00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00049
00050
00051
00052 #include "lcas_config.h"
00053 #include <stdio.h>
00054 #include <stdlib.h>
00055 #include <string.h>
00056
00057 #if HAVE_MALLOC_H
00058 # include <malloc.h>
00059 #endif
00060
00061
00062 #if HAVE_DLFCN_H
00063 # include <dlfcn.h>
00064 #endif
00065
00066 #include <gssapi.h>
00067
00068
00069 #include "lcas_types.h"
00070 #include "_lcas_utils.h"
00071 #include "_lcas_defines.h"
00072 #include "_lcas_log.h"
00073 #include "_lcas_db_read.h"
00074
00075
00076
00077
00078
00079
00080 #ifndef NUL
00081 #define NUL '\0'
00082 #endif
00083
00084
00085 #define MAXAUTHMODS 3
00086 #define MAXPROCS 3
00088
00089
00090
00091 #define FAILED_LCAS_USERALLOW 1
00093 #define FAILED_LCAS_USERBAN 2
00095 #define FAILED_LCAS_CLOCKCHECK 3
00097 #define FAILED_LCAS_OTHER 4
00098 #define FAILED_LCAS_PLUGIN 5
00101 #ifndef APIMAJORVERSION
00102 # define APIMAJORVERSION -1
00103 #endif
00104 #ifndef APIMINORVERSION
00105 # define APIMINORVERSION -1
00106 #endif
00107 #ifndef APIPATCHVERSION
00108 # define APIPATCHVERSION -1
00109 #endif
00110
00111
00112
00113
00119 enum lcas_proctype_e
00120 {
00121 INITPROC,
00122 AUTHPROC,
00123 TERMPROC,
00124 ENDOFPROCS
00125 };
00126
00132 typedef int (*lcas_proc_t)();
00133
00144 typedef struct lcas_plugindl_s
00145 {
00146 void * handle;
00147 lcas_proc_t procs[MAXPROCS];
00148 char pluginname[LCAS_MAXPATHLEN+1];
00149 char pluginargs[LCAS_MAXARGSTRING+1];
00150 int argc;
00151 char * argv[LCAS_MAXARGS];
00152 struct lcas_plugindl_s * next;
00153 }
00154 lcas_plugindl_t;
00155
00156
00157
00158
00159 static lcas_plugindl_t * PluginInit(lcas_db_entry_t *, lcas_plugindl_t **);
00160 static lcas_proc_t get_procsymbol(void *, char *);
00161 static int print_lcas_plugin(int, lcas_plugindl_t *);
00162 static int parse_args_plugin(const char *, const char *, char **, int *);
00163 static int clean_plugin_list(lcas_plugindl_t **);
00164
00165
00166
00167
00168 static lcas_cred_id_t lcas_cred;
00169 static int lcas_initialized = 0;
00170 static char * lcas_db_file_default = NULL;
00171 static char * lcas_dir = NULL;
00172 static lcas_plugindl_t * plugin_list = NULL;
00173 static lcas_plugindl_t * authmod_list = NULL;
00174 static char * authmods[MAXAUTHMODS][2] = {
00175 {(char *) NULL, (char *) NULL},
00176 {(char *) NULL, (char *) NULL},
00177 {(char *) NULL, (char *) NULL}
00178 };
00179
00180
00181
00182
00183
00184
00185
00186
00187
00188 int getMajorVersionNumber() { return (int)(APIMAJORVERSION); }
00189 int getMinorVersionNumber() { return (int)(APIMINORVERSION); }
00190 int getPatchVersionNumber() { return (int)(APIPATCHVERSION); }
00191
00192
00193
00194
00195
00196
00197
00198
00199
00200
00201
00202
00203
00204
00205
00206
00207
00208
00209
00210
00211
00212
00213
00214 int lcas_init_and_log(
00215 FILE* fp,
00216 unsigned short logtype
00217 )
00218 {
00219 lcas_db_entry_t ** lcas_db_handle=NULL;
00220 lcas_db_entry_t ** lcas_mod_handle=NULL;
00221 lcas_db_entry_t * lcas_mod_db=NULL;
