00001
00002
00003
00004
00005
00006
00007
00008
00009
00074
00075
00076
00077 #include "lcmaps_config.h"
00078 #include <stdio.h>
00079 #include <stdlib.h>
00080 #include <ctype.h>
00081 #include <string.h>
00082 #include <pwd.h>
00083 #include <openssl/x509.h>
00084 #include <openssl/asn1.h>
00085 #include "gssapi.h"
00086
00087 #include "lcmaps_modules.h"
00088 #include "lcmaps_arguments.h"
00089 #include "lcmaps_cred_data.h"
00090 #include "lcmaps_voms_utils.h"
00091 #include "lcmaps_vo_data.h"
00092
00093 #include "voms_apic.h"
00094 #include "globus_gss_assist.h"
00095
00096 #include "jobrep_api.h"
00097
00098
00099
00100 #ifdef TESTBIO
00101 # include <openssl/pem.h>
00102 # include <openssl/bio.h>
00103 #endif
00104
00105
00106
00107
00108
00109
00110 #define VOMS_BUFFER_SIZE 1024
00111
00112
00113 #define GMT 1
00114 #define LOCAL 2
00115 #define LEAVE_TIME_ITS_OK 3
00116
00117
00118
00119
00120
00121 void print_vomsdata(struct vomsdata *);
00122
00123 static struct tm * ASN1_TIME_2_time_t(ASN1_TIME *);
00124 char * sttm_2_char (const struct tm *);
00125
00126 int strnclean (char **s, int bufsize);
00127 int strclean (char **s);
00128
00129
00130 char * createFQAN(char *, char *, char *, char *);
00131 char * tripletLine2FQAN (char *);
00132
00133 static int lcmaps_get_jobrep_config(
00134 const char *,
00135 char **
00136 );
00137
00138 #ifdef TESTBIO
00139 static STACK_OF(X509) *load_chain(char *certfile);
00140 static char *retmsg[] = { "VERR_NONE", "VERR_NOSOCKET", "VERR_NOIDENT", "VERR_COMM",
00141 "VERR_PARAM", "VERR_NOEXT", "VERR_NOINIT",
00142 "VERR_TIME", "VERR_IDCHECK", "VERR_EXTRAINFO",
00143 "VERR_FORMAT", "VERR_NODATA", "VERR_PARSE",
00144 "VERR_DIR", "VERR_SIGN", "VERR_SERVER",
00145 "VERR_MEM", "VERR_VERIFY", "VERR_IDENT",
00146 "VERR_TYPE", "VERR_ORDER" };
00147 #endif
00148
00149
00150
00151
00152
00153 static char * jobrep_config = NULL;
00154 static char * connStr = NULL;
00155 static char * certdir = NULL;
00156 static char * vomsdir = NULL;
00157
00158
00159
00160
00161
00162
00163
00164
00165
00166
00167
00168
00169
00170
00171
00172
00173
00174
00175
00176
00177
00178
00179
00180
00181
00182
00183 char * tripletLine2FQAN (char * tripletLine)
00184 {
00185 char * pTL = tripletLine;
00186 char vo [100];
00187 char group [100];
00188 char role [100];
00189 char cap [100];
00190 int i = 0;
00191 char * search = NULL;
00192 char * logstr = "\tlcmaps_plugin_jobrepository-tripletLine2FQAN()";
00193
00194 for (i = 0; i < 100; i++) { vo[i] = group[i] = role[i] = cap[i] = '\0'; }
00195
00196
00197
00198
00199 while ( ((pTL-tripletLine) < (strlen(tripletLine)+1)) && strlen(pTL) > 0)
00200 {
00201 i = 0;
00202 if (strncmp(pTL, "/VO=", strlen("/VO=")) == 0)
00203 {
00204
00205 pTL += strlen("/VO=");
00206
00207
00208 search = pTL;
00209 while (strlen(search) > 0)
00210 {
00211 if ((strncmp(search, "/VO=", strlen("/VO=")) == 0) ||
00212 (strncmp(search, "/GROUP=", strlen("/GROUP=")) == 0) ||
00213 (strncmp(search, "/ROLE=", strlen("/ROLE=")) == 0) ||
00214 (strncmp(search, "/CAPABILITY=", strlen("/CAPABILITY=")) == 0))
00215 {
00216 break;
00217 }
00218 i++;
00219 search++;
00220 }
00221
00222 if (i < 100)
00223 {
00224 strncpy(vo, pTL, i);
00225 pTL += strlen(vo);
00226 }
00227 else
00228 {
00229 lcmaps_log(0, "%s: Buffer overrun for \'vo\'\n", logstr);
00230 return NULL;
00231 }
00232 }
00233
00234 i = 0;
00235
00236 if (strncmp(pTL, "/GROUP=", strlen("/GROUP=")) == 0)
00237 {
00238 pTL += strlen("/GROUP=");
00239
00240
00241 search = pTL;
00242 while (strlen(search) > 0)
00243 {
00244 if ((strncmp(search, "/VO=", strlen("/VO=")) == 0) ||
00245 (strncmp(search, "/GROUP=", strlen("/GROUP=")) == 0) ||
00246 (strncmp(search, "/ROLE=", strlen("/ROLE=")) == 0) ||
00247 (strncmp(search, "/CAPABILITY=", strlen("/CAPABILITY=")) == 0))
00248 {
00249 break;
00250 }
00251
00252 i++;
00253 search++;
00254 }
00255
00256 if (i < 100)
00257 {
00258 strncpy(group, pTL, i);
00259 pTL += strlen(group);
00260 }
00261 else
00262 {
00263 lcmaps_log(0, "%s: Buffer overrun for \'group\'\n", logstr);
00264 return NULL;
00265 }
00266 }
00267
00268 i = 0;
00269 if (strncmp(pTL, "/ROLE=", strlen("/ROLE=")) == 0)
00270 {
00271 pTL += strlen("/ROLE=");
00272
00273
00274 search = pTL;
00275 while (strlen(search) > 0)
00276 {
00277 if ((strncmp(search, "/VO=", strlen("/VO=")) == 0) ||
00278 (strncmp(search, "/GROUP=", strlen("/GROUP=")) == 0) ||
00279 (strncmp(search, "/ROLE=", strlen("/ROLE=")) == 0) ||
00280 (strncmp(search, "/CAPABILITY=", strlen("/CAPABILITY=")) == 0))
00281 {
00282 break;
00283 }
00284
00285 i++;
00286 search++;
00287 }
00288
00289 if (i < 100)
00290 {
00291 strncpy(role, pTL, i);
00292 pTL += strlen(role) - 1;
00293 }
00294 else
00295 {
00296 lcmaps_log(0, "%s: Buffer overrun for \'role\'\n", logstr);
00297 return NULL;
00298 }
00299 }
00300
00301 i = 0;
00302 if (strncmp(pTL, "/CAPABILITY=", strlen("/CAPABILITY=")) == 0)
00303 {
00304 pTL += strlen("/CAPABILITY=");
00305
00306
00307 search = pTL;
00308 while (strlen(search) > 0)
00309 {
00310 if ((strncmp(search, "/VO=", strlen("/VO=")) == 0) ||
00311 (strncmp(search, "/GROUP=", strlen("/GROUP=")) == 0) ||
00312 (strncmp(search, "/ROLE=", strlen("/ROLE=")) == 0) ||
00313 (strncmp(search, "/CAPABILITY=", strlen("/CAPABILITY=")) == 0))
00314 {
00315 break;
00316 }
00317 i++;
00318 search++;
00319 }
00320
00321 if (i < 100)
00322 {
00323 strncpy(cap, pTL, i);
00324 pTL += strlen(cap) - 1;
00325 }
00326 else
00327 {
00328 lcmaps_log(0, "%s: Buffer overrun for \'capability\'\n", logstr);
00329 return NULL;
00330 }
00331 }
00332
00333 pTL++;
00334 }
00335 lcmaps_log_debug(5, " >> vo: %s (%d) group: %s (%d) role: %s (%d) cap: %s (%d) <<\n", vo, strlen(vo), group, strlen(group), role, strlen(role), cap, strlen(cap));
00336
00337 return createFQAN (vo, group, role, cap);
00338 }
00339
00340
00341
00342
00343
00344
00345
00346
00347
00348
00349
00350
00351
00352 char * createFQAN(char * vo, char * group, char * role, char * cap)
00353 {
00354 static char * fqan = NULL;
00355 int i = 0;
00356
00357 if ((group == NULL) || (strlen(group) < 1))
00358 return NULL;
00359
00360
00361
00362 if ((role != NULL) && (strlen(role) > 1) && (role[0] == ' ')) { role++; }
00363
00364
00365 fqan = malloc (250 * sizeof(char));
00366 for (i = 0; i < 250; i++) { fqan[i] = '\0'; }
00367
00368
00369 sprintf(fqan, "%s", group);
00370
00371 if ((role != NULL) && (strcmp(role, "NULL") != 0) && (strlen(role) > 0))
