---

lcmaps_jobrep.c

Go to the documentation of this file.

/*
 * Copyright (c) 2001 EU DataGrid.                                                                             
 * For license conditions see http://www.eu-datagrid.org/license.html                                          
 *
 * Copyright (c) 2001, 2002 by
 *     Oscar Koeroo <okoeroo@nikhef.nl>
 *     NIKHEF Amsterdam, the Netherlands
 */

/*****************************************************************************
                            Include header files
******************************************************************************/
#include "lcmaps_config.h"
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <string.h>
#include <pwd.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include "gssapi.h"

#include "lcmaps_modules.h"
#include "lcmaps_arguments.h"
#include "lcmaps_cred_data.h"
#include "lcmaps_voms_utils.h"
#include "lcmaps_vo_data.h"

#include "voms_apic.h"
#include "globus_gss_assist.h"

#include "jobrep_api.h"

//#undef TESTBIO
//#define TESTBIO
#ifdef TESTBIO
#    include <openssl/pem.h>
#    include <openssl/bio.h>
#endif


/******************************************************************************
                                Definitions
******************************************************************************/

#define VOMS_BUFFER_SIZE  1024

// What do we want to do with this time presentation?
#define GMT               1
#define LOCAL             2
#define LEAVE_TIME_ITS_OK 3

/******************************************************************************
                          Module specific prototypes
******************************************************************************/
//static void print_vomsdata(struct vomsdata *);
void print_vomsdata(struct vomsdata *);
//static char *gridmapdir_urlencode(char *);
static struct tm * ASN1_TIME_2_time_t(ASN1_TIME *);
char * sttm_2_char (const struct tm *);

int strnclean (char **s, int bufsize);
int strclean  (char **s);


char * createFQAN(char *, char *, char *, char *);
char * tripletLine2FQAN (char *);

static int lcmaps_get_jobrep_config(
        const char *,
        char **
);

#ifdef TESTBIO
static STACK_OF(X509) *load_chain(char *certfile);
static char *retmsg[] = { "VERR_NONE", "VERR_NOSOCKET", "VERR_NOIDENT", "VERR_COMM", 
                          "VERR_PARAM", "VERR_NOEXT", "VERR_NOINIT",
                          "VERR_TIME", "VERR_IDCHECK", "VERR_EXTRAINFO",
                          "VERR_FORMAT", "VERR_NODATA", "VERR_PARSE",
                          "VERR_DIR", "VERR_SIGN", "VERR_SERVER", 
                          "VERR_MEM", "VERR_VERIFY", "VERR_IDENT",
                          "VERR_TYPE", "VERR_ORDER" };
#endif

/******************************************************************************
                       Define module specific variables
******************************************************************************/

static char * jobrep_config = NULL;
static char * connStr = NULL;
static char * certdir = NULL;
static char * vomsdir = NULL;
//static char   voms_buffer[VOMS_BUFFER_SIZE];


/*****************************************************************************/




/******************************************************************************
Function:   tripletLine2FQAN
Description:
         This function extracts the triplet information from the tripletLine 
         string and returns a FQAN. The tripletLine is in the same format as
         the vomapfile (or grid-mapfile) and the groupmapfile.
         This format is also supported with voms2gacl to get the VOMS info
         in a GACL file. Here it functions to convert the compare the different
         formats to the (standard) FQAN.

Parameters:
         tripletLine
 
Returns:
    !NULL              : succes
    NULL               : failure
******************************************************************************/

char * tripletLine2FQAN (char * tripletLine)
{
    char * pTL   = tripletLine;
    char   vo    [100];
    char   group [100];
    char   role  [100];
    char   cap   [100];
    int    i     = 0;
    char * search = NULL;

    for (i = 0; i < 100; i++) { vo[i] = group[i] = role[i] = cap[i] = '\0'; }


    while (strlen(pTL) > 0)
    {
        i = 0;
        if (strncmp(pTL, "/VO=", strlen("/VO=")) == 0)
        {
            // Shift prefix
            pTL += strlen("/VO=");

            // Search for next prefix, if found then copy the offset
            search = pTL;
            while (strlen(search) > 0)
            {
                if ((strncmp(search, "/VO=", strlen("/VO=")) == 0) || 
                    (strncmp(search, "/GROUP=", strlen("/GROUP=")) == 0) || 
                    (strncmp(search, "/ROLE=", strlen("/ROLE=")) == 0)   ||
                    (strncmp(search, "/CAPABILITY=", strlen("/CAPABILITY=")) == 0))
                {
                    break;
                }
                i++;
                search++;
            }

            strncpy(vo, pTL, i);
            pTL += strlen(vo);
        }

        i = 0;

        if (strncmp(pTL, "/GROUP=", strlen("/GROUP=")) == 0)
        {
            pTL += strlen("/GROUP=");

            // Search for next prefix, if found then copy the offset
            search = pTL;
            while (strlen(search) > 0)
            {
                if ((strncmp(search, "/VO=", strlen("/VO=")) == 0) ||
                    (strncmp(search, "/GROUP=", strlen("/GROUP=")) == 0) ||
                    (strncmp(search, "/ROLE=", strlen("/ROLE=")) == 0)   ||
                    (strncmp(search, "/CAPABILITY=", strlen("/CAPABILITY=")) == 0))
                {
                    break;
                }

                i++;
                search++;
            }
 
            strncpy(group, pTL, i);
            pTL += strlen(group);
        }

        i = 0;
        if (strncmp(pTL, "/ROLE=", strlen("/ROLE=")) == 0)
        {
            pTL += strlen("/ROLE=");

            // Search for next prefix, if found then copy the offset
            search = pTL;
            while (strlen(search) > 0)
            {
                if ((strncmp(search, "/VO=", strlen("/VO=")) == 0) ||
                    (strncmp(search, "/GROUP=", strlen("/GROUP=")) == 0) ||
                    (strncmp(search, "/ROLE=", strlen("/ROLE=")) == 0)   ||
                    (strncmp(search, "/CAPABILITY=", strlen("/CAPABILITY=")) == 0))
                {
                    break;
                }

                i++;
                search++;
            }

            strncpy(role, pTL, i);
            pTL +=  strlen(role) - 1;
        }

        i = 0;
        if (strncmp(pTL, "/CAPABILITY=", strlen("/CAPABILITY=")) == 0)
        {
            pTL += strlen("/CAPABILITY=");

            // Search for next prefix, if found then copy the offset
            search = pTL;
            while (strlen(search) > 0)
            {
                if ((strncmp(search, "/VO=", strlen("/VO=")) == 0) ||
                    (strncmp(search, "/GROUP=", strlen("/GROUP=")) == 0) ||
                    (strncmp(search, "/ROLE=", strlen("/ROLE=")) == 0)   ||
                    (strncmp(search, "/CAPABILITY=", strlen("/CAPABILITY=")) == 0))
                {
                    break;
                }
                i++;
                search++;
            }
 
            strncpy(cap, pTL, i);
            pTL +=  strlen(cap) - 1;
        }

        pTL++;
    }
//    lcmaps_log(0, " >> vo: %s (%d)  group: %s (%d)  role: %s (%d)  cap: %s (%d)  <<\n", vo, strlen(vo), group, strlen(group), role, strlen(role), cap, strlen(cap));

    return createFQAN (vo, group, role, cap);
}



/******************************************************************************
Function:   createFQAN
Description:
            Builds a FQAN of the vo, group, role and cap (capability) parameters
Parameters:
            char * vo, group, role, cap
Returns:
    !NULL              : succes
    NULL               : failure
******************************************************************************/ 
char * createFQAN(char * vo, char * group, char * role, char * cap)
{
    static char * fqan = NULL;
    int    i    = 0;

    if ((group == NULL) || (strlen(group) < 1))
        return NULL;


    // EVIL BUG FIX! - Because of " " in front of the Role
    if ((role != NULL) && (strlen(role) > 1) && (role[0] == ' ')) {  role++;  }

 
    fqan = malloc (250 * sizeof(char));
    for (i = 0; i < 250; i++)  { fqan[i] = '\0'; }

    // FQAN building ...
    sprintf(fqan, "%s", group);
    
    if ((role != NULL) && (strcmp(role, "NULL") != 0) && (strlen(role) > 0))
        sprintf(fqan, "%s/Role=%s", fqan, role);

    if ((cap != NULL)  && (strcmp(cap, "NULL") != 0)  && (strlen(cap) > 0)) 
        sprintf(fqan, "%s/Capability=%s", fqan, cap);

    return fqan;
}


#ifdef TESTBIO
static STACK_OF(X509) *load_chain(char *certfile)
{
    STACK_OF(X509_INFO) *sk=NULL;
    STACK_OF(X509) *stack=NULL, *ret=NULL;
    BIO *in=NULL;
    X509_INFO *xi;
    int first = 1;
    char * logstr = "load_chain";

    if(!(stack = sk_X509_new_null()))
    {
        lcmaps_log(2, "%s: memory allocation failure\n", logstr);
        goto end;
    }

    if(!(in=BIO_new_file(certfile, "r")))
    {
        lcmaps_log(2, "%s: error opening the file, %s\n", logstr,certfile);
        goto end;
    }

    /* This loads from a file, a stack of x509/crl/pkey sets */
    if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL)))
    {
        lcmaps_log(2, "%s: error reading the file, %s\n", logstr,certfile);
        goto end;
    }

    /* scan over it and pull out the certs */
    while (sk_X509_INFO_num(sk))
    {
        /* skip first cert */
        if (first)
        {
            first = 0;
            continue;
        }
        xi=sk_X509_INFO_shift(sk);
        if (xi->x509 != NULL)
        {
            sk_X509_push(stack,xi->x509);
            xi->x509=NULL;
        }
        X509_INFO_free(xi);
    }
    if(!sk_X509_num(stack))
    {
        lcmaps_log(2, "%s: no certificates in file, %s\n", logstr,certfile);
        sk_X509_free(stack);
        goto end;
    }
    ret=stack;
end:
    BIO_free(in);
    sk_X509_INFO_free(sk);
    return(ret);
}
#endif

/******************************************************************************
Function:   plugin_initialize
Description:
    Initialize plugin
Parameters:
    argc, argv
    argv[0]: the name of the plugin
Returns:
    LCMAPS_MOD_SUCCESS : succes
    LCMAPS_MOD_FAIL    : failure
    LCMAPS_MOD_NOFILE  : db file not found (will halt LCMAPS initialization)
******************************************************************************/
int plugin_initialize(
        int argc,
        char ** argv
)
{
    char * logstr = "\tlcmaps_plugin_jobrepository-plugin_initialize()";
    int i;

    connStr = (char *) malloc (sizeof(char) * 1000);
    for (i = 0; i < 1000; i++) connStr[i] = '\0';
 
    lcmaps_log_debug(1,"%s: passed arguments:\n", logstr);
    for (i=0; i < argc; i++)
    {
       lcmaps_log_debug(2,"%s: arg %d is %s\n", logstr, i, argv[i]);
    }
 
    /*
     * CERTDIR = The directory which contains the CA certificates
     * VOMSDIR = The directory which contains the certificates of the VOMS servers 
     */
 
    /*
     * Parse arguments, argv[0] = name of plugin, so start with i = 1
     */
    for (i = 1; i < argc; i++)
    {
        if ( ((strcmp(argv[i], "-vomsdir") == 0) ||
              (strcmp(argv[i], "-VOMSDIR") == 0))
             && (i + 1 < argc))
        {
            if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
            {
                 vomsdir = strdup(argv[i + 1]);
            }
            i++;
        }
        else if ( ((strcmp(argv[i], "-certdir") == 0) ||
                   (strcmp(argv[i], "-CERTDIR") == 0))
                   && (i + 1 < argc))
        {
            if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
            {
                 certdir = strdup(argv[i + 1]);
            }
            i++;
        }

        else if ( ( (strcmp(argv[i], "-JR_CONFIG") == 0) || (strcmp(argv[i], "-jr_config") == 0) )
                  && (i + 1 < argc) )
        {
            lcmaps_get_jobrep_config(argv[i + 1], &jobrep_config);

            if (strlen(connStr) == 0)
                strncpy(connStr, jobrep_config, strlen(jobrep_config));
            else
                sprintf(connStr, "%s;%s", connStr, jobrep_config);

            i++;
        }


        // Due to security compromise reasons, this should not be possible to be connecting with:
        else if ( (strncmp(argv[i], "DSN=",      4) == 0) ||
                  (strncmp(argv[i], "HOST=",     5) == 0) ||
                  (strncmp(argv[i], "USER=",     5) == 0) ||
                  (strncmp(argv[i], "PASS=",     5) == 0) ||
                  (strncmp(argv[i], "DRIVER=",   7) == 0) ||
                  (strncmp(argv[i], "DATABASE=", 9) == 0) ||
                  (strncmp(argv[i], "PORT=",     5) == 0) ||
                  (strncmp(argv[i], "PASSWORD=", 9) == 0) ||
                  (strncmp(argv[i], "SERVER=",   7) == 0) ||
                  (strncmp(argv[i], "driver=",   7) == 0) ||
                  (strncmp(argv[i], "dsn=",      4) == 0) ||
                  (strncmp(argv[i], "host=",     5) == 0) ||
                  (strncmp(argv[i], "user=",     5) == 0) ||
                  (strncmp(argv[i], "port=",     5) == 0) ||
                  (strncmp(argv[i], "database=", 9) == 0) ||
                  (strncmp(argv[i], "server=",   7) == 0) ||
                  (strncmp(argv[i], "port=",     5) == 0) ||
                  (strncmp(argv[i], "password=", 9) == 0) ||
                  (strncmp(argv[i], "pass=",     5) == 0) )
        {
            if (strlen(connStr) == 0)
                strncpy(connStr, argv[i], strlen(argv[i]));
            else
                sprintf(connStr, "%s;%s", connStr, argv[i]);
        }
        else
        {
            lcmaps_log(0,"%s: Error in initialization parameter: %s (failure)\n", logstr,
                       argv[i]);
            return LCMAPS_MOD_FAIL;
        }
    }

    lcmaps_log(1,"%s: Initialization succeeded\n", logstr);
    return LCMAPS_MOD_SUCCESS;
} 


/******************************************************************************
Function:   plugin_introspect
Description:
    return list of required arguments
Parameters:

Returns:
    LCMAPS_MOD_SUCCESS : succes
    LCMAPS_MOD_FAIL    : failure
******************************************************************************/
int plugin_introspect(
        int * argc,
        lcmaps_argument_t ** argv
)
{
    char * logstr = "\tlcmaps_plugin_voms-plugin_introspect()";
    static lcmaps_argument_t argList[] = {
        { "user_dn"     , "char *"           ,  1, NULL},
        { "user_cred"   , "gss_cred_id_t"    ,  0, NULL},
        { "job_request" , "char *"           ,  0, NULL},
        { NULL          , NULL               , -1, NULL}
    };

    lcmaps_log_debug(1,"%s: introspecting\n", logstr);

    *argv = argList;
    lcmaps_log_debug(4,"%s: before lcmaps_cntArgs()\n", logstr);
    *argc = lcmaps_cntArgs(argList);
    lcmaps_log_debug(1,"%s: address first argument: 0x%x\n", logstr,argList);

    lcmaps_log(1,"%s: Introspect succeeded\n", logstr);
    return LCMAPS_MOD_SUCCESS;
}


/******************************************************************************
Function:   plugin_run
Description:
    Gather credentials for LCMAPS
Parameters:
    argc: number of arguments
    argv: list of arguments
Returns:
    LCMAPS_MOD_SUCCESS: authorization succeeded
    LCMAPS_MOD_FAIL   : authorization failed
******************************************************************************/
int plugin_run(
        int argc,
        lcmaps_argument_t * argv
)
{
    char             *  logstr      = "\tlcmaps_plugin_jobrepository-plugin_run()";
    int                 tryCnt      = 0;
    int                 connected   = 0;
    FILE             *  tmpFile     = NULL;
    char             *  dn          = NULL;
    char             *  rsl         = NULL; 
    struct vomsdata  *  vd          = NULL;
    struct voms      ** vo          = NULL;
    struct voms      *  v           = NULL;

    uid_t            *  uid         = NULL;
    int                 cntUid = 0;
    gid_t            *  priGid      = NULL;
    int                 cntPriGid = 0;
    gid_t            *  secGid      = NULL;
    int                 cntSecGid = 0;
    struct passwd    *  user_info   = NULL;
    struct group     *  group_info  = NULL;

    char             *  datetime;
    time_t              clock;
    struct tm        *  tmpTime;

    TResultSet       *  resultSet = NULL;
    char                query[1000000];
    char             *  user_id = NULL;
    char             *  credential_id = NULL;
    char             *  credential_group_id = NULL;
    char             *  cert_id = NULL;

    STACK_OF(X509)   *  dupChain = NULL;
    TSimpleCert      *  MySimpleStack= NULL;
    int                 certCount = 0;

    int                 i = 0, 
                        j = 0, 
                        k = 0;

    lcmaps_vo_mapping_t * vo_mapping = NULL;




