00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00049
00050
00051
00052 #include "lcas_config.h"
00053 #include <stdio.h>
00054 #include <stdlib.h>
00055 #include <string.h>
00056
00057 #if HAVE_MALLOC_H
00058 # include <malloc.h>
00059 #endif
00060
00061
00062 #if HAVE_DLFCN_H
00063 # include <dlfcn.h>
00064 #endif
00065
00066 #include <gssapi.h>
00067
00068
00069 #include "lcas_types.h"
00070 #include "_lcas_utils.h"
00071 #include "_lcas_defines.h"
00072 #include "_lcas_log.h"
00073 #include "_lcas_db_read.h"
00074
00075
00076
00077
00078
00079
00080 #ifndef NUL
00081 #define NUL '\0'
00082 #endif
00083
00084
00085 #define MAXAUTHMODS 3
00086 #define MAXPROCS 3
00088
00089
00090
00091 #define FAILED_LCAS_USERALLOW 1
00093 #define FAILED_LCAS_USERBAN 2
00095 #define FAILED_LCAS_CLOCKCHECK 3
00097 #define FAILED_LCAS_OTHER 4
00098 #define FAILED_LCAS_PLUGIN 5
00101 #ifndef APIMAJORVERSION
00102 # define APIMAJORVERSION -1
00103 #endif
00104 #ifndef APIMINORVERSION
00105 # define APIMINORVERSION -1
00106 #endif
00107 #ifndef APIPATCHVERSION
00108 # define APIPATCHVERSION -1
00109 #endif
00110
00111
00112
00113
00119 enum lcas_proctype_e
00120 {
00121 INITPROC,
00122 AUTHPROC,
00123 TERMPROC,
00124 ENDOFPROCS
00125 };
00126
00132 typedef int (*lcas_proc_t)();
00133
00144 typedef struct lcas_plugindl_s
00145 {
00146 void * handle;
00147 lcas_proc_t procs[MAXPROCS];
00148 char pluginname[LCAS_MAXPATHLEN+1];
00149 char pluginargs[LCAS_MAXARGSTRING+1];
00150 int argc;
00151 char * argv[LCAS_MAXARGS];
00152 struct lcas_plugindl_s * next;
00153 }
00154 lcas_plugindl_t;
00155
00156
00157
00158
00159 static lcas_plugindl_t * PluginInit(lcas_db_entry_t *, lcas_plugindl_t **);
00160 static lcas_proc_t get_procsymbol(void *, char *);
00161 static int print_lcas_plugin(int, lcas_plugindl_t *);
00162 static int parse_args_plugin(const char *, const char *, char **, int *);
00163 static int clean_plugin_list(lcas_plugindl_t **);
00164
00165
00166
00167
00168 static lcas_cred_id_t lcas_cred;
00169 static int lcas_initialized = 0;
00170 static char * lcas_db_file_default = NULL;
00171 static char * lcas_dir = NULL;
00172 static lcas_plugindl_t * plugin_list = NULL;
00173 static lcas_plugindl_t * authmod_list = NULL;
00174 static char * authmods[MAXAUTHMODS][2] = {
00175 {(char *) NULL, (char *) NULL},
00176 {(char *) NULL, (char *) NULL},
00177 {(char *) NULL, (char *) NULL}
00178 };
00179
00180
00181
00182
00183
00184
00185
00186
00187
00188 int getMajorVersionNumber() { return (int)(APIMAJORVERSION); }
00189 int getMinorVersionNumber() { return (int)(APIMINORVERSION); }
00190 int getPatchVersionNumber() { return (int)(APIPATCHVERSION); }
00191
00192
00193
00194
00195
00196
00197
00198
00199
00200
00201
00202
00203
00204
00205
00206
00207
00208
00209
00210
00211 int lcas_init(
00212 FILE* fp
00213 )
00214 {
00215 lcas_db_entry_t ** lcas_db_handle=NULL;
00216 lcas_db_entry_t ** lcas_mod_handle=NULL;
00217 lcas_db_entry_t * lcas_mod_db=NULL;
00218 lcas_db_entry_t lcas_mod_entry;
00219 lcas_db_entry_t * ihandle=NULL;
00220 lcas_plugindl_t * plugin_entry=NULL;
00221 lcas_plugindl_t * authmod_entry=NULL;
00222 char * lcas_db_file=NULL;
00223 int ientry;
00224 int i;
00225
00226 if (lcas_initialized)
00227 {
00228 if (lcas_log(0,"LCAS already initialized\n") != 0)
00229 {
00230 fprintf(stderr,"LCAS already initialized, but wrongly\n");
00231 goto fail_lcas_init;
00232 }
00233 return 0;
00234 }
00235
00236
00237
00238 lcas_log_open(NULL,fp,DO_USRLOG);
00239 lcas_log_debug(0,"\n");
00240 lcas_log(LOG_NOTICE,"Initialization LCAS version %s\n",VERSION);
00241
00242
00243 lcas_dir = getenv("LCAS_DIR");
00244 lcas_dir = (lcas_dir ? lcas_dir : LCAS_ETC_HOME );
00245 lcas_db_file_default = getenv("LCAS_DB_FILE");
00246 lcas_db_file_default = (lcas_db_file_default ? lcas_db_file_default : "lcas.db" );
00247
00248 lcas_db_file=lcas_genfilename(lcas_dir, lcas_db_file_default, NULL);
00249
00250
00251
00252
00253
00254
00255
00256 lcas_mod_entry.next=NULL;
00257 lcas_mod_handle=&lcas_mod_db;
00258 for (i=0; i < MAXAUTHMODS; ++i)
00259 {
00260 if (authmods[i][0] == NULL) break;
00261 *(lcas_mod_entry.pluginname)=NUL;
00262 *(lcas_mod_entry.pluginargs)=NUL;
00263 if (authmods[i][0] != NULL)
00264 {
00265 strncpy(lcas_mod_entry.pluginname,authmods[i][0],LCAS_MAXPATHLEN);
00266 (lcas_mod_entry.pluginname)[LCAS_MAXPATHLEN]=NUL;
00267 }
00268 if (authmods[i][1] != NULL)
00269 {
00270 strncpy(lcas_mod_entry.pluginargs,authmods[i][1],LCAS_MAXARGSTRING);
00271 (lcas_mod_entry.pluginargs)[LCAS_MAXARGSTRING]=NUL;
00272 }
00273 lcas_log_debug(1,"lcas.mod-lcas_init(): creating db structure for authorization module %s\n",
00274 authmods[i][0]);
00275 if (lcas_db_fill_entry(lcas_mod_handle, &lcas_mod_entry) == NULL)
00276 {
00277 lcas_log(0,"lcas.mod-lcas_init() error: Cannot create standard authorization module (%d-%s) db structure\n",
00278 i,authmods[i][0]);
00279 goto fail_lcas_init;
00280 }
00281 }
00282
00283
00284
00285
00286
00287
00288 ientry=0;
00289 ihandle=*lcas_mod_handle;
00290 while (ihandle)
00291 {
00292 if (strlen(ihandle->pluginname) > 0)
00293 {
00294 lcas_log_debug(1,"lcas.mod-lcas_init(): initializing standard module %s (db entry %d)\n",
00295 ihandle->pluginname, ientry);
00296 if ((authmod_entry=PluginInit(ihandle,&authmod_list)) == NULL)
00297 {
00298 lcas_log(0,"lcas.mod-lcas_init(): error initializing standard module : %s\n",
00299 ihandle->pluginname);
00300 goto fail_lcas_init;
00301 }
00302 }
00303 ientry++;
00304 ihandle=ihandle->next;
00305 }
00306
00307
00308
00309
00310
00311 lcas_log_debug(0,"lcas.mod-lcas_init(): Reading LCAS database %s\n",
00312 lcas_db_file);
00313 lcas_db_handle=lcas_db_read(lcas_db_file);
00314 if (lcas_db_handle == NULL)
00315 {
00316 lcas_log(0,"lcas.mod-lcas_init(): Failed to read LCAS database %s\n",
00317 lcas_db_file);
00318 goto fail_lcas_init;
00319 }
00320
00321
00322
00323
00324
00325 ientry=0;
00326 ihandle=*lcas_db_handle;
00327 while (ihandle)
00328 {
00329 if (strlen(ihandle->pluginname) > 0)
00330 {
00331 lcas_log_debug(1,"lcas.mod-lcas_init(): initializing plugin %s (db entry %d)\n",
00332 ihandle->pluginname, ientry);
00333 if ((plugin_entry=PluginInit(ihandle,&plugin_list)) == NULL)
00334 {
00335 lcas_log(0,"lcas.mod-lcas_init(): error initializing plugin: %s\n",ihandle->pluginname);
00336 goto fail_lcas_init;
00337 }
00338
00339
00340
00341
00342 authmod_entry=authmod_list;
00343 while (authmod_entry)
00344 {
00345 if ( (strncmp(authmod_entry->pluginname,
00346 plugin_entry->pluginname,
00347 LCAS_MAXPATHLEN) == 0)
00348 )
00349 {
00350 lcas_log(0,"lcas.mod-lcas_init() error: plugin %s already registered as\n",
00351 plugin_entry->pluginname);
00352 lcas_log(0," standard authorization module\n");
00353 goto fail_lcas_init;
00354 }
00355 authmod_entry=authmod_entry->next;
00356 }
00357
00358 }
00359 ientry++;
00360 ihandle=ihandle->next;
00361 }
00362
00363 authmod_entry=authmod_list;
00364 while (authmod_entry)
00365 {
00366 print_lcas_plugin(2,authmod_entry);
00367 lcas_log_debug(2,"\n");
00368 authmod_entry=authmod_entry->next;
00369 }
00370
00371 plugin_entry=plugin_list;
00372 while (plugin_entry)
00373 {
00374 print_lcas_plugin(2,plugin_entry);
00375 lcas_log_debug(2,"\n");
00376 plugin_entry=plugin_entry->next;
00377 }
00378
00379
00380 if(lcas_db_clean_list(&lcas_mod_db))
00381 {
00382 lcas_log(0,"lcas.mod-lcas_init() error: could not clean up authmod db structure\n");
00383 goto fail_lcas_init;
00384 }
00385
00386 if (lcas_db_clean())
00387 {
00388 lcas_log(0,"lcas.mod-lcas_init() error: could not clean up plugin db structure\n");
00389 goto fail_lcas_init;
00390 }
00391
00392
00393 if (lcas_db_file) free(lcas_db_file);
00394 lcas_initialized++;
00395 return 0;
00396
00397 fail_lcas_init:
00398
00399 lcas_db_clean_list(&lcas_mod_db);
00400 lcas_db_clean();
00401 if (clean_plugin_list(&plugin_list)!=0)
00402 {
00403 lcas_log(0,"lmas.mod-lcas_init() error: could not clean up plugin list\n");
00404 }
00405 if (lcas_db_file) free(lcas_db_file);
00406
00407 return 1;
00408 }
00409
00410
00411
00412
00413
00414
00415
00416
00417
00418
00419
00420
00421
00422
00423
00424
00443 static lcas_plugindl_t * PluginInit(
00444 lcas_db_entry_t * db_handle,
00445 lcas_plugindl_t ** list
00446 )
00447 {
00448 char * name;
00449 #if 0
00450 char * names[5]={NULL,NULL,NULL,NULL,NULL};
00451 #endif
00452 char * pname=NULL;
00453 char * args=NULL;
00454 #if 0
00455 char * db;
00456 char * dbs[5]={NULL,NULL,NULL,NULL,NULL};
00457 char * pdb=NULL;
00458 #endif
00459 void * plugin_handle;
00460 lcas_proc_t plugin_procs[MAXPROCS];
00461 lcas_plugindl_t * pplugin=NULL;
00462 int i;
00463 int retval;
00464
00465 name = db_handle->pluginname;
00466 #if 0
00467 db = db_handle->pluginargs;
00468 #endif
00469 args = db_handle->pluginargs;
00470
00471
00472 #if 0
00473 names[0]=lcas_genfilename(NULL,name,NULL);
00474 names[1]=lcas_genfilename("modules",name,NULL);
00475 names[2]=lcas_genfilename(LCAS_MOD_HOME,name,NULL);
00476 names[3]=lcas_genfilename(LCAS_LIB_HOME,name,NULL);
00477 names[4]=lcas_genfilename(LCAS_ETC_HOME,name,NULL);
00478 pname=lcas_getfexist(5,names[0],
00479 names[1],names[2],
00480 names[3],names[4]
00481 );
00482 #endif
00483 pname = lcas_findfile(name);
00484 if (pname == NULL)
00485 {
00486 lcas_log(0,
00487 "lcas.mod-PluginInit(): plugin %s not found\n",
00488 name
00489 );
00490 goto fail_PluginInit;
00491 }
00492
00493 #if 0
00494
00495 if (strlen(db) > 0)
00496 {
00497 dbs[0]=lcas_genfilename(NULL,db,NULL);
00498 dbs[1]=lcas_genfilename("modules",db,NULL);
00499 dbs[2]=lcas_genfilename(LCAS_ETC_HOME,db,NULL);
00500 dbs[3]=lcas_genfilename(LCAS_MOD_HOME,db,NULL);
00501 dbs[4]=lcas_genfilename(LCAS_LIB_HOME,db,NULL);
00502 pdb=lcas_getfexist(5,dbs[0],
00503 dbs[1],dbs[2],
00504 dbs[3],dbs[4]
00505 );
00506 }
00507 #endif
00508
00509
00510 plugin_handle=dlopen(pname,RTLD_NOW);
00511
00512 if (!plugin_handle)
00513 {
00514 lcas_log(0,"lcas.mod-PluginInit(): dlopen error for %s:\n %s\n",
00515 pname,dlerror()
00516 );
00517 goto fail_PluginInit;
00518 }
00519
00520
00521 for (i=0; i < MAXPROCS; ++i)
00522 {
00523 switch (i)
00524 {
00525 case INITPROC:
00526 plugin_procs[i]=get_procsymbol(plugin_handle,"plugin_initialize");
00527 if (plugin_procs[i] == NULL)
00528 {
00529 lcas_log(0,"lcas.mod-PluginInit(): plugin %s not compliant\n",
00530 name);
00531 lcas_log(0,"lcas.mod-PluginInit(): missing function \"plugin_initialize()\"\n");
00532 goto fail_PluginInit;
00533 }
00534 else
00535 {
00536 lcas_log_debug(2,"lcas.mod-PluginInit(): found \"plugin_initialize()\"\n");
00537 }
00538 break;
00539 case AUTHPROC:
00540 plugin_procs[i]=get_procsymbol(plugin_handle,"plugin_confirm_authorization");
00541 if (plugin_procs[i] == NULL)
00542 {
00543 lcas_log(0,"lcas.mod-PluginInit(): plugin %s not compliant\n",
00544 name);
00545 lcas_log(0,"lcas.mod-PluginInit(): missing function \"plugin_confirm_authorization()\"\n");
00546 goto fail_PluginInit;
00547 }
00548 else
00549 {
00550 lcas_log_debug(2,"lcas.mod-PluginInit(): found \"plugin_confirm_authorization()\"\n");
00551 }
00552 break;
00553 case TERMPROC:
00554 plugin_procs[i]=get_procsymbol(plugin_handle,"plugin_terminate");
00555 if (plugin_procs[i] == NULL)
00556 {
00557 lcas_log(0,"lcas.mod-PluginInit(): plugin %s not compliant\n",
00558 name);
00559 lcas_log(0,"lcas.mod-PluginInit(): missing function \"plugin_terminate()\"\n");
00560 goto fail_PluginInit;
00561 }
00562 else
00563 {
00564 lcas_log_debug(2,"lcas.mod-PluginInit(): found \"plugin_terminate()\"\n");
00565 }
00566 break;
00567 default:
00568
00569 plugin_procs[i]=NULL;
00570 break;
00571 }
00572 }
00573
00574 if (!*list)
00575 {
00576 lcas_log_debug(2,"lcas.mod-PluginInit(): creating first pluginlist entry\n");
00577 *list=pplugin=(lcas_plugindl_t *)malloc(sizeof(lcas_plugindl_t));
00578 }
00579 else
00580 {
00581 lcas_log_debug(2,"lcas.mod-PluginInit(): creating new pluginlist entry\n");
