modified Wed Nov 7 10:54:26 2012 UTC (8 years, 11 months ago) by msalle
Few typo-fixes in man pages, bumping version.


Revision 16762 - Directory Listing
Modified Tue Nov 6 14:04:54 2012 UTC (8 years, 11 months ago) by msalle
Introduce hacks to find argus-shipped jar files in /var/lib/argus/pepd.
Bumping version.


Revision 16759 - Directory Listing
Modified Tue Nov 6 01:46:59 2012 UTC (8 years, 11 months ago) by dennisvd
use LDAP_DEPRECATED to use the old OpenLDAP interface


Revision 16749 - Directory Listing
Modified Mon Nov 5 22:56:52 2012 UTC (8 years, 11 months ago) by dennisvd
Removed leftover .UE macro.


Revision 16744 - Directory Listing
Modified Thu Nov 1 20:04:45 2012 UTC (8 years, 11 months ago) by okoeroo
Revamped VOMS error messages because they are sometimes cryptic. They now also provide useful debugging hints for the admins.

Revision 16743 - Directory Listing
Modified Thu Nov 1 12:15:28 2012 UTC (8 years, 11 months ago) by dennisvd
change hyphens "-" to minuses "\-" according to lintian


Revision 16742 - Directory Listing
Modified Thu Nov 1 12:13:44 2012 UTC (8 years, 11 months ago) by dennisvd
replace hyphens "-" by minuses "\-" or so says lintian


Revision 16741 - Directory Listing
Modified Thu Nov 1 12:06:12 2012 UTC (8 years, 11 months ago) by dennisvd
Set 'nofill' for the very wide example line of the gridmapdir, which groff otherwise may choke on.


Revision 16739 - Directory Listing
Modified Thu Nov 1 11:52:00 2012 UTC (8 years, 11 months ago) by dennisvd
Fix typo: prefered -> preferred (2x) (thanks to lintian)


Revision 16738 - Directory Listing
Modified Thu Nov 1 11:08:58 2012 UTC (8 years, 11 months ago) by dennisvd
fixed typo: Succesfully -> Successfully (3x) (Thanks to lintian)


Revision 16737 - Directory Listing
Modified Thu Nov 1 11:07:35 2012 UTC (8 years, 11 months ago) by dennisvd
fixed typo: explict -> explicit (Thanks to lintian)


Revision 16736 - Directory Listing
Modified Wed Oct 31 21:06:50 2012 UTC (8 years, 11 months ago) by okoeroo
Adding new tester

Revision 16722 - Directory Listing
Modified Wed Oct 31 12:57:00 2012 UTC (8 years, 11 months ago) by dennisvd
forgot one lcmaps.db directory check.


Revision 16716 - Directory Listing
Modified Wed Oct 31 11:15:46 2012 UTC (8 years, 11 months ago) by dennisvd
Create /etc/lcmaps/ if it does not exist.


Revision 16711 - Directory Listing
Modified Wed Oct 31 09:29:48 2012 UTC (8 years, 11 months ago) by okoeroo
Updated ChangeLog

Revision 16710 - Directory Listing
Modified Wed Oct 31 09:28:39 2012 UTC (8 years, 11 months ago) by okoeroo
Bumping to 1.5.5 adding a clear deprecation notice in the man page with respect to the VOMS Extract plugin.

Revision 16709 - Directory Listing
Modified Wed Oct 31 00:41:54 2012 UTC (8 years, 11 months ago) by okoeroo
SCAS-Client modifications to the error message not stating a password file by something not found on the system.

Revision 16707 - Directory Listing
Modified Wed Oct 31 00:04:23 2012 UTC (8 years, 11 months ago) by okoeroo
ChangeLog file update

Revision 16706 - Directory Listing
Modified Wed Oct 31 00:02:10 2012 UTC (8 years, 11 months ago) by okoeroo
Additions to the man page

Revision 16705 - Directory Listing
Modified Tue Oct 30 23:57:43 2012 UTC (8 years, 11 months ago) by okoeroo
Updated the man page

Revision 16704 - Directory Listing
Modified Tue Oct 30 15:22:55 2012 UTC (8 years, 11 months ago) by okoeroo
Fixed a bug in the proxy sanity checking and enabled USE_STRICT_PATH_VALIDATION.

Revision 16703 - Directory Listing
Modified Tue Oct 30 15:15:57 2012 UTC (8 years, 11 months ago) by okoeroo
Adding warning message about grid-proxy-init.

Revision 16702 - Directory Listing
Modified Tue Oct 30 14:01:29 2012 UTC (8 years, 11 months ago) by okoeroo
Fixing a bug

Revision 16695 - Directory Listing
Modified Tue Oct 30 13:27:06 2012 UTC (8 years, 11 months ago) by okoeroo
Mass proxy generator. It wraps around both voms-proxy-init and grid-proxy-init. It will generate ~50 different certificate chains that can be tested.

Revision 16657 - Directory Listing
Modified Fri Oct 26 15:18:20 2012 UTC (8 years, 11 months ago) by okoeroo
Cleaned up code segments, removed debug code, added function prototypes, debugged and fixed the Limited proxy restriction and added GT3 Limited proxy to the test list. Removed a lot of duplicate code where the certificate chain expectations are tested and error reported. This is now a lot more readable and the error output doesnt mix the chain validation code.

Revision 16646 - Directory Listing
Modified Fri Oct 26 13:42:32 2012 UTC (8 years, 11 months ago) by okoeroo
Version 1.5.4
-------------
-   Added the option --disallow-limited-proxy on request by Igor Sfiligoi to be
    able to disallow limited proxies.
-   Added full support for RFC and GT3 proxies. Properly detecting the proxy
    types, including limited proxies is now fully supported. RESTRICTED and
    INDEPENDENT in (pre-)RFC proxies WILL be treated as an IMPERSONATION proxy
    type, which is the default.



Revision 16642 - Directory Listing
Modified Fri Oct 26 12:34:09 2012 UTC (8 years, 11 months ago) by msalle
update ChangeLog


Revision 16641 - Directory Listing
Modified Fri Oct 26 12:33:41 2012 UTC (8 years, 11 months ago) by msalle
logrotate should be DATA not SCRIPTS


Revision 16640 - Directory Listing
Modified Fri Oct 26 12:20:27 2012 UTC (8 years, 11 months ago) by msalle
Update ChangeLog


Revision 16639 - Directory Listing
Modified Fri Oct 26 12:20:08 2012 UTC (8 years, 11 months ago) by msalle
Update NEWS file for 0.1.4 release


Revision 16638 - Directory Listing
Modified Fri Oct 26 12:08:41 2012 UTC (8 years, 11 months ago) by msalle
Set to GNU_SOURCE or we can't use strndup.
Remove const from parameter, as it isn't really const.


Revision 16637 - Directory Listing
Modified Fri Oct 26 11:52:54 2012 UTC (8 years, 11 months ago) by msalle
Add missing cleanfiles entry for logrotate file


Revision 16636 - Directory Listing
Modified Fri Oct 26 11:49:22 2012 UTC (8 years, 11 months ago) by msalle
Don't print value of localstatedir in configure help text.


Revision 16635 - Directory Listing
Modified Fri Oct 26 11:41:48 2012 UTC (8 years, 11 months ago) by msalle
- Make plugin dir configurable:
    - can be set using --with-ees-moduledir
    - rename into EES_MOD_HOME
    - set it via AM_CPPFLAGS instead of config.h to have it expanded more
      easily.
    - Removing now unneeded ax_define_dir.m4.
    - Also use it in config file.
- Only create .so files for plugins, not .so.* files: -avoid-version
- Use SHREXT to create appropriate plugin suffix.
- Make sure input files are properly distributed and not installed.
- Distribute setup/gridmapfile.example but don't install it.



Revision 16634 - Directory Listing
Modified Fri Oct 26 10:13:53 2012 UTC (8 years, 11 months ago) by msalle
Make config file location configurable.


Revision 16633 - Directory Listing
Modified Fri Oct 26 10:06:13 2012 UTC (8 years, 11 months ago) by msalle
Cleanup of the config file.


Revision 16632 - Directory Listing
Modified Fri Oct 26 10:03:03 2012 UTC (8 years, 11 months ago) by msalle
Fix typo


Revision 16631 - Directory Listing
Modified Fri Oct 26 09:54:43 2012 UTC (8 years, 11 months ago) by msalle
- Parse ees logrotate via sed template to expand $prefix.
- Recreate logfile with 0640 ees ees, instead of root ees.
- Make logfile location configurable



Revision 16630 - Directory Listing
Modified Fri Oct 26 08:43:13 2012 UTC (8 years, 11 months ago) by msalle
- Init script:
    - Do not enable ees service by default (chkconfig -)
    - move to subdir in setup
- Add logrotate file
- Bump version



Revision 16629 - Directory Listing
Modified Thu Oct 25 15:46:28 2012 UTC (8 years, 11 months ago) by msalle
Update ChangeLog


Revision 16628 - Directory Listing
Modified Thu Oct 25 15:46:00 2012 UTC (8 years, 11 months ago) by msalle
Add lograte script, no longer automatically enable service (chkconfig: -).
Update version and NEWS file.


Revision 16621 - Directory Listing
Modified Thu Oct 25 14:41:34 2012 UTC (8 years, 11 months ago) by msalle
Updating ChangeLog


Revision 16620 - Directory Listing
Modified Thu Oct 25 14:41:10 2012 UTC (8 years, 11 months ago) by msalle
Adding manpage for mapfile2gacl and its symlinks.
Adding NEWS file.
Updating version.


Revision 16611 - Directory Listing
Modified Thu Oct 25 12:51:27 2012 UTC (8 years, 11 months ago) by msalle
Update ChangeLog


Revision 16606 - Directory Listing
Modified Thu Oct 25 12:33:05 2012 UTC (8 years, 11 months ago) by msalle
Update ChangeLog


Revision 16601 - Directory Listing
Modified Thu Oct 25 12:00:49 2012 UTC (8 years, 11 months ago) by msalle
Updating ChangeLog


Revision 16600 - Directory Listing
Modified Thu Oct 25 12:00:00 2012 UTC (8 years, 11 months ago) by msalle
Update NEWS file, bumping version.


Revision 16599 - Directory Listing
Modified Thu Oct 25 11:56:24 2012 UTC (8 years, 11 months ago) by msalle
Replace reference to password file.


Revision 16595 - Directory Listing
Modified Thu Oct 25 09:31:42 2012 UTC (8 years, 11 months ago) by msalle
Update ChangeLog


Revision 16594 - Directory Listing
Modified Thu Oct 25 09:31:10 2012 UTC (8 years, 11 months ago) by msalle
Add -f to rm to prevent error message.


Revision 16593 - Directory Listing
Modified Thu Oct 25 09:28:29 2012 UTC (8 years, 11 months ago) by msalle
Add ChangeLog


Revision 16592 - Directory Listing
Modified Thu Oct 25 09:27:10 2012 UTC (8 years, 11 months ago) by msalle
Finalize autotoolization:
- Run AC_CONFIG_COMMANDS([doc/man/stamp]) from configure.ac to create doc/man in
  out-of-tree build, also needed for next point.
- Merge all Makefile.am into one.
- Move README_glexecwrappers to topdir and rename in README
- Make perl scripts executable (either all scripts or none).
- Add NEWS file.



Revision 16589 - Directory Listing
Modified Wed Oct 24 20:41:25 2012 UTC (8 years, 11 months ago) by msalle
Cleanup man Makefile.am, everything manpage related is in doc/man/Makefile.am.
Create symlinks for wap manpage and script.



Revision 16588 - Directory Listing
Modified Wed Oct 24 20:20:27 2012 UTC (8 years, 11 months ago) by msalle
Add manpage, moved into a subdirectory, made via template to allow autotools
substitutions.
Also move scripts into a subdirectory.
Add LICENSE file.



Revision 16581 - Directory Listing
Modified Tue Oct 23 18:45:14 2012 UTC (8 years, 11 months ago) by msalle
Updating ChangeLog


Revision 16578 - Directory Listing
Modified Tue Oct 23 18:18:30 2012 UTC (8 years, 11 months ago) by msalle
Further shortening log messages.


Revision 16577 - Directory Listing
Modified Tue Oct 23 18:13:56 2012 UTC (8 years, 11 months ago) by msalle
Shortening log messages to prevent double logging of same error.


Revision 16576 - Directory Listing
Modified Tue Oct 23 17:40:33 2012 UTC (8 years, 11 months ago) by msalle
Updating NEWS file for 0.9.7


Revision 16575 - Directory Listing
Modified Tue Oct 23 17:34:20 2012 UTC (8 years, 11 months ago) by msalle
Remove extra , in log fmt string.


Revision 16574 - Directory Listing
Modified Tue Oct 23 15:51:40 2012 UTC (8 years, 11 months ago) by msalle
Fix typo (extra ,)


Revision 16573 - Directory Listing
Modified Tue Oct 23 15:47:21 2012 UTC (8 years, 11 months ago) by msalle
Fix log messages printed when config cannot be read.


Revision 16572 - Directory Listing
Modified Tue Oct 23 15:37:44 2012 UTC (8 years, 11 months ago) by msalle
Only log how we opened the logfile if it failed.
Updating version.


Revision 16566 - Directory Listing
Modified Tue Oct 23 13:36:03 2012 UTC (8 years, 11 months ago) by msalle
Updating ChangeLog


Revision 16564 - Directory Listing
Modified Tue Oct 23 12:08:18 2012 UTC (8 years, 11 months ago) by msalle
Missing banmap file is fatal, as for the ban_dn plugin in lcmaps-plugins-basic.
Small cosmetic updates, such as using lcmaps_log instead of lcmaps_log_debug


Revision 16560 - Directory Listing
Modified Tue Oct 23 10:14:34 2012 UTC (8 years, 11 months ago) by msalle
Updating ChangeLog


Revision 16559 - Directory Listing
Modified Tue Oct 23 10:13:04 2012 UTC (8 years, 11 months ago) by msalle
Setting version to 1.5.1, previous tagged version is 1.5.0
Updating NEWS file to reflect new plugin
Updating ChangeLog


Revision 16558 - Directory Listing
Modified Tue Oct 23 09:54:35 2012 UTC (8 years, 11 months ago) by msalle
Cleanup of Makefile.am


Revision 16557 - Directory Listing
Modified Tue Oct 23 09:34:16 2012 UTC (8 years, 11 months ago) by msalle
Remove non-existing Doxyfile from EXTRA_DIST


Revision 16553 - Directory Listing
Modified Mon Oct 22 12:25:37 2012 UTC (8 years, 11 months ago) by msalle
Update ChangeLog


Revision 16552 - Directory Listing
Modified Mon Oct 22 12:25:08 2012 UTC (8 years, 11 months ago) by msalle
When the two results (desired identity and cached result) mismatch, warn and
rerun LCMAPS instead of fail.


Revision 16551 - Directory Listing
Modified Sun Oct 21 11:38:44 2012 UTC (8 years, 11 months ago) by msalle
Updating ChangeLog


Revision 16550 - Directory Listing
Modified Sun Oct 21 11:37:37 2012 UTC (8 years, 11 months ago) by msalle
shorten log line.


Revision 16549 - Directory Listing
Modified Sun Oct 21 11:30:16 2012 UTC (8 years, 11 months ago) by msalle
Log service name iff present, reorganize caching for clarity.


Revision 16548 - Directory Listing
Modified Sun Oct 21 10:57:21 2012 UTC (8 years, 11 months ago) by msalle
Update ChangeLog


Revision 16547 - Directory Listing
Modified Fri Oct 19 14:12:15 2012 UTC (8 years, 11 months ago) by msalle
The result of LCMAPS mapping is stored, to allow caching the result:
When a non-NULL 'desired identity' is presented, and a previous result is
available, it is used instead of doing a new LCMAPS run. This means LCMAPS at
most runs once.
Allow preventing the caching by setting the new environment variable
LLGT_CACHE_CALLOUT to no, disable or disabled.
Do not call globus_module_deactivate() since this might corrupt e.g. the OpenSSL
library, it should be called from the calling program.
Update NEWS file and man page to reflect the new behaviour.



Revision 16546 - Directory Listing
Modified Thu Oct 18 13:21:37 2012 UTC (8 years, 11 months ago) by msalle
New feature: env var LLGT_DLCLOSE_LCMAPS, when set to no, disable or disabled,
do NOT call dlclose() on lcmaps. This is a workaround for a RH5-based bug
relating to gsisshd, which run the callout twice. Updating manpage and NEWS file
to reflect this. Also:
- spell checked manpage
- replaced LICENSE file with proper Apache-2 LICENSE file
- removed unused voms.m4 macro (only needed for AC_LCMAPS, but we only use
  AC_LCMAPS_INTERFACE)



Revision 16545 - Directory Listing
Modified Mon Oct 15 20:33:40 2012 UTC (9 years ago) by okoeroo
Replacing false OSPF statements with OCSP statements. Implementing the option --disallow-limited-proxy.

Revision 16544 - Directory Listing
Modified Mon Oct 15 20:31:17 2012 UTC (9 years ago) by okoeroo
Replacing false OSPF statements with OCSP statements. Implementing the option --disallow-limited-proxy.

Revision 16543 - Directory Listing
Modified Fri Oct 12 07:53:40 2012 UTC (9 years ago) by msalle
Move cleanup of pdl memory in case of failure closer to pluginmanager to prevent
missing prototype warning.


Revision 16542 - Directory Listing
Modified Thu Oct 11 15:29:15 2012 UTC (9 years ago) by msalle
Bug fix for missing cleanup of pdl data when LCMAPS fails.
This could trigger a segfault when LCMAPS is run multiple times, as in gsisshd,
on certain systems.
Updating version.


Revision 16540 - Directory Listing
Modified Fri Sep 28 14:17:18 2012 UTC (9 years ago) by msalle
Add missing newlines in log entries.


Revision 16538 - Directory Listing
Modified Fri Sep 28 13:29:32 2012 UTC (9 years ago) by msalle
Bugfixes:
- install INSTALL, but rename into install_instructions.txt
- improve text in the install instructions
- typo in jobrep-create-basic.sql: fqan_id -> voms_fqan_id
Bump version



Revision 16534 - Directory Listing
Modified Mon Sep 24 14:09:20 2012 UTC (9 years ago) by msalle
Updating ChangeLog


Revision 16533 - Directory Listing
Modified Mon Sep 24 14:07:14 2012 UTC (9 years ago) by msalle
Bugfix: plugins where not dlclose()-ed in lcas_term, which indirectly triggered
a segmentation fault in gsisshd when used in combination with PAM. Actual
segmentation fault appears in OpenSSL related calls.
Updating version and NEWS file.


Revision 16522 - Directory Listing
Modified Fri Aug 31 13:01:27 2012 UTC (9 years, 1 month ago) by okoeroo
Updated and new files.



