00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00060 #include "lcmaps_config.h"
00061 #include <stdio.h>
00062 #include <stdlib.h>
00063 #include <string.h>
00064 #include <gssapi.h>
00065
00066
00067 #include "pluginmanager/_lcmaps_pluginmanager.h"
00068 #include "pluginmanager/_lcmaps_log.h"
00069 #include "lcmaps_types.h"
00070 #include "lcmaps_utils.h"
00071 #include "pluginmanager/_lcmaps_utils.h"
00072 #include "lcmaps_cred_data.h"
00073
00074
00075
00076
00077 static lcmaps_cred_id_t lcmaps_cred;
00078 static int lcmaps_initialized = 0;
00081
00082
00083
00084
00085
00086
00087
00088
00089
00090
00091
00092
00093
00094
00095
00096
00115 int lcmaps_init_and_log(
00116 FILE* fp,
00117 unsigned short logtype
00118 )
00119 {
00120 if (lcmaps_initialized)
00121 {
00122 if (lcmaps_log(0,"LCMAPS already initialized\n") != 0)
00123 {
00124 fprintf(stderr,"LCMAPS already initialized, but wrongly\n");
00125 goto fail_lcmaps_init_and_log;
00126 }
00127 return 0;
00128 }
00129
00130
00131 if (lcmaps_log_open(NULL,fp,logtype))
00132 goto fail_lcmaps_init_and_log;
00133 lcmaps_log_debug(0,"\n");
00134 lcmaps_log_time(LOG_DEBUG,"Initialization LCMAPS version %s\n",VERSION);
00135
00136
00137 if (startPluginManager()) {
00138 lcmaps_log(0,"lcmaps.mod-lcmaps_init() error: could not start plugin manager\n");
00139 goto fail_lcmaps_init_and_log;
00140 }
00141
00142
00143 lcmaps_initialized++;
00144 return 0;
00145
00146 fail_lcmaps_init_and_log:
00147 return 1;
00148
00149 }
00150
00151
00152
00153
00154
00155
00156
00157
00158
00159
00160
00161
00162
00163
00180 int lcmaps_init(
00181 FILE* fp
00182 )
00183 {
00184
00185
00186 if (fp)
00187 {
00188 return lcmaps_init_and_log(fp,DO_USRLOG);
00189 }
00190 else
00191 {
00192 return lcmaps_init_and_log(NULL,DO_SYSLOG);
00193 }
00194 }
00195
00196
00197
00198
00199
00200
00201
00202
00203
00204
00205
00206
00207
00208
00224 #if ALLOW_EMPTY_CREDENTIALS
00225 int lcmaps_run(
00226 char * user_dn_tmp,
00227 gss_cred_id_t user_cred,
00228 lcmaps_request_t request
00229 )
00230 #else
00231 int lcmaps_run(
00232 gss_cred_id_t user_cred,
00233 lcmaps_request_t request
00234 )
00235 #endif
00236 {
00237 char * user_dn = NULL;
00238
00239 if (lcmaps_initialized == 0)
00240 {
00241 fprintf(stderr,"LCMAPS has to be initialized first !\n");
00242 goto fail_lcmaps_run;
00243 }
00244 lcmaps_log_time(LOG_NOTICE,"LCMAPS credential mapping request\n");
00245
00246
00247
00248
00249 if ( lcmaps_fill_cred(user_dn_tmp, user_cred, &lcmaps_cred) != 0)
00250 {
00251 lcmaps_log(0,"lcmaps.mod-lcmaps_run() error: could not create lcmaps credential, something wrong\n");
00252 lcmaps_log(0," : with user DN and user credential\n");
00253 goto fail_lcmaps_run;
00254 }
00255 user_dn = lcmaps_get_dn(lcmaps_cred);
00256 if (user_dn == NULL)
00257 {
00258 lcmaps_log(0, "lcmaps.mod-lcmaps_run() error: user DN empty\n");
00259 goto fail_lcmaps_run;
00260 }
00261
00262
00263 if (runPluginManager(request, lcmaps_cred, 0, NULL)) {
00264 lcmaps_log(0,"lcmaps.mod-lcmaps_run() error: could not run plugin manager\n");
00265 goto fail_lcmaps_run;
00266 }
00267
00268
00269 lcmaps_release_cred(&lcmaps_cred);
00270 lcmaps_log_time(0,"lcmaps.mod-lcmaps_run(): succeeded\n");
00271 return 0;
00272
00273 fail_lcmaps_run:
00274 lcmaps_release_cred(&lcmaps_cred);
00275 lcmaps_log_time(0,"lcmaps.mod-lcmaps_run(): failed\n");
00276 return 1;
00277 }
00278
00279
00280
00281
00282
00283
00284
00285
00286
00287
00288
00289
00290
00291
00292
00293
00294
00295
00296
00321 #if ALLOW_EMPTY_CREDENTIALS
00322 int lcmaps_run_and_return_username(
00323 char * user_dn_tmp,
00324 gss_cred_id_t user_cred,
00325 lcmaps_request_t request,
00326 char ** usernamep,
00327 int npols,
00328 char ** policynames
00329 )
00330 #else
00331 int lcmaps_run_and_return_username(
00332 gss_cred_id_t user_cred,
00333 lcmaps_request_t request,
00334 char ** usernamep,
00335 int npols,
00336 char ** policynames
00337 )
00338 #endif
00339 {
00340 char * user_dn = NULL;
00341
00342 uid_t * uid;
00343 int cntUid;
00344 struct passwd * user_info = NULL;
00345
00346 if (lcmaps_initialized == 0)
00347 {
00348 fprintf(stderr,"LCMAPS has to be initialized first !\n");
