lcmaps_voms_poolaccount.c Source File

00001 /*
00002  * Copyright (c) 2001 EU DataGrid.
00003  * For license conditions see http://www.eu-datagrid.org/license.html
00004  *
00005  * Copyright (c) 2001, 2002 by
00006  *     Martijn Steenbakkers <martijn@nikhef.nl>,
00007  *     David Groep <davidg@nikhef.nl>,
00008  *     NIKHEF Amsterdam, the Netherlands
00009  */
00010 
00144 /*****************************************************************************
00145                             Include header files
00146 ******************************************************************************/
00147 #include <stdio.h>
00148 #include <stdlib.h>
00149 #include <string.h>
00150 #include <pwd.h>
00151 
00152 #include "lcmaps_config.h"
00153 #include "lcmaps_modules.h"
00154 #include "lcmaps_arguments.h"
00155 #include "lcmaps_cred_data.h"
00156 #include "lcmaps_gridlist.h"
00157 
00158 /******************************************************************************
00159                                 Definitions
00160 ******************************************************************************/
00161 #define LCMAPS_MAXGIDBUFFER 256
00162 
00163 /******************************************************************************
00164                           Module specific prototypes
00165 ******************************************************************************/
00166 
00167 /******************************************************************************
00168                        Define module specific variables
00169 ******************************************************************************/
00170 
00171 static char *gridmapfile         = NULL;
00172 static char *gridmapdir          = NULL;
00173 static int   require_primary_gid = 1;
00174 static int   use_secondary_gids  = 1;
00175 static int   override_inconsistency = 0; 
00176 
00177 /******************************************************************************
00178 Function:   plugin_initialize
00179 Description:
00180     Initialize plugin
00181 Parameters:
00182     argc, argv
00183     argv[0]: the name of the plugin
00184 Returns:
00185     LCMAPS_MOD_SUCCESS : succes
00186     LCMAPS_MOD_FAIL    : failure
00187     LCMAPS_MOD_NOFILE  : db file not found (will halt LCMAPS initialization)
00188 ******************************************************************************/
00189 int plugin_initialize(
00190         int argc,
00191         char ** argv
00192 )
00193 {
00194     char *  logstr = "\tlcmaps_plugin_voms_poolaccount-plugin_initialize()";
00195     int i;
00196 
00197     lcmaps_log_debug(1,"%s: passed arguments:\n", logstr);
00198     for (i=0; i < argc; i++)
00199     {
00200        lcmaps_log_debug(2,"%s: arg %d is %s\n", logstr, i, argv[i]);
00201     }
00202 
00203     /*
00204      * the first will be the thing to edit/select (gridmap(file))
00205      * the second will be the path && filename of the gridmapfile
00206      */
00207 
00208     /*
00209      * Parse arguments, argv[0] = name of plugin, so start with i = 1
00210      */
00211     for (i = 1; i < argc; i++)
00212     {
00213         if ( ((strcmp(argv[i], "-gridmap") == 0) ||
00214               (strcmp(argv[i], "-GRIDMAP") == 0) ||
00215               (strcmp(argv[i], "-gridmapfile") == 0) ||
00216               (strcmp(argv[i], "-GRIDMAPFILE") == 0))
00217              && (i + 1 < argc))
00218         {
00219             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00220             {
00221                  gridmapfile = strdup(argv[i + 1]);
00222             }
00223             i++;
00224         }
00225         else if ( ((strcmp(argv[i], "-gridmapdir") == 0) ||
00226               (strcmp(argv[i], "-GRIDMAPDIR") == 0))
00227              && (i + 1 < argc))
00228         {
00229             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00230             {
00231                  gridmapdir = strdup(argv[i + 1]);
00232             }
00233             i++;
00234         }
00235         else if (strcmp(argv[i], "-do_not_use_secondary_gids") == 0)
00236         {
00237             use_secondary_gids = 0;
00238         }
00239         else if (strcmp(argv[i], "-do_not_require_primary_gid") == 0)
00240         {
00241             require_primary_gid = 0;
00242         }
00243         else if ( (strcmp(argv[i], "-override_inconsistency") == 0) ||
00244                   (strcmp(argv[i], "-OVERRIDE_INCONSISTENCY") == 0))
00245         {
00246             override_inconsistency = 1;
00247         }
00248         else
00249         {
00250             lcmaps_log(0,"%s: Error in initialization parameter: %s (failure)\n", logstr,
00251                        argv[i]);
00252             return LCMAPS_MOD_FAIL;
00253         }
00254     }
00255 
00256     if ( (use_secondary_gids == 0) && (require_primary_gid == 0) )
00257     {
00258         lcmaps_log(0,"%s: Conflicting voms_poolaccount options: \"-do_not_use_secondary_gids\" and \"-do_not_require_primary_gid\" (failure)\n", logstr);
00259         return LCMAPS_MOD_FAIL;
00260     }
00261 
00262     return LCMAPS_MOD_SUCCESS;
00263 } 
00264 
00265 /******************************************************************************
00266 Function:   plugin_introspect
00267 Description:
00268     return list of required arguments
00269 Parameters:
00270 
00271 Returns:
00272     LCMAPS_MOD_SUCCESS : succes
00273     LCMAPS_MOD_FAIL    : failure
00274 ******************************************************************************/
00275 int plugin_introspect(
00276         int * argc,
00277         lcmaps_argument_t ** argv
00278 )
00279 {
00280     char *                   logstr = "\tlcmaps_plugin_voms_poolaccount-plugin_introspect()";
00281     static lcmaps_argument_t argList[] = {
00282         {"user_dn"      ,       "char *"        , 1,   NULL},
00283         {NULL           ,       NULL            , -1,   NULL}
00284     };
00285 
00286     lcmaps_log_debug(1,"%s: introspecting\n", logstr);
00287 
00288     *argv = argList;
00289     *argc = lcmaps_cntArgs(argList);
00290     lcmaps_log_debug(1,"%s: address first argument: 0x%x\n", logstr, argList);
00291 
00292     return LCMAPS_MOD_SUCCESS;
00293 }
00294 
00295 
00296 /******************************************************************************
00297 Function:   plugin_run
00298 Description:
00299     Gather credentials for LCMAPS
00300 Parameters:
00301     argc: number of arguments
00302     argv: list of arguments
00303 Returns:
00304     LCMAPS_MOD_SUCCESS: authorization succeeded
00305     LCMAPS_MOD_FAIL   : authorization failed
00306 ******************************************************************************/
00307 int plugin_run(
00308         int argc,
00309         lcmaps_argument_t * argv
00310 )
00311 {
00312     char *              logstr = "\tlcmaps_plugin_voms_poolaccount-plugin_run()";
00313     char *              dn                  = NULL; 
00314     char *              groupname           = NULL;
00315     struct group        *group_info         = NULL;
00316     char *              username            = NULL;
00317     struct passwd       *user_info          = NULL;
00318     int                 i                   = 0;
00319     int                 cnt_pri_gid         = 0;
00320     gid_t *             pri_gid             = NULL;
00321     int                 cnt_sec_gid         = 0;
00322     gid_t *             sec_gid             = NULL;
00323     char *              gidstring           = NULL;
00324     char                gidbuffer[LCMAPS_MAXGIDBUFFER];
00325     int                 index               = 0;
00326     char **             vo_cred_string_list = NULL;
00327     int                 cnt_vo_cred_string  = 0;
00328     int                 found               = 0;
00329     char *              leasename           = NULL;
00330     int                 leasenamelen        = 0;
00331     unsigned short      matching_type       = ((unsigned short)0x0000);
00332     int                 rc                  = 0;
00333     
00334     /*
00335      * The beginning
00336      */
00337     lcmaps_log_debug(1,"%s:\n", logstr);
00338 
00339     /*
00340      * Try to get the ordered values:
00341      */
00342     if ( ( dn = *(char **) lcmaps_getArgValue("user_dn", "char *", argc, argv) ) )
00343         lcmaps_log_debug(1,"%s: found dn: %s\n", logstr, dn);
00344     else
00345         lcmaps_log_debug(1,"%s: could not get value of dn !\n", logstr);
00346 
00347 
00348     /*
00349      * Check the gridmapfile
00350      */
00351 
00352     if ((gridmapfile != NULL) && (strlen(gridmapfile) > 0))
00353         lcmaps_log_debug(1,"%s: gridmapfile is: %s\n", logstr, gridmapfile);
00354     else
00355     {
00356         if (gridmapfile) free(gridmapfile);
00357         gridmapfile = NULL;
00358         lcmaps_log_debug(1,"%s: No gridmapfile assigned, so function must find out for it self\n", logstr);
00359     }
00360 
00361     /*
00362      * Check gridmapdir
00363      */
00364     if (gridmapdir == NULL) /* try if GRIDMAPDIR is already set */
00365     {
00366         char * tmpptr=NULL;
00367         if ((tmpptr = getenv("GRIDMAPDIR")) == NULL)
00368         {
00369             lcmaps_log(0,"%s: GRIDMAPDIR unknown !\n", logstr);
00370             lcmaps_log(0,"%s:  specify as option or set GRIDMAPDIR\n", logstr);
00371             goto fail_voms_poolaccount;
00372         }
00373         else
00374         {
00375             gridmapdir = strdup(tmpptr);
00376         }
00377     }
00378     if (strlen(gridmapdir) == 0)
00379     {
00380         lcmaps_log(0,"%s: cannot set MAPDIR (strlen(gridmapdir) == 0)\n", logstr);
00381         goto fail_voms_poolaccount;
00382     }
00383     lcmaps_log_debug(1,"%s: setting MAPDIR to %s\n", logstr, gridmapdir);
00384     if (setenv("MAPDIR", gridmapdir, 1))
00385     {
00386         lcmaps_log(0,"%s: cannot set MAPDIR\n", logstr);
00387         goto fail_voms_poolaccount;
00388     }
00389 
00390     /*
00391      * Get the (VOMS) gids found so far and build a string out of it.
00392      * First primary Gid(s), behind it the secondary Gids.
00393      * For the moment, the same order is taken as found in the VOMS credential.
00394      * We might consider to sort the gids.
00395      * We cannot order them by lcmaps_argument_t, but have to use the getCredentialData() function
00396      * since it was stored there by a plugin (lcmaps_voms.mod)
00397      */
00398     pri_gid = (gid_t *)getCredentialData(PRI_GID, &cnt_pri_gid);
00399     if (cnt_pri_gid == 0)
00400     {
00401         lcmaps_log(0,"%s: warning: no primary group found ! \n", logstr);
00402     }
00403     else if (cnt_pri_gid < 0)
00404     {
00405         lcmaps_log(0,"%s: negative number of primary groups found ! (failure)\n", logstr);
00406         goto fail_voms_poolaccount;
00407     }
00408     else if (cnt_pri_gid > 1)
00409     {
00410         lcmaps_log(0,"%s: warning more than 1 primary group found\n", logstr);
00411     }
00412     if ( (require_primary_gid == 1) && (cnt_pri_gid < 1) )
00413     {
00414         lcmaps_log(0,"%s: no primary group found (failure)\n", logstr);
00415         goto fail_voms_poolaccount;
00416     }
00417 
00418     sec_gid = (gid_t *)getCredentialData(SEC_GID, &cnt_sec_gid);
00419     if (cnt_sec_gid < 0)
00420     {
00421         lcmaps_log(0,"%s: negative number of secondary groups found ! (failure)\n", logstr);
00422         goto fail_voms_poolaccount;
00423     }
00424     /*
00425      * Cat the gids into a string
00426      */
00427     gidbuffer[0] = '\0';
00428     index = 0;
00429     /* First the primary gids */
00430     for (i = 0; i < cnt_pri_gid; i++)
00431     {
00432         if ( ( group_info = getgrgid(pri_gid[i]) ) )
00433         {
00434             groupname = group_info->gr_name;
00435             if ( (strlen(groupname) + 1) < (LCMAPS_MAXGIDBUFFER - index) )
00436             {
00437                 strncat(gidbuffer, ":", 1);
00438                 strncat(gidbuffer, groupname, (LCMAPS_MAXGIDBUFFER - index - 2));
00439                 index += strlen(groupname) + 1;
00440                 lcmaps_log_debug(1,"%s: primary groups, i=%d(%d), group_info->gr_name: %s\n", logstr,
00441                                  i,cnt_pri_gid,group_info->gr_name);
00442                 lcmaps_log_debug(1,"%s: gidbuffer: %s\n", logstr,gidbuffer);
00443             }
00444             else
00445             {
00446                 lcmaps_log(0,"%s: gidbuffer is full (%d bytes) (failure)\n", logstr,
00447                            LCMAPS_MAXGIDBUFFER);
00448                 goto fail_voms_poolaccount;
00449             }
00450         }
00451         else
00452         {
00453             lcmaps_log(0,"%s: no group id found for groupname = \"%s\"\n", logstr, groupname);
00454             goto fail_voms_poolaccount;
00455         }
00456     }
00457     /* Then the secondary gids, but only if use_secondary_gids == 1 */
00458     if (use_secondary_gids)
00459     {
00460         for (i = 0; i < cnt_sec_gid; i++)
00461         {
00462             if ( ( group_info = getgrgid(sec_gid[i]) ) )
00463             {
00464                 groupname = group_info->gr_name;
00465                 if ( (strlen(groupname) + 1) < (LCMAPS_MAXGIDBUFFER - index) )
00466                 {
00467                     strncat(gidbuffer, ":", 1);
00468                     strncat(gidbuffer, groupname, (LCMAPS_MAXGIDBUFFER - index - 2));
00469                     index += strlen(groupname) + 1;
00470                     lcmaps_log_debug(1,"%s: secondary groups, i=%d(%d), group_info->gr_name: %s\n", logstr,
00471                                      i,cnt_sec_gid,group_info->gr_name);
00472                     lcmaps_log_debug(1,"%s: gidbuffer: %s\n", logstr,gidbuffer);
00473                 }
00474                 else
00475                 {
00476                     lcmaps_log(0,"%s: gidbuffer is full (%d bytes) (failure)\n", logstr,
00477                                LCMAPS_MAXGIDBUFFER);
00478                     goto fail_voms_poolaccount;
00479                 }
00480             }
00481             else
00482             {
00483                 lcmaps_log_debug(1,"%s: no group id found for groupname = \"%s\"\n", logstr, groupname);
00484                 goto fail_voms_poolaccount;
00485             }
00486         }
00487     }
00488     if (gidbuffer[0] == '\0')
00489     {
00490         gidstring = NULL;
00491         leasenamelen = strlen(dn) + 1;
00492         leasename = strdup(dn);
00493     }
00494     else
00495     {
00496         gidstring = gidbuffer;
00497         leasenamelen = strlen(dn) + strlen(gidstring) + 1;
00498         leasename = malloc(leasenamelen*sizeof(char));
00499         snprintf(leasename, leasenamelen, "%s%s", dn, gidstring);
00500     }
00501 
00502     /*
00503      * Get the VO user information.
00504      * We cannot order it by lcmaps_argument_t, but have to use the getCredentialData() function
00505      * since it was stored there by a plugin (lcmaps_voms.mod)
00506      * The VOMS info has to matched against the info in the gridmapfile
00507      */
00508     vo_cred_string_list = getCredentialData(LCMAPS_VO_CRED_STRING, &cnt_vo_cred_string);
00509     if (cnt_vo_cred_string == 0)
00510     {
00511         lcmaps_log(0,"%s: warning: no VOMS group info --> no mapping\n", logstr);
00512         goto success_voms_poolaccount;
00513     }
00514     else if (cnt_vo_cred_string < 0)
00515     {
00516         lcmaps_log(0,"%s: negative number of VOMS groups found ! (failure)\n", logstr);
00517         goto fail_voms_poolaccount;
00518     }
00519 
00520 
00521     /*
00522      * Try to match the VO strings with the gridmapfile info
00523      * normally the first available VO string should match
00524      */
00525     found = 0;
00526     lcmaps_log_debug(2,"%s: using leasename: %s\n", logstr,leasename);
00527 
00528     matching_type = MATCH_INCLUDE|MATCH_WILD_CHARS;
00529  
00530     /* if override_consistency is set add this to the matchin_type so it will take effect */
00531     if (override_inconsistency)
00532         matching_type = matching_type|OVERRIDE_INCONSISTANCY;
00533 
00534     for (i = 0; i < cnt_vo_cred_string; i++)
00535     {
00536         if ( (i > 0) && (require_primary_gid == 1) )
00537         {
00538             lcmaps_log(0,"%s: no match (or no poolaccount available) for primary group (%s) in %s (failure)\n", logstr,