00222 lcas_db_entry_t lcas_mod_entry;
00223 lcas_db_entry_t * ihandle=NULL;
00224 lcas_plugindl_t * plugin_entry=NULL;
00225 lcas_plugindl_t * authmod_entry=NULL;
00226 char * lcas_db_file=NULL;
00227 int ientry;
00228 int i;
00229
00230 if (lcas_initialized)
00231 {
00232 if (lcas_log(0,"LCAS already initialized\n") != 0)
00233 {
00234 fprintf(stderr,"LCAS already initialized, but wrongly\n");
00235 goto fail_lcas_init_and_log;
00236 }
00237 return 0;
00238 }
00239
00240
00241 if (lcas_log_open(NULL,fp,logtype))
00242 goto fail_lcas_init_and_log;
00243
00244
00245 lcas_log_debug(0,"\n");
00246 lcas_log_time(LOG_DEBUG,"Initialization LCAS version %s\n",VERSION);
00247
00248
00249 lcas_dir = getenv("LCAS_DIR");
00250 lcas_dir = (lcas_dir ? lcas_dir : LCAS_ETC_HOME );
00251 lcas_db_file_default = getenv("LCAS_DB_FILE");
00252 lcas_db_file_default = (lcas_db_file_default ? lcas_db_file_default : "lcas.db" );
00253
00254 lcas_db_file=lcas_genfilename(lcas_dir, lcas_db_file_default, NULL);
00255
00256
00257
00258
00259
00260
00261
00262 lcas_mod_entry.next=NULL;
00263 lcas_mod_handle=&lcas_mod_db;
00264 for (i=0; i < MAXAUTHMODS; ++i)
00265 {
00266 if (authmods[i][0] == NULL) break;
00267 *(lcas_mod_entry.pluginname)=NUL;
00268 *(lcas_mod_entry.pluginargs)=NUL;
00269 if (authmods[i][0] != NULL)
00270 {
00271 strncpy(lcas_mod_entry.pluginname,authmods[i][0],LCAS_MAXPATHLEN);
00272 (lcas_mod_entry.pluginname)[LCAS_MAXPATHLEN]=NUL;
00273 }
00274 if (authmods[i][1] != NULL)
00275 {
00276 strncpy(lcas_mod_entry.pluginargs,authmods[i][1],LCAS_MAXARGSTRING);
00277 (lcas_mod_entry.pluginargs)[LCAS_MAXARGSTRING]=NUL;
00278 }
00279 lcas_log_debug(1,"lcas.mod-lcas_init(): creating db structure for authorization module %s\n",
00280 authmods[i][0]);
00281 if (lcas_db_fill_entry(lcas_mod_handle, &lcas_mod_entry) == NULL)
00282 {
00283 lcas_log(0,"lcas.mod-lcas_init() error: Cannot create standard authorization module (%d-%s) db structure\n",
00284 i,authmods[i][0]);
00285 goto fail_lcas_init_and_log;
00286 }
00287 }
00288
00289
00290
00291
00292
00293
00294 ientry=0;
00295 ihandle=*lcas_mod_handle;
00296 while (ihandle)
00297 {
00298 if (strlen(ihandle->pluginname) > 0)
00299 {
00300 lcas_log_debug(1,"lcas.mod-lcas_init(): initializing standard module %s (db entry %d)\n",
00301 ihandle->pluginname, ientry);
00302 if ((authmod_entry=PluginInit(ihandle,&authmod_list)) == NULL)
00303 {
00304 lcas_log(0,"lcas.mod-lcas_init(): error initializing standard module : %s\n",
00305 ihandle->pluginname);
00306 goto fail_lcas_init_and_log;
00307 }
00308 }
00309 ientry++;
00310 ihandle=ihandle->next;
00311 }
00312
00313
00314
00315
00316
00317 lcas_log_debug(0,"lcas.mod-lcas_init(): Reading LCAS database %s\n",
00318 lcas_db_file);
00319 lcas_db_handle=lcas_db_read(lcas_db_file);
00320 if (lcas_db_handle == NULL)
00321 {
00322 lcas_log(0,"lcas.mod-lcas_init(): Failed to read LCAS database %s\n",
00323 lcas_db_file);
00324 goto fail_lcas_init_and_log;
00325 }
00326
00327
00328
00329
00330
00331 ientry=0;
00332 ihandle=*lcas_db_handle;
