XRootD
XrdSecgsiProxy.cc File Reference
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <unistd.h>
#include <pwd.h>
#include <ctime>
#include "XrdOuc/XrdOucString.hh"
#include "XrdSys/XrdSysLogger.hh"
#include "XrdSys/XrdSysError.hh"
#include "XrdSys/XrdSysPwd.hh"
#include "XrdSut/XrdSutAux.hh"
#include "XrdCrypto/XrdCryptoAux.hh"
#include "XrdCrypto/XrdCryptoFactory.hh"
#include "XrdCrypto/XrdCryptoX509.hh"
#include "XrdCrypto/XrdCryptoX509Req.hh"
#include "XrdCrypto/XrdCryptoX509Chain.hh"
#include "XrdCrypto/XrdCryptoX509Crl.hh"
#include "XrdCrypto/XrdCryptogsiX509Chain.hh"
#include "XrdSecgsi/XrdSecgsiTrace.hh"
+ Include dependency graph for XrdSecgsiProxy.cc:

Go to the source code of this file.

Macros

#define PRT(x)   {std::cerr <<x <<std::endl;}
 

Enumerations

enum  kModes {
  kM_undef = 0 ,
  kM_init = 1 ,
  kM_info ,
  kM_destroy ,
  kM_help ,
  kM_undef = 0 ,
  kM_admin = 1 ,
  kM_user ,
  kM_netrc ,
  kM_srvpuk ,
  kM_help
}
 

Functions

bool CheckOption (XrdOucString opt, const char *ref, int &ival)
 
void Display (XrdCryptoX509 *xp)
 
int main (int argc, char **argv)
 
void Menu ()
 
int ParseArguments (int argc, char **argv)
 

Variables

int Bits = 2048
 
XrdOucString CAdir = "/etc/grid-security/certificates/"
 
int ClockSkew = 30
 
XrdCryptoX509CreateProxy_t CreateProxy = 0
 
XrdOucString CRLdir = "/etc/grid-security/certificates/"
 
XrdOucString CryptoMod = "ssl"
 
bool Debug = 0
 
XrdOucString DefEEcert = "/.globus/usercert.pem"
 
XrdOucString DefEEkey = "/.globus/userkey.pem"
 
XrdOucString DefPXcert = "/tmp/x509up_u"
 
bool DumpExtensions = 0
 
static XrdSysError eDest (0,"proxy_")
 
XrdOucString EEcert = ""
 
XrdOucString EEkey = ""
 
bool Exists = 0
 
XrdCryptoFactorygCryptoFactory = 0
 
XrdCryptoX509GetVOMSAttr_t GetVOMSAttr = 0
 
const char * gModesStr []
 
XrdOucTracegsiTrace = 0
 
static XrdSysLogger Logger
 
int Mode = kM_undef
 
XrdCryptoX509ParseFile_t ParseFile = 0
 
int PathLength = 0
 
XrdCryptoProxyCertInfo_t ProxyCertInfo = 0
 
XrdOucString PXcert = ""
 
XrdOucString Valid = "12:00"
 

Macro Definition Documentation

◆ PRT

#define PRT (   x)    {std::cerr <<x <<std::endl;}

Definition at line 64 of file XrdSecgsiProxy.cc.

Enumeration Type Documentation

◆ kModes

enum kModes
Enumerator
kM_undef 
kM_init 
kM_info 
kM_destroy 
kM_help 
kM_undef 
kM_admin 
kM_user 
kM_netrc 
kM_srvpuk 
kM_help 

Definition at line 68 of file XrdSecgsiProxy.cc.

68  {
69  kM_undef = 0,
70  kM_init = 1,
71  kM_info,
72  kM_destroy,
73  kM_help
74 };
@ kM_destroy
@ kM_undef
@ kM_info
@ kM_help
@ kM_init

Function Documentation

◆ CheckOption()

bool CheckOption ( XrdOucString  opt,
const char *  ref,
int &  ival 
)

Definition at line 677 of file XrdSecgsiProxy.cc.

678 {
679  // Check opt against ref
680  // Return 1 if ok, 0 if not
681  // Fills ival = 1 if match is exact
682  // ival = 0 if match is exact with no<ref>
683  // ival = -1 in the other cases
684  bool rc = 0;
685 
686  int lref = (ref) ? strlen(ref) : 0;
687  if (!lref)
688  return rc;
689  XrdOucString noref = ref;
690  noref.insert("no",0);
691 
692  ival = -1;
693  if (opt == ref) {
694  ival = 1;
695  rc = 1;
696  } else if (opt == noref) {
697  ival = 0;
698  rc = 1;
699  }
700 
701  return rc;
702 }
void insert(const int i, int start=-1)

References XrdOucString::insert().

Referenced by ParseArguments().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Display()

void Display ( XrdCryptoX509 xp)

Definition at line 704 of file XrdSecgsiProxy.cc.

705 {
706  // display content of proxy certificate
707 
708  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
709  if (!xp) {
710  PRT(" Empty certificate! ");
711  return;
712  }
713 
714  // File
715  PRT("file : "<<PXcert);
716  // Type
717  if (xp->type != XrdCryptoX509::kProxy) {
718  PRT("type : "<<xp->Type());
719  } else {
720  PRT("type : "<<xp->Type()<<" ("<<xp->ProxyType()<<")");
721  }
722 
723  // Issuer
724  PRT("issuer : "<<xp->Issuer());
725  // Subject
726  PRT("subject : "<<xp->Subject());
727  // Path length field
728  int pathlen = 0; bool b;
730  (*ProxyCertInfo)(xp->GetExtension(gsiProxyCertInfo_OID), pathlen, &b);
731  else
733  PRT("path length : "<<pathlen);
734  // Key strength
735  PRT("bits : "<<xp->BitStrength());
736  // Time left
737  int now = int(time(0)) - XrdCryptoTZCorr();
738  int tl = xp->NotAfter() - now;
739  int hh = (tl >= 3600) ? (tl/3600) : 0; tl -= (hh*3600);
740  int mm = (tl >= 60) ? (tl/60) : 0; tl -= (mm*60);
741  int ss = (tl >= 0) ? tl : 0;
742  PRT("time left : "<<hh<<"h:"<<mm<<"m:"<<ss<<"s");
743  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
744  // Show VOMS attributes, if any
745  XrdOucString vatts, vat;
746  if ((*GetVOMSAttr)(xp, vatts) == 0) {
747  int from = 0;
748  while ((from = vatts.tokenize(vat, from, ',')) != -1) {
749  if (vat.length() > 0) PRT("VOMS attributes: "<<vat);
750  }
751  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
752  }
753  // Dump extensions if requested
754  if (DumpExtensions) {
756  xp->DumpExtensions(0);
757  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
758  }
759 }
time_t XrdCryptoTZCorr()
Definition: XrdCryptoAux.cc:77
#define cryptoTRACE_Debug
Definition: XrdCryptoAux.hh:48
#define gsiProxyCertInfo_OID
#define gsiProxyCertInfo_OLD_OID
XrdCryptoProxyCertInfo_t ProxyCertInfo
bool DumpExtensions
XrdCryptoX509GetVOMSAttr_t GetVOMSAttr
XrdOucString PXcert
#define PRT(x)
XrdCryptoFactory * gCryptoFactory
virtual void SetTrace(kXR_int32 trace)
virtual XrdCryptoX509data GetExtension(const char *oid)
virtual int BitStrength()
virtual const char * Subject()
const char * Type(EX509Type t=kUnknown) const
virtual int DumpExtensions(bool=0)
virtual const char * Issuer()
virtual const char * ProxyType() const
virtual time_t NotAfter()
EX509Type type
int length() const
int tokenize(XrdOucString &tok, int from, char del=':')

References XrdCryptoX509::BitStrength(), cryptoTRACE_Debug, XrdCryptoX509::DumpExtensions(), DumpExtensions, gCryptoFactory, XrdCryptoX509::GetExtension(), GetVOMSAttr, gsiProxyCertInfo_OID, gsiProxyCertInfo_OLD_OID, XrdCryptoX509::Issuer(), XrdCryptoX509::kProxy, XrdOucString::length(), XrdCryptoX509::NotAfter(), ProxyCertInfo, XrdCryptoX509::ProxyType(), PRT, PXcert, XrdCryptoFactory::SetTrace(), XrdCryptoX509::Subject(), XrdOucString::tokenize(), XrdCryptoX509::type, XrdCryptoX509::Type(), and XrdCryptoTZCorr().

Referenced by main().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ main()

int main ( int  argc,
char **  argv 
)

Definition at line 121 of file XrdSecgsiProxy.cc.

122 {
123  // Test implemented functionality
124  int secValid = 0;
125  XrdProxyOpt_t pxopt;
126  XrdCryptogsiX509Chain *cPXp = 0;
127  XrdCryptoX509 *xPXp = 0, *xPXPp = 0;
128  XrdCryptoRSA *kPXp = 0;
129  int prc = 0;
130  int nci = 0;
131  int exitrc = 0;
132 
133  // Parse arguments
134  if (ParseArguments(argc,argv)) {
135  exit(1);
136  }
137 
138  //
139  // Initiate error logging and tracing
140  eDest.logger(&Logger);
141  if (!gsiTrace)
142  gsiTrace = new XrdOucTrace(&eDest);
143  if (gsiTrace) {
144  if (Debug)
145  // Medium level
147  }
148  //
149  // Set debug flags in other modules
150  if (Debug) {
153  }
154 
155  //
156  // Load the crypto factory
158  PRT(": cannot instantiate factory "<<CryptoMod);
159  exit(1);
160  }
161  if (Debug)
163 
164  // Hooks for specific functionality
165  if (!(ParseFile = gCryptoFactory->X509ParseFile())) {
166  PRT("cannot attach to X509ParseFile function!");
167  exit(1);
168  }
170  PRT("cannot attach to X509CreateProxy function!");
171  exit(1);
172  }
174  PRT("cannot attach to ProxyCertInfo function!");
175  exit(1);
176  }
178  PRT("cannot attach to X509GetVOMSAttr function!");
179  exit(1);
180  }
181 
182  //
183  // Depending on the mode
184  switch (Mode) {
185  case kM_help:
186  //
187  // We should not get here ... print the menu and go
188  Menu();
189  break;
190  case kM_init:
191  //
192  // Init proxies
193  secValid = XrdSutParseTime(Valid.c_str(), 1);
194  pxopt.bits = Bits;
195  pxopt.valid = secValid;
196  pxopt.depthlen = PathLength;
197  cPXp = new XrdCryptogsiX509Chain();
198  //
199  // Display info about existing proxies
200  prc = (*CreateProxy)(EEcert.c_str(), EEkey.c_str(), &pxopt,
201  cPXp, &kPXp, PXcert.c_str());
202  if (prc == 0) {
203  // The proxy is the first certificate
204  xPXp = cPXp->Begin();
205  if (xPXp) {
206  Display(xPXp);
207  } else {
208  PRT( ": proxy certificate not found");
209  }
210  } else {
211  PRT( ": problems creating proxy");
212  }
213  break;
214  case kM_destroy:
215  //
216  // Destroy existing proxies
217  if (unlink(PXcert.c_str()) == -1) {
218  perror("xrdgsiproxy");
219  }
220 
221  break;
222  case kM_info:
223  //
224  // Display info about existing proxies
225  // Parse the proxy file
226  cPXp = new XrdCryptogsiX509Chain();
227  nci = (*ParseFile)(PXcert.c_str(), cPXp, 0);
228  if (nci < 2) {
229  if (Exists) {
230  exitrc = 1;
231  } else {
232  PRT("proxy files must have at least two certificates"
233  " (found only: "<<nci<<")");
234  }
235  break;
236  }
237  // The proxy is the first certificate
238  xPXp = cPXp->Begin();
239  if (xPXp) {
240  if (!Exists) {
241  Display(xPXp);
242  if (strstr(xPXp->Subject(), "CN=limited proxy")) {
243  xPXPp = cPXp->SearchBySubject(xPXp->Issuer());
244  if (xPXPp) {
245  Display(xPXPp);
246  } else {
247  PRT("WARNING: found 'limited proxy' but not the associated proxy!");
248  }
249  }
250  } else {
251  // Check time validity
252  secValid = XrdSutParseTime(Valid.c_str(), 1);
253  int tl = xPXp->NotAfter() -(int)time(0);
254  if (Debug)
255  PRT("secValid: " << secValid<< ", tl: "<<tl<<", ClockSkew:"<<ClockSkew);
256  if (secValid > tl + ClockSkew) {
257  exitrc = 1;
258  break;
259  }
260  // Check bit strenght
261  if (Debug)
262  PRT("BitStrength: " << xPXp->BitStrength()<< ", Bits: "<<Bits);
263  if (xPXp->BitStrength() < Bits) {
264  exitrc = 1;
265  break;
266  }
267  }
268  } else {
269  if (Exists) {
270  exitrc = 1;
271  } else {
272  PRT( ": proxy certificate not found");
273  }
274  }
275  break;
276  default:
277  //
278  // Print menu
279  Menu();
280  }
281 
282  exit(exitrc);
283 }
#define TRACE_Debug
Definition: XrdCmsTrace.hh:37
void XrdCryptoSetTrace(kXR_int32 trace)
Definition: XrdCryptoAux.cc:49
int unlink(const char *path)
#define TRACE_Authen
Definition: XrdSecTrace.hh:62
int Bits
XrdCryptoX509ParseFile_t ParseFile
int Mode
static XrdSysError eDest(0,"proxy_")
int PathLength
XrdOucString Valid
static XrdSysLogger Logger
XrdCryptoX509CreateProxy_t CreateProxy
int ClockSkew
bool Debug
int ParseArguments(int argc, char **argv)
XrdOucTrace * gsiTrace
void Display(XrdCryptoX509 *xp)
bool Exists
XrdOucString CryptoMod
XrdOucString EEcert
XrdOucString EEkey
void Menu()
int XrdSutParseTime(const char *tstr, int opt)
Definition: XrdSutAux.cc:540
void XrdSutSetTrace(kXR_int32 trace)
Definition: XrdSutAux.cc:93
#define sutTRACE_Debug
Definition: XrdSutAux.hh:99
virtual XrdCryptoX509ParseFile_t X509ParseFile()
virtual XrdCryptoX509CreateProxy_t X509CreateProxy()
virtual XrdCryptoX509GetVOMSAttr_t X509GetVOMSAttr()
virtual XrdCryptoProxyCertInfo_t ProxyCertInfo()
static XrdCryptoFactory * GetCryptoFactory(const char *factoryname)
const char * c_str() const
XrdSysLogger * logger(XrdSysLogger *lp=0)
Definition: XrdSysError.hh:141

References XrdProxyOpt_t::bits, Bits, XrdCryptoX509::BitStrength(), XrdOucString::c_str(), ClockSkew, CreateProxy, CryptoMod, cryptoTRACE_Debug, Debug, XrdProxyOpt_t::depthlen, Display(), eDest, EEcert, EEkey, Exists, gCryptoFactory, XrdCryptoFactory::GetCryptoFactory(), GetVOMSAttr, gsiTrace, XrdCryptoX509::Issuer(), kM_destroy, kM_help, kM_info, kM_init, Logger, XrdSysError::logger(), Menu(), Mode, XrdCryptoX509::NotAfter(), ParseArguments(), ParseFile, PathLength, XrdCryptoFactory::ProxyCertInfo(), ProxyCertInfo, PRT, PXcert, XrdCryptoFactory::SetTrace(), XrdCryptoX509::Subject(), sutTRACE_Debug, TRACE_Authen, TRACE_Debug, unlink(), XrdProxyOpt_t::valid, Valid, XrdOucTrace::What, XrdCryptoFactory::X509CreateProxy(), XrdCryptoFactory::X509GetVOMSAttr(), XrdCryptoFactory::X509ParseFile(), XrdCryptoSetTrace(), XrdSutParseTime(), and XrdSutSetTrace().

+ Here is the call graph for this function:

◆ Menu()

void Menu ( )

Definition at line 629 of file XrdSecgsiProxy.cc.

630 {
631  // Print the menu
632 
633  PRT(" ");
634  PRT(" xrdgsiproxy: application to manage GSI proxies ");
635  PRT(" ");
636  PRT(" Syntax:");
637  PRT(" ");
638  PRT(" xrdgsiproxy [-h] [<mode>] [options] ");
639  PRT(" ");
640  PRT(" ");
641  PRT(" -h display this menu");
642  PRT(" ");
643  PRT(" mode (info, init, destroy) [info]");
644  PRT(" ");
645  PRT(" info: display content of existing proxy file");
646  PRT(" ");
647  PRT(" init: create proxy certificate and related proxy file");
648  PRT(" ");
649  PRT(" destroy: delete existing proxy file");
650  PRT(" ");
651  PRT(" options:");
652  PRT(" ");
653  PRT(" -debug Print more information while running this"
654  " query (use if something goes wrong) ");
655  PRT(" ");
656  PRT(" -f,-file,-out <file> Non-standard location of proxy file");
657  PRT(" ");
658  PRT(" init mode only:");
659  PRT(" ");
660  PRT(" -certdir <dir> Non-standard location of directory"
661  " with information about known CAs");
662  PRT(" -cert <file> Non-standard location of certificate"
663  " for which proxies are wanted");
664  PRT(" -key <file> Non-standard location of the private"
665  " key to be used to sign the proxy");
666  PRT(" -bits <bits> strength in bits of the key [2048]");
667  PRT(" -valid <hh:mm> Time validity of the proxy certificate [12:00]");
668  PRT(" -path-length <len> max number of descendent levels below"
669  " this proxy [0] ");
670  PRT(" -e,-exists [options] returns 0 if valid proxy exists, 1 otherwise;");
671  PRT(" valid options: '-valid <hh:mm>', -bits <bits>");
672  PRT(" -clockskew <secs> max clock-skewness allowed when checking time validity [30 secs]");
673  PRT(" -extensions low-level dump of certificate extensions");
674  PRT(" ");
675 }

References PRT.

Referenced by main(), and ParseArguments().

+ Here is the caller graph for this function:

◆ ParseArguments()

int ParseArguments ( int  argc,
char **  argv 
)

Definition at line 285 of file XrdSecgsiProxy.cc.

