pax_global_header00006660000000000000000000000064127645044500014521gustar00rootroot0000000000000052 comment=666e88f2077386cbdd9d05bdd3bbfce181e5e927 voms-mysql-plugin-3.1.7/000077500000000000000000000000001276450445000151545ustar00rootroot00000000000000voms-mysql-plugin-3.1.7/.cvsignore000077500000000000000000000000241276450445000171530ustar00rootroot00000000000000.project .cdtprojectvoms-mysql-plugin-3.1.7/AUTHORS000066400000000000000000000000651276450445000162250ustar00rootroot00000000000000Vincenzo Ciaschini voms-mysql-plugin-3.1.7/COPYING000066400000000000000000000000141276450445000162020ustar00rootroot00000000000000See LICENSE voms-mysql-plugin-3.1.7/ChangeLog000066400000000000000000000000001276450445000167140ustar00rootroot00000000000000voms-mysql-plugin-3.1.7/INSTALL000066400000000000000000000363321276450445000162140ustar00rootroot00000000000000Installation Instructions ************************* Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without warranty of any kind. Basic Installation ================== Briefly, the shell commands `./configure; make; make install' should configure, build, and install this package. The following more-detailed instructions are generic; see the `README' file for instructions specific to this package. Some packages provide this `INSTALL' file but do not implement all of the features documented below. The lack of an optional feature in a given package is not necessarily a bug. More recommendations for GNU packages can be found in *note Makefile Conventions: (standards)Makefile Conventions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that you can run in the future to recreate the current configuration, and a file `config.log' containing compiler output (useful mainly for debugging `configure'). It can also use an optional file (typically called `config.cache' and enabled with `--cache-file=config.cache' or simply `-C') that saves the results of its tests to speed up reconfiguring. Caching is disabled by default to prevent problems with accidental use of stale cache files. If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can be considered for the next release. If you are using the cache, and at some point `config.cache' contains results you don't want to keep, you may remove or edit it. The file `configure.ac' (or `configure.in') is used to create `configure' by a program called `autoconf'. You need `configure.ac' if you want to change it or regenerate `configure' using a newer version of `autoconf'. The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type `./configure' to configure the package for your system. Running `configure' might take a while. While running, it prints some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with the package, generally using the just-built uninstalled binaries. 4. Type `make install' to install the programs and any data files and documentation. When installing into a prefix owned by root, it is recommended that the package be configured and built as a regular user, and only the `make install' phase executed with root privileges. 5. Optionally, type `make installcheck' to repeat any self-tests, but this time using the binaries in their final installed location. This target does not install anything. Running this target as a regular user, particularly if the prior `make install' required root privileges, verifies that the installation completed correctly. 6. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is also a `make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. 7. Often, you can also type `make uninstall' to remove the installed files again. In practice, not all packages have tested that uninstallation works correctly, even though it is required by the GNU Coding Standards. 8. Some packages, particularly those that use Automake, provide `make distcheck', which can by used by developers to test that all other targets like `make install' and `make uninstall' work correctly. This target is generally not run by end users. Compilers and Options ===================== Some systems require unusual options for compilation or linking that the `configure' script does not know about. Run `./configure --help' for details on some of the pertinent environment variables. You can give `configure' initial values for configuration parameters by setting variables in the command line or in the environment. Here is an example: ./configure CC=c99 CFLAGS=-g LIBS=-lposix *Note Defining Variables::, for more details. Compiling For Multiple Architectures ==================================== You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their own directory. To do this, you can use GNU `make'. `cd' to the directory where you want the object files and executables to go and run the `configure' script. `configure' automatically checks for the source code in the directory that `configure' is in and in `..'. This is known as a "VPATH" build. With a non-GNU `make', it is safer to compile the package for one architecture at a time in the source code directory. After you have installed the package for one architecture, use `make distclean' before reconfiguring for another architecture. On MacOS X 10.5 and later systems, you can create libraries and executables that work on multiple system types--known as "fat" or "universal" binaries--by specifying multiple `-arch' options to the compiler but only a single `-arch' option to the preprocessor. Like this: ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ CPP="gcc -E" CXXCPP="g++ -E" This is not guaranteed to produce working output in all cases, you may have to build one architecture at a time and combine the results using the `lipo' tool if you have problems. Installation Names ================== By default, `make install' installs the package's commands under `/usr/local/bin', include files under `/usr/local/include', etc. You can specify an installation prefix other than `/usr/local' by giving `configure' the option `--prefix=PREFIX', where PREFIX must be an absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you pass the option `--exec-prefix=PREFIX' to `configure', the package uses PREFIX as the prefix for installing programs and libraries. Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories you can set and what kinds of files go in them. In general, the default for these options is expressed in terms of `${prefix}', so that specifying just `--prefix' will affect all of the other directory specifications that were not explicitly provided. The most portable way to affect installation locations is to pass the correct locations to `configure'; however, many packages provide one or both of the following shortcuts of passing variable assignments to the `make install' command line to change installation locations without having to reconfigure or recompile. The first method involves providing an override variable for each affected directory. For example, `make install prefix=/alternate/directory' will choose an alternate location for all directory configuration variables that were expressed in terms of `${prefix}'. Any directories that were specified during `configure', but not in terms of `${prefix}', must each be overridden at install time for the entire installation to be relocated. The approach of makefile variable overrides for each directory variable is required by the GNU Coding Standards, and ideally causes no recompilation. However, some platforms have known limitations with the semantics of shared libraries that end up requiring recompilation when using this method, particularly noticeable in packages that use GNU Libtool. The second method involves providing the `DESTDIR' variable. For example, `make install DESTDIR=/alternate/directory' will prepend `/alternate/directory' before all installation names. The approach of `DESTDIR' overrides is not required by the GNU Coding Standards, and does not work on platforms that have drive letters. On the other hand, it does better at avoiding recompilation issues, and works well even when some directory options were not specified in terms of `${prefix}' at `configure' time. Optional Features ================= If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE is something like `gnu-as' or `x' (for the X Window System). The `README' should mention any `--enable-' and `--with-' options that the package recognizes. For packages that use the X Window System, `configure' can usually find the X include and library files automatically, but if it doesn't, you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. Some packages offer the ability to configure how verbose the execution of `make' will be. For these packages, running `./configure --enable-silent-rules' sets the default to minimal output, which can be overridden with `make V=1'; while running `./configure --disable-silent-rules' sets the default to verbose, which can be overridden with `make V=0'. Particular systems ================== On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC is not installed, it is recommended to use the following options in order to use an ANSI C compiler: ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" and if that doesn't work, install pre-built binaries of GCC for HP-UX. On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot parse its `' header file. The option `-nodtk' can be used as a workaround. If GNU CC is not installed, it is therefore recommended to try ./configure CC="cc" and if that doesn't work, try ./configure CC="cc -nodtk" On Solaris, don't put `/usr/ucb' early in your `PATH'. This directory contains several dysfunctional programs; working variants of these programs are available in `/usr/bin'. So, if you need `/usr/ucb' in your `PATH', put it _after_ `/usr/bin'. On Haiku, software installed for all users goes in `/boot/common', not `/usr/local'. It is recommended to use the following options: ./configure --prefix=/boot/common Specifying the System Type ========================== There may be some features `configure' cannot figure out automatically, but needs to determine by the type of machine the package will run on. Usually, assuming the package is built to be run on the _same_ architectures, `configure' can figure that out, but if it prints a message saying it cannot guess the machine type, give it the `--build=TYPE' option. TYPE can either be a short name for the system type, such as `sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM where SYSTEM can have one of these forms: OS KERNEL-OS See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should use the option `--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will eventually be run) with `--host=TYPE'. Sharing Defaults ================ If you want to set default values for `configure' scripts to share, you can create a site shell script called `config.site' that gives default values for variables like `CC', `cache_file', and `prefix'. `configure' looks for `PREFIX/share/config.site' if it exists, then `PREFIX/etc/config.site' if it exists. Or, you can set the `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. Defining Variables ================== Variables not defined in a site shell script can be set in the environment passed to `configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set them in the `configure' command line, using `VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc causes the specified `gcc' to be used as the C compiler (unless it is overridden in the site shell script). Unfortunately, this technique does not work for `CONFIG_SHELL' due to an Autoconf bug. Until the bug is fixed you can use this workaround: CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash `configure' Invocation ====================== `configure' recognizes the following options to control how it operates. `--help' `-h' Print a summary of all of the options to `configure', and exit. `--help=short' `--help=recursive' Print a summary of the options unique to this package's `configure', and exit. The `short' variant lists options used only in the top level, while the `recursive' variant lists options also present in any nested packages. `--version' `-V' Print the version of Autoconf used to generate the `configure' script, and exit. `--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, traditionally `config.cache'. FILE defaults to `/dev/null' to disable caching. `--config-cache' `-C' Alias for `--cache-file=config.cache'. `--quiet' `--silent' `-q' Do not print messages saying which checks are being made. To suppress all normal output, redirect it to `/dev/null' (any error messages will still be shown). `--srcdir=DIR' Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. `--prefix=DIR' Use DIR as the installation prefix. *note Installation Names:: for more details, including other options available for fine-tuning the installation locations. `--no-create' `-n' Run the configure checks, but stop before creating any output files. `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. voms-mysql-plugin-3.1.7/LICENSE000066400000000000000000000261361276450445000161710ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. voms-mysql-plugin-3.1.7/Makefile.am000066400000000000000000000024141276450445000172110ustar00rootroot00000000000000SUBDIRS = config src ACLOCAL_AMFLAGS = -I m4 EXTRA_DIST = autogen.sh LICENSE rpmbuild_dir=@WORKDIR@/rpmbuild debbuild_dir=@WORKDIR@/debbuild spec=spec/voms-mysql-plugin.spec rpmdist="" stage_dir=dist distsrc: dist mv $(distdir).tar.gz $(DISTTAR)/$(distdir)_src.tar.gz distclean-local: rm -f configure aclocal.m4 $(distdir).tar.gz rm -f m4/libtool.m4 m4/ltoptions.m4 m4/ltsugar.m4 m4/ltversion.m4 m4/lt~obsolete.m4 rm -rf autom4te.cache aux src/autogen $(rpmbuild_dir) $(debbuild_dir) find . -name Makefile.in -exec rm {} \; clean-local: rm -rf $(rpmbuild_dir) $(debbuild_dir) $(distdir).tar.gz dist rpm: dist mkdir -p $(rpmbuild_dir)/BUILD $(rpmbuild_dir)/RPMS $(rpmbuild_dir)/SOURCES $(rpmbuild_dir)/SPECS $(rpmbuild_dir)/SRPMS cp $(distdir).tar.gz $(rpmbuild_dir)/SOURCES rpmbuild --nodeps -v -ba $(spec) --define "_topdir $(rpmbuild_dir)" --define "dist $(rpmdist)" stage: mkdir -p $(stage_dir) for r in $(shell find $(rpmbuild_dir)/RPMS -name '*.rpm') ; do \ echo "Istalling `basename $$r` in $(stage_dir)..."; \ pushd . ; cp $$r $(stage_dir); cd $(stage_dir); \ rpm2cpio `basename $$r` | cpio -idm; \ rm `basename $$r`; popd; \ done etics: clean rpm mkdir -p tgz RPMS cp $(distdir).tar.gz tgz cp -r $(rpmbuild_dir)/RPMS/* $(rpmbuild_dir)/SRPMS/* RPMS voms-mysql-plugin-3.1.7/NEWS000066400000000000000000000000001276450445000156410ustar00rootroot00000000000000voms-mysql-plugin-3.1.7/README000066400000000000000000000000001276450445000160220ustar00rootroot00000000000000voms-mysql-plugin-3.1.7/autogen.sh000077500000000000000000000000661276450445000171570ustar00rootroot00000000000000#! /bin/sh mkdir -p aux src/autogen autoreconf -i -f voms-mysql-plugin-3.1.7/config/000077500000000000000000000000001276450445000164215ustar00rootroot00000000000000voms-mysql-plugin-3.1.7/config/Makefile.am000066400000000000000000000002531276450445000204550ustar00rootroot00000000000000 dbconfdir = $(datadir)/voms dbconf_DATA = voms-mysql.data voms-mysql-compat.data EXTRA_DIST = voms-mysql.data voms-mysql-compat.data MAINTAINERCLEANFILES = Makefile.in voms-mysql-plugin-3.1.7/config/voms-mysql-compat.data000066400000000000000000000257571276450445000227040ustar00rootroot00000000000000######################################################################## # # Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it # Akos Frohner - Akos.Frohner@cern.ch # Karoly Lorentey - Karoly.Lorentey@cern.ch # # Copyright (c) 2002, 2003 INFN-CNAF on behalf of the EU DataGrid. # For license conditions see LICENSE file or # http://www.edg.org/license.html # # Parts of this code may be based upon or even include verbatim pieces, # originally written by other people, in which case the original header # follows. # ######################################################################## # $Revision: 1.2 $ # $State: Exp $ # $Date: 2005/06/01 13:10:16 $ # MySQL dump 8.16 # # Host: localhost Database: voms #-------------------------------------------------------- # Server version 3.23.42 # # # Current Database: voms # # # Access Control List for containers (group/role/capability) # CREATE TABLE acl ( -- ACL identifier (common id for all entries in one list) aid bigint unsigned NOT NULL, -- Administrator's identifier adminid bigint NOT NULL, -- Operation on the container operation smallint NOT NULL, -- Allow/deny flag (default deny). allow tinyint NOT NULL, -- Changelog createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, -- Keys and indices. INDEX (aid), -- not primary key! INDEX (aid, adminid, operation) ) TYPE=InnoDB; CREATE TABLE acld ( aid bigint unsigned NOT NULL, adminid bigint NOT NULL, operation bigint NOT NULL, allow tinyint NOT NULL, createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, deletedBy bigint unsigned NOT NULL, deletedSerial bigint unsigned NOT NULL, -- Keys and indices. INDEX (aid), INDEX (aid, adminid, operation) ) TYPE=InnoDB; # # List of the administrator users (to be referenced in acls) # CREATE TABLE admins ( -- Administrator's identifier adminid bigint NOT NULL, -- the DN of the administrator dn varchar(250) NOT NULL, -- Issuer certificate authority ca smallint unsigned NOT NULL, createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, -- Keys and indices. PRIMARY KEY (adminid), UNIQUE KEY admin (dn,ca) ) TYPE=InnoDB; # # Known Certificate Authorities # (generated from /etc/grid-security/certificates). # CREATE TABLE ca ( -- Internal id. cid smallint unsigned NOT NULL auto_increment, -- Distinguished name (UTF-8). ca varchar(250) NOT NULL, -- free-form description of the CA cadescr varchar(250), PRIMARY KEY (cid), UNIQUE KEY ca (ca) -- No createdBy/createdSerial, the rows in this table, because -- they should be never changed by the administrative interface. ) TYPE=InnoDB; # # Holds all groups in a VO # CREATE TABLE groups ( -- Internal entity identifier. gid bigint unsigned NOT NULL auto_increment, -- Fully Qualified Group Name dn varchar(255) NOT NULL, -- Parent group. parent bigint unsigned NOT NULL, -- Applied ACL (entries are in 'or' relation). aclid bigint unsigned NOT NULL, -- Default ACL for a group/role created under this group. defaultAclid bigint unsigned NOT NULL, -- Changelog. createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, must tinyint default null, -- Keys and indices. PRIMARY KEY (gid), KEY parentg (parent), KEY groupname (dn) ) TYPE=InnoDB; -- archive table for groups CREATE TABLE groupsd ( gid bigint unsigned NOT NULL, dn varchar(255) NOT NULL, parent bigint unsigned NOT NULL, aclid bigint unsigned NOT NULL, must tinyint, defaultAclid bigint unsigned NOT NULL, createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, deletedBy bigint unsigned NOT NULL, deletedSerial bigint unsigned NOT NULL, PRIMARY KEY (gid), KEY parentg (parent), KEY groupname (dn) ) TYPE=InnoDB; # # Link table between usr and (roles/groups/capabilities) # CREATE TABLE m ( -- user's identifier uid bigint unsigned NOT NULL REFERENCES usr(uid), -- group gid bigint unsigned NOT NULL REFERENCES groups(gid), -- role rid bigint unsigned REFERENCES roles(rid), -- capability cid bigint unsigned REFERENCES capabilities(cid), vid bigint unsigned REFERENCES validity(vid), pid bigint unsigned REFERENCES periodicity(pid), -- Changelog createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, -- Keys and indices UNIQUE m (uid,gid,rid,cid), KEY uid (uid), KEY rid (rid), KEY cid (cid), KEY container (gid,rid,cid) ) TYPE=InnoDB; -- archives for membership CREATE TABLE md ( uid bigint unsigned NOT NULL, gid bigint unsigned NOT NULL, rid bigint unsigned, cid bigint unsigned, vid bigint unsigned, pid bigint unsigned, createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, deletedBy bigint unsigned NOT NULL, deletedSerial bigint unsigned NOT NULL, UNIQUE m (uid,gid,rid,cid), KEY uid (uid), KEY rid (rid), KEY cid (cid), KEY container (gid,rid,cid) ) TYPE=InnoDB; # # Table structure for table 'validity' # CREATE TABLE validity ( vid bigint unsigned NOT NULL, begin TIMESTAMP NOT NULL, end TIMESTAMP NOT NULL, PRIMARY KEY(vid) ) TYPE=InnoDB; # # Table structure for table 'periodicity' # CREATE TABLE periodicity ( pid bigint unsigned NOT NULL, hour TINYINT NOT NULL, day TINYINT NOT NULL, wday TINYINT NOT NULL, month TINYINT NOT NULL, year TINYINT NOT NULL, hduration INTEGER NOT NULL, PRIMARY KEY(pid) ) TYPE=InnoDB; # # Support for special queries # CREATE TABLE queries ( qid bigint unsigned NOT NULL auto_increment, query varchar(255) NOT NULL, PRIMARY KEY (qid) ) TYPE=InnoDB; # # Holds all roles in a VO # CREATE TABLE roles ( -- Internal entity identifier. rid bigint unsigned NOT NULL auto_increment, -- the role name (relative to a group) role varchar(255) NOT NULL, -- Applied ACL (entries are in 'or' relation). aclid bigint NOT NULL, -- Changelog. createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, PRIMARY KEY (rid), KEY role (role) ) TYPE=InnoDB; -- archive table for roles CREATE TABLE rolesd ( rid bigint unsigned NOT NULL, role varchar(255) NOT NULL, aclid bigint NOT NULL, createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, deletedBy bigint unsigned NOT NULL, deletedSerial bigint unsigned NOT NULL, PRIMARY KEY (rid), KEY role (role) ) TYPE=InnoDB; # # Holds all capabilities in the VO. # CREATE TABLE capabilities ( -- Internal entity identifier. cid bigint unsigned NOT NULL auto_increment, -- Name of the capability (for administration) capability varchar(255) NOT NULL, -- Applied ACL (entries are in 'or' relation). aclid bigint NOT NULL, -- Changelog createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, -- Keys and indices. PRIMARY KEY (cid), KEY capability (capability) ) TYPE=InnoDB; -- archive table for capabilities CREATE TABLE capabilitiesd ( cid bigint unsigned NOT NULL, capability varchar(255) NOT NULL, aclid bigint NOT NULL, createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, deletedBy bigint unsigned NOT NULL, deletedSerial bigint unsigned NOT NULL, PRIMARY KEY (cid), KEY capability (capability) ) TYPE=InnoDB; # # Lists all users administered by the VOMS. # CREATE TABLE usr ( -- Internal entity identifier. uid bigint unsigned NOT NULL auto_increment, -- Distinguished name (UTF-8). dn varchar(250) NOT NULL, -- Issuer certificate authority. ca smallint unsigned NOT NULL, -- Common Name (UTF-8) cn varchar(250) NOT NULL, -- User's mail address (optional) mail varchar(250) default NULL, -- pointer to the user's certificate (optional) cauri varchar(250) default NULL, -- Changelog. createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, -- Keys and indices. KEY (uid), UNIQUE KEY dnca (dn,ca), KEY dn (dn) ) TYPE=InnoDB; -- The archive records for usr. CREATE TABLE usrd ( uid bigint unsigned NOT NULL, dn varchar(250) NOT NULL, ca smallint unsigned NOT NULL, cn varchar(250) NOT NULL, mail varchar(250), cauri varchar(250), createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, deletedBy bigint unsigned NOT NULL, deletedSerial bigint unsigned NOT NULL, KEY (uid), -- This is not unique! KEY dnca (dn,ca), -- This is not unique! KEY dn (dn) ) TYPE=InnoDB; # # Changelog tables. # CREATE TABLE realtime ( transaction bigint unsigned NOT NULL, time timestamp NOT NULL, PRIMARY KEY(transaction), INDEX (time) ) TYPE=InnoDB; CREATE TABLE sequences ( name varchar(32) NOT NULL, value bigint, INDEX (name) ) TYPE=InnoDB; CREATE TABLE createuser_queue ( -- Request id. reqid BIGINT NOT NULL, -- DN of user to be created. dn VARCHAR(255) NOT NULL, -- CA id of user to be created. cid SMALLINT NOT NULL, -- CN of user to be created. cn VARCHAR(255), -- CAURI of user to be created. cauri VARCHAR(255), -- Email address of user to be created. mail VARCHAR(255), -- Email address to notify when request is closed. clientemail VARCHAR(255), -- Client notification address. clientcomment VARCHAR(255), -- Comment given by the client. admincomment VARCHAR(255), -- Comment given by the admin. status BIGINT NOT NULL, PRIMARY KEY (reqid), INDEX (dn, cid) ) TYPE=InnoDB; -- Database version number. -- -- Version 0 is, where the version table doesn't exists. -- Later versions can be tested by -- -- select max(version) from version; -- CREATE TABLE version ( version INT ) TYPE = InnoDB; -- Sequence number of the issued attribute certificates in bigint format. CREATE TABLE seqnumber ( seq VARCHAR(50) NOT NULL ) TYPE = InnoDB; -- Persistent storage of serialized Java request objects. It would be -- a nightmare to define and maintain a detailed database mapping for -- request type hierarchies, state hierarchies, the chronicle, etc., -- so we cheat by storing the domain objects themselves in the -- database. We speed up database access by duplicating some of the -- request data in indexed columns. CREATE TABLE requests ( -- Request id. reqid BIGINT NOT NULL, -- True if the request has been fully processed. complete BOOL, -- The type of the request. (A fully qualified Java class name.) type VARCHAR(128), -- The requested action. (A fully qualified Java class name.) action VARCHAR(128), -- The fqdn of the container that this request wants to change. container VARCHAR(128), -- The short name of the state of the request. state VARCHAR(32), -- Id of the client sending the request. (Points to ADMINS table.) requester BIGINT, -- The time of the last state change. lastchange TIMESTAMP, -- The serialized Java Request object. request BLOB NOT NULL, PRIMARY KEY(reqid), INDEX (reqid), INDEX (state), INDEX (type), INDEX (action), INDEX (container), INDEX (requester), INDEX (lastchange) ) TYPE=InnoDB; voms-mysql-plugin-3.1.7/config/voms-mysql.data000066400000000000000000000233021276450445000214030ustar00rootroot00000000000000######################################################################## # # Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it # Akos Frohner - Akos.Frohner@cern.ch # Karoly Lorentey - Karoly.Lorentey@cern.ch # Andrea Ceccanti - Andrea.Ceccanti@cnaf.infn.it # # Copyright (c) 2002, 2003 INFN-CNAF on behalf of the EU DataGrid. # For license conditions see LICENSE file or # http://www.edg.org/license.html # # Parts of this code may be based upon or even include verbatim pieces, # originally written by other people, in which case the original header # follows. # ######################################################################## -- MySQL dump 10.9 -- -- Host: localhost Database: voms_replica -- ------------------------------------------------------ -- Server version 4.1.20 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; -- -- Table structure for table `acl2` -- DROP TABLE IF EXISTS `acl2`; CREATE TABLE `acl2` ( `acl_id` bigint(20) NOT NULL auto_increment, `group_id` bigint(20) NOT NULL default '0', `defaultACL` tinyint(1) NOT NULL default '0', `role_id` bigint(20) default NULL, PRIMARY KEY (`acl_id`), UNIQUE KEY `group_id` (`group_id`,`defaultACL`,`role_id`), KEY (`role_id`), KEY (`group_id`), CONSTRAINT FOREIGN KEY (`group_id`) REFERENCES `groups` (`gid`) ON DELETE CASCADE, CONSTRAINT FOREIGN KEY (`role_id`) REFERENCES `roles` (`rid`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `acl2_permissions` -- DROP TABLE IF EXISTS `acl2_permissions`; CREATE TABLE `acl2_permissions` ( `acl_id` bigint(20) NOT NULL default '0', `permissions` int(11) default NULL, `admin_id` bigint(20) NOT NULL default '0', PRIMARY KEY (`acl_id`,`admin_id`), KEY (`admin_id`), KEY (`acl_id`), CONSTRAINT FOREIGN KEY (`acl_id`) REFERENCES `acl2` (`acl_id`), CONSTRAINT FOREIGN KEY (`admin_id`) REFERENCES `admins` (`adminid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `admins` -- DROP TABLE IF EXISTS `admins`; CREATE TABLE `admins` ( `adminid` bigint(20) NOT NULL auto_increment, `dn` varchar(255) NOT NULL default '', `email_address` varchar(255) default NULL, `ca` smallint(6) NOT NULL default '0', PRIMARY KEY (`adminid`), UNIQUE KEY `dn` (`dn`), KEY (`ca`), CONSTRAINT FOREIGN KEY (`ca`) REFERENCES `ca` (`cid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `admins_history` -- DROP TABLE IF EXISTS `admins_history`; CREATE TABLE `admins_history` ( `admin_h_id` bigint(20) NOT NULL default '0', `adminid` bigint(20) NOT NULL default '0', `dn` varchar(255) NOT NULL default '', `ca` smallint(6) NOT NULL default '0', PRIMARY KEY (`admin_h_id`), KEY (`ca`), KEY (`admin_h_id`), CONSTRAINT FOREIGN KEY (`admin_h_id`) REFERENCES `history` (`h_id`), CONSTRAINT FOREIGN KEY (`ca`) REFERENCES `ca` (`cid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `attributes` -- DROP TABLE IF EXISTS `attributes`; CREATE TABLE `attributes` ( `a_id` bigint(20) NOT NULL auto_increment, `a_name` varchar(255) NOT NULL default '', `a_desc` text, `a_uniq` tinyint(1) default '0', PRIMARY KEY (`a_id`), UNIQUE KEY `a_name` (`a_name`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `ca` -- DROP TABLE IF EXISTS `ca`; CREATE TABLE `ca` ( `cid` smallint(6) NOT NULL auto_increment, `ca` varchar(255) NOT NULL default '', `cadescr` varchar(255) default NULL, PRIMARY KEY (`cid`), UNIQUE KEY `ca` (`ca`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `capabilities` -- DROP TABLE IF EXISTS `capabilities`; CREATE TABLE `capabilities` ( `cid` bigint(20) NOT NULL auto_increment, `capability` varchar(255) NOT NULL default '', PRIMARY KEY (`cid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `group_attrs` -- DROP TABLE IF EXISTS `group_attrs`; CREATE TABLE `group_attrs` ( `a_id` bigint(20) NOT NULL default '0', `g_id` bigint(20) NOT NULL default '0', `a_value` varchar(255) default NULL, PRIMARY KEY (`a_id`,`g_id`), KEY (`g_id`), KEY (`a_id`), CONSTRAINT FOREIGN KEY (`a_id`) REFERENCES `attributes` (`a_id`), CONSTRAINT FOREIGN KEY (`g_id`) REFERENCES `groups` (`gid`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `groups` -- DROP TABLE IF EXISTS `groups`; CREATE TABLE `groups` ( `gid` bigint(20) NOT NULL auto_increment, `dn` varchar(255) NOT NULL default '', `parent` bigint(20) default NULL, `must` tinyint(1) NOT NULL default '0', PRIMARY KEY (`gid`), UNIQUE KEY `dn` (`dn`), KEY (`parent`), CONSTRAINT FOREIGN KEY (`parent`) REFERENCES `groups` (`gid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `history` -- DROP TABLE IF EXISTS `history`; CREATE TABLE `history` ( `h_id` bigint(20) NOT NULL auto_increment, `operation` smallint(6) NOT NULL default '0', `tstamp` datetime NOT NULL default '0000-00-00 00:00:00', `who` bigint(20) NOT NULL default '0', PRIMARY KEY (`h_id`), KEY (`who`), CONSTRAINT FOREIGN KEY (`who`) REFERENCES `admins` (`adminid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `m` -- DROP TABLE IF EXISTS `m`; CREATE TABLE `m` ( `mapping_id` bigint(20) NOT NULL auto_increment, `userid` bigint(20) NOT NULL default '0', `gid` bigint(20) NOT NULL default '0', `rid` bigint(20) default NULL, `cid` bigint(20) default NULL, PRIMARY KEY (`mapping_id`), UNIQUE KEY `userid` (`userid`,`gid`,`rid`), KEY `fk_m_roles` (`rid`), KEY `fk_m_usr` (`userid`), KEY `fk_m_groups` (`gid`), KEY `fk_m_cap` (`cid`), CONSTRAINT `fk_m_cap` FOREIGN KEY (`cid`) REFERENCES `capabilities` (`cid`), CONSTRAINT `fk_m_groups` FOREIGN KEY (`gid`) REFERENCES `groups` (`gid`) ON DELETE CASCADE, CONSTRAINT `fk_m_roles` FOREIGN KEY (`rid`) REFERENCES `roles` (`rid`) ON DELETE CASCADE, CONSTRAINT `fk_m_usr` FOREIGN KEY (`userid`) REFERENCES `usr` (`userid`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `memb_req` -- DROP TABLE IF EXISTS `memb_req`; CREATE TABLE `memb_req` ( `id` bigint(20) NOT NULL auto_increment, `creation_date` datetime NOT NULL default '0000-00-00 00:00:00', `evaluation_date` datetime default NULL, `status` int(11) NOT NULL default '0', `confirm_id` varchar(255) NOT NULL default '', `dn` varchar(255) NOT NULL default '', `ca` varchar(255) NOT NULL default '', `cn` varchar(255) default NULL, `mail` varchar(255) NOT NULL default '', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `role_attrs` -- DROP TABLE IF EXISTS `role_attrs`; CREATE TABLE `role_attrs` ( `a_id` bigint(20) NOT NULL default '0', `g_id` bigint(20) NOT NULL default '0', `r_id` bigint(20) NOT NULL default '0', `a_value` varchar(255) default NULL, PRIMARY KEY (`a_id`,`g_id`,`r_id`), KEY (`g_id`), KEY (`r_id`), KEY (`a_id`), CONSTRAINT FOREIGN KEY (`a_id`) REFERENCES `attributes` (`a_id`), CONSTRAINT FOREIGN KEY (`r_id`) REFERENCES `roles` (`rid`) ON DELETE CASCADE, CONSTRAINT FOREIGN KEY (`g_id`) REFERENCES `groups` (`gid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `roles` -- DROP TABLE IF EXISTS `roles`; CREATE TABLE `roles` ( `rid` bigint(20) NOT NULL auto_increment, `role` varchar(255) NOT NULL default '', PRIMARY KEY (`rid`), UNIQUE KEY `role` (`role`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `seqnumber` -- DROP TABLE IF EXISTS `seqnumber`; CREATE TABLE `seqnumber` ( `seq` varchar(255) NOT NULL default '', PRIMARY KEY (`seq`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `usr` -- DROP TABLE IF EXISTS `usr`; CREATE TABLE `usr` ( `userid` bigint(20) NOT NULL auto_increment, `dn` varchar(255) NOT NULL default '', `ca` smallint(6) default NULL, `cn` varchar(255) default NULL, `mail` varchar(255) default NULL, `cauri` varchar(255) default NULL, PRIMARY KEY (`userid`), KEY `fk_usr_ca` (`ca`), CONSTRAINT `fk_usr_ca` FOREIGN KEY (`ca`) REFERENCES `ca` (`cid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `usr_attrs` -- DROP TABLE IF EXISTS `usr_attrs`; CREATE TABLE `usr_attrs` ( `a_id` bigint(20) NOT NULL default '0', `u_id` bigint(20) NOT NULL default '0', `a_value` varchar(255) default NULL, PRIMARY KEY (`a_id`,`u_id`), KEY (`u_id`), KEY (`a_id`), CONSTRAINT FOREIGN KEY (`a_id`) REFERENCES `attributes` (`a_id`), CONSTRAINT FOREIGN KEY (`u_id`) REFERENCES `usr` (`userid`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Table structure for table `version` -- DROP TABLE IF EXISTS `version`; CREATE TABLE `version` ( `version` int(11) NOT NULL default '0', PRIMARY KEY (`version`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; /*!40000 ALTER TABLE `version` ENABLE KEYS */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; voms-mysql-plugin-3.1.7/configure.ac000066400000000000000000000025421276450445000174450ustar00rootroot00000000000000# Process this file with autoconf to produce a configure script. AC_INIT([VOMS MySQL plugin], [3.1.7]) AC_PREREQ(2.57) AC_PREFIX_DEFAULT("/") AC_CONFIG_AUX_DIR([./aux]) AC_CONFIG_SRCDIR([src/dbwrap.h]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE AM_MAINTAINER_MODE # Notices. AC_COPYRIGHT([Copyright (c) 2004-2012 Istituto Nazionale di Fisica Nucleare See LICENCE file for details ]) #Environment. WORKDIR=`pwd` AC_SUBST(WORKDIR) # Checks for programs. AC_PROG_CC AC_PROG_CPP AC_PROG_CXX AC_PROG_CXXCPP AC_PROG_LIBTOOL # Checks for libraries. AC_CHECK_LIB([mysqlclient], [main]) # Checks for header files. AC_HEADER_STDC AC_CHECK_HEADERS([stdlib.h string.h]) # Checks for typedefs, structures, and compiler characteristics. AC_HEADER_STDBOOL AC_C_CONST AC_C_INLINE AC_TYPE_SIZE_T # Checks for library functions. AC_FUNC_ERROR_AT_LINE AC_FUNC_STAT AC_FUNC_STRTOD AC_CHECK_FUNCS([strtol strtoul strtoull]) if test "x$prefix" = xNONE; then mypref=$ac_default_prefix else mypref=$prefix fi AC_DEFINE_UNQUOTED(PROGPREFIX, "${mypref}", PROGPREFIX) PPREFIX=${mypref} AC_SUBST(PPREFIX) # MySQL dependency check have_mysql=no AC_MYSQL(have_mysql=yes, have_mysql=no) AC_MSG_RESULT(["MySQL found $have_mysql"]) AM_CONFIG_HEADER([src/autogen/config.h]) AC_CONFIG_FILES([Makefile config/Makefile src/Makefile ]) AC_OUTPUT voms-mysql-plugin-3.1.7/do-configure.sh000066400000000000000000000001301276450445000200630ustar00rootroot00000000000000#!/bin/bash set -ex CFLAGS="-g -O0" CXXFLAGS="-g -O0" ./configure --libdir=/usr/lib64 voms-mysql-plugin-3.1.7/m4/000077500000000000000000000000001276450445000154745ustar00rootroot00000000000000voms-mysql-plugin-3.1.7/m4/mysql.m4000066400000000000000000000015531276450445000171070ustar00rootroot00000000000000dnl Usage: dnl Test for mysql, and defines dnl - MYSQL_CFLAGS (compiler flags) dnl - MYSQL_LIBS (linker flags, stripping and path) dnl prerequisites: AC_DEFUN([AC_MYSQL], [ # Get MySQL library and include locations AC_MSG_CHECKING([MySQL include path]) AC_ARG_WITH(mysql-incdir, [ --with-mysql-incdir=DIR Default is /usr/include/mysql], [mysql_incdir="$withval"], [mysql_incdir="/usr/include/mysql"] ) if test -d "$mysql_incdir"; then AC_MSG_RESULT([found $mysql_incdir]) MYSQL_CFLAGS="$CPPFLAGS -I$mysql_incdir" else AC_MSG_ERROR([no such directory $mysql_incdir]) fi AC_MSG_CHECKING([MySQL library path]) AC_ARG_WITH(mysql-libdir, [ --with-mysql-libdir=DIR Default is /usr/lib], MYSQL_LIBS="-L$withval -lmysqlclient", MYSQL_LIBS="-L/usr/lib64/mysql -L/usr/lib/mysql -lmysqlclient" ) AC_SUBST(MYSQL_CFLAGS) AC_SUBST(MYSQL_LIBS) ]) voms-mysql-plugin-3.1.7/spec/000077500000000000000000000000001276450445000161065ustar00rootroot00000000000000voms-mysql-plugin-3.1.7/spec/voms-mysql-plugin.spec000066400000000000000000000045431276450445000224130ustar00rootroot00000000000000Name: voms-mysql-plugin Version: 3.1.7 Release: 1%{?dist} Summary: VOMS server plugin for MySQL Group: System Environment/Libraries License: ASL 2.0 URL: https://wiki.italiangrid.it/twiki/bin/view/VOMS Source: %{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Provides: voms-mysql = %{version}-%{release} Obsoletes: voms-mysql < %{version}-%{release} Requires: voms-server%{?_isa} BuildRequires: libtool BuildRequires: mysql-devel%{?_isa} BuildRequires: openssl%{?_isa} %description The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package offers the MySQL implementation for the VOMS server. %prep %setup -q ./autogen.sh %build %configure make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT rm $RPM_BUILD_ROOT%{_libdir}/libvomsmysql.a rm $RPM_BUILD_ROOT%{_libdir}/libvomsmysql.la %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %{_datadir}/voms/voms-mysql.data %{_datadir}/voms/voms-mysql-compat.data %{_libdir}/libvomsmysql.so %changelog * Fri Aug 26 2016 Andrea Ceccanti - 3.1.7-0 - Update to version 3.1.7 * Tue May 31 2011 Andrea Ceccanti - 3.1.6-1 - Update to version 3.1.6 * Tue May 31 2011 Mattias Ellert - 3.1.5.1-1 - Update to version 3.1.5.1 * Wed Mar 23 2011 Mattias Ellert - 3.1.3.2-3 - Rebuild for mysql 5.5.10 * Mon Feb 07 2011 Fedora Release Engineering - 3.1.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Sun Jun 6 2010 Mattias Ellert - 3.1.3.2-1 - Update to version 3.1.3.2 - Drop all patches (accepted upstream) * Thu Dec 3 2009 Mattias Ellert - 3.1.3.1-1 - Update to version 3.1.3.1 * Sat Aug 15 2009 Mattias Ellert - 3.1.1-1 - Update to version 3.1.1 * Tue Jun 30 2009 Mattias Ellert - 3.1.0-1 - First build voms-mysql-plugin-3.1.7/src/000077500000000000000000000000001276450445000157435ustar00rootroot00000000000000voms-mysql-plugin-3.1.7/src/Makefile.am000066400000000000000000000003551276450445000200020ustar00rootroot00000000000000lib_LTLIBRARIES = libvomsmysql.la libvomsmysql_la_SOURCES = mysqlwrap.cc mysqlwrap.h dbwrap.h libvomsmysql_la_LIBADD = $(MYSQL_LIBS) -lcrypto libvomsmysql_la_LDFLAGS = -module -avoid-version -no-undefined AM_CPPFLAGS = $(MYSQL_CFLAGS) voms-mysql-plugin-3.1.7/src/dbwrap.h000066400000000000000000000060061276450445000173750ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2002-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef SQLDBWRAP_H #define SQLDBWRAP_H #include extern "C" { #include } #define ERR_DBERR 1 #define ERR_NO_PARAM 2 #define ERR_NO_MEMORY 3 #define ERR_ACCOUNT_SUSPENDED 4 #define ERR_X509 5 #define ERR_USER_UNKNOWN 6 #define ERR_NO_CA 7 #define ERR_NO_IDDATA 8 #define ERR_NO_DB 9 #define ERR_NO_SESSION 10 #define ERR_USER_SUSPENDED 11 #define OPTION_SET_SOCKET 1 #define OPTION_SET_PORT 2 #define OPTION_SET_INSECURE 3 #define OPERATION_GET_ALL 0 #define OPERATION_GET_ROLE 1 #define OPERATION_GET_GROUPS 2 #define OPERATION_GET_GROUPS_AND_ROLE 3 #define OPERATION_GET_ALL_ATTRIBS 4 #define OPERATION_GET_ROLE_ATTRIBS 5 #define OPERATION_GET_GROUPS_ATTRIBS 6 #define OPERATION_GET_GROUPS_AND_ROLE_ATTRIBS 7 #define OPERATION_GET_VERSION 8 #define OPERATION_GET_USER 9 class gattrib { public: std::string name; std::string qualifier; std::string value; std::string str() const { return (qualifier.empty() ? "" : qualifier) + "::" + name + "=" + value; } }; namespace sqliface { class interface { public: virtual ~interface(void) {}; virtual int error(void) const = 0; virtual bool connect(const char * dbname, const char * hostname, const char * user, const char * password) = 0; virtual bool reconnect() = 0; virtual void close(void) = 0; virtual bool setOption(int option, void *value) = 0; virtual bool operation(int operation_type, void *result, ...) = 0; virtual interface *getSession() = 0; virtual void releaseSession(interface *) = 0; virtual bool isConnected(void) = 0; virtual char *errorMessage(void) = 0; }; }; // namespace sqliface extern "C" { sqliface::interface *CreateDB(); int getDBInterfaceVersion(); int getDBInterfaceVersionMinor(); } #endif voms-mysql-plugin-3.1.7/src/mysqlwrap.cc000066400000000000000000001053531276450445000203200ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - valerio.venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2002-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "mysqlwrap.h" #include #include #include #include #include extern "C" { #include #include } static std::string translate(const std::string& name) { std::string::size_type userid = name.find(std::string("/USERID=")); std::string::size_type uid = name.find(std::string("/UID=")); if (userid != std::string::npos) return name.substr(0, userid) + "/UID=" + name.substr(userid+8); else if (uid != std::string::npos) return name.substr(0, uid) + "/USERID=" + name.substr(uid+5); else return name; } namespace bsq { sqliface::interface *myinterface::getSession() { if (isconnected == false) reconnect(); return this; } void myinterface::releaseSession(sqliface::interface *face) { if (mysql) mysql_close(mysql); mysql = NULL; isconnected = false; } char *myinterface::errorMessage(void) { if (!error_msg_heap) return error_msg; return error_msg_heap; } bool myinterface::operation(int operation, void *result, ...) { va_list va; va_start(va, result); clearError(); int counter = 0; bool error = false; if (!result || !isConnected()) return false; unsigned long old_thread_id = mysql_thread_id(mysql); if (mysql_ping(mysql)) reconnect(); else { unsigned long new_thread_id = mysql_thread_id(mysql); if (new_thread_id != old_thread_id) { if (!registerQueries()) return false; } } std::vector *fqans = ((std::vector *)result); std::vector *attrs = ((std::vector *)result); X509 *cert = NULL; long long uid = -1; char *group = NULL; char *role = NULL; error = false; /* Parse parameters: */ switch(operation) { case OPERATION_GET_GROUPS_AND_ROLE: case OPERATION_GET_GROUPS_AND_ROLE_ATTRIBS: uid = va_arg(va, long long ); group = va_arg(va, char *); role = va_arg(va, char *); if (uid == -1 || !group || !role) error = true; break; case OPERATION_GET_ROLE: case OPERATION_GET_ROLE_ATTRIBS: uid = va_arg(va, long long); role = va_arg(va, char *); if (uid == -1 || !role) error = true; break; case OPERATION_GET_GROUPS: case OPERATION_GET_ALL: case OPERATION_GET_GROUPS_ATTRIBS: case OPERATION_GET_ALL_ATTRIBS: uid = va_arg(va, long long); if (uid == -1) error = true; break; case OPERATION_GET_VERSION: break; case OPERATION_GET_USER: cert = va_arg(va, X509 *); if (!cert) error = true; break; default: error = true; } va_end(va); if (error) { setError(ERR_NO_PARAM, "Required parameter to sqliface::operation() is missing!"); return false; } do { error = false; switch(operation) { case OPERATION_GET_VERSION: { *((int *)result) = operationGetVersion(); return true; } break; case OPERATION_GET_USER: { long long res = getUID(cert); *((long long *)result) = res; if (res == -1) return false; return true; } break; case OPERATION_GET_ALL: { if (!operationGetAll(uid, *fqans)) error = true; } break; case OPERATION_GET_GROUPS: { if (!operationGetGroups(uid, *fqans)) error= true; } break; case OPERATION_GET_ROLE: { if (!operationGetRole(uid, role, *fqans)) error = true; } break; case OPERATION_GET_GROUPS_AND_ROLE: { if (!operationGetGroupAndRole(uid, group, role, *fqans)) error = true; } break; case OPERATION_GET_ALL_ATTRIBS: { if (!operationGetAllAttribs(uid, *attrs)) error = true; } break; case OPERATION_GET_GROUPS_ATTRIBS: { if (!operationGetGroupAttribs(uid, *attrs)) error= true; } break; case OPERATION_GET_ROLE_ATTRIBS: { if (!operationGetRoleAttribs(uid, role, *attrs)) error = true; } break; case OPERATION_GET_GROUPS_AND_ROLE_ATTRIBS: { if (!operationGetGroupAndRoleAttribs(uid, group, role, *attrs)) error = true; } break; } if (!error) break; else { if (this->err == ERR_DBERR) { int mysqlerror = mysql_errno(mysql); if ((mysqlerror == CR_SERVER_LOST) && !counter) { /* try reconnecting and re-executing. */ counter++; reconnect(); continue; } } break; } } while (true); va_end(va); if (error) return false; return true; } void myinterface::clearError() { free(error_msg_heap); error_msg_heap = NULL; err = 0; } void myinterface::setError(int code = 0, const std::string &str = "") { clearError(); err = code; if ((code == ERR_DBERR) && (str.empty())) { strcpy(error_msg, mysql_error(mysql)); error_msg_heap = NULL; return; } if (!str.empty()) { if (str.size() < 4095) { strcpy(error_msg, str.c_str()); error_msg_heap = NULL; } else { error_msg_heap = strdup(str.c_str()); } } return; } myinterface::myinterface() : dbname(NULL), hostname(NULL), user(NULL), password(NULL), host(NULL), port(0), mysql(NULL), err(0), isconnected(false), error_msg_heap(NULL), stmt_get_role(NULL), stmt_get_groups(NULL), stmt_get_groups_and_role(NULL), stmt_get_all(NULL), stmt_get_cid_v1(NULL), stmt_get_uid_v1(NULL), stmt_get_uid_v1_insecure(NULL), stmt_get_user_attributes(NULL), stmt_get_group_attributes(NULL), stmt_get_role_attributes(NULL), stmt_get_group_and_role_attributes(NULL), stmt_get_group_and_role_attributes_all(NULL), stmt_get_version(NULL), stmt_get_suspension_reason(NULL), insecure(false), dbVersion(1), socket(NULL) { } myinterface::~myinterface(void) { free(error_msg_heap); close(); } void myinterface::close(void) { if (mysql) mysql_close(mysql); mysql = NULL; } bool myinterface::reconnect() { close(); return connect(dbname, hostname, user, password); } int myinterface::error(void) const { return err; } bool myinterface::connect(const char *dbname, const char *hostname, const char *user, const char *password) { this->dbname = strdup(dbname); this->hostname = strdup(hostname); this->user = strdup(user); this->password = password; if (!this->dbname || !this->hostname || !this->user || !this->password) { free(this->dbname); free(this->hostname); free(this->user); return false; } mysql = mysql_init(NULL); if (!mysql_real_connect(mysql, hostname, user, password, dbname, port, socket, 0)) { setError(ERR_NO_DB, mysql_error(mysql)); return false; } if (getVersion() == -1) { close(); mysql = NULL; return false; } bool result = registerQueries(); if (result) { isconnected = true; return true; } else { close(); mysql = NULL; return false; } } bool myinterface::setOption(int option, void *value) { switch(option) { case OPTION_SET_PORT: if (!value) return false; port = *((int *)value); break; case OPTION_SET_INSECURE: if (!value) return false; insecure = *((bool *)value); break; case OPTION_SET_SOCKET: if (!value) return false; socket = strdup((char *)value); if (!value) return false; break; default: /* Ignore unknown options. Allows new servers not to worry about what option what driver supports. */ break; } return true; } bool myinterface::executeQuery(MYSQL_STMT *stmt, MYSQL_BIND *parameters, MYSQL_BIND *results, int size) { if (parameters) if (mysql_stmt_bind_param(stmt, parameters)) { setError(ERR_DBERR, mysql_stmt_error(stmt)); return false; } if (mysql_stmt_execute(stmt) || !bindAndSetSize(stmt, results, size)) { setError(ERR_DBERR, mysql_stmt_error(stmt)); return false; } return true; } bool myinterface::operationGetRole(long long uid, char *role, std::vector &fqans) { MYSQL_BIND arguments[2]; long unsigned int size = strlen(role); arguments[0].buffer_type = MYSQL_TYPE_STRING; arguments[0].buffer = role; arguments[0].is_null = 0; arguments[0].length = &size; arguments[1].buffer_type = MYSQL_TYPE_LONGLONG; arguments[1].buffer = (char *)&uid; arguments[1].is_null = 0; arguments[1].length = 0; return getFQANs(stmt_get_role, arguments, fqans) && operationGetGroups(uid, fqans); } bool myinterface::operationGetGroups(long long uid, std::vector &fqans) { MYSQL_BIND arguments[1]; arguments[0].buffer_type = MYSQL_TYPE_LONGLONG; arguments[0].buffer = (char *)&uid; arguments[0].is_null = 0; arguments[0].length = 0; return getFQANs(stmt_get_groups, arguments, fqans); } bool myinterface::operationGetGroupAndRole(long long uid, char *group, char *role, std::vector &fqans) { MYSQL_BIND arguments[3]; unsigned long int size1 = strlen(group); unsigned long int size2 = strlen(role); memset(&(arguments[0]), 0, sizeof(MYSQL_BIND)); memset(&(arguments[1]), 0, sizeof(MYSQL_BIND)); memset(&(arguments[2]), 0, sizeof(MYSQL_BIND)); arguments[0].buffer_type = MYSQL_TYPE_STRING; arguments[0].buffer = group; arguments[0].is_null = 0; arguments[0].length = &size1; arguments[1].buffer_type = MYSQL_TYPE_STRING; arguments[1].buffer = role; arguments[1].is_null = 0; arguments[1].length = &size2; arguments[2].buffer_type = MYSQL_TYPE_LONGLONG; arguments[2].buffer = (char *)&uid; arguments[2].is_null = 0; arguments[2].length = 0; return getFQANs(stmt_get_groups_and_role, arguments, fqans) && operationGetGroups(uid, fqans); } bool myinterface::operationGetAll(long long uid, std::vector &fqans) { MYSQL_BIND parameter[1]; memset(&(parameter[0]), 0, sizeof(MYSQL_BIND)); parameter[0].buffer = (char *)&uid; parameter[0].buffer_type = MYSQL_TYPE_LONGLONG; parameter[0].is_null = 0; parameter[0].length = 0; return getFQANs(stmt_get_all, parameter, fqans); } bool myinterface::operationGetGroupAndRoleAttribs(long long uid, char *group, char *role, std::vector &attrs) { if (!group || !role) { setError(ERR_NO_PARAM, "Parameter unset."); return false; } MYSQL_BIND parameter[3]; long unsigned int sizerole = strlen(role); long unsigned int sizegroup = strlen(group); memset(&(parameter[0]), 0, sizeof(MYSQL_BIND)); memset(&(parameter[1]), 0, sizeof(MYSQL_BIND)); memset(&(parameter[2]), 0, sizeof(MYSQL_BIND)); parameter[0].buffer = (char *)&uid; parameter[0].buffer_type = MYSQL_TYPE_LONGLONG; parameter[0].is_null = 0; parameter[0].length = 0; parameter[1].buffer = role; parameter[1].buffer_type = MYSQL_TYPE_STRING; parameter[1].is_null = 0; parameter[1].length = &sizerole; parameter[2].buffer = group; parameter[2].buffer_type = MYSQL_TYPE_STRING; parameter[2].is_null = 0; parameter[2].length = &sizegroup; clearError(); return getAttributes(stmt_get_user_attributes, parameter, attrs) && getAttributes(stmt_get_group_attributes, parameter, attrs) && getAttributes(stmt_get_group_and_role_attributes, parameter, attrs); } bool myinterface::operationGetGroupAttribs(long long uid, std::vector &attrs) { MYSQL_BIND parameter[1]; memset(&(parameter[0]), 0, sizeof(MYSQL_BIND)); parameter[0].buffer = (char *)&uid; parameter[0].buffer_type = MYSQL_TYPE_LONGLONG; parameter[0].is_null = 0; parameter[0].length = 0; clearError(); return getAttributes(stmt_get_user_attributes, parameter, attrs) && getAttributes(stmt_get_group_attributes, parameter, attrs); } bool myinterface::operationGetRoleAttribs(long long uid, char *role, std::vector &attrs) { MYSQL_BIND parameter[2]; long unsigned int sizerole = strlen(role); memset(&(parameter[0]), 0, sizeof(MYSQL_BIND)); memset(&(parameter[1]), 0, sizeof(MYSQL_BIND)); parameter[0].buffer = role; parameter[0].buffer_type = MYSQL_TYPE_STRING; parameter[0].is_null = 0; parameter[0].length = &sizerole; parameter[1].buffer = (char *)&uid; parameter[1].buffer_type = MYSQL_TYPE_LONGLONG; parameter[1].is_null = 0; parameter[1].length = 0; clearError(); return getAttributes(stmt_get_user_attributes, parameter, attrs) && getAttributes(stmt_get_role_attributes, parameter, attrs); } bool myinterface::operationGetAllAttribs(long long uid, std::vector &attrs) { MYSQL_BIND parameter[1]; memset(&(parameter[0]), 0, sizeof(MYSQL_BIND)); parameter[0].buffer = (char *)&uid; parameter[0].buffer_type = MYSQL_TYPE_LONGLONG; parameter[0].is_null = 0; parameter[0].length = 0; clearError(); return getAttributes(stmt_get_user_attributes, parameter, attrs) && getAttributes(stmt_get_group_attributes, parameter, attrs) && getAttributes(stmt_get_group_and_role_attributes_all, parameter, attrs); } MYSQL_STMT *myinterface::registerQuery(const char *query) { MYSQL_STMT *stmt = NULL; if (stmt = mysql_stmt_init(mysql)) if (mysql_stmt_prepare(stmt, query, strlen(query))) { setError(ERR_DBERR, mysql_stmt_error(stmt)); mysql_stmt_close(stmt); stmt = NULL; } return stmt; } bool myinterface::registerQueries(void) { stmt_get_group_and_role_attributes_all = registerQuery( "SELECT attributes.a_name, role_attrs.a_value, groups.dn, roles.role " "FROM attributes, role_attrs, groups, roles, m " "WHERE attributes.a_id = role_attrs.a_id AND " "groups.gid = m.gid AND " "m.userid = ? AND " "m.rid = roles.rid AND " "role_attrs.g_id = m.gid AND " "role_attrs.r_id = m.rid"); stmt_get_group_and_role_attributes = registerQuery( "SELECT attributes.a_name, role_attrs.a_value, groups.dn, roles.role " "FROM attributes, role_attrs, groups, roles, m " "WHERE attributes.a_id = role_attrs.a_id AND " "groups.gid = m.gid AND " "m.userid = ? AND " "m.rid = roles.rid AND " "roles.role = ? AND " "groups.dn = ? AND " "role_attrs.g_id = m.gid AND " "role_attrs.r_id = m.rid"); stmt_get_group_attributes = registerQuery( "SELECT attributes.a_name, group_attrs.a_value, groups.dn, NULL " "FROM attributes, group_attrs, groups, m " "WHERE attributes.a_id = group_attrs.a_id AND " "groups.gid = m.gid AND " "m.userid = ? AND " "m.rid is NULL AND " "group_attrs.g_id = m.gid"); stmt_get_user_attributes = registerQuery( "SELECT attributes.a_name, usr_attrs.a_value, NULL, NULL " "FROM attributes, usr_attrs " "WHERE attributes.a_id = usr_attrs.a_id AND " "usr_attrs.u_id = ?"); stmt_get_role = registerQuery( "SELECT groups.dn, role FROM groups, m " "LEFT JOIN roles ON roles.rid = m.rid " "WHERE groups.gid = m.gid AND " "roles.role = ? AND m.userid = ?"); stmt_get_role_attributes = registerQuery( "SELECT attributes.a_name, role_attrs.a_value, groups.dn, roles.role " "FROM m " "INNER JOIN groups ON m.gid = groups.gid " "LEFT JOIN roles ON roles.rid = m.rid " "INNER JOIN role_attrs on groups.gid = role_attrs.g_id " "INNER JOIN attributes on attributes.a_id = role_attrs.a_id " "WHERE role_attrs.r_id = roles.rid AND " "roles.role = ? AND " "m.userid = ?"); stmt_get_groups = registerQuery( "SELECT groups.dn, NULL FROM groups, m " "WHERE groups.gid = m.gid AND " "m.userid = ?"); stmt_get_groups_and_role = registerQuery( "SELECT groups.dn, role FROM groups, m " "LEFT JOIN roles ON roles.rid = m.rid " "WHERE groups.gid = m.gid AND " "groups.dn = ? AND roles.role = ? AND " "m.userid = ?"); stmt_get_all = registerQuery( "SELECT groups.dn, role FROM groups, m " "LEFT JOIN roles ON roles.rid = m.rid " "WHERE groups.gid = m.gid AND " "m.userid = ?"); (dbVersion == 3 ? stmt_get_cid_v1 = registerQuery( "SELECT cid FROM ca WHERE subject_string = ?") : stmt_get_cid_v1 = registerQuery( "SELECT cid FROM ca WHERE ca.ca = ?")); (dbVersion == 3 ? stmt_get_uid_v1 = registerQuery( "SELECT usr_id FROM certificate WHERE subject_string = ? AND ca_id = ? AND NOT suspended") : stmt_get_uid_v1 = registerQuery( "SELECT userid FROM usr WHERE dn = ? AND ca = ?")); (dbVersion == 3 ? stmt_get_uid_v1_insecure = registerQuery( "SELECT usr_id FROM certificate WHERE subject_string = ? AND NOT suspended") : stmt_get_uid_v1_insecure = registerQuery( "SELECT userid FROM usr WHERE usr.dn = ?")); if (dbVersion == 3) (insecure ? stmt_get_suspension_reason = registerQuery("SELECT suspended_reason FROM certificate WHERE subject_string = ? AND suspended != 0") : stmt_get_suspension_reason = registerQuery("SELECT suspended_reason FROM certificate WHERE subject_string = ? AND ca_id = ? AND suspended != 0")); if (!stmt_get_role || !stmt_get_groups || !stmt_get_groups_and_role || !stmt_get_all || !stmt_get_cid_v1 || !stmt_get_uid_v1 || !stmt_get_uid_v1_insecure || !stmt_get_user_attributes || !stmt_get_group_attributes || !stmt_get_role_attributes || !stmt_get_group_and_role_attributes || (dbVersion == 3 && !stmt_get_suspension_reason) || !stmt_get_group_and_role_attributes_all) { if (stmt_get_suspension_reason) mysql_stmt_close(stmt_get_suspension_reason); if (stmt_get_role) mysql_stmt_close(stmt_get_role); if (stmt_get_groups) mysql_stmt_close(stmt_get_groups); if (stmt_get_groups_and_role) mysql_stmt_close(stmt_get_groups_and_role); if (stmt_get_all) mysql_stmt_close(stmt_get_all); if (stmt_get_cid_v1) mysql_stmt_close(stmt_get_cid_v1); if (stmt_get_uid_v1) mysql_stmt_close(stmt_get_uid_v1); if (stmt_get_uid_v1_insecure) mysql_stmt_close(stmt_get_uid_v1_insecure); if (stmt_get_user_attributes) mysql_stmt_close(stmt_get_user_attributes); if (stmt_get_group_attributes) mysql_stmt_close(stmt_get_group_attributes); if (stmt_get_role_attributes) mysql_stmt_close(stmt_get_role_attributes); if (stmt_get_group_and_role_attributes) mysql_stmt_close(stmt_get_group_and_role_attributes); if (stmt_get_group_and_role_attributes_all) mysql_stmt_close(stmt_get_group_and_role_attributes_all); return false; } return true; } bool myinterface::getFQANs(MYSQL_STMT *stmt, MYSQL_BIND *parameters, std::vector &fqans) { MYSQL_BIND results[2]; my_bool is_null[2]; /* Temporary binding for first binding call */ memset(results, 0, sizeof(results)); memset(&(results[0]), 0, sizeof(results[0])); memset(&(results[1]), 0, sizeof(results[1])); results[0].buffer_type = MYSQL_TYPE_STRING; results[0].buffer = 0; results[0].buffer_length = 0; results[0].length = 0; results[0].is_null = &(is_null[0]); results[1].buffer_type = MYSQL_TYPE_STRING; results[1].buffer = 0; results[1].buffer_length = 0; results[1].length = 0; results[1].is_null = &(is_null[1]); /* Execute query */ if (!executeQuery(stmt, parameters, results, 2)) { setError(ERR_DBERR, mysql_stmt_error(stmt)); return false; } /* Read data */ unsigned long numberOfRows = (unsigned long)mysql_stmt_num_rows(stmt); for (int i = 0; i < numberOfRows; i++) { mysql_stmt_fetch(stmt); mysql_stmt_fetch_column(stmt, &(results[0]),0,0); mysql_stmt_fetch_column(stmt, &(results[1]),1,0); /* Now I've got the results: */ std::string fqan = std::string((char *)(results[0].buffer), *(results[0].length)) + (is_null[1] || !(results[1].buffer) || (((results[1].length == 0) || ((char*)results[1].buffer)[0] == '\0')) ? "" : std::string("/Role=") + std::string((char *)(results[1].buffer), *(results[1].length))); fqans.push_back(fqan); } free(results[0].buffer); free(results[1].buffer); if (numberOfRows == 0) return false; else return true; } bool myinterface::bindAndSetSize(MYSQL_STMT *stmt, MYSQL_BIND *outputs, int size) { my_bool value = true; MYSQL_RES *result = NULL; MYSQL_FIELD *field = NULL; mysql_stmt_attr_set(stmt, STMT_ATTR_UPDATE_MAX_LENGTH, &value); if (mysql_stmt_bind_result(stmt, outputs) || mysql_stmt_store_result(stmt) || !(result = mysql_stmt_result_metadata(stmt))) { setError(ERR_DBERR, mysql_stmt_error(stmt)); return false; } for (int i = 0; i < size; i++) { field = mysql_fetch_field(result); if (field->type == MYSQL_TYPE_BLOB || field->type == MYSQL_TYPE_VAR_STRING || field->type == MYSQL_TYPE_LONG_BLOB || field->type == MYSQL_TYPE_MEDIUM_BLOB || field->type == MYSQL_TYPE_TINY_BLOB || field->type == MYSQL_TYPE_STRING) { outputs[i].buffer_length = field->max_length; outputs[i].buffer = (char *)malloc(field->max_length); if (!outputs[i].buffer) { for (int j = 0; j < i; j++) { if (outputs[j].buffer_type == MYSQL_TYPE_BLOB || outputs[j].buffer_type == MYSQL_TYPE_STRING || outputs[j].buffer_type == MYSQL_TYPE_VAR_STRING || outputs[j].buffer_type == MYSQL_TYPE_LONG_BLOB || outputs[j].buffer_type == MYSQL_TYPE_MEDIUM_BLOB || outputs[j].buffer_type == MYSQL_TYPE_TINY_BLOB || outputs[j].buffer_type == MYSQL_TYPE_STRING) free(outputs[j].buffer); setError(ERR_NO_MEMORY, "Not enough memory"); return false; } } } } return true; } long long myinterface::getUIDASCII_v2(X509 *cert) { char *caname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); char *dnname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); if (!caname || !dnname) { OPENSSL_free(caname); OPENSSL_free(dnname); setError(ERR_NO_MEMORY, "Unable to allocate the necessary memory."); return -1; } std::string ca = std::string(caname); std::string dn = std::string(dnname); std::string::size_type pos = 0; OPENSSL_free(caname); OPENSSL_free(dnname); int cid = -1; if (!insecure) { MYSQL_BIND parameter[2]; memset(parameter, 0, sizeof(parameter)); parameter[0].buffer = (void *)ca.c_str(); parameter[0].buffer_length = strlen(ca.c_str()); parameter[0].buffer_type = MYSQL_TYPE_STRING; parameter[0].is_null = 0; MYSQL_BIND result[1]; memset(result, 0, sizeof(result)); memset(&(result[0]), 0, sizeof(result[0])); result[0].buffer=(char *)&cid; result[0].buffer_type = MYSQL_TYPE_LONG; /* Determine CID */ if (!executeQuery(stmt_get_cid_v1, parameter, result, 1)) { ca = translate(ca); parameter[0].buffer = (void *)(ca.c_str()); parameter[0].buffer_length = ca.size(); parameter[0].buffer_type = MYSQL_TYPE_STRING; parameter[0].is_null = 0; if (!executeQuery(stmt_get_cid_v1, parameter, result, 1)) { setError(ERR_NO_CA, "CA is unregistered"); return -1; } } if (mysql_stmt_fetch(stmt_get_cid_v1) == MYSQL_NO_DATA) { setError(ERR_NO_CA, "CA is unregistered"); return -1; } /* now cid has the ca_id */ } /* Determine UID */ MYSQL_BIND parameter[2]; memset(parameter, 0, sizeof(parameter)); parameter[0].buffer = (void*)dn.c_str(); parameter[0].buffer_length = dn.size(); parameter[0].buffer_type = MYSQL_TYPE_STRING; parameter[0].is_null = 0; parameter[1].buffer = (char*)&cid; parameter[1].buffer_length = 0; parameter[1].buffer_type = MYSQL_TYPE_LONG; parameter[1].is_null = 0; bool result; MYSQL_STMT *stmt = NULL; if (insecure) stmt = stmt_get_uid_v1_insecure; else stmt = stmt_get_uid_v1; MYSQL_BIND res[1]; long long uid = -1; memset(res, 0, sizeof(res)); res[0].buffer = (void*)&uid; res[0].buffer_type = MYSQL_TYPE_LONGLONG; result = executeQuery(stmt, parameter, res, 1); if (!result) { dn = translate(dn); parameter[0].buffer = (void*)dn.c_str(); parameter[0].buffer_length = dn.size(); parameter[0].buffer_type = MYSQL_TYPE_STRING; parameter[0].is_null = 0; result = executeQuery(stmt, parameter, res, 1); if (!result) goto suspendederr; } if (mysql_stmt_fetch(stmt)) goto suspendederr; return uid; suspendederr: /* Determine if it was suspended */ { MYSQL_BIND parameter[2]; memset(parameter, 0, sizeof(parameter)); if (!insecure) { parameter[0].buffer = (void*)dn.c_str(); parameter[0].buffer_length = dn.size(); parameter[0].buffer_type = MYSQL_TYPE_STRING; parameter[0].is_null = 0; parameter[1].buffer = (char*)&cid; parameter[1].buffer_length = 0; parameter[1].buffer_type = MYSQL_TYPE_LONG; parameter[1].is_null = 0; } else { parameter[0].buffer = (void*)dn.c_str(); parameter[0].buffer_length = dn.size(); parameter[0].buffer_type = MYSQL_TYPE_STRING; parameter[0].is_null = 0; } MYSQL_BIND res[1]; my_bool is_null[1]; unsigned long int len[1]; memset(res, 0, sizeof(res)); memset(&(res[0]), 0, sizeof(res[0])); res[0].buffer = 0; res[0].buffer_type = MYSQL_TYPE_STRING; res[0].buffer_length = 0; res[0].is_null = &(is_null[0]); res[0].length = &(len[0]); stmt = stmt_get_suspension_reason; if (!executeQuery(stmt, parameter, res, 1)) { dn = translate(dn); parameter[0].buffer = (void*)dn.c_str(); parameter[0].buffer_length = dn.size(); parameter[0].buffer_type = MYSQL_TYPE_STRING; parameter[0].is_null = 0; if (!executeQuery(stmt, parameter, res, 1)) { setError(ERR_USER_UNKNOWN, "USER is unregistered"); return uid; } } unsigned long numberOfRows = (unsigned long)mysql_stmt_num_rows(stmt); if (numberOfRows == 1) { mysql_stmt_fetch(stmt); mysql_stmt_fetch_column(stmt, &(res[0]), 0, 0); if (!is_null[0]) setError(ERR_USER_SUSPENDED, std::string((char *)(res[0].buffer), (std::string::size_type)(*(res[0].length)))); else setError(ERR_USER_SUSPENDED, "Reason unknown"); } free(res[0].buffer); return -1; } } long long myinterface::getUIDASCII_v1(X509 *cert) { char *caname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); char *dnname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); if (!caname || !dnname) { OPENSSL_free(caname); OPENSSL_free(dnname); setError(ERR_NO_MEMORY, "Unable to allocate the necessary memory."); return -1; } std::string ca = std::string(caname); std::string dn = std::string(dnname); OPENSSL_free(caname); OPENSSL_free(dnname); MYSQL_BIND parameter[2]; MYSQL_BIND result[1]; memset(&(parameter[0]), 0, sizeof(parameter[0])); memset(&(parameter[1]), 0, sizeof(parameter[1])); memset(&(result[0]), 0, sizeof(result[0])); int cid; result[0].buffer = (char *)&cid; result[0].buffer_type = MYSQL_TYPE_LONG; if (!insecure) { /* Determine CID */ parameter[0].buffer = (void*)ca.c_str(); parameter[0].buffer_length = ca.size(); parameter[0].buffer_type = MYSQL_TYPE_STRING; parameter[0].is_null = 0; if (!executeQuery(stmt_get_cid_v1, parameter, result, 1)) { ca = translate(ca); parameter[0].buffer = (void*)ca.c_str(); parameter[0].buffer_length = ca.size(); parameter[0].buffer_type = MYSQL_TYPE_STRING; parameter[0].is_null = 0; if (!executeQuery(stmt_get_cid_v1, parameter, result, 1)) { setError(ERR_NO_CA, "CA is unregistered"); return -1; } } if (mysql_stmt_fetch(stmt_get_cid_v1) == MYSQL_NO_DATA) { setError(ERR_NO_CA, "CA is unregistered"); return -1; } /* now cid has the ca_id */ } /* Determine UID */ memset(¶meter, 0, sizeof(parameter)); parameter[0].buffer = (void*)dn.c_str(); parameter[0].buffer_length = dn.size(); parameter[0].buffer_type = MYSQL_TYPE_STRING; parameter[0].is_null = 0; parameter[1].buffer = (char*)&cid; parameter[1].buffer_length = 0; parameter[1].buffer_type = MYSQL_TYPE_LONG; parameter[1].is_null = 0; MYSQL_STMT *stmt = NULL; if (insecure) stmt = stmt_get_uid_v1_insecure; else stmt = stmt_get_uid_v1; MYSQL_BIND res[1]; memset(res, 0, sizeof(res)); memset(&(res[0]), 0, sizeof(res[0])); res[0].buffer = (char *)&cid; res[0].buffer_type = MYSQL_TYPE_LONG; if (!executeQuery(stmt, parameter, res, 1)) { dn = translate(dn); memset(&(parameter[0]), 0, sizeof(parameter[0])); parameter[0].buffer = (void *)dn.c_str(); parameter[0].buffer_length = dn.size(); parameter[0].buffer_type = MYSQL_TYPE_STRING; parameter[0].is_null = 0; if (!executeQuery(stmt, parameter, res, 1)) { setError(ERR_NO_CA, "USER is unregistered"); return -1; } } if (mysql_stmt_fetch(stmt)) { setError(ERR_NO_CA, "USER is unregistered"); return -1; } return cid; } bool myinterface::isConnected(void) { return isconnected; } long long myinterface::getUID(X509 *certificate) { if (!certificate) { setError(ERR_NO_IDDATA, "No Identifying data passed."); return -1; } if (!isconnected) { setError(ERR_NO_DB, "Not Connected to DB."); return -1; } // We need 64 bits long long uid = -1; if (dbVersion == 3 ) { uid = getUIDASCII_v2(certificate); } else { uid = getUIDASCII_v1(certificate); } if (uid == -1) { if (mysql_errno(mysql) == CR_SERVER_LOST || err == ERR_NO_DB) { reconnect(); if (dbVersion == 3 ) { uid = getUIDASCII_v2(certificate); } else { uid = getUIDASCII_v1(certificate); } } } return uid; } int myinterface::operationGetVersion(void) { return dbVersion; } int myinterface::getVersion(void) { MYSQL_STMT *stmt = registerQuery("SELECT version FROM version"); if (stmt) { MYSQL_BIND result[1]; memset(result, 0, sizeof(result)); memset(&(result[0]), 0, sizeof(result[0])); long unsigned int size = 0; result[0].buffer_type = MYSQL_TYPE_LONG; result[0].buffer = (char *)&size; result[0].is_null = 0; result[0].length = 0; if (!executeQuery(stmt, NULL, result, 1)) { setError(ERR_DBERR, mysql_stmt_error(stmt)); return -1; } mysql_stmt_fetch(stmt); mysql_stmt_close(stmt); return dbVersion = size; } else { setError(ERR_DBERR, mysql_stmt_error(stmt)); return -1; } } bool myinterface::getAttributes(MYSQL_STMT *stmt, MYSQL_BIND *parameters, std::vector &attrs) { MYSQL_BIND results[4]; unsigned long int len[4]; len[0] = len[1] = len[2] = len[3] = 0; /* Temporary binding for first binding call */ memset(results, 0, sizeof(results)); results[0].buffer_type = MYSQL_TYPE_STRING; results[0].buffer = 0; results[0].buffer_length = 0; results[0].length = &(len[0]); results[1].buffer_type = MYSQL_TYPE_STRING; results[1].buffer = 0; results[1].buffer_length = 0; results[1].length = &(len[1]); results[2].buffer_type = MYSQL_TYPE_STRING; results[2].buffer = 0; results[2].buffer_length = 0; results[2].length = &(len[2]); results[3].buffer_type = MYSQL_TYPE_STRING; results[3].buffer = 0; results[3].buffer_length = 0; results[3].length = &(len[3]); /* Execute query */ if (!executeQuery(stmt, parameters, results, 4)) { setError(ERR_DBERR, mysql_stmt_error(stmt)); return false; } /* Read data */ unsigned long numberOfRows = (unsigned long)mysql_stmt_num_rows(stmt); for (int i = 0; i < numberOfRows; i++) { mysql_stmt_fetch(stmt); mysql_stmt_fetch_column(stmt, &(results[0]), 0, 0); mysql_stmt_fetch_column(stmt, &(results[1]), 1, 0); mysql_stmt_fetch_column(stmt, &(results[2]), 2, 0); mysql_stmt_fetch_column(stmt, &(results[3]), 3, 0); gattrib ga; ga.name = std::string((char*)(results[0].buffer), *(results[0].length)); if (!(results[1].is_null || !results[1].buffer || ( ((char *)(results[1].buffer))[0]) == '\0')) ga.value = std::string( ((char *)(results[1].buffer)), (std::string::size_type)(*(results[1].length))); if (!(results[2].is_null || (!results[2].buffer) || (((char *)results[2].buffer)[0] == '\0'))) ga.qualifier = std::string( ((char*)(results[2].buffer)), (std::string::size_type)(*(results[2].length))) + (results[3].is_null || *(results[3].length) == 0 ? "" : "/Role=" + std::string( ((char*)(results[3].buffer)), (std::string::size_type)(*(results[3].length)))); attrs.push_back(ga); } return true; } } // namespace bsq extern "C" { sqliface::interface *CreateDB() { return new bsq::myinterface(); } int getDBInterfaceVersion() { return 3; } int getDBInterfaceVersionMinor() { return 1; } } /* extern "C" */ voms-mysql-plugin-3.1.7/src/mysqlwrap.h000066400000000000000000000074751276450445000201700ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2002-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "dbwrap.h" #include #include extern "C" { #include #include #include } namespace bsq { class myinterface : public sqliface::interface { public: myinterface(); ~myinterface(void); bool connect(const char * dbname, const char * hostname, const char * user, const char * password); int error(void) const; bool reconnect(); void close(void); bool setOption(int option, void *value); bool operation(int operation_type, void *result, ...); bool isConnected(void); char *errorMessage(void); sqliface::interface *getSession(); void releaseSession(sqliface::interface *); private: bool operationGetAll (long long, std::vector&); bool operationGetRole (long long, char *role, std::vector&); bool operationGetGroups (long long, std::vector&); bool operationGetGroupAndRole(long long, char *group, char *role, std::vector&); bool operationGetAllAttribs (long long, std::vector&); bool operationGetRoleAttribs (long long, char *role, std::vector&); bool operationGetGroupAttribs (long long, std::vector&); bool operationGetGroupAndRoleAttribs(long long, char *group, char *role, std::vector&); int operationGetVersion(void); void setError(int code, const std::string &message); bool executeQuery(MYSQL_STMT *, MYSQL_BIND *, MYSQL_BIND *, int); MYSQL_STMT *registerQuery(const char *); bool registerQueries(void); bool getFQANs(MYSQL_STMT *, MYSQL_BIND *, std::vector&); bool bindAndSetSize(MYSQL_STMT *, MYSQL_BIND *, int); long long getUIDASCII_v2(X509 *); long long getUIDASCII_v1(X509 *); long long getUID(X509 *); bool getAttributes(MYSQL_STMT *, MYSQL_BIND *, std::vector&); void clearError(); int getVersion(); char *dbname; char *hostname; char *user; const char *password; char *host; int port; MYSQL * mysql; int err; bool isconnected; char error_msg[4096]; /* Local buffer. For longer messages, try allocating memory*/ char *error_msg_heap; MYSQL_STMT *stmt_get_role; MYSQL_STMT *stmt_get_groups; MYSQL_STMT *stmt_get_groups_and_role; MYSQL_STMT *stmt_get_all; MYSQL_STMT *stmt_get_cid_v1; MYSQL_STMT *stmt_get_uid_v1; MYSQL_STMT *stmt_get_uid_v1_insecure; MYSQL_STMT *stmt_get_user_attributes; MYSQL_STMT *stmt_get_group_attributes; MYSQL_STMT *stmt_get_role_attributes; MYSQL_STMT *stmt_get_group_and_role_attributes; MYSQL_STMT *stmt_get_group_and_role_attributes_all; MYSQL_STMT *stmt_get_version; MYSQL_STMT *stmt_get_suspension_reason; bool insecure; int dbVersion; char *socket; }; } //namespace bsq