00333 while (ihandle)
00334 {
00335 if (strlen(ihandle->pluginname) > 0)
00336 {
00337 lcas_log_debug(1,"lcas.mod-lcas_init(): initializing plugin %s (db entry %d)\n",
00338 ihandle->pluginname, ientry);
00339 if ((plugin_entry=PluginInit(ihandle,&plugin_list)) == NULL)
00340 {
00341 lcas_log(0,"lcas.mod-lcas_init(): error initializing plugin: %s\n",ihandle->pluginname);
00342 goto fail_lcas_init_and_log;
00343 }
00344
00345
00346
00347
00348 authmod_entry=authmod_list;
00349 while (authmod_entry)
00350 {
00351 if ( (strncmp(authmod_entry->pluginname,
00352 plugin_entry->pluginname,
00353 LCAS_MAXPATHLEN) == 0)
00354 )
00355 {
00356 lcas_log(0,"lcas.mod-lcas_init() error: plugin %s already registered as\n",
00357 plugin_entry->pluginname);
00358 lcas_log(0," standard authorization module\n");
00359 goto fail_lcas_init_and_log;
00360 }
00361 authmod_entry=authmod_entry->next;
00362 }
00363
00364 }
00365 ientry++;
00366 ihandle=ihandle->next;
00367 }
00368
00369 authmod_entry=authmod_list;
00370 while (authmod_entry)
00371 {
00372 print_lcas_plugin(2,authmod_entry);
00373 lcas_log_debug(2,"\n");
00374 authmod_entry=authmod_entry->next;
00375 }
00376
00377 plugin_entry=plugin_list;
00378 while (plugin_entry)
00379 {
00380 print_lcas_plugin(2,plugin_entry);
00381 lcas_log_debug(2,"\n");
00382 plugin_entry=plugin_entry->next;
00383 }
00384
00385
00386 if(lcas_db_clean_list(&lcas_mod_db))
00387 {
00388 lcas_log(0,"lcas.mod-lcas_init() error: could not clean up authmod db structure\n");
00389 goto fail_lcas_init_and_log;
00390 }
00391
00392 if (lcas_db_clean())
00393 {
00394 lcas_log(0,"lcas.mod-lcas_init() error: could not clean up plugin db structure\n");
00395 goto fail_lcas_init_and_log;
00396 }
00397
00398
00399 if (lcas_db_file) free(lcas_db_file);
00400 lcas_initialized++;
00401 return 0;
00402
00403 fail_lcas_init_and_log:
00404
00405 lcas_db_clean_list(&lcas_mod_db);
00406 lcas_db_clean();
00407 if (clean_plugin_list(&plugin_list)!=0)
00408 {
00409 lcas_log(0,"lmas.mod-lcas_init() error: could not clean up plugin list\n");
00410 }
00411 if (lcas_db_file) free(lcas_db_file);
00412
00413 return 1;
00414 }
00415
00416
00417
00418
00419
00420
00421
00422
00423
00424
00425
00426
00427
00428
00429 int lcas_init(
00430 FILE* fp
00431 )
00432 {
00433
00434
00435 if (fp)
00436 {
00437 return lcas_init_and_log(fp,DO_USRLOG);
00438 }
00439 else
00440 {
00441 return lcas_init_and_log(NULL,DO_SYSLOG);
00442 }
00443 }
00444
00445
00446
00447
00448
00449
00450
00451
00452
00453
00454
00455
00456
00457
00458
00459
00460
00479 static lcas_plugindl_t * PluginInit(
00480 lcas_db_entry_t * db_handle,
00481 lcas_plugindl_t ** list
00482 )
00483 {
00484 char * name;
00485 #if 0
00486 char * names[5]={NULL,NULL,NULL,NULL,NULL};
00487 #endif
00488 char * pname=NULL;
00489 char * args=NULL;
00490 #if 0
00491 char * db;
00492 char * dbs[5]={NULL,NULL,NULL,NULL,NULL};
00493 char * pdb=NULL;
00494 #endif
00495 void * plugin_handle;
00496 lcas_proc_t plugin_procs[MAXPROCS];
00497 lcas_plugindl_t * pplugin=NULL;
00498 int i;
00499 int retval;
00500
00501 name = db_handle->pluginname;
00502 #if 0
00503 db = db_handle->pluginargs;
00504 #endif
00505 args = db_handle->pluginargs;
00506
00507
00508 #if 0
00509 names[0]=lcas_genfilename(NULL,name,NULL);
00510 names[1]=lcas_genfilename("modules",name,NULL);
00511 names[2]=lcas_genfilename(LCAS_MOD_HOME,name,NULL);
00512 names[3]=lcas_genfilename(LCAS_LIB_HOME,name,NULL);
00513 names[4]=lcas_genfilename(LCAS_ETC_HOME,name,NULL);
00514 pname=lcas_getfexist(5,names[0],
00515 names[1],names[2],
00516 names[3],names[4]
00517 );
00518 #endif
00519 pname = lcas_findfile(name);
00520 if (pname == NULL)
00521 {
00522 lcas_log(0,
00523 "lcas.mod-PluginInit(): plugin %s not found\n",
00524 name
00525 );
00526 goto fail_PluginInit;
00527 }
00528
00529 #if 0
00530
00531 if (strlen(db) > 0)
00532 {
00533 dbs[0]=lcas_genfilename(NULL,db,NULL);
00534 dbs[1]=lcas_genfilename("modules",db,NULL);
00535 dbs[2]=lcas_genfilename(LCAS_ETC_HOME,db,NULL);
00536 dbs[3]=lcas_genfilename(LCAS_MOD_HOME,db,NULL);
00537 dbs[4]=lcas_genfilename(LCAS_LIB_HOME,db,NULL);
00538 pdb=lcas_getfexist(5,dbs[0],
00539 dbs[1],dbs[2],
00540 dbs[3],dbs[4]
00541 );
00542 }
00543 #endif
00544
00545
00546 plugin_handle=dlopen(pname,RTLD_NOW);
00547
00548 if (!plugin_handle)
00549 {
00550 lcas_log(0,"lcas.mod-PluginInit(): dlopen error for %s:\n %s\n",
00551 pname,dlerror()
00552 );
00553 goto fail_PluginInit;
00554 }
00555
00556
00557 for (i=0; i < MAXPROCS; ++i)
00558 {
00559 switch (i)
00560 {
00561 case INITPROC:
00562 plugin_procs[i]=get_procsymbol(plugin_handle,"plugin_initialize");
00563 if (plugin_procs[i] == NULL)
00564 {
00565 lcas_log(0,"lcas.mod-PluginInit(): plugin %s not compliant\n",
00566 name);
00567 lcas_log(0,"lcas.mod-PluginInit(): missing function \"plugin_initialize()\"\n");
00568 goto fail_PluginInit;
00569 }
00570 else
00571 {
00572 lcas_log_debug(2,"lcas.mod-PluginInit(): found \"plugin_initialize()\"\n");
00573 }
00574 break;
00575 case AUTHPROC:
00576 plugin_procs[i]=get_procsymbol(plugin_handle,"plugin_confirm_authorization");
00577 if (plugin_procs[i] == NULL)
00578 {
00579 lcas_log(0,"lcas.mod-PluginInit(): plugin %s not compliant\n",
00580 name);
00581 lcas_log(0,"lcas.mod-PluginInit(): missing function \"plugin_confirm_authorization()\"\n");
00582 goto fail_PluginInit;
00583 }
00584 else
00585 {
00586 lcas_log_debug(2,"lcas.mod-PluginInit(): found \"plugin_confirm_authorization()\"\n");
00587 }
00588 break;
00589 case TERMPROC:
00590 plugin_procs[i]=get_procsymbol(plugin_handle,"plugin_terminate");
00591 if (plugin_procs[i] == NULL)
00592 {
00593 lcas_log(0,"lcas.mod-PluginInit(): plugin %s not compliant\n",
00594 name);
00595 lcas_log(0,"lcas.mod-PluginInit(): missing function \"plugin_terminate()\"\n");
00596 goto fail_PluginInit;
00597 }
00598 else
00599 {
00600 lcas_log_debug(2,"lcas.mod-PluginInit(): found \"plugin_terminate()\"\n");
00601 }
00602 break;
00603 default:
00604
00605 plugin_procs[i]=NULL;
00606 break;
00607 }
00608 }
00609
00610 if (!*list)
00611 {
00612 lcas_log_debug(2,"lcas.mod-PluginInit(): creating first pluginlist entry\n");
00613 *list=pplugin=(lcas_plugindl_t *)malloc(sizeof(lcas_plugindl_t));
00614 }
00615 else
00616 {
00617 lcas_log_debug(2,"lcas.mod-PluginInit(): creating new pluginlist entry\n");
00618 pplugin=*list;
00619 while (pplugin->next) pplugin=pplugin->next;
00620 pplugin=pplugin->next=(lcas_plugindl_t *)malloc(sizeof(lcas_plugindl_t));
00621 }
00622 if (!pplugin)
00623 {
00624 lcas_log(0,"lcas.mod-PluginInit(): error creating new pluginlist entry\n");
00625 goto fail_PluginInit;
00626 }
00627
00628 pplugin->next=NULL;
00629 pplugin->handle=plugin_handle;
00630 for (i=0; i < MAXPROCS; ++i)
00631 pplugin->procs[i]=plugin_procs[i];
00632 if (pname != NULL)
00633 {
00634 strncpy(pplugin->pluginname,pname,LCAS_MAXPATHLEN);
00635 (pplugin->pluginname)[LCAS_MAXPATHLEN]=NUL;
00636 }
00637 else
00638 strncpy(pplugin->pluginname,"",LCAS_MAXPATHLEN);
00639
00640 if (args != NULL)
00641 {
00642 strncpy(pplugin->pluginargs,args,LCAS_MAXARGSTRING);
00643 (pplugin->pluginargs)[LCAS_MAXARGSTRING]=NUL;
00644 }
00645 else
00646 strncpy(pplugin->pluginargs,"",LCAS_MAXARGSTRING);
00647
00648
00649 if (parse_args_plugin(pname,args,pplugin->argv,&(pplugin->argc)) )
00650 {
00651 lcas_log(0,"lcas.mod-PluginInit(): Could not parse arguments for plugin module %s\n",
00652 pname);
00653 goto fail_PluginInit;
00654 }
00655 for (i=0; i < pplugin->argc; ++i)
00656 lcas_log_debug(4,"%s arg %d = %s\n",pname,i,(pplugin->argv)[i]);
00657
00658
00659
00660 #if 0
00661 retval=(*(pplugin->procs[INITPROC]))(pplugin->pluginargs);
00662 #endif
00663 retval=(*(pplugin->procs[INITPROC]))(pplugin->argc,pplugin->argv);
00664 if (retval != LCAS_MOD_SUCCESS )
00665 {
00666 lcas_log(0,"lcas.mod-PluginInit(): \"plugin_initialize()\" failed\n");
00667 goto fail_PluginInit;
00668 }
00669 else
00670 {
00671 lcas_log_debug(2,"lcas.mod-PluginInit(): \"plugin_initialize()\" succeeded\n");
00672 }
00673
00674
00675
00676 if (pname) { free(pname); pname=NULL; }
00677 #if 0
00678 for (i=0; i < 5; ++i)
00679 {
00680 if (names[i]) free(names[i]);
00681 if (dbs[i]) free(dbs[i]);
00682 }
00683 #endif
00684
00685 return pplugin;
00686
00687 fail_PluginInit:
00688 if (pname) { free(pname); pname=NULL; }
00689 #if 0
00690 for (i=0; i < 5; ++i)
00691 {
00692 if (names[i]) free(names[i]);
00693 if (dbs[i]) free(dbs[i]);
00694 }
00695 #endif
00696 return NULL;
00697 }
00698
00699
00700
00701
00702
00703
00704
00705
00706
00707
00708
00709
00710
00711
00712
00731 static int parse_args_plugin(
00732 const char * name,
00733 const char * argstring,
00734 char ** xargv,
00735 int * xargc
00736 )
00737 {
00738 int len=0;
00739 int i;
00740 int rc;
00741
00742
00743 len=strlen(name);
00744 if ( (len > 0) && (len < LCAS_MAXPATHLEN) )
00745 {
00746 xargv[0]=(char *)malloc(len+1);
00747 if (xargv[0] != NULL)
00748 strncpy(xargv[0],name,len+1);
00749 else
00750 return 1;
00751 }
00752
00753 *xargc=LCAS_MAXARGS-1;
00754 if ( (rc=lcas_tokenize(argstring, &xargv[1], xargc, " \t\n")) )
00755 {
00756 lcas_log(0,"lcas.mod-parse_args_plugin(): something wrong parsing arguments of %s, rc=%d\n",
00757 name, rc);
00758 (*xargc)++;
00759 return 1;
00760 }
00761 (*xargc)++;
00762 lcas_log_debug(3,"lcas.mod-parse_args_plugin(): Found %d arguments:\n", *xargc);
00763 for (i=0; i < *xargc; i++)
00764 lcas_log_debug(3,"lcas.mod-parse_args_plugin(): %d --> %s\n", i, xargv[i]);
00765
00766 return 0;
00767 }
00768
00769
00770
00771
00772
00773
00774
00775
00776
00777
00778
00779
00780
00792 static lcas_proc_t get_procsymbol(
00793 void * handle,
00794 char * symname
00795 )
00796 {
00797 lcas_proc_t symhandle;
00798 char *error;
00799
00800 symhandle=dlsym(handle,symname);
00801 if ((error = dlerror()) != NULL)
00802 {
00803 lcas_log(0,"lcas.mod-get_procsymbol(): dlsym error: %s",error);
00804 return NULL;
00805 }
00806 return symhandle;
00807 }
00808
00809
00810
00811
00812
00813
00814
00815
00816
00817
00818
00819
00820
00832 static int clean_plugin_list(
00833 lcas_plugindl_t ** list
00834 )
00835 {
00836 int rc;
00837 lcas_plugindl_t * plugin_entry=NULL;
00838
00839 plugin_entry=*list;
00840 while (plugin_entry)
00841 {
00842 lcas_plugindl_t * plugin_next;
00843 int i;
00844
00845 rc = plugin_entry->procs[TERMPROC]();
00846 if (rc != LCAS_MOD_SUCCESS)
00847 {
00848 lcas_log(0,"lcas.mod-clean_plugin_list(): failed to terminate plugin module %s\n",
00849 plugin_entry->pluginname);
00850 }
00851 lcas_log_debug(1, "lcas.mod-clean_plugin_list(): plugin module %s terminated\n",
00852 plugin_entry->pluginname);
00853 dlclose(plugin_entry->handle);
00854
00855 plugin_next=plugin_entry->next;
00856 for (i=0; i < plugin_entry->argc; i++)
00857 {
00858 if ((plugin_entry->argv)[i] != NULL)
00859 {
00860 lcas_log_debug(3,"Freeing %d - %s\n",i,(plugin_entry->argv)[i]);
00861 free((plugin_entry->argv)[i]);
00862 }
00863 }
00864 free(plugin_entry);
00865 plugin_entry=plugin_next;
00866 }
00867 *list=plugin_entry=NULL;
00868 return 0;
00869 }
00870
00871
00872
00873
00874
00875
00876
00877
00878
00879
00880
00881
00882
00895 static int print_lcas_plugin(
00896 int debug_lvl,
00897 lcas_plugindl_t * plugin
00898 )
00899 {
00900 int i=0;
00901
00902 lcas_log_debug(debug_lvl,"\tplugin name : %s\n",plugin->pluginname);
00903 lcas_log_debug(debug_lvl,"\tplugin arguments : %s\n",plugin->pluginargs);
00904 lcas_log_debug(debug_lvl,"\tplugin address : %x\n",plugin);
00905 lcas_log_debug(debug_lvl,"\tplugin size : %d\n",sizeof(lcas_plugindl_t));
00906 lcas_log_debug(debug_lvl,"\tplugin handle : %x\n",plugin->handle);
00907 lcas_log_debug(debug_lvl,"\tplugin_initialize() : %x\n",plugin->procs[INITPROC]);
00908 lcas_log_debug(debug_lvl,"\tplugin_confirm_authorization(): %x\n",plugin->procs[AUTHPROC]);
00909 lcas_log_debug(debug_lvl,"\tplugin_terminate() : %x\n",plugin->procs[TERMPROC]);
00910 lcas_log_debug(debug_lvl,"\tplugin argc : %d\n",plugin->argc);
00911 for (i=0; i < plugin->argc; i++)
00912 lcas_log_debug(debug_lvl,"\tplugin argv[%2d] : %s\n",i,(plugin->argv)[i]);
00913 lcas_log_debug(debug_lvl,"\tplugin next : %x\n",plugin->next);
00914 if (plugin->next != NULL)
00915 lcas_log_debug(debug_lvl,"\tplugin_next : %s\n",(plugin->next)->pluginname);
00916 else
00917 lcas_log_debug(debug_lvl,"\tplugin_next : last plugin in list\n");
00918
00919 return 1;
00920 }
00921
00922
00923
00924
00925
00926
00927
00928
00929
00930
00931
00932
00933
00934 #if ALLOW_EMPTY_CREDENTIALS
00935 int lcas_get_fabric_authorization(
00936 char * user_dn_tmp,
00937 gss_cred_id_t user_cred,
00938 lcas_request_t request
00939 )
00940 #else
00941 int lcas_get_fabric_authorization(
00942 gss_cred_id_t user_cred,
00943 lcas_request_t request
00944 )
00945 #endif
00946 {
00947 char * user_dn = NULL;
00948 int rc;
00949 int retval;
00950 int lcas_authorized=0;
00951
00952 lcas_plugindl_t * plugin_entry;
00953 lcas_plugindl_t * authmod_entry;
00954
00955
00956
00957 lcas_authorized=0;
00958
00959 if (lcas_initialized == 0)
00960 {
00961 fprintf(stderr,"LCAS has to be initialized first !\n");
00962 retval = FAILED_LCAS_OTHER;
00963 goto fail_lcas_get_fabric_authorization;
00964 }
00965 lcas_log_debug(0,"\n");
00966 lcas_log_time(LOG_NOTICE,"LCAS authorization request\n");
00967
00968
00969
00970
00971 if ( lcas_fill_cred(user_dn_tmp, user_cred, &lcas_cred) != 0)
00972 {
00973 lcas_log(0,"lcas.mod-lcas_get_fabric_authorization() error: could not create lcas credential, something wrong\n");
00974 lcas_log(0," : with user DN and user credential\n");
00975 retval = FAILED_LCAS_OTHER;
00976 goto fail_lcas_get_fabric_authorization;
00977 }
00978 user_dn = lcas_get_dn(lcas_cred);
00979 if (user_dn == NULL)
00980 {
00981 lcas_log(0, "lcas.mod-lcas_get_fabric_authorization() error: user DN empty\n");
00982 retval = FAILED_LCAS_OTHER;
00983 goto fail_lcas_get_fabric_authorization;
00984 }
00985
00986 lcas_log_debug(0, "lcas.mod-lcas_get_fabric_authorization(): user is %s\n", user_dn);
00987
00988
00989
00990
00991 authmod_entry=authmod_list;
00992 while (authmod_entry)
00993 {
00994 rc = authmod_entry->procs[AUTHPROC](request, lcas_cred);
00995 if (rc != LCAS_MOD_SUCCESS)
00996 {
00997 lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): authorization failed for standard module %s\n",
00998 authmod_entry->pluginname);
00999 retval = FAILED_LCAS_PLUGIN;
01000 goto fail_lcas_get_fabric_authorization;
01001 }
01002 lcas_log_debug(0, "lcas.mod-lcas_get_fabric_authorization(): authorization granted by standard module %s\n",
01003 authmod_entry->pluginname);
01004 lcas_authorized++;
01005
01006 authmod_entry=authmod_entry->next;
01007 }
01008
01009
01010
01011
01012 plugin_entry=plugin_list;
01013 while (plugin_entry)
01014 {
01015 rc = plugin_entry->procs[AUTHPROC](request, lcas_cred);
01016 if (rc != LCAS_MOD_SUCCESS)
01017 {
01018 lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): authorization failed for plugin %s\n",
01019 plugin_entry->pluginname);
01020 retval = FAILED_LCAS_PLUGIN;
01021 goto fail_lcas_get_fabric_authorization;
01022 }
01023 lcas_log_debug(0, "lcas.mod-lcas_get_fabric_authorization(): authorization granted by plugin %s\n",
01024 plugin_entry->pluginname);
01025 lcas_authorized++;
01026
01027 plugin_entry=plugin_entry->next;
01028 }
01029
01030
01031
01032
01033
01034
01035
01036
01037
01038
01039 if ( !(lcas_authorized > 0) )
01040 {
01041 lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): No authorization modules were called (check lcas db file)\n");
01042 retval = FAILED_LCAS_OTHER;
01043 goto fail_lcas_get_fabric_authorization;
01044 }
01045 else
01046 lcas_log_debug(2,"lcas.mod-lcas_get_fabric_authorization(): %d modules authorized you\n",lcas_authorized);
01047
01048
01049 lcas_release_cred(&lcas_cred);
01050 lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): succeeded\n");
01051 return 0;
01052
01053 fail_lcas_get_fabric_authorization:
01054
01055 lcas_release_cred(&lcas_cred);
01056 lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): failed\n");
01057 return retval;
01058 }
01059
01060
01061
01062
01063
01064
01065
01066
01067
01068
01069
01070 int lcas_term()
01071 {
01072 int rc;
01073 lcas_plugindl_t * plugin_entry;
01074 lcas_plugindl_t * authmod_entry;
01075
01076 lcas_log_debug(0,"\n");
01077 lcas_log_time(LOG_DEBUG,"Termination LCAS\n");
01078
01079
01080
01081
01082 authmod_entry=authmod_list;
01083 while (authmod_entry)
01084 {
01085 lcas_plugindl_t * authmod_next;
01086 int i;
01087
01088 rc = authmod_entry->procs[TERMPROC]();
01089 if (rc != LCAS_MOD_SUCCESS)
01090 {
01091 lcas_log(0,"lcas.mod-lcas_term(): failed to terminate standard module %s\n",
01092 authmod_entry->pluginname);
01093 return 1;
01094 }
01095 lcas_log_debug(1, "lcas.mod-lcas_term(): standard module %s terminated\n",
01096 authmod_entry->pluginname);
01097
01098 authmod_next=authmod_entry->next;
01099 for (i=0; i < authmod_entry->argc; i++)
01100 {
01101 if ((authmod_entry->argv)[i] != NULL)
01102 {
01103 lcas_log_debug(3,"Freeing %d - %s\n",i,(authmod_entry->argv)[i]);
01104 free((authmod_entry->argv)[i]);
01105 }
01106 }
01107 free(authmod_entry);
01108 authmod_entry=authmod_next;
01109 }
01110 authmod_list=authmod_entry=NULL;
01111
01112
01113
01114
01115
01116 plugin_entry=plugin_list;
01117 while (plugin_entry)
01118 {
01119 lcas_plugindl_t * plugin_next;
01120 int i;
01121
01122 rc = plugin_entry->procs[TERMPROC]();
01123 if (rc != LCAS_MOD_SUCCESS)
01124 {
01125 lcas_log(0,"lcas.mod-lcas_term(): failed to terminate plugin module %s\n",
01126 plugin_entry->pluginname);
01127 return 1;
01128 }
01129 lcas_log_debug(1, "lcas.mod-lcas_term(): plugin module %s terminated\n",
01130 plugin_entry->pluginname);
01131
01132 plugin_next=plugin_entry->next;
01133 for (i=0; i < plugin_entry->argc; i++)
01134 {
01135 if ((plugin_entry->argv)[i] != NULL)
01136 {
01137 lcas_log_debug(3,"Freeing %d - %s\n",i,(plugin_entry->argv)[i]);
01138 free((plugin_entry->argv)[i]);
01139 }
01140 }
01141 free(plugin_entry);
01142 plugin_entry=plugin_next;
01143 }
01144 plugin_list=plugin_entry=NULL;
01145
01146
01147 if (lcas_log_close() != 0)
01148 return 1;
01149
01150 lcas_initialized=0;
01151 return 0;
01152 }
01153
01154
01155
01156
01157
01158
01159
01160