00582 pplugin=*list;
00583 while (pplugin->next) pplugin=pplugin->next;
00584 pplugin=pplugin->next=(lcas_plugindl_t *)malloc(sizeof(lcas_plugindl_t));
00585 }
00586 if (!pplugin)
00587 {
00588 lcas_log(0,"lcas.mod-PluginInit(): error creating new pluginlist entry\n");
00589 goto fail_PluginInit;
00590 }
00591
00592 pplugin->next=NULL;
00593 pplugin->handle=plugin_handle;
00594 for (i=0; i < MAXPROCS; ++i)
00595 pplugin->procs[i]=plugin_procs[i];
00596 if (pname != NULL)
00597 {
00598 strncpy(pplugin->pluginname,pname,LCAS_MAXPATHLEN);
00599 (pplugin->pluginname)[LCAS_MAXPATHLEN]=NUL;
00600 }
00601 else
00602 strncpy(pplugin->pluginname,"",LCAS_MAXPATHLEN);
00603
00604 if (args != NULL)
00605 {
00606 strncpy(pplugin->pluginargs,args,LCAS_MAXARGSTRING);
00607 (pplugin->pluginargs)[LCAS_MAXARGSTRING]=NUL;
00608 }
00609 else
00610 strncpy(pplugin->pluginargs,"",LCAS_MAXARGSTRING);
00611
00612
00613 if (parse_args_plugin(pname,args,pplugin->argv,&(pplugin->argc)) )
00614 {
00615 lcas_log(0,"lcas.mod-PluginInit(): Could not parse arguments for plugin module %s\n",
00616 pname);
00617 goto fail_PluginInit;
00618 }
00619 for (i=0; i < pplugin->argc; ++i)
00620 lcas_log_debug(4,"%s arg %d = %s\n",pname,i,(pplugin->argv)[i]);
00621
00622
00623
00624 #if 0
00625 retval=(*(pplugin->procs[INITPROC]))(pplugin->pluginargs);
00626 #endif
00627 retval=(*(pplugin->procs[INITPROC]))(pplugin->argc,pplugin->argv);
00628 if (retval != LCAS_MOD_SUCCESS )
00629 {
00630 lcas_log(0,"lcas.mod-PluginInit(): \"plugin_initialize()\" failed\n");
00631 goto fail_PluginInit;
00632 }
00633 else
00634 {
00635 lcas_log_debug(2,"lcas.mod-PluginInit(): \"plugin_initialize()\" succeeded\n");
00636 }
00637
00638
00639
00640 if (pname) { free(pname); pname=NULL; }
00641 #if 0
00642 for (i=0; i < 5; ++i)
00643 {
00644 if (names[i]) free(names[i]);
00645 if (dbs[i]) free(dbs[i]);
00646 }
00647 #endif
00648
00649 return pplugin;
00650
00651 fail_PluginInit:
00652 if (pname) { free(pname); pname=NULL; }
00653 #if 0
00654 for (i=0; i < 5; ++i)
00655 {
00656 if (names[i]) free(names[i]);
00657 if (dbs[i]) free(dbs[i]);
00658 }
00659 #endif
00660 return NULL;
00661 }
00662
00663
00664
00665
00666
00667
00668
00669
00670
00671
00672
00673
00674
00675
00676
00695 static int parse_args_plugin(
00696 const char * name,
00697 const char * argstring,
00698 char ** xargv,
00699 int * xargc
00700 )
00701 {
00702 int len=0;
00703 int i;
00704 int rc;
00705
00706
00707 len=strlen(name);
00708 if ( (len > 0) && (len < LCAS_MAXPATHLEN) )
00709 {
00710 xargv[0]=(char *)malloc(len+1);
00711 if (xargv[0] != NULL)
00712 strncpy(xargv[0],name,len+1);
00713 else
00714 return 1;
00715 }
00716
00717 *xargc=LCAS_MAXARGS-1;
00718 if ( (rc=lcas_tokenize(argstring, &xargv[1], xargc, " \t\n")) )
00719 {
00720 lcas_log(0,"lcas.mod-parse_args_plugin(): something wrong parsing arguments of %s, rc=%d\n",
00721 name, rc);
00722 (*xargc)++;
00723 return 1;
00724 }
00725 (*xargc)++;
00726 lcas_log_debug(3,"lcas.mod-parse_args_plugin(): Found %d arguments:\n", *xargc);
00727 for (i=0; i < *xargc; i++)
00728 lcas_log_debug(3,"lcas.mod-parse_args_plugin(): %d --> %s\n", i, xargv[i]);
00729
00730 return 0;
00731 }
00732
00733
00734
00735
00736
00737
00738
00739
00740
00741
00742
00743
00744
00756 static lcas_proc_t get_procsymbol(
00757 void * handle,
00758 char * symname
00759 )
00760 {
00761 lcas_proc_t symhandle;
00762 char *error;
00763
00764 symhandle=dlsym(handle,symname);
00765 if ((error = dlerror()) != NULL)
00766 {
00767 lcas_log(0,"lcas.mod-get_procsymbol(): dlsym error: %s",error);
00768 return NULL;
00769 }
00770 return symhandle;
00771 }
00772
00773
00774
00775
00776
00777
00778
00779
00780
00781
00782
00783
00784
00796 static int clean_plugin_list(
00797 lcas_plugindl_t ** list
00798 )
00799 {
00800 int rc;
00801 lcas_plugindl_t * plugin_entry=NULL;
00802
00803 plugin_entry=*list;
00804 while (plugin_entry)
00805 {
00806 lcas_plugindl_t * plugin_next;
00807 int i;
00808
00809 rc = plugin_entry->procs[TERMPROC]();
00810 if (rc != LCAS_MOD_SUCCESS)
00811 {
00812 lcas_log(0,"lcas.mod-clean_plugin_list(): failed to terminate plugin module %s\n",
00813 plugin_entry->pluginname);
00814 }
00815 lcas_log_debug(1, "lcas.mod-clean_plugin_list(): plugin module %s terminated\n",
00816 plugin_entry->pluginname);
00817 dlclose(plugin_entry->handle);
00818
00819 plugin_next=plugin_entry->next;
00820 for (i=0; i < plugin_entry->argc; i++)
00821 {
00822 if ((plugin_entry->argv)[i] != NULL)
00823 {
00824 lcas_log_debug(3,"Freeing %d - %s\n",i,(plugin_entry->argv)[i]);
00825 free((plugin_entry->argv)[i]);
00826 }
00827 }
00828 free(plugin_entry);
00829 plugin_entry=plugin_next;
00830 }
00831 *list=plugin_entry=NULL;
00832 return 0;
00833 }
00834
00835
00836
00837
00838
00839
00840
00841
00842
00843
00844
00845
00846
00859 static int print_lcas_plugin(
00860 int debug_lvl,
00861 lcas_plugindl_t * plugin
00862 )
00863 {
00864 int i=0;
00865
00866 lcas_log_debug(debug_lvl,"\tplugin name : %s\n",plugin->pluginname);
00867 lcas_log_debug(debug_lvl,"\tplugin arguments : %s\n",plugin->pluginargs);
00868 lcas_log_debug(debug_lvl,"\tplugin address : %x\n",plugin);
00869 lcas_log_debug(debug_lvl,"\tplugin size : %d\n",sizeof(lcas_plugindl_t));
00870 lcas_log_debug(debug_lvl,"\tplugin handle : %x\n",plugin->handle);
00871 lcas_log_debug(debug_lvl,"\tplugin_initialize() : %x\n",plugin->procs[INITPROC]);
00872 lcas_log_debug(debug_lvl,"\tplugin_confirm_authorization(): %x\n",plugin->procs[AUTHPROC]);
00873 lcas_log_debug(debug_lvl,"\tplugin_terminate() : %x\n",plugin->procs[TERMPROC]);
00874 lcas_log_debug(debug_lvl,"\tplugin argc : %d\n",plugin->argc);
00875 for (i=0; i < plugin->argc; i++)
00876 lcas_log_debug(debug_lvl,"\tplugin argv[%2d] : %s\n",i,(plugin->argv)[i]);
00877 lcas_log_debug(debug_lvl,"\tplugin next : %x\n",plugin->next);
00878 if (plugin->next != NULL)
00879 lcas_log_debug(debug_lvl,"\tplugin_next : %s\n",(plugin->next)->pluginname);