00372 sprintf(fqan, "%s/Role=%s", fqan, role);
00373
00374 if ((cap != NULL) && (strcmp(cap, "NULL") != 0) && (strlen(cap) > 0))
00375 sprintf(fqan, "%s/Capability=%s", fqan, cap);
00376
00377 return fqan;
00378 }
00379
00380
00381 #ifdef TESTBIO
00382 static STACK_OF(X509) *load_chain(char *certfile)
00383 {
00384 STACK_OF(X509_INFO) *sk=NULL;
00385 STACK_OF(X509) *stack=NULL, *ret=NULL;
00386 BIO *in=NULL;
00387 X509_INFO *xi;
00388 int first = 1;
00389 char * logstr = "load_chain";
00390
00391 if(!(stack = sk_X509_new_null()))
00392 {
00393 lcmaps_log(0, "%s: memory allocation failure\n", logstr);
00394 goto end;
00395 }
00396
00397 if(!(in=BIO_new_file(certfile, "r")))
00398 {
00399 lcmaps_log(0, "%s: error opening the file, %s\n", logstr,certfile);
00400 goto end;
00401 }
00402
00403
00404 if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL)))
00405 {
00406 lcmaps_log(0, "%s: error reading the file, %s\n", logstr,certfile);
00407 goto end;
00408 }
00409
00410
00411 while (sk_X509_INFO_num(sk))
00412 {
00413
00414 if (first)
00415 {
00416 first = 0;
00417 continue;
00418 }
00419 xi=sk_X509_INFO_shift(sk);
00420 if (xi->x509 != NULL)
00421 {
00422 sk_X509_push(stack,xi->x509);
00423 xi->x509=NULL;
00424 }
00425 X509_INFO_free(xi);
00426 }
00427 if(!sk_X509_num(stack))
00428 {
00429 lcmaps_log(0, "%s: no certificates in file, %s\n", logstr,certfile);
00430 sk_X509_free(stack);
00431 goto end;
00432 }
00433 ret=stack;
00434 end:
00435 BIO_free(in);
00436 sk_X509_INFO_free(sk);
00437 return(ret);
00438 }
00439 #endif
00440
00441
00442
00443
00444
00445
00446
00447
00448
00449
00450
00451
00452
00453 int plugin_initialize(
00454 int argc,
00455 char ** argv
00456 )
00457 {
00458 char * logstr = "\tlcmaps_plugin_jobrepository-plugin_initialize()";
00459 int i;
00460
00461 connStr = (char *) malloc (sizeof(char) * 10000);
00462 for (i = 0; i < 1000; i++) connStr[i] = '\0';
00463
00464 lcmaps_log_debug(1,"%s: passed arguments:\n", logstr);
00465 for (i=0; i < argc; i++)
00466 {
00467 lcmaps_log_debug(2,"%s: arg %d is %s\n", logstr, i, argv[i]);
00468 }
00469
00470
00471
00472
00473
00474
00475
00476
00477
00478 for (i = 1; i < argc; i++)
00479 {
00480 if ( ((strcmp(argv[i], "-vomsdir") == 0) ||
00481 (strcmp(argv[i], "-VOMSDIR") == 0))
00482 && (i + 1 < argc))
00483 {
00484 if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00485 {
00486 vomsdir = strdup(argv[i + 1]);
00487 }
00488 i++;
00489 }
00490 else if ( ((strcmp(argv[i], "-certdir") == 0) ||
00491 (strcmp(argv[i], "-CERTDIR") == 0))
00492 && (i + 1 < argc))
00493 {
00494 if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00495 {
00496 certdir = strdup(argv[i + 1]);
00497 }
00498 i++;
00499 }
00500
00501 else if ( ( (strcmp(argv[i], "-JR_CONFIG") == 0)
00502 ||
00503 (strcmp(argv[i], "-jr_config") == 0) )
00504 &&
00505 (i + 1 < argc) )
00506 {
00507 lcmaps_get_jobrep_config(argv[i + 1], &jobrep_config);
00508
00509 if ((jobrep_config) && (strlen(jobrep_config) != 0))
00510 {
00511 if (strlen(connStr) == 0)
00512 strncpy(connStr, jobrep_config, strlen(jobrep_config));
00513 else
00514 sprintf(connStr, "%s;%s", connStr, jobrep_config);
00515 }
00516 else
00517 {
00518 lcmaps_log(0,"%s: Error in initialization parameter: %s (failure); The file %s appears to be not available or empty.\n", logstr, argv[i], argv[i + 1]);
00519 return LCMAPS_MOD_FAIL;
00520 }
00521
00522 i++;
00523 }
00524
00525
00526
00527 else if ( (strncmp(argv[i], "DSN=", 4) == 0) ||
00528 (strncmp(argv[i], "HOST=", 5) == 0) ||
00529 (strncmp(argv[i], "USER=", 5) == 0) ||
00530 (strncmp(argv[i], "PASS=", 5) == 0) ||
00531 (strncmp(argv[i], "DRIVER=", 7) == 0) ||
00532 (strncmp(argv[i], "DATABASE=", 9) == 0) ||
00533 (strncmp(argv[i], "PORT=", 5) == 0) ||
00534 (strncmp(argv[i], "PASSWORD=", 9) == 0) ||
00535 (strncmp(argv[i], "SERVER=", 7) == 0) ||
00536 (strncmp(argv[i], "driver=", 7) == 0) ||
00537 (strncmp(argv[i], "dsn=", 4) == 0) ||
00538 (strncmp(argv[i], "host=", 5) == 0) ||
00539 (strncmp(argv[i], "user=", 5) == 0) ||
00540 (strncmp(argv[i], "port=", 5) == 0) ||
00541 (strncmp(argv[i], "database=", 9) == 0) ||
00542 (strncmp(argv[i], "server=", 7) == 0) ||
00543 (strncmp(argv[i], "port=", 5) == 0) ||
00544 (strncmp(argv[i], "password=", 9) == 0) ||
00545 (strncmp(argv[i], "pass=", 5) == 0) )
00546 {
00547 if (strlen(connStr) == 0)
00548 strncpy(connStr, argv[i], strlen(argv[i]));
00549 else
00550 sprintf(connStr, "%s;%s", connStr, argv[i]);
00551 }
00552 else
00553 {
00554 lcmaps_log(0,"%s: Error in initialization parameter: %s (failure)\n", logstr, argv[i]);
00555 return LCMAPS_MOD_FAIL;
00556 }
00557 }
00558
00559 lcmaps_log_debug(1,"%s: Initialization succeeded\n", logstr);
00560 return LCMAPS_MOD_SUCCESS;
00561 }
00562
00563
00564
00565
00566
00567
00568
00569
00570
00571
00572
00573
00574 int plugin_introspect(
00575 int * argc,
00576 lcmaps_argument_t ** argv
00577 )
00578 {
00579 char * logstr = "\tlcmaps_plugin_voms-plugin_introspect()";
00580 static lcmaps_argument_t argList[] = {
00581 { "user_dn" , "char *" , 1, NULL},
00582 { "user_cred" , "gss_cred_id_t" , 0, NULL},
00583 { "job_request" , "char *" , 0, NULL},
00584 { NULL , NULL , -1, NULL}
00585 };
00586
00587 lcmaps_log_debug(2,"%s: introspecting\n", logstr);
00588
00589 *argv = argList;
00590 lcmaps_log_debug(2,"%s: before lcmaps_cntArgs()\n", logstr);
00591 *argc = lcmaps_cntArgs(argList);
00592 lcmaps_log_debug(2,"%s: address first argument: 0x%x\n", logstr,argList);
00593
00594 lcmaps_log_debug(1,"%s: Introspect succeeded\n", logstr);
00595 return LCMAPS_MOD_SUCCESS;
00596 }
00597
00598
00599
00600
00601
00602
00603
00604
00605
00606
00607
00608
00609
00610 int plugin_run(
00611 int argc,
00612 lcmaps_argument_t * argv
00613 )
00614 {
00615 char * logstr = "\tlcmaps_plugin_jobrepository-plugin_run()";
00616 int tryCnt = 0;
00617 int connected = 0;
00618 FILE * tmpFile = NULL;
00619 char * dn = NULL;
00620 char * rsl = NULL;
00621 char * tmpRSL = NULL;
00622 struct vomsdata * vd = NULL;
00623 struct voms ** vo = NULL;
00624 struct voms * v = NULL;
00625
00626 uid_t * uid = NULL;
00627 int cntUid = 0;
00628 gid_t * priGid = NULL;
00629 int cntPriGid = 0;
00630 gid_t * secGid = NULL;
00631 int cntSecGid = 0;
00632 struct passwd * user_info = NULL;
00633 struct group * group_info = NULL;
00634
00635 char * datetime;
00636 time_t clock;
00637 struct tm * tmpTime;
00638
00639 TResultSet * resultSet = NULL;
00640 char query[1000000];
