1
/*___INFO__MARK_BEGIN__*/
2
/*************************************************************************
4
* The Contents of this file are made available subject to the terms of
5
* the Sun Industry Standards Source License Version 1.2
7
* Sun Microsystems Inc., March, 2001
10
* Sun Industry Standards Source License Version 1.2
11
* =================================================
12
* The contents of this file are subject to the Sun Industry Standards
13
* Source License Version 1.2 (the "License"); You may not use this file
14
* except in compliance with the License. You may obtain a copy of the
15
* License at http://gridengine.sunsource.net/Gridengine_SISSL_license.html
17
* Software provided under this License is provided on an "AS IS" basis,
18
* WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
19
* WITHOUT LIMITATION, WARRANTIES THAT THE SOFTWARE IS FREE OF DEFECTS,
20
* MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE, OR NON-INFRINGING.
21
* See the License for the specific provisions governing your rights and
22
* obligations concerning the Software.
24
* The Initial Developer of the Original Code is: Sun Microsystems, Inc.
26
* Copyright: 2001 by Sun Microsystems, Inc.
28
* All Rights Reserved.
30
************************************************************************/
31
/*___INFO__MARK_END__*/
38
#include <sys/types.h>
39
#include <sys/socket.h>
40
#include <netinet/in.h>
44
#include <sys/param.h>
48
#include <gssapi/gssapi_generic.h>
52
#include "sge_gsslib.h"
54
/* #include "sge_language.h" */
60
p = (NULL == (p = strrchr(progname,'/'))) ? progname : p+1;
61
fprintf(stderr, MSG_GSS_PUTCRED_USAGE, p);
62
fprintf(stderr, "\n");
68
main(int argc, char **argv)
70
char *service_name = NULL;
71
gss_cred_id_t server_creds = GSS_C_NO_CREDENTIAL;
72
gss_buffer_desc client_cred;
73
char *username = NULL;
78
char *cmd = NULL, *ecmd = NULL;
80
char *become_user=NULL;
81
char *change_owner=NULL;
82
char *ccname = getenv("KRB5CCNAME");
85
char lenbuf[GSSLIB_INTSIZE];
89
strcpy(ccbuf, ccname);
93
while ((ch = getopt(argc, argv, "o:b:vu:s:c:e:")) != EOF) {
99
change_owner = optarg;
108
service_name = optarg;
125
gsslib_verbose(verbose);
128
fprintf(stderr, MSG_GSS_PUTCRED_ARGUMENTS);
129
for (i=0; i<argc; i++)
130
fprintf(stderr, "%s ", argv[i]);
135
* get credentials for the SGE/SGE service
140
cc = gsslib_acquire_server_credentials(service_name, &server_creds);
143
fputs(gsslib_error(), stderr);
150
* read client credentials buffer from stdin
153
if (read(0, lenbuf, sizeof(lenbuf)) != sizeof(lenbuf)) {
154
fprintf(stderr, "%s\n", MSG_GSS_FAILEDREADINGCREDENTIALLENGTHFROMSTDIN );
157
client_cred.length = gsslib_unpackint(lenbuf);
159
fprintf(stderr, "credentials length = %d\n", client_cred.length);
161
if ((client_cred.value = (char *)malloc(client_cred.length)) == 0) {
162
fprintf(stderr, MSG_GSS_COULDNOTALLOCATEXBYTESFORCREDENTIALS_I ,
163
(int) client_cred.length);
164
fprintf(stderr, "\n");
168
if (read(0, client_cred.value, client_cred.length) != client_cred.length) {
169
fprintf(stderr, "%s\n", MSG_GSS_FAILEDREADINGCREDENTIALFROMSTDIN );
174
* establish and forward client credentials
177
cc = gsslib_put_credentials(server_creds, &client_cred, username);
180
fputs(gsslib_error(), stderr);
183
fputs(gsslib_error(), stderr);
185
if (become_user || change_owner) {
189
owner = change_owner ? change_owner : become_user;
191
if (!(pw = getpwnam(owner))) {
192
fprintf(stderr, MSG_GSS_COULDNOTGETUSERIDFORXY_SS ,
193
owner, strerror(errno));
194
fprintf(stderr, "\n");
199
/* change ownership of credentials file to user */
201
if (pw->pw_uid != geteuid()) {
203
char *new_ccname = getenv("KRB5CCNAME");
205
if (new_ccname == NULL || strncasecmp(new_ccname, "file:", 5) != 0) {
206
fprintf(stderr, MSG_GSS_COULDNOTCHANGEOWNERSHIPOFCREDENTIALSCACHETOXINVALIDKRB5CCNAME_S, owner);
207
fprintf(stderr, "\n");
212
if (chown(&new_ccname[5], pw->pw_uid, pw->pw_gid) < 0) {
213
fprintf(stderr, MSG_GSS_COULDNOTCHANGEOWNERSHIPOFXTOYZ_SSS ,
214
&new_ccname[5], owner, strerror(errno));
215
fprintf(stderr, "\n");
223
* take care of the "extra" DCE credentials files
227
char src[MAXPATHLEN];
229
sprintf(src, "%s.data", &new_ccname[5]);
230
chown(src, pw->pw_uid, pw->pw_gid);
231
sprintf(src, "%s.data.db", &new_ccname[5]);
232
chown(src, pw->pw_uid, pw->pw_gid);
233
sprintf(src, "%s.nc", &new_ccname[5]);
234
chown(src, pw->pw_uid, pw->pw_gid);
243
if (setgid(pw->pw_gid)<0) {
245
perror(MSG_GSS_PERROR_SETGID);
249
if (setuid(pw->pw_uid)<0) {
251
perror(MSG_GSS_PERROR_SETUID );
260
* Link the user-supplied credentials cache file name to the
261
* DCE credentials cache file if they have different file names
265
char *dce_ccname = getenv("KRB5CCNAME");
266
char src[MAXPATHLEN], dst[MAXPATHLEN];
268
fprintf(stderr, "dce_ccname=%s\n", dce_ccname);
269
fprintf(stderr, "ccname=%s\n", ccname);
271
if (cc==0 && ccname && dce_ccname &&
272
strcmp(ccname, dce_ccname)) {
274
if (strncasecmp(ccname, "file:", 5) == 0 &&
275
strncasecmp(dce_ccname, "file:", 5) == 0) {
277
if (symlink(&dce_ccname[5], &ccname[5]) < 0) {
278
fprintf(stderr, MSG_GSS_COULDNOTLINKXTODCECREDENTIALSCACHEFILEYZ_SSS ,
279
ccname, dce_ccname, strerror(errno));
280
fprintf(stderr, "\n");
283
sprintf(src, "%s.data", &dce_ccname[5]);
284
sprintf(dst, "%s.data", &ccname[5]);
287
sprintf(src, "%s.data.db", &dce_ccname[5]);
288
sprintf(dst, "%s.data.db", &ccname[5]);
291
sprintf(src, "%s.nc", &dce_ccname[5]);
292
sprintf(dst, "%s.nc", &ccname[5]);
297
fprintf(stderr, MSG_GSS_COULDNOTLINKXTODCECREDENTIALSCACHEFILEYINVALIDKRB5CCNAMEENVIRONMENTVARIABLEFORMAT_SS, ccname, dce_ccname);
298
fprintf(stderr, "\n");
306
fprintf(stderr, "KRB5CCNAME=%s\n", getenv("KRB5CCNAME"));
314
eargv[eargc] = strtok(ecmd, " \t");
316
eargv[++eargc] = strtok(NULL, " \t");
317
execv(eargv[0], eargv);
318
perror("exec failed");