00001
00002
00003
00004
00005
00006 #include "gsiAuthRequest.h"
00007 #include "authResponse.h"
00008 #include "genQuery.h"
00009 #include "reGlobalsExtern.h"
00010
00011 static int gsiAuthReqStatus=0;
00012 static int gsiAuthReqError=0;
00013 static char gsiAuthReqErrorMsg[1000];
00014
00015 int
00016 rsGsiAuthRequest (rsComm_t *rsComm, gsiAuthRequestOut_t **gsiAuthRequestOut)
00017 {
00018 gsiAuthRequestOut_t *result;
00019 int status;
00020
00021 if (gsiAuthReqStatus==1) {
00022 gsiAuthReqStatus=0;
00023 if (gsiAuthReqError != 0) {
00024 rodsLogAndErrorMsg( LOG_NOTICE, &rsComm->rError, gsiAuthReqError,
00025 gsiAuthReqErrorMsg);
00026 }
00027 return gsiAuthReqError;
00028 }
00029
00030 *gsiAuthRequestOut = (gsiAuthRequestOut_t *)malloc(sizeof(gsiAuthRequestOut_t));
00031 memset((char *)*gsiAuthRequestOut, 0, sizeof(gsiAuthRequestOut_t));
00032
00033 result = *gsiAuthRequestOut;
00034
00035 #if defined(GSI_AUTH)
00036 status = igsiSetupCreds(NULL, rsComm, NULL, &result->serverDN);
00037 if (status==0) {
00038 rsComm->gsiRequest=1;
00039 }
00040 return(status);
00041 #else
00042 status = GSI_NOT_BUILT_INTO_SERVER;
00043 rodsLog (LOG_ERROR,
00044 "rsGsiAuthRequest failed GSI_NOT_BUILT_INTO_SERVER, status = %d",
00045 status);
00046 return (status);
00047 #endif
00048
00049 }
00050
00051 int igsiServersideAuth(rsComm_t *rsComm) {
00052 int status;
00053 #if defined(GSI_AUTH)
00054 char clientName[500];
00055 genQueryInp_t genQueryInp;
00056 genQueryOut_t *genQueryOut;
00057 char condition1[MAX_NAME_LEN];
00058 char condition2[MAX_NAME_LEN];
00059 char *tResult;
00060 int privLevel;
00061 int clientPrivLevel;
00062 int noNameMode;
00063 int statusRule;
00064 #ifdef GSI_DEBUG
00065 char *getVar;
00066 getVar = getenv("X509_CERT_DIR");
00067 if (getVar != NULL) {
00068 printf("X509_CERT_DIR:%s\n",getVar);
00069 }
00070 #endif
00071
00072 gsiAuthReqStatus=1;
00073
00074 status = igsiEstablishContextServerside(rsComm, clientName,
00075 500);
00076 #ifdef GSI_DEBUG
00077 if (status==0) printf("clientName:%s\n",clientName);
00078 #endif
00079
00080 memset (&genQueryInp, 0, sizeof (genQueryInp_t));
00081
00082 noNameMode=0;
00083 if (strlen(rsComm->clientUser.userName)>0) {
00084
00085
00086 snprintf (condition1, MAX_NAME_LEN, "='%s'", clientName);
00087 addInxVal (&genQueryInp.sqlCondInp, COL_USER_DN, condition1);
00088
00089 snprintf (condition2, MAX_NAME_LEN, "='%s'",
00090 rsComm->clientUser.userName);
00091 addInxVal (&genQueryInp.sqlCondInp, COL_USER_NAME, condition2);
00092
00093 addInxIval (&genQueryInp.selectInp, COL_USER_ID, 1);
00094 addInxIval (&genQueryInp.selectInp, COL_USER_TYPE, 1);
00095 addInxIval (&genQueryInp.selectInp, COL_USER_ZONE, 1);
00096
00097 genQueryInp.maxRows = 2;
00098
00099 status = rsGenQuery (rsComm, &genQueryInp, &genQueryOut);
00100 }
00101 else {
00102
00103
00104
00105
00106
00107 noNameMode=1;
00108 memset (&genQueryInp, 0, sizeof (genQueryInp_t));
00109
00110 snprintf (condition1, MAX_NAME_LEN, "='%s'", clientName);
00111 addInxVal (&genQueryInp.sqlCondInp, COL_USER_DN, condition1);
00112
00113 addInxIval (&genQueryInp.selectInp, COL_USER_ID, 1);
00114 addInxIval (&genQueryInp.selectInp, COL_USER_TYPE, 1);
00115 addInxIval (&genQueryInp.selectInp, COL_USER_NAME, 1);
00116 addInxIval (&genQueryInp.selectInp, COL_USER_ZONE, 1);
00117
00118 genQueryInp.maxRows = 2;
00119
00120 status = rsGenQuery (rsComm, &genQueryInp, &genQueryOut);
00121
00122 if (status == CAT_NO_ROWS_FOUND) {
00123
00124
00125
00126
00127
00128
00129
00130
00131
00132 ruleExecInfo_t rei;
00133 char *args[2];
00134 msParamArray_t *myMsParamArray;
00135 msParamArray_t myInOutParamArray;
00136
00137 memset((char*)&rei,0,sizeof(rei));
00138 rei.rsComm = rsComm;
00139 rei.uoic = &rsComm->clientUser;
00140 rei.uoip = &rsComm->proxyUser;
00141 args[0]=clientName;
00142 char out[200]="*cmdOutput";
00143 args[1]=out;
00144
00145 rei.inOutMsParamArray = myInOutParamArray;
00146
00147 myMsParamArray = (msParamArray_t *) malloc (sizeof (msParamArray_t));
00148 memset (myMsParamArray, 0, sizeof (msParamArray_t));
00149
00150 statusRule = applyRuleArgPA("acGetUserByDN", args, 2,
00151 myMsParamArray, &rei, NO_SAVE_REI);
00152
00153 #ifdef GSI_DEBUG
00154 printf("acGetUserByDN status=%d\n",statusRule);
00155
00156 int i;
00157 for (i=0;i<myMsParamArray->len;i++)
00158 {
00159 char *r;
00160 msParam_t *myP;
00161 myP = myMsParamArray->msParam[i];
00162 r = myP->label;
00163 printf("l1=%s\n", r);
00164 }
00165 #endif
00166
00167
00168 memset (&genQueryInp, 0, sizeof (genQueryInp_t));
00169
00170 snprintf (condition1, MAX_NAME_LEN, "='%s'", clientName);
00171 addInxVal (&genQueryInp.sqlCondInp, COL_USER_DN, condition1);
00172
00173 addInxIval (&genQueryInp.selectInp, COL_USER_ID, 1);
00174 addInxIval (&genQueryInp.selectInp, COL_USER_TYPE, 1);
00175 addInxIval (&genQueryInp.selectInp, COL_USER_NAME, 1);
00176 addInxIval (&genQueryInp.selectInp, COL_USER_ZONE, 1);
00177
00178 genQueryInp.maxRows = 2;
00179
00180 status = rsGenQuery (rsComm, &genQueryInp, &genQueryOut);
00181 }
00182 if (status == 0) {
00183 char *myBuf;
00184 strncpy(rsComm->clientUser.userName, genQueryOut->sqlResult[2].value,
00185 NAME_LEN);
00186 strncpy(rsComm->proxyUser.userName, genQueryOut->sqlResult[2].value,
00187 NAME_LEN);
00188 strncpy(rsComm->clientUser.rodsZone, genQueryOut->sqlResult[3].value,
00189 NAME_LEN);
00190 strncpy(rsComm->proxyUser.rodsZone, genQueryOut->sqlResult[3].value,
00191 NAME_LEN);
00192 myBuf = (char *)malloc (NAME_LEN * 2);
00193 snprintf (myBuf, NAME_LEN * 2, "%s=%s", SP_CLIENT_USER,
00194 rsComm->clientUser.userName);
00195 putenv (myBuf);
00196 free( myBuf );
00197 }
00198 }
00199 if (status == CAT_NO_ROWS_FOUND || genQueryOut==NULL) {
00200 status = GSI_DN_DOES_NOT_MATCH_USER;
00201 rodsLog (LOG_NOTICE,
00202 "igsiServersideAuth: DN mismatch, user=%s, Certificate DN=%s, status=%d",
00203 rsComm->clientUser.userName,
00204 clientName,
00205 status);
00206 snprintf(gsiAuthReqErrorMsg, sizeof gsiAuthReqErrorMsg,
00207 "igsiServersideAuth: DN mismatch, user=%s, Certificate DN=%s, status=%d",
00208 rsComm->clientUser.userName,
00209 clientName,
00210 status);
