CGSI-gSOAP-1.3.5/0000775001227000117040000000000011757445543012534 5ustar ellertellertCGSI-gSOAP-1.3.5/LICENSE0000775001227000117040000002613611245230377013541 0ustar ellertellert Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. CGSI-gSOAP-1.3.5/TODO0000664001227000117040000000172210401342023013174 0ustar ellertellertOverall: feature set shall be synchronized with csec. Problematic: currently only one VO and its attributes are returned, however there might be more than one VOMS AC in a proxy. Optional: Using gridsite, instead of voms-api-c for AC parsing. DN check: currently looks for the "host/" prefix, or else the check has to be disabled. Option for no prefix or custom prefix would be desirable. GT4 compatibility: Date: Thu, 23 Feb 2006 23:00:09 +0200 From: Aleksandr Konstantinov Minor issue in CGSI. Function gss_init_sec_context of Globus GSSAPI library (at least version I have installed, GT4.0.1, ver. 4.8) does not accept undefined target name if GSS_C_DELEG_FLAG flag is set. That was causing CGSI fail even before attempting handshake. Fix was simply to use globus_gss_assist_authorization_host_name() to generate required name. Long term: Unification of gsoap-plugin and cgsi-gsoap packages. CGSI-gSOAP-1.3.5/VERSION0000664001227000117040000000003011743524311013557 0ustar ellertellertVERSION=1.3.5 RELEASE=2 CGSI-gSOAP-1.3.5/get-platform-os0000775001227000117040000000204011077112407015457 0ustar ellertellert#!/bin/sh platform_os='unknown' set +e IFS_SAVED="$IFS" IFS=':' while read pattern os; do egrep -qi "$pattern" /etc/issue.net if [ $? -eq 0 ]; then platform_os="$os" fi done < # default: all ifndef VERSION include ../VERSION endif ifndef RELEASE_SUFFIX RELEASE_SUFFIX=sol10-x86 endif VPACKAGE=CGSI-gSOAP27-$(VERSION) VPACKAGE_TAR=$(VPACKAGE).tar.gz all: CGSI-gSOAP27 mkdir -p ../RPMS cp build-*/RPMS/*-sol10-x86 ../RPMS/ CGSI-gSOAP27: build-pkg cd build-pkg/BUILD; \ rm -rf $(VPACKAGE); \ gtar -xzf ../SOURCES/$(VPACKAGE_TAR) BUILD_ROOT=$(PWD)/build-pkg/BUILD/$(VPACKAGE)-root; \ LD_LIBRARY_PATH=$(GLOBUS_LOCATION)/lib:$(LD_LIBRARY_PATH); export LD_LIBRARY_PATH; \ (cd build-pkg/BUILD/$(VPACKAGE); \ ./configure ${EXTRA_CONFIGURE_OPTIONS}; \ gmake; \ gmake install PREFIX=$$BUILD_ROOT; \ gmake install.man PREFIX=$$BUILD_ROOT); \ pkgmk -o -b$$BUILD_ROOT -f prototype.dev -v $(VERSION); \ pkgmk -o -b$$BUILD_ROOT -f prototype.nonvoms -v $(VERSION) VERSION=$(VERSION); \ pkgmk -o -b$$BUILD_ROOT -f prototype.voms -v $(VERSION) VERSION=$(VERSION) pkgtrans -o -s /var/spool/pkg $(PWD)/build-pkg/RPMS/CGSI-gSOAP27-dev-$(VERSION)-$(RELEASE_SUFFIX) CGSI-gSOAP27-dev pkgtrans -o -s /var/spool/pkg $(PWD)/build-pkg/RPMS/CGSI-gSOAP27-$(VERSION)-$(RELEASE_SUFFIX) CGSI-gSOAP27 pkgtrans -o -s /var/spool/pkg $(PWD)/build-pkg/RPMS/CGSI-gSOAP27-voms-$(VERSION)-$(RELEASE_SUFFIX) CGSI-gSOAP27-voms build-pkg: $(VPACKAGE_TAR) mkdir -p build-pkg mkdir -p build-pkg/BUILD mkdir -p build-pkg/RPMS mkdir -p build-pkg/SOURCES cp $(VPACKAGE_TAR) build-pkg/SOURCES $(VPACKAGE_TAR): cd ..; \ rm -rf $(VPACKAGE); \ mkdir -p $(VPACKAGE); \ cp -rp configure RELEASE-NOTES VERSION src $(VPACKAGE)/; \ find $(VPACKAGE)/ -name .svn -exec rm -rf {} \;; \ gtar -czf $(VPACKAGE_TAR) $(VPACKAGE); \ rm -rf $(VPACKAGE) mv ../$(VPACKAGE_TAR) . clean: rm -rf $(VPACKAGE_TAR) build-pkg distclean: rm -rf ../RPMS CGSI-gSOAP-1.3.5/solaris/prototype.dev0000664001227000117040000000065311155051410016733 0ustar ellertellerti pkginfo=pkginfo.dev i depend=depend.dev d none include 0755 root bin ! default 0644 root bin f none include/cgsi_plugin.h d none lib 0755 root bin f none lib/libcgsi_plugin_gsoap_2.7.a f none lib/libcgsi_plugin_voms_gsoap_2.7_gcc32dbg.a f none lib/libcgsi_plugin_voms_gsoap_2.7_gcc32dbgpthr.a d none share 0755 root bin d none share/man 0755 root bin d none share/man/man3 0755 root bin f none share/man/man3/cgsi_plugin.h.3 CGSI-gSOAP-1.3.5/solaris/depend.dev0000664001227000117040000000016211155051410016120 0ustar ellertellertP VOMS-api-c VOMS API (C wrapper libraries) P VDT-globus-essentials VDT globus essentials (CLIs and shared libs) CGSI-gSOAP-1.3.5/solaris/pkginfo.dev0000664001227000117040000000023211155051410016314 0ustar ellertellertPKG="CGSI-gSOAP27-dev" NAME="GSI plugin for gSOAP 2.7 (headers and archive libs)" ARCH="i386" VERSION="x.x.x" CATEGORY="application" BASEDIR="/opt/glite" CGSI-gSOAP-1.3.5/solaris/depend.voms0000664001227000117040000000016211155051410016326 0ustar ellertellertP VOMS-api-c VOMS API (C wrapper libraries) P VDT-globus-essentials VDT globus essentials (CLIs and shared libs) CGSI-gSOAP-1.3.5/solaris/pkginfo.voms0000664001227000117040000000024511155051410016526 0ustar ellertellertPKG="CGSI-gSOAP27-voms" NAME="GSI plugin for gSOAP 2.7 (shared libraries with VOMS support)" ARCH="i386" VERSION="x.x.x" CATEGORY="application" BASEDIR="/opt/glite" CGSI-gSOAP-1.3.5/RELEASE-NOTES0000775001227000117040000005776111743524311014432 0ustar ellertellert2012-04-17 15:08 molnarzs * RELEASE-NOTES, rpm/epel/CGSI-gSOAP.spec: [ticket:305]: Release notes updated for cgsi-gsoap_R_1_3_5_2 2012-04-03 09:30 rocha * rpm/epel, rpm/epel/CGSI-gSOAP.spec: Merging epel packaging with trunk. 2011-12-21 13:43 molnarzs * ., RELEASE-NOTES, VERSION: [ticket:262]: Integrating changes from integration branch glite-data-cgsi-gsoap_R_1_3_5_1 to trunk. 2011-11-23 13:43 molnarzs * src/globus_gsi_gss_constants.h, src/globus_i_gsi_credential.h, src/gssapi_openssl.h: [ticket:233]: EMI copyright message replaced with the Globus one 2011-11-11 10:17 molnarzs * ., src/cgsi_plugin.c: [ticket:176] - Fixing compilation error (http://bit.ly/t10l1F) 2011-11-11 10:16 molnarzs * ., src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h: Ricardo's rollback rolled back. 2011-11-11 08:31 rocha * ., src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h: Reverting commit 4426 (external patch, does not build). 2011-11-07 16:09 molnarzs * ., src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h: [ticket:176]: Paul's changes merged. 2011-03-08 10:07 baud * RELEASE-NOTES: 1.3.4-2 retag 2011-03-08 10:03 baud * rpm/cgsi-gsoap.spec: set AutoReqProv = yes (strong requirement from EMI project) 2011-03-07 10:04 baud * RELEASE-NOTES, VERSION: 1.3.4-2 tag 2011-02-15 08:26 baud * rpm/Makefile, rpm/cgsi-gsoap.spec: set runtime dependencies for globus and voms (they are not the same in gLite and EMI) 2011-02-11 09:18 baud * src/cgsi_plugin.c: srmv1 and srmv2.2 segfaults while security scan (bug #77984) 2011-02-02 14:58 baud * configure: make it work under Solaris (extended getopt is not supported) 2010-12-16 09:21 baud * rpm/cgsi-gsoap.spec, src/Makefile: new attempt to build for gLite and EMI 2010-12-06 12:10 baud * configure, src/Makefile: second try to make possible to build for gLite and EMI 2010-12-02 15:47 baud * src/Makefile: try to make possible to build for gLite and EMI 2010-08-23 11:21 baud * VERSION: release cgsi-gsoap_R_1_3_4_1 2010-08-23 11:20 baud * RELEASE-NOTES: updated release notes for the 1.3.4-1 release 2010-08-22 06:48 baud * solaris/Makefile: initial version 2010-08-20 14:24 baud * configure: does not define RELEASE_SUFFIX as not used and breaks build on other platforms 2010-08-20 12:49 baud * rpm/Makefile: add install target for Etics 2010-08-19 09:22 baud * rpm/cgsi-gsoap.spec: suppress "BuildRequires: glite-security-voms-api" because of the way Etics works 2010-08-18 14:29 baud * configure: edit the spec file instead of taking a template from project sub-directory 2010-08-18 14:28 baud * src/Makefile: add install.man target 2010-08-18 14:27 baud * rpm, rpm/Makefile, rpm/cgsi-gsoap.spec: create rpm sub-directory and spec file to help building from head 2010-08-17 06:04 baud * configure: fix typo in Provides 2010-08-06 12:24 baud * src/cgsi_plugin.c, src/cgsi_plugin.h: re-introduce retrieve_voms_credentials() for backward compatibility 2010-08-03 15:28 baud * RELEASE-NOTES: updated release notes for the 1.3.4 release 2010-08-03 15:20 baud * VERSION, src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h: add code to get user_ca 2010-08-03 15:18 baud * src/Makefile: fix typo in GLOBUS_FLAVOUR 2010-06-03 10:57 baud * project/glite-security-cgsi-gsoap.spec.template.2.7.10, project/glite-security-cgsi-gsoap.spec.template.etics: try to fix packaging problem on SL5 2010-04-07 07:41 tmanev * src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h, src/globus_gsi_gss_constants.h, src/globus_i_gsi_credential.h, src/gssapi_openssl.h, test/cgsi-gsoap-client.c, test/cgsi-gsoap-server.c, test/test-client-server.sh: EGEE copyright header fix. 2009-09-08 12:57 szamsu * project/e-c_org.glite.security.cgsi-gsoap-2.7.10.ini, project/e-c_org.glite.security.cgsi-gsoap-2.7.ini: using the --with-libdir option of 'configure' 2009-08-26 15:12 szamsu * configure, src/Makefile: Added properly versioned shared library names. Changed license to Apache2. 'configure' has a --with-libdir option to set platform specific names. 2009-08-26 12:59 szamsu * src/cgsi_plugin.c: License changed to Apache2 and protecting voms_apic.h, if compiled with C++ 2009-08-26 12:57 szamsu * src/cgsi_plugin.h: typo fixes and license changed to Apache2 2009-08-26 12:56 szamsu * LICENSE, project/e-m_org.glite.security.cgsi-gsoap-2.7.10.ini, project/e-m_org.glite.security.cgsi-gsoap-2.7.ini, project/glite-security-cgsi-gsoap.spec.template.etics, src/cgsi_plugin_int.h, src/doxygenConfig.footer.html, test/cgsi-gsoap-client.c, test/cgsi-gsoap-server.c, test/libtool, test/shunit, test/test-client-server.sh: License changed to Apache2 2009-08-26 12:55 szamsu * DESCRIPTION: *** empty log message *** 2009-08-19 12:24 szamsu * VERSION: release candidate: glite-security-cgsi-gsoap_R_1_3_3_2 2009-08-19 12:22 szamsu * RELEASE-NOTES: release candidate: glite-security-cgsi-gsoap-2-7_R_1_3_3_1 2009-08-19 12:20 szamsu * project/e-c_org.glite.security.cgsi-gsoap-2.7.ini: Fixing bug#53535. 2009-08-19 12:16 szamsu * VERSION, build.xml, project/build.number, project/build.properties, project/configure.properties.xml, project/e-c_org.glite.security.cgsi-gsoap.ini, project/e-m_org.glite.security.cgsi-gsoap.ini, project/glite-security-cgsi-gsoap.spec.template, project/properties.xml, project/version.properties: Removing gLite/ant build layer and gSOAP 2.6 compatibility. 2009-03-08 23:21 szamsu * solaris, solaris/depend.dev, solaris/depend.nonvoms, solaris/depend.voms, solaris/pkginfo.dev, solaris/pkginfo.nonvoms, solaris/pkginfo.voms, solaris/prototype.dev, solaris/prototype.nonvoms, solaris/prototype.voms: Solaris packaging 2009-02-16 22:39 szamsu * src/Makefile: Dropping BINFILES, as it is empty. 2009-02-16 22:11 szamsu * project/e-c_org.glite.security.cgsi-gsoap-2.7.10.ini, project/e-c_org.glite.security.cgsi-gsoap-2.7.ini, project/e-c_org.glite.security.cgsi-gsoap.ini: fixing for ETICS v.1.4.x clients 2009-02-16 22:03 szamsu * RELEASE-NOTES: updated release notes for the 1.3.3-1 release 2009-01-12 09:17 dhsmith * project/e-c_org.glite.security.cgsi-gsoap-2.7.10.ini, project/e-c_org.glite.security.cgsi-gsoap-2.7.ini, project/e-c_org.glite.security.cgsi-gsoap.ini, project/glite-security-cgsi-gsoap.spec.template, project/glite-security-cgsi-gsoap.spec.template.2.7.10, project/glite-security-cgsi-gsoap.spec.template.etics, project/version.properties, src/Makefile, src/cgsi_plugin.c, src/cgsi_plugin_int.h, test/Makefile: Update version to 1.3.3, apply initial solaris build changes and change vomsc to vomsapi 2008-10-21 08:17 szamsu * configure: typo 2008-10-20 14:28 szamsu * RELEASE-NOTES, project/version.properties: release candidate: glite-security-cgsi-gsoap_R_1_3_2_2 2008-10-20 14:26 szamsu * get-platform-os: Fixes #42623: DM custom packager creates rpms with invalid name 2008-07-09 11:12 szamsu * configure, project/e-c_org.glite.security.cgsi-gsoap-2.7.10.ini, project/e-c_org.glite.security.cgsi-gsoap-2.7.ini, project/e-c_org.glite.security.cgsi-gsoap.ini, src/Makefile: One has to ask for the C++ libs with the --with-cpp-libs option of 'configure'. Also fixed the dependencies of the 'install' target. 2008-07-07 07:41 szamsu * RELEASE-NOTES, project/version.properties: release candidate: glite-security-cgsi-gsoap_R_1_3_2_1 2008-07-07 07:36 szamsu * src/Makefile, src/cgsi_plugin.c: Explicit type casts to make the C++ compiler happy. 2008-07-07 06:24 szamsu * RELEASE-NOTES, project/e-c_org.glite.security.cgsi-gsoap-2.7.10.ini, project/e-c_org.glite.security.cgsi-gsoap-2.7.ini, project/e-c_org.glite.security.cgsi-gsoap.ini, project/version.properties: release candidate: glite-security-cgsi-gsoap_R_1_3_1_1 2008-06-04 08:51 szamsu * configure, for-2.7.patch, project/e-c_org.glite.security.cgsi-gsoap-2.7.10.ini, project/glite-security-cgsi-gsoap.spec.template.2.7.10, project/version.properties: gSOAP 2.7.10 needs some tweaking in the RPM spec file as well. 2008-06-04 08:29 szamsu * project/e-c_org.glite.security.cgsi-gsoap-2.7.10.ini, project/e-c_org.glite.security.cgsi-gsoap-2.7.ini, project/e-c_org.glite.security.cgsi-gsoap.ini, project/e-m_org.glite.security.cgsi-gsoap-2.7.10.ini, project/e-m_org.glite.security.cgsi-gsoap-2.7.ini, project/e-m_org.glite.security.cgsi-gsoap.ini: Added module and configuration for gSOAP 2.7.10. 2008-05-08 09:50 dhsmith * RELEASE-NOTES, src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h: Changes for export of delegated cred token, fd/connection leak and error message changes 2007-10-12 08:03 szamsu * configure, get-platform-os, project/glite-security-cgsi-gsoap.spec.template.etics: added OS name in the RPM release 2007-10-10 10:06 szamsu * test/Makefile: fixing VOMS lib64 in test as well 2007-10-10 09:09 szamsu * RELEASE-NOTES, project/version.properties, src/Makefile: release candidate: gl_1_2_1_rc2 2007-10-02 08:42 szamsu * project/e-c_org.glite.security.cgsi-gsoap-2.7.ini, project/e-c_org.glite.security.cgsi-gsoap.ini: removing ETICS runtime dependencies, as that information is not used anyway 2007-09-27 08:03 szamsu * RELEASE-NOTES, project/e-c_org.glite.security.cgsi-gsoap-2.7.ini, project/e-c_org.glite.security.cgsi-gsoap.ini, project/version.properties: release candidate: gl_1_2_1_rc1 2007-09-21 22:05 szamsu * test/cgsi-tracefile-with-ascii: CGSI_TRACEFILE analyzer tool 2007-09-12 15:58 szamsu * src/cgsi_plugin.c: Adding CGSI_gSOAP error messages to the Globus errors. 2007-09-10 15:31 szamsu * test/Makefile, test/test-client-server.sh: updated to use glite-test-certs 2007-08-30 12:17 szamsu * RELEASE-NOTES: lib64 2007-08-30 12:04 szamsu * project/Makefile.etics, project/e-c_org.glite.security.cgsi-gsoap-2.7.ini, project/e-c_org.glite.security.cgsi-gsoap.ini: now, even HEAD builds with ETICS! 2007-08-30 11:57 szamsu * project/glite-security-cgsi-gsoap.spec.template.etics: lib64 modification 2007-08-30 11:44 szamsu * src/Makefile: lib64 for x86_64 platforms 2007-08-30 11:42 szamsu * src/Makefile: default gSOAP version is 2.7 2007-08-30 11:41 szamsu * test/Makefile, test/libtool: GT4 .la files are more complex -- updated libtool emulation 2007-08-30 09:28 szamsu * configure, project/e-c_org.glite.security.cgsi-gsoap-2.7.ini: trying to make HEAD ETICS work 2007-08-29 12:03 szamsu * RELEASE-NOTES, project/version.properties: bumped up the version number 2007-07-31 11:24 dhsmith * RELEASE-NOTES, src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h, test/cgsi-gsoap-client.c, test/cgsi-gsoap-server.c, test/test-client-server.sh: Fix to allow delegation with vdt 1.6, plus some other changes. See RELEASE notes. 2007-07-23 09:29 szamsu * project/e-c_org.glite.security.cgsi-gsoap-2.7.ini, project/e-c_org.glite.security.cgsi-gsoap.ini, project/glite-security-cgsi-gsoap.spec.template.etics: package names are with underscore, not dash 2007-03-19 08:12 szamsu * for-2.7.patch: difference between 2.6 and 2.7 in gLite/ant 2007-03-15 16:26 szamsu * project/glite-security-cgsi-gsoap.spec.template, project/properties.xml: back to 2.6.2 as default 2007-03-15 12:26 szamsu * project/e-c_org.glite.security.cgsi-gsoap-2.7.ini, project/e-c_org.glite.security.cgsi-gsoap.ini, project/e-m_org.glite.security.cgsi-gsoap-2.7.ini, project/e-m_org.glite.security.cgsi-gsoap.ini, project/etics-configuration-template-2.6.ini, project/etics-configuration-template.ini: Two ETICS modules are associated with the single CVS module: - cgsi-gsoap-2.7 uses gSOAP 2.7.x - cgsi-gsoap uses gSOAP 2.6.2 ETICS module and configuration templates are added. 2007-03-06 17:31 szamsu * project/etics-configuration-template-2.6.ini, project/etics-configuration-template.ini: added globus, removed test-utils as dependency 2007-03-06 15:05 szamsu * project/build.properties: 2.7 is the default from now on 2007-02-01 10:01 szamsu * src/cgsi_plugin.c: -Wall cleanup: char to unsinged char conversion 2007-01-26 23:43 szamsu * project/etics-configuration-template-2.6.ini: fine tuning the config name 2007-01-26 10:32 szamsu * project/etics-configuration-template-2.6.ini, project/etics-configuration-template.ini: going for dual build 2007-01-25 09:50 szamsu * project/Makefile.etics, project/etics-configuration-template.ini, project/glite-security-cgsi-gsoap.spec.template.etics: trying to make an RPM using ETICS package.userspec 2007-01-22 23:52 szamsu * project/Makefile.etics, project/etics-configuration-template.ini: almost working 2007-01-22 22:45 szamsu * project/Makefile.etics, project/etics-configuration-template.ini: trying to remove the ant layer 2007-01-19 17:05 szamsu * RELEASE-NOTES, project/etics-configuration-template.ini, project/version.properties: release candidate: gl_1_1_17_rc2 2007-01-19 17:03 szamsu * src/cgsi_plugin.c: Avoiding memory leak, when retrieve_voms_credentials() called multiple times. 2007-01-11 23:25 szamsu * RELEASE-NOTES, project/version.properties: release candidate: gl_1_1_17_rc1 2007-01-11 23:22 szamsu * src/cgsi_plugin.c, test/test-client-server.sh: Having no VOMS extension in a certificate is not an error. 2007-01-09 12:01 szamsu * build.xml: re-build shall work 2007-01-09 10:41 szamsu * RELEASE-NOTES, build.xml, project/glite-security-cgsi-gsoap.spec.template: RELEASE-NOTES in proper RPM changelog format. Also added to the RPM. 2007-01-08 14:14 szamsu * project/version.properties: build changes 2007-01-08 14:13 szamsu * build.xml, project/build.properties, project/glite-security-cgsi-gsoap.spec.template, project/properties.xml: Preparations for parallel gSOAP 2.6 and 2.7 builds. 2006-12-18 10:11 szamsu * project/glite-security-cgsi-gsoap.spec.template: Ben is not the maintainer any more 2006-12-15 14:57 szamsu * project/etics-configuration-template.ini: eticsification 2006-11-16 14:10 szamsu * RELEASE-NOTES: release candidate: gl_1_1_16_rc2 2006-11-16 14:06 szamsu * test/test-client-server.sh: added stress test 2006-11-16 11:12 szamsu * RELEASE-NOTES: forgot to change the option name in the RELEASE-NOTES 2006-10-17 12:36 szamsu * src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h, test/cgsi-gsoap-server.c: Changed option name from CGSI_OPT_DISABLE_CONNECT_VOMS to CGSI_OPT_DISABLE_VOMS_CHECK 2006-10-03 15:38 szamsu * build.xml: disabling the unittest for the dist target, as there might be temporary problems with certificates 2006-10-02 12:09 szamsu * setenv23.sh: not used any more 2006-09-27 10:09 szamsu * test/Makefile: gSOAP 2.7.6b forward compatibility. 2006-09-24 23:39 szamsu * src/cgsi_plugin.c: To avoid having garbage printed into the trace file we sacrify one byte of the receiving buffer, and put a string closing \0 there. 2006-09-13 22:34 szamsu * RELEASE-NOTES, src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h, test/cgsi-gsoap-client.c, test/cgsi-gsoap-server.c, test/test-client-server.sh: Added CGSI_OPT_DISABLE_CONNECT_VOMS option to disable VOMS parsing at connection time. One can do it later via retrieve_voms_credentials() 2006-09-07 16:14 szamsu * test/Makefile: Setting Globus libraries explicitly for test binaries. 2006-08-31 13:31 szamsu * build.xml, project/version.properties: Making testing part of the build process. 2006-08-30 15:40 szamsu * project/version.properties: release candidate: gl_1_1_16_rc1 2006-08-30 15:39 szamsu * DESCRIPTION, RELEASE-NOTES, project/version.properties: release candidate: gl_1_1_16_rc5 2006-08-30 15:39 szamsu * gsoap-2.6.2-to-2.7.6b.patch: rolled into the code 2006-08-30 15:35 szamsu * src/cgsi_plugin.c: gSOAP 2.7.x compatibility fix. 2006-08-30 14:00 szamsu * src/cgsi_plugin.c, src/cgsi_plugin.h, test/cgsi-gsoap-server.c, test/test-client-server.sh: VOMS parsing is no longer implicit, but one has to call retrieve_voms_credentials() to make it happen. It returns -1 in case of error and fills the SOAP Fault sturture with the details. 2006-08-30 13:43 szamsu * test/Makefile: make sensitive to library changes 2006-08-30 12:28 szamsu * src/cgsi_plugin.c: Whitespace changes. 2006-08-29 16:03 szamsu * test/shunit, test/test-client-server.sh: client-server test suite -- requires glite-security-test-utils to be staged! 2006-08-29 16:02 szamsu * test/Makefile: test server is linked with the VOMSified library 2006-08-29 16:02 szamsu * test/cgsi-gsoap-client.c: short timeouts for quick tests 2006-08-29 16:01 szamsu * test/cgsi-gsoap-server.c: Output goes to stdout, so order is kept. Implemented getAttributes() to return all authorization attributes. 2006-08-29 15:59 szamsu * test/cgsi-gsoap-test.wsdl: no need for exception 2006-08-29 15:59 szamsu * src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h: - New server side option: CGSI_OPT_DISABLE_MAPPING, to disable gridmap-file lookup of the DN (for example server does its own authorization). - VOMS AC verification failure aborts the connection, but the details are reported in the gSOAP error structures. 2006-08-28 16:07 szamsu * test/cgsi-gsoap-server.c: Satisfying -Wall 2006-08-28 16:03 szamsu * build.xml, test, test/Makefile, test/cgsi-gsoap-client.c, test/cgsi-gsoap-server.c, test/cgsi-gsoap-test.wsdl, test/typemap.dat: Simple client and server for automated testing. Re-organized the build, putting src and test into subdirectories a'la automake. 