XRootD
XrdSecgsiAuthzFunDN.cc
Go to the documentation of this file.
1 /******************************************************************************/
2 /* */
3 /* X r d S e c g s i G M A P F u n D N . c c */
4 /* */
5 /* (c) 2011, G. Ganis / CERN */
6 /* */
7 /* This file is part of the XRootD software suite. */
8 /* */
9 /* XRootD is free software: you can redistribute it and/or modify it under */
10 /* the terms of the GNU Lesser General Public License as published by the */
11 /* Free Software Foundation, either version 3 of the License, or (at your */
12 /* option) any later version. */
13 /* */
14 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
15 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
16 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
17 /* License for more details. */
18 /* */
19 /* You should have received a copy of the GNU Lesser General Public License */
20 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
21 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
22 /* */
23 /* The copyright holder's institutional names and contributor's names may not */
24 /* be used to endorse or promote products derived from this software without */
25 /* specific prior written permission of the institution or contributor. */
26 /* */
27 /******************************************************************************/
28 
29 /* ************************************************************************** */
30 /* */
31 /* GMAP function implementation extracting info from the DN */
32 /* */
33 /* ************************************************************************** */
34 
35 #include <cstdio>
36 #include <cstdlib>
37 #include <cstring>
38 #include <cerrno>
39 
40 #include "XrdVersion.hh"
41 
45 #include "XrdOuc/XrdOucString.hh"
46 #include "XrdSec/XrdSecEntity.hh"
48 #include "XrdSut/XrdSutBucket.hh"
49 
50 /******************************************************************************/
51 /* V e r s i o n I n f o r m a t i o n */
52 /******************************************************************************/
53 
55 
57 
59 
60 /******************************************************************************/
61 /* G l o b a l s & S t a t i c s */
62 /******************************************************************************/
63 
64 extern XrdOucTrace *gsiTrace;
65 
66 static int gCertfmt = 1;
67 
68 /******************************************************************************/
69 /* X r d S e c g s i A u t h z F u n */
70 /******************************************************************************/
71 
72 //
73 // Main function
74 //
75 extern "C"
76 {
78 {
79  // Implementation of XrdSecgsiAuthzFun extracting the information from the
80  // proxy chain in entity.creds
81  EPNAME("AuthzFunDN");
82 
83  // Notify
84  DEBUG("dummy call for '"<<entity.name<<"'");
85 
86  // Add something for test
87  entity.vorg = strdup("VO.dummy.test");
88  DEBUG("setting vorg: '"<<entity.vorg<<"'");
89 
90  // Done
91  return 0;
92 }}
93 
94 //
95 // Key function
96 //
97 extern "C"
98 {
99 int XrdSecgsiAuthzKey(XrdSecEntity &entity, char **key)
100 {
101  // Implementation of XrdSecgsiAuthzKey extracting the information from the
102  // proxy chain in entity.creds
103  EPNAME("AuthzKeyDN");
104 
105  // Must have got something
106  if (!key) {
107  PRINT("ERROR: 'key' must be defined");
108  return -1;
109  }
110 
111  // We will key on the end proxy DN
112  XrdCryptoX509Chain *chain = 0;
113  if (!entity.creds) {
114  PRINT("ERROR: 'entity.creds' must be defined");
115  return -1;
116  }
117  if (gCertfmt == 0) {
118  chain = (XrdCryptoX509Chain *) entity.creds;
119  } else {
120  XrdOucString s((const char *) entity.creds);
121  XrdSutBucket *b = new XrdSutBucket(s);
122  chain = new XrdCryptoX509Chain();
123  if (XrdCryptosslX509ParseBucket(b, chain) <= 0) {
124  PRINT("ERROR: no certificates in chain");
125  delete b;
126  delete chain; chain = 0;
127  return -1;
128  }
129  if (chain->Reorder() < 0) {
130  PRINT("ERROR: problems re-ordering proxy chain");
131  delete b;
132  delete chain; chain = 0;
133  return -1;
134  }
135  }
136  // Point to the last certificate
137  XrdCryptoX509 *proxy = chain->End();
138  if (!proxy) {
139  PRINT("ERROR: chain is empty!");
140  return -1;
141  }
142  // Get the DN
143  const char *dn = proxy->Subject();
144  int ldn = 0;
145  if (!dn || (ldn = strlen(dn)) <= 0) {
146  PRINT("ERROR: proxy dn undefined!");
147  return -1;
148  }
149 
150  // Set the key
151  *key = new char[ldn+1];
152  strcpy(*key, dn);
153 
154  // Done
155  DEBUG("key is: '"<<*key<<"'");
156  return 0;
157 }}
158 
159 //
160 // Init the relevant parameters from a dedicated config file
161 //
162 extern "C"
163 {
164 int XrdSecgsiAuthzInit(const char *cfg)
165 {
166  // Initialize the relevant parameters from the 'cfg' string.
167  // Return -1 on failure.
168  // Otherwise, the return code indicates the format required by the mai function for
169  // the proxy chain:
170  // 0 proxy chain in 'raw' (opaque) format, to be processed
171  // using the XrdCrypto tools
172  // 1 proxy chain in 'PEM base64'
173  EPNAME("AuthzInitDN");
174 
175  gCertfmt = 1;
176 
177  // Parse the config string
178  XrdOucString cs(cfg), tkn;
179  int from = 0;
180  while ((from = cs.tokenize(tkn, from, ' ')) != -1) {
181  if (tkn == "certfmt=raw") {
182  gCertfmt = 0;
183  }
184  }
185  // Notify
186  PRINT("initialized! (certfmt:"<<gCertfmt<<")");
187 
188  // Done
189  return gCertfmt;
190 }}
191 
#define DEBUG(x)
Definition: XrdBwmTrace.hh:54
#define EPNAME(x)
Definition: XrdBwmTrace.hh:56
int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *chain)
#define PRINT(y)
static int gCertfmt
XrdVERSIONINFO(XrdSecgsiAuthzFun, secgsiauthz)
int XrdSecgsiAuthzKey(XrdSecEntity &entity, char **key)
int XrdSecgsiAuthzFun(XrdSecEntity &entity)
XrdOucTrace * gsiTrace
int XrdSecgsiAuthzInit(const char *cfg)
XrdCryptoX509 * End() const
virtual const char * Subject()
char * vorg
Entity's virtual organization(s)
Definition: XrdSecEntity.hh:71
char * creds
Raw entity credentials or cert.
Definition: XrdSecEntity.hh:77
char * name
Entity's name.
Definition: XrdSecEntity.hh:69