00641 char * user_id = NULL;
00642 char * credential_id = NULL;
00643 char * credential_group_id = NULL;
00644 char * cert_id = NULL;
00645
00646 STACK_OF(X509) * dupChain = NULL;
00647 TSimpleCert * MySimpleStack= NULL;
00648 int certCount = 0;
00649
00650 int i = 0,
00651 j = 0,
00652 k = 0;
00653
00654 lcmaps_vo_mapping_t * vo_mapping = NULL;
00655
00656
00657
00658
00659 #ifdef TESTBIO
00660 int err;
00661 int res = 0;
00662 BIO *in = NULL;
00663 X509 *x = NULL;
00664 STACK_OF(X509) *chain = NULL;
00665 #else
00666 int errNo = 0;
00667 gss_cred_id_t * pcred = NULL;
00668 gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
00669 X509 * px509_cred = NULL;
00670 STACK_OF(X509) * px509_chain = NULL;
00671 #endif
00672
00673
00674
00675
00676
00677
00678
00679 time(&clock);
00680 tmpTime = gmtime(&clock);
00681 datetime = malloc(sizeof(char) * 20);
00682 snprintf(datetime, 20, "%04d-%02d-%02d %02d:%02d:%02d",
00683 tmpTime->tm_year + 1900, tmpTime->tm_mon + 1, tmpTime->tm_mday,
00684 tmpTime->tm_hour, tmpTime->tm_min, tmpTime->tm_sec);
00685
00686
00687
00688
00689
00690
00691
00692
00693 #ifdef TESTBIO
00694 #else
00695
00696 if ( ( pcred = (gss_cred_id_t *) lcmaps_getArgValue("user_cred", "gss_cred_id_t", argc, argv) ) )
00697 {
00698 lcmaps_log_debug(2,"%s: address user_cred: %p\n", logstr,pcred);
00699 cred = *pcred;
00700 if (cred == GSS_C_NO_CREDENTIAL)
00701 {
00702 lcmaps_log(0,"%s: user gss credential is empty.\n", logstr);
00703 goto fail_jobrep;
00704 }
00705 }
00706 else
00707 {
00708 lcmaps_log(0,"%s: could not get address of user credentials.\n", logstr);
00709 goto fail_jobrep;
00710 }
00711 #endif
00712
00713
00714
00715 #undef EXPORT_CREDENTIAL
00716 #if EXPORT_CREDENTIAL
00717 if (cred)
00718 {
00719 gss_buffer_desc deleg_proxy_filename;
00720 OM_uint32 major_status = 0;
00721 OM_uint32 minor_status = 0;
00722
00723 major_status = gss_export_cred(&minor_status,
00724 cred,
00725 NULL,
00726 1,
00727 &deleg_proxy_filename);
00728
00729 if (major_status == GSS_S_COMPLETE)
00730 {
00731 char * cp;
00732
00733 lcmaps_log_debug(2,"%s: deleg_proxy_filename.value: %s\n", logstr,
00734 deleg_proxy_filename.value);
00735 cp = strchr((char *)deleg_proxy_filename.value, '=');
00736 *cp = '\0';
00737 cp++;
00738 setenv((char *)deleg_proxy_filename.value, cp, 1);
00739 free(deleg_proxy_filename.value);
00740 }
00741 else
00742 {
00743 char * error_str = NULL;
00744 globus_object_t * error_obj;
00745
00746 error_obj = globus_error_get((globus_result_t) minor_status);
00747
00748 error_str = globus_error_print_chain(error_obj);
00749 lcmaps_log (0,"%s: Error, gss_export_cred(): %s\n", logstr,error_str);
00750 goto fail_jobrep;
00751 }
00752 }
00753 #endif
00754
00755
00756
00757 #ifdef TESTBIO
00758 #else
00759
00760
00761
00762 if ( ( px509_cred = lcmaps_cred_to_x509(cred) ) )
00763 {
00764 lcmaps_log_debug(2,"%s: found X509 struct inside gss credential\n", logstr);
00765 lcmaps_log_debug(5,"%s: just for kicks: X509->name %s\n", logstr,px509_cred->name);
00766 }
00767 else
00768 {
00769 lcmaps_log(0,"%s: could not get X509 cred (exit jobrep)!\n", logstr);
00770 goto fail_jobrep;
00771 }
00772 if ( ( px509_chain = lcmaps_cred_to_x509_chain(cred) ) )
00773 {
00774 lcmaps_log_debug(1,"%s: found X509 chain inside gss credential\n", logstr);
00775 }
00776 else
00777 {
00778 lcmaps_log(0,"%s: could not get X509 chain from the credentials.\n", logstr);
00779 goto fail_jobrep;
00780 }
00781 #endif
00782
00783 lcmaps_log_debug(2,"%s: vomsdir = %s\n", logstr, vomsdir);
00784 lcmaps_log_debug(2,"%s: certdir = %s\n", logstr, certdir);
00785 if ((vd = VOMS_Init(vomsdir, certdir)) == NULL)
00786 {
00787 lcmaps_log (1,"%s: failed to initialize voms data structure, classic mode enabled\n", logstr);
00788 lcmaps_log_debug (3,"%s: \tTherefor we can skip the gathering of al the VOMS stuff and go with classic support\n", logstr);
00789
00790 }
00791 lcmaps_log_debug(2,"%s: voms data structure initialized\n", logstr);
00792
00793
00794
00795
00796
00797 #ifdef TESTBIO
00798 in = BIO_new(BIO_s_file());
00799
00800
00801 lcmaps_log_debug (2, "%s: load chain...\n", logstr);
00802 chain = load_chain(getenv("X509_USER_PROXY"));
00803 lcmaps_log_debug (2, "%s: chain loaded\n", logstr);
00804 if (in)
00805 {
00806 if (BIO_read_filename(in, getenv("X509_USER_PROXY")) > 0)
00807 {
00808 x = PEM_read_bio_X509(in, NULL, 0, NULL);
00809
00810 res = VOMS_Retrieve(x, chain, RECURSE_CHAIN, vd, &err);
00811
00812 if (res)
00813 print_vomsdata(vd);
00814 else
00815 lcmaps_log(2, "%s: VOMS Retrieve didn't found VOMS information.\n", logstr);
00816 }
00817 }
00818 else
00819 {
00820 lcmaps_log(1, "Error: No BIO File!\n");
00821 goto fail_jobrep;
00822 }
00823
00824 if (!res)
00825 {
00826 lcmaps_log_debug(1, "%s: err: %s\n", logstr, retmsg[err]);
00827 }
00828
00829
00830
00831 if (chain != NULL)
00832 #else
00833 if (VOMS_Retrieve(px509_cred, px509_chain, RECURSE_CHAIN, vd, &errNo))
00834 {
00835 lcmaps_log_debug(3, "%s: VOMS extensions extracted from proxy certificate\n", logstr);
00836 }
00837
00838 else if (errNo == VERR_NOEXT)
00839 {
00840 lcmaps_log(2,"%s: VOMS extensions not found in the certificate, continuing with VOMS information.\n", logstr);
00841
00842 }
00843 else if (errNo == VERR_IDCHECK)
00844 {
00845 lcmaps_log(0,"%s: VOMS User data in extension different from the real ones (failure)!\n", logstr);
00846 goto fail_jobrep;
00847 }
00848 else if (errNo == VERR_TIME)
00849 {
00850 lcmaps_log(0,"%s: VOMS extensions expired for at least one of the VOs (failure)!\n", logstr);
00851 goto fail_jobrep;
00852 }
00853 else if (errNo == VERR_ORDER)
00854 {
00855 lcmaps_log(0,"%s: The ordering of the VOMS groups, as required by the client, was not delivered by VOMS (failure)!\n", logstr);
00856 goto fail_jobrep;
00857 }
00858 else if (errNo == VERR_NOSOCKET)
00859 {
00860 lcmaps_log(0,"%s: VOMS Socket problem (failure)!\n", logstr);
00861 goto fail_jobrep;
00862 }
00863 else if (errNo == VERR_NOIDENT)
00864 {
00865 lcmaps_log(0,"%s: VOMS Cannot identify itself (certificate problem) (failure)!\n", logstr);
00866 goto fail_jobrep;
00867 }
00868 else if (errNo == VERR_COMM)
00869 {
00870 lcmaps_log(0,"%s: VOMS server problem (failure)!\n", logstr);
00871 goto fail_jobrep;
00872 }
00873 else if (errNo == VERR_PARAM)
00874 {
00875 lcmaps_log(0,"%s: Wrong parameters for VOMS (failure)!\n", logstr);
00876 goto fail_jobrep;
00877 }
00878 else if (errNo == VERR_NOINIT)