#ifdef TESTBIO
    int err;
    int res = 0;
    BIO *in = NULL;
    X509 *x = NULL;
    STACK_OF(X509) *chain = NULL;
#else
    int                 errNo       = 0;
    gss_cred_id_t    *  pcred       = NULL;
    gss_cred_id_t       cred        = GSS_C_NO_CREDENTIAL;
    X509             *  px509_cred  = NULL;
    STACK_OF(X509)   *  px509_chain = NULL;
#endif


 
    /*
     * The beginning
     */

    time(&clock);
    tmpTime = gmtime(&clock);
    datetime = malloc(sizeof(char) * 20);
    snprintf(datetime, 20, "%04d-%02d-%02d %02d:%02d:%02d",
           tmpTime->tm_year + 1900, tmpTime->tm_mon + 1, tmpTime->tm_mday,
           tmpTime->tm_hour, tmpTime->tm_min, tmpTime->tm_sec);


    /*
     *
     * Inserting a user's certificate chain when needed (if it's not there yet... insert it))
     *
     */

#ifdef TESTBIO
#else
    /* Fetch user gss credential */
    if ( ( pcred = (gss_cred_id_t *) lcmaps_getArgValue("user_cred", "gss_cred_id_t", argc, argv) ) )
    {
        lcmaps_log_debug(2,"%s: address user_cred: %p\n", logstr,pcred);
        cred = *pcred;
        if (cred == GSS_C_NO_CREDENTIAL)
        {
            lcmaps_log(0,"%s: user gss credential is empty ! (exit voms)\n", logstr);
            goto fail_jobrep;
        }
    }
    else
    {
        lcmaps_log(0,"%s: could not get address of user_cred (exit voms)!\n", logstr);
        goto fail_jobrep;
    }
#endif


    /* Testing */
#undef EXPORT_CREDENTIAL
#if EXPORT_CREDENTIAL
    if (cred)
    {
        gss_buffer_desc                 deleg_proxy_filename;
        OM_uint32         major_status = 0;
        OM_uint32         minor_status = 0;
        
        major_status = gss_export_cred(&minor_status,
                                       cred,
                                       NULL,
                                       1,
                                       &deleg_proxy_filename);

        if (major_status == GSS_S_COMPLETE)
        {
            char *                     cp;

            lcmaps_log_debug(1,"%s: deleg_proxy_filename.value: %s\n", logstr,
                               deleg_proxy_filename.value);
            cp = strchr((char *)deleg_proxy_filename.value, '=');
            *cp = '\0';
            cp++;
            setenv((char *)deleg_proxy_filename.value, cp, 1);
            free(deleg_proxy_filename.value);
        }
        else
        {
            char *                      error_str = NULL;
            globus_object_t *           error_obj;

            error_obj = globus_error_get((globus_result_t) minor_status);
            
            error_str = globus_error_print_chain(error_obj);
            lcmaps_log(0,"%s: Error, gss_export_cred(): %s\n", logstr,error_str);
            goto fail_jobrep;
        }
    }
#endif /* EXPORT_CREDENTIAL */



#ifdef TESTBIO
#else
    /*
     * Retrieve a newly created X509 struct and X509 chain from gss credential (should be freed)
     */
    if ( ( px509_cred = lcmaps_cred_to_x509(cred) ) )
    {
        lcmaps_log_debug(1,"%s: found X509 struct inside gss credential\n", logstr);
        lcmaps_log_debug(5,"%s: just for kicks: X509->name %s\n", logstr,px509_cred->name);
    }
    else
    {
        lcmaps_log(0,"%s: could not get X509 cred (exit jobrep)!\n", logstr);
        goto fail_jobrep;
    }
    if ( ( px509_chain = lcmaps_cred_to_x509_chain(cred) ) )
    {
        lcmaps_log_debug(1,"%s: found X509 chain inside gss credential\n", logstr);
    }
    else
    {
        lcmaps_log(0,"%s: could not get X509 chain (exit voms)!\n", logstr);
        goto fail_jobrep;
    }
#endif

    lcmaps_log_debug(1,"%s: vomsdir = %s\n", logstr, vomsdir);
    lcmaps_log_debug(1,"%s: certdir = %s\n", logstr, certdir);
    if ((vd = VOMS_Init(vomsdir, certdir)) == NULL)
    {
        lcmaps_log(0,"%s: failed to initialize voms data structure, so we can skip the gathering of al the VOMS stuff and go with classic support\n", logstr);
        // Go Classic Mode!
    }
    lcmaps_log_debug(1,"%s: voms data structure initialized\n", logstr);


    


#ifdef TESTBIO
    in = BIO_new(BIO_s_file());
//    chain = load_chain("/home/gridtest/cvs/fabric_mgt/gridification/lcmaps/modules/voms/x509up_u500");

    lcmaps_log(5, "%s: load chain...\n", logstr);
    chain = load_chain(getenv("X509_USER_PROXY"));
    lcmaps_log(5, "%s: loaded chain\n", logstr);
    if (in)
    {
        if (BIO_read_filename(in, getenv("X509_USER_PROXY")) > 0)
        {
            x = PEM_read_bio_X509(in, NULL, 0, NULL);

            res = VOMS_Retrieve(x, chain, RECURSE_CHAIN, vd, &err);

            if (res)
                print_vomsdata(vd);
            else
                lcmaps_log(1, "%s: ERROR!\n", logstr);
        }
    }
    else
    {
        lcmaps_log(1, "Error: No BIO File!\n");
    }

    if (!res)
    {
        lcmaps_log(1, "%s: err: %s\n", logstr, retmsg[err]);
    }


    // Check is the chain is there
    if (chain != NULL)
#else
    if (VOMS_Retrieve(px509_cred, px509_chain, RECURSE_CHAIN, vd, &errNo))
    {
        lcmaps_log_debug(3, "%s: VOMS extensions extracted from proxy certificate\n", logstr);
    }

    else if (errNo == VERR_NOEXT)
    {
        lcmaps_log(0,"%s: VOMS extensions missing from certificate (no yet failure)!\n", logstr);
//        goto fail_voms;
    }
    else if (errNo == VERR_IDCHECK)
    {
        lcmaps_log(0,"%s: VOMS User data in extension different from the real ones (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_TIME)
    {
        lcmaps_log(0,"%s: VOMS extensions expired for at least one of the VOs (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_ORDER)
    {
        lcmaps_log(0,"%s: The ordering of the VOMS groups, as required by the client, was not delivered by VOMS (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_NOSOCKET)
    {
        lcmaps_log(0,"%s: VOMS Socket problem (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_NOIDENT)
    {
        lcmaps_log(0,"%s: VOMS Cannot identify itself (certificate problem) (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_COMM)
    {
        lcmaps_log(0,"%s: VOMS server problem (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_PARAM)
    {
        lcmaps_log(0,"%s: Wrong parameters for VOMS (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_NOINIT)
    {
        lcmaps_log(0,"%s: VOMS initialization error (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_EXTRAINFO)
    {
        lcmaps_log(0,"%s: VO name and URI missing (in proxy ?) (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_FORMAT)
    {
        lcmaps_log(0,"%s: Wrong VOMS data format (in proxy ?) (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_NODATA)
    {
        lcmaps_log(0,"%s: Empty VOMS extension (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_PARSE)
    {
        lcmaps_log(0,"%s: VOMS parse error (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_DIR)
    {
        lcmaps_log(0,"%s: VOMS directory error (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_SIGN)
    {
        lcmaps_log(0,"%s: VOMS Signature error (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_SERVER)
    {
        lcmaps_log(0,"%s: Unidentifiable VOMS server (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_MEM)
    {
        lcmaps_log(0,"%s: Memory problems in VOMS_Retrieve() (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_VERIFY)
    {
        lcmaps_log(0,"%s: Generic verification error for VOMS (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else if (errNo == VERR_TYPE)
    {
        lcmaps_log(0,"%s: Returned VOMS data of unknown type (failure)!\n", logstr);
        goto fail_jobrep;
    }
    else
    {
        lcmaps_log(0,"%s: VOMS_Retrieve() error --> %d (failure)!\n", logstr, errNo);
        goto fail_jobrep;
    }


    // Check if this chain is there
    if (px509_chain != NULL)
#endif
    {
        int ctCnt = 0;

        lcmaps_log_debug(5, "%s: The certificate chain is correct\n", logstr);

 
#ifdef TESTBIO
        dupChain = (STACK_OF(type) *) sk_X509_dup(chain);
#else
        dupChain = (STACK_OF(type) *) sk_X509_dup(px509_chain);
#endif


        certCount = sk_X509_num(dupChain);
        lcmaps_log_debug (1, "%s: The chain consist of %d certificates.\n", logstr, certCount);

