/[pdpsoft]/trunk/grid-mw-security/ees/plugin_examples/localaccount/src/localaccount.c
ViewVC logotype

Contents of /trunk/grid-mw-security/ees/plugin_examples/localaccount/src/localaccount.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2141 - (show annotations) (download) (as text)
Fri Jan 14 14:41:18 2011 UTC (11 years, 8 months ago) by aramv
File MIME type: text/x-chdr
File size: 15668 byte(s)
Fixed crash bug by not trying to dereference bogus pointer
1 #include "eef_plugin.h"
2 #include "gridmapfile.h"
3 #include "gridmapdir.h"
4 #include <getopt.h>
5 #include <stdio.h>
6 #include <stdlib.h>
7 #include <pwd.h>
8 #include <sys/stat.h>
9
10 EES_PL_RC set_var_as_string(const char* name, char* value);
11 EES_PL_RC set_var_as_int(const char* name, int value);
12 EES_PL_RC set_var_as_void_p(const char* name, void* value, size_t size);
13 char* get_var_as_string(char* name);
14 int get_var_as_int(char* name);
15 void* get_var_as_void_p(char* name);
16 char* dn_to_username(char* _dn);
17 char* find_in_mappings(const char* string, gridmap_list_t *_mappings);
18
19 EES_PL_RC plugin_initialize(int argc, char* argv[]){
20 int option_index, c; /* getopt */
21
22 char* _obligation_name = NULL; /* obligation name to create */
23 char* _attribute_user = NULL; /* attribute name for user */
24 char* _attribute_group = NULL; /* attribute name for group */
25
26 char* _gridmapfile = NULL; /* path to gridmapfile */
27 char* _gridmapdir = NULL; /* path to gridmapdir */
28
29 struct stat _gridmapfile_stat; /* stat() structs to check existence of gridmapfile */
30 struct stat _gridmapdir_stat; /* stat() structs to check existence of gridmapdir */
31
32 char* _mapping_attribute = NULL; /* which field to retrieve DN from */
33
34 int _use_usernames = 0; /* wheter to use username strings. uses uid strings otherwise */
35 int _use_pool = 0; /* use pool accounts from gridmapdir */
36
37 int _retval = 0;
38 gridmap_list_t *_mappings = NULL;
39
40 static struct option long_options[] = /* options */
41 {
42 /*{"gridmap", required_argument, 0, 'g'},*/
43 {"gridmapfile", required_argument, 0, 'f'},
44 {"gridmapdir" , required_argument, 0, 'd'},
45 {"mapattrib", required_argument, 0, 'm'},
46 {"obligation", required_argument, 0, 'o'},
47 {"attribute_u", required_argument, 0, 'u'},
48 {"attribute_g", required_argument, 0, 'g'},
49 {"strings", no_argument, 0, 'n'},
50 {"pool", no_argument, 0, 'p'}
51 };
52
53 EEF_log(LOG_DEBUG, "%s: Initializing localaccount plugin!\n", EEF_getRunningPluginName());
54
55 opterr = 0;
56 optind = 0;
57
58 /* parse options */
59 while(1){
60 c = getopt_long_only(argc, argv, "", long_options, &option_index);
61 if(c == -1){
62 break;
63 }
64 switch(c){
65 case 'f':
66 if((_gridmapfile = strdup(optarg)) == NULL){
67 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
68 }
69 break;
70 case 'd':
71 if((_gridmapdir = strdup(optarg)) == NULL){
72 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
73 }
74 break;
75 case 'm':
76 if((_mapping_attribute = strdup(optarg)) == NULL){
77 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
78 }
79 break;
80 case 'o':
81 if((_obligation_name = strdup(optarg)) == NULL){
82 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
83 }
84 break;
85 case 'u':
86 if((_attribute_user = strdup(optarg)) == NULL){
87 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
88 }
89 break;
90 case 'g':
91 if((_attribute_group = strdup(optarg)) == NULL){
92 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
93 }
94 break;
95 case 'n':
96 _use_usernames = 1;
97 break;
98 case 'p':
99 _use_pool = 1;
100 break;
101 case '?':
102 EEF_log(LOG_ERR, "%s: unkown option %s", EEF_getRunningPluginName(), optarg);
103 break;
104 case ':':
105 EEF_log(LOG_ERR, "%s: missing argument for %s", EEF_getRunningPluginName(), optarg);
106 break;
107 }
108 }
109
110 if(_gridmapfile){
111 /* check if path to gridmapfile exists */
112 if(stat(_gridmapfile, &_gridmapfile_stat) != 0){
113 EEF_log(LOG_ERR, "Unable to stat gridmapfile (%s): %s\n", _gridmapfile, strerror(errno));
114 return EES_PL_FAILURE;
115 }
116 }
117
118 if(_gridmapdir){
119 /* check if path to gridmapdir exists */
120 if(stat(_gridmapdir, &_gridmapdir_stat) != 0){
121 EEF_log(LOG_ERR, "Unable to stat gridmapdir (%s): %s\n", _gridmapdir, strerror(errno));
122 return EES_PL_FAILURE;
123 }
124 }
125
126 _retval = parse_gridmapfile(_gridmapfile, &_mappings);
127
128 /* look up DN in gridmapfile */
129 if(_retval == 0){
130 set_var_as_void_p("gridmappings", &_mappings, sizeof(void*));
131 } else {
132 switch(_retval){
133 case -1:
134 EEF_log(LOG_ERR, "%s: Unable to parse gridmapfile: %s - I/O error (file may have changed during access)\n", EEF_getRunningPluginName(), _gridmapfile);
135 break;
136 case -2:
137 EEF_log(LOG_ERR, "%s: Unable to parse gridmapfile: %s - privilege-drop error\n", EEF_getRunningPluginName(), _gridmapfile);
138 break;
139 case -3:
140 EEF_log(LOG_ERR, "%s: Unable to parse gridmapfile: %s - permission error (untrusted path)\n", EEF_getRunningPluginName(), _gridmapfile);
141 break;
142 case -4:
143 EEF_log(LOG_ERR, "%s: Unable to parse gridmapfile: %s - memory error \n", EEF_getRunningPluginName(), _gridmapfile);
144 break;
145 case -5:
146 EEF_log(LOG_ERR, "%s: Unable to parse gridmapfile: %s - unknown or safefile error \n", EEF_getRunningPluginName(), _gridmapfile);
147 break;
148 default:
149 EEF_log(LOG_ERR, "%s: Unable to parse gridmapfile: %s - mysterious unknown error \n", EEF_getRunningPluginName(), _gridmapfile);
150 break;
151 }
152 return EES_PL_FAILURE;
153 }
154
155 /* save state to AOS */
156 set_var_as_string("user_attribute", _attribute_user);
157 set_var_as_string("group_attribute", _attribute_group);
158 set_var_as_string("obligation_name", _obligation_name);
159 set_var_as_string("gridmapfile", _gridmapfile);
160 set_var_as_string("gridmapdir", _gridmapdir);
161 set_var_as_string("mappingattr", _mapping_attribute);
162 set_var_as_int("use_pool", _use_pool);
163 set_var_as_int("use_usernames", _use_usernames);
164 aos_dump_argslist();
165
166 return EES_PL_SUCCESS;
167 }
168
169 EES_PL_RC plugin_run(){
170 aos_context_t *_context = NULL;
171 aos_attribute_t *_tmp_attr = NULL;
172
173 aos_attribute_t *_uid_attr = NULL;
174 aos_attribute_t *_gid_attr = NULL;
175
176 char *_dn = NULL;
177
178 char *_uid_str = NULL;
179 char *_gid_str = NULL;
180
181 char *_user_name = NULL;
182 char *_attribute_user = NULL;
183 char *_attribute_group = NULL;
184 char *_obligation_name = NULL;
185
186 char *_gridmapdir = NULL;
187
188 char *_mapping_attribute = NULL;
189 int _use_usernames = 0;
190 int _use_pool = 0;
191 char *_cmp_attr_id = NULL;
192 struct passwd _tmp_pwd_s;
193
194 EEF_log(LOG_INFO, "Running %s\n", EEF_getRunningPluginName());
195
196 /* populate fields */
197 _attribute_user = get_var_as_string("user_attribute");
198 _attribute_group = get_var_as_string("group_attribute");
199 _obligation_name = get_var_as_string("obligation_name");
200 _mapping_attribute = get_var_as_string("mappingattr");
201
202 _use_usernames = get_var_as_int("use_usernames");
203 _use_pool = get_var_as_int("use_pool");
204
205 /* fetch DN (subject-x509-id) */
206 rewindContexts(NULL);
207 while((_context = getNextContext(SUBJECT, NULL))){
208 rewindAttributes(_context);
209 while((_tmp_attr = getNextAttribute(_context))){
210 _cmp_attr_id = getAttributeId(_tmp_attr);
211 if(_cmp_attr_id && _mapping_attribute){
212 if(strcmp(_cmp_attr_id, _mapping_attribute) == 0){
213 _dn = getAttributeValueAsString(_tmp_attr);
214 }
215 }
216 }
217 }
218
219 aos_dump_argslist();
220
221 /* check if a DN was found */
222 if(_dn == NULL){
223 EEF_log(LOG_ERR, "%s: No DN found!\n", EEF_getRunningPluginName());
224 return EES_PL_FAILURE;
225 } else {
226 _user_name = dn_to_username(_dn);
