📄 myproxy_creds.c
字号:
continue; } if (strcmp(variable, "KEYRETRIEVERS") == 0) { creds->keyretrieve = mystrdup(value); if (creds->keyretrieve == NULL) { goto error; } continue; } if (strcmp(variable, "TRUSTED_RETRIEVERS") == 0) { creds->trusted_retrievers = mystrdup(value); if (creds->trusted_retrievers == NULL) { goto error; } continue; } if (strcmp(variable, "RENEWERS") == 0) { creds->renewers = mystrdup(value); if (creds->renewers == NULL) { goto error; } continue; } if (strcmp(variable, "NAME") == 0) { creds->credname = mystrdup(value); if (creds->credname == NULL) { goto error; } continue; } if (strcmp(variable, "DESCRIPTION") == 0) { creds->creddesc= mystrdup(value); if (creds->creddesc == NULL) { goto error; } continue; } if (strcmp(variable, "LIFETIME") == 0) { creds->lifetime = (int) strtol(value, NULL, 10); continue; } /* Unrecognized varibale */ verror_put_string("unrecognized line: %s line %d", datafile_path, line_number); goto error; } /* Success */ return_code = 0; error: if (data_stream != NULL) { fclose(data_stream); } return return_code;}/*** Check trusted certificates directory, create if needed.*/static intcheck_trusted_certs_dir(){ char *path = NULL; struct stat statbuf; path = get_trusted_certs_path(); if (path == NULL) { goto error; } myproxy_debug("Trusted cert dir is %s\n", path); if (stat(path, &statbuf) == -1) { switch(errno) { case ENOENT: case ENOTDIR: myproxy_debug("%s does not exist. Creating.\n", path); if (make_path(path) == -1) { goto error; } break; default: verror_put_errno(errno); verror_put_string("stat(%s)", path); goto error; } } else if (!S_ISDIR(statbuf.st_mode)) { verror_put_string("Trusted certificates directory \"%s\" is not a directory.\n", path); goto error; } free(path); /* Success */ return 0; error: if (path != NULL) { free(path); } return -1;} /********************************************************************** * * API routines * */intmyproxy_creds_store(const struct myproxy_creds *creds){ char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; mode_t data_file_mode = FILE_MODE; mode_t creds_file_mode = FILE_MODE; int return_code = -1; if ((creds == NULL) || (creds->username == NULL) || (creds->owner_name == NULL) || (creds->location == NULL)) { verror_put_errno(EINVAL); goto error; } if (get_storage_locations(creds->username, creds->credname, &creds_path, &data_path, &lock_path) == -1) { goto error; } /* info about credential */ if (write_data_file(creds, data_path, data_file_mode) == -1) { verror_put_string ("Error writing data file"); goto clean_up; } /* credential */ if (copy_file(creds->location, creds_path, creds_file_mode) == -1) { verror_put_string ("Error writing credential file"); goto clean_up; } /* administrative locks */ if (creds->lockmsg) { FILE *lockfile; lockfile = fopen(lock_path, "w"); if (!lockfile) { verror_put_string("Error writing lockfile"); goto clean_up; } fprintf(lockfile, creds->lockmsg); fclose(lockfile); } else { unlink(lock_path); } /* Success */ return_code = 0;clean_up: /* XXX */ /* Remove files on error */ if (return_code == -1) { unlink(data_path); ssl_proxy_file_destroy(creds_path); } if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path);error: return return_code;}intmyproxy_creds_retrieve(struct myproxy_creds *creds){ char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; char *username = NULL; FILE *lockfile = NULL; int return_code = -1; if ((creds == NULL) || (creds->username == NULL)) { verror_put_errno(EINVAL); goto error; } /* stash username */ username = mystrdup(creds->username); if (get_storage_locations(creds->username, creds->credname, &creds_path, &data_path, &lock_path) == -1) { goto error; } if (read_data_file(creds, data_path) == -1) { if (verror_get_errno() == ENOENT) { verror_clear(); verror_put_string("Credentials do not exist"); } else { verror_put_string("Can't read credentials"); } goto error; } /* read lockmsg in lockfile if it exists */ if (creds->lockmsg) { free(creds->lockmsg); creds->lockmsg = NULL; } if ((lockfile = fopen(lock_path, "r")) != NULL) { long len; fseek(lockfile, 0, SEEK_END); len = ftell(lockfile); rewind(lockfile); if (len < 0) { verror_put_string("Failed to access %s", lock_path); fclose(lockfile); goto error; } len++; creds->lockmsg = malloc(len); fgets(creds->lockmsg, len, lockfile); fclose(lockfile); } /* reset username from stashed value */ assert(creds->username == NULL); creds->username = username; username = NULL; assert(creds->location == NULL); creds->location = mystrdup(creds_path); ssl_get_times(creds_path, &creds->start_time, &creds->end_time); /* Success */ return_code = 0;error: if (creds_path) free(creds_path); if (data_path) free(data_path); if (lock_path) free(lock_path); if (username) free(username); return return_code;}int myproxy_creds_retrieve_all(struct myproxy_creds *creds){ char *username = NULL, *h_username = NULL, *owner_name = NULL; size_t h_username_len = 0; struct myproxy_creds *cur_cred = NULL, *new_cred = NULL; DIR *dir = NULL; struct dirent *de = NULL; int return_code = -1; /* * cur_cred always points to the last valid credential in the list. * If cur_cred is NULL, we haven't found any credentials yet. * The first cred in the list is the one passed in. Other creds * in the list are ones we allocated and added. */ if ((creds == NULL) || (creds->username == NULL)) { verror_put_errno(EINVAL); goto error; } /* stash username and owner_name so we can test each credential */ username = strdup(creds->username); if (strchr(creds->username, '/')) { h_username = strmd5(username, NULL); } else { h_username = strdup(creds->username); } h_username_len = strlen(h_username); owner_name = strdup(creds->owner_name); new_cred = creds; /* new_cred is what we're filling in */ /* first, try to get the default credential */ if (new_cred->credname) { free(new_cred->credname); new_cred->credname = NULL; } if (myproxy_creds_retrieve(new_cred) == 0) { if (strcmp(owner_name, new_cred->owner_name) == 0) { cur_cred = creds; new_cred = malloc(sizeof(struct myproxy_creds)); memset(new_cred, 0, sizeof(struct myproxy_creds)); } else { /* owned by someone else; re-initialize cred structure */ myproxy_creds_free_contents(new_cred); } } if ((dir = opendir(storage_dir)) == NULL) { verror_put_string("failed to open credential storage directory"); goto error; } while ((de = readdir(dir)) != NULL) { if (!strncmp(de->d_name, h_username, h_username_len) && de->d_name[h_username_len] == '-' && !strncmp(de->d_name+strlen(de->d_name)-5, ".data", 5)) { char *credname, *dot; credname = strdup(de->d_name+h_username_len+1); dot = strchr(credname, '.'); *dot = '\0'; if (new_cred->username) free(new_cred->username); if (new_cred->credname) free(new_cred->credname); new_cred->username = strdup(username); new_cred->credname = strdup(credname); free(credname); if (myproxy_creds_retrieve(new_cred) == 0) { if (strcmp(owner_name, new_cred->owner_name) == 0) { if (cur_cred) cur_cred->next = new_cred; cur_cred = new_cred; new_cred = malloc(sizeof(struct myproxy_creds)); memset(new_cred, 0, sizeof(struct myproxy_creds)); } else { /* owned by someone else; re-initialize cred structure */ myproxy_creds_free_contents(new_cred); } } } } closedir(dir); if (!cur_cred) { verror_put_string("no credentials found for user %s, owner \"%s\"", username, owner_name); goto error; } return_code = 0; error: if (username) free(username); if (h_username) free(h_username); if (owner_name) free(owner_name); if (cur_cred && new_cred) { myproxy_creds_free_contents(new_cred); free(new_cred); } return return_code;}/* Retrieves info about all credentials. Verifies username and remaining lifetime if specified. If