00879 {
00880 lcmaps_log(0,"%s: VOMS initialization error (failure)!\n", logstr);
00881 goto fail_jobrep;
00882 }
00883 else if (errNo == VERR_EXTRAINFO)
00884 {
00885 lcmaps_log(0,"%s: VO name and URI missing (in proxy ?) (failure)!\n", logstr);
00886 goto fail_jobrep;
00887 }
00888 else if (errNo == VERR_FORMAT)
00889 {
00890 lcmaps_log(0,"%s: Wrong VOMS data format (in proxy ?) (failure)!\n", logstr);
00891 goto fail_jobrep;
00892 }
00893 else if (errNo == VERR_NODATA)
00894 {
00895 lcmaps_log(0,"%s: Empty VOMS extension (failure)!\n", logstr);
00896 goto fail_jobrep;
00897 }
00898 else if (errNo == VERR_PARSE)
00899 {
00900 lcmaps_log(0,"%s: VOMS parse error (failure)!\n", logstr);
00901 goto fail_jobrep;
00902 }
00903 else if (errNo == VERR_DIR)
00904 {
00905 lcmaps_log(0,"%s: VOMS directory error (failure)!\n", logstr);
00906 goto fail_jobrep;
00907 }
00908 else if (errNo == VERR_SIGN)
00909 {
00910 lcmaps_log(0,"%s: VOMS Signature error (failure)!\n", logstr);
00911 goto fail_jobrep;
00912 }
00913 else if (errNo == VERR_SERVER)
00914 {
00915 lcmaps_log(0,"%s: Unidentifiable VOMS server (failure)!\n", logstr);
00916 goto fail_jobrep;
00917 }
00918 else if (errNo == VERR_MEM)
00919 {
00920 lcmaps_log(0,"%s: Memory problems in VOMS_Retrieve() (failure)!\n", logstr);
00921 goto fail_jobrep;
00922 }
00923 else if (errNo == VERR_VERIFY)
00924 {
00925 lcmaps_log(0,"%s: Generic verification error for VOMS (failure)!\n", logstr);
00926 goto fail_jobrep;
00927 }
00928 else if (errNo == VERR_TYPE)
00929 {
00930 lcmaps_log(0,"%s: Returned VOMS data of unknown type (failure)!\n", logstr);
00931 goto fail_jobrep;
00932 }
00933 else
00934 {
00935 lcmaps_log(0,"%s: VOMS_Retrieve() error --> %d (failure)!\n", logstr, errNo);
00936 goto fail_jobrep;
00937 }
00938
00939
00940
00941 if (px509_chain != NULL)
00942 #endif
00943 {
00944 int ctCnt = 0;
00945
00946 lcmaps_log_debug(2, "%s: The certificate chain is usable.\n", logstr);
00947
00948
00949 #ifdef TESTBIO
00950 dupChain = (STACK_OF(type) *) sk_X509_dup(chain);
00951 #else
00952 dupChain = (STACK_OF(type) *) sk_X509_dup(px509_chain);
00953 #endif
00954
00955
00956 certCount = sk_X509_num(dupChain);
00957 lcmaps_log_debug (1, "%s: The chain consist of %d certificates.\n", logstr, certCount);
00958
00959 MySimpleStack = malloc (sizeof(TSimpleCert) * (certCount + 1));
00960 for (ctCnt = 0; ctCnt < certCount; ctCnt++)
00961 {
00962 MySimpleStack[ctCnt].X509cert = sk_X509_pop(dupChain);
00963 if (MySimpleStack[ctCnt].X509cert != NULL)
00964 {
00965 char buffer[1000];
00966 int kar = '\0';
00967 int offset = 0;
00968 int certSize = 100000;
00969
00970
00971
00972
00973
00974
00975
00976
00977
00978
00979
00980
00981
00982
00983
00984
00985
00986
00987
00988
00989
00990
00991
00992
00993
00994
00995
00996
00997
00998
00999
01000
01001
01002
01003 tmpFile = tmpfile();
01004
01005 X509_print_fp(tmpFile, MySimpleStack[ctCnt].X509cert);
01006 rewind(tmpFile);
01007
01008
01009 MySimpleStack[ctCnt].certStr = malloc(sizeof(char) * certSize);
01010 for (i = 0; i < certSize; i++) MySimpleStack[ctCnt].certStr[i] = '\0';
01011 for (i = 0; (kar = fgetc(tmpFile)) != EOF; i++)
01012 {
01013
01014
01015
01016
01017
01018
01019
01020
01021
01022 if (kar == '\'')
01023 {
01024
01025 MySimpleStack[ctCnt].certStr[i + offset] = '\\';
01026 MySimpleStack[ctCnt].certStr[i + ++offset] = '\'';
01027 }
01028 else
01029 {
01030 MySimpleStack[ctCnt].certStr[i + offset] = kar;
01031 }
01032 }
01033
01034
01035
01036
01037
01038
01039
01040
01041
01042
01043
01044
01045
01046
01047
01048
01049
01050 X509_NAME_oneline(X509_get_subject_name(MySimpleStack[ctCnt].X509cert), buffer, 999);
01051 MySimpleStack[ctCnt].subject_name = malloc(sizeof(char) * 1000);
01052
01053 strcpy(MySimpleStack[ctCnt].subject_name, buffer);
01054
01055 X509_NAME_oneline(X509_get_issuer_name(MySimpleStack[ctCnt].X509cert), buffer, 999);
01056 MySimpleStack[ctCnt].issuer_name = malloc(sizeof(char) * 1000);
01057
01058 strcpy(MySimpleStack[ctCnt].issuer_name, buffer);
01059
01060 MySimpleStack[ctCnt].strNotBefore = malloc(sizeof(char) * 20);
01061 MySimpleStack[ctCnt].strNotAfter = malloc(sizeof(char) * 20);
01062 strncpy(MySimpleStack[ctCnt].strNotBefore,
01063 sttm_2_char (ASN1_TIME_2_time_t(X509_get_notBefore(MySimpleStack[ctCnt].X509cert))), 20);
01064 strncpy(MySimpleStack[ctCnt].strNotAfter,
01065 sttm_2_char (ASN1_TIME_2_time_t(X509_get_notAfter(MySimpleStack[ctCnt].X509cert))), 20);
01066
01068
01069
01070
01071
01072
01073
01074
01075
01076
01077
01078
01079
01080
01081
01082
01083
01084
01085
01086
01087
01088
01089
01090
01091
01092
01093
01094
01095
01096
01097
01098
01100
01101 }
01102 }
01103
01104
01105 #ifdef TESTBIO
01106 if (chain) sk_X509_free(chain);
01107 #endif
01108
01109
01110
01111
01112
01113
01114 lcmaps_log_debug(1, "%s: \tTrying to connect to the DB...\n", logstr);
01115
01116 srandom(clock);
01117 for (tryCnt = 0; (tryCnt < 20) && (!connected); tryCnt++)
01118 {
01119 if (ODBC_Connect (connStr) != 0)
01120 {
01121 lcmaps_log_debug(4, "%s: \t\tConnection errors from ODBC retrying...\n ");
01122
01123 ODBC_Disconnect();
01124 }
01125 else
01126 {
01127 connected = 1;
01128 break;
01129 }
01130 }
01131
01132 if (!connected)
01133 {
01134 lcmaps_log(0, "%s\n", ODBC_Errors ("ODBC_Connect"));
01135 ODBC_Disconnect ();
01136 goto fail_jobrep;
01137 }
01138
01139
01140
01141 lcmaps_log_debug(1, "%s: Connected to the Job Repository Database\n", logstr);
01142
01143
01144
01145
01146
01147
01148
01149
01150
01151
01152
01153
01154
01155
01156 if ( (rsl = *(char **) lcmaps_getArgValue("job_request", "char *", argc, argv)) )
01157 lcmaps_log_debug(1,"%s: found job_request: %s\n", logstr, rsl);
01158 else
01159 {
01160 lcmaps_log (0,"%s: could not get value of job_request.\n", logstr);
01161 goto fail_jobrep;
01162 }
01163
01164 if ( (dn = *(char **) lcmaps_getArgValue("user_dn", "char *", argc, argv)) )
01165 lcmaps_log_debug(1,"%s: found dn: %s\n", logstr,dn);
01166 else
01167 {
01168 lcmaps_log(0,"%s: could not get value of DN.\n", logstr);
01169 goto fail_jobrep;
01170 }
01171
01172 uid = getCredentialData(UID, &cntUid);
01173 priGid = getCredentialData(PRI_GID, &cntPriGid);
01174 secGid = getCredentialData(SEC_GID, &cntSecGid);
01175
01176 lcmaps_log_debug(1, "DN : %s\n", dn);
01177
01178
01179
01180
01181
01182
01183
01184
01185
01186
01187
01188
01189 sprintf(query, "insert into users (dn) values ('%s')", dn);
01190 if (SQL_Query(query) != 0)
01191 {
01192
01193 sprintf(query, "select user_id from users where dn = '%s'", dn);
01194 if (SQL_Query(query) != 0)
01195 {
01196 SQL_Rollback();
01197 goto fail_jobrep;
01198 }
01199 if (SQL_GetQueryResult(&resultSet) > 0)
01200 {
01201 if (SQL_GetValue(resultSet, "user_id", &user_id) != 0)
01202 {
01203 lcmaps_log (0, "Could not get value: %s from the DB resultset with query: %s\n", "user_id", query);
01204 SQL_Rollback();
01205 goto fail_jobrep;
01206 }
01207 }
01208 }
01209 else
01210 {
01211
01212 sprintf(query, "select last_insert_id()");
01213 if (SQL_Query(query) != 0)
01214 {
01215 SQL_Rollback();
01216 goto fail_jobrep;
01217 }
01218
01219 if (SQL_GetQueryResult(&resultSet) > 0)
01220 {
01221 if (SQL_GetValue(resultSet, "last_insert_id()", &user_id) != 0)
01222 {
01223 lcmaps_log (0, "Could not get value: %s from resultset with query: %s\n", "last_insert_id()", query);
01224 SQL_Rollback();
01225 goto fail_jobrep;
01226 }
01227 }
01228 else
01229 {
01230 lcmaps_log(0, "ResultSet is empty for query: %s\n", query);
01231 SQL_Rollback();
01232 goto fail_jobrep;
01233 }
01234 }
01235
01236
01237
01238
01239
01240
01241
01242
01243 for (i = 0; i < certCount; i++)
01244 {
01245
01246 if ((cert_id != NULL) && (strlen(cert_id) > 0))
01247 {
01248 sprintf(query, "insert into user_certificates (
01249 user_id,
01250 subject,
01251 cert,
01252 first_use,
01253 valid_from,
01254 valid_until,
01255 parent_cert_id)
01256 values (%s, '%s', '%s', '%s', '%s', '%s', %s)",
01257 user_id,
01258 MySimpleStack[i].subject_name,
01259 MySimpleStack[i].certStr,
01260 datetime,
01261 MySimpleStack[i].strNotBefore,
01262 MySimpleStack[i].strNotAfter,
01263 cert_id);
01264 }
01265 else
01266 {
01267 sprintf(query, "insert into user_certificates (
01268 user_id,
01269 subject,
01270 cert,
01271 first_use,
01272 valid_from,
01273 valid_until)
01274 values (%s, '%s', '%s', '%s', '%s', '%s')",
01275 user_id,
01276 MySimpleStack[i].subject_name,
01277 MySimpleStack[i].certStr,
01278 datetime,
01279 MySimpleStack[i].strNotBefore,
01280 MySimpleStack[i].strNotAfter);
01281 }
01282
01283
01284
01285
01286
01287
01288
01289
01290
01291
01292
01293
01294
01295
01296
01297
01298
01299
01300
01301
01302
01303
01304
01305
01306
01307
01308
01309
01310
01311
01312
01313
01314
01315
01316
01317
01318
01319
01320
01321
01322
01323
01324
01325
01326
01327
01328
01329 if (SQL_Query(query) != 0)
01330 {
01331
01332
01333
01334
01335 sprintf(query, "select cert_id
01336 from user_certificates
01337 where subject = '%s'
01338 and valid_from = '%s'
01339 and valid_until = '%s'",
01340 MySimpleStack[i].subject_name,
01341 MySimpleStack[i].strNotBefore,
01342 MySimpleStack[i].strNotAfter);
01343
01344 if (SQL_Query(query) != 0)
01345 {
01346 SQL_Rollback();
01347 goto fail_jobrep;
01348 }
01349
01350 if (SQL_GetQueryResult(&resultSet) > 0)
01351 {
01352 if (SQL_GetValue(resultSet, "cert_id", &cert_id) != 0)
01353 {
01354 lcmaps_log(0, "Could not get value: %s from the DB resultset with query: %s\n", "cert_id", query);
01355 SQL_Rollback();
01356 goto fail_jobrep;
01357 }
01358 }
01359 else
01360 {
01361 lcmaps_log(0, "Empty resultset for query: %s\n", query);
01362 SQL_Rollback();
01363 goto fail_jobrep;
01364 }
01365 }
01366 else
01367 {
01368
01369 sprintf(query, "select last_insert_id()");
01370 if (SQL_Query(query) != 0)
01371 {
01372 SQL_Rollback();
01373 goto fail_jobrep;
01374 }
01375
01376 if (SQL_GetQueryResult(&resultSet) > 0)
01377 {
01378 if (SQL_GetValue(resultSet, "last_insert_id()", &cert_id) != 0)
01379 {
01380 lcmaps_log(0, "Could not get value: %s from the resultset\n", "last_insert_id()");
01381 SQL_Rollback();
01382 goto fail_jobrep;
01383 }
01384 }
01385 else
01386 {
01387 lcmaps_log(0, "ResultSet is empty for query: %s\n", query);
01388 SQL_Rollback();
01389 goto fail_jobrep;
01390 }
01391 }
01392 }
01393
01394
01395
01396
01397
01398
01399
01400
01401
01402
01403
01404 if ( (rsl) && (strlen(rsl) != 0) )
01405 {
01406 int offset = 0;
01407 tmpRSL = malloc(sizeof(char) * strlen(rsl) * 2);
01408
01409 for (i = 0; i < strlen(rsl); i++)
01410 {
01411
01412
01413
01414
01415
01416
01417
01418
01419
01420 if (rsl[i] == '\'')
01421 {
01422 tmpRSL[i + offset] = '\\';
01423 tmpRSL[i + ++offset] = '\'';
01424 }
01425 else
01426 {
01427 tmpRSL[i + offset] = rsl[i];
01428 }
01429 }
01430 tmpRSL[i + offset + 1] = '\0';
01431
01432 rsl = tmpRSL;
01433
01434 }
01435
01436
01437
01438
01439 sprintf(query, "insert into jobs (job_id, user_id, submit_cert_id, rsl, creation_time) values ('%s', %s, %s, '%s', '%s')", getenv("JOB_REPOSITORY_ID"), user_id, cert_id, rsl, datetime);
01440
01441
01442 if (SQL_Query(query) != 0)
01443 {
01444 lcmaps_log(0, "Error: possible problem is an already existing job_id: %s with query: %s\n", getenv("JOB_REPOSITORY_ID"), query);
01445 SQL_Rollback();
01446 goto fail_jobrep;
01447 }
01448
01449
01450
01451
01452
01453
01454
01455
01456 sprintf(query, "insert into jobstatus (job_id, status, status_change) values ('%s', '%s', '%s')",
01457 getenv("JOB_REPOSITORY_ID"), "gatekeeper", datetime);
01458 if (SQL_Query(query) != 0)
01459 {
01460 lcmaps_log(0, "Error: could not execute query: %s\n", query);
01461 SQL_Rollback();
01462 goto fail_jobrep;
01463 }
01464
01465
01466
01467
01468
01469
01470
01471
01472
01473
01474
01475 sprintf(query, "select credential_id from credentials where uid = %d and gid = %d", uid[0], priGid[0]);
01476 if ((user_info = getpwuid(uid[0])) != NULL)
01477 sprintf(query, "%s and uid_name = '%s'", query, user_info->pw_name);
01478
01479 if ((group_info = getgrgid(priGid[0])) != NULL)
01480 sprintf(query, "%s and gid_name = '%s'", query, group_info->gr_name);
01481
01482 if (SQL_Query(query) != 0)
01483 {
01484 SQL_Rollback();
01485 goto fail_jobrep;
01486 }
01487
01488 if (SQL_GetQueryResult(&resultSet) > 0)
01489 {
01490 if (SQL_GetValue(resultSet, "credential_id", &credential_id) != 0)
01491 {
01492 lcmaps_log (0, "Error: no value for credential_id from query: %s\n", query);
01493 SQL_Rollback();
01494 goto fail_jobrep;
01495 }
01496 }
01497 else
01498 {
01499
01500 sprintf(query, "insert into credentials (uid, gid");
01501 if (user_info != NULL)
01502 sprintf(query, "%s, uid_name", query);
01503 if (group_info != NULL)
01504 sprintf(query, "%s, gid_name", query);
01505
01506 sprintf(query, "%s) values (%d, %d", query, uid[0], priGid[0]);
01507 if (user_info != NULL)
01508 sprintf(query, "%s, '%s'", query, user_info->pw_name);
01509 if (group_info != NULL)
01510 sprintf(query, "%s, '%s'", query, group_info->gr_name);
01511 sprintf(query, "%s)", query);
01512 if (SQL_Query(query) != 0)
01513 {
01514 SQL_Rollback();
01515 goto fail_jobrep;
01516 }
01517
01518
01519 sprintf(query, "select last_insert_id()");
01520 if (SQL_Query(query) != 0)
01521 {
01522 SQL_Rollback();
01523 goto fail_jobrep;
01524 }
01525
01526 if (SQL_GetQueryResult(&resultSet) > 0)
01527 {
01528 if (SQL_GetValue(resultSet, "last_insert_id()", &credential_id) != 0)
01529 {
01530 lcmaps_log(0, "Could not get value: %s or %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "credential_id", "last_insert_id()", query);
01531
01532 SQL_Rollback();
01533 goto fail_jobrep;
01534 }
01535 }
01536 else
01537 {
01538 lcmaps_log(0, "ResultSet is empty for query: %s\n", query);
01539 SQL_Rollback();
01540 goto fail_jobrep;
01541 }
01542 }
01543
01544
01545 sprintf(query, "insert into job_credentials (job_id, credential_id, use_time) values ('%s', %s, '%s')",
01546 getenv("JOB_REPOSITORY_ID"), credential_id, datetime);
01547 if (SQL_Query(query) != 0)
01548 {
01549 lcmaps_log (0, "Error: could not execute query: %s\n", query);
01550 SQL_Rollback();
01551 goto fail_jobrep;
01552 }
01553
01554
01555
01556 for (i = 0; i < cntSecGid; i++)
01557 {
01558 sprintf(query, "select credential_group_id from credential_groups where sgid = %d", secGid[i]);
01559 if ((group_info = getgrgid(secGid[i])) != NULL)
01560 sprintf(query, "%s and sgid_name = '%s'", query, group_info->gr_name);
01561
01562 if (SQL_Query(query) != 0)
01563 {
01564 lcmaps_log (0, "Error: could not execute query: %s\n", query);
01565 SQL_Rollback();
01566 goto fail_jobrep;
01567 }
01568
01569 if (SQL_GetQueryResult(&resultSet) > 0)
01570 {
01571 if (SQL_GetValue(resultSet, "credential_group_id", &credential_group_id) != 0)
01572 {
01573 lcmaps_log (0, "Error: could not get value for credential_group_id from query: %s\n", query);
01574 SQL_Rollback();
01575 goto fail_jobrep;
01576 }
01577 }
01578 else
01579 {
01580
01581 sprintf(query, "insert into credential_groups (sgid");
01582 if (group_info != NULL)
01583 sprintf(query, "%s, sgid_name", query);
01584
01585 sprintf(query, "%s) values (%d", query, secGid[i]);
01586 if (group_info != NULL)
01587 sprintf(query, "%s, '%s'", query, group_info->gr_name);
01588 sprintf(query, "%s)", query);
01589 if (SQL_Query(query) != 0)
01590 {
01591 lcmaps_log (0, "Error: could not execute query: %s\n", query);
01592 SQL_Rollback();
01593 goto fail_jobrep;
01594 }
01595
01596
01597 sprintf(query, "select last_insert_id()");
01598 if (SQL_Query(query) != 0)
01599 {
01600 lcmaps_log (0, "Error: could not execute query: %s\n", query);
01601 SQL_Rollback();
01602 goto fail_jobrep;
01603 }
01604
01605 if (SQL_GetQueryResult(&resultSet) > 0)
01606 {
01607 if (SQL_GetValue(resultSet, "credential_group_id", &credential_group_id) != 0)
01608 {
01609 if (SQL_GetValue(resultSet, "last_insert_id()", &credential_group_id) != 0)
01610 {
01611 lcmaps_log (0, "Could not get value: %s or %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "credential_group_id", "last_insert_id()", query);
01612
01613 SQL_Rollback();
01614 goto fail_jobrep;
01615 }
01616 }
01617 }
01618 else
01619 {
01620 lcmaps_log (0, "ResultSet is empty for query: %s\n", query);
01621 SQL_Rollback();
01622 goto fail_jobrep;
01623 }
01624 }
01625
01626
01627 sprintf(query, "insert into job_credential_groups (job_id, credential_group_id, use_time) values ('%s', %s, '%s')",
01628 getenv("JOB_REPOSITORY_ID"), credential_group_id, datetime);
01629 if (SQL_Query(query) != 0)
01630 {
01631 lcmaps_log (0, "Error: could not execute query: %s\n", query);
01632 SQL_Rollback();
01633 goto fail_jobrep;
01634 }
01635 }
01636
01637
01638
01639
01640
01641 if ((vd != NULL) && (vd->data != NULL))
01642 {
01643 char * voms_id = NULL;
01644 char * user_voms_id = NULL;
01645 char * issuer_id = NULL;
01646 char * cnt = NULL;
01647
01648 k = 0;
01649 vo = vd->data;
01650
01651
01652 while(vo[k] != NULL)
01653 {
01654 v = vo[k++];
01655
01656 switch (v->type)
01657 {
01658 case TYPE_NODATA:
01659 lcmaps_log_debug(1,"%s: NO DATA\n", logstr);
01660 break;
01661 case TYPE_CUSTOM:
01662 lcmaps_log_debug(1,"%s: %*s\n", logstr, v->datalen - 10, v->custom);
01663 break;
01664 case TYPE_STD:
01665 j = 0;
01666 while (v->std[j])
01667 {
01668 lcmaps_log_debug(1,">>> Triplet: GROUP: %s\tROLE: %s\tCAP: %s\n", v->std[j]->group,
01669 v->std[j]->role,v->std[j]->cap);
01670
01671
01672 sprintf(query, "select voms_id from voms where vo = '%s' and vo_group = '%s'",
01673 v->voname,
01674 v->std[j]->group);
01675
01676
01677
01678
01679
01680
01681 if ((v->std[j]->role != NULL) && (strlen(v->std[j]->role) > 1))
01682 sprintf(query, "%s and vo_role = '%s'", query, v->std[j]->role);
01683 else
01684 sprintf(query, "%s and vo_role = ''", query);
01685
01686 if ((v->std[j]->cap != NULL) && (strlen(v->std[j]->cap) > 1))
01687 sprintf(query, "%s and vo_capability = '%s'", query, v->std[j]->cap);
01688 else
01689 sprintf(query, "%s and vo_capability = ''", query);
01690
01691 if (SQL_Query(query) != 0)
01692 {
01693 SQL_Rollback();
01694 goto fail_jobrep;
01695 }
01696
01697 if (SQL_GetQueryResult(&resultSet) > 0)
01698 {
01699 if (SQL_GetValue(resultSet, "voms_id", &voms_id) != 0)
01700 {
01701 lcmaps_log_debug(1, "Could not get value: %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "voms_id", query);
01702 SQL_Rollback();
01703 goto fail_jobrep;
01704 }
01705 }
01706 else
01707 {
01708
01709
01710 sprintf(query, "insert into voms (vo, vo_group, vo_role, vo_capability, fqan) ");
01711
01712 sprintf(query, "%s values ('%s', '%s'",
01713 query,
01714 v->voname,
01715 v->std[j]->group);
01716
01717
01718
01719
01720
01721
01722 if ((v->std[j]->role != NULL) && (strlen(v->std[j]->role) > 1))
01723 sprintf(query, "%s, '%s'", query, v->std[j]->role);
01724 else
01725 sprintf(query, "%s, ''", query);
01726
01727 if ((v->std[j]->cap != NULL) && (strlen(v->std[j]->cap) > 1))
01728 sprintf(query, "%s, '%s'", query, v->std[j]->cap);
01729 else
01730 sprintf(query, "%s, ''", query);
01731
01732 sprintf(query, "%s, '%s'", query, createFQAN(v->voname, v->std[j]->group, v->std[j]->role, v->std[j]->cap));
01733 sprintf(query, "%s)", query);
01734
01735 if (SQL_Query(query) != 0)
01736 {
01737 SQL_Rollback();
01738 goto fail_jobrep;
01739 }
01740
01741
01742