227 }
228
229 if(_user_name == NULL){
230 EEF_log(LOG_ERR, "%s: Unable to find local mapping for DN \"%s\"\n", EEF_getRunningPluginName(), _dn);
231 return EES_PL_FAILURE;
232 } else {
233 EEF_log(LOG_ERR, "%s: Found mapping for DN \"%s\": account \"%s\"\n", EEF_getRunningPluginName(), _dn, _user_name);
234 }
235
236 /* TODO add secondary GIDs */
237
238 if(_use_usernames){
239 /* username as string */
240 _uid_str = _user_name;
241 } else {
242 /* username as uid */
243 asprintf(&_uid_str, "%llu", (long long unsigned int) uid_from_user_name(_user_name));
244 }
245
246 EEF_log(LOG_INFO, "Adding obligations for uid %s and gid %s\n", _uid_str, _gid_str);
247
248 /* add obligation for new uid-gid */
249
250 if((_context = createContext(OBLIGATION)) != NULL){
251 setContextObligationId(_context, _obligation_name);
252 if((_uid_attr = createAttribute())){
253 setAttributeId( _uid_attr, _attribute_user);
254 setAttributeValue(_uid_attr, _uid_str, strlen(_uid_str)+1);
255 addAttribute(_context, _uid_attr);
256 free(_uid_str);
257 }
258
259 if(_gid_str){
260 if((_gid_attr = createAttribute())){
261 setAttributeId( _gid_attr, _attribute_group);
262 setAttributeValue(_gid_attr, _gid_str, strlen(_gid_str)+1);
263 addAttribute(_context, _gid_attr);
264 }
265 free(_gid_str);
266 }
267
268 addContext(_context);
269 return EES_PL_SUCCESS;
270 }
271
272 return EES_PL_FAILURE;
273 }
274
275 char* dn_to_username(char* _dn){
276 char *_gridmapfile = get_var_as_string("gridmapfile");
277 char *_gridmapdir = get_var_as_string("gridmapdir");
278 int _use_pool = get_var_as_int("use_pool");
279 char *_single_user_name = NULL;
280 char* _pool_user_name = NULL;
281 gridmap_list_t *_mappings = NULL;
282
283 _mappings = get_var_as_void_p("gridmappings");
284 _gridmapfile = get_var_as_string("gridmapfile");
285 EEF_log(LOG_DEBUG, "Get gridmappings into AOS at %p\n", _mappings);
286 _single_user_name = find_in_mappings(_dn, _mappings);
287
288 if(_use_pool && _single_user_name){
289 /* get pool account from gridmapdir */
290 EEF_log(LOG_DEBUG, "Using gridmapdir. Looking for account in pool %s\n", _single_user_name);
291 if (gridmapdir_userid(_gridmapdir, _dn, _single_user_name, &_pool_user_name, OVERRIDE_INCONSISTANCY) == 0){
292 /* find_in_mapping */
293 free(_single_user_name);
294 _single_user_name = NULL;
295 return _pool_user_name;
296 }
297
298 } else {
299 EEF_log(LOG_DEBUG, "Unable to find local username in gridmapfile %s\n", _gridmapfile);
300 return _single_user_name;
301 }
302
303 return NULL;
304
305 }
306
307 char* find_in_mappings(const char* _dn, gridmap_list_t *_mappings){
308 gridmap_line_t *_mapping_line = find_mapping(_mappings, _dn, MATCH_WILD_CHARS);
309 gridmap_list_t *_tmp_mapping = NULL;
310 char *_found_mapping = NULL;
311 if(_mapping_line){
312 _tmp_mapping = _mappings;
313 while(_tmp_mapping){
314 if(_tmp_mapping->line != NULL){
315 if(_tmp_mapping->line->mappings != NULL){
316 _found_mapping = strdup(_tmp_mapping->line->mappings->value);
317 }
318 }
319 _tmp_mapping= _tmp_mapping->next;
320 }
321 }
322
323 return _found_mapping;
324 }
325
326
327 EES_PL_RC plugin_terminate(){
328 gridmap_list_t *_mappings;
329 _mappings = get_var_as_void_p("gridmappings");
330 gridmap_list_free(_mappings);
331 return EES_PL_SUCCESS;
332 }
333
334 EES_PL_RC set_var_as_string(const char* name, char* value){
335 aos_context_t* context;
336 aos_attribute_t* attribute;
337 char* attribute_name;
338
339 if(value == NULL){
340 /*EEF_log(LOG_ERR, "Value cannot be NULL\n");*/
341 return EES_PL_FAILURE;
342 }
343
344 rewindContexts(NULL);
345 if((context = getNextContext(NONE, NULL)) == NULL){
346 if ((context = createContext (NONE)) != NULL){
347 addContext (context);
348 } else {
349 EEF_log(LOG_ERR, "Unable to get context\n");
350 return EES_PL_FAILURE;
351 }
352 }
353
354 /* store attribute names in AOS for lookup during run */
