Adding authorization plugins

In addition to the three standard authorization plugins, new plugins may be written. The plugins have to be provided as shared objects. When the LCAS receives an authorization request, it uses dlopen to open the plugin shared object. The interface of the plugins to the LCAS consists of the following three functions, which are called in order with a dlsym call by the LCAS:

• int plugin_initialize(int argc, char **argv):
  Everything that is needed to initialize the plugin should be put inside this function. Arguments as read from the LCAS database (argc, argv) are passed to the plugin.

• int plugin_confirm_authorization(lcas_request_t request, lcas_cred_id_t lcas_cred):
  By this call, the LCAS asks the plugin for authorization by passing the request in RSL (later JDL) and the user credential (lcas_cred). The user credential will contain information on the role the user wants to play. In the RSL (JDL) the user might specify the resources he wants to use. The authorization decision has to be made using this information. The LCAS provides no library for parsing the RSL (JDL).
• int plugin_terminate():
  Whatever is needed to terminate the plugin module goes in here.

If these symbols cannot be found by LCAS at runtime, an error occurs, resulting in an authorization failure. More information on the plugin interface can be found in the apidoc documentation for the plugin interface. The LCAS Library also contains utilities for logging, file checking and (extremely simple) LCAS credential handling. The API to be used by the LCAS plugins can be found in the apidoc documentation for the API for the plugins. In order to use these utilities a line like

#include "lcas_modules.h"

has to appear in the plugin source. A line similar to

-I $GLOBUS_LOCATION/include/gcc32dbg -I /opt/edg/include/lcas

has to be added to the compilation command line in order to include the LCAS and GLOBUS include directories.

To make life easier for the plugin developer an example plugin has been written in C, which is available in the LCAS cvs repository. The example plugin is built using autotools (automake, autoconf, libtool), for which the files configure.in and Makefile.am have to be present. The source code can be found here. The new plugin can be tested without having a functioning edg-gatekeeper by running the program lcas-test in the src directory of the LCAS cvs repository, which is basically a copy of the part of the edg-gatekeeper that contacts the LCAS.