Revision 16521 - Directory Listing
Modified Fri Aug 31 12:54:54 2012 UTC (9 years, 1 month ago) by okoeroo
That bugs file

Revision 16519 - Directory Listing
Modified Fri Aug 31 11:22:15 2012 UTC (9 years, 1 month ago) by okoeroo
Adding an Quick INSTALL guide

Revision 16518 - Directory Listing
Modified Fri Aug 31 11:16:12 2012 UTC (9 years, 1 month ago) by msalle
Fix typo (found by lintian in the binary!)


Revision 16517 - Directory Listing
Modified Fri Aug 31 11:13:56 2012 UTC (9 years, 1 month ago) by okoeroo
Latest greatest MAN page

Revision 16515 - Directory Listing
Modified Fri Aug 31 10:51:15 2012 UTC (9 years, 1 month ago) by okoeroo
Typos and fixes

Revision 16512 - Directory Listing
Modified Fri Aug 31 10:43:09 2012 UTC (9 years, 1 month ago) by okoeroo
NEWS, read all about it. In this case the jobrep plugin

Revision 16511 - Directory Listing
Modified Fri Aug 31 10:31:17 2012 UTC (9 years, 1 month ago) by okoeroo
Updated database schema PDF and date in the OmniGraffle file.

Revision 16510 - Directory Listing
Modified Fri Aug 31 10:27:55 2012 UTC (9 years, 1 month ago) by okoeroo
Rewritten the man page for this module.

Revision 16506 - Directory Listing
Modified Fri Aug 31 09:16:31 2012 UTC (9 years, 1 month ago) by msalle
Fix updated name of manpage


Revision 16505 - Directory Listing
Modified Fri Aug 31 09:01:20 2012 UTC (9 years, 1 month ago) by msalle
Remove linking with odbcinst (not needed)


Revision 16501 - Directory Listing
Modified Thu Aug 30 08:56:08 2012 UTC (9 years, 1 month ago) by msalle
Remove deprecated jobrep-create-CE.sql


Revision 16500 - Directory Listing
Modified Thu Aug 30 08:52:44 2012 UTC (9 years, 1 month ago) by msalle
Do not distribute graffle. Install the database design pdf.


Revision 16499 - Directory Listing
Modified Thu Aug 30 08:42:53 2012 UTC (9 years, 1 month ago) by msalle
Make sure manpages are installed. Make sure all docs are distributed.


Revision 16498 - Directory Listing
Modified Thu Aug 30 08:31:35 2012 UTC (9 years, 1 month ago) by msalle
Update copyright and authors


Revision 16497 - Directory Listing
Modified Wed Aug 29 15:40:19 2012 UTC (9 years, 1 month ago) by msalle
No pointer arithmetic with void pointers.


Revision 16496 - Directory Listing
Modified Wed Aug 29 15:31:16 2012 UTC (9 years, 1 month ago) by msalle
Include dir should be with respect to top_srcdir.



Revision 16495 - Directory Listing
Modified Wed Aug 29 14:25:54 2012 UTC (9 years, 1 month ago) by msalle
Removing now-unneeded m4 macros for jobrep_api and globus.


Revision 16494 - Directory Listing
Modified Tue Aug 14 09:30:52 2012 UTC (9 years, 2 months ago) by okoeroo
Cleanup

Revision 16493 - Directory Listing
Modified Tue Aug 14 07:15:43 2012 UTC (9 years, 2 months ago) by okoeroo
Fixed crash when the DSN doesn't exist

Revision 16492 - Directory Listing
Modified Mon Aug 13 20:52:37 2012 UTC (9 years, 2 months ago) by okoeroo
Adjusted the database schema

Revision 16491 - Directory Listing
Modified Mon Aug 13 20:48:50 2012 UTC (9 years, 2 months ago) by okoeroo
Added a database transaction, where needed

Revision 16490 - Directory Listing
Modified Mon Aug 13 10:52:59 2012 UTC (9 years, 2 months ago) by okoeroo
Added effective_credential_unix_gids to the mix. Only need the coupling from or to the Globus environment

Revision 16489 - Directory Listing
Modified Mon Aug 13 10:24:34 2012 UTC (9 years, 2 months ago) by okoeroo
Added insert into effective_credentials_unix_uid_voms and all sub-tables

Revision 16488 - Directory Listing
Modified Mon Aug 13 06:15:04 2012 UTC (9 years, 2 months ago) by okoeroo
Updated/reorganized database lay-out and fixed some bugs. Also the code is capable of inserting the annotated table names

Revision 16487 - Directory Listing
Modified Sun Aug 12 20:15:35 2012 UTC (9 years, 2 months ago) by okoeroo
Fixed content and updated the lay-out

Revision 16486 - Directory Listing
Modified Sun Aug 12 19:48:37 2012 UTC (9 years, 2 months ago) by okoeroo
Adding new database lay-out design.

Revision 16485 - Directory Listing
Modified Sun Aug 12 14:29:43 2012 UTC (9 years, 2 months ago) by okoeroo
Updated the SQL schema, fixed data handling, added support for the insert_last_id(), other improvements.



Revision 16484 - Directory Listing
Modified Tue Aug 7 14:22:46 2012 UTC (9 years, 2 months ago) by okoeroo
Added FQANs into the database, and assigning a user_id by extraction and selection from the certificates directory

Revision 16483 - Directory Listing
Modified Tue Aug 7 09:58:01 2012 UTC (9 years, 2 months ago) by okoeroo
Added push of certificate details to the database.

Revision 16482 - Directory Listing
Modified Mon Aug 6 17:12:59 2012 UTC (9 years, 2 months ago) by okoeroo
Split source files

Revision 16480 - Directory Listing
Modified Mon Aug 6 15:42:32 2012 UTC (9 years, 2 months ago) by okoeroo
Fixed cleanups and more. Easy querying now

Revision 16476 - Directory Listing
Modified Mon Aug 6 12:55:21 2012 UTC (9 years, 2 months ago) by dennisvd
Don't use yywrap, prevent missing symbols.


Revision 16474 - Directory Listing
Modified Thu Aug 2 16:57:14 2012 UTC (9 years, 2 months ago) by okoeroo
Tiny updates for the jobrep

Revision 16473 - Directory Listing
Modified Thu Aug 2 15:39:58 2012 UTC (9 years, 2 months ago) by okoeroo
Merged jobrepository library into the plug-in. This aids debugging possibilities

Revision 16425 - Directory Listing
Modified Fri Jul 6 16:12:52 2012 UTC (9 years, 3 months ago) by msalle
Use chevrons instead of double quote includes for globus includes.


Revision 16424 - Directory Listing
Modified Fri Jul 6 16:10:16 2012 UTC (9 years, 3 months ago) by msalle
Moving towards more standard globus/*.h includes, adding secondary globus
libraries as they are not automatically found on all systems.
Adding (not functional) autotools files: bootstrap, globus.m4 macro, Makefile.am
and configure.ac. In time this tool should move into the
lcas-lcmaps-gt4-interface tree. 



Revision 16420 - Directory Listing
Modified Fri Jul 6 10:34:39 2012 UTC (9 years, 3 months ago) by msalle
Updating ChangeLog



Revision 16419 - Directory Listing
Modified Thu Jul 5 15:23:06 2012 UTC (9 years, 3 months ago) by msalle
Updating the NEWS file.


Revision 16418 - Directory Listing
Modified Thu Jul 5 15:15:51 2012 UTC (9 years, 3 months ago) by msalle
Add 'noyywrap' lex option to prevent a missing symbol error.


Revision 16417 - Directory Listing
Modified Mon Jun 18 10:23:10 2012 UTC (9 years, 4 months ago) by okoeroo
The first delegation can now be a GT2/old-style Limited proxy.

Note:
The proxy certificate semantic checks do support the complete semantics for CA,
EEC, old-style proxy, RFC3820 proxy, old-style limited proxy and RFC3820
Limited proxy certificate types. 

BUT! The RFC3820 proxy types are not yet distinguishable. So all RFC3820 type
certificate are all tagged as type 'normal'




Revision 16416 - Directory Listing
Modified Fri Jun 15 23:52:42 2012 UTC (9 years, 4 months ago) by okoeroo
Version 1.5.3
-------------
-   Brain Bockelman reported a verification failure when a certificate chain
    contains at least two limited proxies. This version exclusively fixes this
    problem.
-   The add-on verification routines to semantically check the certificate
    chain was not launched when the X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED error
    was set. Only OpenSSL versions older then 0.9.8 would have this #ifdef
    enable.
-   OpenSSL casts an X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED where it doesn't
    make sense as the test used a non-RFC3820 proxy. OpenSSL is not capable of
    extracting a path length constraint out of non-RFC proxy.  OpenSSL also
    tagged all  certificates in the chain to be showing the
    X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED error. The add-on evaluator performs
    a proper check to compensate.
-   The add-on verification routines did not take limited proxies into account.
    This mistake was gracefully neglected, because proxy chains with only one
    Limited proxy at the end was perfectly tolerated. A double limited proxy or
    proxy certificate chain with at least two (or more) Limited proxy
    delegations of the RFC3820 and old-style proxy type would fail the
    verification with the previously mentioned anomalies.





Revision 16415 - Directory Listing
Modified Tue Jun 5 11:32:39 2012 UTC (9 years, 4 months ago) by msalle
Add missing header syslog.h to llgt_utils.h as it is needed for LOG_ERR etc.


Revision 16414 - Directory Listing
Modified Tue Jun 5 10:58:53 2012 UTC (9 years, 4 months ago) by msalle
Small fixes:
- -disablewildcard now works
- fix memory leak
- update name


Revision 16413 - Directory Listing
Modified Tue Jun 5 10:30:40 2012 UTC (9 years, 4 months ago) by msalle
Adding new plugin lcmaps_ban_fqan that can ban users if any of its FQANs appears
in a banfile. This plugin works the same as the new lcmaps_ban_dn for FQANs
instead of DNs. It has its own manpage.
Updating version and NEWS file.


Revision 16412 - Directory Listing
Modified Tue Jun 5 08:34:23 2012 UTC (9 years, 4 months ago) by msalle
Cleanup dead code.


Revision 16411 - Directory Listing
Modified Mon Jun 4 19:27:22 2012 UTC (9 years, 4 months ago) by okoeroo
Updated version to 1.5.3

Renamed the "ban_localaccount" module into "ban_dn"




Revision 16410 - Directory Listing
Modified Mon Jun 4 14:50:03 2012 UTC (9 years, 4 months ago) by msalle
Update logging functionality to allow for logging to file from llgt itself.
LLGT_LOG_FILE when set and can be opened, is used instead of syslog.
If succesfully opened, LCAS_LOG_FILE and/or LCMAPS_LOG_FILE when unset, will be
set to the same file.
When neither LLGT_LOG_FACILITY nor LLGT_LOG_IDENT is set and logging to syslog,
openlog is no longer called.


Revision 16409 - Directory Listing
Modified Fri Jun 1 13:41:47 2012 UTC (9 years, 4 months ago) by msalle
Give all private macros prefix _, mainly in _lcmaps.h
Most of these macros only work in the dlopen version.
Updating version.



Revision 16408 - Directory Listing
Modified Fri Jun 1 12:26:19 2012 UTC (9 years, 4 months ago) by msalle
When an entry is found lcmaps_gridlist return LCMAPS_MOD_ENTRY instead of
LCMAPS_MOD_SUCCESS 


Revision 16407 - Directory Listing
Modified Fri Jun 1 12:13:04 2012 UTC (9 years, 4 months ago) by msalle
Add missing ==0 in strcmp()


Revision 16406 - Directory Listing
Modified Fri Jun 1 12:04:26 2012 UTC (9 years, 4 months ago) by msalle
lcas_gridlist -> lcmaps_gridlist


Revision 16405 - Directory Listing
Modified Fri Jun 1 08:58:40 2012 UTC (9 years, 4 months ago) by msalle
Add few (empty) macros in the case LCMAPS_USE_DLOPEN is *not* defined, such that
we can use the same code base in both cases:
lcmaps_if.h:
- always define LCMAPS_SET_LIBFILE_PATH and LCMAPS_SET_HELPER_PATH (the actual
  split is done in _lcmaps.h)

_lcmaps.h:
- _LCMAPS_SET_LIBFILE_PATH and _LCMAPS_SET_HELPER_PATH

_lcmaps_return_account_from_pem.h:
- _LCMAPS_DECL_HANDLE_RETURN_ACCOUNT_FROM_PEM should actually declare a
  variable, as it will be used later;
- Rename the incorrect _LCMAPS_INTERFACE_RETURN_ACCOUNT_FROM_PEM into
  _LCMAPS_LOAD_RETURN_ACCOUNT_FROM_PEM and fix a problem in the definition of 
  _LCMAPS_INIT_HANDLE_RETURN_ACCOUNT_FROM_PEM, needed to dereference the
  argument.


Revision 16404 - Directory Listing
Modified Mon May 28 09:55:39 2012 UTC (9 years, 4 months ago) by okoeroo
Added man page to Makefile.am in the proper way.




Revision 16403 - Directory Listing
Modified Mon May 28 09:41:34 2012 UTC (9 years, 4 months ago) by okoeroo
Updating lcmaps-plugins-basic version to 1.5.2 to reflect the new plugins addition

Revision 16402 - Directory Listing
Modified Mon May 28 09:39:49 2012 UTC (9 years, 4 months ago) by okoeroo
Adding a new plug-in to the basic set of plugins, being a banning plugin based on Subject DNs only.



Revision 16368 - Directory Listing
Modified Sun Apr 22 22:28:14 2012 UTC (9 years, 5 months ago) by okoeroo
Certification output generating script.




Revision 16367 - Directory Listing
Modified Sun Apr 22 17:58:53 2012 UTC (9 years, 5 months ago) by okoeroo
Returned the file permission of glexec and glexec.conf to the old state.
Works perfectly.




Revision 16366 - Directory Listing
Modified Sun Apr 22 17:56:09 2012 UTC (9 years, 5 months ago) by okoeroo
Updated glexec compound test for certification without SCAS client, with pvier001 as test account and with glexec file permission changes.




Revision 16365 - Directory Listing
Modified Fri Apr 20 12:18:46 2012 UTC (9 years, 5 months ago) by okoeroo
Finished.



Revision 16363 - Directory Listing
Modified Fri Apr 20 09:44:06 2012 UTC (9 years, 5 months ago) by okoeroo
LCMAPS Certification script is pretty much done.




Revision 16336 - Directory Listing
Modified Mon Apr 16 17:39:54 2012 UTC (9 years, 6 months ago) by okoeroo
Changed a file name.



Revision 16335 - Directory Listing
Modified Mon Apr 16 16:58:17 2012 UTC (9 years, 6 months ago) by okoeroo
Added +x



Revision 16333 - Directory Listing
Modified Mon Apr 16 10:56:16 2012 UTC (9 years, 6 months ago) by okoeroo
Finished certification script.
Needed a few adjustments for local overrides.





Revision 16332 - Directory Listing
Modified Mon Apr 16 10:42:49 2012 UTC (9 years, 6 months ago) by okoeroo
Added the file that can call the lcmaps-compound-test.sh test with local certification adaptations to the defaults in the script.



Revision 16329 - Directory Listing
Modified Mon Apr 16 10:13:15 2012 UTC (9 years, 6 months ago) by dennisvd
Updating ChangeLog


Revision 16328 - Directory Listing
Modified Mon Apr 16 09:59:28 2012 UTC (9 years, 6 months ago) by dennisvd
updated the news for 1.5.5


Revision 16327 - Directory Listing
Modified Mon Apr 16 09:56:29 2012 UTC (9 years, 6 months ago) by dennisvd
Add -I../interface to the make rule for the NOGSI situation. This fixes the build failure
with out-of-source builds (i.e. running configure from another directory than the
top-level source).
New version is 1.5.5.


Revision 16326 - Directory Listing
Modified Mon Apr 16 07:49:48 2012 UTC (9 years, 6 months ago) by dennisvd
typo: succesfully -> successfully (thanks, lintian!)


Revision 16310 - Directory Listing
Modified Thu Apr 12 21:33:33 2012 UTC (9 years, 6 months ago) by dennisvd
typo: Succesfully -> Successfully (thanks, lintian!)


Revision 16293 - Directory Listing
Modified Mon Apr 2 13:47:09 2012 UTC (9 years, 6 months ago) by dennisvd
Set minimum version of gSOAP to 2.7.0, to prevent configure blocking older builds.
The exact minimum version required is not known at this moment.


Revision 16283 - Directory Listing
Modified Sun Apr 1 10:35:22 2012 UTC (9 years, 6 months ago) by msalle
Updating ChangeLog


Revision 16281 - Directory Listing
Modified Sun Apr 1 10:10:20 2012 UTC (9 years, 6 months ago) by msalle
Fix bug: non-linger mode did not revert umask()


Revision 16277 - Directory Listing
Modified Fri Mar 30 09:58:12 2012 UTC (9 years, 6 months ago) by msalle
Update ChangeLog


Revision 16276 - Directory Listing
Modified Thu Mar 29 15:36:11 2012 UTC (9 years, 6 months ago) by msalle
Add close_fds to glexec.conf (commented out) and remove unused silent_logging
option.


Revision 16275 - Directory Listing
Modified Thu Mar 29 14:45:05 2012 UTC (9 years, 6 months ago) by msalle
Remove " around value of path in db templates since it produces "" printed on
stdout (not even stderr).


Revision 16274 - Directory Listing
Modified Thu Mar 29 11:21:15 2012 UTC (9 years, 6 months ago) by msalle
Use optionally existing values for LLRUN, LD_LIBRARY_PATH and LL_PLUGIN_DIR 


Revision 16273 - Directory Listing
Modified Thu Mar 29 11:13:25 2012 UTC (9 years, 6 months ago) by okoeroo
Added a lot more tests for LCMAPS plugins.




Revision 16272 - Directory Listing
Modified Wed Mar 28 14:02:03 2012 UTC (9 years, 6 months ago) by msalle
Update NEWS file


Revision 16271 - Directory Listing
Modified Wed Mar 28 14:01:09 2012 UTC (9 years, 6 months ago) by msalle
Lower level of warning about non-existing homedir to info and warning about
non-possibility to return to start dir as notice


Revision 16269 - Directory Listing
Modified Tue Mar 27 14:18:39 2012 UTC (9 years, 6 months ago) by okoeroo
Added a tests directory.



Revision 16267 - Directory Listing
Modified Mon Mar 26 14:44:48 2012 UTC (9 years, 6 months ago) by msalle
Moving towards github for voms


Revision 16266 - Directory Listing
Modified Mon Mar 26 14:15:11 2012 UTC (9 years, 6 months ago) by okoeroo
Updating compound.




Revision 16265 - Directory Listing
Modified Mon Mar 26 13:45:55 2012 UTC (9 years, 6 months ago) by okoeroo
Added lcmaps-compound-test.sh to help test and certify LCMAPS and its plugins.



Revision 16264 - Directory Listing
Modified Mon Mar 26 13:44:57 2012 UTC (9 years, 6 months ago) by okoeroo
Moved some files around.



Revision 16261 - Directory Listing
Modified Mon Mar 26 12:15:52 2012 UTC (9 years, 6 months ago) by msalle
Update ChangeLog 


Revision 16260 - Directory Listing
Modified Mon Mar 26 12:03:16 2012 UTC (9 years, 6 months ago) by okoeroo
Added content to the NEWS file.



Revision 16256 - Directory Listing
Modified Mon Mar 26 11:04:13 2012 UTC (9 years, 6 months ago) by msalle
Update ChangeLog


Revision 16255 - Directory Listing
Modified Mon Mar 26 11:02:58 2012 UTC (9 years, 6 months ago) by msalle
Update ChangeLog


Revision 16254 - Directory Listing
Modified Mon Mar 26 11:02:40 2012 UTC (9 years, 6 months ago) by msalle
Update NEWS file


Revision 16253 - Directory Listing
Modified Mon Mar 26 11:00:25 2012 UTC (9 years, 6 months ago) by msalle
Update ChangeLog


Revision 16252 - Directory Listing
Modified Mon Mar 26 10:39:03 2012 UTC (9 years, 6 months ago) by msalle
Add missing /log in log directory


Revision 16251 - Directory Listing
Modified Mon Mar 26 09:52:50 2012 UTC (9 years, 6 months ago) by msalle
Set working log path in the config file based on localstatedir instead of
prefix. Update Makefile.am accordingly. Update version.


Revision 16250 - Directory Listing
Modified Mon Mar 26 09:24:07 2012 UTC (9 years, 6 months ago) by msalle
Updating version


Revision 16247 - Directory Listing
Modified Sat Mar 24 01:34:39 2012 UTC (9 years, 6 months ago) by dennisvd
quote whitelist variable (may contain spaces)


Revision 16235 - Directory Listing
Modified Thu Mar 22 09:45:42 2012 UTC (9 years, 6 months ago) by dennisvd
typo: succesfully -> successfully


Revision 16234 - Directory Listing
Modified Thu Mar 22 09:33:06 2012 UTC (9 years, 6 months ago) by msalle
Fix few typos


Revision 16233 - Directory Listing
Modified Wed Mar 21 10:12:10 2012 UTC (9 years, 6 months ago) by msalle
Fix bug in parsing code: an unmatched " triggered an 'out of memory' error.


Revision 16232 - Directory Listing
Modified Wed Mar 21 09:24:29 2012 UTC (9 years, 6 months ago) by dennisvd
fixed missing quotes in pepc config
Apply more quoting of variables to protect white space


Revision 16223 - Directory Listing
Modified Tue Mar 20 13:42:06 2012 UTC (9 years, 6 months ago) by dennisvd
environment is one word


Revision 16208 - Directory Listing
Modified Tue Mar 20 10:20:38 2012 UTC (9 years, 6 months ago) by dennisvd
fixed typos and misspellings


Revision 16206 - Directory Listing
Modified Tue Mar 20 09:52:28 2012 UTC (9 years, 6 months ago) by msalle
Updating ChangeLog


Revision 16204 - Directory Listing
Modified Tue Mar 20 08:29:34 2012 UTC (9 years, 6 months ago) by msalle
Updating ChangeLog


Revision 16203 - Directory Listing
Modified Tue Mar 20 08:28:17 2012 UTC (9 years, 6 months ago) by msalle
--use-pilot-proxy-as-cafile is mutually exclusive with all client modes except
for implicit.


Revision 16199 - Directory Listing
Modified Mon Mar 19 16:33:45 2012 UTC (9 years, 6 months ago) by msalle
Updating ChangeLog


Revision 16198 - Directory Listing
Modified Mon Mar 19 16:33:00 2012 UTC (9 years, 6 months ago) by msalle
Rename manpage into *.src and updating NEWS file.


Revision 16197 - Directory Listing
Modified Mon Mar 19 16:28:03 2012 UTC (9 years, 6 months ago) by msalle
Rename manpage to use _ instead of - to be in sync with other plugin manpages.


Revision 16196 - Directory Listing
Modified Mon Mar 19 16:24:33 2012 UTC (9 years, 6 months ago) by msalle
Test for more invalid combinations of options.
Fix typo in manpage: should be --certificate



Revision 16195 - Directory Listing
Modified Mon Mar 19 15:24:55 2012 UTC (9 years, 6 months ago) by okoeroo
Added the newest options in the man page. And sorted all the options in alphabetic order.




Revision 16193 - Directory Listing
Modified Mon Mar 19 12:04:10 2012 UTC (9 years, 6 months ago) by msalle
Fix name of option: --use-pilot-proxy-as-cafile 


Revision 16192 - Directory Listing
Modified Mon Mar 19 11:58:27 2012 UTC (9 years, 6 months ago) by msalle
Adding support for --use-pilot-proxy-as-cafile option that triggers using the
pilot proxy in the X509_USER_PROXY as --cafile option. This is currently needed
for Curl+NSS as on RH6.


Revision 16186 - Directory Listing
Modified Fri Mar 16 16:04:14 2012 UTC (9 years, 7 months ago) by msalle
Uncommenting export sym list, as we don't want to use it yet...


Revision 16184 - Directory Listing
Modified Fri Mar 16 15:51:44 2012 UTC (9 years, 7 months ago) by msalle
Add missing continuation char


Revision 16183 - Directory Listing
Modified Fri Mar 16 15:48:17 2012 UTC (9 years, 7 months ago) by msalle
Adding liblcmaps.sym to EXTRA_DIST


Revision 16178 - Directory Listing
Modified Fri Mar 16 15:20:25 2012 UTC (9 years, 7 months ago) by msalle
Updating ChangeLog


Revision 16177 - Directory Listing
Modified Fri Mar 16 15:16:23 2012 UTC (9 years, 7 months ago) by msalle
Protect large number of strdup() and *alloc() functions against out-of-mem


Revision 16176 - Directory Listing
Modified Fri Mar 16 15:12:45 2012 UTC (9 years, 7 months ago) by msalle
Remove empty [] to fix broken RH5 autotools 


Revision 16175 - Directory Listing
Modified Fri Mar 16 15:07:54 2012 UTC (9 years, 7 months ago) by msalle
Fix typo configure.ac


Revision 16174 - Directory Listing
Modified Fri Mar 16 14:50:02 2012 UTC (9 years, 7 months ago) by okoeroo
Updated NEWS file with additional info.



Revision 16173 - Directory Listing
Modified Fri Mar 16 14:14:09 2012 UTC (9 years, 7 months ago) by okoeroo
The new default in the code is NULL instead of "".




Revision 16172 - Directory Listing
Modified Fri Mar 16 14:12:34 2012 UTC (9 years, 7 months ago) by msalle
Only actively set the SSL_CIPHER_LIST when the --with-ssl-cipher-list is used,
otherwise ignore it.


Revision 16171 - Directory Listing
Modified Fri Mar 16 10:59:31 2012 UTC (9 years, 7 months ago) by msalle
Needed AC_DEFINE_UNQUOTED instead AC_DEFINE and add " to the define


Revision 16170 - Directory Listing
Modified Fri Mar 16 10:52:29 2012 UTC (9 years, 7 months ago) by msalle
Adding authors...


Revision 16169 - Directory Listing
Modified Fri Mar 16 10:51:05 2012 UTC (9 years, 7 months ago) by msalle
Add support for configure option --with-ssl-cipher-list


Revision 16168 - Directory Listing
Modified Fri Mar 16 10:40:51 2012 UTC (9 years, 7 months ago) by okoeroo
Changed the default cipher list from "DEFAULT:-ECDH" to ""
Added the opportunity to override the define for PEP_OPTION_SSL_CIPHER_LIST_DEFAULT from autotools.




Revision 16167 - Directory Listing
Modified Fri Mar 16 10:26:41 2012 UTC (9 years, 7 months ago) by okoeroo
Allowing an empty string (not NULL) as argument to the --ssl-ciphers-list <arg>.





Revision 16166 - Directory Listing
Modified Fri Mar 16 09:54:22 2012 UTC (9 years, 7 months ago) by okoeroo
Bumping version in configure.ac to match the NEWS file mentioned update



Revision 16165 - Directory Listing
Modified Fri Mar 16 09:52:54 2012 UTC (9 years, 7 months ago) by okoeroo
Removed gt4-interface-install.8 from the make dist.



Revision 16164 - Directory Listing
Modified Fri Mar 16 08:07:38 2012 UTC (9 years, 7 months ago) by okoeroo
Updated the changelog.



Revision 16163 - Directory Listing
Modified Fri Mar 16 08:03:50 2012 UTC (9 years, 7 months ago) by okoeroo
New configuration option:
        --ssl-cipher-list <cipherlist>

    With this new option a sysadmin can specify the cipher list to be used for
    the SSL session.  This feature is required to be used on systems that are
    forced to use a libcurl build against libnss, i.e. Red Hat Enterprise Linux
    6 (and derivatives) and Fedora 12 and up. The same holds true on
    installations have choosen the libcurl dynmically linked to libnss. A
    build-in default is used when this option it not set. The default setting
    is known to be compatible with OpenSSL 0.9.7 though 1.0.x. and GnuTLS.

Bumped version to 1.2.2. The man page and configure.ac are updated accordingly.



Revision 16162 - Directory Listing
Modified Thu Mar 15 16:38:43 2012 UTC (9 years, 7 months ago) by msalle
Update NEWS file


Revision 16161 - Directory Listing
Modified Thu Mar 15 16:34:59 2012 UTC (9 years, 7 months ago) by msalle
Updating ChangeLog


Revision 16160 - Directory Listing
Modified Thu Mar 15 16:32:47 2012 UTC (9 years, 7 months ago) by msalle
Update NEWS file


Revision 16159 - Directory Listing
Modified Thu Mar 15 16:15:50 2012 UTC (9 years, 7 months ago) by msalle
Replace unprintable chars by a ?



Revision 16158 - Directory Listing
Modified Thu Mar 15 15:47:05 2012 UTC (9 years, 7 months ago) by msalle
Updating ChangeLog


Revision 16157 - Directory Listing
Modified Thu Mar 15 15:46:31 2012 UTC (9 years, 7 months ago) by msalle
Removing \t from log strings


Revision 16156 - Directory Listing
Modified Thu Mar 15 15:46:09 2012 UTC (9 years, 7 months ago) by msalle
Remove \t from log strings..


Revision 16155 - Directory Listing
Modified Thu Mar 15 15:32:19 2012 UTC (9 years, 7 months ago) by msalle
Update manpages to have the correct wiki page
Update NEWS file for 0.9.4


Revision 16154 - Directory Listing
Modified Thu Mar 15 15:19:20 2012 UTC (9 years, 7 months ago) by msalle
removing outdated comments


Revision 16153 - Directory Listing
Modified Thu Mar 15 15:18:09 2012 UTC (9 years, 7 months ago) by msalle
Syncing with version in lcmaps-plugins-basic


Revision 16152 - Directory Listing
Modified Thu Mar 15 15:17:37 2012 UTC (9 years, 7 months ago) by msalle
Updating version and syncing lcmaps_gridlist.c with lcmaps-plugins-voms


Revision 16151 - Directory Listing
Modified Thu Mar 15 13:11:55 2012 UTC (9 years, 7 months ago) by dennisvd
update the NEWS retroactively


Revision 16150 - Directory Listing
Modified Thu Mar 15 13:03:02 2012 UTC (9 years, 7 months ago) by dennisvd
Include manual pages (copied from Debian packaging)


Revision 16149 - Directory Listing
Modified Thu Mar 15 12:55:26 2012 UTC (9 years, 7 months ago) by dennisvd
Include a manual page (copied from Debian packaging)


Revision 16148 - Directory Listing
Modified Thu Mar 15 12:45:32 2012 UTC (9 years, 7 months ago) by dennisvd
Include a manual page (copied from Debian packaging)


Revision 16147 - Directory Listing
Modified Thu Mar 15 12:28:06 2012 UTC (9 years, 7 months ago) by dennisvd
updated 'source' and 'manual' parts of the manpages
added some highlighting.


Revision 16146 - Directory Listing
Modified Thu Mar 15 12:02:49 2012 UTC (9 years, 7 months ago) by msalle
Change match_username() to use isdigit() instead of strspn() which seems to be
broken (cross-platform) for short string comparisons: it produces invalid reads
in valgrind.


Revision 16145 - Directory Listing
Modified Thu Mar 15 09:57:33 2012 UTC (9 years, 7 months ago) by msalle
Fix typo in log string.


Revision 16144 - Directory Listing
Modified Thu Mar 15 09:50:16 2012 UTC (9 years, 7 months ago) by msalle
Fixing wrong cast which leads to segfault when the preserve_env_variables is
non-empty.



Revision 16143 - Directory Listing
Modified Wed Mar 14 21:50:44 2012 UTC (9 years, 7 months ago) by okoeroo
Updated NEWS file and pushed the configure.ac to reflect version 1.5.3



Revision 16142 - Directory Listing
Modified Wed Mar 14 21:45:34 2012 UTC (9 years, 7 months ago) by okoeroo
Added man page for lcmaps_voms_poolgroup.mod.8




Revision 16141 - Directory Listing
Modified Wed Mar 14 18:47:06 2012 UTC (9 years, 7 months ago) by okoeroo
Added doc/lcmaps_voms_poolaccount.mod.8 man page.
Added doc/Makefile.am to the configure.ac as an Makefile target.




Revision 16140 - Directory Listing
Modified Wed Mar 14 16:08:32 2012 UTC (9 years, 7 months ago) by msalle
Fix typo.


Revision 16139 - Directory Listing
Modified Wed Mar 14 13:00:33 2012 UTC (9 years, 7 months ago) by msalle
Numerous fixes in unsafe log_* functions (fixes a SIGSEGV)
Also replace logstr by __func__
Fix in credential store functions: make sure to dup the DN (fixes a SIGABRT or
SIGSEGV).
Need to export lcmaps_tokenize as it is being used by more than one lib.


Revision 16138 - Directory Listing
Modified Wed Mar 14 10:23:51 2012 UTC (9 years, 7 months ago) by okoeroo
Updated NEWS file.




Revision 16137 - Directory Listing
Modified Wed Mar 14 10:20:27 2012 UTC (9 years, 7 months ago) by okoeroo
Fix to interpret the error code LCMAPS_CRED_NO_FQAN as a warning, not as an error.
This problem was not observed in gLExec. This problem is confirmed in the newer LCAS-LCMAPS GT4 Interface code, due to the LCMAPS API is uses.

Triggered by not having any VOMS credentials at all in the proxy certificate.




Revision 16136 - Directory Listing
Modified Fri Mar 9 15:23:18 2012 UTC (9 years, 7 months ago) by dennisvd
Introduce exported symbol list


Revision 16113 - Directory Listing
Modified Wed Mar 7 14:56:43 2012 UTC (9 years, 7 months ago) by okoeroo
Added lcmaps_voms_localgroup.mod.8 (not finished yet).



Revision 16110 - Directory Listing
Modified Wed Mar 7 14:14:24 2012 UTC (9 years, 7 months ago) by dennisvd
typo in comment succesfully fixed


Revision 16109 - Directory Listing
Modified Wed Mar 7 14:12:05 2012 UTC (9 years, 7 months ago) by dennisvd
fix typo: succesfully -> successfully (credits to lintian)


Revision 16108 - Directory Listing
Modified Wed Mar 7 14:08:02 2012 UTC (9 years, 7 months ago) by dennisvd
fix typo: unkown -> unknown (credits to lintian)


Revision 16105 - Directory Listing
Modified Tue Mar 6 11:57:59 2012 UTC (9 years, 7 months ago) by okoeroo
Added lcmaps_voms_localaccount.mod.8



Revision 16103 - Directory Listing
Modified Tue Mar 6 11:06:34 2012 UTC (9 years, 7 months ago) by okoeroo
Added BUGS in the man page. Updated the man page to represent the flags from
introduced in the 0.3.3 version.



Revision 16102 - Directory Listing
Modified Tue Mar 6 11:03:30 2012 UTC (9 years, 7 months ago) by okoeroo
Added the BUGS information in the man page.




Revision 16101 - Directory Listing
Modified Tue Mar 6 09:48:58 2012 UTC (9 years, 7 months ago) by okoeroo
Added doc directory itself and added the first Man page and the doc/Makefile.am




Revision 16100 - Directory Listing
Modified Tue Mar 6 09:42:12 2012 UTC (9 years, 7 months ago) by okoeroo
Added ./doc



Revision 16099 - Directory Listing
Modified Mon Mar 5 15:57:47 2012 UTC (9 years, 7 months ago) by msalle
Adding lcmaps_plugins_lcas


Revision 16098 - Directory Listing
Modified Mon Mar 5 15:30:19 2012 UTC (9 years, 7 months ago) by okoeroo
-   Added a new option: --disable-keepalive
    Explicitly disable the TCP-keepalive feature.
-   Added a new option: --enable-keepalive
    Explicitly enable the TCP-keepalive feature.
-   Added a new option: --use-system-default-keepalive
    Leave the TCP-keepalive setting to be enforced by the system defaults.



Revision 16096 - Directory Listing
Modified Mon Mar 5 11:45:15 2012 UTC (9 years, 7 months ago) by msalle
Updating ChangeLog


Revision 16095 - Directory Listing
Modified Mon Mar 5 11:45:04 2012 UTC (9 years, 7 months ago) by msalle
Updating copyright


Revision 16094 - Directory Listing
Modified Mon Mar 5 11:44:12 2012 UTC (9 years, 7 months ago) by msalle
Updating copyright.


Revision 16093 - Directory Listing
Modified Mon Mar 5 11:42:46 2012 UTC (9 years, 7 months ago) by msalle
Updating ChangeLog


Revision 16091 - Directory Listing
Modified Mon Mar 5 11:31:06 2012 UTC (9 years, 7 months ago) by msalle
Adding ChangeLog and NEWS files


Revision 16090 - Directory Listing
Modified Mon Mar 5 11:29:02 2012 UTC (9 years, 7 months ago) by msalle
Updating copyright and authors


Revision 16089 - Directory Listing
Modified Mon Mar 5 11:26:45 2012 UTC (9 years, 7 months ago) by msalle
Updating copyright and authors in bootstrap file.



Revision 16088 - Directory Listing
Modified Mon Mar 5 11:24:15 2012 UTC (9 years, 7 months ago) by msalle
Finalizing man-page, make sure llrun.c can be compiled even without running
configure and updating version.


Revision 16087 - Directory Listing
Modified Sun Mar 4 18:07:28 2012 UTC (9 years, 7 months ago) by okoeroo
Updated the ChangeLog file on SVN and updated the NEWS file.




