myproxy_store.c

代理服务器源代码 供大家学习使用,希望大家喜欢

	    break;

	case 'c':		/* credential file name */
	    if (certfile) free(certfile);
	    certfile = strdup(optarg);
	    break;

	case 'y':		/* key file name */
	    if (keyfile) free(keyfile);
	    keyfile = strdup(optarg);
	    break;

	case 'u':		/* print help and exit */
	    fprintf(stderr, usage);
	    exit(1);
	    break;

	case 't':		/* Specify proxy lifetime in hours */
	    request->proxy_lifetime = SECONDS_PER_HOUR * atoi(optarg);
	    break;

	case 'h':		/* print help and exit */
	    fprintf(stderr, usage);
	    exit(1);
	    break;

	case 'l':		/* username */
	    request->username = strdup(optarg);
	    break;

	case 'v':		/* verbose */
	    myproxy_debug_set_level(1);
	    verbose = 1;
	    break;

	case 'V':		/* print version and exit */
	    fprintf(stderr, version);
	    exit(1);
	    break;


	case 'r':		/* retrievers list */
	    if (request->retrievers) {
		fprintf(stderr,
			"Only one -a or -r option may be specified.\n");
		exit(1);
	    }

	    if (expr_type == REGULAR_EXP) {
		
                /* Copy as is */
		request->retrievers = strdup(optarg);
	    } else {
		request->retrievers =
		    (char *) malloc(strlen(optarg) + 6);
		strcpy(request->retrievers, "*/CN=");
		myproxy_debug("authorized retriever %s",
			      request->retrievers);
		request->retrievers =
		    strcat(request->retrievers, optarg);
	    }
	    break;

	case 'R':		/* renewers list */
            /*
            ** This needs to be readdressed.  Right now, the private key is
            ** being stored encrypted.  This is a problem if the user calls
            ** /myproxy-get-delegation with the -a option.  The call will
            ** fail because an unencrypted password is being looked for.
            ** So, do we want to add code to unencrypt the private key if
            ** this option is used?
            */
	    if (request->renewers) {
		fprintf(stderr,
			"Only one -A or -R option may be specified.\n");
		exit(1);
	    }

	    if (expr_type == REGULAR_EXP) {
		/* Copy as is */
		request->renewers = strdup(optarg);
	    } else {
		request->renewers =
		    (char *) malloc(strlen(optarg) + 6);
		strcpy(request->renewers, "*/CN=");
		myproxy_debug("authorized renewer %s", request->renewers);
		request->renewers = strcat(request->renewers, optarg);
	    }
	    break;

	case 'Z':		/* retrievers list */
	    if (request->trusted_retrievers) {
		fprintf(stderr,
			"Only one -a or -r option may be specified.\n");
		exit(1);
	    }

	    if (expr_type == REGULAR_EXP) {
		
                /* Copy as is */
		request->trusted_retrievers = strdup(optarg);
	    } else {
		request->trusted_retrievers =
		    (char *) malloc(strlen(optarg) + 6);
		strcpy(request->trusted_retrievers, "*/CN=");
		myproxy_debug("trusted retriever %s",
			      request->trusted_retrievers);
		request->trusted_retrievers =
		    strcat(request->trusted_retrievers, optarg);
	    }
	    break;

        case 'E' :              /* key retriever list */ 
	    if (expr_type == REGULAR_EXP) {
		/* Copy as is */
		request->keyretrieve = strdup(optarg);
	    } else {
		request->keyretrieve =
		    (char *) malloc(strlen(optarg) + 6);
		strcpy(request->keyretrieve, "*/CN=");
		myproxy_debug("authorized key retriever %s",
			      request->keyretrieve);
		request->keyretrieve =
		    strcat(request->keyretrieve, optarg);
	    }
	    break;

	case 'd':		/* 
				 ** use the certificate subject (DN) as the 
				 ** default username instead of LOGNAME 
				 */
	    dn_as_username = 1;
	    break;

	case 'x':		/*set expression type to regex */
	    expr_type = REGULAR_EXP;
	    myproxy_debug("expr-type = regex");
	    break;

	case 'X':		/*set expression type to common name */
	    expr_type = MATCH_CN_ONLY;
	    myproxy_debug("expr-type = CN");
	    break;

	case 'a':		/*allow anonymous retrievers */
	    if (request->retrievers) {
		fprintf(stderr,
			"Only one -a or -r option may be specified.\n");
		exit(1);
	    }