00880 else
00881 lcas_log_debug(debug_lvl,"\tplugin_next : last plugin in list\n");
00882
00883 return 1;
00884 }
00885
00886
00887
00888
00889
00890
00891
00892
00893
00894
00895
00896
00897
00898 #if ALLOW_EMPTY_CREDENTIALS
00899 int lcas_get_fabric_authorization(
00900 char * user_dn_tmp,
00901 gss_cred_id_t user_cred,
00902 lcas_request_t request
00903 )
00904 #else
00905 int lcas_get_fabric_authorization(
00906 gss_cred_id_t user_cred,
00907 lcas_request_t request
00908 )
00909 #endif
00910 {
00911 char * user_dn = NULL;
00912 int rc;
00913 int retval;
00914 int lcas_authorized=0;
00915
00916 lcas_plugindl_t * plugin_entry;
00917 lcas_plugindl_t * authmod_entry;
00918
00919
00920
00921 lcas_authorized=0;
00922
00923 if (lcas_initialized == 0)
00924 {
00925 fprintf(stderr,"LCAS has to be initialized first !\n");
00926 retval = FAILED_LCAS_OTHER;
00927 goto fail_lcas_get_fabric_authorization;
00928 }
00929 lcas_log_debug(0,"\n");
00930 lcas_log(LOG_NOTICE,"LCAS authorization request\n");
00931
00932
00933
00934
00935 if ( lcas_fill_cred(user_dn_tmp, user_cred, &lcas_cred) != 0)
00936 {
00937 lcas_log(0,"lcas.mod-lcas_get_fabric_authorization() error: could not create lcas credential, something wrong\n");
00938 lcas_log(0," : with user DN and user credential\n");
00939 retval = FAILED_LCAS_OTHER;
00940 goto fail_lcas_get_fabric_authorization;
00941 }
00942 user_dn = lcas_get_dn(lcas_cred);
00943 if (user_dn == NULL)
00944 {
00945 lcas_log(0, "lcas.mod-lcas_get_fabric_authorization() error: user DN empty\n");
00946 retval = FAILED_LCAS_OTHER;
00947 goto fail_lcas_get_fabric_authorization;
00948 }
00949
00950 lcas_log_debug(0, "lcas.mod-lcas_get_fabric_authorization(): user is %s\n", user_dn);
00951
00952
00953
00954
00955 authmod_entry=authmod_list;
00956 while (authmod_entry)
00957 {
00958 rc = authmod_entry->procs[AUTHPROC](request, lcas_cred);
00959 if (rc != LCAS_MOD_SUCCESS)
00960 {
00961 lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): authorization failed for standard module %s\n",
00962 authmod_entry->pluginname);
00963 retval = FAILED_LCAS_PLUGIN;
00964 goto fail_lcas_get_fabric_authorization;
00965 }
00966 lcas_log_debug(0, "lcas.mod-lcas_get_fabric_authorization(): authorization granted by standard module %s\n",
00967 authmod_entry->pluginname);
00968 lcas_authorized++;
00969
00970 authmod_entry=authmod_entry->next;
00971 }
00972
00973
00974
00975
00976 plugin_entry=plugin_list;
00977 while (plugin_entry)
00978 {
00979 rc = plugin_entry->procs[AUTHPROC](request, lcas_cred);
00980 if (rc != LCAS_MOD_SUCCESS)
00981 {
00982 lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): authorization failed for plugin %s\n",
00983 plugin_entry->pluginname);
00984 retval = FAILED_LCAS_PLUGIN;
00985 goto fail_lcas_get_fabric_authorization;
00986 }
00987 lcas_log_debug(0, "lcas.mod-lcas_get_fabric_authorization(): authorization granted by plugin %s\n",
00988 plugin_entry->pluginname);
00989 lcas_authorized++;