01743 sprintf(query, "select last_insert_id()");
01744 if (SQL_Query(query) != 0)
01745 {
01746 SQL_Rollback();
01747 goto fail_jobrep;
01748 }
01749
01750 if (SQL_GetQueryResult(&resultSet) > 0)
01751 {
01752 if (SQL_GetValue(resultSet, "last_insert_id()", &voms_id) != 0)
01753 {
01754 lcmaps_log_debug(1, "Could not get value: %s or %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "voms_id", "last_insert_id()", query);
01755
01756 SQL_Rollback();
01757 goto fail_jobrep;
01758 }
01759 }
01760 else
01761 {
01762 lcmaps_log_debug(1, "Strange error at a strange location\n");
01763 SQL_Rollback();
01764 goto fail_jobrep;
01765 }
01766
01767 }
01768
01769
01770 sprintf(query, "select issuer_id from issuers where dnsname = '%s' and serverca = '%s'", v->uri, v->serverca);
01771 if (SQL_Query(query) != 0)
01772 {
01773 SQL_Rollback();
01774 goto fail_jobrep;
01775 }
01776
01777 if (SQL_GetQueryResult(&resultSet) > 0)
01778 {
01779 if (SQL_GetValue(resultSet, "issuer_id", &issuer_id) != 0)
01780 {
01781 lcmaps_log_debug(1, "Could not get value: %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "issuer_id", query);
01782 SQL_Rollback();
01783 goto fail_jobrep;
01784 }
01785 }
01786 else
01787 {
01788
01789 sprintf(query, "insert into issuers (dnsname, serverca) values ('%s', '%s')", v->uri, v->serverca);
01790 if (SQL_Query(query) != 0)
01791 {
01792 SQL_Rollback();
01793 goto fail_jobrep;
01794 }
01795
01796 sprintf(query, "select last_insert_id()");
01797 if (SQL_Query(query) != 0)
01798 {
01799 SQL_Rollback();
01800 goto fail_jobrep;
01801 }
01802
01803 if (SQL_GetQueryResult(&resultSet) > 0)
01804 {
01805 if (SQL_GetValue(resultSet, "last_insert_id()", &issuer_id) != 0)
01806 {
01807 lcmaps_log_debug(1, "Could not get value: %s or %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "issuer_id", "last_insert_id()", query);
01808
01809 SQL_Rollback();
01810 goto fail_jobrep;
01811 }
01812 }
01813 }
01814
01815
01816 sprintf(query, "insert into voms_issuer (voms_id, issuer_id) values (%s, %s)", voms_id, issuer_id);
01817 if (SQL_Query(query) != 0)
01818 {
01819
01820 }
01821
01822
01823
01824
01825
01826 sprintf(query, "select user_voms_id
01827 from uservoms
01828 where voms_id = %s
01829 and user_id = %s
01830 and issuer_id = %s
01831 order by first_use desc",
01832 voms_id, user_id, issuer_id);
01833
01834
01835 if (SQL_Query(query) != 0)
01836 {
01837 SQL_Rollback();
01838 goto fail_jobrep;
01839 }
01840 if (SQL_GetQueryResult(&resultSet) > 0)
01841 {
01842 if (SQL_GetValue(resultSet, "user_voms_id", &user_voms_id) != 0)
01843 {
01844 lcmaps_log (0, "Could not get value: %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "user_voms_id", query);
01845 SQL_Rollback();
01846 goto fail_jobrep;
01847 }
01848
01851
01852
01853
01854
01855
01856
01857 }
01858 else
01859 {
01860
01863
01864
01865 sprintf(query, "insert into uservoms (voms_id, user_id, issuer_id, first_use) values (%s, %s, %s, '%s')",
01866 voms_id, user_id, issuer_id, datetime);
01867 if (SQL_Query(query) != 0)
01868 {
01869 lcmaps_log (0, "Error: could not execute query: %s\n", query);
01870 SQL_Rollback();
01871 goto fail_jobrep;
01872 }
01873
01874
01875
01876 sprintf(query, "select last_insert_id()");
01877 if (SQL_Query(query) != 0)
01878 {
01879 lcmaps_log (0, "Error: could not execute query: %s\n", query);
01880 SQL_Rollback();
01881 goto fail_jobrep;
01882 }
01883
01884 if (SQL_GetQueryResult(&resultSet) > 0)
01885 {
01886 if (SQL_GetValue(resultSet, "last_insert_id()", &user_voms_id) != 0)
01887 {
01888 lcmaps_log(0, "Could not get value: %s or %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "user_voms_id", "last_insert_id()", query);
01889
01890 SQL_Rollback();
01891 goto fail_jobrep;
01892 }
01893 }
01894 else
01895 {
01896 lcmaps_log(0, "Strange error at a strange location\n");
01897 SQL_Rollback();
01898 goto fail_jobrep;
01899 }
01900 }
01901
01902
01903 sprintf(query, "insert into vomsjobs (user_voms_id, job_id, use_time) values(%s, '%s', '%s')",
01904 user_voms_id, getenv("JOB_REPOSITORY_ID"), datetime);
01905 if (SQL_Query(query) != 0)
01906 {
01907 lcmaps_log (0, "Error: could not execute query: %s\n", query);
01908 SQL_Rollback();
01909 goto fail_jobrep;
01910 }
01911 j++;
01912 }
01913 break;
01914 }
01915 }
01916 free(voms_id);
01917 free(user_voms_id);
01918 free(issuer_id);
01919 free(cnt);
01920 }
01921
01922
01923
01924
01925
01926
01927 vo_mapping = (lcmaps_vo_mapping_t *)getCredentialData(LCMAPS_VO_CRED_MAPPING, &k);
01928 if (k > 0)
01929 {
01930 for (i = 0; i < k; i++)
01931 {
01932
01933 sprintf(query, "insert into mapping_voms_pgid (pgid, voms_id, use_time)
01934 select credentials.gid, voms.voms_id, '%s' from voms, credentials where credentials.gid = %d and voms.fqan = '%s'",
01935 datetime, vo_mapping[i].gid, tripletLine2FQAN (vo_mapping[i].vostring));
01936 SQL_Query(query);
01937
01938
01939
01940 sprintf(query, "insert into mapping_voms_sgid (sgid, voms_id, use_time)
01941 select credential_groups.sgid, voms.voms_id, '%s' from voms, credential_groups where credential_groups.sgid = %d and voms.fqan = '%s'",
01942 datetime, vo_mapping[i].gid, tripletLine2FQAN (vo_mapping[i].vostring));
01943
01944 SQL_Query(query);
01945 }
01946 }
01947
01948
01949
01950
01951
01952 lcmaps_log_debug(1,"%s: doing VOMS_Destroy\n", logstr);
01953 VOMS_Destroy(vd);
01954 lcmaps_log_debug(1,"%s: done\n", logstr);
01955
01956 SQL_Commit();
01957 ODBC_Disconnect();
01958
01959
01960 if (dupChain) sk_X509_free(dupChain);
01961 if (tmpFile) fclose(tmpFile);
01962 #ifdef TESTBIO
01963 if (x) X509_free(x);
01964 if (in) BIO_free(in);
01965 #endif
01966
01967
01968 if (user_id) free(user_id);
01969 if (credential_id) free(credential_id);
01970
01971 if (credential_group_id) free(credential_group_id);
01972 if (cert_id) free(cert_id);
01973 if (MySimpleStack) TSimpleCert_free(MySimpleStack, certCount);
01974
01975 if (datetime) free(datetime);
01976
01977
01978
01979 lcmaps_log_time(0,"%s: job repository plugin succeeded\n", logstr);
01980
01981 return LCMAPS_MOD_SUCCESS;
01982
01983 fail_jobrep:
01984
01985 if (connected)
01986 SQL_Rollback();
01987
01988 ODBC_Disconnect();
01989
01990
01991
01992 lcmaps_log_debug(1,"%s: doing VOMS_Destroy\n", logstr);
01993 VOMS_Destroy(vd);
01994 lcmaps_log_debug(1,"%s: done\n", logstr);
01995
01996
01997 if (dupChain) sk_X509_free(dupChain);
01998 if (tmpFile) fclose(tmpFile);
01999 #ifdef TESTBIO
02000 if (x) X509_free(x);
02001 if (in) BIO_free(in);
02002 #endif
02003
02004
02005 if (user_id) free(user_id);
02006 if (credential_id) free(credential_id);
02007
02008 if (credential_group_id) free(credential_group_id);
02009 if (cert_id) free(cert_id);
02010 if (MySimpleStack) TSimpleCert_free(MySimpleStack, certCount);
02011
02012 if (datetime) free(datetime);
02013
02014
02015
02016 lcmaps_log_time(0,"%s: job repositroy plugin failed\n", logstr);
02017
02018 return LCMAPS_MOD_FAIL;
02019 }
02020
02021
02022
02023
02024
02025
02026
02027
02028
02029
02030
02031
02032
02033 int plugin_terminate()
02034 {
02035 char * logstr = "\tlcmaps_plugin_voms-plugin_terminate()";
02036 lcmaps_log_debug(1,"%s: terminating\n", logstr);
02037 if (vomsdir) free(vomsdir);
02038 if (certdir) free(certdir);
02039 if (connStr) free(connStr);
02040
02041 return LCMAPS_MOD_SUCCESS;
02042 }
02043
02044
02045
02046
02047
02048
02049
02050
02051
02052
02053
02054
02055 void print_vomsdata(struct vomsdata *d)
02056 {
02057 char * logstr = "\tlcmaps_plugin_voms-print_vomsdata()";
02058 struct voms **vo = d->data;
02059 struct voms *v;
02060 int k = 0;
02061 int j =0;
02062
02063 while(vo[k])
02064 {
02065 v = vo[k++];
02066 lcmaps_log_debug(2,"%s: %d *******************************************\n", logstr,k);
02067 lcmaps_log_debug(2,"%s: SIGLEN: %d\nUSER: %s\n", logstr, v->siglen, v->user);
02068 lcmaps_log_debug(2,"%s: UCA: %s\nSERVER: %s\n", logstr, v->userca, v->server);
02069 lcmaps_log_debug(2,"%s: SCA: %s\nVO: %s\n", logstr, v->serverca, v->voname);
02070 lcmaps_log_debug(2,"%s: URI: %s\n", logstr, v->uri);
02071
02072
02073
02074
02075
02076 switch (v->type)
02077 {
02078 case TYPE_NODATA:
02079 lcmaps_log_debug(2,"%s: NO DATA\n", logstr);
02080 break;
02081 case TYPE_CUSTOM:
02082 lcmaps_log_debug(2,"%s: %*s\n", logstr, v->datalen - 10, v->custom);
02083 break;
02084 case TYPE_STD:
02085 j = 0;
02086 while (v->std[j])
02087 {
02088 lcmaps_log_debug(1,"%s: GROUP: %s\tROLE: %s\tCAP: %s\n", logstr,v->std[j]->group,
02089 v->std[j]->role,v->std[j]->cap);
02090 j++;
02091 }
02092 break;
02093 }
02094 }
02095
02096 if (d->workvo)
02097 lcmaps_log_debug(1,"%s: WORKVO: %s\n", logstr, d->workvo);
02098
02099 if (d->extra_data)
02100 lcmaps_log_debug(1,"%s: EXTRA: %s\n", logstr, d->extra_data);
02101 }
02102
02103
02104
02105
02106
02107
02108
02109
02110
02111
02112
02113
02114
02115
02116
02117
02118
02119
02120
02121
02122
02123
02124
02125 static struct tm * ASN1_TIME_2_time_t(ASN1_TIME *asn1_time)
02126 {
02127
02128 int i;
02129 static struct tm newTimeSpace;
02130
02131 if (asn1_time->length != 13)
02132 return NULL;
02133
02134
02135 for (i = 0; i < asn1_time->length / 2; i++)
02136 {
02137 char tmp[3];
02138
02139 tmp[0] = asn1_time->data[0 + (i*2)];
02140 tmp[1] = asn1_time->data[1 + (i*2)];
02141 tmp[2] = '\0';
02142
02143 switch(i)
02144 {
02145 case 0 : if (atoi(tmp) > 69)
02146 newTimeSpace.tm_year = atoi(tmp) + 1900;
02147 else
02148 newTimeSpace.tm_year = atoi(tmp) + 100;
02149 break;
02150 case 1 : newTimeSpace.tm_mon = atoi(tmp) - 1; break;
02151 case 2 : newTimeSpace.tm_mday = atoi(tmp); break;
02152 case 3 : newTimeSpace.tm_hour = atoi(tmp); break;
02153 case 4 : newTimeSpace.tm_min = atoi(tmp); break;
02154 case 5 : newTimeSpace.tm_sec = atoi(tmp); break;
02155 }
02156 }
02157
02158
02159
02160 return (&newTimeSpace);
02161 }
02162
02163
02164
02165
02166
02167
02168
02169
02170
02171
02172
02173
02174
02175
02176
02177
02178
02179
02180
02181
02182
02183 char * sttm_2_char (const struct tm * MyDateTime)
02184 {
02185 char * datetime = malloc(sizeof(char) * 21);
02186
02187 snprintf(datetime, 21, "%04d-%02d-%02d %02d:%02d:%02d",
02188 MyDateTime->tm_year + 1900, MyDateTime->tm_mon + 1, MyDateTime->tm_mday,
02189 MyDateTime->tm_hour, MyDateTime->tm_min, MyDateTime->tm_sec);
02190
02191 return datetime;
02192 }
02193
02194
02195
02196
02197
02198
02199
02200
02201
02202
02203
02204
02205
02206
02207 int strnclean (char **s, int bufsize)
02208 {
02209 int i = 0;
02210
02211 if (s == NULL)
02212 return -1;
02213
02214 if (*s == NULL)
02215 return -1;
02216
02217 for (i = 0; i < bufsize; i++)
02218 {
02219 (*s)[i] = '\0';
02220 }
02221
02222 return 0;
02223 }
02224
02225
02226
02227
02228
02229
02230
02231
02232
02233
02234
02235
02236
02237 int strclean (char **s)
02238 {
02239 return strnclean(s, strlen(*s));
02240 }
02241
02242
02243
02244
02245
02246
02247
02248
02249
02250
02251
02252
02253
02254
02255
02256
02257
02258
02278 static int lcmaps_get_jobrep_config(
02279 const char * path,
02280 char ** jobrep_config
02281 )
02282 {
02283 char * logstr = "\tlcmaps_plugin_jobrepository-lcmaps_get_jobrep_config()";
02284 FILE * fp = NULL;
02285 struct stat buf;
02286 int c;
02287 int count = 0;
02288 char * tempconfig = NULL;
02289
02290 lcmaps_log_debug(3,"%s: path: %s \n", logstr, path);
02291
02292
02293 if ((stat(path, &buf)) == -1)
02294 {
02295 lcmaps_log(0, "%s: unable to get stat of jobrep_config file: %s\n", logstr, path);
02296 return 1;
02297 }
02298
02299
02300 if ( !(S_ISREG(buf.st_mode)))
02301 {
02302 lcmaps_log(0, "%s: jobrep_config file is not a file: %s\n", logstr, path);
02303 return 1;
02304 }
02305
02306 if (buf.st_uid != 0) {
02307 lcmaps_log(0, "%s: jobrep_config file is not owned by root (readonly for root) : %s\n", logstr, path);
02308 return 1;
02309 }
02310
02311
02312 if ((0000777 & (buf.st_mode) ) != S_IRUSR )
02313 {
02314 lcmaps_log(0, "%s: jobrep_config file has incorrect accessibility (readonly for root) : %s\n", logstr, path);
02315 return 1;
02316 }
02317
02318
02319 if ((fp = fopen(path, "r")) == NULL)
02320 {
02321 lcmaps_log(0, "%s: unable to open jobrep_config file: %s\n", logstr, path);
02322 return 1;
02323 }
02324
02325
02326
02327
02328
02329 while ((c = getc(fp)) != EOF && (c != '\n')) count++;
02330 tempconfig = (char *) malloc(count * sizeof(char) + 2);
02331
02332 if ((fseek(fp, 0L, SEEK_SET)) != 0)
02333 {
02334 lcmaps_log(0, "%s: unable to reset the fp\n", logstr);
02335 fclose(fp);
02336 return 1;
02337 }
02338
02339 if ((fgets(tempconfig, count+1, fp)) == NULL )
02340 {
02341 lcmaps_log(0, "%s: unable to read the configuration: fgets failed\n", logstr);
02342 fclose(fp);
02343 return 1;
02344 }
02345
02346 fclose(fp);
02347 lcmaps_log_debug(3,"%s: configuration: %s\n", logstr, tempconfig);
02348
02349 *jobrep_config = strdup(tempconfig);
02350
02351
02352 if (tempconfig) free(tempconfig);
02353
02354 return 0;
02355 }