	    request->retrievers = strdup("*");
	    myproxy_debug("anonymous retrievers allowed");
	    break;

	case 'A':		/*allow anonymous renewers */
	    if (request->renewers) {
		fprintf(stderr,
			"Only one -A or -R option may be specified.\n");
		exit(1);
	    }

	    request->renewers = strdup("*");
	    myproxy_debug("anonymous renewers allowed");
	    break;

	case 'k':		/*credential name */
	    request->credname = strdup(optarg);
	    break;

	case 'K':		/*credential description */
	    request->creddesc = strdup(optarg);
	    break;

	default:		/* print usage and exit */
	    fprintf(stderr, usage);
	    exit(1);
	    break;
	}
    }

    /* Check to see if myproxy-server specified */
    if (attrs->pshost == NULL) {
	fprintf(stderr, usage);
	fprintf(stderr,
		"Unspecified myproxy-server! Either set the MYPROXY_SERVER environment variable or explicitly set the myproxy-server via the -s flag\n");
	return -1;
    }

    return 0;
}

int 
makecertfile(const char   certfile[],
             const char   keyfile[],
             char       **credbuf)
{
    unsigned char *certbuf = NULL;
    unsigned char *keybuf  = NULL;
    int         retval  = -1;
    struct stat s;
    int         bytes;
    static char BEGINCERT[] = "-----BEGIN CERTIFICATE-----";
    static char ENDCERT[] = "-----END CERTIFICATE-----";
    static char BEGINKEY[] = "-----BEGIN RSA PRIVATE KEY-----";
    static char ENDKEY[] = "-----END RSA PRIVATE KEY-----";
    char        *certstart; 
    char        *certend;
    int          size;
    char        *keystart; 
    char        *keyend;


    /* Figure out how much memory we are going to need */
    stat( certfile, &s );
    bytes = s.st_size;
    stat( keyfile, &s );
    bytes += s.st_size;

    *credbuf = malloc( bytes + 1 );
    memset(*credbuf, 0, (bytes + 1));

    /* Read the certificate(s) into a buffer. */
    if (buffer_from_file(certfile, &certbuf, NULL) < 0) {
	fprintf(stderr, "Failed to read %s\n", certfile);
	goto cleanup;
    }

    /* Read the key into a buffer. */
    if (buffer_from_file(keyfile, &keybuf, NULL) < 0) {
        fprintf(stderr, "Failed to read %s\n", keyfile);
        goto cleanup;
    }

    if ((certstart = strstr((const char *)certbuf, BEGINCERT)) == NULL)
    {
      fprintf(stderr, "%s doesn't contain '%s'.\n",  certfile, BEGINCERT);
      goto cleanup;
    }

    if ((certend = strstr(certstart, ENDCERT)) == NULL)
    {
      fprintf(stderr, "%s doesn't contain '%s'.\n", certfile, ENDCERT);
      goto cleanup;
    }
    certend += strlen(ENDCERT);
    size = certend-certstart;

    strncat( *credbuf, certstart, size ); 
    strcat( *credbuf, "\n" );
    certstart += size;

    /* Write the key. */
    if ((keystart = strstr((const char *)keybuf, BEGINKEY)) == NULL) {
	fprintf(stderr, "%s doesn't contain '%s'.\n", keyfile, BEGINKEY);
	goto cleanup;
    }

    if ((keyend = strstr(keystart, ENDKEY)) == NULL) {
	fprintf(stderr, "%s doesn't contain '%s'.\n", keyfile, ENDKEY);
	goto cleanup;
    }
    keyend += strlen(ENDKEY);
    size = keyend-keystart;

    strncat( *credbuf, keystart, size );
    strcat( *credbuf, "\n" );

    /* Write any remaining certificates. */
    while ((certstart = strstr(certstart, BEGINCERT)) != NULL) {

        if ((certend = strstr(certstart, ENDCERT)) == NULL) {
            fprintf(stderr, "Can't find matching '%s' in %s.\n", ENDCERT,
                    certfile);
            goto cleanup;
        }
        certend += strlen(ENDCERT);
        size = certend-certstart;

        strncat( *credbuf, certstart, size ); 
        strcat( *credbuf, "\n" ); 
        certstart += size;
    }

    retval = 0;

  cleanup:
    if (certbuf) free(certbuf);
    if (keybuf) free(keybuf);

    return (retval);
}