Revision 16084 - Directory Listing
Modified Sun Mar 4 12:35:55 2012 UTC (9 years, 7 months ago) by msalle
Remove explicit version in .c: all from configure.ac


Revision 16083 - Directory Listing
Modified Sun Mar 4 12:15:18 2012 UTC (9 years, 7 months ago) by msalle
Updating for filling in correct names in manpage


Revision 16082 - Directory Listing
Modified Sun Mar 4 12:03:11 2012 UTC (9 years, 7 months ago) by msalle
First step towards full autotools compliance.
Still need to edit the manpage.



Revision 16060 - Directory Listing
Modified Fri Mar 2 11:07:12 2012 UTC (9 years, 7 months ago) by msalle
Reopening glexec logging on different log facility should be at most LOG_NOTICE


Revision 16057 - Directory Listing
Modified Thu Mar 1 10:17:39 2012 UTC (9 years, 7 months ago) by msalle
Updating ChangeLog


Revision 16056 - Directory Listing
Modified Thu Mar 1 10:16:36 2012 UTC (9 years, 7 months ago) by msalle
Bumping version


Revision 16055 - Directory Listing
Modified Wed Feb 29 21:30:27 2012 UTC (9 years, 7 months ago) by dennisvd
don't put the parser sources in EXTRA_DIST (they should be generated).


Revision 16052 - Directory Listing
Modified Wed Feb 29 10:49:52 2012 UTC (9 years, 7 months ago) by okoeroo
Updated ChangeLog.




Revision 16046 - Directory Listing
Modified Wed Feb 29 10:06:56 2012 UTC (9 years, 7 months ago) by msalle
Updating ChangeLog



Revision 16045 - Directory Listing
Modified Wed Feb 29 10:02:54 2012 UTC (9 years, 7 months ago) by okoeroo
Fixed a bug when the option -do_not_use_secondary_gids is set and no other is set. This was discovered during an upgrade on a CREAM CE by Massimo Sgaravatto.. The check was intented to cast an error when mutually exclusive settings where configured. In this case the settings were not mutually exclusive and falsely failed the initialization of the plug-in.
The check has been removed.




Revision 16044 - Directory Listing
Modified Wed Feb 29 09:45:14 2012 UTC (9 years, 7 months ago) by msalle
fclose() of lcas logfile should be enabled only when using LCAS.


Revision 16043 - Directory Listing
Modified Wed Feb 29 09:34:04 2012 UTC (9 years, 7 months ago) by msalle
Updating ChangeLog


Revision 16042 - Directory Listing
Modified Wed Feb 29 09:01:26 2012 UTC (9 years, 7 months ago) by msalle
Bumping version


Revision 16030 - Directory Listing
Modified Tue Feb 28 23:03:23 2012 UTC (9 years, 7 months ago) by dennisvd
Change calls to syslog to conform to the formatting standard; this prevents 
failed builds due to -Werror=format-security.


Revision 16013 - Directory Listing
Modified Tue Feb 28 12:44:22 2012 UTC (9 years, 7 months ago) by msalle
Update ChangeLog


Revision 16012 - Directory Listing
Modified Tue Feb 28 12:43:52 2012 UTC (9 years, 7 months ago) by msalle
Update NEWS file


Revision 16010 - Directory Listing
Modified Tue Feb 28 12:12:20 2012 UTC (9 years, 7 months ago) by msalle
Updating ChangeLog


Revision 16009 - Directory Listing
Modified Tue Feb 28 12:11:53 2012 UTC (9 years, 7 months ago) by msalle
Adding NEWS file


Revision 16007 - Directory Listing
Modified Tue Feb 28 11:27:02 2012 UTC (9 years, 7 months ago) by msalle
Update ChangeLog


Revision 16006 - Directory Listing
Modified Tue Feb 28 11:25:18 2012 UTC (9 years, 7 months ago) by msalle
Replace '\t' into spaces in log.


Revision 16005 - Directory Listing
Modified Tue Feb 28 11:08:26 2012 UTC (9 years, 7 months ago) by msalle
Rewrite of splitList() to fix unsafe (and broken) constructions.


Revision 16004 - Directory Listing
Modified Tue Feb 28 08:51:27 2012 UTC (9 years, 7 months ago) by msalle
Updating ChangeLog


Revision 16003 - Directory Listing
Modified Tue Feb 28 08:49:19 2012 UTC (9 years, 7 months ago) by msalle
Update NEWS file.


Revision 16002 - Directory Listing
Modified Mon Feb 27 16:46:30 2012 UTC (9 years, 7 months ago) by msalle
Test before instead of after dup2() whether opened file descriptor is not equal
to target. In principle dup2() will just ignore, but it's less efficient.



Revision 16001 - Directory Listing
Modified Mon Feb 27 16:18:27 2012 UTC (9 years, 7 months ago) by msalle
Rename lcas_findfile() into lcas_findplugin() as that's what it now only does.
New function lcas_findfile() which is a wrapper around lcas_finddbfile() which
is also new and looks for db-type files: either absolute path or in
${sysconfdir}.
The lcas-plugins-basic used this function to find their db files.



Revision 15999 - Directory Listing
Modified Mon Feb 27 14:07:02 2012 UTC (9 years, 7 months ago) by msalle
Updating ChangeLog


Revision 15996 - Directory Listing
Modified Mon Feb 27 13:47:12 2012 UTC (9 years, 7 months ago) by msalle
Also test stdin, stdout and stderr are not directories.



Revision 15994 - Directory Listing
Modified Mon Feb 27 13:07:25 2012 UTC (9 years, 7 months ago) by okoeroo
Version 0.3.3
-------------
-   Support for the XACML Subject attributes as specified in the AuthZ Interop
    document* :
    http://authz-interop.org/xacml/subject/validity-not-before
    http://authz-interop.org/xacml/subject/validity-not-after

    Sample value: 2012-02-28T06:51:56Z

*:  An XACML Attribute and Obligation Profile for Authorization
    Interoperability in Grids - version 1.2
    http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/info.html





Revision 15993 - Directory Listing
Modified Mon Feb 27 13:04:34 2012 UTC (9 years, 7 months ago) by msalle
Replace absolute path in glexec-configure manpage with that from configure.


Revision 15991 - Directory Listing
Modified Mon Feb 27 12:37:54 2012 UTC (9 years, 7 months ago) by msalle
Fix typo


Revision 15990 - Directory Listing
Modified Mon Feb 27 12:37:19 2012 UTC (9 years, 7 months ago) by msalle
Add new function glexec_check_stdinouterr() that enforces existence of stdin,
stdout and stderr and that checks that these are resp. readable and writable.
Fix bug in redirecting of stdin to /dev/null upon SIGHUP.


Revision 15989 - Directory Listing
Modified Thu Feb 23 12:53:23 2012 UTC (9 years, 7 months ago) by msalle
Fix not-creating of glexec-configure man page


Revision 15983 - Directory Listing
Modified Fri Feb 17 09:44:27 2012 UTC (9 years, 8 months ago) by msalle
Updating ChangeLog


Revision 15982 - Directory Listing
Modified Fri Feb 17 09:12:34 2012 UTC (9 years, 8 months ago) by msalle
Update comment about GLEXEC_DEFAULT_NAME_TARGET_PROXY


Revision 15981 - Directory Listing
Modified Fri Feb 17 09:05:22 2012 UTC (9 years, 8 months ago) by msalle
Replace sprintf as we don't need it...


Revision 15980 - Directory Listing
Modified Thu Feb 16 16:27:08 2012 UTC (9 years, 8 months ago) by msalle
On SunOS don't try to use errno to figure out wether closefrom() failed: no
errors are defined and errno might be wrong.


Revision 15979 - Directory Listing
Modified Thu Feb 16 15:51:44 2012 UTC (9 years, 8 months ago) by msalle
stage is a pid_t, not an int...


Revision 15978 - Directory Listing
Modified Thu Feb 16 13:00:07 2012 UTC (9 years, 8 months ago) by msalle
Updating ChangeLog


Revision 15977 - Directory Listing
Modified Thu Feb 16 12:59:07 2012 UTC (9 years, 8 months ago) by msalle
Small clarification in log message about grace time.


Revision 15976 - Directory Listing
Modified Thu Feb 16 12:21:12 2012 UTC (9 years, 8 months ago) by msalle
uid/gid is unsigned, update accordingly.


Revision 15975 - Directory Listing
Modified Thu Feb 16 11:49:54 2012 UTC (9 years, 8 months ago) by msalle
Update child process stage when kill() fails due to missing child.
Set child process pid as soon as we know fork() has succeeded.
Small fixes in glexec_emergency_send_signal().



Revision 15974 - Directory Listing
Modified Wed Feb 15 16:02:38 2012 UTC (9 years, 8 months ago) by msalle
Update ChangeLog


Revision 15973 - Directory Listing
Modified Wed Feb 15 15:56:22 2012 UTC (9 years, 8 months ago) by msalle
Add missing header files


Revision 15972 - Directory Listing
Modified Wed Feb 15 14:26:18 2012 UTC (9 years, 8 months ago) by msalle
Slight clarification in log messages.


Revision 15971 - Directory Listing
Modified Wed Feb 15 14:15:32 2012 UTC (9 years, 8 months ago) by msalle
Don't ignore exit code of write in glexec_signal_exit but give up writing.


Revision 15970 - Directory Listing
Modified Wed Feb 15 14:12:04 2012 UTC (9 years, 8 months ago) by msalle
Call _exit() instead of exit() inside the glexec_signal_exit() as the normal
exit() is NOT signal safe!



Revision 15969 - Directory Listing
Modified Wed Feb 15 13:50:35 2012 UTC (9 years, 8 months ago) by msalle
Install binary unreadable, unwritable and setuid.


Revision 15968 - Directory Listing
Modified Wed Feb 15 13:36:15 2012 UTC (9 years, 8 months ago) by msalle
Rework wait-for-payload/epilogue loops:
glexec_ipc.c:
- base on pause() since SA_RESTART is default for BSD and good in any case for
  e.g. I/O functions, so we cannot rely on waitpid() being interrupted. sleep()
  or usleep() loop also does not work both interfere with alarm().
- Hence use waitpid() with WNOHANG and centralize waiting in loop to prevent the
  need to wait when sending signal: kill() will fail if the target has quit, but
  at least pid cannot have been reused.
- New wrap function glexec_alarm(), making it possible to:
    * keep state of current alarm() via global_ipc_active_alarm
    * keep track of cause SIGALRM via global_ipc_pending_alarm
    * specify type via ALARM_TYPE_T
- initialize exit code for payload and epilog as GLEXEC_NO_CHILD_EXIT_CODE, such
  that we can always give global_ipc_{child,epilog}rc to glexec_{signal_,}exit
- new handler for SIGCHLD.
- remove function glexec_parse_waitstatus()
- return write() exit code from glexec_write_stderr()
- when a signal needs to be acted upon in the loop, set a ALARM_PAUSE alarm when
  possible, to prevent entering the pause() without ever catching a signal.
- a SIGCONT will restart the ALARM_PAUSE alarm when one is running, since the 
  signal might come from gLExec itself being woken up and hence the alarm might
  have been missed.
- dump which signal caused a suspending payload.
- reset all signal related flags as soon as child finishes.
- lower log levels of number of messages to keep logging essential.

Block less signals: be more restrictive with use of glexec_block_all_signals(),
only use when really unlikely an actual (not user-sent) fatal signal arrives.
E.g. a blocked but occurring SIGSEGV leads to a crash
For log functions: only normal blocked set in glexec_log, while all blocked in
glexec_signal_log. During flushing of signal log, only during actual loop.

main_util.c:
- test explicitly for negative return code of getgroups()
configure.ac / Makefile.am:
- Add -pie -fpie compile flags for GNU.
- make binary unreadable.



Revision 15966 - Directory Listing
Modified Mon Feb 13 15:10:51 2012 UTC (9 years, 8 months ago) by okoeroo
Corrected version numbers in the NEWS file.





Revision 15965 - Directory Listing
Modified Mon Feb 13 15:07:01 2012 UTC (9 years, 8 months ago) by okoeroo
Preparing for a new lcas-lcmaps-gt-interface




Revision 15963 - Directory Listing
Modified Fri Feb 10 22:03:00 2012 UTC (9 years, 8 months ago) by okoeroo
Ready to make the 0.3.2 tag.




Revision 15962 - Directory Listing
Modified Thu Feb 9 13:51:09 2012 UTC (9 years, 8 months ago) by msalle
Fix prototype to match function.


Revision 15961 - Directory Listing
Modified Thu Feb 9 13:47:13 2012 UTC (9 years, 8 months ago) by msalle
Update int2charstr to accept int instead of unsigned.
Some extra comments, clarifications.



Revision 15960 - Directory Listing
Modified Wed Feb 8 09:39:10 2012 UTC (9 years, 8 months ago) by msalle
Force initializing the log prefix in the log function, even if the log function
doens't log, to have it ready if we do an emergency exit.


Revision 15959 - Directory Listing
Modified Wed Feb 8 09:35:15 2012 UTC (9 years, 8 months ago) by msalle
Print bare-bone prefix when exiting before prefix has been setup


Revision 15958 - Directory Listing
Modified Wed Feb 8 08:57:23 2012 UTC (9 years, 8 months ago) by msalle
Fix missing ,


Revision 15957 - Directory Listing
Modified Wed Feb 8 08:56:30 2012 UTC (9 years, 8 months ago) by msalle
Lower loglevel for catching of signals to INFO while logging at NOTICE when
actually forwarding them.


Revision 15956 - Directory Listing
Modified Tue Feb 7 14:14:16 2012 UTC (9 years, 8 months ago) by msalle
Make sure to handle signals caught between fork and start of waitpid() loop


Revision 15955 - Directory Listing
Modified Tue Feb 7 13:53:11 2012 UTC (9 years, 8 months ago) by msalle
Upgrade one notice to warning, don't print negative pids


Revision 15954 - Directory Listing
Modified Tue Feb 7 13:39:14 2012 UTC (9 years, 8 months ago) by msalle
Move parsing of wait status close to obtaining the value. This improves the
possibilities of logging it.
Downgrade number of warnings to notices.


Revision 15953 - Directory Listing
Modified Tue Feb 7 11:25:27 2012 UTC (9 years, 8 months ago) by msalle
Further cleanup of code: 
- combine glexec_safe_kill() and glexec_send_signal(), cleanup resulting code.
- new function glexec_emergency_send_signal() for calling from 
  glexec_fatal_action(). Only signal unsafe function is seteuid().
  It also updates the return value if it does the actual wait()
- reset global wpid and status inside glexec_parse_waitstatus() and make sure
  they are available as soon as possible, such that even from a fatal signal
  handler we can parse the results.



Revision 15952 - Directory Listing
Modified Mon Feb 6 22:30:20 2012 UTC (9 years, 8 months ago) by msalle
Slight rewording of print statement upon exit.


Revision 15951 - Directory Listing
Modified Mon Feb 6 14:56:33 2012 UTC (9 years, 8 months ago) by msalle
Make sure to explicitly call fsync() and close() inside the emergency_flush
function.


Revision 15950 - Directory Listing
Modified Mon Feb 6 14:41:10 2012 UTC (9 years, 8 months ago) by msalle
Fix typo


Revision 15949 - Directory Listing
Modified Mon Feb 6 12:20:53 2012 UTC (9 years, 8 months ago) by msalle
Sync error messages.


Revision 15948 - Directory Listing
Modified Mon Feb 6 12:03:29 2012 UTC (9 years, 8 months ago) by msalle
Minor updates:
- a few comments
- don't exit with global_ipc_childrc if the waitpid() on it failed,
- explicitly set global_ipc_numsigsent instead of increasing it
- don't need to call glexec_signal_log in forwarding to epilogue.



Revision 15947 - Directory Listing
Modified Mon Feb 6 11:35:25 2012 UTC (9 years, 8 months ago) by msalle
Merge core and abort signal actions as they are very similar. This is now the
only signal handler that never returns.


Revision 15946 - Directory Listing
Modified Sun Feb 5 21:03:01 2012 UTC (9 years, 8 months ago) by msalle
Make sure to only forward the first and/or most important signals: sigterm etc.
go over e.g. sigusr1.


Revision 15945 - Directory Listing
Modified Sun Feb 5 20:53:09 2012 UTC (9 years, 8 months ago) by msalle
Make code almost entirely signal safe. Almost all handling is deferred to the
waitpid() loops in glexec_waitchild() and glexec_waitepilog(). The only
exceptions are sending signals from the SEGV and ABORT type handlers, and
upgrading to root once the payload has caught a signal.
Some info is printed on STDERR to compensate for the loss of syslog, including
caught signal and child exitcode (when present).
glexec_exit:
- new static function int2charstr() to do int to char string conversion
- new exit error code for failed fork()
- glexec_signal_exit is fully signal safe, and hence does not log to syslog.
glexec_log:
- make glexec_flush_signallog() public
- add comments
- emergency flushing doesn't log to syslog
glexec_ipc:
- move forwarding of signals to the main waitpid loops, this alone makes the
  code almost entirely signal safe
- for this we need two new internal functions: glexec_forward_to_payload() and
  glexec_forward_to_epilog() but the _term_action, _alarm_action and
  _other_action have become much simpler.
- Since we need to response on interrupted waitpid() we remove the SA_RESTART
  flag.
- New global global_ipc_caught_signal, containing the to-be-handled signal. Note
  that a sigterm/kill overrides others.



Revision 15944 - Directory Listing
Modified Fri Feb 3 14:09:38 2012 UTC (9 years, 8 months ago) by msalle
Minor updates, reorder, add comments.


Revision 15943 - Directory Listing
Modified Fri Feb 3 14:08:37 2012 UTC (9 years, 8 months ago) by msalle
Further rework to make signal safe:
glexec_exit
- new function glexec_signal_exit() which should be called when a signal handler
  wants to exit and possibly flush the signal logging buffer. Substitute for
  glexec_exit.
glexec_log
- rename all global variables to start with global_
- new function glexec_emergency_flush_signallog() that can be called to flush
  the signal logging buffer even from a signal handler itself.
- prefix for logging to file is put in a global static, such that we don't have
  to recreate it inside a signal handler (as in
  glexec_emergency_flush_signallog)
- test for exit values of time() and gmtime()
- new global variable to keep the filedescriptor in addition to the stream for
  the logfile, such that we can write to it in signal handler.
glexec_ipc
- put all signal handlers at end for clarity
- call glexec_signal_exit instead of glexec_exit
- call glexec_emergency_flush_signallog when needed
- make glexec_accounting signal safe by optionally logging to the buffer instead
  of syslog
- don't use freopen but open() and dup2() to redirect stdin
- don't use strerror from signal handlers
- new function glexec_write_stderr() to print to stderr instead of fprintf()



Revision 15942 - Directory Listing
Modified Thu Feb 2 16:55:52 2012 UTC (9 years, 8 months ago) by msalle
Implementing a pretty-much signal safe log function: glexec_signal_log
- it uses a static array along the lines of the linux kernel.
- Each time glexec_log is called, the buffer is flushed (when non-empty).
- glexec_close_log also flushes the buffer (when non-empty).
- when the buffer is too full, it's truncated and a separate error message is
  logged (at flushing time) stating the number of missed messages.
- All signal handlers, and functions used within these, should use the
  glexec_signal_log function.


Revision 15941 - Directory Listing
Modified Thu Feb 2 11:34:30 2012 UTC (9 years, 8 months ago) by msalle
Cleanup code:
- use static functions when they are internal
glexec_ipc.c:
- merge two global stdin options variables (payload and lingering glexec) into
  one and define values using an enum instead of defines
- reorder function in more logical order to improve readability.
- group internal functions at the end.
glexec_lcas.c and glexec_lcmaps.c:
- prefix even internal functions with glexec_ to prevent potential name clashes
glexec_log.c:
- remove unused struct glexec_message


Revision 15940 - Directory Listing
Modified Wed Feb 1 15:29:01 2012 UTC (9 years, 8 months ago) by msalle
Fix potential lockup when two signals collide:
- Block all signals during signal handling
- Add new function glexec_block_allsignals()
- Block all signals during glexec_log()
- When blocking part of signals, use SIG_BLOCK, not SIG_SETMASK, otherwise me
  might unblock some signals.
- Use enum for stages of child processes for clarity.
- Bump version


Revision 15938 - Directory Listing
Modified Wed Feb 1 11:30:14 2012 UTC (9 years, 8 months ago) by dennisvd
added LICENSE to dist files


Revision 15936 - Directory Listing
Modified Wed Feb 1 11:12:54 2012 UTC (9 years, 8 months ago) by dennisvd
renamed mkgltempdir to mkgltempdir.sh.in
added typical autoconf makeup
added manpage and README


Revision 15934 - Directory Listing
Modified Tue Jan 31 22:33:55 2012 UTC (9 years, 8 months ago) by dennisvd
test for a number of required jar files.


Revision 15933 - Directory Listing
Modified Tue Jan 31 09:39:35 2012 UTC (9 years, 8 months ago) by msalle
Test for LCAS_INTERFACE is sufficient


Revision 15931 - Directory Listing
Modified Tue Jan 31 08:56:31 2012 UTC (9 years, 8 months ago) by msalle
Fix missing README from dist tarball.


Revision 15927 - Directory Listing
Modified Tue Jan 31 08:43:02 2012 UTC (9 years, 8 months ago) by msalle
Fix wrong autotools version.


Revision 15924 - Directory Listing
Modified Tue Jan 31 08:35:46 2012 UTC (9 years, 8 months ago) by msalle
Rename wrap-env-var into glexec-wrapper-scripts to match name in use in gLite,
EMI and everywhere else.


Revision 15923 - Directory Listing
Modified Tue Jan 31 08:33:24 2012 UTC (9 years, 8 months ago) by msalle
Add AUTHORS, add license texts, update version.


Revision 15915 - Directory Listing
Modified Mon Jan 30 13:22:04 2012 UTC (9 years, 8 months ago) by msalle
Update ChangeLog


Revision 15912 - Directory Listing
Modified Mon Jan 30 13:18:36 2012 UTC (9 years, 8 months ago) by msalle
Update ChangeLog


Revision 15909 - Directory Listing
Modified Mon Jan 30 13:15:52 2012 UTC (9 years, 8 months ago) by msalle
Update ChangeLog


Revision 15908 - Directory Listing
Modified Mon Jan 30 13:13:26 2012 UTC (9 years, 8 months ago) by okoeroo
Updated the ChangeLog from svn log -v

Revision 15906 - Directory Listing
Modified Mon Jan 30 13:12:50 2012 UTC (9 years, 8 months ago) by okoeroo
Updated the ChangeLog from svn log -v

Revision 15904 - Directory Listing
Modified Mon Jan 30 12:54:58 2012 UTC (9 years, 8 months ago) by msalle
Update ChangeLog


Revision 15903 - Directory Listing
Modified Mon Jan 30 11:51:10 2012 UTC (9 years, 8 months ago) by msalle
Check that malloc succeeded.


Revision 15902 - Directory Listing
Modified Mon Jan 30 11:34:41 2012 UTC (9 years, 8 months ago) by okoeroo
Updated NEWS for lcmaps-plugins-c-pep




Revision 15901 - Directory Listing
Modified Mon Jan 30 11:18:30 2012 UTC (9 years, 8 months ago) by okoeroo
Fix to the lcmaps_stackofx509_to_pem() to solve a problem with uninitialized values.



Revision 15900 - Directory Listing
Modified Mon Jan 30 11:00:28 2012 UTC (9 years, 8 months ago) by okoeroo
Fixing the check to not dereference on the void pointer.



Revision 15899 - Directory Listing
Modified Mon Jan 30 10:53:04 2012 UTC (9 years, 8 months ago) by okoeroo
Fixed the recently introduced test to also test for the content of the pointer.




Revision 15898 - Directory Listing
Modified Mon Jan 30 10:44:01 2012 UTC (9 years, 8 months ago) by okoeroo
Cleaned the LCMAPS C PEP plug-in and introduced more safety in fetching the arguments from the LCMAPS credentials.




Revision 15897 - Directory Listing
Modified Sat Jan 28 21:50:43 2012 UTC (9 years, 8 months ago) by okoeroo
LCMAPS will now push the certificate for the final delegation into the chain when LCMAPS has to work from a gss_cred_id_t.
This is normative to what the framework expects, the plugins expect and what the other interfaces provide as well.



Revision 15896 - Directory Listing
Modified Sat Jan 28 21:11:00 2012 UTC (9 years, 8 months ago) by okoeroo
Reworked the certificate chain handling in LCMAPS.
Should be normalized now thrhoughout the interfaces.




Revision 15895 - Directory Listing
Modified Sat Jan 28 21:06:57 2012 UTC (9 years, 8 months ago) by okoeroo
Removed dead code, cleaned code.




Revision 15894 - Directory Listing
Modified Fri Jan 27 18:39:59 2012 UTC (9 years, 8 months ago) by okoeroo
Formating code only. Nothing done.



Revision 15893 - Directory Listing
Modified Fri Jan 27 18:38:24 2012 UTC (9 years, 8 months ago) by okoeroo
Removed autogenerated files, altered the logging to the modern Syslog logging methods



Revision 15892 - Directory Listing
Modified Fri Jan 27 18:08:23 2012 UTC (9 years, 8 months ago) by okoeroo
Fixed line endings. Not important.




Revision 15891 - Directory Listing
Modified Fri Jan 27 17:59:05 2012 UTC (9 years, 8 months ago) by okoeroo
Removed header for the gid_list function.




Revision 15890 - Directory Listing
Modified Fri Jan 27 16:15:26 2012 UTC (9 years, 8 months ago) by okoeroo
Removed debugging messages.




Revision 15889 - Directory Listing
Modified Fri Jan 27 12:56:01 2012 UTC (9 years, 8 months ago) by msalle
Update version


Revision 15888 - Directory Listing
Modified Fri Jan 27 12:55:26 2012 UTC (9 years, 8 months ago) by msalle
Update version


Revision 15887 - Directory Listing
Modified Fri Jan 27 09:27:44 2012 UTC (9 years, 8 months ago) by msalle
Fix typo in log message


Revision 15886 - Directory Listing
Modified Fri Jan 27 09:16:57 2012 UTC (9 years, 8 months ago) by msalle
Sync headers with those specified in globus_internal.h headers in LCMAPS


Revision 15885 - Directory Listing
Modified Fri Jan 27 09:16:11 2012 UTC (9 years, 8 months ago) by msalle
Sync the internal globus struct with current version in
http://viewcvs.globus.org/viewcvs.cgi/gsi/gssapi/source/library/gssapi_openssl.h
Struct has not changed since version 1.4 Sat Jan 18 00:41:06 2003 UTC


Revision 15884 - Directory Listing
Modified Thu Jan 26 15:36:48 2012 UTC (9 years, 8 months ago) by msalle
Fix remaining renaming of globus_internal.h into llgt_globus_internal.h


Revision 15883 - Directory Listing
Modified Thu Jan 26 15:31:56 2012 UTC (9 years, 8 months ago) by msalle
Explicitly prefix globus_internal.h with llgt_ and insert macro to enforce
single inclusion.


Revision 15882 - Directory Listing
Modified Thu Jan 26 15:23:03 2012 UTC (9 years, 8 months ago) by msalle
Fix missing renames in include and doxygen comment


Revision 15881 - Directory Listing
Modified Thu Jan 26 15:18:26 2012 UTC (9 years, 8 months ago) by msalle
Update to remove all gss_cred_id_t to (STACKOF) X509 conversion from this plugin
and rely on the LCAS framework.


Revision 15880 - Directory Listing
Modified Thu Jan 26 15:13:18 2012 UTC (9 years, 8 months ago) by msalle
Fix gsi handling code to prevent clash with globus symbols: copy local
gss_cred_id_desc struct into _lcas_globus_internal.h, but prefixed with lcas_
Three local extraction functions are defined in lcas_gsi_utils.c.


Revision 15879 - Directory Listing
Modified Thu Jan 26 15:07:15 2012 UTC (9 years, 8 months ago) by msalle
Fix comment.


Revision 15878 - Directory Listing
Modified Thu Jan 26 14:47:48 2012 UTC (9 years, 8 months ago) by msalle
Remove local gss_cred_id_t to (STACKOF) X509 conversion since we can take it
from the lcmaps framework. Rename lcmaps_voms_utils.h into
lcmaps_voms_gsi_utils.h, it provides the function prototypes from the lcmaps
function that hack into the private gsi globus structs.



Revision 15877 - Directory Listing
Modified Thu Jan 26 11:18:23 2012 UTC (9 years, 8 months ago) by msalle
Add comments about internal globus structures and remove prototype of undefined
(no longer defined) function.


Revision 15876 - Directory Listing
Modified Thu Jan 26 11:07:08 2012 UTC (9 years, 8 months ago) by msalle
Cleanup of use of internal globus structures: introduce new header
_lcmaps_globus_internal.h which defines the necessary structures locally (with
non-clashing names). The necessary extraction functions are all defined in
lcmaps_gsi_utils.c and are not publicly advertised.
Cleanup of use of unused lcmaps_log_* variables in lcmaps_*_account_from_pem
interfaces.


Revision 15875 - Directory Listing
Modified Wed Jan 25 21:26:47 2012 UTC (9 years, 8 months ago) by msalle
Fix numerous bugs: fix daemonizing, in particular a second time after a SIGHUP,
fix logging to file: make sure we don't log to both and don't open syslog when
opening a file (?!).



Revision 15874 - Directory Listing
Modified Wed Jan 25 21:23:05 2012 UTC (9 years, 8 months ago) by msalle
Make sure not to OR with the new options or we can never clear an option.


Revision 15873 - Directory Listing
Modified Wed Jan 25 20:20:24 2012 UTC (9 years, 8 months ago) by msalle
Make sure we can actually log to file...


Revision 15872 - Directory Listing
Modified Wed Jan 25 17:52:54 2012 UTC (9 years, 8 months ago) by okoeroo
When an LCAS_LOG_FILE=<file> or LCMAPS_LOG_FILE=<file> is provided to the LLGT,
it opened a FILE handle (for each of the environments).

Now it also closes them.




Revision 15871 - Directory Listing
Modified Wed Jan 25 14:23:14 2012 UTC (9 years, 8 months ago) by msalle
Replacing LOG_DAEMON priority with LOG_DEBUG priority,


Revision 15870 - Directory Listing
Modified Wed Jan 25 12:46:41 2012 UTC (9 years, 8 months ago) by msalle
Update setAttribute functions to have a 'const **' argument (as they do). This
prevents unsafe casts. Move yylex_destroy prototype to pdl.c file from header
file, to prevent double definition.


Revision 15869 - Directory Listing
Modified Tue Jan 24 17:50:37 2012 UTC (9 years, 8 months ago) by dennisvd
change the use of Ini.Section to conform to the ini4j 0.5 API


Revision 15868 - Directory Listing
Modified Tue Jan 24 17:48:56 2012 UTC (9 years, 8 months ago) by dennisvd
Change the use of Ini.Section to conform to the ini4j 0.5 API


Revision 15867 - Directory Listing
Modified Tue Jan 24 16:03:58 2012 UTC (9 years, 8 months ago) by msalle
Remove unused argument to rewindContext, add missing prototype for
getContextClass()




Revision 15866 - Directory Listing
Modified Tue Jan 24 15:27:43 2012 UTC (9 years, 8 months ago) by msalle
Removing cleanup of buffer at EOF since it breaks multiple invocations of
LCMAPS in one executable.


Revision 15865 - Directory Listing
Modified Mon Jan 23 09:27:43 2012 UTC (9 years, 8 months ago) by msalle
Prefix all files with llgt_. Rename configure options file into llgt_config.h
Add missing llgt_config.h header to all c and h files.


Revision 15864 - Directory Listing
Modified Fri Jan 20 13:08:54 2012 UTC (9 years, 8 months ago) by msalle
Partial fix for using px509_chain instead of pem_string from LCMAPS framework.
Still need to add the proxy cert using px509_cred.


Revision 15863 - Directory Listing
Modified Fri Jan 20 11:30:32 2012 UTC (9 years, 8 months ago) by msalle
Add new header files.


Revision 15862 - Directory Listing
Modified Fri Jan 20 11:27:30 2012 UTC (9 years, 8 months ago) by msalle
Cleanup of code: splitup lcas and lcmaps dependent code in separate .c and .h
files, which are prefixed with llgt_ to prevent confusion with the framework
files. Further removal of dead code.



Revision 15861 - Directory Listing
Modified Fri Jan 20 09:41:38 2012 UTC (9 years, 8 months ago) by okoeroo
Bumping version of LCMAPS to 1.5.2 to reflect the getgrouplist() feature inclusion.



Revision 15860 - Directory Listing
Modified Fri Jan 20 09:41:02 2012 UTC (9 years, 8 months ago) by okoeroo
When getgrouplist() is available on the system (checked for by ./configure),
then the lcmaps_get_gidlist will internally use getgrouplist() to query the
system for the (secondary) groups associated to a particular account. This
function is notibly faster in environments where there is a central account
database, e.g. LDAP.




Revision 15859 - Directory Listing
Modified Fri Jan 20 09:36:13 2012 UTC (9 years, 8 months ago) by msalle
Make sure we keep a handle to the array of OHs as we have to clean them up
ourselves. Hence it's much easier to have an array of OHs instead of an array of
OH pointers.


Revision 15858 - Directory Listing
Modified Thu Jan 19 16:57:46 2012 UTC (9 years, 8 months ago) by msalle
Commented on function too many and forgot one.


Revision 15857 - Directory Listing
Modified Thu Jan 19 16:54:48 2012 UTC (9 years, 8 months ago) by msalle
Cleanup dead code: comment-out functions and their prototypes if they are not
being used. Also remove unused header files.



Revision 15856 - Directory Listing
Modified Thu Jan 19 16:20:32 2012 UTC (9 years, 8 months ago) by msalle
use LCMAPS framework lcmaps_get_gidlist() instead of local get_gidlist()


Revision 15855 - Directory Listing
Modified Wed Jan 18 18:28:33 2012 UTC (9 years, 8 months ago) by okoeroo
Bumped version.



Revision 15854 - Directory Listing
Modified Wed Jan 18 18:21:21 2012 UTC (9 years, 8 months ago) by okoeroo
New version 0.3.2 of the scas-client plug-in.

Fixes:
- Left over lcmaps_log() calls to numbered levels instead of syslog natively
  defined numbers.
- Integrates a patch from Brian Bockelman that ensures that the
  -authorization-only flag doesn't register any (possibly) returned Obligations
  into LCMAPS as a result. Previously the flag only prevented a plugin failure
  when a user is indicated to be authorized by SCAS/GUMS/SAZ, but not providing
  any Obligations (and associated attributes). This was to support the SAZ use
  case. Brian's use case is slightly different as is a service that DOES
  provide Obligation to the scas-client, but these MUST be ignored.




Revision 15853 - Directory Listing
Modified Tue Jan 17 19:04:36 2012 UTC (9 years, 9 months ago) by okoeroo
Renewed LCMAPS verify-proxy plug-in. Now with better internal memory handling.



Revision 15852 - Directory Listing
Modified Mon Jan 16 14:47:32 2012 UTC (9 years, 9 months ago) by msalle
Use lcmaps framework lcmaps_get_gidlist instead of locally defined function.


Revision 15851 - Directory Listing
Modified Mon Jan 16 14:45:39 2012 UTC (9 years, 9 months ago) by dennisvd
added several checks for java; included macros from
http://www.gnu.org/software/autoconf-archive


Revision 15850 - Directory Listing
Modified Mon Jan 16 12:06:18 2012 UTC (9 years, 9 months ago) by msalle
Make sure all local copies of globus structs have non-clashing names.


Revision 15849 - Directory Listing
Modified Mon Jan 16 10:55:04 2012 UTC (9 years, 9 months ago) by msalle
Update to call only yy_delete_buffer(), to stay compatible with flex 2.5.4.
We seem to be using one buffer in any case.


Revision 15848 - Directory Listing
Modified Fri Jan 13 14:02:38 2012 UTC (9 years, 9 months ago) by msalle
Cleanup code to limit the handling of internal globus structs. All these structs
are now defined in globus_internal.h. The need for this arises because there is
no public way of obtaining a gss_cred_id_t from a gss_ctx_id_t.



Revision 15847 - Directory Listing
Modified Thu Jan 12 12:50:44 2012 UTC (9 years, 9 months ago) by msalle
Fix proper handling of --disable-lcas:
- use of AM_CONDITIONAL in configure.ac 
- use of AC_DEFINE and #if(n)def to skip LCAS code
- don't compile lcas.c (not even as empty file)
Add some comments on globus modules.



Revision 15846 - Directory Listing
Modified Wed Jan 11 16:36:27 2012 UTC (9 years, 9 months ago) by msalle
log_file argument should be const char *


Revision 15845 - Directory Listing
Modified Wed Jan 11 13:28:48 2012 UTC (9 years, 9 months ago) by okoeroo
Bu,ping version.



Revision 15844 - Directory Listing
Modified Wed Jan 11 13:26:52 2012 UTC (9 years, 9 months ago) by okoeroo
Oops.



Revision 15843 - Directory Listing
Modified Wed Jan 11 13:26:12 2012 UTC (9 years, 9 months ago) by okoeroo
GGUS #77996 - A more clear error message when a Group ID could not be found on the system.




Revision 15842 - Directory Listing
Modified Wed Jan 11 11:38:36 2012 UTC (9 years, 9 months ago) by msalle
Remove OpenSSL cleanup calls from lcmaps_term() since this might interfere with
the calling application.



Revision 15841 - Directory Listing
Modified Tue Jan 10 15:39:25 2012 UTC (9 years, 9 months ago) by msalle
Add extra free()'s to cleanup OHs. One leak comes from the pep-api lib which
should be fixed by Valery.