00990
00991 plugin_entry=plugin_entry->next;
00992 }
00993
00994
00995
00996
00997
00998
00999
01000
01001
01002
01003 if ( !(lcas_authorized > 0) )
01004 {
01005 lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): No authorization modules were called (check lcas db file)\n");
01006 retval = FAILED_LCAS_OTHER;
01007 goto fail_lcas_get_fabric_authorization;
01008 }
01009 else
01010 lcas_log_debug(2,"lcas.mod-lcas_get_fabric_authorization(): %d modules authorized you\n",lcas_authorized);
01011
01012
01013 lcas_release_cred(&lcas_cred);
01014 lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): succeeded\n");
01015 return 0;
01016
01017 fail_lcas_get_fabric_authorization:
01018
01019 lcas_release_cred(&lcas_cred);
01020 lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): failed\n");
01021 return retval;
01022 }
01023
01024
01025
01026
01027
01028
01029
01030
01031
01032
01033
01034 int lcas_term()
01035 {
01036 int rc;
01037 lcas_plugindl_t * plugin_entry;
01038 lcas_plugindl_t * authmod_entry;
01039
01040 lcas_log_debug(0,"\n");
01041 lcas_log(LOG_NOTICE,"Termination LCAS\n");
01042
01043
01044
01045
01046 authmod_entry=authmod_list;
01047 while (authmod_entry)
01048 {
01049 lcas_plugindl_t * authmod_next;
01050 int i;
01051
01052 rc = authmod_entry->procs[TERMPROC]();
01053 if (rc != LCAS_MOD_SUCCESS)
01054 {
01055 lcas_log(0,"lcas.mod-lcas_term(): failed to terminate standard module %s\n",
01056 authmod_entry->pluginname);
01057 return 1;
01058 }
01059 lcas_log_debug(1, "lcas.mod-lcas_term(): standard module %s terminated\n",
01060 authmod_entry->pluginname);
01061
01062 authmod_next=authmod_entry->next;
01063 for (i=0; i < authmod_entry->argc; i++)
01064 {
01065 if ((authmod_entry->argv)[i] != NULL)
01066 {
01067 lcas_log_debug(3,"Freeing %d - %s\n",i,(authmod_entry->argv)[i]);
01068 free((authmod_entry->argv)[i]);
01069 }
01070 }
01071 free(authmod_entry);
01072 authmod_entry=authmod_next;
01073 }
01074 authmod_list=authmod_entry=NULL;
01075
01076
01077
01078
01079
01080 plugin_entry=plugin_list;
01081 while (plugin_entry)
01082 {
01083 lcas_plugindl_t * plugin_next;
01084 int i;
01085
01086 rc = plugin_entry->procs[TERMPROC]();
01087 if (rc != LCAS_MOD_SUCCESS)
01088 {
01089 lcas_log(0,"lcas.mod-lcas_term(): failed to terminate plugin module %s\n",
01090 plugin_entry->pluginname);
01091 return 1;
01092 }
01093 lcas_log_debug(1, "lcas.mod-lcas_term(): plugin module %s terminated\n",
01094 plugin_entry->pluginname);
01095
01096 plugin_next=plugin_entry->next;
01097 for (i=0; i < plugin_entry->argc; i++)
01098 {
01099 if ((plugin_entry->argv)[i] != NULL)
01100 {
01101 lcas_log_debug(3,"Freeing %d - %s\n",i,(plugin_entry->argv)[i]);
01102 free((plugin_entry->argv)[i]);
01103 }
01104 }
01105 free(plugin_entry);
01106 plugin_entry=plugin_next;
01107 }
01108 plugin_list=plugin_entry=NULL;
01109
01110
01111
01112
01113
01114
01115 lcas_initialized=0;
01116 return 0;
01117 }
01118
01119
01120
01121
01122
01123
01124
01125