~ubuntu-branches/ubuntu/saucy/lcmaps-plugins-voms/saucy

« back to all changes in this revision

Viewing changes to src/voms/lcmaps_voms_localaccount.c

Committer: Package Import Robot
Author(s): Dennis van Dok
Date: 2012-11-06 00:50:24 UTC
Revision ID: package-import@ubuntu.com-20121106005024-0513ko4vca18a53l

Tags: upstream-1.5.5

Import upstream version 1.5.5

files added:

AUTHORS

ChangeLog

LICENSE

Makefile.am

Makefile.in

NEWS

aclocal.m4

bootstrap

compile

config.guess

config.sub

configure

configure.ac

depcomp

doc/Makefile.am

doc/Makefile.in

doc/lcmaps_ban_fqan.mod.8

doc/lcmaps_voms.mod.8

doc/lcmaps_voms_localaccount.mod.8

doc/lcmaps_voms_localgroup.mod.8

doc/lcmaps_voms_poolaccount.mod.8

doc/lcmaps_voms_poolgroup.mod.8

install-sh

ltmain.sh

missing

project

project/globus.m4

project/lcmaps.m4

project/voms.m4

src/Makefile.am

src/Makefile.in

src/gridlist

src/gridlist/Makefile.am

src/gridlist/Makefile.in

src/gridlist/lcmaps_gridlist.c

src/gridlist/lcmaps_gridlist.h

src/lcmaps_voms_config.h.in

src/voms

src/voms/Makefile.am

src/voms/Makefile.in

src/voms/lcmaps_ban_fqan.c

src/voms/lcmaps_gridlist.c

src/voms/lcmaps_gridlist.h

src/voms/lcmaps_voms.c

src/voms/lcmaps_voms_gsi_utils.h

src/voms/lcmaps_voms_localaccount.c

src/voms/lcmaps_voms_localgroup.c

src/voms/lcmaps_voms_poolaccount.c

src/voms/lcmaps_voms_poolgroup.c

src/voms/plugin_test.c

src/voms/plugin_test.h

Show diffs side-by-side

added added

removed removed

src/voms/lcmaps_voms_localaccount.c

/**

* Copyright (c) Members of the EGEE Collaboration. 2004-2010.

* See http://www.eu-egee.org/partners/ for details on the copyright

* holders.

* Licensed under the Apache License, Version 2.0 (the "License");

* you may not use this file except in compliance with the License.

* You may obtain a copy of the License at

* http://www.apache.org/licenses/LICENSE-2.0

* Unless required by applicable law or agreed to in writing, software

* distributed under the License is distributed on an "AS IS" BASIS,

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

* See the License for the specific language governing permissions and

* limitations under the License.

* Authors:

* 2009-

* Oscar Koeroo <okoeroo@nikhef.nl>

* Mischa Sall\'e <msalle@nikhef.nl>

* David Groep <davidg@nikhef.nl>

* NIKHEF Amsterdam, the Netherlands

* <grid-mw-security@nikhef.nl>

* 2007-2009

* Oscar Koeroo <okoeroo@nikhef.nl>

* David Groep <davidg@nikhef.nl>

* NIKHEF Amsterdam, the Netherlands

* 2003-2007

* Martijn Steenbakkers <martijn@nikhef.nl>

* Gerben Venekamp <venekamp@nikhef.nl>

* Oscar Koeroo <okoeroo@nikhef.nl>

* David Groep <davidg@nikhef.nl>

* NIKHEF Amsterdam, the Netherlands

/*!

\page lcmaps_voms_localaccount.mod voms local account plugin

\section vomslocalaccountsyn SYNOPSIS

\b lcmaps_voms_localaccount.mod

[-gridmapfile|-GRIDMAPFILE|-gridmap|-GRIDMAP \<location gridmapfile\>]

[-use_voms_gid]

\section vomslocalaccountdesc DESCRIPTION

This localaccount acquisition plugin is a 'VOMS-aware' modification of the 'localaccount' plugin.

