📄 gsi_socket.c
字号:
} buffer = unwrapped_buffer.value; bytes_read = unwrapped_buffer.length; } } /* HACK: We may have multiple tokens concatenated together here. Unfortunately, our protocol doesn't do a good job of message framing. Still, we can find the start/end of some messages by looking for the standard VERSION string at the start. */ if (strncmp((const char *)buffer, "VERSION", strlen("VERSION")) == 0) { size_t token_len = safe_strlen((const char *)buffer, bytes_read)+1; if (bytes_read > token_len) { /* Our buffer is bigger than one message. Just return the one message here and save the rest for later. */ char *old_buffer; old_buffer = (char *)buffer; saved_buffer_len = bytes_read - token_len; buffer = malloc(token_len); memcpy(buffer, old_buffer, token_len); saved_buffer = malloc(saved_buffer_len); memcpy(saved_buffer, old_buffer+token_len, saved_buffer_len); bytes_read = token_len; free(old_buffer); } } /* Success */ *pbuffer = buffer; *pbuffer_len = bytes_read; return_status = GSI_SOCKET_SUCCESS; /* myproxy_debug("\nread:\n%s\n", buffer); */#if 0 if (buffer[bytes_read-1] == '\0') { myproxy_debug("read a null-terminated message"); } else { myproxy_debug("read a non-null-terminated message"); }#endif error: return return_status;}void GSI_SOCKET_free_token(unsigned char *buffer){ if (buffer != NULL) { free(buffer); }}int GSI_SOCKET_delegation_init_ext(GSI_SOCKET *self, const char *source_credentials, int lifetime, const char *passphrase){ int return_value = GSI_SOCKET_ERROR; SSL_CREDENTIALS *creds = NULL; SSL_PROXY_RESTRICTIONS *proxy_restrictions = NULL; unsigned char *input_buffer = NULL; size_t input_buffer_length; unsigned char *output_buffer = NULL; int output_buffer_length; if (self == NULL) { goto error; } if (self->gss_context == GSS_C_NO_CONTEXT) { self->error_string = strdup("GSI_SOCKET not authenticated"); goto error; } /* * Load proxy we are going to use to sign delegation */ creds = ssl_credentials_new(); if (creds == NULL) { GSI_SOCKET_set_error_from_verror(self); goto error; } if (passphrase && passphrase[0] == '\0') { passphrase = NULL; } if (ssl_proxy_load_from_file(creds, source_credentials, passphrase) == SSL_ERROR) { GSI_SOCKET_set_error_from_verror(self); goto error; } /* * Read the certificate request from the client */ if (GSI_SOCKET_read_token(self, &input_buffer, &input_buffer_length) == GSI_SOCKET_ERROR) { goto error; } /* * Set up the restrictions on the proxy */ proxy_restrictions = ssl_proxy_restrictions_new(); if (proxy_restrictions == NULL) { goto error; } if (ssl_proxy_restrictions_set_lifetime(proxy_restrictions, (long) lifetime) == SSL_ERROR) { goto error; } /* * Sign the request */ if (ssl_proxy_delegation_sign(creds, proxy_restrictions, input_buffer, input_buffer_length, &output_buffer, &output_buffer_length) == SSL_ERROR) { GSI_SOCKET_set_error_from_verror(self); goto error; } /* * Write the proxy certificate back to user */ if (GSI_SOCKET_write_buffer(self, (const char *)output_buffer, output_buffer_length) == GSI_SOCKET_ERROR) { goto error; } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (input_buffer != NULL) { GSI_SOCKET_free_token(input_buffer); } if (output_buffer != NULL) { ssl_free_buffer(output_buffer); } if (creds != NULL) { ssl_credentials_destroy(creds); } if (proxy_restrictions != NULL) { ssl_proxy_restrictions_destroy(proxy_restrictions); } return return_value;}intGSI_SOCKET_delegation_accept_ext(GSI_SOCKET *self, char *delegated_credentials, int delegated_credentials_len, char *passphrase){ int return_value = GSI_SOCKET_ERROR; SSL_CREDENTIALS *creds = NULL; unsigned char *output_buffer = NULL; int output_buffer_len; unsigned char *input_buffer = NULL; size_t input_buffer_len; char filename[L_tmpnam]; unsigned char *fmsg; int i; if (self == NULL) { return GSI_SOCKET_ERROR; } if ((delegated_credentials == NULL) || (delegated_credentials_len == 0)) { self->error_number = EINVAL; goto error; } if (self->gss_context == GSS_C_NO_CONTEXT) { self->error_string = strdup("GSI_SOCKET not authenticated"); return GSI_SOCKET_ERROR; } /* Generate proxy certificate request and send */ if (ssl_proxy_delegation_init(&creds, &output_buffer, &output_buffer_len, 0 /* default number of bits */, NULL /* No callback */) == SSL_ERROR) { GSI_SOCKET_set_error_from_verror(self); goto error; } if (GSI_SOCKET_write_buffer(self, (const char *)output_buffer, output_buffer_len) == GSI_SOCKET_ERROR) { goto error; } /* Now read the signed certificate */ if (GSI_SOCKET_read_token(self, &input_buffer, &input_buffer_len) == GSI_SOCKET_ERROR) { goto error; } /* MAJOR HACK: We don't have application-level framing in our protocol. We can't separate the certificate chain easily from the final protocol message, so just discard it. */ fmsg = input_buffer; for (i=0; i < input_buffer_len-strlen("VERSION"); i++, fmsg++) { if (strncmp((const char *)fmsg, "VERSION", strlen("VERSION")) == 0) { input_buffer_len = fmsg-input_buffer; break; } } if (ssl_proxy_delegation_finalize(creds, input_buffer, input_buffer_len) == SSL_ERROR) { GSI_SOCKET_set_error_from_verror(self); goto error; } /* Now store the credentials */ if (tmpnam(filename) == NULL) { self->error_number = errno; self->error_string = strdup("tmpnam() failed"); goto error; } if (passphrase && passphrase[0] == '\0') { passphrase = NULL; } if (ssl_proxy_store_to_file(creds, filename, passphrase) == SSL_ERROR) { GSI_SOCKET_set_error_from_verror(self); goto error; } if (delegated_credentials != NULL) { strncpy(delegated_credentials, filename, delegated_credentials_len); } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (creds != NULL) { ssl_credentials_destroy(creds); } if (input_buffer != NULL) { GSI_SOCKET_free_token(input_buffer); } if (output_buffer != NULL) { ssl_free_buffer(output_buffer); } return return_value;}int GSI_SOCKET_credentials_accept_ext(GSI_SOCKET *self, char *credentials, int credentials_len){ int return_value = GSI_SOCKET_ERROR; SSL_CREDENTIALS *creds = NULL; SSL_PROXY_RESTRICTIONS *proxy_restrictions = NULL; unsigned char *input_buffer = NULL; size_t input_buffer_length; unsigned char *output_buffer = NULL; unsigned char *fmsg; int i; char filename[L_tmpnam]; char *certstart; int rval, fd = 0; int size; int removetmp = 0; if (self == NULL) { goto error; } if (self->gss_context == GSS_C_NO_CONTEXT) { self->error_string = strdup("GSI_SOCKET not authenticated"); goto error; } /* Read the Cred sent from the client. */ if (GSI_SOCKET_read_token(self, &input_buffer, &input_buffer_length) == GSI_SOCKET_ERROR) { goto error; } myproxy_debug( "Read credentials" ); /* MAJOR HACK: We don't have application-level framing in our protocol. We can't separate the certificate chain easily from the final protocol message, so just discard it. */ fmsg = input_buffer; for (i=0; i < input_buffer_length-strlen("VERSION"); i++, fmsg++) { if (strncmp((const char *)fmsg, "VERSION", strlen("VERSION")) == 0) { input_buffer_length = fmsg-input_buffer; break; } } /* Now store the credentials */ if (tmpnam(filename) == NULL) { self->error_number = errno; self->error_string = strdup("tmpnam() failed"); goto error; } /* Open the output file. */ if ((fd = open(filename, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR)) < 0) { fprintf(stderr, "open(%s) failed: %s\n", filename, strerror(errno)); goto error; } removetmp = 1; size = strlen( (char *)input_buffer ); certstart = (char *)input_buffer; while (size) { if ((rval = write(fd, certstart, size)) < 0) { perror("write"); goto error; } size -= rval; certstart += rval; } if (write(fd, "\n\0", 1) < 0) { perror("write"); goto error; } strncpy(credentials, filename, credentials_len ); /* Success */ return_value = GSI_SOCKET_SUCCESS; removetmp = 0; error: if (input_buffer != NULL) { GSI_SOCKET_free_token(input_buffer); } if (output_buffer != NULL) { ssl_free_buffer(output_buffer); } if (creds != NULL) { ssl_credentials_destroy(creds); } if (proxy_restrictions != NULL) { ssl_proxy_restrictions_destroy(proxy_restrictions); } if( fd ) { close( fd ); } if( removetmp ) { ssl_proxy_file_destroy(filename); } return return_value;}int GSI_SOCKET_credentials_init_ext(GSI_SOCKET *self, const char *source_credentials){ int return_value = GSI_SOCKET_ERROR; SSL_PROXY_RESTRICTIONS *proxy_restrictions = NULL; unsigned char *input_buffer = NULL; unsigned char *output_buffer = NULL; if (self == NULL) { goto error; } if (self->gss_context == GSS_C_NO_CONTEXT) { self->error_string = strdup("GSI_SOCKET not authenticated"); goto error; } if (GSI_SOCKET_write_buffer(self, source_credentials, strlen(source_credentials)+1) == GSI_SOCKET_ERROR) { goto error; } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (input_buffer != NULL) { GSI_SOCKET_free_token(input_buffer); } if (output_buffer != NULL) { ssl_free_buffer(output_buffer); } if (proxy_restrictions != NULL) { ssl_proxy_restrictions_destroy(proxy_restrictions); } return return_value;}int GSI_SOCKET_get_creds(GSI_SOCKET *self, const char *source_credentials){ int return_value = GSI_SOCKET_ERROR; unsigned char *input_buffer = NULL; unsigned char *output_buffer = NULL; int output_buffer_length; if (self == NULL) { goto error; } if (self->gss_context == GSS_C_NO_CONTEXT) { self->error_string = strdup("GSI_SOCKET not authenticated"); goto error; } if (buffer_from_file(source_credentials, &output_buffer, &output_buffer_length) < 0) { GSI_SOCKET_set_error_from_verror(self); goto error; } /* * Write the proxy certificate back to user */ myproxy_debug( "Sending credential" ); if (GSI_SOCKET_write_buffer(self, (const char *)output_buffer, output_buffer_length) == GSI_SOCKET_ERROR) { goto error; } /* Success */ return_value = GSI_SOCKET_SUCCESS; error: if (input_buffer != NULL) { GSI_SOCKET_free_token(input_buffer); } if (output_buffer != NULL) { free(output_buffer); } return return_value;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -