Main Page   Modules   Data Structures   File List   Data Fields   Globals   Related Pages  

lcas.c

Go to the documentation of this file.
00001 /*                                                                                                            
00002  * Copyright (c) 2001 EU DataGrid.                                                                             
00003  * For license conditions see http://www.eu-datagrid.org/license.html                                          
00004  *
00005  * Copyright (c) 2001, 2002 by 
00006  *     Martijn Steenbakkers <martijn@nikhef.nl>,
00007  *     David Groep <davidg@nikhef.nl>,
00008  *     NIKHEF Amsterdam, the Netherlands
00009  */
00010 
00049 /*****************************************************************************
00050                             Include header files
00051 ******************************************************************************/
00052 #include "lcas_config.h"
00053 #include <stdio.h>
00054 #include <stdlib.h>
00055 #include <string.h>
00056 
00057 #if HAVE_MALLOC_H
00058 #    include <malloc.h>
00059 #endif
00060 
00061 /* Programming interface to dynamic linking loader */
00062 #if HAVE_DLFCN_H
00063 #    include <dlfcn.h>
00064 #endif
00065 
00066 #include <gssapi.h>
00067 
00068 /* LCAS includes */
00069 #include "lcas_types.h"
00070 #include "_lcas_utils.h"
00071 #include "_lcas_defines.h"
00072 #include "_lcas_log.h"
00073 #include "_lcas_db_read.h"
00074 
00075 
00076 /******************************************************************************
00077                              Define constants
00078 ******************************************************************************/
00079 
00080 #ifndef NUL
00081 #define NUL '\0' 
00082 #endif
00083 
00084 /* LCAS authorization module definitions */
00085 #define MAXAUTHMODS 3 
00086 #define MAXPROCS    3 
00088 /*
00089  * LCAS error codes
00090  */
00091 #define FAILED_LCAS_USERALLOW   1 
00093 #define FAILED_LCAS_USERBAN     2 
00095 #define FAILED_LCAS_CLOCKCHECK  3 
00097 #define FAILED_LCAS_OTHER       4 
00098 #define FAILED_LCAS_PLUGIN      5 
00101 #ifndef APIMAJORVERSION
00102 #    define APIMAJORVERSION -1
00103 #endif
00104 #ifndef APIMINORVERSION
00105 #    define APIMINORVERSION -1
00106 #endif
00107 #ifndef APIPATCHVERSION
00108 #    define APIPATCHVERSION -1
00109 #endif
00110 
00111 /******************************************************************************
00112                                Type definitions
00113 ******************************************************************************/
00119 enum lcas_proctype_e
00120 {
00121     INITPROC, 
00122     AUTHPROC, 
00123     TERMPROC, 
00124     ENDOFPROCS /*< this is the last enumeration value */
00125 };
00126 
00132 typedef int (*lcas_proc_t)();
00133 
00144 typedef struct lcas_plugindl_s
00145 {
00146     void *                    handle; 
00147     lcas_proc_t               procs[MAXPROCS]; 
00148     char                      pluginname[LCAS_MAXPATHLEN+1]; 
00149     char                      pluginargs[LCAS_MAXARGSTRING+1]; 
00150     int                       argc; 
00151     char *                    argv[LCAS_MAXARGS]; 
00152     struct lcas_plugindl_s *  next; 
00153 }
00154 lcas_plugindl_t;
00155 
00156 /******************************************************************************
00157                           Module specific prototypes
00158 ******************************************************************************/
00159 static lcas_plugindl_t * PluginInit(lcas_db_entry_t *, lcas_plugindl_t **);
00160 static lcas_proc_t       get_procsymbol(void *, char *);
00161 static int               print_lcas_plugin(int, lcas_plugindl_t *);
00162 static int               parse_args_plugin(const char *, const char *, char **, int *);
00163 static int               clean_plugin_list(lcas_plugindl_t **);
00164 
00165 /******************************************************************************
00166                        Define module specific variables
00167 ******************************************************************************/
00168 static lcas_cred_id_t    lcas_cred; 
00169 static int               lcas_initialized = 0; 
00170 static char *            lcas_db_file_default = NULL; 
00171 static char *            lcas_dir         = NULL; 
00172 static lcas_plugindl_t * plugin_list      = NULL; 
00173 static lcas_plugindl_t * authmod_list     = NULL; 
00174 static char *            authmods[MAXAUTHMODS][2] = {
00175                              {(char *) NULL, (char *) NULL},
00176                              {(char *) NULL, (char *) NULL},
00177                              {(char *) NULL, (char *) NULL}
00178 }; 
00179 /*
00180 static char *            authmods[MAXAUTHMODS][2] =
00181 {
00182                              "lcas_userallow.mod", "allowed_users.db",
00183                              "lcas_userban.mod",   "ban_users.db",
00184                              "lcas_timeslots.mod", "timeslots.db"
00185                          };
00186 */
00187 
00188 int getMajorVersionNumber() { return (int)(APIMAJORVERSION); }
00189 int getMinorVersionNumber() { return (int)(APIMINORVERSION); }
00190 int getPatchVersionNumber() { return (int)(APIPATCHVERSION); }
00191 
00192 /*
00193  * To be done: set up LCAS as a service and communicate with gatekeeper
00194  * in an established security context
00195  */
00196 
00197 /******************************************************************************
00198 Function:   lcas_init_and_log
00199 Description:
00200     Select logging type
00201     Setup logging, error handling (not yet).
00202     Read from LCAS database the plugins to be loaded.
00203     Initialize the plugins
00204 
00205 Parameters:
00206     fp: file handle for logging (from gatekeeper or other previously opened file handle)
00207         If the file handle is zero, assume that only syslogging is requested
00208     logtype: type of logging (usrlog and/or syslog)
00209 
00210 Returns:
00211     0: initialization succeeded
00212     1: initialization failed
00213 ******************************************************************************/
00214 int lcas_init_and_log(
00215         FILE* fp,
00216         unsigned short logtype
00217 )
00218 {
00219     lcas_db_entry_t **  lcas_db_handle=NULL;
00220     lcas_db_entry_t **  lcas_mod_handle=NULL;
00221     lcas_db_entry_t *   lcas_mod_db=NULL;
00222     lcas_db_entry_t     lcas_mod_entry;
00223     lcas_db_entry_t *   ihandle=NULL;
00224     lcas_plugindl_t *   plugin_entry=NULL;
00225     lcas_plugindl_t *   authmod_entry=NULL;
00226     char *              lcas_db_file=NULL;
00227     int                 ientry;
00228     int                 i;
00229 
00230     if (lcas_initialized)
00231     {
00232         if (lcas_log(0,"LCAS already initialized\n") != 0)
00233         {
00234             fprintf(stderr,"LCAS already initialized, but wrongly\n");
00235             goto fail_lcas_init_and_log;
00236         }
00237         return 0;
00238     }
00239 
00240     /* set logging file descriptor, for the moment the gatekeeper logfile */
00241     if (lcas_log_open(NULL,fp,logtype))
00242         goto fail_lcas_init_and_log;
00243 //    lcas_log_open(NULL,fp,DO_USRLOG|DO_SYSLOG);
00244 //    lcas_log_open(NULL,fp,DO_USRLOG);
00245     lcas_log_debug(0,"\n");
00246     lcas_log_time(LOG_DEBUG,"Initialization LCAS version %s\n",VERSION);
00247 
00248     /* get LCAS (database) home directory and set lcas_db_file */
00249     lcas_dir = getenv("LCAS_DIR");
00250     lcas_dir = (lcas_dir ? lcas_dir : LCAS_ETC_HOME );
00251     lcas_db_file_default = getenv("LCAS_DB_FILE");
00252     lcas_db_file_default = (lcas_db_file_default ? lcas_db_file_default : "lcas.db" );
00253 
00254     lcas_db_file=lcas_genfilename(lcas_dir, lcas_db_file_default, NULL);
00255 
00256     /*
00257      * To be done: obtain the LCAS policy database which is stored within the
00258      * Configuration Management subsystem
00259      */
00260 
00261     /* put the STANDARD AUTHORIZATION MODULE info in lcas_db-like structure */
00262     lcas_mod_entry.next=NULL;
00263     lcas_mod_handle=&lcas_mod_db;
00264     for (i=0; i < MAXAUTHMODS; ++i)
00265     {
00266         if (authmods[i][0] == NULL) break; /* No standard, default authorization modules */
00267         *(lcas_mod_entry.pluginname)=NUL;
00268         *(lcas_mod_entry.pluginargs)=NUL;
00269         if (authmods[i][0] != NULL)
00270         {
00271             strncpy(lcas_mod_entry.pluginname,authmods[i][0],LCAS_MAXPATHLEN);
00272             (lcas_mod_entry.pluginname)[LCAS_MAXPATHLEN]=NUL;
00273         }
00274         if (authmods[i][1] != NULL)
00275         {
00276             strncpy(lcas_mod_entry.pluginargs,authmods[i][1],LCAS_MAXARGSTRING);
00277             (lcas_mod_entry.pluginargs)[LCAS_MAXARGSTRING]=NUL;
00278         }
00279         lcas_log_debug(1,"lcas.mod-lcas_init(): creating db structure for authorization module %s\n",
00280                  authmods[i][0]);
00281         if (lcas_db_fill_entry(lcas_mod_handle, &lcas_mod_entry) == NULL)
00282         {
00283             lcas_log(0,"lcas.mod-lcas_init() error: Cannot create standard authorization module (%d-%s) db structure\n",
00284                     i,authmods[i][0]);
00285             goto fail_lcas_init_and_log;
00286         }
00287     }
00288 
00289     /*
00290      * init the STANDARD AUTHORIZATION MODULES (PluginInit)
00291      * - open plugins and check the symbols plugin_init and confirm_authorization
00292      * - run plugin_init
00293      */
00294     ientry=0;
00295     ihandle=*lcas_mod_handle;
00296     while (ihandle)
00297     {
00298         if (strlen(ihandle->pluginname) > 0)
00299         {
00300             lcas_log_debug(1,"lcas.mod-lcas_init(): initializing standard module %s (db entry %d)\n",
00301                      ihandle->pluginname, ientry);
00302             if ((authmod_entry=PluginInit(ihandle,&authmod_list)) == NULL)
00303             {
00304                 lcas_log(0,"lcas.mod-lcas_init(): error initializing standard module : %s\n",
00305                          ihandle->pluginname);
00306                 goto fail_lcas_init_and_log;
00307             }
00308         }
00309         ientry++;
00310         ihandle=ihandle->next;
00311     }
00312 
00313     /* 
00314      * read PLUGIN AUTHORIZATION MODULE info from LCAS database and store
00315      * the info in a lcas_db structure
00316      */
00317     lcas_log_debug(0,"lcas.mod-lcas_init(): Reading LCAS database %s\n",
00318             lcas_db_file);
00319     lcas_db_handle=lcas_db_read(lcas_db_file);
00320     if (lcas_db_handle == NULL)
00321     {
00322         lcas_log(0,"lcas.mod-lcas_init(): Failed to read LCAS database %s\n",
00323                  lcas_db_file);
00324         goto fail_lcas_init_and_log;
00325     }
00326     /*
00327      * init the PLUGIN AUTHORIZATION MODULES (PluginInit)
00328      * - open plugins and check the symbols plugin_init and confirm_authorization
00329      * - run plugin_init
00330      */
00331     ientry=0;
00332     ihandle=*lcas_db_handle;
00333     while (ihandle)
00334     {
00335         if (strlen(ihandle->pluginname) > 0)
00336         {
00337             lcas_log_debug(1,"lcas.mod-lcas_init(): initializing plugin %s (db entry %d)\n",
00338                      ihandle->pluginname, ientry);
00339             if ((plugin_entry=PluginInit(ihandle,&plugin_list)) == NULL)
00340             {
00341                 lcas_log(0,"lcas.mod-lcas_init(): error initializing plugin: %s\n",ihandle->pluginname);
00342                 goto fail_lcas_init_and_log;
00343             }
00344             /* 
00345              * Check if plugin module is already registered as standard authorization module,
00346              * by comparing the complete path names of the plugin and modules
00347              */
00348             authmod_entry=authmod_list;
00349             while (authmod_entry)
00350             {
00351                 if ( (strncmp(authmod_entry->pluginname,
00352                               plugin_entry->pluginname,
00353                               LCAS_MAXPATHLEN) == 0)
00354                    )
00355                 {
00356                     lcas_log(0,"lcas.mod-lcas_init() error: plugin %s already registered as\n",
00357                              plugin_entry->pluginname);
00358                     lcas_log(0,"    standard authorization module\n");
00359                     goto fail_lcas_init_and_log;
00360                 }
00361                 authmod_entry=authmod_entry->next;
00362             }
00363             
00364         }
00365         ientry++;
00366         ihandle=ihandle->next;
00367     }
00368 
00369     authmod_entry=authmod_list;
00370     while (authmod_entry)
00371     {
00372         print_lcas_plugin(2,authmod_entry);
00373         lcas_log_debug(2,"\n");
00374         authmod_entry=authmod_entry->next;
00375     }
00376 
00377     plugin_entry=plugin_list;
00378     while (plugin_entry)
00379     {
00380         print_lcas_plugin(2,plugin_entry);
00381         lcas_log_debug(2,"\n");
00382         plugin_entry=plugin_entry->next;
00383     }
00384 
00385     /* clean STANDARD authorization module database structure */
00386     if(lcas_db_clean_list(&lcas_mod_db))
00387     {
00388         lcas_log(0,"lcas.mod-lcas_init() error: could not clean up authmod db structure\n");
00389         goto fail_lcas_init_and_log;
00390     }
00391     /* clean PLUGIN authorization module database structure */
00392     if (lcas_db_clean())
00393     {
00394         lcas_log(0,"lcas.mod-lcas_init() error: could not clean up plugin db structure\n");
00395         goto fail_lcas_init_and_log;
00396     }
00397 
00398     /* success */
00399     if (lcas_db_file) free(lcas_db_file);
00400     lcas_initialized++;
00401     return 0;
00402 
00403  fail_lcas_init_and_log:
00404     /* failure */
00405     lcas_db_clean_list(&lcas_mod_db);
00406     lcas_db_clean();
00407     if (clean_plugin_list(&plugin_list)!=0)
00408     {
00409         lcas_log(0,"lmas.mod-lcas_init() error: could not clean up plugin list\n");
00410     }
00411     if (lcas_db_file) free(lcas_db_file);
00412 
00413     return 1;
00414 }
00415 
00416 /******************************************************************************
00417 Function:   lcas_init
00418 Description:
00419     Initialize LCAS module: 
00420     setup logging, error handling
00421     read from LCAS database the plugins to be loaded
00422 
00423 Parameters:
00424     fp: file handle for logging (from gatekeeper)
00425 Returns:
00426     0: initialization succeeded
00427     1: initialization failed
00428 ******************************************************************************/
00429 int lcas_init(
00430         FILE* fp
00431 )
00432 {
00433     /* set logging file descriptor, for the moment the gatekeeper logfile */
00434     /* if fp == NULL --> syslogging, otherwise only DO_USRLOG */
00435     if (fp)
00436     {
00437         return lcas_init_and_log(fp,DO_USRLOG);
00438     }
00439     else
00440     {
00441         return lcas_init_and_log(NULL,DO_SYSLOG);
00442     }
00443 }
00444 
00445 
00446 /******************************************************************************
00447 Function:   PluginInit
00448 Description:
00449     Initialize the plugin
00450     - Create entry in (plugin)list
00451     - Open plugins and check the symbols plugin_init and confirm_authorization
00452     - run plugin_init
00453 
00454 Parameters:
00455     db_handle: handle to LCAS db (containing pluginname and pluginargs)
00456     list:      pointer to list to which (plugin) module has to be added
00457 Returns:
00458     pointer to plugin structure
00459     NULL: could not initialize plugin
00460 ******************************************************************************/
00479 static lcas_plugindl_t * PluginInit(
00480         lcas_db_entry_t * db_handle,
00481         lcas_plugindl_t ** list
00482 )
00483 {
00484     char *                 name;
00485 #if 0
00486     char *                 names[5]={NULL,NULL,NULL,NULL,NULL};
00487 #endif
00488     char *                 pname=NULL;
00489     char *                 args=NULL;
00490 #if 0
00491     char *                 db;
00492     char *                 dbs[5]={NULL,NULL,NULL,NULL,NULL};
00493     char *                 pdb=NULL;
00494 #endif
00495     void *                 plugin_handle;
00496     lcas_proc_t            plugin_procs[MAXPROCS];
00497     lcas_plugindl_t *      pplugin=NULL;
00498     int                    i;
00499     int                    retval;
00500 
00501     name = db_handle->pluginname;
00502 #if 0
00503     db = db_handle->pluginargs;
00504 #endif
00505     args = db_handle->pluginargs;
00506 
00507     /* Find plugin module */
00508 #if 0
00509     names[0]=lcas_genfilename(NULL,name,NULL);
00510     names[1]=lcas_genfilename("modules",name,NULL);
00511     names[2]=lcas_genfilename(LCAS_MOD_HOME,name,NULL);
00512     names[3]=lcas_genfilename(LCAS_LIB_HOME,name,NULL);
00513     names[4]=lcas_genfilename(LCAS_ETC_HOME,name,NULL);
00514     pname=lcas_getfexist(5,names[0],
00515                       names[1],names[2],
00516                       names[3],names[4]
00517           );
00518 #endif
00519     pname = lcas_findfile(name);
00520     if (pname == NULL)
00521     {
00522         lcas_log(0,
00523             "lcas.mod-PluginInit(): plugin %s not found\n",
00524             name
00525         );
00526         goto fail_PluginInit;
00527     }
00528 
00529 #if 0
00530     /* Find database */
00531     if (strlen(db) > 0)
00532     {
00533         dbs[0]=lcas_genfilename(NULL,db,NULL);
00534         dbs[1]=lcas_genfilename("modules",db,NULL);
00535         dbs[2]=lcas_genfilename(LCAS_ETC_HOME,db,NULL);
00536         dbs[3]=lcas_genfilename(LCAS_MOD_HOME,db,NULL);
00537         dbs[4]=lcas_genfilename(LCAS_LIB_HOME,db,NULL);
00538         pdb=lcas_getfexist(5,dbs[0],
00539                         dbs[1],dbs[2],
00540                         dbs[3],dbs[4]
00541             );
00542     }
00543 #endif
00544 
00545     /* Try a dlopen() */
00546     plugin_handle=dlopen(pname,RTLD_NOW);
00547 //    plugin_handle=dlopen(pname,RTLD_NOW|RTLD_GLOBAL);
00548     if (!plugin_handle)
00549     {
00550         lcas_log(0,"lcas.mod-PluginInit(): dlopen error for %s:\n    %s\n",
00551             pname,dlerror()
00552         );
00553         goto fail_PluginInit;
00554     }
00555 
00556     /* Check symbols */
00557     for (i=0; i < MAXPROCS; ++i)
00558     {
00559         switch (i)
00560         {
00561             case INITPROC:
00562                 plugin_procs[i]=get_procsymbol(plugin_handle,"plugin_initialize");
00563                 if (plugin_procs[i] == NULL)
00564                 {
00565                     lcas_log(0,"lcas.mod-PluginInit(): plugin %s not compliant\n",
00566                         name);
00567                     lcas_log(0,"lcas.mod-PluginInit(): missing function \"plugin_initialize()\"\n");
00568                     goto fail_PluginInit;
00569                 }
00570                 else
00571                 {
00572                     lcas_log_debug(2,"lcas.mod-PluginInit(): found \"plugin_initialize()\"\n");
00573                 }
00574                 break;
00575             case AUTHPROC:
00576                 plugin_procs[i]=get_procsymbol(plugin_handle,"plugin_confirm_authorization");
00577                 if (plugin_procs[i] == NULL)
00578                 {
00579                     lcas_log(0,"lcas.mod-PluginInit(): plugin %s not compliant\n",
00580                         name);
00581                     lcas_log(0,"lcas.mod-PluginInit(): missing function \"plugin_confirm_authorization()\"\n");
00582                     goto fail_PluginInit;
00583                 }
00584                 else
00585                 {
00586                     lcas_log_debug(2,"lcas.mod-PluginInit(): found \"plugin_confirm_authorization()\"\n");
00587                 }
00588                 break;
00589             case TERMPROC:
00590                 plugin_procs[i]=get_procsymbol(plugin_handle,"plugin_terminate");
00591                 if (plugin_procs[i] == NULL)
00592                 {
00593                     lcas_log(0,"lcas.mod-PluginInit(): plugin %s not compliant\n",
00594                         name);
00595                     lcas_log(0,"lcas.mod-PluginInit(): missing function \"plugin_terminate()\"\n");
00596                     goto fail_PluginInit;
00597                 }
00598                 else
00599                 {
00600                     lcas_log_debug(2,"lcas.mod-PluginInit(): found \"plugin_terminate()\"\n");
00601                 }
00602                 break;
00603             default:
00604                 /* do nothing */
00605                 plugin_procs[i]=NULL;
00606                 break;
00607         }
00608     }
00609     /* Make a new entry at end of plugin list */
00610     if (!*list)
00611     {
00612         lcas_log_debug(2,"lcas.mod-PluginInit(): creating first pluginlist entry\n");
00613         *list=pplugin=(lcas_plugindl_t *)malloc(sizeof(lcas_plugindl_t));
00614     }
00615     else
00616     {
00617         lcas_log_debug(2,"lcas.mod-PluginInit(): creating new pluginlist entry\n");
00618         pplugin=*list;
00619         while (pplugin->next) pplugin=pplugin->next;
00620         pplugin=pplugin->next=(lcas_plugindl_t *)malloc(sizeof(lcas_plugindl_t));
00621     }
00622     if (!pplugin)
00623     {
00624         lcas_log(0,"lcas.mod-PluginInit(): error creating new pluginlist entry\n");
00625         goto fail_PluginInit;
00626     }
00627     /* Set plugin list elements */
00628     pplugin->next=NULL;
00629     pplugin->handle=plugin_handle;
00630     for (i=0; i < MAXPROCS; ++i)
00631         pplugin->procs[i]=plugin_procs[i];
00632     if (pname != NULL)
00633     {
00634         strncpy(pplugin->pluginname,pname,LCAS_MAXPATHLEN);
00635         (pplugin->pluginname)[LCAS_MAXPATHLEN]=NUL;
00636     }
00637     else
00638         strncpy(pplugin->pluginname,"",LCAS_MAXPATHLEN);
00639 
00640     if (args != NULL)
00641     {
00642         strncpy(pplugin->pluginargs,args,LCAS_MAXARGSTRING);
00643         (pplugin->pluginargs)[LCAS_MAXARGSTRING]=NUL;
00644     }
00645     else
00646         strncpy(pplugin->pluginargs,"",LCAS_MAXARGSTRING);
00647 
00648     /* Parse options */
00649     if (parse_args_plugin(pname,args,pplugin->argv,&(pplugin->argc)) )
00650     {
00651         lcas_log(0,"lcas.mod-PluginInit(): Could not parse arguments for plugin module %s\n",
00652         pname);
00653         goto fail_PluginInit;
00654     }
00655     for (i=0; i < pplugin->argc; ++i)
00656         lcas_log_debug(4,"%s arg %d = %s\n",pname,i,(pplugin->argv)[i]);
00657 
00658 
00659     /* Run plugin_initialize() */
00660 #if 0
00661     retval=(*(pplugin->procs[INITPROC]))(pplugin->pluginargs);
00662 #endif
00663     retval=(*(pplugin->procs[INITPROC]))(pplugin->argc,pplugin->argv);
00664     if (retval != LCAS_MOD_SUCCESS )
00665     {
00666         lcas_log(0,"lcas.mod-PluginInit(): \"plugin_initialize()\" failed\n");
00667         goto fail_PluginInit;
00668     }
00669     else
00670     {
00671         lcas_log_debug(2,"lcas.mod-PluginInit(): \"plugin_initialize()\" succeeded\n");
00672     }
00673 
00674 
00675     /* free stuff */
00676     if (pname) { free(pname); pname=NULL; }
00677 #if 0
00678     for (i=0; i < 5; ++i)
00679     {
00680         if (names[i]) free(names[i]);
00681         if (dbs[i]) free(dbs[i]);
00682     }
00683 #endif
00684 
00685     return pplugin;
00686 
00687  fail_PluginInit:
00688     if (pname) { free(pname); pname=NULL; }
00689 #if 0
00690     for (i=0; i < 5; ++i)
00691     {
00692         if (names[i]) free(names[i]);
00693         if (dbs[i]) free(dbs[i]);
00694     }
00695 #endif
00696     return NULL;
00697 }
00698 
00699 /******************************************************************************
00700 Function:   parse_args_plugin()
00701 Description:
00702     Parse the argument string of the plugin and create xargv and xargc
00703 
00704 Parameters:
00705     name: name of the plugin (goes into argv[0])
00706     argstring: string containing the arguments
00707     xargv: array of argument strings (has to be freed later)
00708     xargc: number of arguments
00709 Returns:
00710     0 on succes
00711     1 on failure
00712 ******************************************************************************/
00731 static int parse_args_plugin(
00732         const char * name,
00733         const char * argstring,
00734         char ** xargv,
00735         int * xargc
00736 )
00737 {
00738     int len=0;
00739     int i;
00740     int rc;
00741 
00742     /* set modulename */
00743     len=strlen(name);
00744     if ( (len > 0) && (len < LCAS_MAXPATHLEN) )
00745     {
00746         xargv[0]=(char *)malloc(len+1);
00747         if (xargv[0] != NULL)
00748             strncpy(xargv[0],name,len+1);
00749         else
00750             return 1;
00751     }
00752 
00753     *xargc=LCAS_MAXARGS-1;
00754     if ( (rc=lcas_tokenize(argstring, &xargv[1], xargc, " \t\n")) )
00755     {
00756         lcas_log(0,"lcas.mod-parse_args_plugin(): something wrong parsing arguments of %s, rc=%d\n",
00757                  name, rc);
00758         (*xargc)++;
00759         return 1;
00760     }
00761     (*xargc)++; /* increase by one for xargv[0] */
00762     lcas_log_debug(3,"lcas.mod-parse_args_plugin(): Found %d arguments:\n", *xargc);
00763     for (i=0; i < *xargc; i++)
00764         lcas_log_debug(3,"lcas.mod-parse_args_plugin(): %d --> %s\n", i, xargv[i]);
00765 
00766     return 0;
00767 }
00768 
00769 /******************************************************************************
00770 Function:   get_procsymbol
00771 Description:
00772     get procedure symbol from dlopen-ed library
00773 
00774 Parameters:
00775     handle:  handle of dynamic library
00776     symname: name of procedure symbol
00777 Returns:
00778     handle to procedure symbol
00779     NULL: Could not get symbol
00780 ******************************************************************************/
00792 static lcas_proc_t get_procsymbol(
00793         void * handle,
00794         char * symname
00795 )
00796 {
00797     lcas_proc_t symhandle;
00798     char *error;
00799 
00800     symhandle=dlsym(handle,symname);
00801     if ((error = dlerror()) != NULL)
00802     {
00803         lcas_log(0,"lcas.mod-get_procsymbol(): dlsym error: %s",error);
00804         return NULL;
00805     }
00806     return symhandle;
00807 }
00808 
00809 /******************************************************************************
00810 Function:   clean_plugin_list
00811 Description:
00812     clean (free) the list of plugins and call the plugin termination functions
00813 
00814 Parameters:
00815     list:      pointer to list of plugins which has to be freeed.
00816 
00817 Returns:
00818     1: succes
00819     0: failure
00820 ******************************************************************************/
00832 static int clean_plugin_list(
00833         lcas_plugindl_t ** list
00834 )
00835 {
00836     int                           rc;
00837     lcas_plugindl_t *             plugin_entry=NULL;
00838 
00839     plugin_entry=*list;
00840     while (plugin_entry)
00841     {
00842         lcas_plugindl_t * plugin_next;
00843         int               i;
00844 
00845         rc = plugin_entry->procs[TERMPROC]();
00846         if (rc != LCAS_MOD_SUCCESS)
00847         {
00848             lcas_log(0,"lcas.mod-clean_plugin_list(): failed to terminate plugin module %s\n",
00849                     plugin_entry->pluginname);
00850         }
00851         lcas_log_debug(1, "lcas.mod-clean_plugin_list(): plugin module %s terminated\n",
00852                 plugin_entry->pluginname);
00853         dlclose(plugin_entry->handle);
00854 
00855         plugin_next=plugin_entry->next;
00856         for (i=0; i < plugin_entry->argc; i++)
00857         {
00858             if ((plugin_entry->argv)[i] != NULL)
00859             {
00860                 lcas_log_debug(3,"Freeing %d - %s\n",i,(plugin_entry->argv)[i]);
00861                 free((plugin_entry->argv)[i]);
00862             }
00863         }
00864         free(plugin_entry);
00865         plugin_entry=plugin_next;
00866     }
00867     *list=plugin_entry=NULL;
00868     return 0;
00869 }
00870 
00871 /******************************************************************************
00872 Function:   print_lcas_plugin
00873 Description:
00874     print the lcas_plugindl_t structure
00875 
00876 Parameters:
00877     debug_lvl: debugging level
00878     plugin:    plugin structure
00879 Returns:
00880     1: succes
00881     0: failure
00882 ******************************************************************************/
00895 static int print_lcas_plugin(
00896         int debug_lvl,
00897         lcas_plugindl_t * plugin
00898 )
00899 {
00900     int i=0;
00901 
00902     lcas_log_debug(debug_lvl,"\tplugin name                   : %s\n",plugin->pluginname);
00903     lcas_log_debug(debug_lvl,"\tplugin arguments              : %s\n",plugin->pluginargs);
00904     lcas_log_debug(debug_lvl,"\tplugin address                : %x\n",plugin);
00905     lcas_log_debug(debug_lvl,"\tplugin size                   : %d\n",sizeof(lcas_plugindl_t));
00906     lcas_log_debug(debug_lvl,"\tplugin handle                 : %x\n",plugin->handle);
00907     lcas_log_debug(debug_lvl,"\tplugin_initialize()           : %x\n",plugin->procs[INITPROC]);
00908     lcas_log_debug(debug_lvl,"\tplugin_confirm_authorization(): %x\n",plugin->procs[AUTHPROC]);
00909     lcas_log_debug(debug_lvl,"\tplugin_terminate()            : %x\n",plugin->procs[TERMPROC]);
00910     lcas_log_debug(debug_lvl,"\tplugin argc                   : %d\n",plugin->argc);
00911     for (i=0; i < plugin->argc; i++)
00912         lcas_log_debug(debug_lvl,"\tplugin argv[%2d]               : %s\n",i,(plugin->argv)[i]);
00913     lcas_log_debug(debug_lvl,"\tplugin next                   : %x\n",plugin->next);
00914     if (plugin->next != NULL)
00915         lcas_log_debug(debug_lvl,"\tplugin_next                   : %s\n",(plugin->next)->pluginname);
00916     else
00917         lcas_log_debug(debug_lvl,"\tplugin_next                   : last plugin in list\n");
00918 
00919     return 1;
00920 }
00921 
00922 /******************************************************************************
00923 Function:   lcas_get_fabric_authorization
00924 Description:
00925     Call LCAS in order to get authorization on the local fabric
00926 
00927 Parameters:
00928     request: JDL
00929     user_cred : user globus credential handle
00930 Returns:
00931     0: authorization succeeded
00932     1: authorization failed
00933 ******************************************************************************/
00934 #if ALLOW_EMPTY_CREDENTIALS
00935 int lcas_get_fabric_authorization(
00936         char * user_dn_tmp,
00937         gss_cred_id_t user_cred,
00938         lcas_request_t request
00939 )
00940 #else
00941 int lcas_get_fabric_authorization(
00942         gss_cred_id_t user_cred,
00943         lcas_request_t request
00944 )
00945 #endif
00946 {
00947     char *                        user_dn = NULL;
00948     int                           rc;
00949     int                           retval;
00950     int                           lcas_authorized=0;
00951 
00952     lcas_plugindl_t *             plugin_entry;
00953     lcas_plugindl_t *             authmod_entry;
00954 
00955 
00956     /* Default authorization = no authorization */
00957     lcas_authorized=0;
00958 
00959     if (lcas_initialized == 0)
00960     {
00961         fprintf(stderr,"LCAS has to be initialized first !\n");
00962         retval = FAILED_LCAS_OTHER;
00963         goto fail_lcas_get_fabric_authorization;
00964     }
00965     lcas_log_debug(0,"\n");
00966     lcas_log_time(LOG_NOTICE,"LCAS authorization request\n");
00967 
00968     /*
00969      * Create lcas credential (checks if dn can be extracted)
00970      */
00971     if ( lcas_fill_cred(user_dn_tmp, user_cred, &lcas_cred) != 0)
00972     {
00973         lcas_log(0,"lcas.mod-lcas_get_fabric_authorization() error: could not create lcas credential, something wrong\n");
00974         lcas_log(0,"                                              : with user DN and user credential\n");
00975         retval = FAILED_LCAS_OTHER;
00976         goto fail_lcas_get_fabric_authorization;
00977     }
00978     user_dn = lcas_get_dn(lcas_cred);
00979     if (user_dn == NULL)
00980     {
00981         lcas_log(0, "lcas.mod-lcas_get_fabric_authorization() error: user DN empty\n");
00982         retval = FAILED_LCAS_OTHER;
00983         goto fail_lcas_get_fabric_authorization;
00984     }
00985 
00986     lcas_log_debug(0, "lcas.mod-lcas_get_fabric_authorization(): user is %s\n", user_dn);
00987 
00988     /*
00989      *             - Call the STANDARD authorization modules
00990      */
00991     authmod_entry=authmod_list;
00992     while (authmod_entry)
00993     {
00994         rc = authmod_entry->procs[AUTHPROC](request, lcas_cred);
00995         if (rc != LCAS_MOD_SUCCESS)
00996         {
00997             lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): authorization failed for standard module %s\n",
00998                     authmod_entry->pluginname);
00999             retval = FAILED_LCAS_PLUGIN;
01000             goto fail_lcas_get_fabric_authorization;
01001         }
01002         lcas_log_debug(0, "lcas.mod-lcas_get_fabric_authorization(): authorization granted by standard module %s\n",
01003                 authmod_entry->pluginname);
01004         lcas_authorized++;
01005 
01006         authmod_entry=authmod_entry->next;
01007     }
01008 
01009     /*
01010      *             - Call the PLUGIN authorization modules
01011      */
01012     plugin_entry=plugin_list;
01013     while (plugin_entry)
01014     {
01015         rc = plugin_entry->procs[AUTHPROC](request, lcas_cred);
01016         if (rc != LCAS_MOD_SUCCESS)
01017         {
01018             lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): authorization failed for plugin %s\n",
01019                     plugin_entry->pluginname);
01020             retval = FAILED_LCAS_PLUGIN;
01021             goto fail_lcas_get_fabric_authorization;
01022         }
01023         lcas_log_debug(0, "lcas.mod-lcas_get_fabric_authorization(): authorization granted by plugin %s\n",
01024                 plugin_entry->pluginname);
01025         lcas_authorized++;
01026 
01027         plugin_entry=plugin_entry->next;
01028     }
01029 
01030     /*
01031      * To be done: 
01032      *             if the user is authorized call FLIDS component and return
01033      *             the (temporary) certificate.
01034      */
01035 
01036     /*
01037      * Check if lcas_authorized > 0
01038      */
01039     if ( !(lcas_authorized > 0) )
01040     {
01041         lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): No authorization modules were called (check lcas db file)\n");
01042         retval = FAILED_LCAS_OTHER;
01043         goto fail_lcas_get_fabric_authorization;
01044     }
01045     else
01046         lcas_log_debug(2,"lcas.mod-lcas_get_fabric_authorization(): %d modules authorized you\n",lcas_authorized);
01047 
01048     /* success */
01049     lcas_release_cred(&lcas_cred);
01050     lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): succeeded\n");
01051     return 0;
01052 
01053  fail_lcas_get_fabric_authorization:
01054     /* failure */
01055     lcas_release_cred(&lcas_cred);
01056     lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): failed\n");
01057     return retval;
01058 }
01059 
01060 /******************************************************************************
01061 Function:   lcas_term
01062 Description:
01063     Terminate LCAS module: 
01064 
01065 Parameters:
01066 Returns:
01067     0: termination succeeded
01068     1: termination failed
01069 ******************************************************************************/
01070 int lcas_term()
01071 {
01072     int                           rc;
01073     lcas_plugindl_t *             plugin_entry;
01074     lcas_plugindl_t *             authmod_entry;
01075 
01076     lcas_log_debug(0,"\n");
01077     lcas_log_time(LOG_DEBUG,"Termination LCAS\n");
01078     /*
01079      *             - Terminate the STANDARD authorization modules
01080      *               and clean up the authmod structure
01081      */
01082     authmod_entry=authmod_list;
01083     while (authmod_entry)
01084     {
01085         lcas_plugindl_t * authmod_next;
01086         int               i;
01087 
01088         rc = authmod_entry->procs[TERMPROC]();
01089         if (rc != LCAS_MOD_SUCCESS)
01090         {
01091             lcas_log(0,"lcas.mod-lcas_term(): failed to terminate standard module %s\n",
01092                     authmod_entry->pluginname);
01093             return 1;
01094         }
01095         lcas_log_debug(1, "lcas.mod-lcas_term(): standard module %s terminated\n",
01096                 authmod_entry->pluginname);
01097 
01098         authmod_next=authmod_entry->next;
01099         for (i=0; i < authmod_entry->argc; i++)
01100         {
01101             if ((authmod_entry->argv)[i] != NULL)
01102             {
01103                 lcas_log_debug(3,"Freeing %d - %s\n",i,(authmod_entry->argv)[i]);
01104                 free((authmod_entry->argv)[i]);
01105             }
01106         }
01107         free(authmod_entry);
01108         authmod_entry=authmod_next;
01109     }
01110     authmod_list=authmod_entry=NULL;
01111 
01112     /*
01113      *             - Terminate the PLUGIN authorization modules
01114      *               and clean up the plugin structure
01115      */
01116     plugin_entry=plugin_list;
01117     while (plugin_entry)
01118     {
01119         lcas_plugindl_t * plugin_next;
01120         int               i;
01121 
01122         rc = plugin_entry->procs[TERMPROC]();
01123         if (rc != LCAS_MOD_SUCCESS)
01124         {
01125             lcas_log(0,"lcas.mod-lcas_term(): failed to terminate plugin module %s\n",
01126                     plugin_entry->pluginname);
01127             return 1;
01128         }
01129         lcas_log_debug(1, "lcas.mod-lcas_term(): plugin module %s terminated\n",
01130                 plugin_entry->pluginname);
01131 
01132         plugin_next=plugin_entry->next;
01133         for (i=0; i < plugin_entry->argc; i++)
01134         {
01135             if ((plugin_entry->argv)[i] != NULL)
01136             {
01137                 lcas_log_debug(3,"Freeing %d - %s\n",i,(plugin_entry->argv)[i]);
01138                 free((plugin_entry->argv)[i]);
01139             }
01140         }
01141         free(plugin_entry);
01142         plugin_entry=plugin_next;
01143     }
01144     plugin_list=plugin_entry=NULL;
01145 
01146     /* close logging (safe if logfile is not owned by LCAS) */
01147     if (lcas_log_close() != 0)
01148         return 1;
01149 
01150     lcas_initialized=0;
01151     return 0;
01152 }
01153 
01154 /******************************************************************************
01155 CVS Information:
01156     $Source: /local/reps/lcgware/fabric_mgt/gridification/lcas/src/lcas.c,v $
01157     $Date: 2004/09/20 10:12:33 $
01158     $Revision: 2.15 $
01159     $Author: maart $
01160 ******************************************************************************/

Generated on Mon Sep 20 15:14:15 2004 for edg-lcas by doxygen1.2.14 written by Dimitri van Heesch, © 1997-2002