Revision 15840 - Directory Listing
Modified Tue Jan 10 15:21:10 2012 UTC (9 years, 9 months ago) by msalle
Add cleanup code for OpenSSL to lcmaps_term(). Only OpenSSL leaks now come from
VOMS.


Revision 15839 - Directory Listing
Modified Tue Jan 10 15:07:35 2012 UTC (9 years, 9 months ago) by okoeroo
Added a curl based HTTP POST-ing SOAP tester for the EES.



Revision 15838 - Directory Listing
Modified Tue Jan 10 14:37:37 2012 UTC (9 years, 9 months ago) by msalle
Fix memleaks coming from flex.


Revision 15837 - Directory Listing
Modified Tue Jan 10 14:08:32 2012 UTC (9 years, 9 months ago) by msalle
Removing old symlinks


Revision 15836 - Directory Listing
Modified Tue Jan 10 11:49:11 2012 UTC (9 years, 9 months ago) by dennisvd
Copied from svn+ssh://svn@ndpfsvn.nikhef.nl/repos/pdpsoft/trunk/grid-mw-security/mwsec-utils

Full change log:
------------------------------------------------------------------------
r2477 | msalle | 2012-01-09 11:34:56 +0100 (ma, 09 jan 2012) | 2 lines
Changed paths:
   D /trunk/grid-mw-security/mwsec-utils/llrun/lcaslcmaps_getaccount_cli.c

Removing old link

------------------------------------------------------------------------
r2476 | msalle | 2012-01-09 11:26:09 +0100 (ma, 09 jan 2012) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/mwsec-utils/llgt_test/llgt_test.c
   M /trunk/grid-mw-security/mwsec-utils/llrun/llrun.c

Adding macros to test for dynamic library suffix.

------------------------------------------------------------------------
r2471 | msalle | 2012-01-06 11:34:26 +0100 (vr, 06 jan 2012) | 3 lines
Changed paths:
   A /trunk/grid-mw-security/mwsec-utils/llgt_test
   A /trunk/grid-mw-security/mwsec-utils/llgt_test/Makefile
   A /trunk/grid-mw-security/mwsec-utils/llgt_test/llgt_test.c

Adding llgt_test: a test tool for running the lcas-lcmaps-gt4-interface.


------------------------------------------------------------------------
r2470 | msalle | 2012-01-06 11:03:33 +0100 (vr, 06 jan 2012) | 2 lines
Changed paths:
   D /trunk/grid-mw-security/glexec/util
   A /trunk/grid-mw-security/mwsec-utils (from /trunk/grid-mw-security/glexec/util:2469)

Moving glexec/util to mwsec-utils.

------------------------------------------------------------------------
r2469 | msalle | 2011-12-23 11:47:31 +0100 (vr, 23 dec 2011) | 2 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/sac_from_source/emi2rc.config

Adding emi2 (RC) configs.

------------------------------------------------------------------------
r2468 | msalle | 2011-12-23 11:30:28 +0100 (vr, 23 dec 2011) | 7 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/sac_from_source/sac_from_source.sh

Numerous fixes to deal with the reorganised saml2-xacml2-c-lib:
- it automatically figures out if there is a gsoap tarball shipped, if so it
  uses it, otherwise use system default
- gsoap-prefix sets --with-gsoap=<path>, also set in configflag file
- component is not renamed inside the script, but an SVN tag can be specified as
    -C saml2_xacml2_c_lib,tag:tags/xacml/1_1_0

------------------------------------------------------------------------
r2467 | dennisvd | 2011-12-22 16:49:28 +0100 (do, 22 dec 2011) | 2 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/Makefile.am
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/bootstrap
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/configure.ac

initial attempt at using autotools

------------------------------------------------------------------------
r2466 | msalle | 2011-12-21 13:13:08 +0100 (wo, 21 dec 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/mkgltempdir/mkgltempdir

Updating version.

------------------------------------------------------------------------
r2430 | msalle | 2011-09-22 12:24:13 +0200 (do, 22 sep 2011) | 5 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/llrun/llrun.c

Remove extra lcmaps_term calls (already called by the lcmaps_return_*
functions). Add explicit call of va_end. Add (commented-out) calls to setvbuf to
change to unbuffered output.


------------------------------------------------------------------------
r2419 | msalle | 2011-09-06 12:29:46 +0200 (di, 06 sep 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/sac_from_source/sac_from_source.sh

Use latest stable GT5 by default.

------------------------------------------------------------------------
r2302 | msalle | 2011-05-30 11:51:12 +0200 (ma, 30 mei 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/sac_from_source/emi1rc.config
   M /trunk/grid-mw-security/glexec/util/sac_from_source/sac_from_source.sh

Add EMI-1 tags for VOMS and PEP-API

------------------------------------------------------------------------
r2291 | msalle | 2011-05-03 14:50:52 +0200 (di, 03 mei 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/llrun/llrun.c

Fix bug: fqans_idx was uninitialized.

------------------------------------------------------------------------
r2289 | msalle | 2011-04-29 11:48:03 +0200 (vr, 29 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/sac_from_source/sac_from_source.sh

Bumping version to 0.3.0: new tracking plugin etc.

------------------------------------------------------------------------
r2288 | msalle | 2011-04-29 11:46:35 +0200 (vr, 29 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/sac_from_source/emi1rc.config

Update LCMAPS-plugins-C-pep version to 1.1.4

------------------------------------------------------------------------
r2285 | msalle | 2011-04-14 16:38:33 +0200 (do, 14 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/sac_from_source/emi1rc.config

Update lcmaps version and reorder in alphabetical order.

------------------------------------------------------------------------
r2282 | msalle | 2011-04-12 16:00:49 +0200 (di, 12 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/sac_from_source/emi1rc.config

Update LL-GT4 and gLExec versions.

------------------------------------------------------------------------
r2276 | msalle | 2011-04-07 10:45:42 +0200 (do, 07 apr 2011) | 2 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/glexec_from_source
   A /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli

Adding symlinks to old dir names.

------------------------------------------------------------------------
r2275 | msalle | 2011-04-07 10:44:14 +0200 (do, 07 apr 2011) | 2 lines
Changed paths:
   D /trunk/grid-mw-security/glexec/util/glexec_from_source
   A /trunk/grid-mw-security/glexec/util/sac_from_source (from /trunk/grid-mw-security/glexec/util/glexec_from_source:2273)

Renaming glexec_from_source dir  into sac_from_source

------------------------------------------------------------------------
r2274 | msalle | 2011-04-07 10:43:18 +0200 (do, 07 apr 2011) | 2 lines
Changed paths:
   D /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli

Removing util/lcaslcmaps_getaccount_cli dir

------------------------------------------------------------------------
r2273 | msalle | 2011-04-07 10:41:35 +0200 (do, 07 apr 2011) | 2 lines
Changed paths:
   D /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/ll_certification.sh
   A /trunk/grid-mw-security/glexec/util/llrun/ll_certification.sh (from /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/ll_certification.sh:2272)

Moving ll_certification.sh into llrun directory

------------------------------------------------------------------------
r2272 | msalle | 2011-04-07 10:40:34 +0200 (do, 07 apr 2011) | 2 lines
Changed paths:
   D /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/build.sh
   D /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c
   D /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/llrun.c
   D /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/vomsfix.c
   A /trunk/grid-mw-security/glexec/util/llrun (from /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli:2091)
   R /trunk/grid-mw-security/glexec/util/llrun/llrun.c (from /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/llrun.c:2093)

Renaming lcas_lcmaps_get_account_cli directory into llrun

------------------------------------------------------------------------
r2271 | msalle | 2011-04-06 14:16:50 +0200 (wo, 06 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Small cosmetic change to printing results.

------------------------------------------------------------------------
r2270 | msalle | 2011-04-06 13:21:13 +0200 (wo, 06 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Updating C-pep version.

------------------------------------------------------------------------
r2269 | msalle | 2011-04-06 10:41:55 +0200 (wo, 06 apr 2011) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Adding lcmaps-plugins-tracking-groupid tag.


------------------------------------------------------------------------
r2268 | msalle | 2011-04-06 10:01:39 +0200 (wo, 06 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Adding support for lcmaps_plugins_tracking_groupid.

------------------------------------------------------------------------
r2254 | msalle | 2011-04-05 13:56:03 +0200 (di, 05 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Fix for non-locatable secondary globus deps: Set LD_LIBRARY_PATH

------------------------------------------------------------------------
r2252 | msalle | 2011-04-05 13:26:18 +0200 (di, 05 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Updating ees, glexec and lcmaps-plugins-basic versions.

------------------------------------------------------------------------
r2250 | okoeroo | 2011-04-04 22:06:27 +0200 (ma, 04 apr 2011) | 1 line
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/ll_certification.sh

Able to build most to all interesting permutation of the LCAS and LCMAPS configuration file. (Yes, this is a lot of code monkey work)
------------------------------------------------------------------------
r2249 | msalle | 2011-04-04 18:00:25 +0200 (ma, 04 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Update jobrep plugin version.

------------------------------------------------------------------------
r2248 | msalle | 2011-04-04 16:52:46 +0200 (ma, 04 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

gLExec tag: 0.8.7

------------------------------------------------------------------------
r2247 | okoeroo | 2011-04-04 16:19:58 +0200 (ma, 04 apr 2011) | 1 line
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/ll_certification.sh

Added LCAS config file creation lines
------------------------------------------------------------------------
r2246 | msalle | 2011-04-04 14:36:13 +0200 (ma, 04 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Update EES and gLExec tags.

------------------------------------------------------------------------
r2245 | okoeroo | 2011-04-04 13:20:20 +0200 (ma, 04 apr 2011) | 1 line
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/ll_certification.sh

New checks added
------------------------------------------------------------------------
r2244 | okoeroo | 2011-04-04 12:37:31 +0200 (ma, 04 apr 2011) | 1 line
Changed paths:
   A /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/ll_certification.sh

Added the ll_certification.sh script. The script revolves around the llrun tool which is a stand-alone tool to test LCAS and LCMAPS. This new script will try out a set of configurations to assess if LCAS, LCMAPS and associated plug-ins are working as designed
------------------------------------------------------------------------
r2243 | msalle | 2011-04-04 11:33:02 +0200 (ma, 04 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

When DESTDIR="" is specified: explicitly remove the already set default setting.

------------------------------------------------------------------------
r2242 | msalle | 2011-04-01 17:23:54 +0200 (vr, 01 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Update glexec version

------------------------------------------------------------------------
r2241 | msalle | 2011-04-01 16:13:30 +0200 (vr, 01 apr 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Update EMI-1 versions.

------------------------------------------------------------------------
r2240 | msalle | 2011-03-31 17:48:41 +0200 (do, 31 mrt 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Update versions to match EMI RC-3 and IGE

------------------------------------------------------------------------
r2239 | msalle | 2011-03-31 16:18:06 +0200 (do, 31 mrt 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Update to EES to 0.0.7 

------------------------------------------------------------------------
r2238 | msalle | 2011-03-30 16:23:38 +0200 (wo, 30 mrt 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Update EES tag

------------------------------------------------------------------------
r2237 | msalle | 2011-03-29 16:07:39 +0200 (di, 29 mrt 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Update EES tag: 0.0.5

------------------------------------------------------------------------
r2236 | msalle | 2011-03-28 15:49:27 +0200 (ma, 28 mrt 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Small fix: make dist should not lead to non-saving of voms flags.

------------------------------------------------------------------------
r2235 | msalle | 2011-03-24 14:04:50 +0100 (do, 24 mrt 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Update tags: ees, lcmaps-plugins-c-pep, globus

------------------------------------------------------------------------
r2234 | msalle | 2011-03-22 11:53:05 +0100 (di, 22 mrt 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Update lcmaps-plugins-jobrep version.

------------------------------------------------------------------------
r2230 | msalle | 2011-03-17 11:07:39 +0100 (do, 17 mrt 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Removing age, to follow new style in mwsec.

------------------------------------------------------------------------
r2225 | msalle | 2011-03-06 18:54:57 +0100 (zo, 06 mrt 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Update versions to latest Release Candidate

------------------------------------------------------------------------
r2223 | msalle | 2011-03-04 14:13:55 +0100 (vr, 04 mrt 2011) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Remove tracking option: it doesn't make sense: we don't want to branch, just
checkout

------------------------------------------------------------------------
r2220 | msalle | 2011-03-02 13:02:46 +0100 (wo, 02 mrt 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Updating glexec and lcmaps-plugins-c-pep versions, adding ees version.

------------------------------------------------------------------------
r2216 | msalle | 2011-03-01 13:28:27 +0100 (di, 01 mrt 2011) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Add missing --track option and changing the tag/branch name to include origin/
See git-checkout(1).

------------------------------------------------------------------------
r2215 | msalle | 2011-02-27 17:21:57 +0100 (zo, 27 feb 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Fix typo in voms-includes dir.

------------------------------------------------------------------------
r2214 | msalle | 2011-02-25 16:13:31 +0100 (vr, 25 feb 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Update jobrep tag

------------------------------------------------------------------------
r2213 | msalle | 2011-02-25 14:13:48 +0100 (vr, 25 feb 2011) | 2 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/emi1rc.config

Tags for our emi-sac components matching EMI-1

------------------------------------------------------------------------
r2208 | msalle | 2011-02-24 14:46:12 +0100 (do, 24 feb 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/wrap-env-var/README_glexecwrappers
   M /trunk/grid-mw-security/glexec/util/wrap-env-var/glexec_wrap.sh

Update to remove /opt/glite reference. Now use /usr as default.

------------------------------------------------------------------------
r2206 | msalle | 2011-02-24 14:39:43 +0100 (do, 24 feb 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/mkgltempdir/mkgltempdir

Removing /opt/glite -> /usr

------------------------------------------------------------------------
r2205 | msalle | 2011-02-24 11:06:22 +0100 (do, 24 feb 2011) | 5 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Make failing dist tarball creation a non-fatal and separate error.
Hence dependencies can still be successful. It will still be added to the failed
components file to ease rebuilding.
Also update the default svn root to the non-https Nikhef ndpf svn.

------------------------------------------------------------------------
r2184 | msalle | 2011-02-08 17:17:47 +0100 (di, 08 feb 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Using default branch instead of tag for voms_git

------------------------------------------------------------------------
r2183 | msalle | 2011-02-07 17:12:24 +0100 (ma, 07 feb 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Fix typo: lcmaps-interface should be lcmaps_interface

------------------------------------------------------------------------
r2182 | msalle | 2011-02-07 11:17:35 +0100 (ma, 07 feb 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Update voms dependencies.

------------------------------------------------------------------------
r2181 | msalle | 2011-02-06 17:12:54 +0100 (zo, 06 feb 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

VOMS still seems to have problems with default prefix: override it in any case.

------------------------------------------------------------------------
r2175 | msalle | 2011-02-03 15:55:16 +0100 (do, 03 feb 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

EES is now properly in mwsec tree.

------------------------------------------------------------------------
r2174 | msalle | 2011-02-02 16:19:09 +0100 (wo, 02 feb 2011) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Rename voms component name into voms instead of org.glite.security.voms, for SVN
and git. Also remove remaining remnants of build.common-cpp.

------------------------------------------------------------------------
r2171 | msalle | 2011-02-02 12:55:14 +0100 (wo, 02 feb 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Install gsoap into the <saml2_xacml2_c_lib>/gsoap-build directory.

------------------------------------------------------------------------
r2169 | msalle | 2011-02-02 11:52:10 +0100 (wo, 02 feb 2011) | 7 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

- Update usage/help text, in particular to clarify the different supported
  (configure) flags, also number of minor clarifications.
- fix voms: no longer need to override default prefix.
- fix bug in lcas-interface: forgot to set the checkout directory.
- fix pep-api: new branch 2.0 does not need to override the prefix and datadir.


------------------------------------------------------------------------
r2165 | msalle | 2011-02-01 16:26:14 +0100 (di, 01 feb 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Move to version 2 of the PEP-api

------------------------------------------------------------------------
r2164 | msalle | 2011-02-01 11:00:46 +0100 (di, 01 feb 2011) | 8 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Add more general git support (gitget function)
- gitrepo: and tag: are used to clone and checkout a git repository.
- voms now defaults to git:
    * tag starting with glite-security-voms triggers CVS
    * tag svn triggers SVN
    * other tag git using that tag.
Fix bug when forgetting to specify a component as first entry in a configline.

------------------------------------------------------------------------
r2163 | msalle | 2011-01-31 17:43:53 +0100 (ma, 31 jan 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

VOMS still sets default prefix on /opt/glite: override it.

------------------------------------------------------------------------
r2162 | msalle | 2011-01-31 17:09:14 +0100 (ma, 31 jan 2011) | 10 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Treat voms (git) on same footing as our own compo since it now properly
conformsto the autotools.
Removal of special voms= support, since it only complicates.
Addition of make dist for voms (for git).
Fix of old SVN (formerly devel) and CVS versions of VOMS:
- set libdir correctly
- use either ${prefix}/glite/security or ${myincludedir} (when specified)

Properly use $PROG.

------------------------------------------------------------------------
r2161 | msalle | 2011-01-30 20:43:28 +0100 (zo, 30 jan 2011) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

- Make sure DISTDIR exists.
- cleanup old-style voms (globus flavor)

------------------------------------------------------------------------
r2160 | msalle | 2011-01-30 18:40:33 +0100 (zo, 30 jan 2011) | 16 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Number of bug fixes:
- removal globus libdir: it's almost impossible to hack around the hard-coded
  /lib
- voms install location is now read in from file
- rename gridsite_core module into gridsite, it wasn't consistent anyway
- only save install locations for globus gridsite and voms when they fail:
  they're unimportant for other compos
- properly return/propagate globus exit value.
- fix mistake in setting old-style voms_includes
- remove globus flavor from old-voms, it would not build libvomsapi.so, only
  flavoured ones and lcmaps etc. would fail.
- set correct libdir for gsoap configure.

Now builds on RH-5 old-style glite and new-style EPEL


------------------------------------------------------------------------
r2158 | msalle | 2011-01-28 15:47:39 +0100 (vr, 28 jan 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Fix voms_includes for old style voms.

------------------------------------------------------------------------
r2157 | msalle | 2011-01-28 15:18:24 +0100 (vr, 28 jan 2011) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Update ash -> sh and update globus flags for voms_cvs 

------------------------------------------------------------------------
r2156 | msalle | 2011-01-28 14:45:46 +0100 (vr, 28 jan 2011) | 20 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh

Many bugfixes, some new features:
- jobrep_api and lcmaps_plugins_jobrep
- make dist support, into DISTDIR which can be set using -F 
  Only voms doesn't properly produce a dist tarball.
- default DESTDIR is /tmp/build
- removal of lcmaps .la files.
- updates in help text.
- always build in known_targets order, and skip duplicates (instead of error)
- when building lcmaps/lcas don't build lcmaps/lcas-interface
- support for libdir overrides.
- split cvsget into cvsget and cvswebget
- remove obsolete copy_files()
- add warnings about 'created file' to failedfile.txt and configfile.txt
- support for building externals gridsite, globus and voms in separate
  directories.
- properly deal with lib vs lib64 in gridsite, voms and globus.
- single flags: not combined lcmaps_flags but separate lcmaps_prefix_flag etc.
- move from exit to myexit, which removes temp file.
 

------------------------------------------------------------------------
r2155 | msalle | 2011-01-25 18:12:52 +0100 (di, 25 jan 2011) | 11 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/sac_from_source.sh (from /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh:2115)

Major rework from glite_from_source.sh. Still in progress.
New features:
- uses the new mwsec svn repo by default.
- installs in DESTDIR: sets correct flags for other components: can use to
  package tools.
- saves configure flags for reuse
- saves failed component name for reuse using -i
- can import flags from file and command line (-f and -F)
- can now specify tags etc. on commandline (-C)


------------------------------------------------------------------------
r2117 | okoeroo | 2010-12-16 12:12:55 +0100 (do, 16 dec 2010) | 8 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

Moved the lcmaps function to lcmaps_old.

The new (plain) lcmaps function will NOT copy the .m4 files from the common_cpp directory.
Further more the configure options are tailored to use the Globus non-threaded flavor (if a flavor is to be selected) and the VOMS library location is set.




------------------------------------------------------------------------
r2115 | msalle | 2010-12-01 16:12:20 +0100 (wo, 01 dec 2010) | 4 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- new local function copy_files: srcdir targetdir files, only copies files when
  targetdir/file doesn't yet exist.


------------------------------------------------------------------------
r2114 | msalle | 2010-11-30 17:33:16 +0100 (di, 30 nov 2010) | 5 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- fix for non-existing -n option for old cp: never fail on copy, just ignore
  return value.
- removing common_cpp deps on lcmaps and lcmaps_interface


------------------------------------------------------------------------
r2113 | msalle | 2010-11-30 16:05:43 +0100 (di, 30 nov 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- changing cp flag -f into -n: only copy when doesn't exist.


------------------------------------------------------------------------
r2112 | okoeroo | 2010-11-27 19:25:07 +0100 (za, 27 nov 2010) | 3 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/nikhef_HEAD.config

New config, only HEAD version for bleeding edge developments.


------------------------------------------------------------------------
r2110 | msalle | 2010-11-23 22:34:51 +0100 (di, 23 nov 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/OSG_glite32cert.config

Updating OSG_glite32cert.config to the decided lcmaps-plugins-scas-client
version.

------------------------------------------------------------------------
r2108 | msalle | 2010-11-22 21:30:11 +0100 (ma, 22 nov 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

removing extraneous --with-globus flag for git voms build: it's no longer needed
or understood.

------------------------------------------------------------------------
r2103 | msalle | 2010-11-18 18:27:11 +0100 (do, 18 nov 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32cert.config
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/internal-dev.config

Updating VOMS to certified version.

------------------------------------------------------------------------
r2100 | msalle | 2010-11-18 18:22:48 +0100 (do, 18 nov 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/OSG_glite32cert.config
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32dev.config

Updating voms to latest in glite-3.2 certified.


------------------------------------------------------------------------
r2097 | msalle | 2010-11-18 17:36:44 +0100 (do, 18 nov 2010) | 5 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/OSG_glite32cert.config

Updating:
- glexec tag -> new one is certified
- lcmaps (and interface) tag -> fixes bug found by Brian


------------------------------------------------------------------------
r2094 | msalle | 2010-11-18 15:37:44 +0100 (do, 18 nov 2010) | 6 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32cert.config
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32dev.config

- cert: new glexec 0.8.1-1
- dev:
    adding globus tag,
    updating lcmaps tag
    updating c-pep plugin tag

------------------------------------------------------------------------
r2093 | msalle | 2010-11-18 15:26:40 +0100 (do, 18 nov 2010) | 5 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/llrun.c

- Minor update of comments, reordering etc.
- explicitly calling dlerror() before loading symbols to make sure we cannot
  fail on an old error (see dlsym manpage).


------------------------------------------------------------------------
r2092 | msalle | 2010-11-18 15:25:23 +0100 (do, 18 nov 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- Adding VOMS-from-git build, can be triggered using special tag:git for VOMS.

------------------------------------------------------------------------
r2091 | msalle | 2010-11-17 17:37:07 +0100 (wo, 17 nov 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/llrun.c

Reordering typedef definition: lc*a*s_t needs opts_t and cred_t.

------------------------------------------------------------------------
r2090 | msalle | 2010-11-17 17:33:44 +0100 (wo, 17 nov 2010) | 2 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

Adding symlink lcaslcmaps_getaccount_cli.c to new style llrun.c

------------------------------------------------------------------------
r2089 | msalle | 2010-11-17 16:34:32 +0100 (wo, 17 nov 2010) | 7 lines
Changed paths:
   D /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/Makefile
   A /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/build.sh
   D /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c
   A /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/llrun.c
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/vomsfix.c

New version of the previous lcaslcmaps_getaccount_cli.c:
- code cleanup
- new lcmaps api support: disabling voms
- support for different syslog facility.
- adding a build.sh script to automat(g)ically build cross-platform


------------------------------------------------------------------------
r2088 | okoeroo | 2010-11-13 18:23:49 +0100 (za, 13 nov 2010) | 4 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

Added the use of the lcmaps_account_info_clean() function. It will be dynamically loaded and executed when the LCMAPS framework run is done, or when an error occured and the account information needs to be cleaned up.
It will free the lcmaps_account_info_t struct.


------------------------------------------------------------------------
r2083 | okoeroo | 2010-11-10 12:15:40 +0100 (wo, 10 nov 2010) | 3 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/internal-dev.config

Added special configuration for internal development purposes.


------------------------------------------------------------------------
r2081 | aramv | 2010-11-09 21:13:56 +0100 (di, 09 nov 2010) | 1 line
Changed paths:
   M /trunk/grid-mw-security/ees-plugins-one/src/main.c
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

Initial commit of EESObligationHandler prototype
------------------------------------------------------------------------
r2077 | okoeroo | 2010-11-08 22:35:14 +0100 (ma, 08 nov 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32dev.config

Updated SCAS-Client tag


------------------------------------------------------------------------
r2076 | okoeroo | 2010-11-02 17:20:43 +0100 (di, 02 nov 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32dev.config

Updated active development version of SCAS to the latest tag. Which solve the build issue that the man page will not be overwritten by GNU install.


------------------------------------------------------------------------
r2073 | msalle | 2010-11-02 13:22:02 +0100 (di, 02 nov 2010) | 17 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/OSG_glite32cert.config
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32cert.config
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32dev.config
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- glite_from_source.sh:
    lcmaps_interface no longer needs globus paths, since it no longer needs
    globus or voms. Only needs the m4 macros for the AC_DEFUNC() definitions in
    the configure.
- OSG_glite32cert.config:
    - moving glexec tag to glite32cert part.
    - updating lcmaps(-interface) version to 1.4.25-1
    - downgrading voms version to 1.9.17-1 (due to 2 voms bugs)
- glite32cert.config:
    - updating glexec to new
    - downgrading voms version to 1.9.17-1 (due to 2 voms bugs)
- glite32dev.config:
    - updating glexec, lcmaps and lcmaps_interface to latest versions.
    



------------------------------------------------------------------------
r2069 | msalle | 2010-10-28 22:02:34 +0200 (do, 28 okt 2010) | 4 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- adding -v option: printing version.
- first version: 0.1.0-1


------------------------------------------------------------------------
r2066 | msalle | 2010-10-28 11:02:59 +0200 (do, 28 okt 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/mkgltempdir/mkgltempdir

-V option should be lower case in help...

------------------------------------------------------------------------
r2065 | msalle | 2010-10-28 11:01:57 +0200 (do, 28 okt 2010) | 16 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/mkgltempdir/mkgltempdir

- few bug fixes:
    removal didn't work, because gLExec 0.8 (and 0.7) no longer stays in cwd if
    chdir to homedir fails, but *returns* to cwd. If that fails (e.g. permission
    denied) gLExec does a cd to /. Hence securedir must in any case be 711 when
    trying to remove tmpdir. Furthermore the argument to rmdir and rm -rf must
    be absolute.
- adding -v option: version
- updating help to show all possible options, including -h, -f and the new -v
- fixing problem with options needing an argument, but not getting one: shift 2
  failed resulting in an endless loop.
- explicitly adding a path and having script figuring out the location of all
  the tools.
- adding variable for rmdir.
- changing one missing chmod into $chmod


------------------------------------------------------------------------
r2064 | msalle | 2010-10-22 13:26:00 +0200 (vr, 22 okt 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- updating globus URL for tbz download

------------------------------------------------------------------------
r2063 | msalle | 2010-10-22 09:29:48 +0200 (vr, 22 okt 2010) | 4 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- adding support for -x option: exit on error, in which case the script exits as
  soon as a target build fails.


------------------------------------------------------------------------
r2062 | msalle | 2010-10-21 17:03:37 +0200 (do, 21 okt 2010) | 5 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- automatically making source, build and globus directories absolute by adding
  cwd. Updating usage() accordingly.
- adding warning() convenience function.


------------------------------------------------------------------------
r2061 | msalle | 2010-10-21 15:59:47 +0200 (do, 21 okt 2010) | 4 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32dev.config
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- adding voms_devel() which is triggered when specifying special voms tag devel
- updating glite32dev to actually use the voms_devel (as used in
  glite_branch_3_2_dev

------------------------------------------------------------------------
r2060 | msalle | 2010-10-21 15:33:08 +0200 (do, 21 okt 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.voms2.sh

Syncing with glexec_globus_from_source.sh


------------------------------------------------------------------------
r2059 | msalle | 2010-10-21 15:32:39 +0200 (do, 21 okt 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh

Removing dead code

------------------------------------------------------------------------
r2058 | msalle | 2010-10-21 15:28:45 +0200 (do, 21 okt 2010) | 4 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/OSG_glite32cert.config

Updating lcmaps_plugins_basic tag and reordering to make differences with
glite_3_2_cert clearer.


------------------------------------------------------------------------
r2053 | msalle | 2010-10-20 20:55:23 +0200 (wo, 20 okt 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/OSG_glite32cert.config
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32cert.config
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32dev.config

- updating pep-c version to match glite_3_2_cert

------------------------------------------------------------------------
r2052 | msalle | 2010-10-20 11:04:27 +0200 (wo, 20 okt 2010) | 12 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- included error function
- error when target is included >1
- usage() prints possible exit values
- glexec pre-0.8 and newstyle both build, automatically switches based on given
  tag.
- saml2-xacml2-c-lib looks for gsoaps-2.7*.tar.gz, if present: unpack, otherwise
  assume it's included in the source. This allows building both 0.0.* and 0.1.*
  versions.
- ees svnroot autosetting updated: when no tag or HEAD is given, use trunk/
  otherwise use tags/


------------------------------------------------------------------------
r2051 | msalle | 2010-10-19 17:30:08 +0200 (di, 19 okt 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32cert.config
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32dev.config

HEAD doesn't work for EES, due to the svn nature...

------------------------------------------------------------------------
r2050 | msalle | 2010-10-19 17:29:10 +0200 (di, 19 okt 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/OSG_glite32cert.config

lcas-plugins-basic tag didn't exist: should (probably) be the one from _cert

------------------------------------------------------------------------
r2049 | msalle | 2010-10-19 17:00:36 +0200 (di, 19 okt 2010) | 2 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/OSG_glite32cert.config
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32cert.config
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/glite32dev.config

- adding the suggested CVS tag configuration files

------------------------------------------------------------------------
r2048 | msalle | 2010-10-19 17:00:00 +0200 (di, 19 okt 2010) | 5 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- adding possibility to print supported etics download platforms: -p help
- clarifying usage() text
- print warning text when no targets are specified


------------------------------------------------------------------------
r2047 | msalle | 2010-10-18 12:41:47 +0200 (ma, 18 okt 2010) | 4 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

- fix lcmaps_interface: it needs globus (unfortunally), now it matches etics
  again.
- print total build time in seconds.

------------------------------------------------------------------------
r2046 | msalle | 2010-10-15 15:48:52 +0200 (vr, 15 okt 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

remove extra echo

------------------------------------------------------------------------
r2045 | msalle | 2010-10-15 15:47:30 +0200 (vr, 15 okt 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh

copy&paste typo: source is now in uppercase

------------------------------------------------------------------------
r2044 | msalle | 2010-10-15 15:36:02 +0200 (vr, 15 okt 2010) | 2 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_from_source.sh (from /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh:2043)
   D /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh

rename into glite_from_source.sh since it's not always globus from source

------------------------------------------------------------------------
r2043 | msalle | 2010-10-15 15:35:06 +0200 (vr, 15 okt 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh

- merge globus source / etics: switched using -p <platform>


------------------------------------------------------------------------
r2042 | msalle | 2010-10-15 14:44:25 +0200 (vr, 15 okt 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh

- bugfix: when using custom dir, svnget should remove that one.


------------------------------------------------------------------------
r2041 | msalle | 2010-10-15 14:36:56 +0200 (vr, 15 okt 2010) | 5 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh

- cvsget/svnget/get now can unpack in a custom dir: needed for lcmaps_interface
  which uses same lcmaps source as lcmaps itself.
- when downloading via webcvs always remove old source dir.


------------------------------------------------------------------------
r2040 | msalle | 2010-10-14 17:24:17 +0200 (do, 14 okt 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh

Small change to make eval more reliable. 

------------------------------------------------------------------------
r2039 | msalle | 2010-10-14 16:49:38 +0200 (do, 14 okt 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh

fix typo in ees component

------------------------------------------------------------------------
r2038 | msalle | 2010-10-14 16:16:13 +0200 (do, 14 okt 2010) | 7 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh

- svn checkout needs explicit download directory.

- fix copy&paste typo for lcmaps_plugins_voms

- add missing setdeps for lcas_interface target


------------------------------------------------------------------------
r2037 | msalle | 2010-10-14 15:09:06 +0200 (do, 14 okt 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh

Fixing typos in lcmaps_plugins_voms module


------------------------------------------------------------------------
r2036 | msalle | 2010-10-14 14:52:17 +0200 (do, 14 okt 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh

- specified directories should be absolute
- reorder build and print function

------------------------------------------------------------------------
r2035 | msalle | 2010-10-14 14:36:56 +0200 (do, 14 okt 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh

ash(es) to sh


------------------------------------------------------------------------
r2034 | msalle | 2010-10-14 14:35:19 +0200 (do, 14 okt 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh

Dropping newline in known target list

------------------------------------------------------------------------
r2033 | msalle | 2010-10-14 14:23:58 +0200 (do, 14 okt 2010) | 8 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/glite_globus_from_source.sh

First checkin glexec_from_source new style, adding
- config file
- input file for targets
- redirect of std{err,out}
- ...



------------------------------------------------------------------------
r1983 | dennisvd | 2010-09-30 16:46:47 +0200 (do, 30 sep 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcmaps-tests/lcmaps.test/nogsi.exp

removed spurious encoded '/' from the poolindex

------------------------------------------------------------------------
r1982 | dennisvd | 2010-09-30 16:27:30 +0200 (do, 30 sep 2010) | 2 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/lcmaps-tests/Makefile
   A /trunk/grid-mw-security/glexec/util/lcmaps-tests/config
   A /trunk/grid-mw-security/glexec/util/lcmaps-tests/config/unix.exp
   A /trunk/grid-mw-security/glexec/util/lcmaps-tests/lcmaps.db.in
   A /trunk/grid-mw-security/glexec/util/lcmaps-tests/lcmaps.test
   A /trunk/grid-mw-security/glexec/util/lcmaps-tests/lcmaps.test/nogsi.exp

Initial check-in of test suite.

------------------------------------------------------------------------
r1981 | dennisvd | 2010-09-30 16:23:32 +0200 (do, 30 sep 2010) | 2 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/lcmaps-tests

new test suite for lcmaps interfaces

------------------------------------------------------------------------
r1980 | dennisvd | 2010-09-30 15:05:16 +0200 (do, 30 sep 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

Oscar gets a cookie for finding a copy+paste bug; loadlcmaps with the wrong mode.
LCMAPS_RETURN_ACCOUNT_WITHOUT_GSI instead of LCMAPS_RETURN_POOLINDEX_WITHOUT_GSI.

------------------------------------------------------------------------
r1977 | dennisvd | 2010-09-29 11:29:10 +0200 (wo, 29 sep 2010) | 1 line
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

strdup is not required for fqans
------------------------------------------------------------------------
r1950 | dennisvd | 2010-09-28 10:44:36 +0200 (di, 28 sep 2010) | 2 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/Makefile

rudimentary Makefile for building this utility.

------------------------------------------------------------------------
r1949 | dennisvd | 2010-09-27 22:35:52 +0200 (ma, 27 sep 2010) | 10 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

Extended to include the without_gsi interface calls:

	 - added command-line option to select mode
	 - added command-line options to set DN and FQAN
	 - renamed the lcmaps functions that were under control
	   of #ifdef blocks to mode specific ones
	 - conditional loading of symbols from lcmaps library depending on mode

Yet untested.

------------------------------------------------------------------------
r1947 | okoeroo | 2010-09-24 15:42:55 +0200 (vr, 24 sep 2010) | 10 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

Split the interfaces by using three different defines:

Used by gLExec:
#define LCMAPS_RETURN_ACCOUNT_FROM_PEM

Use by Without GSI:
#define LCMAPS_RETURN_POOLINDEX_WITHOUT_GSI 
#define LCMAPS_RETURN_ACCOUNT_WITHOUT_GSI


------------------------------------------------------------------------
r1928 | msalle | 2010-09-21 16:33:24 +0200 (di, 21 sep 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/mkgltempdir/mkgltempdir

Make sure also TMPDIR is accessible for the target user.


------------------------------------------------------------------------
r1927 | msalle | 2010-09-21 15:54:45 +0200 (di, 21 sep 2010) | 8 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/mkgltempdir/mkgltempdir

Two fixes:
- mktemp only uses absolute path templates, including the main one for
  targetdir. gLExec tries a chmod to the target homedir, so the directory would
  have been made there, not in stickydir.
- temporarily open securedir for mktemp, because glexec now runs in / not in the
  cwd of the calling user.


------------------------------------------------------------------------
r1926 | msalle | 2010-09-21 15:22:27 +0200 (di, 21 sep 2010) | 9 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/mkgltempdir/mkgltempdir

- making sure all paths are absolute, hopefully portable enough. For glexec
  itself, the location will be based on GLEXEC_LOCATION if set, or alternatively 
  GLITE_LOCATION if that is set, or /opt/glite in other cases.
  Note that gLExec does not use PATH since it calls execve which ignores PATH.

