« back to all changes in this revision
Viewing changes to gridmap.c
- browse files at revision 6
- compare with another revision
- download diff
- download tarball
- view history from revision 6
- Committer: Bazaar Package Importer
- Author(s): Mattias Ellert
- Date: 2010-07-19 08:56:35 UTC
- mfrom: (1.2.2 upstream)
- Revision ID: james.westby@ubuntu.com-20100719085635-k01cwh94m7xofoq6
Tags: 5.9-1
* Update to Globus Toolkit 5.0.2
* Move client man pages to progs package
* Move client man pages to progs package
- files modified:
- .pc/globus-gss-assist-gridmapdir.patch/gridmap.c
added
removed
gridmap.c
20
20
* GSSAPI module activation code
21
21
*
22
22
* $RCSfile: gridmap.c,v $
23
* $Revision: 1.25.4.1 $
23
* $Revision: 1.25.4.2 $
24
24
* $Date $
25
25
*/
26
26
#endif
505
505
******************************************************************************/
506
506
507
507
/**
508
* @name Gridmap
509
*/
510
/* @{ */
511
/**
508
* @brief Look up the default mapping for a Grid identity in a gridmap file
512
509
* @ingroup globus_gsi_gss_assist
513
510
*
514
* Routines callable from globus based code to
515
* map a globusID to a local unix user
516
*
517
* GRIDMAP environment variable pointing at the
518
* map file. Defaults to ~/.gridmap
519
*
520
* A gridmap file is required if being run as root.
521
* if being run as a user,it is not required, and defaults to
522
* the current user who is running the command.
523
*
524
* This is the same file used by the gssapi_cleartext
525
* but will be used with other gssapi implementations which
526
* do not use the gridmap file.
511
* @details
512
* The globus_gss_assist_gridmap() function parses the default gridmap file
513
* and modifies its @a useridp parameter to point to a copy of the string
514
* containing the default local identity that the grid identity is mapped to.
515
* If successful, the caller is responsible for freeing the string pointed
516
* to by @a useridp.
517
*
518
* By default, @a globus_gss_assist_gridmap() looks for the default gridmap
519
* file defined by the value of the GRIDMAP environment variable. If that
520
* is not set, it falls back to $HOME/.gridmap.
527
521
*
528
522
* @param globusidp
529
* the GSSAPI name from the client who requested
530
* authentication
523
* The GSSAPI name string of the identity who requested authorization
531
524
* @param useridp
532
* the resulting user ID name for the local system
525
* A pointer to a string to be set to the default user ID for the local
526
* system. No validation is done to check that such a user exists.
533
527
*
534
528
* @return
535
* 0 on success
536
* -1 if bad arguments
537
* 1 on error
529
* On success, globus_gss_assist_gridmap() returns 0 and modifies the
530
* the string pointed to by the @a useridp parameter. If an error occurs,
531
* a non-zero value is returned and the value pointed to by @a useridp
532
* is undefined.
533
*
534
* @retval GLOBUS_SUCCESS
535
* Success
536
* @retval 1
537
* Error
538
538
*/
539
539
int
540
540
globus_gss_assist_gridmap(
647
647
648
648
return 1;
649
649
}
650
}
650
}
651
651
/* globus_gss_assist_gridmap() */
652
/* @} */
653
652
654
653
/**
655
* @name User OK
656
*/
657
/* @{ */
658
/**
654
* @brief Gridmap entry existence check
659
655
* @ingroup globus_gsi_gss_assist
660
* Check to see if a particular globusid is authorized to access
661
* the given local user account.
656
*
657
* @details
658
* The @a globus_gss_assist_userok() function parses the default gridmap file
659
* and checks whether any mapping exists for the grid identity passed as the
660
* @a globusid parameter and the local user identity passed as the @ userid
661
* parameter.
662
*
663
* By default, @a globus_gss_assist_userok() looks for the default gridmap
664
* file defined by the value of the GRIDMAP environment variable. If that
665
* is not set, it falls back to $HOME/.gridmap.
662
666
*
663
667
* @param globusid
664
* the globus id in string form - this should be the user's subject
668
* The GSSAPI name string of the identity who requested authorization
665
669
* @param userid
666
* the local account that access is sought for
670
* The local account name that access is sought for.
667
671
*
668
672
* @return
669
* 0 on success (authorization allowed)
670
* -1 if bad arguments
671
* 1 on error
673
* If @a globus_gss_assist_userok() is able to find a mapping between
674
* @a globusid and @a userid, it returns 0; otherwise it returns 1.
675
*
676
* @retval GLOBUS_SUCCESS
677
* Success
678
* @retval 1
679
* Error
672
680
*/
673
681
int
674
682
globus_gss_assist_userok(
768
776
769
777
return 1;
770
778
}
771
}
779
}
772
780
/* globus_gss_assist_userok() */
773
/* @} */
774
781
775
782
/**
776
* @name Map Local User
777
*/
778
/* @{ */
779
/**
783
* @brief Look up the default Grid identity associated with a local user name
780
784
* @ingroup globus_gsi_gss_assist
781
* Routine for returning the default globus ID associated with
782
* a local user name. This is somewhat of a hack since there is
783
* not a guarenteed one-to-one mapping. What we do is look for
784
* the first entry in the gridmap file that has the local
785
* user as the default login. If the user is not a default on any
786
* entry, we find the first entry in which the user exists as a
787
* secondary mapping.
785
*
786
* @details
787
* The @a globus_gss_assist_map_local_user() function parses the
788
* gridmap file to determine a if the user name passed as the @a local_user
789
* parameter is the default local user for a Grid ID in the gridmap file. If
790
* so, it modifies @a globusidp to point to a copy of that ID. Otherwise, it
791
* searches the gridmap file for a Grid ID that has a non-default mapping for
792
* @a local_user and modifies @a globusidp to point to a copy of that ID.
793
* If successful, the caller is responsible for freeing the string pointed to
794
* by the @a globusidp pointer.
795
*
796
* By default, @a globus_gss_assist_map_local_user() looks for the default
797
* gridmap file defined by the value of the GRIDMAP environment variable. If
798
* that is not set, it falls back to $HOME/.gridmap.
788
799
*
789
800
* @param local_user
790
* the local username to find the DN for
801
* The local username to find a Grid ID for
791
802
* @param globusidp
792
* the first DN found that reverse maps from the local_user
803
* A Grid ID that maps from the local_user.
793
804
*
794
805
* @return
795
* 0 on success, otherwise an error object identifier is returned.
796
* use globus_error_get to get the error object from the id. The
797
* resulting error object must be freed using globus_object_free
798
* when it is no longer needed.
806
* On success, @a globus_gss_assist_map_local_user() returns 0 and
807
* modifies @a globusidp to point to a Grid ID that maps to @a local_user;
808
* otherwise, @a globus_gss_assist_map_local_user() returns 1 and the
809
* value pointed to by @a globusidp is undefined.
799
810
*
800
* @see globus_error_get
801
* @see globus_object_free
811
* @retval GLOBUS_SUCCESS
812
* Success
813
* @retval 1
814
* Error
802
815
*/
803
816
int
804
817
globus_gss_assist_map_local_user(
900
913
}
901
914
}
902
915
/* globus_gss_assist_map_local_user() */
903
/* @} */
904
916
905
917
#ifndef GLOBUS_DONT_DOCUMENT_INTERNAL
906
918
1759
1771
1760
1772
1761
1773
/**
1762
* @ingroup globus_i_gsi_gss_assist
1763
* Look up all globus ids associated with a given user id.
1774
* @brief Look up all Grid IDs associated with a local user ID
1775
* @ingroup globus_gsi_gss_assist
1776
*
1777
* @details
1778
* The @a globus_gss_assist_lookup_all_globusid() function parses a
1779
* gridmap file and finds all Grid IDs that map to a local user ID.
1780
* The @a dns parameter is modified to point to an array of Grid ID
1781
* strings from the gridmap file, and the @a dn_count parameter is
1782
* modified to point to the number of Grid ID strings in the array.
1783
* The caller is responsible for freeing the array using the macro
1784
* @a GlobusGssAssistFreeDNArray().
1785
*
1786
* By default, @a globus_gss_assist_lookup_all_globusid() looks for the default
1787
* gridmap file defined by the value of the GRIDMAP environment variable. If
1788
* that is not set, it falls back to $HOME/.gridmap.
1764
1789
*
1765
1790
* @param username
1766
* The local username on which we are preforming the lookup.
1767
*
1791
* The local username to look up in the gridmap file.
1768
1792
* @param dns
1769
* a pointer to an array of strings. On entrance it should be
1770
* unitialized. Upon return from this function it will point
1771
* to an array of strings. The user should use the macro
1772
* GlobusGssAssistFreeDNArray to clean up this memory.
1773
*
1793
* A pointer to an array of strings. This function modifies this
1794
* to point to a newly allocated array of strings. The
1795
* caller must use the macro @a GlobusGssAssistFreeDNArray() to free
1796
* this memory.
1774
1797
* @param dn_count
1775
* The number of globus_ids returned in dns.
1798
* A pointer to an integer that is modified to contain the number of
1799
* entries in the array returned via the @a dns parameter.
1776
1800
*
1777
1801
* @return
1778
* the value in the xdigit, or -1 if error
1802
* On success, @a globus_gss_assist_lookup_all_globusid() returns
1803
* GLOBUS_SUCCESS and modifies its @a dns and @a dn_count parameters as
1804
* described above. If an error occurs,
1805
* @a globus_gss_assist_lookup_all_globusid() returns a globus_result_t
1806
* that can be resolved to an error object and the values
1807
* pointed to by @a dns and @a dn_count are undefined.
1808
*
1809
* @retval GLOBUS_SUCCESS
1810
* Success
1811
* @retval GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_ARGUMENTS
1812
* Error with arguments
1813
* @retval GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_GRIDMAP
1814
* Invalid path to gridmap
1815
* @retval GLOBUS_GSI_GSS_ASSIST_ERROR_ERRNO
1816
* System error
1779
1817
*/
1780
1818
globus_result_t
1781
1819
globus_gss_assist_lookup_all_globusid(
1911
1949
/* globus_gss_assist_lookup_all_globusid() */
1912
1950
1913
1951
1952
/**
1953
* @brief Authorize the peer of a security context to use a service
1954
* @ingroup globus_gsi_gss_assist
1955
*
1956
* @details
1957
* The globus_gss_assist_map_and_authorize() function attempts to authorize
1958
* the peer of a security context to use a particular service. If
1959
* the @a desired_identity parameter is non-NULL, the authorization will
1960
* succeed only if the peer is authorized for that identity. Otherwise,
1961
* any valid authorized local user name will be used. If authorized, the
1962
* local user name will be copied to the string pointed to by the
1963
* @a identity_buffer parameter, which must be at least as long as the
1964
* value passed as the @a identity_buffer_length parameter.
1965
*
1966
* If authorization callouts are defined in the callout configuration
1967
* file, @a globus_gss_assist_map_and_authorize() will invoke both the
1968
* GLOBUS_GENERIC_MAPPING_TYPE callout and the GLOBUS_GENERIC_AUTHZ_TYPE
1969
* callout; otherwise the default gridmap file will be used for mapping
1970
* and no service-specific authorization will be done.
1971
*
1972
* If @a globus_gss_assist_map_and_authorize() uses a gridmap file, it
1973
* first looks for a file defined by the value of the GRIDMAP environment
1974
* variable. If that is not set, it falls back to $HOME/.gridmap.
1975
*
1976
* @param context
1977
* Security context to inspect for peer identity information.
1978
* @param service
1979
* A NULL-terminated string containing the name of the service that
1980
* an authorization decision is being made for.
1981
* @param desired_identity
1982
* Optional. If non-NULL, perform an authorization to act as the
1983
* local user named by this NULL-terminated string.
1984
* @param identity_buffer
1985
* A pointer to a string buffer into which will be copied the
1986
* local user name that the peer of the context is authorized to
1987
* act as.
1988
* @param identity_buffer_length
1989
* Length of the @a identity_buffer array.
1990
*
1991
* @return
1992
* On success, @a globus_gss_assist_map_and_authorize() returns
1993
* GLOBUS_SUCCESS and copies the authorized local identity to the
1994
* @a identity_buffer parameter. If an error occurs,
1995
* @a globus_gss_assist_map_and_authorize() returns a globus_result_t
1996
* that can be resolved to an error object.
1997
*
1998
* @retval GLOBUS_SUCCESS
1999
* Success
2000
* @retval GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_CALLOUT_CONFIG
2001
* Invalid authorization configuration file
2002
* @retval GLOBUS_CALLOUT_ERROR_WITH_HASHTABLE
2003
* Hash table operation failed.
2004
* @retval GLOBUS_CALLOUT_ERROR_CALLOUT_ERROR
2005
* The callout itself returned a error.
2006
* @retval GLOBUS_CALLOUT_ERROR_WITH_DL
2007
* Dynamic library operation failed.
2008
* @retval GLOBUS_CALLOUT_ERROR_OUT_OF_MEMORY
2009
* Out of memory
2010
* @retval GLOBUS_GSI_GSS_ASSIST_GSSAPI_ERROR
2011
* A GSSAPI function returned an error
2012
* @retval GLOBUS_GSI_GSS_ASSIST_GRIDMAP_LOOKUP_FAILED
2013
* Gridmap lookup failure
2014
* @retval GLOBUS_GSI_GSS_ASSIST_BUFFER_TOO_SMALL
2015
* Caller provided insufficient buffer space for local identity
2016
*/
1914
2017
globus_result_t
1915
2018
globus_gss_assist_map_and_authorize(
1916
2019
gss_ctx_id_t context,
Loggerhead is a web-based interface for Breezy
Version: 2.0.1