        MySimpleStack = malloc (sizeof(TSimpleCert) * (certCount + 1));
        for (ctCnt = 0; ctCnt < certCount; ctCnt++)
        {
            MySimpleStack[ctCnt].X509cert = sk_X509_pop(dupChain);
            if (MySimpleStack[ctCnt].X509cert != NULL)
            {
                char          buffer[1000];
                int           kar    = '\0';
                int           offset = 0;
/*
//      This still needs a lot of work (later, lower-prio)
//      It's better to get the plugin working then full-functs, 
//      because of LCG waiting for the funcs.

                int uitslag;
                BIO         * nbp = NULL;
                unsigned char * thingy;


                uitslag = i2d_X509_bio(nbp, MySimpleStack[ctCnt].X509cert);
                if (nbp != NULL)
                    printf("true : nbp != NULL\n");
                else
                    printf("true : nbp == NULL\n");

                printf ("Before malloc\n");
                thingy  = malloc(1 + sizeof(char) * uitslag);

                
                printf ("Before malloc2\n");
                MySimpleStack[ctCnt].PEM = malloc(1 + sizeof(char) * uitslag);
                printf("Before cleaning...\n");
                for (i = 0; i < uitslag; i++) MySimpleStack[ctCnt].PEM[i] = '\0';
                 
                printf("Before i2d_X509\n");
                uitslag = i2d_X509(MySimpleStack[ctCnt].X509cert, &thingy);

                printf(">>>>>>>> uitslag is:    %d\n", uitslag);
*/

                // Make a (char *) out of a certificate
                tmpFile = tmpfile();

                X509_print_fp(tmpFile, MySimpleStack[ctCnt].X509cert);
                rewind(tmpFile);


                MySimpleStack[ctCnt].certStr = malloc(sizeof(char) * 1000000);
                for (i = 0; i < 1000000; i++) MySimpleStack[ctCnt].certStr[i] = '\0';
                for (i = 0; (kar = fgetc(tmpFile)) != EOF; i++)
                {
                    // VERY UGLY BUG FIX !!!
                    if (kar == '\'') // a '\'' = decimal 39 = hex 27 = oct 047 = html &#39; => Using Hex encoding
                    {
                        MySimpleStack[ctCnt].certStr[i + offset]   = '%';
                        MySimpleStack[ctCnt].certStr[i + ++offset] = '2';
                        MySimpleStack[ctCnt].certStr[i + ++offset] = '7';
                        lcmaps_log_debug(2, "%s: \tWarning: char \' encoded into %c27\n\t\t\t\t\t\t\t\tbecause of SQL problems. (A workaround needs to be developed)\n", logstr, '%');
                    }
                    else
                    {
                        MySimpleStack[ctCnt].certStr[i + offset] = kar;
                    }
                }

//                while ((kar = fgetc(tmpFile)) != EOF)
//                {   
//                    if (certStr == NULL)
//                    {
//                        certStr = malloc(sizeof(char));
//                        certStr[0] = '\0';
//                    }
//                    certStr = realloc(certStr, (sizeof(char) * strlen(certStr)) + 2);
//                    sprintf(certStr, "%s%c", certStr, ch);
// 
//                    certStr[i] = kar;
//                    i++;
//                }

                //MySimpleStack[ctCnt].certStr = strdup(certStr);
                
                X509_NAME_oneline(X509_get_subject_name(MySimpleStack[ctCnt].X509cert), buffer, 999);
                MySimpleStack[ctCnt].subject_name = malloc(sizeof(char) * 1000);
//                strncpy(MySimpleStack[ctCnt].subject_name, buffer, strlen(buffer));
                strcpy(MySimpleStack[ctCnt].subject_name, buffer);

                X509_NAME_oneline(X509_get_issuer_name(MySimpleStack[ctCnt].X509cert), buffer, 999);
                MySimpleStack[ctCnt].issuer_name = malloc(sizeof(char) * 1000);
//                strncpy(MySimpleStack[ctCnt].issuer_name, buffer, strlen(buffer));
                strcpy(MySimpleStack[ctCnt].issuer_name, buffer);

                MySimpleStack[ctCnt].strNotBefore = malloc(sizeof(char) * 20);
                MySimpleStack[ctCnt].strNotAfter  = malloc(sizeof(char) * 20);
                strncpy(MySimpleStack[ctCnt].strNotBefore, 
                            sttm_2_char (ASN1_TIME_2_time_t(X509_get_notBefore(MySimpleStack[ctCnt].X509cert))), 20);
                strncpy(MySimpleStack[ctCnt].strNotAfter, 
                            sttm_2_char (ASN1_TIME_2_time_t(X509_get_notAfter(MySimpleStack[ctCnt].X509cert))),  20);

                //  
                //  X509_NAME * X509_get_issuer_name(X509 *a);
                //  X509_NAME * X509_get_subject_name(X509 *a);
                //
                //              X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
                //  /*          X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
                //  ASN1_TIME   X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
                //  ASN1_TIME   X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
                //              X509_extract_key(x)     X509_get_pubkey(x) /*****/
                //              X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
                //  X509_NAME * X509_REQ_get_subject_name(x) ((x)->req_info->subject)
                //              X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
                //
                //              X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
                //  ASN1_TIME   X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
                //  ASN1_TIME   X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
                //  X509_NAME * X509_CRL_get_issuer(x) ((x)->crl->issuer)
                //              X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
                //
                //
                //
                //
                //  Put here the code that will make a user_certificate
                //
                //  Select existance in user_certificates
                //  if exists check parent ... if same parent ... do nothing
                //  else insert it with the parent_cert
                //  
                //  update jobs
                //  update users
                //  
            }
        }
    }


#ifdef TESTBIO
    if (chain) sk_X509_free(chain);
#endif

    /*
     * Setting up Database connection
     */


    lcmaps_log_debug(1, "%s: \tTrying to connect to the DB...\n", logstr);

    srandom(clock);
    for (tryCnt = 0; (tryCnt < 100) && (!connected); tryCnt++)
    {
        if (ODBC_Connect (connStr) != 0)
        {
            //ODBC_Errors ("ODBC_Connect, retry...");
            ODBC_Disconnect();
        }
        else
        {
            connected = 1;
            break;
        }
    }

    if (!connected)
    {
        lcmaps_log(1, "%s\n", ODBC_Errors ("ODBC_Connect"));
        ODBC_Disconnect ();
        goto fail_jobrep;
    }


    //Debug
    lcmaps_log_debug(1, "%s: Connected to the Job Repository Database\n", logstr); 


//    if (ODBC_Connect (connStr) != 0)
//    {
//        ODBC_Errors ("ODBC_Connect");
//        ODBC_Disconnect ();
//        goto fail_jobrep;
//    }
 
 
    /*
     * Acquiring information
     */

    if ( (rsl = *(char **) lcmaps_getArgValue("job_request", "char *", argc, argv)) )
        lcmaps_log_debug(1,"%s: found job_request: %s\n", logstr, rsl);
    else
    {
        lcmaps_log_debug(1,"%s: could not get value of job_request !\n", logstr);
        goto fail_jobrep;
    }

    if ( (dn = *(char **) lcmaps_getArgValue("user_dn", "char *", argc, argv)) )
        lcmaps_log_debug(1,"%s: found dn: %s\n", logstr,dn);
    else
    {
        lcmaps_log_debug(1,"%s: could not get value of dn !\n", logstr);
        goto fail_jobrep;
    }
 
    uid    = getCredentialData(UID,     &cntUid);
    priGid = getCredentialData(PRI_GID, &cntPriGid);
    secGid = getCredentialData(SEC_GID, &cntSecGid);
 
    lcmaps_log_debug(1, "%s\n", dn);



    /*
     *
     * Inserting a user when needed (this is when it's DN is unknown... yet)
     *
     */

    // Directly try to do the hardest actions in the database. The insertion of a record via various
    // database rules that take time to consider the vality of the data.

    sprintf(query, "insert into users (dn) values ('%s')", dn);
    if (SQL_Query(query) != 0)
    {
        // With a failure of this last query, we can assume that the 'dn' in 'users' is already there
        sprintf(query, "select user_id from users where dn = '%s'", dn);
        if (SQL_Query(query) != 0)
        {
            SQL_Rollback();
            goto fail_jobrep;
        }
        if (SQL_GetQueryResult(&resultSet) > 0)
        {
            if (SQL_GetValue(resultSet, "user_id", &user_id) != 0)
            {
                lcmaps_log_debug(1, "Could not get value: %s from the DB resultset with query: %s\n", "user_id", query);
                SQL_Rollback();
                goto fail_jobrep;
            }
        }
    }
    else
    {
        // Auto Increment ID retrieval
        sprintf(query, "select last_insert_id()");
        if (SQL_Query(query) != 0)
        {
            SQL_Rollback();
            goto fail_jobrep;
        }
 
        if (SQL_GetQueryResult(&resultSet) > 0)
        {
            if (SQL_GetValue(resultSet, "last_insert_id()", &user_id) != 0)
            {
                lcmaps_log_debug(1, "Could not get value: %s from resultset with query: %s\n", "last_insert_id()", query);
                SQL_Rollback();
                goto fail_jobrep;
            }
        }
        else
        {
            lcmaps_log_debug(1, "ResultSet is empty for query: %s\n", query);
            SQL_Rollback();
            goto fail_jobrep;
        }
    } 


