Index: config/site.def =================================================================== RCS file: /local/reps/lcgware/LCG-DM/config/site.def,v retrieving revision 1.20 diff -u -r1.20 site.def --- config/site.def 30 Oct 2005 09:21:07 -0000 1.20 +++ config/site.def 8 Dec 2005 16:05:19 -0000 @@ -148,7 +148,11 @@ #define UseKRB5 NO #define UseMySQL YES #define UseOracle NO +/* + * UseVOMS implies UseVirtualIds, but not the other way around + */ #define UseVOMS YES +#define UseVirtualIds YES #if BuildSecurity #define SecMakeStaticLibrary NO Index: dpm/Imakefile =================================================================== RCS file: /local/reps/lcgware/LCG-DM/dpm/Imakefile,v retrieving revision 1.21 diff -u -r1.21 Imakefile --- dpm/Imakefile 24 Nov 2005 16:51:34 -0000 1.21 +++ dpm/Imakefile 8 Dec 2005 16:05:19 -0000 @@ -29,6 +29,14 @@ #else LIBS = -L../lib -ldpm $(LIBCSEC) #endif + +#if UseVOMS +VOMSFLAG = -DUSE_VOMS -DVIRTUAL_ID +#else +#if UseVirtualIds +VOMSFLAG = -DVIRTUAL_ID +#endif +#endif SPOOL = DpmSpool LOGFILE = FileName($(SPOOL),log) #if UseOracle @@ -54,7 +62,7 @@ DFLAGS = -DDPMCONFIG=\"$(DPMCONFIG)\" \ -DLOGFILE=\"$(LOGFILE)\" \ $(STAGERSUPERUSER) $(STAGERSUPERGROUP) \ - $(ORAFLG) $(MYSFLG) $(CSECFLAG) + $(ORAFLG) $(MYSFLG) $(CSECFLAG) $(VOMSFLAG) CFLAGS = -g -I$(INCLUDES) $(MTCCFLAGS) $(DFLAGS) $(ORAINC) $(MYSINC) Index: dpm/dpm_auth.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/dpm/dpm_auth.c,v retrieving revision 1.1 diff -u -r1.1 dpm_auth.c --- dpm/dpm_auth.c 24 Feb 2005 10:57:49 -0000 1.1 +++ dpm/dpm_auth.c 8 Dec 2005 16:05:19 -0000 @@ -69,6 +69,36 @@ return (0); } +#ifdef USE_VOMS +/* dpm_client_setVOMS_data - set the VOMS data in the thread-specific structure */ + +int DLL_DECL dpm_client_setVOMS_data(char *voname, char **fqan, int nbfqan) +{ + char func[30]; + struct dpm_api_thread_info *thip; + char **tmp1, **tmp2; + int i; + +#ifdef CSEC + strcpy (func, "dpm_client_setVOMS_data"); + if (dpm_apiinit (&thip)) + return (-1); + + if (voname == NULL || strlen (voname) > CA_MAXCSECNAMELEN) { + serrno = EINVAL; + return (-1); + } + + thip->voname = voname; + /* TODO FIXME remove as soon as > 1 groups is supported */ + thip->nbfqan = (nbfqan > 1) ? 1 : nbfqan; + thip->fqans = fqan; + +#endif + return (0); +} +#endif + /* dpm_client_setSecurityOpts - set the security options in the thread-specific structure */ int DLL_DECL Index: dpm/dpm_main.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/dpm/dpm_main.c,v retrieving revision 1.15 diff -u -r1.15 dpm_main.c --- dpm/dpm_main.c 10 Nov 2005 14:35:50 -0000 1.15 +++ dpm/dpm_main.c 8 Dec 2005 16:05:19 -0000 @@ -376,6 +376,7 @@ &thip->Csec_mech, &thip->Csec_auth_id) < 0) { thip->Csec_uid = 0; thip->Csec_gid = 0; +#ifndef VIRTUAL_ID } else if (Csec_mapToLocalUser (thip->Csec_mech, thip->Csec_auth_id, NULL, 0, &thip->Csec_uid, &thip->Csec_gid) < 0) { dpmlogit (func, "Could not map to local user: %s !\n", @@ -383,6 +384,11 @@ sendrep (thip->s, DPM_RC, serrno); thip->s = -1; return NULL; +#else + } else { /* mapping will be done later */ + thip->Csec_uid = (uid_t) -1; + thip->Csec_gid = (gid_t) -1; +#endif } } else { dpmlogit (func, "Host is not trusted\n"); @@ -390,6 +396,7 @@ thip->s = -1; return NULL; } +#ifndef VIRTUAL_ID } else if (Csec_mapToLocalUser (thip->Csec_mech, thip->Csec_auth_id, NULL, 0, &thip->Csec_uid, &thip->Csec_gid) < 0) { dpmlogit (func, "Could not map to local user: %s !\n", @@ -397,10 +404,65 @@ sendrep (thip->s, DPM_RC, serrno); thip->s = -1; return NULL; +#else + } else { /* mapping will be done later */ + thip->Csec_uid = (uid_t) -1; + thip->Csec_gid = (gid_t) -1; + +#endif + } + + /* this is here so that the same code doesn't need to be present twice in the if above */ +#ifdef VIRTUAL_ID + if (thip->Csec_uid == -1) { +#ifdef USE_VOMS + dpmlogit("dpm_procreq", "sec_ctx->voname: %s\n", thip->sec_ctx.voname); + dpmlogit ("dpm_procreq", "Csec_auth_id: %s\n", thip->Csec_auth_id); + /* obtain the values from CSEC */ + thip->fqan = Csec_server_get_client_fqans (&thip->sec_ctx, &thip->nbfqan); + thip->voname = Csec_server_get_client_vo(&thip->sec_ctx); + + if (thip->nbfqan > 1) { + /* this is TODO FIXME as soon as dpns is modified to support > group */ + thip->nbfqan = 1; + dpmlogit("dpm_procreq", "fqan[0]: %s, fqan[1]: %s\n", thip->fqan[0], thip->fqan[1]); + } +#else + thip->fqan = NULL; + thip->nbfqan = 0; + thip->voname = NULL; +#endif + Cns_client_setAuthorizationId (thip->Csec_uid, thip->Csec_gid, + thip->Csec_mech, thip->Csec_auth_id); +#ifdef USE_VOMS + /* pass the VOMS auth data to the namesrver */ + Cns_client_setVOMS_data(thip->voname, thip->fqan, thip->nbfqan); +#endif + + if ((c = Cns_getidmap (thip->Csec_auth_id, thip->nbfqan, thip->fqan, &thip->Csec_uid, &thip->Csec_gid))) { + sendrep (thip->s, MSG_ERR, "Could not get virtual id: %s !\n", + sstrerror (c)); + return (SENOMAPFND); + } + if (thip->Csec_uid == -1 || thip->Csec_gid == -1) { + /* this means that the mapping did not succeed. Probably empty 'voname' + * (used grid-proxy-init), as otherwise the mapping will be created + */ + dpmlogit("Mapping was not found (empty voname in request?)\n"); + sendrep (thip->s, MSG_ERR, "Could not get virtual id: %s !\n", + sstrerror (c)); + return (SENOMAPFND); + } + dpmlogit("dpm_procreq", "obtained uid %d gid %d from Cns_getidmap()\n", + thip->Csec_uid, thip->Csec_gid); } +#else + /* init to real values */ Cns_client_setAuthorizationId (thip->Csec_uid, thip->Csec_gid, - thip->Csec_mech, thip->Csec_auth_id); + thip->Csec_mech, thip->Csec_auth_id); #endif +#endif /* CSEC */ + req_data = reqbuf; if ((c = getreq (thip->s, &magic, &req_type, &req_data, &clienthost)) == 0) { procreq (magic, req_type, req_data, clienthost, thip); Index: dpm/dpm_proclreq.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/dpm/dpm_proclreq.c,v retrieving revision 1.14 diff -u -r1.14 dpm_proclreq.c --- dpm/dpm_proclreq.c 20 Sep 2005 15:27:49 -0000 1.14 +++ dpm/dpm_proclreq.c 8 Dec 2005 16:05:19 -0000 @@ -131,7 +131,10 @@ struct dpm_req dpm_req; dpm_dbrec_addr rec_addr; struct dpm_srv_thread_info *thip = (struct dpm_srv_thread_info *) arg; - + int nbfqans; + char *voname = NULL; + char **fqan = NULL; + /* connect to the database if not done yet */ if (! thip->db_open_done) { @@ -161,9 +164,28 @@ return (NULL); } dpm_end_tr (&thip->dbfd); + #ifdef CSEC Cns_client_setAuthorizationId (dpm_req.r_uid, dpm_req.r_gid, "GSI", dpm_req.client_dn); +#ifdef USE_VOMS + + nbfqans = 1; + fqan = (char **) malloc(sizeof(char **)); + *fqan = (char *) malloc((CA_MAXCSECNAMELEN+1) * sizeof(char)); + /* to be compatible with dpns_getidmap() */ + **fqan = '/'; + Cns_getgrpbygid(dpm_req.r_gid, (*fqan)+1); + dpmlogit("dpm_procreq", "getgrpbygid returned -> %s <-\n", *fqan); + voname = *fqan; + + dpmlogit("dpm_procreq", "sec_ctx->voname: -> %s <-, sec_ctx->fqan[0]: -> %s <-\n", voname, fqan[0]); + + /* pass the VOMS auth data to the namesrver */ + Cns_client_setVOMS_data(voname, fqan, nbfqans); +#endif + + #endif switch (dpm_req.r_type) { @@ -175,6 +197,10 @@ break; } thip->s = -1; +#ifdef USE_VOMS + free(*fqan); + free(fqan); +#endif return (NULL); } @@ -407,7 +433,9 @@ #endif strcpy (func, "dpm_srv_proc_put"); - dpmlogit (func, "processing request %s\n", dpm_req->r_token); +#ifdef USE_VOMS + dpmlogit (func, "processing request %s. we are %s with uid %d gid %d\n", dpm_req->r_token, dpm_req->client_dn, dpm_req->r_uid, dpm_req->r_gid); +#endif #if (defined(_REENTRANT) || defined(_THREAD_SAFE)) && !defined(_WIN32) (void) localtime_r (&dpm_req->stime, &tmstruc); tm = &tmstruc; Index: dpm/dpm_procreq.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/dpm/dpm_procreq.c,v retrieving revision 1.12 diff -u -r1.12 dpm_procreq.c --- dpm/dpm_procreq.c 23 Nov 2005 16:55:51 -0000 1.12 +++ dpm/dpm_procreq.c 8 Dec 2005 16:05:19 -0000 @@ -2578,6 +2578,7 @@ if (rfio_unlink (pfn) < 0) { c = rfio_serrno (); + dpmlogit("dpm_rm_onereplica", "rfio_unlink() returned < 0. serrno set to\n", c); if (c != ENOENT) { *status = DPM_FAILED | c; return (-1); Index: dpm/send2dpm.