286 {
287  // Parse application arguments filling relevant global variables
288 
289  // Number of arguments
290  if (argc < 0 || !argv[0]) {
291  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
292  PRT("+ Insufficient number or arguments! +");
293  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
294  // Print main menu
295  Menu();
296  return 1;
297  }
298  --argc;
299  ++argv;
300 
301  //
302  // Loop over arguments
303  while ((argc >= 0) && (*argv)) {
304 
305  XrdOucString opt = "";
306  int ival = -1;
307  if(*(argv)[0] == '-') {
308 
309  opt = *argv;
310  opt.erase(0,1);
311  if (CheckOption(opt,"h",ival) || CheckOption(opt,"help",ival) ||
312  CheckOption(opt,"menu",ival)) {
313  Mode = kM_help;
314  } else if (CheckOption(opt,"debug",ival)) {
315  Debug = ival;
316  } else if (CheckOption(opt,"e",ival)) {
317  Exists = 1;
318  } else if (CheckOption(opt,"exists",ival)) {
319  Exists = 1;
320  } else if (CheckOption(opt,"f",ival)) {
321  --argc;
322  ++argv;
323  if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
324  PXcert = *argv;
325  } else {
326  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
327  PRT("+ Option '-f' requires a proxy file name: ignoring +");
328  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
329  argc++;
330  argv--;
331  }
332  } else if (CheckOption(opt,"file",ival)) {
333  --argc;
334  ++argv;
335  if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
336  PXcert = *argv;
337  } else {
338  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
339  PRT("+ Option '-file' requires a proxy file name: ignoring +");
340  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
341  argc++;
342  argv--;
343  }
344  } else if (CheckOption(opt,"out",ival)) {
345  --argc;
346  ++argv;
347  if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
348  PXcert = *argv;
349  } else {
350  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
351  PRT("+ Option '-out' requires a proxy file name: ignoring +");
352  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
353  argc++;
354  argv--;
355  }
356  } else if (CheckOption(opt,"cert",ival)) {
357  --argc;
358  ++argv;
359  if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
360  EEcert = *argv;
361  } else {
362  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
363  PRT("+ Option '-cert' requires a cert file name: ignoring +");
364  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
365  argc++;
366  argv--;
367  }
368  } else if (CheckOption(opt,"key",ival)) {
369  --argc;
370  ++argv;
371  if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
372  EEkey = *argv;
373  } else {
374  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
375  PRT("+ Option '-key' requires a key file name: ignoring +");
376  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
377  argc++;
378  argv--;
379  }
380  } else if (CheckOption(opt,"certdir",ival)) {
381  --argc;
382  ++argv;
383  if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
384  CAdir = *argv;
385  } else {
386  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
387  PRT("+ Option '-certdir' requires a dir path: ignoring +");
388  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
389  argc++;
390  argv--;
391  }
392  } else if (CheckOption(opt,"valid",ival)) {
393  --argc;
394  ++argv;
395  if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
396  Valid = *argv;
397  } else {
398  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
399  PRT("+ Option '-valid' requires a time string: ignoring +");
400  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
401  argc++;
402  argv--;
403  }
404  } else if (CheckOption(opt,"path-length",ival)) {
405  --argc;
406  ++argv;
407  if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
408  PathLength = strtol(*argv,0,10);
409  if (PathLength < -1 || errno == ERANGE) {
410  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
411  PRT("+ Option '-path-length' requires a number >= -1: ignoring +");
412  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
413  argc++;
414  argv--;
415  }
416  } else {
417  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
418  PRT("+ Option '-path-length' requires a number >= -1: ignoring +");
419  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
420  argc++;
421  argv--;
422  }
423  } else if (CheckOption(opt,"bits",ival)) {
424  --argc;
425  ++argv;
426  if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
427  Bits = strtol(*argv, 0, 10);
428  Bits = (Bits > 2048) ? Bits : 2048;
429  if (errno == ERANGE) {
430  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
431  PRT("+ Option '-bits' requires a number: ignoring +");
432  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
433  argc++;
434  argv--;
435  }
436  } else {
437  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
438  PRT("+ Option '-bits' requires a number: ignoring +");
439  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
440  argc++;
441  argv--;
442  }
443  } else if (CheckOption(opt,"clockskew",ival)) {
444  --argc;
445  ++argv;
446  if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
447  ClockSkew = strtol(*argv, 0, 10);
448  if (ClockSkew < -1 || errno == ERANGE) {
449  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
450  PRT("+ Option '-clockskew' requires a number >= -1: ignoring +");
451  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
452  argc++;
453  argv--;
454  }
455  } else {
456  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
457  PRT("+ Option '-clockskew' requires a number >= -1: ignoring +");
458  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
459  argc++;
460  argv--;
461  }
462  } else if (CheckOption(opt,"extensions",ival)) {
463  DumpExtensions = 1;
464  } else {
465  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
466  PRT("+ Ignoring unrecognized option: "<<*argv);
467  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
468  }
469 
470  } else {
471  //
472  // Mode keyword
473  opt = *argv;
474  if (CheckOption(opt,"init",ival)) {
475  Mode = kM_init;
476  } else if (CheckOption(opt,"info",ival)) {
477  Mode = kM_info;
478  } else if (CheckOption(opt,"destroy",ival)) {
479  Mode = kM_destroy;
480  } else if (CheckOption(opt,"help",ival)) {
481  Mode = kM_help;
482  } else {
483  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
484  PRT("+ Ignoring unrecognized keyword mode: "<<opt.c_str());
485  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
486  }
487  }
488  --argc;
489  ++argv;
490  }
491 
492  //
493  // Default mode 'info'
494  Mode = (Mode == 0) ? kM_info : Mode;
495 
496  //
497  // If help mode, print menu and exit
498  if (Mode == kM_help) {
499  // Print main menu
500  Menu();
501  return 1;
502  }
503 
504  //
505  // we may need later
506  struct passwd *pw = 0;
507  XrdSysPwd thePwd;
508 
509  //
510  // Check proxy file
511  if (PXcert.length() <= 0) {
512  // Use defaults
513  if (!pw && !(pw = thePwd.Get(getuid()))) {
514  // Cannot get info about current user
515  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
516  PRT("+ Cannot get info about current user - exit ");
517  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
518  return 1;
519  }
520  // Build proxy file name
521  PXcert = DefPXcert + (int)(pw->pw_uid);
522  }
523  //
524  // Expand Path
526  // Get info
527  struct stat st;
528  if (stat(PXcert.c_str(),&st) != 0) {
529  if (errno != ENOENT) {
530  // Path exists but we cannot access it - exit
531  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
532  PRT("+ Cannot access requested proxy file: "<<PXcert.c_str());
533  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
534  return 1;
535  } else {
536  if (Mode != kM_init) {
537  // Path exists but we cannot access it - exit
538  if (!Exists) {
539  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
540  PRT("+ proxy file: "<<PXcert.c_str()<<" not found");
541  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
542  }
543  return 1;
544  }
545  }
546  }
547 
548  //
549  // The following applies in 'init' mode only
550  if (Mode == kM_init) {
551  //
552  // Check certificate file
553  if (EEcert.length()) {
554  //
555  // Expand Path
557  // Get info
558  if (stat(EEcert.c_str(),&st) != 0) {
559  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
560  PRT("+ Cannot access certificate file: "<<EEcert.c_str());
561  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
562  return 1;
563  }
564  } else {
565  // Use defaults
566  if (!pw && !(pw = thePwd.Get(getuid()))) {
567  // Cannot get info about current user
568  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
569  PRT("+ Cannot get info about current user - exit ");
570  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
571  return 1;
572  }
573  EEcert = DefEEcert;
574  EEcert.insert(XrdSutHome(), 0);
575  if (stat(EEcert.c_str(),&st) != 0) {
576  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
577  PRT("+ Cannot access certificate file: "<<EEcert.c_str());
578  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
579  return 1;
580  }
581  }
582  //
583  // Check key file
584  if (EEkey.length()) {
585  //
586  // Expand Path
588  // Get info
589  if (stat(EEkey.c_str(),&st) != 0) {
590  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
591  PRT("+ Cannot access private key file: "<<EEkey.c_str());
592  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
593  return 1;
594  }
595  } else {
596  // Use defaults
597  if (!pw && !(pw = thePwd.Get(getuid()))) {
598  // Cannot get info about current user
599  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
600  PRT("+ Cannot get info about current user - exit ");
601  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
602  return 1;
603  }
604  EEkey = DefEEkey;
605  EEkey.insert(XrdSutHome(), 0);
606  if (stat(EEkey.c_str(),&st) != 0) {
607  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
608  PRT("+ Cannot access private key file: "<<EEkey.c_str());
609  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
610  return 1;
611  }
612  }
613  // Check permissions
614  if (!S_ISREG(st.st_mode) || S_ISDIR(st.st_mode) ||
615  (st.st_mode & (S_IWGRP | S_IWOTH)) != 0 ||
616  (st.st_mode & (S_IRGRP | S_IROTH)) != 0) {
617  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
618  PRT("+ Wrong permissions for file: "<<EEkey.c_str()<< " (should be 0600)");
619  PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
620  return 1;
621  }
622  }
623 
624  return 0;
625 }
int stat(const char *path, struct stat *buf)
bool CheckOption(XrdOucString opt, const char *ref, int &ival)
XrdOucString CAdir
XrdOucString DefPXcert
XrdOucString DefEEcert
XrdOucString DefEEkey
int XrdSutExpand(XrdOucString &path)
Definition: XrdSutAux.cc:366
const char * XrdSutHome()
Definition: XrdSutAux.cc:465
int erase(int start=0, int size=0)
struct passwd * Get(const char *Usr)
Definition: XrdSysPwd.hh:42

References Bits, XrdOucString::c_str(), CAdir, CheckOption(), ClockSkew, Debug, DefEEcert, DefEEkey, DefPXcert, DumpExtensions, EEcert, EEkey, XrdOucString::erase(), Exists, XrdSysPwd::Get(), XrdOucString::insert(), kM_destroy, kM_help, kM_info, kM_init, XrdOucString::length(), Menu(), Mode, PathLength, PRT, PXcert, stat(), Valid, XrdSutExpand(), and XrdSutHome().

Referenced by main().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Variable Documentation

◆ Bits

int Bits = 2048

Definition at line 113 of file XrdSecgsiProxy.cc.

Referenced by main(), and ParseArguments().

◆ CAdir

XrdOucString CAdir = "/etc/grid-security/certificates/"

Definition at line 104 of file XrdSecgsiProxy.cc.

Referenced by XrdSecProtocolgsi::Init(), and ParseArguments().

◆ ClockSkew

int ClockSkew = 30

Definition at line 115 of file XrdSecgsiProxy.cc.

Referenced by main(), and ParseArguments().

◆ CreateProxy

XrdCryptoX509CreateProxy_t CreateProxy = 0

Definition at line 101 of file XrdSecgsiProxy.cc.

Referenced by main().

◆ CRLdir

XrdOucString CRLdir = "/etc/grid-security/certificates/"

Definition at line 105 of file XrdSecgsiProxy.cc.

Referenced by XrdSecProtocolgsi::Init().

◆ CryptoMod

XrdOucString CryptoMod = "ssl"

Definition at line 99 of file XrdSecgsiProxy.cc.

Referenced by XrdSecProtocolgsi::getCredentials(), and main().

◆ Debug

bool Debug = 0

Definition at line 95 of file XrdSecgsiProxy.cc.

Referenced by main(), and ParseArguments().

◆ DefEEcert

XrdOucString DefEEcert = "/.globus/usercert.pem"

Definition at line 106 of file XrdSecgsiProxy.cc.

Referenced by ParseArguments().

◆ DefEEkey

XrdOucString DefEEkey = "/.globus/userkey.pem"

Definition at line 107 of file XrdSecgsiProxy.cc.

Referenced by ParseArguments().

◆ DefPXcert

XrdOucString DefPXcert = "/tmp/x509up_u"

Definition at line 108 of file XrdSecgsiProxy.cc.

Referenced by ParseArguments().

◆ DumpExtensions

bool DumpExtensions = 0

Definition at line 96 of file XrdSecgsiProxy.cc.

Referenced by Display(), and ParseArguments().

◆ eDest

XrdSysError eDest(0,"proxy_") ( ,
"proxy_"   
)
static

Referenced by main().

◆ EEcert

XrdOucString EEcert = ""

Definition at line 109 of file XrdSecgsiProxy.cc.

Referenced by main(), and ParseArguments().

◆ EEkey

XrdOucString EEkey = ""

Definition at line 110 of file XrdSecgsiProxy.cc.

Referenced by main(), and ParseArguments().

◆ Exists

bool Exists = 0

Definition at line 97 of file XrdSecgsiProxy.cc.

Referenced by XrdCmsBaseFS::Exists(), main(), and ParseArguments().

◆ gCryptoFactory

XrdCryptoFactory* gCryptoFactory = 0

Definition at line 98 of file XrdSecgsiProxy.cc.

Referenced by Display(), and main().

◆ GetVOMSAttr

XrdCryptoX509GetVOMSAttr_t GetVOMSAttr = 0

Definition at line 102 of file XrdSecgsiProxy.cc.

Referenced by Display(), and main().

◆ gModesStr

const char* gModesStr[]
Initial value:
= {
"kM_undef",
"kM_init",
"kM_info",
"kM_destroy",
"kM_help"
}

Definition at line 75 of file XrdSecgsiProxy.cc.

◆ gsiTrace

XrdOucTrace* gsiTrace = 0

Definition at line 119 of file XrdSecgsiProxy.cc.

Referenced by main().

◆ Logger

XrdSysLogger Logger
static

Definition at line 117 of file XrdSecgsiProxy.cc.

Referenced by main().

◆ Mode

◆ ParseFile

XrdCryptoX509ParseFile_t ParseFile = 0

Definition at line 100 of file XrdSecgsiProxy.cc.

Referenced by main().

◆ PathLength

int PathLength = 0

Definition at line 114 of file XrdSecgsiProxy.cc.

Referenced by main(), and ParseArguments().

◆ ProxyCertInfo

XrdCryptoProxyCertInfo_t ProxyCertInfo = 0

Definition at line 103 of file XrdSecgsiProxy.cc.

Referenced by Display(), and main().

◆ PXcert

XrdOucString PXcert = ""

Definition at line 111 of file XrdSecgsiProxy.cc.

Referenced by Display(), main(), and ParseArguments().

◆ Valid