00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066
00067
00068
00069
00070
00071
00072
00073
00074 #include "lcas_config.h"
00075 #include <stdio.h>
00076 #include <stdlib.h>
00077 #include <string.h>
00078
00079 #if HAVE_MALLOC_H
00080 #include <malloc.h>
00081 #endif
00082
00083 #include "lcas_modules.h"
00084 #include "lcas_gridlist.h"
00085
00086
00087
00088
00089
00090 #define USE_GRIDMAP 1
00091
00092
00093
00094
00095 static char * modname="lcas_userallow.mod";
00096 static char * userallow_db = NULL;
00097
00098
00099
00100
00101
00102
00103
00104
00105
00106
00107
00108
00109
00110 #if 0
00111 int plugin_initialize(char * plugin_db)
00112 #endif
00113 int plugin_initialize(int argc, char ** argv)
00114 {
00115 int rc;
00116 char * dummy = NULL;
00117
00118 #if USE_GRIDMAP
00119
00120 rc = lcas_gridlist("\0", &dummy, NULL, MATCH_ONLY_DN, NULL, NULL);
00121 if ( rc == LCAS_MOD_NOFILE )
00122 {
00123 lcas_log(LOG_NOTICE,"\t%s-plugin_initialize() error: cannot find gridmap file\n",
00124 modname);
00125 if (dummy != NULL) free(dummy);
00126 return LCAS_MOD_NOFILE;
00127 }
00128 #else
00129 int i;
00130
00131 lcas_log_debug(1,"%s-plugin_initialize(): passed arguments:\n", modname);
00132 for (i=0; i < argc; i++)
00133 {
00134 lcas_log_debug(1,"%s-plugin_initialize(): arg %d is %s\n",
00135 modname,i,argv[i]);
00136 }
00137
00138
00139 if (argc > 1)
00140 userallow_db = lcas_findfile(argv[1]);
00141
00142
00143 if (userallow_db == NULL)
00144 {
00145 lcas_log(0,"\t%s-plugin_initialize() error: allowed user file required !\n",
00146 modname);
00147 return LCAS_MOD_NOFILE;
00148 }
00149 if (lcas_getfexist(1,userallow_db) == NULL)
00150 {
00151 lcas_log(0,
00152 "\t%s-plugin_initialize() error: Cannot find allowed user file: %s\n",
00153 modname,userallow_db
00154 );
00155 return LCAS_MOD_NOFILE;
00156 }
00157 #endif
00158 if (dummy != NULL) free(dummy);
00159 return LCAS_MOD_SUCCESS;
00160 }
00161
00162
00163
00164
00165
00166
00167
00168
00169
00170
00171
00172
00173
00174
00175
00176
00177 int
00178 plugin_confirm_authorization(lcas_request_t request, lcas_cred_id_t lcas_cred)
00179 {
00180 int rc;
00181 char * dummy = NULL;
00182 char * user_dn = NULL;
00183
00184
00185
00186
00187 if ( (user_dn = lcas_get_dn(lcas_cred)) == NULL)
00188 {
00189 lcas_log(0, "lcas.mod-lcas_get_fabric_authorization() error: user DN empty\n");
00190 goto lcas_userallow_noauth;
00191 }
00192
00193
00194 #if USE_GRIDMAP
00195 lcas_log_debug(0,
00196 "\t%s-plugin_confirm_authorization(): checking allowed users in gridmapfile\n",
00197 modname);
00198 lcas_log_debug(0,
00199 "\t%s-plugin_confirm_authorization(): checking user %s\n",modname,user_dn);
00200
00201 rc = lcas_gridlist(user_dn, &dummy, NULL, MATCH_ONLY_DN, NULL, NULL);
00202 lcas_log_debug(1,"got rc = %d from lcas_gridlist()\n",rc);
00203 #else
00204 lcas_log_debug(0,
00205 "\t%s-plugin_confirm_authorization(): checking allowed users in %s\n",
00206 modname,userallow_db);
00207
00208 rc = lcas_gridlist(user_dn, &dummy, userallow_db, MATCH_ONLY_DN, NULL, NULL);
00209 lcas_log_debug(1,"got rc = %d from lcas_gridlist()\n",rc);
00210 #endif
00211 if ( rc == LCAS_MOD_NOENTRY )
00212 {
00213
00214 lcas_log(0,"\t%s-plugin_confirm_authorization(): no entry found for %s\n",
00215 modname,user_dn);
00216 goto lcas_userallow_noauth;
00217 }
00218 else if ( rc == LCAS_MOD_NOFILE )
00219 {
00220
00221 lcas_log(0,
00222 #if USE_GRIDMAP
00223 "\t%s-plugin_confirm_authorization() error: Cannot find gridmapfile\n",
00224 modname);
00225 #else
00226 "\t%s-plugin_confirm_authorization() error: Cannot find allowed user file: %s\n",
00227 modname,userallow_db);
00228 #endif
00229 goto lcas_userallow_nofile;
00230 }
00231
00232 lcas_userallow_auth:
00233
00234 if (dummy != NULL) free(dummy);
00235 return LCAS_MOD_SUCCESS;
00236
00237 lcas_userallow_noauth:
00238
00239 if (dummy != NULL) free(dummy);
00240 return LCAS_MOD_FAIL;
00241
00242 lcas_userallow_nofile:
00243
00244 if (dummy != NULL) free(dummy);
00245 return LCAS_MOD_NOFILE;
00246 }
00247
00248
00249
00250
00251
00252
00253
00254
00255
00256
00257
00258 int plugin_terminate()
00259 {
00260 lcas_log_debug(1,"%s-plugin_terminate(): terminating\n",modname);
00261 if (userallow_db) { free(userallow_db); userallow_db=NULL; }
00262
00263 return LCAS_MOD_SUCCESS;
00264 }