00211 gsiAuthReqError = status;
00212 return(status);
00213 }
00214
00215 if (status < 0) {
00216 rodsLog (LOG_NOTICE,
00217 "igsiServersideAuth: rsGenQuery failed, status = %d", status);
00218 snprintf(gsiAuthReqErrorMsg, sizeof gsiAuthReqErrorMsg,
00219 "igsiServersideAuth: rsGenQuery failed, status = %d", status);
00220 gsiAuthReqError = status;
00221 return (status);
00222 }
00223
00224 if (noNameMode==0) {
00225 if (genQueryOut==NULL || genQueryOut->rowCnt < 1) {
00226 gsiAuthReqError = GSI_NO_MATCHING_DN_FOUND;
00227 return(GSI_NO_MATCHING_DN_FOUND);
00228 }
00229 if (genQueryOut->rowCnt > 1) {
00230 gsiAuthReqError = GSI_MULTIPLE_MATCHING_DN_FOUND;
00231 return(GSI_MULTIPLE_MATCHING_DN_FOUND);
00232 }
00233 if (genQueryOut->attriCnt != 3) {
00234 gsiAuthReqError = GSI_QUERY_INTERNAL_ERROR;
00235 return(GSI_QUERY_INTERNAL_ERROR);
00236 }
00237 }
00238 else {
00239 if (genQueryOut==NULL || genQueryOut->rowCnt < 1) {
00240 gsiAuthReqError = GSI_NO_MATCHING_DN_FOUND;
00241 return(GSI_NO_MATCHING_DN_FOUND);
00242 }
00243 if (genQueryOut->rowCnt > 1) {
00244 gsiAuthReqError = GSI_MULTIPLE_MATCHING_DN_FOUND;
00245 return(GSI_MULTIPLE_MATCHING_DN_FOUND);
00246 }
00247 if (genQueryOut->attriCnt != 4) {
00248 gsiAuthReqError = GSI_QUERY_INTERNAL_ERROR;
00249 return(GSI_QUERY_INTERNAL_ERROR);
00250 }
00251 }
00252
00253 #ifdef GSI_DEBUG
00254 printf("Results=%d\n",genQueryOut->rowCnt);
00255 #endif
00256
00257 tResult = genQueryOut->sqlResult[0].value;
00258 #ifdef GSI_DEBUG
00259 printf("0:%s\n",tResult);
00260 #endif
00261 tResult = genQueryOut->sqlResult[1].value;
00262 #ifdef GSI_DEBUG
00263 printf("1:%s\n",tResult);
00264 #endif
00265 privLevel = LOCAL_USER_AUTH;
00266 clientPrivLevel = LOCAL_USER_AUTH;
00267
00268 if (strcmp(tResult, "rodsadmin") == 0) {
00269 privLevel = LOCAL_PRIV_USER_AUTH;
00270 clientPrivLevel = LOCAL_PRIV_USER_AUTH;
00271 }
00272
00273 status = chkProxyUserPriv (rsComm, privLevel);
00274
00275 if (status < 0) return status;
00276
00277 rsComm->proxyUser.authInfo.authFlag = privLevel;
00278 rsComm->clientUser.authInfo.authFlag = clientPrivLevel;
00279
00280 if (noNameMode) {
00281 int status2, status3;
00282 rodsServerHost_t *rodsServerHost = NULL;
00283 status2 = getAndConnRcatHost (rsComm, MASTER_RCAT,
00284 rsComm->myEnv.rodsZone, &rodsServerHost);
00285 if (status2 >= 0 &&
00286 rodsServerHost->localFlag == REMOTE_HOST &&
00287 rodsServerHost->conn != NULL) {
00288
00289 status3 = rcDisconnect(rodsServerHost->conn);
00290
00291
00292
00293
00294 rodsServerHost->conn = NULL;
00295
00296
00297 status3 = getAndConnRcatHost (rsComm, MASTER_RCAT,
00298 rsComm->myEnv.rodsZone,
00299 &rodsServerHost);
00300 if (status3) {
00301 rodsLog (LOG_ERROR,
00302 "igsiServersideAuth failed in getAndConnRcatHost, status = %d",
00303 status3);
00304 return (status3);
00305 }
00306 }
00307 }
00308 return status;
00309 #else
00310 status = GSI_NOT_BUILT_INTO_SERVER;
00311 rodsLog (LOG_ERROR,
00312 "igsiServersideAuth failed GSI_NOT_BUILT_INTO_SERVER, status = %d",
00313 status);
00314 return (status);
00315 #endif
00316 }