2006-08-28 16:01 szamsu * src/Makefile: convenience targets for simple builds: html and man 2006-08-22 16:14 szamsu * gsoap-2.6.2-to-2.7.6b.patch: still to be reviewed 2006-04-30 09:59 dimeglio * ., .cvsignore: First version of this file 2006-03-01 15:56 szamsu * TODO: *** empty log message *** 2006-02-17 10:50 szamsu * TODO: todo 2006-02-15 17:13 szamsu * RELEASE-NOTES, build.xml, project/glite-security-cgsi-gsoap.spec.template, src/Makefile, src/doxygenConfig, src/doxygenConfig.footer.html: interface doc in HTML and man formats 2006-02-15 15:38 szamsu * project/glite-security-cgsi-gsoap.spec.template: -dev shall depend on the globus SDK 2006-02-15 15:19 szamsu * project/glite-security-cgsi-gsoap.spec.template: split VOMS related stuff into separate RPM; added proper requires tags 2006-02-15 15:17 szamsu * RELEASE-NOTES, project/version.properties: -voms RPM 2006-02-15 13:46 szamsu * build.xml, project/glite-security-cgsi-gsoap.spec.template: added the vomsified .so symbols to the provides list 2006-02-14 15:22 szamsu * project/glite-security-cgsi-gsoap.spec.template, project/version.properties: simplified RPM provides list to tell the truth in a 64 bit build as well 2006-02-13 14:32 szamsu * build.xml, project/configure.properties.xml, project/version.properties: use 2.6, instead of 2.6.2 in library names 2006-02-13 13:58 szamsu * project/configure.properties.xml, project/version.properties: dbg flavour is preferred 2006-02-13 13:57 szamsu * build.xml: SLC3 comes only with ant 1.6.1, so scaling back the fix 2006-02-13 13:29 szamsu * build.xml: turned my private itch into a Savannah bug 2006-02-13 11:53 szamsu * RELEASE-NOTES: segfault fix description 2006-02-13 11:52 szamsu * build.xml, project/glite-security-cgsi-gsoap.spec.template: THIS IS DIRTY: had to replace the rpm.init target to be able to build with /usr prefix 2006-02-13 11:44 szamsu * build.xml, project/configure.properties.xml, project/glite-security-cgsi-gsoap.spec.template, src/Makefile: RPM is created, but only with the /opt/glite prefix 2006-02-13 11:17 szamsu * src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h: bolierplate changes according to the licence 2006-02-13 11:14 szamsu * src/cgsi_plugin.c: struct allocation problem fix by David Smith 2006-02-13 11:12 szamsu * project/configure.properties.xml, src/Makefile: build also the VOMSified libraries 2006-02-11 22:47 szamsu * DESCRIPTION, RELEASE-NOTES, build.xml, project, project/build.number, project/build.properties, project/configure.properties.xml, project/glite-security-cgsi-gsoap.spec.template, project/properties.xml, project/version.properties, src/Makefile: basic project files and build changes 2006-02-11 22:45 szamsu * LICENSE: Changing license to the EGEE one, in agreement with Ben 2006-01-23 17:18 bcouturi * src/Makefile: Fixed install with version 2006-01-23 17:11 bcouturi * RELEASE-NOTES: Added 1.1.14 2006-01-23 17:07 bcouturi * src/Makefile: Fixed install 2006-01-23 16:55 bcouturi * src/Makefile: Fixed typo 2006-01-23 16:53 bcouturi * src/Makefile: Fixed makefile to produced library with different f globus flavours 2006-01-23 12:17 bcouturi * src/cgsi_plugin.c: Incorporated patch from David Smith that fixes a memory leak with VOMS 2006-01-23 11:22 bcouturi * setenv23.sh: Added helper script 2006-01-09 10:06 bcouturi * src/cgsi_plugin.c: Added check that plugin != NULL and fixed return of cgsi_plugin_get_voms_creds_from_ctx 2006-01-06 16:06 bcouturi * RELEASE-NOTES, src/cgsi_plugin.c: Fixed memory leak in case of error 2005-12-07 08:38 bcouturi * src/cgsi_plugin.c: Added integrity flag 2005-11-30 18:46 bcouturi * src/Makefile: Fixed default version value for gsoap 2005-11-28 09:19 bcouturi * src/cgsi_plugin.c: Fix memory leak in free of X509 stack chain 2005-11-17 08:48 bcouturi * src/Makefile: Fixed install and clean rules 2005-11-17 08:18 bcouturi * RELEASE-NOTES: Added 1.1.11 2005-11-17 08:15 bcouturi * src/Makefile, src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h, src/globus_gsi_gss_constants.h, src/globus_i_gsi_credential.h, src/gssapi_openssl.h: Merged VOMS branch back into main 2005-10-13 18:04 bcouturi * src/cgsi_plugin.c: When exporting credentials, the file should be overwritten, not appended... 2005-07-12 15:20 bcouturi * LICENSE, RELEASE-NOTES, src/cgsi_plugin.c, src/cgsi_plugin.h: Added license 2005-05-30 15:58 bcouturi * src/Makefile: Changed default local to /usr 2005-01-25 08:18 bcouturi * src/cgsi_plugin.c: Included David Smith's activation/deactivation patch to allow running the plugin in a multithreaded server 2004-11-12 15:25 bcouturi * RELEASE-NOTES, src/cgsi_plugin.c: Added README and fixed cgsi_plugin_copy 2004-11-10 13:41 bcouturi * src/Makefile, src/cgsi_plugin.c: Fixed some warnings on IA 64 2004-10-14 08:59 bcouturi * src/cgsi_plugin.c, src/cgsi_plugin.h: Added extern "C" so that module can be called from C++ code. Also moved the fault detail content to the SOAP Faultstring field. 2004-07-08 15:50 bcouturi * src/cgsi_plugin.c: Do not send packet when clearing the context ! 2004-06-23 13:37 bcouturi * src/cgsi_plugin.c: The wrong buffer was released, causing a memory leak. 2004-06-17 15:37 bcouturi * src/Makefile, src/cgsi_plugin.c, src/cgsi_plugin.h: Added fixes from Jens-Jensen and Akos Frohner 2004-05-05 06:55 bcouturi * src/cgsi_plugin.c: Added module activation code. 2003-12-10 16:47 bcouturi * src/cgsi_plugin.c: iFixed array length problem after running client through insure 2003-12-09 14:30 bcouturi * src/cgsi_plugin.c: Fixed SEGV ocurring when the cgsi_plugin_delete is called 2003-11-14 14:41 bcouturi * src/doxygenConfig: Configuration to generate doxygen documentation for CGSI_gSOAP. 2003-11-10 17:26 bcouturi * src/cgsi_plugin.c, src/cgsi_plugin.h: Added the soap_cgsi_init helper function. 2003-11-05 14:07 bcouturi * src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h: Added DELEGATION functionality 2003-10-31 09:31 bcouturi * src, src/Makefile, src/cgsi_plugin.c, src/cgsi_plugin.h, src/cgsi_plugin_int.h: Replaced files at right level 2003-10-31 09:31 * .: Standard project directories initialized by cvs2svn. CGSI-gSOAP-1.3.5/src/0000775001227000117040000000000011757445543013323 5ustar ellertellertCGSI-gSOAP-1.3.5/src/cgsi_plugin.h0000775001227000117040000002130211657173003015764 0ustar ellertellert/* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** cgsi_plugin.h - Header file for the GSI gSOAP plugin * * @file cgsi_plugin.h * @author Ben Couturier CERN, IT/ADC * * This is a GSI plugin for gSOAP. It uses the globus GSI libraries to implement * GSI secure authentification and encryption on top of gSOAP. * The globus GSI bundle is necessary for the plugin to compile and run. * */ #include #ifdef __cplusplus extern "C" { #endif /** * Options that can be specified when initializing the * cgsi_plugin (in the arg parameter): */ /** The program acts as a client. */ #define CGSI_OPT_CLIENT 0x1 /** The program acts as a server. */ #define CGSI_OPT_SERVER 0x2 /** Initiate delegation over the HTTPG protocol. */ #define CGSI_OPT_DELEG_FLAG 0x4 /** Using pure SSL protocol, for compatibility. */ #define CGSI_OPT_SSL_COMPATIBLE 0x8 /** Disable comparing the server's host name with its certificate's CN. */ #define CGSI_OPT_DISABLE_NAME_CHECK 0x10 /** Keep alive the HTTP connection. */ #define CGSI_OPT_KEEP_ALIVE 0x20 /** Disable DN->userid mapping via gridmap-file. */ #define CGSI_OPT_DISABLE_MAPPING 0x40 /** Disable connect time VOMS parsing for better error handling * via an explicit call to retrieve_voms_creds() */ #define CGSI_OPT_DISABLE_VOMS_CHECK 0x80 /** Allow client and server to only connect together when * they have the same identity */ #define CGSI_OPT_ALLOW_ONLY_SELF 0x100 /** * Helper function to create the gsoap object and * the cgsi_plugin at the same time. * This function assumes that a client plugin is specified, * to create a server plugin, use the CGSI_OPT_SERVER option. * * @param soap The soap structure for the request * @param cgsi_options The parameters for the plugin creation * (bitwise or of the different options). * * @return 0 if successful, -1 otherwise */ int soap_cgsi_init(struct soap *soap, int cgsi_options); /** * Generic contructor for the cgsi_plugin * * @param soap The soap structure for the request * @param plugin Pointer to the plugin data structure * @param arg The parameters for the plugin creation * * @return 0 if successful, -1 otherwise */ int cgsi_plugin(struct soap *soap, struct soap_plugin *plugin, void *arg); /** * Client contructor for the cgsi_plugin * * @param soap The soap structure for the request * @param plugin Pointer to the plugin data structure * @param arg The parameters for the plugin creation (CGSI_OPT_CLIENT assumed) * * @return 0 if successful, -1 otherwise */ int client_cgsi_plugin(struct soap *soap, struct soap_plugin *plugin, void *arg); /** * Server contructor for the cgsi_plugin * * @param soap The soap structure for the request * @param plugin Pointer to the plugin data structure * @param arg The parameters for the plugin creation (CGSI_OPT_SERVER assumed) * * @return 0 if successful, -1 otherwise */ int server_cgsi_plugin(struct soap *soap, struct soap_plugin *plugin, void *arg); /** * Checks whether the security context has been established properly * * @param soap The soap structure for the request * * @return 1 if context established, 0 otherwise */ int is_context_established(struct soap *soap); /** * Gets the Distinguished name (DN) of the client * * @param soap The soap structure for the request * @param dn Pointer to a buffer where the DN is to be written * @param dnlen The length of the buffer * * @return 0 if successful, -1 otherwise */ int get_client_dn(struct soap *soap, char *dn, size_t dnlen); /** * Gets the username (DN) of the client * * @param soap The soap structure for the request * @param username Pointer to a buffer where the username is to be written * @param dnlen The length of the buffer * * @return 0 if successful, -1 otherwise */ int get_client_username(struct soap *soap, char *username, size_t dnlen); /** * Make the delegated credential available as a token in memory. * The soap structure retains ownership of the memory. The user should * not free the pointer returned by this function, nor use it after the soap * object becomes invalid. * * @param soap The soap structure that is the target of the request * @param buffer Pointer to a void pointer which will be set to reference the credential token. * @param length Pointer to a length that will be set to the size of the credential token * * @return 0 if successful, -1 otherwise */ int get_delegated_credentials(struct soap *soap, void **buffer, size_t *length); /** * Export the delegated credentials (if available) to a file * * @param soap The soap structure for the request * @param filename Name of the file where the credentials are to be written * * @return 0 if successful, -1 otherwise */ int export_delegated_credentials(struct soap *soap, char *filename); /** * Checks whether the client delegated credentials to the server * * @param soap The soap structure for the request * * @return 1 if there are some delegated credentials, 0 otherwise */ int has_delegated_credentials(struct soap *soap); /** * Sets the env variable for GSI to use the proxy in the specified filename * * @param soap The soap structure for the request * @param filename Name of the file where credentials are stored * * @return 0 if successful, -1 otherwise */ int set_default_proxy_file(struct soap *soap, char *filename); /** * Clears the env variable used by GSI to specify the proxy filename * * @param unlink_file Set to 1 if you want to destroy the credential file as well * */ void clear_default_proxy_file(int unlink_file); /** * Parses the optional VOMS extension of the peer certificate. * It has to be called before get_client_voname() and get_client_roles()! * * @param soap The soap structure for the request * * @return 0 if successful, -1 otherwise * SOAP Fault structure contains the detailed description. */ int retrieve_voms_creds(struct soap *soap); int retrieve_userca_and_voms_creds(struct soap *soap); /** * Returns the client CA * * @param soap The soap structure for the request * * @return The client CA is allocated in the soap structure (DON'T free), * NULL otherwise */ char *get_client_ca(struct soap *soap); /** * Returns the client VO name if it was provided in the certificate * * @param soap The soap structure for the request * * @return The client voname is malloced in the soap structure (DON'T free), * NULL otherwise */ char *get_client_voname(struct soap *soap); /** * Returns the client VO roles if they were provided in the certificate * * @param soap The soap structure for the request * * @param nbfqans The number of returned Fully Qualified Attribute Names * * @return The client roles are malloced in the soap structure (DON'T free), * NULL otherwise */ char ** get_client_roles(struct soap *soap, int* nbfqans); /** * Adjust CGSI-plugin's behaviour by setting one or more flags. If a * flag is not present in args then that flag is unaffected by this * operation. If a flag is currently set then attempting to set it * will have no effect. * * @param soap The soap structure from gSOAP * * @param is_server 0 if client, 1 if server * * @param flags Bitwise OR of the flags to be set. * * @return 0 on success, -1 on error. */ int cgsi_plugin_set_flags(struct soap *soap, int is_server, int flags); /** * Adjust CGSI-plugin's behaviour by clearing one or more flags. If a * flag is not present in args then it is unaffected by this * operation. If a flag is currently cleared then attempting to clear * it will have no effect. * * @param soap The soap structure from gSOAP * * @param is_server 0 if client, 1 if server * * @param flags Bitwise OR of the flags to be cleared. * * @return 0 on success, -1 on error. */ int cgsi_plugin_clr_flags(struct soap *soap, int is_server, int flags); /** * Discover the current set of flags that are in effect. * * @param soap The soap structure from gSOAP * * @param is_server 0 if client, 1 if server * * @return the set of flags or -1 on error */ int cgsi_plugin_get_flags(struct soap *soap, int is_server); #ifdef __cplusplus } #endif CGSI-gSOAP-1.3.5/src/doxygenConfig0000775001227000117040000012520110374660513016043 0ustar ellertellert# Doxyfile 1.3.4 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project # # All text after a hash (#) is considered a comment and will be ignored # The format is: # TAG = value [value, ...] # For lists items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (" ") #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # The PROJECT_NAME tag is a single word (or a sequence of words surrounded # by quotes) that should identify the project. PROJECT_NAME = CGSI_gSOAP # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or # if some version control system is used. PROJECT_NUMBER = $(VERSION) # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. # If a relative path is entered, it will be relative to the location # where doxygen was started. If left blank the current directory will be used. OUTPUT_DIRECTORY = # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # The default language is English, other supported languages are: # Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, Dutch, # Finnish, French, German, Greek, Hungarian, Italian, Japanese, Japanese-en # (Japanese with English messages), Korean, Norwegian, Polish, Portuguese, # Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, and Ukrainian. OUTPUT_LANGUAGE = English # This tag can be used to specify the encoding used in the generated output. # The encoding is not always determined by the language that is chosen, # but also whether or not the output is meant for Windows or non-Windows users. # In case there is a difference, setting the USE_WINDOWS_ENCODING tag to YES # forces the Windows encoding (this is the default for the Windows binary), # whereas setting the tag to NO uses a Unix-style encoding (the default for # all platforms other than Windows). USE_WINDOWS_ENCODING = NO # If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will # include brief member descriptions after the members that are listed in # the file and class documentation (similar to JavaDoc). # Set to NO to disable this. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend # the brief description of a member or function before the detailed description. # Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. REPEAT_BRIEF = YES # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # Doxygen will generate a detailed section even if there is only a brief # description. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all inherited # members of a class in the documentation of that class as if those members were # ordinary class members. Constructors, destructors and assignment operators of # the base classes will not be shown. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full # path before files name in the file list and in the header files. If set # to NO the shortest path that makes the file name unique will be used. FULL_PATH_NAMES = NO # If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag # can be used to strip a user-defined part of the path. Stripping is # only done if one of the specified strings matches the left-hand part of # the path. It is allowed to use relative paths in the argument list. STRIP_FROM_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter # (but less readable) file names. This can be useful is your file systems # doesn't support long names like on DOS, Mac, or CD-ROM. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen # will interpret the first line (until the first dot) of a JavaDoc-style # comment as the brief description. If set to NO, the JavaDoc # comments will behave just like the Qt-style comments (thus requiring an # explict @brief command for a brief description. JAVADOC_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen # treat a multi-line C++ special comment block (i.e. a block of //! or /// # comments) as a brief description. This used to be the default behaviour. # The new default is to treat a multi-line C++ comment block as a detailed # description. Set this tag to YES if you prefer the old behaviour instead. MULTILINE_CPP_IS_BRIEF = NO # If the DETAILS_AT_TOP tag is set to YES then Doxygen # will output the detailed description near the top, like JavaDoc. # If set to NO, the detailed description appears after the member # documentation. DETAILS_AT_TOP = NO # If the INHERIT_DOCS tag is set to YES (the default) then an undocumented # member inherits the documentation from any documented member that it # reimplements. INHERIT_DOCS = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES, then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. DISTRIBUTE_GROUP_DOC = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. # Doxygen uses this value to replace tabs by spaces in code fragments. TAB_SIZE = 8 # This tag can be used to specify a number of aliases that acts # as commands in the documentation. An alias has the form "name=value". # For example adding "sideeffect=\par Side Effects:\n" will allow you to # put the command \sideeffect (or @sideeffect) in the documentation, which # will result in a user-defined paragraph with heading "Side Effects:". # You can put \n's in the value part of an alias to insert newlines. ALIASES = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources # only. Doxygen will then generate output that is more tailored for C. # For instance, some of the names that are used will be different. The list # of all members will be omitted, etc. OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java sources # only. Doxygen will then generate output that is more tailored for Java. # For instance, namespaces will be presented as packages, qualified scopes # will look different, etc. OPTIMIZE_OUTPUT_JAVA = NO # Set the SUBGROUPING tag to YES (the default) to allow class member groups of # the same type (for instance a group of public functions) to be put as a # subgroup of that type (e.g. under the Public Functions section). Set it to # NO to prevent subgrouping. Alternatively, this can be done per class using # the \nosubgrouping command. SUBGROUPING = YES #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in # documentation are documented, even if no documentation was available. # Private class members and static file members will be hidden unless # the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES EXTRACT_ALL = YES # If the EXTRACT_PRIVATE tag is set to YES all private members of a class # will be included in the documentation. EXTRACT_PRIVATE = NO # If the EXTRACT_STATIC tag is set to YES all static members of a file # will be included in the documentation. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) # defined locally in source files will be included in the documentation. # If set to NO only classes defined in header files are included. EXTRACT_LOCAL_CLASSES = YES # If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all # undocumented members of documented classes, files or namespaces. # If set to NO (the default) these members will be included in the # various overviews, but no documentation section is generated. # This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_MEMBERS = NO # If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. # If set to NO (the default) these classes will be included in the various # overviews. This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_CLASSES = NO # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all # friend (class|struct|union) declarations. # If set to NO (the default) these declarations will be included in the # documentation. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any # documentation blocks found inside the body of a function. # If set to NO (the default) these blocks will be appended to the # function's detailed documentation block. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation # that is typed after a \internal command is included. If the tag is set # to NO (the default) then the documentation will be excluded. # Set it to YES to include the internal documentation. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate # file names in lower-case letters. If set to YES upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # users are advised to set this option to NO. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen # will show members with their full class and namespace scopes in the # documentation. If set to YES the scope will be hidden. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen # will put a list of the files that are included by a file in the documentation # of that file. SHOW_INCLUDE_FILES = YES # If the INLINE_INFO tag is set to YES (the default) then a tag [inline] # is inserted in the documentation for inline members. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen # will sort the (detailed) documentation of file and class members # alphabetically by member name. If set to NO the members will appear in # declaration order. SORT_MEMBER_DOCS = YES # The GENERATE_TODOLIST tag can be used to enable (YES) or # disable (NO) the todo list. This list is created by putting \todo # commands in the documentation. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or # disable (NO) the test list. This list is created by putting \test # commands in the documentation. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or # disable (NO) the bug list. This list is created by putting \bug # commands in the documentation. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or # disable (NO) the deprecated list. This list is created by putting # \deprecated commands in the documentation. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional # documentation sections, marked by \if sectionname ... \endif. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines # the initial value of a variable or define consists of for it to appear in # the documentation. If the initializer consists of more lines than specified # here it will be hidden. Use a value of 0 to hide initializers completely. # The appearance of the initializer of individual variables and defines in the # documentation can be controlled using \showinitializer or \hideinitializer # command in the documentation regardless of this setting. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated # at the bottom of the documentation of classes and structs. If set to YES the # list will mention the files that were used to generate the documentation. SHOW_USED_FILES = YES #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated # by doxygen. Possible values are YES and NO. If left blank NO is used. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated by doxygen. Possible values are YES and NO. If left blank # NO is used. WARNINGS = YES # If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings # for undocumented members. If EXTRACT_ALL is set to YES then this flag will # automatically be disabled. WARN_IF_UNDOCUMENTED = YES # If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some # parameters in a documented function, or documenting parameters that # don't exist or using markup commands wrongly. WARN_IF_DOC_ERROR = YES # The WARN_FORMAT tag determines the format of the warning messages that # doxygen can produce. The string should contain the $file, $line, and $text # tags, which will be replaced by the file and line number from which the # warning originated and the warning text. WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning # and error messages should be written. If left blank the output is written # to stderr. WARN_LOGFILE = #--------------------------------------------------------------------------- # configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag can be used to specify the files and/or directories that contain # documented source files. You may enter file names like "myfile.cpp" or # directories like "/usr/src/myproject". Separate the files or directories # with spaces. INPUT = $(SRCDIR)/cgsi_plugin.h # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank the following patterns are tested: # *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx *.hpp # *.h++ *.idl *.odl *.cs *.php *.php3 *.inc FILE_PATTERNS = # The RECURSIVE tag can be used to turn specify whether or not subdirectories # should be searched for input files as well. Possible values are YES and NO. # If left blank NO is used. RECURSIVE = NO # The EXCLUDE tag can be used to specify files and/or directories that should # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used select whether or not files or directories # that are symbolic links (a Unix filesystem feature) are excluded from the input. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. EXCLUDE_PATTERNS = # The EXAMPLE_PATH tag can be used to specify one or more files or # directories that contain example code fragments that are included (see # the \include command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank all files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude # commands irrespective of the value of the RECURSIVE tag. # Possible values are YES and NO. If left blank NO is used. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or # directories that contain image that are included in the documentation (see # the \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command , where # is the value of the INPUT_FILTER tag, and is the name of an # input file. Doxygen will then use the output that the filter program writes # to standard output. INPUT_FILTER = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will be used to filter the input files when producing source # files to browse (i.e. when SOURCE_BROWSER is set to YES). FILTER_SOURCE_FILES = NO #--------------------------------------------------------------------------- # configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will # be generated. Documented entities will be cross-referenced with these sources. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body # of functions and classes directly in the documentation. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct # doxygen to hide any special comment blocks from generated source code # fragments. Normal C and C++ comments will always remain visible. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES (the default) # then for each documented function all documented # functions referencing it will be listed. REFERENCED_BY_RELATION = YES # If the REFERENCES_RELATION tag is set to YES (the default) # then for each documented function all documented entities # called/used by that function will be listed. REFERENCES_RELATION = YES # If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen # will generate a verbatim copy of the header file for each class for # which an include is specified. Set to NO to disable this. VERBATIM_HEADERS = YES #--------------------------------------------------------------------------- # configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index # of all compounds will be generated. Enable this if the project # contains a lot of classes, structs, unions or interfaces. ALPHABETICAL_INDEX = NO # If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then # the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns # in which this list will be split (can be a number in the range [1..20]) COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all # classes will be put under the same header in the alphabetical index. # The IGNORE_PREFIX tag can be used to specify one or more prefixes that # should be ignored while generating the index headers. IGNORE_PREFIX = #--------------------------------------------------------------------------- # configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES (the default) Doxygen will # generate HTML output. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `html' will be used as the default path. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for # each generated HTML page (for example: .htm,.php,.asp). If it is left blank # doxygen will generate files with .html extension. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a personal HTML header for # each generated HTML page. If it is left blank doxygen will generate a # standard header. HTML_HEADER = # The HTML_FOOTER tag can be used to specify a personal HTML footer for # each generated HTML page. If it is left blank doxygen will generate a # standard footer. HTML_FOOTER = $(SRCDIR)/doxygenConfig.footer.html # The HTML_STYLESHEET tag can be used to specify a user-defined cascading # style sheet that is used by each HTML page. It can be used to # fine-tune the look of the HTML output. If the tag is left blank doxygen # will generate a default style sheet HTML_STYLESHEET = # If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, # files or namespaces will be aligned in HTML using tables. If set to # NO a bullet list will be used. HTML_ALIGN_MEMBERS = YES # If the GENERATE_HTMLHELP tag is set to YES, additional index files # will be generated that can be used as input for tools like the # Microsoft HTML help workshop to generate a compressed HTML help file (.chm) # of the generated HTML documentation. GENERATE_HTMLHELP = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can # be used to specify the file name of the resulting .chm file. You # can add a path in front of the file if the result should not be # written to the html output dir. CHM_FILE = # If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can # be used to specify the location (absolute path including file name) of # the HTML help compiler (hhc.exe). If non-empty doxygen will try to run # the HTML help compiler on the generated index.hhp. HHC_LOCATION = # If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag # controls if a separate .chi index file is generated (YES) or that # it should be included in the master .chm file (NO). GENERATE_CHI = NO # If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag # controls whether a binary table of contents is generated (YES) or a # normal table of contents (NO) in the .chm file. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members # to the contents of the HTML help documentation and to the tree view. TOC_EXPAND = NO # The DISABLE_INDEX tag can be used to turn on/off the condensed index at # top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. DISABLE_INDEX = YES # This tag can be used to set the number of enum values (range [1..20]) # that doxygen will group on one line in the generated HTML documentation. ENUM_VALUES_PER_LINE = 4 # If the GENERATE_TREEVIEW tag is set to YES, a side panel will be # generated containing a tree-like index structure (just like the one that # is generated for HTML Help). For this to work a browser that supports # JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, # Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are # probably better off using the HTML help feature. GENERATE_TREEVIEW = NO # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be # used to set the initial width (in pixels) of the frame in which the tree # is shown. TREEVIEW_WIDTH = 250 #--------------------------------------------------------------------------- # configuration options related to the LaTeX output #--------------------------------------------------------------------------- # If the GENERATE_LATEX tag is set to YES (the default) Doxygen will # generate Latex output. GENERATE_LATEX = NO # The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `latex' will be used as the default path. LATEX_OUTPUT = latex # The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. If left blank `latex' will be used as the default command name. LATEX_CMD_NAME = latex # The MAKEINDEX_CMD_NAME tag can be used to specify the command name to # generate index for LaTeX. If left blank `makeindex' will be used as the # default command name. MAKEINDEX_CMD_NAME = makeindex # If the COMPACT_LATEX tag is set to YES Doxygen generates more compact # LaTeX documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_LATEX = NO # The PAPER_TYPE tag can be used to set the paper type that is used # by the printer. Possible values are: a4, a4wide, letter, legal and # executive. If left blank a4wide will be used. PAPER_TYPE = a4wide # The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX # packages that should be included in the LaTeX output. EXTRA_PACKAGES = # The LATEX_HEADER tag can be used to specify a personal LaTeX header for # the generated latex document. The header should contain everything until # the first chapter. If it is left blank doxygen will generate a # standard header. Notice: only use this tag if you know what you are doing! LATEX_HEADER = # If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated # is prepared for conversion to pdf (using ps2pdf). The pdf file will # contain links (just like the HTML output) instead of page references # This makes the output suitable for online browsing using a pdf viewer. PDF_HYPERLINKS = NO # If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of # plain latex in the generated Makefile. Set this option to YES to get a # higher quality PDF documentation. USE_PDFLATEX = YES # If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. # command to the generated LaTeX files. This will instruct LaTeX to keep # running if errors occur, instead of asking the user for help. # This option is also used when generating formulas in HTML. LATEX_BATCHMODE = YES # If LATEX_HIDE_INDICES is set to YES then doxygen will not # include the index chapters (such as File Index, Compound Index, etc.) # in the output. LATEX_HIDE_INDICES = NO #--------------------------------------------------------------------------- # configuration options related to the RTF output #--------------------------------------------------------------------------- # If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output # The RTF output is optimised for Word 97 and may not look very pretty with # other RTF readers or editors. GENERATE_RTF = NO # The RTF_OUTPUT tag is used to specify where the RTF docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `rtf' will be used as the default path. RTF_OUTPUT = rtf # If the COMPACT_RTF tag is set to YES Doxygen generates more compact # RTF documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_RTF = NO # If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated # will contain hyperlink fields. The RTF file will # contain links (just like the HTML output) instead of page references. # This makes the output suitable for online browsing using WORD or other # programs which support those fields. # Note: wordpad (write) and others do not support links. RTF_HYPERLINKS = NO # Load stylesheet definitions from file. Syntax is similar to doxygen's # config file, i.e. a series of assigments. You only have to provide # replacements, missing definitions are set to their default value. RTF_STYLESHEET_FILE = # Set optional variables used in the generation of an rtf document. # Syntax is similar to doxygen's config file. RTF_EXTENSIONS_FILE = #--------------------------------------------------------------------------- # configuration options related to the man page output #--------------------------------------------------------------------------- # If the GENERATE_MAN tag is set to YES (the default) Doxygen will # generate man pages GENERATE_MAN = YES # The MAN_OUTPUT tag is used to specify where the man pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `man' will be used as the default path. MAN_OUTPUT = man # The MAN_EXTENSION tag determines the extension that is added to # the generated man pages (default is the subroutine's section .3) MAN_EXTENSION = .3 # If the MAN_LINKS tag is set to YES and Doxygen generates man output, # then it will generate one additional man file for each entity # documented in the real man page(s). These additional files # only source the real man page, but without them the man command # would be unable to find the correct page. The default is NO. MAN_LINKS = NO #--------------------------------------------------------------------------- # configuration options related to the XML output #--------------------------------------------------------------------------- # If the GENERATE_XML tag is set to YES Doxygen will # generate an XML file that captures the structure of # the code including all documentation. Note that this # feature is still experimental and incomplete at the # moment. GENERATE_XML = NO # The XML_OUTPUT tag is used to specify where the XML pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `xml' will be used as the default path. XML_OUTPUT = xml # The XML_SCHEMA tag can be used to specify an XML schema, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_SCHEMA = # The XML_DTD tag can be used to specify an XML DTD, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_DTD = #--------------------------------------------------------------------------- # configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- # If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will # generate an AutoGen Definitions (see autogen.sf.net) file # that captures the structure of the code including all # documentation. Note that this feature is still experimental # and incomplete at the moment. GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- # configuration options related to the Perl module output #--------------------------------------------------------------------------- # If the GENERATE_PERLMOD tag is set to YES Doxygen will # generate a Perl module file that captures the structure of # the code including all documentation. Note that this # feature is still experimental and incomplete at the # moment. GENERATE_PERLMOD = NO # If the PERLMOD_LATEX tag is set to YES Doxygen will generate # the necessary Makefile rules, Perl scripts and LaTeX code to be able # to generate PDF and DVI output from the Perl module output. PERLMOD_LATEX = NO # If the PERLMOD_PRETTY tag is set to YES the Perl module output will be # nicely formatted so it can be parsed by a human reader. This is useful # if you want to understand what is going on. On the other hand, if this # tag is set to NO the size of the Perl module output will be much smaller # and Perl will parse it just the same. PERLMOD_PRETTY = YES # The names of the make variables in the generated doxyrules.make file # are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. # This is useful so different doxyrules.make files included by the same # Makefile don't overwrite each other's variables. PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- # If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will # evaluate all C-preprocessor directives found in the sources and include # files. ENABLE_PREPROCESSING = YES # If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro # names in the source code. If set to NO (the default) only conditional # compilation will be performed. Macro expansion can be done in a controlled # way by setting EXPAND_ONLY_PREDEF to YES. MACRO_EXPANSION = NO # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES # then the macro expansion is limited to the macros specified with the # PREDEFINED and EXPAND_AS_PREDEFINED tags. EXPAND_ONLY_PREDEF = NO # If the SEARCH_INCLUDES tag is set to YES (the default) the includes files # in the INCLUDE_PATH (see below) will be search if a #include is found. SEARCH_INCLUDES = YES # The INCLUDE_PATH tag can be used to specify one or more directories that # contain include files that are not input files but should be processed by # the preprocessor. INCLUDE_PATH = # You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard # patterns (like *.h and *.hpp) to filter out the header-files in the # directories. If left blank, the patterns specified with FILE_PATTERNS will # be used. INCLUDE_FILE_PATTERNS = # The PREDEFINED tag can be used to specify one or more macro names that # are defined before the preprocessor is started (similar to the -D option of # gcc). The argument of the tag is a list of macros of the form: name # or name=definition (no spaces). If the definition and the = are # omitted =1 is assumed. PREDEFINED = # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # this tag can be used to specify a list of macro names that should be expanded. # The macro definition that is found in the sources will be used. # Use the PREDEFINED tag if you want to use a different macro definition. EXPAND_AS_DEFINED = # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then # doxygen's preprocessor will remove all function-like macros that are alone # on a line, have an all uppercase name, and do not end with a semicolon. Such # function macros are typically used for boiler-plate code, and will confuse the # parser if not removed. SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- # Configuration::addtions related to external references #--------------------------------------------------------------------------- # The TAGFILES option can be used to specify one or more tagfiles. # Optionally an initial location of the external documentation # can be added for each tagfile. The format of a tag file without # this location is as follows: # TAGFILES = file1 file2 ... # Adding location for the tag files is done as follows: # TAGFILES = file1=loc1 "file2 = loc2" ... # where "loc1" and "loc2" can be relative or absolute paths or # URLs. If a location is present for each tag, the installdox tool # does not have to be run to correct the links. # Note that each tag file must have a unique name # (where the name does NOT include the path) # If a tag file is not located in the directory in which doxygen # is run, you must also specify the path to the tagfile here. TAGFILES = # When a file name is specified after GENERATE_TAGFILE, doxygen will create # a tag file that is based on the input files it reads. GENERATE_TAGFILE = # If the ALLEXTERNALS tag is set to YES all external classes will be listed # in the class index. If set to NO only the inherited external classes # will be listed. ALLEXTERNALS = NO # If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed # in the modules index. If set to NO, only the current project's groups will # be listed. EXTERNAL_GROUPS = YES # The PERL_PATH should be the absolute path and name of the perl script # interpreter (i.e. the result of `which perl'). PERL_PATH = /usr/bin/perl #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- # If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will # generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base or # super classes. Setting the tag to NO turns the diagrams off. Note that this # option is superceded by the HAVE_DOT option below. This is only a fallback. It is # recommended to install and use dot, since it yields more powerful graphs. CLASS_DIAGRAMS = NO # If set to YES, the inheritance and collaboration graphs will hide # inheritance and usage relations if the target is undocumented # or is not a class. HIDE_UNDOC_RELATIONS = YES # If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is # available from the path. This tool is part of Graphviz, a graph visualization # toolkit from AT&T and Lucent Bell Labs. The other options in this section # have no effect if this option is set to NO (the default) HAVE_DOT = NO # If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect inheritance relations. Setting this tag to YES will force the # the CLASS_DIAGRAMS tag to NO. CLASS_GRAPH = YES # If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect implementation dependencies (inheritance, containment, and # class references variables) of the class with other documented classes. COLLABORATION_GRAPH = YES # If the UML_LOOK tag is set to YES doxygen will generate inheritance and # collaboration diagrams in a style similiar to the OMG's Unified Modeling # Language. UML_LOOK = NO # If set to YES, the inheritance and collaboration graphs will show the # relations between templates and their instances. TEMPLATE_RELATIONS = NO # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT # tags are set to YES then doxygen will generate a graph for each documented # file showing the direct and indirect include dependencies of the file with # other documented files. INCLUDE_GRAPH = YES # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and # HAVE_DOT tags are set to YES then doxygen will generate a graph for each # documented header file showing the documented files that directly or # indirectly include this file. INCLUDED_BY_GRAPH = YES # If the CALL_GRAPH and HAVE_DOT tags are set to YES then doxygen will # generate a call dependency graph for every global function or class method. # Note that enabling this option will significantly increase the time of a run. # So in most cases it will be better to enable call graphs for selected # functions only using the \callgraph command. CALL_GRAPH = NO # If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen # will graphical hierarchy of all classes instead of a textual one. GRAPHICAL_HIERARCHY = YES # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images # generated by dot. Possible values are png, jpg, or gif # If left blank png will be used. DOT_IMAGE_FORMAT = png # The tag DOT_PATH can be used to specify the path where the dot tool can be # found. If left blank, it is assumed the dot tool can be found on the path. DOT_PATH = # The DOTFILE_DIRS tag can be used to specify one or more directories that # contain dot files that are included in the documentation (see the # \dotfile command). DOTFILE_DIRS = # The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width # (in pixels) of the graphs generated by dot. If a graph becomes larger than # this value, doxygen will try to truncate the graph, so that it fits within # the specified constraint. Beware that most browsers cannot cope with very # large images. MAX_DOT_GRAPH_WIDTH = 1024 # The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height # (in pixels) of the graphs generated by dot. If a graph becomes larger than # this value, doxygen will try to truncate the graph, so that it fits within # the specified constraint. Beware that most browsers cannot cope with very # large images. MAX_DOT_GRAPH_HEIGHT = 1024 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the # graphs generated by dot. A depth value of 3 means that only nodes reachable # from the root by following a path via at most 3 edges will be shown. Nodes that # lay further from the root node will be omitted. Note that setting this option to # 1 or 2 may greatly reduce the computation time needed for large code bases. Also # note that a graph may be further truncated if the graph's image dimensions are # not sufficient to fit the graph (see MAX_DOT_GRAPH_WIDTH and MAX_DOT_GRAPH_HEIGHT). # If 0 is used for the depth value (the default), the graph is not depth-constrained. MAX_DOT_GRAPH_DEPTH = 0 # If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will # generate a legend page explaining the meaning of the various boxes and # arrows in the dot generated graphs. GENERATE_LEGEND = YES # If the DOT_CLEANUP tag is set to YES (the default) Doxygen will # remove the intermediate dot files that are used to generate # the various graphs. DOT_CLEANUP = YES #--------------------------------------------------------------------------- # Configuration::addtions related to the search engine #--------------------------------------------------------------------------- # The SEARCHENGINE tag specifies whether or not a search engine should be # used. If set to NO the values of all tags below this one will be ignored. SEARCHENGINE = NO CGSI-gSOAP-1.3.5/src/cgsi_plugin.c0000775001227000117040000021322411657173054015773 0ustar ellertellert/* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * $Id: cgsi_plugin.c 4458 2011-11-11 10:17:16Z molnarzs $ */ /** cgsi_plugin.c - GSI plugin for gSOAP * * @file cgsi_plugin.c * @author Ben Couturier CERN, IT/ADC * @author Akos Frohner CERN, IT/GD * * This is a GSI plugin for gSOAP. It uses the globus GSI libraries to implement * GSI secure authentification and encryption on top of gSOAP. * The globus GSI bundle is necessary for the plugin to compile and run. * */ #include #include #include #include "cgsi_plugin_int.h" #include #include "gssapi_openssl.h" #include "globus_gsi_credential.h" #if defined(USE_VOMS) #ifdef __cplusplus extern "C" { #endif #include "voms_apic.h" #ifdef __cplusplus } #endif #endif #define BUFSIZE 1024 #define TBUFSIZE 256 static char *client_plugin_id = CLIENT_PLUGIN_ID; static char *server_plugin_id = SERVER_PLUGIN_ID; static int server_cgsi_plugin_init(struct soap *soap, struct cgsi_plugin_data *data); static int server_cgsi_plugin_send(struct soap *soap, const char *buf, size_t len); static size_t server_cgsi_plugin_recv(struct soap *soap, char *buf, size_t len); static int server_cgsi_plugin_accept(struct soap *soap); static int server_cgsi_plugin_close(struct soap *soap); static int server_cgsi_map_dn(struct soap *soap); static int client_cgsi_plugin_init(struct soap *soap, struct cgsi_plugin_data *data); static int client_cgsi_plugin_open(struct soap *soap, const char *endpoint, const char *hostname, int port); static int client_cgsi_plugin_send(struct soap *soap, const char *buf, size_t len); static size_t client_cgsi_plugin_recv(struct soap *soap, char *buf, size_t len); static int client_cgsi_plugin_close(struct soap *soap); static int cgsi_plugin_copy(struct soap *soap, struct soap_plugin *dst, struct soap_plugin *src); static void cgsi_plugin_delete(struct soap *soap, struct soap_plugin *p); static int cgsi_plugin_send(struct soap *soap, const char *buf, size_t len, char *plugin_id); static size_t cgsi_plugin_recv(struct soap *soap, char *buf, size_t len, char *plugin_id); static int cgsi_plugin_close(struct soap *soap, char *plugin_id); int cgsi_plugin_send_token(void *arg, void *token, size_t token_length); int cgsi_plugin_recv_token(void *arg, void **token, size_t *token_length); void cgsi_plugin_print_token(struct cgsi_plugin_data *data, char *token, int length); static void cgsi_gssapi_err(struct soap *soap, char *msg, OM_uint32 maj_stat, OM_uint32 min_stat); static void cgsi_err(struct soap *soap, char *msg); static int cgsi_display_status_1(char *m, OM_uint32 code, int type, char *buf, int buflen); static int cgsi_parse_opts(struct cgsi_plugin_data *p, void *arg, int isclient); static struct cgsi_plugin_data* get_plugin(struct soap *soap); static int setup_trace(struct cgsi_plugin_data *data); static int trace(struct cgsi_plugin_data *data, char *tracestr); static int trace_str(struct cgsi_plugin_data *data, const char *msg, size_t len); static void cgsi_plugin_globus_modules(int activate); static int is_loopback(struct sockaddr *); static void free_conn_state(struct cgsi_plugin_data *data); static gss_buffer_t buffer_create(gss_buffer_t buf, size_t offset); static gss_buffer_t buffer_free(gss_buffer_t buf); static gss_buffer_t buffer_consume_upto(gss_buffer_t buf, size_t offset); static gss_buffer_t buffer_copy_from(gss_buffer_t dest, gss_buffer_t src, size_t offset); /******************************************************************************/ /* Plugin constructor */ /* Defaults to client in case nothing is specified */ /******************************************************************************/ int cgsi_plugin(struct soap *soap, struct soap_plugin *p, void *arg) { int opts; if (arg == NULL) { return client_cgsi_plugin(soap, p, NULL); } opts = *((int *)arg); if (opts & CGSI_OPT_SERVER) { return server_cgsi_plugin(soap, p, arg); } else { return client_cgsi_plugin(soap, p, arg); } } /******************************************************************************/ /* SERVER Plugin functions */ /******************************************************************************/ /** * Constructor for the server plugin */ int server_cgsi_plugin(struct soap *soap, struct soap_plugin *p, void *arg) { /* Activate globus modules */ cgsi_plugin_globus_modules(1); p->id = server_plugin_id; p->data = (void*)calloc(sizeof(struct cgsi_plugin_data), 1); p->fcopy = cgsi_plugin_copy; p->fdelete = cgsi_plugin_delete; if (p->data) { if (server_cgsi_plugin_init(soap, (struct cgsi_plugin_data*)p->data) || cgsi_parse_opts((struct cgsi_plugin_data *)p->data, arg,0)) { free(p->data); /* error: could not init or pass options*/ cgsi_plugin_globus_modules(0); return SOAP_EOM; /* return error */ } } return SOAP_OK; } /** * Allow manipulation of plugin's behaviour. This method allows * adjusting of cgsi-plugin's behaviour by setting flags present in * args. Flags that are missing in args are not altered. If a flag * is already set then this method will not affect it. */ int cgsi_plugin_set_flags(struct soap *soap, int is_server, int flags) { const char *id; struct cgsi_plugin_data *data; id = is_server ? server_plugin_id : client_plugin_id; data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, id); if (data == NULL) { cgsi_err(soap, "Cannot find cgsi-plugin data structure; is plugin registered?"); return -1; } if (flags & CGSI_OPT_DELEG_FLAG) { data->context_flags |= GSS_C_DELEG_FLAG; } if (flags & CGSI_OPT_SSL_COMPATIBLE) { data->context_flags |= GSS_C_GLOBUS_SSL_COMPATIBLE; } if (flags & CGSI_OPT_DISABLE_NAME_CHECK) { data->disable_hostname_check = 1; } if (flags & CGSI_OPT_DISABLE_MAPPING) { data->disable_mapping = 1; } if (flags & CGSI_OPT_DISABLE_VOMS_CHECK) { data->disable_voms_check = 1; } if (flags & CGSI_OPT_ALLOW_ONLY_SELF) { data->allow_only_self = 1; } return 0; } /** * Allow manipulation of plugin's behaviour. This method allows * adjusting of cgsi-plugin's behaviour by clearing flags present in * args. Flags that are missing in args are not altered. If a flag * is already cleared then this method will not affect it. */ int cgsi_plugin_clr_flags(struct soap *soap, int is_server, int flags) { const char *id; struct cgsi_plugin_data *data; id = is_server ? server_plugin_id : client_plugin_id; data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, id); if (data == NULL) { cgsi_err(soap, "Cannot find cgsi-plugin data structure; is plugin registered?"); return -1; } if (flags & CGSI_OPT_DELEG_FLAG) { data->context_flags &= ~GSS_C_DELEG_FLAG; } if (flags & CGSI_OPT_SSL_COMPATIBLE) { data->context_flags &= ~GSS_C_GLOBUS_SSL_COMPATIBLE; } if (flags & CGSI_OPT_DISABLE_NAME_CHECK) { data->disable_hostname_check = 0; } if (flags & CGSI_OPT_DISABLE_MAPPING) { data->disable_mapping = 0; } if (flags & CGSI_OPT_DISABLE_VOMS_CHECK) { data->disable_voms_check = 0; } if (flags & CGSI_OPT_ALLOW_ONLY_SELF) { data->allow_only_self = 0; } return 0; } /** * Provide a summary of the currently active flags. */ int cgsi_plugin_get_flags(struct soap *soap, int is_server) { const char *id; struct cgsi_plugin_data *data; int flags = 0; id = is_server ? server_plugin_id : client_plugin_id; data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, id); if (data == NULL) { cgsi_err(soap, "Cannot find cgsi-plugin data structure; is plugin registered?"); return -1; } if(data->context_flags |= GSS_C_DELEG_FLAG) { flags |= CGSI_OPT_DELEG_FLAG; } if(data->context_flags |= GSS_C_GLOBUS_SSL_COMPATIBLE) { flags |= CGSI_OPT_SSL_COMPATIBLE; } if(data->disable_hostname_check == 1) { flags |= CGSI_OPT_DISABLE_NAME_CHECK; } if(data->disable_mapping == 1) { flags |= CGSI_OPT_DISABLE_MAPPING; } if(data->disable_voms_check == 1) { flags |= CGSI_OPT_DISABLE_VOMS_CHECK; } if(data->allow_only_self == 1) { flags |= CGSI_OPT_ALLOW_ONLY_SELF; } return flags; } /** * Initializes the plugin data object */ static int server_cgsi_plugin_init(struct soap *soap, struct cgsi_plugin_data *data) { /* data structure must be zeroed at this point */ /* Setting up the functions */ data->fclose = soap->fclose; data->fsend = soap->fsend; data->frecv = soap->frecv; data->deleg_credential_handle = GSS_C_NO_CREDENTIAL; data->credential_handle = GSS_C_NO_CREDENTIAL; data->context_handle = GSS_C_NO_CONTEXT; setup_trace(data); soap->fclose = server_cgsi_plugin_close; soap->fsend = server_cgsi_plugin_send; soap->frecv = server_cgsi_plugin_recv; return SOAP_OK; } /** * Wrapper to encrypt/send data from the server */ static int server_cgsi_plugin_send(struct soap *soap, const char *buf, size_t len){ return cgsi_plugin_send(soap, buf, len, server_plugin_id); } /** * Wrapper to receive data. It accepts the context if that has not been done yet. * * BEWARE: In this function returning 0 is the error condition ! */ static size_t server_cgsi_plugin_recv(struct soap *soap, char *buf, size_t len){ struct cgsi_plugin_data *data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, server_plugin_id); if (data == NULL) { cgsi_err(soap, "Server recv: could not get data structure"); return 0; } /* Establishing the context if not done yet */ if (data->context_established == 0) { trace(data, "### Establishing new context !\n"); if (server_cgsi_plugin_accept(soap) != 0) { /* SOAP fault already reported in the underlying calls */ trace(data, "Context establishment FAILED !\n"); /* If the context establishment fails, we close the socket to avoid gSOAP trying to send an error back to the client ! */ soap_closesock(soap); return 0; } } else { trace(data, "### Context already established!\n"); } if (data->disable_mapping == 0) { /* Now doing username uid gid lookup */ /* Performing the user mapping ! */ if (server_cgsi_map_dn(soap)!=0){ /* Soap fault already filled */ return 0; } } return cgsi_plugin_recv(soap, buf, len, server_plugin_id); } /** * Function that accepts the security context in the server. * The server credentials are loaded every-time. */ static int server_cgsi_plugin_accept(struct soap *soap) { struct cgsi_plugin_data *data; OM_uint32 minor_status, major_status, tmp_status, ret_flags; gss_buffer_desc send_tok=GSS_C_EMPTY_BUFFER, recv_tok=GSS_C_EMPTY_BUFFER; gss_name_t server = GSS_C_NO_NAME, client = GSS_C_NO_NAME; gss_buffer_desc name = GSS_C_EMPTY_BUFFER; OM_uint32 time_req; gss_cred_id_t delegated_cred_handle = GSS_C_NO_CREDENTIAL; gss_channel_bindings_t input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS; gss_OID doid = GSS_C_NO_OID; int ret; /* Getting the plugin data object */ data = (struct cgsi_plugin_data *) soap_lookup_plugin (soap, server_plugin_id); if (!data) { cgsi_err(soap, "Error looking up plugin data"); return -1; } free_conn_state(data); /* despite the name ret_flags are also used as an input */ ret_flags = data->context_flags; { char buf[TBUFSIZE]; snprintf(buf, TBUFSIZE, "Server accepting context with flags: %xd\n", ret_flags); trace(data, buf); } /* Specifying GSS_C_NO_NAME for the name or the server will force it to take the default host certificate */ major_status = gss_acquire_cred(&minor_status, GSS_C_NO_NAME, 0, GSS_C_NULL_OID_SET, GSS_C_ACCEPT, &data->credential_handle, NULL, NULL); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err(soap, "Could NOT load server credentials", major_status, minor_status); trace(data, "Could not load server credentials !\n"); goto error; } /* Now keeping the credentials name in the data structure */ major_status = gss_inquire_cred(&minor_status, data->credential_handle, &server, NULL, NULL, NULL); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err(soap, "Error inquiring credentials", major_status, minor_status); goto error; } /* Keeping the name in the plugin */ major_status = gss_display_name(&minor_status, server, &name, (gss_OID *) NULL); if (major_status != GSS_S_COMPLETE || strlen((const char *)name.value)>CGSI_MAXNAMELEN-1) { if (major_status != GSS_S_COMPLETE) cgsi_gssapi_err(soap, "Error displaying server name", major_status, minor_status); else cgsi_err(soap,"Server name too long"); (void) gss_release_buffer(&minor_status, &name); goto error; } strncpy(data->server_name, (const char*)name.value, CGSI_MAXNAMELEN); { char buf[TBUFSIZE]; snprintf(buf, TBUFSIZE, "The server is:<%s>\n", data->server_name); trace(data, buf); } (void) gss_release_buffer(&tmp_status, &name); /* Now doing GSI authentication, loop over gss_accept_sec_context */ do { data->nb_iter++; if (cgsi_plugin_recv_token(soap, &recv_tok.value, &recv_tok.length) < 0) { /* Soap fault already reported ! */ trace(data, "Error receiving token !\n"); goto error; } major_status = gss_accept_sec_context(&minor_status, &data->context_handle, data->credential_handle, &recv_tok, input_chan_bindings, &client, &doid, &send_tok, &ret_flags, &time_req, &delegated_cred_handle); (void) gss_release_buffer(&tmp_status, &recv_tok); if (major_status!=GSS_S_COMPLETE && major_status!=GSS_S_CONTINUE_NEEDED) { cgsi_gssapi_err(soap, "Could not accept security context", major_status, minor_status); trace(data, "Exiting due to a bad return code from gss_accept_sec_context (1)\n"); goto error; } if (send_tok.length != 0) { if (cgsi_plugin_send_token(soap, send_tok.value, send_tok.length) < 0) { (void) gss_release_buffer(&tmp_status, &send_tok); trace(data, "Exiting due to a bad return code (2)\n"); /* Soap fault already reported by underlying layer */ goto error; } /* If token has 0 length, then just try again (it is NOT an error condition)! */ } (void) gss_release_buffer(&tmp_status, &send_tok); } while (major_status & GSS_S_CONTINUE_NEEDED); /* Keeping the name in the plugin */ major_status = gss_display_name(&minor_status, client, &name, (gss_OID *) NULL); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err(soap, "Error displaying name", major_status, minor_status); goto error; } strncpy(data->client_name, (const char*)name.value, CGSI_MAXNAMELEN); (void) gss_release_buffer(&tmp_status, &name); { char buf[TBUFSIZE]; snprintf(buf, TBUFSIZE, "The client is:<%s>\n", data->client_name); trace(data, buf); } if (data->allow_only_self) { int rc; major_status = gss_compare_name(&minor_status, client, server, &rc); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err (soap, "Error comparing client and server names",major_status, minor_status); goto error; } if (!rc) { cgsi_err (soap, "The client attempting to connect does not have the same identity as the server"); goto error; } } (void)gss_release_name(&tmp_status, &client); (void)gss_release_name(&tmp_status, &server); /* by default check VOMS credentials, and fail if invalid */ if (! data->disable_voms_check) { if (retrieve_userca_and_voms_creds(soap)) { cgsi_err(soap, "Error retrieveing the userca/VOMS credentials"); goto error; } } if (!(ret_flags & GSS_C_DELEG_FLAG)) (void) gss_release_cred(&tmp_status, &delegated_cred_handle); /* Save the delegated credentials */ if (delegated_cred_handle != GSS_C_NO_CREDENTIAL) { gss_name_t deleg_name = GSS_C_NO_NAME; gss_buffer_desc namebuf = GSS_C_EMPTY_BUFFER; OM_uint32 lifetime; gss_cred_usage_t usage; trace(data, "deleg_cred 1\n"); /* Now keeping the credentials name in the data structure */ major_status = gss_inquire_cred(&minor_status, delegated_cred_handle, &deleg_name, &lifetime, &usage, NULL); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err(soap, "Error inquiring delegated credentials", major_status, minor_status); goto error; } /* Keeping the name in the plugin */ major_status = gss_display_name(&minor_status, deleg_name , &namebuf, (gss_OID *) NULL); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err(soap, "Error displaying delegated credentials name", major_status, minor_status); (void)gss_release_name(&minor_status, &deleg_name); goto error; } { char buf[TBUFSIZE]; snprintf(buf, TBUFSIZE, "The delegated credentials are for:<%s>\n", (char *)namebuf.value); trace(data, buf); } data->deleg_credential_handle = delegated_cred_handle; data->deleg_cred_set = 1; delegated_cred_handle = GSS_C_NO_CREDENTIAL; (void) gss_release_name (&tmp_status, &deleg_name); (void) gss_release_buffer (&tmp_status, &namebuf); } else { trace(data, "deleg_cred 0\n"); } /* Setting the flag as even the mapping went ok */ data->context_established = 1; ret = 0; goto exit; error: (void) gss_delete_sec_context(&tmp_status,&data->context_handle,GSS_C_NO_BUFFER); (void) gss_release_cred (&tmp_status, &data->credential_handle); ret = -1; exit: (void) gss_release_buffer(&tmp_status, &send_tok); (void) gss_release_buffer(&tmp_status, &recv_tok); (void) gss_release_buffer(&tmp_status, &name); (void) gss_release_cred(&tmp_status, &delegated_cred_handle); (void) gss_release_name (&tmp_status, &server); (void) gss_release_name (&tmp_status, &client); return (ret); } /** * Looks up the client name and maps the username/uid/gid accordingly */ static int server_cgsi_map_dn(struct soap *soap) { char *p; struct cgsi_plugin_data *data; /* Getting the plugin data object */ data = (struct cgsi_plugin_data *) soap_lookup_plugin (soap, server_plugin_id); if (!data) { cgsi_err(soap, "Error looking up plugin data"); return -1; } if (!globus_gss_assist_gridmap(data->client_name, &p)){ /* We have a mapping */ strncpy(data->username, p, CGSI_MAXNAMELEN); { char buf[TBUFSIZE]; snprintf(buf, TBUFSIZE, "The client is mapped to user:<%s>\n", data->username); trace(data, buf); } free(p); } else { char buf[BUFSIZE]; { char buf[TBUFSIZE]; snprintf(buf, TBUFSIZE, "Could not find mapping for: %s\n", data->client_name); trace(data, buf); } data->username[0]=0; snprintf(buf, BUFSIZE, "Could not find mapping for: %s", data->client_name); cgsi_err(soap, buf); return -1; } return 0; } static int server_cgsi_plugin_close(struct soap *soap) { return cgsi_plugin_close(soap, server_plugin_id); } /******************************************************************************/ /* CLIENT Plugin functions */ /******************************************************************************/ /** * Constructor for the client plugin */ int client_cgsi_plugin(struct soap *soap, struct soap_plugin *p, void *arg) { /* Activate globus modules */ cgsi_plugin_globus_modules(1); p->id = client_plugin_id; p->data = (void*)calloc(sizeof(struct cgsi_plugin_data), 1); p->fcopy = cgsi_plugin_copy; p->fdelete = cgsi_plugin_delete; if (p->data) { if (client_cgsi_plugin_init(soap, (struct cgsi_plugin_data*)p->data) || cgsi_parse_opts((struct cgsi_plugin_data *)p->data, arg,1)) { free(p->data); /* error: could not init or parse options */ cgsi_plugin_globus_modules(0); return SOAP_EOM; /* return error */ } } return SOAP_OK; } static int client_cgsi_plugin_init(struct soap *soap, struct cgsi_plugin_data *data) { /* data structure must be zeroed at this point */ /* Setting up the functions */ data->fopen = soap->fopen; data->fclose = soap->fclose; data->fsend = soap->fsend; data->frecv = soap->frecv; data->deleg_credential_handle = GSS_C_NO_CREDENTIAL; data->credential_handle = GSS_C_NO_CREDENTIAL; data->context_handle = GSS_C_NO_CONTEXT; setup_trace(data); soap->fopen = client_cgsi_plugin_open; soap->fclose = client_cgsi_plugin_close; soap->fsend = client_cgsi_plugin_send; soap->frecv = client_cgsi_plugin_recv; return SOAP_OK; } static int client_cgsi_plugin_open(struct soap *soap, const char *endpoint, const char *hostname, int port) { OM_uint32 major_status, minor_status, tmp_status, ret_flags; struct cgsi_plugin_data *data; gss_name_t client=GSS_C_NO_NAME, target_name=GSS_C_NO_NAME; gss_buffer_desc send_tok=GSS_C_EMPTY_BUFFER, recv_tok=GSS_C_EMPTY_BUFFER; gss_buffer_desc namebuf=GSS_C_EMPTY_BUFFER; gss_OID oid = GSS_C_NO_OID; int ret; /* Looking up plugin data */ data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, client_plugin_id); if (!data) { cgsi_err(soap, "Error looking up plugin data"); return -1; } free_conn_state(data); /* Getting the credenttials */ major_status = gss_acquire_cred(&minor_status, GSS_C_NO_NAME, 0, GSS_C_NULL_OID_SET, GSS_C_INITIATE, &data->credential_handle, NULL, NULL); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err(soap, "Could NOT load client credentials", major_status, minor_status); goto error; } /* Now keeping the credentials name in the data structure */ major_status = gss_inquire_cred(&minor_status, data->credential_handle, &client, NULL, NULL, NULL); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err(soap, "Error inquiring credentials", major_status, minor_status); goto error; } /* Keeping the name in the plugin */ major_status = gss_display_name(&minor_status, client, &namebuf, (gss_OID *) NULL); if (major_status != GSS_S_COMPLETE || strlen((const char*)namebuf.value)>CGSI_MAXNAMELEN-1) { if (major_status != GSS_S_COMPLETE) cgsi_gssapi_err(soap, "Error displaying client name", major_status, minor_status); else cgsi_err(soap,"Client name too long"); goto error; } strncpy(data->client_name, (const char*)namebuf.value, CGSI_MAXNAMELEN); (void)gss_release_buffer(&tmp_status, &namebuf); { char buf[TBUFSIZE]; snprintf(buf, TBUFSIZE, "The client is:<%s>\n", data->client_name); trace(data, buf); } /* Opening the connection to the server */ if (data->fopen == NULL) { cgsi_err(soap, "data->fopen is NULL !"); goto error; } /* gSOAP 2.7.x will try to open a https endpoint with SSL, * if it was built WITH_SLL. Since endpoint is only used * to compare the first six bytes, we pass one, which does * not start with 'https://'. */ data->socket_fd = data->fopen(soap, endpoint+1, hostname, port); if (data->socket_fd < 0) { char buf[BUFSIZE]; snprintf(buf, BUFSIZE, "could not open connection to %s", hostname); cgsi_err(soap, buf); goto error; } /* setting 'target_name': * if CGSI_OPT_ALLOW_ONLY_SELF is in effect we check that the peer's * name is the same as ours by speficying it as the target name. * Otherwise, if CGSI_OPT_DISABLE_NAME_CHECK was set then we check the * peer's certificate name against the name built from the peer's * address (i.e. via a reverse lookup). Otherwise explictly check * the DN against whatever hostname this function was called with */ if (data->allow_only_self) { /* make target name our own identity */ major_status = gss_duplicate_name (&minor_status, client, &target_name); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err (soap, "Could not duplicate name", major_status, minor_status); goto error; } } else if (data->disable_hostname_check) { /* take target name from reverse lookup */ struct sockaddr *sa; socklen_t sa_length; char host[NI_MAXHOST+5]; unsigned int i; int rc; sa_length = (sizeof (struct sockaddr_in6) > sizeof (struct sockaddr_in)) ? sizeof (struct sockaddr_in6) : sizeof (struct sockaddr_in); sa = (struct sockaddr *) malloc (sa_length); if (sa == NULL) { cgsi_err (soap,"Could not allocate memory for sockaddr"); goto error; } rc = getpeername (data->socket_fd, sa, &sa_length); if (rc<0) { cgsi_err (soap,"Could not find peername"); free (sa); goto error; } if (sa->sa_family != AF_INET && sa->sa_family != AF_INET6) { cgsi_err (soap,"Peer has an unknown address family"); free (sa); goto error; } snprintf (host,sizeof (host),"host@"); if (is_loopback (sa)) { struct addrinfo *res,*resp; struct sockaddr *sa2; free (sa); sa = NULL; if (gethostname (&host[5], sizeof (host) - 5)) { cgsi_err (soap,"Could not get the local host name"); goto error; } rc = getaddrinfo (&host[5], NULL, NULL, &res); if (rc) { cgsi_err (soap,"Could not lookup the local host name"); goto error; } resp = res; while( resp ) { if (resp->ai_family == AF_INET6 && !is_loopback (resp->ai_addr)) { sa = resp->ai_addr; sa_length = resp->ai_addrlen; } else if (resp->ai_family == AF_INET && !is_loopback (resp->ai_addr)) { sa = resp->ai_addr; sa_length = resp->ai_addrlen; break; } resp=resp->ai_next; } if (sa) { sa2 = (struct sockaddr*)malloc (sa_length); if (sa2 == NULL) { cgsi_err (soap,"Could not allocate memory to copy a sockaddr"); freeaddrinfo (res); goto error; } memcpy (sa2,sa,sa_length); sa = sa2; } if (res != NULL) freeaddrinfo (res); } if (sa) { rc = getnameinfo (sa, sa_length, &host[5], sizeof (host) - 5, NULL, 0, 0); free (sa); sa = NULL; if (rc) { cgsi_err (soap,"Could not convert the address information to a name or address"); goto error; } } for (i=5; (i < sizeof (host)) && host[i]; i++) host[i] = tolower (host[i]); namebuf.value = (void *)strdup (host); if (namebuf.value == NULL) { cgsi_err (soap, "Could not allocate memory for host name"); goto error; } namebuf.length = strlen (host) + 1; major_status = gss_import_name (&minor_status, &namebuf, GSS_C_NT_HOSTBASED_SERVICE, &target_name); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err (soap, "Could not import name", major_status, minor_status); goto error; } (void)gss_release_buffer (&tmp_status, &namebuf); } else { /* take the target name from the hostname parameter passed to this function */ namebuf.value = malloc (strlen ("host@") + strlen (hostname) + 1); if (namebuf.value == NULL) { cgsi_err (soap,"Could not allocate memory for target name"); goto error; } strcpy ((char*)namebuf.value,"host@"); strcat ((char*)namebuf.value,hostname); namebuf.length = strlen ((char*)namebuf.value) + 1; major_status = gss_import_name (&minor_status, &namebuf, GSS_C_NT_HOSTBASED_SERVICE, &target_name); (void) gss_release_buffer (&tmp_status, &namebuf); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err (soap, "Error importing target name", major_status, minor_status); goto error; } } do { data->nb_iter++; { char buf[TBUFSIZE]; snprintf(buf, TBUFSIZE, "Iteration:<%d>\n", data->nb_iter); trace(data, buf); } major_status = gss_init_sec_context(&minor_status, data->credential_handle, &data->context_handle, target_name, oid, data->context_flags, 0, NULL, /* no channel bindings */ &recv_tok, NULL, /* ignore mech type */ &send_tok, &ret_flags, NULL); /* ignore time_rec */ (void)gss_release_buffer(&tmp_status, &recv_tok); if (major_status!=GSS_S_COMPLETE && major_status!=GSS_S_CONTINUE_NEEDED) { cgsi_gssapi_err(soap, "Error initializing context", major_status, minor_status); goto error; } if (send_tok.length > 0) { ret = cgsi_plugin_send_token(soap, send_tok.value, send_tok.length); if (ret < 0) { /* Soap fault already reported */ trace(data, "Error sending token !\n"); goto error; } } (void) gss_release_buffer (&tmp_status, &send_tok); if (major_status & GSS_S_CONTINUE_NEEDED) { if (cgsi_plugin_recv_token(soap, &(recv_tok.value), &(recv_tok.length)) < 0) { /* fault already reported */ goto error; } } } while (major_status == GSS_S_CONTINUE_NEEDED); /* Record the server name (as GSS reports it) */ { gss_name_t src_name = GSS_C_NO_NAME, tgt_name = GSS_C_NO_NAME; OM_uint32 lifetime, ctx; gss_OID mech; int local, isopen; gss_buffer_desc server_name = GSS_C_EMPTY_BUFFER; major_status = gss_inquire_context(&minor_status, data->context_handle, &src_name, &tgt_name, &lifetime, &mech, &ctx, &local, &isopen); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err(soap, "Error inquiring context", major_status, minor_status); goto error; } major_status = gss_display_name(&minor_status, tgt_name, &server_name, (gss_OID *) NULL); if (major_status != GSS_S_COMPLETE || strlen((const char*)server_name.value)>CGSI_MAXNAMELEN-1) { if (major_status != GSS_S_COMPLETE) cgsi_gssapi_err(soap, "Error displaying name", major_status, minor_status); else cgsi_err(soap,"Server name too long"); (void)gss_release_buffer(&tmp_status, &server_name); (void)gss_release_name(&tmp_status, &tgt_name); (void)gss_release_name(&tmp_status, &src_name); goto error; } strncpy(data->server_name, (const char*)server_name.value, CGSI_MAXNAMELEN); { char buf[TBUFSIZE]; snprintf(buf, TBUFSIZE, "Server:<%s>\n", (char *)server_name.value); trace(data, buf); } (void)gss_release_buffer(&tmp_status, &server_name); (void)gss_release_name(&tmp_status, &tgt_name); (void)gss_release_name(&tmp_status, &src_name); } (void)gss_release_name (&tmp_status, &client); data->context_established = 1; ret = data->socket_fd; goto exit; error: (void) gss_delete_sec_context (&tmp_status, &data->context_handle, GSS_C_NO_BUFFER); (void) gss_release_cred (&tmp_status, &data->credential_handle); if (data->socket_fd >= 0) { (void) close(data->socket_fd); data->socket_fd = -1; } ret = -1; exit: (void) gss_release_buffer (&tmp_status, &send_tok); (void) gss_release_buffer (&tmp_status, &recv_tok); (void) gss_release_buffer (&tmp_status, &namebuf); (void) gss_release_name (&tmp_status, &client); (void) gss_release_name (&tmp_status, &target_name); return (ret); } static int client_cgsi_plugin_send(struct soap *soap, const char *buf, size_t len) { return cgsi_plugin_send(soap, buf, len, client_plugin_id); } static size_t client_cgsi_plugin_recv(struct soap *soap, char *buf, size_t len) { return cgsi_plugin_recv(soap, buf, len, client_plugin_id); } static int client_cgsi_plugin_close(struct soap *soap) { return cgsi_plugin_close(soap, client_plugin_id); } /******************************************************************************/ /* COMMON Plugin functions */ /******************************************************************************/ static int cgsi_plugin_copy(struct soap *soap, struct soap_plugin *dst, struct soap_plugin *src) { struct cgsi_plugin_data *dst_data; *dst = *src; dst->data = (struct cgsi_plugin_data *)malloc(sizeof(struct cgsi_plugin_data)); if (dst->data == NULL) return SOAP_FATAL_ERROR; memcpy(dst->data, src->data, sizeof(struct cgsi_plugin_data)); /* We do not support deep copy of plugin data's connection related parameters. Expect soap structure should only be copied just after soap_accept(), before the connection parameters are filled. */ dst_data = (struct cgsi_plugin_data *)dst->data; /* don't want to share these with the source */ dst_data->deleg_credential_handle = GSS_C_NO_CREDENTIAL; dst_data->credential_handle = GSS_C_NO_CREDENTIAL; dst_data->context_handle = GSS_C_NO_CONTEXT; dst_data->voname = NULL; dst_data->deleg_credential_token = NULL; dst_data->fqan = NULL; /* reset everything else connection related */ free_conn_state(dst_data); /* Activate globus modules, as the new object will also need them */ cgsi_plugin_globus_modules(1); return SOAP_OK; } static void cgsi_plugin_delete(struct soap *soap, struct soap_plugin *p){ struct cgsi_plugin_data *data; if (p->data == NULL) { cgsi_plugin_globus_modules(0); return; } else { data = (struct cgsi_plugin_data *)p->data; } free_conn_state(data); free(p->data); p->data = NULL; /* Deactivate globus modules */ cgsi_plugin_globus_modules(0); } static int cgsi_plugin_close(struct soap *soap, char *plugin_id) { OM_uint32 major_status; OM_uint32 minor_status; gss_buffer_desc output_buffer_desc; gss_buffer_t output_buffer; struct cgsi_plugin_data *data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, plugin_id); if (data == NULL) { cgsi_err(soap, "Close: could not get data structure"); return -1; } output_buffer = &output_buffer_desc; if (data->context_established == 1) { major_status = gss_delete_sec_context(&minor_status, &(data->context_handle), output_buffer); if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err(soap, "Error deleting context", major_status, minor_status); } else { /*cgsi_plugin_send_token( (void *)soap, output_buffer->value, output_buffer->length);*/ gss_release_buffer(&minor_status, output_buffer); data->context_established = 0; } } if (data->fclose != NULL) { return data->fclose(soap); } else { cgsi_err(soap, "Close: data->fclose is NULL"); return -1; } } static int cgsi_plugin_send(struct soap *soap, const char *buf, size_t len, char *plugin_id) { OM_uint32 major_status; OM_uint32 minor_status; gss_buffer_desc input_tok; gss_buffer_desc output_tok; int conf_state; struct cgsi_plugin_data *data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, plugin_id); trace(data, "-------------\n"); trace(data, (char *)buf); trace(data, "\n----------------------------------\n"); input_tok.value = (char *)buf; input_tok.length = len; if (data->had_send_error) { /* Not much to do, we don't know if the previous send sent any * data, nor if we're being presented with the same data again */ trace(data, "Request to send data after previous send failed\n"); return (-1); } if (data->context_handle != GSS_C_NO_CONTEXT) { major_status = gss_wrap(&minor_status, data->context_handle, 0, GSS_C_QOP_DEFAULT, &input_tok, &conf_state, &output_tok); } else { /* we don't expect to asked to send without a security context. * Best not to send anything unprotected, so we just fail * Assume a useful fault message has already seen set */ trace(data, "Request to send data, without having a security context, failed\n"); return (-1); } if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err(soap, "Error wrapping the data", major_status, minor_status); gss_release_buffer(&minor_status, &output_tok); return -1; } if (cgsi_plugin_send_token((void *)soap, output_tok.value, output_tok.length) != 0) { /* Soap fault already reported */ gss_release_buffer(&minor_status, &output_tok); data->had_send_error = 1; return -1; } gss_release_buffer(&minor_status, &output_tok); return SOAP_OK; } static size_t cgsi_plugin_recv(struct soap *soap, char *buf, size_t len, char *plugin_id) { OM_uint32 major_status; OM_uint32 minor_status, minor_status1; int token_status; size_t tmplen; gss_buffer_desc input_token_desc = GSS_C_EMPTY_BUFFER; gss_buffer_t input_token = &input_token_desc; gss_buffer_desc output_token_desc = GSS_C_EMPTY_BUFFER; gss_buffer_t output_token = &output_token_desc; struct cgsi_plugin_data *data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, plugin_id); if(data->buffered_in != NULL) { tmplen = len < data->buffered_in->length ? len : data->buffered_in->length; memcpy(buf, data->buffered_in->value, tmplen); if(tmplen == data->buffered_in->length) { data->buffered_in = buffer_free(data->buffered_in); } else { data->buffered_in = buffer_consume_upto(data->buffered_in, tmplen); } trace(data, "------------------\n"); trace_str(data, buf, tmplen); trace(data, "\n----------------------------------\n"); return (size_t) tmplen; } token_status = cgsi_plugin_recv_token((void *)soap, &input_token->value, &input_token->length); if (token_status != 0) { trace(data, "Token status <> 0\n"); /* Soap fault already reported */ return 0; } if (data->context_handle != GSS_C_NO_CONTEXT) { ERR_clear_error(); major_status = gss_unwrap(&minor_status, data->context_handle, input_token, output_token, NULL, NULL); gss_release_buffer(&minor_status1, input_token); } else { /* we don't expect to asked to read without a security context. * Best not to read anything which may or may not be wrapped, * so we just fail. Assume a useful fault message has already seen set */ trace(data, "Request to read data, without having a security context, failed\n"); return (0); } if (major_status != GSS_S_COMPLETE) { cgsi_gssapi_err(soap, "Error unwrapping the data", major_status, minor_status); gss_release_buffer(&minor_status1, output_token); return 0; } tmplen = len < output_token->length ? len : output_token->length; memcpy(buf, output_token->value, tmplen); if( tmplen < output_token->length) { data->buffered_in = buffer_create(output_token, tmplen); } gss_release_buffer(&minor_status1, output_token); trace(data, "-------------\n"); trace_str(data, buf, tmplen); trace(data, "\n----------------------------------\n"); return (size_t) tmplen; } #define SSLHSIZE 5 int cgsi_plugin_recv_token(void *arg, void **token, size_t *token_length) { int ret, rem; char *tok, *p; int len; char readbuf[SSLHSIZE]; struct soap *soap = (struct soap *)arg; struct cgsi_plugin_data *data; if (soap == NULL) { cgsi_err(soap, "Error: SOAP object is NULL"); return -1; } data = get_plugin(soap); /* Reads SSL Record layer header ! */ p = readbuf; rem = SSLHSIZE; while (rem>0) { /* trace(data, "%d Remaining %d\n", getpid(), rem); */ errno = 0; soap->error = 0; soap->errnum = 0; ret = data->frecv(soap, p, rem); if (ret <= 0) { /* BEWARE soap_recv returns 0 when an error occurs ! */ char buf[BUFSIZE]; if (soap->errnum) snprintf(buf, BUFSIZE, "Error reading token data header: %s", strerror(soap->errnum)); else if (errno) snprintf(buf, BUFSIZE, "Error reading token data header: %s", strerror(errno)); else if (soap->error) snprintf(buf, BUFSIZE, "Error reading token data header: SOAP error %d", soap->error); else snprintf(buf, BUFSIZE, "Error reading token data header: Connection closed"); cgsi_err(soap, buf); return -1; } p = p + ret; rem = rem - ret; } /* Initialization, len will contain the length of the message */ len = 0; p = (char *)&len; /* Checking whether we have a SSL V2 Client Hello */ if (readbuf[0] == (char)0x80) { *(p+3) = readbuf[1]; len = ntohl(len); /* In the case of SSLv2, we have just read 3 bytes that do NOT belong to the Record layer, we have to deduct them from the length (if possible XXX -> to be checked) */ len = len -3; } else { /* We have SSLv3 or TLS */ /* Getting the packet length from the last two bytes ! */ /* of the readbuf */ *(p+2) = readbuf[3]; *(p+3) = readbuf[4]; /* Converting length to machine byte order ! */ len = ntohl(len); } /* AT this point, the token length is len + the number of bytes already read, i.e. SSLHSIZE */ tok = (char *) malloc(len + SSLHSIZE); if ( (len+SSLHSIZE) && tok == NULL) { cgsi_err(soap, "Out of memory allocating token data"); return -1; } memcpy(tok, readbuf, SSLHSIZE); rem = len; p = (char *) (tok + SSLHSIZE); /* Looping on the data still to read */ while (rem > 0) { errno = 0; soap->error = 0; soap->errnum = 0; ret = data->frecv(soap, p, rem); if (ret <= 0) { char buf[BUFSIZE]; if (soap->errnum) snprintf(buf, BUFSIZE, "Error reading token data: %s", strerror(soap->errnum)); else if (errno) snprintf(buf, BUFSIZE, "Error reading token data: %s", strerror(errno)); else if (soap->error) snprintf(buf, BUFSIZE, "Error reading token data: SOAP error %d", soap->error); else snprintf(buf, BUFSIZE, "Error reading token data: Connection closed"); cgsi_err(soap, buf); free(tok); return -1; } p = p + ret; rem = rem - ret; } { char buf[TBUFSIZE]; snprintf(buf, TBUFSIZE, "================= RECVING: %x\n", len + SSLHSIZE); trace(data, buf); } cgsi_plugin_print_token(data, tok, len+SSLHSIZE); *token_length = (len + SSLHSIZE); *token = tok; return 0; } int cgsi_plugin_send_token(void *arg, void *token, size_t token_length) { int ret; struct cgsi_plugin_data *data; struct soap *soap = (struct soap *)arg; if (soap == NULL) { cgsi_err(soap, "Error: SOAP object is NULL"); return -1; } data = get_plugin(soap); { char buf[TBUFSIZE]; snprintf(buf, TBUFSIZE, "================= SENDING: %x\n", (unsigned int)token_length); trace(data, buf); } cgsi_plugin_print_token(data, (char *)token, token_length); /* We send the whole token knowing it is a SSL token */ ret = data->fsend(soap, (char *)token, token_length); if (ret < 0) { char buf[BUFSIZE]; snprintf(buf, BUFSIZE,"Error sending token data: %s", strerror(errno)); cgsi_err(soap, buf); return -1; } else if (ret != SOAP_OK) { char buf[BUFSIZE]; snprintf(buf, BUFSIZE, "sending token data: %d of %d bytes written", ret, (int)token_length); cgsi_err(soap, buf); return -1; } return 0; } void cgsi_plugin_print_token(struct cgsi_plugin_data *data, char *token, int length) { int i; unsigned char *p; char buf[TBUFSIZE]; /* can avoid printing all the token if the trace routine * is disabled */ if (!data->trace_mode) { return; } /* printing the characters as unsigned hex digits */ p = (unsigned char *)token; for (i=0; i < length; i++, p++) { snprintf(buf, TBUFSIZE,"%02x ", *p); trace(data, buf); if ((i % 16) == 15) { trace(data, "\n"); } } trace(data, "\n"); } /** * Function to display the GSS-API errors */ static void cgsi_gssapi_err(struct soap *soap, char *msg, OM_uint32 maj_stat, OM_uint32 min_stat) { int ret; char buffer[BUFSIZE],hostname[NI_MAXHOST]; int bufsize; char *buf; struct cgsi_plugin_data *data; int isclient = 1; /* Check if we are a client */ data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, client_plugin_id); if (data == NULL) { isclient = 0; } if (gethostname(hostname, sizeof(hostname))<0) { strncpy(hostname, "unknown", sizeof(hostname)); } hostname[sizeof(hostname)-1] = '\0'; bufsize = BUFSIZE; snprintf(buffer, bufsize, CGSI_PLUGIN " running on %s reports %s\n", hostname, msg); buf = buffer +strlen(buffer); bufsize -= strlen(buffer); ret = cgsi_display_status_1(msg, maj_stat, GSS_C_GSS_CODE, buf, bufsize); if (bufsize-ret > 1) { strcat(buf, "\n"); ret++; } buf += ret; bufsize -= ret; cgsi_display_status_1(msg, min_stat, GSS_C_MECH_CODE, buf, bufsize); if (isclient) { soap_sender_fault(soap, buffer, NULL); } else { soap_receiver_fault(soap, buffer, NULL); } } /** * Displays the GSS-API error messages in the error buffer */ static int cgsi_display_status_1(char *m, OM_uint32 code, int type, char *buf, int buflen) { OM_uint32 maj_stat, min_stat; gss_buffer_desc msg; OM_uint32 msg_ctx; int count,ret; char *buf0 = buf; if (buflen<=1) return(0); msg_ctx = 0; count = 0; while (1) { maj_stat = gss_display_status(&min_stat, code, type, GSS_C_NULL_OID, &msg_ctx, &msg); ret = snprintf(buf, buflen, "%s\n", (char *)msg.value); (void) gss_release_buffer(&min_stat, &msg); if (ret < 0) { *buf = '\0'; break; } if (ret >= buflen) ret = buflen - 1; count += ret; buf += ret; buflen -= ret; if (!msg_ctx || buflen<=1) break; } if (count>0 && buf0[count-1] == '\n') { buf0[count-1] = '\0'; count--; } return count; } static void cgsi_err(struct soap *soap, char *msg) { struct cgsi_plugin_data *data; int isclient = 1; char buffer[BUFSIZE],hostname[NI_MAXHOST]; /* Check if we are a client */ data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, client_plugin_id); if (data == NULL) { isclient = 0; } if (gethostname(hostname, sizeof(hostname))<0) { strncpy(hostname, "unknown", sizeof(hostname)); } hostname[sizeof(hostname)-1] = '\0'; snprintf(buffer, sizeof(buffer), CGSI_PLUGIN " running on %s reports %s", hostname, msg); if (isclient) { soap_sender_fault(soap, buffer, NULL); } else { soap_receiver_fault(soap, buffer, NULL); } } /** * Parses the argument passed to the plugin constructor * and initializes the plugin_data object accordingly */ static int cgsi_parse_opts(struct cgsi_plugin_data *p, void *arg, int isclient) { int opts; /* Default values */ p->disable_hostname_check = 0; p->allow_only_self = 0; p->disable_mapping = 0; p->disable_voms_check = 0; p->context_flags = GSS_C_CONF_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG; if (arg == NULL) { /* Default is just confidentiality and mutual authentication */ return 0; } opts = (*((int *)arg)); if (opts & CGSI_OPT_DELEG_FLAG) { p->context_flags |= GSS_C_DELEG_FLAG; } if (opts & CGSI_OPT_SSL_COMPATIBLE) { p->context_flags |= GSS_C_GLOBUS_SSL_COMPATIBLE; } if (opts & CGSI_OPT_DISABLE_NAME_CHECK) { p->disable_hostname_check = 1; } if (opts & CGSI_OPT_DISABLE_MAPPING) { p->disable_mapping = 1; } if (opts & CGSI_OPT_DISABLE_VOMS_CHECK) { p->disable_voms_check = 1; } if (opts & CGSI_OPT_ALLOW_ONLY_SELF) { p->allow_only_self = 1; } return 0; } /** * Look's up the plugin, be it client or server */ static struct cgsi_plugin_data* get_plugin(struct soap *soap) { struct cgsi_plugin_data *data = NULL; /* Check if we are a client */ data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, client_plugin_id); if (data == NULL) { data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, server_plugin_id); } return data; } /** * Returns 1 if the context has been extablished, 0 if not, * or -1 if an error happened during plugin lookup. * */ int is_context_established(struct soap *soap) { struct cgsi_plugin_data *data = NULL; data = get_plugin(soap); if (data == NULL) return -1; return data->context_established; } /** * Copies the client DN in the buffer passed. * Returns 0 if everything ok, -1 otherwise. * */ int get_client_dn(struct soap *soap, char *dn, size_t dnlen) { struct cgsi_plugin_data *data = NULL; data = get_plugin(soap); if (data == NULL) return -1; memset(dn, '\0', dnlen); strncpy(dn, data->client_name, dnlen); return 0; } /** * Copies the client username in the buffer passed. * Returns 0 if everything ok, -1 otherwise. * */ int get_client_username(struct soap *soap, char *username, size_t usernamelen) { struct cgsi_plugin_data *data = NULL; data = get_plugin(soap); if (data == NULL) return -1; memset(username, '\0', usernamelen); strncpy(username, data->username, usernamelen); return 0; } /** * Checks the environment to setup the trace mode, * if CGSI_TRACE is set * If CGSI_TRACEFILE is set, the output is written to that file, * otherwise, it is sent to stderr. */ static int setup_trace(struct cgsi_plugin_data *data) { char *envar; data->trace_mode=0; data->trace_file[0]= data->trace_file[CGSI_MAXNAMELEN-1]= '\0'; envar = getenv(CGSI_TRACE); if (envar != NULL) { data->trace_mode=1; envar = getenv(CGSI_TRACEFILE); if (envar != NULL) { strncpy(data->trace_file, envar, CGSI_MAXNAMELEN-1); } } return 0; } static int trace(struct cgsi_plugin_data *data, char *tracestr) { if (!data->trace_mode) { return 0; } return trace_str(data, tracestr, strlen(tracestr)); } static int trace_str(struct cgsi_plugin_data *data, const char *msg, size_t len) { if (!data->trace_mode) { return 0; } /* If no trace file defined, write to stderr */ if (data->trace_file[0]=='\0') { fprintf(stderr, "%.*s", len, msg); } else { int fd; fd = open(data->trace_file, O_CREAT|O_WRONLY|O_APPEND, 0644); if (fd <0) return -1; write(fd, msg, len); close(fd); } return 0; } int get_delegated_credentials(struct soap *soap, void **buffer, size_t *length) { OM_uint32 maj_stat, min_stat; gss_buffer_desc buffer_desc = GSS_C_EMPTY_BUFFER; struct cgsi_plugin_data *data; if (soap == NULL || buffer == NULL || length == NULL) { cgsi_err(soap, "invalid argument passed to get_delegated_credentials"); return -1; } data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, server_plugin_id); if (data == NULL) { cgsi_err(soap, "get delegated credentials: could not get data structure"); return -1; } if (data->deleg_credential_token) { *buffer = data->deleg_credential_token; *length = data->deleg_credential_token_len; return 0; } if (data->deleg_cred_set == 0) { cgsi_err(soap, "get delegated credentials: no delegated credentials available"); return -1; } maj_stat = gss_export_cred(&min_stat, data->deleg_credential_handle, GSS_C_NO_OID, 0, &buffer_desc); if (maj_stat != GSS_S_COMPLETE) { cgsi_gssapi_err(soap, "Error exporting credentials", maj_stat, min_stat); return -1; } data->deleg_credential_token = malloc(buffer_desc.length); if (data->deleg_credential_token == NULL) { (void) gss_release_buffer(&min_stat, &buffer_desc); cgsi_err(soap, "get_delegated_credentials: could not allocate memory"); return -1; } memcpy(data->deleg_credential_token, buffer_desc.value, buffer_desc.length); data->deleg_credential_token_len = buffer_desc.length; (void) gss_release_buffer(&min_stat, &buffer_desc); *buffer = data->deleg_credential_token; *length = data->deleg_credential_token_len; return 0; } int export_delegated_credentials(struct soap *soap, char *filename) { const char *token; size_t token_length; int fd; if (soap == NULL) { cgsi_err(soap, "invalid argument passed to export_delegated_credentials"); return -1; } if (get_delegated_credentials(soap, (void **)&token, &token_length)<0) { cgsi_err(soap, "export delegated credentials: could not get credential token"); return -1; } fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd < 0) { cgsi_err(soap, "export delegated credentials: could not open temp file"); return -1; } if (write(fd, token, token_length) != token_length) { char buf[BUFSIZE]; snprintf(buf, BUFSIZE, "export delegated credentials: could not write to file (%s)", strerror(errno)); cgsi_err(soap, buf); return -1; } if (close(fd)<0) { char buf[BUFSIZE]; snprintf(buf, BUFSIZE, "export delegated credentials: could not close file (%s)", strerror(errno)); cgsi_err(soap, buf); return -1; } return 0; } #define PROXY_ENV_VAR "X509_USER_PROXY" int set_default_proxy_file(struct soap *soap, char *filename) { int rc; rc = setenv(PROXY_ENV_VAR, filename, 1); if (rc < 0) { char buf[BUFSIZE]; snprintf(buf, BUFSIZE, "set default proxy file: could not setenv (%s)", strerror(errno)); cgsi_err(soap, buf); return -1; } return 0; } void clear_default_proxy_file(int unlink_file) { char *proxy_file; /* Removing the credentials file if flagged so */ if (unlink_file) { proxy_file = getenv(PROXY_ENV_VAR); if (proxy_file != NULL) { unlink(proxy_file); } } /* Clearing the environment variable */ unsetenv(PROXY_ENV_VAR); } int has_delegated_credentials(struct soap *soap) { struct cgsi_plugin_data *data; if (soap == NULL) { return -1; } data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, server_plugin_id); if (data == NULL) { cgsi_err(soap, "export delegated credentials: could not get data structure"); return -1; } if (data->deleg_cred_set != 0) { return 1; } return 0; } int soap_cgsi_init(struct soap *soap, int cgsi_options) { int params, rc; params = cgsi_options; if( cgsi_options & CGSI_OPT_KEEP_ALIVE ) soap_init2( soap, SOAP_IO_KEEPALIVE, SOAP_IO_KEEPALIVE ); else soap_init(soap); rc = soap_register_plugin_arg(soap, cgsi_plugin, ¶ms); if (rc < 0) return -1; return 0; } /** * Activate or deactivate required globus modules */ static void cgsi_plugin_globus_modules(int activate) { if (activate) { (void) globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE); (void) globus_module_activate(GLOBUS_GSI_GSSAPI_MODULE); } else { (void) globus_module_deactivate(GLOBUS_GSI_GSSAPI_MODULE); (void) globus_module_deactivate(GLOBUS_GSI_GSS_ASSIST_MODULE); } } static int _get_user_ca (X509 *px509_cred, STACK_OF(X509) *px509_chain, char *user_ca) { X509 *cert; globus_gsi_cert_utils_cert_type_t cert_type; int i; if (! px509_cred || ! px509_chain) return (-1); cert = px509_cred; if (globus_gsi_cert_utils_get_cert_type(cert, &cert_type) != GLOBUS_SUCCESS) return (-1); if (cert_type == GLOBUS_GSI_CERT_UTILS_TYPE_EEC || cert_type == GLOBUS_GSI_CERT_UTILS_TYPE_CA) { X509_NAME_oneline(X509_get_issuer_name(cert), user_ca, 255); return (0); } for (i = 0; i < sk_X509_num(px509_chain); i++) { cert = sk_X509_value (px509_chain, i); if (globus_gsi_cert_utils_get_cert_type(cert, &cert_type) != GLOBUS_SUCCESS) return (-1); if (cert_type == GLOBUS_GSI_CERT_UTILS_TYPE_EEC || cert_type == GLOBUS_GSI_CERT_UTILS_TYPE_CA) { X509_NAME_oneline(X509_get_issuer_name(cert), user_ca, 255); return (0); } } return (-1); } /* Returns the CA */ char *get_client_ca(struct soap *soap) { struct cgsi_plugin_data *data; if (soap == NULL) return NULL; data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, server_plugin_id); if (data == NULL) { cgsi_err(soap, "get_client_ca: could not get data structure"); return NULL; } if (*data->user_ca == '\0') { return NULL; } return data->user_ca; } /***************************************************************** * * * VOMS FUNCTIONS * * * *****************************************************************/ int retrieve_userca_and_voms_creds(struct soap *soap) { int ret = 0; X509 *px509_cred= NULL; STACK_OF(X509) *px509_chain = NULL; #if defined(USE_VOMS) int error= 0; struct vomsdata *vd= NULL; struct voms **volist = NULL; #endif gss_ctx_id_desc * context; gss_cred_id_t cred; /* Internally a gss_cred_id_t type is a pointer to a gss_cred_id_desc */ gss_cred_id_desc * cred_desc = NULL; globus_gsi_cred_handle_t gsi_cred_handle; struct cgsi_plugin_data *data; ret = -1; if (soap == NULL) { return -1; } data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, server_plugin_id); if (data == NULL) { cgsi_err(soap, "retrieve_voms: could not get data structure"); return -1; } /* fqan is set, if this function was already called */ /* connection initialization resets this structure */ if (data->fqan != NULL) { return 0; } /* Downcasting the context structure */ context = (gss_ctx_id_desc *) data->context_handle; cred = context->peer_cred_handle; /* cast to gss_cred_id_desc */ if (cred == GSS_C_NO_CREDENTIAL) { goto leave; } cred_desc = (gss_cred_id_desc *) cred; if (globus_module_activate(GLOBUS_GSI_CREDENTIAL_MODULE) != GLOBUS_SUCCESS) { goto leave; } /* Getting the X509 certicate */ gsi_cred_handle = cred_desc->cred_handle; if (globus_gsi_cred_get_cert(gsi_cred_handle, &px509_cred) != GLOBUS_SUCCESS) { globus_module_deactivate(GLOBUS_GSI_CREDENTIAL_MODULE); goto leave; } /* Getting the certificate chain */ if (globus_gsi_cred_get_cert_chain (gsi_cred_handle, &px509_chain) != GLOBUS_SUCCESS) { X509_free (px509_cred); (void)globus_module_deactivate (GLOBUS_GSI_CREDENTIAL_MODULE); goto leave; } if (_get_user_ca (px509_cred, px509_chain, data->user_ca) < 0) goto leave; /* No need for the globus module anymore, the rest are calls to VOMS */ (void)globus_module_deactivate (GLOBUS_GSI_CREDENTIAL_MODULE); #if defined(USE_VOMS) if (data->disable_voms_check) { ret = 0; goto leave; } if ((vd = VOMS_Init (NULL, NULL)) == NULL) { goto leave; } if ((VOMS_Retrieve (px509_cred, px509_chain, RECURSE_CHAIN, vd, &error) == 0) && (error != VERR_NOEXT)) { char buffer[BUFSIZE]; VOMS_ErrorMessage(vd, error, buffer, BUFSIZE); cgsi_err(soap, buffer); VOMS_Destroy (vd); goto leave; } volist = vd->data; if (volist !=NULL) { int i = 0; int nbfqan; /* Copying the voname */ if ((*volist)->voname != NULL) { data->voname = strdup((*volist)->voname); } /* Counting the fqans before allocating the array */ while( volist[0]->fqan[i] != NULL) { i++; } nbfqan = i; if (nbfqan > 0) { data->fqan = (char **)malloc(sizeof(char *) * (i+1)); if (data->fqan != NULL) { for (i=0; ifqan[i] = strdup( volist[0]->fqan[i]); } data->fqan[nbfqan] = NULL; data->nbfqan = nbfqan; } } /* if (nbfqan > 0) */ } VOMS_Destroy (vd); #endif ret = 0; leave: if (px509_cred) X509_free (px509_cred); if (px509_chain) sk_X509_pop_free(px509_chain,X509_free); return ret; } int retrieve_voms_credentials(struct soap *soap) { return retrieve_userca_and_voms_creds(soap); } /* Returns the VO name, if it could be retrieved via VOMS */ char *get_client_voname(struct soap *soap) { struct cgsi_plugin_data *data; if (soap == NULL) return NULL; data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, server_plugin_id); if (data == NULL) { cgsi_err(soap, "get_client_voname: could not get data structure"); return NULL; } if (data->voname == NULL) { return NULL; } return data->voname; } char **get_client_roles(struct soap *soap, int *nbfqan) { struct cgsi_plugin_data *data; if (soap == NULL) return NULL; if (nbfqan == NULL) { cgsi_err(soap, "get_client_roles: nbfqan is NULL, cannot return FQAN number"); return NULL; } *nbfqan = 0; data = (struct cgsi_plugin_data*)soap_lookup_plugin(soap, server_plugin_id); if (data == NULL) { cgsi_err(soap, "get_client_roles: could not get data structure"); return NULL; } if (data->fqan == NULL) { return NULL; } *nbfqan = data->nbfqan; return data->fqan; } static int is_loopback(struct sockaddr *sa) { int result = 0; switch (sa->sa_family) { case AF_INET: if (*(unsigned char *) &((struct sockaddr_in *) sa)->sin_addr.s_addr == 127) { result = 1; } break; case AF_INET6: if(IN6_IS_ADDR_LOOPBACK(&((struct sockaddr_in6 *) sa)->sin6_addr) || (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *) sa)->sin6_addr) && *(uint8_t *) &((struct sockaddr_in6 *) sa)->sin6_addr.s6_addr[12] == 127)) { result = 1; } break; } return result; } static void free_conn_state(struct cgsi_plugin_data *data) { OM_uint32 minor_status; char **p; (void) gss_delete_sec_context (&minor_status, &data->context_handle,GSS_C_NO_BUFFER); (void) gss_release_cred (&minor_status, &data->credential_handle); (void) gss_release_cred(&minor_status, &data->deleg_credential_handle); data->context_established = 0; data->socket_fd = -1; data->client_name[0] = '\0'; data->server_name[0] = '\0'; data->username[0] = '\0'; data->nb_iter = 0; data->deleg_cred_set = 0; if (data->voname) { free(data->voname); data->voname = NULL; } if (data->fqan) { for(p = data->fqan; *p != NULL; ++p) { free(*p); } free(data->fqan); data->fqan = NULL; } data->nbfqan = 0; data->had_send_error = 0; if (data->deleg_credential_token) { free(data->deleg_credential_token); data->deleg_credential_token = NULL; } data->deleg_credential_token_len = 0; data->buffered_in = buffer_free(data->buffered_in); } gss_buffer_t buffer_create(gss_buffer_t buf, size_t offset) { gss_buffer_t new_buf; new_buf = (gss_buffer_t) malloc(sizeof(gss_buffer_desc)); return buffer_copy_from(new_buf, buf, offset); } gss_buffer_t buffer_free(gss_buffer_t buf) { if(buf != NULL) { free(buf->value); free(buf); } return NULL; } gss_buffer_t buffer_consume_upto(gss_buffer_t buf, size_t offset) { void *old_data; old_data = buf->value; buffer_copy_from(buf, buf, offset); free(old_data); return buf; } gss_buffer_t buffer_copy_from(gss_buffer_t dest, gss_buffer_t src, size_t offset) { size_t new_len; void *new_data; if(offset > src->length) { // This is probably triggered by a bug somewhere. offset = src->length; } new_len = src->length - offset; new_data = malloc(new_len); memcpy(new_data, ((char *)src->value) + offset, new_len); dest->value = new_data; dest->length = new_len; return dest; } CGSI-gSOAP-1.3.5/src/globus_gsi_gss_constants.h0000775001227000117040000001104211663174203020566 0ustar ellertellert#ifndef GLOBUS_DONT_DOCUMENT_INTERNAL /** * Copyright 1999-2006 University of Chicago * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * @file globus_gsi_gssapi_constants.h * @author Sam Lang, Sam Meder * * $RCSfile: globus_gsi_gss_constants.h,v $ * $Revision: 1.2 $ * $Date: 2005/11/17 08:15:19 $ */ #endif #ifndef _GLOBUS_GSI_GSSAPI_CONSTANTS_H_ #define _GLOBUS_GSI_GSSAPI_CONSTANTS_H_ extern char * globus_l_gsi_gssapi_error_strings[]; /** * @defgroup globus_gsi_gssapi_constants GSI GSS-API Constants */ /** * @name Error Codes * @ingroup globus_gsi_gssapi_constants */ typedef enum { GLOBUS_GSI_GSSAPI_ERROR_HANDSHAKE = 0, GLOBUS_GSI_GSSAPI_ERROR_NO_GLOBUSID = 1, GLOBUS_GSI_GSSAPI_ERROR_PROCESS_CERT = 2, GLOBUS_GSI_GSSAPI_ERROR_MUTUAL_AUTH = 3, GLOBUS_GSI_GSSAPI_ERROR_WRAP_BIO = 4, GLOBUS_GSI_GSSAPI_ERROR_PROXY_VIOLATION = 5, GLOBUS_GSI_GSSAPI_ERROR_PROXY_NOT_RECEIVED = 6, GLOBUS_GSI_GSSAPI_ERROR_BAD_ARGUMENT = 7, GLOBUS_GSI_GSSAPI_ERROR_IMPEXP_BIO_SSL = 8, GLOBUS_GSI_GSSAPI_ERROR_IMPEXP_NO_CIPHER = 9, GLOBUS_GSI_GSSAPI_ERROR_IMPEXP_BAD_LEN = 10, GLOBUS_GSI_GSSAPI_ERROR_WITH_GSS_CREDENTIAL = 11, GLOBUS_GSI_GSSAPI_ERROR_EXPORT_FAIL = 12, GLOBUS_GSI_GSSAPI_ERROR_IMPORT_FAIL = 13, GLOBUS_GSI_GSSAPI_ERROR_READ_BIO = 14, GLOBUS_GSI_GSSAPI_ERROR_WRITE_BIO = 15, GLOBUS_GSI_GSSAPI_ERROR_WITH_GSS_CONTEXT = 16, GLOBUS_GSI_GSSAPI_ERROR_UNEXPECTED_FORMAT = 17, GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_PROXY = 18, GLOBUS_GSI_GSSAPI_ERROR_WITH_CALLBACK_DATA = 19, GLOBUS_GSI_GSSAPI_ERROR_BAD_DATE = 20, GLOBUS_GSI_GSSAPI_ERROR_BAD_MECH = 21, GLOBUS_GSI_GSSAPI_ERROR_ADD_EXT = 22, GLOBUS_GSI_GSSAPI_ERROR_REMOTE_CERT_VERIFY_FAILED = 23, GLOBUS_GSI_GSSAPI_ERROR_OUT_OF_MEMORY = 24, GLOBUS_GSI_GSSAPI_ERROR_BAD_NAME = 25, GLOBUS_GSI_GSSAPI_ERROR_UNORDERED_CHAIN = 26, GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL = 27, GLOBUS_GSI_GSSAPI_ERROR_WITH_OPENSSL = 28, GLOBUS_GSI_GSSAPI_ERROR_TOKEN_FAIL = 29, GLOBUS_GSI_GSSAPI_ERROR_WITH_DELEGATION = 30, GLOBUS_GSI_GSSAPI_ERROR_WITH_OID = 31, GLOBUS_GSI_GSSAPI_ERROR_EXPIRED_CREDENTIAL = 32, GLOBUS_GSI_GSSAPI_ERROR_WITH_MIC = 33, GLOBUS_GSI_GSSAPI_ERROR_ENCRYPTING_MESSAGE = 34, GLOBUS_GSI_GSSAPI_ERROR_WITH_BUFFER = 35, GLOBUS_GSI_GSSAPI_ERROR_GETTING_PEER_CRED = 36, GLOBUS_GSI_GSSAPI_ERROR_UNKNOWN_OPTION = 37, GLOBUS_GSI_GSSAPI_ERROR_CREATING_ERROR_OBJ = 38, GLOBUS_GSI_GSSAPI_ERROR_LAST = 39 } globus_gsi_gssapi_error_t; #define GLOBUS_GSI_GSSAPI_ERROR_BASE 100 #define GLOBUS_GSI_GSSAPI_ERROR_MINOR_STATUS(_ERROR_VALUE_) \ _ERROR_VALUE_ + GLOBUS_GSI_GSSAPI_ERROR_BASE /** * @name Cred Export/Import Type * @ingroup globus_gsi_gssapi_constants */ /* @{ */ typedef enum { GSS_IMPEXP_OPAQUE_FORM = 0, GSS_IMPEXP_MECH_SPECIFIC = 1 } gss_impexp_cred_type_t; /* @} */ /** * @name Connection State Type * @ingroup globus_gsi_gssapi_constants */ /* @{ */ typedef enum { GSS_CON_ST_HANDSHAKE = 0, GSS_CON_ST_FLAGS, GSS_CON_ST_REQ, GSS_CON_ST_CERT, GSS_CON_ST_DONE } gss_con_st_t; /* @} */ /** * @name Delegation State Type * @ingroup globus_gsi_gssapi_constants */ /* @{ */ typedef enum { GSS_DELEGATION_START, GSS_DELEGATION_DONE, GSS_DELEGATION_COMPLETE_CRED, GSS_DELEGATION_SIGN_CERT } gss_delegation_state_t; /* @} */ /** * @name Compare Name Type * @ingroup globus_gsi_gssapi_constants */ /* @{ */ typedef enum { GSS_NAMES_NOT_EQUAL = 0, GSS_NAMES_EQUAL = 1 } gss_names_equal_t; /* @} */ /** * @name Context Established State Type * @ingroup globus_gsi_gssapi_constants */ /* @{ */ typedef enum { GSS_CTX_FULLY_ESTABLISHED = 1, GSS_CTX_TOKEN_EXPECTED_FROM_PEER = 0 } gss_ctx_state_t; /* @} */ /** * @name Confidentiality State Type * @ingroup globus_gsi_gssapi_constants */ /* @{ */ typedef enum { GSS_CONFIDENTIALITY = 1, GSS_INTEGRITY_ONLY = 0 } gss_conf_state_t; /* @} */ #define GSS_SSL_MESSAGE_DIGEST_PADDING 12 #define GSS_SSL3_WRITE_SEQUENCE_SIZE 8 #endif CGSI-gSOAP-1.3.5/src/Makefile0000775001227000117040000002324611502355040014751 0ustar ellertellert## # $Id: Makefile 2697 2010-12-16 09:21:36Z baud $ ## ifeq ($(SRCDIR), $(EMPTY)) SRCDIR=. else VPATH=.:$(SRCDIR) endif ################################################################################ ## implicit rule flags ## SHELL = /bin/sh CC = gcc CPP = g++ CFLAGS = -Wall -g -fPIC LDFLAGS = RANLIB = ranlib SHLIBLDFLAGS = -shared SHLIBREQLIBS = -lc # gSOAP 2.7.10 has introduced a virtual destructor, which inserts # a pointer to the VMT at the beginning of the 'soap' structure, # making the C and C++ versions of the code binary incompatible, # so we need to build C++ flavour of the libraries as well: #WITH_CPP_LIBS = yes ################################################################################ ## project flags ## ifeq ($(GLOBUS_LOCATION), $(EMPTY)) ifeq ($(WITH_EMI), $(EMPTY)) GLOBUS_LOCATION=/opt/globus else GLOBUS_LOCATION=/usr endif endif ifeq ($(GLOBUS_FLAVOUR), $(EMPTY)) GLOBUS_FLAVOUR = gcc32dbg endif GLOBUS_FLAVOUR_PTHR=$(GLOBUS_FLAVOUR)pthr ifeq ($(GSOAP_LOCATION), $(EMPTY)) ifeq ($(WITH_EMI), $(EMPTY)) GSOAP_LOCATION=/usr/local else GSOAP_LOCATION=/usr endif endif GSOAP_INCLUDE=-I$(GSOAP_LOCATION)/include ifeq ($(GSOAP_VERSION), $(EMPTY)) GSOAP_VERSION=_gsoap_2.7 endif LIBFILES =libcgsi_plugin$(GSOAP_VERSION).a SHLIBFILES =libcgsi_plugin$(GSOAP_VERSION).so ifneq ($(WITH_CPP_LIBS), $(EMPTY)) LIBFILES +=libcgsi_plugin$(GSOAP_VERSION)_cpp.a SHLIBFILES +=libcgsi_plugin$(GSOAP_VERSION)_cpp.so endif ifneq ($(WITH_EMI), $(EMPTY)) GLOBUS_INCLUDE = -I$(GLOBUS_LOCATION)/include/globus -I$(GLOBUS_LOCATION)/$(LIBDIR)/globus/include GLOBUS_LIBS = -L$(GLOBUS_LOCATION)/$(LIBDIR) -lglobus_gssapi_gsi -lglobus_gss_assist ifneq ($(USE_VOMS), $(EMPTY)) LIBFILES +=libcgsi_plugin_voms$(GSOAP_VERSION).a SHLIBFILES +=libcgsi_plugin_voms$(GSOAP_VERSION).so ifneq ($(WITH_CPP_LIBS), $(EMPTY)) LIBFILES +=libcgsi_plugin_voms$(GSOAP_VERSION)_cpp.a SHLIBFILES +=libcgsi_plugin_voms$(GSOAP_VERSION)_cpp.so endif endif else GLOBUS_INCLUDE = -I$(GLOBUS_LOCATION)/include/$(GLOBUS_FLAVOUR) GLOBUS_LIBS = -L$(GLOBUS_LOCATION)/lib -lglobus_gssapi_gsi_$(GLOBUS_FLAVOUR) \ -lglobus_gss_assist_$(GLOBUS_FLAVOUR) GLOBUS_INCLUDE_PTHR = -I$(GLOBUS_LOCATION)/include/$(GLOBUS_FLAVOUR_PTHR) GLOBUS_LIBS_PTHR = -L$(GLOBUS_LOCATION)/lib -lglobus_gssapi_gsi_$(GLOBUS_FLAVOUR_PTHR) \ -lglobus_gss_assist_$(GLOBUS_FLAVOUR_PTHR) ifneq ($(USE_VOMS), $(EMPTY)) LIBFILES += libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR).a LIBFILES += libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR_PTHR).a SHLIBFILES += libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR).so SHLIBFILES += libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR_PTHR).so ifneq ($(WITH_CPP_LIBS), $(EMPTY)) LIBFILES += libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR)_cpp.a LIBFILES += libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR_PTHR)_cpp.a SHLIBFILES += libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR)_cpp.so SHLIBFILES += libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR_PTHR)_cpp.so endif endif endif # major version number for shared library names VMAJOR=$(shell echo $(VERSION) | cut -f1 -d.) # initial settings CFLAGS += -I. -I$(SRCDIR) $(GSOAP_INCLUDE) ifeq ($(VOMS_LOCATION), $(EMPTY)) ifeq ($(WITH_EMI), $(EMPTY)) VOMS_LOCATION=/opt/glite else VOMS_LOCATION=/usr endif endif ifeq ($(LIBDIR), $(EMPTY)) LIBDIR=lib endif ifneq ($(USE_VOMS), $(EMPTY)) ifneq ($(WITH_EMI), $(EMPTY)) VOMS_FLAGS = -DUSE_VOMS -I$(VOMS_LOCATION)/include/voms VOMS_LIBS=-L$(VOMS_LOCATION)/$(LIBDIR) -lvomsapi else VOMS_FLAGS = -DUSE_VOMS -I$(VOMS_LOCATION)/include/glite/security/voms VOMS_LIBS=-L$(VOMS_LOCATION)/$(LIBDIR) -lvomsapi_$(GLOBUS_FLAVOUR) VOMS_FLAGS_PTHR = -DUSE_VOMS -I$(VOMS_LOCATION)/include/glite/security/voms VOMS_LIBS_PTHR=-L$(VOMS_LOCATION)/$(LIBDIR) -lvomsapi_$(GLOBUS_FLAVOUR_PTHR) endif endif #CFLAGS += $(VOMS_FLAGS) #LDLIBS += $(VOMS_LIBS) # NO ! the libs should not be added at link time so that the #users of CGSI_GSOAP can choose the ones they need to use #SHLIBREQLIBS += $(LDLIBS) ################################################################################ ## compilation targets ## .PHONY: all all: $(LIBFILES) $(SHLIBFILES) # dependencies cgsi_plugin.o: cgsi_plugin.c cgsi_plugin.h cgsi_plugin_int.h $(CC) $(CFLAGS) $(GLOBUS_INCLUDE) -c -o $@ $< libcgsi_plugin$(GSOAP_VERSION).a: cgsi_plugin.o $(AR) $(ARFLAGS) $@ $? $(RANLIB) $@ libcgsi_plugin$(GSOAP_VERSION).so: cgsi_plugin.o $(CC) $(SHLIBLDFLAGS) -Wl,-soname,$@.$(VMAJOR) -o $@ $? $(SHLIBREQLIBS) $(GLOBUS_LIBS) ifneq ($(WITH_CPP_LIBS), $(EMPTY)) cgsi_plugin_cpp.o: cgsi_plugin.c cgsi_plugin.h cgsi_plugin_int.h $(CPP) $(CFLAGS) $(GLOBUS_INCLUDE) -c -o $@ $< libcgsi_plugin$(GSOAP_VERSION)_cpp.a: cgsi_plugin_cpp.o $(AR) $(ARFLAGS) $@ $? $(RANLIB) $@ libcgsi_plugin$(GSOAP_VERSION)_cpp.so: cgsi_plugin_cpp.o $(CPP) $(SHLIBLDFLAGS) -Wl,-soname,$@.$(VMAJOR) -o $@ $? $(SHLIBREQLIBS) $(GLOBUS_LIBS) endif ifneq ($(USE_VOMS), $(EMPTY)) cgsi_plugin_voms.o: cgsi_plugin.c cgsi_plugin.h cgsi_plugin_int.h $(CC) $(CFLAGS) $(VOMS_FLAGS) $(GLOBUS_INCLUDE) -c -o $@ $< libcgsi_plugin_voms$(GSOAP_VERSION).a: cgsi_plugin_voms.o $(AR) $(ARFLAGS) $@ $? $(RANLIB) $@ libcgsi_plugin_voms$(GSOAP_VERSION).so: cgsi_plugin_voms.o $(CC) $(SHLIBLDFLAGS) -Wl,-soname,$@.$(VMAJOR) -o $@ $? $(SHLIBREQLIBS) $(GLOBUS_LIBS) $(VOMS_LIBS) cgsi_plugin_voms_$(GLOBUS_FLAVOUR).o: cgsi_plugin.c cgsi_plugin.h cgsi_plugin_int.h $(CC) $(CFLAGS) $(VOMS_FLAGS) $(GLOBUS_INCLUDE) -c -o $@ $< libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR).a: cgsi_plugin_voms_$(GLOBUS_FLAVOUR).o $(AR) $(ARFLAGS) $@ $? $(RANLIB) $@ libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR).so: cgsi_plugin_voms_$(GLOBUS_FLAVOUR).o $(CC) $(SHLIBLDFLAGS) -Wl,-soname,$@.$(VMAJOR) -o $@ $? $(SHLIBREQLIBS) $(GLOBUS_LIBS) $(VOMS_LIBS) cgsi_plugin_voms_$(GLOBUS_FLAVOUR_PTHR).o: cgsi_plugin.c cgsi_plugin.h cgsi_plugin_int.h $(CC) $(CFLAGS) $(VOMS_FLAGS_PTHR) $(GLOBUS_INCLUDE_PTHR) -c -o $@ $< libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR_PTHR).a: cgsi_plugin_voms_$(GLOBUS_FLAVOUR_PTHR).o $(AR) $(ARFLAGS) $@ $? $(RANLIB) $@ libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR_PTHR).so: cgsi_plugin_voms_$(GLOBUS_FLAVOUR_PTHR).o $(CC) $(SHLIBLDFLAGS) -Wl,-soname,$@.$(VMAJOR) -o $@ $? $(SHLIBREQLIBS) $(GLOBUS_LIBS_PTHR) $(VOMS_LIBS_PTHR) ifneq ($(WITH_CPP_LIBS), $(EMPTY)) cgsi_plugin_voms_cpp.o: cgsi_plugin.c cgsi_plugin.h cgsi_plugin_int.h $(CPP) $(CFLAGS) $(VOMS_FLAGS) $(GLOBUS_INCLUDE) -c -o $@ $< libcgsi_plugin_voms$(GSOAP_VERSION)_cpp.a: cgsi_plugin_voms_cpp.o $(AR) $(ARFLAGS) $@ $? $(RANLIB) $@ libcgsi_plugin_voms$(GSOAP_VERSION)_cpp.so: cgsi_plugin_voms_cpp.o $(CPP) $(SHLIBLDFLAGS) -Wl,-soname,$@.$(VMAJOR) -o $@ $? $(SHLIBREQLIBS) $(GLOBUS_LIBS) $(VOMS_LIBS) cgsi_plugin_voms_$(GLOBUS_FLAVOUR)_cpp.o: cgsi_plugin.c cgsi_plugin.h cgsi_plugin_int.h $(CPP) $(CFLAGS) $(VOMS_FLAGS) $(GLOBUS_INCLUDE) -c -o $@ $< libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR)_cpp.a: cgsi_plugin_voms_$(GLOBUS_FLAVOUR)_cpp.o $(AR) $(ARFLAGS) $@ $? $(RANLIB) $@ libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR)_cpp.so: cgsi_plugin_voms_$(GLOBUS_FLAVOUR)_cpp.o $(CPP) $(SHLIBLDFLAGS) -Wl,-soname,$@.$(VMAJOR) -o $@ $? $(SHLIBREQLIBS) $(GLOBUS_LIBS) $(VOMS_LIBS) cgsi_plugin_voms_$(GLOBUS_FLAVOUR_PTHR)_cpp.o: cgsi_plugin.c cgsi_plugin.h cgsi_plugin_int.h $(CPP) $(CFLAGS) $(VOMS_FLAGS_PTHR) $(GLOBUS_INCLUDE_PTHR) -c -o $@ $< libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR_PTHR)_cpp.a: cgsi_plugin_voms_$(GLOBUS_FLAVOUR_PTHR)_cpp.o $(AR) $(ARFLAGS) $@ $? $(RANLIB) $@ libcgsi_plugin_voms$(GSOAP_VERSION)_$(GLOBUS_FLAVOUR_PTHR)_cpp.so: cgsi_plugin_voms_$(GLOBUS_FLAVOUR_PTHR)_cpp.o $(CPP) $(SHLIBLDFLAGS) -Wl,-soname,$@.$(VMAJOR) -o $@ $? $(SHLIBREQLIBS) $(GLOBUS_LIBS_PTHR) $(VOMS_LIBS) endif endif doc: doxygenConfig SRCDIR=$(SRCDIR) VERSION=$(VERSION) doxygen $< ############################################### ## THIS IS STANDARD Makefile BELOW THIS LINE ## ############################################### ################################################################################ # Usage example: make install PREFIX=/usr/local # installation directories defaults are generic unix PPREFIX=/usr PREFIX =$(RPM_BUILD_ROOT)$(PPREFIX)# could be /usr/local but you may not have perms INCDIR =include BINDIR =bin MANDIR =share DOCDIR =share/doc/CGSI$(GSOAP_VERSION) INCFILES =cgsi_plugin.h INSTALL_FLAGS = # install targets ifneq ($(USE_VOMS), $(EMPTY)) installtargets = installinc installlib installbin installman installdoc installshlib installshlibvoms installshlibvomspthr else installtargets = installinc installlib installbin installman installdoc installshlib endif .PHONY: uninstall install $(installtargets) install: $(INCFILES) $(LIBFILES) $(SHLIBFILES) install -d $(PREFIX)/$(INCDIR) for i in $(INCFILES); do cp $(SRCDIR)/$$i $(PREFIX)/$(INCDIR); done install -d $(PREFIX)/$(LIBDIR) for l in $(LIBFILES); do cp $$l $(PREFIX)/$(LIBDIR)/$$l; done for l in $(SHLIBFILES); do \ cp $$l $(PREFIX)/$(LIBDIR)/$$l.$(VERSION); \ (cd $(PREFIX)/$(LIBDIR); ln -sf $$l.$(VERSION) $$l); \ (cd $(PREFIX)/$(LIBDIR); ln -sf $$l.$(VERSION) $$l.$(VMAJOR)); \ done install.man: doc mkdir -p $(PREFIX)/share cp -r man $(PREFIX)/share/ mkdir -p $(PREFIX)/$(DOCDIR) cp -r html $(PREFIX)/$(DOCDIR)/ ################################################################################ ## clean up ## .PHONY: clean clean: # files vars are specified in install -$(RM) *.o $(LIBFILES) $(SHLIBFILES) ################################################################################ ## help ## OK now I am going really over the top here :) .PHONY: help help: @echo -e "\n" \ "\ttarget\t| description \n" \ "\t================================================================\n" \ "\tall\t| Makes the gsoap binaries.\n" \ "\t\t|\n" \ CGSI-gSOAP-1.3.5/src/globus_i_gsi_credential.h0000775001227000117040000002452411663174203020331 0ustar ellertellert#ifndef GLOBUS_DONT_DOCUMENT_INTERNAL /** * Copyright 1999-2006 University of Chicago * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * @file globus_i_gsi_credential.h * Globus GSI Credential Library * @author Sam Lang, Sam Meder * * $RCSfile: globus_i_gsi_credential.h,v $ * $Revision: 1.2 $ * $Date: 2005/11/17 08:15:20 $ */ #ifndef GLOBUS_I_INCLUDE_GSI_CREDENTIAL_H #define GLOBUS_I_INCLUDE_GSI_CREDENTIAL_H #include "globus_gsi_credential.h" #include "proxycertinfo.h" /* DEBUG MACROS */ #ifdef BUILD_DEBUG extern int globus_i_gsi_cred_debug_level; extern FILE * globus_i_gsi_cred_debug_fstream; #define GLOBUS_I_GSI_CRED_DEBUG(_LEVEL_) \ (globus_i_gsi_cred_debug_level >= (_LEVEL_)) #define GLOBUS_I_GSI_CRED_DEBUG_FPRINTF(_LEVEL_, _MESSAGE_) \ { \ if (GLOBUS_I_GSI_CRED_DEBUG(_LEVEL_)) \ { \ globus_libc_fprintf _MESSAGE_; \ } \ } #define GLOBUS_I_GSI_CRED_DEBUG_FNPRINTF(_LEVEL_, _MESSAGE_) \ { \ if (GLOBUS_I_GSI_CRED_DEBUG(_LEVEL_)) \ { \ char * _tmp_str_ = \ globus_gsi_cert_utils_create_nstring _MESSAGE_; \ globus_libc_fprintf(globus_i_gsi_cred_debug_fstream, \ _tmp_str_); \ globus_libc_free(_tmp_str_); \ } \ } #define GLOBUS_I_GSI_CRED_DEBUG_PRINT(_LEVEL_, _MESSAGE_) \ { \ if (GLOBUS_I_GSI_CRED_DEBUG(_LEVEL_)) \ { \ globus_libc_fprintf(globus_i_gsi_cred_debug_fstream, _MESSAGE_); \ } \ } #define GLOBUS_I_GSI_CRED_DEBUG_PRINT_OBJECT(_LEVEL_, _OBJ_NAME_, _OBJ_) \ { \ if (GLOBUS_I_GSI_CRED_DEBUG(_LEVEL_)) \ { \ _OBJ_NAME_##_print_fp(globus_i_gsi_cred_debug_fstream, _OBJ_); \ } \ } #else #define GLOBUS_I_GSI_CRED_DEBUG_FPRINTF(_LEVEL_, _MESSAGE_) {} #define GLOBUS_I_GSI_CRED_DEBUG_FNPRINTF(_LEVEL_, _MESSAGE_) {} #define GLOBUS_I_GSI_CRED_DEBUG_PRINT(_LEVEL_, _MESSAGE_) {} #define GLOBUS_I_GSI_CRED_DEBUG_PRINT_OBJECT(_LEVEL_, _OBJ_NAME_, _OBJ_) {} #endif #define GLOBUS_I_GSI_CRED_DEBUG_ENTER \ GLOBUS_I_GSI_CRED_DEBUG_FPRINTF( \ 2, (globus_i_gsi_cred_debug_fstream, \ "%s entering\n", _function_name_)) #define GLOBUS_I_GSI_CRED_DEBUG_EXIT \ GLOBUS_I_GSI_CRED_DEBUG_FPRINTF( \ 2, (globus_i_gsi_cred_debug_fstream, \ "%s exiting\n", _function_name_)) /* ERROR MACROS */ #define GLOBUS_GSI_CRED_OPENSSL_ERROR_RESULT(_RESULT_, _ERRORTYPE_, _ERRSTR_) \ { \ char * _tmp_str_ = \ globus_gsi_cert_utils_create_string _ERRSTR_; \ _RESULT_ = globus_i_gsi_cred_openssl_error_result(_ERRORTYPE_, \ __FILE__, \ _function_name_, \ __LINE__, \ _tmp_str_, \ NULL); \ globus_libc_free(_tmp_str_); \ } #define GLOBUS_GSI_CRED_ERROR_RESULT(_RESULT_, _ERRORTYPE_, _ERRSTR_) \ { \ char * _tmp_str_ = \ globus_gsi_cert_utils_create_string _ERRSTR_; \ _RESULT_ = globus_i_gsi_cred_error_result(_ERRORTYPE_, \ __FILE__, \ _function_name_, \ __LINE__, \ _tmp_str_, \ NULL); \ globus_libc_free(_tmp_str_); \ } #define GLOBUS_GSI_CRED_ERROR_CHAIN_RESULT(_TOP_RESULT_, _ERRORTYPE_) \ _TOP_RESULT_ = globus_i_gsi_cred_error_chain_result(_TOP_RESULT_, \ _ERRORTYPE_, \ __FILE__, \ _function_name_, \ __LINE__, \ NULL, \ NULL) #define GLOBUS_GSI_CRED_OPENSSL_LONG_ERROR_RESULT(_RESULT_, \ _ERRORTYPE_, \ _ERRSTR_, \ _LONG_DESC_) \ { \ char * _tmp_str_ = \ globus_gsi_cert_utils_create_string _ERRSTR_; \ _RESULT_ = globus_i_gsi_cred_openssl_error_result(_ERRORTYPE_, \ __FILE__, \ _function_name_, \ __LINE__, \ _tmp_str_, \ _LONG_DESC_); \ globus_libc_free(_tmp_str_); \ } #define GLOBUS_GSI_CRED_LONG_ERROR_RESULT(_RESULT_, \ _ERRORTYPE_, \ _ERRSTR_) \ { \ char * _tmp_str_ = \ globus_gsi_cert_utils_create_string _ERRSTR_; \ _RESULT_ = globus_i_gsi_cred_error_result(_ERRORTYPE_, \ __FILE__, \ _function_name_, \ __LINE__, \ _tmp_str_, \ _LONG_DESC_); \ globus_libc_free(_tmp_str_); \ } #define GLOBUS_GSI_CRED_LONG_ERROR_CHAIN_RESULT(_TOP_RESULT_, \ _ERRORTYPE_, \ _LONG_DESC_) \ _TOP_RESULT_ = globus_i_gsi_cred_error_chain_result(_TOP_RESULT_, \ _ERRORTYPE_, \ __FILE__, \ _function_name_, \ __LINE__, \ NULL, \ _LONG_DESC_) extern char * globus_l_gsi_cred_error_strings[]; /** * Handle attributes. * @ingroup globus_gsi_credential_handle_attrs */ /** * GSI Credential handle attributes implementation * @ingroup globus_gsi_credential_handle * @internal * * This structure contains immutable attributes * of a credential handle */ typedef struct globus_l_gsi_cred_handle_attrs_s { /* the filename of the CA certificate directory */ char * ca_cert_dir; /* the order to search in for a certificate */ globus_gsi_cred_type_t * search_order; /*{PROXY,USER,HOST}*/ } globus_i_gsi_cred_handle_attrs_t; /** * GSI Credential handle implementation * @ingroup globus_gsi_credential_handle * @internal * * Contains all the state associated with a credential handle, including * * @see globus_credential_handle_init(), globus_credential_handle_destroy() */ typedef struct globus_l_gsi_cred_handle_s { /** The credential's signed certificate */ X509 * cert; /** The private key of the credential */ EVP_PKEY * key; /** The chain of signing certificates */ STACK_OF(X509) * cert_chain; /** The immutable attributes of the credential handle */ globus_gsi_cred_handle_attrs_t attrs; /** The amout of time the credential is valid for */ time_t goodtill; } globus_i_gsi_cred_handle_t; globus_result_t globus_i_gsi_cred_goodtill( globus_gsi_cred_handle_t cred_handle, time_t * goodtill); globus_result_t globus_i_gsi_cred_get_proxycertinfo( X509 * cert, PROXYCERTINFO ** proxycertinfo); int globus_i_gsi_cred_password_callback_no_prompt( char * buffer, int size, int w); globus_result_t globus_i_gsi_cred_openssl_error_result( int error_type, const char * filename, const char * function_name, int line_number, const char * short_desc, const char * long_desc); globus_result_t globus_i_gsi_cred_error_result( int error_type, const char * filename, const char * function_name, int line_number, const char * short_desc, const char * long_desc); globus_result_t globus_i_gsi_cred_error_chain_result( globus_result_t chain_result, int error_type, const char * filename, const char * function_name, int line_number, const char * short_desc, const char * long_desc); globus_result_t globus_i_gsi_cred_error_join_chains_result( globus_result_t outter_error, globus_result_t inner_error); EXTERN_C_END #endif /* GLOBUS_I_INCLUDE_GSI_CREDENTIAL_H */ #endif /* GLOBUS_DONT_DOCUMENT_INTERNAL */ CGSI-gSOAP-1.3.5/src/gssapi_openssl.h0000775001227000117040000001303411663174203016515 0ustar ellertellert#ifndef GLOBUS_DONT_DOCUMENT_INTERNAL /** * Copyright 1999-2006 University of Chicago * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * @file gssapi_openssl.h * @author Sam Lang, Sam Meder * * $RCSfile: gssapi_openssl.h,v $ * $Revision: 1.2 $ * $Date: 2005/11/17 08:15:20 $ */ #endif #ifndef _GSSAPI_OPENSSL_H #define _GSSAPI_OPENSSL_H #if defined(WIN32) # include "windows.h" #endif #include "gssapi.h" #include "globus_gsi_gss_constants.h" #include "globus_common.h" #include "globus_gsi_callback.h" #include "globus_gsi_proxy.h" #include "globus_gsi_credential.h" #include #include #include #include #include #include #include #include #define GLOBUS_I_GSI_GSSAPI_IMPL_VERSION 1 #define GSS_I_CTX_INITIALIZED 1 #define GSS_I_DISALLOW_ENCRYPTION 2 #define GSS_I_PROTECTION_FAIL_ON_CONTEXT_EXPIRATION 4 #define GSS_I_APPLICATION_WILL_HANDLE_EXTENSIONS 8 #define GSS_C_QOP_GLOBUS_GSSAPI_OPENSSL_BIG 1 /* * we need to distinguish between a token * created by us using get_mic vs one using * the SSL application data * We use this in wrap and unwrap * Future versions of SSL may use this * * Our wrapped buffer (integrity only) has * * byte type[1] = SSL3_RT_GSSAPI_OPENSSL * byte version_major[1] = 0x03 * byte version_minor[1] = 0 * byte mic_length[2] = 2 byte length of following mic * * byte mic_seq[8] = 8 byte sequence number * byte mic_data_length[4] = 4 byte length of data * byte hash[*] = the hash of variable length * * byte data[*] = the data being wrapped. */ #define SSL3_RT_GSSAPI_OPENSSL 26 /* These conversions macros are taken from SSL */ #define L2N(LONG_VAL, CHAR_ARRAY) \ { \ char * _char_array_ = CHAR_ARRAY; \ *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 24) & 0xff); \ *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 16) & 0xff); \ *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 8) & 0xff); \ *(_char_array_++) = (unsigned char) (((LONG_VAL)) & 0xff); \ } #define N2L(CHAR_ARRAY, LONG_VAL) \ { \ char * _char_array_ = CHAR_ARRAY; \ (LONG_VAL) = ((unsigned long) (*(_char_array_++))) << 24; \ (LONG_VAL) |= ((unsigned long) (*(_char_array_++))) << 16; \ (LONG_VAL) |= ((unsigned long) (*(_char_array_++))) << 8; \ (LONG_VAL) |= ((unsigned long) (*(_char_array_++))); \ } #define N2S(CHAR_ARRAY, SHORT) \ { \ char * _char_array_ = CHAR_ARRAY; \ (SHORT) = ((unsigned int) (*(_char_array_++))) << 8; \ (SHORT) |= ((unsigned int) (*(_char_array_++))); \ } #define S2N(SHORT, CHAR_ARRAY) \ { \ char * _char_array_ = CHAR_ARRAY; \ *(_char_array_++) = (unsigned char) (((SHORT) >> 8) & 0xff); \ *(_char_array_++) = (unsigned char) ((SHORT) & 0xff); \ } /* Compare OIDs */ #define g_OID_equal(o1, o2) \ (((o1) == (o2)) || \ ((o1) && (o2) && \ ((o1)->length == (o2)->length) && \ (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0))) typedef struct gss_name_desc_struct { /* gss_buffer_desc name_buffer ; */ gss_OID name_oid; X509_NAME * x509n; STACK * group; ASN1_BIT_STRING * group_types; } gss_name_desc; typedef struct gss_cred_id_desc_struct { globus_gsi_cred_handle_t cred_handle; gss_name_desc * globusid; gss_cred_usage_t cred_usage; SSL_CTX * ssl_context; } gss_cred_id_desc; typedef struct gss_ctx_id_desc_struct{ globus_mutex_t mutex; globus_gsi_callback_data_t callback_data; gss_cred_id_desc * peer_cred_handle; gss_cred_id_desc * cred_handle; gss_cred_id_desc * deleg_cred_handle; globus_gsi_proxy_handle_t proxy_handle; OM_uint32 ret_flags; OM_uint32 req_flags; OM_uint32 ctx_flags; int cred_obtained; SSL * gss_ssl; BIO * gss_rbio; BIO * gss_wbio; BIO * gss_sslbio; gss_con_st_t gss_state; int locally_initiated; gss_delegation_state_t delegation_state; } gss_ctx_id_desc; extern const gss_OID_desc * const gss_mech_globus_gssapi_openssl; extern const gss_OID_desc * const gss_proxycertinfo_extension; extern globus_thread_once_t once_control; #endif /* _GSSAPI_OPENSSL_H */ CGSI-gSOAP-1.3.5/src/doxygenConfig.footer.html0000664001227000117040000000013311245230377020273 0ustar ellertellertCopyright © 2004-2009 EU-EGEE CGSI-gSOAP-1.3.5/src/cgsi_plugin_int.h0000775001227000117040000000456511657173003016652 0ustar ellertellert/* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** cgsi_plugin_int.h - Header file for the GSI gSOAP plugin * * @file cgsi_plugin_int.h * @author Ben Couturier CERN, IT/ADC * * This is a GSI plugin for gSOAP. It uses the globus GSI libraries to implement * GSI secure authentification and encryption on top of gSOAP. * The globus GSI bundle is necessary for the plugin to compile and run. * */ #include #include #include #define CGSI_TRACE "CGSI_TRACE" #define CGSI_TRACEFILE "CGSI_TRACEFILE" #define CLIENT_PLUGIN_ID "CGSI_PLUGIN_CLIENT_1.0" /* plugin identification */ #define SERVER_PLUGIN_ID "CGSI_PLUGIN_SERVER_1.0" /* plugin identification */ #define CGSI_PLUGIN "CGSI-gSOAP" #define CGSI_MAXNAMELEN 512 struct cgsi_plugin_data { int context_established; gss_cred_id_t credential_handle; gss_ctx_id_t context_handle; int socket_fd; int (*fsend)(struct soap*, const char*, size_t); size_t (*frecv)(struct soap*, char*, size_t); int (*fopen)(struct soap*, const char*, const char*, int); int (*fclose)(struct soap*); char client_name[CGSI_MAXNAMELEN]; char server_name[CGSI_MAXNAMELEN]; char username[CGSI_MAXNAMELEN]; char user_ca[CGSI_MAXNAMELEN]; int nb_iter; int disable_hostname_check; int context_flags; int trace_mode; char trace_file[CGSI_MAXNAMELEN]; gss_cred_id_t deleg_credential_handle; int deleg_cred_set; gss_buffer_t buffered_in; /* Pointers to VOMS data */ char *voname; char **fqan; int nbfqan; int disable_mapping; int disable_voms_check; int allow_only_self; int had_send_error; void *deleg_credential_token; size_t deleg_credential_token_len; }; CGSI-gSOAP-1.3.5/rpm/0000775001227000117040000000000011757445543013332 5ustar ellertellertCGSI-gSOAP-1.3.5/rpm/epel/0000775001227000117040000000000011757445543014257 5ustar ellertellertCGSI-gSOAP-1.3.5/rpm/epel/CGSI-gSOAP.spec0000664001227000117040000001113711743524311016554 0ustar ellertellertName: CGSI-gSOAP Version: 1.3.5 Release: 2%{?dist} Summary: GSI plugin for gSOAP Group: System Environment/Libraries License: ASL 2.0 URL: http://glite.web.cern.ch/glite/ # The source tarfile is created from a subversion checkout: # svn co http://svnweb.cern.ch/guest/lcgutil/cgsi-gsoap/tags/cgsi-gsoap_R_1_3_4_2 CGSI-gSOAP-1.3.4.2 # tar --exclude .svn -z -c -f CGSI-gSOAP-1.3.4.2.tar.gz CGSI-gSOAP-1.3.4.2 Source0: %{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: globus-gss-assist-devel%{?_isa} BuildRequires: globus-gssapi-gsi-devel%{?_isa} BuildRequires: gsoap-devel%{?_isa} BuildRequires: voms-devel%{?_isa} BuildRequires: doxygen %description This is a GSI plugin for gSOAP. It uses the globus GSI libraries to implement GSI secure authentication and encryption on top of gSOAP. %package devel Summary: GSI plugin for gSOAP - development files Group: Development/Libraries Requires: %{name}%{?_isa} = %{version}-%{release} Requires: gsoap-devel %description devel This package provides the header files for programming with the cgsi-gsoap plugins. %prep %setup -q # Fix bad permissions (which otherwise end up in the debuginfo package) find . '(' -name '*.h' -o -name '*.c' -o -name '*.cpp' -o -name '*.cc' ')' \ -exec chmod 644 {} ';' chmod 644 LICENSE RELEASE-NOTES # Remove -L/usr/lib and -L/usr/lib64 since they may cause problems sed -e 's!-L$([A-Z_]*)/lib!!' \ -e 's!-L$([A-Z_]*)/$(LIBDIR)!!' -i src/Makefile # Remove gsoap version from library names sed -e 's!$(GSOAP_VERSION)!!g' -i src/Makefile %build . ./VERSION cd src make CFLAGS="%optflags -fPIC -I. `pkg-config --cflags gsoap`" \ USE_VOMS=yes WITH_EMI=yes WITH_CPP_LIBS=yes \ LIBDIR=%{_lib} VERSION=$VERSION all doc %install rm -rf $RPM_BUILD_ROOT . ./VERSION cd src make CFLAGS="%optflags -fPIC -I. `pkg-config --cflags gsoap`" \ USE_VOMS=yes WITH_EMI=yes WITH_CPP_LIBS=yes \ LIBDIR=%{_lib} VERSION=$VERSION install install.man mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}-devel-%{version} mv $RPM_BUILD_ROOT%{_datadir}/doc/CGSI \ $RPM_BUILD_ROOT%{_docdir}/%{name}-devel-%{version} rm $RPM_BUILD_ROOT%{_libdir}/*.a %clean rm -rf $RPM_BUILD_ROOT %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files %defattr(-,root,root,-) %{_libdir}/libcgsi_plugin.so.* %{_libdir}/libcgsi_plugin_cpp.so.* %{_libdir}/libcgsi_plugin_voms.so.* %{_libdir}/libcgsi_plugin_voms_cpp.so.* %doc LICENSE RELEASE-NOTES %files devel %defattr(-,root,root,-) %{_includedir}/cgsi_plugin.h %{_libdir}/libcgsi_plugin.so %{_libdir}/libcgsi_plugin_cpp.so %{_libdir}/libcgsi_plugin_voms.so %{_libdir}/libcgsi_plugin_voms_cpp.so %doc %{_docdir}/%{name}-devel-%{version} %doc %{_mandir}/man*/* %changelog * Mon Apr 18 2012 Zsolt Molnar - 1.3.5-2 - First official EMI 2 release, with EPEL changes finelized. * Mon Apr 02 2012 Ricardo Rocha - 1.3.5-1 - Up for new upstream release * Thu Sep 01 2011 Mattias Ellert - 1.3.4.2-2 - Use gsoap cflags from pkg-config * Mon Jun 20 2011 Mattias Ellert - 1.3.4.2-1 - Update to version 1.3.4.2 * Mon Feb 07 2011 Fedora Release Engineering - 1.3.4.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Dec 20 2010 Mattias Ellert - 1.3.4.0-1 - Update to version 1.3.4.0 * Thu Nov 12 2009 Mattias Ellert - 1.3.3.2-2.20090920cvs - Use cvs checkout date in release tag - Drop Provides/Obsoletes for the old package name since it was never in Fedora * Wed Sep 23 2009 Mattias Ellert - 1.3.3.2-1 - Update to version 1.3.3.2 - Drop the patch - all issues fixed upstream - Change License tag to Apache 2.0 * Fri Aug 14 2009 Mattias Ellert - 1.3.3.1-1 - Update to version 1.3.3.1 * Tue Jun 30 2009 Anders Wäänänen - 1.3.2.2-4 - Fix docdir handling * Wed Jan 14 2009 Mattias Ellert - 1.3.2.2-3 - Rebuild against distribution Globus * Wed Nov 19 2008 Anders Wäänänen - 1.3.2.2-2 - Update patch to use $(CPP) instead of ld (2 places) * Sun Oct 26 2008 Mattias Ellert - 1.3.2.2-1 - Update to version 1.3.2.2 * Fri Jan 11 2008 Mattias Ellert - 1.2.1.2-1 - Update to version 1.2.1.2 * Tue Jul 24 2007 Mattias Ellert - 1.1.17.2-2 - Rebuild against newer globus and voms * Wed May 9 2007 Mattias Ellert - 1.1.17.2-1 - Initial build CGSI-gSOAP-1.3.5/rpm/Makefile0000664001227000117040000000414611526434254014766 0ustar ellertellert# # Copyright (c) Members of the EGEE Collaboration. 2006-2010. # See http://public.eu-egee.org/partners/ for details on # the copyright holders. # For license conditions see the license file or # http://www.apache.org/licenses/LICENSE-2.0 # # Authors: # Jean-Philippe Baud # default: all ifndef VERSION include ../VERSION endif ifndef RELEASE_SUFFIX RELEASE_SUFFIX=.$(shell ../get-platform-os) endif REQUIRES.GLOBUS =$(shell if (echo "$(EXTRA_CONFIGURE_OPTIONS)" | egrep -e "--with-emi" > /dev/null 2>&1); then echo "globus-gss-assist" ; else echo "vdt_globus_essentials"; fi;) REQUIRES.VOMS =$(shell if (echo "$(EXTRA_CONFIGURE_OPTIONS)" | egrep -e "--with-emi" > /dev/null 2>&1); then echo "voms" ; else echo "glite-security-voms-api-cpp"; fi;) VPACKAGE=CGSI_gSOAP_2.7-$(VERSION) VPACKAGE_TAR=$(VPACKAGE).tar.gz BUILD_CGSI=build-rpm/BUILD/$(VPACKAGE) all: rpm mkdir -p ../RPMS cp build-*/RPMS/*/*.rpm ../RPMS/ cp build-*/SRPMS/*.rpm ../RPMS/ install: $(BUILD_CGSI) if [ ! -d "$(prefix)" ]; then mkdir -p "$(prefix)"; fi cd $(BUILD_CGSI); $(MAKE) PREFIX=$(prefix) install install.man rpm: build-rpm cd build-rpm; rpmbuild --define "_topdir $(PWD)/build-rpm" -ba SPECS/cgsi-gsoap.spec build-rpm: $(VPACKAGE_TAR) mkdir -p build-rpm mkdir -p build-rpm/BUILD mkdir -p build-rpm/RPMS mkdir -p build-rpm/SRPMS mkdir -p build-rpm/SOURCES mkdir -p build-rpm/SPECS cp $(VPACKAGE_TAR) build-rpm/SOURCES/ sed -e 's/@VERSION@/$(VERSION)/g;' \ -e 's/@RELEASE@/$(RELEASE)/g; ' \ -e 's/@RELEASE.SUFFIX@/$(RELEASE_SUFFIX)/g;' \ -e 's/@REQUIRES.GLOBUS@/$(REQUIRES.GLOBUS)/g;' \ -e 's/@REQUIRES.VOMS@/$(REQUIRES.VOMS)/g;' \ cgsi-gsoap.spec >build-rpm/SPECS/cgsi-gsoap.spec cat ../RELEASE-NOTES >>build-rpm/SPECS/cgsi-gsoap.spec $(VPACKAGE_TAR): cd ..; \ rm -rf $(VPACKAGE); \ mkdir -p $(VPACKAGE); \ cp -ur configure RELEASE-NOTES VERSION src $(VPACKAGE)/; \ find $(VPACKAGE)/ -name .svn -print0 | xargs -r -0 rm -rf; \ tar -czf $(VPACKAGE_TAR) $(VPACKAGE); \ rm -rf $(VPACKAGE) mv ../$(VPACKAGE_TAR) . clean: rm -rf $(VPACKAGE_TAR) build-rpm distclean: rm -rf ../RPMS CGSI-gSOAP-1.3.5/rpm/cgsi-gsoap.spec0000664001227000117040000000441611535377416016244 0ustar ellertellertSummary: GSI plugin for gSOAP Name: CGSI_gSOAP_2.7 Version: @VERSION@ Release: @RELEASE@@RELEASE_SUFFIX@ Source0: CGSI_gSOAP_2.7-%{version}.tar.gz Group: grid/lcg BuildRoot: %{_builddir}/%{name}-%{version}-root License: Apache-2.0 Prefix: /usr Requires: @REQUIRES.GLOBUS@ %define __spec_install_post %{nil} %define debug_package %{nil} %define _unpackaged_files_terminate_build %{nil} %description CGSI allows writing gSOAP clients with GSI authentication. This package contains the shared libraries for the client side. %package -n CGSI_gSOAP_2.7-devel Summary: GSI plugin for gSOAP -- development files Group: grid/lcg Requires: @REQUIRES.VOMS@ AutoReqProv: yes Obsoletes: CGSI_gSOAP_2.7-dev %description -n CGSI_gSOAP_2.7-devel CGSI allows writing gSOAP clients with GSI authentication. This package contains the header and static library for development. %package -n CGSI_gSOAP_2.7-voms Summary: GSI plugin for gSOAP -- VOMSified libraries Group: grid/lcg Requires: @REQUIRES.VOMS@ AutoReqProv: yes %description -n CGSI_gSOAP_2.7-voms CGSI allows writing gSOAP clients with GSI authentication. This package contains the VOMS enabled shared libraries for the servers side. %prep %setup -q %build ./configure ${EXTRA_CONFIGURE_OPTIONS} make %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT mkdir -p ${RPM_BUILD_ROOT}%{prefix}/%{_lib} make prefix=${RPM_BUILD_ROOT}%{prefix} install make prefix=${RPM_BUILD_ROOT}%{prefix} install.man %clean rm -rf ${RPM_BUILD_ROOT} %files %defattr(-,root,root) %{prefix}/%{_lib}/libcgsi_plugin_gsoap_2.7*.so %{prefix}/%{_lib}/libcgsi_plugin_gsoap_2.7*.so.* %files -n CGSI_gSOAP_2.7-devel %defattr(644,root,root) %{prefix}/include/cgsi_plugin.h %{prefix}/%{_lib}/libcgsi_plugin*.a %doc %{prefix}/share/doc %{prefix}/share/man/man3/cgsi_plugin.h.3 %files -n CGSI_gSOAP_2.7-voms %defattr(-,root,root) %{prefix}/%{_lib}/libcgsi_plugin_voms_gsoap_2.7*.so %{prefix}/%{_lib}/libcgsi_plugin_voms_gsoap_2.7*.so.* %post -n CGSI_gSOAP_2.7 if [ `uname -m` != x86_64 -o \( `uname -m` = x86_64 -a "%{_lib}" = lib64 \) ]; then if [ `grep -c ^%{prefix}/%{_lib} /etc/ld.so.conf` = 0 ]; then echo "%{prefix}/%{_lib}" >> /etc/ld.so.conf fi fi [ -x "/sbin/ldconfig" ] && /sbin/ldconfig %postun -n CGSI_gSOAP_2.7 [ -x "/sbin/ldconfig" ] && /sbin/ldconfig %changelog CGSI-gSOAP-1.3.5/.cvsignore0000664001227000117040000000001110425105214014477 0ustar ellertellert.project CGSI-gSOAP-1.3.5/configure0000775001227000117040000001030711522270407014425 0ustar ellertellert#!/bin/bash # # Copyright (c) Members of the EGEE Collaboration. 