XRootD
Loading...
Searching...
No Matches
XrdSecgsiAuthzFunDN.cc
Go to the documentation of this file.
1/******************************************************************************/
2/* */
3/* X r d S e c g s i G M A P F u n D N . c c */
4/* */
5/* (c) 2011, G. Ganis / CERN */
6/* */
7/* This file is part of the XRootD software suite. */
8/* */
9/* XRootD is free software: you can redistribute it and/or modify it under */
10/* the terms of the GNU Lesser General Public License as published by the */
11/* Free Software Foundation, either version 3 of the License, or (at your */
12/* option) any later version. */
13/* */
14/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
15/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
16/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
17/* License for more details. */
18/* */
19/* You should have received a copy of the GNU Lesser General Public License */
20/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
21/* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
22/* */
23/* The copyright holder's institutional names and contributor's names may not */
24/* be used to endorse or promote products derived from this software without */
25/* specific prior written permission of the institution or contributor. */
26/* */
27/******************************************************************************/
28
29/* ************************************************************************** */
30/* */
31/* GMAP function implementation extracting info from the DN */
32/* */
33/* ************************************************************************** */
34
35#include <cstdio>
36#include <cstdlib>
37#include <cstring>
38#include <cerrno>
39
40#include "XrdVersion.hh"
41
49
50/******************************************************************************/
51/* V e r s i o n I n f o r m a t i o n */
52/******************************************************************************/
53
55
57
59
60/******************************************************************************/
61/* G l o b a l s & S t a t i c s */
62/******************************************************************************/
63
64extern XrdOucTrace *gsiTrace;
65
66static int gCertfmt = 1;
67
68/******************************************************************************/
69/* X r d S e c g s i A u t h z F u n */
70/******************************************************************************/
71
72//
73// Main function
74//
75extern "C"
76{
78{
79 // Implementation of XrdSecgsiAuthzFun extracting the information from the
80 // proxy chain in entity.creds
81 EPNAME("AuthzFunDN");
82
83 // Notify
84 DEBUG("dummy call for '"<<entity.name<<"'");
85
86 // Add something for test
87 entity.vorg = strdup("VO.dummy.test");
88 DEBUG("setting vorg: '"<<entity.vorg<<"'");
89
90 // Done
91 return 0;
92}}
93
94//
95// Key function
96//
97extern "C"
98{
99int XrdSecgsiAuthzKey(XrdSecEntity &entity, char **key)
100{
101 // Implementation of XrdSecgsiAuthzKey extracting the information from the
102 // proxy chain in entity.creds
103 EPNAME("AuthzKeyDN");
104
105 // Must have got something
106 if (!key) {
107 PRINT("ERROR: 'key' must be defined");
108 return -1;
109 }
110
111 // We will key on the end proxy DN
112 XrdCryptoX509Chain *chain = 0;
113 if (!entity.creds) {
114 PRINT("ERROR: 'entity.creds' must be defined");
115 return -1;
116 }
117 if (gCertfmt == 0) {
118 chain = (XrdCryptoX509Chain *) entity.creds;
119 } else {
120 XrdOucString s((const char *) entity.creds);
121 XrdSutBucket *b = new XrdSutBucket(s);
122 chain = new XrdCryptoX509Chain();
123 if (XrdCryptosslX509ParseBucket(b, chain) <= 0) {
124 PRINT("ERROR: no certificates in chain");
125 delete b;
126 delete chain; chain = 0;
127 return -1;
128 }
129 if (chain->Reorder() < 0) {
130 PRINT("ERROR: problems re-ordering proxy chain");
131 delete b;
132 delete chain; chain = 0;
133 return -1;
134 }
135 }
136 // Point to the last certificate
137 XrdCryptoX509 *proxy = chain->End();
138 if (!proxy) {
139 PRINT("ERROR: chain is empty!");
140 return -1;
141 }
142 // Get the DN
143 const char *dn = proxy->Subject();
144 int ldn = 0;
145 if (!dn || (ldn = strlen(dn)) <= 0) {
146 PRINT("ERROR: proxy dn undefined!");
147 return -1;
148 }
149
150 // Set the key
151 *key = new char[ldn+1];
152 strcpy(*key, dn);
153
154 // Done
155 DEBUG("key is: '"<<*key<<"'");
156 return 0;
157}}
158
159//
160// Init the relevant parameters from a dedicated config file
161//
162extern "C"
163{
164int XrdSecgsiAuthzInit(const char *cfg)
165{
166 // Initialize the relevant parameters from the 'cfg' string.
167 // Return -1 on failure.
168 // Otherwise, the return code indicates the format required by the mai function for
169 // the proxy chain:
170 // 0 proxy chain in 'raw' (opaque) format, to be processed
171 // using the XrdCrypto tools
172 // 1 proxy chain in 'PEM base64'
173 EPNAME("AuthzInitDN");
174
175 gCertfmt = 1;
176
177 // Parse the config string
178 XrdOucString cs(cfg), tkn;
179 int from = 0;
180 while ((from = cs.tokenize(tkn, from, ' ')) != -1) {
181 if (tkn == "certfmt=raw") {
182 gCertfmt = 0;
183 }
184 }
185 // Notify
186 PRINT("initialized! (certfmt:"<<gCertfmt<<")");
187
188 // Done
189 return gCertfmt;
190}}
191
#define DEBUG(x)
#define EPNAME(x)
int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *chain)
#define PRINT(y)
static int gCertfmt
XrdVERSIONINFO(XrdSecgsiAuthzFun, secgsiauthz)
int XrdSecgsiAuthzKey(XrdSecEntity &entity, char **key)
int XrdSecgsiAuthzFun(XrdSecEntity &entity)
XrdOucTrace * gsiTrace
int XrdSecgsiAuthzInit(const char *cfg)
XrdCryptoX509 * End() const
virtual const char * Subject()
char * vorg
Entity's virtual organization(s)
char * creds
Raw entity credentials or cert.
char * name
Entity's name.