Note: it seems the current setup is broken, since securedir is 0700, which means
any subdir is unaccessible?!


------------------------------------------------------------------------
r1900 | okoeroo | 2010-08-30 19:03:06 +0200 (ma, 30 aug 2010) | 9 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/wrap-env-var/glexec_wrap.sh

This fix will address GGUS ticket 58560: "glite-GLEXEC_wn makes uses of GLEXEC_LOCATION instead of GLITE_LOCATION"

The script will build-up a BASEDIR. The GLEXEC_LOCATION will be used first, with a fall back to GLITE_LOCATION and if that is not set, the "/opt/glite" directory will be used as a best guess.






------------------------------------------------------------------------
r1875 | msalle | 2010-08-09 12:59:52 +0200 (ma, 09 aug 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_from_source.sh
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.voms2.sh

Adding missing lcmaps to list of deps for scas-client

------------------------------------------------------------------------
r1873 | msalle | 2010-08-04 16:42:17 +0200 (wo, 04 aug 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

- properly cleaning rsl and pemstring


------------------------------------------------------------------------
r1870 | msalle | 2010-07-30 12:28:50 +0200 (vr, 30 jul 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_from_source.sh
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.voms2.sh

- writing out {,} constructions
- consistently using exit values

------------------------------------------------------------------------
r1859 | msalle | 2010-07-19 13:47:53 +0200 (ma, 19 jul 2010) | 10 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

Making the getMajorVersion() lookup almost failsafe...:
- It first looks in the global symbols using dlopen(NULL,...).
  This works when compiled with
    -rdynamic
  or
    -L. -lvomsfix
- It then tries to dlopen libvomsfix.so.
- When that fails, it tries to dlopen liblcas.so


------------------------------------------------------------------------
r1858 | msalle | 2010-07-19 12:22:33 +0200 (ma, 19 jul 2010) | 4 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

By compiling with -rdynamic or linking with -export-dynamic, we can remove the
external vomsfix library and instead include the missing symbols internally.


------------------------------------------------------------------------
r1841 | msalle | 2010-07-07 16:44:31 +0200 (wo, 07 jul 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/mkgltempdir/mkgltempdir

Updating license & copyright

------------------------------------------------------------------------
r1840 | msalle | 2010-07-07 15:56:07 +0200 (wo, 07 jul 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/wrap-env-var/glexec_unwrapenv.pl
   M /trunk/grid-mw-security/glexec/util/wrap-env-var/glexec_wrap.sh
   M /trunk/grid-mw-security/glexec/util/wrap-env-var/glexec_wrapenv.pl

Adding copyright & license


------------------------------------------------------------------------
r1839 | msalle | 2010-07-06 16:50:03 +0200 (di, 06 jul 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_from_source.sh
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.voms2.sh

Adding the EES


------------------------------------------------------------------------
r1838 | msalle | 2010-07-06 16:33:48 +0200 (di, 06 jul 2010) | 5 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c
   A /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/vomsfix.c

Moving the voms dirty hack fixes to a separate c file.
By compiling those into a dynamic library we use it at build time and
prevent the missing symbols even without linking/loading LCAS.


------------------------------------------------------------------------
r1837 | msalle | 2010-07-06 14:24:17 +0200 (di, 06 jul 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

Fix for specifying -s twice (it closed stderr...).


------------------------------------------------------------------------
r1836 | msalle | 2010-07-06 11:45:31 +0200 (di, 06 jul 2010) | 6 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

- fix bug for optind: only decrease for -l and -L when no options were given.
- do proper cast at dlsym
- default: no external headers.
- define dummy getMajorVersionNumber() etc. to fix bug with VOMS


------------------------------------------------------------------------
r1835 | msalle | 2010-07-06 10:54:36 +0200 (di, 06 jul 2010) | 6 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

- re-typedef-fing lcas_request_t
- almost re-typedef-fing lcmaps_account_t
- making both easily switchable between using the local typedef, or using the
  header file.


------------------------------------------------------------------------
r1834 | msalle | 2010-07-06 10:46:56 +0200 (di, 06 jul 2010) | 5 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

Added more help text:
- includes warnings on unset variables
- these can partially be suppressed using the new option -q.


------------------------------------------------------------------------
r1833 | msalle | 2010-07-05 17:37:40 +0200 (ma, 05 jul 2010) | 5 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli
   A /trunk/grid-mw-security/glexec/util/lcaslcmaps_getaccount_cli/lcaslcmaps_getaccount_cli.c

Adding a demo LCAS/LCMAPS get account command line program, which mimics the
behaviour of gLExec and can be used to debug the LCAS and LCMAPS config files
setup.


------------------------------------------------------------------------
r1831 | msalle | 2010-06-30 18:00:06 +0200 (wo, 30 jun 2010) | 2 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.voms2.sh

Adding test version for VOMS API version 2

------------------------------------------------------------------------
r1830 | msalle | 2010-06-30 17:06:07 +0200 (wo, 30 jun 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_from_source.sh
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh

Update for the new gsoap-from-tarball construction (in saml2_xacml2_c_lib)

------------------------------------------------------------------------
r1822 | msalle | 2010-06-29 17:48:23 +0200 (di, 29 jun 2010) | 2 lines
Changed paths:
   D /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.dev.sh

File is now the current glexec_globus_from_source.sh

------------------------------------------------------------------------
r1821 | msalle | 2010-06-29 17:06:11 +0200 (di, 29 jun 2010) | 4 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_from_source.sh
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh

Move towards the new modular scripts, which can build all or just a few
components.


------------------------------------------------------------------------
r1819 | msalle | 2010-06-25 16:24:49 +0200 (vr, 25 jun 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.dev.sh

Fixing type in deps for lcas_plugins_voms

------------------------------------------------------------------------
r1818 | msalle | 2010-06-25 15:48:34 +0200 (vr, 25 jun 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.dev.sh

fix temporary directory locations...

------------------------------------------------------------------------
r1817 | msalle | 2010-06-25 15:47:30 +0200 (vr, 25 jun 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.dev.sh

Fix for unset globus flavour...


------------------------------------------------------------------------
r1816 | msalle | 2010-06-25 15:03:25 +0200 (vr, 25 jun 2010) | 3 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.dev.sh

Adding the magic script...


------------------------------------------------------------------------
r1811 | msalle | 2010-06-23 21:05:22 +0200 (wo, 23 jun 2010) | 8 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_from_source.sh
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh

Adding:
    LCMAPS plugins-afs
    LCMAPS plugins-gums
    SCAS
    LCAS-LCMAPS GT4-interface
The GT4 interface needs two extra build targets for globus (only when from
source).

------------------------------------------------------------------------
r1790 | msalle | 2010-06-18 14:23:05 +0200 (vr, 18 jun 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_from_source.sh
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh

Adding lcas-plugins-voms and its dependency GridSite core

------------------------------------------------------------------------
r1789 | msalle | 2010-06-18 12:13:19 +0200 (vr, 18 jun 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_from_source.sh

- build.common-cpp can use HEAD now (=3_2_8_1)

------------------------------------------------------------------------
r1788 | msalle | 2010-06-18 12:11:10 +0200 (vr, 18 jun 2010) | 2 lines
Changed paths:
   D /trunk/grid-mw-security/glexec/util/glexec_from_source/common-cpp_gt5.patch

- GT5 patch is no longer needed, thanks to Eamonn Kenny fixing build.common-cpp!

------------------------------------------------------------------------
r1787 | msalle | 2010-06-18 12:03:38 +0200 (vr, 18 jun 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh

Adding locations (commented out) for GT5


------------------------------------------------------------------------
r1786 | msalle | 2010-06-17 21:21:37 +0200 (do, 17 jun 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_from_source.sh
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh

- fix -rpath option, not clear why it worked in the first place... Now should be
  ok for Darwin!

------------------------------------------------------------------------
r1785 | msalle | 2010-06-17 17:57:05 +0200 (do, 17 jun 2010) | 4 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/common-cpp_gt5.patch

Adding patch for org.glite.build.common-cpp/m4/globus.m4 to correctly detect
Globus Toolkit 5.


------------------------------------------------------------------------
r1753 | msalle | 2010-06-10 16:47:28 +0200 (do, 10 jun 2010) | 3 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh

Re-enabled wget of globus tarball


------------------------------------------------------------------------
r1752 | msalle | 2010-06-10 16:43:43 +0200 (do, 10 jun 2010) | 10 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_from_source.sh
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh

Heavily reworked the glexec-from-source scripts:
- all builds are done via functions in order to allow the conditional builds,
  see next point.
- all builds are conditional: when they are bound to fail, due to missing
  dependencies don't build.
- a grand overview of the results is only presented at the end, specifying
  SUCCESS, FAILED, or MISSING DEPENDENCIES (=hasn't built)
- use wget+tar instead of cvs co


------------------------------------------------------------------------
r1742 | msalle | 2010-06-04 14:26:35 +0200 (vr, 04 jun 2010) | 2 lines
Changed paths:
   M /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_from_source.sh
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_globus_from_source.sh

Adding second script which ALSO builds globus from tarball!

------------------------------------------------------------------------
r1741 | msalle | 2010-06-04 10:26:18 +0200 (vr, 04 jun 2010) | 4 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/glexec_from_source
   A /trunk/grid-mw-security/glexec/util/glexec_from_source/glexec_from_source.sh

Adding build script to build gLExec and its gLite dependencies from the CVS
sources.


------------------------------------------------------------------------
r416 | okoeroo | 2009-06-10 09:58:56 +0200 (wo, 10 jun 2009) | 1 line
Changed paths:
   M /trunk/grid-mw-security/glexec/util/wrap-env-var/glexec_unwrapenv.pl
   M /trunk/grid-mw-security/glexec/util/wrap-env-var/glexec_wrapenv.pl

Updated intended usage section in the scripts
------------------------------------------------------------------------
r410 | okoeroo | 2009-06-09 20:11:24 +0200 (di, 09 jun 2009) | 3 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/README_glexecwrappers

Adding README file to the repo


------------------------------------------------------------------------
r408 | okoeroo | 2009-06-09 20:00:56 +0200 (di, 09 jun 2009) | 3 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/glexec_warp.sh

Adding symlink (can svn do this nicely)


------------------------------------------------------------------------
r407 | okoeroo | 2009-06-09 19:59:48 +0200 (di, 09 jun 2009) | 4 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/glexec_wrap.sh

Adding the wrapper scripts, that wraps the environment variables wrapper and unwrapper scripts for gLExec



------------------------------------------------------------------------
r389 | okoeroo | 2009-06-04 11:27:14 +0200 (do, 04 jun 2009) | 3 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/old
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/old/unwrap-wrap-glexec-env.sh (from /trunk/grid-mw-security/glexec/util/wrap-env-var/unwrap-wrap-glexec-env.sh:365)
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/old/wrap-wrap-glexec-env.sh (from /trunk/grid-mw-security/glexec/util/wrap-env-var/wrap-wrap-glexec-env.sh:365)
   D /trunk/grid-mw-security/glexec/util/wrap-env-var/unwrap-wrap-glexec-env.sh
   D /trunk/grid-mw-security/glexec/util/wrap-env-var/wrap-wrap-glexec-env.sh

Moved my shell script solutions.


------------------------------------------------------------------------
r388 | okoeroo | 2009-06-04 11:25:29 +0200 (do, 04 jun 2009) | 4 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/glexec_unwrapenv.pl
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/glexec_wrapenv.pl

Added the wrap and unwrap scripts from Jan Just which are using Perl to shine the light.



------------------------------------------------------------------------
r365 | okoeroo | 2009-06-01 19:36:42 +0200 (ma, 01 jun 2009) | 4 lines
Changed paths:
   A /trunk/grid-mw-security/glexec/util/wrap-env-var
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/unwrap-wrap-glexec-env.sh
   A /trunk/grid-mw-security/glexec/util/wrap-env-var/wrap-wrap-glexec-env.sh

Adding my gLExec environment variables wrap and unwrap scripts a pilot job framework examples.



------------------------------------------------------------------------
r31 | davidg | 2008-12-19 09:18:56 +0100 (vr, 19 dec 2008) | 2 lines
Changed paths:
   A /branches
   D /grid-mw-security
   D /nl.nikhef.ndpf.tools
   A /tags
   A /trunk
   A /trunk/grid-mw-security (from /grid-mw-security:16)
   A /trunk/nl.nikhef.ndpf.tools (from /nl.nikhef.ndpf.tools:26)
   A /trunk/nl.nikhef.ndpf.tools/nikhef-directory-schema (from /nl.nikhef.ndpf.tools/nikhef-directory-schema:30)
   A /trunk/nl.nikhef.ndpf.tools/sccswhat (from /nl.nikhef.ndpf.tools/sccswhat:30)

Created convention

------------------------------------------------------------------------
r16 | davidg | 2008-04-11 03:46:16 +0200 (vr, 11 apr 2008) | 2 lines
Changed paths:
   M /grid-mw-security/glexec/util/mkgltempdir/mkgltempdir

Escaped the TMPDIR in the hel text

------------------------------------------------------------------------
r15 | davidg | 2008-04-10 11:01:14 +0200 (do, 10 apr 2008) | 2 lines
Changed paths:
   M /grid-mw-security/glexec/util/mkgltempdir/mkgltempdir
   D /grid-mw-security/glexec/util/mkgltempdir/test.txt
   D /grid-mw-security/glexec/util/mkgltempdir/test2.txt

error message logging repaired

------------------------------------------------------------------------
r14 | davidg | 2008-04-10 10:41:26 +0200 (do, 10 apr 2008) | 2 lines
Changed paths:
   A /grid-mw-security/glexec/util/mkgltempdir/test2.txt

Added

------------------------------------------------------------------------
r13 | davidg | 2008-04-10 10:28:40 +0200 (do, 10 apr 2008) | 2 lines
Changed paths:
   A /grid-mw-security/glexec/util/mkgltempdir/test.txt

test

------------------------------------------------------------------------
r12 | davidg | 2008-04-10 10:24:47 +0200 (do, 10 apr 2008) | 2 lines
Changed paths:
   M /grid-mw-security/glexec/util/mkgltempdir/mkgltempdir

Keywords expanded

------------------------------------------------------------------------
r11 | davidg | 2008-04-10 10:23:30 +0200 (do, 10 apr 2008) | 2 lines
Changed paths:
   A /grid-mw-security/glexec/util/mkgltempdir
   A /grid-mw-security/glexec/util/mkgltempdir/mkgltempdir

Migrated from CVS

------------------------------------------------------------------------
r10 | davidg | 2008-04-10 10:20:09 +0200 (do, 10 apr 2008) | 2 lines
Changed paths:
   M /grid-mw-security/glexec/util/sutest/sutest.c

keywords added

------------------------------------------------------------------------
r9 | davidg | 2008-04-10 10:17:04 +0200 (do, 10 apr 2008) | 2 lines
Changed paths:
   M /grid-mw-security/glexec/util/sutest/sutest.c

trigger update

------------------------------------------------------------------------
r8 | davidg | 2008-04-10 10:15:41 +0200 (do, 10 apr 2008) | 2 lines
Changed paths:
   M /grid-mw-security/glexec/util/sutest/sutest.c

trigger commit only

------------------------------------------------------------------------
r7 | davidg | 2008-04-10 10:11:31 +0200 (do, 10 apr 2008) | 2 lines
Changed paths:
   A /grid-mw-security
   A /grid-mw-security/glexec
   A /grid-mw-security/glexec/util
   A /grid-mw-security/glexec/util/sutest
   A /grid-mw-security/glexec/util/sutest/sutest.c

Migrated from CVS

------------------------------------------------------------------------


Revision 15835 - Directory Listing
Modified Tue Jan 10 08:29:49 2012 UTC (9 years, 9 months ago) by okoeroo
Nothing but code style.




Revision 15834 - Directory Listing
Modified Mon Jan 9 15:00:06 2012 UTC (9 years, 9 months ago) by msalle
Add further clarifications about why the X509_STORE_* functions should not be
called.


Revision 15833 - Directory Listing
Modified Mon Jan 9 14:06:31 2012 UTC (9 years, 9 months ago) by msalle
Fixing invalid read. It seems we initialized the CA dirs twice. Once with
X509_STORE_load_locations and once with X509_LOOKUP_add_dir.


Revision 15832 - Directory Listing
Modified Mon Jan 9 13:14:44 2012 UTC (9 years, 9 months ago) by msalle
Cleanup evp_pkey and initialize entire struct tm to zero.


Revision 15831 - Directory Listing
Modified Thu Jan 5 10:40:08 2012 UTC (9 years, 9 months ago) by okoeroo
forgot an integer.



Revision 15830 - Directory Listing
Modified Thu Jan 5 10:39:11 2012 UTC (9 years, 9 months ago) by okoeroo
Now explcitly copies the pgid and sgid lists. The caller need to free the lists.




Revision 15829 - Directory Listing
Modified Thu Jan 5 09:45:45 2012 UTC (9 years, 9 months ago) by msalle
Fix double call to lcmaps_cred_to_x509_chain() which caused extensive memleak.


Revision 15828 - Directory Listing
Modified Wed Jan 4 14:39:09 2012 UTC (9 years, 9 months ago) by msalle
Further remove remaining fprintf's


Revision 15827 - Directory Listing
Modified Wed Jan 4 14:35:28 2012 UTC (9 years, 9 months ago) by msalle
remove unused variable


Revision 15826 - Directory Listing
Modified Wed Jan 4 14:32:25 2012 UTC (9 years, 9 months ago) by msalle
Cleanup of code (in particular use of LCMAPS_POLICY_NAME):
- don't use a default policy name, but parse all when none is given. This was
  already the behaviour when LCMAPS_POLICY_NAME=="" (and as such used by
  gLExec).
- harden tokenize routine to prevent potential segfaults
- replace fprintf(stderr with lcmaps_log(LOG_ERR
- allow more than one policy for lcmaps_return_poolindex
- log on LOG_INFO which policy is being evaluated.


Revision 15825 - Directory Listing
Modified Wed Jan 4 11:29:07 2012 UTC (9 years, 9 months ago) by msalle
Fix call of tokenize function (should call new name).


Revision 15824 - Directory Listing
Modified Wed Jan 4 11:28:25 2012 UTC (9 years, 9 months ago) by msalle
Fix name of policy_tokenize function and make it static



Revision 15823 - Directory Listing
Modified Wed Jan 4 11:14:49 2012 UTC (9 years, 9 months ago) by msalle
Fix name clash in define between verify and return interfaces.


Revision 15822 - Directory Listing
Modified Tue Jan 3 16:07:05 2012 UTC (9 years, 9 months ago) by msalle
Fix debug and error messages in lcmaps_credential_store_gss_cred_id_t_and_sub_elements(), since they got mixed up.


Revision 15821 - Directory Listing
Modified Tue Jan 3 15:26:13 2012 UTC (9 years, 9 months ago) by msalle
Fix tokenizing code.


Revision