00001
00002
00003
00004
00005
00006 #include "krbAuthRequest.h"
00007 #include "authResponse.h"
00008 #include "genQuery.h"
00009 #include "rsGlobalExtern.h"
00010
00011 static int krbAuthReqStatus=0;
00012 static int krbAuthReqError=0;
00013 static char krbAuthReqErrorMsg[1000];
00014
00015 int
00016 rsKrbAuthRequest (rsComm_t *rsComm, krbAuthRequestOut_t **krbAuthRequestOut)
00017 {
00018 krbAuthRequestOut_t *result;
00019 int status;
00020
00021 if (krbAuthReqStatus==1) {
00022 krbAuthReqStatus=0;
00023 if (krbAuthReqError != 0) {
00024 rodsLogAndErrorMsg( LOG_NOTICE, &rsComm->rError, krbAuthReqError,
00025 krbAuthReqErrorMsg);
00026 }
00027 return krbAuthReqError;
00028 }
00029
00030 *krbAuthRequestOut = (krbAuthRequestOut_t*)malloc(sizeof(krbAuthRequestOut_t));
00031 memset((char *)*krbAuthRequestOut, 0, sizeof(krbAuthRequestOut_t));
00032
00033 result = *krbAuthRequestOut;
00034
00035 #if defined(KRB_AUTH)
00036 status = ikrbSetupCreds(NULL, rsComm, KerberosName,
00037 &result->serverName);
00038 if (status==0) {
00039 rsComm->gsiRequest=2;
00040 }
00041 return(status);
00042 #else
00043 status = KRB_NOT_BUILT_INTO_SERVER;
00044 rodsLog (LOG_ERROR,
00045 "rsKrbAuthRequest failed KRB_NOT_BUILT_INTO_SERVER, status = %d",
00046 status);
00047 return (status);
00048 #endif
00049
00050 }
00051
00052 int ikrbServersideAuth(rsComm_t *rsComm) {
00053 int status;
00054 #if defined(KRB_AUTH)
00055 char clientName[500];
00056 genQueryInp_t genQueryInp;
00057 genQueryOut_t *genQueryOut;
00058 char condition1[MAX_NAME_LEN];
00059 char condition2[MAX_NAME_LEN*2];
00060 char *tResult;
00061 int privLevel;
00062 int clientPrivLevel;
00063
00064 krbAuthReqStatus=1;
00065
00066 status = ikrbEstablishContextServerside(rsComm, clientName,
00067 500);
00068 #ifdef KRB_DEBUG
00069 if (status==0) printf("clientName:%s\n",clientName);
00070 #endif
00071
00072 if (status) {
00073 krbAuthReqError = KRB_QUERY_INTERNAL_ERROR;
00074 return(status);
00075 }
00076
00077
00078 memset (&genQueryInp, 0, sizeof (genQueryInp_t));
00079
00080 if (strlen(rsComm->clientUser.userName)>0) {
00081
00082 snprintf (condition1, MAX_NAME_LEN, "='%s'",
00083 rsComm->clientUser.userName);
00084 addInxVal (&genQueryInp.sqlCondInp, COL_USER_NAME, condition1);
00085
00086 snprintf (condition2, MAX_NAME_LEN*2, "='%s'",
00087 clientName);
00088 addInxVal (&genQueryInp.sqlCondInp, COL_USER_DN, condition2);
00089
00090
00091
00092
00093
00094 addInxIval (&genQueryInp.selectInp, COL_USER_ID, 1);
00095 addInxIval (&genQueryInp.selectInp, COL_USER_TYPE, 1);
00096
00097 genQueryInp.maxRows = 2;
00098
00099 status = rsGenQuery (rsComm, &genQueryInp, &genQueryOut);
00100 }
00101 else {
00102 krbAuthReqError = KRB_QUERY_INTERNAL_ERROR;
00103 return(KRB_QUERY_INTERNAL_ERROR);
00104 }
00105
00106 if (status == CAT_NO_ROWS_FOUND) {
00107 krbAuthReqError = KRB_USER_DN_NOT_FOUND;
00108 return(KRB_USER_DN_NOT_FOUND);
00109 }
00110 if (status < 0) {
00111 rodsLog (LOG_NOTICE,
00112 "ikrbServersideAuth: rsGenQuery failed, status = %d", status);
00113 snprintf(krbAuthReqErrorMsg, 1000,
00114 "ikrbServersideAuth: rsGenQuery failed, status = %d", status);
00115 krbAuthReqError = status;
00116 return (status);
00117 }
00118
00119 if (genQueryOut->rowCnt !=1 || genQueryOut->attriCnt != 2) {
00120 krbAuthReqError = KRB_NAME_MATCHES_MULTIPLE_USERS;
00121 return(KRB_NAME_MATCHES_MULTIPLE_USERS);
00122 }
00123
00124 #ifdef KRB_DEBUG
00125 printf("Results=%d\n",genQueryOut->rowCnt);
00126 #endif
00127
00128 tResult = genQueryOut->sqlResult[0].value;
00129 #ifdef KRB_DEBUG
00130 printf("0:%s\n",tResult);
00131 #endif
00132 tResult = genQueryOut->sqlResult[1].value;
00133 #ifdef KRB_DEBUG
00134 printf("1:%s\n",tResult);
00135 #endif
00136 privLevel = LOCAL_USER_AUTH;
00137 clientPrivLevel = LOCAL_USER_AUTH;
00138
00139 if (strcmp(tResult, "rodsadmin") == 0) {
00140 privLevel = LOCAL_PRIV_USER_AUTH;
00141 clientPrivLevel = LOCAL_PRIV_USER_AUTH;
00142 }
00143
00144 status = chkProxyUserPriv (rsComm, privLevel);
00145
00146 if (status < 0) {
00147 krbAuthReqError = status;
00148 return status;
00149 }
00150
00151 rsComm->proxyUser.authInfo.authFlag = privLevel;
00152 rsComm->clientUser.authInfo.authFlag = clientPrivLevel;
00153
00154 return status;
00155 #else
00156 status = KRB_NOT_BUILT_INTO_SERVER;
00157 rodsLog (LOG_ERROR,
00158 "ikrbServersideAuth failed KRB_NOT_BUILT_INTO_SERVER, status = %d",
00159 status);
00160 return (status);
00161 #endif
00162 }
00163