00539                        vo_cred_string_list[0], gridmapfile);
00540             goto fail_voms_poolaccount;
00541         }
00542 
00543 
00544         if ( (rc = lcmaps_gridlist(vo_cred_string_list[i], &username, gridmapfile, matching_type, ".", leasename)) == 0)
00545         {
00546             found = 1;
00547             lcmaps_log_debug(1,"%s: found username: %s\n", logstr, username);
00548             break;
00549         }
00550         else if (rc == LCMAPS_MOD_NOFILE)
00551         {
00552             lcmaps_log(0, "%s: Could not find the gridmapfile %s\n", logstr, gridmapfile);
00553             goto fail_voms_poolaccount;
00554         }
00555         else
00556         {
00557             lcmaps_log(0, "%s: no match (or no poolaccount available) for group (%s) in %s\n", logstr, vo_cred_string_list[i], gridmapfile);
00558         }
00559     }
00560 
00561 
00562     /*
00563      * Get userid to pwd_t structure
00564      */
00565     if (username && (strlen(username) > 0))
00566     {
00567 
00568         if ( ( user_info = getpwnam(username) ) )
00569         {
00570             lcmaps_log_debug(2,"%s: address user_info: %p\n", logstr, user_info);
00571             lcmaps_log_debug(2,"%s: username : %s, char ptr: %p, address char ptr: %p\n", logstr, user_info->pw_name, user_info->pw_name, &(user_info->pw_name));
00572             lcmaps_log_debug(2,"%s: password : %s\n", logstr, user_info->pw_passwd, &(user_info->pw_passwd));
00573             lcmaps_log_debug(2,"%s: user_id  : %d, address uid: %p\n", logstr, user_info->pw_uid, &(user_info->pw_uid));
00574             lcmaps_log_debug(2,"%s: group_id : %d\n", logstr, user_info->pw_gid);
00575             lcmaps_log_debug(2,"%s: realname : %s\n", logstr, user_info->pw_gecos);
00576             lcmaps_log_debug(2,"%s: home dir : %s\n", logstr, user_info->pw_dir);
00577             lcmaps_log_debug(2,"%s: shellprg : %s\n", logstr, user_info->pw_shell);
00578 
00579             /* 
00580              * Add this credential data to the credential data repository in the plugin manager
00581              */
00582             addCredentialData(DN,  &dn);
00583             addCredentialData(UID, &(user_info->pw_uid));
00584         }
00585         else
00586         {
00587             lcmaps_log(0,"%s: no user account found name \"%s\"\n", logstr, username);
00588             goto fail_voms_poolaccount;
00589         }
00590     }
00591     else
00592     {   // error (msg is already given)
00593         goto fail_voms_poolaccount;
00594     }
00595 
00596     /* succes */
00597  success_voms_poolaccount:
00598     if (username) free(username);
00599     lcmaps_log_time(0,"%s: voms_poolaccount plugin succeeded\n", logstr);
00600     return LCMAPS_MOD_SUCCESS;
00601 
00602  fail_voms_poolaccount:
00603     if (username) free(username);
00604     lcmaps_log_time(0,"%s: voms_poolaccount plugin failed\n", logstr);
00605     return LCMAPS_MOD_FAIL;
00606 }
00607 
00608 /******************************************************************************
00609 Function:   plugin_terminate
00610 Description:
00611     Terminate plugin
00612 Parameters:
00613 
00614 Returns:
00615     LCMAPS_MOD_SUCCESS : succes
00616     LCMAPS_MOD_FAIL    : failure
00617 ******************************************************************************/
00618 int plugin_terminate()
00619 {
00620     char * logstr = "\tlcmaps_plugin_voms_poolaccount-plugin_terminate()";
00621 
00622     lcmaps_log_debug(1,"%s: terminating\n", logstr);
00623 
00624     if (gridmapfile) free(gridmapfile);
00625     if (gridmapdir) free(gridmapdir);
00626 
00627     return LCMAPS_MOD_SUCCESS;
00628 }
00629 
00630 /******************************************************************************
00631 CVS Information:
00632     $Source: /cvs/fabric_mgt/gridification/lcmaps/modules/voms/lcmaps_voms_poolaccount.c,v $
00633     $Date: 2003/08/13 13:26:04 $
00634     $Revision: 1.17 $
00635     $Author: martijn $
00636 ******************************************************************************/