query is username or lifetime based, username should be specified in creds->username and remaining lifetime in creds->end_time*/int myproxy_admin_retrieve_all(struct myproxy_creds *creds){ struct myproxy_creds *cur_cred = NULL, *new_cred = NULL; DIR *dir = NULL; struct dirent *de = NULL; int return_code = -1, numcreds=0; char *username = NULL, *credname = NULL; time_t end_time = 0, start_time = 0; if (check_storage_directory() == -1) { goto error; } /* * cur_cred always points to the last valid credential in the list. * If cur_cred is NULL, we haven't found any credentials yet. * The first cred in the list is the one passed in. Other creds * in the list are ones we allocated and added. */ if (creds == NULL) { verror_put_errno(EINVAL); goto error; } new_cred = creds; /* new_cred is what we're filling in */ if (creds->username) { username = creds->username; creds->username = NULL; } if (creds->credname) { credname = creds->credname; creds->credname = NULL; } if (creds->start_time) { start_time = creds->start_time; creds->start_time = 0; } if (creds->end_time) { end_time = creds->end_time; creds->end_time = 0; } if ((dir = opendir(storage_dir)) == NULL) { verror_put_string("failed to open credential storage directory"); goto error; } /* Credential data file names are of the form "<username>-<credname>.data" where <credname> is "" for default credentials */ while ((de = readdir(dir)) != NULL) { if (!strncmp(de->d_name+strlen(de->d_name)-5, ".data", 5)) { char *cname = NULL, *dot, *dash; dash = strchr (de->d_name, '-'); /*Get a pointer to '-' */ dot = strchr(de->d_name, '.'); *dot = '\0'; if (dash) /*Credential with a name */ cname = dash+1; if (new_cred->username) free(new_cred->username); if (new_cred->credname) free(new_cred->credname); if (dash != NULL) /*Stash '-' and beyond in de->d_name (Gives username) */ *dash = '\0'; new_cred->username = strdup(de->d_name); if (cname) new_cred->credname = strdup(cname); else new_cred->credname = NULL; if (username) /* use username to query if specified */ if (strcmp(username, new_cred->username)) continue; if (credname) if ((new_cred->credname == NULL && credname[0] != '\0') || (new_cred->credname != NULL && strcmp(credname, new_cred->credname))) continue; if (myproxy_creds_retrieve(new_cred) == 0) { if ((start_time == 0 || start_time < new_cred->end_time) && (end_time == 0 || end_time >= new_cred->end_time)) { if (cur_cred) cur_cred->next = new_cred; cur_cred = new_cred; new_cred = malloc(sizeof(struct myproxy_creds)); memset(new_cred, 0, sizeof(struct myproxy_creds)); numcreds++; } else { myproxy_creds_free_contents(new_cred); } } } } closedir(dir); return_code = numcreds; error: if (username) free(username); if (cur_cred && new_cred) { myproxy_creds_free_contents(new_cred); free(new_cred); } return return_code;}intmyproxy_creds_exist(const char *username, const char *credname){ char *creds_path = NULL; char *data_path = NULL; char *lock_path = NULL; int rc = -1; if (username == NULL) { verror_put_errno(EINVAL); goto done; } if (get_storage_locations(username, credname, &creds_path, &data_path, &lock_path) == -1) { goto done; } rc = file_exists(creds_path); switch(rc) { case 0: /* File does not exist */ goto done; case 1: /* File exists, keep checking */ break; case -1: /* Error */ goto done; default: /* Should not be here */ verror_put_string("file_exists(%s) return unknown value (%d)", creds_path, rc); rc = -1; goto done; } rc = file_exists(data_path); switch(rc) { case 0: /* File does not exist */ goto done; case 1: /* File exists, keep checking */ break; case -1: /* Error */ goto done; default: /* Should not be here */ verror_put_string("file_exists(%s) return unknown value (%d)", data_path, rc); rc = -1; goto done; } /* Everything seems to exist */ ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -