pax_global_header00006660000000000000000000000064147713136420014522gustar00rootroot0000000000000052 comment=54eec095ca3587588649c735555d2078b5f06306 voms-2.1.2/000077500000000000000000000000001477131364200125105ustar00rootroot00000000000000voms-2.1.2/.devcontainer.json000066400000000000000000000003071477131364200161420ustar00rootroot00000000000000{ "name": "VOMS core development", "dockerComposeFile": "compose/docker-compose.yml", "service": "voms_build", "workspaceFolder": "/home/build/workspace", "shutdownAction": "stopCompose" } voms-2.1.2/.devcontainer/000077500000000000000000000000001477131364200152475ustar00rootroot00000000000000voms-2.1.2/.devcontainer/Dockerfile-centos7000066400000000000000000000004121477131364200206160ustar00rootroot00000000000000FROM centos:7 COPY library-scripts/*.sh /tmp/library-scripts/ RUN \ bash /tmp/library-scripts/add-repos-redhat.sh && \ bash /tmp/library-scripts/common-redhat.sh false automatic automatic automatic true false && \ bash /tmp/library-scripts/add-deps-redhat.sh voms-2.1.2/.devcontainer/Dockerfile-el9000066400000000000000000000004151477131364200177300ustar00rootroot00000000000000FROM almalinux:9 COPY library-scripts/*.sh /tmp/library-scripts/ RUN \ bash /tmp/library-scripts/add-repos-redhat.sh && \ bash /tmp/library-scripts/common-redhat.sh false automatic automatic automatic true false && \ bash /tmp/library-scripts/add-deps-redhat.sh voms-2.1.2/.devcontainer/devcontainer.json000066400000000000000000000034451477131364200206310ustar00rootroot00000000000000// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at: // https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/docker-existing-docker-compose // If you want to run as a non-root user in the container, see .devcontainer/docker-compose.yml. { "name": "VOMS Devel", // Update the 'dockerComposeFile' list if you have more compose files or use different names. // The .devcontainer/docker-compose.yml file contains any overrides you need/want to make. "dockerComposeFile": [ "../docker-compose.yml", "docker-compose.yml" ], // The 'service' property is the name of the service for the container that VS Code should // use. Update this value and .devcontainer/docker-compose.yml to the real service name. "service": "container-el9", // Uncomment the next line if you want start specific services in your Docker Compose config. "runServices": ["container-el9"], // The optional 'workspaceFolder' property is the path VS Code should open by default when // connected. This is typically a file mount in .devcontainer/docker-compose.yml "workspaceFolder": "/workspace", "customizations": { "vscode": { "extensions": [ "ms-vscode.cpptools", "eamodio.gitlens" ] } }, // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], // Uncomment the next line if you want to keep your containers running after VS Code shuts down. // "shutdownAction": "none", // Uncomment the next line to run commands after the container is created - for example installing curl. // "postCreateCommand": "apt-get update && apt-get install -y curl", // Uncomment to connect as a non-root user if you've added one. See https://aka.ms/vscode-remote/containers/non-root. "remoteUser": "vscode" } voms-2.1.2/.devcontainer/docker-compose.yml000066400000000000000000000014031477131364200207020ustar00rootroot00000000000000 services: container-el9: environment: - TZ=Europe/Rome depends_on: - trust build: context: .devcontainer dockerfile: Dockerfile-el9 volumes: - trustanchors:/etc/grid-security/certificates - .:/workspace cap_add: - SYS_PTRACE security_opt: - seccomp:unconfined command: sleep infinity init: true container-centos7: environment: - TZ=Europe/Rome depends_on: - trust build: context: .devcontainer dockerfile: Dockerfile-centos7 volumes: - trustanchors:/etc/grid-security/certificates - .:/workspace cap_add: - SYS_PTRACE security_opt: - seccomp:unconfined command: sleep infinity init: true voms-2.1.2/.devcontainer/library-scripts/000077500000000000000000000000001477131364200204005ustar00rootroot00000000000000voms-2.1.2/.devcontainer/library-scripts/add-deps-redhat.sh000066400000000000000000000013421477131364200236620ustar00rootroot00000000000000#!/usr/bin/env bash # # Copyright (c) Istituto Nazionale di Fisica Nucleare # Licensed under the EUPL # # Syntax: ./add-deps-redhat.sh [install doc tools] set -e . /etc/os-release INSTALL_DOC_TOOLS=${1:-"false"} package_list="\ file \ gdb \ expat-devel \ autoconf \ automake \ make \ libtool \ openssl-devel \ gsoap-devel \ bison \ flex \ gcc-c++" if ! type git > /dev/null 2>&1; then if [ "${ID}" = "centos" ] && [ "${VERSION_ID}" = "7" ]; then package_list="${package_list} git236" else package_list="${package_list} git" fi fi if [ ${INSTALL_DOC_TOOLS} = "true" ]; then package_list="${package_list} \ libxslt \ docbook-style-xsl \ doxygen" fi yum install -y ${package_list} voms-2.1.2/.devcontainer/library-scripts/add-repos-redhat.sh000066400000000000000000000005361477131364200240630ustar00rootroot00000000000000#!/usr/bin/env bash # # Copyright (c) Istituto Nazionale di Fisica Nucleare # Licensed under the EUPL # # Syntax: ./add-repos-redhat.sh set -e . /etc/os-release repo_list="epel-release" if [ "${ID}" = "centos" ] && [ "${VERSION_ID}" = "7" ]; then repo_list="${repo_list} https://repo.ius.io/ius-release-el7.rpm" fi yum install -y ${repo_list} voms-2.1.2/.devcontainer/library-scripts/common-redhat.sh000066400000000000000000000305661477131364200235030ustar00rootroot00000000000000#!/usr/bin/env bash #------------------------------------------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information. #------------------------------------------------------------------------------------------------------------- # # ** This script is community supported ** # Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/common.md # Maintainer: The VS Code and Codespaces Teams # # Syntax: ./common-redhat.sh [install zsh flag] [username] [user UID] [user GID] [upgrade packages flag] [install Oh My Zsh! flag] set -e INSTALL_ZSH=${1:-"true"} USERNAME=${2:-"automatic"} USER_UID=${3:-"automatic"} USER_GID=${4:-"automatic"} UPGRADE_PACKAGES=${5:-"true"} INSTALL_OH_MYS=${6:-"true"} SCRIPT_DIR="$(cd $(dirname "${BASH_SOURCE[0]}") && pwd)" MARKER_FILE="/usr/local/etc/vscode-dev-containers/common" if [ "$(id -u)" -ne 0 ]; then echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' exit 1 fi # Ensure that login shells get the correct path if the user updated the PATH using ENV. rm -f /etc/profile.d/00-restore-env.sh echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh chmod +x /etc/profile.d/00-restore-env.sh # If in automatic mode, determine if a user already exists, if not use vscode if [ "${USERNAME}" = "auto" ] || [ "${USERNAME}" = "automatic" ]; then USERNAME="" POSSIBLE_USERS=("vscode" "node" "codespace" "$(awk -v val=1000 -F ":" '$3==val{print $1}' /etc/passwd)") for CURRENT_USER in ${POSSIBLE_USERS[@]}; do if id -u ${CURRENT_USER} > /dev/null 2>&1; then USERNAME=${CURRENT_USER} break fi done if [ "${USERNAME}" = "" ]; then USERNAME=vscode fi elif [ "${USERNAME}" = "none" ]; then USERNAME=root USER_UID=0 USER_GID=0 fi # Load markers to see which steps have already run if [ -f "${MARKER_FILE}" ]; then echo "Marker file found:" cat "${MARKER_FILE}" source "${MARKER_FILE}" fi # Install common dependencies if [ "${PACKAGES_ALREADY_INSTALLED}" != "true" ]; then package_list="\ openssh-clients \ gnupg2 \ iproute \ procps \ lsof \ net-tools \ psmisc \ wget \ ca-certificates \ rsync \ unzip \ zip \ nano \ vim-minimal \ less \ jq \ openssl-libs \ krb5-libs \ libicu \ zlib \ sudo \ sed \ grep \ which \ man-db \ strace" # Install OpenSSL 1.0 compat if needed if yum -q list compat-openssl10 >/dev/null 2>&1; then package_list="${package_list} compat-openssl10" fi yum -y install ${package_list} if ! type curl > /dev/null 2>&1; then yum -y install curl fi PACKAGES_ALREADY_INSTALLED="true" fi # Update to latest versions of packages if [ "${UPGRADE_PACKAGES}" = "true" ]; then yum upgrade -y fi # Create or update a non-root user to match UID/GID. group_name="${USERNAME}" if id -u ${USERNAME} > /dev/null 2>&1; then # User exists, update if needed if [ "${USER_GID}" != "automatic" ] && [ "$USER_GID" != "$(id -g $USERNAME)" ]; then group_name="$(id -gn $USERNAME)" groupmod --gid $USER_GID ${group_name} usermod --gid $USER_GID $USERNAME fi if [ "${USER_UID}" != "automatic" ] && [ "$USER_UID" != "$(id -u $USERNAME)" ]; then usermod --uid $USER_UID $USERNAME fi else # Create user if [ "${USER_GID}" = "automatic" ]; then groupadd $USERNAME else groupadd --gid $USER_GID $USERNAME fi if [ "${USER_UID}" = "automatic" ]; then useradd -s /bin/bash --gid $USERNAME -m $USERNAME else useradd -s /bin/bash --uid $USER_UID --gid $USERNAME -m $USERNAME fi fi # Add sudo support for non-root user if [ "${USERNAME}" != "root" ] && [ "${EXISTING_NON_ROOT_USER}" != "${USERNAME}" ]; then echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME chmod 0440 /etc/sudoers.d/$USERNAME EXISTING_NON_ROOT_USER="${USERNAME}" fi # ** Shell customization section ** if [ "${USERNAME}" = "root" ]; then user_rc_path="/root" else user_rc_path="/home/${USERNAME}" fi # .bashrc/.zshrc snippet rc_snippet="$(cat << 'EOF' if [ -z "${USER}" ]; then export USER=$(whoami); fi if [[ "${PATH}" != *"$HOME/.local/bin"* ]]; then export PATH="${PATH}:$HOME/.local/bin"; fi # Display optional first run image specific notice if configured and terminal is interactive if [ -t 1 ] && [[ "${TERM_PROGRAM}" = "vscode" || "${TERM_PROGRAM}" = "codespaces" ]] && [ ! -f "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed" ]; then if [ -f "/usr/local/etc/vscode-dev-containers/first-run-notice.txt" ]; then cat "/usr/local/etc/vscode-dev-containers/first-run-notice.txt" elif [ -f "/workspaces/.codespaces/shared/first-run-notice.txt" ]; then cat "/workspaces/.codespaces/shared/first-run-notice.txt" fi mkdir -p $HOME/.config/vscode-dev-containers # Mark first run notice as displayed after 10s to avoid problems with fast terminal refreshes hiding it ((sleep 10s; touch "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed") &) fi # Set the default git editor if not already set if [ -z "$(git config --get core.editor)" ] && [ -z "${GIT_EDITOR}" ]; then if [ "${TERM_PROGRAM}" = "vscode" ]; then if [[ -n $(command -v code-insiders) && -z $(command -v code) ]]; then export GIT_EDITOR="code-insiders --wait" else export GIT_EDITOR="code --wait" fi fi fi EOF )" # code shim, it fallbacks to code-insiders if code is not available cat << 'EOF' > /usr/local/bin/code #!/bin/sh get_in_path_except_current() { which -a "$1" | grep -A1 "$0" | grep -v "$0" } code="$(get_in_path_except_current code)" if [ -n "$code" ]; then exec "$code" "$@" elif [ "$(command -v code-insiders)" ]; then exec code-insiders "$@" else echo "code or code-insiders is not installed" >&2 exit 127 fi EOF chmod +x /usr/local/bin/code # Codespaces bash and OMZ themes - partly inspired by https://github.com/ohmyzsh/ohmyzsh/blob/master/themes/robbyrussell.zsh-theme codespaces_bash="$(cat \ <<'EOF' # Codespaces bash prompt theme __bash_prompt() { local userpart='`export XIT=$? \ && [ ! -z "${GITHUB_USER}" ] && echo -n "\[\033[0;32m\]@${GITHUB_USER} " || echo -n "\[\033[0;32m\]\u " \ && [ "$XIT" -ne "0" ] && echo -n "\[\033[1;31m\]➜" || echo -n "\[\033[0m\]➜"`' local gitbranch='`\ if [ "$(git config --get codespaces-theme.hide-status 2>/dev/null)" != 1 ]; then \ export BRANCH=$(git symbolic-ref --short HEAD 2>/dev/null || git rev-parse --short HEAD 2>/dev/null); \ if [ "${BRANCH}" != "" ]; then \ echo -n "\[\033[0;36m\](\[\033[1;31m\]${BRANCH}" \ && if git ls-files --error-unmatch -m --directory --no-empty-directory -o --exclude-standard ":/*" > /dev/null 2>&1; then \ echo -n " \[\033[1;33m\]✗"; \ fi \ && echo -n "\[\033[0;36m\]) "; \ fi; \ fi`' local lightblue='\[\033[1;34m\]' local removecolor='\[\033[0m\]' PS1="${userpart} ${lightblue}\w ${gitbranch}${removecolor}\$ " unset -f __bash_prompt } __bash_prompt EOF )" codespaces_zsh="$(cat \ <<'EOF' # Codespaces zsh prompt theme __zsh_prompt() { local prompt_username if [ ! -z "${GITHUB_USER}" ]; then prompt_username="@${GITHUB_USER}" else prompt_username="%n" fi PROMPT="%{$fg[green]%}${prompt_username} %(?:%{$reset_color%}➜ :%{$fg_bold[red]%}➜ )" # User/exit code arrow PROMPT+='%{$fg_bold[blue]%}%(5~|%-1~/…/%3~|%4~)%{$reset_color%} ' # cwd PROMPT+='$([ "$(git config --get codespaces-theme.hide-status 2>/dev/null)" != 1 ] && git_prompt_info)' # Git status PROMPT+='%{$fg[white]%}$ %{$reset_color%}' unset -f __zsh_prompt } ZSH_THEME_GIT_PROMPT_PREFIX="%{$fg_bold[cyan]%}(%{$fg_bold[red]%}" ZSH_THEME_GIT_PROMPT_SUFFIX="%{$reset_color%} " ZSH_THEME_GIT_PROMPT_DIRTY=" %{$fg_bold[yellow]%}✗%{$fg_bold[cyan]%})" ZSH_THEME_GIT_PROMPT_CLEAN="%{$fg_bold[cyan]%})" __zsh_prompt EOF )" # Add RC snippet and custom bash prompt if [ "${RC_SNIPPET_ALREADY_ADDED}" != "true" ]; then echo "${rc_snippet}" >> /etc/bashrc echo "${codespaces_bash}" >> "${user_rc_path}/.bashrc" if [ "${USERNAME}" != "root" ]; then echo "${codespaces_bash}" >> "/root/.bashrc" fi chown ${USERNAME}:${group_name} "${user_rc_path}/.bashrc" RC_SNIPPET_ALREADY_ADDED="true" fi # Optionally install and configure zsh and Oh My Zsh! if [ "${INSTALL_ZSH}" = "true" ]; then if ! type zsh > /dev/null 2>&1; then yum install -y zsh fi if [ "${ZSH_ALREADY_INSTALLED}" != "true" ]; then echo "${rc_snippet}" >> /etc/zshrc ZSH_ALREADY_INSTALLED="true" fi # Adapted, simplified inline Oh My Zsh! install steps that adds, defaults to a codespaces theme. # See https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh for official script. oh_my_install_dir="${user_rc_path}/.oh-my-zsh" if [ ! -d "${oh_my_install_dir}" ] && [ "${INSTALL_OH_MYS}" = "true" ]; then template_path="${oh_my_install_dir}/templates/zshrc.zsh-template" user_rc_file="${user_rc_path}/.zshrc" umask g-w,o-w mkdir -p ${oh_my_install_dir} git clone --depth=1 \ -c core.eol=lf \ -c core.autocrlf=false \ -c fsck.zeroPaddedFilemode=ignore \ -c fetch.fsck.zeroPaddedFilemode=ignore \ -c receive.fsck.zeroPaddedFilemode=ignore \ "https://github.com/ohmyzsh/ohmyzsh" "${oh_my_install_dir}" 2>&1 echo -e "$(cat "${template_path}")\nDISABLE_AUTO_UPDATE=true\nDISABLE_UPDATE_PROMPT=true" > ${user_rc_file} sed -i -e 's/ZSH_THEME=.*/ZSH_THEME="codespaces"/g' ${user_rc_file} mkdir -p ${oh_my_install_dir}/custom/themes echo "${codespaces_zsh}" > "${oh_my_install_dir}/custom/themes/codespaces.zsh-theme" # Shrink git while still enabling updates cd "${oh_my_install_dir}" git repack -a -d -f --depth=1 --window=1 # Copy to non-root user if one is specified if [ "${USERNAME}" != "root" ]; then cp -rf "${user_rc_file}" "${oh_my_install_dir}" /root chown -R ${USERNAME}:${group_name} "${user_rc_path}" fi fi fi # Persist image metadata info, script if meta.env found in same directory meta_info_script="$(cat << 'EOF' #!/bin/sh . /usr/local/etc/vscode-dev-containers/meta.env # Minimal output if [ "$1" = "version" ] || [ "$1" = "image-version" ]; then echo "${VERSION}" exit 0 elif [ "$1" = "release" ]; then echo "${GIT_REPOSITORY_RELEASE}" exit 0 elif [ "$1" = "content" ] || [ "$1" = "content-url" ] || [ "$1" = "contents" ] || [ "$1" = "contents-url" ]; then echo "${CONTENTS_URL}" exit 0 fi #Full output echo echo "Development container image information" echo if [ ! -z "${VERSION}" ]; then echo "- Image version: ${VERSION}"; fi if [ ! -z "${DEFINITION_ID}" ]; then echo "- Definition ID: ${DEFINITION_ID}"; fi if [ ! -z "${VARIANT}" ]; then echo "- Variant: ${VARIANT}"; fi if [ ! -z "${GIT_REPOSITORY}" ]; then echo "- Source code repository: ${GIT_REPOSITORY}"; fi if [ ! -z "${GIT_REPOSITORY_RELEASE}" ]; then echo "- Source code release/branch: ${GIT_REPOSITORY_RELEASE}"; fi if [ ! -z "${BUILD_TIMESTAMP}" ]; then echo "- Timestamp: ${BUILD_TIMESTAMP}"; fi if [ ! -z "${CONTENTS_URL}" ]; then echo && echo "More info: ${CONTENTS_URL}"; fi echo EOF )" if [ -f "${SCRIPT_DIR}/meta.env" ]; then mkdir -p /usr/local/etc/vscode-dev-containers/ cp -f "${SCRIPT_DIR}/meta.env" /usr/local/etc/vscode-dev-containers/meta.env echo "${meta_info_script}" > /usr/local/bin/devcontainer-info chmod +x /usr/local/bin/devcontainer-info fi # Write marker file mkdir -p "$(dirname "${MARKER_FILE}")" echo -e "\ PACKAGES_ALREADY_INSTALLED=${PACKAGES_ALREADY_INSTALLED}\n\ EXISTING_NON_ROOT_USER=${EXISTING_NON_ROOT_USER}\n\ RC_SNIPPET_ALREADY_ADDED=${RC_SNIPPET_ALREADY_ADDED}\n\ ZSH_ALREADY_INSTALLED=${ZSH_ALREADY_INSTALLED}" > "${MARKER_FILE}" echo "Done!" voms-2.1.2/.github/000077500000000000000000000000001477131364200140505ustar00rootroot00000000000000voms-2.1.2/.github/workflows/000077500000000000000000000000001477131364200161055ustar00rootroot00000000000000voms-2.1.2/.github/workflows/ci.yml000066400000000000000000000022261477131364200172250ustar00rootroot00000000000000name: CI on: pull_request: push: jobs: el9: runs-on: ubuntu-latest container: almalinux:9 steps: - uses: actions/checkout@v4 - name: Install packages run: | yum install -y epel-release yum install -y make file automake libtool gcc-c++ openssl-devel gsoap-devel gsoap expat-devel bison - name: Build run: | ./autogen.sh ./configure make ubuntu2004: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v4 - name: Install packages run: | sudo apt update sudo apt install -y make automake libtool pkg-config g++ libssl-dev libgsoap-dev gsoap libexpat-dev - name: Build run: | ./autogen.sh ./configure make ubuntu2404: runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: Install packages run: | sudo apt update sudo apt install -y make automake libtool pkg-config g++ libssl-dev libgsoap-dev gsoap libexpat-dev - name: Build run: | ./autogen.sh ./configure make voms-2.1.2/.gitignore000066400000000000000000000004651477131364200145050ustar00rootroot00000000000000/aclocal.m4 /configure /autom4te.cache /config.log /config.status /.project /.cproject /.settings /.test /.vscode /INSTALL Makefile.in Makefile /aux /m4/* !/m4/ax_pthread.m4 !/m4/glite.m4 !/m4/voms.m4 !/m4/wsdl2h.m4 !/m4/acinclude.m4 !/m4/Makefile.am /libtool .libs .deps *.la *.lo *.o /testsuite/SuiteConfig voms-2.1.2/AUTHORS000066400000000000000000000003711477131364200135610ustar00rootroot00000000000000Vincenzo Ciaschini Valerio Venturi Andrea Ceccanti src/sslutils is a modified version of the globus_ssl_utils library, originally developed by Globus.voms-2.1.2/COPYING000066400000000000000000000000141477131364200135360ustar00rootroot00000000000000See LICENSE voms-2.1.2/ChangeLog000066400000000000000000006300441477131364200142710ustar00rootroot00000000000000------------------------------------------------------------------------ r1212 | marotta | 2009-07-08 11:31:46 +0200 (Wed, 08 Jul 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/client/vomsclient.cc Fix for default vomses file. ------------------------------------------------------------------------ r1206 | marotta | 2009-07-07 12:34:41 +0200 (Tue, 07 Jul 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/utils/Makefile.am M /voms/branches/voms-1-9-series/src/utils/Makefile.in Fixed some other build order issue. ------------------------------------------------------------------------ r1205 | marotta | 2009-07-07 12:19:36 +0200 (Tue, 07 Jul 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/configure.ac Updated version to 1.9.11 ------------------------------------------------------------------------ r1204 | marotta | 2009-07-07 12:18:34 +0200 (Tue, 07 Jul 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/utils/Makefile.am M /voms/branches/voms-1-9-series/src/utils/Makefile.in M /voms/branches/voms-1-9-series/src/utils/lex.yy.c M /voms/branches/voms-1-9-series/src/utils/vomsparser.l Fixed miscellaneous build issues. ------------------------------------------------------------------------ r1203 | marotta | 2009-07-07 11:30:37 +0200 (Tue, 07 Jul 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/configure.ac M /voms/branches/voms-1-9-series/doc/bugzilla.sgml M /voms/branches/voms-1-9-series/doc/voms-proxy-init.xml M /voms/branches/voms-1-9-series/project/acinclude.m4 M /voms/branches/voms-1-9-series/src/ac/ccinit.cc M /voms/branches/voms-1-9-series/src/ac/create.cc M /voms/branches/voms-1-9-series/src/ac/extensions.c M /voms/branches/voms-1-9-series/src/ac/init.c M /voms/branches/voms-1-9-series/src/ac/mystack.c M /voms/branches/voms-1-9-series/src/ac/newformat.c M /voms/branches/voms-1-9-series/src/ac/validate.c M /voms/branches/voms-1-9-series/src/ac/write.c M /voms/branches/voms-1-9-series/src/api/ccapi/Makefile.am M /voms/branches/voms-1-9-series/src/api/ccapi/Makefile.in M /voms/branches/voms-1-9-series/src/api/ccapi/api_util.cc M /voms/branches/voms-1-9-series/src/api/ccapi/ccval.cc M /voms/branches/voms-1-9-series/src/api/ccapi/cinterface.cc M /voms/branches/voms-1-9-series/src/api/ccapi/voms_api.cc M /voms/branches/voms-1-9-series/src/api/ccapi/voms_api.h M /voms/branches/voms-1-9-series/src/api/ccapi/voms_apic.h M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/BasicVOMSTrustStore.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/FQAN.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/LSCFile.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/PKIStore.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/PKIUtils.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/PKIVerifier.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/SigningPolicy.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/VOMSAttribute.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/VOMSKeyManager.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/VOMSValidator.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/ac/ACCerts.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/ac/ACGenerator.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/ac/ACTarget.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/ac/ACValidator.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/ac/AttributeCertificate.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/ac/AttributeCertificateInfo.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/ac/AttributeHolder.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/ac/FullAttributes.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/PathNamingScheme.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/UserCredentials.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/VOMSESFileParser.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/VOMSParser.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/VOMSProxyBuilder.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/VOMSRequestOptions.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/VOMSServerInfo.java M /voms/branches/voms-1-9-series/src/client/vomsclient.cc M /voms/branches/voms-1-9-series/src/client/vomsclient.h M /voms/branches/voms-1-9-series/src/common/credentials.c M /voms/branches/voms-1-9-series/src/common/data.cc M /voms/branches/voms-1-9-series/src/common/error.c M /voms/branches/voms-1-9-series/src/common/list.c M /voms/branches/voms-1-9-series/src/common/options.cc M /voms/branches/voms-1-9-series/src/common/xmlcc.cc M /voms/branches/voms-1-9-series/src/include/Client.h M /voms/branches/voms-1-9-series/src/include/Server.h M /voms/branches/voms-1-9-series/src/include/acstack.h M /voms/branches/voms-1-9-series/src/include/myproxycertinfo.h M /voms/branches/voms-1-9-series/src/include/options.h M /voms/branches/voms-1-9-series/src/include/sslutils.h M /voms/branches/voms-1-9-series/src/include/vomsxml.h M /voms/branches/voms-1-9-series/src/install/voms.start.in M /voms/branches/voms-1-9-series/src/install/voms_install_db.in M /voms/branches/voms-1-9-series/src/server/uuid.c M /voms/branches/voms-1-9-series/src/server/vomsd.cc M /voms/branches/voms-1-9-series/src/socklib/Client.cpp M /voms/branches/voms-1-9-series/src/socklib/Makefile.am M /voms/branches/voms-1-9-series/src/socklib/Makefile.in M /voms/branches/voms-1-9-series/src/socklib/Server.cpp M /voms/branches/voms-1-9-series/src/sslutils/oldgaa/oldgaa_policy_evaluator.c M /voms/branches/voms-1-9-series/src/sslutils/oldgaa/oldgaa_utils.c M /voms/branches/voms-1-9-series/src/sslutils/oldgaa/rfc1779.c M /voms/branches/voms-1-9-series/src/sslutils/proxycertinfo.c M /voms/branches/voms-1-9-series/src/sslutils/sslutils.c M /voms/branches/voms-1-9-series/src/utils/Makefile.am M /voms/branches/voms-1-9-series/src/utils/Makefile.in A /voms/branches/voms-1-9-series/src/utils/lex.yy.c A /voms/branches/voms-1-9-series/src/utils/parsertypes.h M /voms/branches/voms-1-9-series/src/utils/voms_proxy_info.cc M /voms/branches/voms-1-9-series/src/utils/vomsfake.cc M /voms/branches/voms-1-9-series/src/utils/vomsfake.h A /voms/branches/voms-1-9-series/src/utils/vomsfake.y A /voms/branches/voms-1-9-series/src/utils/vomsparser.c (from /voms/branches/bugfixes/src/utils/vomsparser.c:1202) A /voms/branches/voms-1-9-series/src/utils/vomsparser.h (from /voms/branches/bugfixes/src/utils/vomsparser.h:1202) A /voms/branches/voms-1-9-series/src/utils/vomsparser.l M /voms/branches/voms-1-9-series/testsuite/lib/newfail.exp M /voms/branches/voms-1-9-series/testsuite/lib/vomslib.exp M /voms/branches/voms-1-9-series/testsuite/lib/vomssetup.exp.in M /voms/branches/voms-1-9-series/testsuite/lib/vomstest.exp D /voms/branches/voms-1-9-series/testsuite/site.exp A /voms/branches/voms-1-9-series/testsuite/voms/voms/server.c (from /voms/branches/bugfixes/testsuite/voms/voms/server.c:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/server2.c (from /voms/branches/bugfixes/testsuite/voms/voms/server2.c:1202) M /voms/branches/voms-1-9-series/testsuite/voms/voms/voms007.exp M /voms/branches/voms-1-9-series/testsuite/voms/voms/voms016.exp M /voms/branches/voms-1-9-series/testsuite/voms/voms/voms022.exp M /voms/branches/voms-1-9-series/testsuite/voms/voms/voms025.exp M /voms/branches/voms-1-9-series/testsuite/voms/voms/voms049.exp M /voms/branches/voms-1-9-series/testsuite/voms/voms/voms050.exp A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms074.exp A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms075.exp A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms076a.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms076a.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms076b.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms076b.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms077.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms077.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms078.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms078.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms079.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms079.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms080.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms080.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms081.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms081.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms082.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms082.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms083.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms083.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms084.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms084.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms085.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms085.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms086.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms086.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms087.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms087.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms088.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms088.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms089.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms089.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms090.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms090.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms091.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms091.exp:1202) A /voms/branches/voms-1-9-series/testsuite/voms/voms/voms092.exp (from /voms/branches/bugfixes/testsuite/voms/voms/voms092.exp:1202) M /voms/branches/voms-1-9-series/testsuite/voms/vomsapi-c/copydata.c M /voms/branches/voms-1-9-series/testsuite/voms/vomsapi-c/copydata3.c M /voms/branches/voms-1-9-series/testsuite/voms/vomsapi-c/makeac.c M /voms/branches/voms-1-9-series/testsuite/voms/vomsapi-c/parsetest.c M /voms/branches/voms-1-9-series/testsuite/voms/vomsapi-cpp/parsertest.cc A /voms/branches/voms-1-9-series/testsuite/voms/vomsapi-java/basicvalidation.java (from /voms/branches/bugfixes/testsuite/voms/vomsapi-java/basicvalidation.java:1202) A /voms/branches/voms-1-9-series/testsuite/voms/vomsapi-java/vomsapi-java003.exp (from /voms/branches/bugfixes/testsuite/voms/vomsapi-java/vomsapi-java003.exp:1202) Merged releases 1110:1202 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/bugfixes ------------------------------------------------------------------------ r1125 | marotta | 2009-04-28 16:16:04 +0200 (Tue, 28 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/testsuite/lib/vomssetup.exp.in M /voms/branches/voms-1-9-series/testsuite/lib/vomstest.exp Fixes for running the testsuite on 64bit machines. ------------------------------------------------------------------------ r1124 | marotta | 2009-04-28 13:20:36 +0200 (Tue, 28 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/testsuite/lib/vomstest.exp Fix for 64bit testing ------------------------------------------------------------------------ r1120 | marotta | 2009-04-16 15:54:37 +0200 (Thu, 16 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/configure Commit autogenerated files. ------------------------------------------------------------------------ r1119 | marotta | 2009-04-16 15:53:51 +0200 (Thu, 16 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/api/java/log4j.properties Only INFO logging by default. ------------------------------------------------------------------------ r1118 | marotta | 2009-04-16 15:53:20 +0200 (Thu, 16 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/testsuite/lib/vomstest.exp Fix on testsuite. ------------------------------------------------------------------------ r1117 | marotta | 2009-04-16 15:52:33 +0200 (Thu, 16 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/configure.ac M /voms/branches/voms-1-9-series/src/api/java/log4j.properties M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/PKIUtils.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/PKIVerifier.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/VOMSTrustManager.java Version 1.8, including workarounds for broken CAs/bugs in bouncycastle. ------------------------------------------------------------------------ r1108 | marotta | 2009-04-08 16:02:01 +0200 (Wed, 08 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/configure.ac M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/PKIStore.java Also accepts non-existant vomsdir. ------------------------------------------------------------------------ r1107 | marotta | 2009-04-08 14:04:52 +0200 (Wed, 08 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/configure.ac M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/VOMSValidator.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/ac/ACValidator.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/ac/Holder.java Fixed incompatibility with bc 1.42 and additional methods for glite-authz. ------------------------------------------------------------------------ r1105 | marotta | 2009-04-07 10:45:59 +0200 (Tue, 07 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/configure.ac Bumped revision number to 1.9.5 ------------------------------------------------------------------------ r1104 | marotta | 2009-04-07 10:41:34 +0200 (Tue, 07 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/client/vomsclient.cc M /voms/branches/voms-1-9-series/src/utils/voms_proxy_info.cc Added patch from bug #46691 ------------------------------------------------------------------------ r1103 | marotta | 2009-04-07 10:35:51 +0200 (Tue, 07 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/api/ccapi/voms_api.cc Removed #ifdef'd out code ------------------------------------------------------------------------ r1102 | marotta | 2009-04-07 10:35:32 +0200 (Tue, 07 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/api/ccapi/voms_api.cc M /voms/branches/voms-1-9-series/src/sslutils/sslutils.c M /voms/branches/voms-1-9-series/src/utils/voms_proxy_info.cc Committed equivalent patch from bug #46689 ------------------------------------------------------------------------ r1101 | marotta | 2009-04-07 10:21:14 +0200 (Tue, 07 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/Makefile.in M /voms/branches/voms-1-9-series/aclocal.m4 M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/configure.ac M /voms/branches/voms-1-9-series/doc/Makefile.in M /voms/branches/voms-1-9-series/project/Makefile.in M /voms/branches/voms-1-9-series/project/acinclude.m4 M /voms/branches/voms-1-9-series/project/ltmain.sh M /voms/branches/voms-1-9-series/src/Makefile.in M /voms/branches/voms-1-9-series/src/ac/Makefile.in M /voms/branches/voms-1-9-series/src/ac/create.cc M /voms/branches/voms-1-9-series/src/api/Makefile.in M /voms/branches/voms-1-9-series/src/api/ccapi/Makefile.in M /voms/branches/voms-1-9-series/src/api/ccapi/api_util.cc M /voms/branches/voms-1-9-series/src/api/ccapi/cinterface.cc M /voms/branches/voms-1-9-series/src/api/ccapi/voms_api.cc M /voms/branches/voms-1-9-series/src/api/java/Makefile.in M /voms/branches/voms-1-9-series/src/autogen/config.h.in M /voms/branches/voms-1-9-series/src/client/Makefile.am M /voms/branches/voms-1-9-series/src/client/Makefile.in M /voms/branches/voms-1-9-series/src/client/fqan.cc M /voms/branches/voms-1-9-series/src/common/Makefile.in M /voms/branches/voms-1-9-series/src/include/Makefile.in M /voms/branches/voms-1-9-series/src/install/Makefile.in M /voms/branches/voms-1-9-series/src/log/Makefile.in M /voms/branches/voms-1-9-series/src/replib/Makefile.in M /voms/branches/voms-1-9-series/src/replica/Makefile.in M /voms/branches/voms-1-9-series/src/server/Makefile.am M /voms/branches/voms-1-9-series/src/server/Makefile.in M /voms/branches/voms-1-9-series/src/socklib/Client.cpp M /voms/branches/voms-1-9-series/src/socklib/Makefile.in M /voms/branches/voms-1-9-series/src/sslutils/Makefile.in M /voms/branches/voms-1-9-series/src/sslutils/oldgaa/Makefile.in M /voms/branches/voms-1-9-series/src/utils/Makefile.am M /voms/branches/voms-1-9-series/src/utils/Makefile.in M /voms/branches/voms-1-9-series/test/Makefile.in M /voms/branches/voms-1-9-series/test/utest/Makefile.in M /voms/branches/voms-1-9-series/testsuite/Makefile.in Merged release 1060:1066 from https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/francesco-build ------------------------------------------------------------------------ r1100 | marotta | 2009-04-07 10:14:13 +0200 (Tue, 07 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/ac/init.c M /voms/branches/voms-1-9-series/src/include/streamers.h M /voms/branches/voms-1-9-series/src/log/fs.c M /voms/branches/voms-1-9-series/src/log/log.c M /voms/branches/voms-1-9-series/src/log/sl.c M /voms/branches/voms-1-9-series/src/server/uuid.c M /voms/branches/voms-1-9-series/testsuite/site.exp Partial acceptance of patch from savannah bug #46690 ------------------------------------------------------------------------ r1099 | marotta | 2009-04-07 10:08:42 +0200 (Tue, 07 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/sslutils/sslutils.c Fixed problem with rfc proxies. ------------------------------------------------------------------------ r1098 | marotta | 2009-04-07 09:42:59 +0200 (Tue, 07 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/VOMSTrustManager.java Allows initializing a VOMSTrustManager with a PKIStore. ------------------------------------------------------------------------ r1097 | marotta | 2009-04-07 09:42:25 +0200 (Tue, 07 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/PKIUtils.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/UserCredentials.java Better support of empty passwords. ------------------------------------------------------------------------ r1096 | marotta | 2009-04-07 09:41:55 +0200 (Tue, 07 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/ac/AttributeCertificate.java Compatibility with newer bouncycastle. ------------------------------------------------------------------------ r1095 | marotta | 2009-04-07 09:41:20 +0200 (Tue, 07 Apr 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/PKIStore.java Can load a VOMSStore which is temporarily empty. ------------------------------------------------------------------------ r1094 | marotta | 2009-03-13 15:23:46 +0100 (Fri, 13 Mar 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/Makefile.in M /voms/branches/voms-1-9-series/aclocal.m4 M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/doc/Makefile.in M /voms/branches/voms-1-9-series/project/Makefile.in M /voms/branches/voms-1-9-series/project/ltmain.sh M /voms/branches/voms-1-9-series/src/Makefile.in M /voms/branches/voms-1-9-series/src/ac/Makefile.in M /voms/branches/voms-1-9-series/src/api/Makefile.in M /voms/branches/voms-1-9-series/src/api/ccapi/Makefile.in M /voms/branches/voms-1-9-series/src/api/java/Makefile.in M /voms/branches/voms-1-9-series/src/autogen/config.h.in M /voms/branches/voms-1-9-series/src/client/Makefile.in M /voms/branches/voms-1-9-series/src/common/Makefile.in M /voms/branches/voms-1-9-series/src/include/Makefile.in M /voms/branches/voms-1-9-series/src/include/sslutils.h M /voms/branches/voms-1-9-series/src/install/Makefile.in M /voms/branches/voms-1-9-series/src/log/Makefile.in M /voms/branches/voms-1-9-series/src/replib/Makefile.in M /voms/branches/voms-1-9-series/src/replica/Makefile.in M /voms/branches/voms-1-9-series/src/server/Makefile.in M /voms/branches/voms-1-9-series/src/socklib/Client.cpp M /voms/branches/voms-1-9-series/src/socklib/Makefile.am M /voms/branches/voms-1-9-series/src/socklib/Makefile.in M /voms/branches/voms-1-9-series/src/socklib/vomsssl.h M /voms/branches/voms-1-9-series/src/sslutils/Makefile.in M /voms/branches/voms-1-9-series/src/sslutils/oldgaa/Makefile.in M /voms/branches/voms-1-9-series/src/sslutils/sslutils.c M /voms/branches/voms-1-9-series/src/utils/Makefile.in M /voms/branches/voms-1-9-series/test/Makefile.in M /voms/branches/voms-1-9-series/test/utest/Makefile.in M /voms/branches/voms-1-9-series/testsuite/Makefile.in Corrected various things. ------------------------------------------------------------------------ r1093 | marotta | 2009-03-12 19:30:49 +0100 (Thu, 12 Mar 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/include/sslutils.h M /voms/branches/voms-1-9-series/src/sslutils/sslutils.c Fixed wrong commit. ------------------------------------------------------------------------ r1092 | marotta | 2009-03-12 18:02:13 +0100 (Thu, 12 Mar 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/include/sslutils.h M /voms/branches/voms-1-9-series/src/socklib/Client.cpp M /voms/branches/voms-1-9-series/src/socklib/Makefile.am M /voms/branches/voms-1-9-series/src/socklib/vomsssl.h M /voms/branches/voms-1-9-series/src/sslutils/sslutils.c Fix for Server SSL ------------------------------------------------------------------------ r1091 | marotta | 2009-03-05 14:36:49 +0100 (Thu, 05 Mar 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/Makefile.in M /voms/branches/voms-1-9-series/aclocal.m4 M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/doc/Makefile.in M /voms/branches/voms-1-9-series/project/Makefile.in M /voms/branches/voms-1-9-series/project/ltmain.sh M /voms/branches/voms-1-9-series/src/Makefile.in M /voms/branches/voms-1-9-series/src/ac/Makefile.in M /voms/branches/voms-1-9-series/src/api/Makefile.in M /voms/branches/voms-1-9-series/src/api/ccapi/Makefile.in M /voms/branches/voms-1-9-series/src/api/java/Makefile.in M /voms/branches/voms-1-9-series/src/autogen/config.h.in M /voms/branches/voms-1-9-series/src/client/Makefile.in M /voms/branches/voms-1-9-series/src/common/Makefile.in M /voms/branches/voms-1-9-series/src/include/Client.h M /voms/branches/voms-1-9-series/src/include/Makefile.in M /voms/branches/voms-1-9-series/src/install/Makefile.in M /voms/branches/voms-1-9-series/src/log/Makefile.in M /voms/branches/voms-1-9-series/src/replib/Makefile.in M /voms/branches/voms-1-9-series/src/replica/Makefile.in M /voms/branches/voms-1-9-series/src/server/Makefile.in M /voms/branches/voms-1-9-series/src/socklib/Client.cpp M /voms/branches/voms-1-9-series/src/socklib/Makefile.am M /voms/branches/voms-1-9-series/src/socklib/Makefile.in A /voms/branches/voms-1-9-series/src/socklib/vomsssl.h M /voms/branches/voms-1-9-series/src/sslutils/Makefile.in M /voms/branches/voms-1-9-series/src/sslutils/oldgaa/Makefile.in M /voms/branches/voms-1-9-series/src/utils/Makefile.in M /voms/branches/voms-1-9-series/test/Makefile.in M /voms/branches/voms-1-9-series/test/utest/Makefile.in M /voms/branches/voms-1-9-series/testsuite/Makefile.in Published functions for proxy validation in OpenSSL. ------------------------------------------------------------------------ r1090 | marotta | 2009-03-05 10:54:20 +0100 (Thu, 05 Mar 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/client/vomsclient.cc Removed spurious message when user vomses filename is not present. ------------------------------------------------------------------------ r1084 | marotta | 2009-02-27 15:35:52 +0100 (Fri, 27 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/socklib/Makefile.am M /voms/branches/voms-1-9-series/src/socklib/Makefile.in Fix build to remove globus dependencies from libraries. ------------------------------------------------------------------------ r1077 | marotta | 2009-02-26 14:02:32 +0100 (Thu, 26 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/configure.ac M /voms/branches/voms-1-9-series/src/api/ccapi/voms_api.cc M /voms/branches/voms-1-9-series/src/install/voms_install_db.in M /voms/branches/voms-1-9-series/testsuite/site.exp Fix for bug #47090 + testsuite fix. ------------------------------------------------------------------------ r1069 | marotta | 2009-02-19 17:24:27 +0100 (Thu, 19 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/configure.ac M /voms/branches/voms-1-9-series/src/api/ccapi/voms_api.cc Fix for bug #47090 ------------------------------------------------------------------------ r1065 | marotta | 2009-02-13 15:01:37 +0100 (Fri, 13 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/testsuite/voms/voms/voms005.exp M /voms/branches/voms-1-9-series/testsuite/voms/voms/voms040.exp Fixed two tests. ------------------------------------------------------------------------ r1064 | marotta | 2009-02-13 10:24:40 +0100 (Fri, 13 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/install/voms_install_db.in Fix for testsuite ------------------------------------------------------------------------ r1058 | marotta | 2009-02-11 10:21:55 +0100 (Wed, 11 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/configure.ac Bumped version to 1.9.2 ------------------------------------------------------------------------ r1057 | marotta | 2009-02-11 10:19:47 +0100 (Wed, 11 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/PKIStore.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/PKIVerifier.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/VOMSAttribute.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/VOMSValidator.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/VOMSProxyBuilder.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/VOMSProxyInit.java Several fixes of Java APIs, plus merging 987:1017 of branch java-api-refactoring ------------------------------------------------------------------------ r1056 | marotta | 2009-02-09 16:09:32 +0100 (Mon, 09 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/PKIUtils.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/UserCredentials.java M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/VOMSProxyBuilder.java Fixed credential saving. ------------------------------------------------------------------------ r1055 | andrea | 2009-02-09 11:07:07 +0100 (Mon, 09 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/VOMSProxyBuilder.java Fix for key usage extension generation (it was erroneosly set non-critical). ------------------------------------------------------------------------ r1054 | marotta | 2009-02-04 15:53:23 +0100 (Wed, 04 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/configure.ac Fixed expat and version. ------------------------------------------------------------------------ r1053 | marotta | 2009-02-04 15:49:00 +0100 (Wed, 04 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/Makefile.in M /voms/branches/voms-1-9-series/aclocal.m4 M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/doc/Makefile.in M /voms/branches/voms-1-9-series/project/Makefile.in M /voms/branches/voms-1-9-series/project/ltmain.sh M /voms/branches/voms-1-9-series/src/Makefile.in M /voms/branches/voms-1-9-series/src/ac/Makefile.in M /voms/branches/voms-1-9-series/src/api/Makefile.in M /voms/branches/voms-1-9-series/src/api/ccapi/Makefile.in M /voms/branches/voms-1-9-series/src/api/java/Makefile.in M /voms/branches/voms-1-9-series/src/autogen/config.h.in M /voms/branches/voms-1-9-series/src/client/Makefile.in M /voms/branches/voms-1-9-series/src/common/Makefile.in M /voms/branches/voms-1-9-series/src/include/Makefile.in M /voms/branches/voms-1-9-series/src/install/Makefile.in M /voms/branches/voms-1-9-series/src/log/Makefile.in M /voms/branches/voms-1-9-series/src/replib/Makefile.in M /voms/branches/voms-1-9-series/src/replica/Makefile.in M /voms/branches/voms-1-9-series/src/server/Makefile.in M /voms/branches/voms-1-9-series/src/socklib/Makefile.in M /voms/branches/voms-1-9-series/src/sslutils/Makefile.in M /voms/branches/voms-1-9-series/src/sslutils/oldgaa/Makefile.in M /voms/branches/voms-1-9-series/src/utils/Makefile.in M /voms/branches/voms-1-9-series/test/Makefile.in M /voms/branches/voms-1-9-series/test/utest/Makefile.in M /voms/branches/voms-1-9-series/testsuite/Makefile.in Updated expat.m4 ------------------------------------------------------------------------ r1052 | marotta | 2009-02-04 15:48:01 +0100 (Wed, 04 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/project/expat.m4 stragglers. ------------------------------------------------------------------------ r1051 | marotta | 2009-02-04 14:37:01 +0100 (Wed, 04 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/configure M /voms/branches/voms-1-9-series/project/expat.m4 Corrected bug in lib64 detection. ------------------------------------------------------------------------ r1050 | marotta | 2009-02-04 11:43:32 +0100 (Wed, 04 Feb 2009) | 1 line Changed paths: M /voms/branches/voms-1-9-series/src/api/java/org/glite/voms/contact/VOMSProxyBuilder.java Fix for bouncycastle 1.41 and X509Name generation. ------------------------------------------------------------------------ r1046 | marotta | 2009-02-02 15:06:01 +0100 (Mon, 02 Feb 2009) | 2 lines Changed paths: A /voms/branches/voms-1-9-series (from /voms/trunk:1045) From revision 1045 of trunk ------------------------------------------------------------------------ r1045 | marotta | 2009-02-02 15:04:42 +0100 (Mon, 02 Feb 2009) | 1 line Changed paths: M /voms/trunk/Makefile.am M /voms/trunk/Makefile.in M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/Makefile.in A /voms/trunk/project/Makefile.am A /voms/trunk/project/Makefile.in M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/expat.m4 M /voms/trunk/project/ltmain.sh M /voms/trunk/project/version.properties A /voms/trunk/project/voms.m4 M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/api/java/Makefile.in M /voms/trunk/src/api/java/org/glite/voms/PKIVerifier.java M /voms/trunk/src/api/java/org/glite/voms/VOMSKeyManager.java M /voms/trunk/src/api/java/org/glite/voms/VOMSTrustManager.java M /voms/trunk/src/api/java/org/glite/voms/contact/VOMSProxyConstants.java M /voms/trunk/src/autogen/config.h.in M /voms/trunk/src/client/Makefile.am M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/install/voms_install_db.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/utils/Makefile.am M /voms/trunk/src/utils/Makefile.in M /voms/trunk/test/Makefile.in M /voms/trunk/test/utest/Makefile.in M /voms/trunk/testsuite/Makefile.in M /voms/trunk/testsuite/SuiteConfig.in M /voms/trunk/testsuite/lib/newfail.exp M /voms/trunk/testsuite/lib/vomssetup.exp.in M /voms/trunk/testsuite/lib/vomstest.exp M /voms/trunk/testsuite/site.exp M /voms/trunk/testsuite/voms/voms/voms001.exp M /voms/trunk/testsuite/voms/voms/voms002.exp M /voms/trunk/testsuite/voms/voms/voms003.exp M /voms/trunk/testsuite/voms/voms/voms004.exp M /voms/trunk/testsuite/voms/voms/voms005.exp M /voms/trunk/testsuite/voms/voms/voms006.exp M /voms/trunk/testsuite/voms/voms/voms007.exp M /voms/trunk/testsuite/voms/voms/voms008.exp M /voms/trunk/testsuite/voms/voms/voms009.exp M /voms/trunk/testsuite/voms/voms/voms010.exp M /voms/trunk/testsuite/voms/voms/voms011.exp M /voms/trunk/testsuite/voms/voms/voms012.exp M /voms/trunk/testsuite/voms/voms/voms013.exp M /voms/trunk/testsuite/voms/voms/voms014.exp M /voms/trunk/testsuite/voms/voms/voms015.exp M /voms/trunk/testsuite/voms/voms/voms016.exp M /voms/trunk/testsuite/voms/voms/voms017.exp M /voms/trunk/testsuite/voms/voms/voms018.exp M /voms/trunk/testsuite/voms/voms/voms019.exp M /voms/trunk/testsuite/voms/voms/voms020.exp M /voms/trunk/testsuite/voms/voms/voms021.exp M /voms/trunk/testsuite/voms/voms/voms022.exp M /voms/trunk/testsuite/voms/voms/voms023.exp M /voms/trunk/testsuite/voms/voms/voms024.exp M /voms/trunk/testsuite/voms/voms/voms025.exp M /voms/trunk/testsuite/voms/voms/voms026.exp M /voms/trunk/testsuite/voms/voms/voms027.exp M /voms/trunk/testsuite/voms/voms/voms028.exp M /voms/trunk/testsuite/voms/voms/voms029.exp M /voms/trunk/testsuite/voms/voms/voms030.exp M /voms/trunk/testsuite/voms/voms/voms031.exp M /voms/trunk/testsuite/voms/voms/voms032.exp M /voms/trunk/testsuite/voms/voms/voms033.exp M /voms/trunk/testsuite/voms/voms/voms034.exp M /voms/trunk/testsuite/voms/voms/voms035.exp M /voms/trunk/testsuite/voms/voms/voms036.exp M /voms/trunk/testsuite/voms/voms/voms037.exp M /voms/trunk/testsuite/voms/voms/voms038.exp M /voms/trunk/testsuite/voms/voms/voms039.exp M /voms/trunk/testsuite/voms/voms/voms040.exp M /voms/trunk/testsuite/voms/voms/voms041.exp M /voms/trunk/testsuite/voms/voms/voms042.exp M /voms/trunk/testsuite/voms/voms/voms043.exp M /voms/trunk/testsuite/voms/voms/voms044.exp M /voms/trunk/testsuite/voms/voms/voms045.exp M /voms/trunk/testsuite/voms/voms/voms046.exp M /voms/trunk/testsuite/voms/voms/voms047.exp M /voms/trunk/testsuite/voms/voms/voms048.exp M /voms/trunk/testsuite/voms/voms/voms049.exp M /voms/trunk/testsuite/voms/voms/voms050.exp M /voms/trunk/testsuite/voms/voms/voms051.exp M /voms/trunk/testsuite/voms/voms/voms052.exp M /voms/trunk/testsuite/voms/voms/voms053.exp M /voms/trunk/testsuite/voms/voms/voms054.exp M /voms/trunk/testsuite/voms/voms/voms055.exp M /voms/trunk/testsuite/voms/voms/voms056.exp M /voms/trunk/testsuite/voms/voms/voms057.exp M /voms/trunk/testsuite/voms/voms/voms058.exp M /voms/trunk/testsuite/voms/voms/voms059.exp M /voms/trunk/testsuite/voms/voms/voms060.exp M /voms/trunk/testsuite/voms/voms/voms061.exp M /voms/trunk/testsuite/voms/voms/voms062.exp M /voms/trunk/testsuite/voms/voms/voms063.exp M /voms/trunk/testsuite/voms/voms/voms064.exp M /voms/trunk/testsuite/voms/voms/voms065.exp M /voms/trunk/testsuite/voms/voms/voms066.exp M /voms/trunk/testsuite/voms/voms/voms067.exp M /voms/trunk/testsuite/voms/voms/voms068.exp M /voms/trunk/testsuite/voms/voms/voms069.exp M /voms/trunk/testsuite/voms/voms/voms070.exp M /voms/trunk/testsuite/voms/voms/voms071.exp M /voms/trunk/testsuite/voms/voms/voms072.exp M /voms/trunk/testsuite/voms/voms/voms073.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c001.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c002.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c003.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c004.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c005.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c006.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c007.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c008.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c010.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c011.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c012.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c013.exp M /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c014.exp M /voms/trunk/testsuite/voms/vomsapi-cpp/vomsapi-cpp001.exp M /voms/trunk/testsuite/voms/vomsapi-cpp/vomsapi-cpp002.exp M /voms/trunk/testsuite/voms/vomsapi-cpp/vomsapi-cpp003.exp M /voms/trunk/testsuite/voms/vomsapi-cpp/vomsapi-cpp004.exp M /voms/trunk/testsuite/voms/vomsapi-java/vomsapi-java001.exp M /voms/trunk/testsuite/voms/vomsapi-java/vomsapi-java002.exp Changes for 1.9 compilation ------------------------------------------------------------------------ r1044 | marotta | 2008-12-22 18:48:19 +0100 (Mon, 22 Dec 2008) | 1 line Changed paths: M /voms/trunk/project/glite.m4 Readded glite.m4, erroneously wiped. ------------------------------------------------------------------------ r1043 | marotta | 2008-12-22 18:47:25 +0100 (Mon, 22 Dec 2008) | 1 line Changed paths: M /voms/trunk/project/glite.m4 M /voms/trunk/src/api/ccapi/voms_apic.h M /voms/trunk/src/socklib/Client.cpp Fix for compilation with GT. ------------------------------------------------------------------------ r1042 | marotta | 2008-12-22 10:35:10 +0100 (Mon, 22 Dec 2008) | 1 line Changed paths: M /voms/trunk/src/log/fs.c M /voms/trunk/src/server/vomsd.cc M /voms/trunk/testsuite/voms/voms/voms048.exp M /voms/trunk/testsuite/voms/voms/voms072.exp A /voms/trunk/testsuite/voms/voms/voms073.exp Truly fixed bug with no logging and no error. Also restored --logmax=0 ------------------------------------------------------------------------ r1039 | marotta | 2008-12-18 10:48:25 +0100 (Thu, 18 Dec 2008) | 1 line Changed paths: M /voms/trunk/src/server/vomsd.cc A /voms/trunk/testsuite/voms/voms/voms072.exp Fix for bug #39646 ------------------------------------------------------------------------ r1038 | marotta | 2008-12-17 12:15:32 +0100 (Wed, 17 Dec 2008) | 1 line Changed paths: M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/common/options.cc A /voms/trunk/testsuite/voms/voms/voms070.exp A /voms/trunk/testsuite/voms/voms/voms071.exp Fix for bug #42601 ------------------------------------------------------------------------ r1037 | marotta | 2008-12-17 11:54:28 +0100 (Wed, 17 Dec 2008) | 1 line Changed paths: M /voms/trunk/src/log/fs.c A /voms/trunk/testsuite/voms/voms/voms069.exp Fix for bug #45133 ------------------------------------------------------------------------ r1036 | marotta | 2008-12-17 11:29:08 +0100 (Wed, 17 Dec 2008) | 1 line Changed paths: M /voms/trunk/src/server/VOMSServer.h M /voms/trunk/src/server/vomsd.cc A /voms/trunk/testsuite/voms/voms/voms068.exp Fix for bug #45132 ------------------------------------------------------------------------ r1035 | marotta | 2008-12-17 11:07:30 +0100 (Wed, 17 Dec 2008) | 1 line Changed paths: M /voms/trunk/src/sslutils/sslutils.c M /voms/trunk/src/utils/voms_proxy_info.cc A /voms/trunk/testsuite/voms/voms/voms067.exp Fix for bug #45372 ------------------------------------------------------------------------ r1034 | marotta | 2008-12-17 10:44:04 +0100 (Wed, 17 Dec 2008) | 1 line Changed paths: M /voms/trunk/src/api/ccapi/voms_api.cc A /voms/trunk/testsuite/voms/vomsapi-c/vomsapi-c014.exp Fix for bug #45318 ------------------------------------------------------------------------ r1033 | marotta | 2008-12-16 15:18:37 +0100 (Tue, 16 Dec 2008) | 1 line Changed paths: M /voms/trunk/src/common/options.cc A /voms/trunk/testsuite/voms/voms/voms066.exp Fix for bug #44160 ------------------------------------------------------------------------ r1032 | marotta | 2008-12-16 14:50:20 +0100 (Tue, 16 Dec 2008) | 1 line Changed paths: M /voms/trunk/src/api/ccapi/voms_api.cc Fixed issue with --noregen. ------------------------------------------------------------------------ r1031 | marotta | 2008-12-16 12:23:56 +0100 (Tue, 16 Dec 2008) | 1 line Changed paths: M /voms/trunk/ChangeLog Previous commit also contained candidate for ProxyCertInfo handling. ------------------------------------------------------------------------ r1030 | marotta | 2008-12-16 12:22:48 +0100 (Tue, 16 Dec 2008) | 1 line Changed paths: M /voms/trunk/src/api/java/org/glite/voms/PKIVerifier.java M /voms/trunk/src/api/java/org/glite/voms/contact/MyProxyCertInfo.java M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/common/options.cc M /voms/trunk/src/socklib/Client.cpp M /voms/trunk/testsuite/site.exp Fixed segfault in handling failures of SSL connections. ------------------------------------------------------------------------ r1026 | marotta | 2008-12-11 15:18:40 +0100 (Thu, 11 Dec 2008) | 1 line Changed paths: M /voms/trunk/Makefile.in M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/Makefile.in M /voms/trunk/project/acinclude.m4 M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.am M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/ac/extensions.c M /voms/trunk/src/ac/init.c M /voms/trunk/src/ac/newformat.c M /voms/trunk/src/ac/validate.c M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/api_util.h M /voms/trunk/src/api/ccapi/cinterface.cc M /voms/trunk/src/api/ccapi/cinterface.h M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/api/ccapi/voms_api.h M /voms/trunk/src/api/ccapi/voms_apic.h M /voms/trunk/src/api/java/Makefile.am M /voms/trunk/src/api/java/Makefile.in M /voms/trunk/src/api/java/log4j.properties M /voms/trunk/src/api/java/org/glite/voms/BasicVOMSTrustStore.java M /voms/trunk/src/api/java/org/glite/voms/PKIUtils.java M /voms/trunk/src/api/java/org/glite/voms/PKIVerifier.java A /voms/trunk/src/api/java/org/glite/voms/VOMSKeyManager.java (from /voms/branches/sslandgsi-phase2/src/api/java/org/glite/voms/VOMSKeyManager.java:1022) A /voms/trunk/src/api/java/org/glite/voms/VOMSTrustManager.java (from /voms/branches/sslandgsi-phase2/src/api/java/org/glite/voms/VOMSTrustManager.java:1022) M /voms/trunk/src/api/java/org/glite/voms/contact/MyProxyCertInfo.java A /voms/trunk/src/api/java/org/glite/voms/contact/ProxyPolicy.java M /voms/trunk/src/api/java/org/glite/voms/contact/Test.java M /voms/trunk/src/api/java/org/glite/voms/contact/UserCredentials.java M /voms/trunk/src/api/java/org/glite/voms/contact/VOMSProxyBuilder.java A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSProxyConstants.java M /voms/trunk/src/api/java/org/glite/voms/contact/VOMSProxyInit.java M /voms/trunk/src/api/java/org/glite/voms/contact/VOMSSocket.java M /voms/trunk/src/api/java/org/glite/voms/contact/cli/VomsProxyInitClient.java M /voms/trunk/src/autogen/config.h.in M /voms/trunk/src/client/Makefile.am M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/client/vomsclient.h M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/common/credentials.c M /voms/trunk/src/common/xml.c M /voms/trunk/src/include/Client.h M /voms/trunk/src/include/Makefile.am M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/include/Server.h M /voms/trunk/src/include/credentials.h M /voms/trunk/src/include/gssapi_compat.h M /voms/trunk/src/include/newca.h M /voms/trunk/src/include/newformat.h A /voms/trunk/src/include/sslutils.h (from /voms/branches/sslandgsi-phase2/src/include/sslutils.h:1022) M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/log/fs.c M /voms/trunk/src/log/log.c M /voms/trunk/src/log/sl.c M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.am M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/server/vomsd.cc M /voms/trunk/src/socklib/Client.cpp M /voms/trunk/src/socklib/Makefile.am M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/socklib/Server.cpp M /voms/trunk/src/socklib/tokens.c M /voms/trunk/src/sslutils/Makefile.am M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.am M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/sslutils/oldgaa/globus_oldgaa.h M /voms/trunk/src/sslutils/oldgaa/globus_oldgaa_utils.c M /voms/trunk/src/sslutils/oldgaa/globus_oldgaa_utils.h M /voms/trunk/src/sslutils/oldgaa/oldgaa_alloc.c M /voms/trunk/src/sslutils/oldgaa/oldgaa_api.c M /voms/trunk/src/sslutils/oldgaa/oldgaa_gl_internal_err.c M /voms/trunk/src/sslutils/oldgaa/oldgaa_policy_evaluator.c M /voms/trunk/src/sslutils/oldgaa/oldgaa_policy_evaluator.h M /voms/trunk/src/sslutils/oldgaa/oldgaa_release.c M /voms/trunk/src/sslutils/oldgaa/oldgaa_utils.c M /voms/trunk/src/sslutils/oldgaa/oldgaa_utils.h M /voms/trunk/src/sslutils/oldgaa/rfc1779.c M /voms/trunk/src/sslutils/scutils.c M /voms/trunk/src/sslutils/sslutils.c D /voms/trunk/src/sslutils/sslutils.h M /voms/trunk/src/utils/Makefile.am M /voms/trunk/src/utils/Makefile.in M /voms/trunk/src/utils/voms_proxy_destroy.cc M /voms/trunk/src/utils/voms_proxy_info.cc M /voms/trunk/src/utils/vomsfake.cc M /voms/trunk/src/utils/vomsfake.h M /voms/trunk/test/Makefile.in M /voms/trunk/test/utest/Makefile.in M /voms/trunk/testsuite/Makefile.in M /voms/trunk/testsuite/site.exp Merged releases 987:1025 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/sslandgsi-phase2 ------------------------------------------------------------------------ r1023 | marotta | 2008-12-11 14:24:31 +0100 (Thu, 11 Dec 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/api/ccapi/Makefile.am M /voms/branches/voms-1-8-series/src/api/ccapi/Makefile.in M /voms/branches/voms-1-8-series/src/api/java/org/glite/voms/PKIVerifier.java M /voms/branches/voms-1-8-series/src/replica/voms_replica_master_setup.sh M /voms/branches/voms-1-8-series/src/replica/voms_replica_slave_setup.sh Adjusting new versions (miscellanea). ------------------------------------------------------------------------ r1014 | marotta | 2008-10-28 11:32:10 +0100 (Tue, 28 Oct 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/api/ccapi/api_util.cc Fixed bug #43306 (for real) ------------------------------------------------------------------------ r1013 | marotta | 2008-10-28 11:29:31 +0100 (Tue, 28 Oct 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/ChangeLog M /voms/branches/voms-1-8-series/src/api/ccapi/api_util.cc M /voms/branches/voms-1-8-series/src/include/myproxycertinfo.h M /voms/branches/voms-1-8-series/src/socklib/globuswrap.c M /voms/branches/voms-1-8-series/src/sslutils/proxycertinfo.c M /voms/branches/voms-1-8-series/src/utils/voms_proxy_info.cc M /voms/branches/voms-1-8-series/testsuite/lib/newfail.exp M /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp.in M /voms/branches/voms-1-8-series/testsuite/site.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms002.exp Reverted unwanted commits. ------------------------------------------------------------------------ r1012 | marotta | 2008-10-28 10:31:39 +0100 (Tue, 28 Oct 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/ChangeLog M /voms/branches/voms-1-8-series/src/api/ccapi/api_util.cc M /voms/branches/voms-1-8-series/src/include/myproxycertinfo.h M /voms/branches/voms-1-8-series/src/socklib/globuswrap.c M /voms/branches/voms-1-8-series/src/sslutils/proxycertinfo.c M /voms/branches/voms-1-8-series/src/utils/voms_proxy_info.cc M /voms/branches/voms-1-8-series/testsuite/lib/newfail.exp M /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp.in M /voms/branches/voms-1-8-series/testsuite/site.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms002.exp Fixed bug #43306 (for real) ------------------------------------------------------------------------ r1011 | marotta | 2008-10-28 09:59:52 +0100 (Tue, 28 Oct 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/api/ccapi/api_util.cc Fixed bug #43306 ------------------------------------------------------------------------ r1009 | marotta | 2008-10-02 10:49:14 +0200 (Thu, 02 Oct 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/replica/voms_replica_master_setup.sh M /voms/branches/voms-1-8-series/src/replica/voms_replica_slave_setup.sh Fixed bug with replica scripts. ------------------------------------------------------------------------ r996 | marotta | 2008-09-22 13:43:01 +0200 (Mon, 22 Sep 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/project/version.properties Bumped version number to 1.8.9 ------------------------------------------------------------------------ r995 | marotta | 2008-09-22 13:40:09 +0200 (Mon, 22 Sep 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/api/java/Makefile.am M /voms/branches/voms-1-8-series/src/api/java/Makefile.in M /voms/branches/voms-1-8-series/src/api/java/log4j.properties M /voms/branches/voms-1-8-series/src/api/java/org/glite/voms/PKIVerifier.java Fix for bug #41883 ------------------------------------------------------------------------ r991 | marotta | 2008-09-17 16:02:49 +0200 (Wed, 17 Sep 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/install/voms-ping Revert mistakingly modified voms-ping ------------------------------------------------------------------------ r990 | marotta | 2008-09-17 15:56:17 +0200 (Wed, 17 Sep 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/ChangeLog M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/project/version.properties M /voms/branches/voms-1-8-series/src/include/errortype.h M /voms/branches/voms-1-8-series/src/install/voms-ping M /voms/branches/voms-1-8-series/src/server/vomsd.cc M /voms/branches/voms-1-8-series/src/sslutils/oldgaa/oldgaa_policy_evaluator.c M /voms/branches/voms-1-8-series/src/sslutils/oldgaa/oldgaa_policy_evaluator.h Fix for --voms : ------------------------------------------------------------------------ r983 | marotta | 2008-09-05 11:53:37 +0200 (Fri, 05 Sep 2008) | 1 line Changed paths: A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms064.