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/dpm/send2dpm.c,v retrieving revision 1.5 diff -u -r1.5 send2dpm.c --- dpm/send2dpm.c 23 Nov 2005 16:56:57 -0000 1.5 +++ dpm/send2dpm.c 8 Dec 2005 16:05:19 -0000 @@ -139,6 +139,9 @@ *thip->Csec_mech && *thip->Csec_auth_id) Csec_client_setAuthorizationId (&ctx, thip->Csec_mech, thip->Csec_auth_id); +#ifdef USE_VOMS + Csec_client_setVOMS_data(&ctx, thip->voname, thip->fqans, thip->nbfqan); +#endif if (thip->Csec_opt) Csec_client_setSecurityOpts (&ctx, thip->Csec_opt); } Index: h/Cns_api.h =================================================================== RCS file: /local/reps/lcgware/LCG-DM/h/Cns_api.h,v retrieving revision 1.7 diff -u -r1.7 Cns_api.h --- h/Cns_api.h 22 Nov 2005 20:26:06 -0000 1.7 +++ h/Cns_api.h 8 Dec 2005 16:05:19 -0000 @@ -49,6 +49,9 @@ gid_t Csec_gid; char Csec_mech[CA_MAXCSECPROTOLEN+1]; char Csec_auth_id[CA_MAXCSECNAMELEN+1]; + char *voname; + char **fqans; + int nbfqan; #endif }; Index: h/Cns_server.h =================================================================== RCS file: /local/reps/lcgware/LCG-DM/h/Cns_server.h,v retrieving revision 1.7 diff -u -r1.7 Cns_server.h --- h/Cns_server.h 21 Nov 2005 15:33:27 -0000 1.7 +++ h/Cns_server.h 8 Dec 2005 16:05:19 -0000 @@ -130,6 +130,9 @@ gid_t Csec_gid; char *Csec_mech; char *Csec_auth_id; + char *voname; + char **fqans; + int nbfqan; #endif }; Index: h/Csec_api.h =================================================================== RCS file: /local/reps/lcgware/LCG-DM/h/Csec_api.h,v retrieving revision 1.2 diff -u -r1.2 Csec_api.h --- h/Csec_api.h 19 Oct 2005 08:50:25 -0000 1.2 +++ h/Csec_api.h 8 Dec 2005 16:05:19 -0000 @@ -45,6 +45,7 @@ char DLL_DECL **Csec_server_get_client_fqans _PROTO((Csec_context_t *, int *)); +int DLL_DECL Csec_client_setVOMS_data _PROTO((Csec_context_t *, const char *, const char **, const int)); /* Service type & name handling */ Index: h/Csec_constants.h =================================================================== RCS file: /local/reps/lcgware/LCG-DM/h/Csec_constants.h,v retrieving revision 1.2 diff -u -r1.2 Csec_constants.h --- h/Csec_constants.h 21 Nov 2005 12:52:46 -0000 1.2 +++ h/Csec_constants.h 8 Dec 2005 16:05:19 -0000 @@ -78,6 +78,7 @@ #define CSEC_CTX_USER_MAPPED 0x00000080L #define CSEC_CTX_DELEG_CRED_LOADED 0x00000100L #define CSEC_CTX_AUTHID_AVAIL 0x00000200L +#define CSEC_CTX_VOMS_AVAIL 0x00000300L /* Status of the protocols when being checked */ #define CSEC_PROT_NOSHLIB 0x00000001L Index: h/dpm_api.h =================================================================== RCS file: /local/reps/lcgware/LCG-DM/h/dpm_api.h,v retrieving revision 1.10 diff -u -r1.10 dpm_api.h --- h/dpm_api.h 25 Nov 2005 16:38:10 -0000 1.10 +++ h/dpm_api.h 8 Dec 2005 16:05:19 -0000 @@ -34,6 +34,9 @@ char Csec_mech[CA_MAXCSECPROTOLEN+1]; char Csec_auth_id[CA_MAXCSECNAMELEN+1]; int Csec_opt; + char *voname; + char **fqans; + int nbfqan; #endif }; @@ -128,6 +131,7 @@ EXTERN_C int DLL_DECL dpm_apiinit _PROTO((struct dpm_api_thread_info **)); EXTERN_C int DLL_DECL dpm_client_getAuthorizationId _PROTO((uid_t *, gid_t *, char **, char **)); EXTERN_C int DLL_DECL dpm_client_setAuthorizationId _PROTO((uid_t, gid_t, const char *, char *)); +EXTERN_C int DLL_DECL dpm_client_setVOMS_data _PROTO((char *, char **, int)); EXTERN_C int DLL_DECL dpm_client_setSecurityOpts _PROTO((int)); EXTERN_C int DLL_DECL dpm_copy _PROTO((int, struct dpm_copyfilereq *, char *, int, time_t, char *, int *, struct dpm_copyfilestatus **)); EXTERN_C int DLL_DECL dpm_errmsg _PROTO((char *, char *, ...)); Index: h/dpm_server.h =================================================================== RCS file: /local/reps/lcgware/LCG-DM/h/dpm_server.h,v retrieving revision 1.7 diff -u -r1.7 dpm_server.h --- h/dpm_server.h 9 Nov 2005 10:04:02 -0000 1.7 +++ h/dpm_server.h 8 Dec 2005 16:05:19 -0000 @@ -72,6 +72,9 @@ gid_t Csec_gid; char *Csec_mech; char *Csec_auth_id; + char *voname; + char **fqan; + int nbfqan; #endif }; Index: h/dpns_api.h =================================================================== RCS file: /local/reps/lcgware/LCG-DM/h/dpns_api.h,v retrieving revision 1.8 diff -u -r1.8 dpns_api.h --- h/dpns_api.h 23 Nov 2005 11:12:24 -0000 1.8 +++ h/dpns_api.h 8 Dec 2005 16:05:19 -0000 @@ -29,6 +29,7 @@ #define Cns_chown dpns_chown #define Cns_client_getAuthorizationId dpns_client_getAuthorizationId #define Cns_client_setAuthorizationId dpns_client_setAuthorizationId +#define Cns_client_setVOMS_data dpns_client_setVOMS_data #define Cns_closedir dpns_closedir #define Cns_creat dpns_creat #define Cns_creatc dpns_creatc Index: h/rfio_api.h =================================================================== RCS file: /local/reps/lcgware/LCG-DM/h/rfio_api.h,v retrieving revision 1.5 diff -u -r1.5 rfio_api.h --- h/rfio_api.h 20 Sep 2005 12:27:08 -0000 1.5 +++ h/rfio_api.h 8 Dec 2005 16:05:19 -0000 @@ -73,6 +73,9 @@ gid_t Csec_gid; char Csec_mech[CA_MAXCSECPROTOLEN+1]; char Csec_auth_id[CA_MAXCSECNAMELEN+1]; + char *voname; + char **fqans; + int nbfqan; #else int dummy; #endif @@ -98,6 +101,7 @@ EXTERN_C int DLL_DECL rfio_chown _PROTO((char *, int, int)); EXTERN_C int DLL_DECL rfio_client_getAuthorizationId _PROTO((uid_t *, gid_t *, char **, char **)); EXTERN_C int DLL_DECL rfio_client_setAuthorizationId _PROTO((uid_t, gid_t, const char *, char *)); +EXTERN_C int DLL_DECL rfio_client_setVOMS_data _PROTO((const char *, const char **, int)); EXTERN_C int DLL_DECL rfio_close _PROTO((int)); EXTERN_C int DLL_DECL rfio_close_v3 _PROTO((int)); EXTERN_C int DLL_DECL rfio_end _PROTO((void)); /* Close connections opened by rfio_mstat() */ Index: ns/Cns_auth.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/ns/Cns_auth.c,v retrieving revision 1.1 diff -u -r1.1 Cns_auth.c --- ns/Cns_auth.c 24 Feb 2005 10:43:10 -0000 1.1 +++ ns/Cns_auth.c 8 Dec 2005 16:05:19 -0000 @@ -68,3 +68,35 @@ #endif return (0); } + +#ifdef USE_VOMS +/* Cns_client_setVOMS_data - set the VOMS data in the thread-specific structure */ + +int DLL_DECL Cns_client_setVOMS_data(const char *voname, const char **fqan, int nbfqan) +{ + char func[30]; + struct Cns_api_thread_info *thip; + char **tmp1, **tmp2; + int i; + +#ifdef CSEC + strcpy (func, "Cns_client_setVOMS_data"); + if (Cns_apiinit (&thip)) + return (-1); + + if (voname == NULL || strlen (voname) > CA_MAXCSECNAMELEN) { + Cns_errmsg (func, "Supplied voname is wrong\n"); + serrno = EINVAL; + return (-1); + } + + thip->voname = voname; + /* TODO FIXME remove as soon as > 1 groups is supported */ + thip->nbfqan = (nbfqan > 1) ? 1 : nbfqan; + thip->fqans = fqan; + +#endif + return (0); +} + +#endif /* USE_VOMS */ Index: ns/Cns_getidmap.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/ns/Cns_getidmap.c,v retrieving revision 1.3 diff -u -r1.3 Cns_getidmap.c --- ns/Cns_getidmap.c 24 Nov 2005 11:13:33 -0000 1.3 +++ ns/Cns_getidmap.c 8 Dec 2005 16:05:19 -0000 @@ -12,6 +12,7 @@ #include #include #include +#include #if defined(_WIN32) #include #else Index: ns/Cns_main.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/ns/Cns_main.c,v retrieving revision 1.10 diff -u -r1.10 Cns_main.c --- ns/Cns_main.c 24 Nov 2005 06:04:15 -0000 1.10 +++ ns/Cns_main.c 8 Dec 2005 16:05:19 -0000 @@ -321,6 +321,7 @@ struct Cns_srv_thread_info *thip = (struct Cns_srv_thread_info *) arg; #ifdef CSEC + nslogit(func, "entered doit in CSEC mode, initializing context\n"); Csec_server_reinitContext (&thip->sec_ctx, CSEC_SERVICE_TYPE_HOST, NULL); if (Csec_server_establishContext (&thip->sec_ctx, thip->s) < 0) { nslogit (func, "Could not establish security context: %s !