The plugin tries to find a local account (more specifically a UID) based on the VOMS information

that has been retrieved by the plugin \ref lcmaps_voms.mod "lcmaps_voms.mod"

from the user's grid credential.

It will try to match a VO-GROUP-ROLE combination from the user's grid credential with an entry

in a gridmapfile (most likely the traditional gridmapfile, used by the localaccount and

poolaccount plugins)

In this file VO-GROUP-ROLE combinations are listed next to the name of an existing account,

as shown in the following example.

EXAMPLE:

\c "/VO=wilma/GROUP=management" \c wilmamgr

\c "/VO=fred/GROUP=*" \c fredmgr

If the first matching VO-GROUP-ROLE combination is \c "/VO=wilma/GROUP=management" the plugin

will map the user to the account wilmamgr.

If the first matching VO-GROUP-ROLE combination is

\c "/VO=fred/GROUP=*" the plugin will map the user to the account fredmgr.

\section vomslocalaccountnote1 NOTE 1

This plugin should only be used in combination with the \e 'voms_localgroup'

and/or \e 'voms_poolgroup' plugins.

\section vomslocalaccountoptions OPTIONS

\subsection vomslocalaccountoptie1 -GRIDMAPFILE \<gridmapfile\>

See \ref vomslocalaccountoptie4 "-gridmap"

\subsection vomslocalaccountoptie2 -gridmapfile \<gridmapfile\>

See \ref vomslocalaccountoptie4 "-gridmap"

\subsection vomslocalaccountoptie3 -GRIDMAP \<gridmapfile\>

See \ref vomslocalaccountoptie4 "-gridmap"

\subsection vomslocalaccountoptie4 -gridmap \<gridmapfile\>

When this option is set it will override the default path to the gridmapfile.

It is advised to use an absolute path to the gridmapfile to avoid usage of the wrong file(path).

\subsection vomslocalaccountoptie5 -use_voms_gid

When this option is set the LCMAPS system relies on other VOMS plugins such as

\ref lcmaps_voms_localgroup.mod "lcmaps_voms_localgroup.mod" and \ref lcmaps_voms_poolgroup.mod

"lcmaps_voms_poolgroup.mod" to assign a primary GID based on the VOMS attributes contained in the

user proxy instead of taking the default primary GID that comes with the local account.

\section vomslocalaccountReturnvalue RETURN VALUES

\li LCMAPS_MOD_SUCCESS : Success

\li LCMAPS_MOD_FAIL : Failure

100

101

102

\section vomslocalaccountErrors ERRORS

103

See bugzilla for known errors (http://marianne.in2p3.fr/datagrid/bugzilla/)

104

105

\section vomslocalaccountSeeAlso SEE ALSO

106

\ref lcmaps_voms.mod "lcmaps_voms.mod",

107

\ref lcmaps_voms_poolaccount.mod "lcmaps_voms_localgroup.mod",

108

\ref lcmaps_voms_localgroup.mod "lcmaps_voms_localgroup.mod",

109

\ref lcmaps_voms_poolgroup.mod "lcmaps_voms_poolgroup.mod",

110

\ref lcmaps_localaccount.mod "lcmaps_localaccount.mod",

111

\ref lcmaps_poolaccount.mod "lcmaps_poolaccount.mod",

112

\ref lcmaps_posix_enf.mod "lcmaps_posix_enf.mod",

113

\ref lcmaps_ldap_enf.mod "lcmaps_ldap_enf.mod",

114

115

116

/*!

117

\file lcmaps_voms_localaccount.c

118

\brief Interface to the LCMAPS plugins

119

\author Martijn Steenbakkers for the EU DataGrid.

120

121

This file contains the code of the voms_localaccount plugin

122

-# plugin_initialize()

123

-# plugin_run()

124

-# plugin_terminate()

125

-# plugin_introspect()

126

127

128

/*****************************************************************************

129

Include header files

130

******************************************************************************/

131

#include <stdio.h>

132

#include <stdlib.h>

133

#include <string.h>

134

#include <pwd.h>

135

#include <sys/stat.h>

136

137

#include "lcmaps_voms_config.h"

138

#include <lcmaps/lcmaps_modules.h>

139

#include <lcmaps/lcmaps_arguments.h>

140

#include <lcmaps/lcmaps_cred_data.h>

141

#include "lcmaps_gridlist.h"

142

143

/******************************************************************************

144

Definitions

145

******************************************************************************/

146

#define LCMAPS_MAXGIDBUFFER 256

147

#define PLUGIN_RUN 0

148

#define PLUGIN_VERIFY 1

149

150

/******************************************************************************

151

Module specific prototypes

152

******************************************************************************/

153

static int plugin_run_or_verify(int, lcmaps_argument_t *, int);

154

155

/******************************************************************************

156

Define module specific variables

157

******************************************************************************/

158

159

static char *gridmapfile = NULL;

160

static int use_voms_gid = 0;

161

static int do_not_map_primary_gid = 0;

162

static int add_primary_gid_from_mapped_account = 0;

163

static int add_primary_gid_as_secondary_gid_from_mapped_account = 0;

164

static int add_secondary_gids_from_mapped_account = 0;

165

166

/******************************************************************************

167

Function: plugin_initialize

168

Description:

169

Initialize plugin

170

Parameters:

171

argc, argv

172

argv[0]: the name of the plugin

173

Returns:

174

LCMAPS_MOD_SUCCESS : succes

175

LCMAPS_MOD_FAIL : failure

176

LCMAPS_MOD_NOFILE : db file not found (will halt LCMAPS initialization)

177

******************************************************************************/

178

int plugin_initialize(

179

int argc,

180

char ** argv

181

)

182

{

183

char * logstr = "lcmaps_plugin_voms_localaccount-plugin_initialize()";

184

int i;

185

struct stat s;

186

187

lcmaps_log_debug(5,"%s: passed arguments:\n", logstr);

188

for (i=0; i < argc; i++)

189

{

190

lcmaps_log_debug(5,"%s: arg %d is %s\n", logstr, i, argv[i]);

191

}

192

193

194

* the first will be the thing to edit/select (gridmap(file))

195

* the second will be the path && filename of the gridmapfile

196

197

198

199

* Parse arguments, argv[0] = name of plugin, so start with i = 1

200

201

for (i = 1; i < argc; i++)

202

{

203

if ( ((strcmp(argv[i], "-gridmap") == 0) ||

204

(strcmp(argv[i], "-GRIDMAP") == 0) ||

205

(strcmp(argv[i], "-gridmapfile") == 0) ||

206

(strcmp(argv[i], "-GRIDMAPFILE") == 0))

207

&& (i + 1 < argc))

208

{

209

if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))

210

{

211

/* check if the setting exists */

212

if (stat (argv[i + 1], &s) < 0)

213

{

214

lcmaps_log(LOG_ERR, "%s: Error: grid-mapfile not accessible at \"%s\"\n", logstr, argv[i + 1]);

215

return LCMAPS_MOD_FAIL;

216

}

217

218

gridmapfile = strdup(argv[i + 1]);

219

}

220

i++;

221

}

222

else if (strcmp(argv[i], "--do-not-add-primary-gid-from-mapped-account") == 0)

223

{

224

do_not_map_primary_gid = 1;

225

}

226

else if (strcmp(argv[i], "--add-primary-gid-from-mapped-account") == 0)

227

{

228

add_primary_gid_from_mapped_account = 1;

229

}

230

else if (strcmp(argv[i], "--add-primary-gid-as-secondary-gid-from-mapped-account") == 0)

231

{

232

add_primary_gid_as_secondary_gid_from_mapped_account = 1;

233

}

234

else if (strcmp(argv[i], "--add-secondary-gids-from-mapped-account") == 0)

235

{

236

add_secondary_gids_from_mapped_account = 1;

237

}

238

else if ((strcmp(argv[i], "--use-voms-gid") == 0) ||

239

(strcmp(argv[i], "--use_voms_gid") == 0) ||

240

(strcmp(argv[i], "-use_voms_gid") == 0))

241

{

242

use_voms_gid = 1;

243

}

244

else

245

{

246

lcmaps_log(LOG_ERR,"%s: Error in initialization parameter: %s (failure)\n", logstr, argv[i]);

247

return LCMAPS_MOD_FAIL;

248

}

249

}

250

251

/* Post mortum check */

252

if (do_not_map_primary_gid && add_primary_gid_from_mapped_account)

253

{

254

lcmaps_log(LOG_ERR,"%s: Error: can't set both --do-not-add-primary-gid-from-mapped-account and --add-primary-gid-from-mapped-account\n", logstr);

255

return LCMAPS_MOD_FAIL;

256

}

257

if (use_voms_gid && do_not_map_primary_gid)

258

{

259

lcmaps_log(LOG_ERR,"%s: Error: can't set both --use-voms-gid and --do-not-add-primary-gid-from-mapped-account\n", logstr);

260

return LCMAPS_MOD_FAIL;

261

}

262

if (use_voms_gid && add_primary_gid_from_mapped_account)

263

{

264

lcmaps_log(LOG_ERR,"%s: Error: can't set both --use-voms-gid and --add-primary-gid-from-mapped-account\n", logstr);

265

return LCMAPS_MOD_FAIL;

266

}

267

if (use_voms_gid && add_secondary_gids_from_mapped_account)

268

{

269

lcmaps_log(LOG_ERR,"%s: Error: can't set both --use-voms-gid and --add-secondary-gids-from-mapped-account\n", logstr);

270

return LCMAPS_MOD_FAIL;

271

}

272

273

274

275

return LCMAPS_MOD_SUCCESS;

276

}

277

278

/******************************************************************************

279

Function: plugin_introspect

280

Description:

281

return list of required arguments

282

Parameters:

283

284

Returns:

285

LCMAPS_MOD_SUCCESS : succes

286

LCMAPS_MOD_FAIL : failure

287

******************************************************************************/

288

int plugin_introspect(

289

int * argc,

290

lcmaps_argument_t ** argv

291

)

292

{

293

char * logstr = "lcmaps_plugin_voms_localaccount-plugin_introspect()";

294

static lcmaps_argument_t argList[] = {

295

{"user_dn" , "char *" , 0, NULL},

296

{"fqan_list" , "char **" , 0, NULL},

297

{"nfqan" , "int" , 0, NULL},

298

{NULL , NULL , -1, NULL}

299

};

300

301

lcmaps_log_debug(4,"%s: introspecting\n", logstr);

302

303

*argv = argList;

304

*argc = lcmaps_cntArgs(argList);

305

lcmaps_log_debug(5,"%s: address first argument: 0x%x\n", logstr, argList);

306

307

return LCMAPS_MOD_SUCCESS;

308

}

309

310

311

/******************************************************************************

312

Function: plugin_run

313

Description:

314

Gather credentials for LCMAPS

315

Parameters:

316

argc: number of arguments

317

argv: list of arguments

318

Returns:

319

LCMAPS_MOD_SUCCESS: authorization succeeded

320

LCMAPS_MOD_FAIL : authorization failed

321

******************************************************************************/

322

int plugin_run(

323

int argc,

324

lcmaps_argument_t * argv

325

)

326

{

327

return plugin_run_or_verify(argc, argv, PLUGIN_RUN);

328

}

329

330

/******************************************************************************

331

Function: plugin_verify

332

Description:

333

Verify if user is entitled to use local credentials based on his grid

334

credentials. This means that the site should already have been set up

335

by, e.g., LCMAPS in a previous run. This method will not try to setup

336

account leases, modify (distributed) passwd/group files, etc. etc.

337

The outcome should be identical to that of plugin_run().

338

In this particular case "plugin_verify()" is identical to "plugin_run()"

339

340

Parameters:

341

argc: number of arguments

342

argv: list of arguments

343

Returns:

344

LCMAPS_MOD_SUCCESS: authorization succeeded

345

LCMAPS_MOD_FAIL : authorization failed

346

******************************************************************************/

347

int plugin_verify(

348

int argc,

349

lcmaps_argument_t * argv

350

)

351

{

352

return plugin_run_or_verify(argc, argv, PLUGIN_VERIFY);

353

}

354

355

static int plugin_run_or_verify(

356

int argc,

357

lcmaps_argument_t * argv,

358

int lcmaps_mode

359

)

360

{

361

char * logstr = "lcmaps_plugin_voms_localaccount-plugin_run()";

362

char * dn = NULL;

363

int dn_cnt = 0;

364

char * username = NULL;

365

struct passwd *user_info = NULL;

366

int i = 0;

367

int cnt_sec_gid = 0;

368

gid_t * sec_gid = NULL;

369

char ** vo_cred_string_list = NULL;

370

int cnt_vo_cred_string = 0;

371

int found = 0;

372

unsigned short matching_type = ((unsigned short)0x0000);

373

int rc = 0;

374

char ** fqan_list = NULL;

375

int nfqan = -1;

376

377

378

* The beginning

379

380

if (lcmaps_mode == PLUGIN_RUN)

381

logstr = "lcmaps_plugin_voms_localaccount-plugin_run()";

382

else if (lcmaps_mode == PLUGIN_VERIFY)

383

logstr = "lcmaps_plugin_voms_localaccount-plugin_verify()";

384

else

385

{

386

lcmaps_log(LOG_ERR, "lcmaps_plugin_voms_localaccount-plugin_run_or_verify(): attempt to run plugin in invalid mode: %d\n", lcmaps_mode);

387

goto fail_voms_localaccount;

388

}

389

lcmaps_log_debug(5,"%s:\n", logstr);

390

391

392

* Try to get the ordered values:

393

394

if ( ( dn = *(char **) lcmaps_getArgValue("user_dn", "char *", argc, argv) ) )

395

{

396

lcmaps_log_debug(5,"%s: found dn: %s\n", logstr, dn);

397

398

/* Check if we don't have a DN already registered, if not, add it to the internal registry */

399

getCredentialData (DN, &dn_cnt);

400

if (dn_cnt == 0)

401

{

402

lcmaps_log_debug (5, "%s: Adding DN: %s\n", logstr, dn);

403

addCredentialData(DN, &dn);

404

}

405

}

406

else

407

lcmaps_log_debug(1,"%s: could not get value of dn !\n", logstr);

408

409

410

411

* Check the gridmapfile

412

413

414

if ((gridmapfile != NULL) && (strlen(gridmapfile) > 0))

415

lcmaps_log_debug(3,"%s: gridmapfile is: %s\n", logstr, gridmapfile);

416

else

417

{

418

if (gridmapfile) free(gridmapfile);

419

gridmapfile = NULL;

420

lcmaps_log_debug(1,"%s: No gridmapfile assigned, so function must find out for it self\n", logstr);

421

}

422

423

424

* Get the VO user information.

425

* We can either order it by lcmaps_argument_t or use the getCredentialData() function.

426

* The latter case requires the voms parsing plugin (lcmaps_voms.mod) to have run beforehand.

427

* Unfortunately the formats of the VOMS strings (from getCredentialData()) and

428

* FQANs (from lcmaps_argument_t) are not the same. We may have to introduce

429

* two-way conversion functions.

430

* The VOMS info has to matched against the info in the gridmapfile

431

432

lcmaps_log_debug(5,"%s: First try to get the FQAN list from input credential repository ...\n", logstr);

433

if ( ( nfqan = *(int *) lcmaps_getArgValue("nfqan", "int", argc, argv) ) )

434

{

435

lcmaps_log_debug(5,"%s: the list of FQANs should contain %d elements\n", logstr, nfqan);

436

if ( ( fqan_list = *(char ***) lcmaps_getArgValue("fqan_list", "char **", argc, argv) ) )

437

lcmaps_log_debug(5, "%s: found list of FQANs\n", logstr);

438

else

439

{

440

lcmaps_log_debug(1, "%s: could not retrieve list of FQANs!\n", logstr);

441

goto fail_voms_localaccount;

442

}

443

for (i = 0; i < nfqan; i++)

444

{

445

lcmaps_log_debug(3, "%s: FQAN %d: %s\n", logstr, i, fqan_list[i]);

446

}

447

vo_cred_string_list = fqan_list;

448

cnt_vo_cred_string = nfqan;

449

}

450

else

451

{

452

lcmaps_log_debug(1,"%s: ... did not find input credentials in input credential repository...\n", logstr);

453

lcmaps_log_debug(1,"%s: ... trying the internal credential repository ...\n", logstr);

454

455

vo_cred_string_list = getCredentialData(LCMAPS_VO_CRED_STRING, &cnt_vo_cred_string);

456

}

457

458

if (cnt_vo_cred_string == 0)

459

{

460

lcmaps_log(LOG_NOTICE,"%s: no VOMS group info --> no mapping\n", logstr);

461

goto fail_voms_localaccount;

462

}

463

else if (cnt_vo_cred_string < 0)

464

{

465

lcmaps_log(LOG_ERR,"%s: negative number of VOMS groups found ! (failure)\n", logstr);

466

goto fail_voms_localaccount;

467

}

468

469

470

471

* Try to match the VO strings with the gridmapfile info

472

* normally the first available VO string should match

473

474

found = 0;

475

476

matching_type = MATCH_EXCLUDE|MATCH_WILD_CHARS;

477

478

for (i = 0; i < cnt_vo_cred_string; i++)

479

{

480

/* clean username before each call to lcmaps_gridlist */

481

if (username) free(username);

482

username = NULL;

483

if ( (rc = lcmaps_gridlist(vo_cred_string_list[i], &username, gridmapfile, matching_type, ".", NULL)) == 0)

484

{

485

found = 1;

486

lcmaps_log_debug(3,"%s: found username: %s\n", logstr, username);

487

break;

488

}

489

else if (rc == LCMAPS_MOD_NOFILE)

490

{

491

lcmaps_log(LOG_ERR, "%s: Could not find the gridmapfile %s\n", logstr, gridmapfile);

492

goto fail_voms_localaccount;

493

}

494

else

495

{

496

lcmaps_log_debug(1, "%s: no localaccount available for group (%s) in %s\n", logstr, vo_cred_string_list[i], gridmapfile);

497

}

498

}

499

if (found != 1)

500

{

501

lcmaps_log(LOG_WARNING, "%s: Could not find a VOMS localaccount in %s (failure)\n", logstr, gridmapfile);

502

goto fail_voms_localaccount;

503

}

504

505

506

* Get userid to pwd_t structure

507

508

if (username && (strlen(username) > 0))

509

{

510

if ( ( user_info = getpwnam(username) ) )

511

{

512

lcmaps_log_debug(5,"%s: address user_info: %p\n", logstr, user_info);

513

lcmaps_log_debug(3,"%s: username : %s, char ptr: %p, address char ptr: %p\n", logstr, user_info->pw_name, user_info->pw_name, &(user_info->pw_name));

514

lcmaps_log_debug(3,"%s: password : %s\n", logstr, user_info->pw_passwd);

515

lcmaps_log_debug(3,"%s: user_id : %d, address uid: %p\n", logstr, user_info->pw_uid, &(user_info->pw_uid));

516

lcmaps_log_debug(3,"%s: group_id : %d\n", logstr, user_info->pw_gid);

517

lcmaps_log_debug(3,"%s: realname : %s\n", logstr, user_info->pw_gecos);

518

lcmaps_log_debug(3,"%s: home dir : %s\n", logstr, user_info->pw_dir);

519

lcmaps_log_debug(3,"%s: shellprg : %s\n", logstr, user_info->pw_shell);

520

521

/* Add this credential data to the credential data repository in the plugin manager */

522

addCredentialData(UID, &(user_info->pw_uid));

523

524

/* Map primary Unix GID from the account info */

525

if ((!do_not_map_primary_gid) &&

526

(add_primary_gid_from_mapped_account))

527

{

528

lcmaps_log_debug(4,"%s: adding primary GID (%d) from local account to CredentialData\n", logstr, user_info->pw_gid);

529

addCredentialData(PRI_GID, &(user_info->pw_gid));

530

}

531

532

/* Add the primary GID from the mapped account as an secondary GID to the result */

533

if (add_primary_gid_as_secondary_gid_from_mapped_account)

534

{

535

lcmaps_log_debug(4,"%s: adding primary GID (%d) from local account as a secondary GID to CredentialData\n", logstr, user_info->pw_gid);

536

addCredentialData(SEC_GID, &(user_info->pw_gid));

537

}

538

539

/* Add secondary Unix group IDs from the mapped local account */

540

if (add_secondary_gids_from_mapped_account)

541

{

542

/* Retrieve secondary group id's */

543

if (lcmaps_get_gidlist(username, &cnt_sec_gid, &sec_gid)==0)

544

{

545

lcmaps_log_debug(4,"%s: adding secondary GIDs (%d) from local account to CredentialData\n", logstr, user_info->pw_gid);

546

for (i = 0; i < cnt_sec_gid; i++)

547

{

548

addCredentialData(SEC_GID, &(sec_gid[i]));

549

}

550

free(sec_gid);

551

}

552

}

553

554

/* Old and error tolerant setting to set primary and secondary Unix

555

* IDs from the /etc/{passwd,groups} info */

556

if (use_voms_gid == 0)

557

{

558

lcmaps_log_debug(4,"%s: adding primary GID (%d) from local account to CredentialData\n", logstr, user_info->pw_gid);

559

addCredentialData(PRI_GID, &(user_info->pw_gid));

560

561

/* Retrieve secondary group id's */

562

if (lcmaps_get_gidlist(username, &cnt_sec_gid, &sec_gid)==0)

563

{

564

for (i = 0; i < cnt_sec_gid; i++)

565

{

566

addCredentialData(SEC_GID, &(sec_gid[i]));

567

}

568

free(sec_gid);

569

}

570

}

571

}

572

else

573

{

574

lcmaps_log(LOG_ERR,"%s: no user account found named \"%s\"\n", logstr, username);

575

goto fail_voms_localaccount;

576

}

577

}

578

else

579

{ // error (msg is already given)

580

goto fail_voms_localaccount;

581

}

582

583

/* succes */

584

success_voms_localaccount:

585

if (username) free(username);

586

lcmaps_log(LOG_INFO,"%s: voms_localaccount plugin succeeded\n", logstr);

587

return LCMAPS_MOD_SUCCESS;

588

589

fail_voms_localaccount:

590

if (username) free(username);

591

lcmaps_log(LOG_INFO,"%s: voms_localaccount plugin failed\n", logstr);

592

return LCMAPS_MOD_FAIL;

593

}

594

595

/******************************************************************************

596

Function: plugin_terminate

597

Description:

598

Terminate plugin

599

Parameters:

600

601

Returns:

602

LCMAPS_MOD_SUCCESS : succes

603

LCMAPS_MOD_FAIL : failure

604

******************************************************************************/

605

int plugin_terminate()

606

{

607

char * logstr = "lcmaps_plugin_voms_localaccount-plugin_terminate()";

608

609

lcmaps_log_debug(4,"%s: terminating\n", logstr);

610

611

if (gridmapfile) free(gridmapfile);

612

613

return LCMAPS_MOD_SUCCESS;

614

}

615

616

/******************************************************************************

617

CVS Information:

618

$Source: /srv/home/dennisvd/svn/mw-security/lcmaps-plugins-voms/src/voms/lcmaps_voms_localaccount.c,v $

619

$Date: 2010-02-19 06:01:37 $

620

$Revision: 1.8 $

621

$Author: okoeroo $

622

******************************************************************************/

Older »