myproxy_init.c

代理服务器源代码 供大家学习使用,希望大家喜欢

		goto cleanup;
	    }
	}
    }

    if (create_local_proxy) {
	unsetenv("X509_USER_PROXY"); /* GSI_SOCKET_use_creds() sets it */
	if (grid_proxy_init(client_request->proxy_lifetime,
			    proxyfile, proxyfile, x509_user_proxy) != 0) {
	    fprintf(stderr, "grid-proxy-init failed\n");
	    goto cleanup;
	}
    }

    /* Delete proxy file */
    if (grid_proxy_destroy(proxyfile) != 0) {
        fprintf(stderr, "Failed to remove temporary proxy credential.\n");
	goto cleanup;
    }
    cleanup_user_proxy = 0;
    
    hours = (int)(cred_lifetime/SECONDS_PER_HOUR);
    days = (float)(hours/24.0);
    printf("A proxy valid for %d hours (%.1f days) for user %s now exists on %s.\n", 
	   hours, days, client_request->username, socket_attrs->pshost); 
    
    return_value = 0;

 cleanup:
    /* free memory allocated */
    myproxy_free(socket_attrs, client_request, server_response);
    if (cleanup_user_proxy) {
        grid_proxy_destroy(proxyfile);
    }

    return return_value;
}

int
init_arguments(int argc, 
	       char *argv[], 
	       myproxy_socket_attrs_t *attrs,
	       myproxy_request_t *request,
	       int *cred_lifetime) 
{   
    extern char *optarg;
    int expr_type = MATCH_CN_ONLY;  /*default */

    int arg;

    while((arg = getopt_long(argc, argv, short_options, 
				 long_options, NULL)) != EOF) 
    {
	switch(arg) 
	{
	case 'h':       /* print help and exit */
	    fprintf(stderr, usage);
	    return -1;
	    break;
	case 'c': 	/* Specify cred lifetime in hours */
	    *cred_lifetime  = SECONDS_PER_HOUR * atoi(optarg);
	    break;    
	case 't': 	/* Specify proxy lifetime in hours */
	    request->proxy_lifetime = SECONDS_PER_HOUR * atoi(optarg);
	    break;        
	case 's': 	/* pshost name */
	    attrs->pshost = strdup(optarg);
	    break;
	case 'p': 	/* psport */
	    attrs->psport = atoi(optarg);
	    break;
	case 'C':		/* credential file name */
	    certfile = strdup(optarg);
	    break;
	case 'y':		/* key file name */
	    keyfile = strdup(optarg);
	    break;
	case 'u': 	/* print help and exit */
	    fprintf(stderr, usage);
	    return -1;
	    break;
	case 'l':	/* username */
	    request->username = strdup(optarg);
	    break;
	case 'v':
	    myproxy_debug_set_level(1);
	    verbose = 1;
	    break;
	case 'V': /* print version and exit */
	    fprintf(stderr, version);
	    return -1;
	    break;
	case 'n':
	    use_empty_passwd = 1;
	    break;
	case 'd':   /* use the certificate subject (DN) as the default
		       username instead of LOGNAME */
	    dn_as_username = 1;
	    break;
	case 'r':   /* retrievers list */
	    if (request->retrievers) {
		fprintf(stderr, "Only one -a or -r option may be specified.\n");
		return -1;
	    }
	    if (expr_type == REGULAR_EXP)  /*copy as is */
	      request->retrievers = strdup (optarg);
	    else
	    {
		request->retrievers = (char *) malloc (strlen (optarg) + 6);
		strcpy (request->retrievers, "*/CN=");
		request->retrievers = strcat (request->retrievers,optarg);
		myproxy_debug("authorized retriever %s", request->retrievers);
	    }
	    break;
	case 'Z':   /* trusted_retrievers list */
	    if (request->trusted_retrievers) {
		fprintf(stderr, "Only one -Z option may be specified.\n");
		return -1;
	    }
	    if (expr_type == REGULAR_EXP)  /*copy as is */
	      request->trusted_retrievers = strdup (optarg);
	    else
	    {
		request->trusted_retrievers =
		    (char *) malloc (strlen (optarg) + 6);
		strcpy (request->trusted_retrievers, "*/CN=");
		request->trusted_retrievers =
		    strcat (request->trusted_retrievers,optarg);
		myproxy_debug("trusted retriever %s",
			      request->trusted_retrievers);
	    }
	    use_empty_passwd = 1;
	    break;
	case 'R':   /* renewers list */
	    if (request->renewers) {
		fprintf(stderr, "Only one -A or -R option may be specified.\n");
		return -1;
	    }
	    if (expr_type == REGULAR_EXP)  /*copy as is */
	      request->renewers = strdup (optarg);
	    else
	    {
		request->renewers = (char *) malloc (strlen (optarg) + 6);
		strcpy (request->renewers, "*/CN=");
		request->renewers = strcat (request->renewers,optarg);
		myproxy_debug("authorized renewer %s", request->renewers);
	    }
	    use_empty_passwd = 1;
	    break;
	case 'x':   /*set expression type to regex*/
	    expr_type = REGULAR_EXP;
	    myproxy_debug("expr-type = regex");
	    break;
	case 'X':   /*set expression type to common name*/
	    expr_type = MATCH_CN_ONLY;
	    myproxy_debug("expr-type = CN");
	    break;
	case 'a':  /*allow anonymous retrievers*/
	    if (request->retrievers) {
		fprintf(stderr, "Only one -a or -r option may be specified.\n");
		return -1;
	    }
	    request->retrievers = strdup ("*");
	    myproxy_debug("anonymous retrievers allowed");
	    break;
	case 'A':  /*allow anonymous renewers*/
	    if (request->renewers) {
		fprintf(stderr, "Only one -A or -R option may be specified.\n");
		return -1;
	    }
	    request->renewers = strdup ("*");
	    myproxy_debug("anonymous renewers allowed");
	    use_empty_passwd = 1;
	    break;
	case 'k':  /*credential name*/
	    request->credname = strdup (optarg);
	    break;
	case 'K':  /*credential description*/
	    request->creddesc = strdup (optarg);
	    break;
	case 'S':
	    read_passwd_from_stdin = 1;
	    break;
	case 'L':
	    create_local_proxy = 1;
	    break;

        default:  
	    fprintf(stderr, usage);
	    return -1;
	    break;	
        }
    }

    if (optind != argc) {
	fprintf(stderr, "%s: invalid option -- %s\n", argv[0],
		argv[optind]);
	fprintf(stderr, usage);
	exit(1);
    }

    /* Check to see if myproxy-server specified */
    if (attrs->pshost == NULL) {
	fprintf(stderr, usage);
	fprintf(stderr, "Unspecified myproxy-server. Please set the MYPROXY_SERVER environment variable\nor set the myproxy-server hostname via the -s flag.\n");
	return -1;
    }

    return 0;
}


/* grid_proxy_init()
 *
 * Uses the system() call to run grid-proxy-init to create a user proxy
 *
 * returns grid-proxy-init status 0 if OK, -1 on error
 */
int
grid_proxy_init(int seconds,
		const char *cert, const char *key, const char *outfile) {

    int rc;
    char *command;
    int cmdlen;
    int hours;
    char *proxy_mode;
    int old=0;
      
    hours = seconds / SECONDS_PER_HOUR;

    proxy_mode = getenv("GT_PROXY_MODE");
    if (proxy_mode && strcmp(proxy_mode, "old") == 0) {
	old=1;
    }
    
    cmdlen = 200;
    if (cert) cmdlen += strlen(cert);
    if (key) cmdlen += strlen(key);
    if (outfile) cmdlen += strlen(outfile);
    command = (char *)malloc(cmdlen);

    sprintf(command, "grid-proxy-init -verify -hours %d "
	    "-bits %d%s%s%s%s%s%s%s%s%s",
	    hours, MYPROXY_DEFAULT_KEYBITS,
	    cert ? " -cert " : "",
	    cert ? cert : "",
	    key ? " -key " : "",
	    key ? key : "",
	    outfile ? " -out " : "",
	    outfile ? outfile : "",
	    read_passwd_from_stdin ? " -pwstdin" : "",
	    verbose ? " -debug" : "", old ? " -old" : "");
    rc = system(command);
    free(command);

    return rc;
}

/* grid_proxy_destroy()
 *
 * Fill the proxy file with zeros and unlink.
 *
 * returns 0 if OK, -1 on error
 */
int
grid_proxy_destroy(const char *proxyfile)
{
    if (ssl_proxy_file_destroy(proxyfile) != SSL_SUCCESS) {
	verror_print_error(stderr);
	return -1;
    }
    return 0;
}