2006-2010. # See http://public.eu-egee.org/partners/ for details on # the copyright holders. # For license conditions see the license file or # http://www.apache.org/licenses/LICENSE-2.0 # # Authors: # Akos Frohner # Jean-Philippe Baud # basedir=`dirname $0` USAGE="configure --with-version=... --with-release=... --with-globus-prefix=... --with-globus-thr-flavor=... --with-globus-nothr-flavor=... --with-gsoap-location=... --with-gsoap-version=... --with-voms-location=... --with-cpp-libs --with-libdir=... --with-emi" echo "$@" >${basedir}/config.status # some sensible defaults in RedHat style if [ $(uname -m) = 'x86_64' ]; then GLOBUS_FLAVOUR=gcc64dbg GLOBUS_FLAVOUR_PTHR=gcc64dbgpthr LIBDIR=lib64 else GLOBUS_FLAVOUR=gcc32dbg GLOBUS_FLAVOUR_PTHR=gcc32dbgpthr LIBDIR=lib fi GSOAP_VERSION=2.7.6b source ${basedir}/VERSION while test $# -ne 0; do case "$1" in -h|--help) echo $USAGE exit ;; --with-version*) if [ '--with-version' = "$1" ]; then VERSION="$1" shift else VERSION=`echo $1 | cut -d= -f 2` fi shift ;; --with-release*) if [ '--with-release' = "$1" ]; then RELEASE="$1" shift else RELEASE=`echo $1 | cut -d= -f 2` fi shift ;; --with-globus-prefix*) if [ '--with-globus-prefix' = "$1" ]; then GLOBUS_LOCATION="$1" shift else GLOBUS_LOCATION=`echo $1 | cut -d= -f 2` fi shift ;; --with-globus-thr-flavor*) if [ '--with-globus-thr-flavor' = "$1" ]; then GLOBUS_FLAVOUR_PTHR="$1" shift else GLOBUS_FLAVOUR_PTHR=`echo $1 | cut -d= -f 2` fi shift ;; --with-globus-nothr-flavor*) if [ '--with-globus-nothr-flavor' = "$1" ]; then GLOBUS_FLAVOUR="$1" shift else GLOBUS_FLAVOUR=`echo $1 | cut -d= -f 2` fi shift ;; --with-gsoap-location*) if [ '--with-gsoap-location' = "$1" ]; then GSOAP_LOCATION="$1" shift else GSOAP_LOCATION=`echo $1 | cut -d= -f 2` fi shift ;; --with-gsoap-version*) if [ '--with-gsoap-version' = "$1" ]; then GSOAP_VERSION="$1" shift else GSOAP_VERSION=`echo $1 | cut -d= -f 2` fi shift ;; --with-voms-location*) if [ '--with-voms-location' = "$1" ]; then VOMS_LOCATION="$1" shift else VOMS_LOCATION=`echo $1 | cut -d= -f 2` fi shift ;; --with-cpp-libs) shift WITH_CPP_LIBS='yes' ;; --with-libdir*) if [ '--with-libdir' = "$1" ]; then LIBDIR="$1" shift else LIBDIR=`echo $1 | cut -d= -f 2` fi shift ;; --with-emi) shift WITH_EMI='yes' ;; --*) echo "Unknown option '$1'" shift break ;; *) echo "Unknown parameter '$1'" exit 2 ;; esac done GSOAP_MAJOR_MINOR_VERSION=$(echo ${GSOAP_VERSION} | cut -d . -f1,2) cat >Makefile <] contains component information ; The section [Parent] contains the parent pair (type, name) information [Component-org.glite.security.cgsi-gsoap-2.7.10] displayName = org.glite.security.cgsi-gsoap-2.7.10 description = gSOAP 2.7.10 plugin and gss libraries repository = http://eticssoft.web.cern.ch/eticssoft/repository/ packageName = CGSI_gSOAP_2.7.10 vcsroot = :pserver:anonymous@glite.cvs.cern.ch:/cvs/glite licenceType = Apache2 download = None vendor = EGEE homepage = http://www.glite.org [Parent] Subsystem = org.glite.data CGSI-gSOAP-1.3.5/project/e-m_org.glite.security.cgsi-gsoap-2.7.ini0000664001227000117040000000122411245230377023524 0ustar ellertellert; ; INI Template file for the object "Component" called "org.glite.security.cgsi-gsoap-2.7" ; ; The section [Component-] contains component information ; The section [Parent] contains the parent pair (type, name) information [Component-org.glite.security.cgsi-gsoap-2.7] displayName = org.glite.security.cgsi-gsoap-2.7 description = gSOAP 2.7 plugin and gss libraries repository = http://eticssoft.web.cern.ch/eticssoft/repository/ packageName = CGSI_gSOAP_2.7 vcsroot = :pserver:anonymous@glite.cvs.cern.ch:/cvs/glite licenceType = Apache2 download = None vendor = EGEE homepage = http://www.glite.org [Parent] Subsystem = org.glite.data CGSI-gSOAP-1.3.5/test/0000775001227000117040000000000011757445543013513 5ustar ellertellertCGSI-gSOAP-1.3.5/test/cgsi-tracefile-with-ascii0000775001227000117040000000040510675040070020340 0ustar ellertellert#!/usr/bin/perl -pw if (/^(?:[[:xdigit:]]{2} ){1,16}$/) { my $ascii = ' '; foreach $digits (split(/\s+/)) { $hd = hex($digits); $ascii .= ((31 < $hd and $hd < 127) ? chr($hd) : '.'); } $ascii = ' ' x ((17 - length($ascii))*3) . $ascii; s/$/$ascii/; } CGSI-gSOAP-1.3.5/test/cgsi-gsoap-server.c0000664001227000117040000001507211357033471017211 0ustar ellertellert/* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Authors: * Akos Frohner * * Simple test server for CGSI-gSOAP. */ #include #include #include #include "cgsi_plugin.h" #include "cgsi_gsoap_testH.h" #include "cgsi_gsoap_test.nsmap" int cgsi_USCOREgsoap_USCOREtest__getAttributes(struct soap *psoap, struct cgsi_USCOREgsoap_USCOREtest__getAttributesResponse *response) { char **roles; char *attributes; int nbfqans, i; int length = 1000; if (retrieve_voms_credentials(psoap)) { return SOAP_SVR_FAULT; } roles = get_client_roles(psoap, &nbfqans); if (roles != NULL) { length += nbfqans; for (i = 0; i < nbfqans; i++) { length += strlen(roles[i]); } } attributes = malloc(length); get_client_dn(psoap, attributes, length); if (roles != NULL) { strncat(attributes, "\nFQANs:\n", length); for (i = 0; i < nbfqans; i++) { strncat(attributes, roles[i], length); strncat(attributes, "\n", length); } } fprintf(stdout, "INFO: Client with the following attributes:\n%s", attributes); if (has_delegated_credentials(psoap)) { fprintf(stdout, "INFO: Server has a credential delegated from the client\n"); strncat(attributes, "Server has a credential delegated from the client\n", length - strlen(attributes) - 1); } fprintf(stdout,"\n"); fflush(stdout); attributes[length-1] = '\0'; response->getAttributesReturn = soap_strdup(psoap, attributes); free(attributes); return SOAP_OK; } void parse_options(int argc, char **argv, int *flags, int *port, int *to_serve) { *flags = CGSI_OPT_SERVER | CGSI_OPT_DISABLE_MAPPING; *port = 8111; *to_serve = 1; int c; while ((c = getopt(argc, argv, "p:r:sgol")) != -1) switch (c) { case 'h': printf("Usage: %s -p PORT (-s|-g) -o -l\n", argv[0]); fflush(stdout); exit (EXIT_SUCCESS); break; case 'p': *port = atoi(optarg); fprintf(stdout, "INFO: port number = %d\n", *port); fflush(stdout); break; case 'r': *to_serve = atoi(optarg); fprintf(stdout, "INFO: requests to be served = %d\n", *to_serve); fflush(stdout); break; case 's': *flags |= CGSI_OPT_SSL_COMPATIBLE; fprintf(stdout, "INFO: SSL compatible mode\n"); fflush(stdout); break; case 'g': *flags |= CGSI_OPT_DELEG_FLAG; fprintf(stdout, "INFO: enabled HTTPG delegation\n"); fflush(stdout); break; case 'o': *flags |= CGSI_OPT_DISABLE_VOMS_CHECK; fprintf(stdout, "INFO: disabled VOMS parsing during authentication\n"); fflush(stdout); break; case 'l': *flags |= CGSI_OPT_ALLOW_ONLY_SELF; fprintf(stdout, "INFO: will only allow clients that share the server's identity to connect\n"); fflush(stdout); break; case ':': fprintf(stderr, "ERROR: Option argument is missing\n"); fflush(stderr); exit(EXIT_FAILURE); case '?': fprintf(stderr, "ERROR: Unknown command line option\n"); fflush(stderr); exit(EXIT_FAILURE); default: fprintf(stderr, "ERROR: Illegal command line arguments:%s\n", optarg); fflush(stderr); exit(EXIT_FAILURE); } if ((*flags & CGSI_OPT_DELEG_FLAG) && (*flags & CGSI_OPT_SSL_COMPATIBLE)) { fprintf(stdout, "WARNING: it is not useful to set both delegation and ssl compatible flags\n"); fflush(stdout); } } int main(int argc, char **argv) { int s; // slave socket struct soap *psoap; int flags, i; int port = 8111; int to_serve = 1; parse_options(argc, argv, &flags, &port, &to_serve); fprintf(stdout, "INFO: CGSI-gSOAP test server is going to serve %d requests.\n", to_serve); fflush(stdout); psoap = soap_new(); if (psoap == NULL) { fprintf(stdout, "ERROR: Failed to create a SOAP instance\n"); exit(EXIT_FAILURE); } if (soap_cgsi_init(psoap, flags)) { fprintf(stdout, "ERROR: Failed to initialize the SOAP layer\n"); exit(EXIT_FAILURE); } if (soap_set_namespaces(psoap, namespaces)) { fprintf(stdout, "ERROR: Failed to set namespaces\n"); soap_print_fault(psoap, stdout); exit(EXIT_FAILURE); } // making these short for tests psoap->max_keep_alive = 5; psoap->accept_timeout = 60; psoap->recv_timeout = 5; psoap->send_timeout = 5; if( soap_bind(psoap, NULL, port, 100) < 0 ) { fprintf(stdout, "ERROR: soap_bind has failed.\n"); soap_print_fault(psoap, stdout); soap_destroy(psoap); exit(EXIT_FAILURE); } /* main loop */ for (i = 0; i < to_serve; i++) { s = soap_accept(psoap); if (s < 0) { soap_print_fault(psoap, stdout); break; } fprintf(stdout, "\nINFO: ==================================================\n"); fprintf(stdout, "INFO: %d: accepted connection from IP=%d.%d.%d.%d socket=%d\n", i, (int)((psoap->ip >> 24) & 0xFF), (int)((psoap->ip >> 16) & 0xFF), (int)((psoap->ip >> 8) & 0xFF), (int)(psoap->ip & 0xFF), s); if (soap_serve(psoap) != SOAP_OK) // process RPC request soap_print_fault(psoap, stdout); // print error fprintf(stdout, "INFO: request served\n"); fflush(stdout); soap_destroy(psoap); // clean up class instances soap_end(psoap); // clean up everything and close socket } soap_closesock(psoap); soap_done(psoap); fprintf(stdout, "server is properly shut down\n"); return EXIT_SUCCESS; } CGSI-gSOAP-1.3.5/test/libtool0000775001227000117040000000324111245230377015072 0ustar ellertellert#!/usr/bin/perl -w # # poor man's libtool # # (c) 2006-2009. FROHNER Ákos # # License: http://www.apache.org/licenses/LICENSE-2.0 # use strict; use FileHandle; use File::Basename; my $verbose = 0; my @dependencies = @ARGV; my %seen_dependency = (); my @LDADD = (); while ($#dependencies >= 0) { my $dep = pop(@dependencies); # check, if we have seen this before next if $seen_dependency{$dep}; $seen_dependency{$dep} = 1; print "INFO: dependency: $dep \n" if $verbose; if ( $dep =~ /.*\.la/ and -f $dep) { print "INFO: processing '$dep' file\n" if $verbose; # adding the base library to the dependencies my ($name, $path, $suffix) = fileparse($dep, ('.la')); push(@dependencies, '-L' . $path); $name =~ s/^lib//; push(@dependencies, '-l' . $name); my $fla = new FileHandle("$dep",'r') or die "Could not open '$dep' for reading!\n"; while(<$fla>) { next unless /^dependency_libs\s*=/; my ($libs) = (/^dependency_libs\s*=\s*'([^']*)'/); print "INFO: new dependencies: $libs\n" if $verbose; push(@dependencies, split(/\s+/, $libs)); } $fla->close(); } elsif ( $dep =~ /^-L/ ) { print "INFO: checking if the '$dep' directory exists\n" if $verbose; if ( -d substr($dep, 2)) { push(@LDADD, $dep); } elsif ($verbose) { warn "WARN: '$dep' does not refer to a real directory!\n"; } } else { print "INFO: adding '$dep' to LDADD\n" if $verbose; push(@LDADD, $dep); } } print join(' ', @LDADD), "\n"; CGSI-gSOAP-1.3.5/test/shunit0000775001227000117040000002300611245230377014741 0ustar ellertellert#!/bin/bash # # Copyright (c) Members of the EGEE Collaboration. 2004-2009. # See http://public.eu-egee.org/partners/ for details on # the copyright holders. # For license conditions see the license file or # http://www.apache.org/licenses/LICENSE-2.0 # # Authors: # Akos Frohner # # Unit test framework for test written in shell. # # Environment variables: # TEST_MODULE the name of the module/component, # for example 'org.glite.data.hydra-cli' # # TEST_REQUIRES the name of the binaries to be used, # for example 'grep glite-eds-encrypt' # # TEST_VERBOSE set to 'yes' to print many messages # # TEST_FAILONERROR set to 'exit' to stop exit in case of error # # TEST_XML_REPORT set to 'yes' to produce an XML report # See shunit.dtd for the XML schema. # # Usage: # # test_success 'expected text in output' program with parameters # # test_success redirects both stdout and stderr into a temporary # file and egreps for the specified text. The exit code of # the command is also analysed. # The test is successful, if the return code is 0 and the # expected text was found in the output. # # test_failure 'expected text in output' program with parameters # # test_failure works like test_success, just the return # code has to be something else than 0 to declare the # test successful. # # test_success_diff 'expected text in output' program with parameters # # test_success_diff works like test_success, however it # compares the expected result to the output using 'diff', # so they shall match exactly to declare the test successful. # # test_summary # # Prints the number of successful and erroneous tests and # exits with the number of errors found as exit code. # # Assumptions: # # Test certificates has been already generated and staged by the # org.glite.security.test-utils module. # # There is a 'services.xml' file in the current directory: # # # # # https://localhost:8443/glite-data-hydra-service/services/Hydra # org.glite.Metadata # 1.0.0 # org.example.single # # # if [ -z "$TEST_MODULE" ]; then echo "Error: this is a framework, which shall be used by real tests!" >&2 exit -1 fi # should it print intermediate results TEST_VERBOSE=${TEST_VERBOSE:-'no'} # special case for autoconf based modules if [ $(cd .. && basename $PWD) = "$TEST_MODULE" -a -d '../build' ]; then dot_paths=$(find $(dirname $0)/../build -name .libs -printf '%p:') export PATH=${dot_paths}$PATH export LD_LIBRARY_PATH=${dot_paths}$LD_LIBRARY_PATH fi # using the stage area as GLITE_LOCATION if [ -z "$GLITE_LOCATION" ]; then for ws in . .. ../.. ../../.. ../../../..; do if [ -d "$ws/stage" ]; then export GLITE_LOCATION=$(cd $ws/stage; echo $PWD) break fi done if [ -z "$GLITE_LOCATION" ]; then echo "Error: could not find the 'stage' directory!" >&2 exit -1 fi fi export PATH=$PATH:$GLITE_LOCATION/bin export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GLITE_LOCATION/lib if [ 'yes' = "$TEST_VERBOSE" ]; then echo "#Info: the test is using the following pathes:" echo " export PATH=$PATH" echo " export LD_LIBRARY_PATH=$LD_LIBRARY_PATH" fi tempbase=$PWD/$(basename $0)-$$ trap "rm -rf $tempbase.*" EXIT # change it to 'exit' to fail the test TEST_FAILONERROR=${TEST_FAILONERROR:-return} # test counts TEST_ALL=0 TEST_BAD=0 TEST_GOOD=0 if [ -n "$TEST_XML_REPORT" ]; then TEST_XML_OUTPUT=$tempbase.xml cat >$TEST_XML_OUTPUT < ]> EOF fi function test_report_good { TEST_GOOD=$(($TEST_GOOD + 1)) echo "OK" if [ -n "$TEST_XML_REPORT" ]; then ret=$1 shift echo "" >>$TEST_XML_OUTPUT echo " " >>$TEST_XML_OUTPUT echo -n " >$TEST_XML_OUTPUT cat $tempbase.result >>$TEST_XML_OUTPUT echo "]]>" >>$TEST_XML_OUTPUT echo -n " >$TEST_XML_OUTPUT cat $tempbase.stdout >>$TEST_XML_OUTPUT echo "]]>" >>$TEST_XML_OUTPUT echo "" >>$TEST_XML_OUTPUT fi } function test_report_bad { TEST_BAD=$(($TEST_BAD + 1)) echo "NOT OK" if [ -n "$TEST_XML_REPORT" ]; then ret=$1 shift echo "" >>$TEST_XML_OUTPUT echo " " >>$TEST_XML_OUTPUT echo -n " >$TEST_XML_OUTPUT cat $tempbase.result >>$TEST_XML_OUTPUT echo "]]>" >>$TEST_XML_OUTPUT echo -n " >$TEST_XML_OUTPUT cat $tempbase.stdout >>$TEST_XML_OUTPUT echo "]]>" >>$TEST_XML_OUTPUT echo "" >>$TEST_XML_OUTPUT fi } function test_success { result="$1" echo "$1" >$tempbase.result shift TEST_ALL=$(($TEST_ALL + 1)) echo "" echo "Command: $@" echo "Expected result: $result" "$@" >$tempbase.stdout 2>&1 ret=$? [ 'yes' = "$TEST_VERBOSE" ] && sed -e 's/^/Output: /' $tempbase.stdout # expected to succeed if [ $ret -ne 0 ]; then test_report_bad $ret "$@" $TEST_FAILONERROR 1 fi egrep -q "$result" $tempbase.stdout if [ $? -ne 0 ]; then test_report_bad $ret "$@" $TEST_FAILONERROR 2 fi test_report_good $ret "$@" return 0 } function test_success_diff { echo "$1" >$tempbase.result shift TEST_ALL=$(($TEST_ALL + 1)) echo "" echo "Command: $@" [ 'yes' = "$TEST_VERBOSE" ] && sed -e 's/^/Expected: /' $tempbase.result "$@" >$tempbase.stdout 2>&1 ret=$? [ 'yes' = "$TEST_VERBOSE" ] && sed -e 's/^/Output: /' $tempbase.stdout # expected to succeed if [ $ret -ne 0 ]; then test_report_bad $ret "$@" $TEST_FAILONERROR 1 fi diff $tempbase.result $tempbase.stdout >$tempbase.diff ret=$? [ 'yes' = "$TEST_VERBOSE" -o $ret -ne 0 ] && sed -e 's/^/DiffOutput: /' $tempbase.diff if [ $ret -ne 0 ]; then test_report_bad $ret "$@" $TEST_FAILONERROR 2 fi test_report_good $ret "$@" return 0 } function test_failure { result="$1" echo "$1" >$tempbase.result shift TEST_ALL=$(($TEST_ALL + 1)) echo "" echo "Command: $@" echo "Expected result: $result" "$@" >$tempbase.stdout 2>&1 ret=$? [ 'yes' = "$TEST_VERBOSE" ] && sed -e 's/^/Output: /' $tempbase.stdout # it is expected to fail if [ $ret -eq 0 ]; then test_report_bad $ret "$@" $TEST_FAILONERROR 1 fi egrep -q "$result" $tempbase.stdout if [ $? -ne 0 ]; then test_report_bad $ret "$@" $TEST_FAILONERROR 2 fi test_report_good $ret "$@" return 0 } function test_summary { echo "" echo "There were $TEST_ALL test for '$TEST_MODULE': Success: $TEST_GOOD, Errors: $TEST_BAD" echo $(($TEST_GOOD * 100 / $TEST_ALL))"% success rate" if [ -n "$TEST_XML_REPORT" ]; then echo "" >>$TEST_XML_OUTPUT echo "" >>$TEST_XML_OUTPUT mv $TEST_XML_OUTPUT $(date +%Y%m%dT%H%M%S)-$(basename $0 .sh).xml fi exit $TEST_BAD } # check for required binaries for prog in $TEST_REQUIRES egrep do if [ ! -x "$(which $prog)" ]; then echo "Error: '$prog' not found!" >&2 exit -1 fi done TEST_CERT_DIR=$GLITE_LOCATION/share/test/certificates if [ ! -d "$TEST_CERT_DIR" ]; then echo "Error: '$TEST_CERT_DIR' was not found!" >&2 exit -1 fi export X509_CERT_DIR=$TEST_CERT_DIR/grid-security/certificates export X509_VOMS_DIR=$TEST_CERT_DIR/grid-security/vomsdir export X509_USER_PROXY=$TEST_CERT_DIR/home/voms-acme.pem if [ 'yes' = "$TEST_VERBOSE" ]; then echo "#Info: the test is using the following credentials:" echo " export X509_USER_PROXY=$X509_USER_PROXY" echo " export X509_CERT_DIR=$X509_CERT_DIR" echo " export X509_VOMS_DIR=$X509_VOMS_DIR" echo "" fi export GLITE_SD_VO='org.example.single' export GLITE_SD_PLUGIN='file' export GLITE_SD_SERVICES_XML=$(dirname $0)/services.xml if [ 'yes' = "$TEST_VERBOSE" ]; then echo "#Info: the test is using the following service-discovery settings:" echo " export GLITE_SD_VO='org.example.single'" echo " export GLITE_SD_PLUGIN='file'" echo " export GLITE_SD_SERVICES_XML=$(dirname $0)/services.xml" fi if [ -n "$TEST_XML_REPORT" ]; then echo -n ">$TEST_XML_OUTPUT env | sort >>$TEST_XML_OUTPUT echo "]]>" >>$TEST_XML_OUTPUT fi CGSI-gSOAP-1.3.5/test/typemap.dat0000664001227000117040000000007110474611714015650 0ustar ellertellertcgsi_gsoap_test=http://glite.org/namespaces/cgsi-gsoap-1 CGSI-gSOAP-1.3.5/test/cgsi-gsoap-test.wsdl0000664001227000117040000000322410475062162017404 0ustar ellertellert CGSI-gSOAP-1.3.5/test/cgsi-gsoap-client.c0000664001227000117040000000772711357033471017171 0ustar ellertellert/* * Copyright (c) Members of the EGEE Collaboration. 2004. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Authors: * Akos Frohner * * Simple test client for CGSI-gSOAP. */ #include #include #include "cgsi_plugin.h" #include "cgsi_gsoap_testH.h" #include "cgsi_gsoap_test.nsmap" const static char HTTP_PREFIX[] = "http:"; const static char HTTPS_PREFIX[] = "https:"; const static char HTTPG_PREFIX[] = "httpg:"; struct soap *test_setup(const char *endpoint, int delegate, int namecheck, int allow_only_self) { struct soap *psoap; int ret,flags; psoap = soap_new(); /* Register the CGSI plugin if secure communication is requested */ if (endpoint && !strncmp(endpoint, HTTPS_PREFIX, strlen(HTTPS_PREFIX))) { flags = CGSI_OPT_SSL_COMPATIBLE; } else if (endpoint && !strncmp(endpoint, HTTPG_PREFIX, strlen(HTTPG_PREFIX))) { flags = 0; } else { printf("ERROR: Not secure endpoint '%s'\n", endpoint); exit(EXIT_FAILURE); } if (allow_only_self) flags |= CGSI_OPT_ALLOW_ONLY_SELF; if (!namecheck) flags |= CGSI_OPT_DISABLE_NAME_CHECK; if (delegate) flags |= CGSI_OPT_DELEG_FLAG; ret = soap_cgsi_init(psoap, flags); if (ret) { printf("ERROR: Failed to initialize the SOAP layer\n"); exit(EXIT_FAILURE); } if (soap_set_namespaces(psoap, namespaces)) { printf("ERROR: Failed to set namespaces\n"); exit(EXIT_FAILURE); } // making these short for tests psoap->recv_timeout = 5; psoap->send_timeout = 5; return psoap; } char *getAttributes(struct soap *psoap, const char *endpoint) { int ret; struct cgsi_USCOREgsoap_USCOREtest__getAttributesResponse get_resp; ret = soap_call_cgsi_USCOREgsoap_USCOREtest__getAttributes(psoap, endpoint, NULL, &get_resp); if ( SOAP_OK != ret ) { printf("ERROR: gSOAP error\n"); soap_print_fault(psoap, stderr); exit(EXIT_FAILURE); } return strdup(get_resp.getAttributesReturn); } void test_destroy(struct soap *psoap) { soap_destroy(psoap); soap_end(psoap); soap_done(psoap); free(psoap); } int main(int argc, char **argv) { struct soap *psoap; char *attributes = NULL; char *endpoint = "https://localhost:8111/cgsi-gsoap-test"; int i, delegate=0, namecheck=0, allow_only_self=0; for(i=0;i # TEST_MODULE='CGSI-gSOAP' TEST_REQUIRES='cgsi-gsoap-client cgsi-gsoap-server glite-test-certs' export PATH=$PATH:. if [ -f 'shunit' ]; then source shunit elif [ -f '../../test/shunit' ]; then source ../../test/shunit else echo "ERROR: cannot find 'shunit'!" >&2 fi TEST_CERT_DIR=$PWD glite-test-certs --certdir=$TEST_CERT_DIR --some --env --wrong source $TEST_CERT_DIR/home/env_settings.sh function server_start { export X509_USER_CERT=$TEST_CERT_DIR/grid-security/hostcert.pem export X509_USER_KEY=$TEST_CERT_DIR/grid-security/hostkey.pem unset X509_USER_PROXY if [ 'yes' = "$TEST_VERBOSE" ]; then echo " export X509_USER_CERT=$X509_USER_CERT" echo " export X509_USER_KEY=$X509_USER_KEY" #export CGSI_TRACE='yes' fi cgsi-gsoap-server $@ >$tempbase.server.log 2>&1 & echo $! >$tempbase.server.pid } function server_stop { kill $(cat $tempbase.server.pid) 2>/dev/null echo "Server output:" echo "==============" cat $tempbase.server.log rm $tempbase.server.pid $tempbase.server.log } function test_old_behaviour { echo "------------------------------------------------------------" echo " testing the old behaviour with connection time VOMS parsing" echo "------------------------------------------------------------" PORT=8110 ENDPOINT="https://localhost:$PORT/cgsi-gsoap-test" server_start -r 5 -s -p $PORT unset X509_USER_CERT unset X509_USER_KEY export X509_USER_PROXY=$TEST_CERT_DIR/home/voms-acme.pem test_success /org.acme cgsi-gsoap-client $ENDPOINT export X509_USER_PROXY=$TEST_CERT_DIR/home/voms-acme-Radmin.pem test_success /org.acme/Role=Admin cgsi-gsoap-client $ENDPOINT export X509_USER_PROXY=$TEST_CERT_DIR/home/voms-acme-Gproduction.pem test_success /org.acme/production cgsi-gsoap-client $ENDPOINT export X509_USER_PROXY=$TEST_CERT_DIR/home/vomswv-acme.pem test_failure "CGSI-gSOAP: Error reading token data" cgsi-gsoap-client $ENDPOINT export X509_USER_PROXY=$TEST_CERT_DIR/home/voms-acme.pem test_success /org.acme cgsi-gsoap-client $ENDPOINT server_stop } function test_new_behaviour { echo "-----------------------------------------------------" echo " testing the new behaviour with explicit VOMS parsing" echo "-----------------------------------------------------" PORT=8111 ENDPOINT="https://localhost:$PORT/cgsi-gsoap-test" server_start -r 5 -s -p $PORT -o unset X509_USER_CERT unset X509_USER_KEY export X509_USER_PROXY=$TEST_CERT_DIR/home/voms-acme.pem test_success /org.acme cgsi-gsoap-client $ENDPOINT export X509_USER_PROXY=$TEST_CERT_DIR/home/voms-acme-Radmin.pem test_success /org.acme/Role=Admin cgsi-gsoap-client $ENDPOINT export X509_USER_PROXY=$TEST_CERT_DIR/home/voms-acme-Gproduction.pem test_success /org.acme/production cgsi-gsoap-client $ENDPOINT export X509_USER_PROXY=$TEST_CERT_DIR/home/vomswv-acme.pem test_failure "CGSI-gSOAP: Cannot find certificate of AC issuer for vo org.acme" cgsi-gsoap-client $ENDPOINT export X509_USER_PROXY=$TEST_CERT_DIR/home/voms-acme.pem test_success /org.acme cgsi-gsoap-client $ENDPOINT server_stop } function test_plain_proxy { echo "-----------------------------------------------" echo " testing the plain proxy without VOMS extension" echo "-----------------------------------------------" PORT=8112 ENDPOINT="https://localhost:$PORT/cgsi-gsoap-test" server_start -r 3 -s -p $PORT -o unset X509_USER_CERT unset X509_USER_KEY export X509_USER_PROXY=$TEST_CERT_DIR/home/voms-acme.pem test_success /org.acme cgsi-gsoap-client $ENDPOINT export X509_USER_PROXY=$TEST_CERT_DIR/home/vomswv-acme.pem test_failure "CGSI-gSOAP: Cannot find certificate of AC issuer for vo org.acme" cgsi-gsoap-client $ENDPOINT export X509_USER_PROXY=$TEST_CERT_DIR/home/user_grid_proxy.pem test_success "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=$LOGNAME" cgsi-gsoap-client $ENDPOINT server_stop } function test_delegation { echo "-----------------------------------------------" echo " testing delegation " echo "-----------------------------------------------" PORT=8113 ENDPOINT="httpg://localhost:$PORT/cgsi-gsoap-test" server_start -r 1 -p $PORT -o unset X509_USER_CERT unset X509_USER_KEY export X509_USER_PROXY=$TEST_CERT_DIR/home/voms-acme.pem test_success "Server has a credential delegated from the client" cgsi-gsoap-client -d $ENDPOINT server_stop } function test_stress { echo "---------------------------------------" echo " stress test with explicit VOMS parsing" echo "---------------------------------------" PORT=8114 ENDPOINT="https://localhost:$PORT/cgsi-gsoap-test" ITERATIONS=1000 server_start -r $ITERATIONS -s -p $PORT -o unset X509_USER_CERT unset X509_USER_KEY export X509_USER_PROXY=$TEST_CERT_DIR/home/voms-acme.pem i=0 while [ $i -lt $ITERATIONS ]; do echo "$i/$ITERATIONS" test_success /org.acme cgsi-gsoap-client $ENDPOINT i=$(( $i + 1 )) done server_stop } test_old_behaviour test_new_behaviour test_plain_proxy test_delegation #test_stress test_summary