\n", @@ -585,17 +586,26 @@ } #ifdef VIRTUAL_ID if (thip->Csec_uid == -1) { -#ifdef USE_VOMS +#ifndef USE_VOMS + fqan = NULL; + nbfqans = 0; +#else + nslogit("dpns_procreq", "sec_ctx->voname: %s\n", thip->sec_ctx.voname); fqan = Csec_server_get_client_fqans (&thip->sec_ctx, &nbfqans); -nslogit ("procreq", "fqan=%x, nbfqans=%d\n", fqan, nbfqans); + nslogit ("dpns_procreq", "fqan=%x, nbfqans=%d\n", fqan, nbfqans); + /* TODO FIXME give away as soon as > 1 groups are supported */ if (nbfqans > 1) nbfqans = 1; -#endif + if (nbfqans == 1) + nslogit("dpm_procreq", "fqan[0]: -> %s <-\n", fqan[0]); +#endif + nslogit("dpns_procreq", "calling getidmap() with id %s\n", thip->Csec_auth_id); if ((c = getidmap (&thip->dbfd, thip->Csec_auth_id, nbfqans, fqan, &thip->Csec_uid, &thip->Csec_gid))) { sendrep (thip->s, MSG_ERR, "Could not get virtual id: %s !\n", sstrerror (c)); return (SENOMAPFND); } + nslogit("dpns_procreq", "getidmap() retuned uid %d gid %d\n", thip->Csec_uid, thip->Csec_gid); } #endif switch (req_type) { Index: ns/Imakefile =================================================================== RCS file: /local/reps/lcgware/LCG-DM/ns/Imakefile,v retrieving revision 1.20 diff -u -r1.20 Imakefile --- ns/Imakefile 24 Nov 2005 16:51:34 -0000 1.20 +++ ns/Imakefile 8 Dec 2005 16:05:19 -0000 @@ -27,7 +27,11 @@ #endif LIBCSEC += -ldl #if UseVOMS -VOMSFLAG = -DUSE_VOMS +VOMSFLAG = -DUSE_VOMS -DVIRTUAL_ID +#else +#if UseVirtualIds +VOMSFLAG = -DVIRTUAL_ID +#endif #endif #endif INCLUDES = FileName(..,h) Index: ns/send2nsd.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/ns/send2nsd.c,v retrieving revision 1.4 diff -u -r1.4 send2nsd.c --- ns/send2nsd.c 24 Nov 2005 11:15:34 -0000 1.4 +++ ns/send2nsd.c 8 Dec 2005 16:05:19 -0000 @@ -138,9 +138,13 @@ #ifdef CSEC Csec_client_initContext (&ctx, CSEC_SERVICE_TYPE_HOST, NULL); if (Cns_apiinit (&thip) == 0 && thip->use_authorization_id && - *thip->Csec_mech && *thip->Csec_auth_id) + *thip->Csec_mech && *thip->Csec_auth_id) { Csec_client_setAuthorizationId (&ctx, thip->Csec_mech, thip->Csec_auth_id); +#ifdef USE_VOMS + Csec_client_setVOMS_data(&ctx, thip->voname, thip->fqans, thip->nbfqan); +#endif + } if (Csec_client_establishContext (&ctx, s) < 0) { Cns_errmsg (func, NS002, "send", "No valid credential found"); (void) netclose (s); Index: rfio/Imakefile =================================================================== RCS file: /local/reps/lcgware/LCG-DM/rfio/Imakefile,v retrieving revision 1.6 diff -u -r1.6 Imakefile --- rfio/Imakefile 20 Sep 2005 12:17:06 -0000 1.6 +++ rfio/Imakefile 8 Dec 2005 16:05:19 -0000 @@ -103,7 +103,18 @@ LIBCSEC = -ldl #endif -CFLAGS = $(DEBUG) -I$(INCLUDES) $(HPSSINCLUDES) $(CTHREAD_FLAGS) $(CLIENTLOG) $(CCOPTFLAGS) $(DEFCFLAGS) $(RFIOFLAGS) $(ACCTFLAG) -DFORTRAN $(SUPPORT_CS2) $(CPPUFL) $(HPSSOPTS) $(HPSSCOPTS) $(NFSROOT) $(CSEC) +#if UseVOMS +VOMS = -DUSE_VOMS -DVIRTUAL_ID +LIBVOMS = -ldpm +#else + +#if UseVirtualIds +VOMS = -DVIRTUAL_ID +LIBVOMS = -ldpm +#endif +#endif + +CFLAGS = $(DEBUG) -I$(INCLUDES) $(HPSSINCLUDES) $(CTHREAD_FLAGS) $(CLIENTLOG) $(CCOPTFLAGS) $(DEFCFLAGS) $(RFIOFLAGS) $(ACCTFLAG) -DFORTRAN $(SUPPORT_CS2) $(CPPUFL) $(HPSSOPTS) $(HPSSCOPTS) $(NFSROOT) $(CSEC) $(VOMS) FIOO=fio.Osuf #if _WIN32 @@ -114,7 +125,7 @@ LDLIBS = -no_so -L../lib -l$(TOPLIBRARYNAME) -so_archive #else #if linux -LDLIBS = -L../lib -l$(TOPLIBRARYNAME) $(LIBCSEC) -lnsl $(MTLDLIBS) +LDLIBS = -L../lib -l$(TOPLIBRARYNAME) $(LIBCSEC) -lnsl $(MTLDLIBS) $(LIBVOMS) #else #if SOLARIS LDLIBS = -L../lib -l$(TOPLIBRARYNAME) -lsocket -lnsl Index: rfio/connect.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/rfio/connect.c,v retrieving revision 1.6 diff -u -r1.6 connect.c --- rfio/connect.c 1 Dec 2005 15:05:58 -0000 1.6 +++ rfio/connect.c 8 Dec 2005 16:05:19 -0000 @@ -350,8 +350,12 @@ serrno = 0; Csec_client_initContext(&ctx, CSEC_SERVICE_TYPE_HOST, NULL); if (rfio_apiinit (&thip) == 0 && thip->use_authorization_id && - *thip->Csec_mech && *thip->Csec_auth_id) + *thip->Csec_mech && *thip->Csec_auth_id) { Csec_client_setAuthorizationId (&ctx, thip->Csec_mech, thip->Csec_auth_id); +#ifdef USE_VOMS + Csec_client_setVOMS_data(&ctx, thip->voname, thip->fqans, thip->nbfqan); +#endif + } if (Csec_client_establishContext(&ctx, s) < 0) { TRACE(2, "rfio", "Could not establish security context: %s", Csec_getErrorMessage()); (void) netclose(s); Index: rfio/rfio_auth.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/rfio/rfio_auth.c,v retrieving revision 1.1 diff -u -r1.1 rfio_auth.c --- rfio/rfio_auth.c 20 May 2005 14:34:36 -0000 1.1 +++ rfio/rfio_auth.c 8 Dec 2005 16:05:19 -0000 @@ -70,3 +70,35 @@ #endif return (0); } + +#ifdef USE_VOMS +/* Cns_client_setVOMS_data - set the VOMS data in the thread-specific structure */ + +int DLL_DECL rfio_client_setVOMS_data(const char *voname, const char **fqan, int nbfqan) +{ + char func[30]; + struct rfio_api_thread_info *thip; + char **tmp1, **tmp2; + int i; + +#ifdef CSEC + strcpy (func, "Cns_client_setVOMS_data"); + if (rfio_apiinit (&thip)) + return (-1); + + if (voname == NULL || strlen (voname) > CA_MAXCSECNAMELEN) { + serrno = EINVAL; + return (-1); + } + + thip->voname = voname; + /* TODO FIXME remove as soon as > 1 groups is supported */ + thip->nbfqan = (nbfqan > 1) ? 1 : nbfqan; + thip->fqans = fqan; + +#endif + return (0); +} + +#endif /* USE_VOMS */ + Index: rfio/rfio_call64.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/rfio/rfio_call64.c,v retrieving revision 1.7 diff -u -r1.7 rfio_call64.c --- rfio/rfio_call64.c 20 Sep 2005 12:07:09 -0000 1.7 +++ rfio/rfio_call64.c 8 Dec 2005 16:05:19 -0000 @@ -328,6 +328,9 @@ { char *auth_id; char *mech; + char *voname = NULL; + char **fqan = NULL; + int nbfqan; int need_user_check = 1; char * p ; int status = 0, rcode = 0 ; @@ -357,6 +360,9 @@ unmarshall_WORD(p,uid); unmarshall_WORD(p,gid); get_client_actual_id(&uid, &gid, &mech, &auth_id, &rt, NULL); +#ifdef USE_VOMS + get_client_actual_voms_data(&voname, &fqan, &nbfqan); +#endif if ( (status == 0) && (status = unmarshall_STRINGN(p,user,CA_MAXUSRNAMELEN+1)) == -1 ) rcode = E2BIG; @@ -398,7 +404,10 @@ uid, gid, &statbuf, - &need_user_check); + &need_user_check, + voname, + fqan, + nbfqan); if (status < 0) { char alarmbuf[1024]; rcode = serrno; @@ -478,6 +487,9 @@ { char *auth_id; char *mech; + char *voname = NULL; + char **fqan = NULL; + int nbfqan = 0; int need_user_check = 1; char *p ; int status = 0, rcode = 0 ; @@ -515,6 +527,9 @@ unmarshall_WORD(p,uid); unmarshall_WORD(p,gid); get_client_actual_id(&uid, &gid, &mech, &auth_id, &rt, NULL); +#ifdef USE_VOMS + get_client_actual_voms_data(&voname, &fqan, &nbfqan); +#endif if ( (status == 0) && (status = unmarshall_STRINGN(p,user,CA_MAXUSRNAMELEN+1)) == -1 ) rcode = E2BIG; @@ -556,7 +571,10 @@ uid, gid, &statbuf, - &need_user_check); + &need_user_check, + voname, + fqan, + nbfqan); if (status < 0) { char alarmbuf[1024]; rcode = serrno; @@ -714,6 +732,9 @@ { char *auth_id; char *mech; + char *voname = NULL; + char **fqan = NULL; + int nbfqan = 0; int status; int rcode = 0; char *p; @@ -783,6 +804,9 @@ unmarshall_LONG(p, passwd); unmarshall_WORD(p, mapping); get_client_actual_id(&uid, &gid, &mech, &auth_id, &rt, &mapping); +#ifdef USE_VOMS + get_client_actual_voms_data(&voname, &fqan, &nbfqan); +#endif log(LOG_DEBUG, "sropen64: Opening file %s for remote user: %s\n", filename, user); if (rt) log(LOG_DEBUG, "sropen64: Mapping : %s\n", mapping ? "yes" : "no" ); @@ -898,7 +922,10 @@ gid, &pfn, &handler_context, - &need_user_check); + &need_user_check, + voname, + fqan, + nbfqan); if (status < 0) { char alarmbuf[1024]; rcode = serrno; @@ -1859,6 +1886,9 @@ { char *auth_id; char *mech; + char *voname = NULL; + char **fqan = NULL; + int nbfqan = 0; int status; int rcode = 0; char *p; @@ -1961,6 +1991,9 @@ unmarshall_LONG(p, passwd); unmarshall_WORD(p, mapping); get_client_actual_id(&uid, &gid, &mech, &auth_id, &rt, &mapping); +#ifdef USE_VOMS + get_client_actual_voms_data(&voname, &fqan, &nbfqan); +#endif log(LOG_DEBUG,"ropen64_v3: Opening file %s for remote user: %s\n", filename, user); if (rt) log(LOG_DEBUG,"ropen64_v3: Mapping : %s\n", mapping ? "yes" : "no"); @@ -2077,7 +2110,10 @@ gid, &pfn, &handler_context, - &need_user_check); + &need_user_check, + voname, + fqan, + nbfqan); if (status < 0) { char alarmbuf[1024]; rcode = serrno; Index: rfio/rfio_callhandlers.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/rfio/rfio_callhandlers.c,v retrieving revision 1.5 diff -u -r1.5 rfio_callhandlers.c --- rfio/rfio_callhandlers.c 20 Sep 2005 12:22:05 -0000 1.5 +++ rfio/rfio_callhandlers.c 8 Dec 2005 16:05:19 -0000 @@ -39,7 +39,10 @@ gid_t gid, char **pfn, void **ctx, - int *need_user_check) + int *need_user_check, + char *voname, + char **fqan, + int nbfqan) { char *p; char *parent; @@ -84,6 +87,9 @@ *p++ = ':'; strcpy (p, sfn); Cns_client_setAuthorizationId (uid, gid, (char *) mech, (char *) principal); +#ifdef USE_VOMS + Cns_client_setVOMS_data(voname, fqan, nbfqan); +#endif if (Cns_accessr (sfn1, (flags & (O_WRONLY|O_TRUNC|O_CREAT)) ? W_OK : R_OK) < 0) return (-1); *pfn = strdup(sfn); @@ -110,7 +116,10 @@ uid_t uid, gid_t gid, struct stat *st, - int *need_user_check) + int *need_user_check, + char *voname, + char **fqan, + int nbfqan) { char *p; char sfn1[CA_MAXSFNLEN+1]; @@ -139,7 +148,9 @@ p = sfn1 + strlen (sfn1); *p++ = ':'; strcpy (p, sfn); +#ifndef VIRTUAL_ID Cns_client_setAuthorizationId (uid, gid, (char *) mech, (char *) principal); +#endif if (Cns_statr (sfn1, &statbuf) < 0) return (-1); st->st_uid = statbuf.uid; @@ -156,7 +167,10 @@ uid_t uid, gid_t gid, struct stat64 *st, - int *need_user_check) + int *need_user_check, + char *voname, + char **fqan, + int nbfqan) { char *p; char sfn1[CA_MAXSFNLEN+1]; @@ -185,7 +199,9 @@ p = sfn1 + strlen (sfn1); *p++ = ':'; strcpy (p, sfn); +#ifndef VIRTUAL_ID Cns_client_setAuthorizationId (uid, gid, (char *) mech, (char *) principal); +#endif if (Cns_statr (sfn1, &statbuf) < 0) return (-1); st->st_uid = statbuf.uid; Index: rfio/rfio_calls.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/rfio/rfio_calls.c,v retrieving revision 1.6 diff -u -r1.6 rfio_calls.c --- rfio/rfio_calls.c 23 May 2005 19:13:24 -0000 1.6 +++ rfio/rfio_calls.c 8 Dec 2005 16:05:19 -0000 @@ -75,6 +75,9 @@ extern struct group *getgrent(void); #endif +extern struct passwd stagersuperuser; +extern int have_stagersuperuser; + #if defined(HPSS) #include #include @@ -446,7 +449,7 @@ if (name1[0]=='\0') { status = unlink(name2) ; rcode = (status < 0 ? errno: 0) ; - log(LOG_INFO ,"runlink(): unlink(%s) returned %d, rcode=%d\n",name2,status,rcode); + log(LOG_INFO ,"runlink(): unlink(%s) returned %d, rcode=%d. uid: %d, gid: %d\n",name2,status,rcode, getuid(), getgid()); } else { log(LOG_INFO, "unlink for (%d, %d)\n",getuid(), getgid()) ; @@ -1108,7 +1111,10 @@ struct stat statbuf ; char user[CA_MAXUSRNAMELEN+1]; int uid,gid; - + char *voname = NULL; + char **fqan = NULL; + int nbfqan = 0; + p= rqstbuf + 2*WORDSIZE ; unmarshall_LONG(p,len) ; if ( (status = srchkreqsize(s,p,len)) == -1 ) { @@ -1133,6 +1139,9 @@ rcode = E2BIG; } get_client_actual_id(&uid, &gid, &mech, &auth_id, &rt, NULL); +#ifdef USE_VOMS + get_client_actual_voms_data(&voname, &fqan, &nbfqan); +#endif *filename = '\0'; if ( (status == 0) && (status = unmarshall_STRINGN(p,filename,MAXFILENAMSIZE)) == -1 ) @@ -1171,7 +1180,11 @@ uid, gid, &statbuf, - &need_user_check); + &need_user_check, + voname, + fqan, + nbfqan + ); if (status < 0) { char alarmbuf[1024]; rcode = serrno; @@ -1248,6 +1261,9 @@ { char *auth_id; char *mech; + char *voname = NULL; + char **fqan = NULL; + int nbfqan = 0; int need_user_check = 1; char * p ; int status = 0, rcode = 0; @@ -1288,6 +1304,9 @@ rcode = E2BIG; } get_client_actual_id(&uid, &gid, &mech, &auth_id, &rt, NULL); +#ifdef USE_VOMS + get_client_actual_voms_data(&voname, &fqan, &nbfqan); +#endif if ( (status == 0) && (status = unmarshall_STRINGN(p,filename,MAXFILENAMSIZE)) == -1 ) rcode = SENAMETOOLONG; @@ -1325,7 +1344,10 @@ uid, gid, &statbuf, - &need_user_check); + &need_user_check, + voname, + fqan, + nbfqan); if (status < 0) { char alarmbuf[1024]; rcode = serrno; @@ -1659,6 +1681,9 @@ char user[CA_MAXUSRNAMELEN+1]; /* User name */ char reqhost[MAXHOSTNAMELEN]; char vmstr[MAXVMSTRING]; + char *voname = NULL; + char **fqan = NULL; + int nbfqan = 0; #if defined(_WIN32) SOCKET sock; #else @@ -1720,6 +1745,9 @@ } log(LOG_DEBUG,"vms string is %s\n", vmstr) ; get_client_actual_id(&uid, &gid, &mech, &auth_id, &rt, &mapping); +#ifdef USE_VOMS + get_client_actual_voms_data(&voname, &fqan, &nbfqan); +#endif if (bet) log(LOG_DEBUG,"Opening file %s for remote user: %s\n",filename,user); if (rt) @@ -1839,7 +1867,11 @@ gid, &pfn, &handler_context, - &need_user_check); + &need_user_check, + voname, + fqan, + nbfqan + ); if (status < 0) { char alarmbuf[1024]; rcode = serrno; @@ -3573,9 +3605,11 @@ #endif #endif /* HPSS */ { +#ifndef VIRTUAL_ID *ptrcode = EACCES ; log(LOG_ERR,"chsuser(): user (%d,%d) does not exist at local host\n",uid,gid); return -2 ; +#endif } if ( setgid((gid_t)gid)<0 || setuid((uid_t)uid)<0 ) { *ptrcode = errno ; @@ -3667,6 +3701,9 @@ { char *auth_id; char *mech; + char *voname = NULL; + char **fqan = NULL; + int nbfqan = 0; int status; int rcode = 0; char *p; @@ -3787,6 +3824,9 @@ } log(LOG_DEBUG,"vms string is %s\n", vmstr) ; get_client_actual_id(&uid, &gid, &mech, &auth_id, &rt, &mapping); +#ifdef USE_VOMS + get_client_actual_voms_data(&voname, &fqan, &nbfqan); +#endif if (bet) log(LOG_DEBUG,"Opening file %s for remote user: %s\n",filename,user); if (rt) @@ -3908,7 +3948,11 @@ gid, &pfn, &handler_context, - &need_user_check); + &need_user_check, + voname, + fqan, + nbfqan + ); if (status < 0) { char alarmbuf[1024]; rcode = serrno; Index: rfio/rfio_serv.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/rfio/rfio_serv.c,v retrieving revision 1.3 diff -u -r1.3 rfio_serv.c --- rfio/rfio_serv.c 20 Sep 2005 12:07:09 -0000 1.3 +++ rfio/rfio_serv.c 8 Dec 2005 16:05:19 -0000 @@ -22,6 +22,9 @@ #include "u64subr.h" #include /* Signal handling */ #include +#include "dpm.h" +#include "dpm_util.h" +#include "dpns_api.h" #if defined(_WIN32) #include "syslog.h" #include "log.h" @@ -73,7 +76,7 @@ #include #include struct passwd stagersuperuser; -static int have_stagersuperuser = 0; /* Default is no alternate super-user */ +int have_stagersuperuser = 0; /* Default is no alternate super-user */ #if defined(HPSS) #include @@ -103,6 +106,9 @@ gid_t Csec_gid; char *Csec_mech; char *Csec_auth_id; +char *voname; +char **fqan; +int nbfqan; #endif extern char *getconfent(); @@ -870,43 +876,127 @@ #endif /* WIN32 */ #ifdef CSEC - /* Perfom the authentication */ + Csec_server_reinitContext (&sec_ctx, CSEC_SERVICE_TYPE_HOST, NULL); + if (Csec_server_establishContext (&sec_ctx, s) < 0) { + log (LOG_ERR, "Could not establish security context: %s !\n", + Csec_getErrorMessage()); + closesocket(s); + if (mode) + return(1); + else + exit(1); + } + Csec_server_getClientId (&sec_ctx, &Csec_mech, &Csec_auth_id); + if (strcmp (Csec_mech, "ID") == 0 || + Csec_isIdAService (Csec_mech, Csec_auth_id) >= 0) { + if (isTrustedHost (s, localhost, localdomain, "RFIOD", "TRUST")) { + if (Csec_server_getAuthorizationId (&sec_ctx, + &Csec_mech, &Csec_auth_id) < 0) { + Csec_uid = 0; + Csec_gid = 0; +#ifndef VIRTUAL_ID + } else if (Csec_mapToLocalUser (Csec_mech, Csec_auth_id, + NULL, 0, &Csec_uid, &Csec_gid) < 0) { + log (LOG_ERR, "Could not map to local user: %s !\n", + sstrerror (serrno)); + closesocket(s); + if (mode) + return(1); + else + exit(1); +#else + } else { /* use nameserver to get the mapping */ + Csec_uid = (uid_t) -1; + Csec_gid = (gid_t) -1; +#endif + } + } else { + log (LOG_ERR, "Host is not trusted\n"); + closesocket(s); + if (mode) + return(1); + else + exit(1); + } +#ifndef VIRTUAL_ID + } else if (Csec_mapToLocalUser (Csec_mech, Csec_auth_id, + NULL, 0, &Csec_uid, &Csec_gid) < 0) { + log (LOG_ERR, "Could not map to local user: %s !\n", + sstrerror (serrno)); + closesocket(s); + if (mode) + return(1); + else + exit(1); +#else + } else { /* mapping will be done later */ + Csec_uid = (uid_t) -1; + Csec_gid = (gid_t) -1; - Csec_server_initContext(&sec_ctx, CSEC_SERVICE_TYPE_HOST, NULL); - if (Csec_server_establishContext(&sec_ctx, s)<0) { - log(LOG_ERR, "Could not establish context: %s\n", Csec_getErrorMessage()); - closesocket(s); - if (mode) return(1); else exit(1); - } - Csec_server_getClientId(&sec_ctx, &Csec_mech, &Csec_auth_id); - if (strcmp (Csec_mech, "ID") == 0 || - Csec_isIdAService (Csec_mech, Csec_auth_id) >= 0) { - if (isTrustedHost (s, localhost, localdomain, "RFIOD", "TRUST")) { - if (Csec_server_getAuthorizationId (&sec_ctx, &Csec_mech, &Csec_auth_id) < 0) { - Csec_uid = 0; - Csec_gid = 0; - } else if (Csec_mapToLocalUser (Csec_mech, Csec_auth_id, - NULL, 0, &Csec_uid, &Csec_gid) < 0) { - log (LOG_ERR, "Could not map to local user: %s !\n", - sstrerror (serrno)); - closesocket(s); - if (mode) return(1); else exit(1); - } - } else { - log (LOG_ERR, "Host is not trusted\n"); - closesocket(s); - if (mode) return(1); else exit(1); - } - } else if (Csec_mapToLocalUser (Csec_mech, Csec_auth_id, - NULL, 0, &Csec_uid, &Csec_gid) < 0) { - log (LOG_ERR, "Could not map to local user: %s !\n", - sstrerror (serrno)); - closesocket(s); - if (mode) return(1); else exit(1); - } - log(LOG_INFO, "request by %s (%d,%d)\n", Csec_auth_id, Csec_uid, Csec_gid); +#endif + } + +#ifdef VIRTUAL_ID + if (Csec_uid == -1) { + int c; +#ifdef USE_VOMS + log(LOG_INFO, "sec_ctx->voname: %s\n", sec_ctx.voname); + log (LOG_INFO, "Csec_auth_id: %s\n", Csec_auth_id); + /* obtain the values from CSEC */ + fqan = Csec_server_get_client_fqans (&sec_ctx, &nbfqan); + voname = Csec_server_get_client_vo(&sec_ctx); + + if (nbfqan > 1) { + /* this is TODO FIXME as soon as dpns is modified to support > group */ + nbfqan = 1; + log(LOG_INFO, "fqan[0]: %s, fqan[1]: %s\n", fqan[0], fqan[1]); + } + +#else + nbfqan = 0; + fqan = NULL; + voname = NULL; +#endif + /* values are bogus, but we need the cert there */ + Cns_client_setAuthorizationId (Csec_uid, Csec_gid, + Csec_mech, Csec_auth_id); +#ifdef USE_VOMS + /* pass the VOMS auth data to the namesrver */ + Cns_client_setVOMS_data(sec_ctx.voname, fqan, nbfqan); +#endif + + if ((c = Cns_getidmap (Csec_auth_id, nbfqan, fqan, &Csec_uid, &Csec_gid))) { + log (s, MSG_ERR, "Could not get virtual id: %s !\n", + sstrerror (c)); + closesocket(s); + if (mode) + return (1); + else + exit (1); + } + if (Csec_uid == -1 || Csec_gid == -1) { + /* this means that the mapping did not succeed. Probably empty 'voname' + * (used grid-proxy-init), as otherwise the mapping will be created + */ + log(LOG_INFO, "Mapping was not found (empty voname in request?)\n"); + closesocket(s); + if (mode) + return(1); + else + exit(1); + } + log(LOG_INFO, "obtained uid %d gid %d from Cns_getidmap()\n", + Csec_uid, Csec_gid); + } +#else + /* init to real values */ + Cns_client_setAuthorizationId (Csec_uid, Csec_gid, + Csec_mech, Csec_auth_id); #endif +#endif + + log(LOG_INFO, "request by %s (%d,%d)\n", Csec_auth_id, Csec_uid, Csec_gid); /* * Initializing the info data structure. */ @@ -1765,3 +1855,21 @@ #endif return (0); } + +get_client_actual_voms_data (v, f, n) +char **v; +char ***f; +int *n; +{ +#ifdef USE_VOMS + *v = voname; + *f = fqan; + *n = nbfqan; +#else + *v = NULL; + *f = NULL; + *n = 0; +#endif + return 0; +} + Index: security/Csec_api.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/security/Csec_api.c,v retrieving revision 1.5 diff -u -r1.5 Csec_api.c --- security/Csec_api.c 19 Oct 2005 08:36:26 -0000 1.5 +++ security/Csec_api.c 8 Dec 2005 16:05:19 -0000 @@ -1150,19 +1150,83 @@ * * *****************************************************************/ +int Csec_client_setVOMS_data(Csec_context_t *ctx, const char *voname, const char **fqan, const int nbfqan) +{ + char *func = "Csec_client_setVOMS_data"; + int i; + char **p = fqan; + char **q = NULL; + Csec_trace(func, "Entering\n"); + + if (ctx == NULL) { + serrno = EINVAL; + Csec_errmsg(func, "Context is NULL\n"); + return -1; + } + + if (!(ctx->flags & CSEC_CTX_INITIALIZED)) { + serrno = ESEC_CTX_NOT_INITIALIZED; + return -1; + } + + if (!Csec_context_is_client(ctx)) { + serrno = EINVAL; + Csec_errmsg(func, "Not a client context\n"); + return -1; + } + + if (voname == NULL || strlen(voname) > CA_MAXCSECNAMELEN) { + serrno = EINVAL; + Csec_errmsg(func, "Supplied vo name is invalid\n"); + return -1; + } + + /* TODO FIXME give away as soon as > 1 group is supported */ + if (nbfqan > 1) + nbfqan = 1; + + for (i=0; i < nbfqan; i++) { + if (!(p && *p && strlen(*p) < CA_MAXCSECNAMELEN)) { + serrno = EINVAL; + Csec_errmsg(func, "Supplied fqans are invalid\n"); + return -1; + } + p++; + } + + /* the values are sane, fill them in */ + p = fqan; + ctx->fqan = (char **) malloc(sizeof(char **)*nbfqan); + q = ctx->fqan; + + ctx->voname = strdup (voname); + ctx->nbfqan = nbfqan; + for (i=0; i < nbfqan; i++) { + *q = strdup(*p); + q++; + p++; + } + + ctx->flags |= CSEC_CTX_VOMS_AVAIL; + + return 0; +} /* Returns the VO name, if it could be retrieved via VOMS */ char *Csec_server_get_client_vo(Csec_context_t *ctx) { - if (ctx == NULL) return NULL; - return ctx->voname; + if (ctx == NULL) + return NULL; + return ctx->voname; } char **Csec_server_get_client_fqans(Csec_context_t *ctx, int *nbfqan) { - if (ctx == NULL) return NULL; - if (nbfqan != NULL) { - *nbfqan = ctx->nbfqan; - } - return ctx->fqan; + if (ctx == NULL) + return NULL; + if (nbfqan != NULL) { + *nbfqan = ctx->nbfqan; + } + return ctx->fqan; } + Index: security/Csec_plugin_GSS.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/security/Csec_plugin_GSS.c,v retrieving revision 1.11 diff -u -r1.11 Csec_plugin_GSS.c --- security/Csec_plugin_GSS.c 7 Dec 2005 10:11:08 -0000 1.11 +++ security/Csec_plugin_GSS.c 8 Dec 2005 16:05:19 -0000 @@ -1092,7 +1092,7 @@ } cred_desc = (gss_cred_id_desc *) cred; - + /* Getting the X509 certicate */ gsi_cred_handle = cred_desc->cred_handle; if (globus_gsi_cred_get_cert(gsi_cred_handle, &px509_cred) != GLOBUS_SUCCESS) { @@ -1124,8 +1124,8 @@ if ((*volist)->voname != NULL) { ctx->voname = strdup((*volist)->voname); } - - + + /* Counting the fqans before allocating the array */ while( volist[0]->fqan[i] != NULL) { i++; @@ -1144,6 +1144,8 @@ } /* if (nbfqan > 0) */ } + ctx-> flags |= CSEC_CTX_VOMS_AVAIL; + ret = 0; leave: Index: security/Csec_protocol_policy.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/security/Csec_protocol_policy.c,v retrieving revision 1.4 diff -u -r1.4 Csec_protocol_policy.c --- security/Csec_protocol_policy.c 7 Oct 2005 05:51:36 -0000 1.4 +++ security/Csec_protocol_policy.c 8 Dec 2005 16:05:19 -0000 @@ -342,6 +342,27 @@ ctx->client_authorization_mech[CA_MAXCSECPROTOLEN] = '\0'; ctx->client_authorization_id[CA_MAXCSECNAMELEN] = '\0'; ctx->flags |= CSEC_CTX_AUTHID_AVAIL; + + /* voms */ + unmarshall_LONG(p, l); + if (l) { + char **tmp; + /* get the voname */ + ctx->voname = (char *) malloc((CA_MAXCSECNAMELEN+1) * sizeof(char)); + unmarshall_STRINGN(p, ctx->voname, CA_MAXCSECNAMELEN); + ctx->voname[CA_MAXCSECNAMELEN-1] = '\0'; + + /* get the groupnames */ + unmarshall_LONG(p, ctx->nbfqan); + ctx->fqan = (char **) malloc(ctx->nbfqan * sizeof(char *)); + tmp = ctx->fqan; + for (l = 0; l < ctx->nbfqan; l++) { + *tmp = (char *) malloc((CA_MAXCSECNAMELEN+1)*sizeof(char)); + unmarshall_STRINGN(p, *tmp, CA_MAXCSECNAMELEN); + tmp++; + } + ctx->flags |= CSEC_CTX_VOMS_AVAIL; + } } unmarshall_LONG(p, l); @@ -598,6 +619,7 @@ unsigned long l, version, failure_reason; int i,j,rc; char *p; + char **tmp; Csec_trace(func,"Entering\n"); @@ -636,8 +658,24 @@ if (i) { marshall_STRING(p, ctx->client_authorization_mech); marshall_STRING(p, ctx->client_authorization_id); + + /* voms */ + if(ctx->voname != NULL) { + /* flag indicating the presence of VOMS credentials */ + marshall_LONG(p, 1); + marshall_STRING(p, ctx->voname); + /* marshall the groupnames */ + marshall_LONG(p, ctx->nbfqan); + tmp = ctx->fqan; + for (i = 0; i < ctx->nbfqan; i++) { + marshall_STRING(p, *tmp); + tmp++; + } + } else + marshall_LONG(p, 0); } + if (_add_to_bigbuf(func, &bigbuf, &bigbuf_size, tmpbuffer, &p) < 0) { return -1; } @@ -693,6 +731,8 @@ if (_add_to_bigbuf(func, &bigbuf, &bigbuf_size, tmpbuffer, &p) < 0) { return -1; } + + /* Send the packet to the server */ Index: security/Imakefile =================================================================== RCS file: /local/reps/lcgware/LCG-DM/security/Imakefile,v retrieving revision 1.6 diff -u -r1.6 Imakefile --- security/Imakefile 19 Oct 2005 08:47:54 -0000 1.6 +++ security/Imakefile 8 Dec 2005 16:05:19 -0000 @@ -44,7 +44,7 @@ #endif #if UseVOMS VOMS_INCLUDE=-I$(VOMS_LOCATION)/include -DUSE_VOMS -VOMS_LIB_NONPTHR=-L$(VOMS_LOCATION)/lib -lvomsc +VOMS_LIB_NONPTHR=-L$(VOMS_LOCATION)/lib -lvomsc_$(VOMS_FLAVOUR_NONPTHR) VOMS_LIB_PTHR=-L$(VOMS_LOCATION)/lib -lvomsc_$(VOMS_FLAVOUR) #endif #define GSIMech GSI Index: srmv1/Imakefile =================================================================== RCS file: /local/reps/lcgware/LCG-DM/srmv1/Imakefile,v retrieving revision 1.11 diff -u -r1.11 Imakefile --- srmv1/Imakefile 10 Jun 2005 23:44:11 -0000 1.11 +++ srmv1/Imakefile 8 Dec 2005 16:05:19 -0000 @@ -26,6 +26,17 @@ LIBS = -L../lib -ldpm $(LIBCSEC) SPOOL = Srmv1Spool LOGFILE = FileName($(SPOOL),log) + +#if UseVOMS +VOMSFLAG = -DUSE_VOMS -DVIRTUAL_ID +SECLIB = -L/opt/edg/lib/ -lcgsi_plugin_voms_gsoap_$(GSOAP_VERSION) $(GLOBUS_LIBS) -lvomsc +#else + +#if UseVirtualIds +VOMSFLAG = -DVIRTUAL_ID +#endif +#endif + #if UseOracle DBOBJS = ../dpm/dpm_oracle_ifce.Osuf ORAFLG = -DUSE_ORACLE @@ -46,7 +57,7 @@ -DLOGFILE=\"$(LOGFILE)\" \ $(ORAFLG) $(MYSFLG) $(CSECFLAG) -CFLAGS = -g -I$(INCLUDES) -I$(GSOAP) $(MTCCFLAGS) $(DFLAGS) $(ORAINC) $(MYSINC) +CFLAGS = -g -I$(INCLUDES) -I$(GSOAP) $(MTCCFLAGS) $(DFLAGS) $(ORAINC) $(MYSINC) $(VOMSFLAG) COMM######################### DEPENDENCY LIBRARIES ############### Index: srmv1/srm_util.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/srmv1/srm_util.c,v retrieving revision 1.2 diff -u -r1.2 srm_util.c --- srmv1/srm_util.c 8 Apr 2005 07:05:16 -0000 1.2 +++ srmv1/srm_util.c 8 Dec 2005 16:05:19 -0000 @@ -13,6 +13,45 @@ #include "srm_server.h" #include "stdsoap2.h" + +perform_auth(char **voname, char ***fqans, int *nbfqan, uid_t *uid, gid_t *gid, char *clientdn, struct soap *soap, char *func) +{ + int cc; + +#ifndef VIRTUAL_ID + if (get_client_id (soap, uid, gid) < 0) { + soap_sender_fault (soap, "Could not get user mapping", NULL); + return (SOAP_FAULT); + } + *fqans = NULL; + *nbfqan = 0; +#else +#ifdef USE_VOMS + *voname = get_client_voname(soap); + + *fqans = get_client_roles(soap, nbfqan); + srmlogit (func, "voname: %s\n", *voname); + if (*nbfqan > 1) { + srmlogit (func, "nbfqan: %d, fqans[0]: %s\n", *nbfqan, (*fqans)[0]); + /* TODO FIXME give away as soon as > 1 grous are supported */ + *nbfqan = 1; + } +#endif + srmlogit (func, "going to call getidmap\n"); + if ((cc = dpns_getidmap (clientdn, *nbfqan, *fqans, uid, gid))) { + soap_sender_fault (soap, "Could not get virtual id!\n", NULL); + return (SOAP_FAULT); + } + if (*uid == -1 || *gid == -1) { + srmlogit("Mapping was not found\n"); + soap_sender_fault (soap, "Could not get virtual id!\n", NULL); + return (SOAP_FAULT); + } + srmlogit(func, "obtained uid %d gid %d from dpns_getidmap()\n", *uid, *gid); +#endif + return 0; +} + get_client_id (soap, uid, gid) struct soap *soap; uid_t *uid; Index: srmv1/srmv1_procreq.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/srmv1/srmv1_procreq.c,v retrieving revision 1.16 diff -u -r1.16 srmv1_procreq.c --- srmv1/srmv1_procreq.c 20 Nov 2005 16:59:37 -0000 1.16 +++ srmv1/srmv1_procreq.c 8 Dec 2005 16:05:19 -0000 @@ -47,6 +47,9 @@ struct srm_srv_thread_info *thip = soap->user; uid_t uid; u_signed64 unique_id; + char *voname; + char **fqans; + int nbfqan = 0; strcpy (func, "put"); get_client_dn (soap, clientdn, sizeof(clientdn)); @@ -58,13 +61,16 @@ clienthost = hp->h_name; srmlogit (func, "request by %s from %s\n", clientdn, clienthost); - if (get_client_id (soap, &uid, &gid) < 0) { - soap_sender_fault (soap, "Could not get user mapping", NULL); - RETURN (SOAP_FAULT); - } + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) != 0) + return (SOAP_FAULT); + dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif + memset ((char *) &dpm_req, 0, sizeof(dpm_req)); dpm_req.ctime = time (0); if (surlarray) @@ -231,6 +237,9 @@ struct srm_srv_thread_info *thip = soap->user; uid_t uid; u_signed64 unique_id; + char *voname; + char **fqans; + int nbfqan = 0; strcpy (func, "get"); get_client_dn (soap, clientdn, sizeof(clientdn)); @@ -241,14 +250,17 @@ else clienthost = hp->h_name; srmlogit (func, "request by %s from %s\n", clientdn, clienthost); + + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) != 0) + return (SOAP_FAULT); - if (get_client_id (soap, &uid, &gid) < 0) { - soap_sender_fault (soap, "Could not get user mapping", NULL); - RETURN (SOAP_FAULT); - } dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif + memset ((char *) &dpm_req, 0, sizeof(dpm_req)); dpm_req.ctime = time (0); if (surlarray) @@ -410,6 +422,9 @@ struct srm_srv_thread_info *thip = soap->user; uid_t uid; u_signed64 unique_id; + char *voname; + char **fqans; + int nbfqan = 0; strcpy (func, "copy"); get_client_dn (soap, clientdn, sizeof(clientdn)); @@ -421,13 +436,16 @@ clienthost = hp->h_name; srmlogit (func, "request by %s from %s\n", clientdn, clienthost); - if (get_client_id (soap, &uid, &gid) < 0) { - soap_sender_fault (soap, "Could not get user mapping", NULL); - RETURN (SOAP_FAULT); - } + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) != 0) + return (SOAP_FAULT); + dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif + memset ((char *) &dpm_req, 0, sizeof(dpm_req)); dpm_req.ctime = time (0); if (from_surls) @@ -683,6 +701,9 @@ struct srm_srv_thread_info *thip = soap->user; char turl[CA_MAXSFNLEN+1]; uid_t uid; + char *voname; + char **fqans; + int nbfqan = 0; strcpy (func, "setFileStatus"); get_client_dn (soap, clientdn, sizeof(clientdn)); @@ -694,13 +715,16 @@ clienthost = hp->h_name; srmlogit (func, "request by %s from %s\n", clientdn, clienthost); - if (get_client_id (soap, &uid, &gid) < 0) { - soap_sender_fault (soap, "Could not get user mapping", NULL); - RETURN (SOAP_FAULT); - } + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) != 0) + return (SOAP_FAULT); + dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif + /* Allocate the reply structure */ if ((rep->_Result = soap_malloc (soap, sizeof(struct ns1__RequestStatus))) == NULL) @@ -1139,6 +1163,9 @@ struct Cns_filestatg st; struct srm_srv_thread_info *thip = soap->user; uid_t uid; + char *voname; + char **fqans; + int nbfqan = 0; strcpy (func, "getFileMetaData"); get_client_dn (soap, clientdn, sizeof(clientdn)); @@ -1150,17 +1177,22 @@ clienthost = hp->h_name; srmlogit (func, "request by %s from %s\n", clientdn, clienthost); + if (! surlarray) { soap_sender_fault (soap, "surlarray is required", NULL); RETURN (SOAP_FAULT); } - if (get_client_id (soap, &uid, &gid) < 0) { - soap_sender_fault (soap, "Could not get user mapping", NULL); - RETURN (SOAP_FAULT); - } + + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) != 0) + return (SOAP_FAULT); + Cns_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); Cns_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + Cns_client_setVOMS_data(voname, fqans, nbfqan); +#endif + nbreqfiles = surlarray->__size; if ((rep->_Result = soap_malloc (soap, sizeof(struct ArrayOfFileMetaData))) == NULL || (rep->_Result->__ptr = @@ -1310,6 +1342,9 @@ struct in_addr sin_addr; struct srm_srv_thread_info *thip = soap->user; uid_t uid; + char *voname; + char **fqans; + int nbfqan = 0; strcpy (func, "advisoryDelete"); get_client_dn (soap, clientdn, sizeof(clientdn)); @@ -1321,13 +1356,16 @@ clienthost = hp->h_name; srmlogit (func, "request by %s from %s\n", clientdn, clienthost); - if (get_client_id (soap, &uid, &gid) < 0) { - soap_sender_fault (soap, "Could not get user mapping", NULL); - RETURN (SOAP_FAULT); - } + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) != 0) + return (SOAP_FAULT); + dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif + if (! surlarray) { soap_sender_fault (soap, "surlarray is required", NULL); RETURN (SOAP_FAULT); Index: srmv2/Imakefile =================================================================== RCS file: /local/reps/lcgware/LCG-DM/srmv2/Imakefile,v retrieving revision 1.11 diff -u -r1.11 Imakefile --- srmv2/Imakefile 10 Jun 2005 23:44:11 -0000 1.11 +++ srmv2/Imakefile 8 Dec 2005 16:05:19 -0000 @@ -26,6 +26,17 @@ LIBS = -L../lib -ldpm $(LIBCSEC) SPOOL = Srmv2Spool LOGFILE = FileName($(SPOOL),log) + +#if UseVOMS +VOMSFLAG = -DUSE_VOMS -DVIRTUAL_ID +SECLIB = -L/opt/edg/lib/ -lcgsi_plugin_voms_gsoap_$(GSOAP_VERSION) $(GLOBUS_LIBS) -lvomsc +#else + +#if UseVirtualIds +VOMSFLAG = -DVIRTUAL_ID +#endif +#endif + #if UseOracle DBOBJS = ../dpm/dpm_oracle_ifce.Osuf ORAFLG = -DUSE_ORACLE Index: srmv2/srm_util.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/srmv2/srm_util.c,v retrieving revision 1.2 diff -u -r1.2 srm_util.c --- srmv2/srm_util.c 8 Apr 2005 07:05:16 -0000 1.2 +++ srmv2/srm_util.c 8 Dec 2005 16:05:19 -0000 @@ -13,6 +13,43 @@ #include "srm_server.h" #include "stdsoap2.h" +int perform_auth(char **voname, char ***fqans, int *nbfqan, uid_t *uid, gid_t *gid, char *clientdn, struct soap *soap, char *func) +{ + int cc; + +#ifndef VIRTUAL_ID + if (get_client_id (soap, uid, gid) < 0) { + soap_sender_fault (soap, "Could not get user mapping", NULL); + return (SOAP_FAULT); + } + *fqans = NULL; + *nbfqan = 0; +#else +#ifdef USE_VOMS + *voname = get_client_voname(soap); + + *fqans = get_client_roles(soap, nbfqan); + srmlogit (func, "voname: %s\n", *voname); + if (*nbfqan > 1) { + srmlogit (func, "nbfqan: %d, fqans[0]: %s\n", *nbfqan, (*fqans)[0]); + /* TODO FIXME give away as soon as > 1 grous are supported */ + *nbfqan = 1; + } +#endif + srmlogit (func, "going to call getidmap\n"); + if ((cc = dpns_getidmap (clientdn, *nbfqan, *fqans, uid, gid))) { + return -1; + } + if (*uid == -1 || *gid == -1) { + srmlogit("Mapping was not found\n"); + return -1; + } + srmlogit(func, "obtained uid %d gid %d from dpns_getidmap()\n", *uid, *gid); +#endif + return 0; +} + + get_client_id (soap, uid, gid) struct soap *soap; uid_t *uid; Index: srmv2/srmv2_dirreq.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/srmv2/srmv2_dirreq.c,v retrieving revision 1.12 diff -u -r1.12 srmv2_dirreq.c --- srmv2/srmv2_dirreq.c 22 Nov 2005 10:22:16 -0000 1.12 +++ srmv2/srmv2_dirreq.c 8 Dec 2005 16:05:19 -0000 @@ -34,7 +34,10 @@ struct in_addr sin_addr; struct srm_srv_thread_info *thip = soap->user; uid_t uid; - + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "Mkdir"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -54,7 +57,7 @@ repp->returnStatus->explanation = NULL; rep->srmMkdirResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); return (SOAP_OK); @@ -75,7 +78,10 @@ Cns_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); Cns_client_setAuthorizationId (uid, gid, "GSI", clientdn); - +#ifdef USE_VOMS + Cns_client_setVOMS_data(voname, fqans, nbfqan); +#endif + if (Cns_mkdir (sfn, 0755) < 0) { repp->returnStatus->explanation = soap_strdup (soap, sstrerror (serrno)); repp->returnStatus->statusCode = serrno2statuscode (serrno); @@ -98,6 +104,9 @@ struct in_addr sin_addr; struct srm_srv_thread_info *thip = soap->user; uid_t uid; + char *voname; + char **fqans; + int nbfqan = 0; strcpy (func, "Rmdir"); get_client_dn (soap, clientdn, sizeof(clientdn)); @@ -118,7 +127,7 @@ repp->returnStatus->explanation = NULL; rep->srmRmdirResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); return (SOAP_OK); @@ -143,6 +152,9 @@ Cns_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); Cns_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + Cns_client_setVOMS_data(voname, fqans, nbfqan); +#endif if (Cns_rmdir (sfn) < 0) { repp->returnStatus->explanation = soap_strdup (soap, sstrerror (serrno)); @@ -173,6 +185,9 @@ char **surls = NULL; struct srm_srv_thread_info *thip = soap->user; uid_t uid; + char *voname; + char **fqans; + int nbfqan = 0; strcpy (func, "Rm"); get_client_dn (soap, clientdn, sizeof(clientdn)); @@ -194,7 +209,7 @@ repp->arrayOfFileStatuses = NULL; rep->srmRmResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); return (SOAP_OK); @@ -230,6 +245,9 @@ dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); thip->errbuf[0] = '\0'; dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif if (dpm_rm (nbsurls, surls, &nbreplies, &filestatuses) < 0) { dpm_free_filest (nbreplies, filestatuses); @@ -471,6 +489,9 @@ struct in_addr sin_addr; struct srm_srv_thread_info *thip = soap->user; uid_t uid; + char *voname; + char **fqans; + int nbfqan = 0; strcpy (func, "Ls"); get_client_dn (soap, clientdn, sizeof(clientdn)); @@ -492,7 +513,7 @@ repp->returnStatus->explanation = NULL; rep->srmLsResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); return (SOAP_OK); @@ -527,6 +548,9 @@ Cns_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); Cns_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + Cns_client_setVOMS_data(voname, fqans, nbfqan); +#endif repp->details->__sizepathDetailArray = nbsurls; for (i = 0; i < nbsurls; i++) { @@ -561,6 +585,9 @@ struct in_addr sin_addr; struct srm_srv_thread_info *thip = soap->user; uid_t uid; + char *voname; + char **fqans; + int nbfqan = 0; strcpy (func, "Mv"); get_client_dn (soap, clientdn, sizeof(clientdn)); @@ -581,7 +608,7 @@ repp->returnStatus->explanation = NULL; rep->srmMvResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); return (SOAP_OK); @@ -610,6 +637,9 @@ Cns_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); Cns_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + Cns_client_setVOMS_data(voname, fqans, nbfqan); +#endif if (Cns_rename (sfn1, sfn2) < 0) { repp->returnStatus->explanation = soap_strdup (soap, sstrerror (serrno)); Index: srmv2/srmv2_permreq.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/srmv2/srmv2_permreq.c,v retrieving revision 1.5 diff -u -r1.5 srmv2_permreq.c --- srmv2/srmv2_permreq.c 22 Nov 2005 10:22:16 -0000 1.5 +++ srmv2/srmv2_permreq.c 8 Dec 2005 16:05:19 -0000 @@ -48,7 +48,10 @@ struct srm_srv_thread_info *thip = soap->user; struct Cns_acl tmpacl[CA_MAXACLENTRIES]; uid_t uid; - + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "SetPermission"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -66,7 +69,7 @@ repp->returnStatus->explanation = NULL; rep->srmSetPermissionResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); return (SOAP_OK); @@ -89,6 +92,10 @@ Cns_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); Cns_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + Cns_client_setVOMS_data(voname, fqans, nbfqan); +#endif + if (req->permissionType == ADD || req->permissionType == REMOVE || req->permissionType == CHANGE) { if ((nb_tmp_entries = Cns_getacl (sfn, CA_MAXACLENTRIES, tmpacl)) < 0) { Index: srmv2/srmv2_spacereq.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/srmv2/srmv2_spacereq.c,v retrieving revision 1.3 diff -u -r1.3 srmv2_spacereq.c --- srmv2/srmv2_spacereq.c 22 Nov 2005 10:22:16 -0000 1.3 +++ srmv2/srmv2_spacereq.c 8 Dec 2005 16:05:19 -0000 @@ -44,7 +44,11 @@ struct in_addr sin_addr; struct srm_srv_thread_info *thip = soap->user; uid_t uid; + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "ReserveSpace"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -64,7 +68,7 @@ repp->returnStatus->explanation = NULL; rep->srmReserveSpaceResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); RETURN (SOAP_OK); @@ -103,6 +107,9 @@ dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); thip->errbuf[0] = '\0'; dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif if (dpm_reservespace (s_type, req->userSpaceTokenDescription, req_t_space, req_g_space, req_lifetime, @@ -147,7 +154,11 @@ struct in_addr sin_addr; struct srm_srv_thread_info *thip = soap->user; uid_t uid; + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "ReleaseSpace"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -167,7 +178,7 @@ repp->returnStatus->explanation = NULL; rep->srmReleaseSpaceResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); RETURN (SOAP_OK); @@ -194,6 +205,9 @@ dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); thip->errbuf[0] = '\0'; dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif if (dpm_releasespace (req->spaceToken->value, force) < 0) { repp->returnStatus->statusCode = serrno2statuscode (serrno); @@ -226,6 +240,9 @@ struct in_addr sin_addr; struct srm_srv_thread_info *thip = soap->user; uid_t uid; + char *voname; + char **fqans; + int nbfqan = 0; strcpy (func, "UpdateSpace"); get_client_dn (soap, clientdn, sizeof(clientdn)); @@ -246,7 +263,7 @@ repp->returnStatus->explanation = NULL; rep->srmUpdateSpaceResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); RETURN (SOAP_OK); @@ -281,6 +298,9 @@ dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); thip->errbuf[0] = '\0'; dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif if (dpm_updatespace (req->spaceToken->value, req_t_space, req_g_space, req_lifetime, @@ -494,7 +514,10 @@ struct in_addr sin_addr; struct srm_srv_thread_info *thip = soap->user; uid_t uid; - + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "GetSpaceToken"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -513,7 +536,7 @@ repp->arrayOfPossibleSpaceTokens = NULL; rep->srmGetSpaceTokenResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); RETURN (SOAP_OK); @@ -532,7 +555,11 @@ dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); thip->errbuf[0] = '\0'; dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif + if (dpm_getspacetoken (req->userSpaceTokenDescription, &nbreplies, &s_tokens) < 0) { repp->returnStatus->statusCode = serrno2statuscode (serrno); for (i = 0; i < nbreplies; i++) Index: srmv2/srmv2_xferreq.c =================================================================== RCS file: /local/reps/lcgware/LCG-DM/srmv2/srmv2_xferreq.c,v retrieving revision 1.15 diff -u -r1.15 srmv2_xferreq.c --- srmv2/srmv2_xferreq.c 22 Nov 2005 10:22:16 -0000 1.15 +++ srmv2/srmv2_xferreq.c 8 Dec 2005 16:05:19 -0000 @@ -158,7 +158,10 @@ uid_t uid; u_signed64 unique_id; uuid_t uuid; - + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "PrepareToGet"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -182,13 +185,16 @@ repp->arrayOfFileStatuses = NULL; rep->srmPrepareToGetResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); RETURN (SOAP_OK); } dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif if (req->arrayOfFileRequests) nbreqfiles = req->arrayOfFileRequests->__sizegetRequestArray; @@ -382,7 +388,11 @@ uid_t uid; u_signed64 unique_id; uuid_t uuid; + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "PrepareToPut"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -406,13 +416,16 @@ repp->arrayOfFileStatuses = NULL; rep->srmPrepareToPutResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); RETURN (SOAP_OK); } dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif if (req->arrayOfFileRequests) nbreqfiles = req->arrayOfFileRequests->__sizeputRequestArray; @@ -607,7 +620,10 @@ uid_t uid; u_signed64 unique_id; uuid_t uuid; - + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "Copy"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -631,13 +647,16 @@ repp->arrayOfFileStatuses = NULL; rep->srmCopyResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); RETURN (SOAP_OK); } dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif if (req->arrayOfFileRequests) nbreqfiles = req->arrayOfFileRequests->__sizecopyRequestArray; @@ -864,7 +883,10 @@ char *surl; struct srm_srv_thread_info *thip = soap->user; uid_t uid; - + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "ReleaseFiles"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -885,13 +907,16 @@ repp->arrayOfFileStatuses = NULL; rep->srmReleaseFilesResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); RETURN (SOAP_OK); } Cns_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); Cns_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + Cns_client_setVOMS_data(voname, fqans, nbfqan); +#endif if (! req->requestToken) { repp->returnStatus->statusCode = SRM_USCORENOT_USCORESUPPORTED; @@ -988,7 +1013,10 @@ char **surls = NULL; struct srm_srv_thread_info *thip = soap->user; uid_t uid; - + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "PutDone"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -1009,7 +1037,7 @@ repp->arrayOfFileStatuses = NULL; rep->srmPutDoneResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); RETURN (SOAP_OK); @@ -1057,6 +1085,9 @@ dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); thip->errbuf[0] = '\0'; dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif if (dpm_putdone (req->requestToken->value, nbsurls, surls, &nbreplies, &filestatuses) < 0) { @@ -1101,7 +1132,10 @@ struct in_addr sin_addr; struct srm_srv_thread_info *thip = soap->user; uid_t uid; - + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "AbortRequest"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -1121,7 +1155,7 @@ repp->returnStatus->explanation = NULL; rep->srmAbortRequestResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); RETURN (SOAP_OK); @@ -1135,7 +1169,11 @@ dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); thip->errbuf[0] = '\0'; dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif + if (dpm_abortreq (req->requestToken->value) < 0) { repp->returnStatus->statusCode = serrno2statuscode (serrno); if (*thip->errbuf) { @@ -1827,7 +1865,10 @@ struct in_addr sin_addr; struct srm_srv_thread_info *thip = soap->user; uid_t uid; - + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "ExtendFileLifeTime"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -1847,7 +1888,7 @@ repp->returnStatus->explanation = NULL; rep->srmExtendFileLifeTimeResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); RETURN (SOAP_OK); @@ -1879,7 +1920,10 @@ dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); thip->errbuf[0] = '\0'; dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); - +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif + if (dpm_extendfilelife (req->requestToken->value, req->siteURL->value, req->newLifeTime ? req->newLifeTime->value : 0, &actual_lifetime) < 0) { repp->newTimeExtended = NULL; @@ -1916,7 +1960,11 @@ struct dpm_tokeninfo *tokeninfos = NULL; char u_token[256]; uid_t uid; + char *voname; + char **fqans; + int nbfqan = 0; + strcpy (func, "GetRequestID"); get_client_dn (soap, clientdn, sizeof(clientdn)); sin_addr.s_addr = htonl (soap->ip); @@ -1936,7 +1984,7 @@ repp->returnStatus->explanation = NULL; rep->srmGetRequestIDResponse = repp; - if (get_client_id (soap, &uid, &gid) < 0) { + if (perform_auth(&voname, &fqans, &nbfqan, &uid, &gid, &clientdn[0], soap, func) < 0) { repp->returnStatus->statusCode = SRM_USCOREAUTHENTICATION_USCOREFAILURE; repp->returnStatus->explanation = soap_strdup (soap, "Could not get user mapping"); RETURN (SOAP_OK); @@ -1944,6 +1992,9 @@ dpm_seterrbuf (thip->errbuf, sizeof(thip->errbuf)); thip->errbuf[0] = '\0'; dpm_client_setAuthorizationId (uid, gid, "GSI", clientdn); +#ifdef USE_VOMS + dpm_client_setVOMS_data(voname, fqans, nbfqan); +#endif memset (u_token, 0, sizeof(u_token)); if (req->userRequestDescription) {