00001
00002
00003
00004
00005
00006 #include "krbAuthRequest.h"
00007 #include "authResponse.h"
00008 #include "genQuery.h"
00009 #include "rsGlobalExtern.h"
00010
00011 static int krbAuthReqStatus=0;
00012 static int krbAuthReqError=0;
00013 static char krbAuthReqErrorMsg[1000];
00014
00015 int
00016 rsKrbAuthRequest (rsComm_t *rsComm, krbAuthRequestOut_t **krbAuthRequestOut)
00017 {
00018 int status;
00019
00020 if (krbAuthReqStatus==1) {
00021 krbAuthReqStatus=0;
00022 if (krbAuthReqError != 0) {
00023 rodsLogAndErrorMsg( LOG_NOTICE, &rsComm->rError, krbAuthReqError,
00024 krbAuthReqErrorMsg);
00025 }
00026 return krbAuthReqError;
00027 }
00028
00029 *krbAuthRequestOut = (krbAuthRequestOut_t*)malloc(sizeof(krbAuthRequestOut_t));
00030 memset((char *)*krbAuthRequestOut, 0, sizeof(krbAuthRequestOut_t));
00031
00032 #if defined(KRB_AUTH)
00033 krbAuthRequestOut_t *result;
00034 result = *krbAuthRequestOut;
00035 status = ikrbSetupCreds(NULL, rsComm, KerberosName,
00036 &result->serverName);
00037 if (status==0) {
00038 rsComm->gsiRequest=2;
00039 }
00040 return(status);
00041 #else
00042 status = KRB_NOT_BUILT_INTO_SERVER;
00043 rodsLog (LOG_ERROR,
00044 "rsKrbAuthRequest failed KRB_NOT_BUILT_INTO_SERVER, status = %d",
00045 status);
00046 return (status);
00047 #endif
00048
00049 }
00050
00051 int ikrbServersideAuth(rsComm_t *rsComm) {
00052 int status;
00053 #if defined(KRB_AUTH)
00054 char clientName[500];
00055 genQueryInp_t genQueryInp;
00056 genQueryOut_t *genQueryOut;
00057 char condition1[MAX_NAME_LEN];
00058 char condition2[MAX_NAME_LEN*2];
00059 char *tResult;
00060 int privLevel;
00061 int clientPrivLevel;
00062
00063 krbAuthReqStatus=1;
00064
00065 status = ikrbEstablishContextServerside(rsComm, clientName,
00066 500);
00067 #ifdef KRB_DEBUG
00068 if (status==0) printf("clientName:%s\n",clientName);
00069 #endif
00070
00071 if (status) {
00072 krbAuthReqError = KRB_QUERY_INTERNAL_ERROR;
00073 return(status);
00074 }
00075
00076
00077 memset (&genQueryInp, 0, sizeof (genQueryInp_t));
00078
00079 if (strlen(rsComm->clientUser.userName)>0) {
00080
00081 snprintf (condition1, MAX_NAME_LEN, "='%s'",
00082 rsComm->clientUser.userName);
00083 addInxVal (&genQueryInp.sqlCondInp, COL_USER_NAME, condition1);
00084
00085 snprintf (condition2, MAX_NAME_LEN*2, "='%s'",
00086 clientName);
00087 addInxVal (&genQueryInp.sqlCondInp, COL_USER_DN, condition2);
00088
00089
00090
00091
00092
00093 addInxIval (&genQueryInp.selectInp, COL_USER_ID, 1);
00094 addInxIval (&genQueryInp.selectInp, COL_USER_TYPE, 1);
00095
00096 genQueryInp.maxRows = 2;
00097
00098 status = rsGenQuery (rsComm, &genQueryInp, &genQueryOut);
00099 }
00100 else {
00101 krbAuthReqError = KRB_QUERY_INTERNAL_ERROR;
00102 return(KRB_QUERY_INTERNAL_ERROR);
00103 }
00104
00105 if (status == CAT_NO_ROWS_FOUND) {
00106 krbAuthReqError = KRB_USER_DN_NOT_FOUND;
00107 return(KRB_USER_DN_NOT_FOUND);
00108 }
00109 if (status < 0) {
00110 rodsLog (LOG_NOTICE,
00111 "ikrbServersideAuth: rsGenQuery failed, status = %d", status);
00112 snprintf(krbAuthReqErrorMsg, 1000,
00113 "ikrbServersideAuth: rsGenQuery failed, status = %d", status);
00114 krbAuthReqError = status;
00115 return (status);
00116 }
00117
00118 if (genQueryOut->rowCnt !=1 || genQueryOut->attriCnt != 2) {
00119 krbAuthReqError = KRB_NAME_MATCHES_MULTIPLE_USERS;
00120 return(KRB_NAME_MATCHES_MULTIPLE_USERS);
00121 }
00122
00123 #ifdef KRB_DEBUG
00124 printf("Results=%d\n",genQueryOut->rowCnt);
00125 #endif
00126
00127 tResult = genQueryOut->sqlResult[0].value;
00128 #ifdef KRB_DEBUG
00129 printf("0:%s\n",tResult);
00130 #endif
00131 tResult = genQueryOut->sqlResult[1].value;
00132 #ifdef KRB_DEBUG
00133 printf("1:%s\n",tResult);
00134 #endif
00135 privLevel = LOCAL_USER_AUTH;
00136 clientPrivLevel = LOCAL_USER_AUTH;
00137
00138 if (strcmp(tResult, "rodsadmin") == 0) {
00139 privLevel = LOCAL_PRIV_USER_AUTH;
00140 clientPrivLevel = LOCAL_PRIV_USER_AUTH;
00141 }
00142
00143 status = chkProxyUserPriv (rsComm, privLevel);
00144
00145 if (status < 0) {
00146 krbAuthReqError = status;
00147 return status;
00148 }
00149
00150 rsComm->proxyUser.authInfo.authFlag = privLevel;
00151 rsComm->clientUser.authInfo.authFlag = clientPrivLevel;
00152
00153 return status;
00154 #else
00155 status = KRB_NOT_BUILT_INTO_SERVER;
00156 rodsLog (LOG_ERROR,
00157 "ikrbServersideAuth failed KRB_NOT_BUILT_INTO_SERVER, status = %d",
00158 status);
00159 return (status);
00160 #endif
00161 }
00162