00349 goto fail_lcmaps_run_and_return_username;
00350 }
00351 lcmaps_log_time(LOG_NOTICE,"LCMAPS credential mapping request\n");
00352
00353 lcmaps_log_debug(1, "Using lcmaps_run_and_return_username interface of LCMAPS\n");
00354 if (usernamep == NULL)
00355 goto fail_lcmaps_run_and_return_username;
00356
00357 *usernamep = NULL;
00358
00359
00360
00361
00362 #if ALLOW_EMPTY_CREDENTIALS
00363 if ( lcmaps_fill_cred(user_dn_tmp, user_cred, &lcmaps_cred) != 0)
00364 #else
00365 if ( lcmaps_fill_cred(NULL, user_cred, &lcmaps_cred) != 0)
00366 #endif
00367 {
00368 lcmaps_log(0,"lcmaps.mod-lcmaps_run_and_return_username() error: could not create lcmaps credential, something wrong\n");
00369 lcmaps_log(0," : with user DN and user credential\n");
00370 goto fail_lcmaps_run_and_return_username;
00371 }
00372 user_dn = lcmaps_get_dn(lcmaps_cred);
00373 if (user_dn == NULL)
00374 {
00375 lcmaps_log(0, "lcmaps.mod-lcmaps_run_and_return_username() error: user DN empty\n");
00376 goto fail_lcmaps_run_and_return_username;
00377 }
00378
00379
00380 if (runPluginManager(request, lcmaps_cred, npols, policynames)) {
00381 lcmaps_log(0,"lcmaps.mod-lcmaps_run_and_return_username() error: could not run plugin manager\n");
00382 goto fail_lcmaps_run_and_return_username;
00383 }
00384
00385
00386
00387
00388
00389
00390
00391 uid = getCredentialData(UID, &cntUid);
00392 if (uid)
00393 {
00394 if ( (user_info = getpwuid(uid[0])) == NULL )
00395 {
00396 fprintf(stderr,"LCMAPS could not find the username related to uid: %d\n",uid[0]);
00397 return 1;
00398 }
00399 (*usernamep) = strdup(user_info->pw_name);
00400 }
00401 else
00402 {
00403 fprintf(stderr,"LCMAPS could not find any uid\n");
00404 return 1;
00405 }
00406
00407
00408 lcmaps_release_cred(&lcmaps_cred);
00409 lcmaps_log_time(0,"lcmaps.mod-lcmaps_run_and_return_username(): succeeded\n");
00410 return 0;
00411
00412 fail_lcmaps_run_and_return_username:
00413 lcmaps_release_cred(&lcmaps_cred);
00414 lcmaps_log_time(0,"lcmaps.mod-lcmaps_run_and_return_username(): failed\n");
00415 return 1;
00416 }
00417
00418
00419
00420
00421
00422
00423
00424
00425
00426
00427
00428
00442 int lcmaps_run_without_credentials(
00443 char * user_dn_tmp
00444 )
00445 {
00446 gss_cred_id_t user_cred = GSS_C_NO_CREDENTIAL;
00447 lcmaps_request_t request = (lcmaps_request_t) NULL;
00448 char * user_dn = NULL;
00449
00450 if (lcmaps_initialized == 0)
00451 {
00452 fprintf(stderr,"LCMAPS has to be initialized first !\n");
00453 goto fail_lcmaps_run_without_credentials;
00454 }
00455 lcmaps_log_time(LOG_NOTICE,"LCMAPS credential mapping request\n");
00456
00457
00458
00459
00460 if ( lcmaps_fill_cred(user_dn_tmp, user_cred, &lcmaps_cred) != 0)
00461 {
00462 lcmaps_log(0,"lcmaps.mod-lcmaps_run_without_credentials() error: could not create lcmaps credential, something wrong\n");
00463 lcmaps_log(0," : with user DN and user credential\n");
00464 goto fail_lcmaps_run_without_credentials;
00465 }
00466 user_dn = lcmaps_get_dn(lcmaps_cred);
00467 if (user_dn == NULL)
00468 {
00469 lcmaps_log(0, "lcmaps.mod-lcmaps_run_without_credentials() error: user DN empty\n");
00470 goto fail_lcmaps_run_without_credentials;
00471 }
00472
00473
00474 if (runPluginManager(request, lcmaps_cred, 0, NULL)) {
00475 lcmaps_log(0,"lcmaps.mod-lcmaps_run_without_credentials() error: could not run plugin manager\n");
00476 goto fail_lcmaps_run_without_credentials;
00477 }
00478
00479
00480 lcmaps_release_cred(&lcmaps_cred);
00481 lcmaps_log_debug(0,"lcmaps.mod-lcmaps_run_without_credentials(): succeeded\n");
00482 return 0;
00483
00484 fail_lcmaps_run_without_credentials:
00485 lcmaps_release_cred(&lcmaps_cred);
00486 lcmaps_log_debug(0,"lcmaps.mod-lcmaps_run_without_credentials(): failed\n");
00487 return 1;
00488 }
00489
00490
00491
00492
00493
00494
00495
00496
00497
00498
00499
00500
00512 int lcmaps_term()
00513 {
00514 lcmaps_log_time(LOG_DEBUG,"Termination LCMAPS\n");
00515 lcmaps_log_time(0,"lcmaps.mod-lcmaps_term(): terminating\n");
00516 if (stopPluginManager() != 0)
00517 return 1;
00518 if (lcmaps_log_close() != 0)
00519 return 1;
00520 return 0;
00521 }
00522
00523
00524
00525
00526
00527
00528
00529