355 if((attribute = createAttribute())){
356 if(asprintf(&attribute_name, "%s_%s", name, EEF_getRunningPluginName())){
357 setAttributeId( attribute, attribute_name);
358 free(attribute_name);
359 }
360 setAttributeValue(attribute, (void*) value, strlen(value)+1);
361 addAttribute(context, attribute);
362 }
363
364 return EES_PL_SUCCESS;
365 }
366
367
368 EES_PL_RC set_var_as_void_p(const char* name, void* value, size_t size){
369 aos_context_t* context;
370 aos_attribute_t* attribute;
371 char* attribute_name;
372
373 /* store attribute names in AOS for lookup during run */
374
375 rewindContexts(NULL);
376 while((context = getNextContext(NONE, NULL))){
377 if(context){
378 break;
379 }
380 }
381 if(context == NULL){
382 context = createContext (NONE);
383 addContext (context);
384 }
385
386 if(context == NULL){
387 EEF_log(LOG_ERR, "Unable to get context\n");
388 return EES_PL_FAILURE;
389 }
390
391 if((attribute = createAttribute())){
392 if(asprintf(&attribute_name, "%s_%s", name, EEF_getRunningPluginName())){
393 setAttributeId( attribute, attribute_name);
394 free(attribute_name);
395 }
396 setAttributeValue(attribute, value, size);
397 addAttribute(context, attribute);
398 }
399 return EES_PL_SUCCESS;
400 }
401
402 EES_PL_RC set_var_as_int(const char* name, int value){
403 aos_context_t* context;
404 aos_attribute_t* attribute;
405 char* attribute_name;
406
407 /* store attribute names in AOS for lookup during run */
408
409 rewindContexts(NULL);
410 while((context = getNextContext(NONE, NULL))){
411 if(context){
412 break;
413 }
414 }
415 if(context == NULL){
416 context = createContext (NONE);
417 addContext (context);
418 }
419
420 if(context == NULL){
421 EEF_log(LOG_ERR, "Unable to get context\n");
422 return EES_PL_FAILURE;
423 }
424
425 if((attribute = createAttribute())){
426 if(asprintf(&attribute_name, "%s_%s", name, EEF_getRunningPluginName())){
427 setAttributeId( attribute, attribute_name);
428 free(attribute_name);
429 }
430 setAttributeValue(attribute, &value, sizeof(int));
431 addAttribute(context, attribute);
432 }
433 return EES_PL_SUCCESS;
434 }
435
436 char* get_var_as_string(char* name){
437 char* localname;
438 aos_context_t * context;
439 aos_attribute_t* attribute;
440
441 asprintf(&localname, "%s_%s", name, EEF_getRunningPluginName());
442
443 rewindContexts(NULL);
444 while((context = getNextContext(NONE, NULL))){
445 rewindAttributes(context);
446 while((attribute = getNextAttribute(context))){
447 if(strcmp(getAttributeId(attribute), localname) == 0){
448 free(localname);
449 return getAttributeValueAsString(attribute);
450 }
451 }
452 }
453 free(localname);
454 return NULL;
455 }
456
457 int get_var_as_int(char* name){
458 char* localname;
459 aos_context_t * context;
460 aos_attribute_t* attribute;
461
462 /* Free this */
463 asprintf(&localname, "%s_%s", name, EEF_getRunningPluginName());
464
465 rewindContexts(NULL);
466 while((context = getNextContext(NONE, NULL))){
467 rewindAttributes(context);
468 while((attribute = getNextAttribute(context))){
469 if(strcmp(getAttributeId(attribute), localname) == 0){
470 free(localname);
471 if(attribute){
472 return getAttributeValueAsInt(attribute);
473 }
474 }
475 }
476 }
477 free(localname);
478 return -1;
479 }
480
481 void* get_var_as_void_p(char* name){
482 char* localname;
483 aos_context_t * context;
484 aos_attribute_t* attribute;
485
486 /* Free this */
487 asprintf(&localname, "%s_%s", name, EEF_getRunningPluginName());
488
489 rewindContexts(NULL);
490 while((context = getNextContext(NONE, NULL))){
491 rewindAttributes(context);
492 while((attribute = getNextAttribute(context))){
493 if(strcmp(getAttributeId(attribute), localname) == 0){
494 free(localname);
495 return *((void**) getAttributeValueAsVoidPointer(attribute));
496 }
497 }
498 }
499 free(localname);
500 return NULL;
501 }
502

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28