    /*
     *
     *  Insert of User Certificates
     *
     */

    for (i = 0; i < certCount; i++)
    {

        if ((cert_id != NULL) && (strlen(cert_id) > 0))
        {
            sprintf(query, "insert into user_certificates (
                            user_id,
                            subject,
                            cert,
                            first_use,
                            valid_from,
                            valid_until,
                            parent_cert_id)
                            values (%s, '%s', '%s', '%s', '%s', '%s', %s)",
                                    user_id,
                                    MySimpleStack[i].subject_name,
                                    MySimpleStack[i].certStr,
                                    datetime,
                                    MySimpleStack[i].strNotBefore,
                                    MySimpleStack[i].strNotAfter,
                                    cert_id);
        }
        else
        {
            sprintf(query, "insert into user_certificates (
                            user_id,
                            subject,
                            cert,
                            first_use,
                            valid_from,
                            valid_until)
                            values (%s, '%s', '%s', '%s', '%s', '%s')",
                                    user_id,
                                    MySimpleStack[i].subject_name,
                                    MySimpleStack[i].certStr,
                                    datetime,
                                    MySimpleStack[i].strNotBefore,
                                    MySimpleStack[i].strNotAfter);
        }



//      Still have to find out the correct way of using DB parameters in this setup
/*
        int errCode = 0;

        if ((errCode = SQL_SetParameter (MySimpleStack[i].certStr)) != 0)
            printf("Error: SQL_SetParameter [code:%d]\n", errCode);

        if ((cert_id != NULL) && (strlen(cert_id) > 0))
        {
            sprintf(query, "insert into user_certificates (
                            user_id,
                            subject,
                            cert,
                            first_use,
                            valid_from,
                            valid_until,
                            parent_cert_id)
                            values (%s, '%s', ?, '%s', '%s', '%s', %s)",
                                    user_id,
                                    MySimpleStack[i].subject_name,
                                    datetime,
                                    MySimpleStack[i].strNotBefore,
                                    MySimpleStack[i].strNotAfter,
                                    cert_id);
        }
        else
        {
            sprintf(query, "insert into user_certificates (
                            user_id,
                            subject,
                            cert,
                            first_use,
                            valid_from,
                            valid_until)
                            values (%s, '%s', ?, '%s', '%s', '%s')",
                                    user_id,
                                    MySimpleStack[i].subject_name,
                                    datetime,
                                    MySimpleStack[i].strNotBefore,
                                    MySimpleStack[i].strNotAfter);
        }
*/


        if (SQL_Query(query) != 0)
        {
            // Insert failed, we presume a record was already present, so let's catch the cert_id
            //                BUT if it is NOT selectable and this fails down here (because the searched record doesn't exist... then
            //                The insertion did really fail. For the moment this is caused by the ' character in the certificates signature(s).
            //                Which is a delimiter for strings that should be inserted into a varchar kinda field in a database.
            sprintf(query, "select cert_id
                              from user_certificates
                             where subject = '%s'
                               and valid_from = '%s'
                               and valid_until = '%s'", 
                                   MySimpleStack[i].subject_name, 
                                   MySimpleStack[i].strNotBefore,
                                   MySimpleStack[i].strNotAfter);

            if (SQL_Query(query) != 0)
            {
                SQL_Rollback();
                goto fail_jobrep;
            }

            if (SQL_GetQueryResult(&resultSet) > 0)
            {
                if (SQL_GetValue(resultSet, "cert_id", &cert_id) != 0)
                {
                    lcmaps_log_debug(1, "Could not get value: %s from the DB resultset with query: %s\n", "cert_id", query);
                    SQL_Rollback();
                    goto fail_jobrep;
                }
            }
            else
            {
                lcmaps_log_debug(1, "Empty resultset for query: %s\n", query);
                SQL_Rollback();
                goto fail_jobrep;
            }
        }
        else
        {
            // Insert succeeded
            sprintf(query, "select last_insert_id()");
            if (SQL_Query(query) != 0)
            {
                SQL_Rollback();
                goto fail_jobrep;
            }

            if (SQL_GetQueryResult(&resultSet) > 0)
            {
                if (SQL_GetValue(resultSet, "last_insert_id()", &cert_id) != 0)
                {
                    lcmaps_log_debug(1, "Could not get value: %s from the resultset\n", "last_insert_id()");
                    SQL_Rollback();
                    goto fail_jobrep;
                }
            }
            else
            {
                lcmaps_log_debug(1, "ResultSet is empty for query: %s\n", query);
                SQL_Rollback();
                goto fail_jobrep;
            }
        }
    }



    /*
     *
     * Insert a half filled job record into the database
     *
     */


    sprintf(query, "insert into jobs (job_id, user_id, submit_cert_id, rsl, creation_time) values ('%s', %s, %s, '%s', '%s')", getenv("JOB_REPOSITORY_ID"), user_id, cert_id, rsl, datetime);
    if (SQL_Query(query) != 0)
    {
        lcmaps_log(1, "Error: possible problem is an already existing job_id: %s with query: %s\n",  getenv("JOB_REPOSITORY_ID"), query);
        SQL_Rollback();
        goto fail_jobrep;
    }

    /*
     *
     * Insert a status 'gatekeeper' next with the job record
     *
     */


    sprintf(query, "insert into jobstatus (job_id, status, status_change) values ('%s', '%s', '%s')", 
            getenv("JOB_REPOSITORY_ID"), "gatekeeper", datetime);
    if (SQL_Query(query) != 0)
    {
        SQL_Rollback();
        goto fail_jobrep;
    }

    
    /*
     *
     * Insert credential data with its groups next with the job record
     *
     */


    // Fill 'credentials' and 'job_credentials'
   
    sprintf(query, "select credential_id from credentials where uid = %d and gid = %d", uid[0], priGid[0]); 
    if ((user_info = getpwuid(uid[0])) != NULL)
        sprintf(query, "%s and uid_name = '%s'", query, user_info->pw_name);

    if ((group_info = getgrgid(priGid[0])) != NULL)
        sprintf(query, "%s and gid_name = '%s'", query, group_info->gr_name);

    if (SQL_Query(query) != 0)
    {
        SQL_Rollback();
        goto fail_jobrep;
    }

    if (SQL_GetQueryResult(&resultSet) > 0)
    {
        if (SQL_GetValue(resultSet, "credential_id", &credential_id) != 0)
        {
             SQL_Rollback();
             goto fail_jobrep;
        }
    }
    else
    {
        // Doesn't exist so create it.
        sprintf(query, "insert into credentials (uid, gid");
        if (user_info != NULL)
            sprintf(query, "%s, uid_name", query);
        if (group_info != NULL)
            sprintf(query, "%s, gid_name", query);

        sprintf(query, "%s) values (%d, %d", query, uid[0], priGid[0]);
        if (user_info != NULL)
            sprintf(query, "%s, '%s'", query, user_info->pw_name);
        if (group_info != NULL)
            sprintf(query, "%s, '%s'", query, group_info->gr_name);
        sprintf(query, "%s)", query);
        if (SQL_Query(query) != 0)
        {
            SQL_Rollback();
            goto fail_jobrep;
        }

        // Auto Increment ID retrieval
        sprintf(query, "select last_insert_id()");
        if (SQL_Query(query) != 0)
        {
            SQL_Rollback();
            goto fail_jobrep;
        }

        if (SQL_GetQueryResult(&resultSet) > 0)
        {
            if (SQL_GetValue(resultSet, "last_insert_id()", &credential_id) != 0)
            {
                lcmaps_log_debug(1, "Could not get value: %s or %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "credential_id", "last_insert_id()", query);
 
                SQL_Rollback();
                goto fail_jobrep;
            }
        }
        else
        {
            lcmaps_log_debug(1, "ResultSet is empty for query: %s\n", query);
            SQL_Rollback();
            goto fail_jobrep;
        } 
    }

    // make a coupling between jobs and credentials
    sprintf(query, "insert into job_credentials (job_id, credential_id, use_time) values ('%s', %s, '%s')", 
                    getenv("JOB_REPOSITORY_ID"), credential_id, datetime);
    if (SQL_Query(query) != 0)
    {
        SQL_Rollback();
        goto fail_jobrep;
    }


    // Fill credential_groups
    for (i = 0; i < cntSecGid; i++)
    {
        sprintf(query, "select credential_group_id from credential_groups where sgid = %d", secGid[i]);
        if ((group_info = getgrgid(secGid[i])) != NULL)
            sprintf(query, "%s and sgid_name = '%s'", query, group_info->gr_name);
 
        if (SQL_Query(query) != 0)
        {
            SQL_Rollback();
            goto fail_jobrep;
        }
 
        if (SQL_GetQueryResult(&resultSet) > 0)
        {
            if (SQL_GetValue(resultSet, "credential_group_id", &credential_group_id) != 0)
            {
                SQL_Rollback();
                goto fail_jobrep;
            }
        }
        else
        {
            // Doesn't exist so create it.
            sprintf(query, "insert into credential_groups (sgid");
            if (group_info != NULL)
                sprintf(query, "%s, sgid_name", query);
 
            sprintf(query, "%s) values (%d", query, secGid[i]);
            if (group_info != NULL)
                sprintf(query, "%s, '%s'", query, group_info->gr_name);
            sprintf(query, "%s)", query);
            if (SQL_Query(query) != 0)
            {
                SQL_Rollback();
                goto fail_jobrep;
            }
 
            // Auto Increment ID retrieval
            sprintf(query, "select last_insert_id()");
            if (SQL_Query(query) != 0)
            {
                SQL_Rollback();
                goto fail_jobrep;
            }
 
            if (SQL_GetQueryResult(&resultSet) > 0)
            {
                if (SQL_GetValue(resultSet, "credential_group_id", &credential_group_id) != 0)
                {
                    if (SQL_GetValue(resultSet, "last_insert_id()", &credential_group_id) != 0)
                    {
                        lcmaps_log_debug(1, "Could not get value: %s or %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "credential_group_id", "last_insert_id()", query);
 
                        SQL_Rollback();
                        goto fail_jobrep;
                    }
                }
            }
            else
            {
                lcmaps_log_debug(1, "ResultSet is empty for query: %s\n", query);
                SQL_Rollback();
                goto fail_jobrep;
            }
        }
 
        // make cuppling between jobs and credentials
        sprintf(query, "insert into job_credential_groups (job_id, credential_group_id, use_time) values ('%s', %s, '%s')",
                       getenv("JOB_REPOSITORY_ID"), credential_group_id, datetime);
        if (SQL_Query(query) != 0)
        {
            SQL_Rollback();
            goto fail_jobrep;
        }
    }




    // Get the VO Data into the database
    if ((vd != NULL) && (vd->data != NULL))
    {
        char             * voms_id           = NULL;
        char             * user_voms_id      = NULL;
        char             * issuer_id         = NULL;
        char             * cnt               = NULL;

        k = 0;
        vo = vd->data;

        // Misschien deze cyclus gebruiken?
        while(vo[k] != NULL)
        {
            v = vo[k++];

            switch (v->type)
            {
                case TYPE_NODATA:
                    lcmaps_log_debug(1,"%s: NO DATA\n", logstr);
                    break;
                case TYPE_CUSTOM:
                    lcmaps_log_debug(1,"%s: %*s\n", logstr, v->datalen - 10, v->custom);
                    break;
                case TYPE_STD:
                    j = 0;
                    while (v->std[j])
                    {
                        lcmaps_log_debug(1,">>>  Triplet: GROUP: %s\tROLE: %s\tCAP: %s\n", v->std[j]->group,
                        v->std[j]->role,v->std[j]->cap);

                            
                        sprintf(query, "select voms_id from voms where vo = '%s' and vo_group = '%s'",
                                       v->voname,
                                       v->std[j]->group);
// No Subgroup support 
//                        if ((lcmaps_vo_data[i].subgroup != NULL) && (strlen(lcmaps_vo_data[i].subgroup) > 1))
//                            sprintf(query, "%s and vo_subgroup = '%s'", query, lcmaps_vo_data[i].subgroup);
//                        else
//                            sprintf(query, "%s and vo_subgroup = ''", query);
 
                        if ((v->std[j]->role != NULL) && (strlen(v->std[j]->role) > 1))
                            sprintf(query, "%s and vo_role = '%s'", query, v->std[j]->role);
                        else
                            sprintf(query, "%s and vo_role = ''", query);
 
                        if ((v->std[j]->cap != NULL) && (strlen(v->std[j]->cap) > 1))
                            sprintf(query, "%s and vo_capability = '%s'", query, v->std[j]->cap);
                        else
                            sprintf(query, "%s and vo_capability = ''", query);
 
                        if (SQL_Query(query) != 0)
                        {
                            SQL_Rollback();
                            goto fail_jobrep;
                        }
 
                        if (SQL_GetQueryResult(&resultSet) > 0)
                        {
                            if (SQL_GetValue(resultSet, "voms_id", &voms_id) != 0)
                            {
                                lcmaps_log_debug(1, "Could not get value: %s  (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "voms_id", query);
                                SQL_Rollback();
                                goto fail_jobrep;
                            }
                        }
                        else
                        {
//                            sprintf(query, "insert into voms (vo, vo_group, vo_subgroup, vo_role, vo_capability, last_use) ");
//                            sprintf(query, "insert into voms (vo, vo_group, vo_role, vo_capability) ");
                            sprintf(query, "insert into voms (vo, vo_group, vo_role, vo_capability, fqan) ");
 
                            sprintf(query, "%s values ('%s', '%s'",
                                            query,
                                            v->voname,
                                            v->std[j]->group);
// No Subgroup support 
//                            if ((lcmaps_vo_data[i].subgroup != NULL) && (strlen(lcmaps_vo_data[i].subgroup) > 1))
//                                sprintf(query, "%s, '%s'", query, lcmaps_vo_data[i].subgroup);
//                            else
//                                sprintf(query, "%s, ''", query);
 
                            if ((v->std[j]->role != NULL) && (strlen(v->std[j]->role) > 1))
                                sprintf(query, "%s, '%s'", query, v->std[j]->role);
                            else
                                sprintf(query, "%s, ''", query);
 
                            if ((v->std[j]->cap != NULL) && (strlen(v->std[j]->cap) > 1))
                                sprintf(query, "%s, '%s'", query, v->std[j]->cap);
                            else
                                sprintf(query, "%s, ''", query);

                            sprintf(query, "%s, '%s'", query, createFQAN(v->voname, v->std[j]->group, v->std[j]->role, v->std[j]->cap));
                            sprintf(query, "%s)", query);

                            if (SQL_Query(query) != 0)
                            {
                                SQL_Rollback();
                                goto fail_jobrep;
                            }
 
 
                            // Auto Increment ID retrieval
                            sprintf(query, "select last_insert_id()");
                            if (SQL_Query(query) != 0)
                            {
                                SQL_Rollback();
                                goto fail_jobrep;
                            }
 
                            if (SQL_GetQueryResult(&resultSet) > 0)
                            {
                                if (SQL_GetValue(resultSet, "last_insert_id()", &voms_id) != 0)
                                {
                                    lcmaps_log_debug(1, "Could not get value: %s or %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "voms_id", "last_insert_id()", query);
 
                                    SQL_Rollback();
                                    goto fail_jobrep;
                                }
                            }
                            else
                            {
                                lcmaps_log_debug(1, "Strange error at a strange location\n");
                                SQL_Rollback();
                                goto fail_jobrep;
                            }

                        }

                        // Register the issuer of this voms
                        sprintf(query, "select issuer_id from issuers where dnsname = '%s' and serverca = '%s'", v->uri, v->serverca);
                        if (SQL_Query(query) != 0)
                        {
                            SQL_Rollback();
                            goto fail_jobrep;
                        }

                        if (SQL_GetQueryResult(&resultSet) > 0)
                        {
                            if (SQL_GetValue(resultSet, "issuer_id", &issuer_id) != 0)
                            {
                                lcmaps_log_debug(1, "Could not get value: %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "issuer_id", query);
                                SQL_Rollback();
                                goto fail_jobrep;
                            }
                        }                        
                        else
                        {
                            // insert 'issuer'
                            sprintf(query, "insert into issuers (dnsname, serverca) values ('%s', '%s')", v->uri, v->serverca);
                            if (SQL_Query(query) != 0)
                            {
                                SQL_Rollback();
                                goto fail_jobrep;
                            }

                            sprintf(query, "select last_insert_id()");
                            if (SQL_Query(query) != 0)
                            {
                                SQL_Rollback();
                                goto fail_jobrep;
                            }
 
                            if (SQL_GetQueryResult(&resultSet) > 0)
                            {
                                if (SQL_GetValue(resultSet, "last_insert_id()", &issuer_id) != 0)
                                {
                                    lcmaps_log_debug(1, "Could not get value: %s or %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "issuer_id", "last_insert_id()", query);
 
                                    SQL_Rollback();
                                    goto fail_jobrep;
                                }
                            }
                        }

                        // insert 'voms_issuer'
                        sprintf(query, "insert into voms_issuer (voms_id, issuer_id) values (%s, %s)", voms_id, issuer_id);
                        if (SQL_Query(query) != 0)
                        {
                            // Deze bestond dus al...
                        }


                        // The 'uservoms' connects a user with voms ... but first check if it has been created in another space/time
                        // Warning ... Issuer stuff has to be added to the query!
 
                        sprintf(query, "select user_voms_id 
                                          from uservoms 
                                         where voms_id = %s 
                                           and user_id = %s 
                                           and issuer_id = %s 
                                      order by first_use desc",
                                        voms_id, user_id, issuer_id);
//                      sprintf(query, "select user_voms_id from uservoms where voms_id = %s and user_id = %s",
//                                      voms_id, user_id);
                        if (SQL_Query(query) != 0)
                        {
                            SQL_Rollback();
                            goto fail_jobrep;
                        }
                        if (SQL_GetQueryResult(&resultSet) > 0)
                        {
                            if (SQL_GetValue(resultSet, "user_voms_id", &user_voms_id) != 0)
                            {
                                lcmaps_log_debug(1, "Could not get value: %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "user_voms_id", query);
                                SQL_Rollback();
                                goto fail_jobrep;
                            }
 
//                            sprintf(query, "update uservoms set last_change = '%s' where voms_id = %s and user_id = %s", datetime, voms_id, user_id);
//                            if (SQL_Query(query) != 0)
//                            {
//                                SQL_Rollback();
//                                goto fail_jobrep;
//                            }
                        }
                        else
                        {
                            // It doesn't exist, so create it...
//                            sprintf(query, "insert into uservoms (voms_id, user_id, issuer_id, last_change) values (%s, %s, %s, '%s')",
//                                            voms_id, user_id, issuer_id, datetime);
                            sprintf(query, "insert into uservoms (voms_id, user_id, issuer_id, first_use) values (%s, %s, %s, '%s')",
                                            voms_id, user_id, issuer_id, datetime);
                            if (SQL_Query(query) != 0)
                            {
                                SQL_Rollback();
                                goto fail_jobrep;
                            }
//                            SQL_GetQueryResult(&resultSet);
 
                            // Get the 'uservoms' just inserted primary key user_voms_id
                            sprintf(query, "select last_insert_id()");
                            if (SQL_Query(query) != 0)
                            {
                                SQL_Rollback();
                                goto fail_jobrep;
                            }
 
                            if (SQL_GetQueryResult(&resultSet) > 0)
                            {
                                if (SQL_GetValue(resultSet, "last_insert_id()", &user_voms_id) != 0)
                                {
                                    lcmaps_log_debug(1, "Could not get value: %s or %s (possibly the asked value doesn't exist in resultSet) from the DB resultset with query: %s\n", "user_voms_id", "last_insert_id()", query);
 
                                    SQL_Rollback();
                                     goto fail_jobrep;
                                }
                            }
                            else
                            {
                                lcmaps_log_debug(1, "Strange error at a strange location\n");
                                SQL_Rollback();
                                goto fail_jobrep;
                            }
                        }
 
                        // The 'vomsjob' connects a user and his vomsinfo, that he gathered this time, with a job
                        sprintf(query, "insert into vomsjobs (user_voms_id, job_id, use_time) values(%s, '%s', '%s')",
                                        user_voms_id, getenv("JOB_REPOSITORY_ID"), datetime);
                        if (SQL_Query(query) != 0)
                        {
                            SQL_Rollback();
                            goto fail_jobrep;
                        }
                        j++;
                    }
                    break;
            }
        }
        free(voms_id);
        free(user_voms_id);
        free(issuer_id);
        free(cnt);
    }






    vo_mapping = (lcmaps_vo_mapping_t *)getCredentialData(LCMAPS_VO_CRED_MAPPING, &k);
    if (k > 0)
    {
        for (i = 0; i < k; i++)
        {
            // Mapping between voms triplet/fqan and pgid
            sprintf(query, "insert into mapping_voms_pgid (pgid, voms_id, use_time)
                                 select credentials.gid, voms.voms_id, '%s' from voms, credentials where credentials.gid = %d and voms.fqan = '%s'",
                                                           datetime, vo_mapping[i].gid, tripletLine2FQAN (vo_mapping[i].vostring));
            SQL_Query(query);


            // Mapping between voms triplet/fqan and sgid
            sprintf(query, "insert into mapping_voms_sgid (sgid, voms_id, use_time)
                                 select credential_groups.sgid, voms.voms_id, '%s' from voms, credential_groups where credential_groups.sgid = %d and voms.fqan = '%s'",
                                                           datetime, vo_mapping[i].gid, tripletLine2FQAN (vo_mapping[i].vostring));

            SQL_Query(query);
        }
    }


    /* succes */
// success_voms:

    lcmaps_log_debug(1,"%s: doing VOMS_Destroy\n", logstr);
    VOMS_Destroy(vd);
    lcmaps_log_debug(1,"%s: done\n", logstr);

    SQL_Commit();
    ODBC_Disconnect();

    // Free stuff
    if (dupChain) sk_X509_free(dupChain);
    if (tmpFile) fclose(tmpFile);
#ifdef TESTBIO
    if (x) X509_free(x);
    if (in) BIO_free(in);
#endif

//    if (resultSet) TResultSet_free(resultSet);
    if (user_id) free(user_id);
    if (credential_id) free(credential_id);

    if (credential_group_id) free(credential_group_id);
    if (cert_id) free(cert_id);
    if (MySimpleStack) TSimpleCert_free(MySimpleStack, certCount);

    if (datetime) free(datetime);
//    if (px509_cred) X509_free(px509_cred);
//    if (px509_chain) sk_X509_free(px509_chain);

    lcmaps_log_time(0,"%s: job repository plugin succeeded\n", logstr);

    return LCMAPS_MOD_SUCCESS;

 fail_jobrep:

    if (connected)
        SQL_Rollback();

    ODBC_Disconnect();

    // Free stuff

    lcmaps_log_debug(1,"%s: doing VOMS_Destroy\n", logstr);
    VOMS_Destroy(vd);
    lcmaps_log_debug(1,"%s: done\n", logstr);

    // Free stuff
    if (dupChain) sk_X509_free(dupChain);
    if (tmpFile) fclose(tmpFile);
#ifdef TESTBIO
    if (x) X509_free(x);
    if (in) BIO_free(in);
#endif
 
//    if (resultSet) TResultSet_free(resultSet);
    if (user_id) free(user_id);
    if (credential_id) free(credential_id);
 
    if (credential_group_id) free(credential_group_id);
    if (cert_id) free(cert_id);
    if (MySimpleStack) TSimpleCert_free(MySimpleStack, certCount);
 
    if (datetime) free(datetime);
//    if (px509_cred) X509_free(px509_cred);
//    if (px509_chain) sk_X509_free(px509_chain);

    lcmaps_log_time(0,"%s: job repositroy plugin failed\n", logstr);

    return LCMAPS_MOD_FAIL;
}



/******************************************************************************
Function:   plugin_terminate
Description:
    Terminate plugin
Parameters:

Returns:
    LCMAPS_MOD_SUCCESS : succes
    LCMAPS_MOD_FAIL    : failure
******************************************************************************/
int plugin_terminate()
{
    char * logstr = "\tlcmaps_plugin_voms-plugin_terminate()";
    lcmaps_log_debug(1,"%s: terminating\n", logstr);
    if (vomsdir) free(vomsdir);
    if (certdir) free(certdir);
    if (connStr) free(connStr);

    return LCMAPS_MOD_SUCCESS;
}


/******************************************************************************
Function:   print_vomsdata
Description:
    prints vomsdata from a 'struct vomsdata *'
Parameters:
    struct vomsdata *
Returns:
    LCMAPS_MOD_SUCCESS : succes
    LCMAPS_MOD_FAIL    : failure
******************************************************************************/
void print_vomsdata(struct vomsdata *d)
{
    char * logstr = "\tlcmaps_plugin_voms-print_vomsdata()";
    struct voms **vo = d->data;
    struct voms *v;
    int k = 0;
    int j =0;
  
    while(vo[k])
    {
        v = vo[k++];
        lcmaps_log_debug(1,"%s: %d *******************************************\n", logstr,k);
        lcmaps_log_debug(1,"%s: SIGLEN: %d\nUSER: %s\n", logstr, v->siglen, v->user);
        lcmaps_log_debug(1,"%s: UCA: %s\nSERVER: %s\n", logstr, v->userca, v->server);
        lcmaps_log_debug(1,"%s: SCA: %s\nVO: %s\n", logstr, v->serverca, v->voname);
        lcmaps_log_debug(1,"%s: URI: %s\n", logstr, v->uri);
//        fprintf(stderr,"%s: DATE1: %s\n", logstr, d2i_ASN1_TIME(v->date1));
//        fprintf(stderr,"%s: DATE2: %s\n", logstr, d2i_ASN1_TIME(v->date2));
//        lcmaps_log_debug(1,"%s: DATE1: %s\n", logstr, v->date1);
//        lcmaps_log_debug(1,"%s: DATE2: %s\n", logstr, v->date2);

        switch (v->type)
        {
        case TYPE_NODATA:
            lcmaps_log_debug(1,"%s: NO DATA\n", logstr);
            break;
        case TYPE_CUSTOM:
            lcmaps_log_debug(1,"%s: %*s\n", logstr, v->datalen - 10, v->custom);
            break;
        case TYPE_STD:
            j = 0;
            while (v->std[j])
            {
                lcmaps_log_debug(1,"%s: GROUP: %s\tROLE: %s\tCAP: %s\n", logstr,v->std[j]->group,
                     v->std[j]->role,v->std[j]->cap);
                j++;
            }
            break;
        }
    }

    if (d->workvo)
        lcmaps_log_debug(1,"%s: WORKVO: %s\n", logstr, d->workvo);

    if (d->extra_data)
        lcmaps_log_debug(1,"%s: EXTRA: %s\n", logstr, d->extra_data);
}

/******************************************************************************
CVS Information:
    $Source: /cvs/fabric_mgt/gridification/lcmaps/modules/jobrepository/lcmaps_jobrep.c,v $
    $Date: 2004/03/04 14:21:21 $
    $Revision: 1.10 $
    $Author: okoeroo $
******************************************************************************/


/******************************************************************************
Function:   ASN1_GENERALIZEDTIME_2ilb
Description:
        converts a ASN1_TIME into a time_t
        (It's a little hack, but should work nice and neat).

Parameters:
        a ASN1_TIME, 

Returns:
        a time_t

******************************************************************************/
static struct tm * ASN1_TIME_2_time_t(ASN1_TIME *asn1_time)
{
        //time_t MyTime = (time_t) 0;  
        int i;
        static struct tm newTimeSpace;

        if (asn1_time->length != 13) 
            return NULL;
            //return (time_t) -1;

        for (i = 0; i < asn1_time->length / 2; i++)
        {
            char tmp[3];
            
            tmp[0] = asn1_time->data[0 + (i*2)];
            tmp[1] = asn1_time->data[1 + (i*2)];
            tmp[2] = '\0';
            
            switch(i)
            {
                case 0 : if (atoi(tmp) > 69)
                              newTimeSpace.tm_year = atoi(tmp) + 1900;
                         else
                              newTimeSpace.tm_year = atoi(tmp) + 100;
                         break;
                case 1 : newTimeSpace.tm_mon  = atoi(tmp) - 1; break;
                case 2 : newTimeSpace.tm_mday = atoi(tmp); break;
                case 3 : newTimeSpace.tm_hour = atoi(tmp); break;
                case 4 : newTimeSpace.tm_min  = atoi(tmp); break;
                case 5 : newTimeSpace.tm_sec  = atoi(tmp); break;
            }
        }
        //MyTime = mktime(&newTimeSpace);
        //return MyTime;

        return (&newTimeSpace);
}


/******************************************************************************
Function:   sttm_2_char
Description:
        converts a struct tm into a humanly readable char * of the time it's
        presenting.
        The representation will be in a GMT time, not Local.
 
Parameters:
        time
 
Returns:
        The time in a humanly readle format (and compatible to MySQL) as known
        in the variations of GMT (GMT conversion of the time parameter seen as
        a localtime), LOCAL (plain old local time) or LEAVE_TIME_ITS_OK (this
        means you should not convert/change the time but just leave it, in
        reality this means give me the time as a localtime thus without
        conversion).
 
******************************************************************************/
char * sttm_2_char (const struct tm * MyDateTime)
{
    char  * datetime = malloc(sizeof(char) * 21);

    snprintf(datetime, 21, "%04d-%02d-%02d %02d:%02d:%02d",
             MyDateTime->tm_year + 1900, MyDateTime->tm_mon + 1, MyDateTime->tm_mday,
             MyDateTime->tm_hour, MyDateTime->tm_min, MyDateTime->tm_sec);
 
    return datetime;
}



/******************************************************************************
Function:    strnclean
Description: cleans a dirty string, forces '\0' on the bufsize of **s
Parameters:
     input  : char **s
     output : char **s (cleaned string and NULLified)
Returns:
    SUCCESS
    FAILURE
 
******************************************************************************/
int strnclean (char **s, int bufsize)
{
    int i = 0;
 
    if (s == NULL)
        return -1;
 
    if (*s == NULL)
        return -1; 
 
    for (i = 0; i < bufsize; i++)
    {
        (*s)[i] = '\0';
    }
 
    return 0;
}
 
 
/******************************************************************************
Function:    strclean
Description: cleans a dirty string, forces '\0' on the strlen() of **s
Parameters:
     input  : char **s
     output : char **s (cleaned string and NULLified)
Returns:
    SUCCESS
    FAILURE
 
******************************************************************************/
int strclean (char **s)
{
    return strnclean(s, strlen(*s));
}
/*****************************************************************************/


/******************************************************************************
Function:   lcmaps_get_jobrep_config()

Description:
    Get the Job Repository configuration string from file
    This contains the DNS of the server, the database name, username and password.

Parameters:
    path:   path to the jobrep_config file containing the configuration
    jobrep_config : variable to set the config string in.

Returns:
    0 on success.
    1 on failure
******************************************************************************/
static int lcmaps_get_jobrep_config(
        const char * path,
        char       ** jobrep_config
    )
{
    char *        logstr = "\tlcmaps_plugin_jobrepository-lcmaps_get_jobrep_config()";
    FILE        * fp = NULL;
    struct stat   buf;
    int           c;
    int           count = 0;
    char        * tempconfig = NULL;

    lcmaps_log_debug(3,"%s: path: %s \n", logstr, path);

    /* get the stats of the file */
    if ((stat(path, &buf)) == -1)
    {
        lcmaps_log(0, "%s: unable to get stat of jobrep_config file: %s\n", logstr, path);
        return 1;
    }

    /* test if it's a file */
    if ( !(S_ISREG(buf.st_mode)))
    {
        lcmaps_log(0, "%s: jobrep_config file is not a file: %s\n", logstr, path);
        return 1;
    }
    /* test if root is owner */
    if (buf.st_uid != 0) {
        lcmaps_log(0, "%s: jobrep_config file is not owned by root (readonly for root) : %s\n", logstr, path);
        return 1;
    }

    /* test if file has the access bits set correctly */
    if ((0000777  & (buf.st_mode) ) != S_IRUSR )
    {
        lcmaps_log(0, "%s: jobrep_config file has incorrect accessibility (readonly for root) : %s\n", logstr, path);
        return 1;
    }

    /* try to open the file */
    if ((fp = fopen(path, "r")) == NULL)
    {
        lcmaps_log(0, "%s: unable to open jobrep_config file: %s\n", logstr, path);
        return 1;
    }
    /* read the passwd from the file */
    /* I thought tabs and spaces were not allowed in the passwd, but they are, so
     * restore original line
     */
//    while ((c = getc(fp)) != EOF && (strchr(WHITESPACE_CHARS, c) == NULL)) count++;
    while ((c = getc(fp)) != EOF && (c != '\n')) count++;
    tempconfig = (char *) malloc(count * sizeof(char) + 2);

    if ((fseek(fp, 0L, SEEK_SET)) != 0)
    {
        lcmaps_log(0, "%s: unable to reset the fp\n", logstr);
        fclose(fp);
        return 1;
    }

    if ((fgets(tempconfig, count+1, fp)) == NULL )
    {
        lcmaps_log(0, "%s: unable to read the configuration: fgets failed\n", logstr);
        fclose(fp);
        return 1;
    }

    fclose(fp);
    lcmaps_log_debug(3,"%s: configuration: %s\n", logstr, tempconfig);
//    *ldap_passwd = strdup(" s t\ts   ");
    *jobrep_config = strdup(tempconfig);

    /* free mem */
    if (tempconfig) free(tempconfig);

    return 0;
}

---