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms065.exp Added missing tests. ------------------------------------------------------------------------ r982 | marotta | 2008-09-05 11:49:35 +0200 (Fri, 05 Sep 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/ChangeLog --noregen bug was bug #41116 ------------------------------------------------------------------------ r978 | marotta | 2008-09-05 11:33:28 +0200 (Fri, 05 Sep 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/project/version.properties Bumped version to 1.8.6 ------------------------------------------------------------------------ r977 | marotta | 2008-09-05 11:13:26 +0200 (Fri, 05 Sep 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/ChangeLog M /voms/branches/voms-1-8-series/src/server/vomsd.cc M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms059.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms061.exp M /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c005.exp Fixes for bugs #41095, #41094, and --noregen bug (number will follow) ------------------------------------------------------------------------ r976 | marotta | 2008-08-01 15:13:00 +0200 (Fri, 01 Aug 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/server/vomsd.cc Fixed memory problem. ------------------------------------------------------------------------ r975 | marotta | 2008-08-01 11:41:37 +0200 (Fri, 01 Aug 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/server/vomsd.cc Fixed error messages when the user is not registered. ------------------------------------------------------------------------ r974 | marotta | 2008-08-01 11:32:50 +0200 (Fri, 01 Aug 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms060.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms061.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms062.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms063.exp added tests (one fails) ------------------------------------------------------------------------ r972 | marotta | 2008-07-31 17:18:41 +0200 (Thu, 31 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/server/vomsd.cc M /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp.in A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms060.exp fixed bug for multiple '--voms' options ------------------------------------------------------------------------ r971 | marotta | 2008-07-31 15:37:00 +0200 (Thu, 31 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/project/version.properties Bumped version to 1.8.5 ------------------------------------------------------------------------ r970 | marotta | 2008-07-31 15:30:20 +0200 (Thu, 31 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/replica/voms_replica_master_setup.sh SSL is no longer obligatory. ------------------------------------------------------------------------ r969 | marotta | 2008-07-30 11:06:08 +0200 (Wed, 30 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/lib/vomstest.exp Fixed issues with the testsuite (again) (again). ------------------------------------------------------------------------ r968 | marotta | 2008-07-30 11:02:38 +0200 (Wed, 30 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/lib/vomstest.exp Fixed issues with the testsuite (again). ------------------------------------------------------------------------ r967 | marotta | 2008-07-30 10:33:20 +0200 (Wed, 30 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/lib/newfail.exp M /voms/branches/voms-1-8-series/testsuite/lib/vomslib.exp M /voms/branches/voms-1-8-series/testsuite/lib/vomstest.exp Fixed issues with the testsuite. ------------------------------------------------------------------------ r966 | marotta | 2008-07-28 16:03:28 +0200 (Mon, 28 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/lib/newfail.exp M /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp.in M /voms/branches/voms-1-8-series/testsuite/lib/vomstest.exp Various fixes for execution from etics + properly fail with tcl problems. ------------------------------------------------------------------------ r961 | marotta | 2008-07-17 16:33:12 +0200 (Thu, 17 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/client/vomsclient.cc M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms002.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms007.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms009.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms010.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms011.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms014.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms016.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms020.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms021.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms025.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms030.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms041.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms043.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms044.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms059.exp Fix for bug #37704 ------------------------------------------------------------------------ r960 | marotta | 2008-07-15 15:45:46 +0200 (Tue, 15 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/ChangeLog Adjusting changelog for 1.8.4 candidate. ------------------------------------------------------------------------ r959 | marotta | 2008-07-15 15:35:14 +0200 (Tue, 15 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/project/version.properties M /voms/branches/voms-1-8-series/src/replica/Makefile.in Bumped revision to 1.8.4 ------------------------------------------------------------------------ r958 | marotta | 2008-07-15 15:30:52 +0200 (Tue, 15 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/ChangeLog History of changes according to svn. ------------------------------------------------------------------------ r957 | marotta | 2008-07-15 15:15:24 +0200 (Tue, 15 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/replib/memset.c M /voms/branches/voms-1-8-series/testsuite/lib/newfail.exp M /voms/branches/voms-1-8-series/testsuite/site.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms053.exp Random fixes. ------------------------------------------------------------------------ r956 | marotta | 2008-07-15 15:15:13 +0200 (Tue, 15 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/server/vomsd.cc A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms059.exp fix for bug #38506 ------------------------------------------------------------------------ r955 | marotta | 2008-07-15 14:14:07 +0200 (Tue, 15 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/replica/voms_replica_master_setup.sh M /voms/branches/voms-1-8-series/src/replica/voms_replica_slave_setup.sh new version of replication scripts. ------------------------------------------------------------------------ r954 | marotta | 2008-07-08 15:04:17 +0200 (Tue, 08 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/replica/Makefile.am A /voms/branches/voms-1-8-series/src/replica/voms_replica_master_setup.sh A /voms/branches/voms-1-8-series/src/replica/voms_replica_slave_setup.sh Intermediate version of replica scripts. ------------------------------------------------------------------------ r953 | marotta | 2008-07-08 10:23:31 +0200 (Tue, 08 Jul 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/lib/newfail.exp Fixes to the test suite. ------------------------------------------------------------------------ r952 | marotta | 2008-06-27 13:18:50 +0200 (Fri, 27 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/install/voms_install_db.in M /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp.in M /voms/branches/voms-1-8-series/testsuite/lib/vomstest.exp M /voms/branches/voms-1-8-series/testsuite/site.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms002.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms058.exp M /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c003.exp M /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c006.exp M /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-cpp/vomsapi-cpp003.exp Fixes for test suite use outside of testbed002. ------------------------------------------------------------------------ r951 | marotta | 2008-06-26 22:05:57 +0200 (Thu, 26 Jun 2008) | 1 line Changed paths: D /voms/branches/voms-1-8-series/testsuite/Makefile D /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp Removed useless files. ------------------------------------------------------------------------ r950 | marotta | 2008-06-26 21:59:47 +0200 (Thu, 26 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/api/ccapi/api_util.cc M /voms/branches/voms-1-8-series/testsuite/Makefile M /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp Remove 0.8.7 OpenSSL dependency. ------------------------------------------------------------------------ r949 | marotta | 2008-06-26 18:36:49 +0200 (Thu, 26 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/utils/voms_proxy_info.cc Fix bug with return value for voms-proxy-info. ------------------------------------------------------------------------ r948 | marotta | 2008-06-26 18:03:00 +0200 (Thu, 26 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/lib/newfail.exp M /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp.in M /voms/branches/voms-1-8-series/testsuite/lib/vomstest.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms053.exp Fix for compilation where builddir != srcdir ------------------------------------------------------------------------ r947 | marotta | 2008-06-25 21:17:09 +0200 (Wed, 25 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms056.exp fixed pass caluse in timeout ------------------------------------------------------------------------ r946 | marotta | 2008-06-25 17:24:37 +0200 (Wed, 25 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/utils/voms_proxy_info.cc M /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp M /voms/branches/voms-1-8-series/testsuite/lib/vomstest.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms054.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms055.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms056.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms057.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms058.exp more texts and vom-proxy-info fixes. ------------------------------------------------------------------------ r945 | marotta | 2008-06-25 15:24:34 +0200 (Wed, 25 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms044.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms051.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms052.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms053.exp New test and infrastructure fix. ------------------------------------------------------------------------ r944 | marotta | 2008-06-25 04:05:31 +0200 (Wed, 25 Jun 2008) | 1 line Changed paths: A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms051.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms052.exp voms-proxy-destroy tests. ------------------------------------------------------------------------ r943 | marotta | 2008-06-24 20:12:15 +0200 (Tue, 24 Jun 2008) | 1 line Changed paths: A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms050.exp More tests. ------------------------------------------------------------------------ r942 | marotta | 2008-06-24 18:40:06 +0200 (Tue, 24 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/utils/voms_proxy_info.cc A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms045.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms046.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms047.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms048.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms049.exp even more tests ------------------------------------------------------------------------ r941 | marotta | 2008-06-24 16:36:39 +0200 (Tue, 24 Jun 2008) | 1 line Changed paths: A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms042.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms043.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms044.exp Fixed bugs in voms-proxy-info, plus more tests. ------------------------------------------------------------------------ r940 | marotta | 2008-06-24 16:35:18 +0200 (Tue, 24 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/utils/voms_proxy_info.cc M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms003.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms038.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms039.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms040.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms041.exp Fixed bugs in voms-proxy-info, plus more tests. ------------------------------------------------------------------------ r939 | marotta | 2008-06-18 17:11:48 +0200 (Wed, 18 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/lib/vomstest.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms034.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms035.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms036.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms037.exp More tests + SCRATCHDIR cleanup ------------------------------------------------------------------------ r938 | marotta | 2008-06-18 15:07:46 +0200 (Wed, 18 Jun 2008) | 1 line Changed paths: A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms032.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms033.exp Added even more tests for voms-proxy-info ------------------------------------------------------------------------ r937 | marotta | 2008-06-18 14:35:21 +0200 (Wed, 18 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms019.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms024.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms025.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms026.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms027.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms028.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms029.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms030.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms031.exp Added more tests for voms-proxy-info ------------------------------------------------------------------------ r936 | marotta | 2008-06-18 10:33:33 +0200 (Wed, 18 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/utils/voms_proxy_info.cc A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms023.exp Fixed bug while reporting proxy version. ------------------------------------------------------------------------ r935 | marotta | 2008-06-18 10:16:10 +0200 (Wed, 18 Jun 2008) | 1 line Changed paths: A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms022.exp New test. ------------------------------------------------------------------------ r934 | marotta | 2008-06-18 09:51:30 +0200 (Wed, 18 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms021.exp Made voms-proxy-info report targets. ------------------------------------------------------------------------ r933 | marotta | 2008-06-18 09:50:57 +0200 (Wed, 18 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/utils/voms_proxy_info.cc A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms021.exp Made voms-proxy-info report targets. ------------------------------------------------------------------------ r932 | marotta | 2008-06-17 17:11:50 +0200 (Tue, 17 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/ac/extensions.c M /voms/branches/voms-1-8-series/src/api/ccapi/cinterface.cc M /voms/branches/voms-1-8-series/src/api/ccapi/cinterface.h M /voms/branches/voms-1-8-series/src/api/ccapi/voms_api.cc M /voms/branches/voms-1-8-series/src/api/ccapi/voms_api.h M /voms/branches/voms-1-8-series/src/api/ccapi/voms_apic.h M /voms/branches/voms-1-8-series/src/common/xml.c Fixed bug with targets (second part). ------------------------------------------------------------------------ r931 | marotta | 2008-06-17 17:11:19 +0200 (Tue, 17 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/lib/vomstest.exp A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/loadbyvo.c A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/printtargets.c A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c012.exp A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c013.exp Fixed bug with targets. ------------------------------------------------------------------------ r930 | marotta | 2008-06-16 14:20:46 +0200 (Mon, 16 Jun 2008) | 1 line Changed paths: A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/proxyfromfile.c A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c011.exp Test for VOMS_RetrieveFromFile(). ------------------------------------------------------------------------ r929 | marotta | 2008-06-16 14:03:54 +0200 (Mon, 16 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/api/ccapi/cinterface.cc M /voms/branches/voms-1-8-series/src/api/java/org/glite/voms/PKIStore.java Removed commented out code. ------------------------------------------------------------------------ r928 | marotta | 2008-06-16 13:45:25 +0200 (Mon, 16 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/api/ccapi/cinterface.cc A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/copydata3.c A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c010.exp Fixed bug in VOMS_Copy(). ------------------------------------------------------------------------ r927 | marotta | 2008-06-16 11:17:04 +0200 (Mon, 16 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/api/ccapi/cinterface.cc M /voms/branches/voms-1-8-series/src/api/ccapi/voms_api.cc M /voms/branches/voms-1-8-series/src/log/sl.c M /voms/branches/voms-1-8-series/testsuite/Makefile A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/copydata.c A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/readfromproxy.c A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c007.exp A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c008.exp Fixed bugs with VOMS_Duplicate() and related tests. ------------------------------------------------------------------------ r925 | marotta | 2008-06-12 09:44:04 +0200 (Thu, 12 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/Makefile.in M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/doc/Makefile.in M /voms/branches/voms-1-8-series/project/acinclude.m4 M /voms/branches/voms-1-8-series/src/Makefile.in M /voms/branches/voms-1-8-series/src/ac/Makefile.in M /voms/branches/voms-1-8-series/src/api/Makefile.in M /voms/branches/voms-1-8-series/src/api/ccapi/Makefile.in M /voms/branches/voms-1-8-series/src/api/java/Makefile.in M /voms/branches/voms-1-8-series/src/client/Makefile.in M /voms/branches/voms-1-8-series/src/common/Makefile.in M /voms/branches/voms-1-8-series/src/include/Makefile.in M /voms/branches/voms-1-8-series/src/install/Makefile.in M /voms/branches/voms-1-8-series/src/log/Makefile.in M /voms/branches/voms-1-8-series/src/replib/Makefile.in M /voms/branches/voms-1-8-series/src/replica/Makefile.in M /voms/branches/voms-1-8-series/src/server/Makefile.in M /voms/branches/voms-1-8-series/src/socklib/Makefile.in M /voms/branches/voms-1-8-series/src/sslutils/Makefile.in M /voms/branches/voms-1-8-series/src/sslutils/oldgaa/Makefile.in M /voms/branches/voms-1-8-series/src/utils/Makefile.in M /voms/branches/voms-1-8-series/test/Makefile.in M /voms/branches/voms-1-8-series/test/utest/Makefile.in M /voms/branches/voms-1-8-series/testsuite/Makefile M /voms/branches/voms-1-8-series/testsuite/Makefile.in A /voms/branches/voms-1-8-series/testsuite/SuiteConfig.in Integrated testsuite with configure. ------------------------------------------------------------------------ r924 | marotta | 2008-06-10 17:35:10 +0200 (Tue, 10 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/api/ccapi/cinterface.cc M /voms/branches/voms-1-8-series/src/api/ccapi/voms_apic.h forgot C interface to SetVerificationTime() ------------------------------------------------------------------------ r923 | marotta | 2008-06-10 16:55:06 +0200 (Tue, 10 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/ac/acerrors.h M /voms/branches/voms-1-8-series/src/ac/validate.c M /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-cpp/vomsapi-cpp004.exp Fix for bug #37071 ------------------------------------------------------------------------ r922 | marotta | 2008-06-10 16:32:27 +0200 (Tue, 10 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/ac/validate.c M /voms/branches/voms-1-8-series/src/api/ccapi/api_util.cc M /voms/branches/voms-1-8-series/src/api/ccapi/ccval.cc M /voms/branches/voms-1-8-series/src/api/ccapi/ccval.h M /voms/branches/voms-1-8-series/src/api/ccapi/voms_api.cc M /voms/branches/voms-1-8-series/src/api/ccapi/voms_api.h M /voms/branches/voms-1-8-series/src/include/validate.h Added APIs for validation at specified date (useful for both tests and real). ------------------------------------------------------------------------ r921 | marotta | 2008-06-10 16:31:38 +0200 (Tue, 10 Jun 2008) | 1 line Changed paths: A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-cpp/verifier.cc A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-cpp/vomsapi-cpp004.exp Check to see if 'not yet valid' == 'not valid anymore' ------------------------------------------------------------------------ r920 | marotta | 2008-06-10 14:41:58 +0200 (Tue, 10 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/api/ccapi/api_util.cc Set correct message in case of AC verification failure. ------------------------------------------------------------------------ r919 | marotta | 2008-06-10 10:44:29 +0200 (Tue, 10 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/Makefile.am M /voms/branches/voms-1-8-series/Makefile.in M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/test/Makefile.in D /voms/branches/voms-1-8-series/test/tests Readjusted build to exclude (even more) useless files/dirs ------------------------------------------------------------------------ r918 | marotta | 2008-06-10 10:42:21 +0200 (Tue, 10 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/test/Makefile.am D /voms/branches/voms-1-8-series/test/setup_env.sh D /voms/branches/voms-1-8-series/test/tests/Makefile.am D /voms/branches/voms-1-8-series/test/tests/Makefile.in D /voms/branches/voms-1-8-series/test/tests/masstest.sh D /voms/branches/voms-1-8-series/test/tests/servicecert.sh D /voms/branches/voms-1-8-series/test/tests/simpleac.sh D /voms/branches/voms-1-8-series/test/tests/spurious.sh D /voms/branches/voms-1-8-series/test/tests/voms_install_db_test1.sh D /voms/branches/voms-1-8-series/test/tests/voms_install_db_test2.sh Readjusted build to exclude (more) useless files/dirs ------------------------------------------------------------------------ r917 | marotta | 2008-06-10 10:39:47 +0200 (Tue, 10 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/Makefile.in M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/src/Makefile.am M /voms/branches/voms-1-8-series/src/Makefile.in D /voms/branches/voms-1-8-series/src/support Readjusted build to exclude useless files/dirs ------------------------------------------------------------------------ r916 | marotta | 2008-06-10 10:37:32 +0200 (Tue, 10 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/configure.ac D /voms/branches/voms-1-8-series/src/server/access_db_sql.cc D /voms/branches/voms-1-8-series/src/server/access_db_sql.h D /voms/branches/voms-1-8-series/src/support/Makefile.am D /voms/branches/voms-1-8-series/src/support/Makefile.in D /voms/branches/voms-1-8-series/src/support/test_clean.in D /voms/branches/voms-1-8-series/src/support/test_setup.in D /voms/branches/voms-1-8-series/src/support/test_start.in D /voms/branches/voms-1-8-series/src/support/testvoms.in M /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp.in Removed unused files ------------------------------------------------------------------------ r915 | marotta | 2008-06-10 10:21:48 +0200 (Tue, 10 Jun 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/common/options.cc M /voms/branches/voms-1-8-series/src/server/vomsd.cc M /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp M /voms/branches/voms-1-8-series/testsuite/lib/vomstest.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms020.exp Fix for bug #37008 ------------------------------------------------------------------------ r914 | marotta | 2008-05-30 15:15:23 +0200 (Fri, 30 May 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms006.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms007.exp M /voms/branches/voms-1-8-series/testsuite/voms/voms/voms020.exp Corrected various errors in test cases. ------------------------------------------------------------------------ r913 | marotta | 2008-05-29 15:37:08 +0200 (Thu, 29 May 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms020.exp Added test for long FQANs. ------------------------------------------------------------------------ r912 | marotta | 2008-05-16 09:57:59 +0200 (Fri, 16 May 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/install/voms_install_db.in M /voms/branches/voms-1-8-series/src/log/fs.c M /voms/branches/voms-1-8-series/src/utils/voms_proxy_info.cc M /voms/branches/voms-1-8-series/testsuite/site.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms018.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms/voms019.exp Fixes for bugs #36573, #36052 ------------------------------------------------------------------------ r909 | marotta | 2008-04-30 11:58:48 +0200 (Wed, 30 Apr 2008) | 1 line Changed paths: A /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp corrected. ------------------------------------------------------------------------ r908 | marotta | 2008-04-30 11:57:46 +0200 (Wed, 30 Apr 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/Makefile.in M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/src/api/ccapi/api_util.cc M /voms/branches/voms-1-8-series/src/install/voms_install_db.in M /voms/branches/voms-1-8-series/src/server/attribute.cc M /voms/branches/voms-1-8-series/testsuite/Makefile M /voms/branches/voms-1-8-series/testsuite/Makefile.am M /voms/branches/voms-1-8-series/testsuite/lib/newfail.exp D /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp A /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp.in (from /voms/branches/testsuite/testsuite/lib/vomssetup.exp.in:905) M /voms/branches/voms-1-8-series/testsuite/lib/vomstest.exp A /voms/branches/voms-1-8-series/testsuite/voms/voms (from /voms/branches/testsuite/testsuite/voms/voms:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms001.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms001.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms002.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms002.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms003.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms003.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms004.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms004.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms005.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms005.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms006.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms006.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms007.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms007.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms008.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms008.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms009.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms009.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms010.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms010.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms011.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms011.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms012.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms012.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms013.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms013.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms014.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms014.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms015.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms015.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms016.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms016.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/voms/voms017.exp (from /voms/branches/testsuite/testsuite/voms/voms/voms017.exp:905) D /voms/branches/voms-1-8-series/testsuite/voms/voms.exp D /voms/branches/voms-1-8-series/testsuite/voms/voms01.exp D /voms/branches/voms-1-8-series/testsuite/voms/voms02.exp D /voms/branches/voms-1-8-series/testsuite/voms/voms03.exp D /voms/branches/voms-1-8-series/testsuite/voms/voms04.exp D /voms/branches/voms-1-8-series/testsuite/voms/voms05.exp D /voms/branches/voms-1-8-series/testsuite/voms/voms06.exp D /voms/branches/voms-1-8-series/testsuite/voms/voms07.exp D /voms/branches/voms-1-8-series/testsuite/voms/voms2.exp A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c (from /voms/branches/testsuite/testsuite/voms/vomsapi-c:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/basictest.c (from /voms/branches/testsuite/testsuite/voms/vomsapi-c/basictest.c:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/loadbyalias.c (from /voms/branches/testsuite/testsuite/voms/vomsapi-c/loadbyalias.c:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/makeac.c (from /voms/branches/testsuite/testsuite/voms/vomsapi-c/makeac.c:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/parsetest.c (from /voms/branches/testsuite/testsuite/voms/vomsapi-c/parsetest.c:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c001.exp (from /voms/branches/testsuite/testsuite/voms/vomsapi-c/vomsapi-c001.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c002.exp (from /voms/branches/testsuite/testsuite/voms/vomsapi-c/vomsapi-c002.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c003.exp (from /voms/branches/testsuite/testsuite/voms/vomsapi-c/vomsapi-c003.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c004.exp (from /voms/branches/testsuite/testsuite/voms/vomsapi-c/vomsapi-c004.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c005.exp (from /voms/branches/testsuite/testsuite/voms/vomsapi-c/vomsapi-c005.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-c/vomsapi-c006.exp (from /voms/branches/testsuite/testsuite/voms/vomsapi-c/vomsapi-c006.exp:905) A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-cpp (from /voms/branches/testsuite/testsuite/voms/vomsapi-cpp:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-cpp/basictest.cc (from /voms/branches/testsuite/testsuite/voms/vomsapi-cpp/basictest.cc:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-cpp/parsertest.cc (from /voms/branches/testsuite/testsuite/voms/vomsapi-cpp/parsertest.cc:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-cpp/vomsapi-cpp001.exp (from /voms/branches/testsuite/testsuite/voms/vomsapi-cpp/vomsapi-cpp001.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-cpp/vomsapi-cpp002.exp (from /voms/branches/testsuite/testsuite/voms/vomsapi-cpp/vomsapi-cpp002.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-cpp/vomsapi-cpp003.exp (from /voms/branches/testsuite/testsuite/voms/vomsapi-cpp/vomsapi-cpp003.exp:905) A /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-java (from /voms/branches/testsuite/testsuite/voms/vomsapi-java:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-java/basictest.java (from /voms/branches/testsuite/testsuite/voms/vomsapi-java/basictest.java:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-java/vomsapi-java001.exp (from /voms/branches/testsuite/testsuite/voms/vomsapi-java/vomsapi-java001.exp:905) R /voms/branches/voms-1-8-series/testsuite/voms/vomsapi-java/vomsapi-java002.exp (from /voms/branches/testsuite/testsuite/voms/vomsapi-java/vomsapi-java002.exp:905) merged -r 885:905 https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/testsuite ------------------------------------------------------------------------ r907 | marotta | 2008-04-30 11:53:10 +0200 (Wed, 30 Apr 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/Makefile.am M /voms/branches/voms-1-8-series/Makefile.in M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/test/setup_env.sh A /voms/branches/voms-1-8-series/testsuite (from /voms/branches/testsuite/testsuite:884) R /voms/branches/voms-1-8-series/testsuite/Makefile (from /voms/branches/testsuite/testsuite/Makefile:884) R /voms/branches/voms-1-8-series/testsuite/Makefile.am (from /voms/branches/testsuite/testsuite/Makefile.am:884) R /voms/branches/voms-1-8-series/testsuite/Makefile.in (from /voms/branches/testsuite/testsuite/Makefile.in:884) R /voms/branches/voms-1-8-series/testsuite/lib (from /voms/branches/testsuite/testsuite/lib:884) R /voms/branches/voms-1-8-series/testsuite/lib/db.exp (from /voms/branches/testsuite/testsuite/lib/db.exp:884) R /voms/branches/voms-1-8-series/testsuite/lib/newfail.exp (from /voms/branches/testsuite/testsuite/lib/newfail.exp:884) R /voms/branches/voms-1-8-series/testsuite/lib/vomslib.exp (from /voms/branches/testsuite/testsuite/lib/vomslib.exp:884) R /voms/branches/voms-1-8-series/testsuite/lib/vomssetup.exp (from /voms/branches/testsuite/testsuite/lib/vomssetup.exp:884) R /voms/branches/voms-1-8-series/testsuite/lib/vomstest.exp (from /voms/branches/testsuite/testsuite/lib/vomstest.exp:884) R /voms/branches/voms-1-8-series/testsuite/lib/whois.exp (from /voms/branches/testsuite/testsuite/lib/whois.exp:884) R /voms/branches/voms-1-8-series/testsuite/site.exp (from /voms/branches/testsuite/testsuite/site.exp:884) R /voms/branches/voms-1-8-series/testsuite/voms (from /voms/branches/testsuite/testsuite/voms:884) R /voms/branches/voms-1-8-series/testsuite/voms/voms.exp (from /voms/branches/testsuite/testsuite/voms/voms.exp:884) R /voms/branches/voms-1-8-series/testsuite/voms/voms01.exp (from /voms/branches/testsuite/testsuite/voms/voms01.exp:884) R /voms/branches/voms-1-8-series/testsuite/voms/voms02.exp (from /voms/branches/testsuite/testsuite/voms/voms02.exp:884) R /voms/branches/voms-1-8-series/testsuite/voms/voms03.exp (from /voms/branches/testsuite/testsuite/voms/voms03.exp:884) R /voms/branches/voms-1-8-series/testsuite/voms/voms04.exp (from /voms/branches/testsuite/testsuite/voms/voms04.exp:884) R /voms/branches/voms-1-8-series/testsuite/voms/voms05.exp (from /voms/branches/testsuite/testsuite/voms/voms05.exp:884) R /voms/branches/voms-1-8-series/testsuite/voms/voms06.exp (from /voms/branches/testsuite/testsuite/voms/voms06.exp:884) R /voms/branches/voms-1-8-series/testsuite/voms/voms07.exp (from /voms/branches/testsuite/testsuite/voms/voms07.exp:884) R /voms/branches/voms-1-8-series/testsuite/voms/voms2.exp (from /voms/branches/testsuite/testsuite/voms/voms2.exp:884) merged -r 809:884 https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/testsuite ------------------------------------------------------------------------ r906 | marotta | 2008-04-30 11:48:41 +0200 (Wed, 30 Apr 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/project/ltmain.sh M /voms/branches/voms-1-8-series/src/api/java/log4j.properties M /voms/branches/voms-1-8-series/src/autogen/config.h.in M /voms/branches/voms-1-8-series/src/replica/voms_install_replica.in Committing changes. ------------------------------------------------------------------------ r850 | marotta | 2008-02-21 17:25:31 +0100 (Thu, 21 Feb 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/configure Fixes for building with the upcoming VDT 1.8.2 (autogenerated files) ------------------------------------------------------------------------ r849 | marotta | 2008-02-21 17:13:53 +0100 (Thu, 21 Feb 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/project/acinclude.m4 M /voms/branches/voms-1-8-series/src/client/vomsclient.cc Fixes for building with the upcoming VDT 1.8.2 ------------------------------------------------------------------------ r821 | marotta | 2008-02-05 10:28:25 +0100 (Tue, 05 Feb 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/project/version.properties Upgraded version to 1.8.3 ------------------------------------------------------------------------ r820 | marotta | 2008-02-04 16:11:38 +0100 (Mon, 04 Feb 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/client/fqan.cc M /voms/branches/voms-1-8-series/src/client/vomsclient.cc M /voms/branches/voms-1-8-series/src/log/log.c M /voms/branches/voms-1-8-series/src/server/vomsd.cc Fixed bug #33212, error message by voms-proxy-init, plus mistake in logging. ------------------------------------------------------------------------ r795 | marotta | 2008-01-16 10:13:59 +0100 (Wed, 16 Jan 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/Makefile.in M /voms/branches/voms-1-8-series/aclocal.m4 M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/doc/Makefile.in M /voms/branches/voms-1-8-series/project/config.guess M /voms/branches/voms-1-8-series/project/config.sub M /voms/branches/voms-1-8-series/project/ltmain.sh M /voms/branches/voms-1-8-series/project/version.properties M /voms/branches/voms-1-8-series/src/Makefile.in M /voms/branches/voms-1-8-series/src/ac/Makefile.in M /voms/branches/voms-1-8-series/src/api/Makefile.in M /voms/branches/voms-1-8-series/src/api/ccapi/Makefile.in M /voms/branches/voms-1-8-series/src/api/java/Makefile.in M /voms/branches/voms-1-8-series/src/client/Makefile.in M /voms/branches/voms-1-8-series/src/common/Makefile.in M /voms/branches/voms-1-8-series/src/include/Makefile.in M /voms/branches/voms-1-8-series/src/install/Makefile.in M /voms/branches/voms-1-8-series/src/log/Makefile.in M /voms/branches/voms-1-8-series/src/replib/Makefile.in M /voms/branches/voms-1-8-series/src/replica/Makefile.in M /voms/branches/voms-1-8-series/src/server/Makefile.in M /voms/branches/voms-1-8-series/src/socklib/Makefile.in M /voms/branches/voms-1-8-series/src/sslutils/Makefile.in M /voms/branches/voms-1-8-series/src/sslutils/oldgaa/Makefile.in M /voms/branches/voms-1-8-series/src/support/Makefile.in M /voms/branches/voms-1-8-series/src/utils/Makefile.in M /voms/branches/voms-1-8-series/test/Makefile.in M /voms/branches/voms-1-8-series/test/tests/Makefile.in M /voms/branches/voms-1-8-series/test/utest/Makefile.in Version bump to 1.8.2 ------------------------------------------------------------------------ r792 | marotta | 2008-01-15 15:56:26 +0100 (Tue, 15 Jan 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/server/vomsd.cc Fix for bug #31476 (logging stops) (really, now) ------------------------------------------------------------------------ r791 | marotta | 2008-01-15 15:55:02 +0100 (Tue, 15 Jan 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/include/log.h M /voms/branches/voms-1-8-series/src/log/log.c M /voms/branches/voms-1-8-series/src/server/vomsd.cc Fix for bug #31476 (logging stops) ------------------------------------------------------------------------ r788 | marotta | 2008-01-14 11:35:17 +0100 (Mon, 14 Jan 2008) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/api/java/org/glite/voms/PKIVerifier.java Fixed verification of CRL from CNRS CAs ------------------------------------------------------------------------ r782 | marotta | 2007-12-21 17:00:35 +0100 (Fri, 21 Dec 2007) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/utils/voms_proxy_info.cc Corrected voms-proxy-info returning wrong value. ------------------------------------------------------------------------ r780 | marotta | 2007-12-21 15:08:39 +0100 (Fri, 21 Dec 2007) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/install/Makefile.am M /voms/branches/voms-1-8-series/src/install/Makefile.in A /voms/branches/voms-1-8-series/src/install/voms-ping (from /voms/branches/voms-1-8-series/src/install/voms.ping:779) D /voms/branches/voms-1-8-series/src/install/voms.ping Corrected voms-ping script ------------------------------------------------------------------------ r779 | marotta | 2007-12-21 14:52:14 +0100 (Fri, 21 Dec 2007) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/install/voms.ping Added voms.ping ------------------------------------------------------------------------ r778 | marotta | 2007-12-21 11:19:24 +0100 (Fri, 21 Dec 2007) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/install/Makefile.am M /voms/branches/voms-1-8-series/src/install/Makefile.in A /voms/branches/voms-1-8-series/src/install/voms.ping Added voms.ping ------------------------------------------------------------------------ r777 | marotta | 2007-12-21 10:33:29 +0100 (Fri, 21 Dec 2007) | 1 line Changed paths: M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/project/version.properties Updated version number to 1.8.1. ------------------------------------------------------------------------ r771 | marotta | 2007-12-20 17:56:57 +0100 (Thu, 20 Dec 2007) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/common/xml.c Fix for the base64 decoding bug. ------------------------------------------------------------------------ r767 | marotta | 2007-12-20 12:08:39 +0100 (Thu, 20 Dec 2007) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/sslutils/oldgaa/globus_oldgaa_utils.c M /voms/branches/voms-1-8-series/src/sslutils/oldgaa/oldgaa_utils.c Final fix for bug #32310. ------------------------------------------------------------------------ r766 | marotta | 2007-12-19 19:33:27 +0100 (Wed, 19 Dec 2007) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/include/log.h M /voms/branches/voms-1-8-series/src/log/log.c M /voms/branches/voms-1-8-series/src/server/vomsd.cc removed improper commit ------------------------------------------------------------------------ r765 | marotta | 2007-12-19 19:28:42 +0100 (Wed, 19 Dec 2007) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/include/log.h M /voms/branches/voms-1-8-series/src/log/log.c M /voms/branches/voms-1-8-series/src/server/vomsd.cc M /voms/branches/voms-1-8-series/src/sslutils/oldgaa/globus_oldgaa_utils.c M /voms/branches/voms-1-8-series/src/sslutils/oldgaa/oldgaa_utils.c temporari fix to bug #32310 ------------------------------------------------------------------------ r763 | marotta | 2007-12-11 10:27:28 +0100 (Tue, 11 Dec 2007) | 1 line Changed paths: M /voms/branches/voms-1-8-series/src/utils/voms_proxy_info.cc Fix for bug #31800 ------------------------------------------------------------------------ r736 | marotta | 2007-11-21 10:07:17 +0100 (Wed, 21 Nov 2007) | 1 line Changed paths: M /voms/branches/voms-1-8-series/configure M /voms/branches/voms-1-8-series/configure.ac M /voms/branches/voms-1-8-series/project/acinclude.m4 M /voms/branches/voms-1-8-series/project/version.properties M /voms/branches/voms-1-8-series/src/api/ccapi/Makefile.am M /voms/branches/voms-1-8-series/src/api/ccapi/Makefile.in M /voms/branches/voms-1-8-series/src/api/ccapi/cinterface.cc M /voms/branches/voms-1-8-series/src/api/ccapi/ctest.c M /voms/branches/voms-1-8-series/src/api/ccapi/voms_api.cc M /voms/branches/voms-1-8-series/src/include/dbwrap.h merged -r 726:731 https://svn.forge.cnaf.infn.it/svn/voms/voms/trunk ------------------------------------------------------------------------ r727 | marotta | 2007-11-19 15:51:29 +0100 (Mon, 19 Nov 2007) | 1 line Changed paths: A /voms/branches/voms-1-8-series (from /voms/trunk:726) From release 726 of trunk. ------------------------------------------------------------------------ r726 | marotta | 2007-11-19 15:49:33 +0100 (Mon, 19 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/log/sl.c M /voms/trunk/src/server/vomsd.cc M /voms/trunk/src/socklib/Server.cpp Conformance to logging document. ------------------------------------------------------------------------ r725 | marotta | 2007-11-19 15:14:05 +0100 (Mon, 19 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/server/vomsd.cc Fixed wrong logging level. ------------------------------------------------------------------------ r724 | marotta | 2007-11-19 15:00:44 +0100 (Mon, 19 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/test.cc M /voms/trunk/src/api/ccapi/voms_api.cc Cleaned up valgrind hits. ------------------------------------------------------------------------ r723 | marotta | 2007-11-19 11:39:25 +0100 (Mon, 19 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/api/java/org/glite/voms/contact/VOMSRequestFactory.java M /voms/trunk/src/api/java/org/glite/voms/contact/VOMSResponse.java M /voms/trunk/src/common/xml.c M /voms/trunk/src/common/xmlcc.cc M /voms/trunk/src/include/vomsxml.h M /voms/trunk/src/include/xml.h Added version tag to both answer and response messages. ------------------------------------------------------------------------ r722 | marotta | 2007-11-19 10:27:59 +0100 (Mon, 19 Nov 2007) | 1 line Changed paths: M /voms/trunk/configure M /voms/trunk/src/autogen/config.h.in M /voms/trunk/src/server/Makefile.in Removed incompatible build option. ------------------------------------------------------------------------ r721 | marotta | 2007-11-16 15:15:43 +0100 (Fri, 16 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/server/vomsd.cc OOPS! --insecure was already present. ------------------------------------------------------------------------ r720 | marotta | 2007-11-16 15:14:16 +0100 (Fri, 16 Nov 2007) | 1 line Changed paths: M /voms/trunk/configure.ac M /voms/trunk/project/acinclude.m4 M /voms/trunk/src/server/vomsd.cc Added documentation of --insecure option on command help. ------------------------------------------------------------------------ r718 | marotta | 2007-11-15 19:34:41 +0100 (Thu, 15 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/ac/extensions.c M /voms/trunk/src/ac/validate.c M /voms/trunk/src/ac/write.c M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/common/credentials.c M /voms/trunk/src/server/vomsd.cc M /voms/trunk/src/sslutils/oldgaa/oldgaa_gl_internal_err.c M /voms/trunk/src/sslutils/oldgaa/oldgaa_release.c M /voms/trunk/src/sslutils/oldgaa/oldgaa_utils.c M /voms/trunk/src/sslutils/proxycertinfo.c M /voms/trunk/src/sslutils/sslutils.c M /voms/trunk/src/sslutils/sslutils.h M /voms/trunk/src/utils/voms_proxy_info.cc M /voms/trunk/src/utils/vomsfake.cc Integrated Eamonn's patch for Openssl 0.9.8 compilation and general tightening. ------------------------------------------------------------------------ r717 | marotta | 2007-11-15 18:16:53 +0100 (Thu, 15 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/ac/newformat.c M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/cinterface.cc M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/common/credentials.c M /voms/trunk/src/include/newformat.h M /voms/trunk/src/server/Makefile.am Integrated patch for MAC compilation from Patrick Carlisle. ------------------------------------------------------------------------ r716 | marotta | 2007-11-15 17:51:10 +0100 (Thu, 15 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/common/data.cc M /voms/trunk/src/common/pass.cc M /voms/trunk/src/include/dbwrap.h M /voms/trunk/src/server/Makefile.am M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/server/VOMSServer.h M /voms/trunk/src/server/attribute.cc M /voms/trunk/src/server/attribute.h M /voms/trunk/src/server/main.cc M /voms/trunk/src/server/vomsd.cc merged 663:710 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/multiple_certs_real ------------------------------------------------------------------------ r715 | marotta | 2007-11-15 16:26:35 +0100 (Thu, 15 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/server/access_db_sql.cc M /voms/trunk/src/server/vomsd.cc moved get_serial() ------------------------------------------------------------------------ r714 | marotta | 2007-11-15 16:24:19 +0100 (Thu, 15 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/server/Makefile.am M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/server/access_db_sql.cc A /voms/trunk/src/server/uuid.c (from /voms/branches/uuidwork/src/server/uuid.c:680) A /voms/trunk/src/server/uuid.h (from /voms/branches/uuidwork/src/server/uuid.h:680) Merged 644:680 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/uuidwork ------------------------------------------------------------------------ r713 | marotta | 2007-11-15 15:36:36 +0100 (Thu, 15 Nov 2007) | 1 line Changed paths: M /voms/trunk/Makefile.am M /voms/trunk/Makefile.in M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/Makefile.am M /voms/trunk/doc/Makefile.in D /voms/trunk/doc/testvoms.sgml A /voms/trunk/doc/testvoms.xml (from /voms/branches/voms-1-7-series/doc/testvoms.xml:694) A /voms/trunk/doc/voms-install-replica.xml (from /voms/branches/voms-1-7-series/doc/voms-install-replica.xml:694) D /voms/trunk/doc/voms-proxy-destroy.sgml A /voms/trunk/doc/voms-proxy-destroy.xml (from /voms/branches/voms-1-7-series/doc/voms-proxy-destroy.xml:694) D /voms/trunk/doc/voms-proxy-fake.sgml A /voms/trunk/doc/voms-proxy-fake.xml (from /voms/branches/voms-1-7-series/doc/voms-proxy-fake.xml:694) D /voms/trunk/doc/voms-proxy-info.sgml A /voms/trunk/doc/voms-proxy-info.xml (from /voms/branches/voms-1-7-series/doc/voms-proxy-info.xml:694) D /voms/trunk/doc/voms-proxy-init.sgml A /voms/trunk/doc/voms-proxy-init.xml (from /voms/branches/voms-1-7-series/doc/voms-proxy-init.xml:694) D /voms/trunk/doc/voms-proxy-list.sgml A /voms/trunk/doc/voms-proxy-list.xml (from /voms/branches/voms-1-7-series/doc/voms-proxy-list.xml:694) D /voms/trunk/doc/voms.sgml A /voms/trunk/doc/voms.xml (from /voms/branches/voms-1-7-series/doc/voms.xml:694) D /voms/trunk/doc/voms_install_db.sgml D /voms/trunk/doc/voms_install_replica.sgml M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/version.properties M /voms/trunk/src/Makefile.am M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/api/Makefile.am M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/java/Makefile.in M /voms/trunk/src/api/java/log4j.properties M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/client/contact.hpp M /voms/trunk/src/client/fqan.cc M /voms/trunk/src/client/fqan.h M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/socklib/Makefile.in D /voms/trunk/src/socklib/globus_oldgaa.h D /voms/trunk/src/socklib/globus_oldgaa_utils.h M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/support/Makefile.in M /voms/trunk/src/utils/Makefile.in M /voms/trunk/test/Makefile.in M /voms/trunk/test/tests/Makefile.in M /voms/trunk/test/utest/Makefile.in Merged revisions 656:694 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/voms-1-7-series. ------------------------------------------------------------------------ r712 | marotta | 2007-11-15 14:54:03 +0100 (Thu, 15 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/api/ccapi/test.cc M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/api/java/Makefile.in M /voms/trunk/src/api/java/Manifest.add M /voms/trunk/src/api/java/log4j.properties M /voms/trunk/src/api/java/org/glite/voms/contact/VOMSDecoder.java M /voms/trunk/src/api/java/org/glite/voms/contact/VOMSRequestFactory.java M /voms/trunk/src/common/xml.c M /voms/trunk/src/common/xmlcc.cc M /voms/trunk/src/include/vomsxml.h M /voms/trunk/src/include/xml.h M /voms/trunk/src/server/VOMSServer.h M /voms/trunk/src/server/vomsd.cc Verified OpenSSL.base64() and Retrieve(File *f, how) ------------------------------------------------------------------------ r705 | marotta | 2007-11-06 17:22:31 +0100 (Tue, 06 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/log/fs.c M /voms/trunk/src/log/log.c M /voms/trunk/src/socklib/globuswrap.c M /voms/trunk/src/sslutils/proxycertinfo.c M /voms/trunk/src/sslutils/sslutils.c Fixed various warnings, especially those from bug #27431 ------------------------------------------------------------------------ r704 | marotta | 2007-11-06 12:31:26 +0100 (Tue, 06 Nov 2007) | 1 line Changed paths: M /voms/trunk/src/api/ccapi/cinterface.cc M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/api/ccapi/voms_api.h M /voms/trunk/src/api/ccapi/voms_apic.h Candidate fixes for bugs #27496 and #28998 ------------------------------------------------------------------------ r668 | marotta | 2007-09-10 17:15:33 +0200 (Mon, 10 Sep 2007) | 1 line Changed paths: M /voms/trunk/src/api/java/Makefile.am Updated Makefile. ------------------------------------------------------------------------ r667 | andrea | 2007-09-10 17:13:54 +0200 (Mon, 10 Sep 2007) | 1 line Changed paths: D /voms/trunk/src/api/java/org/glite/security Renamed java api package name to org.glite.voms ------------------------------------------------------------------------ r666 | andrea | 2007-09-10 17:13:19 +0200 (Mon, 10 Sep 2007) | 1 line Changed paths: D /voms/trunk/src/api/java/org/glite/security/voms Renamed java api package name to org.glite.voms ------------------------------------------------------------------------ r665 | andrea | 2007-09-10 17:12:32 +0200 (Mon, 10 Sep 2007) | 1 line Changed paths: A /voms/trunk/.classpath A /voms/trunk/.settings A /voms/trunk/.settings/org.eclipse.jdt.core.prefs A /voms/trunk/.settings/org.eclipse.jdt.ui.prefs A /voms/trunk/.settings/org.hibernate.eclipse.console.prefs M /voms/trunk/build.xml D /voms/trunk/src/api/java/org/glite/security/voms/contact Renamed java api package name to org.glite.voms ------------------------------------------------------------------------ r664 | andrea | 2007-09-10 17:08:29 +0200 (Mon, 10 Sep 2007) | 1 line Changed paths: D /voms/trunk/src/api/java/org/glite/security/voms/BasicVOMSTrustStore.java D /voms/trunk/src/api/java/org/glite/security/voms/FQAN.java D /voms/trunk/src/api/java/org/glite/security/voms/LICENSE D /voms/trunk/src/api/java/org/glite/security/voms/LSCFile.java D /voms/trunk/src/api/java/org/glite/security/voms/PKIStore.java D /voms/trunk/src/api/java/org/glite/security/voms/PKIUtils.java D /voms/trunk/src/api/java/org/glite/security/voms/PKIVerifier.java D /voms/trunk/src/api/java/org/glite/security/voms/SigningPolicy.java D /voms/trunk/src/api/java/org/glite/security/voms/VOMSAttribute.java D /voms/trunk/src/api/java/org/glite/security/voms/VOMSValidator.java D /voms/trunk/src/api/java/org/glite/security/voms/ac D /voms/trunk/src/api/java/org/glite/security/voms/contact/MyProxyCertInfo.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/PathNamingScheme.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/Test.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/UserCredentials.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSDecoder.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSESFileParser.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSErrorMessage.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSException.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSParser.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSProtocol.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSProxyBuilder.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSProxyInit.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSRequestFactory.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSRequestOptions.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSResponse.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSServerInfo.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSServerMap.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSSocket.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSSyntaxException.java D /voms/trunk/src/api/java/org/glite/security/voms/contact/cli A /voms/trunk/src/api/java/org/glite/voms A /voms/trunk/src/api/java/org/glite/voms/BasicVOMSTrustStore.java (from /voms/trunk/src/api/java/org/glite/security/voms/BasicVOMSTrustStore.java:663) A /voms/trunk/src/api/java/org/glite/voms/FQAN.java (from /voms/trunk/src/api/java/org/glite/security/voms/FQAN.java:663) A /voms/trunk/src/api/java/org/glite/voms/LICENSE (from /voms/trunk/src/api/java/org/glite/security/voms/LICENSE:663) A /voms/trunk/src/api/java/org/glite/voms/LSCFile.java (from /voms/trunk/src/api/java/org/glite/security/voms/LSCFile.java:663) A /voms/trunk/src/api/java/org/glite/voms/PKIStore.java (from /voms/trunk/src/api/java/org/glite/security/voms/PKIStore.java:663) A /voms/trunk/src/api/java/org/glite/voms/PKIUtils.java (from /voms/trunk/src/api/java/org/glite/security/voms/PKIUtils.java:663) A /voms/trunk/src/api/java/org/glite/voms/PKIVerifier.java (from /voms/trunk/src/api/java/org/glite/security/voms/PKIVerifier.java:663) A /voms/trunk/src/api/java/org/glite/voms/SigningPolicy.java (from /voms/trunk/src/api/java/org/glite/security/voms/SigningPolicy.java:663) A /voms/trunk/src/api/java/org/glite/voms/VOMSAttribute.java (from /voms/trunk/src/api/java/org/glite/security/voms/VOMSAttribute.java:663) A /voms/trunk/src/api/java/org/glite/voms/VOMSValidator.java (from /voms/trunk/src/api/java/org/glite/security/voms/VOMSValidator.java:663) A /voms/trunk/src/api/java/org/glite/voms/ac (from /voms/trunk/src/api/java/org/glite/security/voms/ac:663) M /voms/trunk/src/api/java/org/glite/voms/ac/ACCerts.java M /voms/trunk/src/api/java/org/glite/voms/ac/ACGenerator.java M /voms/trunk/src/api/java/org/glite/voms/ac/ACTarget.java M /voms/trunk/src/api/java/org/glite/voms/ac/ACTargets.java M /voms/trunk/src/api/java/org/glite/voms/ac/ACTrustStore.java M /voms/trunk/src/api/java/org/glite/voms/ac/ACValidator.java M /voms/trunk/src/api/java/org/glite/voms/ac/AttCertIssuer.java M /voms/trunk/src/api/java/org/glite/voms/ac/AttributeCertificate.java M /voms/trunk/src/api/java/org/glite/voms/ac/AttributeCertificateInfo.java M /voms/trunk/src/api/java/org/glite/voms/ac/AttributeHolder.java M /voms/trunk/src/api/java/org/glite/voms/ac/FullAttributes.java M /voms/trunk/src/api/java/org/glite/voms/ac/GenericAttribute.java M /voms/trunk/src/api/java/org/glite/voms/ac/Holder.java M /voms/trunk/src/api/java/org/glite/voms/ac/IetfAttrSyntax.java M /voms/trunk/src/api/java/org/glite/voms/ac/ObjectDigestInfo.java M /voms/trunk/src/api/java/org/glite/voms/ac/Util.java M /voms/trunk/src/api/java/org/glite/voms/ac/V2Form.java M /voms/trunk/src/api/java/org/glite/voms/ac/VOMSTrustStore.java A /voms/trunk/src/api/java/org/glite/voms/contact A /voms/trunk/src/api/java/org/glite/voms/contact/MyProxyCertInfo.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/MyProxyCertInfo.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/PathNamingScheme.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/PathNamingScheme.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/Test.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/Test.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/UserCredentials.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/UserCredentials.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSDecoder.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSDecoder.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSESFileParser.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSESFileParser.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSErrorMessage.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSErrorMessage.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSException.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSException.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSParser.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSParser.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSProtocol.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSProtocol.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSProxyBuilder.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSProxyBuilder.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSProxyInit.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSProxyInit.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSRequestFactory.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSRequestFactory.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSRequestOptions.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSRequestOptions.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSResponse.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSResponse.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSServerInfo.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSServerInfo.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSServerMap.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSServerMap.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSSocket.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSSocket.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/VOMSSyntaxException.java (from /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSSyntaxException.java:663) A /voms/trunk/src/api/java/org/glite/voms/contact/cli (from /voms/trunk/src/api/java/org/glite/security/voms/contact/cli:663) M /voms/trunk/src/api/java/org/glite/voms/contact/cli/VomsProxyInitClient.java Renamed java api package name to org.glite.voms ------------------------------------------------------------------------ r660 | marotta | 2007-09-07 14:52:09 +0200 (Fri, 07 Sep 2007) | 1 line Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/src/autogen/config.h.in M /voms/trunk/src/sslutils/sslutils.c M /voms/trunk/src/utils/voms_proxy_info.cc Fixed bug #28753: [VOMS 1.7.20-1] strange time offset on Mac OS X 10.4 ------------------------------------------------------------------------ r657 | marotta | 2007-07-31 11:26:33 +0200 (Tue, 31 Jul 2007) | 1 line Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/version.properties M /voms/trunk/src/api/java/log4j.properties M /voms/trunk/src/api/java/org/glite/security/voms/PKIUtils.java Merged 641:656 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/voms-1-7-series ------------------------------------------------------------------------ r643 | marotta | 2007-07-09 16:53:52 +0200 (Mon, 09 Jul 2007) | 1 line Changed paths: M /voms/trunk/src/common/xmlcc.cc M /voms/trunk/src/server/vomsd.cc M /voms/trunk/src/socklib/Server.cpp M /voms/trunk/src/socklib/globuswrap.c M /voms/trunk/src/socklib/tokens.c Merged revisions 635:640 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/sslandgsi ------------------------------------------------------------------------ r642 | marotta | 2007-07-09 16:35:42 +0200 (Mon, 09 Jul 2007) | 1 line Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/version.properties M /voms/trunk/src/client/vomsclient.cc Merged revisions 633:641 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/voms-1-7-series ------------------------------------------------------------------------ r634 | marotta | 2007-07-04 10:17:17 +0200 (Wed, 04 Jul 2007) | 1 line Changed paths: M /voms/trunk/doc/voms-proxy-init.sgml M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/client/vomsclient.h Merged revisions 628:633 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/voms-1-7-series ------------------------------------------------------------------------ r629 | marotta | 2007-07-03 13:44:41 +0200 (Tue, 03 Jul 2007) | 1 line Changed paths: M /voms/trunk/Makefile.am M /voms/trunk/Makefile.in M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/Makefile.in M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/project/version.properties M /voms/trunk/src/Makefile.am M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.am M /voms/trunk/src/ac/Makefile.in D /voms/trunk/src/ac/attributes.c M /voms/trunk/src/ac/extensions.c M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/api/ccapi/cinterface.h M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/api/java/Makefile.in M /voms/trunk/src/api/java/log4j.properties M /voms/trunk/src/api/java/org/glite/security/voms/PKIVerifier.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/AttributeCertificate.java M /voms/trunk/src/api/java/org/glite/security/voms/contact/UserCredentials.java M /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSProxyBuilder.java M /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSProxyInit.java M /voms/trunk/src/api/java/org/glite/security/voms/contact/cli/VomsProxyInitClient.java M /voms/trunk/src/autogen/config.h.in M /voms/trunk/src/client/Makefile.am M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/common/Makefile.am M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/common/options.cc M /voms/trunk/src/common/xml.c M /voms/trunk/src/common/xmlcc.cc M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/install/voms.start.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replib/getopt_long.c M /voms/trunk/src/replib/getopt_long_only.c A /voms/trunk/src/replib/memset.c (from /voms/branches/voms-1-7-series/src/replib/memset.c:628) M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.am M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/server/attribute.cc M /voms/trunk/src/server/vomsd.cc M /voms/trunk/src/socklib/Makefile.am M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/sslutils/Makefile.am M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.am M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/sslutils/proxycertinfo.c M /voms/trunk/src/sslutils/sslutils.c M /voms/trunk/src/sslutils/sslutils.h M /voms/trunk/src/support/Makefile.in M /voms/trunk/src/utils/Makefile.am M /voms/trunk/src/utils/Makefile.in M /voms/trunk/src/utils/voms_proxy_info.cc M /voms/trunk/test/Makefile.in M /voms/trunk/test/tests/Makefile.in M /voms/trunk/test/utest/Makefile.in Merged releases 549:628 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/voms-1-7-series ------------------------------------------------------------------------ r587 | marotta | 2007-04-26 10:43:16 +0200 (Thu, 26 Apr 2007) | 1 line Changed paths: M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/api_util.h M /voms/trunk/src/server/vomsd.cc Fixed include files. ------------------------------------------------------------------------ r577 | marotta | 2007-04-18 13:47:37 +0200 (Wed, 18 Apr 2007) | 1 line Changed paths: M /voms/trunk/src/replica/voms_install_replica.in M /voms/trunk/src/utils/voms_proxy_info.cc First replica update. ------------------------------------------------------------------------ r557 | marotta | 2007-04-03 11:42:33 +0200 (Tue, 03 Apr 2007) | 1 line Changed paths: M /voms/trunk/src/include/Makefile.am M /voms/trunk/src/include/Makefile.in Redoing changes from the 554 commit. ------------------------------------------------------------------------ r556 | marotta | 2007-04-03 11:39:11 +0200 (Tue, 03 Apr 2007) | 1 line Changed paths: M /voms/trunk/Makefile.in M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/Makefile.in M /voms/trunk/project/acinclude.m4 M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/ac/attributes.h M /voms/trunk/src/ac/extensions.c M /voms/trunk/src/ac/extensions.h M /voms/trunk/src/ac/init.h M /voms/trunk/src/ac/write.h M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/api_util.h M /voms/trunk/src/api/ccapi/cinterface.cc M /voms/trunk/src/api/ccapi/cinterface.h M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/api/ccapi/voms_api.h M /voms/trunk/src/api/ccapi/voms_apic.h M /voms/trunk/src/api/ccapi/voms_apic_nog.h M /voms/trunk/src/api/java/Makefile.in M /voms/trunk/src/autogen/config.h.in M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/client/vomsclient.h M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/common/credentials.c M /voms/trunk/src/include/Client.h M /voms/trunk/src/include/Makefile.am M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/include/Server.h M /voms/trunk/src/include/acstack.h M /voms/trunk/src/include/credentials.h M /voms/trunk/src/include/errortype.h M /voms/trunk/src/include/format.h M /voms/trunk/src/include/getopts.h M /voms/trunk/src/include/gssapi_compat.h M /voms/trunk/src/include/init.h M /voms/trunk/src/include/listfunc.h M /voms/trunk/src/include/log.h M /voms/trunk/src/include/myproxycertinfo.h M /voms/trunk/src/include/newca.h M /voms/trunk/src/include/newformat.h M /voms/trunk/src/include/options.h M /voms/trunk/src/include/streamers.h M /voms/trunk/src/include/tokens.h M /voms/trunk/src/include/validate.h M /voms/trunk/src/include/xml.h M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.am M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/server/access_db_sql.cc M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/socklib/tokens.c M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/support/Makefile.in M /voms/trunk/src/utils/Makefile.in M /voms/trunk/test/Makefile.in M /voms/trunk/test/tests/Makefile.in M /voms/trunk/test/utest/Makefile.in Removed integration of mac branch. ------------------------------------------------------------------------ r554 | marotta | 2007-03-27 11:11:20 +0200 (Tue, 27 Mar 2007) | 1 line Changed paths: M /voms/trunk/src/include/Makefile.am M /voms/trunk/src/include/Makefile.in D /voms/trunk/src/include/sign.h D /voms/trunk/src/log/fns.c Removed unused files. ------------------------------------------------------------------------ r553 | marotta | 2007-03-27 10:28:02 +0200 (Tue, 27 Mar 2007) | 1 line Changed paths: M /voms/trunk/Makefile.in M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/Makefile.in M /voms/trunk/project/acinclude.m4 M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/ac/attributes.h M /voms/trunk/src/ac/extensions.c M /voms/trunk/src/ac/extensions.h M /voms/trunk/src/ac/init.h M /voms/trunk/src/ac/write.h M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/api_util.h M /voms/trunk/src/api/ccapi/cinterface.cc M /voms/trunk/src/api/ccapi/cinterface.h M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/api/ccapi/voms_api.h M /voms/trunk/src/api/ccapi/voms_apic.h M /voms/trunk/src/api/ccapi/voms_apic_nog.h M /voms/trunk/src/api/java/Makefile.in M /voms/trunk/src/autogen/config.h.in M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/client/vomsclient.h M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/common/credentials.c M /voms/trunk/src/include/Client.h M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/include/Server.h M /voms/trunk/src/include/acstack.h M /voms/trunk/src/include/credentials.h M /voms/trunk/src/include/errortype.h M /voms/trunk/src/include/format.h M /voms/trunk/src/include/getopts.h M /voms/trunk/src/include/gssapi_compat.h M /voms/trunk/src/include/init.h M /voms/trunk/src/include/listfunc.h M /voms/trunk/src/include/log.h M /voms/trunk/src/include/myproxycertinfo.h M /voms/trunk/src/include/newca.h M /voms/trunk/src/include/newformat.h M /voms/trunk/src/include/options.h M /voms/trunk/src/include/sign.h M /voms/trunk/src/include/streamers.h M /voms/trunk/src/include/tokens.h M /voms/trunk/src/include/validate.h M /voms/trunk/src/include/xml.h M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.am M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/server/access_db_sql.cc M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/socklib/tokens.c M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/support/Makefile.in M /voms/trunk/src/utils/Makefile.in M /voms/trunk/test/Makefile.in M /voms/trunk/test/tests/Makefile.in M /voms/trunk/test/utest/Makefile.in Merged releases 543:548 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/mac ------------------------------------------------------------------------ r552 | marotta | 2007-03-27 10:24:30 +0200 (Tue, 27 Mar 2007) | 1 line Changed paths: M /voms/trunk/src/include/log.h M /voms/trunk/src/log/Makefile.am M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/log/fns.c M /voms/trunk/src/log/fs.c M /voms/trunk/src/log/log.c M /voms/trunk/src/log/sl.c M /voms/trunk/src/server/VOMSServer.h M /voms/trunk/src/server/vomsd.cc Merged 442:456 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/logging ------------------------------------------------------------------------ r551 | marotta | 2007-03-27 10:20:01 +0200 (Tue, 27 Mar 2007) | 1 line Changed paths: M /voms/trunk/doc/voms.sgml M /voms/trunk/src/server/VOMSServer.h M /voms/trunk/src/server/attribute.cc M /voms/trunk/src/server/vomsd.cc Merged 470:472 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/shortfqans ------------------------------------------------------------------------ r550 | marotta | 2007-03-27 10:10:18 +0200 (Tue, 27 Mar 2007) | 1 line Changed paths: M /voms/trunk M /voms/trunk/Makefile.am M /voms/trunk/Makefile.in M /voms/trunk/aclocal.m4 M /voms/trunk/build.xml M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/Makefile.in M /voms/trunk/doc/voms-proxy-info.sgml M /voms/trunk/doc/voms.sgml M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/configure.properties.xml M /voms/trunk/project/ltmain.sh M /voms/trunk/project/version.properties M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/ac/init.c M /voms/trunk/src/ac/write.c M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/ccval.cc M /voms/trunk/src/api/ccapi/cinterface.cc M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/api/ccapi/voms_api.h M /voms/trunk/src/api/java/Makefile.am M /voms/trunk/src/api/java/Makefile.in A /voms/trunk/src/api/java/Manifest.add (from /voms/branches/voms-1-7-series/src/api/java/Manifest.add:549) A /voms/trunk/src/api/java/log4j.properties (from /voms/branches/voms-1-7-series/src/api/java/log4j.properties:549) M /voms/trunk/src/api/java/org/glite/security/voms/BasicVOMSTrustStore.java M /voms/trunk/src/api/java/org/glite/security/voms/LSCFile.java M /voms/trunk/src/api/java/org/glite/security/voms/PKIStore.java M /voms/trunk/src/api/java/org/glite/security/voms/PKIUtils.java M /voms/trunk/src/api/java/org/glite/security/voms/PKIVerifier.java M /voms/trunk/src/api/java/org/glite/security/voms/SigningPolicy.java M /voms/trunk/src/api/java/org/glite/security/voms/VOMSAttribute.java M /voms/trunk/src/api/java/org/glite/security/voms/VOMSValidator.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/ACCerts.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/ACGenerator.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/ACTarget.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/ACTargets.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/ACValidator.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/AttributeCertificate.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/AttributeCertificateInfo.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/AttributeHolder.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/FullAttributes.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/GenericAttribute.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/Holder.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/IetfAttrSyntax.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/Util.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/VOMSTrustStore.java A /voms/trunk/src/api/java/org/glite/security/voms/contact (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/MyProxyCertInfo.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/MyProxyCertInfo.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/PathNamingScheme.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/PathNamingScheme.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/Test.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/Test.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/UserCredentials.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/UserCredentials.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSDecoder.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSDecoder.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSESFileParser.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSESFileParser.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSErrorMessage.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSErrorMessage.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSException.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSException.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSParser.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSParser.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSProtocol.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSProtocol.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSProxyBuilder.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSProxyBuilder.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSProxyInit.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSProxyInit.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSRequestFactory.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSRequestFactory.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSRequestOptions.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSRequestOptions.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSResponse.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSResponse.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSServerInfo.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSServerInfo.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSServerMap.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSServerMap.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSSocket.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSSocket.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/VOMSSyntaxException.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/VOMSSyntaxException.java:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/cli (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/cli:549) R /voms/trunk/src/api/java/org/glite/security/voms/contact/cli/VomsProxyInitClient.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/contact/cli/VomsProxyInitClient.java:549) M /voms/trunk/src/autogen/config.h.in M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/client/main.cc M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/common/Makefile.am M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/common/xml.c M /voms/trunk/src/include/Makefile.am M /voms/trunk/src/include/Makefile.in A /voms/trunk/src/include/myproxycertinfo.h (from /voms/branches/voms-1-7-series/src/include/myproxycertinfo.h:549) D /voms/trunk/src/include/proxycertinfo.h M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/replica/voms_install_replica.in M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/server/VOMSServer.h M /voms/trunk/src/server/access_db_sql.cc M /voms/trunk/src/server/access_db_sql.h M /voms/trunk/src/server/vomsd.cc M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/sslutils/proxycertinfo.c M /voms/trunk/src/sslutils/sslutils.c M /voms/trunk/src/support/Makefile.in M /voms/trunk/src/utils/Makefile.in M /voms/trunk/src/utils/voms_proxy_info.cc M /voms/trunk/src/utils/vomsfake.cc M /voms/trunk/test/Makefile.in M /voms/trunk/test/tests/Makefile.in M /voms/trunk/test/utest/Makefile.in D /voms/trunk/test/utest/capi_cu_Main.cpp Merged releases 421:549 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/voms-1-7-series ------------------------------------------------------------------------ r422 | marotta | 2006-10-26 16:01:53 +0200 (Thu, 26 Oct 2006) | 1 line Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/version.properties M /voms/trunk/src/ac/validate.c M /voms/trunk/src/api/ccapi/ccval.cc M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/api/ccapi/voms_apic.h M /voms/trunk/src/api/java/org/glite/security/voms/VOMSValidator.java M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/server/vomsd.cc M /voms/trunk/src/socklib/Server.cpp M /voms/trunk/src/sslutils/oldgaa/Makefile.am M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/sslutils/oldgaa/globus_oldgaa_utils.c M /voms/trunk/src/sslutils/oldgaa/oldgaa_release.c M /voms/trunk/src/sslutils/oldgaa/oldgaa_utils.c Merged releases 403:421 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/voms-1-7-series ------------------------------------------------------------------------ r405 | valerio | 2006-09-19 16:51:47 +0200 (Tue, 19 Sep 2006) | 1 line Changed paths: M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/software.tex M /voms/trunk/doc/voms-proxy-info.sgml M /voms/trunk/doc/voms_install_db.sgml M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/project/version.properties M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/autogen/config.h.in M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/common/Makefile.am M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/common/options.cc D /voms/trunk/src/common/sign.cc M /voms/trunk/src/common/xml.c M /voms/trunk/src/install/voms.start.in M /voms/trunk/src/log/log.c M /voms/trunk/src/server/vomsd.cc M /voms/trunk/src/socklib/Client.cpp M /voms/trunk/src/socklib/Server.cpp M /voms/trunk/src/socklib/globuswrap.c M /voms/trunk/src/sslutils/sslutils.c M /voms/trunk/src/sslutils/sslutils.h M /voms/trunk/src/utils/voms_proxy_info.cc Merged revisions 375:403 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/voms-1-7-series ------------------------------------------------------------------------ r375 | valerio | 2006-08-30 09:47:39 +0200 (Wed, 30 Aug 2006) | 1 line Changed paths: M /voms/trunk/aclocal.m4 M /voms/trunk/build.xml M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/voms_install_replica.sgml M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/project/version.properties M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in D /voms/trunk/src/api/ccapi/jni-int.cc D /voms/trunk/src/api/ccapi/jni-int.h M /voms/trunk/src/api/java/Makefile.am M /voms/trunk/src/api/java/Makefile.in D /voms/trunk/src/api/java/org/glite/security/voms/Attribute.java D /voms/trunk/src/api/java/org/glite/security/voms/AttributeList.java M /voms/trunk/src/api/java/org/glite/security/voms/BasicVOMSTrustStore.java A /voms/trunk/src/api/java/org/glite/security/voms/LSCFile.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/LSCFile.java:374) A /voms/trunk/src/api/java/org/glite/security/voms/PKIStore.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/PKIStore.java:374) A /voms/trunk/src/api/java/org/glite/security/voms/PKIUtils.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/PKIUtils.java:374) A /voms/trunk/src/api/java/org/glite/security/voms/PKIVerifier.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/PKIVerifier.java:374) A /voms/trunk/src/api/java/org/glite/security/voms/SigningPolicy.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/SigningPolicy.java:374) M /voms/trunk/src/api/java/org/glite/security/voms/VOMSAttribute.java M /voms/trunk/src/api/java/org/glite/security/voms/VOMSValidator.java A /voms/trunk/src/api/java/org/glite/security/voms/ac/ACCerts.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/ac/ACCerts.java:374) M /voms/trunk/src/api/java/org/glite/security/voms/ac/ACGenerator.java A /voms/trunk/src/api/java/org/glite/security/voms/ac/ACTarget.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/ac/ACTarget.java:374) A /voms/trunk/src/api/java/org/glite/security/voms/ac/ACTargets.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/ac/ACTargets.java:374) M /voms/trunk/src/api/java/org/glite/security/voms/ac/ACTrustStore.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/ACValidator.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/AttributeCertificate.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/AttributeCertificateInfo.java A /voms/trunk/src/api/java/org/glite/security/voms/ac/AttributeHolder.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/ac/AttributeHolder.java:374) A /voms/trunk/src/api/java/org/glite/security/voms/ac/FullAttributes.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/ac/FullAttributes.java:374) A /voms/trunk/src/api/java/org/glite/security/voms/ac/GenericAttribute.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/ac/GenericAttribute.java:374) M /voms/trunk/src/api/java/org/glite/security/voms/ac/Holder.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/IetfAttrSyntax.java M /voms/trunk/src/api/java/org/glite/security/voms/ac/Util.java A /voms/trunk/src/api/java/org/glite/security/voms/ac/VOMSTrustStore.java (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/ac/VOMSTrustStore.java:374) D /voms/trunk/src/api/java/org/glite/security/voms/peers M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/common/sign.cc M /voms/trunk/src/include/replace.h M /voms/trunk/src/log/log.c M /voms/trunk/src/server/access_db_sql.cc M /voms/trunk/src/server/attribute.cc M /voms/trunk/src/server/attribute.h M /voms/trunk/src/server/vomsd.cc M /voms/trunk/src/utils/vomsfake.cc Merged revisions 307:317 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/voms-1-7-series ------------------------------------------------------------------------ r319 | valerio | 2006-06-23 10:09:06 +0200 (Fri, 23 Jun 2006) | 1 line Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/version.properties M /voms/trunk/src/server/access_db_sql.cc Merged revisions 307:317 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/voms-1-7-series ------------------------------------------------------------------------ r309 | marotta | 2006-06-16 11:39:33 +0200 (Fri, 16 Jun 2006) | 1 line Changed paths: M /voms/trunk/project/version.properties M /voms/trunk/src/ac/init.c M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/include/proxycertinfo.h M /voms/trunk/src/sslutils/proxycertinfo.c M /voms/trunk/src/sslutils/sslutils.c Merged revisions 296:307 of https://svn.forge.cnaf.infn.it/svn/voms/voms/branches/voms-1-7-series ------------------------------------------------------------------------ r303 | valerio | 2006-06-13 10:18:19 +0200 (Tue, 13 Jun 2006) | 1 line Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/src/server/access_db_sql.cc Corrected tables names in access_db_sql.cc and increased version. ------------------------------------------------------------------------ r297 | marotta | 2006-06-05 10:58:44 +0200 (Mon, 05 Jun 2006) | 1 line Changed paths: M /voms/trunk/AUTHORS M /voms/trunk/src/api/java/org/glite/security/voms/BasicVOMSTrustStore.java A /voms/trunk/src/api/java/org/glite/security/voms/LICENSE (from /voms/branches/voms-1-7-series/src/api/java/org/glite/security/voms/LICENSE:296) Merged revision 291:296 of voms-1-7-series ------------------------------------------------------------------------ r291 | marotta | 2006-05-19 12:23:21 +0200 (Fri, 19 May 2006) | 1 line Changed paths: M /voms/trunk/src/api/java/Makefile.am M /voms/trunk/src/api/java/Makefile.in Further EGEE fixes to compilation. ------------------------------------------------------------------------ r290 | marotta | 2006-05-19 11:39:42 +0200 (Fri, 19 May 2006) | 1 line Changed paths: M /voms/trunk/configure M /voms/trunk/project/acinclude.m4 Fixed bug in --enable-java configure option. ------------------------------------------------------------------------ r284 | marotta | 2006-05-18 17:11:21 +0200 (Thu, 18 May 2006) | 1 line Changed paths: M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in Furter further fixes for EGEE buildsystem. ------------------------------------------------------------------------ r283 | marotta | 2006-05-18 17:05:02 +0200 (Thu, 18 May 2006) | 1 line Changed paths: M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in Furter further fixes for EGEE buildsystem. ------------------------------------------------------------------------ r282 | marotta | 2006-05-18 16:51:21 +0200 (Thu, 18 May 2006) | 1 line Changed paths: M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in Further fixes for EGEE buildsystem. ------------------------------------------------------------------------ r281 | marotta | 2006-05-18 16:32:09 +0200 (Thu, 18 May 2006) | 1 line Changed paths: M /voms/trunk/configure M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/configure.properties.xml Several fixes for EGEE buildsystem. ------------------------------------------------------------------------ r280 | marotta | 2006-05-18 16:08:35 +0200 (Thu, 18 May 2006) | 1 line Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/version.properties Bumped version number. ------------------------------------------------------------------------ r279 | marotta | 2006-05-18 15:30:24 +0200 (Thu, 18 May 2006) | 1 line Changed paths: M /voms/trunk/configure M /voms/trunk/project/acinclude.m4 Fixed problem with --with-bc and --with-log4j configure options. ------------------------------------------------------------------------ r278 | marotta | 2006-05-18 15:25:04 +0200 (Thu, 18 May 2006) | 1 line Changed paths: M /voms/trunk/src/api/java/Makefile.am M /voms/trunk/src/api/java/Makefile.in Corrected sourcepath in java compilation. ------------------------------------------------------------------------ r277 | valerio | 2006-05-18 11:02:44 +0200 (Thu, 18 May 2006) | 1 line Changed paths: M /voms/trunk/src/server/access_db_sql.cc Added role to qualifier string in generic attributes; ------------------------------------------------------------------------ r276 | marotta | 2006-05-18 10:55:02 +0200 (Thu, 18 May 2006) | 1 line Changed paths: A /voms/trunk/doc/RELEASE-NOTES.1-7-0 Updated release notes. ------------------------------------------------------------------------ r275 | marotta | 2006-05-17 17:42:55 +0200 (Wed, 17 May 2006) | 1 line Changed paths: M /voms/trunk/src/ac/extensions.c M /voms/trunk/src/ac/write.c Eliminate further sk_dup() problems. ------------------------------------------------------------------------ r274 | valerio | 2006-05-17 16:25:22 +0200 (Wed, 17 May 2006) | 1 line Changed paths: M /voms/trunk/src/ac/extensions.c M /voms/trunk/src/ac/write.c Temptative fix for sk_ASN1_dup problem. ------------------------------------------------------------------------ r273 | marotta | 2006-05-16 17:23:07 +0200 (Tue, 16 May 2006) | 1 line Changed paths: M /voms/trunk/src/ac/validate.c M /voms/trunk/src/ac/write.c M /voms/trunk/src/common/xml.c M /voms/trunk/src/log/log.c M /voms/trunk/src/server/access_db_sql.cc M /voms/trunk/src/server/vomsd.cc Fixes for compilation under RH 7 ------------------------------------------------------------------------ r272 | marotta | 2006-05-16 16:23:11 +0200 (Tue, 16 May 2006) | 1 line Changed paths: A /voms/trunk/src/api/ccapi/realdata.h Forgotten file from 271 revision. ------------------------------------------------------------------------ r271 | marotta | 2006-05-16 16:22:27 +0200 (Tue, 16 May 2006) | 1 line Changed paths: M /voms/trunk/src/ac/attributes.c M /voms/trunk/src/ac/extensions.c M /voms/trunk/src/ac/validate.c M /voms/trunk/src/ac/write.c M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/ccval.cc M /voms/trunk/src/api/ccapi/cinterface.cc M /voms/trunk/src/api/ccapi/jni-int.cc M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/api/ccapi/voms_api.h M /voms/trunk/src/utils/voms_proxy_info.cc Fixed incompatibility with old libraries and executables. ------------------------------------------------------------------------ r270 | marotta | 2006-05-12 18:58:02 +0200 (Fri, 12 May 2006) | 1 line Changed paths: M /voms/trunk/src/ac/acerrors.h M /voms/trunk/src/ac/error.c M /voms/trunk/src/ac/extensions.c M /voms/trunk/src/ac/newformat.c M /voms/trunk/src/ac/validate.c M /voms/trunk/src/ac/write.c M /voms/trunk/src/api/ccapi/jni-int.cc moved attributes to extension. ------------------------------------------------------------------------ r269 | marotta | 2006-05-12 09:54:25 +0200 (Fri, 12 May 2006) | 1 line Changed paths: M /voms/trunk/src/api/ccapi/jni-int.cc M /voms/trunk/src/api/java/org/glite/security/voms/VOMSValidator.java Removed debugging output. ------------------------------------------------------------------------ r268 | marotta | 2006-05-11 18:02:25 +0200 (Thu, 11 May 2006) | 1 line Changed paths: M /voms/trunk/Makefile.in M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/Makefile.in M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/api/java/Makefile.am M /voms/trunk/src/api/java/Makefile.in M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/server/access_db_sql.cc M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/support/Makefile.in M /voms/trunk/src/utils/Makefile.in M /voms/trunk/test/Makefile.in M /voms/trunk/test/tests/Makefile.in M /voms/trunk/test/utest/Makefile.in Optional java + oracle fixes. ------------------------------------------------------------------------ r267 | marotta | 2006-05-10 18:15:22 +0200 (Wed, 10 May 2006) | 1 line Changed paths: M /voms/trunk/Makefile.in M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/Makefile.in M /voms/trunk/project/acinclude.m4 M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/ac/validate.c M /voms/trunk/src/api/Makefile.am M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/api/java/Makefile.am M /voms/trunk/src/api/java/Makefile.in M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/support/Makefile.in M /voms/trunk/src/utils/Makefile.in M /voms/trunk/test/Makefile.in M /voms/trunk/test/tests/Makefile.in M /voms/trunk/test/utest/Makefile.in optional java + corrected memory corruption in src/ac/validate.c ------------------------------------------------------------------------ r266 | marotta | 2006-05-10 14:23:06 +0200 (Wed, 10 May 2006) | 1 line Changed paths: M /voms/trunk/src/client/vomsclient.cc Fix for #16576 ------------------------------------------------------------------------ r265 | marotta | 2006-05-10 12:55:50 +0200 (Wed, 10 May 2006) | 1 line Changed paths: M /voms/trunk/src/client/vomsclient.cc Fix for bug #15436 ------------------------------------------------------------------------ r264 | marotta | 2006-05-10 12:35:54 +0200 (Wed, 10 May 2006) | 1 line Changed paths: M /voms/trunk/project/version.properties M /voms/trunk/src/sslutils/oldgaa/Makefile.am M /voms/trunk/src/sslutils/oldgaa/Makefile.in Merged releases 242:263 of branch_1_6_20_and_above ------------------------------------------------------------------------ r263 | marotta | 2006-05-10 10:49:55 +0200 (Wed, 10 May 2006) | 1 line Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/autogen/config.h.in Fix for bug #15572 ------------------------------------------------------------------------ r262 | marotta | 2006-05-09 18:41:36 +0200 (Tue, 09 May 2006) | 1 line Changed paths: A /voms/trunk/src/api/java/org/glite/security/voms/Attribute.java A /voms/trunk/src/api/java/org/glite/security/voms/AttributeList.java A /voms/trunk/src/api/java/org/glite/security/voms/peers/AttributeListPeer.java A /voms/trunk/src/api/java/org/glite/security/voms/peers/AttributePeer.java Forgot to add these files for the previous update. ------------------------------------------------------------------------ r261 | marotta | 2006-05-09 18:38:13 +0200 (Tue, 09 May 2006) | 5 lines Changed paths: M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/src/api/ccapi/jni-int.cc M /voms/trunk/src/api/ccapi/jni-int.h M /voms/trunk/src/api/java/Makefile.am M /voms/trunk/src/api/java/Makefile.in M /voms/trunk/src/api/java/org/glite/security/voms/VOMSAttribute.java M /voms/trunk/src/api/java/org/glite/security/voms/peers/VomsPeer.java M /voms/trunk/src/server/access_db_sql.cc M /voms/trunk/src/server/access_db_sql.h M /voms/trunk/src/server/vomsd.cc Added support for attribute to Java API. Created get_all_attributes() and get_role_attributes(). Corrected UID/USERID in CA name bug. ------------------------------------------------------------------------ r260 | marotta | 2006-05-09 15:44:00 +0200 (Tue, 09 May 2006) | 1 line Changed paths: M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/src/api/ccapi/ccval.cc M /voms/trunk/src/server/access_db_sql.cc M /voms/trunk/src/server/vomsd.cc Interim pre-release. ------------------------------------------------------------------------ r259 | marotta | 2006-05-09 10:09:31 +0200 (Tue, 09 May 2006) | 1 line Changed paths: M /voms/trunk/doc/Makefile.am M /voms/trunk/doc/Makefile.in M /voms/trunk/src/ac/Makefile.am M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/ac/acerrors.h A /voms/trunk/src/ac/attributes.c (from /voms/branches/generic_attributes/src/ac/attributes.c:256) A /voms/trunk/src/ac/attributes.h (from /voms/branches/generic_attributes/src/ac/attributes.h:256) M /voms/trunk/src/ac/create.cc M /voms/trunk/src/ac/extensions.c M /voms/trunk/src/ac/init.c M /voms/trunk/src/ac/newformat.c M /voms/trunk/src/ac/validate.c M /voms/trunk/src/ac/write.c M /voms/trunk/src/ac/write.h M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/ccval.cc M /voms/trunk/src/api/ccapi/cinterface.cc M /voms/trunk/src/api/ccapi/cinterface.h M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/api/ccapi/voms_api.h M /voms/trunk/src/api/ccapi/voms_apic.h M /voms/trunk/src/common/xml.c M /voms/trunk/src/common/xmlcc.cc M /voms/trunk/src/include/ccwrite.h M /voms/trunk/src/include/newformat.h M /voms/trunk/src/include/validate.h M /voms/trunk/src/log/fs.c M /voms/trunk/src/log/log.c M /voms/trunk/src/server/access_db_sql.cc M /voms/trunk/src/server/access_db_sql.h M /voms/trunk/src/server/attribute.cc M /voms/trunk/src/server/attribute.h M /voms/trunk/src/server/vomsd.cc M /voms/trunk/src/utils/voms_proxy_info.cc M /voms/trunk/src/utils/vomsfake.cc Merged revisions 227:256 of generic_attributes branch. ------------------------------------------------------------------------ r258 | marotta | 2006-05-09 10:00:09 +0200 (Tue, 09 May 2006) | 1 line Changed paths: M /voms/trunk/Makefile.in M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/Makefile.in M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.am M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/ac/extensions.c M /voms/trunk/src/api/Makefile.am M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/api_util.h M /voms/trunk/src/api/ccapi/cinterface.cc M /voms/trunk/src/api/ccapi/cinterface.h A /voms/trunk/src/api/ccapi/jni-int.cc (from /voms/branches/java_api_integration/src/api/ccapi/jni-int.cc:250) A /voms/trunk/src/api/ccapi/jni-int.h (from /voms/branches/java_api_integration/src/api/ccapi/jni-int.h:250) M /voms/trunk/src/api/ccapi/test.cc M /voms/trunk/src/api/ccapi/voms_api.cc M /voms/trunk/src/api/ccapi/voms_api.h A /voms/trunk/src/api/ccapi/voms_api_nog.h (from /voms/branches/java_api_integration/src/api/ccapi/voms_api_nog.h:250) M /voms/trunk/src/api/ccapi/voms_apic.h A /voms/trunk/src/api/ccapi/voms_apic_nog.h (from /voms/branches/java_api_integration/src/api/ccapi/voms_apic_nog.h:250) A /voms/trunk/src/api/java (from /voms/branches/java_api_integration/src/api/java:250) R /voms/trunk/src/api/java/Makefile.am (from /voms/branches/java_api_integration/src/api/java/Makefile.am:250) R /voms/trunk/src/api/java/Makefile.in (from /voms/branches/java_api_integration/src/api/java/Makefile.in:250) R /voms/trunk/src/api/java/org (from /voms/branches/java_api_integration/src/api/java/org:250) R /voms/trunk/src/api/java/org/glite (from /voms/branches/java_api_integration/src/api/java/org/glite:250) R /voms/trunk/src/api/java/org/glite/security (from /voms/branches/java_api_integration/src/api/java/org/glite/security:250) R /voms/trunk/src/api/java/org/glite/security/voms (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms:250) R /voms/trunk/src/api/java/org/glite/security/voms/BasicVOMSTrustStore.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/BasicVOMSTrustStore.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/FQAN.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/FQAN.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/VOMSAttribute.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/VOMSAttribute.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/VOMSValidator.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/VOMSValidator.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/ac (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/ac:250) R /voms/trunk/src/api/java/org/glite/security/voms/ac/ACGenerator.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/ac/ACGenerator.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/ac/ACTrustStore.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/ac/ACTrustStore.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/ac/ACValidator.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/ac/ACValidator.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/ac/AttCertIssuer.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/ac/AttCertIssuer.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/ac/AttributeCertificate.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/ac/AttributeCertificate.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/ac/AttributeCertificateInfo.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/ac/AttributeCertificateInfo.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/ac/Holder.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/ac/Holder.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/ac/IetfAttrSyntax.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/ac/IetfAttrSyntax.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/ac/ObjectDigestInfo.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/ac/ObjectDigestInfo.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/ac/Util.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/ac/Util.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/ac/V2Form.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/ac/V2Form.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/peers (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/peers:250) R /voms/trunk/src/api/java/org/glite/security/voms/peers/ContactDataPeer.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/peers/ContactDataPeer.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/peers/DataPeer.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/peers/DataPeer.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/peers/VomsPeer.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/peers/VomsPeer.java:250) R /voms/trunk/src/api/java/org/glite/security/voms/peers/VomsdataPeer.java (from /voms/branches/java_api_integration/src/api/java/org/glite/security/voms/peers/VomsdataPeer.java:250) M /voms/trunk/src/autogen/config.h.in M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/common/Makefile.am M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/common/credentials.c M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/include/credentials.h M /voms/trunk/src/include/replace.h M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/sslutils/Makefile.am M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.am M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/support/Makefile.in M /voms/trunk/src/utils/Makefile.in M /voms/trunk/test/Makefile.in M /voms/trunk/test/tests/Makefile.in M /voms/trunk/test/utest/Makefile.in merged revisions 235:250 of java_api_integration branch. ------------------------------------------------------------------------ r257 | marotta | 2006-05-09 09:54:17 +0200 (Tue, 09 May 2006) | 1 line Changed paths: M /voms/trunk/doc/software.tex M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/voms_api.h merged revisions 202:254 of the certs_in_ac branch ------------------------------------------------------------------------ r243 | valerio | 2006-04-11 12:41:12 +0200 (Tue, 11 Apr 2006) | 1 line Changed paths: M /voms/trunk/project/acinclude.m4 M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/api/ccapi/ccval.cc M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/install/voms.start.in M /voms/trunk/src/server/vomsd.cc Merged revision 207:242 of branch_1_6_20_and_above. ------------------------------------------------------------------------ r241 | valerio | 2006-04-07 13:26:24 +0200 (Fri, 07 Apr 2006) | 1 line Changed paths: M /voms/trunk/src/client/Makefile.am M /voms/trunk/src/client/Makefile.in A /voms/trunk/src/client/contact.hpp (from /voms/branches/multiple_roles/src/client/contact.hpp:240) M /voms/trunk/src/client/fqan.cc M /voms/trunk/src/client/fqan.h M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/common/xml.c M /voms/trunk/src/common/xmlcc.cc M /voms/trunk/src/include/vomsxml.h M /voms/trunk/src/include/xml.h M /voms/trunk/src/server/attribute.cc M /voms/trunk/src/server/attribute.h M /voms/trunk/src/server/vomsd.cc Merged revision 199:240 of multiple_roles branch. ------------------------------------------------------------------------ r225 | valerio | 2006-03-27 16:22:28 +0200 (Mon, 27 Mar 2006) | 1 line Changed paths: M /voms/trunk/src/api/ccapi/cinterface.cc Corrected VOMS_FindBYVO call. ------------------------------------------------------------------------ r203 | marotta | 2006-03-02 10:57:42 +0100 (Thu, 02 Mar 2006) | 1 line Changed paths: M /voms/trunk/.cvsignore M /voms/trunk/Makefile.am M /voms/trunk/Makefile.in M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/doc/software.tex M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/src/ac/acerrors.h M /voms/trunk/src/ac/create.cc M /voms/trunk/src/ac/extensions.c M /voms/trunk/src/ac/init.c M /voms/trunk/src/ac/mystack.c M /voms/trunk/src/ac/write.c M /voms/trunk/src/ac/write.h M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/ccval.cc M /voms/trunk/src/api/ccapi/voms_api.h M /voms/trunk/src/include/Server.h M /voms/trunk/src/include/ccwrite.h M /voms/trunk/src/include/newformat.h M /voms/trunk/src/server/vomsd.cc M /voms/trunk/src/socklib/Server.cpp M /voms/trunk/src/utils/vomsfake.cc Merged revisions 196:202 of the certs_in_ac branch. ------------------------------------------------------------------------ r187 | vventuri | 2006-02-23 16:20:08 +0100 (Thu, 23 Feb 2006) | 2 lines Changed paths: M /voms/trunk/src/client/vomsclient.cc Corrected check for certificate permissions ------------------------------------------------------------------------ r183 | vventuri | 2006-02-20 11:53:53 +0100 (Mon, 20 Feb 2006) | 2 lines Changed paths: M /voms/trunk/src/install/voms.start.in Kill middleman process. ------------------------------------------------------------------------ r182 | vventuri | 2006-02-20 11:36:35 +0100 (Mon, 20 Feb 2006) | 2 lines Changed paths: M /voms/trunk/src/install/voms.start.in Kill middleman process. ------------------------------------------------------------------------ r181 | vventuri | 2006-02-16 16:59:25 +0100 (Thu, 16 Feb 2006) | 2 lines Changed paths: M /voms/trunk/src/client/vomsclient.cc Added check for correct permissions of cert and key. ------------------------------------------------------------------------ r179 | marotta | 2006-02-08 10:49:13 +0100 (Wed, 08 Feb 2006) | 2 lines Changed paths: M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/project/version.properties cleared various messages. ------------------------------------------------------------------------ r178 | marotta | 2006-02-08 10:45:13 +0100 (Wed, 08 Feb 2006) | 2 lines Changed paths: M /voms/trunk/src/install/voms.start.in correctly killing middleman ------------------------------------------------------------------------ r176 | vventuri | 2006-02-01 14:40:47 +0100 (Wed, 01 Feb 2006) | 2 lines Changed paths: M /voms/trunk/src/server/vomsd.cc M /voms/trunk/src/socklib/Server.cpp Error messages corrected. ------------------------------------------------------------------------ r175 | vventuri | 2006-01-31 11:54:15 +0100 (Tue, 31 Jan 2006) | 2 lines Changed paths: M /voms/trunk/doc/voms-proxy-init.sgml M /voms/trunk/doc/voms-proxy-list.sgml Changed description of noregen option. ------------------------------------------------------------------------ r174 | vventuri | 2006-01-31 11:40:16 +0100 (Tue, 31 Jan 2006) | 2 lines Changed paths: M /voms/trunk/src/client/vomsclient.cc Check of expiry date before connecting to the server. ------------------------------------------------------------------------ r172 | vventuri | 2006-01-31 09:58:49 +0100 (Tue, 31 Jan 2006) | 2 lines Changed paths: M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/project/version.properties Increased revision number. ------------------------------------------------------------------------ r171 | vventuri | 2006-01-30 17:46:21 +0100 (Mon, 30 Jan 2006) | 2 lines Changed paths: M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in Wrong linking for libvomsc. ------------------------------------------------------------------------ r170 | vventuri | 2006-01-30 15:57:43 +0100 (Mon, 30 Jan 2006) | 2 lines Changed paths: M /voms/trunk/doc/Makefile.am M /voms/trunk/doc/Makefile.in M /voms/trunk/doc/c++api.tex M /voms/trunk/doc/capi.tex D /voms/trunk/doc/edg-voms-proxy-destroy.sgml D /voms/trunk/doc/edg-voms-proxy-fake.sgml D /voms/trunk/doc/edg-voms-proxy-info.sgml D /voms/trunk/doc/edg-voms-proxy-init.sgml D /voms/trunk/doc/edg-voms-proxy-list.sgml D /voms/trunk/doc/edg-voms.sgml M /voms/trunk/doc/software.tex M /voms/trunk/doc/testvoms.sgml A /voms/trunk/doc/voms-proxy-destroy.sgml A /voms/trunk/doc/voms-proxy-fake.sgml A /voms/trunk/doc/voms-proxy-info.sgml A /voms/trunk/doc/voms-proxy-init.sgml A /voms/trunk/doc/voms-proxy-list.sgml A /voms/trunk/doc/voms.sgml M /voms/trunk/doc/voms_install_db.sgml M /voms/trunk/doc/voms_install_replica.sgml Removed references to edg. ------------------------------------------------------------------------ r169 | marotta | 2006-01-30 14:29:35 +0100 (Mon, 30 Jan 2006) | 2 lines Changed paths: M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/project/version.properties Reinstated correct version. ------------------------------------------------------------------------ r167 | marotta | 2006-01-30 11:46:56 +0100 (Mon, 30 Jan 2006) | 2 lines Changed paths: M /voms/trunk/configure.ac M /voms/trunk/project/version.properties Adjusting version number to testversion ------------------------------------------------------------------------ r165 | vventuri | 2006-01-30 10:18:28 +0100 (Mon, 30 Jan 2006) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/version.properties Increased revision number. ------------------------------------------------------------------------ r164 | vventuri | 2006-01-30 09:52:27 +0100 (Mon, 30 Jan 2006) | 2 lines Changed paths: M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in globus flavors for AC libraries. ------------------------------------------------------------------------ r163 | vventuri | 2006-01-30 09:30:14 +0100 (Mon, 30 Jan 2006) | 2 lines Changed paths: M /voms/trunk/Makefile.in M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/doc/Makefile.in M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.am M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/support/Makefile.in M /voms/trunk/src/utils/Makefile.in M /voms/trunk/test/Makefile.in M /voms/trunk/test/tests/Makefile.in M /voms/trunk/test/utest/Makefile.in globus flavors for AC libraries. ------------------------------------------------------------------------ r161 | vventuri | 2006-01-27 16:12:02 +0100 (Fri, 27 Jan 2006) | 2 lines Changed paths: M /voms/trunk/project/version.properties Increased revision number. ------------------------------------------------------------------------ r160 | vventuri | 2006-01-27 16:00:05 +0100 (Fri, 27 Jan 2006) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac Increased revision number. ------------------------------------------------------------------------ r159 | vventuri | 2006-01-27 15:51:22 +0100 (Fri, 27 Jan 2006) | 2 lines Changed paths: M /voms/trunk/src/socklib/Makefile.am M /voms/trunk/src/socklib/Makefile.in Forgotten ia64 flavors. ------------------------------------------------------------------------ r155 | marotta | 2006-01-25 11:24:41 +0100 (Wed, 25 Jan 2006) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/version.properties merging latest commits. ------------------------------------------------------------------------ r154 | vventuri | 2006-01-25 11:20:17 +0100 (Wed, 25 Jan 2006) | 2 lines Changed paths: M /voms/trunk/src/client/vomsclient.cc Minor changes. ------------------------------------------------------------------------ r153 | vventuri | 2006-01-25 11:01:41 +0100 (Wed, 25 Jan 2006) | 2 lines Changed paths: M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/client/vomsclient.h Corrected to allow h:m format for voms-proxy-init. ------------------------------------------------------------------------ r152 | vventuri | 2006-01-25 11:00:24 +0100 (Wed, 25 Jan 2006) | 2 lines Changed paths: M /voms/trunk/src/sslutils/sslutils.c Corrected proxy_sing to allow creation of 0 seconds proxies. ------------------------------------------------------------------------ r150 | marotta | 2006-01-24 16:06:20 +0100 (Tue, 24 Jan 2006) | 2 lines Changed paths: M /voms/trunk/src/ac/validate.c Fixed wrong declaration. ------------------------------------------------------------------------ r148 | marotta | 2006-01-24 14:39:14 +0100 (Tue, 24 Jan 2006) | 2 lines Changed paths: M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/src/sslutils/Makefile.am M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.am M /voms/trunk/src/sslutils/oldgaa/Makefile.in Build fixes for 64 bits. ------------------------------------------------------------------------ r147 | marotta | 2006-01-24 14:13:15 +0100 (Tue, 24 Jan 2006) | 2 lines Changed paths: M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/src/ac/validate.c M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/client/vomsclient.cc M /voms/trunk/src/client/vomsclient.h M /voms/trunk/src/install/voms_install_db.in M /voms/trunk/src/socklib/Client.cpp M /voms/trunk/src/socklib/Server.cpp M /voms/trunk/src/sslutils/sslutils.c M /voms/trunk/test/setup_env.sh Fixed memory leaks. ------------------------------------------------------------------------ r146 | vventuri | 2006-01-20 17:20:19 +0100 (Fri, 20 Jan 2006) | 2 lines Changed paths: A /voms/trunk/doc/RELEASE-NOTES.1-6-15 Added release notes. ------------------------------------------------------------------------ r141 | vventuri | 2005-12-23 14:58:33 +0100 (Fri, 23 Dec 2005) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/version.properties Increased version. ------------------------------------------------------------------------ r140 | marotta | 2005-12-23 10:27:47 +0100 (Fri, 23 Dec 2005) | 2 lines Changed paths: M /voms/trunk/src/install/voms_install_db.in Corrected return values. ------------------------------------------------------------------------ r137 | marotta | 2005-12-22 17:20:48 +0100 (Thu, 22 Dec 2005) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/project/acinclude.m4 trying autodetect fix (try 2). ------------------------------------------------------------------------ r134 | marotta | 2005-12-22 17:03:32 +0100 (Thu, 22 Dec 2005) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/project/acinclude.m4 trying autodetect fix. ------------------------------------------------------------------------ r131 | marotta | 2005-12-21 18:41:13 +0100 (Wed, 21 Dec 2005) | 2 lines Changed paths: M /voms/trunk/Makefile.am M /voms/trunk/Makefile.in M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/Makefile.am M /voms/trunk/doc/Makefile.in M /voms/trunk/project/acinclude.m4 M /voms/trunk/src/Makefile.am M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.am M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/autogen/config.h.in M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/include/Makefile.am M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/install/Makefile.am M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.am M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/support/Makefile.in M /voms/trunk/src/utils/Makefile.in M /voms/trunk/test/Makefile.am M /voms/trunk/test/Makefile.in M /voms/trunk/test/setup_env.sh A /voms/trunk/test/tests/Makefile.am A /voms/trunk/test/tests/Makefile.in M /voms/trunk/test/utest/Makefile.in build fixes for 'make dist' and doc generation. ------------------------------------------------------------------------ r129 | marotta | 2005-12-20 19:52:47 +0100 (Tue, 20 Dec 2005) | 2 lines Changed paths: M /voms/trunk/src/ac/test.c M /voms/trunk/src/ac/validate.c M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/voms_api.cc Removing unused calls. ------------------------------------------------------------------------ r128 | marotta | 2005-12-20 12:31:56 +0100 (Tue, 20 Dec 2005) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/acinclude.m4 M /voms/trunk/project/version.properties M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in Build updates. ------------------------------------------------------------------------ r127 | marotta | 2005-12-19 19:23:18 +0100 (Mon, 19 Dec 2005) | 2 lines Changed paths: M /voms/trunk/Makefile.in M /voms/trunk/configure M /voms/trunk/doc/Makefile.in M /voms/trunk/project/acinclude.m4 M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/support/Makefile.in M /voms/trunk/src/utils/Makefile.in M /voms/trunk/test/Makefile.in M /voms/trunk/test/utest/Makefile.in support for gcc63 flavors. ------------------------------------------------------------------------ r126 | marotta | 2005-12-19 11:32:37 +0100 (Mon, 19 Dec 2005) | 2 lines Changed paths: M /voms/trunk/src/api/ccapi/cinterface.cc M /voms/trunk/src/api/ccapi/voms_api.cc Fixing memory leaks. ------------------------------------------------------------------------ r124 | marotta | 2005-12-19 10:21:40 +0100 (Mon, 19 Dec 2005) | 2 lines Changed paths: M /voms/trunk/Makefile.in M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/doc/Makefile.in M /voms/trunk/project/build.number M /voms/trunk/project/config.guess M /voms/trunk/project/config.sub M /voms/trunk/project/ltmain.sh M /voms/trunk/project/version.properties M /voms/trunk/src/Makefile.in M /voms/trunk/src/ac/Makefile.in M /voms/trunk/src/api/Makefile.in M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/client/Makefile.in M /voms/trunk/src/common/Makefile.in M /voms/trunk/src/common/options.cc M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/install/Makefile.in M /voms/trunk/src/log/Makefile.in M /voms/trunk/src/replib/Makefile.in M /voms/trunk/src/replica/Makefile.in M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/socklib/Makefile.am M /voms/trunk/src/socklib/Makefile.in M /voms/trunk/src/sslutils/Makefile.am M /voms/trunk/src/sslutils/Makefile.in M /voms/trunk/src/sslutils/oldgaa/Makefile.am M /voms/trunk/src/sslutils/oldgaa/Makefile.in M /voms/trunk/src/support/Makefile.in M /voms/trunk/src/utils/Makefile.in M /voms/trunk/test/Makefile.in M /voms/trunk/test/utest/Makefile.in updates for 1.6.13 ------------------------------------------------------------------------ r123 | vventuri | 2005-12-14 19:11:13 +0100 (Wed, 14 Dec 2005) | 2 lines Changed paths: M /voms/trunk/src/install/voms_install_db.in Corrected default location. ------------------------------------------------------------------------ r122 | vventuri | 2005-12-14 19:07:57 +0100 (Wed, 14 Dec 2005) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/version.properties Increased version. ------------------------------------------------------------------------ r121 | vventuri | 2005-12-14 14:33:06 +0100 (Wed, 14 Dec 2005) | 2 lines Changed paths: M /voms/trunk/project/version.properties Initial version set. ------------------------------------------------------------------------ r120 | vventuri | 2005-12-14 14:30:51 +0100 (Wed, 14 Dec 2005) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/build.number M /voms/trunk/project/version.properties Initial version set. ------------------------------------------------------------------------ r119 | vventuri | 2005-12-14 13:10:29 +0100 (Wed, 14 Dec 2005) | 2 lines Changed paths: M /voms/trunk/src/include/Makefile.in Relocation of header files according to glite standard. ------------------------------------------------------------------------ r118 | vventuri | 2005-12-14 13:10:29 +0100 (Wed, 14 Dec 2005) | 2 lines Changed paths: M /voms/trunk/src/api/ccapi/Makefile.am M /voms/trunk/src/api/ccapi/Makefile.in M /voms/trunk/src/include/Makefile.am M /voms/trunk/src/include/Makefile.in M /voms/trunk/src/install/Makefile.am M /voms/trunk/src/install/Makefile.in Relocation of header files according to glite standard. ------------------------------------------------------------------------ r117 | vventuri | 2005-12-12 14:59:57 +0100 (Mon, 12 Dec 2005) | 2 lines Changed paths: M /voms/trunk/src/client/vomsclient.cc Minor changes. ------------------------------------------------------------------------ r116 | vventuri | 2005-12-12 14:59:22 +0100 (Mon, 12 Dec 2005) | 2 lines Changed paths: M /voms/trunk/src/include/errortype.h M /voms/trunk/src/server/Makefile.am M /voms/trunk/src/server/Makefile.in M /voms/trunk/src/server/VOMSServer.h M /voms/trunk/src/server/vomsd.cc Added check for AC already in the user certificate. ------------------------------------------------------------------------ r115 | vventuri | 2005-12-12 14:56:00 +0100 (Mon, 12 Dec 2005) | 2 lines Changed paths: M /voms/trunk/src/api/ccapi/api_util.cc M /voms/trunk/src/api/ccapi/voms_api.h Added possibility to deeply scan the chain for AC. ------------------------------------------------------------------------ r114 | vventuri | 2005-12-12 14:54:44 +0100 (Mon, 12 Dec 2005) | 2 lines Changed paths: M /voms/trunk/src/include/Server.h M /voms/trunk/src/socklib/Server.cpp Added method to return the context. ------------------------------------------------------------------------ r113 | vventuri | 2005-12-12 14:53:01 +0100 (Mon, 12 Dec 2005) | 2 lines Changed paths: M /voms/trunk/src/server/attribute.cc M /voms/trunk/src/server/attribute.h Added method to output the attrib as a std::string. ------------------------------------------------------------------------ r112 | vventuri | 2005-12-05 10:38:17 +0100 (Mon, 05 Dec 2005) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/project/acinclude.m4 Corrected tests for EVP_MD_CTX functions. ------------------------------------------------------------------------ r111 | vventuri | 2005-12-01 11:45:13 +0100 (Thu, 01 Dec 2005) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/project/acinclude.m4 Corrected check for EVP_MD_CTX functions. ------------------------------------------------------------------------ r110 | vventuri | 2005-12-01 11:00:07 +0100 (Thu, 01 Dec 2005) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/project/acinclude.m4 Corrected check for EVP_MD_CTX functions. ------------------------------------------------------------------------ r109 | vventuri | 2005-11-30 16:29:14 +0100 (Wed, 30 Nov 2005) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/project/acinclude.m4 Removed AC_MSG_RESULT. ------------------------------------------------------------------------ r108 | vventuri | 2005-11-30 15:20:59 +0100 (Wed, 30 Nov 2005) | 2 lines Changed paths: D /voms/trunk/src/include/config.h.in Moved to src/autogen. ------------------------------------------------------------------------ r107 | vventuri | 2005-11-30 15:05:51 +0100 (Wed, 30 Nov 2005) | 2 lines Changed paths: M /voms/trunk/configure M /voms/trunk/project/acinclude.m4 Coorected check from std::string dependency on std::cerr. ------------------------------------------------------------------------ r106 | vventuri | 2005-11-30 13:44:49 +0100 (Wed, 30 Nov 2005) | 2 lines Changed paths: M /voms/trunk/aclocal.m4 M /voms/trunk/configure M /voms/trunk/configure.ac M /voms/trunk/project/acinclude.m4 M /voms/trunk/src/autogen/config.h.in Checks forgotten. ------------------------------------------------------------------------ r105 | vventuri | 2005-11-30 13:44:04 +0100 (Wed, 30 Nov 2005) | 2 lines Changed paths: M /voms/trunk/src/Makefile.am M /voms/trunk/src/Makefile.in Added files. ------------------------------------------------------------------------ r104 | vventuri | 2005-11-29 17:36:33 +0100 (Tue, 29 Nov 2005) | 2 lines Changed paths: M /voms/trunk/src/utils/Makefile.in Corrected wrong ln name. ------------------------------------------------------------------------ r103 | vventuri | 2005-11-29 17:36:24 +0100 (Tue, 29 Nov 2005) | 2 lines Changed paths: M /voms/trunk/src/client/Makefile.in Added forgotten ln to voms-proxy-list. ------------------------------------------------------------------------ r102 | vventuri | 2005-11-29 17:16:52 +0100 (Tue, 29 Nov 2005) | 2 lines Changed paths: M /voms/trunk/src/utils/Makefile.am Corrected wrong ln name. ------------------------------------------------------------------------ r101 | vventuri | 2005-11-29 17:16:08 +0100 (Tue, 29 Nov 2005) | 2 lines Changed paths: M /voms/trunk/src/client/Makefile.am Added forgotten ln to voms-proxy-list. ------------------------------------------------------------------------ r100 | vventuri | 2005-11-29 16:40:08 +0100 (Tue, 29 Nov 2005) | 2 lines Changed paths: M /voms/trunk/build.xml Inverted order for call to autogen and configure targets. ------------------------------------------------------------------------ r99 | vventuri | 2005-11-29 15:33:46 +0100 (Tue, 29 Nov 2005) | 2 lines Changed paths: A /voms/trunk/project/config.guess A /voms/trunk/project/ltmain.sh Created directory structure. ------------------------------------------------------------------------ r98 | vventuri | 2005-11-29 15:23:09 +0100 (Tue, 29 Nov 2005) | 2 lines Changed paths: A /voms/trunk/project/config.sub Created directory structure. ------------------------------------------------------------------------ r97 | vventuri | 2005-11-29 15:19:46 +0100 (Tue, 29 Nov 2005) | 2 lines Changed paths: D /voms/trunk/doc/manpage.refs Removed unneeded file. ------------------------------------------------------------------------ r96 | vventuri | 2005-11-29 13:41:39 +0100 (Tue, 29 Nov 2005) | 2 lines Changed paths: M /voms/trunk/src/api/ccapi/cinterface.h M /voms/trunk/src/api/ccapi/voms_api.h M /voms/trunk/src/api/ccapi/voms_apic.h Removed CVS keyword. ------------------------------------------------------------------------ r91 | vventuri | 2005-11-29 13:33:54 +0100 (Tue, 29 Nov 2005) | 2 lines Changed paths: M /voms/trunk A /voms/trunk/.cvsignore A /voms/trunk/AUTHORS A /voms/trunk/ChangeLog A /voms/trunk/INSTALL A /voms/trunk/LICENSE A /voms/trunk/Makefile.am A /voms/trunk/Makefile.in A /voms/trunk/NEWS A /voms/trunk/README A /voms/trunk/aclocal.m4 A /voms/trunk/autogen.sh A /voms/trunk/build.xml A /voms/trunk/configure A /voms/trunk/configure.ac A /voms/trunk/doc A /voms/trunk/doc/AC-RFC.tex A /voms/trunk/doc/Makefile.am A /voms/trunk/doc/Makefile.in A /voms/trunk/doc/authors.sgml A /voms/trunk/doc/bugzilla.sgml A /voms/trunk/doc/c++api.tex A /voms/trunk/doc/capi.tex A /voms/trunk/doc/certificate.txt A /voms/trunk/doc/edg-voms-proxy-destroy.sgml A /voms/trunk/doc/edg-voms-proxy-fake.sgml A /voms/trunk/doc/edg-voms-proxy-info.sgml A /voms/trunk/doc/edg-voms-proxy-init.sgml A /voms/trunk/doc/edg-voms-proxy-list.sgml A /voms/trunk/doc/edg-voms.sgml A /voms/trunk/doc/license.sgml A /voms/trunk/doc/links.sgml A /voms/trunk/doc/manpage.links A /voms/trunk/doc/manpage.refs A /voms/trunk/doc/software.tex A /voms/trunk/doc/testvoms.sgml A /voms/trunk/doc/voms_install_db.sgml A /voms/trunk/doc/voms_install_replica.sgml A /voms/trunk/project A /voms/trunk/project/acinclude.m4 A /voms/trunk/project/build.number A /voms/trunk/project/build.properties A /voms/trunk/project/compile A /voms/trunk/project/configure.properties.xml A /voms/trunk/project/cppunit.m4 A /voms/trunk/project/depcomp A /voms/trunk/project/expat.m4 A /voms/trunk/project/glite.m4 A /voms/trunk/project/install-sh A /voms/trunk/project/missing A /voms/trunk/project/mkinstalldirs A /voms/trunk/project/properties.xml A /voms/trunk/project/version.properties A /voms/trunk/src A /voms/trunk/src/Makefile.am A /voms/trunk/src/Makefile.in A /voms/trunk/src/ac A /voms/trunk/src/ac/Makefile.am A /voms/trunk/src/ac/Makefile.in A /voms/trunk/src/ac/acerrors.h A /voms/trunk/src/ac/ccinit.cc A /voms/trunk/src/ac/create.cc A /voms/trunk/src/ac/error.c A /voms/trunk/src/ac/extensions.c A /voms/trunk/src/ac/extensions.h A /voms/trunk/src/ac/init.c A /voms/trunk/src/ac/init.h A /voms/trunk/src/ac/mystack.c A /voms/trunk/src/ac/newformat.c A /voms/trunk/src/ac/test.c A /voms/trunk/src/ac/validate.c A /voms/trunk/src/ac/write.c A /voms/trunk/src/ac/write.h A /voms/trunk/src/api A /voms/trunk/src/api/Makefile.am A /voms/trunk/src/api/Makefile.in A /voms/trunk/src/api/ccapi A /voms/trunk/src/api/ccapi/Makefile.am A /voms/trunk/src/api/ccapi/Makefile.in A /voms/trunk/src/api/ccapi/api_util.cc A /voms/trunk/src/api/ccapi/api_util.h A /voms/trunk/src/api/ccapi/ccval.cc A /voms/trunk/src/api/ccapi/ccval.h A /voms/trunk/src/api/ccapi/cinterface.cc A /voms/trunk/src/api/ccapi/cinterface.h A /voms/trunk/src/api/ccapi/ctest.c A /voms/trunk/src/api/ccapi/test.cc A /voms/trunk/src/api/ccapi/voms_api.cc A /voms/trunk/src/api/ccapi/voms_api.h A /voms/trunk/src/api/ccapi/voms_apic.h A /voms/trunk/src/autogen A /voms/trunk/src/autogen/config.h.in A /voms/trunk/src/client A /voms/trunk/src/client/Makefile.am A /voms/trunk/src/client/Makefile.in A /voms/trunk/src/client/fqan.cc A /voms/trunk/src/client/fqan.h A /voms/trunk/src/client/main.cc A /voms/trunk/src/client/vomsclient.cc A /voms/trunk/src/client/vomsclient.h A /voms/trunk/src/common A /voms/trunk/src/common/Makefile.am A /voms/trunk/src/common/Makefile.in A /voms/trunk/src/common/credentials.c A /voms/trunk/src/common/data.cc A /voms/trunk/src/common/error.c A /voms/trunk/src/common/list.c A /voms/trunk/src/common/options.cc A /voms/trunk/src/common/pass.cc A /voms/trunk/src/common/sign.cc A /voms/trunk/src/common/xml.c A /voms/trunk/src/common/xmlcc.cc A /voms/trunk/src/include A /voms/trunk/src/include/Client.h A /voms/trunk/src/include/Makefile.am A /voms/trunk/src/include/Makefile.in A /voms/trunk/src/include/Server.h A /voms/trunk/src/include/acstack.h A /voms/trunk/src/include/ccac.h A /voms/trunk/src/include/ccwrite.h A /voms/trunk/src/include/config.h.in A /voms/trunk/src/include/credentials.h A /voms/trunk/src/include/data.h A /voms/trunk/src/include/dbwrap.h A /voms/trunk/src/include/errors.h A /voms/trunk/src/include/errortype.h A /voms/trunk/src/include/format.h A /voms/trunk/src/include/getopts.h A /voms/trunk/src/include/globus_oldgaa.h A /voms/trunk/src/include/globus_oldgaa_utils.h A /voms/trunk/src/include/gssapi_compat.h A /voms/trunk/src/include/init.h A /voms/trunk/src/include/listfunc.h A /voms/trunk/src/include/log.h A /voms/trunk/src/include/newca.h A /voms/trunk/src/include/newformat.h A /voms/trunk/src/include/options.h A /voms/trunk/src/include/pass.h A /voms/trunk/src/include/proxycertinfo.h A /voms/trunk/src/include/replace.h A /voms/trunk/src/include/sign.h A /voms/trunk/src/include/stamp-h.in A /voms/trunk/src/include/stamp-h1.in A /voms/trunk/src/include/streamers.h A /voms/trunk/src/include/tokens.h A /voms/trunk/src/include/validate.h A /voms/trunk/src/include/vomsxml.h A /voms/trunk/src/include/xml.h A /voms/trunk/src/install A /voms/trunk/src/install/Makefile.am A /voms/trunk/src/install/Makefile.in A /voms/trunk/src/install/mysql2oracle.in A /voms/trunk/src/install/upgrade1to2.in A /voms/trunk/src/install/voms.csh.in A /voms/trunk/src/install/voms.data A /voms/trunk/src/install/voms.sh.in A /voms/trunk/src/install/voms.start.in A /voms/trunk/src/install/voms_install_db.in A /voms/trunk/src/install/vomses.template A /voms/trunk/src/log A /voms/trunk/src/log/Makefile.am A /voms/trunk/src/log/Makefile.in A /voms/trunk/src/log/fns.c A /voms/trunk/src/log/fs.c A /voms/trunk/src/log/log.c A /voms/trunk/src/log/sl.c A /voms/trunk/src/replib A /voms/trunk/src/replib/Makefile.am A /voms/trunk/src/replib/Makefile.in A /voms/trunk/src/replib/daemon.c A /voms/trunk/src/replib/getopt_long.c A /voms/trunk/src/replib/getopt_long_only.c A /voms/trunk/src/replib/memcmp.c A /voms/trunk/src/replib/setenv.c A /voms/trunk/src/replib/strndup.c A /voms/trunk/src/replica A /voms/trunk/src/replica/Makefile.am A /voms/trunk/src/replica/Makefile.in A /voms/trunk/src/replica/voms_install_replica.in A /voms/trunk/src/server A /voms/trunk/src/server/Makefile.am A /voms/trunk/src/server/Makefile.in A /voms/trunk/src/server/VOMSServer.h A /voms/trunk/src/server/access_db_sql.cc A /voms/trunk/src/server/access_db_sql.h A /voms/trunk/src/server/attribute.cc A /voms/trunk/src/server/attribute.h A /voms/trunk/src/server/main.cc A /voms/trunk/src/server/vomsd.cc A /voms/trunk/src/socklib A /voms/trunk/src/socklib/Client.cpp A /voms/trunk/src/socklib/Makefile.am A /voms/trunk/src/socklib/Makefile.in A /voms/trunk/src/socklib/Server.cpp A /voms/trunk/src/socklib/globus_oldgaa.h A /voms/trunk/src/socklib/globus_oldgaa_utils.h A /voms/trunk/src/socklib/globuswrap.c A /voms/trunk/src/socklib/globuswrap.h A /voms/trunk/src/socklib/tokens.c A /voms/trunk/src/sslutils A /voms/trunk/src/sslutils/Makefile.am A /voms/trunk/src/sslutils/Makefile.in A /voms/trunk/src/sslutils/oldgaa A /voms/trunk/src/sslutils/oldgaa/Makefile.am A /voms/trunk/src/sslutils/oldgaa/Makefile.in A /voms/trunk/src/sslutils/oldgaa/globus_oldgaa.h A /voms/trunk/src/sslutils/oldgaa/globus_oldgaa_utils.c A /voms/trunk/src/sslutils/oldgaa/globus_oldgaa_utils.h A /voms/trunk/src/sslutils/oldgaa/oldgaa_alloc.c A /voms/trunk/src/sslutils/oldgaa/oldgaa_api.c A /voms/trunk/src/sslutils/oldgaa/oldgaa_gl_internal_err.c A /voms/trunk/src/sslutils/oldgaa/oldgaa_gl_internal_err.h A /voms/trunk/src/sslutils/oldgaa/oldgaa_policy_evaluator.c A /voms/trunk/src/sslutils/oldgaa/oldgaa_policy_evaluator.h A /voms/trunk/src/sslutils/oldgaa/oldgaa_release.c A /voms/trunk/src/sslutils/oldgaa/oldgaa_utils.c A /voms/trunk/src/sslutils/oldgaa/oldgaa_utils.h A /voms/trunk/src/sslutils/oldgaa/rfc1779.c A /voms/trunk/src/sslutils/proxycertinfo.c A /voms/trunk/src/sslutils/scutils.c A /voms/trunk/src/sslutils/scutils.h A /voms/trunk/src/sslutils/sslutils.c A /voms/trunk/src/sslutils/sslutils.h A /voms/trunk/src/support A /voms/trunk/src/support/Makefile.am A /voms/trunk/src/support/Makefile.in A /voms/trunk/src/support/test_clean.in A /voms/trunk/src/support/test_setup.in A /voms/trunk/src/support/test_start.in A /voms/trunk/src/support/testvoms.in A /voms/trunk/src/utils A /voms/trunk/src/utils/Makefile.am A /voms/trunk/src/utils/Makefile.in A /voms/trunk/src/utils/voms_proxy_destroy.cc A /voms/trunk/src/utils/voms_proxy_info.cc A /voms/trunk/src/utils/vomsfake.cc A /voms/trunk/src/utils/vomsfake.h A /voms/trunk/test A /voms/trunk/test/Makefile.am A /voms/trunk/test/Makefile.in A /voms/trunk/test/setup_env.sh A /voms/trunk/test/tests A /voms/trunk/test/tests/masstest.sh A /voms/trunk/test/tests/servicecert.sh A /voms/trunk/test/tests/simpleac.sh A /voms/trunk/test/tests/spurious.sh A /voms/trunk/test/tests/voms_install_db_test1.sh A /voms/trunk/test/tests/voms_install_db_test2.sh A /voms/trunk/test/utest A /voms/trunk/test/utest/Makefile.am A /voms/trunk/test/utest/Makefile.in A /voms/trunk/test/utest/ca.pem A /voms/trunk/test/utest/capi_cu_Main.cpp A /voms/trunk/test/utest/capi_cu_main.cpp A /voms/trunk/test/utest/capi_cu_suite.cpp A /voms/trunk/test/utest/capi_cu_suite.h A /voms/trunk/test/utest/csocket_mock.c A /voms/trunk/test/utest/holder.pem A /voms/trunk/test/utest/issuer.pem A /voms/trunk/test/utest/key.pem A /voms/trunk/test/utest/socket_mock.cpp A /voms/trunk/test/utest/voms_cu_main.cpp A /voms/trunk/test/utest/voms_cu_suite.cpp A /voms/trunk/test/utest/voms_cu_suite.h A /voms/trunk/test/utest/vomsclient_cu_main.cpp A /voms/trunk/test/utest/vomsclient_cu_suite.cpp A /voms/trunk/test/utest/vomsclient_cu_suite.h A /voms/trunk/test/utest/vomsdata_cu_main.cpp A /voms/trunk/test/utest/vomsdata_cu_suite.cpp A /voms/trunk/test/utest/vomsdata_cu_suite.h A /voms/trunk/test/utest/vomsdatac_cu_suite.cpp A /voms/trunk/test/utest/vomsdatac_cu_suite.h A /voms/trunk/test/utest/vomses A /voms/trunk/test/utest/x509up_u501 Initial revision ------------------------------------------------------------------------ r90 | (no author) | 2005-11-29 13:33:54 +0100 (Tue, 29 Nov 2005) | 1 line Changed paths: A /voms/branches A /voms/tags A /voms/trunk New repository initialized by cvs2svn. ------------------------------------------------------------------------ voms-2.1.2/Jenkinsfile000066400000000000000000000023661477131364200147030ustar00rootroot00000000000000#!/usr/bin/env groovy @Library('sd')_ def kubeLabel = getKubeLabel() pipeline { agent { kubernetes { label "${kubeLabel}" cloud 'Kube mwdevel' defaultContainer 'runner' inheritFrom 'ci-template' containerTemplate { name 'runner' image 'italiangrid/voms-build-centos7:latest' ttyEnabled true command 'cat' } } } options { timeout(time: 10, unit: 'MINUTES') buildDiscarder(logRotator(numToKeepStr: '5')) } triggers { cron('@daily') } stages { stage ('build') { steps { sh '''#!/bin/bash set -ex pwd ls -lR ./autogen.sh ./configure make ''' } } stage('result'){ steps { script { currentBuild.result = 'SUCCESS' } } } } post { failure { slackSend color: 'danger', message: "${env.JOB_NAME} - #${env.BUILD_NUMBER} Failure (<${env.BUILD_URL}|Open>)" } changed { script{ if('SUCCESS'.equals(currentBuild.result)) { slackSend color: 'good', message: "${env.JOB_NAME} - #${env.BUILD_NUMBER} Back to normal (<${env.BUILD_URL}|Open>)" } } } } } voms-2.1.2/LICENSE000066400000000000000000000261361477131364200135250ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. voms-2.1.2/Makefile.am000066400000000000000000000052721477131364200145520ustar00rootroot00000000000000ACLOCAL_AMFLAGS=-I m4 SUBDIRS = src doc m4 testsuite EXTRA_DIST = autogen.sh LICENSE APIDOC_DIR = $(top_builddir)/doc/apidoc USERDOC_DIR = $(top_builddir)/doc/userdoc APIDOC_FILES = $(top_srcdir)/AUTHORS $(top_srcdir)/LICENSE $(top_srcdir)/README USERDOC_FILES = $(APIDOC_FILES) spec=spec/voms-all.spec deb_comp="libvomsapi1 voms-dev voms-clients voms-server" rpmbuild_dir=@WORKDIR@/rpmbuild debbuild_dir=@WORKDIR@/debbuild stage_dir=dist all-local: apidoc-local apidoc-local: $(APIDOC_FILES) $(mkinstalldirs) $(APIDOC_DIR) for file in $(APIDOC_FILES); do \ $(INSTALL_DATA) $${file} $(APIDOC_DIR); \ done apidoc-recursive: $(MAKE) apidoc -C api apidoc: apidoc-local apidoc-recursive userdoc-local: $(USERDOC_FILES) $(mkinstalldirs) $(USERDOC_DIR) for file in $(USERDOC_FILES); do \ $(INSTALL_DATA) $${file} $(USERDOC_DIR); \ done userdoc-recursive: $(MAKE) userdoc -C doc userdoc: userdoc-local userdoc-recursive gtags: rm -f G*; gtags tags: rm -f TAGS; find . '(' '(' -name '*.c' -o -name '*.h' -o -name '*.cpp' -o -name '*.hpp' -o -name '*.cc' ')' -a -not -path '*/test/*' ')' -exec etags -a '{}' ';' clean-local: rm -rf $(rpmbuild_dir) $(debbuild_dir) $(distdir).tar.gz dist distclean-local: rm -f configure aclocal.m4 $(distdir).tar.gz rm -f m4/libtool.m4 m4/ltoptions.m4 m4/ltsugar.m4 m4/ltversion.m4 m4/lt~obsolete.m4 rm -rf autom4te.cache aux src/autogen $(rpmbuild_dir) $(debbuild_dir) rm -rf testsuite/dbg.log find . -name Makefile.in -exec rm {} \; rpm: dist mkdir -p $(rpmbuild_dir)/BUILD $(rpmbuild_dir)/RPMS $(rpmbuild_dir)/SOURCES $(rpmbuild_dir)/SPECS $(rpmbuild_dir)/SRPMS cp $(distdir).tar.gz $(rpmbuild_dir)/SOURCES rpmbuild --nodeps -v -ba $(spec) --define "_topdir $(rpmbuild_dir)" deb: dist mkdir -p $(debbuild_dir) cp $(distdir).tar.gz $(debbuild_dir)/$(PACKAGE)_$(VERSION).orig.tar.gz tar -C $(debbuild_dir) -xvzf $(distdir).tar.gz cp -r debian $(debbuild_dir)/$(PACKAGE)-$(VERSION) cd $(debbuild_dir)/$(PACKAGE)-$(VERSION); debuild -uc -us etics: clean rpm mkdir -p tgz RPMS cp $(distdir).tar.gz tgz cp -r $(rpmbuild_dir)/RPMS/* $(rpmbuild_dir)/SRPMS/* RPMS etics-deb: clean deb mkdir -p tgz debs cp $(distdir).tar.gz tgz cp $(debbuild_dir)/*.deb debs cp $(debbuild_dir)/*.tar.gz $(debbuild_dir)/*.dsc tgz stage-deb: mkdir -p $(stage_dir) for d in debs/*.deb; do \ dpkg-deb --extract $$d $(stage_dir) ; \ done stage: mkdir -p $(stage_dir) for r in $(shell find $(rpmbuild_dir)/RPMS -name '*.rpm') ; do \ echo "Istalling `basename $$r` in $(stage_dir)..."; \ pushd . ; cp $$r $(stage_dir); cd $(stage_dir); \ rpm2cpio `basename $$r` | cpio -idm; \ rm `basename $$r`; popd; \ done voms-2.1.2/NEWS000066400000000000000000000000001477131364200131750ustar00rootroot00000000000000voms-2.1.2/README000066400000000000000000000000001477131364200133560ustar00rootroot00000000000000voms-2.1.2/README.md000066400000000000000000000022251477131364200137700ustar00rootroot00000000000000# VOMS The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This repository hosts the VOMS server and C++ APIs. ## Documentation See the [VOMS website](https://italiangrid.github.io/voms). # Support Submit a ticket in [GGUS](https://ggus.eu/pages/ticket.php) targeted at the VOMS EMI support unit. # License Licensed under the Apache License, Version 2.0 (the "License"); you may not use this project except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. voms-2.1.2/autogen.sh000077500000000000000000000000651477131364200145120ustar00rootroot00000000000000#! /bin/sh mkdir -p aux src/autogen autoreconf -i -f voms-2.1.2/compose/000077500000000000000000000000001477131364200141555ustar00rootroot00000000000000voms-2.1.2/compose/.env000066400000000000000000000000371477131364200147460ustar00rootroot00000000000000COMPOSE_PROJECT_NAME=voms-core voms-2.1.2/compose/docker-compose.yml000066400000000000000000000016031477131364200176120ustar00rootroot00000000000000version: '3.5' volumes: vscode-server: dotlocal: services: init: image: italiangrid/voms-build-centos7:latest volumes: - vscode-server:/home/build/.vscode-server - dotlocal:/home/build/.local command: sudo chown -R build:build /home/build/.vscode-server /home/build/.local voms_build: image: italiangrid/voms-build-centos7:latest depends_on: - init environment: - TZ=Europe/Rome volumes: - vscode-server:/home/build/.vscode-server - dotlocal:/home/build/.local - $HOME/grid-security:/etc/grid-security/certificates - $HOME/ca-bundle:/etc/pki - $HOME/vomsdir:/etc/grid-security/vomsdir:ro - $HOME/vomses:/etc/vomses - $HOME/.globus:/home/build/.globus:ro - ..:/home/build/workspace:cached entrypoint: /tini -- sleep infinity extra_hosts: - "dev.local.io: 192.168.65.2" voms-2.1.2/configure.ac000066400000000000000000000072331477131364200150030ustar00rootroot00000000000000AC_INIT([VOMS], [2.1.2]) AC_PREREQ(2.57) AC_CONFIG_AUX_DIR([./aux]) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([src/utils/voms_proxy_destroy.cc]) AC_CONFIG_MACRO_DIR([m4]) AM_MAINTAINER_MODE AC_PREFIX_DEFAULT("/") # Notices. AC_COPYRIGHT([Copyright (c) 2004-2012 Istituto Nazionale di Fisica Nucleare See LICENCE file for details ]) #Environment. WORKDIR=`pwd` AC_SUBST(WORKDIR) # Checks for programs. AC_PROG_CXX AC_PROG_AWK AC_PROG_CC AM_PROG_CC_C_O AC_PROG_CPP AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MAKE_SET AC_PROG_LIBTOOL AC_PROG_YACC AC_PROG_LEX AC_COMPILER AX_PTHREAD PKG_CHECK_MODULES([OPENSSL], [openssl], [AC_DEFINE([OPENSSL_API_COMPAT], [10100], [Build against OpenSSL 1.1 API])]) PKG_CHECK_MODULES([EXPAT],[expat]) AC_ENABLE_DOCS # Checks for header files. AC_HEADER_DIRENT AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_CHECK_HEADERS([fcntl.h libintl.h limits.h memory.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/socket.h sys/time.h syslog.h termios.h unistd.h malloc.h wchar.h]) # Checks for typedefs, structures, and compiler characteristics. AC_HEADER_STDBOOL AC_C_CONST AC_TYPE_UID_T AC_C_INLINE AC_TYPE_OFF_T AC_TYPE_PID_T AC_TYPE_SIZE_T AC_CHECK_MEMBERS([struct stat.st_rdev]) AC_HEADER_TIME AC_STRUCT_TM # Checks for library functions. AC_FUNC_ALLOCA AC_FUNC_CLOSEDIR_VOID AC_FUNC_FORK AC_FUNC_MEMCMP AC_FUNC_MMAP AC_FUNC_SETVBUF_REVERSED AC_FUNC_STRFTIME AC_CHECK_FUNCS([alarm atexit dup2 gethostbyaddr gethostname gethostbyname gethostname memmove memset mkfifo mktime munmap putenv select setenv sigaction socket strchr strdup strerror strndup strrchr strspn strstr strtod strtol strtoul strtoull tzset uname getpwnam timegm]) AC_CHECK_DECLS(getopt_data) AC_REPLACE_FUNCS(getopt_long getopt_long_only daemon setenv memset) # NEW_ISSUES AC_VOMS_TIME_T_TIMEZONE AM_WITH_DMALLOC AC_VOMS_SOCKLEN_T AC_VOMS_FIND_FUNC AC_VOMS_STRNDUP AC_BUILD_API_ONLY AC_BUILD_PARTS # Check for gSOAP only when building server which is checked in BUILD_PARTS if test "x$build_server" = "xyes" ; then PKG_CHECK_MODULES([GSOAP],[gsoap >= 2.7]) PKG_CHECK_MODULES([GSOAP_PP],[gsoap++ >= 2.7]) PKG_CHECK_MODULES([GSOAP_SSL],[gsoapssl >= 2.7]) PKG_CHECK_MODULES([GSOAP_SSL_PP],[gsoapssl++ >= 2.7]) AC_WSDL2H fi GLITE_DOCBOOK_MAN AC_LINUX AC_TESTSUITE PUT_PRIVATES AC_VOMS_LOCATIONS AC_ARG_WITH(vomsuser, [ --with-vomsuser=USR Sets the user used to run voms], [with_vomsuser="$withval"], [with_vomsuser="voms"] ) AC_SUBST(with_vomsuser) AC_PARSER_GEN AC_CONFIG_HEADERS([src/autogen/config.h]) if test "x$build_cpp_api" = "xyes" -o "x$build_interfaces" = "xyes"; then # both C and CPP INSTALL_API_LIBS="libvomsapi.la" else INSTALL_API_LIBS="" fi AC_SUBST(INSTALL_API_LIBS) AC_CONFIG_FILES([Makefile src/Makefile src/ac/Makefile src/api/Makefile src/api/ccapi/Makefile src/client/Makefile src/common/Makefile src/include/Makefile src/install/Makefile src/log/Makefile src/replib/Makefile src/replica/Makefile src/server/Makefile src/socklib/Makefile src/sslutils/Makefile src/utils/Makefile doc/Makefile m4/Makefile testsuite/Makefile testsuite/SuiteConfig]) AC_CONFIG_FILES([src/install/voms_install_db src/install/voms.start src/replica/voms_install_replica src/install/upgrade1to2 src/install/mysql2oracle src/install/sysconfig-voms src/api/ccapi/voms-2.0.pc]) AC_OUTPUT voms-2.1.2/debian/000077500000000000000000000000001477131364200137325ustar00rootroot00000000000000voms-2.1.2/debian/README.Debian000066400000000000000000000002711477131364200157730ustar00rootroot00000000000000voms for Debian --------------- -- Andrea Ceccanti Tue, 24 Jan 2012 15:29:27 +0100 voms-2.1.2/debian/changelog000066400000000000000000000002541477131364200156050ustar00rootroot00000000000000voms (2.0.11-1) unstable; urgency=low * Fixes https://issues.infn.it/browse/VOMS-379 -- Andrea Ceccanti Tue, 24 Jan 2012 15:29:27 +0100 voms-2.1.2/debian/compat000066400000000000000000000000021477131364200151300ustar00rootroot000000000000007 voms-2.1.2/debian/control000066400000000000000000000055751477131364200153510ustar00rootroot00000000000000Source: voms Priority: optional Maintainer: Andrea Ceccanti Build-Depends: debhelper (>= 7.0.50~), libtool, autotools-dev, autoconf, automake,quilt,libssl-dev,libexpat1-dev,pkg-config,xsltproc,docbook-xml,docbook-xsl Standards-Version: 3.8.4 Section: libs Homepage: https://wiki.italiangrid.it/VOMS Package: libvomsapi1 Section: libs Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: The Virtual Organisation Membership Service C++ APIs The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides libraries that applications using the VOMS functionality will bind to. Package: voms-clients Section: net Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Virtual Organization Membership Service Clients The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides command line applications to access the VOMS services. Package: voms-dev Section: libdevel Architecture: any Depends: libvomsapi1 (= ${binary:Version}), libssl-dev, ${misc:Depends} Suggests: voms-doc Description: The Virtual Organisation Membership Service C++ APIs (Development files) The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package offers header files for programming with the VOMS libraries. Package: voms-server Section: net Architecture: any Depends: ${shlibs:Depends}, adduser, ${misc:Depends} Suggests: voms-mysql-plugin Description: Virtual Organization Membership Service Server The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides the VOMS service. voms-2.1.2/debian/copyright000066400000000000000000000027031477131364200156670ustar00rootroot00000000000000This work was packaged for Debian by: Andrea Ceccanti on Tue, 24 Jan 2012 15:29:27 +0100 It was downloaded from: https://github.com/italiangrid/voms Upstream Author(s): Vincenzo Ciaschini Valerio Venturi Andrea Ceccanti Copyright: Copyright © Members of the EGEE Collaboration. 2004-2010. See http://www.eu-egee.org/partners/ for details on the copyright holders. License: Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. On Debian systems the full text of the Apache-2.0 license can be found in the /usr/share/common-licenses/Apache-2.0 file. The Debian packaging is: Copyright (C) 2012 Andrea Ceccanti Copyright (C) 2008-2010 Steffen Möller Copyright (C) 2008-2010 Mattias Ellert and is licensed under the same license. voms-2.1.2/debian/libvomsapi1.control000066400000000000000000000012131477131364200175570ustar00rootroot00000000000000Package: libvomsapi1 Section: libs Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: The Virtual Organisation Membership Service C++ APIs The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides libraries that applications using the VOMS functionality will bind to. voms-2.1.2/debian/libvomsapi1.docs000066400000000000000000000000341477131364200170270ustar00rootroot00000000000000src/install/vomses.template voms-2.1.2/debian/libvomsapi1.install000066400000000000000000000001101477131364200175400ustar00rootroot00000000000000debian/tmp/usr/lib/libvomsapi.so.* debian/tmp/etc/grid-security/vomsdir voms-2.1.2/debian/rules000077500000000000000000000055021477131364200150140ustar00rootroot00000000000000#!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. # export DH_VERBOSE=1 DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) CFLAGS = -Wall -g ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) CFLAGS += -O0 else CFLAGS += -O2 endif ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) MAKEFLAGS += -j$(NUMJOBS) endif name=voms version=2.0.11 include /usr/share/quilt/quilt.make INSTALLDIR = $(CURDIR)/debian/tmp _prefix = /usr _bindir = $(_prefix)/bin _sbindir = $(_prefix)/sbin _libdir = $(_prefix)/lib _includedir = $(_prefix)/include _sysconfdir = /etc _localstatedir = /var _datadir = $(_prefix)/share _mandir = $(_datadir)/man _docdir = $(_datadir)/doc configure: configure-stamp : configure-stamp: $(QUILT_STAMPFN) dh_testdir find . '(' -name '*.h' -o -name '*.c' -o -name '*.cpp' -o \ -name '*.cc' -o -name '*.java' ')' -exec chmod a-x {} ';' ./autogen.sh CFLAGS="$(CFLAGS)" CXXFLAGS="$(CFLAGS)" FFLAGS="$(CFLAGS)" \ LDFLAGS="-Wl,-z,defs" ./configure \ --host=$(DEB_HOST_GNU_TYPE) \ --build=$(DEB_BUILD_GNU_TYPE) \ --prefix=$(_prefix) \ --sysconfdir=$(_sysconfdir) \ --mandir='$${datadir}/man' \ --infodir='$${datadir}/info' \ --libexecdir=$(_datadir) \ --disable-parser-gen \ --disable-docs build: build-indep build-arch : build-indep: build-stamp : build-arch: build-stamp : build-stamp: configure-stamp dh_testdir $(MAKE) touch $@ unpatch: cleanup clean: unpatch : cleanup: dh_testdir dh_testroot if [ -r Makefile ] ; then $(MAKE) clean && $(MAKE) distclean ; fi rm -f build-stamp configure-stamp install: build-stamp dh_testdir dh_testroot dh_prep $(MAKE) install DESTDIR=$(INSTALLDIR) rm $(INSTALLDIR)$(_libdir)/*.la mkdir -p $(INSTALLDIR)$(_sysconfdir)/$(name) mkdir -p $(INSTALLDIR)$(_sysconfdir)/grid-security/vomsdir mkdir -p $(INSTALLDIR)$(_sysconfdir)/grid-security/$(name) mkdir -p $(INSTALLDIR)$(_localstatedir)/log/$(name) binary-indep: : binary-arch: install dh_testdir dh_testroot dh_installchangelogs ChangeLog dh_installdocs dh_installman dh_install dh_link dh_lintian dh_compress dh_fixperms dh_makeshlibs dh_installdeb dh_shlibdeps -l debian/libvomsapi1/usr/lib dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch : .PHONY: build-indep build-arch build clean binary-indep binary-arch binary install configure voms-2.1.2/debian/source/000077500000000000000000000000001477131364200152325ustar00rootroot00000000000000voms-2.1.2/debian/source/format000066400000000000000000000000141477131364200164400ustar00rootroot000000000000003.0 (quilt) voms-2.1.2/debian/voms-clients.control000066400000000000000000000011671477131364200177640ustar00rootroot00000000000000 Package: voms-clients Section: net Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Virtual Organization Membership Service Clients The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides command line applications to access the VOMS services. voms-2.1.2/debian/voms-clients.install000066400000000000000000000006521477131364200177500ustar00rootroot00000000000000debian/tmp/usr/bin/voms-proxy-destroy debian/tmp/usr/bin/voms-proxy-info debian/tmp/usr/bin/voms-proxy-init debian/tmp/usr/bin/voms-proxy-fake debian/tmp/usr/bin/voms-proxy-list debian/tmp/usr/share/man/man1/voms-proxy-destroy.1* debian/tmp/usr/share/man/man1/voms-proxy-info.1* debian/tmp/usr/share/man/man1/voms-proxy-init.1* debian/tmp/usr/share/man/man1/voms-proxy-fake.1* debian/tmp/usr/share/man/man1/voms-proxy-list.1* voms-2.1.2/debian/voms-dev.control000066400000000000000000000012751477131364200171010ustar00rootroot00000000000000 Package: voms-dev Section: libdevel Architecture: any Depends: libvomsapi1 (= ${binary:Version}), libssl-dev, ${misc:Depends} Suggests: voms-doc Description: The Virtual Organisation Membership Service C++ APIs (Development files) The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package offers header files for programming with the VOMS libraries. voms-2.1.2/debian/voms-dev.install000066400000000000000000000002551477131364200170640ustar00rootroot00000000000000debian/tmp/usr/include/voms/* debian/tmp/usr/lib/libvomsapi.a debian/tmp/usr/lib/libvomsapi.so debian/tmp/usr/lib/pkgconfig/voms-2.0.pc debian/tmp/usr/share/aclocal/voms.m4 voms-2.1.2/debian/voms-server.control000066400000000000000000000011641477131364200176260ustar00rootroot00000000000000 Package: voms-server Section: net Architecture: any Depends: ${shlibs:Depends}, adduser, ${misc:Depends} Suggests: voms-mysql-plugin Description: Virtual Organization Membership Service Server The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides the VOMS service. voms-2.1.2/debian/voms-server.install000066400000000000000000000006711477131364200176160ustar00rootroot00000000000000debian/tmp/usr/sbin/voms debian/tmp/usr/share/voms/mysql2oracle debian/tmp/usr/share/voms/upgrade1to2 debian/tmp/usr/share/voms/voms.data debian/tmp/usr/share/voms/voms_install_db debian/tmp/usr/share/voms/voms-ping debian/tmp/usr/share/voms/voms_replica_master_setup.sh debian/tmp/usr/share/voms/voms_replica_slave_setup.sh debian/tmp/usr/share/man/man8/voms.8* debian/tmp/etc/voms debian/tmp/etc/grid-security/voms debian/tmp/var/log/voms voms-2.1.2/debian/voms-server.postinst000066400000000000000000000010171477131364200200260ustar00rootroot00000000000000#!/bin/sh set -e if test "$1" = "configure" -o "$1" = "reconfigure" ; then test -r /etc/default/voms && . /etc/default/voms if test -z "$VOMS_USER" -o "$VOMS_USER" = "voms" ; then getent group voms > /dev/null || \ addgroup --quiet --system voms getent passwd voms > /dev/null || \ adduser --quiet --system --home /etc/voms --shell /bin/false \ --ingroup voms --disabled-password --disabled-login \ --gecos "VOMS Server Account" voms chown voms:voms /var/log/voms fi fi #DEBHELPER# voms-2.1.2/debian/voms-server.voms.default000066400000000000000000000000261477131364200205510ustar00rootroot00000000000000RUN=no VOMS_USER=root voms-2.1.2/do-configure.sh000066400000000000000000000006541477131364200154320ustar00rootroot00000000000000#!/bin/bash set -ex ./configure --with-debug \ --program-prefix= \ --prefix=/usr \ --exec-prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --sysconfdir=/etc \ --datadir=/usr/share \ --includedir=/usr/include \ --libdir=/usr/lib64 \ --libexecdir=/usr/libexec \ --localstatedir=/var \ --sharedstatedir=/var/lib \ --mandir=/usr/share/man \ --infodir=/usr/share/info voms-2.1.2/doc/000077500000000000000000000000001477131364200132555ustar00rootroot00000000000000voms-2.1.2/doc/.gitignore000066400000000000000000000000361477131364200152440ustar00rootroot00000000000000/apidoc /AC-RFC.* !/AC-RFC.texvoms-2.1.2/doc/AC-RFC.tex000066400000000000000000000270771477131364200147070ustar00rootroot00000000000000\documentclass[a4]{article} \title{A VOMS Attribute Certificate\\ Profile for Authorization} \author{Vincenzo Ciaschini} \begin{document} \maketitle \tableofcontents \newpage \section{Introduction} X.509 Attribute Certificates (ACs) \cite{rfc3281} are used to bind a set of attributes, like group membership, role, security clearance, etc\ldots\ with an AC holder. Their well-defined, standardized format and easy extensibility make them a premium way to distribute that information in large system, and in particular in environments where authentication is done via X.509 Certificates \cite{rfc3280}. This is the reason why ACs are the format chosen by the VOMS server \cite{voms} to encode authorization data. However, the reference documantation about ACs leaves a huge amount of freedom regarding exactly how ACs should be encoded. The scope of this paper is to document the particular vernacular of ACs used by VOMS, and how the data they contain is supposed to be encoded. This format is in any case fully compatible with what described in \cite{rfc3281}, and should any incompatibility be found between what is described here and what is described in \cite{rfc3281}, the latter is the authoritative source. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in \cite{rfc2119}. \section{FQAN} The FQAN (short form for Fully Qualified Attribute Name) is what VOMS ACs use in place of the Group/Role attributes. It is better described in \cite{fqan}, although a brief summary will be given in the following paragraphs. It has been developed because of two perceived problems with the standard-defined\cite{rfc3281} Group and Role attributes: \begin{enumerate} \item The Group and Role attributes are completely independent of each other; in particular, Roles are meant to be global, associated directly to the AC holder, regarless of group membership. On the other hand, besides this behaviour VOMS also allows groups and roles to be bound together, using one as a qualifier of the other. While it is indeed possible to encode groups and roles inside the standard attributes in a format that could represent this information, there is no way to have the same format also be readable by other AC users without risking misunderstandings. \item Also, practical use of group/role attributes in defining ACLs has showed that having them separate is inconvenient, and it is much simpler to have them all expressed together. \end{enumerate} For these reasons, a new format has been devised, as documented in \cite{fqan}. However, here follows a copy of the relevant information. Group membership, Role holding and Capabilities may be expressed in a format that bounds them together in the following way: \begin{center} $<$group name$>$/Role=[$<$role name$>$][/Capability=$<$capability name$>$] \end{center} where the elements between [] are optional. This format specifies that the AC holder is a member of group $<$group name$>$, and in this group he holds the role $<$role name$>$ while having the capability $<$capability name$>$. $<$group name$>$, $<$role name$>$ and $<$capability name$>$ are described by the following grammar: \begin{verbatim} group name ::= entity | groupname ``/'' entity role name ::= entity capability name ::= entity entity ::= [a-zA-Z0-9 _]* \end{verbatim} It can be noted that while role and capability names have a flat structure, group name can be expressed as a series of identifiers separated by the ``/'' character. This happens because groups are a structured entities, where a group can have subgroups, that can have subgroups, ad libitum. They are represented in the same format as Unix path names, where the first directory name corresponds to the VO name, the second one to a group, the third one to a subgroup of the preceding group, etc\ldots \section{VOMS Attribute Certificate Profile} This is the general format of an AC as defined by \cite{rfc3281}. Customizations used by VOMS will be discussed in individual subsections. Everything not specifically mentioned here is intended to be in accordance with \cite{rfc3281}. \begin{verbatim} AttributeCertificate ::= SEQUENCE { acinfo AttributeCertificateInfo, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } AttributeCertificateInfo ::= SEQUENCE { verson AttCertVersion, holder Holder, issuer AttCertIssuer, signature AlgorithmIdentifier, serialNumber CertificateSerialNumber, attrCertValidityPeriod AttCertValidityPeriod, attributes SEQUENCE OF Attribute, issuerUniqueID UniqueIdentifier OPTIONAL, extensions Extensions OPTIONAL } AttCertVersion ::= INTEGER { v2(1) } Holder ::= SEQUENCE { baseCertificateID [0] IssuerSerial OPTIONAL, } AttCertIssuer ::= CHOICE { v2Form [0] V2Form } V2Form ::= SEQUENCE { issuerName GeneralNames OPTIONAL, baseCertificateID [0] IssuerSerial OPTIONAL, objectDigestInfo [1] ObjectDigestInfo OPTIONAL } IssuerSerial ::= SEQUENCE { issuer GeneralNames, serial CertificateSerialNumber, issuerUID UniqueIdentifier OPTIONAL } AttCertValidityPeriod ::= SEQUENCE { notBeforeTime GeneralizedTime, notAfterTime GeneralizedTime } Attribute ::= SEQUENCE { type AttributeType, values SET OF AttributeValue -- at least one value is required } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType \end{verbatim} \subsection{Holder} The holder of a VOMS AC MUST always be an X.509 PKC. As a consequence of this, in VOMS ACs the only admissible choice for the field is the baseCertificateID, hence the absence in the above decription, of the other two choices from this SEQUENCE. The issuerUID field in this case MUST be present if and only if it is also present in the holder's PKC, and in this case they MUST have the same value. Note that \cite{rfc3280}\ says that conforming implementations of PKCs SHOULD NOT use this field, but that implementations SHOULD be capable to handle it. \subsection{AttCertIssuer} The AttCertIssuer field MUST always be encoded using the V2Form data format. \subsection{V2Form} Conforming ACs MUST NOT use either the baseCertificateID or the objectDigestInfo fields. They MUST use the issuerName field, which MUST contain one and only one distinguished name belonging to the certificate that the AC issuer will use to sign the AC. This in particular means that this subject MUST NOT be empty. \section{Attributes} The attributes field contains information about the AC holder. At least one attribute MUST always be present. Attributes types use the format defined in \cite{rfc3281}, repeated here for convenience: \begin{verbatim} IetfAttrSyntax ::= SEQUENCE { policyAuthority [0] GeneralNames OPTIONAL, values SEQUENCE OF CHOICE { octets OCTET STRING, oid OBJECT IDENTIFIER, string UTF8String } } \end{verbatim} The attributes Group and Role, defined in \cite{rfc3281} are not used by VOMS AC, and SHOULD NOT be present in conforming ACs. Instead, it defines a new attribute, FQAN, which holds information about both, and in fact also binds them together. \begin{verbatim} name : voms-attribute OID : { voms 4 } syntax : IetfAttrSyntax values : Multiple allowed \end{verbatim} where ``voms'' is the OID 1.3.6.1.5.3004.100.100 and has been registered for VOMS. The policyAuthority field of the IetfAttrSyntax MUST contain an encoding of both the VO to which the AC issuer belongs and the server which generated this particular attribute, in the following format: \begin{center} $<$vo name$>$://$<$fqhn$>$:$<$port$>$ \end{center} all of this component should be omitted, and the IA5STRING choice of the GeneralName type should be used. On the same way, the octets choice of the values field shoud be used to encode the FQANs. \subsection{Extensions} In the current version, only a specific subset of the extensions specified in \cite{rfc3281} is used and they are decribed here, along with any specifics points that were originally only loosely defined. A VOMS-compliant AC is allowed to use extensions other than those indicated here, on the condition that they should not be critical. \subsubsection{AC Target} This extension MAY be present. If it is present, then then targetName option MUST be used, with the FQDNs of the hosts which the AC is targeted to. Compliant implementation MUST honor this extension. Also, they MUST be capable of understnading at least the targetName option. \subsubsection{No Revocation Available} This extension MUST be used in the current version of VOMS ACs. \subsection{Attributes} While in principle any attribute may be used here, this section will specify what attributes are included in the current version of ACs and which are expected to be recognized by conforming implementations. \subsubsection{Fully Qualified Attribute Name (FQAN)} This attribute is used to express user membership in groups and ownership of roles in an integrated way that makes easier to express relations between the two elements. It is fully documented in [FQAN], and MUST be included in any and all VOMS ACs. \subsubsection{Group and Role} This two attributes are not used in current version, but they MAY be present. However, in this case their content should be consistent with the content of the FQAN attribute. The suggested way to ensure this is the following: \begin{enumerate} \item Role and Group have the same number of elements as FQAN. \item If the n-th element of FQAN denote membership in group G and ownership of role R, then those are the values of the n-th Group and the n-th Role. If no role R is specified in an element of the FQAN attribute, then the corresponding element in the Role attribute is the empty string. \end{enumerate} Conforming implementations MAY recognize this two attributes, but if they do they SHOULD the verify correspondence between their values and the content of the FQAN attributes. Should there be a miscrepancy, the normative data should be that included in the FQAN element. It is up to the implementation whether to consider a discrepancy enough cause for an error or to settle for a warning. \section{Attribute Certificate Validation} All mechanisms described by \cite{rfc3281} are kept as they are with only the following change: \begin{quote} It is not required at any time during signature verification that: \begin{itemize} \item The AC issuer certificate has the signing bit set, or that \item any proxy certificate or user certificate as the signing bit set. \end{itemize} It is although preferred for AC issuer certificate that the signing bit is set. \end{quote} \begin{thebibliography}{rfc3280} \bibitem{rfc3281} S.~Farrell, R.~Housley, RFC 3281: An Internet Attribute Certificate Profile for Authorization. \bibitem{rfc3280} R.~Housley, W.~Polk, W.~Ford, D.~Solo, RFC 3280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. \bibitem{rfc2119} S.~Bradner, RFC 2119: Key words for use in RFCs to Indicate Requirement Levels. \bibitem{fqan} V.~Ciaschini, A.~Frohner, Voms Credential Format, http://edg-wp2.web.cern.ch/edg-wp2/security/voms/edg-voms-credential.pdf \bibitem{voms} R.~Alfieri, R.~Cecchini, V.~Ciaschini, L.~Dell'Agnello, A.~Frohner, A.~Gianoli, L.~Karoly, F.~Spataro, An Authorization System for Virtual Organizations, Forthcoming in Proceedings of the 1st European Across Grids Conference. \end{thebibliography} \end{document} voms-2.1.2/doc/Makefile.am000066400000000000000000000035151477131364200153150ustar00rootroot00000000000000SGML_INCLUDES = authors.sgml bugzilla.sgml license.sgml links.sgml SGML = $(srcdir)/voms-proxy-init.xml \ $(srcdir)/voms-proxy-list.xml \ $(srcdir)/voms.xml \ $(srcdir)/voms-proxy-info.xml \ $(srcdir)/voms-proxy-destroy.xml \ $(srcdir)/voms-proxy-fake.xml SGML_DIST = voms-proxy-init.xml voms.xml voms-proxy-info.xml \ voms-proxy-destroy.xml \ voms-proxy-fake.xml voms-proxy-list.xml LATEX_DIST = software.tex capi.tex c++api.tex AC-RFC.tex mandir = $(datadir)/man if BUILD_SERVER if BUILD_CLIENTS man_MANS = \ voms.8 \ voms-proxy-init.1 \ voms-proxy-info.1 \ voms-proxy-destroy.1 \ voms-proxy-fake.1 \ voms-proxy-list.1 endif endif if BUILD_SERVER if !BUILD_CLIENTS man_MANS = \ voms.8 endif endif if !BUILD_SERVER if BUILD_CLIENTS man_MANS = \ voms-proxy-init.1 \ voms-proxy-info.1 \ voms-proxy-destroy.1 \ voms-proxy-fake.1 \ voms-proxy-list.1 endif endif if !BUILD_SERVER if !BUILD_CLIENTS man_MANS = endif endif EXTRA_DIST = $(SGML_INCLUDES) $(SGML_DIST) $(LATEX_DIST) $(man_MANS) MAINTAINERCLEANFILES = Makefile.in \ manpage.links \ manpage.refs CLEANFILES = $(DOCS) *toc *aux *log maintainer-clean-local: -rm -rf $(USERDOC_DIR) all-local: userdoc-local if BUILD_DOCS userdoc-local: $(man_MANS) else userdoc-local: endif userdoc: userdoc-local install-data-hook: install-man1 install-man8 MAN_STYLESHEET = http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl if BUILD_DOCS if HAVE_DOCBOOK_MAN %.1: %.xml $(COMMON_XMLFILES) $(XSLTPROC) $(XSLTPROCFLAGS) $(MAN_STYLESHEET) $< %.8: %.xml $(COMMON_XMLFILES) $(XSLTPROC) $(XSLTPROCFLAGS) $(MAN_STYLESHEET) $< %.html: %.xml $(XSLTPROC) $(XSLTPROCFLAGS) -o $@ $(HTML_STYLESHEET) $< endif else %1: %.xml touch $@ %8: %.xml touch $@ endif .PHONY: userdoc voms-2.1.2/doc/RELEASE-NOTES.1-6-15000066400000000000000000000012231477131364200156710ustar00rootroot00000000000000Changes since 1.6.10 Fixed vulnerability #12685: Escalation of right possible. Fixed the first part of bug #13899, meaning that the crashes with threads do not happen any more, and the memory leak is much reduced. We are at work to tackle the remaining few bytes. Fixed bug #11227: Now VOMS builds on RH 7.2 Fixed bug #10702: Now the duplicated connection are not there anymore. Fixed bug #10761: Junk in command line is now detected. Fixde bug #13356: Syntax of ps usage fixed. Valerio is updating bug 12613. voms-2.1.2/doc/RELEASE-NOTES.1-7-0000066400000000000000000000023011477131364200156020ustar00rootroot00000000000000Changes since 1.6.22: Added support for generic attributes (requested by LHCb and Atlas experiments, no bug number.) Also, in consequence of this: New C/C++/Java APIs to access the attributes. New C/C++ API libraries that do not depend on Globus: -- use vomsapi_nog.h and vomsapic_nog.h headers. -- Contact methods temporarily disabled. Always return an error now. -- Link against libvomsapi_nog.so Integration of Java APIs in the main code: -- Removed dependency on org.glite.security.java-utils package.. -- Depends on either libvomsapi.so or libvomsapi_nog.so. The first takes priority over the second one if both are found. -- The org.glite.security.voms.ac package is now deprecated. All the get*() methods have been moved to the org.glite.security.voms.VOMSAttribute class, which is now the only official way to access credential data. Fix problem with UID/USERID in CA names (no bug number, reported by GIN) Fix for bug #16576 Fix for bug #15436 Fix for bug #15572 Fix for bug #12514 Fix for bug #10967 (java part. C and C++ were already fixed) Fix for bug #14026 (Easier configuration for clients) voms-2.1.2/doc/authors.sgml000066400000000000000000000003311477131364200156230ustar00rootroot00000000000000Authors Vincenzo Ciaschini Vincenzo.Ciaschini@cnaf.infn.it. Valerio Venturi Valerio.Venturi@cnaf.infn.it. voms-2.1.2/doc/bugzilla.sgml000066400000000000000000000002331477131364200157500ustar00rootroot00000000000000Bugs EGEE Bug Tracking Tool voms-2.1.2/doc/c++api.tex000066400000000000000000001004121477131364200150370ustar00rootroot00000000000000\documentclass[a4paper]{book} \usepackage{color} \usepackage{listings} \newenvironment{compatibility}{\begin{quote}\color{red}Compatibility\begin{quote}}{\end{quote}\color{black}\end{quote}} \newcommand{\also}[1]{\textbf{SEE ALSO}\newline\ \ \ \ \ #1} \newcommand{\return}{\textbf{RETURNS}\newline} \newcommand{\parameter}[2]{\newline\textbf{#1}\ \ #2} \begin{document} \lstset{language=C++} \begin{titlepage} \title{The VOMS C++ API\\ A Developer's Guide} \author{Vincenzo Ciaschini} \end{titlepage} \maketitle \tableofcontents \newpage \chapter{Introduction} The VOMS API already come with their own documentation in doxygen format. However, that documentation is little more than a simple enumeration of functions, with a very terse description. The aim of this document is different. Here the intention is not only to describe the different functions that comprise the API, but also to show how they are supposed to work together, what particular care the user needs to take when calling them, what should be done to mantain compatibility between the different versions, etc\ldots Throughout this whole document, you will find sections marked thus: \begin{compatibility} Some information \end{compatibility} These sections contain information regarding both back and forward compatibility between different versions of the API. \begin{compatibility} Finally, please note that everything not explicitly defined in this argument should be considered a private detail and subject to change without notice. \end{compatibility} \chapter{The API.} There are three basic data structures: \verb|data|\/, \verb|voms| and \verb|vomsdata|. \section{The data structure} The first one, \verb|data| contains the data regarding a single attribute, giving its specification in terms of Groups, Roles and Capabilities. It is defined as follows: \begin{lstlisting}{} struct data { std::string group; std::string role; std::string cap; }; \end{lstlisting} All the values of these strings must be composed from regular expression: \texttt{[a-ZA-Z0-9\_/]*}. \subsection{group} This field contains the name of a group which the user belongs into. The format of entries in this group is reminiscent of the structure of pathnames, and is the following: \begin{quote} \begin{emph} /group/group/.../group \end{emph} \end{quote} where the name of the first group is by convention the name of the Virtual Organization (VO), while each other \emph{/group} component is a subgroup of the group immediately preceding it on the left. The character '/' is not acceptable as part of a group name. This field MUST always be filled. \subsection{role} This field contains the name of the role which the user owns in the group specified by \texttt{group}. If the user does not own any particular role in that group, than this field contains the value ``NULL''. \subsection{cap} This field details a capability that the user has as a member of the group specified by \texttt{group} while owning the role specified by \texttt{role}. If there is no specific capability, than this value is ``NULL''. No specific format is associated to a capability. They are basically free-form strings, whose value should be agreed between the AA and the Attribute verifier. \section{The voms structure} The second one, \texttt{voms} is used to group together all the information that can be gleaned from a single AC, and is defined as follows: \begin{lstlisting}{} enum data_type { TYPE_NODATA, /*!< no data */ TYPE_STD, /*!< group, role, capability triplet */ TYPE_CUSTOM /*!< result of an S command */ }; struct voms { friend class vomsdata; int version; int siglen; std::string signature; std::string user; std::string userca; std::string server; std::string serverca; std::string voname; std::string uri; std::string date1; std::string date2; data_type type; std::vector std; std::string custom; /* Data below this line only makes sense if version >= 1 */ std::vector fqan; std::string serial; /* Data below this line is private. */ private: AC *ac; X509 *holder; public: voms(const voms &); voms(); voms &operator=(const voms &); ~voms(); }; \end{lstlisting} The purpose of this structure is to present, in a readable format, the data that has been included in a single Attribute Certificate (AC). While the various public fields may be freely modified to simplify internal coding, such changes have no effect on the underlying AC. Let's examine the various fields in detail, starting with the constructors. \subsection{version} This field specifies the version of this structure that is currently being used. A value of 0 indicates that it comes from an old format extension, while a value of 1 indicates that this structure comes from an AC. \begin{compatibility} Support for version 0 is going to be phased out of the code base in roughly 6 months (late june - start of july). When that happens, version 0 structures will not be readable anymore. Until then, support for it is being kept as a transition measure. Update: With software version 1.6.0 and onwards, support for version 0 has been dropped. \end{compatibility} Please do note that modifying the fields of a version 0 structure associated with a \texttt{versiondata} object invalidates the result of the \texttt{Export} method on that object. \subsection{siglen} The length of the data signature. \subsection{user} This field contains the subject of the holder's certificate in slash-separated format. \subsection{userca} This field contains the subject of the CA that issued the holder's certificate, in slash-separated format. \subsection{server} This field contains the subject of the certificate that the AA used to issue the AC, in slash-separated format. \subsection{serverca} This field contains, in slash-separated format, the subject of the CA that issued the certificate that the AA used to issue the AC. \subsection{voname} This field contains the name of the Virtual Organization (VO) to which the rest of the data contained in this structure applies to. \subsection{uri} This is the URI at which the AA that issued this particular AC can be contacted. Its format is: \begin{quote} \emph{fqdn}:\emph{port} \end{quote} where \emph{fqdn} is the Fully Qualified Domain Name of the server which hosts the AA, and \emph{port} is the port at which the AA can be contacted on that server. \subsection{date1, date2} These are the dates of start and end of validity of the rest of the information. They are in a string representation readable to humans, but they may be easily converted back to their original format, with a little twist: dates coming from an AC are in GeneralizedTime format, while dates coming from the old version data are in UtcTime format. Here follows a code example doing that conversion:\bigskip\bigskip \begin{lstlisting}{} ASN1_TIME * convtime(std::string data) { ASN1_TIME *t= ASN1_TIME_new(); t->data = (unsigned char *)(data.data()); t->length = data.size(); switch(t->length) { case 10: t->type = V_ASN1_UTCTIME; break; case 15: t->type = V_ASN1_GENERALIZEDTIME; break; default: ASN1_TIME_free(t); return NULL; } return t; } \end{lstlisting} \subsection{type} This datum specifies the type of data that follows. It can assume the following values: \begin{description} \item [TYPE\_NODATA] There actually was no data returned. \begin{compatibility} This is actually only true for version 0 structures. The following versions will simply not generate a \texttt{voms} structure in this case. \end{compatibility} \item [TYPE\_CUSTOM] The data will contain the output of an ``S'' command sent to the server. \begin{compatibility} Again, this type of datum will only be present in version 0 structures. Due to lack of use, support for it has been disabled in new versions of the server. \end{compatibility} \item [TYPE\_STD] The data will contain (group, role, capabilities) triples. \end{description} \subsection{std} This vector contains all the attributes found in an AC, in the exact same order as they were found, in the format specified by the \texttt{data} structure. It is only filled if the value of the \texttt{type} field is \texttt{TYPE\_STD}. \begin{compatibility} This structure is filled in both version 1 and version 0 structures, although this is scheduled to be left empty after the transition period has passed. \end{compatibility} \subsection{custom} This field contains the data returned by the ``S'' server command, and it is only filled if the \texttt{type} value id \texttt{TYPE\_CUSTOM}. \subsection{fqan} This field contains the same data as the \texttt{std} field, but specified in the Fully Qualified Attribute Name (FQAN) format. \section{vomsdata} The purpose of this object is to collect in a single place all information present in a VOMS extension. It is defined so. \begin{lstlisting}{} struct vomsdata { private: class Initializer { public: Initializer(); private: Initializer(Initializer &); }; private: static Initializer init; std::string ca_cert_dir; std::string voms_cert_dir; int duration; std::string ordering; std::vector servers; std::vector targets; public: verror_type error; /*!< Error code */ vomsdata(std::string voms_dir = "", std::string cert_dir = ""); bool LoadSystemContacts(std::string dir = ""); bool LoadUserContacts(std::string dir = ""); std::vector FindByAlias(std::string alias); std::vector FindByVO(std::string vo); void Order(std::string att); void ResetOrder(void); void AddTarget(std::string target); std::vector ListTargets(void); void ResetTargets(void); std::string ServerErrors(void); bool Retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how = RECURSE_CHAIN); bool Contact(std::string hostname, int port, std::string servsubject, std::string command); bool ContactRaw(std::string hostname, int port, std::string servsubject, std::string command, std::string &raw, int &version); void SetVerificationType(verify_type how); void SetLifetime(int lifetime); bool Import(std::string buffer); bool Export(std::string &data); bool DefaultData(voms &); std::vector data; std::string workvo; std::string extra_data; std::string ErrorMessage(void); bool RetrieveFromCtx(gss_ctx_id_t context, recurse_type how); bool RetrieveFromCred(gss_cred_id_t credential, recurse_type how); bool Retrieve(X509_EXTENSION *ext); bool RetrieveFromProxy(recurse_type how); private: /* not relevant: removed from this listing. */ }; \end{lstlisting} Let us see the fields in detail. \subsection{error} This field contains the error code returned by one of the methods. Please note that the value of this field is only significant if the \emph{last} method called returns an error value. Also, the value of this field is subject to change without notice during method executions, regardless of whether an error effectively occurred. The possible values returned are the following:\bigskip\bigskip \begin{lstlisting}{} enum verror_type { VERR_NONE, VERR_NOSOCKET, VERR_NOIDENT, VERR_COMM, VERR_PARAM, VERR_NOEXT, VERR_NOINIT, VERR_TIME, VERR_IDCHECK, VERR_EXTRAINFO, VERR_FORMAT, VERR_NODATA, VERR_PARSE, VERR_DIR, VERR_SIGN, VERR_SERVER, VERR_MEM, VERR_VERIFY, VERR_TYPE, VERR_ORDER, VERR_SERVERCODE }; \end{lstlisting} In general, a first idea of what each code means can be gleaned from the code name, but in any case every method description will document what errors its execution may generate and on which conditions. \subsection{data} This field contains a vector of \texttt{voms} structures, in the exact same order as the corresponding ACs appeared in the proxy certificate, and containing the information present in that AC. \section{Methods} \subsection {voms} \subsection{voms::voms()} This is the standard default constructor. Please note that a structure created this way would not contain any real data. The only use for this constructor is to create a ``placeholder'' structure to which you will copy data using the copy operator. \subsection{voms::voms(const voms \&)} This is the standard copy constructor. Structures allocated via this method will retain an exact copy of the data of their source. \subsection{voms::operator=(const voms \&)} This defines an assignment operator between two different \texttt{voms} structures. \section{vomsdata} \subsection{vomsdata::vomsdata(std::string voms\_dir='''', std::string cert\_dir='''')} This is the standard constructor that also doubles as the default constructor. \parameter{voms\_dir}{This is the directory where the VOMS server' certificates are kept. If this value is empty (the default), then the value of \texttt{\$X509\_VOMS\_DIR} is considered, and if this is also empty than its default is \texttt{/etc/grid-security/vomsdir}.} \parameter{cert\_dir}{This is the directory where the CA certificates are kept. If this value is empty (the default), then the value of \texttt{\$X509\_CERT\_DIR} is considered, and if this is also empty than its default is \texttt{/etc/grid-security/certificate}.} \begin{compatibility} This function is the only supported way to create and initialize a \texttt{vomsdata} structure other than the copy constructor. It is forbidden to ever take the \texttt{sizeof()} of this class. \end{compatibility} The default values are strongly suggested. If you want to hardcode specific ones, think very hard about the loss of configurability that it would entail. \subsection{bool vomsdata::LoadSystemContacts(std::string dir = ``'')} This function loads the vomses files that are shared system-wide. \parameter{dir}{This is the directory in which the various vomses files are kept. If left as blank, it defaults to \texttt{\$PREFIX/etc/vomses}.} \return The return value is true if all went well and false otherwise. In the latter case the \texttt{vomsdata::error} member becomes significant, and it may assume the following values: \bigskip\begin{tabular}{lp{3in}} VERR\_DIR & The function tried to access something that either was not a directory or a regular file, could not be read, or it had the wrong permissions. The correct permissions are 644 for files and 755 for directories.\\ VERR\_FORMAT & The file was not in the expected format. \end{tabular} \subsection{bool vomsdata::LoadUserContacts(std::string dir = ``'')} This function loads the vomses files that are user-specific. \parameter{dir}{This is the directory in which the various vomses files are kept. If left as blank, it defaults to \texttt{\$VOMS\_USERCONF}. If this is also empty, then the last default is \texttt{\$HOME/.edg/vomses}.} \return The return value is true if all went well and false otherwise. In the latter case the \verb|vomsdata::error| member becomes significant, and it may assume the following values: \bigskip\begin{tabular}{lp{3in}} \color{black}VERR\_DIR & \color{black}The function tried to access something that either was not a directory or a regular file, could not be read, or it had the wrong permissions. The correct permissions are 644 for files and 755 for directories.\\ VERR\_FORMAT & The file was not in the expected format.\\ \end{tabular} \subsection{std::vector$<$contactdata$>$ vomsdata::FindByAlias(std::string alias)} \begin{lstlisting}{} struct contactdata { /*!< You must never allocate directly this structure. Its sizeof() is subject to change without notice. The only supported way to obtain it is via the FindBy* functions. */ std::string nick; /*!< The alias of the server */ std::string host; /*!< The hostname of the server */ std::string contact; /*!< The subject of the server's certificate */ std::string vo; /*!< The VO served by this server */ int port; /*!< The port on which the server is listening */ }; \end{lstlisting} This function looks in the vomses files loaded by \texttt{vomsdata::LoadSystemContacts()} and \texttt{vomsdata::LoadUserContacts()} for servers that have been registered with a particular alias. \parameter{alias}{The alias that will be searched for. The search will be case sensitive.} \return The return value is a vector containing the data (in \texttt{contactdata} format) of all the servers known by the system that go by the specified alias. This function does not have an error code, but the vector may be empty if no servers satisfying the query are found or if there are no known servers altogether, typically because the Load*Contacts() function have not been called. \bigskip\subsection{void vomsdata::Order(std::string attribute)} This function should be called before the various Contact*() ones, and it is used to specify in which order the clients would like to have the attributes returned by the server. It can be called multiple times, each time specifying a new attribute, creating in this way an ordered list of attributes. Then, when the server is contacted, it will exemine this list of attributes against the one it would grant the client, and order the latter in the same way, with the following provisions: \begin{itemize} \item All attributes not explicitly indicated in the order list will be placed in an unspecified order after all the specified ones. \item An attribute present in the order list but not present among the attributes that the server is prepared to grant will be silently ignored. \end{itemize} \ \parameter{attribute}{The attribute that should be ordered} \begin{compatibility} For the moment, this is the only place where the FQAN format for attribute names is not yet fully supported. The attribute field will so have to be specified in the $<$group name$>$:$<$role name$>$ format. This situation will be corrected sometime in the 1.2.x series. \end{compatibility} \also{ResetOrder} \subsection{void vomsdata::ResetOrder(void)} This function clears the list of attributes that has been setup via calls to the Order() function. \also{Order} \subsection{void vomsdata::AddTarget(std::string target)} This function takes advantage of ACs capability to target themselves to a specific set of hosts. Through consecutive calls of this function, the user can target the AC that the server will generate to any set of hosts it likes. Obviously, this funciton should be called before the Contact*() ones. \parameter{target}{The name of the host to which the AC will be targeted. The name MUST be expressed in Fully Qualified Host Name format.} \also{ListTargets, ResetTargets} \subsection{std::vector$<$std::string$>$ vomsdata::listTargets(void)} function returns a vector containing the list of hosts that will constitute the targets that will be include in the AC. \return A vector whose members are the FQHNs of the machines against which the AC will be targeted. This may be empty if the list has been cleared or it has never been filled. \also{AddTarget, ResetTargets} \subsection{void vomsdata::ResetTargets(void)} This function clears the list of targets for an AC. \also{AddTarget, ListTargets} \subsection{std::string vomsdata::ServerErrors()} In case one of the other functions returned a \texttt{VERR\_SERVER} message, meaning that some error has occurred on the server side of a connection, calling this function MAY return a message from the server itself detailing the error. \return The error message itself \subsection{void vomsdata::SetVerificationType(verify\_type how)} This function sets the type of AC verification done by the Retrieve() and Contact() functions. The choices are detailed in the verify\_type type. \begin{lstlisting}{} enum verify_type { VERIFY_FULL = 0xffffffff, VERIFY_NONE = 0x00000000, VERIFY_DATE = 0x00000001, VERIFY_TARGET = 0x00000002, VERIFY_KEY = 0x00000004, VERIFY_SIGN = 0x00000008, VERIFY_ORDER = 0x00000010, VERIFY_ID = 0x00000020 }; \end{lstlisting} The meaning of these types is the following: \begin{description} \item[VERIFY\_DATE] This flag verifies that the current date is within the limits specified by the AC itself. \item[VERIFY\_TARGET] This flag verifies that the AC is being evaluated in a machine that is included in the target extension of the AC itself. \item[VERIFY\_KEY] This flag is for a future extension and is unused at the moment. \item[VERIFY\_SIGN] This flag verifies that the signature of the AC is correct. \item[VERIFY\_ORDER] This flag verifies that the attributes present in the AC are in the exact order that was requested. Please note that this can ONLY be done when examining an AC right after generation with the Contact() function. This flag is meaningless in all other cases. \item[VERIFY\_ID] This flag verifies that the holder information present in the AC is consistent with: \begin{enumerate} \item The enveloping user proxy in case the AC was contained in one. \item The user's own certificate in case the AC was received without an enclosing proxy. \end{enumerate} \item[VERIFY\_FULL] This flag implies all other verifications. \item[VERIFY\_NONE] This flag disables all verifications. \end{description} These flags can be combined by OR-ing them together. However, if VERIFY\_NONE is OR-ed to any other flag, it can be dismissed, while if VERIFY\_FULL is OR-ed to any other flag, all other flags ca be dismissed. If this function is not explicitly called by the user, a VERIFY\_FULL flag is considered to be in effect. \subsection{void vomsdata::SetLifetime(int lifetime)} This function should be called before the Contact*() ones. Its aim is to set the requested lifetime for the AC that the server would create. Please note that this is only a suggestion, and that the server may well override it if the requested time is against its own policy. \parameter{lifetime}{The requested lifetime, in seconds.} \subsection{bool vomsdata::Retrieve(X509 *cert, STACK\_OF(X509) *chain, recurse\_type how = RECURSE\_CHAIN)}\label{ret} This function retrieves a VOMS AC from a VOMS-enabled proxy certificate, executes the verifications requested by the SetVerificationType() function and interprets the data. \parameter{cert}{This is the X509 proxy certificate from which we want to retrieve the information.} \parameter{chain}{This is the certificate chain associated to the proxy certificate. This parameter is only significant if the value of the next parameter is \texttt{RECURSE\_CHAIN}.} \parameter{how}{This parameters may have two values: \begin{description} \item[RECURSE\_NONE] meaning that the VOMS extension MUST be found in the certificate proper, or \item[RECURSE\_CHAIN] meaning that if the VOMS extension are not found in the certificate proper, the certificate chain may be descended until either the extension is found or the chain ends. \end{description} The default value is \texttt{RECURSE\_CHAIN}.} \texttt{RECURSE\_NONE} should only be used in special circumstances, since it is guaranteed that in a normal Grid environment the process of credential delegation will make the VOMS extension to be only present in the certificate chain. The result value is a boolean that is \texttt{true} if and only if there have not been errors. If the value is \texttt{false}, then you should check the error code, which may have one of the following values: \bigskip\begin{tabular}{lp{3in}} VERR\_PARAM & There was something wrong with the parameters passes to the function, or some of the required information (holder, etc...) is empty.\\ VERR\_FORMAT & If the format of the data is unknown (e.g. neither an AC nor an old-style blob.\\ VERR\_NOIDENT & If it was impossible to discover the holder of the AC.\\ VERR\_NOINIT & The vomsdata object hasn't been properly initialized. Most likely the voms\_dir and ca\_dir parameters are empty.\\ VERR\_PARSE & There has been some problem in parsing the AC or blob.\\ VERR\_VERIFY & It was not possible to verify the signature.\\ VERR\_SERVER & It was not possible to properly identify the Attribute Issuer.\\ VERR\_TIME & The check on the validity dates failed.\\ VERR\_IDCHECK & The holder of the AC is not the same entity as the holder of the enclosing certificate.\\ \end{tabular} \also{SetVerificationType()} \subsection{bool vomsdata::Contact(std::string hostname, int port, std::string servsubject, std::string command)} This function is used to contact a specified server and use the received AC to fill the vomsdata structure. \parameter{hostname}{The fully qualified hostname of the machine on which the server runs.} \parameter{port}{The port number on which the server is listening.} \parameter{servsubject}{The subject of the server' certificate.} \parameter{command}{The command to be sent to the server.} These parameters may be obtained by using the FindByAlias() and FindByVO() methods. \return The return value is \texttt{true} if everything went well, \texttt{false} otherwise. In the latter case, the error field becomes significant, and it may assume the following values. \bigskip\begin{tabular}{lp{3in}} VERR\_NOSOCKET & The client was unable to connect to the server.\\ VERR\_COMM & Some communication errors (Usually related to certificate problems)\\ VERR\_SERVERCODE & The server returned an error code. More detailed information may be obtaind by the ServeError() function.\\ VERR\_PARAM & There was something wrong with the parameters passed to the function, or some of the required information (holder, etc...) is empty.\\ VERR\_FORMAT & If the format of the data is unknown (e.g. neither an AC nor an old-style blob.\\ VERR\_NOIDENT & If it was impossible to discover the holder of the AC or the client was unable to find its own proxy certificate.\\ VERR\_NOINIT & The vomsdata object hasn't been properly initialized. Most likely the voms\_dir and ca\_dir parameters are empty.\\ VERR\_PARSE & There has been some problem in parsing the AC or blob.\\ VERR\_VERIFY & It was not possible to verify the signature.\\ VERR\_SERVER & It was not possible to properly identify the Attribute Issuer.\\ VERR\_TIME & The check on the validity dates failed.\\ VERR\_IDCHECK & The holder of the AC is not the same entity as the holder of the enclosing certificate.\\ \end{tabular} \subsection{bool vomsdata::ContactRaw(std::string hostname, int port, std::string servsubject, std::string command, std::string \&raw, int \&version)} This function is used to contact a specified server and use the received AC to fill the vomsdata structure. \parameter{hostname}{The fully qualified hostname of the machine on which the server runs.} \parameter{port}{The port number on which the server is listening.} \parameter{servsubject}{The subject of the server' certificate.} \parameter{command}{The command to be sent to the server.} \parameter{raw}{This is an output parameter, and it will contain the data received by the server.} \parameter{version}{This, too, is an output parameter, and it will contain the version number of the data included.} The first four parameters may be obtained by using the FindByAlias() and FindByVO() methods. \return The return value is \texttt{true} if everything went well, \texttt{false} otherwise. In the latter case, the error field becomes significant, and it may assume the following values. \bigskip\begin{tabular}{lp{3in}} VERR\_NOSOCKET & The client was unable to connect to the server.\\ VERR\_COMM & Some communication error (Usually related to certificate problems)\\ VERR\_SERVERCODE & The server returned an error code. More detailed information may be obtaind by the ServeError() function.\\ VERR\_PARAM & There was something wrong with the parameters passed to the function, or some of the required information (holder, etc...) is empty.\\ VERR\_FORMAT & If the format of the data is unknown (e.g. neither an AC nor an old-style blob.\\ VERR\_NOIDENT & If the client was unable to find its own proxy certificate.\\ VERR\_NOINIT & The vomsdata object hasn't been properly initialized. Most likely the voms\_dir and ca\_dir parameters are empty.\\ \end{tabular} \subsection{bool vomsdata::Export(std::string \&data)} This function is used to create a string representation of all the data that has been read from VOMS certificates so far. \parameter{data}{This is an output parameter, and it will contain the data in encoded format.} \return The return value is \texttt{true} if everything went well, \texttt{false} otherwise. In the latter case, the error field becomes significant, and it may assume the following values. \bigskip\begin{tabular}{lp{3in}} VERR\_MEM & There is not enough memory free.\\ VERR\_FORMAT & There is an inconsistency in the internal data.\\ VERR\_TYPE & The same as above. The difference is only for debugging purposes.\\ \end{tabular} \also{Import()} \subsection{bool vomsdata::Import(std::string buffer)} This function is used to add a string created by the Export() call back into the vomsdata structure. This function also runs verification again. \parameter{buffer}{The string to convert.} \return The return value is \texttt{true} if everything went well, \texttt{false} otherwise. In the latter case, the error field becomes significant, and it may assume the following values: \bigskip\begin{tabular}{lp{3in}} VERR\_PARAM & There was something wrong with the parameters passes to the function, or some of the required information (holder, etc...) is empty.\\ VERR\_FORMAT & If the format of the data is unknown (e.g. neither an AC nor an old-style blob.\\ VERR\_NOIDENT & If is was impossible to discover the holder of the AC or there was not a user certificate ready.\\ VERR\_NOINIT & The vomsdata object hasn't been properly initialized. Most likely the voms\_dir and ca\_dir parameters are empty.\\ VERR\_PARSE & There has been some problem in parsing the AC or blob.\\ VERR\_VERIFY & It was not possible to verify the signature.\\ VERR\_SERVER & It was not possible to properly identify the Attribute Issuer.\\ VERR\_TIME & The check on the validity dates failed.\\ VERR\_IDCHECK & The holder of the AC is not the same entity as the holder of the enclosing certificate.\\ \end{tabular} \subsection{bool vomsdata::DefaultData(voms \&d)} This function returns the default attributes from a vomsdata class. \parameter{d}{This is the \texttt{voms} structure that will contain the default attributes.} \return The return value is \texttt{true} if everything went well, \texttt{false} otherwise. In the latter case, the error field becomes significant, and it may assume the following values: \bigskip\begin{tabular}{lp{3in}} VERR\_NOEXT & If there was no default attributes (most likely because no attributes were read in.\\ \end{tabular} \subsection{std::string vomsdata::ErrorMessage(void)} This function returns a textual description for the error encountered by the other functions. This cannot fail. \subsection{bool vomsdata::RetrieveFromCtx(gss\_ctx\_id\_t context, recurse\_type how)} This function is capable of retrieving VOMS AC information from a GSS context. \parameter{context}{The context from which to obtain the certificate.} \parameter{how}{What to do with the certificate chain. See the documentation of Retrieve (\ref{ret}) for possible values.} Return and error values are the same as Retrieve. Again, see (\ref{ret}) for possible values. \subsection{bool vomsdata::RetrieveFromCred(gss\_cred\_id\_t credential, recurse\_type how)} This function is capable of retrieving VOMS AC information from a GSS credential. \parameter{credential}{The credential from which to obtain the certificate.} \parameter{how}{What to do with the certificate chain. See the documentation of Retrieve (\ref{ret}) for possible values.} Return and error values are the same as Retrieve. Again, see (\ref{ret}) for possible values. \subsection{bool vomsdata::Retrieve(X509\_EXTENSION *ext)} Tihs function retrieves the VOMS AC extension from the passed extension. Please note that the unavailability of the holder certificate means that checks related to the holder of the AC will not be done. \parameter{ext}{The extension to evaluate.} Return and error values are the same as Retrieve. Again, see (\ref{ret}) for possible values. \subsection{bool vomsdata::RetrieveFromProxy(recurse\_type how)} This function is capable of retrieving VOMS AC information from an existing proxy. \parameter{how}{What to do with the certificate chain. See the documentation of Retrieve (\ref{ret}) for possible values.} Return and error values are the same as Retrieve. Again, see (\ref{ret}) for possible values. \end{document} voms-2.1.2/doc/capi.tex000066400000000000000000001131411477131364200147140ustar00rootroot00000000000000\documentclass[a4paper]{book} \usepackage{color} \usepackage{listings} \newenvironment{compatibility}{\begin{quote}\color{red}Compatibility\begin{quote}}{\end{quote}\color{black}\end{quote}} \newcommand{\also}[1]{\noindent \textbf{SEE ALSO}\newline\ \ \ \ \ #1} \newcommand{\errors}{\noindent \textbf{ERRORS}\newline} \newcommand{\results}{\noindent \textbf{RESULTS}\newline} \newcommand{\result}{\noindent \textbf{RESULTS}\newline} \newcommand{\return}{\noindent \textbf{RETURNS}\newline} \newcommand{\parameter}[1]{\newline\textbf{#1}\ \ } \begin{document} \lstset{language=C} \begin{titlepage} \title{The VOMS C API\\ A Developer's Guide} \author{Vincenzo Ciaschini} \end{titlepage} \maketitle \tableofcontents \newpage \chapter{Introduction} The VOMS API already come with their own documentation in doxygen format. However, that documentation is little more than a simple enumeration of functions, with a very terse description. The aim of this document is different. Here the intention is not only to describe the different functions that comprise the API, but also to show how they are supposed to work together, what particular care the user needs to take when calling them, what should be done to mantain compatibility between the different versions, etc\ldots Throughout this whole document, you will find sections marked thus: \begin{compatibility} Some information \end{compatibility} These sections contain information regarding both back and forward compatibility between different versions of the API. \begin{compatibility} Finally, please note that everything not explicitly defined in this argument should be considered a private detail and subject to change without notice. \end{compatibility} \chapter{The API.} There are three basic data structures: \verb|data, voms| and \verb|vomsdata|. \section{The data structure} The first one, \verb|data| contains the data regarding a single attribute, giving its specification in terms of Groups, Roles and Capabilities. It is defined as follows: {\begin{lstlisting}{} struct data { char *group; char *role; char *cap; }; \end{lstlisting}} All the values of these strings must be composed from regular expression: \texttt{a-ZA-Z0-9\_/]*}. \subsection{group} This field contains the name of a group into which the user belongs. The format of entries in this group is reminiscent of the structure of pathnames, and is the following: \begin{quote} \begin{emph} /group/group/.../group \end{emph} \end{quote} where the name of the first group is by convention the name of the Virtual Organization (VO), while each other \emph{/group} component is a subgroup of the group immediately preceding it on the left. The character '/' is not acceptable as part of a group name. This field MUST always be filled. \subsection{role} This field contains the name of the role to which the user owns in the group specified by \verb|group|. If the user does not own any particular role in that group, than this field contains the value ``NULL''. \subsection{cap} This field details a capability that the user has as a member of the group specified by \verb|group| while owning the role specified by \verb|role|. If there is no specific capability, than this value is ``NULL''. No specific format is associated to a capability. They are basically free-form strings, whose value should be agreed between the AA and the Attribute verifier. \section{The voms structure} The second one, \verb|voms| is used to group together all the information that can be gleaned from a single AC, and is defined as follows: {\begin{lstlisting}{} #define TYPE_NODATA 0 /*!< no data */ #define TYPE_STD 1 /*!< group, role, capability triplet */ #define TYPE_CUSTOM 2 /*!< result of an S command */ struct voms { int siglen; char *signature; char *user; char *userca; char *server; char *serverca; char *voname; char *uri; char *date1; char *date2; int type; struct data **std; char *custom; int datalen; int version; char **fqan; char *serial; /* Fields below this line are reserved. */ }; \end{lstlisting}} The purpose of this structure is to present, in a readable format, the data that has been included in a single Attribute Certificate (AC). While the various public fields may be freely modified to simplify internal coding, such changes have no effect on the underlying AC. Let's examine the various fields in detail, starting with the constructors. \subsection{version} This field specifies the version of this structure that is currently being used. A value of 0 indicates that it comes from an old format extension, while a value of 1 indicates that this structure comes from an AC. \begin{compatibility} Support for version 0 is going to be phased out of the code base in roughly 6 months (late june - start of july). When that happens, version 0 structures will not be readable anymore. Until then, support for it is being kept as a transition measure. \end{compatibility} Please do note that modifying the fields of a version 0 structure associated with a \verb|versiondata| struct invalidates the result of the \verb|VOMS_Export()| funciton on that object. \subsection{siglen} The length of the data signature. \subsection{user} This field contains the subject of the holder's certificate in slash-separated format. \subsection{userca} This field contains the subject of the CA that issued the holder's certificate, in slash-separated format. \subsection{server} This field contains the subject of the certificate that the AA used to issue the AC, in slash-separated format. \subsection{serverca} This field contains, in slash-separated format, the subject of the CA that issued the certificate that the AA used to issue the AC. \subsection{voname} This field contains the name of the Virtual Organization (VO) to which the rest of the data contained in this structure applies. \subsection{uri} This is the URI at which the AA that issued this particular AC can be contacted. Its format is: \begin{quote} \emph{fqdn}:\emph{port} \end{quote} where \emph{fqdn} is the Fully Qualified Domain Name of the server which hosts the AA, while \emph{port} is the port at which the AA can be contacted on that server. \subsection{date1, date2} These are the dates of start and end of validity of the rest of the information. They are in a string representation readable to humans, but they may be easily converted back to their original format, with a little twist: dates coming from an AC are in GeneralizedTime format, while dates coming from the old version data are in UtcTime format. Here follows a code example doing that conversion:\bigskip\bigskip {\begin{lstlisting}{} ASN1_TIME * convtime(char *data) { char *data2 = strdup(data); if (data2) { ASN1_TIME *t= ASN1_TIME_new(); t->data = (unsigned char *)data2; t->length = strlen(data); switch(t->length) { case 10: t->type = V_ASN1_UTCTIME; break; case 15: t->type = V_ASN1_GENERALIZEDTIME; break; default: ASN1_TIME_free(t); return NULL; } return t; } return NULL; } \end{lstlisting}} \subsection{type} This datum specifies the type of data that follows. It can assume the following values: \begin{description} \item [TYPE\_NODATA] There actually was no data returned. \begin{compatibility} This is actually only true for version 0 structures. The following versions will simply not generate a \verb|voms| structure in this case. \end{compatibility} \item [TYPE\_CUSTOM] The data will contain the output of an ``S'' command sent to the server. \begin{compatibility} Again, this type of datum will only be present in version 0 structures. Due to lack of use, support for it has been disabled in new versions of the server. \end{compatibility} \item [TYPE\_STD] The data will contain (group, role, capabilities) triples. \end{description} \subsection{std} This vector contains all the attributes found in an AC, in the exact same order in which they were found, in the format specified by the \verb|data| structure. It is only filled if the value of the \verb|type| field is \verb|TYPE_STD|. \begin{compatibility} This structure is filled in both version 1 and version 0 structures, although this is scheduled to be left empty after the transition period has passed. \end{compatibility} \subsection{custom} This field contains the data returned bu the ``S'' server command, and it is only filled if the \verb|type| value id \verb|TYPE_CUSTOM|. \subsection{fqan} This field contains the same data as the \verb|std| field, but specified in the Fully Qualified Attribute Name (FQAN) format. \section{vomsdata} The purpose of this object is to collect in a single place all information present in a VOMS extension. All the fields should be considered read-only. Changing them has indefinite results. {\begin{lstlisting}{} struct vomsdata { char *cdir; char *vdir; struct voms **data; char *workvo; char *extra_data; int volen; int extralen; /* Fields below this line are reserved. */ }; \end{lstlisting}} Let us see the fields in detail. \subsection{data} This field contains a vector of \verb|voms| structures, in the exact same order as the corresponding ACs appeared in the proxy certificate, and containing the information present in that AC. \subsection{workvo, volen} \begin{compatibility} This fields is obsolete in the current version. Expect \verb|workvo| to be set to \verb|NULL| and \verb|volen| to be set to 0. \end{compatibility} \subsection{extra\_data, extralen} This field contains additional data that has been added by the user via to the proxy via the \verb|-include| command option. Extralen represents the length of that data. \subsection{cdir, vdir} This fields contain the paths, respectively, of the CA certificates and of the VOMS servers certificates. \section{Functions} \subsection{Generalities} Most of these functions share two parameters, \verb|struct vomsdata *vd|, and \verb|int *error|. To avoid repetition, these two parameters are described here. \parameter{error}{This field contains the error code returned by one of the methods. Please note that the value of this field is only significant if the \emph{last} method called returns an error value. Also, the value of this field is subject to change without notice during method executions, regardless of whether an error effectively occurred. The possible values returned are: VERR\_NONE, VERR\_NOSOCKET, VERR\_NOIDENT, VERR\_COMM, VERR\_PARAM, VERR\_NOEXT, VERR\_NOINIT, VERR\_TIME, VERR\_IDCHECK, VERR\_EXTRAINFO, VERR\_FORMAT, VERR\_NODATA, VERR\_PARSE, VERR\_DIR, VERR\_SIGN, VERR\_SERVER, VERR\_MEM, VERR\_VERIFY, VERR\_TYPE, VERR\_ORDER, VERR\_SERVERCODE In general, a first idea of what each code means can be gleaned from the code name, but in any case every method description will document which errors its execution may generate and on which conditions.} \parameter{vd}{This parameter is a pointer to the vomsdata structure that should be used by the function for both configuration and data retrieval and also for data storage.} \subsection{struct contactdata **VOMS\_FindByAlias(struct vomsdata *vd, char *alias, char *system, char *user, int *error)} \begin{lstlisting}{} struct contactdata { /*!< You must never allocate directly this structure. Its sizeof() is subject to change without notice. The only supported way to obtain it is via the VOMS_FindBy* functions. */ char *nick; /*!< The alias of the server */ char *host; /*!< The hostname of the server */ char *contact; /*!< The subject of the server's certificate */ char *vo; /*!< The VO served by this server */ int port; /*!< The port on which the server is listening */ char *reserved; /*!< HANDS OFF! */ int version; /*!< The version of Globus on which this server runs. */ }; \end{lstlisting} This function looks in the vomses files installed in both the system-wide and user-specific directories for servers that have been registered with a particular alias. \parameter{alias}{The alias that will be searched for. The search will be case sensitive.} \parameter{system}{The directory where the system-wide files are located. If empty then its default is \verb|\$PREFIX/etc/vomses|.} \parameter{user}{The directory where the user-specific files are stored. If empty its defaul is \verb|$VOMS_USERCONF|. If this is also empty, then the default becomse \verb|$HOME/.edg/vomses|.} \return The return value is a NULL-terminated vector containing the data (in \verb|contactdata| format) of all the servers known by the system that go by the specified alias. This may be NULL if there was an error or no server was found registered with the specified alias. The errors that you may find are: \bigskip\begin{tabular}{lp{3in}} VERR\_MEM & Not enough memory.\\ VERR\_DIR & There were some problems while traversing the directory.\\ VERR\_NONE & No error occurred. Simply, no servers were found.\\ \end{tabular} \subsection{struct contactdata **VOMS\_FindByVO(struct vomsdata *vd, char *vo, char *system, char *user, int *error)} This function looks in the vomses files installed in both the system-wide and user-specific directories for servers that have been registered as serving a particular alias. \parameter{vo}{The alias that will be searched for. The search will be case sensitive.} \parameter{system}{The directory where the system-wide files are located. If this field is NULL then the default of \verb|\$PREFIX/etc/vomses| is used.} \parameter{user}{The directory where the user-specific files are stored. If this field is NULL, then the default of \verb|\$VOMS_USERCONF| is used. If this is also empty, then the default becomse \verb|$HOME/.edg/vomses|.} \return The return value is a NULL-terminated vector containing the data (in \verb|contactdata| format) of all the servers known by the system that go by the specified VO. This may be NULL if there was an error or no server was found registered with the specified VO. The errors that you may find are: \bigskip\begin{tabular}{lp{3in}} VERR\_MEM & Not enough memory.\\ VERR\_DIR & There were some problems while traversing the directory.\\ VERR\_NONE & No error occurred. Simply, no servers were found.\\ \end{tabular} \subsection{void VOMS\_DeleteContacts(struct contactdata **list)} This function deletes a vector of server data returned by either the \verb|VOMS_FindByAlias{}| or the \verb|VOMS_FindByVO()| functions. This is the only supported way to deallocate the vector. Any other attempt will result in undefined behaviour. It is although possible to deallocate only part of a vector. See the following code for an example. \begin{lstlisting}{} /* * Supposing that v is a vector returned by one of the VOMS_FindBy*() * functions. Also suppose that n is the vector's size (including the * NULL ending element). * * The following snippet will delete just the first member. */ struct contactdata *dummy[2]; dummy[1] = NULL; dummy[0] = v[0]; v[0] = v[n-1]; v[n-1] = NULL; VOMS_DeleteContacts(dummy); \end{lstlisting} \ \parameter{list}{The data to be deleted.} \return None. \subsection{struct vomsdata *VOMS\_Init(char *voms, char *cert)} This function allocates and initializes a \verb|vomsdata| structure. This is the only way to do so. Trying to allocate a \verb|vomsdata| structure by any other way will trigger undefined behaviour, since the structure that is published is only a small part of the real one. \parameter{voms}{The directory that contains the certificates of the VOMS servers. If this value is NULL, then \verb|\$X509_VOMS_DIR| is considered. If this is also empty than its default is \verb|/etc/grid-security/vomsdir|.} \parameter{cert}{The directory that contains the certificates of the CAs recognized by the server. If this value is NULL, then \verb|\$X509_CERT_DIR| is considered. If this is also empty than its default is \verb|/etc/grid-security/certificates|.} \return A pointer to a properly initialized \verb|vomsdata| structure, or NULL if something went wrong. This is the only case in which an error code would no be associated to the function. The default values are strongly suggested. If you want to hardcode specific ones, think very hard about the less of configurability that it would entail. \subsection{struct voms *VOMS\_Copy(struct voms *, int *error)} This function duplicates an existing \verb|voms| structure. It is the only way to do so. \parameter{voms}{The voms structure that you wish to be duplicated.} \result A pointer to a voms structure that duplicates the content of the one you passed, or NULL if something went wrong. \errors \bigskip\begin{tabular}{lp{3in}} VERR\_MEM & Not enough memory.\\ \end{tabular} \subsection{struct vomsdata *VOMS\_CopyAll(struct vomsdata *vd, int *error)} This function duplicates an existing \verb|vomsdata| structure. It is the ONLY supported way to do so. \result A pointer to a voms structure that duplicates the content of the one you passed, or NULL if something went wrong. \errors \bigskip\begin{tabular}{lp{3in}} VERR\_MEM & Not enough memory.\\ \end{tabular} \subsection{void VOMS\_Delete(strcut voms *v)} This functions deletes an existing \verb|voms| structure. It is the ONLY supported way to do so. \parameter{v}{A pointer to the \verb|voms| structure to delete. It is safe to call this structure with a NULL pointer.} \result None. \subsection{int VOMS\_AddTarget(struct vomsdaa *vd, char *target, int *error)} This function adds a target to the target list for the AC that will be generated by a server when it will be contacted by the \verb|VOMS_Contact*()| function. \parameter{target}{The target to add. It should be a Fully Qualified Domain Name.} \result \begin{description} \item[0] If something went wrong. \item[$<>$0] Otherwise. \end{description} \errors \bigskip\begin{tabular}{lp{3in}} VERR\_NOINIT & The \verb|vomsdata| structure was not properly initialized.\\ VERR\_PARAM & The \verb|target| parameter was NULL.\\ VERR\_MEM & There was not enough memory.\\ \end{tabular} \subsection{void VOMS\_FreeTargets(struct vomsdata *vd , int *error)} This function resets the list of targets. It always succeeds. It is also safe to call this function when targets have been set. \subsection{char *VOMS\_ListTargets(struct vomsdata *vd, int *error)} This function returns a comma separated string containing all the targets that have been set by the \verb|VOMS_AddTarget()| function. The caller is the owner of the returned string, and is responsible for calling \verb|free()| over it when he no longer needs it. \result A string with the result, or NULL. \bigskip\begin{tabular}{lp{3in}} VERR\_NOINIT & The \verb|vomsdata| structure was not properly initialized.\\ VERR\_MEM & There was not enough memory.\\ \end{tabular} \subsection{int VOMS\_SetVerificationType(int type, struct vomsdata *vd, int *error)} This function sets the type of AC verification done by the \verb|VOMS_Retrieve()| and \verb|Contact()| functions. The choices are detailed in the \verb|verify\_type| type. \begin{lstlisting}{} #define VERIFY_FULL 0xffffffff #define VERIFY_NONE 0x00000000 #define VERIFY_DATE 0x00000001 #define VERIFY_NOTARGET 0x00000002 #define VERIFY_KEY 0x00000004 #define VERIFY_SIGN 0x00000008 #define VERIFY_ORDER 0x00000010 #define VERIFY_ID 0x00000020 \end{lstlisting} The meaning of these types is the following: \begin{description} \item[VERIFY\_DATE] This flag verifies that the current date is within the limits specified by the AC itself. \item[VERIFY\_TARGET] This flag verifies that the AC is being evaluated in a machine that is included in the target extension of the AC itself. \item[VERIFY\_KEY] This flag is for a future extension and is unused at the moment. \item[VERIFY\_SIGN] This flag verifies that the signature of the AC is correct. \item[VERIFY\_ORDER] This flag verifies that the attributes present in the AC are in the exact order that was requested. Please note that this can ONLY be done when examining an AC right after generation with the Contact() function. This flag is meaningless in all other cases. \item[VERIFY\_ID] This flag verifies that the holder information present in the AC is consistent with: \begin{enumerate} \item The enveloping user proxy in case the AC was contained in one. \item The user's own certificate in case the AC was received without an enclosing proxy. \end{enumerate} \item[VERIFY\_FULL] This flag implies all other verifications. \item[VERIFY\_NONE] This flag disables all verifications. \end{description} These flags can be combined by OR-ing them together. However, if VERIFY\_NONE is OR-ed to any other flag, it can be dismissed, while if VERIFY\_FULL is OR-ed to any other flag, all other flags ca be dismissed. If this function is not explicitly called by the user, a VERIFY\_FULL flag is considered to be in effect. \result \begin{description} \item[0] If there is an error. \item[$<>$ 0] otherwise. \end{description} \bigskip\begin{tabular}{lp{3in}} VERR\_NOINIT & The \verb|vomsdata| structure was not properly initialized.\\ \end{tabular} \subsection{int VOMS\_SetLifetime(int length, struct vomsdata *vd, int *error)} This funxtion sets the requested lifetime for ACs that would be generated as the result of a \verb|VOMS_Contact()| or \verb|VOMS_ContactRaw()}| request. Note however that this is only an hint sent to the server, since it can lower it at will if the requested length is against server policy. \parameter{length}{The lifetime requested, measured in seconds.} \result \begin{description} \item[0] If there is an error. \item[$<>$ 0] otherwise. \end{description} \bigskip\begin{tabular}{lp{3in}} VERR\_NOINIT & The \verb|vomsdata| structure was not properly initialized.\\ \end{tabular} \subsection{void VOMS\_Destroy(struct vomsdata *vd)} This function destroys an allocated \verb|vomsdata| structure. It is the ONLY supported way to do so. It is also safe to pass a NULL pointer to it. \result None. \subsection{int VOMS\_Ordering(char *order, struct vomsdata *vd, int *error)} This function is used to request a specific ordering of the attributes present in an AC returned by the \verb|VOMS_Contact()| or by the \verb|VOMS_ContactRaw()| functions. This function can be called several times, each time specifying a new attribute. The attributes in th AC created by the server will be in the same order as the calls to this function, ignoring attributes specified by this function that the server does not wish to grant. Attributes not explicitly specified in this list will be inserted, in an unspecified order, after all the others. Never calling this function means that the corresponding list will be empty, and as a consequence all the attributes will be in an unspecified ordering. \parameter{order}{The name of an attribute, in the $<$group$>$[:$<$role$>$:} format. \begin{compatibility} This is the only point where the FQAN format is not yet fully supported. Expect this to change in future revisions. \end{compatibility} \result \begin{description} \item[0] If there is an error. \item[$<>$ 0] otherwise. \end{description} \errors \bigskip\begin{tabular}{lp{3in}} VERR\_NOINIT & The \verb|vomsdata| structure was not properly initialized.\\ VERR\_PARAM & The \verb|order| parameter is NULL.\\ VERR\_MEM & There is not enough memory.\\ \end{tabular} \subsection{int VOMS\_ResetOrder(struct vomsdata *cd, int *error)} This function resets the attribute ordering set by the \verb|VOMS_Ordering| function. \result \begin{description} \item[0] If there is an error. \item[$<>$ 0] otherwise. \end{description} \bigskip\begin{tabular}{lp{3in}} VERR\_NOINIT & The \verb|vomsdata| structure was not properly initialized.\\ \end{tabular} \subsection{int VOMS\_Contact(char *hostname, int port, char *servsubject, char *command, struct vomsdata *vd, int *error)} This function is used to contact a VOMS server to receive an AC containing the calling user's authorization information. A prerequisite to calling this function is the existance of a valid proxy for the user himself. This function does not create such a proxy, which then must already exist. Also, the parameters needed to call this function should have been obtained by calling one of \verb|FindByAlias()| or \verb|FindByVO()|. \parameter{hostname}{This is the hostname of the machine hosting the server.} \parameter{port}{This is the port number on which the server is listening.} \parameter{servsubject}{This is the subject of the VOMS server' certificate. This is needed for the mutual authentication.} \parameter{command}{This is the command to be sent to the server. For more info about it, consult the \verb|voms-proxy-init()| manual.} \result \begin{description} \item[0] If there is an error. \item[$<>$0] otherwise. Furthermore, the data returned by the server has been parsed and added to the \verb|vomsdata| structure. \end{description} \errors \bigskip\begin{tabular}{lp{3in}} VERR\_NOINIT & If the vomsdata structure was not properly initialized.\\ VERR\_NOSOCKET & If it was impossible to contact the server.\\ VERR\_MEM & If there was not enough memory.\\ VERR\_IDCHECK & If a proxy certificate was not found or the data returned by the server did not contain identifying information.\\ VERR\_FORMAT & If there was an error in the format of the data received.\\ VERR\_NODATA & If no data was receied at all. (Usually as a consequence of either a server error or not being recognized by the server as a valid user.)\\ VERR\_ORDER & If the attribute that the client requested, via the \verb|VOMS_Ordering()| function, to be first in the list of attributes received is not first in the attributes returned by the server. This particular code means that the data has been correctly interpreted and is available in the vomsdata structure if you want to use it.\\ VERR\_SERVERCODE & Some strange error occured in the server.\\ \end{tabular} \subsection{int VOMS\_ContactRaw(char *hostname, int port, char *servsubject, char *command, void **data, int *datalen, int *version, struct vomsdata *vd, int *error)} This function, like \verb|VOMS_Contact()| can be used to contact a server and receive Authorization info from it. The difference between the two functions is that this version does not interpret the raw data, but on the contrary returns it to the caller. This function has all the same prerequisites as \verb|VOMS_Contact()|. \parameter{hostname}{This is the hostname of the machine hosting the server.} \parameter{port}{This is the port number on which the server is listening.} \parameter{servsubject}{This is the subject of the VOMS server' certificate. This is needed for the mutual authentication.} \parameter{command}{This is the command to be sent to the server. For more info about it, consult the \verb|voms-proxy-init()| manual.} \parameter{data}{A pointer to a pointer to an area of memory where the data returned from the server is stored. It is the caller's responsibility to \verb|free()| this memory when it is no longer useful.} \parameter{datalen}{The length of the data returned.} \parameter{version}{The version of the AC returned. Note that this is a \emph{minimum} version, it only guarantees that the data is \emph{at least} in that version of the format.} \result \begin{description} \item[0] If there is an error. \item[$<>$0] otherwise. Furthermore, the data returned by the server has been parsed and added to the \verb|vomsdata| structure. \end{description} \errors \bigskip\begin{tabular}{lp{3in}} VERR\_NOINIT & If the vomsdata structure was not properly initialized.\\ VERR\_NOSOCKET & If it was impossible to contact the server.\\ VERR\_MEM & If there was not enough memory.\\ VERR\_IDCHECK & If a proxy certificate was not found or the data returned by the server did not contain identifying information.\\ VERR\_FORMAT & If there was an error in the format of the data received.\\ VERR\_NODATA & If no data was receied at all. (Usually as a consequence of either a server error or not being recognized by the server as a valid user.)\\ VERR\_ORDER & If the attribute that the client requested, via the \verb|VOMS_Ordering()| function, to be first in the list of attributes received is not first in the attributes returned by the server. This particular code means that the data has been correctly interpreted and is available in the vomsdata structure if you want to use it.\\ VERR\_SERVERCODE & Some strange error occured in the server.\\ \end{tabular} \subsection{int VOMS\_Retrieve(X509 *cert, STACK\_OF(X509) *chain, int how, struct vomsdata *vd, int *error)} This function is used to extract from a proxy certificate the VOMS-specific extension, to parse them and to insert the results into the \verb|vomsdata| structure. \parameter{cert}{This is the certificate that contains the VOMS information. No checks are done on the validity of this certifiate, that is supposed to have already been verified by some other means.} \parameter{chain}{This is the chain of certificates that signed the \verb|cert| certificate. This pointer may be null, but see the next parameter.} \parameter{how}{This parameter indicates how the search for the VOMS info will be performed. If \verb|RECURSE_CHAIN| then the information is searched first into the \verb|cert| and then, if it was not found, in the walking the \verb|chain|, from the certificates to the CA. If \verb|RECURSE_NONE| is specified, then the information is only searched in the \verb|cert|. In case the first value is specified, then the searches stop as soon as the info is found, ignoring further extension that may be found down the chain.} \result \begin{description} \item[0] If there is an error. \item[$<>$0] otherwise. Furthermore, the data returned by the server has been parsed and added to the \verb|vomsdata| structure. \end{description} \errors \bigskip\begin{tabular}{lp{3in}} VERR\_NOINIT & If the vomsdata structure was not properly initialized.\\ VERR\_PARAM & If there is something wrong with one of the parameters.\\ VERR\_MEM & If there was not enough memory.\\ VERR\_IDCHECK & If a proxy certificate was not found or the data returned by the server did not contain identifying information.\\ VERR\_FORMAT & If there was an error in the format of the data received.\\ VERR\_NOEXT & If the extension was not found.\\ \end{tabular} \subsection{int VOMS\_Import(char *buffer, int buflen, struct vomsdata *vd, int *error)} This function is used to add a string created with \verb|VOMS_Export()| back into the vomsdata structure. \parameter{buffer}{A pointer to the string.} \parameter{buflen}{The length of the string.} \result \begin{description} \item[0] If there is an error. \item[$<>$0] otherwise. Furthermore, the data returned by the server has been parsed and added to the \verb|vomsdata| structure. \end{description} \errors \bigskip\begin{tabular}{lp{3in}} VERR\_NOINIT & If the vomsdata structure was not properly initialized.\\ VERR\_FORMAT & If there was an error in the format of the data received.\\ VERR\_PARAM & If there is something wrong with one of the parameters.\\ VERR\_MEM & If there was not enough memory.\\ VERR\_IDCHECK & If a proxy certificate was not found or the data returned by the server did not contain identifying information.\\ VERR\_SERVER & The VOMS server was unidentifiable.\\ VERR\_PARSE & There has been some problem in parsing the AC or blob.\\ VERR\_SIGN & It was not possible to verify the signature.\\ VERR\_SERVER & It was not possible to properly identify the Attribute Issuer.\\ VERR\_TIME & The check on the validity dates failed.\\ \end{tabular} \subsection{int VOMS\_Export(char **buffer, int *buflen, struct vomsdata *vd, int *error)} This function will take the current \verb|vomsdata| structure and encode it in a string that can then be exported. \parameter{buffer}{A pointer to an area of memory that will be allocated and filled by the function. It is the caller's responsibility to \verb|free()| this memory. It is possible that this pointer will be set to NULL, in case the \verb|vomsdata| structure is empty.} \parameter{buflen}{The size of the data pointed by \verb|buffer|.} \result \begin{description} \item[0] If there is an error. \item[$<>$0] otherwise. Furthermore, the data returned by the server has been parsed and added to the \verb|vomsdata| structure. \end{description} \errors \bigskip\begin{tabular}{lp{3in}} VERR\_PARAM & If there is something wrong with one of the parameters.\\ VERR\_MEM & If there was not enough memory.\\ \end{tabular} \subsection{struct voms *VOMS\_DefaultData(struct vomsdata *vd, int *error)} This function returns the default attributes from a vomsdata class. \result \begin{description} \item[NULL] There has been an error or the \verb|vomsdata| structure was empty. \item[$<>$NULL] There is some data. \end{description} \errors \bigskip\begin{tabular}{lp{3in}} VERR\_NOINIT & The \verb|vomsdata| structure was not properly initialized.\\ VERR\_NONE & The \verb|vomsdata| structure was empty.\\ \end{tabular} \subsection{char *VOMS\_ErrorMessage(struct vomsdata *vd, int error, char *buffer, int len)} This function gives a textual description of the \emph{last} encountered error. \parameter{error}{The error returned by the previous function.} \parameter{buffer}{A pointer to a buffer that will hold the error message. If this is NULL, then it will be allocated by the function (and must be released by the caller).} \parameter{len}{The length of the buffer pointed to by the previous parameter.} \result \begin{description} \item[NULL] The buffer passed was not long enough, or there is not enough memory to allocate a buffer or the vomsdata structure was improperly initialized. \item[$<>$NULL] A pointer to a buffer containig the error message. If \emph{buffer} was not null, then this is \emph{buffer}, else it is a newly allocated chunk of memory that should be free()ed by the caller. \end{description} \errors \bigskip\begin{tabular}{lp{3in}} VERR\_NOPARAM & The \verb|vomsdata| structure was not properly initialized.\\ \end{tabular} \subsection{int VOMS\_RetrieveEXT(X509\_EXTENSION *ext, struct vomsdata *vd, int *error)} This function retrieves VOMS information from the given extension. Due to the lack of a holder certificate, all checks regarding holder information will be skipped. \parameter{ext}{The extension to parse.} \result \begin{description} \item[0] If there is an error. \item[$<>$0] otherwise. Furthermore, the data returned by the server has been parsed and added to the \verb|vomsdata| structure. \end{description} \errors Check the description of the the VOMS\_Retrieve() function for a description of the errors. \subsection{int VOMS\_RetrieveFromCtx(gss\_ctx\_id\_t ctx, int how, struct vomsdata *vd, int *error)} This function retrieves VOMS information from the given Globus context. \parameter{ctx}{The context from which to retrieve the certificate to parse.} \parameter{how}{This parameter indicates how the search for the VOMS info will be performed. If \verb|RECURSE_CHAIN| then the information is searched first into the \verb|cert| and then, if it was not found, in the walking the \verb|chain|, from the certificates to the CA. If \verb|RECURSE_NONE| is specified, then the information is only searched in the \verb|cert|. In case the first value is specified, then the searches stop as soon as the info is found, ignoring further extension that may be found down the chain.} \result \begin{description} \item[0] If there is an error. \item[$<>$0] otherwise. Furthermore, the data returned by the server has been parsed and added to the \verb|vomsdata| structure. \end{description} \errors Check the description of the the VOMS\_Retrieve() function for a description of the errors. \subsection{int VOMS\_RetrieveFromCred(gss\_cred\_id\_t cred, int how, struct vomsdata *vd, int *error)} This function retrieves VOMS information from the given Globus credential. \parameter{cred}{The credential from which to retrieve the certificate to parse.} \parameter{how}{This parameter indicates how the search for the VOMS info will be performed. If \verb|RECURSE_CHAIN| then the information is searched first into the \verb|cert| and then, if it was not found, in the walking the \verb|chain|, from the certificates to the CA. If \verb|RECURSE_NONE| is specified, then the information is only searched in the \verb|cert|. In case the first value is specified, then the searches stop as soon as the info is found, ignoring further extension that may be found down the chain.} \result \begin{description} \item[0] If there is an error. \item[$<>$0] otherwise. Furthermore, the data returned by the server has been parsed and added to the \verb|vomsdata| structure. \end{description} \errors Check the description of the the VOMS\_Retrieve() function for a description of the errors. \subsection{int VOMS\_RetrieveFromProxy(int how, struct vomsdata *vd, int *error)} This function retrieves VOMS information from an existing Globus proxy certificate. \parameter{how}{This parameter indicates how the search for the VOMS info will be performed. If \verb|RECURSE_CHAIN| then the information is searched first into the \verb|cert| and then, if it was not found, in the walking the \verb|chain|, from the certificates to the CA. If \verb|RECURSE_NONE| is specified, then the information is only searched in the \verb|cert|. In case the first value is specified, then the searches stop as soon as the info is found, ignoring further extension that may be found down the chain.} \result \begin{description} \item[0] If there is an error. \item[$<>$0] otherwise. Furthermore, the data returned by the server has been parsed and added to the \verb|vomsdata| structure. \end{description} \errors Check the description of the the VOMS\_Retrieve() function for a description of the errors. \end{document} voms-2.1.2/doc/certificate.txt000066400000000000000000000040651477131364200163050ustar00rootroot00000000000000This document describes the structure of the extensions added by the voms system to the user proxy. Extension 1: Name: Voms Reason: Return Voms information OID: 1.3.6.1.4.1.8005.100.100.1 Structure: SIGLEN: n -- length of the voms signature in bytes. SIGNATURE: s -- voms signature USER: s -- DN of the user's certificate UCA: s -- DN of the CA who issued the user's certificate SERVER: s -- DN of the server's certificate SCA: s -- DN of the CA who issued the server's certificate VO: s -- The name of the VO to which the server belongs TIME1: t -- The start of the validity of this information TIME1: t -- The end of the validity of this information DATALEN: n -- The length of the data returned DATA -- The returned data A few notes. 1. n means a string representation of a number, s stands for a string, and finally t stands for a ASN1 representation of time. 2. All the values are terminated by a newline character, with the exception of the SIGNATURE: field. 3. The DATA, TIME1 and TIME2 fields do not have the contain only the data, without the name of the field. Now for the data returned: If one of the standard queries is made (e.g. not the 'S' ones) the the data returned is a set of triples with the following syntax: GROUP: s ROLE: s CAP: s Otherwise, if a 'S' query is made, the data returned is composed by a set of lines with the following structure: : In case more than a single Voms server is contacted, there may be multiple copies of the whole structure, starting from the SIGLEN header right to the end of the returned data. Extension 2: Name: IncFile Reason: Let the user include a specific file into his proxy certificate OID: 1.3.6.1.4.1.8005.100.100.2 Structure: A sequence of bytes. Note that the contents of this field are not the result of a voms request, but do instead contain data specified by the user. The reason for the introduction of this extension was to let a user include important data into its proxy certifiate like, for example, a kerberos ticket. voms-2.1.2/doc/license.sgml000066400000000000000000000014601477131364200155640ustar00rootroot00000000000000Copyright Copyright (c) Members of the EGEE Collaboration. 2004. See the beneficiaries list for details on the copyright holders. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. voms-2.1.2/doc/links.sgml000066400000000000000000000004331477131364200152610ustar00rootroot00000000000000EDT Auth Home page CVSweb RPM repository voms-2.1.2/doc/manpage.links000066400000000000000000000000001477131364200157150ustar00rootroot00000000000000voms-2.1.2/doc/software.tex000066400000000000000000001126701477131364200156400ustar00rootroot00000000000000\documentclass[a4paper]{book} \usepackage{color} \usepackage{longtable} \begin{document} \begin{titlepage} \title{The VOMS Software Suite:\\ An Installation and User's Guide} \author{Vincenzo Ciaschini} \end{titlepage} \maketitle \tableofcontents \newpage \chapter{Generalities} \section{Getting the software} Voms can be downloaded from the authoritative infnforge CVS at http://infnforge.cnaf.infn.it, or the EGEE copy at http://jra1mw.cvs.cern.ch:8180/cgi-bin/jra1mw.cgi/org.glite.security.voms You can get the nightly rpms at http://glite.web.cern.ch/glite/packages/. You may skip the next chapter if you downloaded the RPM version. \section{Compiling the source} After having downloaded and installed the source, go to the \texttt{voms/} subdirectory and run \texttt{./configure}. Apart from the usual standard options, there are four extra ones you may be interested into: \begin{description} \item[] \textbf{--enable-docs=[yes/no]} --- This option, enabled by default, specifies whether the documentation should or should not be generated. \item[] \textbf{--with-debug} --- This option, disabled by default, specifies that the source should be compiled with debug options, e.g. without optimizations and with the symbol table included. It is not advised to use a version compiled with this switch for production. \item[] \textbf{--with-globus-flavor=$<$flavor$>$} --- This option compiles the code against the specified flavor of Globus. Please note that this means that the specified flavor should be installed on the compiling machine. The default is \verb|gcc32dbg|. \item[] \textbf{--with-globus=$<$dir$>$} --- This option specifies the path under which the Globus toolkit has been installed. The default value is \verb|/opt/globus|. \end{description} After that, a simple \verb|make| is more than enough to compile the sources. \section{Installation} To install the software you may execute the commands %\verb|make install-client| to install the clients, %\verb|make install-server| to install the servers, and %\verb|make install-api| to install the API. Alternatively, a simple \verb|make install| will install all the components of the software. \section{Compatibility} With version 1.6.0 and onwards, compatibility with VOMS version 1.1.x and previous version is now dropped. This means that servers that are not capable of generating ACs are now unsupported. \chapter{voms} \section{Configuration} To complete configuration of \verb|voms|, you are supposed to execute the \newline\verb|voms_install_db| command. It takes the following options: \begin{longtable}{lp{3in}} \textbf{--mysql-home} & This option lets you specify the home directory of mysql. This information is usually included in the \$MYSQL\_HOME environment variable, and if that is the case on your machine then you do not need to specify this option.\\ \textbf{--db} & This is the name of the database that will contain the information about the VO. Its default name is ``voms'', and you need to specify this information if and only if you are installing multiple servers on the same machine. Otherwise the default is perfectly fine.\\ \textbf{--port} & This is the port number where the VOMS server will be listening. There is no default value for this option, although 15000 is the recommended choice for the first server installed on a host, and additional servers may use 15001, 15002, etc\ldots\\ \textbf{--voms-vo} & This is the name of the VO to which the VOMS server belongs. There is no default. For this reason, this option must be \emph{always} specified.\\ \textbf{--db-admin} & This is the name of the DB user which will create the tables. It is needed because the script needs to create a new DB and a new user. Its default value is ``root'', which is the standard on the default MySQL installation.\\ \textbf{--db-pwd} & This is the password of the DB account specified by the previous option. Its default value is ``'', meaning that there is no password. This is \emph{not} advisable. The root account of a DB server hosting a VOMS DB \emph{must} be protected by a password.\\ \textbf{--voms-name} & This is the username of the voms MySQL account that will be setup to access the newly created DB. Its default value is ``voms\_[VONAME]'', and it is perfectly fine if you are installing a single server. If you are installing further servers on the same machine, you \emph{MUST} change this name to some other value.\\ \textbf{--voms-pwd} & This is the password associated with the \emph{voms-name} account. If not specified, a random password is created. You should always specify a new value.\\ \textbf{--code} & This is a unique code for each server installed on the same host. It is a value between 0 and 65535, and its default is the value of \textbf{--port}.\\ \textbf{--db-type} & This specifies the type of db that will be used by the server. Currently accepted values are \emph{mysql} and \emph{oracle}. There is no default for this option.\\ \textbf{--sqlloc} & This specifies the full path to the DB interface library. Again, there is no default for this option.\\ \textbf{--compat} & This option must be specified if you plan to use voms 1.5.x on a MySQL backend with an old version of voms-admin. It requires --db-type to be \emph{mysql}.\\ \textbf{--newformat} & This forces the server to generate ACs in the new (correct) format. This is meant as a compatibility feature to ease migration while the servers upgrade to the new version.\\ \end{longtable} A couple example invocations follows: for the first VO. voms-install-db --port 15000 --vo-name my-vo --mysql-pwd 'some' --voms-pwd 'thing' for a second VO on the same host. voms-install-db --db new-vo --port 15001 --vo-name new-vo --mysql-pwd 'some' --voms-name 'voms2' --voms-pwd 'thing' --code 1 The server also needs to have an host certificate installed. Obtain it from your CA using the CA-specific procedures, and then copy the certificate in \verb|/etc/grid-security/hostcert.pem| and the private key to \verb|/etx/grid-security/hostkey.pem|. The owners should be set to root.root for both files, and permission should be, respectively, 644 and 600 or, better, 444 and 400. \section{Server options} Installing the server using the above described procedure should correctly create a set of configuration files that will execute it with the proper options. However, there are many other options that are not used by the default configuration script. The following lines will so describe the totality of the options. \begin{longtable}{lp{2.9in}} \textbf{--port} & The port number on which the server should be listening. The default value is 50000\\ \textbf{--vo} & The name of the VO to which this server will belong. The default value is ``unspecified''.\\ \textbf{--logfile} & The location of the log file. The default location is ``\$PREFIX/var/log/voms.$<$voname$>$''\\ \textbf{--globusid} & The value of the GLOBUSID environment variable. There is no default value.\\ \textbf{--globuspwd} & The value of the GLOBUSPWD environment variable. There is no default value\\ \textbf{--x509\_cert\_dir} & The location where the CA certificates are kept. The default value is /etc/grid-security/certificates\\ \textbf{--x509\_cert\_file} & A file containing all the CA certificates. There is no default value.\\ \textbf{--x509\_user\_proxy} & The location of the server's proxy. There is no default value.\\ \textbf{--x509\_user\_cert} & The location of the server's certificate. The default value is ``/etc/grid-security/hostcert.pem''\\ \textbf{--x509\_user\_key} & The location of the server's private key. The default value is ``/etc/grid-security/hostkey.pem''\\ \textbf{--desired\_name} & OBSOLETE. This option will be removed in the future. Do \emph{not} use it.\\ \textbf{--foreground} & OBSOLETE. This option will be removed in the future. Do \emph{not} use it.\\ \textbf{--username} & The name of the user with which VOMS will access the DB. The default value is ``voms''\\ \textbf{--dbname} & The name of the DB that VOMS will use. The default value is ``voms''.\\ \textbf{--timeout} & The maximum length of validity of the ACs that VOMS will grant. (in seconds) The default value is 24 hours\\ \textbf{--passfile} & The location of the file containing the password needed to access the DB. This file should be owned by root and have permissions set to 400. There is no default value. If this option is not specified, than the password will be asked to the user during server startup.\\ \textbf{--uri} & The URI that the server will publish for himself. The default value is $<$hostname$>$:$<$port$>$.\\ \textbf{--globus} & The version of Globus installed on the server's host. Use 20 for Globus 2.0 or Globus 2.1, and 22 for Globus 2.2 and Globus 2.4. The default value is 22.\\ \textbf{--version} & Prints the version number and compilation date and then exits.\\ \textbf{--backlog} & Sets the backlog on the socket. The default value is 50.\\ %\end{longtable} %\begin{longtable}{lp{3in}} \textbf{--conf} & Lets you specify a file from which options will be loaded. This file should have exactly one option per line, and option that do have values should be specified in the format ``option=value''.\\ \textbf{--code} & This is a unique numeric code, between 0 and 65535, used to identify different servers installed on the same machine. Its default value is the value of \textbf{--port}.\\ \textbf{--logtype} & Chooses the type of messages that will be logged. Possible values for this option are: \begin{description} \item[1] \emph{STARTUP} --- Messages during the startup phase. \item[2] \emph{REQUEST} --- Messages during the request processing phase. \item[4] \emph{RESULT} --- Messages during the result processing and sending phase. \end{description} The different possible values may be ORed together. The default value is 255.\\ \textbf{--loglevel} & Sets the level of verbosity on log messages. Its possible values are: \begin{description} \item[1] \emph{LEV\_NONE} --- Does not log anything. \item[2] \emph{LEV\_ERROR} --- Only log error messages. \item[3] \emph{LEV\_WARN} --- Also logs warning messages. \item[4] \emph{LEV\_INFO} --- Also logs informational messages. \item[5] \emph{LEV\_DEBUG} --- Also logs debug messages. This also sets the \emph{-logtype} options to 255. \end{description} Higher levels of verbosity include all messages from the lower levels. The default value for this option is 2 (\emph{LEV\_ERROR}), also any value higher than 5 is treated as 5 (\emph{LEV\_DEBUG})\\ \textbf{--logformat} & This option sets the format for the log messages. Its default value is ``\%d:\%h:\%s(\%p):\%V:\%T:\%F (\%f:\%l):\%m''. Details on the syntax will be given in the \emph{LOG Format} section below.\\ \textbf{--logdateformat} & This option sets the format in which the date will be printed. It is the same format used by the \emph{strftime(3)} option, and its default value is ``\%c''.\\ \textbf{--debug} & Slightly modifies the internal workings of the server to ease debug. \emph{Never} use it on production servers. Use of this option is guaranteed to severely hurt scalability. This option also implies a \emph{--loglevel=5}.\\ \textbf{--sqlloc} & This is the fully qualified path of the DB access library. Please note that there is no default to this option.\\ \textbf{--socktimeout} & The maximum number of seconds that a server will wait on an inactive connection before dropping it.\\ \textbf{--maxlog} & The maximum size of a single lock file. Please note that this size is approximate and may be exceeded by a few thousand bytes. Whenever this amount is exceeded, log files are rotated. The default value is 10M.\\ \textbf{--newformat} & This forces the server to generate ACs in the new (correct) format. This is meant as a compatibility feature to ease migration while the servers upgrade to the new version.\\ \end{longtable} \section{LOG Format} The format used for logging can be specified by the user via a format string passed to the \emph{--logformat} option. This string has a format similar to that used by the printf-family function. All characters are copied into the output string unchanged, except for substitution sequences, which have the following format: \%[$<$ength$>$]$<$char$>$, where $<$length$>$ is optional and, if specified, express the maximum length of the text that will be substituted. Characters in excess will be silently truncated. $<$char$>$, on the other hand, selects the type of substitution desired, according to the following table: \begin{longtable}{lp{4in}} \textbf{\%} & Substitutes a plain \% character.\\ \textbf{d} & Substitutes the date. The date format is specified by the \emph{-logdateformat} option.\\ \textbf{f} & Substitutes the name of the file that logged the message.\\ \textbf{F} & Substitutes the name of the function that logged the message.\\ \textbf{h} & Substitutes the hostname of the machine hosting the service.\\ \textbf{l} & Substitutes the line number of the code that logged the message.\\ \textbf{m} & Substitutes the message proper.\\ \textbf{t} & Substitutes the number of the message type. (see \emph{-logtype})\\ \textbf{T} & Substitutes the name of the message type. (see \emph{-logtype})\\ \textbf{v} & Substitutes the number of the message level. (see \emph{-logtype})\\ \textbf{V} & Substitutes the name of the message level. (see \emph{-logtype})\\ \end{longtable} \chapter{voms-proxy-init} \section{Introduction} This command is used to contact the VOMS server and retrieve an AC containing user attributes that will be included in the proxy certificates. \section{Configuration} \subsection{The vomsdir directory} Since the attribute certificates that come with voms proxies include the signature of the issuing hosts, it becomes necessary for both the command line utilities and the APIs to have a way to access the issuing host's own certificate. For this reason, a directory, must be setup. Its default name is ``/etc/grid-security/vomsdir'', but this can be overridden by setting the X509\_VOMS\_DIR envirinment variable. For each VO supported on the host, a subdirectory must be created with the same name as the VO. In this subdirectory two kinds of files may be present. \begin{enumerate} \item \texttt{\*.lsc} files. These files contain data regarding the signing certificate, in the format: $<$DN$>$\newline $<$CA$>$\newline \ .\newline \ .\newline \ .\newline $<$DN$>$\newline $<$CA$>$\newline Where each couple DN,CA is the corresponding couple in the signing certificate's cert chain. The name of this file MUST be $<$voms host name$>$.lsc where $<$voms host name$>$ is the output of the \texttt{hostname} command in the VOMS server. Such files will be tested against the certificate chain included in the VOMS ac. Different certificate chains, for example during a certificate change procedure, may be included if they are divided by a line containig only ``------ NEXT CHAIN ------''. Blank lines, lines containing only white space chars, or white space at the end of a line are ignored. \item Otherwise you may have files containing the whole certificate chain of the host. There is no special requirement on the name, except that it must not end with '\texttt{.lsc}' \end{enumerate} Second, in ``\$PREFIX/etc/vomses'' You should put a copy of the \emph{vomses} file distributed by all the VOMS servers you wish to contact. This subtree will be recursed into to examine all pertinent files. The easier way to comply to both previous points is to install the VO config RPM that should be distributed by the VOMS servers themselves. This is all the configuration that should be done for the use of this command. \section{Invocation} The voms-proxy-init command can be invoked with the following options: \begin{longtable}{lp{3in}} \textbf{--voms} & Specifies which server to contact. The parameter has the following syntax: $<$alias$>$[:$<$command$>$] where $<$alias$>$ is the alias of the server as specified in the vomses files. If the same alias is associated to more than a single server, than those servers are considered replicas of each other, and are contacted in random order until one succeeds or all fail. The [:$<$command$>$] part is optional. If not specified then the information returned will include only group membership, while if you specify :/Role=$<$rolename$>$ then you will also get the role you asked for, provided that the server is already prepared to grant it to you. Finally, if you specify :/group/Role=$<$rolename$>$ as command, then you will get the role \emph{rolename} in the group \emph{/group} only, again granted that the server is prepared to grant you that role. This option can be specified multiple times, and the operations will be carried out in the exact order in which these options are specified in the command line.\\ \textbf{--version} & Prints version information and exits.\\ \textbf{--quiet} & Prints only minimal information. \emph{WARNING}: some vital warnings may get overlooked by this option.\\ \textbf{--verify} & Verifies the certificate from which to create the proxy. This is not normally done, since in any case, an invalid user certificate will be detected when the proxy is actually used.\\ \textbf{--pwstdin} & Specifies that the private key's passphrase should be received from stdin instead than directly from the console.\\ \textbf{--limited} & Creates a limited certificate.\\ \textbf{--hours} & Specifies the length of the validity of the generated proxy, measure in hours. The default value is 12 hours.\\ \textbf{--bits} & Specifies the length in bits of the private key of the newly generated proxy certificate. The default value is 512.\\ \textbf{--cert} & Specifies a non-standard location of the user's certificate. The default value is ``\$X509\_USER\_CERT'' or, if this value is unset, ``/\$HOME/.globus/usercert.pem''.\\ \textbf{--key} & Specifies a non-standard location of the user's private key. The default value is ``\$X509\_USER\_KEY'' or, if this value is unset, ``\$HOME/.globus/userkey.pem''.\\ \textbf{--certdir} & Specifies a non-standard location of the trusted cert (CA) directory. The default value is ``/etc/grid-security/certificates''.\\ \textbf{--out} & Specifies a non-standard location of the generated proxy certificate. The default value is ``\$X509\_USER\_PROXY'' or, if this is empty, ``/tmp/x509up\_u$<$id$>$'' where $<$id$>$ is the user's UID.\\ \textbf{--order} & This option specifies the order in which the attributes granted by the VOMS servers should be returned. The format of the parameter for this option is: $<$group[:role]$>$, where ``group'' is a group name and ``role'' is an (optional) role name. This option may be specified multiple times, to create an ordered list of attributes. Each server will receive this list, and will strive to return the attributes he will grant in the exact order specified by this list. All attributes not on this list will be returned in an unspecified order, but after the recognized attributes. Also, should this list include an attribute unknown to a specific server, such an attribute will be simply ignored. Finally, should a server be unable to grant the first attribute of the list, it will return a warning to the user. However, this warning will only be significant for the first server contacted.\\ \textbf{--target} & This option take advantage of the capability ACs have to target themselves to a specific set of receivers, so that only those receivers should, in conforming implementation, act on the data they get, while all others should reject it. This options lets you specify a set of FQHNs, each on a separate option, that will constitute the set of targets for the generated AC.\\ \textbf{--vomslife} & This option lets you specify the validity, in seconds, that you wish for the generated ACs. Remember that this value has only an advisory role. VOMS servers may lower this duration if the requested value exceeds the maximum they have been configured to grant. The default value of this option is ``the value of the --hours option.''\\ \textbf{--proxyver} & The version of proxy certificate that will be generated. May be 3 for new proxy certificate with critical Proxy Certificate Extension or 2 for old. When not specified the version is decided upon underlying globus version.\\ \textbf{--policy} & Specify the file containing the policy expression to put in the PCI extension. The default is an empty policy expression.\\ \textbf{--policy-language} & Specify the language in which the policy is expressed. Two generic language are defined: id-ppl-inheritAll (default choice with an empty policy expression, else invocated with IMPERSONATION\_PROXY or own OID), which indicates an unrestricted proxy that inherits all rights from the issuing PI, and id-ppl-independent (invocated with INDEPENDENT\_PROXY) which indicates an independent proxy that inherits no rights from the issuing PI. \\ \textbf{--path-length} & Specify the maximum depth of the path of proxy certificates that can be signed by this proxy certificate. A value of 0 means that this certificate must not be used to sign a proxy certificate. If not present means that unlimited proxy can be signed.\\ \textbf{--globus} & The version of Globus installed on the server's host. Use 20 for Globus 2.0 or Globus 2.1, and 22 for Globus 2.2 and Globus 2.4. The default value is 22.\\ \textbf{--noregen} & For its normal workings, voms-proxy-init first creates a proxy with which to contact the VOMS servers, and then creates a new proxy to hold all of the returned ACs. This option skips the creation of the first proxy, and assumes that such a proxy already exists.\\ \textbf{--separate} & This option save the ACs in a separate file, instead than including them into a proxy certificate.\\ \textbf{--ignorewarn} & Specify this if you do not want to allow warnings to be printed.\\ \textbf{--failonwarn} & Specify this if you want warnings to be upgraded into errors.\\ \textbf{--confile}, \textbf{--userconf}, \textbf{--vomses} & These options specify the location of the vomses files or directories. They should be either owned by the user, or by root. ``\$PREFIX/etc/vomses'' and ``\$HOME/.edg/vomses'' are added by default. The three options are synonyms, with one exception: --vomses may be specified any number of times..\\ \ & COMPATIBILITY NOTE: This behaviour differs from the behaviour of previous versions, where --confile was reserved for root-owned files, and --userconf was reserved for user-owned files. This modification is backwards compatible and should solve all the confusion problems. --userconf and --confile are now deprecated\\ \textbf{--conf} & Lets you specify a file from which options will be loaded. This file should have exactly one option per line, and option that do have values should be specified in the format ``option=value''.\\ \textbf{--debug} & This option prints a series of additional debug information on stdout. The additional output returned by this option should \emph{always} be included into bug reports for the voms-proxy-init command. User should not, however, ever rely on information printed by this options. Both content and format are guaranteed to change between software releases.\\ \textbf{--list} & Instead of producing an AC, this option prints on screen a list of all attributes available to the user.\\ \end{longtable} \chapter{voms-proxy-info} \section{Introduction} This command is used to print to the screen the information included in an already generated VOMS proxy. \section{Configuration} The same as voms-proxy-init. \section{Invocation} \begin{longtable}{lp{3in}} \textbf{--debug} & This option prints a series of additional debug information on stdout. The additional output returned by this option should \emph{always} be included into bug reports for the voms-proxy-info command. User should not, however, ever rely on information printed by this options. Both content and format are guaranteed to change between software releases.\\ \textbf{--version} & Prints version information and exits.\\ \textbf{--conf} & Lets you specify a file from which options will be loaded. This file should have exactly one option per line, and option that do have values should be specified in the format ``option=value''.\\ \textbf{--file} & This option lets you specify a non-standard location of the user proxy. The default value is ``\$X509\_USER\_PROXY'' or, if this is empty, ``/tmp/x509up\_u$<$id$>$'', where $<$id$>$ is the user's UID.\\ \textbf{--subject} & Prints the subject information.\\ \textbf{--issuer} & Prints the issuer information.\\ \textbf{--type} & Prints the proxy's type.\\ \textbf{--strength} & Prints the length (in bits) of the private key.\\ \textbf{--valid} & Prints the start and end validity times.\\ \textbf{--time} & Prints the end validity as a number of seconds for which the object will still be valid.\\ \textbf{--info} & Lets ``--subject'', ``--issuer'', ``--valid'' and ``--time'' also apply to ACs, and prints attributes values.\\ \textbf{--extra} & Prints extra information that were included in the proxy.\\ \textbf{--all} & Prints everything. (Implies all other options.)\\ \textbf{--fqan} & Specifies that attributes should be printed in the FQAN format. (default)\\ \textbf{--extended} & Specifies that attributes should be printed in the extended format.\\ \textbf{--exists} & Activates the ``--hours'' and ``--bits'' options.\\ \textbf{--hours} & Verifies that the proxy, and the ACs if ``--info'' was specified, will be valid for at least $<$H$>$ hours.\\ \textbf{--bits} & Verifies that the proxy key has at least $<$B$>$ bits.\\ \end{longtable} \chapter{voms-proxy-destroy} \section{Introduction} This command destroys an already existing VOMS proxy. \section{Configuration} No configuration needed. \section{Invocation} The following options may be used: \begin{longtable}{lp{3in}} \textbf{--debug} & This option prints a series of additional debug information on stdout. The additional output returned by this option should \emph{always} be included into bug reports for the voms-proxy-info command. User should not, however, ever rely on information printed by this options. Both content and format are guaranteed to change between software releases.\\ \textbf{--version} & Prints version information and exits.\\ \textbf{--conf} & Lets you specify a file from which options will be loaded. This file should have exactly one option per line, and option that do have values should be specified in the format ``option=value''.\\ \textbf{--quiet} & Prints only minimal information. \emph{WARNING}: some vital warnings may get overlooked by this option.\\ \textbf{--file} & This option lets you specify a non-standard location of the user proxy. The default value is ``\$X509\_USER\_PROXY'' or, if this is empty, ``/tmp/x509up\_u$<$id$>$'', where $<$id$>$ is the user's UID.\\ \textbf{--dryrun} & Only prints messages, but do not take any actions.\\ \end{longtable} \chapter{voms-proxy-fake} \section{Introduction} This command creates proxy certificates with fake ACs. This is useful for test purposes. \section{Configuration} No configuration is needed. \section{Invocation} \begin{longtable}{lp{3in}} \textbf{--help} & Displays usage.\\ \textbf{--version} & Displays version.\\ \textbf{--debug} & Enables extra debug output. Note that the exact format of this output is version-dependent, and should not be relied upon.\\ \textbf{-q} & Quiet mode, minimal output.\\ \textbf{--verify} & Verifies certificate used to make proxy.\\ \textbf{--pwstdin} & Allows passphrase from stdin.\\ \textbf{--limited} & Creates a limited proxy.\\ \textbf{--hours} & The proxy is valid for the specified number of hours. The default values is 12 hours.\\ \textbf{--vomslife} & Makes an AC with information valid for the specified number of hours. The default value of 0 means ``as long as the proxy certificate.''\\ \textbf{--bits} & Number of bits in the key {512|1024|2048|4096}\\ \textbf{--cert} & Non-standard location of the user certificate.\\ \textbf{--key} & Non-standard location of the user key.\\ \textbf{--certdir} & Non-standard location of the trusted certificates directory.\\ \textbf{--out} & Non-standard location of the new proxy cert.\\ \textbf{--voms} & Specifies the fake VOMS server that will appear in the attribute certificate. The command part (the same as that of the voms-proxy-init command) is ignored and is present for compatibility with voms-proxy-init.\\ \textbf{--include} & Includes the specified file in the certificate (in a non critical extension).\\ \textbf{--conf} & Read options from the specified file.\\ \textbf{--policy} & The file containing the policy expression.\\ \textbf{--policy-language} & The language in which the policy is expressed. Default is IMPERSONATION\_PROXY.\\ \textbf{--path-length} & Maximum depth of proxy certificate that can be signed from this.\\ \textbf{--globus} & Underlying Globus version.\\ \textbf{--proxyver} & Version of the proxy certificate to create. May be 2 or 3. The default value is dependent on the underlying globus version.\\ \textbf{--separate} & Saves the voms credential on the specified file.\\ \textbf{--hostcert} & The cert that will be used to sign the AC.\\ \textbf{--hostkey} & The key that will be used to sign the AC.\\ \textbf{--fqan} & The string that will be included in the AC as the granted FQAN. No check is done on the formal correctness of this string.\\ \textbf{--oldformat} & This allows AC generation in the old (incorrect) format.\\ \end{longtable} \chapter{voms-install-replica} \section{Introduction} This script allows a VOMS server to be setup as a slave of a master host, so that it will automatically pickup all DB updates from the master. It only works for MySQL-based servers. \section{Configuration} Prior to using this script, the VOMS who has to become the master must be configured. The instructions to do so follow. From the shell (just once): \begin{verbatim} cat >>/etc/my.cnf < .\" Date: 05/03/2021 .\" Manual: VOMS Server Slave setup .\" Source: VOMS Server Slave setup .\" Language: English .\" .TH "VOMS\-INSTALL\-REPLI" "8" "05/03/2021" "VOMS Server Slave setup" "VOMS Server Slave setup" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" voms-install-replica \- Setup the voms server as a slave of a master server .SH "SYNOPSIS" .HP \w'\fBvoms_install_replica\fR\ 'u \fBvoms_install_replica\fR [\fIoptions\fR] .SH "DESCRIPTION" .PP The voms_install_replica script initializes a VOMS server as a slave of a master server\&. It only works if both servers have MySQL as the underlying DB\&. .SH "OPTIONS" .PP \fB\-\-mysql\-home\fR \fIpath\fR Default home of MySQL\&. The default is \*(Aq/usr\*(Aq\&. .PP \fB\-\-db\fR \fIname\fR Name of the db to create\&. It must be the same name used in the \-\-master\-db option\&. .PP \fB\-\-mysql\-admin\fR \fIname\fR The name of the MySQL admin user\&. The default is \*(Aqroot\*(Aq\&. .PP \fB\-\-mysql\-pwd\fR \fIvalue\fR The password of the MySQL admin user, The default is to not use a password\&. .PP \fB\-\-master\-host\fR \fIvalue\fR This is the fully qualified hostname of the master server\&. .PP \fB\-\-master\-mysql\-user\fR \fIvalue\fR This is the username that the master has made available for the slave to use\&. .PP \fB\-\-master\-mysql\-pwd\fR \fIvalue\fR This is the password associated to the \-\-master\-mysql\-user account\&. .PP \fB\-\-master\-db\fR \fIvalue\fR This is the name of the DB on the master\&. It must be the same as the one specified in the \-\-db option\&. .PP \fB\-\-master\-log\-file\fR \fIvalue\fR This is the name of the file where a copy of the master log file will be placed\&. .PP \fB\-\-master\-log\-pos\fR \fIvalue\fR This is the location where a copy of the master log file will be placed\&. .SH "BUGS" .PP \m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" .PP voms(8) .PP \m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP \m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP \m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" .PP Vincenzo Ciaschini \&. .PP Valerio Venturi \&. .SH "COPYRIGHT" .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at .PP \m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. .SH "NOTES" .IP " 1." 4 EGEE Bug Tracking Tool .RS 4 \%https://savannah.cern.ch/projects/jra1mdw/ .RE .IP " 2." 4 EDT Auth Home page .RS 4 \%http://grid-auth.infn.it .RE .IP " 3." 4 CVSweb .RS 4 \%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms .RE .IP " 4." 4 RPM repository .RS 4 \%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 .RE .IP " 5." 4 www.apache.org/licenses/LICENSE-2.0 .RS 4 \%http://www.apache.org/licenses/LICENSE-2.0 .RE voms-2.1.2/doc/voms-install-replica.xml000066400000000000000000000053711477131364200200520ustar00rootroot00000000000000 ]> voms-install-replica 8 VOMS Server Slave setup voms-install-replica Setup the voms server as a slave of a master server voms_install_replica options Description The voms_install_replica script initializes a VOMS server as a slave of a master server. It only works if both servers have MySQL as the underlying DB. Options path Default home of MySQL. The default is '/usr'. name Name of the db to create. It must be the same name used in the --master-db option. name The name of the MySQL admin user. The default is 'root'. value The password of the MySQL admin user, The default is to not use a password. value This is the fully qualified hostname of the master server. value This is the username that the master has made available for the slave to use. value This is the password associated to the --master-mysql-user account. value This is the name of the DB on the master. It must be the same as the one specified in the --db option. value This is the name of the file where a copy of the master log file will be placed. value This is the location where a copy of the master log file will be placed. &bugzilla; See also voms(8) &links; &authors; &license; voms-2.1.2/doc/voms-proxy-destroy.1000066400000000000000000000073241477131364200171770ustar00rootroot00000000000000'\" t .\" Title: voms-proxy-destroy .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 05/03/2021 .\" Manual: VOMS Proxy Destroyer .\" Source: VOMS Proxy Destroyer .\" Language: English .\" .TH "VOMS\-PROXY\-DESTROY" "1" "05/03/2021" "VOMS Proxy Destroyer" "VOMS Proxy Destroyer" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" voms-proxy-destroy \- destroys a VOMS proxy .SH "SYNOPSIS" .HP \w'\fBvoms\-proxy\-destroy\fR\ 'u \fBvoms\-proxy\-destroy\fR [options] .SH "DESCRIPTION" .PP The voms\-proxy\-destroy is intended to be used after a proxy is no longer useful, to destroy it .SH "OPTIONS" .PP Options may be specified indifferently with either a "\-" or "\-\-" prefix\&. The options from \-help to \-out are present for compatibility with grid\-proxy\-init, and have the exact same meaning\&. The meaning of the other ones is the following\&. .PP \fB\-help\fR Displays usage .PP \fB\-version\fR Displays version .PP \fB\-debug\fR Enables extra debug output .PP \fB\-q\fR Quiet mode, minimal output .PP \fB\-file\fR \fIproxyfile\fR The name of the file containing the proxy, in case it is in a non\-standard place\&. .PP \fB\-dry\fR Doesn\*(Aqt actually destroy the proxy\&. .PP \fB\-conf\fR \fIfile\fR Read options from \fIfile\fR\&. .SH "BUGS" .PP \m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" .PP voms\-proxy\-init(1), voms\-proxy\-info(1) .PP \m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP \m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP \m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" .PP Vincenzo Ciaschini \&. .PP Valerio Venturi \&. .SH "COPYRIGHT" .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at .PP \m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. .SH "NOTES" .IP " 1." 4 EGEE Bug Tracking Tool .RS 4 \%https://savannah.cern.ch/projects/jra1mdw/ .RE .IP " 2." 4 EDT Auth Home page .RS 4 \%http://grid-auth.infn.it .RE .IP " 3." 4 CVSweb .RS 4 \%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms .RE .IP " 4." 4 RPM repository .RS 4 \%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 .RE .IP " 5." 4 www.apache.org/licenses/LICENSE-2.0 .RS 4 \%http://www.apache.org/licenses/LICENSE-2.0 .RE voms-2.1.2/doc/voms-proxy-destroy.xml000066400000000000000000000040311477131364200176270ustar00rootroot00000000000000 ]> voms-proxy-destroy 1 VOMS Proxy Destroyer voms-proxy-destroy destroys a VOMS proxy voms-proxy-destroy options Description The voms-proxy-destroy is intended to be used after a proxy is no longer useful, to destroy it Options Options may be specified indifferently with either a "-" or "--" prefix. The options from -help to -out are present for compatibility with grid-proxy-init, and have the exact same meaning. The meaning of the other ones is the following. Displays usage Displays version Enables extra debug output Quiet mode, minimal output proxyfile The name of the file containing the proxy, in case it is in a non-standard place. Doesn't actually destroy the proxy. file Read options from file. &bugzilla; See also voms-proxy-init(1), voms-proxy-info(1) &links; &authors; &license; voms-2.1.2/doc/voms-proxy-fake.1000066400000000000000000000252601477131364200164130ustar00rootroot00000000000000'\" t .\" Title: voms-proxy-fake .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 05/03/2021 .\" Manual: VOMS Client .\" Source: VOMS Client .\" Language: English .\" .TH "VOMS\-PROXY\-FAKE" "1" "05/03/2021" "VOMS Client" "VOMS Client" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" voms-proxy-fake \- create a proxy with VOMS extensions .SH "SYNOPSIS" .HP \w'\fBvoms\-proxy\-fake\fR\ 'u \fBvoms\-proxy\-fake\fR [options] .SH "DESCRIPTION" .PP The voms\-proxy\-fake generates a proxy containing arbitrary attributes without contacting the VOMS server\&. .SH "OPTIONS" .PP Options may be specified indifferently with either a "\-" or "\-\-" prefix\&. .PP \fB\-help\fR Displays usage\&. .PP \fB\-version\fR Displays version\&. .PP \fB\-debug\fR Enables extra debug output\&. .PP \fB\-q\fR Quiet mode, minimal output\&. .PP \fB\-verify\fR Verifies certificate to make proxy for\&. .PP \fB\-pwstdin\fR Allows passphrase from stdin\&. .PP \fB\-limited\fR Creates a limited proxy\&. .PP \fB\-hours\fR \fIH\fR Proxy is valid for \fIH\fR hours (default:12)\&. .PP \fB\-vomslife\fR \fIH\fR Tries to get an AC with information valid for \fIH\fR hours\&. The default is "as long as the proxy certificate"\&. The special value 0 means as long as the server will allow\&. .PP \fB\-bits\fR \fIB\fR Number of bits in key {0|512|1024|2048|4096}\&. 0 is a special value which means: same number of bits as in the issuing certificate\&. .PP \fB\-cert\fR \fIcertfile\fR Non\-standard location of user certificate .PP \fB\-key\fR \fIkeyfile\fR Non\-standard location of user key .PP \fB\-certdir\fR \fIcertdir\fR Location of trusted certificates dir .PP \fB\-out\fR \fIproxyfile\fR Location of new proxy cert .PP \fB\-voms\fR \fIvoms[:command]\fR Specifies the fake VOMS server that will appear in the attribute certificate\&. command is ignored and is present for compatibility with voms\-proxy\-init\&. .PP \fB\-include\fR \fIfile\fR Includes \fIfile\fR in the certificate (in a non critical extension) .PP \fB\-conf\fR \fIfile\fR Read options from \fIfile\fR\&. .PP \fB\-policy\fR The file containing the policy expression\&. .PP \fB\-policy\-language\fR\fI pl\fR The language in which the policy is expressed\&. Default is IMPERSONATION_PROXY\&. .PP \fB\-path\-length\fR Maximum depth of proxy certfificate that can be signed from this\&. .PP \fB\-globus\fR \fIversion\fR This option is obsolete and only present for backwards compatibility with old installations\&. Currently, its value is ignored\&. .PP \fB\-proxyver\fR Version of the proxy certificate to create\&. May be 2 or 3\&. Default value is decided upon underlying globus version\&. .PP \fB\-separate\fR \fIfile\fR Saves the voms credential on file \fIfile\fR\&. .PP \fB\-hostcert\fR \fIfile\fR The cert that will be used to sign the AC\&. .PP \fB\-hostkey\fR \fIfile\fR The key thet will be used to sign the AC\&. .PP \fB\-fqan\fR \fIfile\fR The string that will be included in the AC as the granted FQAN\&. .PP \fB\-newformat\fR .PP This forces the server to generate ACs in the new (correct) format\&. This is meant as a compatibility feature to ease migration while the servers upgrade to the new version\&. .PP \fB\-newsubject\fR \fInewdn\fR .PP The created proxy will have \fInewdn\fR as subject rather than what is would normally have depending on the specific version of proxy created\&. Non\-printable characters may be specified via the \*(Aq\eXX\*(Aq encoding, where XX are two hexadecimal characters\&. .PP \fB\-newissuer\fR \fInewdn\fR .PP The created proxy will have \fInewdn\fR as issuer rather than what is would normally have depending on the specific version of proxy created\&. Non\-printable characters may be specified via the \*(Aq\eXX\*(Aq encoding, where XX are two hexadecimal characters\&. .PP \fB\-newserial\fR \fInewserial\fR .PP The created proxy will have the \fInewserial\fR as its serial number\&. The new serial number will have to be specified as an hex representation\&. Any length is possible\&. If this option is not specified, voms\-proxy\-fake will choose the serial number\&. .PP \fB\-pastac\fR \fItimespec\fR .PP The created AC will have its validity start in the past, as specified by \fItimespec\fR\&. .PP The format of \fItimespec\fR is one of: \fIseconds\fR, \fIhours:minutes\fR, \fIhours:minutes:seconds\fR .PP \fB\-pastproxy\fR \fItimespec\fR .PP The created proxy will have its validity start in the past as specified by \fItimespec\fR .PP The format of \fItimespec\fR is one of: \fIseconds\fR, \fIhours:minutes\fR, \fIhours:minutes:seconds\fR .PP \fB\-nscert\fR \fIbit,\&.\&.\&.,bit\fR .PP The created proxy will have the specified bits in the Netscape Certificate Extension\&. Acceptable values for \fIbit\fR are: client, server, email, objsign, sslCA, emailCA, objCA\&. The default value is not to have this extension\&. .PP \fB\-extkeyusage\fR \fIbit,\&.\&.\&.,bit\fR .PP The created proxy will have the specified bits in the Extended Key Usage Extension\&. Acceptable values for \fIbit\fR are: serverAuth, clientAuth, codeSigning, emailProtection, timeStamping, msCodeInd, msCodeCom, msCTLSign, msSGC, msEFS, nsSGC, deltaCRL\&. The default value is not to have this extensions\&. .PP \fB\-keyusage\fR \fIbit,\&.\&.\&.,bit\fR .PP The created proxy will have the specified bits in the Key Usage Extensions\&. Acceptable values for \fIbit\fR are: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly\&. The default value is to copy this extensions from the issuer certificate while removing the keyCertSign and nonRepudiation bits if present\&. .PP \fB\-selfsigned\fR .PP The created certificate will be a self\-signed certificate and have a CA=true bit in the Basic constraints Exception\&. .PP \fB\-extension\fR \fIoid[/criticality]value\fR .PP This option allows one to specify additional extensions to be put in the created certificate\&. .PP \fIoid\fR is the Object Identifier of the extensions\&. Any OID may be used even if it is not already known in advance\&. This must always be specified\&. There is no default\&. .PP \fIcriticality\fR specifies whether the extensions is critical or not, and it must be either \fItrue\fR or \fIfalse\fR\&. If absent, it defaults to \fIfalse\fR\&. .PP \fIvalue\fR is the value of the extensions\&. It is composed by two subfields, \fItype\fR and \fIcontent\fR\&. \fItype\fR is a single character, and specifies how the \fIcontent\fR is interpreted\&. \*(Aq:\*(Aq means that \fIcontent\fR is a text string to be included as is\&. \*(Aq~\*(Aq means that \fIcontent\fR is an hex representation of the string\&. \*(Aq+\*(Aq means that \fIcontent\fR is the name of a file which will contain the actual data\&. .PP \fB\-acextension\fR \fIoid[/criticality]value\fR .PP This option allows one to specify additional extensions to be put in the created attribute certificate\&. .PP \fIoid\fR is the Object Identifier of the extensions\&. Any OID may be used even if it is not already known in advance\&. This must always be specified\&. There is no default\&. .PP \fIcriticality\fR specifies whether the extensions is critical or not, and it must be either \fItrue\fR or \fIfalse\fR\&. If absent, it defaults to \fIfalse\fR\&. .PP \fIvalue\fR is the value of the extensions\&. It is composed by two subfields, \fItype\fR and \fIcontent\fR\&. \fItype\fR is a single character, and specifies how the \fIcontent\fR is interpreted\&. \*(Aq:\*(Aq means that \fIcontent\fR is a text string to be included as is\&. \*(Aq~\*(Aq means that \fIcontent\fR is an hex representation of the string\&. \*(Aq+\*(Aq means that \fIcontent\fR is the name of a file which will contain the actual data\&. .PP \fB\-ga\fR \fIid\fR = \fIvalue\fR \fI[(qualifier)]\fR .PP This option adds the generic attribute specified to the AC generated\&. Please note that spaces before and after the \*(Aq=\*(Aq char are swallowed in the command line\&. .PP \fB\-voinfo\fR \fIfile\fR .PP The file \fIfile\fR contains information for additional ACs that should be included in the created proxy\&. ACs specified via the \-voinfo option shall be added before ACs specified via the command line options\&. .PP The format of the file is the following: .PP [\fIvoname\fR] .PP \fIparameter\fR=\fIvalue\fR .PP \fIparameter\fR=\fIvalue\fR .PP \fI\&.\&.\&.\fR .SH "BUGS" .PP \m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" .PP voms\-proxy\-fake(1), voms\-proxy\-init(1), voms\-proxy\-info(1), voms\-proxy\-destroy(1) .PP \m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP \m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP \m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" .PP Vincenzo Ciaschini \&. .PP Valerio Venturi \&. .SH "COPYRIGHT" .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at .PP \m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. .SH "NOTES" .IP " 1." 4 EGEE Bug Tracking Tool .RS 4 \%https://savannah.cern.ch/projects/jra1mdw/ .RE .IP " 2." 4 EDT Auth Home page .RS 4 \%http://grid-auth.infn.it .RE .IP " 3." 4 CVSweb .RS 4 \%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms .RE .IP " 4." 4 RPM repository .RS 4 \%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 .RE .IP " 5." 4 www.apache.org/licenses/LICENSE-2.0 .RS 4 \%http://www.apache.org/licenses/LICENSE-2.0 .RE voms-2.1.2/doc/voms-proxy-fake.xml000066400000000000000000000273141477131364200170550ustar00rootroot00000000000000 ]> voms-proxy-fake 1 VOMS Client voms-proxy-fake create a proxy with VOMS extensions voms-proxy-fake options Description The voms-proxy-fake generates a proxy containing arbitrary attributes without contacting the VOMS server. Options Options may be specified indifferently with either a "-" or "--" prefix. Displays usage. Displays version. Enables extra debug output. Quiet mode, minimal output. Verifies certificate to make proxy for. Allows passphrase from stdin. Creates a limited proxy. H Proxy is valid for H hours (default:12). H Tries to get an AC with information valid for H hours. The default is "as long as the proxy certificate". The special value 0 means as long as the server will allow. B Number of bits in key {0|512|1024|2048|4096}. 0 is a special value which means: same number of bits as in the issuing certificate. certfile Non-standard location of user certificate keyfile Non-standard location of user key certdir Location of trusted certificates dir proxyfile Location of new proxy cert voms[:command] Specifies the fake VOMS server that will appear in the attribute certificate. command is ignored and is present for compatibility with voms-proxy-init. file Includes file in the certificate (in a non critical extension) file Read options from file. The file containing the policy expression. pl The language in which the policy is expressed. Default is IMPERSONATION_PROXY. Maximum depth of proxy certfificate that can be signed from this. version This option is obsolete and only present for backwards compatibility with old installations. Currently, its value is ignored. Version of the proxy certificate to create. May be 2 or 3. Default value is decided upon underlying globus version. file Saves the voms credential on file file. file The cert that will be used to sign the AC. file The key thet will be used to sign the AC. file The string that will be included in the AC as the granted FQAN. This forces the server to generate ACs in the new (correct) format. This is meant as a compatibility feature to ease migration while the servers upgrade to the new version. newdn The created proxy will have newdn as subject rather than what is would normally have depending on the specific version of proxy created. Non-printable characters may be specified via the '\XX' encoding, where XX are two hexadecimal characters. newdn The created proxy will have newdn as issuer rather than what is would normally have depending on the specific version of proxy created. Non-printable characters may be specified via the '\XX' encoding, where XX are two hexadecimal characters. newserial The created proxy will have the newserial as its serial number. The new serial number will have to be specified as an hex representation. Any length is possible. If this option is not specified, voms-proxy-fake will choose the serial number. timespec The created AC will have its validity start in the past, as specified by timespec. The format of timespec is one of: seconds, hours:minutes, hours:minutes:seconds timespec The created proxy will have its validity start in the past as specified by timespec The format of timespec is one of: seconds, hours:minutes, hours:minutes:seconds bit,...,bit The created proxy will have the specified bits in the Netscape Certificate Extension. Acceptable values for bit are: client, server, email, objsign, sslCA, emailCA, objCA. The default value is not to have this extension. bit,...,bit The created proxy will have the specified bits in the Extended Key Usage Extension. Acceptable values for bit are: serverAuth, clientAuth, codeSigning, emailProtection, timeStamping, msCodeInd, msCodeCom, msCTLSign, msSGC, msEFS, nsSGC, deltaCRL. The default value is not to have this extensions. bit,...,bit The created proxy will have the specified bits in the Key Usage Extensions. Acceptable values for bit are: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly. The default value is to copy this extensions from the issuer certificate while removing the keyCertSign and nonRepudiation bits if present. The created certificate will be a self-signed certificate and have a CA=true bit in the Basic constraints Exception. oid[/criticality]value This option allows one to specify additional extensions to be put in the created certificate. oid is the Object Identifier of the extensions. Any OID may be used even if it is not already known in advance. This must always be specified. There is no default. criticality specifies whether the extensions is critical or not, and it must be either true or false. If absent, it defaults to false. value is the value of the extensions. It is composed by two subfields, type and content. type is a single character, and specifies how the content is interpreted. ':' means that content is a text string to be included as is. '~' means that content is an hex representation of the string. '+' means that content is the name of a file which will contain the actual data. oid[/criticality]value This option allows one to specify additional extensions to be put in the created attribute certificate. oid is the Object Identifier of the extensions. Any OID may be used even if it is not already known in advance. This must always be specified. There is no default. criticality specifies whether the extensions is critical or not, and it must be either true or false. If absent, it defaults to false. value is the value of the extensions. It is composed by two subfields, type and content. type is a single character, and specifies how the content is interpreted. ':' means that content is a text string to be included as is. '~' means that content is an hex representation of the string. '+' means that content is the name of a file which will contain the actual data. id = value [(qualifier)] This option adds the generic attribute specified to the AC generated. Please note that spaces before and after the '=' char are swallowed in the command line. file The file file contains information for additional ACs that should be included in the created proxy. ACs specified via the -voinfo option shall be added before ACs specified via the command line options. The format of the file is the following: [voname] parameter=value parameter=value ... &bugzilla; See also voms-proxy-fake(1), voms-proxy-init(1), voms-proxy-info(1), voms-proxy-destroy(1) &links; &authors; &license; voms-2.1.2/doc/voms-proxy-info.1000066400000000000000000000133311477131364200164340ustar00rootroot00000000000000'\" t .\" Title: voms-proxy-info .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 05/03/2021 .\" Manual: VOMS Client .\" Source: VOMS Client .\" Language: English .\" .TH "VOMS\-PROXY\-INFO" "1" "05/03/2021" "VOMS Client" "VOMS Client" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" voms-proxy-info \- prints information about a proxy with VOMS extensions .SH "SYNOPSIS" .HP \w'\fBvoms\-proxy\-info\fR\ 'u \fBvoms\-proxy\-info\fR [options] .SH "DESCRIPTION" .PP The voms\-proxy\-info command pritns information about a proxy, including information about the VOMS extension\&. .SH "OPTIONS" .PP Options may be specified indifferently with either a "\-" or "\-\-" prefix\&. The options from \-help to \-out are present for compatibility with grid\-proxy\-init, and have the exact same meaning\&. The meaning of the other ones is the following\&. .PP \fB\-help\fR .PP \fB\-usage\fR Displays usage\&. .PP \fB\-version\fR Displays version\&. .PP \fB\-debug\fR Enables extra debug output\&. This is for bug reports only\&. Users must not rely on the extra output printed by this option\&. .PP \fB\-file\fR \fIproxyfile\fR The name of the file containing the proxy, in case it is in a non\-standard place\&. .PP \fB\-chain\fR Prints information about the proxy\*(Aqs certificate chain\&. .PP \fB\-subject\fR Prints the DN of the proxy\*(Aqs subject\&. .PP \fB\-issuer\fR Prints the DN of the proxy\*(Aqs issuer\&. .PP \fB\-identity\fR Prints the DN of the iodentity represented by the proxy\&. This is synonimous .PP \fB\-type\fR Print the proxy\*(Aqs type (limited or not) .PP \fB\-strength\fR Prints the proxy\*(Aqs strength\&. I\&.e\&. the number of bits in the key\&. .PP \fB\-valid\fR Print validity times\&. .PP \fB\-timeleft\fR Prints how much time is left (in seconds) instead of the end time of the proxy\&. This option implies \-valid .PP \fB\-all\fR Prints everything\&. .PP \fB\-fqan\fR Prints the VOMS attributes in the FQAN format\&. Default .PP \fB\-exists\fR \fI\-bits N\fR \fI\-hours H\fR Verifies if the proxy is valid for at least other H hours and has a key of at least N bits\&. .PP \fB\-acexists\fR \fIvoname\fR Verifies if an AC for the VO specified is present in the proxy\&. .PP \fB\-conf\fR \fIfile\fR Read options from \fIfile\fR\&. .PP \fB\-text\fR Prints the certificate to standard output\&. .PP \fB\-path\fR Prints the full path name of the proxy file\&. .PP \fB\-vo\fR Prints the names of the VOs whose AC are present in the proxy .PP \fB\-acsubject\fR Prints the subject of the owners of the ACs in the proxy\&. .PP \fB\-acissuer\fR Prints the issuer of the owners of the ACs in the proxy\&. .PP \fB\-actimeleft\fR Prints how much time is left (in seconds) instead of the end time of the AC\&. .PP \fB\-serial\fR Prints the serial number of each AC present in the proxy\&. .PP \fB\-dont\-verify\-ac\fR Skips the AC verification step\&. Warning! Data printed when this option is specified may not be reliable\&. .PP \fB\-targets\fR Prints the list of hosts to which the AC has been targeted\&. .PP \fB\-included\-file\fR In case the proxy included a user\-specified file, this option prints it to screen\&. .PP \fB\-uri\fR Prints the URI of the serve which issued this AC\&. .PP \fB\-keyusage\fR Print the content of the KeyUsage extension of the certificate\&. .SH "BUGS" .PP \m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" .PP voms\-proxy\-init(1), voms\-proxy\-destroy(1) .PP \m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP \m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP \m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" .PP Vincenzo Ciaschini \&. .PP Valerio Venturi \&. .SH "COPYRIGHT" .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at .PP \m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. .SH "NOTES" .IP " 1." 4 EGEE Bug Tracking Tool .RS 4 \%https://savannah.cern.ch/projects/jra1mdw/ .RE .IP " 2." 4 EDT Auth Home page .RS 4 \%http://grid-auth.infn.it .RE .IP " 3." 4 CVSweb .RS 4 \%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms .RE .IP " 4." 4 RPM repository .RS 4 \%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 .RE .IP " 5." 4 www.apache.org/licenses/LICENSE-2.0 .RS 4 \%http://www.apache.org/licenses/LICENSE-2.0 .RE voms-2.1.2/doc/voms-proxy-info.xml000066400000000000000000000107761477131364200171060ustar00rootroot00000000000000 ]> voms-proxy-info 1 VOMS Client voms-proxy-info prints information about a proxy with VOMS extensions voms-proxy-info options Description The voms-proxy-info command pritns information about a proxy, including information about the VOMS extension. Options Options may be specified indifferently with either a "-" or "--" prefix. The options from -help to -out are present for compatibility with grid-proxy-init, and have the exact same meaning. The meaning of the other ones is the following. Displays usage. Displays version. Enables extra debug output. This is for bug reports only. Users must not rely on the extra output printed by this option. proxyfile The name of the file containing the proxy, in case it is in a non-standard place. Prints information about the proxy's certificate chain. Prints the DN of the proxy's subject. Prints the DN of the proxy's issuer. Prints the DN of the iodentity represented by the proxy. This is synonimous Print the proxy's type (limited or not) Prints the proxy's strength. I.e. the number of bits in the key. Print validity times. Prints how much time is left (in seconds) instead of the end time of the proxy. This option implies -valid Prints everything. Prints the VOMS attributes in the FQAN format. Default -bits N -hours H Verifies if the proxy is valid for at least other H hours and has a key of at least N bits. voname Verifies if an AC for the VO specified is present in the proxy. file Read options from file. Prints the certificate to standard output. Prints the full path name of the proxy file. Prints the names of the VOs whose AC are present in the proxy Prints the subject of the owners of the ACs in the proxy. Prints the issuer of the owners of the ACs in the proxy. Prints how much time is left (in seconds) instead of the end time of the AC. Prints the serial number of each AC present in the proxy. Skips the AC verification step. Warning! Data printed when this option is specified may not be reliable. Prints the list of hosts to which the AC has been targeted. In case the proxy included a user-specified file, this option prints it to screen. Prints the URI of the serve which issued this AC. Print the content of the KeyUsage extension of the certificate. &bugzilla; See also voms-proxy-init(1), voms-proxy-destroy(1) &links; &authors; &license; voms-2.1.2/doc/voms-proxy-init.1000066400000000000000000000210511477131364200164420ustar00rootroot00000000000000'\" t .\" Title: voms-proxy-init .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 05/03/2021 .\" Manual: VOMS Client .\" Source: VOMS Client .\" Language: English .\" .TH "VOMS\-PROXY\-INIT" "1" "05/03/2021" "VOMS Client" "VOMS Client" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" voms-proxy-init \- create a proxy with VOMS extensions .SH "SYNOPSIS" .HP \w'\fBvoms\-proxy\-init\fR\ 'u \fBvoms\-proxy\-init\fR [options] .SH "DESCRIPTION" .PP The voms\-proxy\-init generates a proxy with the VOMS information included in a non critical extension\&. .SH "OPTIONS" .PP Options may be specified indifferently with either a "\-" or "\-\-" prefix\&. The options from \-help to \-out are present for compatibility with grid\-proxy\-init, and have the exact same meaning\&. The meaning of the other ones is the following\&. .PP \fB\-help\fR .PP \fB\-usage\fR Displays usage .PP \fB\-version\fR .PP Displays version .PP \fB\-debug\fR Enables extra debug output .PP \fB\-quiet\fR .PP \fB\-q\fR Quiet mode, minimal output .PP \fB\-verify\fR Verifies proxy .PP \fB\-pwstdin\fR Allows passphrase from stdin .PP \fB\-limited\fR Creates a limited proxy .PP \fB\-hours\fR \fIH\fR Proxy is valid for \fIH\fR hours (default:12) This option is deprecated and is only present for compatibility with grid\-proxy\-init, since this option does not set the validity of the credentials returned by VOMS\&. Use \-valid instead\&. .PP \fB\-vomslife\fR \fIH\fR Tries to get a pseudo cert with information valid for \fIH\fR hours\&. The default is "as long as the proxy certificate"\&. The special value 0 means as long as the server will allow\&. This option is deprecated, since it does not set the validity of the generated proxy\&. Use \-valid instead\&. .PP \fB\-valid\fR \fIHH:MM\fR This option attempts to set the validity for both the proxy and the credentials returned by the VOMS server\&. The latter validity may however be shortened due to server policy\&. This option obsoletes both \-hours and \-vomslife, and should be used in preference to both .PP \fB\-bits\fR \fIB\fR Number of bits in key {0|512|1024|2048|4096}\&. 0 is a special value which means: same number of bits as in the issuing certificate\&. .PP \fB\-cert\fR \fIcertfile\fR Non\-standard location of user certificate .PP \fB\-key\fR \fIkeyfile\fR Non\-standard location of user key .PP \fB\-certdir\fR \fIcertdir\fR Non standard location where the trusted CAs certificates are kept\&. .PP \fB\-out\fR \fIproxyfile\fR Location of new proxy cert .PP \fB\-voms\fR \fIvoms[:command]\fR Specifies the VOMS server to contact using the nickname \fIvoms\fR\&. It also allows one to send a specific command to the server\&. The default command is \fB:all\fR, and it gets all group membership information\&. Other commands are \fB:/Role=rolename\fR which grants the \fBrolename\fR VO\-wide role if the server allows it, and \fB:/group/Role=rolename\fR which grants the role \fBrolename\fR only in the group \fB/group\fR, again only if the server allows it\&. .PP Example : voms\-proxy\-init \-\-voms myVO:/myVO/Role=VO\-Admin .PP \fB\-order\fR \fIfqan\fR Specified fqans, if present, are put on top of the list of attributes returned by the server in the order in which they are passed (using more \-order call)\&. The order of the others is not specified\&. If some of the fqans are not returned no warning is given\&. Capability selection is not supported\&. .PP \fB\-include\fR \fIfile\fR Includes \fIfile\fR in the certificate (in a non critical extension) .PP \fB\-conf\fR \fIfile\fR Read options from \fIfile\fR\&. .PP \fB\-confile\fR \fIfile\fR .PP \fB\-userconf\fR \fIfile\fR .PP \fB\-vomses\fR \fIfile\fR Specifies the name of a configuration file from which a list of nicknames is read\&. The format of the file is the following: \fInick\fR \fIhost\fR \fIport\fR \fIsubject\fR \fIvo\fR where nick is the nickname, host and port are the hostname and port of the server to contact, subject is the subject of the server\*(Aqs certificate, while vo is the name of the VO that owns the server\&. The default filenames are $PREFIX/etc/vomses and $HOME/\&.voms/vomses\&. .PP Moreover, permissions must be 644 if a file is specified, and 755 if a directory is specified .PP The three options are synonyms\&. \-confile and \-userconf are deprecated\&. \-vomses should be used instead\&. .PP \fB\-policy\fR The file containing the policy expression\&. .PP \fB\-policy\-language\fR\fI pl\fR .PP \fB\-pl\fR\fI pl\fR The language in which the policy is expressed\&. Default is IMPERSONATION_PROXY\&. .PP \fB\-path\-length\fR Maximum depth of proxy certfificate that can be signed from this\&. .PP \fB\-globus\fR \fIversion\fR This option is obsolete and only present for backwards compatibility with old installations\&. Currently, its value is ignored\&. .PP \fB\-proxyver\fR Version of the proxy certificate to create\&. May be 2, 3 or 4\&. Default value is decided upon underlying globus version\&. .PP \fB\-rfc\fR This option is a synonym of \fB\-proxyver 4\fR and it generates a RFC\-compliant proxy\&. .PP \fB\-old\fR This option is a synonym of \fB\-proxyver 2\fR and it generates a legacy proxy\&. .PP \fB\-target\fR \fIhostname\fR This option targets the generated AC to a specific host\&. This option may be specified multiple times to allow for multiple hosts\&. .PP \fB\-timeout\fR \fIseconds\fR This option allows one to specify the maximum number of seconds that voms\-proxy\-init will wait while trying to establish a connection with the server\&. Its default value is \-1 (unlimited)\&. .PP \fB\-noregen\fR Use existing proxy to contact the server and to sing the new proxy\&. .PP \fB\-separate\fR \fIfile\fR Saves the voms credential on file \fIfile\fR\&. .PP \fB\-ignorewarn\fR Ignore all warnings\&. They are not shown to the user\&. .PP \fB\-failonwarn\fR Warnings become failures\&. The program will translates all warnings into errors and will react accordingly, by returning a failure itself\&. .PP \fB\-list\fR Instead of producing an attribute certificate, this optin will print on screen a list of all attributes available to the user\&. .PP \fB\-includeac\fR \fIfile\fR Adds the VOMS AC in \fIfile\fR to the proxy\&. .SH "BUGS" .PP \m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" .PP voms\-proxy\-info(1), voms\-proxy\-destroy(1) .PP \m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP \m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP \m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" .PP Vincenzo Ciaschini \&. .PP Valerio Venturi \&. .SH "COPYRIGHT" .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at .PP \m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. .SH "NOTES" .IP " 1." 4 EGEE Bug Tracking Tool .RS 4 \%https://savannah.cern.ch/projects/jra1mdw/ .RE .IP " 2." 4 EDT Auth Home page .RS 4 \%http://grid-auth.infn.it .RE .IP " 3." 4 CVSweb .RS 4 \%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms .RE .IP " 4." 4 RPM repository .RS 4 \%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 .RE .IP " 5." 4 www.apache.org/licenses/LICENSE-2.0 .RS 4 \%http://www.apache.org/licenses/LICENSE-2.0 .RE voms-2.1.2/doc/voms-proxy-init.xml000066400000000000000000000205261477131364200171100ustar00rootroot00000000000000 ]> voms-proxy-init 1 VOMS Client voms-proxy-init create a proxy with VOMS extensions voms-proxy-init options Description The voms-proxy-init generates a proxy with the VOMS information included in a non critical extension. Options Options may be specified indifferently with either a "-" or "--" prefix. The options from -help to -out are present for compatibility with grid-proxy-init, and have the exact same meaning. The meaning of the other ones is the following. Displays usage Displays version Enables extra debug output Quiet mode, minimal output Verifies proxy Allows passphrase from stdin Creates a limited proxy H Proxy is valid for H hours (default:12) This option is deprecated and is only present for compatibility with grid-proxy-init, since this option does not set the validity of the credentials returned by VOMS. Use -valid instead. H Tries to get a pseudo cert with information valid for H hours. The default is "as long as the proxy certificate". The special value 0 means as long as the server will allow. This option is deprecated, since it does not set the validity of the generated proxy. Use -valid instead. HH:MM This option attempts to set the validity for both the proxy and the credentials returned by the VOMS server. The latter validity may however be shortened due to server policy. This option obsoletes both -hours and -vomslife, and should be used in preference to both B Number of bits in key {0|512|1024|2048|4096}. 0 is a special value which means: same number of bits as in the issuing certificate. certfile Non-standard location of user certificate keyfile Non-standard location of user key certdir Non standard location where the trusted CAs certificates are kept. proxyfile Location of new proxy cert voms[:command] Specifies the VOMS server to contact using the nickname voms. It also allows one to send a specific command to the server. The default command is :all, and it gets all group membership information. Other commands are :/Role=rolename which grants the rolename VO-wide role if the server allows it, and :/group/Role=rolename which grants the role rolename only in the group /group, again only if the server allows it. Example : voms-proxy-init --voms myVO:/myVO/Role=VO-Admin fqan Specified fqans, if present, are put on top of the list of attributes returned by the server in the order in which they are passed (using more -order call). The order of the others is not specified. If some of the fqans are not returned no warning is given. Capability selection is not supported. file Includes file in the certificate (in a non critical extension) file Read options from file. file file file Specifies the name of a configuration file from which a list of nicknames is read. The format of the file is the following: nick host port subject vo where nick is the nickname, host and port are the hostname and port of the server to contact, subject is the subject of the server's certificate, while vo is the name of the VO that owns the server. The default filenames are $PREFIX/etc/vomses and $HOME/.voms/vomses. Moreover, permissions must be 644 if a file is specified, and 755 if a directory is specified The three options are synonyms. -confile and -userconf are deprecated. -vomses should be used instead. The file containing the policy expression. pl pl The language in which the policy is expressed. Default is IMPERSONATION_PROXY. Maximum depth of proxy certfificate that can be signed from this. version This option is obsolete and only present for backwards compatibility with old installations. Currently, its value is ignored. Version of the proxy certificate to create. May be 2, 3 or 4. Default value is decided upon underlying globus version. This option is a synonym of and it generates a RFC-compliant proxy. This option is a synonym of and it generates a legacy proxy. hostname This option targets the generated AC to a specific host. This option may be specified multiple times to allow for multiple hosts. seconds This option allows one to specify the maximum number of seconds that voms-proxy-init will wait while trying to establish a connection with the server. Its default value is -1 (unlimited). Use existing proxy to contact the server and to sing the new proxy. file Saves the voms credential on file file. Ignore all warnings. They are not shown to the user. Warnings become failures. The program will translates all warnings into errors and will react accordingly, by returning a failure itself. Instead of producing an attribute certificate, this optin will print on screen a list of all attributes available to the user. file Adds the VOMS AC in file to the proxy. &bugzilla; See also voms-proxy-info(1), voms-proxy-destroy(1) &links; &authors; &license; voms-2.1.2/doc/voms-proxy-list.1000066400000000000000000000130231477131364200164520ustar00rootroot00000000000000'\" t .\" Title: voms-proxy-list .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 05/03/2021 .\" Manual: VOMS Client .\" Source: VOMS Client .\" Language: English .\" .TH "VOMS\-PROXY\-LIST" "1" "05/03/2021" "VOMS Client" "VOMS Client" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" voms-proxy-list \- Shows a list of all available attributes from a specified server .SH "SYNOPSIS" .HP \w'\fBvoms\-proxy\-list\fR\ 'u \fBvoms\-proxy\-list\fR [options] .SH "DESCRIPTION" .PP The voms\-proxy\-list prints on screen a list of all available attributes from a specified proxy server\&. .SH "OPTIONS" .PP Options may be specified indifferently with either a "\-" or "\-\-" prefix\&. The options from \-help to \-out are present for compatibility with grid\-proxy\-init, and have the exact same meaning\&. The meaning of the other ones is the following\&. .PP \fB\-help\fR Displays usage .PP \fB\-version\fR Displays version .PP \fB\-debug\fR Enables extra debug output .PP \fB\-q\fR Quiet mode, minimal output .PP \fB\-verify\fR Verifies certificate to make proxy for .PP \fB\-pwstdin\fR Allows passphrase from stdin .PP \fB\-cert\fR \fIcertfile\fR Non\-standard location of user certificate .PP \fB\-key\fR \fIkeyfile\fR Non\-standard location of user key .PP \fB\-certdir\fR \fIcertdir\fR Non standard location where the trusted CAs certificates are kept\&. .PP \fB\-out\fR \fIproxyfile\fR Location of new proxy cert .PP \fB\-voms\fR \fIvoms\fR Specifies the VOMS server to contact using the nickname \fIvoms\fR\&. .PP Example : voms\-proxy\-list \-\-voms myVO .PP \fB\-conf\fR \fIfile\fR Read options from \fIfile\fR\&. .PP \fB\-confile\fR \fIfile\fR .PP \fB\-userconf\fR \fIfile\fR .PP \fB\-vomses\fR \fIfile\fR Specifies the name of a configuration file from which a list of nicknames is read\&. The format of the file is the following: \fInick\fR \fIhost\fR \fIport\fR \fIsubject\fR \fIvo\fR Where nick is the nickname, host and port are the hostname and port of the server to contact, subject is the subject of the server\*(Aqs certificate, while vo is the name of the VO that owns the server\&. The default filenames are $PREFIX/etc/vomses and $HOME/\&.glite/vomses\&. .PP Moreover, permissions must be 644 if a file is specified, and 755 if a directory is specified .PP The three options are synonyms\&. \-confile and \-userconf are deprecated\&. \-vomses should be used instead\&. .PP \fB\-globus\fR \fIversion\fR This option is obsolete and only present for backwards compatibility with old installations\&. Currently, its value is ignored\&. .PP \fB\-noregen\fR Use existing proxy to contact the server and to sing the new proxy\&. .PP \fB\-ignorewarn\fR Ignore all warnings\&. They are not shown to the user\&. .PP \fB\-failonwarn\fR Warnings become failures\&. The program will translates all warnings into errors and will react accordingly, by returning a failure itself\&. .PP \fB\-list\fR Instead of producing an attribute certificate, this optin will print on screen a list of all attributes available to the user\&. This is a no\-op .SH "BUGS" .PP \m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" .PP voms\-proxy\-list(1), voms\-proxy\-init(1), voms\-proxy\-info(1), voms\-proxy\-destroy(1) .PP \m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP \m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP \m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" .PP Vincenzo Ciaschini \&. .PP Valerio Venturi \&. .SH "COPYRIGHT" .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at .PP \m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. .SH "NOTES" .IP " 1." 4 EGEE Bug Tracking Tool .RS 4 \%https://savannah.cern.ch/projects/jra1mdw/ .RE .IP " 2." 4 EDT Auth Home page .RS 4 \%http://grid-auth.infn.it .RE .IP " 3." 4 CVSweb .RS 4 \%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms .RE .IP " 4." 4 RPM repository .RS 4 \%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 .RE .IP " 5." 4 www.apache.org/licenses/LICENSE-2.0 .RS 4 \%http://www.apache.org/licenses/LICENSE-2.0 .RE voms-2.1.2/doc/voms-proxy-list.xml000066400000000000000000000106511477131364200171160ustar00rootroot00000000000000 ]> voms-proxy-list 1 VOMS Client voms-proxy-list Shows a list of all available attributes from a specified server voms-proxy-list options Description The voms-proxy-list prints on screen a list of all available attributes from a specified proxy server. Options Options may be specified indifferently with either a "-" or "--" prefix. The options from -help to -out are present for compatibility with grid-proxy-init, and have the exact same meaning. The meaning of the other ones is the following. Displays usage Displays version Enables extra debug output Quiet mode, minimal output Verifies certificate to make proxy for Allows passphrase from stdin certfile Non-standard location of user certificate keyfile Non-standard location of user key certdir Non standard location where the trusted CAs certificates are kept. proxyfile Location of new proxy cert voms Specifies the VOMS server to contact using the nickname voms. Example : voms-proxy-list --voms myVO file Read options from file. file file file Specifies the name of a configuration file from which a list of nicknames is read. The format of the file is the following: nick host port subject vo Where nick is the nickname, host and port are the hostname and port of the server to contact, subject is the subject of the server's certificate, while vo is the name of the VO that owns the server. The default filenames are $PREFIX/etc/vomses and $HOME/.glite/vomses. Moreover, permissions must be 644 if a file is specified, and 755 if a directory is specified The three options are synonyms. -confile and -userconf are deprecated. -vomses should be used instead. version This option is obsolete and only present for backwards compatibility with old installations. Currently, its value is ignored. Use existing proxy to contact the server and to sing the new proxy. Ignore all warnings. They are not shown to the user. Warnings become failures. The program will translates all warnings into errors and will react accordingly, by returning a failure itself. Instead of producing an attribute certificate, this optin will print on screen a list of all attributes available to the user. This is a no-op &bugzilla; See also voms-proxy-list(1), voms-proxy-init(1), voms-proxy-info(1), voms-proxy-destroy(1) &links; &authors; &license; voms-2.1.2/doc/voms.8000066400000000000000000000335761477131364200143500ustar00rootroot00000000000000'\" t .\" Title: voms .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 05/03/2021 .\" Manual: VOMS Server .\" Source: VOMS Server .\" Language: English .\" .TH "VOMS" "8" "05/03/2021" "VOMS Server" "VOMS Server" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" voms \- VOMS server .SH "SYNOPSIS" .HP \w'\fBvoms\fR\ 'u \fBvoms\fR [\-foreground] [\-port\ \fIport\fR] [\-backlog\ \fIpnum\fR] [\-logfile\ \fIfile\fR] [\-globusid\ \fIid\fR] [\-globuspwd\ \fIfile\fR] [\-passfile\ \fIfile\fR] [\-x509_cert_dir\ \fIpath\fR] [\-x509_cert_file\ \fIfile\fR] [\-x509_user_cert\ \fIfile\fR] [\-x509_user_key\ \fIfile\fR] [\-x509_user_proxy\ \fIfile\fR] [\-dbname\ \fIname\fR] [\-username\ \fIname\fR] [\-vo\ \fI\ name\fR] [\-timeout\ \fI\ limit\fR] [\-test] [\-conf\ \fI\ file\fR] [\-uri\ \fI\ uri\fR] [\-version] [\-code\ \fIc\fR] [\-loglevel\ \fIlev\fR] [\-logtype\ \fItype\fR] [\-logformat\ \fIstr\fR] [\-logdateformat\ \fIstr\fR] [\-debug] [\-sqlloc\ \fIpath\fR] [\-compat] [\-socktimeout\ \fInum\fR] [\-logmax\ \fInum\fR] [\-newformat] [\-skipcacheck] [\-help] [\-usage] [\-globus\ \fIversion\fR] [\-contactstring\ \fIcontact\fR] [\-mysql\-port\ \fIport\fR] [\-mysql\-socket\ \fIsocket\fR] [\-shortfqans] [\-syslog] [\-base64] [\-nologfile] .SH "DESCRIPTION" .PP VOMS \- Virtual Organization Membership Service\&. .PP For the initial setup of the server, run the voms_install_db script as root\&. .SH "OPTIONS" .PP Options may be specified indifferently with either a "\-" or "\-\-" prefix\&. Their meaning is the following\&. .PP \fB\-help\fR .PP \fB\-usage\fR .PP These options print a list of options that the server accepts\&. They are synonyms\&. .PP \fB\-foreground\fR .PP Runs part of the server in foreground\&. Easier debugging\&. .PP \fB\-port\fR \fIport\fR .PP Listens on port \fIport\fR\&. The default is 754\&. .PP \fB\-backlog\fR \fInum\fR .PP Sets the maximum backlof for the connections\&. The default is 50\&. .PP \fB\-logfile\fR \fIfile\fR .PP Selects the file for logging\&. The default is /ver/log/voms\&. .PP \fB\-globusid\fR \fIid\fR .PP \fB\-globuspwd\fR \fIfile\fR .PP These options are supported for backwards compatibility only\&. They have no effect, and indeed do not get listed by the \-help option\&. .PP \fB\-passfile\fR \fIfile\fR .PP Reads the password to access the DB from \fIfile\fR\&. The default is to read it from the console during server\*(Aqs startup\&. .PP \fB\-x509_cert_dir\fR \fIpath\fR .PP \fB\-x509_cert_file\fR \fIfile\fR .PP \fB\-x509_user_cert\fR \fIfile\fR .PP \fB\-x509_user_key\fR \fIfile\fR .PP \fB\-x509_user_proxy\fR \fIfile\fR .PP These options set the respective variables\&. .PP \fB\-dbname\fR \fIname\fR .PP Sets the name of the DB\&. Default \fIvoms\fR\&. .PP \fB\-username\fR \fIname\fR .PP Sets the name of the user for the DB login\&. The default is \fIvoms\fR\&. .PP \fB\-vo\fR \fIname\fR .PP Sets the name of the VO that owns this server\&. The default is \fIunspecified\fR\&. .PP \fB\-timeout\fR \fIlimit\fR .PP Sets the length of time that the information is valid, measured in secods\&. The default is 86400 seconds (24 hours)\&. .PP \fB\-test\fR .PP Prints information about the server startup and then exits\&. .PP \fB\-conf\fR \fIfile\fR .PP Reads option from the file \fIfile\fR\&. The options must be present one per line in the format \fB\-option[=value]\fR where the value part must obviously be present only if it is required\&. .PP \fB\-uri\fR \fIuri\fR .PP Defines the uri of the server that will be included in the generated pseudo certificate\&. The default value is hostname:port .PP \fB\-version\fR .PP Prints information about the server and then exits\&. .PP \fB\-code\fR \fIc\fR .PP \fB\-globus\fR \fIversion\fR .PP These options are obsolete and only present for backwards compatibility with old installations\&. Currently, their values are ignored\&. Do not specify them in new installations\&. .PP \fB\-logtype\fR \fItype\fR .PP Sets the type of messages that will be loggged\&. Acceptable values are: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} 1 \- STARTUP, print startup messages\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} 2 \- REQUEST, print messages during the request interpretation phase\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} 4 \- RESULT, print messages during the result sending phase\&. .RE .PP This values can be ORed together to indicate that all the corresponding types of messages are required\&. The default values is 255\&. .PP \fB\-loglevel\fR \fIlev\fR .PP Sets the level of verbosity of log messages\&. Acceptable values are: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} 1 \- LEV_NONE, do not log anything\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} 2 \- LEV_ERROR, the default, logs only error conditions\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} 3 \- LEV_WARNINGS, logs also warning messages\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} 4 \- LEV_INFO, logs also general informational messages\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} 5 \- LEV_DEBUG, logs also a lot of debug messages\&. Setting this level of verbosity overwrites the value of the \fB\-logtype\fR option to 255\&. .RE .PP Higher values include all messages printed by lower ones, and values not documented here are translated as the highest level possible, LEV_DEBUG .PP \fB\-logformat\fR \fIstr\fR .PP Sets the format used by the logging system according to a printf\-like format string with the following directives format: \fI\e%[size][char]\fR where size, if present, sets the maximum length of the field and \fIchar\fR selects the type of substitution done\&. Possible values are the following: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} % \- Substitutes a plain \*(Aq%\*(Aq\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} d \- Substitutes the date\&. The date format is specified by the \fB\-logdateformat\fR option\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} f \- Substitutes the name of the source file that logs the message\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} F \- Substitutes the name of the function that logs the message\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} h \- Substitutes the hostname of the machine hosting the service\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} l \- Substitutes the line number that logs the message\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} m \- Substitutes the message proper\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} p \- Substitutes the process\*(Aq pid\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} s \- Substitutes the service name ("vomsd")\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} t \- Substitutes the number of the message type\&. (see the \fB\-logtype\fR option) .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} T \- Substitutes the name of the message type\&. (see the \fB\-logtype\fR option) .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} v \- Substitutes the number of the message level\&. (see the \fB\-loglevel\fR option) .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} V \- Substitutes the name of the message level\&. (see the \fB\-loglevel\fR option) .RE .PP The default value for this options is: "%d:%h:%s(%p):%V:%T:%F (%f:%l):%m" .PP \fB\-logdateformat\fR \fIstr\fR .PP This option sets the format used to print the date\&. The format is the same used by the strftime(3) function, and its default value is: "%c"\&. .PP \fB\-debug\fR .PP This option puts the server into debug mode\&. This mode automatically implies \fB\-loglevel 5\fR\&. Also, this option hurts scalability and is not suggested in a production environment .PP \fB\-sqlloc\fR \fI/path/file\fR .PP This option specifies the full path for the DB access library\&. Please note that there is no default for this option! .PP \fB\-socktimeout\fR \fInum\fR .PP This option sets the amount of time, in seconds, after which the server will drop an inactive connection\&. The default is 60 seconds\&. .PP \fB\-maxlog\fR \fInum\fR .PP This options sets the maximum size of a log file\&. Please note that this size is approximate, and may be exceeded by a few thousand bytes\&. In any case, when the specified amount is surpassed, logfiles are rotated\&. The default is 10Mb .PP \fB\-newformat\fR .PP This forces the server to generate ACs in the new (correct) format\&. This is meant as a compatibility feature to ease migration while the servers upgrade to the new version\&. .PP \fB\-skipcacheck\fR .PP This option, if specified, forces voms to drop some of the checks done as the authorization step before AC creation\&. Specifically, voms will no longer be capable of distinguishing to certificates with the same DN but different issuers\&. For obvious reasons, use of this option is discouraged\&. Note also that activating this option requires a previous check by the voms server administrator that there are no certificates registered in the DB which the same DN and different issuers\&. If there are, the result of a voms\-proxy\-init command for one of those users will be unpredictable\&. .PP \fB\-contactstring\fR \fIcontact\fR .PP This string specifies information on how to contact the DB server\&. Its exact meaning depends on the DB backend used\&. For MySQL it is the hostname of the MySQL server, and it defaults to \*(Aqlocalhost\*(Aq\&. For Oracle it is the contactstring of the DB\&. However, for oracle it is better to put what whould be the argument of this string into the \*(Aqtnsnames\&.ora\*(Aq file and ignore this option, .PP \fB\-mysql\-port \fR \fIport\fR .PP This option specified the port on which the MySQL server is listening if it is different from its 3306 default\&. This value is ignored for Oracle backends\&. .PP \fB\-mysql\-socket\fR \fIsocket\fR .PP MySQL servers may be configured to allow access through a unix\-level socket\&. This option allows one to specify this method of contact\&. However, it is almost always better to contact the server through the port\&. This option is ignored for Oracle backends\&. .PP \fB\-shortfqans\fR .PP This option instructs the server to always generate FQANs in their short form, i\&.e\&. without the /Role=NULL and /Capability=NULL parts\&. Successive server version will make this behaviour the default, and provide a \fB\-noshortfqans\fR option to fallback to the longer format\&. Specifying this option is recommended\&. .PP \fB\-syslog\fR .PP This option allows log messages to be sent to syslog\&. .PP \fB\-base64\fR .PP This option instructs the server to use the base64 encoding for its messages, rather than the in\-house encoding\&. This option will be made the default in future versions and \fB\-nobase64\fR will be provided to fallback to the inhouse encoding\&. Specifying this option is recommended\&. .PP \fB\-nologfile\fR .PP This option disables logging on the voms specific logfile\&. Please note that specifying this option without at the same time specifying \fB\-syslog\fR implies that no logging will take place\&. .SH "BUGS" .PP \m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" .PP voms\-proxy\-init(1), voms\-proxy\-info(1), voms\-proxy\-destroy(1) .PP \m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP \m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP \m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" .PP Vincenzo Ciaschini \&. .PP Valerio Venturi \&. .SH "COPYRIGHT" .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at .PP \m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. .SH "NOTES" .IP " 1." 4 EGEE Bug Tracking Tool .RS 4 \%https://savannah.cern.ch/projects/jra1mdw/ .RE .IP " 2." 4 EDT Auth Home page .RS 4 \%http://grid-auth.infn.it .RE .IP " 3." 4 CVSweb .RS 4 \%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms .RE .IP " 4." 4 RPM repository .RS 4 \%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 .RE .IP " 5." 4 www.apache.org/licenses/LICENSE-2.0 .RS 4 \%http://www.apache.org/licenses/LICENSE-2.0 .RE voms-2.1.2/doc/voms.xml000066400000000000000000000370151477131364200147710ustar00rootroot00000000000000 ]> voms 8 VOMS Server voms VOMS server voms -foreground -port port -backlog pnum -logfile file -globusid id -globuspwd file -passfile file -x509_cert_dir path -x509_cert_file file -x509_user_cert file -x509_user_key file -x509_user_proxy file -dbname name -username name -vo name -timeout limit -test -conf file -uri uri -version -code c -loglevel lev -logtype type -logformat str -logdateformat str -debug -sqlloc path -compat -socktimeout num -logmax num -newformat -skipcacheck -help -usage -globus version -contactstring contact -mysql-port port -mysql-socket socket -shortfqans -syslog -base64 -nologfile Description VOMS - Virtual Organization Membership Service. For the initial setup of the server, run the voms_install_db script as root. Options Options may be specified indifferently with either a "-" or "--" prefix. Their meaning is the following. These options print a list of options that the server accepts. They are synonyms. Runs part of the server in foreground. Easier debugging. port Listens on port port. The default is 754. num Sets the maximum backlof for the connections. The default is 50. file Selects the file for logging. The default is /ver/log/voms. id file These options are supported for backwards compatibility only. They have no effect, and indeed do not get listed by the -help option. file Reads the password to access the DB from file. The default is to read it from the console during server's startup. path file file file file These options set the respective variables. name Sets the name of the DB. Default voms. name Sets the name of the user for the DB login. The default is voms. name Sets the name of the VO that owns this server. The default is unspecified. limit Sets the length of time that the information is valid, measured in secods. The default is 86400 seconds (24 hours). Prints information about the server startup and then exits. file Reads option from the file file. The options must be present one per line in the format where the value part must obviously be present only if it is required. uri Defines the uri of the server that will be included in the generated pseudo certificate. The default value is hostname:port Prints information about the server and then exits. c version These options are obsolete and only present for backwards compatibility with old installations. Currently, their values are ignored. Do not specify them in new installations. type Sets the type of messages that will be loggged. Acceptable values are: 1 - STARTUP, print startup messages. 2 - REQUEST, print messages during the request interpretation phase. 4 - RESULT, print messages during the result sending phase. This values can be ORed together to indicate that all the corresponding types of messages are required. The default values is 255. lev Sets the level of verbosity of log messages. Acceptable values are: 1 - LEV_NONE, do not log anything. 2 - LEV_ERROR, the default, logs only error conditions. 3 - LEV_WARNINGS, logs also warning messages. 4 - LEV_INFO, logs also general informational messages. 5 - LEV_DEBUG, logs also a lot of debug messages. Setting this level of verbosity overwrites the value of the option to 255. Higher values include all messages printed by lower ones, and values not documented here are translated as the highest level possible, LEV_DEBUG str Sets the format used by the logging system according to a printf-like format string with the following directives format: \%[size][char] where size, if present, sets the maximum length of the field and char selects the type of substitution done. Possible values are the following: % - Substitutes a plain '%'. d - Substitutes the date. The date format is specified by the option. f - Substitutes the name of the source file that logs the message. F - Substitutes the name of the function that logs the message. h - Substitutes the hostname of the machine hosting the service. l - Substitutes the line number that logs the message. m - Substitutes the message proper. p - Substitutes the process' pid. s - Substitutes the service name ("vomsd"). t - Substitutes the number of the message type. (see the option) T - Substitutes the name of the message type. (see the option) v - Substitutes the number of the message level. (see the option) V - Substitutes the name of the message level. (see the option) The default value for this options is: "%d:%h:%s(%p):%V:%T:%F (%f:%l):%m" str This option sets the format used to print the date. The format is the same used by the strftime(3) function, and its default value is: "%c". This option puts the server into debug mode. This mode automatically implies . Also, this option hurts scalability and is not suggested in a production environment /path/file This option specifies the full path for the DB access library. Please note that there is no default for this option! num This option sets the amount of time, in seconds, after which the server will drop an inactive connection. The default is 60 seconds. num This options sets the maximum size of a log file. Please note that this size is approximate, and may be exceeded by a few thousand bytes. In any case, when the specified amount is surpassed, logfiles are rotated. The default is 10Mb This forces the server to generate ACs in the new (correct) format. This is meant as a compatibility feature to ease migration while the servers upgrade to the new version. This option, if specified, forces voms to drop some of the checks done as the authorization step before AC creation. Specifically, voms will no longer be capable of distinguishing to certificates with the same DN but different issuers. For obvious reasons, use of this option is discouraged. Note also that activating this option requires a previous check by the voms server administrator that there are no certificates registered in the DB which the same DN and different issuers. If there are, the result of a voms-proxy-init command for one of those users will be unpredictable. contact This string specifies information on how to contact the DB server. Its exact meaning depends on the DB backend used. For MySQL it is the hostname of the MySQL server, and it defaults to 'localhost'. For Oracle it is the contactstring of the DB. However, for oracle it is better to put what whould be the argument of this string into the 'tnsnames.ora' file and ignore this option, port This option specified the port on which the MySQL server is listening if it is different from its 3306 default. This value is ignored for Oracle backends. socket MySQL servers may be configured to allow access through a unix-level socket. This option allows one to specify this method of contact. However, it is almost always better to contact the server through the port. This option is ignored for Oracle backends. This option instructs the server to always generate FQANs in their short form, i.e. without the /Role=NULL and /Capability=NULL parts. Successive server version will make this behaviour the default, and provide a option to fallback to the longer format. Specifying this option is recommended. This option allows log messages to be sent to syslog. This option instructs the server to use the base64 encoding for its messages, rather than the in-house encoding. This option will be made the default in future versions and will be provided to fallback to the inhouse encoding. Specifying this option is recommended. This option disables logging on the voms specific logfile. Please note that specifying this option without at the same time specifying implies that no logging will take place. &bugzilla; See also voms-proxy-init(1), voms-proxy-info(1), voms-proxy-destroy(1) &links; &authors; &license; voms-2.1.2/docker-compose.yml000066400000000000000000000004771477131364200161550ustar00rootroot00000000000000volumes: trustanchors: cabundle: services: trust: image: indigoiam/egi-trustanchors:igi-test-ca volumes: - trustanchors:/tmp/certificates - cabundle:/tmp/pki environment: FORCE_TRUST_ANCHORS_UPDATE: 1 TRUST_ANCHORS_TARGET: /tmp/certificates CA_BUNDLE_TARGET: /tmp/pki voms-2.1.2/docker/000077500000000000000000000000001477131364200137575ustar00rootroot00000000000000voms-2.1.2/docker/.env000066400000000000000000000001501477131364200145440ustar00rootroot00000000000000DOCKER_IMAGE=italiangrid/voms-build-centos7 DOCKER_GIT_TAG_ENABLED=y DOCKER_OPTS="--rm=true --no-cache" voms-2.1.2/docker/Dockerfile000066400000000000000000000017001477131364200157470ustar00rootroot00000000000000FROM centos:7 # Allow customization of build user ID and name ARG BUILD_USER=build ARG BUILD_USER_UID=501 RUN echo "include_only=.garr.it,.cern.ch" >> /etc/yum/pluginconf.d/fastestmirror.conf && \ yum clean all && \ yum install -y hostname epel-release && \ yum -y update && \ yum -y install which wget tar sudo file && \ yum -y install which wget tar sudo file && \ echo '%wheel ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \ adduser --uid ${BUILD_USER_UID} ${BUILD_USER} && \ usermod -a -G wheel ${BUILD_USER} && \ yum -y install \ gdb git expat-devel autoconf automake make libtool pkgconfig openssl-devel gsoap-devel \ mysql-devel libxslt docbook-style-xsl doxygen bison gcc-c++ gcc && \ yum clean all && \ rm -rf /var/cache/yum ENV TINI_VERSION v0.18.0 ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini RUN chmod +x /tini ENTRYPOINT ["/tini", "--"] # USER $BUILD_USER # WORKDIR /home/$BUILD_USER voms-2.1.2/docker/Dockerfile.centos6000066400000000000000000000003061477131364200173300ustar00rootroot00000000000000FROM italiangrid/pkg.base:centos6 USER root RUN yum -y install expat-devel \ pkgconfig openssl-devel \ gsoap-devel mysql-devel \ libxslt docbook-style-xsl \ doxygen bison voms-2.1.2/docker/build-image.sh000066400000000000000000000001151477131364200164670ustar00rootroot00000000000000#!/bin/bash docker build -t voms/voms-build:centos6 -f Dockerfile.centos6 . voms-2.1.2/m4/000077500000000000000000000000001477131364200130305ustar00rootroot00000000000000voms-2.1.2/m4/Makefile.am000066400000000000000000000002731477131364200150660ustar00rootroot00000000000000EXTRA_DIST = voms.m4 if BUILD_INTERFACES install-exec-hook: $(mkinstalldirs) $(DESTDIR)/$(datadir)/aclocal $(INSTALL_DATA) $(top_srcdir)/m4/voms.m4 $(DESTDIR)/$(datadir)/aclocal endif voms-2.1.2/m4/acinclude.m4000066400000000000000000000413501477131364200152240ustar00rootroot00000000000000AC_DEFUN([AC_LINUX], [ AC_MSG_CHECKING([if compiling on Linux]) if test "x`uname -s`" = "xLinux" ; then AC_MSG_RESULT([yes]) AC_DEFINE(RUN_ON_LINUX, 1, [Define to 1 if running on a Linux System]) else AC_MSG_RESULT([no]) fi ]) AC_DEFUN([AC_PARSER_GEN], [ AC_ARG_ENABLE([parser-gen], [ --disable-parser-gen disable the generation the parser code with flex/bison. ], [ parser_gen=${enableval} ], [ parser_gen="yes" ]) AM_CONDITIONAL([REGENERATE_PARSERS], [test "x${parser_gen}" = xyes]) ]) AC_DEFUN([AC_BUILD_PARTS], [ AC_ARG_WITH(all, [ --with-all Enable compilation of the clients (yes)], [ case "$withval" in yes) build_all="yes" ;; no) build_all="no" ;; *) AC_MSG_ERROR([bad value $withval for --with-all]) ;; esac ], [ build_all="yes" ]) AC_ARG_WITH(clients, [ --with-clients Enable compilation of the clients (yes)], [ case "$withval" in yes) build_clients="yes" ;; no) build_clients="no" ;; *) AC_MSG_ERROR([bad value $withval for --with-clients]) ;; esac ], [ build_clients="$build_all" ]) AC_ARG_WITH(server, [ --with-server Enable compilation of the server (yes)], [ case "$withval" in yes) build_server="yes" ;; no) build_server="no" ;; *) AC_MSG_ERROR([bad value $withval for --with-server]) ;; esac ], [ build_server="$build_all" ]) AC_ARG_WITH(c-api, [ --with-c-api No effect], [ case "$withval" in yes) build_c_api="yes" ;; no) build_c_api="no" ;; *) AC_MSG_ERROR([bad value $withval for --with-c-api]) ;; esac ], [ build_c_api="$build_all" ]) AC_ARG_WITH(cpp-api, [ --with-cpp-api Enable compilation of the C++ APIs (yes)], [ case "$withval" in yes) build_cpp_api="yes" ;; no) build_cpp_api="no" ;; *) AC_MSG_ERROR([bad value $withval for --with-cpp-api]) ;; esac ], [ build_cpp_api="$build_all" ]) AC_ARG_WITH(interfaces, [ --with-interfaces Enable compilation of the includes (yes)], [ case "$withval" in yes) build_interfaces="yes" ;; no) build_interfaces="no" ;; *) AC_MSG_ERROR([bad value $withval for --with-interfaces]) ;; esac ], [ build_interfaces="$build_all" ]) AC_ARG_WITH(config, [ --with-config Enable compilation of the configuration files (yes)], [ case "$withval" in yes) build_config="yes" ;; no) build_config="no" ;; *) AC_MSG_ERROR([bad value $withval for --with-config]) ;; esac ], [ build_config="$build_all" ]) AM_CONDITIONAL(BUILD_CPP_API, test x$build_cpp_api = xyes) AM_CONDITIONAL(BUILD_INTERFACES, test x$build_interfaces = xyes) AM_CONDITIONAL(BUILD_CLIENTS, test x$build_clients = xyes) AM_CONDITIONAL(BUILD_SERVER, test x$build_server = xyes) AM_CONDITIONAL(BUILD_CONFIG, test x$build_config = xyes) ]) # AC_OPENSSL checks system openssl availability # --------------------------------------------- AC_DEFUN([AC_OPENSSL], [ AC_ARG_WITH(openssl_prefix, [ --with-openssl-prefix=PFX prefix where OpenSSL is installed. (/usr)], [with_openssl_prefix="$withval"], [with_openssl_prefix=/usr]) if test "x$with_openssl_prefix" = "x/usr" ; then AC_CHECK_LIB(crypto, ERR_print_errors_fp, [found=yes], [found=no]) if test "x$found" = "xyes" ; then OPENSSL_LIBS="-lcrypto -lssl" NO_GLOBUS_FLAGS="" fi else SAVE_LD_LIBRARY_PATH=$LD_LIBRARY_PATH LD_LIBRARY_PATH="$with_openssl_prefix/lib" AC_LANG_PUSH(C) AC_CHECK_LIB(crypto, ERR_print_errors_fp, [found=yes], [found=no]) AC_LANG_POP(C) NO_GLOBUS_FLAGS="-I$with_openssl_prefix/include" if test "x$found" = "xyes"; then OPENSSL_LIBS="-L$with_openssl_prefix/lib -lcrypto -lssl" AC_MSG_CHECKING([for system OpenSSL version]) cat >conftest.h < OPENSSL_VERSION_TEXT HERE openssl_version=`$CPP $NO_GLOBUS_FLAGS -o - -P conftest.h` AC_MSG_RESULT($openssl_version) rm -f conftest.h fi LD_LIBRARY_PATH="$SAVE_LD_LIBRARY_PATH" fi SAVE_CFLAGS=$CFLAGS CFLAGS="$CFLAGS -Werror" AC_MSG_CHECKING(if asn1.h functions need const) AC_TRY_COMPILE( [ #include ], [ char **pp; long length; ASN1_PRINTABLESTRING *p; (void)M_d2i_ASN1_PRINTABLESTRING(&p, pp, length); ], [ac_need_const="no"], [ac_need_const="yes"]) CFLAGS="$SAVE_CFLAGS" AC_MSG_RESULT($ac_need_const) AC_SUBST(OPENSSL_LIBS) AC_SUBST(NO_GLOBUS_FLAGS) if test "x$ac_need_const" = "xyes" ; then AC_DEFINE(NEEDCONST, 1, [Define to 1 if openssl needs "consted" parameters]) fi AH_BOTTOM([#if defined(NEEDCONST) #define MAYBECONST const #else #define MAYBECONST #endif]) ]) # AC_COMPILER add switch to enable debug and warning # options for gcc # ------------------------------------------------------- AC_DEFUN([AC_COMPILER], [ AC_ARG_WITH(debug, [ --with-debug Compiles without optimizations and with debug activated], [ac_with_debug="yes"], [ac_with_debug="no"]) if test "x$ac_with_debug" = "xyes" ; then CFLAGS="-g -O0" CXXFLAGS="-g -O0" fi AC_ARG_WITH(profile, [ --with-profile Compiles and links with collection of profile information activated], [ac_with_profile="yes"], [ac_with_profile="no"]) if test "x$ac_with_profile" = "xyes" ; then CFLAGS="$CFLAGS -pg" CXXFLAGS="$CXXFLAGS -pg" LDFLAGS="$LDFLAGS -pg" fi AC_ARG_WITH(warnings, [ --with-warnings Compiles with maximum warnings], [ac_with_warnings="yes"], [ac_with_warnings="no"]) if test "x$ac_with_warnings" = "xyes" ; then CFLAGS="$CFLAGS -Wall -Wextra" CXXFLAGS="$CXXFLAGS -Wall -Wextra" fi ]) AC_DEFUN([AC_BUILD_API_ONLY], [ AC_ARG_WITH(api-only, [ --with-api-only Enable compilation of the APIs only (no)], [ case "$withval" in yes) have_api_only="yes" ;; no) have_api_only="no" ;; *) AC_MSG_ERROR([bad value $(withval) for --with-api-only]) ;; esac ], [ have_api_only="no" ]) AM_CONDITIONAL(BUILD_ALL, test x$have_api_only = xno) ]) # AC_ENABLE_DOCS add switch to enable debug and warning # options for gcc # ------------------------------------------------------- AC_DEFUN([AC_ENABLE_DOCS], [ AC_ARG_ENABLE(docs, [ --enable-docs Enable doc generation], [ case "$enableval" in yes) build_docs="yes" ;; no) ;; *) AC_MSG_ERROR(bad value $(enableval) for --enable-docs) ;; esac ], [build_docs="no"]) AM_CONDITIONAL(BUILD_DOCS, test x$build_docs = xyes) ]) # AC_VOMS_TIME_T_TIMEZONE test whether time_t timezone is present # int time.h # ------------------------------------------------------------ AC_DEFUN([AC_VOMS_TIME_T_TIMEZONE], [ AC_MSG_CHECKING(for time_t timezone in ) AC_LANG_PUSH(C) AC_TRY_COMPILE( [ #include ], [ struct tm y; time_t offset = 3; time_t x = mktime(&y) + offset*60*60 - timezone; ], [ac_have_time_t_timezone="yes"], [ac_have_time_t_timezone="no"] ) if test "X$ac_have_time_t_timezone" = "Xyes" ; then AC_MSG_RESULT(yes) AC_DEFINE(HAVE_TIME_T_TIMEZONE, 1, [Define to 1 if you have time_t timezone type in time.h]) else dnl dnl only place this should occur is on CYGWIN B20, which has an dnl integer _timezone defined instead dnl AC_MSG_RESULT(no) AC_MSG_CHECKING(checking for time_t _timezone in ) AC_TRY_COMPILE( [ #include ], [ struct tm y; time_t offset = 3; time_t x = mktime(&y) + offset*60*60 - _timezone; ], [answer=yes] [answer=no] ) if test "X$answer" = "Xyes" ; then AC_MSG_RESULT(yes) AC_DEFINE(HAVE_TIME_T__TIMEZONE, 1, [Define to 1 if you have time_t _timezone type in time.h]) else AC_MSG_RESULT(no) fi AC_LANG_POP(C) fi ]) # AC_VOMS_STRNDUP # ------------------------------------------------------------ AC_DEFUN([AC_VOMS_STRNDUP], [ AC_MSG_CHECKING([for strndup]) AC_TRY_LINK([ #include ], [ char *s = strndup("prova",5); ], [AC_DEFINE(HAVE_STRNDUP, 1, [Define to 1 if you have strndup in string.h]) AC_MSG_RESULT(yes)], [AC_LIBOBJ(strndup) AC_MSG_RESULT(no)]) ]) # AC_SOCKLEN_T test whether socklen_t type is present # ------------------------------------------------------------ AC_DEFUN([AC_VOMS_SOCKLEN_T], [ AC_MSG_CHECKING([for (sane) socklen_t]) AC_TRY_COMPILE( [ #include #include ], [ socklen_t addrlen = (socklen_t)5; (void)getsockname(0, 0L, &addrlen); return 0; ], [ac_have_socklen_t="yes"], [ac_have_socklen_t="no"] ) if test "x$ac_have_socklen_t" = "xyes" ; then AC_DEFINE(HAVE_SOCKLEN_T, 1, [Define to 1 if you have the socklen_t type]) fi AC_MSG_RESULT([$ac_have_socklen_t]) ]) # AC_VOMS_FIND_FUNC # ------------------------------------------------------------------- AC_DEFUN([AC_VOMS_FIND_FUNC], [ AC_MSG_CHECKING([for function name discovery]) AC_TRY_COMPILE( [], [char *str = __func__], [ac_have_func="__func__"], [ac_have_func="no"] ) if test "x$ac_have_func" = "xno" ; then AC_TRY_COMPILE( [], [char *str = __PRETTY_FUNCTION__], [ac_have_func="__PRETTY_FUNCTION__"], [ac_have_func="no"] ) fi if test "x$ac_have_func" = "xno" ; then AC_TRY_COMPILE( [], [char *str = ___FUNCTION__], [ac_have_func="__FUNCTION__"], [ac_have_func="NULL"] ) fi AC_DEFINE_UNQUOTED(FUNC_NAME, [$ac_have_func], FUNC_NAME) AC_MSG_RESULT([$ac_have_func]) ]) AC_DEFUN([NEW_ISSUES], [ AC_MSG_CHECKING([for string dependency on cerr]) AC_LANG_PUSH(C++) cat > conftest.cpp < int main(int argc, char *argv[]) { std::string g; return 0; } HERE if ( ($CXX -c -o conftest.o conftest.cpp > /dev/null 2>&1) ); then if ( (nm -C conftest.o | grep cerr > /dev/null 2>&1) ); then AH_BOTTOM([#ifdef __cplusplus #include #endif]) AC_DEFINE(__THROW_BAD_ALLOC, return 0L, __THROW_BAD_ALLOC) AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi else AC_MSG_RESULT([cannot test]) fi rm -rf conftest* AC_LANG_POP(C++) ]) AC_DEFUN([PUT_PRIVATES], [ AH_BOTTOM([#if defined(__GNUC__) #if (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) #define UNUSED(z) z __attribute__ ((unused)) #else #define UNUSED(z) z #endif #define PRIVATE __attribute__ ((visibility ("hidden"))) #define PUBLIC __attribute__ ((visibility ("default"))) #else #define UNUSED(z) z #define PRIVATE #define PUBLIC #endif])]) AC_DEFUN([AC_TESTSUITE], [ AC_ARG_WITH(report-dir, [ --with-report-dir Set reportdir for testsuite], [with_reportdir="$withval"], [with_reportdir="$HOME/reports"]) AC_ARG_WITH(scratch-dir, [ --with-scratch-dir Set scratchdir for testsuite], [with_scratchdir="$withval"], [with_scratchdir="/tmp"]) AC_ARG_WITH(dbuser, [ --with-dbuser Set DB user for testsuite], [with_dbuser="$withval"], [with_dbuser="root"]) AC_ARG_WITH(dbpwd, [ --with-dbpwd Set DB password for testsuite], [with_dbpwd="$withval"], [with_dbpwd=""]) AC_ARG_WITH(mysqlconf, [ --with-mysqlconf Set DB password for testsuite], [with_mysqlconf="$withval"], [with_mysqlconf=""]) AC_ARG_ENABLE(oracle-tests, [ --enable-oracle-tests Do tests against Oracle DB], [ case "$enableval" in yes) enable_oracletests="yes" ;; no) enable_oracletests="no" ;; *) AC_MSG_ERROR([bad value $(enableval) for --enable-oracle-tests]) ;; esac ], [ enable_oracletests="no"]) AC_ARG_ENABLE(mysql-tests, [ --enable-mysql-tests Do tests against MySQL DB], [ case "$enableval" in yes) enable_mysqltests="yes" ;; no) enable_mysqltests="no" ;; *) AC_MSG_ERROR([bad value $(enableval) for --enable-mysql-tests]) ;; esac ], [ enable_mysqltests="yes"]) AC_ARG_ENABLE(coverage, [ --enable-coverage Enable getting coverage info on the testsuite execution], [ case "$enableval" in yes) enable_coverage="yes" ;; no) enable_coverage="no" ;; *) AC_MSG_ERROR([bad value $(enableval) for --enable-coverage]) ;; esac ], [ enable_coverage="no" ]) if test "x$enable_coverage" = "xyes" ; then CFLAGS="$CFLAGS -fprofile-arcs -ftest-coverage" CXXFLAGS="$CXXFLAGS -fprofile-arcs -ftest-coverage" LDFLAGS="$LDFLAGS -lgcov" fi AC_ARG_WITH(cobertura, [ --with-cobertura=PFX prefix where cobertura is placed (no default)], [with_cobertura_prefix="$withval"], [with_cobertura_prefix="no"]) AC_ARG_WITH(valgrind, [ --with-valgrind=PFX Also test memory leaks with valgrind], [with_valgrind="$withval"], [with_valgrind="no"]) AC_MSG_CHECKING(valgrind installation) if test "x$with_valgrind" == "xno" ; then with_valgrind=""; if test "x$with_valgrind" == "x" ; then valgrind_path=`which valgrind 2>/dev/null`; if test "x$valgrind_path" == "x"; then AC_MSG_RESULT(valgrind not found.) else with_valgrind=$valgrind_path AC_MSG_RESULT(valgrind found at: $with_valgrind.) fi fi else AC_MSG_RESULT($with_valgrind.) fi AM_CONDITIONAL(USE_COBERTURA, test ! x$with_cobertura_prefix = xno) AC_SUBST(with_valgrind) AC_SUBST(with_reportdir) AC_SUBST(with_scratchdir) AC_SUBST(with_dbuser) AC_SUBST(with_dbpwd) AC_SUBST(with_mysqlconf) AC_SUBST(enable_oracletests) AC_SUBST(enable_mysqltests) AC_SUBST(enable_coverage) AC_SUBST(with_cobertura_prefix) ]) dnl This macro written by: dnl author: Gabor Gombas. dnl dnl dnl GLITE_DOCBOOK_HTML dnl dnl Check for xsltproc and the HTML stylesheets dnl AC_DEFUN([GLITE_DOCBOOK_MAN], [ AC_PATH_PROG([XSLTPROC], [xsltproc], [no]) if test "$XSLTPROC" != no; then if test -z "$XLSTPROCFLAGS"; then XSLTPROCFLAGS="--nonet" fi AC_CACHE_CHECK([for DocBook XML manpage stylesheets], [glite_cv_docbook_man], [ cat >conftest.xml <<"EOF" @> TEST test EOF $XSLTPROC $XSLTPROCFLAGS http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl conftest.xml >/dev/null 2>/dev/null result=$? if test $result = 0; then glite_cv_docbook_man=yes else glite_cv_docbook_man=no fi ]) AC_SUBST([XSLTPROCFLAGS]) fi AM_CONDITIONAL([HAVE_DOCBOOK_MAN], [test "$glite_cv_docbook_man" = yes]) ]) AC_DEFUN([AC_VOMS_LOCATIONS], [ if test "x$prefix" = "xNONE"; then actual_prefix=$ac_default_prefix else actual_prefix=$prefix fi loc_dir=${actual_prefix} if test "x$exec_prefix" = "xNONE"; then bin_dir=${actual_prefix} else bin_dir=${exec_prefix} fi if test "x"'${prefix}/etc' = "x$sysconfdir"; then etc_dir=${actual_prefix%%/}/etc else etc_dir=$sysconfdir fi if test "x"'${prefix}/var' = "x$localstatedir"; then var_dir=${actual_prefix%%/}/var else var_dir=$localstatedir fi AC_SUBST(LOCATION_ENV, "VOMS_LOCATION") AC_SUBST(VAR_LOCATION_ENV, "VOMS_LOCATION_VAR") AC_DEFINE(LOCATION_ENV, "VOMS_LOCATION", "Name of the voms location environment variable") AC_DEFINE(VAR_LOCATION_ENV, "VOMS_LOCATION_VAR", "Name of the var voms location environment variable") AC_DEFINE_UNQUOTED(LOCATION_DIR, "$loc_dir", "Prefix for the voms installation") AC_DEFINE_UNQUOTED(VAR_DIR, "$var_dir", "Location of the var directory) AC_DEFINE_UNQUOTED(BIN_DIR, "$bin_dir", "Prefix for the binaries") AC_DEFINE_UNQUOTED(ETC_DIR, "$etc_dir", "Location of the system directory") AC_SUBST(LOCATION_DIR, "$loc_dir") AC_SUBST(BIN_DIR, "$bin_dir") AC_SUBST(VAR_DIR, "$var_dir") AC_SUBST(ETC_DIR, "$etc_dir") AC_DEFINE(USER_DIR, ".voms", [VOMS user preferences directory]) ]) voms-2.1.2/m4/ax_pthread.m4000066400000000000000000000540341477131364200154170ustar00rootroot00000000000000# =========================================================================== # https://www.gnu.org/software/autoconf-archive/ax_pthread.html # =========================================================================== # # SYNOPSIS # # AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) # # DESCRIPTION # # This macro figures out how to build C programs using POSIX threads. It # sets the PTHREAD_LIBS output variable to the threads library and linker # flags, and the PTHREAD_CFLAGS output variable to any special C compiler # flags that are needed. (The user can also force certain compiler # flags/libs to be tested by setting these environment variables.) # # Also sets PTHREAD_CC and PTHREAD_CXX to any special C compiler that is # needed for multi-threaded programs (defaults to the value of CC # respectively CXX otherwise). (This is necessary on e.g. AIX to use the # special cc_r/CC_r compiler alias.) # # NOTE: You are assumed to not only compile your program with these flags, # but also to link with them as well. For example, you might link with # $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS # $PTHREAD_CXX $CXXFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS # # If you are only building threaded programs, you may wish to use these # variables in your default LIBS, CFLAGS, and CC: # # LIBS="$PTHREAD_LIBS $LIBS" # CFLAGS="$CFLAGS $PTHREAD_CFLAGS" # CXXFLAGS="$CXXFLAGS $PTHREAD_CFLAGS" # CC="$PTHREAD_CC" # CXX="$PTHREAD_CXX" # # In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant # has a nonstandard name, this macro defines PTHREAD_CREATE_JOINABLE to # that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX). # # Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the # PTHREAD_PRIO_INHERIT symbol is defined when compiling with # PTHREAD_CFLAGS. # # ACTION-IF-FOUND is a list of shell commands to run if a threads library # is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it # is not found. If ACTION-IF-FOUND is not specified, the default action # will define HAVE_PTHREAD. # # Please let the authors know if this macro fails on any platform, or if # you have any other suggestions or comments. This macro was based on work # by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help # from M. Frigo), as well as ac_pthread and hb_pthread macros posted by # Alejandro Forero Cuervo to the autoconf macro repository. We are also # grateful for the helpful feedback of numerous users. # # Updated for Autoconf 2.68 by Daniel Richard G. # # LICENSE # # Copyright (c) 2008 Steven G. Johnson # Copyright (c) 2011 Daniel Richard G. # Copyright (c) 2019 Marc Stevens # # This program is free software: you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation, either version 3 of the License, or (at your # option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General # Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure # scripts that are the output of Autoconf when processing the Macro. You # need not follow the terms of the GNU General Public License when using # or distributing such scripts, even though portions of the text of the # Macro appear in them. The GNU General Public License (GPL) does govern # all other use of the material that constitutes the Autoconf Macro. # # This special exception to the GPL applies to versions of the Autoconf # Macro released by the Autoconf Archive. When you make and distribute a # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. #serial 31 AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) AC_DEFUN([AX_PTHREAD], [ AC_REQUIRE([AC_CANONICAL_HOST]) AC_REQUIRE([AC_PROG_CC]) AC_REQUIRE([AC_PROG_SED]) AC_LANG_PUSH([C]) ax_pthread_ok=no # We used to check for pthread.h first, but this fails if pthread.h # requires special compiler flags (e.g. on Tru64 or Sequent). # It gets checked for in the link test anyway. # First of all, check if the user has set any of the PTHREAD_LIBS, # etcetera environment variables, and if threads linking works using # them: if test "x$PTHREAD_CFLAGS$PTHREAD_LIBS" != "x"; then ax_pthread_save_CC="$CC" ax_pthread_save_CFLAGS="$CFLAGS" ax_pthread_save_LIBS="$LIBS" AS_IF([test "x$PTHREAD_CC" != "x"], [CC="$PTHREAD_CC"]) AS_IF([test "x$PTHREAD_CXX" != "x"], [CXX="$PTHREAD_CXX"]) CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LIBS="$PTHREAD_LIBS $LIBS" AC_MSG_CHECKING([for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS]) AC_LINK_IFELSE([AC_LANG_CALL([], [pthread_join])], [ax_pthread_ok=yes]) AC_MSG_RESULT([$ax_pthread_ok]) if test "x$ax_pthread_ok" = "xno"; then PTHREAD_LIBS="" PTHREAD_CFLAGS="" fi CC="$ax_pthread_save_CC" CFLAGS="$ax_pthread_save_CFLAGS" LIBS="$ax_pthread_save_LIBS" fi # We must check for the threads library under a number of different # names; the ordering is very important because some systems # (e.g. DEC) have both -lpthread and -lpthreads, where one of the # libraries is broken (non-POSIX). # Create a list of thread flags to try. Items with a "," contain both # C compiler flags (before ",") and linker flags (after ","). Other items # starting with a "-" are C compiler flags, and remaining items are # library names, except for "none" which indicates that we try without # any flags at all, and "pthread-config" which is a program returning # the flags for the Pth emulation library. ax_pthread_flags="pthreads none -Kthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" # The ordering *is* (sometimes) important. Some notes on the # individual items follow: # pthreads: AIX (must check this before -lpthread) # none: in case threads are in libc; should be tried before -Kthread and # other compiler flags to prevent continual compiler warnings # -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) # -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads), Tru64 # (Note: HP C rejects this with "bad form for `-t' option") # -pthreads: Solaris/gcc (Note: HP C also rejects) # -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it # doesn't hurt to check since this sometimes defines pthreads and # -D_REENTRANT too), HP C (must be checked before -lpthread, which # is present but should not be used directly; and before -mthreads, # because the compiler interprets this as "-mt" + "-hreads") # -mthreads: Mingw32/gcc, Lynx/gcc # pthread: Linux, etcetera # --thread-safe: KAI C++ # pthread-config: use pthread-config program (for GNU Pth library) case $host_os in freebsd*) # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) # lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) ax_pthread_flags="-kthread lthread $ax_pthread_flags" ;; hpux*) # From the cc(1) man page: "[-mt] Sets various -D flags to enable # multi-threading and also sets -lpthread." ax_pthread_flags="-mt -pthread pthread $ax_pthread_flags" ;; openedition*) # IBM z/OS requires a feature-test macro to be defined in order to # enable POSIX threads at all, so give the user a hint if this is # not set. (We don't define these ourselves, as they can affect # other portions of the system API in unpredictable ways.) AC_EGREP_CPP([AX_PTHREAD_ZOS_MISSING], [ # if !defined(_OPEN_THREADS) && !defined(_UNIX03_THREADS) AX_PTHREAD_ZOS_MISSING # endif ], [AC_MSG_WARN([IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support.])]) ;; solaris*) # On Solaris (at least, for some versions), libc contains stubbed # (non-functional) versions of the pthreads routines, so link-based # tests will erroneously succeed. (N.B.: The stubs are missing # pthread_cleanup_push, or rather a function called by this macro, # so we could check for that, but who knows whether they'll stub # that too in a future libc.) So we'll check first for the # standard Solaris way of linking pthreads (-mt -lpthread). ax_pthread_flags="-mt,-lpthread pthread $ax_pthread_flags" ;; esac # Are we compiling with Clang? AC_CACHE_CHECK([whether $CC is Clang], [ax_cv_PTHREAD_CLANG], [ax_cv_PTHREAD_CLANG=no # Note that Autoconf sets GCC=yes for Clang as well as GCC if test "x$GCC" = "xyes"; then AC_EGREP_CPP([AX_PTHREAD_CC_IS_CLANG], [/* Note: Clang 2.7 lacks __clang_[a-z]+__ */ # if defined(__clang__) && defined(__llvm__) AX_PTHREAD_CC_IS_CLANG # endif ], [ax_cv_PTHREAD_CLANG=yes]) fi ]) ax_pthread_clang="$ax_cv_PTHREAD_CLANG" # GCC generally uses -pthread, or -pthreads on some platforms (e.g. SPARC) # Note that for GCC and Clang -pthread generally implies -lpthread, # except when -nostdlib is passed. # This is problematic using libtool to build C++ shared libraries with pthread: # [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=25460 # [2] https://bugzilla.redhat.com/show_bug.cgi?id=661333 # [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468555 # To solve this, first try -pthread together with -lpthread for GCC AS_IF([test "x$GCC" = "xyes"], [ax_pthread_flags="-pthread,-lpthread -pthread -pthreads $ax_pthread_flags"]) # Clang takes -pthread (never supported any other flag), but we'll try with -lpthread first AS_IF([test "x$ax_pthread_clang" = "xyes"], [ax_pthread_flags="-pthread,-lpthread -pthread"]) # The presence of a feature test macro requesting re-entrant function # definitions is, on some systems, a strong hint that pthreads support is # correctly enabled case $host_os in darwin* | hpux* | linux* | osf* | solaris*) ax_pthread_check_macro="_REENTRANT" ;; aix*) ax_pthread_check_macro="_THREAD_SAFE" ;; *) ax_pthread_check_macro="--" ;; esac AS_IF([test "x$ax_pthread_check_macro" = "x--"], [ax_pthread_check_cond=0], [ax_pthread_check_cond="!defined($ax_pthread_check_macro)"]) if test "x$ax_pthread_ok" = "xno"; then for ax_pthread_try_flag in $ax_pthread_flags; do case $ax_pthread_try_flag in none) AC_MSG_CHECKING([whether pthreads work without any flags]) ;; *,*) PTHREAD_CFLAGS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\1/"` PTHREAD_LIBS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\2/"` AC_MSG_CHECKING([whether pthreads work with "$PTHREAD_CFLAGS" and "$PTHREAD_LIBS"]) ;; -*) AC_MSG_CHECKING([whether pthreads work with $ax_pthread_try_flag]) PTHREAD_CFLAGS="$ax_pthread_try_flag" ;; pthread-config) AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no]) AS_IF([test "x$ax_pthread_config" = "xno"], [continue]) PTHREAD_CFLAGS="`pthread-config --cflags`" PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" ;; *) AC_MSG_CHECKING([for the pthreads library -l$ax_pthread_try_flag]) PTHREAD_LIBS="-l$ax_pthread_try_flag" ;; esac ax_pthread_save_CFLAGS="$CFLAGS" ax_pthread_save_LIBS="$LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LIBS="$PTHREAD_LIBS $LIBS" # Check for various functions. We must include pthread.h, # since some functions may be macros. (On the Sequent, we # need a special flag -Kthread to make this header compile.) # We check for pthread_join because it is in -lpthread on IRIX # while pthread_create is in libc. We check for pthread_attr_init # due to DEC craziness with -lpthreads. We check for # pthread_cleanup_push because it is one of the few pthread # functions on Solaris that doesn't have a non-functional libc stub. # We try pthread_create on general principles. AC_LINK_IFELSE([AC_LANG_PROGRAM([#include # if $ax_pthread_check_cond # error "$ax_pthread_check_macro must be defined" # endif static void *some_global = NULL; static void routine(void *a) { /* To avoid any unused-parameter or unused-but-set-parameter warning. */ some_global = a; } static void *start_routine(void *a) { return a; }], [pthread_t th; pthread_attr_t attr; pthread_create(&th, 0, start_routine, 0); pthread_join(th, 0); pthread_attr_init(&attr); pthread_cleanup_push(routine, 0); pthread_cleanup_pop(0) /* ; */])], [ax_pthread_ok=yes], []) CFLAGS="$ax_pthread_save_CFLAGS" LIBS="$ax_pthread_save_LIBS" AC_MSG_RESULT([$ax_pthread_ok]) AS_IF([test "x$ax_pthread_ok" = "xyes"], [break]) PTHREAD_LIBS="" PTHREAD_CFLAGS="" done fi # Clang needs special handling, because older versions handle the -pthread # option in a rather... idiosyncratic way if test "x$ax_pthread_clang" = "xyes"; then # Clang takes -pthread; it has never supported any other flag # (Note 1: This will need to be revisited if a system that Clang # supports has POSIX threads in a separate library. This tends not # to be the way of modern systems, but it's conceivable.) # (Note 2: On some systems, notably Darwin, -pthread is not needed # to get POSIX threads support; the API is always present and # active. We could reasonably leave PTHREAD_CFLAGS empty. But # -pthread does define _REENTRANT, and while the Darwin headers # ignore this macro, third-party headers might not.) # However, older versions of Clang make a point of warning the user # that, in an invocation where only linking and no compilation is # taking place, the -pthread option has no effect ("argument unused # during compilation"). They expect -pthread to be passed in only # when source code is being compiled. # # Problem is, this is at odds with the way Automake and most other # C build frameworks function, which is that the same flags used in # compilation (CFLAGS) are also used in linking. Many systems # supported by AX_PTHREAD require exactly this for POSIX threads # support, and in fact it is often not straightforward to specify a # flag that is used only in the compilation phase and not in # linking. Such a scenario is extremely rare in practice. # # Even though use of the -pthread flag in linking would only print # a warning, this can be a nuisance for well-run software projects # that build with -Werror. So if the active version of Clang has # this misfeature, we search for an option to squash it. AC_CACHE_CHECK([whether Clang needs flag to prevent "argument unused" warning when linking with -pthread], [ax_cv_PTHREAD_CLANG_NO_WARN_FLAG], [ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown # Create an alternate version of $ac_link that compiles and # links in two steps (.c -> .o, .o -> exe) instead of one # (.c -> exe), because the warning occurs only in the second # step ax_pthread_save_ac_link="$ac_link" ax_pthread_sed='s/conftest\.\$ac_ext/conftest.$ac_objext/g' ax_pthread_link_step=`AS_ECHO(["$ac_link"]) | sed "$ax_pthread_sed"` ax_pthread_2step_ac_link="($ac_compile) && (echo ==== >&5) && ($ax_pthread_link_step)" ax_pthread_save_CFLAGS="$CFLAGS" for ax_pthread_try in '' -Qunused-arguments -Wno-unused-command-line-argument unknown; do AS_IF([test "x$ax_pthread_try" = "xunknown"], [break]) CFLAGS="-Werror -Wunknown-warning-option $ax_pthread_try -pthread $ax_pthread_save_CFLAGS" ac_link="$ax_pthread_save_ac_link" AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])], [ac_link="$ax_pthread_2step_ac_link" AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])], [break]) ]) done ac_link="$ax_pthread_save_ac_link" CFLAGS="$ax_pthread_save_CFLAGS" AS_IF([test "x$ax_pthread_try" = "x"], [ax_pthread_try=no]) ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try" ]) case "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" in no | unknown) ;; *) PTHREAD_CFLAGS="$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG $PTHREAD_CFLAGS" ;; esac fi # $ax_pthread_clang = yes # Various other checks: if test "x$ax_pthread_ok" = "xyes"; then ax_pthread_save_CFLAGS="$CFLAGS" ax_pthread_save_LIBS="$LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LIBS="$PTHREAD_LIBS $LIBS" # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. AC_CACHE_CHECK([for joinable pthread attribute], [ax_cv_PTHREAD_JOINABLE_ATTR], [ax_cv_PTHREAD_JOINABLE_ATTR=unknown for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], [int attr = $ax_pthread_attr; return attr /* ; */])], [ax_cv_PTHREAD_JOINABLE_ATTR=$ax_pthread_attr; break], []) done ]) AS_IF([test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xunknown" && \ test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xPTHREAD_CREATE_JOINABLE" && \ test "x$ax_pthread_joinable_attr_defined" != "xyes"], [AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE], [$ax_cv_PTHREAD_JOINABLE_ATTR], [Define to necessary symbol if this constant uses a non-standard name on your system.]) ax_pthread_joinable_attr_defined=yes ]) AC_CACHE_CHECK([whether more special flags are required for pthreads], [ax_cv_PTHREAD_SPECIAL_FLAGS], [ax_cv_PTHREAD_SPECIAL_FLAGS=no case $host_os in solaris*) ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS" ;; esac ]) AS_IF([test "x$ax_cv_PTHREAD_SPECIAL_FLAGS" != "xno" && \ test "x$ax_pthread_special_flags_added" != "xyes"], [PTHREAD_CFLAGS="$ax_cv_PTHREAD_SPECIAL_FLAGS $PTHREAD_CFLAGS" ax_pthread_special_flags_added=yes]) AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], [ax_cv_PTHREAD_PRIO_INHERIT], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = PTHREAD_PRIO_INHERIT; return i;]])], [ax_cv_PTHREAD_PRIO_INHERIT=yes], [ax_cv_PTHREAD_PRIO_INHERIT=no]) ]) AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes" && \ test "x$ax_pthread_prio_inherit_defined" != "xyes"], [AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.]) ax_pthread_prio_inherit_defined=yes ]) CFLAGS="$ax_pthread_save_CFLAGS" LIBS="$ax_pthread_save_LIBS" # More AIX lossage: compile with *_r variant if test "x$GCC" != "xyes"; then case $host_os in aix*) AS_CASE(["x/$CC"], [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6], [#handle absolute path differently from PATH based program lookup AS_CASE(["x$CC"], [x/*], [ AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"]) AS_IF([test "x${CXX}" != "x"], [AS_IF([AS_EXECUTABLE_P([${CXX}_r])],[PTHREAD_CXX="${CXX}_r"])]) ], [ AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC]) AS_IF([test "x${CXX}" != "x"], [AC_CHECK_PROGS([PTHREAD_CXX],[${CXX}_r],[$CXX])]) ] ) ]) ;; esac fi fi test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" test -n "$PTHREAD_CXX" || PTHREAD_CXX="$CXX" AC_SUBST([PTHREAD_LIBS]) AC_SUBST([PTHREAD_CFLAGS]) AC_SUBST([PTHREAD_CC]) AC_SUBST([PTHREAD_CXX]) # Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: if test "x$ax_pthread_ok" = "xyes"; then ifelse([$1],,[AC_DEFINE([HAVE_PTHREAD],[1],[Define if you have POSIX threads libraries and header files.])],[$1]) : else ax_pthread_ok=no $2 fi AC_LANG_POP ])dnl AX_PTHREAD voms-2.1.2/m4/glite.m4000066400000000000000000000014421477131364200143770ustar00rootroot00000000000000dnl Usage: dnl AC_GLITE dnl - GLITE_LOCATION dnl - GLITE_CFLAGS dnl - DISTTAR AC_DEFUN([AC_GLITE], [ AC_ARG_WITH(glite_location, [ --with-glite-location=PFX prefix where GLITE is installed. (/opt/glite)], [], with_glite_location=/opt/glite) if test -n "with_glite_location" ; then GLITE_LOCATION="$with_glite_location" GLITE_CFLAGS="-I$GLITE_LOCATION/include" else GLITE_LOCATION="" GLITE_CFLAGS="" fi AC_MSG_RESULT([GLITE_LOCATION set to $GLITE_LOCATION]) AC_SUBST(GLITE_LOCATION) AC_SUBST(GLITE_CFLAGS) AC_ARG_WITH(dist_location, [ --with-dist-location=PFX prefix where DIST location is. (pwd)], [], with_dist_location=$WORKDIR/../dist) DISTTAR=$with_dist_location AC_SUBST(DISTTAR) ]) voms-2.1.2/m4/voms.m4000066400000000000000000000017201477131364200142560ustar00rootroot00000000000000AC_DEFUN([AC_VOMS_LIBRARY], [ globus_flavor=$1 candidatepath=$2 if test "x$candidatepath" = "x" ; then libpath=${GLOBUS_LOCATION:-/usr}/lib else libpath=$candidatepath/lib fi if test "x$globus_flavor" = "x" ; then globus_flavor="none" fi AC_MSG_CHECKING([for library to use with globus library: $globus_flavor]) if test "x$globus_flavor" = "xnone" ; then AC_MSG_RESULT([libvomsapi]) VOMS_LIBRARY="-lvomsapi" elif test -e $libpath/libglobus_gssapi_gsi_$globus_flavor.so ; then if ( (ldd $libpath/libglobus_gssapi_gsi_$globus_flavor.so|grep crypto|cut -d'=' -f2|grep $globus_flavor) >/dev/null 2>&1 ); then AC_MSG_RESULT([libvomsapi_$globus_flavor]) VOMS_LIBRARY="-lvomsapi_$globus_flavor" else AC_MSG_RESULT([libvomsapi]) VOMS_LIBRARY="-lvomsapi" fi else AC_MSG_ERROR([flavor $globus_flavor is unknown]) fi AC_SUBST(VOMS_LIBRARY) ]) voms-2.1.2/m4/wsdl2h.m4000066400000000000000000000044601477131364200145010ustar00rootroot00000000000000dnl Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2006-2013. dnl dnl Licensed under the Apache License, Version 2.0 (the "License"); dnl you may not use this file except in compliance with the License. dnl You may obtain a copy of the License at dnl dnl http://www.apache.org/licenses/LICENSE-2.0 dnl dnl Unless required by applicable law or agreed to in writing, software dnl distributed under the License is distributed on an "AS IS" BASIS, dnl WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. dnl See the License for the specific language governing permissions and dnl limitations under the License. AC_DEFUN([AC_WSDL2H], [ AC_ARG_WITH(gsoap-wsdl2h, [ --with-gsoap-wsdl2h=CMD the wsdl2h command that should be used. (/usr)], [with_gsoap_wsdl2h="$withval"], [with_gsoap_wsdl2h="/usr/bin/wsdl2h"]) dnl wsdl2h macros. we try to udnerstand which flags need to be used depending dnl on wsdl2h version AC_MSG_CHECKING([wsdl2h version]) WSDL2H="$with_gsoap_wsdl2h" if ! test -e "$WSDL2H"; then AC_MSG_ERROR("wsdl2h executable: $WSDL2H does not exist.") fi if ! test -x "$WSDL2H"; then AC_MSG_ERROR("wsdl2h executable: $WSDL2H cannot be executed.") fi dnl The ridicoulous escaping with quadrigraph is needed as square brakets dnl confuse m4. dnl dnl @<:@ becomes [ dnl @:>@ becomes ] dnl dnl Newer versions support -V parameter. wsdl2h_version=$($WSDL2H -V 2>/dev/null) if test -z "$wsdl2h_version"; then wsdl2h_version=$($WSDL2H -help 2>&1 | grep release | grep -o '@<:@0-9@:>@\.@<:@0-9@:>@\.@<:@0-9@:>@*$') fi normalized_version=$(printf "%02d%02d%02d" $(echo $wsdl2h_version | tr '.' ' ')) WSDL2H_FLAGS="" if test "$normalized_version" -ge "010216"; then WSDL2H_FLAGS="-z1" elif test "$normalized_version" -ge "010200"; then WSDL2H_FLAGS="-z" else AC_MSG_ERROR([unsupported wsdl2h version: $wsdl2h_version]) fi AC_MSG_RESULT([yes. wsdl2h version $wsdl2h_version detected.]) AC_SUBST(WSDL2H) AC_SUBST(WSDL2H_FLAGS) WSDL2H_DIR=$(AS_DIRNAME([$WSDL2H])) SOAPCPP2=$WSDL2H_DIR/soapcpp2 if ! test -e "$SOAPCPP2"; then AC_MSG_ERROR("soapcpp2 executable: $SOAPCPP2 does not exist.") fi if ! test -x "$SOAPCPP2"; then AC_MSG_ERROR("soapcpp2 executable: $SOAPCPP2 cannot be executed.") fi AC_SUBST([SOAPCPP2]) ]) voms-2.1.2/openssl11.md000066400000000000000000000345621477131364200146710ustar00rootroot00000000000000# Notes on the migration of the VOMS code base to OpenSSL 1.1 This document summarizes the changes needed to migrate the VOMS code base from OpenSSL 1.0.x to OpenSSL 1.1.y. The changes are as focused as possible and address only the migration, with very limited exceptions. ## Opaque data structures One of the most important changes in the API introduced by OpenSSL 1.1 is the introduction of opaque data types for many of the data structures. typedef struct x509_object_st X509_OBJECT; typedef struct X509_name_st X509_NAME; typedef struct X509_name_entry_st X509_NAME_ENTRY; typedef struct asn1_string_st ASN1_STRING; typedef struct evp_pkey_st EVP_PKEY; typedef struct X509_st X509; typedef struct X509_req_st X509_REQ; Opaque data structures are incomplete types, with two major consequences: 1. they cannot be allocated on the stack 1. pointers to objects of those types cannot be dereferenced, e.g. to access their fields For what concerns the first point, the solution is to always manage explicitly their lifetime, allocating an object on the heap and later freeing it. For example code such as X509_OBJECT obj; has to be replaced with X509_OBJECT* obj = X509_OBJECT_new(); ... X509_OBJECT_free(obj); The second point -- accessing the fields of the data structure -- requires the use of getter and setter functions. The actual transformation needed for the VOMS code are presented in the following sections. ### X509_OBJECT Given an `X509_OBJECT* obj` that stores a CRL, in order to access the CRL, code such as X509_CRL* crl = obj->data.crl; has to be replaced with X509_CRL* crl = X509_OBJECT_get0_X509_CRL(obj); ### X509_NAME, X509_NAME_ENTRY, ASN1_STRING Given `X509_NAME* name`, code such as int n = sk_X509_NAME_ENTRY_num(name->entries) X509_NAME_ENTRY* entry = sk_X509_NAME_ENTRY_value(name->entries, i); ASN1_STRING* str = entry->value; unsigned char const* data = entry->value->data; int l = entry->value->length; ASN1_OBJECT* obj = entry->object; has to be replaced with int n = X509_NAME_entry_count(name); X509_NAME_ENTRY* entry = X509_NAME_get_entry(name, i); ASN1_STRING* str = X509_NAME_ENTRY_get_data(entry); unsigned char const* data = ASN1_STRING_get0_data(str); int l = ASN1_STRING_length(str); ASN1_OBJECT* obj = X509_NAME_ENTRY_get_object(entry); ### EVP_PKEY Given `EVP_PKEY* key`, code such as RSA* rsa = key->pkey.rsa; has to be replaced with RSA* rsa = EVP_PKEY_get0_RSA(key) Code such as int type = key->type; if (type == EVP_PKEY_RSA) { has to be replaced with RSA* rsa = EVP_PKEY_get0_RSA(key) if (RSA) { ### X509, X509_REQ Given `X509* cert`, to access the Message Digest EVP_MD const* md = EVP_get_digestbyobj(cert->sig_alg->algorithm); has to be replaced with EVP_MD const* md = EVP_get_digestbynid(X509_get_signature_nid(cert)); Similarly for an `X509_REQ* req`. Moreover there is no way to retrieve the internal X509_CINF, so code such as X509_CINF* cinf = cert->cert_info; has been removed and replaced with appropriate getters and setters for the fields of an `X509_CINF`. Given `ASN1_INTEGER* num`, code such as ASN1_INTEGER_free(cert->cert_info->serialNumber); cert->cert_info->serialNumber = num; has been replaced with X509_set_serialNumber(cert, num); ASN1_INTEGER_free(num); Note how the responsibility to manage the object lifetime has changed. `X509_set_serialNumber` in fact stores a _copy_ of `num` and takes care of the deallocation of the previous `serialNumber`. When the serial number is obtained from the Message Digest, the code changes from unsigned char md[SHA_DIGEST_LENGTH]; unsigned int len; ASN1_digest(..., md, &len); cert->cert_info->serialNumber = ASN1_INTEGER_new(); cert->cert_info->serialNumber = ASN1_INTEGER_new(); cert->cert_info->serialNumber->length = len; cert->cert_info->serialNumber->data = malloc(len); memcpy(cert->cert_info->serialNumber->data, md, SHA_DIGEST_LENGTH); to unsigned char md[SHA_DIGEST_LENGTH + 1]; unsigned int len; ASN1_digest(..., md, &len); md[len] = '\0'; BIGNUM* bn = NULL; if (BN_hex2bn(&bn, (char*)md) != 0) { ASN1_INTEGER* num = BN_to_ASN1_INTEGER(bn, NULL); BN_free(bn); X509_set_serialNumber(cert, num); ASN1_INTEGER_free(num); } When the serial number is copied from another certificate, the code changes from ASN1_INTEGER* num = ASN1_INTEGER_dup(X509_get_serialNumber(other_cert)); ASN1_INTEGER_free(cert->cert_info->serialNumber); cert->cert_info->serialNumber = num; to ASN1_INTEGER* num = ASN1_INTEGER_dup(X509_get0_serialNumber(other_cert)); X509_set_serialNumber(*new_cert, num); ASN1_INTEGER_free(num); The call to ASN1\_INTEGER\_dup is needed because `X509_get0_serialNumber` returns an `ASN1_INTEGER const*` but `X509_set_serialNumber` takes a (non-const) `ASN1_INTEGER*`, although internally it doesn't modify it. `X509_get_serialNumber`, which returns a non-const `ASN1_INTEGER*`, could be used, but respecting const-correctness is preferable. To copy the _notAfter_ attribute of a certificate from another certificate, code such as X509_set_notAfter(cert, other_cert->cert_info->validity->notAfter); has to be replaced with int ret = X509_set1_notAfter(cert, X509_get0_notAfter(other_cert)); `X509_set1_notAfter` doesn't take ownership of the argument; but `X509_get0_notAfter` returns a non-mutable view of the internal field and doesn't require a subsequent free. To transfer the public key from a request to a certificate, code such as X509_PUBKEY_free(cert_info->key); cert_info->key = req->req_info->pubkey; req->req_info->pubkey = NULL; has been replaced with EVP_PKEY* pub_key = X509_REQ_get_pubkey(req); X509_set_pubkey(cert, pub_key); EVP_PKEY_free(pub_key); The former code was a "move" of the public key from the request to the certificate, without any decoding. Although a function still exists to retrieve the key material (`X509_get_X509_PUBKEY`), there is no corresponding setter. OpenSSL 1.1 has introduced another function to retrieve the public key from the request: `X509_REQ_get0_pubkey`. The difference between `X509_REQ_get_pubkey` and `X509_REQ_get0_pubkey` is that the former increments a reference count, requiring the returned `EVP_KEY` to be subsequently freed, whereas the latter returns a "view" of the internal public key and doesn't need to be freed. For compatibility with OpenSSL < 1.1 however `X509_REQ_get_pubkey` is used. The code to extract the public key from a certificate X509_PUBKEY *key = X509_get_X509_PUBKEY(ucert); EVP_PKEY* ucertpkey = X509_PUBKEY_get(key); has been replaced with EVP_PKEY* ucertpkey = X509_get_pubkey(ucert); Also in this case OpenSSL 1.1 has introduced another function to extract the key without the need to later free it: `X509_get0_pubkey`, but it has not been used for compatibility reasons with previous versions of OpenSSL. To set various attributes of the certificate, code such as ASN1_INTEGER_set(cert->cert_info->version, 2); cert->ex_flags |= EXFLAG_PROXY; cert->ex_pcpathlen = 0; has to be replaced with X509_set_version(cert, 2L); X509_set_proxy_flag(cert); X509_set_proxy_pathlen(cert, 0); Given `STACK_OF(X509_EXTENSION)* extensions`, to add the extensions to a certificate, code such as cert->cert_info->extensions = sk_X509_EXTENSION_new_null(); for (i = 0; i < sk_X509_EXTENSION_num(extensions); ++i) { X509_EXTENSION* extension = X509_EXTENSION_dup(sk_X509_EXTENSION_value(extensions, i)); sk_X509_EXTENSION_push(cert->cert_info->extensions, extension); } has to be replace with for (i = 0; i < sk_X509_EXTENSION_num(extensions); ++i) { X509_EXTENSION* extension = X509_EXTENSION_dup(sk_X509_EXTENSION_value(extensions, i)); X509_add_ext(cert, extension, -1); } Given `X509_STORE* store`, `X509_STORE_CTX* ctx` and `int proxy_check_issued(X509_STORE_CTX*, X509*, X509*)`, code such as X509_STORE_CTX_init(ctx, store, ...) ctx->check_issued = proxy_check_issued; has to be replaced with X509_STORE_set_check_issued(store, proxy_check_issued); X509_STORE_CTX_init(ctx, store, cert, cert_chain) i.e. `check_issued` has to be set for the `store`, whose contents are then used for the initialization of `ctx`. Similarly for X505\_REQ\_INFO, code such as X509_REQ_INFO* req_info = req->req_info; has been removed. Code such as X509_ALGOR* alg1 = cert->cert_info->signature; X509_ALGOR* alg2 = cert->sig_alg; has been replaced with X509_ALGOR const* alg1 = X509_get0_tbs_sigalg(cert) X509_ALGOR const* alg2; X509_get0_signature(NULL, &alg2, cert); Code such as ASN1_BIT_STRING* issuerUID = issuerc->cert_info->issuerUID has been replaced with ASN1_BIT_STRING const* issuerUID; X509_get0_uids(issuerc, &issuerUID, NULL); ### SSL_CTX Given `SSL_CTX* ctx`, code such as ctx->cert_store has to be replaced with SSL_CTX_get_cert_store(ctx) ### BIO BIO has become an opaque data structure. The following lines are not allowed any more. writeb = bio->method->bwrite; readb = bio->method->bread; bio->method->bwrite = globusf_write; bio->method->bread = globusf_read; `writeb` and `readb` are global variables that are then used inside `globus_write` and `globus_read` which wrap them in order to implement the GSI protocol. `bio` is created with bio = BIO_new_socket(newsock, BIO_NOCLOSE); (void)BIO_set_nbio(bio, 1); The above code is replaced with an explicit construction of a BIO_METHOD object, which is then properly modified and used to construct the final BIO. int const biom_type = BIO_get_new_index(); static char const* const biom_name = "VOMS I/O"; BIO_METHOD* voms_biom = BIO_meth_new(biom_type|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR, biom_name); BIO_METHOD const* sock_biom = BIO_s_socket(); writeb = BIO_meth_get_write(const_cast(sock_biom)); ret = BIO_meth_set_write(voms_biom, globusf_write); readb = BIO_meth_get_read(const_cast(sock_biom)); ret = BIO_meth_set_read(voms_biom, globusf_read); BIO_meth_set_puts(voms_biom, BIO_meth_get_puts(const_cast(sock_biom))); // and so on for all the other fields The `const_cast` is needed because the BIO API (and not only that one, in fact) is not consistently const-correct. ## Stack management The way to declare/define a new stack of user-defined types and corresponding access functions has changed. With OpenSSL before v. 1.1 it is necessary to declare and then define all the functions to access a stack of a user-defined type. In VOMS there are a couple of macros to ease the job: `DECL_STACK` is used in a single header file to produce the declarations, `IMPL_STACK` is used in a single source file to produce the definitions. OpenSSL 1.1 instead offers the DEFINE_STACK_OF macro, that, given a type, generates the data structure and all the access functions, implemented `static inline`. This means that the macro can be used in a header file, which can then be included whenever needed. In order to have a common code base, the DECL_STACK and IMPL_STACK macros are always used, but when OpenSSL 1.1 is used, they are implemented as: #define DECL_STACK(type) DEFINE_STACK_OF(type) #define IMPL_STACK(type) ## Removal of macros The macro #define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ (const ASN1_STRING *)a,(const ASN1_STRING *)b) doesn't exist any more. Its use has been replaced with `ASN1_INTEGER_cmp`, not with `ASN1_STRING_cmp`, because the name is more meaningful even if they are not completely equivalent. For example if (M_ASN1_INTEGER_cmp((key->serial), (X509_get0_serialNumber(iss)))) becomes if (ASN1_INTEGER_cmp((key->serial), (X509_get0_serialNumber(iss)))) The macro #define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ (const ASN1_STRING *)a,(const ASN1_STRING *)b) doesn't exist any more. Its use has been replaced by `ASN1_STRING_cmp`. The macro /* * This is the default callbacks, but we can have others as well: this is * needed in Win32 where the application malloc and the library malloc may * not be the same. */ #define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ malloc, realloc, free) doesn't exist any more and it doesn't seem terribly useful. Removed. The macro #define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() doesn't exist any more. Its use has been replaced by the use of `OpenSSL_add_all_algorithms`. The use of the macro # define X509_STORE_set_verify_cb_func(ctx,func) \ X509_STORE_set_verify_cb((ctx),(func)) has been replaced by the direct call to `X509_STORE_set_verify_cb`. Moreover, since the function returns `void`, checking the return value makes no sense. Consequently code such as if (!X509_STORE_set_verify_cb_func(store, proxy_verify_callback)){ internal_error("Error setting context store certificate verify callback"); } becomes X509_STORE_set_verify_cb(store, proxy_verify_callback); ## Encoding/decoding to/from ASN.1 The functions responsible for the encoding/decoding of user-defined types, named `i2d_`, `d2i_`, `_new` and `_free`, were implemented in terms of the macros `M_ASN1_I2D_*` and `M_ASN1_D2I_*`, defined in ``. That header doesn't exist any more, so those functions have been generated with the macros `DECLARE_ASN1_FUNCTIONS`, `IMPLEMENT_ASN1_FUNCTIONS`, `ASN1_SEQUENCE`, `ASN1_SIMPLE`, `ASN1_SEQUENCE_OF`, etc., defined in ``. The encoding/decoding of standard (RFC3820) Proxy Certificates is actually available directly from OpenSSL. The encoding/decoding of pre-standard (draft) Proxy Certificates has been adapted from the Globus code. The encoding/decoding of Attribute Certificates and the VOMS extensions has been re-implemented from scratch. ## Compatibility with OpenSSL 1.0.x Many of the changes listed above involve function calls that are not available in previous versions of OpenSSL. In order to have the same codebase, those functions have been copied (with some adaptation) into the VOMS code base and are conditionally enabled (see files `ssl-compat.h` and `ssl-compat.c`). voms-2.1.2/spec/000077500000000000000000000000001477131364200134425ustar00rootroot00000000000000voms-2.1.2/spec/voms-all.spec000066400000000000000000000245531477131364200160610ustar00rootroot00000000000000Name: voms Version: 2.1.2 Release: 0%{?dist} Summary: The Virtual Organisation Membership Service C++ APIs Group: System Environment/Libraries License: ASL 2.0 URL: https://twiki.cnaf.infn.it/twiki/bin/view/VOMS Source: %{name}-%{version}.tar.gz BuildRequires: libtool BuildRequires: expat-devel BuildRequires: pkgconfig BuildRequires: openssl-devel%{?_isa} BuildRequires: gsoap-devel BuildRequires: libxslt BuildRequires: docbook-style-xsl BuildRequires: doxygen BuildRequires: bison Requires: expat Requires: openssl BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Packager: Andrea Ceccanti %description The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides libraries that applications using the VOMS functionality will bind to. %package devel Summary: Virtual Organization Membership Service Development Files Group: Development/Libraries Requires: %{name}%{?_isa} = %{version}-%{release} Requires: openssl-devel%{?_isa} Requires: automake %description devel The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides header files for programming with the VOMS libraries. %package doc Summary: Virtual Organization Membership Service Documentation Group: Documentation %if %{?fedora}%{!?fedora:0} >= 10 || %{?rhel}%{!?rhel:0} >= 6 BuildArch: noarch %endif Requires: %{name} = %{version}-%{release} %description doc Documentation for the Virtual Organization Membership Service. %package clients Summary: Virtual Organization Membership Service Clients Group: Applications/Internet Requires: %{name}%{?_isa} = %{version}-%{release} Conflicts: voms-clients3 <= 3.0.4 Requires(post): %{_sbindir}/update-alternatives Requires(postun): %{_sbindir}/update-alternatives %description clients The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides command line applications to access the VOMS services. %package server Summary: Virtual Organization Membership Service Server Group: Applications/Internet Requires: %{name}%{?_isa} = %{version}-%{release} Requires: gsoap Requires(pre): shadow-utils Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts %description server The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides the VOMS service. %prep %setup -q # Fix bad permissions (which otherwise end up in the debuginfo package) find . '(' -name '*.h' -o -name '*.c' -o -name '*.cpp' -o \ -name '*.cc' -o -name '*.java' ')' -exec chmod a-x {} ';' ./autogen.sh %build %configure --disable-static --enable-docs --disable-parser-gen make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT rm $RPM_BUILD_ROOT%{_libdir}/*.la mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/grid-security/vomsdir mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/grid-security/%{name} mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/%{name} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name} mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version} install -m 644 -p LICENSE AUTHORS $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version} ## C API documentation mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_C_API cp -pr doc/apidoc/api/VOMS_C_API/html \ $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_C_API rm -f $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_C_API/html/installdox mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_CC_API cp -pr doc/apidoc/api/VOMS_CC_API/html \ $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_CC_API rm -f $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_CC_API/html/installdox for b in voms-proxy-init voms-proxy-info voms-proxy-destroy; do ## Rename client binaries mv $RPM_BUILD_ROOT%{_bindir}/${b} $RPM_BUILD_ROOT%{_bindir}/${b}2 ## and man pages mv $RPM_BUILD_ROOT%{_mandir}/man1/${b}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${b}2.1 # Needed by alternatives. See http://fedoraproject.org/wiki/Packaging:Alternatives touch $RPM_BUILD_ROOT/%{_bindir}/${b} done %clean rm -rf $RPM_BUILD_ROOT %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %posttrans # Recover /etc/vomses... if [ -r %{_sysconfdir}/vomses.rpmsave -a ! -r %{_sysconfdir}/vomses ] ; then mv %{_sysconfdir}/vomses.rpmsave %{_sysconfdir}/vomses fi %pre server getent group %{name} >/dev/null || groupadd -r %{name} getent passwd %{name} >/dev/null || useradd -r -g %{name} \ -d %{_sysconfdir}/%{name} -s /sbin/nologin -c "VOMS Server Account" %{name} exit 0 %post server /sbin/chkconfig --add %{name} if [ $1 -eq 2 ]; then chown -R %{name} /var/log/voms chown -R %{name} /etc/voms fi %preun server if [ $1 = 0 ]; then /sbin/service %{name} stop >/dev/null 2>&1 || : /sbin/chkconfig --del %{name} fi %postun server if [ $1 -ge 1 ]; then /sbin/service %{name} condrestart >/dev/null 2>&1 || : fi %pre clients if [ $1 -eq 2 ]; then for c in voms-proxy-init voms-proxy-info voms-proxy-destroy; do if [[ -x %{_bindir}/$c && ! -L %{_bindir}/$c ]]; then rm -f %{_bindir}/$c fi done fi %post clients %{_sbindir}/update-alternatives --install %{_bindir}/voms-proxy-init \ voms-proxy-init %{_bindir}/voms-proxy-init2 50 \ --slave %{_mandir}/man1/voms-proxy-init.1.gz voms-proxy-init-man %{_mandir}/man1/voms-proxy-init2.1.gz %{_sbindir}/update-alternatives --install %{_bindir}/voms-proxy-info \ voms-proxy-info %{_bindir}/voms-proxy-info2 50 \ --slave %{_mandir}/man1/voms-proxy-info.1.gz voms-proxy-info-man %{_mandir}/man1/voms-proxy-info2.1.gz %{_sbindir}/update-alternatives --install %{_bindir}/voms-proxy-destroy \ voms-proxy-destroy %{_bindir}/voms-proxy-destroy2 50 \ --slave %{_mandir}/man1/voms-proxy-destroy.1.gz voms-proxy-destroy-man %{_mandir}/man1/voms-proxy-destroy2.1.gz %postun clients if [ $1 -eq 0 ] ; then %{_sbindir}/update-alternatives --remove voms-proxy-init %{_bindir}/voms-proxy-init2 %{_sbindir}/update-alternatives --remove voms-proxy-info %{_bindir}/voms-proxy-info2 %{_sbindir}/update-alternatives --remove voms-proxy-destroy %{_bindir}/voms-proxy-destroy2 fi %files %defattr(-,root,root,-) %{_libdir}/libvomsapi.so.1* %dir %{_sysconfdir}/grid-security %dir %{_sysconfdir}/grid-security/vomsdir %dir %{_datadir}/%{name} %{_datadir}/%{name}/vomses.template %doc %dir %{_docdir}/%{name}-%{version} %doc %{_docdir}/%{name}-%{version}/AUTHORS %doc %{_docdir}/%{name}-%{version}/LICENSE %files devel %defattr(-,root,root,-) %{_libdir}/libvomsapi.so %{_includedir}/%{name} %{_libdir}/pkgconfig/%{name}-2.0.pc %{_datadir}/aclocal/%{name}.m4 %{_mandir}/man3/* %files doc %defattr(-,root,root,-) %doc %{_docdir}/%{name}-%{version}/VOMS_C_API %doc %{_docdir}/%{name}-%{version}/VOMS_CC_API %files clients %defattr(-,root,root,-) %ghost %{_bindir}/voms-proxy-destroy %ghost %{_bindir}/voms-proxy-info %ghost %{_bindir}/voms-proxy-init %{_bindir}/voms-proxy-destroy2 %{_bindir}/voms-proxy-info2 %{_bindir}/voms-proxy-init2 %{_bindir}/voms-proxy-fake %{_bindir}/voms-proxy-list %{_bindir}/voms-verify %{_mandir}/man1/voms-proxy-destroy2.1.gz %{_mandir}/man1/voms-proxy-info2.1.gz %{_mandir}/man1/voms-proxy-init2.1.gz %{_mandir}/man1/voms-proxy-fake.1.gz %{_mandir}/man1/voms-proxy-list.1.gz %files server %defattr(-,root,root,-) %{_sbindir}/%{name} %{_initrddir}/%{name} %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/grid-security/%{name} %attr(-,voms,voms) %dir %{_localstatedir}/log/%{name} %{_datadir}/%{name}/mysql2oracle %{_datadir}/%{name}/upgrade1to2 %{_datadir}/%{name}/voms.data %{_datadir}/%{name}/voms_install_db %{_datadir}/%{name}/voms-ping %{_datadir}/%{name}/voms_replica_master_setup.sh %{_datadir}/%{name}/voms_replica_slave_setup.sh %{_mandir}/man8/voms.8* %changelog * Thu Mar 27 2025 Francesco Giacomini - 2.1.2-0 - Packaging for 2.1.0 * Tue Aug 23 2016 Andrea Ceccanti - 2.1.0-0 - Packaging for 2.1.0 * Tue Aug 23 2016 Andrea Ceccanti - 2.0.14-0 - Packaging for 2.0.14 * Mon Nov 9 2015 Andrea Ceccanti - 2.0.13-0 - Packaging for 2.0.13 * Mon May 12 2014 Andrea Ceccanti - 2.0.12-2 - Added missing dependency on gsoap. * Mon May 12 2014 Andrea Ceccanti - 2.0.12-1 - New packaging of the clients. https://issues.infn.it/jira/browse/VOMS-495 * Mon Aug 21 2013 Andrea Ceccanti - 2.0.11-1 - Fix for https://issues.infn.it/browse/VOMS-379 * Tue Jan 8 2013 Andrea Ceccanti - 2.0.10-1 - Fix for https://issues.infn.it/browse/VOMS-196 * Sat Oct 27 2012 Andrea Ceccanti - 2.0.9-1 - Fix for https://savannah.cern.ch/bugs/?91183 - Fix for http://issues.cnaf.infn.it/browse/VOMS-128 * Tue Apr 10 2012 Andrea Ceccanti - 2.0.8-1 - EMI 2 release. * Thu Dec 15 2011 Andrea Ceccanti - 2.0.7-1 - Restructured EMI build to leverage EPEL spec files by Mattias Ellert - Removed voms-java-apis from the main c-based source tree voms-2.1.2/src/000077500000000000000000000000001477131364200132775ustar00rootroot00000000000000voms-2.1.2/src/.gitignore000066400000000000000000000011171477131364200152670ustar00rootroot00000000000000/autogen /api/ccapi/voms-2.0.pc /replica/voms_install_replica /server/VOMSAC.h /server/soapC.cpp /server/soapClient.cpp /server/soapClientLib.cpp /server/soapServer.cpp /server/soapServerLib.cpp /server/soapStub.h /server/soapH.h /server/voms /server/vomsSOAP.nsmap /server/vomsSOAP.GetAttributeCertificate.req.xml /server/vomsSOAP.GetAttributeCertificate.res.xml /install/mysql2oracle /install/sysconfig-voms /install/upgrade1to2 /install/voms.start /install/voms_install_db /utils/voms-proxy-destroy /utils/voms-proxy-fake /utils/voms-proxy-info /utils/voms-verify /client/voms-proxy-init voms-2.1.2/src/Makefile.am000066400000000000000000000003631477131364200153350ustar00rootroot00000000000000if BUILD_ALL SUBDIRS = \ include \ replib \ sslutils \ log \ common \ socklib \ ac \ api \ utils \ client \ server \ install \ replica else SUBDIRS = \ include \ replib \ sslutils \ log \ common \ socklib \ ac \ api endif voms-2.1.2/src/ac/000077500000000000000000000000001477131364200136625ustar00rootroot00000000000000voms-2.1.2/src/ac/Makefile.am000066400000000000000000000011361477131364200157170ustar00rootroot00000000000000AM_CPPFLAGS= \ -I $(top_srcdir)/src/include \ -I $(top_srcdir)/src/sslutils \ $(OPENSSL_CFLAGS) noinst_LTLIBRARIES = \ libattributes_nog.la AC_C_SOURCES = write.c extensions.c mystack.c error.c newformat.c init.c AC_CC_SOURCES = validate.cc create.cc ccinit.cc EXTRA_DIST = \ acerrors.h \ write.h \ init.h \ extensions.h \ attributes.h libattributes_nog_la_SOURCES = $(AC_C_SOURCES) $(AC_CC_SOURCES) libattributes_nog_la_CFLAGS = \ $(NO_GLOBUS_FLAGS) \ -DNOGLOBUS libattributes_nog_la_CXXFLAGS = \ $(NO_GLOBUS_FLAGS) \ -DNOGLOBUS libattributes_nog_la_LIBADD = \ $(OPENSSL_LIBS) ### voms-2.1.2/src/ac/acerrors.h000066400000000000000000000075561477131364200156700ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMSAC_ACERRORS_H #define VOMSAC_ACERRORS_H #include "config.h" #define ASN1_F_D2I_AC_ATTR 5000 #define AC_F_ATTR_New 5001 #define ASN1_F_D2I_AC_ROLE 5002 #define AC_F_ROLE_New 5003 #define ASN1_F_D2I_AC_IETFATTR 5004 #define AC_F_IETFATTR_New 5005 #define ASN1_F_D2I_AC_IETFATTRVAL 5006 #define ASN1_F_D2I_AC_DIGEST 5007 #define AC_F_DIGEST_New 5008 #define ASN1_F_D2I_AC_IS 5009 #define AC_F_AC_IS_New 5010 #define ASN1_F_D2I_AC_FORM 5011 #define AC_F_AC_FORM_New 5012 #define ASN1_F_D2I_AC_ACI 5013 #define ASN1_F_AC_ACI_New 5014 #define ASN1_F_D2I_AC_HOLDER 5015 #define ASN1_F_AC_HOLDER_New 5016 #define ASN1_F_AC_VAL_New 5017 #define AC_F_AC_INFO_NEW 5018 #define AC_F_D2I_AC 5019 #define AC_F_AC_New 5020 #define ASN1_F_I2D_AC_IETFATTRVAL 5021 #define AC_F_D2I_AC_DIGEST 5022 #define AC_F_AC_DIGEST_New 5023 #define AC_F_D2I_AC_IS 5024 #define AC_ERR_UNSET 5025 #define AC_ERR_SET 5026 #define AC_ERR_SIGNATURE 5027 #define AC_ERR_VERSION 5028 #define AC_ERR_HOLDER_SERIAL 5029 #define AC_ERR_HOLDER 5030 #define AC_ERR_UID_MISMATCH 5031 #define AC_ERR_ISSUER_NAME 5032 #define AC_ERR_SERIAL 5033 #define AC_ERR_DATES 5034 #define AC_ERR_ATTRIBS 5035 #define AC_F_AC_TARGET_New 5036 #define ASN1_F_D2I_AC_TARGET 5037 #define AC_F_AC_TARGETS_New 5036 #define ASN1_F_D2I_AC_TARGETS 5037 #define ASN1_F_D2I_AC_SEQ 5038 #define AC_F_AC_SEQ_new 5039 #define AC_ERR_ATTRIB_URI 5040 #define AC_ERR_ATTRIB_FQAN 5041 #define AC_ERR_EXTS_ABSENT 5042 #define AC_ERR_MEMORY 5043 #define AC_ERR_EXT_CRIT 5044 #define AC_ERR_EXT_TARGET 5045 #define AC_ERR_EXT_KEY 5046 #define AC_ERR_UNKNOWN 5047 #define AC_ERR_PARAMETERS 5048 #define X509_ERR_ISSUER_NAME 5049 #define X509_ERR_HOLDER_NAME 5050 #define AC_ERR_NO_EXTENSION 5051 #define ASN1_F_D2I_AC_CERTS 5052 #define AC_F_X509_New 5053 #define AC_F_D2I_AC_ATTRIBUTE 5054 #define AC_F_ATTRIBUTE_New 5055 #define ASN1_F_D2I_AC_ATT_HOLDER 5056 #define AC_F_AC_ATT_HOLDER_New 5057 #define ASN1_F_D2I_AC_FULL_ATTRIBUTES 5058 #define AC_F_AC_FULL_ATTRIBUTES_New 5059 #define ASN1_F_D2I_AC_ATTRIBUTEVAL 5060 #define ASN1_F_I2D_AC_ATTRIBUTEVAL 5061 #define AC_F_AC_ATTRIBUTEVAL_New 5062 #define AC_ERR_ATTRIB 5063 #define AC_ERR_DATES2 5064 #define AC_ERR_TARGET_NO_MATCH 5065 #endif voms-2.1.2/src/ac/attributes.h000066400000000000000000000041171477131364200162240ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include #include #include #include #include #include #include "newformat.h" #include "acerrors.h" #include "acstack.h" #ifndef VOMS_MAYBECONST #if defined(D2I_OF) #define VOMS_MAYBECONST const #else #define VOMS_MAYBECONST #endif #endif typedef struct ACATTRIBUTE { ASN1_OCTET_STRING *name; ASN1_OCTET_STRING *value; ASN1_OCTET_STRING *qualifier; } AC_ATTRIBUTE; typedef struct ACATTHOLDER { STACK_OF(GENERAL_NAME) *grantor; STACK_OF(AC_ATTRIBUTE) *attributes; } AC_ATT_HOLDER; typedef struct ACFULLATTRIBUTES { STACK_OF(AC_ATT_HOLDER) *providers; } AC_FULL_ATTRIBUTES; DECL_STACK(AC_ATTRIBUTE); DECL_STACK(AC_ATT_HOLDER); DECL_STACK(AC_FULL_ATTRIBUTES); DECLARE_ASN1_FUNCTIONS(AC_ATTRIBUTE) DECLARE_ASN1_FUNCTIONS(AC_ATT_HOLDER) DECLARE_ASN1_FUNCTIONS(AC_FULL_ATTRIBUTES) voms-2.1.2/src/ac/ccinit.cc000066400000000000000000000024371477131364200154500ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ extern "C" { #include "init.h" #include "extensions.h" #include extern void ERR_load_AC_strings(void); } int AC_Init(void) { declareOIDs(); ERR_load_AC_strings(); return initEx(); // PKCS12_PBE_add(); } voms-2.1.2/src/ac/create.cc000066400000000000000000000047571477131364200154510ustar00rootroot00000000000000 /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include "data.h" extern "C" { #include #include #include #include #include "newformat.h" #include "write.h" #include #include "acerrors.h" #include "listfunc.h" } #include int createac(X509 *issuerc, STACK_OF(X509) *issuerstack, X509 *holder, EVP_PKEY *pkey, BIGNUM *serial, std::vector &fqan, std::vector &targets, std::vector& attributes, AC **ac, std::string vo, std::string uri, int valid, bool old, STACK_OF(X509_EXTENSION) *extensions) { char **array = NULL; char **array2 = NULL; int res = 0; if ((array = vectoarray(fqan)) && (array2 = vectoarray(attributes))) { std::string complete; std::vector::iterator const e = targets.end(); for (std::vector::iterator i = targets.begin(); i != e; ++i) if (i == targets.begin()) complete = (*i); else complete += "," + (*i); res = writeac(issuerc, issuerstack, holder, pkey, serial, array, (complete.empty() ? NULL : const_cast(complete.c_str())), array2, ac, const_cast(vo.c_str()), const_cast(uri.c_str()), valid, (old ? 1 : 0), 0, extensions); } listfree(array, free); listfree(array2, free); return res; } voms-2.1.2/src/ac/error.c000066400000000000000000000073751477131364200151730ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include "acerrors.h" #ifndef NO_ERR static ERR_STRING_DATA AC_str_functs[] = { {ERR_PACK(0, ASN1_F_D2I_AC_ATTR, 0), "d2i_AC_ATTR"}, {ERR_PACK(0, AC_F_ATTR_New, 0), "AC_ATTR_new"}, {ERR_PACK(0, ASN1_F_D2I_AC_ROLE, 0), "d2i_AC_ROLE"}, {ERR_PACK(0, AC_F_ROLE_New, 0), "AC_ROLE_new"}, {ERR_PACK(0, ASN1_F_D2I_AC_IETFATTR, 0), "d2i_AC_IETFATTR"}, {ERR_PACK(0, AC_F_IETFATTR_New, 0), "AC_IETFATTR_new"}, {ERR_PACK(0, ASN1_F_D2I_AC_IETFATTRVAL, 0), "d2i_AC_IETFATTRVAL"}, {ERR_PACK(0, ASN1_F_D2I_AC_DIGEST, 0), "d2i_AC_DIGEST"}, {ERR_PACK(0, AC_F_DIGEST_New, 0), "AC_DIGEST_new"}, {ERR_PACK(0, ASN1_F_D2I_AC_IS, 0), "d2i_AC_IS"}, {ERR_PACK(0, AC_F_AC_IS_New, 0), "AC_IS_new"}, {ERR_PACK(0, ASN1_F_D2I_AC_FORM, 0), "d2i_AC_FORM"}, {ERR_PACK(0, AC_F_AC_FORM_New, 0), "AC_FORM_new"}, {ERR_PACK(0, ASN1_F_D2I_AC_ACI, 0), "d2i_AC_ACI"}, {ERR_PACK(0, ASN1_F_AC_ACI_New, 0), "AC_ACI_new"}, {ERR_PACK(0, ASN1_F_D2I_AC_HOLDER, 0), "d2i_AC_HOLDER"}, {ERR_PACK(0, ASN1_F_AC_HOLDER_New, 0), "AC_HOLDER_new"}, {ERR_PACK(0, ASN1_F_D2I_AC_ATTR, 0), "d2i_AC_ATTR"}, {ERR_PACK(0, AC_F_AC_INFO_NEW, 0), "AC_INFO_new"}, {ERR_PACK(0, AC_F_D2I_AC, 0), "d2i_AC"}, {ERR_PACK(0, AC_F_AC_New, 0), "AC_new"}, {ERR_PACK(0, ASN1_F_I2D_AC_IETFATTRVAL, 0), "i2d_AC_IETFATTRVAL"}, {ERR_PACK(0, AC_F_D2I_AC_DIGEST, 0), "d2i_AC_DIGEST"}, {ERR_PACK(0, AC_F_AC_DIGEST_New, 0), "AC_DIGEST_new"}, {ERR_PACK(0, AC_F_D2I_AC_IS, 0), "d2i_AC_IS"}, {ERR_PACK(0, AC_ERR_UNSET, 0), "Required value unset"}, {ERR_PACK(0, AC_ERR_SET, 0), "Value erroneously set"}, {ERR_PACK(0, AC_ERR_SIGNATURE, 0), "Signature wrong"}, {ERR_PACK(0, AC_ERR_VERSION, 0), "Version number wrong"}, {ERR_PACK(0, AC_ERR_HOLDER_SERIAL, 0), "Holder serial number wrong"}, {ERR_PACK(0, AC_ERR_HOLDER, 0), "Holder name wrong"}, {ERR_PACK(0, AC_ERR_UID_MISMATCH, 0), "IssuerUID mismatch"}, {ERR_PACK(0, AC_ERR_ISSUER_NAME, 0), "Issuer name wrong"}, {ERR_PACK(0, AC_ERR_SERIAL, 0), "Serial number wrong"}, {ERR_PACK(0, AC_ERR_DATES, 0), "Dates mismatch"}, {ERR_PACK(0, AC_ERR_ATTRIBS, 0), "Attributes not present"}, {ERR_PACK(0, AC_F_AC_TARGET_New, 0), "AC_TARGET_new"}, {ERR_PACK(0, ASN1_F_D2I_AC_TARGET, 0), "d2i_AC_TARGET"}, {ERR_PACK(0, AC_F_AC_TARGETS_New, 0), "AC_TARGETS_new"}, {ERR_PACK(0, ASN1_F_D2I_AC_TARGETS, 0), "d2i_AC_TARGETS"}, {ERR_PACK(0, ASN1_F_D2I_AC_SEQ, 0), "d2i_AC_SEQ"}, {ERR_PACK(0, AC_F_AC_SEQ_new, 0), "AC_SEQ_new"}, {ERR_PACK(0, AC_ERR_ATTRIBS, 0), "AC_FULL_ATTRIBUTES"}, {0, NULL}}; #endif #define ERR_LIB_AC 129 void ERR_load_AC_strings(void) { static int init = 1; if (init) { init = 0; #ifndef NO_ERR ERR_load_strings(ERR_LIB_AC, AC_str_functs); #endif } } voms-2.1.2/src/ac/extensions.c000066400000000000000000000230171477131364200162300ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include "newformat.h" #include "acerrors.h" #include "attributes.h" #include #include #ifndef VOMS_MAYBECONST #if defined(D2I_OF) #define VOMS_MAYBECONST const #else #define VOMS_MAYBECONST #endif #endif static char *norep() { static char *buffer = 0; buffer = (char *) malloc(1); if (buffer) *buffer='\0'; return buffer; } char *acseq_i2s(UNUSED(struct v3_ext_method *method), UNUSED(void *ext)) { return norep(); } char *targets_i2s(UNUSED(struct v3_ext_method *method), UNUSED(void *ext)) { return norep(); } char *certs_i2s(UNUSED(struct v3_ext_method *method), UNUSED(void *ext)) { return norep(); } char *null_i2s(UNUSED(struct v3_ext_method *method), UNUSED(void *ext)) { return norep(); } char *attributes_i2s(UNUSED(struct v3_ext_method *method), UNUSED(void *ext)) { return norep(); } void *acseq_s2i(UNUSED(struct v3_ext_method *method), UNUSED(struct v3_ext_ctx *ctx), char *data) { AC **list = (AC **)data; AC_SEQ *a; if (!list) return NULL; a = AC_SEQ_new(); while (*list) sk_AC_push(a->acs, *list++); return (void *)a; } void *targets_s2i(UNUSED(struct v3_ext_method *method), UNUSED(struct v3_ext_ctx *ctx), char *data) { char *pos; char *list = strdup(data); char *back = list; AC_TARGETS *a = AC_TARGETS_new(); int attlist; do { pos = strchr(list, ','); if (pos) *pos = '\0'; { GENERAL_NAME *g = GENERAL_NAME_new(); ASN1_IA5STRING *tmpr = ASN1_IA5STRING_new(); AC_TARGET *targ = AC_TARGET_new(); if (!g || !tmpr || !targ) { GENERAL_NAME_free(g); ASN1_IA5STRING_free(tmpr); AC_TARGET_free(targ); goto err; } ASN1_STRING_set(tmpr, list, strlen(list)); g->type = GEN_URI; g->d.ia5 = tmpr; targ->name = g; sk_AC_TARGET_push(a->targets, targ); attlist++; } if (pos) list = ++pos; } while (pos); free(back); return a; err: free(back); AC_TARGETS_free(a); return NULL; } void *certs_s2i(UNUSED(struct v3_ext_method *method), UNUSED(struct v3_ext_ctx *ctx), char *data) { STACK_OF(X509) *certs = (STACK_OF(X509) *)data; int i = 0; if (data) { AC_CERTS *a = AC_CERTS_new(); sk_X509_pop_free(a->stackcert, X509_free); a->stackcert = sk_X509_new_null(); /* a->stackcert = sk_X509_dup(certs); */ for (i =0; i < sk_X509_num(certs); i++) sk_X509_push(a->stackcert, X509_dup(sk_X509_value(certs, i))); return a; } return NULL; } void *attributes_s2i(UNUSED(struct v3_ext_method *method), UNUSED(struct v3_ext_ctx *ctx), char *data) { int i = 0; STACK_OF(AC_ATT_HOLDER) *stack = (STACK_OF(AC_ATT_HOLDER) *)data; if (data) { AC_FULL_ATTRIBUTES *a = AC_FULL_ATTRIBUTES_new(); sk_AC_ATT_HOLDER_pop_free(a->providers, AC_ATT_HOLDER_free); a->providers = sk_AC_ATT_HOLDER_new_null(); /* a->providers = sk_AC_ATT_HOLDER_dup(stack); */ for (i = 0; i < sk_AC_ATT_HOLDER_num(stack); i++) sk_AC_ATT_HOLDER_push(a->providers, (AC_ATT_HOLDER *)ASN1_dup((i2d_of_void*)i2d_AC_ATT_HOLDER, (d2i_of_void*)d2i_AC_ATT_HOLDER, sk_AC_ATT_HOLDER_value(stack, i))); return a; } return NULL; } void *null_s2i(UNUSED(struct v3_ext_method *method), UNUSED(struct v3_ext_ctx *ctx), UNUSED(char *data)) { return ASN1_NULL_new(); } char *authkey_i2s(UNUSED(struct v3_ext_method *method), UNUSED(void *ext)) { return norep(); } void *authkey_s2i(UNUSED(struct v3_ext_method *method), UNUSED(struct v3_ext_ctx *ctx), char *data) { X509 *cert = (X509 *)data; unsigned char digest[21]; ASN1_OCTET_STRING *str = ASN1_OCTET_STRING_new(); AUTHORITY_KEYID *keyid = AUTHORITY_KEYID_new(); if (str && keyid) { X509_PUBKEY* pk = X509_get_X509_PUBKEY(cert); assert(pk != NULL && "X509_get_X509_PUBKEY failed"); unsigned char const* data; int len; int e = X509_PUBKEY_get0_param(NULL, &data, &len, NULL, pk); assert(e == 1 && "X509_PUBKEY_get0_param failed"); SHA1(data, len, digest); ASN1_OCTET_STRING_set(str, digest, 20); ASN1_OCTET_STRING_free(keyid->keyid); keyid->keyid = str; } else { if (str) ASN1_OCTET_STRING_free(str); if (keyid) AUTHORITY_KEYID_free(keyid); keyid = NULL; } return keyid; } int initEx(void) { X509V3_EXT_METHOD *targets; X509V3_EXT_METHOD *avail; X509V3_EXT_METHOD *acseq; X509V3_EXT_METHOD *certseq; X509V3_EXT_METHOD *attribs; avail = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); targets = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); acseq = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); certseq = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); attribs = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); if (!avail || !targets || !acseq || !certseq || !attribs) { OPENSSL_free(avail); OPENSSL_free(targets); OPENSSL_free(acseq); OPENSSL_free(certseq); OPENSSL_free(attribs); return 0; } memset(avail, 0, sizeof(*avail)); avail->ext_nid = OBJ_txt2nid("noRevAvail"); avail->ext_flags = 0; avail->ext_new = (X509V3_EXT_NEW) ASN1_NULL_new; avail->ext_free = (X509V3_EXT_FREE)ASN1_NULL_free; avail->d2i = (X509V3_EXT_D2I) d2i_ASN1_NULL; avail->i2d = (X509V3_EXT_I2D) i2d_ASN1_NULL; avail->i2s = (X509V3_EXT_I2S) NULL; avail->s2i = (X509V3_EXT_S2I) NULL; avail->v2i = (X509V3_EXT_V2I) NULL; avail->r2i = (X509V3_EXT_R2I) NULL; avail->i2v = (X509V3_EXT_I2V) NULL; avail->i2r = (X509V3_EXT_I2R) NULL; X509V3_EXT_add(avail); memset(targets, 0, sizeof(*targets)); targets->ext_nid = OBJ_txt2nid("targetInformation"); targets->ext_flags = 0; targets->ext_new = (X509V3_EXT_NEW) AC_TARGETS_new; targets->ext_free = (X509V3_EXT_FREE)AC_TARGETS_free; targets->d2i = (X509V3_EXT_D2I) d2i_AC_TARGETS; targets->i2d = (X509V3_EXT_I2D) i2d_AC_TARGETS; targets->s2i = (X509V3_EXT_S2I) targets_s2i; targets->i2s = (X509V3_EXT_I2S) targets_i2s; targets->i2v = (X509V3_EXT_I2V) NULL; targets->v2i = (X509V3_EXT_V2I) NULL; targets->r2i = (X509V3_EXT_R2I) NULL; targets->i2r = (X509V3_EXT_I2R) NULL; X509V3_EXT_add(targets); memset(acseq, 0, sizeof(*acseq)); acseq->ext_nid = OBJ_txt2nid("acseq"); acseq->ext_flags = 0; acseq->ext_new = (X509V3_EXT_NEW) AC_SEQ_new; acseq->ext_free = (X509V3_EXT_FREE)AC_SEQ_free; acseq->d2i = (X509V3_EXT_D2I) d2i_AC_SEQ; acseq->i2d = (X509V3_EXT_I2D) i2d_AC_SEQ; acseq->s2i = (X509V3_EXT_S2I) acseq_s2i; acseq->i2s = (X509V3_EXT_I2S) acseq_i2s; acseq->i2v = (X509V3_EXT_I2V) NULL; acseq->v2i = (X509V3_EXT_V2I) NULL; acseq->r2i = (X509V3_EXT_R2I) NULL; acseq->i2r = (X509V3_EXT_I2R) NULL; X509V3_EXT_add(acseq); memset(certseq, 0, sizeof(*certseq)); certseq->ext_nid = OBJ_txt2nid("certseq"); certseq->ext_flags = 0; certseq->ext_new = (X509V3_EXT_NEW) AC_CERTS_new; certseq->ext_free = (X509V3_EXT_FREE)AC_CERTS_free; certseq->d2i = (X509V3_EXT_D2I) d2i_AC_CERTS; certseq->i2d = (X509V3_EXT_I2D) i2d_AC_CERTS; certseq->s2i = (X509V3_EXT_S2I) certs_s2i; certseq->i2s = (X509V3_EXT_I2S) certs_i2s; certseq->i2v = (X509V3_EXT_I2V) NULL; certseq->v2i = (X509V3_EXT_V2I) NULL; certseq->r2i = (X509V3_EXT_R2I) NULL; certseq->i2r = (X509V3_EXT_I2R) NULL; X509V3_EXT_add(certseq); memset(attribs, 0, sizeof(*attribs)); attribs->ext_nid = OBJ_txt2nid("attributes"); attribs->ext_flags = 0; attribs->ext_new = (X509V3_EXT_NEW) AC_FULL_ATTRIBUTES_new; attribs->ext_free = (X509V3_EXT_FREE)AC_FULL_ATTRIBUTES_free; attribs->d2i = (X509V3_EXT_D2I) d2i_AC_FULL_ATTRIBUTES; attribs->i2d = (X509V3_EXT_I2D) i2d_AC_FULL_ATTRIBUTES; attribs->s2i = (X509V3_EXT_S2I) attributes_s2i; attribs->i2s = (X509V3_EXT_I2S) attributes_i2s; attribs->i2v = (X509V3_EXT_I2V) NULL; attribs->v2i = (X509V3_EXT_V2I) NULL; attribs->r2i = (X509V3_EXT_R2I) NULL; attribs->i2r = (X509V3_EXT_I2R) NULL; X509V3_EXT_add(attribs); return 1; } voms-2.1.2/src/ac/extensions.h000066400000000000000000000022421477131364200162320ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMSAC_EXTENSIONS_H #define VOMSAC_EXTENSIONS_H #include "config.h" extern int initEx(void); #endif voms-2.1.2/src/ac/init.c000066400000000000000000000060461477131364200147770ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include "extensions.h" static void OBJC(char const* oid, char const* name) { assert(oid != NULL && name != NULL); if (OBJ_txt2nid(oid) == NID_undef) { int nid = OBJ_create(oid, name, name); assert(nid != NID_undef && "OBJ_create failed"); } } void declareOIDs(void) { #define idpkix "1.3.6.1.5.5.7" #define idpkcs9 "1.2.840.113549.1.9" #define idpe idpkix ".1" #define idce "2.5.29" #define idaca idpkix ".10" #define idat "2.5.4" #define idpeacauditIdentity idpe ".4" #define idcetargetInformation idce ".55" #define idceauthKeyIdentifier idce ".35" #define idceauthInfoAccess idpe ".1" #define idcecRLDistPoints idce ".31" #define idcenoRevAvail idce ".56" #define idceTargets idce ".55" #define idacaauthentInfo idaca ".1" #define idacaaccessIdentity idaca ".2" #define idacachargIdentity idaca ".3" #define idacagroup idaca ".4" #define idatclearance "2.5.1.5.5" #define voms "1.3.6.1.4.1.8005.100.100.1" #define incfile "1.3.6.1.4.1.8005.100.100.2" #define vo "1.3.6.1.4.1.8005.100.100.3" #define idatcap "1.3.6.1.4.1.8005.100.100.4" /* ///// test */ #define attributes "1.3.6.1.4.1.8005.100.100.11" #define acseq "1.3.6.1.4.1.8005.100.100.5" #define order "1.3.6.1.4.1.8005.100.100.6" #define certseq "1.3.6.1.4.1.8005.100.100.10" #define email idpkcs9 ".1" static int done=0; if (done) { return; } done=1; OBJC(idatcap,"idatcap"); OBJC(attributes,"attributes"); /* OBJC(idcenoRevAvail, "noRevAvail"); OBJC(idceTargets, "targetInformation"); */ OBJC(acseq, "acseq"); OBJC(order, "order"); OBJC(voms, "voms"); OBJC(incfile, "incfile"); OBJC(vo, "vo"); OBJC(certseq, "certseq"); } voms-2.1.2/src/ac/init.h000066400000000000000000000022341477131364200147770ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMSAC_INIT_H #define VOMSAC_INIT_H #include "config.h" extern void declareOIDs(void); #endif voms-2.1.2/src/ac/mystack.c000066400000000000000000000030061477131364200155000ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include "acstack.h" #include "newformat.h" #include "attributes.h" IMPL_STACK(AC_IETFATTR) IMPL_STACK(AC_IETFATTRVAL) IMPL_STACK(AC_ATTR) IMPL_STACK(AC) IMPL_STACK(AC_INFO) IMPL_STACK(AC_VAL) IMPL_STACK(AC_HOLDER) IMPL_STACK(AC_ACI) IMPL_STACK(AC_FORM) IMPL_STACK(AC_IS) IMPL_STACK(AC_DIGEST) IMPL_STACK(AC_TARGETS) IMPL_STACK(AC_TARGET) IMPL_STACK(AC_CERTS); IMPL_STACK(AC_ATTRIBUTE) IMPL_STACK(AC_ATT_HOLDER) IMPL_STACK(AC_FULL_ATTRIBUTES) voms-2.1.2/src/ac/newformat.c000066400000000000000000000140321477131364200160300ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include #include #include #include #include #include #include "newformat.h" #include "acerrors.h" #include "attributes.h" #ifndef VOMS_MAYBECONST #if defined(D2I_OF) #define VOMS_MAYBECONST const #else #define VOMS_MAYBECONST #endif #endif ASN1_SEQUENCE(AC_DIGEST) = { ASN1_SIMPLE(AC_DIGEST, type, ASN1_ENUMERATED), ASN1_OPT(AC_DIGEST, oid, ASN1_OBJECT), ASN1_SIMPLE(AC_DIGEST, algor, X509_ALGOR), ASN1_SIMPLE(AC_DIGEST, digest, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(AC_DIGEST) IMPLEMENT_ASN1_FUNCTIONS(AC_DIGEST) ASN1_SEQUENCE(AC_IS) = { ASN1_SIMPLE(AC_IS, issuer, GENERAL_NAMES), ASN1_SIMPLE(AC_IS, serial, ASN1_INTEGER), ASN1_OPT(AC_IS, uid, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(AC_IS) IMPLEMENT_ASN1_FUNCTIONS(AC_IS) ASN1_SEQUENCE(AC_FORM) = { ASN1_OPT(AC_FORM, names, GENERAL_NAMES), ASN1_IMP_OPT(AC_FORM, is, AC_IS, 0), ASN1_IMP_OPT(AC_FORM, digest, AC_DIGEST, 1) } ASN1_SEQUENCE_END(AC_FORM) IMPLEMENT_ASN1_FUNCTIONS(AC_FORM) ASN1_SEQUENCE(AC_ACI) = { ASN1_SEQUENCE_OF(AC_ACI, names, GENERAL_NAME), ASN1_SIMPLE(AC_ACI, form, AC_FORM) } ASN1_SEQUENCE_END(AC_ACI) IMPLEMENT_ASN1_FUNCTIONS(AC_ACI) ASN1_SEQUENCE(AC_HOLDER) = { ASN1_IMP(AC_HOLDER, baseid, AC_IS, 0), ASN1_IMP_OPT(AC_HOLDER, name, GENERAL_NAMES, 1), ASN1_IMP_OPT(AC_HOLDER, digest, AC_DIGEST, 2) } ASN1_SEQUENCE_END(AC_HOLDER) IMPLEMENT_ASN1_FUNCTIONS(AC_HOLDER) ASN1_SEQUENCE(AC_VAL) = { ASN1_SIMPLE(AC_VAL, notBefore, ASN1_GENERALIZEDTIME), ASN1_SIMPLE(AC_VAL, notAfter, ASN1_GENERALIZEDTIME), } ASN1_SEQUENCE_END(AC_VAL) IMPLEMENT_ASN1_FUNCTIONS(AC_VAL) ASN1_SEQUENCE(AC_IETFATTR) = { ASN1_IMP_SEQUENCE_OF_OPT(AC_IETFATTR, names, GENERAL_NAME, 0), ASN1_SEQUENCE_OF(AC_IETFATTR, values, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(AC_IETFATTR) IMPLEMENT_ASN1_FUNCTIONS(AC_IETFATTR) ASN1_SEQUENCE(AC_TARGET) = { ASN1_EXP_OPT(AC_TARGET, name, GENERAL_NAME, 0), ASN1_EXP_OPT(AC_TARGET, group, GENERAL_NAME, 1), ASN1_EXP_OPT(AC_TARGET, cert, AC_IS, 2), } ASN1_SEQUENCE_END(AC_TARGET) IMPLEMENT_ASN1_FUNCTIONS(AC_TARGET) ASN1_SEQUENCE(AC_TARGETS) = { ASN1_SEQUENCE_OF(AC_TARGETS, targets, AC_TARGET) } ASN1_SEQUENCE_END(AC_TARGETS) IMPLEMENT_ASN1_FUNCTIONS(AC_TARGETS) ASN1_SEQUENCE(AC_ATTRIBUTE) = { ASN1_SIMPLE(AC_ATTRIBUTE, name, ASN1_OCTET_STRING), ASN1_SIMPLE(AC_ATTRIBUTE, value, ASN1_OCTET_STRING), ASN1_SIMPLE(AC_ATTRIBUTE, qualifier, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(AC_ATTRIBUTE) IMPLEMENT_ASN1_FUNCTIONS(AC_ATTRIBUTE) ASN1_SEQUENCE(AC_ATT_HOLDER) = { ASN1_SEQUENCE_OF(AC_ATT_HOLDER, grantor, GENERAL_NAME), ASN1_SEQUENCE_OF(AC_ATT_HOLDER, attributes, AC_ATTRIBUTE) } ASN1_SEQUENCE_END(AC_ATT_HOLDER) IMPLEMENT_ASN1_FUNCTIONS(AC_ATT_HOLDER) ASN1_SEQUENCE(AC_FULL_ATTRIBUTES) = { ASN1_SEQUENCE_OF(AC_FULL_ATTRIBUTES, providers, AC_ATT_HOLDER) } ASN1_SEQUENCE_END(AC_FULL_ATTRIBUTES) IMPLEMENT_ASN1_FUNCTIONS(AC_FULL_ATTRIBUTES) ASN1_SEQUENCE(AC_ATTR) = { ASN1_SIMPLE(AC_ATTR, type, ASN1_OBJECT), ASN1_SET_OF(AC_ATTR, ietfattr, AC_IETFATTR), ASN1_SEQUENCE_OF_OPT(AC_ATTR, fullattributes, AC_FULL_ATTRIBUTES) } ASN1_SEQUENCE_END(AC_ATTR) IMPLEMENT_ASN1_FUNCTIONS(AC_ATTR) ASN1_ITEM_TEMPLATE(AC_ATTRS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, AcAttrs, AC_ATTR) ASN1_ITEM_TEMPLATE_END(AC_ATTRS) IMPLEMENT_ASN1_FUNCTIONS(AC_ATTRS) ASN1_SEQUENCE(AC_INFO) = { ASN1_SIMPLE(AC_INFO, version, ASN1_INTEGER), /* must be v2(1) */ ASN1_SIMPLE(AC_INFO, holder, AC_HOLDER), ASN1_EXP(AC_INFO, form, GENERAL_NAMES, 0), /* in place of an implicitly-tagged * AC_FORM */ ASN1_SIMPLE(AC_INFO, alg, X509_ALGOR), ASN1_SIMPLE(AC_INFO, serial, ASN1_INTEGER), ASN1_SIMPLE(AC_INFO, validity, AC_VAL), ASN1_SIMPLE(AC_INFO, attrib, AC_ATTRS), ASN1_OPT(AC_INFO, id, ASN1_BIT_STRING), ASN1_SIMPLE(AC_INFO, exts, X509_EXTENSIONS) } ASN1_SEQUENCE_END(AC_INFO) IMPLEMENT_ASN1_FUNCTIONS(AC_INFO) ASN1_SEQUENCE(AC) = { ASN1_SIMPLE(AC, acinfo, AC_INFO), ASN1_SIMPLE(AC, sig_alg, X509_ALGOR), ASN1_SIMPLE(AC, signature, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(AC) IMPLEMENT_ASN1_FUNCTIONS(AC) #if OPENSSL_VERSION_NUMBER < 0x30000000L AC * AC_dup(AC *x) { return ASN1_item_dup(ASN1_ITEM_rptr(AC), x); } #else AC * AC_dup(const AC *x) { return ASN1_item_dup(ASN1_ITEM_rptr(AC), x); } #endif ASN1_SEQUENCE(AC_SEQ) = { ASN1_SEQUENCE_OF(AC_SEQ, acs, AC) } ASN1_SEQUENCE_END(AC_SEQ) IMPLEMENT_ASN1_FUNCTIONS(AC_SEQ) ASN1_SEQUENCE(AC_CERTS) = { ASN1_SEQUENCE_OF(AC_CERTS, stackcert, X509) } ASN1_SEQUENCE_END(AC_CERTS) IMPLEMENT_ASN1_FUNCTIONS(AC_CERTS) EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey) { return (EVP_PKEY *)ASN1_dup((i2d_of_void*)i2d_PrivateKey, (d2i_of_void*)d2i_AutoPrivateKey, pkey); } int AC_verify(X509_ALGOR *algor1, ASN1_BIT_STRING *signature,char *data, EVP_PKEY *pkey) { return ASN1_verify((i2d_of_void *)i2d_AC_INFO, algor1, signature, data, pkey); } voms-2.1.2/src/ac/validate.cc000066400000000000000000000445331477131364200157730ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include "replace.h" #ifdef _GNU_SOURCE #undef _GNU_SOURCE #endif #define _GNU_SOURCE extern "C" { #include #include #include #include #include #include #include #include #include #include #include "newformat.h" #include "acerrors.h" #include "acstack.h" #include "attributes.h" #include "acstack.h" #include "listfunc.h" #include "doio.h" #include "ssl_compat.h" #include #include #include #include "replace.h" } #include "../api/ccapi/voms_api.h" #include "../api/ccapi/realdata.h" #include static std::string getfqdn(void); static int checkAttributes(STACK_OF(AC_ATTR) *, voms&); static int checkExtensions(STACK_OF(X509_EXTENSION) *,X509 *, int, realdata *); static int interpret_attributes(AC_FULL_ATTRIBUTES *, realdata*); std::string get_error(int e) { switch (e) { case AC_ERR_UNSET: case AC_ERR_SET: return "AC structure got corrupted."; break; case AC_ERR_SIGNATURE: return "Failed to verify AC signature."; break; case AC_ERR_VERSION: return "Mismatched AC version."; break; case AC_ERR_HOLDER_SERIAL: return "AC has been granted to a different certificate than the passed one."; break; case AC_ERR_HOLDER: return "Cannot retrieve owner name from AC."; break; case AC_ERR_UID_MISMATCH: return "Incorrectly formatted owner name."; break; case AC_ERR_ISSUER_NAME: return "Cannot discover AC creator."; break; case AC_ERR_SERIAL: return "AC serial number too long."; break; case AC_ERR_DATES: return "AC not yet valid."; break; case AC_ERR_DATES2: return "AC not valid anymore."; break; case AC_ERR_ATTRIBS: return "VOMS Attributes missing from AC."; break; case AC_ERR_ATTRIB_URI: return "VOMS Server contact data missing from AC."; break; case AC_ERR_ATTRIB_FQAN: return "VOMS Attributes absent or malformed."; break; case AC_ERR_EXTS_ABSENT: return "Required AC extensions missing (NoRevAvail and AuthorityKeyIdentifier)"; break; case AC_ERR_MEMORY: return "Out of memory."; break; case AC_ERR_EXT_CRIT: return "Unknown critical extension inside AC."; break; case AC_ERR_EXT_TARGET: return "Unable to parse Target extension."; break; case AC_ERR_TARGET_NO_MATCH: return "Cannot find match among allowed hosts."; break; case AC_ERR_EXT_KEY: return "AC issuer key unreadable or unverifiable."; break; case AC_ERR_UNKNOWN: return "Unknown error. (run for the hills!)"; break; case AC_ERR_PARAMETERS: return "Parameter error (Internal error: run for the hills!)"; break; case X509_ERR_ISSUER_NAME: return "Cannot discover AC Issuer name."; break; case X509_ERR_HOLDER_NAME: return "Cannot discover AC Holder name."; break; case AC_ERR_NO_EXTENSION: return "Cannot create needed extensions."; break; default: return "PANIC: Internal error found!"; break; } } #define ERROR(m) do { return (m); } while (0) #define CHECK(a) do { if ((!a)) ERROR(AC_ERR_UNSET); } while (0) #define NCHECK(a) do { if ((a)) ERROR(AC_ERR_SET); } while (0) #define WARNING(a) do { if ((a)) ERROR(AC_ERR_SET); } while (0) #define CTOCPPSTR(var, str) do { \ char *s = (str); \ var = std::string( s ? s : ""); \ free(s); \ } while (0) int validate(X509 *cert, X509 *issuer, AC *ac, voms &v, verify_type valids, time_t vertime, struct realdata *rd) { STACK_OF(GENERAL_NAME) *names; GENERAL_NAME *name = NULL; ASN1_GENERALIZEDTIME *b; ASN1_GENERALIZEDTIME *a; EVP_PKEY *key; BIGNUM *bn; int res; if (valids) { CHECK(ac); CHECK(ac->acinfo); CHECK(ac->acinfo->version); CHECK(ac->acinfo->holder); NCHECK(ac->acinfo->holder->digest); CHECK(ac->acinfo->form); CHECK(ac->acinfo->serial); CHECK(ac->acinfo->validity); CHECK(ac->acinfo->alg); CHECK(ac->acinfo->validity); CHECK(ac->acinfo->validity->notBefore); CHECK(ac->acinfo->validity->notAfter); CHECK(ac->acinfo->attrib); CHECK(ac->sig_alg); CHECK(ac->signature); } if (valids & VERIFY_SIGN) { int ok; CHECK(issuer); key=X509_extract_key(issuer); ok = AC_verify(ac->sig_alg, ac->signature, (char *)ac->acinfo, key); EVP_PKEY_free(key); if (!ok) ERROR(AC_ERR_SIGNATURE); } v.version = 1; v.siglen = ac->signature->length; v.signature = std::string((char*)ac->signature->data, ac->signature->length); bn = ASN1_INTEGER_to_BN(ac->acinfo->serial, NULL); char *bnstring = BN_bn2hex(bn); v.serial = std::string(bnstring); OPENSSL_free(bnstring); BN_free(bn); if (cert) { CTOCPPSTR(v.user, X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0)); CTOCPPSTR(v.userca, X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0)); } else { if (valids & VERIFY_ID) ERROR(AC_ERR_HOLDER); v.user = v.userca = ""; } if (issuer) { CTOCPPSTR(v.server, X509_NAME_oneline(X509_get_subject_name(issuer), NULL, 0)); CTOCPPSTR(v.serverca, X509_NAME_oneline(X509_get_issuer_name(issuer), NULL, 0)); } else { CTOCPPSTR(v.server, X509_NAME_oneline(sk_GENERAL_NAME_value(ac->acinfo->form, 0)->d.dirn,NULL, 0)); v.serverca = "Unable to determine CA"; } if (valids) { if (valids & VERIFY_ID) { if (ac->acinfo->holder->baseid) { CHECK(ac->acinfo->holder->baseid->serial); CHECK(ac->acinfo->holder->baseid->issuer); if (ASN1_INTEGER_cmp(ac->acinfo->holder->baseid->serial, X509_get_serialNumber(cert))) ERROR(AC_ERR_HOLDER_SERIAL); names = ac->acinfo->holder->baseid->issuer; if ((sk_GENERAL_NAME_num(names) != 1)) ERROR(AC_ERR_HOLDER); if (!(name = sk_GENERAL_NAME_value(names,0))) ERROR(AC_ERR_HOLDER); if (name->type != GEN_DIRNAME) ERROR(AC_ERR_HOLDER); if (X509_NAME_cmp(name->d.dirn, X509_get_subject_name(cert)) && X509_NAME_cmp(name->d.dirn, X509_get_issuer_name(cert))) ERROR(AC_ERR_HOLDER); ASN1_BIT_STRING const* issuer_uid; X509_get0_uids(cert, &issuer_uid, 0); if ((!ac->acinfo->holder->baseid->uid && issuer_uid) || (!issuer_uid && ac->acinfo->holder->baseid->uid)) ERROR(AC_ERR_UID_MISMATCH); if (ac->acinfo->holder->baseid->uid) { if (ASN1_STRING_cmp(ac->acinfo->holder->baseid->uid, issuer_uid)) ERROR(AC_ERR_UID_MISMATCH); } } else if (ac->acinfo->holder->name) { STACK_OF(GENERAL_NAMES) *gnames = ac->acinfo->holder->name; GENERAL_NAMES *gname; if ((sk_GENERAL_NAMES_num(gnames) == 1) || ((gname = sk_GENERAL_NAMES_value(gnames,0)))) { if ((sk_GENERAL_NAME_num(gname) == 1) || ((name = sk_GENERAL_NAME_value(gname,0)) || (name->type != GEN_DIRNAME))) { if (X509_NAME_cmp(name->d.dirn, X509_get_issuer_name(cert))) { /* CHECK ALT_NAMES */ /* in VOMS ACs, checking into alt names is assumed to always fail. */ ERROR(AC_ERR_UID_MISMATCH); } } } } } names = ac->acinfo->form; if ((sk_GENERAL_NAME_num(names) != 1)) ERROR(AC_ERR_ISSUER_NAME); if (!(name = sk_GENERAL_NAME_value(names,0))) ERROR(AC_ERR_ISSUER_NAME); if (name->type != GEN_DIRNAME) ERROR(AC_ERR_ISSUER_NAME); if (valids & VERIFY_ID) if (X509_NAME_cmp(name->d.dirn, X509_get_subject_name(issuer))) ERROR(AC_ERR_ISSUER_NAME); if (ac->acinfo->serial->length>20) ERROR(AC_ERR_SERIAL); } b = ac->acinfo->validity->notBefore; a = ac->acinfo->validity->notAfter; v.date1 = std::string((char*)b->data, b->length); v.date2 = std::string((char*)a->data, a->length); if (valids & VERIFY_DATE) { time_t ctime, dtime; if (vertime == 0) { time (&ctime); vertime = ctime; } else ctime = vertime; ctime += 300; dtime = ctime-600; if ((a->type != V_ASN1_GENERALIZEDTIME) || (b->type != V_ASN1_GENERALIZEDTIME)) ERROR(AC_ERR_DATES); if (((X509_cmp_time(b, &vertime) >= 0) && (X509_cmp_time(b, &ctime) >= 0))) ERROR(AC_ERR_DATES); if (((X509_cmp_time(a, &dtime) <= 0) && (X509_cmp_time(a, &dtime) <= 0))) ERROR(AC_ERR_DATES2); } if (valids) { if (sk_AC_ATTR_num(ac->acinfo->attrib) == 0) ERROR(AC_ERR_ATTRIBS); } if ((res = checkExtensions(ac->acinfo->exts, issuer, valids, rd))) return res; res = checkAttributes(ac->acinfo->attrib, v); if (res == 0) rd->ac = ac; return res; } static int checkAttributes(STACK_OF(AC_ATTR) *atts, voms &v) { int nid3; int pos3; AC_ATTR *caps; STACK_OF(AC_IETFATTRVAL) *values; AC_IETFATTR *capattr; AC_IETFATTRVAL *capname; GENERAL_NAME *data; if (!atts) return 0; /* find AC_ATTR with IETFATTR type */ nid3 = OBJ_txt2nid("idatcap"); pos3 = X509at_get_attr_by_NID((STACK_OF(X509_ATTRIBUTE)*)atts, nid3, -1); if (!(pos3 >=0)) return AC_ERR_ATTRIBS; caps = sk_AC_ATTR_value(atts, pos3); /* check there's exactly one IETFATTR attribute */ if (sk_AC_IETFATTR_num(caps->ietfattr) != 1) return AC_ERR_ATTRIB_URI; /* retrieve the only AC_IETFFATTR */ capattr = sk_AC_IETFATTR_value(caps->ietfattr, 0); values = capattr->values; /* check it has exactly one policyAuthority */ if (sk_GENERAL_NAME_num(capattr->names) != 1) return AC_ERR_ATTRIB_URI; /* put policyAuthority in voms struct */ data = sk_GENERAL_NAME_value(capattr->names, 0); if (data->type == GEN_URI) { v.voname = std::string((char*)data->d.ia5->data, data->d.ia5->length); std::string::size_type point = v.voname.find("://"); if (point != std::string::npos) { v.uri = v.voname.substr(point + 3); v.voname = v.voname.substr(0, point); } else return AC_ERR_ATTRIB_URI; } else return AC_ERR_ATTRIB_URI; std::string top_group = "/" + v.voname; /* scan the stack of IETFATTRVAL to put attribute in voms struct */ for (int i=0; itype == V_ASN1_OCTET_STRING)) return AC_ERR_ATTRIB_FQAN; std::string str = std::string((char*)capname->data, capname->length); std::string::size_type top_group_size = top_group.size(); std::string::size_type str_size = str.size(); /* The top level group name must be identical to the VO name. An attribute may end right after the group name, or may continue on (separated by a "/"). */ if (str.compare(0, top_group_size, top_group)) { return AC_ERR_ATTRIB_FQAN; } else if (str_size > top_group_size && str[top_group_size] != '/') { return AC_ERR_ATTRIB_FQAN; } v.fqan.push_back(str); struct data d; std::string::size_type rolestart = str.find("/Role="); std::string::size_type capstart = str.find("/Capability="); if (capstart != std::string::npos) { if (rolestart != std::string::npos) { d.group = str.substr(0, rolestart); d.role = str.substr(rolestart + 6, capstart - rolestart -6); d.cap = str.substr(capstart + 12); } else { d.group = str.substr(0, capstart); d.role = ""; d.cap = str.substr(capstart + 12); } } else { if (rolestart != std::string::npos) { d.group = str.substr(0, rolestart); d.role = str.substr(rolestart+6); d.cap = ""; } else { d.group = str; d.role = ""; d.cap = ""; } } v.std.push_back(d); } v.type = TYPE_STD; return 0; } static int checkExtensions(STACK_OF(X509_EXTENSION) *exts, X509 *iss, int valids, realdata *rd) { int nid1 = NID_no_rev_avail; int nid2 = NID_authority_key_identifier; int nid3 = NID_target_information; int nid5 = OBJ_txt2nid("attributes"); int pos1 = X509v3_get_ext_by_NID(exts, nid1, -1); int pos2 = X509v3_get_ext_by_NID(exts, nid2, -1); int pos3 = X509v3_get_ext_by_critical(exts, 1, -1); int pos4 = X509v3_get_ext_by_NID(exts, nid3, -1); int pos5 = X509v3_get_ext_by_NID(exts, nid5, -1); int ret = 0; /* noRevAvail, Authkeyid MUST be present */ if (pos1 < 0 || pos2 < 0) return AC_ERR_EXTS_ABSENT; /* The only critical extension allowed is idceTargets. */ while (pos3 >=0) { X509_EXTENSION *ex; AC_TARGETS *targets; AC_TARGET *name; ex = sk_X509_EXTENSION_value(exts, pos3); if (pos3 == pos4) { if (valids & VERIFY_TARGET) { std::string fqdn = getfqdn(); int ok = 0; ASN1_IA5STRING *fqdns = ASN1_IA5STRING_new(); if (fqdns) { ret = AC_ERR_TARGET_NO_MATCH; ASN1_STRING_set(fqdns, fqdn.c_str(), fqdn.size()); targets = (AC_TARGETS *)X509V3_EXT_d2i(ex); if (targets) { for (int i = 0; i < sk_AC_TARGET_num(targets->targets); i++) { name = sk_AC_TARGET_value(targets->targets, i); if (name->name && name->name->type == GEN_URI) { ok = !ASN1_STRING_cmp(name->name->d.ia5, fqdns); if (ok) { ret = 0; break; } } } if (!ok) { ASN1_STRING_free(fqdns); AC_TARGETS_free(targets); return AC_ERR_TARGET_NO_MATCH; } } AC_TARGETS_free(targets); ASN1_STRING_free(fqdns); } if (!ok) return AC_ERR_EXT_TARGET; } } else return AC_ERR_EXT_CRIT; pos3 = X509v3_get_ext_by_critical(exts, 1, pos3); } if (pos5 >= 0) { X509_EXTENSION *ex = NULL; AC_FULL_ATTRIBUTES *full_attr = NULL; ex = sk_X509_EXTENSION_value(exts, pos5); full_attr = (AC_FULL_ATTRIBUTES *)X509V3_EXT_d2i(ex); if (full_attr) { if (!interpret_attributes(full_attr, rd)) { ret = AC_ERR_ATTRIBS; } } AC_FULL_ATTRIBUTES_free(full_attr); } if (ret) return ret; if (valids & VERIFY_KEY) { if (pos2 >= 0) { X509_EXTENSION *ex; AUTHORITY_KEYID *key; ex = sk_X509_EXTENSION_value(exts, pos2); key = (AUTHORITY_KEYID *)X509V3_EXT_d2i(ex); if (key) { ret = 0; if (iss) { if (key->keyid) { unsigned char hashed[SHA_DIGEST_LENGTH]; ASN1_BIT_STRING* pubkey = X509_get0_pubkey_bitstr(iss); if (!SHA1(pubkey->data, pubkey->length, hashed)) ret = AC_ERR_EXT_KEY; if ((memcmp(key->keyid->data, hashed, 20) != 0) && (key->keyid->length == 20)) ret = AC_ERR_EXT_KEY; } else { if (!(key->issuer && key->serial)) ret = AC_ERR_EXT_KEY; if (ASN1_INTEGER_cmp((key->serial), (X509_get0_serialNumber(iss)))) ret = AC_ERR_EXT_KEY; if (key->serial->type != GEN_DIRNAME) ret = AC_ERR_EXT_KEY; if (X509_NAME_cmp(sk_GENERAL_NAME_value((key->issuer), 0)->d.dirn, (X509_get_subject_name(iss)))) ret = AC_ERR_EXT_KEY; } } else { if (!(valids & VERIFY_ID)) ret = AC_ERR_EXT_KEY; } AUTHORITY_KEYID_free(key); } else { ret = AC_ERR_EXT_KEY; } } } else return 0; return ret; } static std::string getfqdn(void) { char hostname[256]; char domainname[256]; if ((!gethostname(hostname, 255)) && (!getdomainname(domainname, 255))) { if (!strcmp(domainname, "(none)")) { domainname[0]='\0'; return std::string(hostname) + (domainname[0] == '.' ? "." : "") + domainname; } } return ""; } static int interpret_attributes(AC_FULL_ATTRIBUTES *full_attr, realdata *rd) { GENERAL_NAME *gn = NULL; STACK_OF(AC_ATT_HOLDER) *providers = NULL; providers = full_attr->providers; for (int i = 0; i < sk_AC_ATT_HOLDER_num(providers); i++) { AC_ATT_HOLDER *holder = sk_AC_ATT_HOLDER_value(providers, i); STACK_OF(AC_ATTRIBUTE) *atts = holder->attributes; struct attributelist al; for (int j = 0; j < sk_AC_ATTRIBUTE_num(atts); j++) { AC_ATTRIBUTE *at = sk_AC_ATTRIBUTE_value(atts, j); struct attribute a; a.name = std::string((char*)at->name->data, at->name->length); a.value = std::string((char*)at->value->data, at->value->length); a.qualifier = std::string((char*)at->qualifier->data, at->qualifier->length); al.attributes.push_back(a); } gn = sk_GENERAL_NAME_value(holder->grantor, 0); al.grantor = std::string((char*)gn->d.ia5->data, gn->d.ia5->length); rd->attributes->push_back(al); } /* * Deal with voms-server < 1.9, which generated an empty AC_FULL_ATTRIBUTES * extension when no GAs were present, rather than omitting the extension * in its entirety, which would have been the right behaviour. */ return !(sk_AC_ATT_HOLDER_num(providers)) || (rd->attributes->size() != 0); } voms-2.1.2/src/ac/write.c000066400000000000000000000313651477131364200151700ustar00rootroot00000000000000 /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include #include #include #include #include #include "newformat.h" #include "acerrors.h" #include "attributes.h" #include "doio.h" #include "ssl_compat.h" #define ERROR(e) do { err = (e); goto err; } while (0) void add_no_rev_avail_ext(AC *ac) { X509_EXTENSION* ext = X509V3_EXT_i2d(NID_no_rev_avail,0, ASN1_NULL_new()); assert( ext != NULL); sk_X509_EXTENSION_push(ac->acinfo->exts, ext); } int add_authority_key_id_ext(AC *ac, X509* issuer_cert) { X509V3_CTX ctx; X509V3_set_ctx(&ctx, issuer_cert, NULL, NULL, NULL, 0); X509_EXTENSION* ext = X509V3_EXT_conf(NULL, &ctx, "authorityKeyIdentifier", "keyid:always"); if (!ext) { return AC_ERR_NO_EXTENSION; } sk_X509_EXTENSION_push(ac->acinfo->exts, ext); return 0; } AC_TARGET* build_ac_target(char* t){ AC_TARGET *target = AC_TARGET_new(); ASN1_IA5STRING *target_str = ASN1_IA5STRING_new(); if (! target || !target_str) { AC_TARGET_free(target); ASN1_IA5STRING_free(target_str); return NULL; } GENERAL_NAME *name = GENERAL_NAME_new(); if (! name) { AC_TARGET_free(target); ASN1_IA5STRING_free(target_str); return NULL; } ASN1_STRING_set(target_str, t, strlen(t)); name->type = GEN_URI; name->d.ia5 = target_str; target->name = name; return target; } AC_TARGETS* build_ac_targets_ext(char* targets) { const char* DELIMITER = ","; char *targets_copy = strdup(targets); char *token; AC_TARGETS* result = AC_TARGETS_new(); if (! targets_copy || !result ){ goto err; } token = strtok(targets_copy, DELIMITER); while (token != NULL){ AC_TARGET *target = build_ac_target(token); if (! target ) { goto err; } sk_AC_TARGET_push(result->targets, target); token = strtok(NULL, DELIMITER); } free(targets_copy); return result; err: if (result) { AC_TARGETS_free(result); } return NULL; } int add_targets_ext(AC* ac, char* targets_str) { AC_TARGETS *targets = build_ac_targets_ext(targets_str); if (!targets) { return AC_ERR_NO_EXTENSION; } X509_EXTENSION* ext = X509V3_EXT_i2d(NID_target_information,1, targets); if (!ext) { return AC_ERR_NO_EXTENSION; } sk_X509_EXTENSION_push(ac->acinfo->exts, ext); return 0; } static int make_and_push_ext(AC *ac, char *name, char *data, int critical) { int ext_NID = OBJ_txt2nid(name); if (ext_NID == NID_undef ){ return AC_ERR_NO_EXTENSION; } X509_EXTENSION *ext = X509V3_EXT_conf_nid(NULL, NULL, ext_NID, data); if (!ext) { return AC_ERR_NO_EXTENSION; } X509_EXTENSION_set_critical(ext, critical); sk_X509_EXTENSION_push(ac->acinfo->exts, ext); return 0; } static void make_uri(const char *vo, const char *uri, STACK_OF(GENERAL_NAME) *names) { GENERAL_NAME *g = NULL; ASN1_IA5STRING *tmpr = NULL; if (vo || uri) { char *buffer=snprintf_wrap("%s://%s", vo ? vo : "", uri ? uri : ""); g = GENERAL_NAME_new(); tmpr = ASN1_IA5STRING_new(); if (!tmpr || !g || !buffer) { GENERAL_NAME_free(g); ASN1_IA5STRING_free(tmpr); free(buffer); return; } ASN1_STRING_set(tmpr, buffer, strlen(buffer)); free(buffer); g->type = GEN_URI; g->d.ia5 = tmpr; sk_GENERAL_NAME_push(names, g); } } int writeac(X509 *issuerc, STACK_OF(X509) *issuerstack, X509 *holder, EVP_PKEY *pkey, BIGNUM *s, char **fqan, char *t, char **attributes_strings, AC **ac, const char *vo, const char *uri, int valid, int old, int startpast, STACK_OF(X509_EXTENSION) *extensions) { AC *a; X509_NAME *name1, *name2, *subjdup, *issdup; GENERAL_NAME *dirn, *dirn2; ASN1_INTEGER *serial, *holdserial, *version; ASN1_BIT_STRING *uid; AC_ATTR *capabilities; AC_IETFATTR *capnames; AC_FULL_ATTRIBUTES *ac_full_attrs; ASN1_OBJECT *cobj; X509_ALGOR *alg1, *alg2; ASN1_GENERALIZEDTIME *time1, *time2; AC_ATT_HOLDER *ac_att_holder = NULL; STACK_OF(X509) *stk = NULL; ASN1_NULL *null; int i = 0; int err = AC_ERR_UNKNOWN; int ret = 0; time_t curtime; a = NULL; subjdup = issdup = NULL; dirn = dirn2 = NULL; serial = holdserial = NULL; time1 = time2 = NULL; uid = NULL; capabilities = NULL; capnames = NULL; cobj = NULL; ac_full_attrs = NULL; if (!issuerc || !holder || !s || !fqan || !ac || !pkey) return AC_ERR_PARAMETERS; a = *ac; name1 = X509_get_subject_name(issuerc); if (old) name2 = X509_get_subject_name(holder); else name2 = X509_get_issuer_name(holder); if (!name1) ERROR(X509_ERR_ISSUER_NAME); if (!name2) ERROR(X509_ERR_HOLDER_NAME); time(&curtime); time1 = ASN1_GENERALIZEDTIME_set(NULL, curtime - startpast); time2 = ASN1_GENERALIZEDTIME_set(NULL, curtime + valid - startpast); subjdup = X509_NAME_dup(name2); issdup = X509_NAME_dup(name1); dirn = GENERAL_NAME_new(); dirn2 = GENERAL_NAME_new(); holdserial = ASN1_INTEGER_dup(X509_get_serialNumber(holder)); serial = BN_to_ASN1_INTEGER(s, NULL); version = ASN1_INTEGER_new(); capabilities = AC_ATTR_new(); cobj = OBJ_txt2obj("idatcap",0); capnames = AC_IETFATTR_new(); null = ASN1_NULL_new(); ac_full_attrs = AC_FULL_ATTRIBUTES_new(); ac_att_holder = AC_ATT_HOLDER_new(); if (!subjdup || !issdup || !dirn || !dirn2 || !holdserial || !serial || !version || !capabilities || !cobj || !capnames || !time1 || !time2 || !null || !ac_full_attrs || !ac_att_holder) ERROR(AC_ERR_MEMORY); ASN1_INTEGER_set(version,1); if (capnames->names == NULL) { capnames->names = GENERAL_NAMES_new(); if (capnames->names == NULL){ ERROR(AC_ERR_MEMORY); } } /* prepare AC_IETFATTR */ while(fqan[i]) { ASN1_OCTET_STRING *tmpc = ASN1_OCTET_STRING_new(); if (!tmpc) { ERROR(AC_ERR_MEMORY); } ASN1_OCTET_STRING_set(tmpc, (unsigned char*)fqan[i], strlen(fqan[i])); sk_AC_IETFATTRVAL_push(capnames->values, tmpc); i++; } if (vo || uri) { make_uri(vo, uri, capnames->names); sk_AC_IETFATTR_push(capabilities->ietfattr, capnames); capnames = NULL; } ASN1_OBJECT_free(capabilities->type); capabilities->type = cobj; i = 0; /* prepare AC_FULL_ATTRIBUTES */ if (attributes_strings) { while (attributes_strings[i]) { char *qual, *name, *value; char *tmp = NULL, *tmp2 = NULL; AC_ATTRIBUTE *ac_attr = AC_ATTRIBUTE_new(); if (!ac_attr) { AC_ATTRIBUTE_free(ac_attr); ERROR(AC_ERR_MEMORY); } tmp = strstr(attributes_strings[i], "::"); if (tmp == attributes_strings[i]) { qual = NULL; tmp = attributes_strings[i] + 2; } else { *tmp='\0'; qual = attributes_strings[i]; tmp += 2; } tmp2 = strstr(tmp, "="); if (!tmp2) { ERROR(AC_ERR_PARAMETERS); } else { name = tmp; *tmp2 = '\0'; value = ++tmp2; } if (qual) ASN1_OCTET_STRING_set(ac_attr->qualifier, (unsigned char *)qual, strlen(qual)); else if (vo) ASN1_OCTET_STRING_set(ac_attr->qualifier, (unsigned char *)vo, strlen(vo)); else ASN1_OCTET_STRING_set(ac_attr->qualifier, (unsigned char *)"", 0); ASN1_OCTET_STRING_set(ac_attr->name, (unsigned char *)name, strlen(name)); ASN1_OCTET_STRING_set(ac_attr->value, (unsigned char *)value, strlen(value)); sk_AC_ATTRIBUTE_push(ac_att_holder->attributes, ac_attr); i++; } } if (!i) { AC_ATT_HOLDER_free(ac_att_holder); ac_att_holder = NULL; } else { make_uri(vo, uri, ac_att_holder->grantor); sk_AC_ATT_HOLDER_push(ac_full_attrs->providers, ac_att_holder); } /* push both AC_ATTR into STACK_OF(AC_ATTR) */ sk_AC_ATTR_push(a->acinfo->attrib, capabilities); capabilities = NULL; if (ac_full_attrs && i) { ret = make_and_push_ext(a, "attributes", (char *)(ac_full_attrs->providers), 0); AC_FULL_ATTRIBUTES_free(ac_full_attrs); ac_full_attrs = NULL; ac_att_holder = NULL; if (ret) ERROR(AC_ERR_NO_EXTENSION); } else { AC_FULL_ATTRIBUTES_free(ac_full_attrs); ac_full_attrs = NULL; } stk = sk_X509_new_null(); if (issuerstack) { for (i =0; i < sk_X509_num(issuerstack); i++) sk_X509_push(stk, X509_dup(sk_X509_value(issuerstack, i))); } #ifdef TYPEDEF_I2D_OF sk_X509_push(stk, (X509 *)ASN1_dup((i2d_of_void*)i2d_X509,(d2i_of_void*)d2i_X509, (char *)issuerc)); #else sk_X509_push(stk, (X509 *)ASN1_dup((int (*)())i2d_X509,(char * (*)())d2i_X509, (char *)issuerc)); #endif ret = make_and_push_ext(a, "certseq", (char*)stk, 0); sk_X509_pop_free(stk, X509_free); if (ret) { ERROR(AC_ERR_NO_EXTENSION); } /* Create several extensions */ add_no_rev_avail_ext(a); if (add_authority_key_id_ext(a,issuerc)){ ERROR(AC_ERR_NO_EXTENSION); } if (t && add_targets_ext(a,t)){ ERROR(AC_ERR_NO_EXTENSION); } if (extensions) { int proxyindex = 0; for (proxyindex = 0; proxyindex < sk_X509_EXTENSION_num(extensions); proxyindex++) { X509_EXTENSION *ext = X509_EXTENSION_dup(sk_X509_EXTENSION_value(extensions, i)); if (ext) { if (!sk_X509_EXTENSION_push(a->acinfo->exts, ext)) { X509_EXTENSION_free(ext); goto err; } } else { goto err; } } } { const X509_ALGOR *sig_alg = X509_get0_tbs_sigalg(issuerc); alg1 = X509_ALGOR_dup((X509_ALGOR*)sig_alg); // const_cast } { #if OPENSSL_VERSION_NUMBER >= 0x10100000L const #endif X509_ALGOR *sig_alg; X509_get0_signature(NULL, &sig_alg, issuerc); alg2 = X509_ALGOR_dup((X509_ALGOR*)sig_alg); // possibly const_cast } { ASN1_BIT_STRING const* issuerUID; X509_get0_uids(issuerc, &issuerUID, NULL); if (issuerUID) if (!(uid = ASN1_STRING_dup(issuerUID))) ERROR(AC_ERR_MEMORY); } #define FREE_AND_SET(datum, value, type) type##_free((datum)); (datum) = (value) FREE_AND_SET(a->acinfo->holder->baseid->serial, holdserial, ASN1_INTEGER); FREE_AND_SET(a->acinfo->serial, serial, ASN1_INTEGER); FREE_AND_SET(a->acinfo->version, version, ASN1_INTEGER); FREE_AND_SET(a->acinfo->validity->notBefore, time1, ASN1_GENERALIZEDTIME); FREE_AND_SET(a->acinfo->validity->notAfter, time2, ASN1_GENERALIZEDTIME); FREE_AND_SET(a->acinfo->alg, alg1, X509_ALGOR); FREE_AND_SET(a->sig_alg, alg2, X509_ALGOR); #undef FREE_AND_SET dirn->d.dirn = subjdup; dirn->type = GEN_DIRNAME; sk_GENERAL_NAME_push(a->acinfo->holder->baseid->issuer, dirn); dirn2->d.dirn = issdup; dirn2->type = GEN_DIRNAME; sk_GENERAL_NAME_push(a->acinfo->form, dirn2); a->acinfo->id = uid; /* Use same signature algorithm used to sign the certificate */ EVP_MD const* md = EVP_get_digestbyobj(a->sig_alg->algorithm); if (md == NULL){ /* fall back to SHA1 */ md = EVP_sha1(); } ASN1_sign((i2d_of_void *)i2d_AC_INFO, a->acinfo->alg, a->sig_alg, a->signature, (char *)a->acinfo, pkey, md); *ac = a; return 0; err: sk_X509_EXTENSION_pop_free(a->acinfo->exts, X509_EXTENSION_free); a->acinfo->exts = NULL; X509_NAME_free(subjdup); X509_NAME_free(issdup); GENERAL_NAME_free(dirn); GENERAL_NAME_free(dirn2); ASN1_INTEGER_free(holdserial); ASN1_INTEGER_free(serial); AC_ATTR_free(capabilities); ASN1_OBJECT_free(cobj); AC_IETFATTR_free(capnames); ASN1_UTCTIME_free(time1); ASN1_UTCTIME_free(time2); AC_ATT_HOLDER_free(ac_att_holder); AC_FULL_ATTRIBUTES_free(ac_full_attrs); return err; } voms-2.1.2/src/ac/write.h000066400000000000000000000030421477131364200151640ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_WRITE_H #define VOMS_WRITE_H #include "config.h" #include #include #include #include extern int writeac(const X509 *issuerc, const STACK_OF(X509) *certstack, const X509 *holder, const EVP_PKEY *pkey, BIGNUM *s, char **c, const char *t, char **attributes, AC **ac, const char *voname, const char *uri, int valid, int old, int startpast, STACK_OF(X509_EXTENSION) *extensions); #endif voms-2.1.2/src/api/000077500000000000000000000000001477131364200140505ustar00rootroot00000000000000voms-2.1.2/src/api/Makefile.am000066400000000000000000000000171477131364200161020ustar00rootroot00000000000000SUBDIRS = ccapivoms-2.1.2/src/api/ccapi/000077500000000000000000000000001477131364200151275ustar00rootroot00000000000000voms-2.1.2/src/api/ccapi/Makefile.am000066400000000000000000000177461477131364200172020ustar00rootroot00000000000000includedir = @includedir@/voms if BUILD_INTERFACES pkgconfigdir = @libdir@/pkgconfig pkgconfig_DATA = voms-2.0.pc endif lib_LTLIBRARIES = libvomsapi.la libvomsapi_la_SOURCES = \ api_util.cc \ voms_api.cc \ ccval.cc \ internal.cc \ cinterface.cc libvomsapi_la_CXXFLAGS = \ $(PTHREAD_CFLAGS) \ $(NO_GLOBUS_FLAGS) \ -DNOGLOBUS \ -I$(top_srcdir)/src/include \ $(OPENSSL_CFLAGS) libvomsapi_la_LDFLAGS = \ -rpath $(libdir) \ -version-info 1:0:0 libvomsapi_la_LIBADD = \ $(EXPAT_LIBS) \ $(OPENSSL_LIBS) \ $(PTHREAD_LIBS) \ $(top_builddir)/src/replib/librep.la \ $(top_builddir)/src/common/libutilities_nog.la \ $(top_builddir)/src/common/libutilc_nog.la \ $(top_builddir)/src/sslutils/libssl_utils_nog.la \ $(top_builddir)/src/log/liblog.la\ $(top_builddir)/src/socklib/libsock_nog.la \ $(top_builddir)/src/ac/libattributes_nog.la if BUILD_INTERFACES include_HEADERS = \ voms_api.h \ voms_apic.h EXTRA_DIST = \ api_util.h \ ccval.h \ voms_api.h \ voms_apic.h \ cinterface.h \ realdata.h \ internal.h endif CLEANFILES = \ libvomsapi.la ### mandir = $(datadir)/man APIDOC_DIR = $(top_builddir)/doc/apidoc OUTPUT_DIR = VOMS_CC_API VOMS_C_API CCDOCPLC_DIR = $(top_builddir)/doc/apidoc/api/VOMS_CC_API CDOCPLC_DIR = $(top_builddir)/doc/apidoc/api/VOMS_C_API CCHTML = $(CCDOCPLC_DIR)/html/index.html CHTML = $(CDOCPLC_DIR)/html/index.html HTML = $(CCHTML) $(CHTML) if BUILD_DOCS CCMAN3 = $(CCDOCPLC_DIR)/man/man3/voms.3 \ $(CCDOCPLC_DIR)/man/man3/voms_api.h.3 \ $(CCDOCPLC_DIR)/man/man3/vomsdata.3 CMAN3 = $(CDOCPLC_DIR)/man/man3/voms_apic.h.3 MAN3 = $(CCMAN3) $(CMAN3) endif PDF = $(CCDOCPLC_DIR)/pdf/VOMS_CC_API.pdf \ $(CDOCPLC_DIR)/pdf/VOMS_C_API.pdf PS = $(CCDOCPLC_DIR)/ps/VOMS_CC_API.ps \ $(CDOCPLC_DIR)/pdf/VOMS_C_API.ps CCLATEX = $(CCDOCPLC_DIR)/latex/Makefile \ $(CCDOCPLC_DIR)/latex/refman.tex \ $(CCDOCPLC_DIR)/latex/doxygen.sty CLATEX = $(CDOCPLC_DIR)/latex/Makefile \ $(CDOCPLC_DIR)/latex/refman.tex \ $(CDOCPLC_DIR)/latex/doxygen.sty LATEX = $(CCLATEX) $(CLATEX) $(CCDOCPLC_DIR)/Doxyfile: -mkdir -p $(CCDOCPLC_DIR) echo -e "INPUT = $(top_srcdir)/src/api/ccapi/voms_api.h\n\ OUTPUT_DIRECTORY = \"$(top_builddir)/doc/apidoc/api/VOMS_CC_API\"\n\ PROJECT_NAME = \"VOMS CC API\"\n\ PROJECT_NUMBER = \"1.5.0\"\n\ OUTPUT_LANGUAGE = English\n\ EXTRACT_ALL = YES\n\ EXTRACT_STATIC = YES\n\ EXTRACT_LOCAL_CLASSES = YES\n\ ALWAYS_DETAILED_SEC = NO\n\ INLINE_INHERITED_MEMB = NO\n\ FULL_PATH_NAMES = NO\n\ CASE_SENSE_NAMES = YES\n\ JAVADOC_AUTOBRIEF = NO\n\ DISTRIBUTE_GROUP_DOC = NO\n\ TAB_SIZE = 8\n\ GENERATE_TODOLIST = YES\n\ GENERATE_TESTLIST = YES\n\ GENERATE_BUGLIST = YES\n\ MAX_INITIALIZER_LINES = 30\n\ OPTIMIZE_OUTPUT_FOR_C = YES\n\ SHOW_USED_FILES = YES\n\ WARNINGS = YES\n\ WARN_IF_UNDOCUMENTED = YES\n\ WARN_FORMAT = \"\044file:\044line: \044text\"\n\ FILE_PATTERNS = *.h\n\ EXCLUDE = CVS\n\ EXCLUDE_SYMLINKS = NO\n\ FILTER_SOURCE_FILES = NO\n\ SOURCE_BROWSER = YES\n\ INLINE_SOURCES = NO\n\ ALPHABETICAL_INDEX = NO\n\ GENERATE_HTML = YES\n\ HTML_OUTPUT = html\n\ HTML_FILE_EXTENSION = .html\n\ HTML_ALIGN_MEMBERS = YES\n\ GENERATE_HTMLHELP = NO\n\ GENERATE_CHI = NO\n\ BINARY_TOC = NO\n\ TOC_EXPAND = NO\n\ ENUM_VALUES_PER_LINE = 4\n\ GENERATE_TREEVIEW = NO\n\ GENERATE_LATEX = YES\n\ COMPACT_LATEX = NO\n\ PDF_HYPERLINKS = YES\n\ USE_PDFLATEX = YES\n\ LATEX_BATCHMODE = YES\n\ GENERATE_RTF = NO\n\ GENERATE_MAN = YES\n\ MAN_LINKS = NO\n\ GENERATE_XML = NO\n\ CLASS_DIAGRAMS = YES\n\ HAVE_DOT = NO\n\ CLASS_GRAPH = YES\n\ COLLABORATION_GRAPH = YES\n\ TEMPLATE_RELATIONS = YES\n\ HIDE_UNDOC_RELATIONS = YES\n\ INCLUDE_GRAPH = YES\n\ INCLUDED_BY_GRAPH = YES\n\ GRAPHICAL_HIERARCHY = YES\n\ DOT_IMAGE_FORMAT = png\n\ MAX_DOT_GRAPH_WIDTH = 1024\n\ MAX_DOT_GRAPH_HEIGHT = 1024" >$(CCDOCPLC_DIR)/Doxyfile $(CDOCPLC_DIR)/Doxyfile: -mkdir -p $(CDOCPLC_DIR) echo -e "INPUT = $(top_srcdir)/src/api/ccapi/voms_apic.h\n\ OUTPUT_DIRECTORY = \"$(top_builddir)/doc/apidoc/api/VOMS_C_API\"\n\ PROJECT_NAME = \"VOMS C API\"\n\ PROJECT_NUMBER = \"1.5.0\"\n\ OUTPUT_LANGUAGE = English\n\ EXTRACT_ALL = YES\n\ EXTRACT_STATIC = YES\n\ EXTRACT_LOCAL_CLASSES = YES\n\ ALWAYS_DETAILED_SEC = NO\n\ INLINE_INHERITED_MEMB = NO\n\ FULL_PATH_NAMES = NO\n\ CASE_SENSE_NAMES = YES\n\ JAVADOC_AUTOBRIEF = NO\n\ DISTRIBUTE_GROUP_DOC = NO\n\ TAB_SIZE = 8\n\ GENERATE_TODOLIST = YES\n\ GENERATE_TESTLIST = YES\n\ GENERATE_BUGLIST = YES\n\ MAX_INITIALIZER_LINES = 30\n\ OPTIMIZE_OUTPUT_FOR_C = YES\n\ SHOW_USED_FILES = YES\n\ WARNINGS = YES\n\ WARN_IF_UNDOCUMENTED = YES\n\ WARN_FORMAT = \"\044file:\044line: \044text\"\n\ FILE_PATTERNS = *.h\n\ EXCLUDE = CVS\n\ EXCLUDE_SYMLINKS = NO\n\ FILTER_SOURCE_FILES = NO\n\ SOURCE_BROWSER = YES\n\ INLINE_SOURCES = NO\n\ ALPHABETICAL_INDEX = NO\n\ GENERATE_HTML = YES\n\ HTML_OUTPUT = html\n\ HTML_FILE_EXTENSION = .html\n\ HTML_ALIGN_MEMBERS = YES\n\ GENERATE_HTMLHELP = NO\n\ GENERATE_CHI = NO\n\ BINARY_TOC = NO\n\ TOC_EXPAND = NO\n\ ENUM_VALUES_PER_LINE = 4\n\ GENERATE_TREEVIEW = NO\n\ GENERATE_LATEX = YES\n\ COMPACT_LATEX = NO\n\ PDF_HYPERLINKS = YES\n\ USE_PDFLATEX = YES\n\ LATEX_BATCHMODE = YES\n\ GENERATE_RTF = NO\n\ GENERATE_MAN = YES\n\ MAN_LINKS = NO\n\ GENERATE_XML = NO\n\ CLASS_DIAGRAMS = YES\n\ HAVE_DOT = NO\n\ CLASS_GRAPH = YES\n\ COLLABORATION_GRAPH = YES\n\ TEMPLATE_RELATIONS = YES\n\ HIDE_UNDOC_RELATIONS = YES\n\ INCLUDE_GRAPH = YES\n\ INCLUDED_BY_GRAPH = YES\n\ GRAPHICAL_HIERARCHY = YES\n\ DOT_IMAGE_FORMAT = png\n\ MAX_DOT_GRAPH_WIDTH = 1024\n\ MAX_DOT_GRAPH_HEIGHT = 1024" >$(CDOCPLC_DIR)/Doxyfile maintainer-clean-local: -rm -rf $(OUTPUT_DIR) all-local: apidoc-local if BUILD_DOCS apidoc-local: $(HTML) $(MAN3) else apidoc-local: endif install-exec-am: lib_LTLIBRARIES = $(INSTALL_API_LIBS) install-exec-am: install-libLTLIBRARIES apidoc: apidoc-local apidoc-recursive if BUILD_DOCS $(CCHTML): $(CCDOCPLC_DIR)/Doxyfile $(include_HEADERS) doxygen $(CCDOCPLC_DIR)/Doxyfile $(CHTML): $(CDOCPLC_DIR)/Doxyfile $(include_HEADERS) doxygen $(CDOCPLC_DIR)/Doxyfile $(CCMAN3) $(CCLATEX): $(CCHTML) $(CMAN3) $(CLATEX): $(CHTML) $(PDF): $(LATEX) cd $(CCDOCPLC_DIR)/latex; \ pdflatex refman.tex; \ pdflatex refman.tex; \ pdflatex refman.tex; \ pdflatex refman.tex; cd $(CDOCPLC_DIR)/latex; \ pdflatex refman.tex; \ pdflatex refman.tex; \ pdflatex refman.tex; \ pdflatex refman.tex; $(PS): $(LATEX) cd $(CCDOCPLC_DIR)/latex; \ latex refman.tex; \ latex refman.tex; \ latex refman.tex; \ latex refman.tex; \ dvips -f refman.ps; cd $(CDOCPLC_DIR)/latex; \ latex refman.tex; \ latex refman.tex; \ latex refman.tex; \ latex refman.tex; \ dvips -f refman.ps; endif if BUILD_DOCS install-data-local: $(mkinstalldirs) $(DESTDIR)$(mandir)/man3 for file in $(MAN3); do \ $(INSTALL_DATA) $${file} $(DESTDIR)$(mandir)/man3; \ done $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/grid-security/vomsdir $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/grid-security/voms $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/voms $(mkinstalldirs) $(DESTDIR)$(localstatedir)/log/voms $(mkinstalldirs) $(DESTDIR)$(datadir)/voms install-data-hook: (cd $(DESTDIR)$(mandir)/man3; \ for file in *.3; do \ GZIP=$(GZIP_ENV) gzip -f $${file}; \ done) endif clean: -rm -rf $(DOCPLC_DIR) *.o *.lo *.la voms-2.1.2/src/api/ccapi/api_util.cc000066400000000000000000000502021477131364200172430ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include "api_util.h" extern "C" { #include "replace.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include "credentials.h" #include "sslutils.h" #include "newformat.h" } #include #include #include "data.h" #include "Client.h" #include #include #include #include #include "vomsxml.h" #include "ccval.h" #include "realdata.h" #include "internal.h" #include "normalize.h" #ifndef VOMS_MAYBECONST #if defined(D2I_OF) #define VOMS_MAYBECONST const #else #define VOMS_MAYBECONST #endif #endif extern proxy_verify_desc *setup_initializers(char *cadir); extern void destroy_initializers(void *data); static bool dncompare(const char *mut, const char *fixed); static bool readdn(std::ifstream &file, char *buffer, int buflen); extern std::map privatedata; extern pthread_mutex_t privatelock; static bool dncompare(const char *first, const char *second) { if (!strcmp(first, second)) return true; char *s1 = normalize(first); char *s2 = normalize(second); int res = strcmp(s1, s2); free(s1); free(s2); return res == 0; } bool vomsdata::evaluate(AC_SEQ *acs, const std::string& subject, const std::string& ca, X509 *holder) { bool ok = false; error = VERR_FORMAT; if (acs) { /* Only new types. bn may or may not be set. */ int acnum = sk_AC_num(acs->acs); for (int i = 0; i < acnum; i++) { ok = false; voms v; AC *ac = (AC *)sk_AC_value(acs->acs, i); if (verifydata(ac, subject, ca, holder, v)) { data.push_back(v); ok = true; } if (!ok) break; } } else seterror(VERR_FORMAT, "AC not present in credentials."); return ok; } static X509_EXTENSION *get_ext(X509 *cert, const char *name) { int nid = OBJ_txt2nid(name); int index = X509_get_ext_by_NID(cert, nid, -1); if (index >= 0) return X509_get_ext(cert, index); else return NULL; } static bool findexts(X509 *cert , AC_SEQ **listnew, std::string &extra_data, std::string &workvo) { X509_EXTENSION *ext; bool found = false; ext = get_ext(cert, "acseq"); if (ext) { *listnew = (AC_SEQ *)X509V3_EXT_d2i(ext); found = true; } ext = get_ext(cert, "incfile"); if (ext) { ASN1_OCTET_STRING* value = X509_EXTENSION_get_data(ext); assert(value && "X509_EXTENSION_get_data failed"); extra_data = std::string(reinterpret_cast(value->data), value->length); found = true; } ext = get_ext(cert, "vo"); if (ext) { ASN1_OCTET_STRING* value = X509_EXTENSION_get_data(ext); assert(value && "X509_EXTENSION_get_data failed"); workvo = std::string(reinterpret_cast(value->data), value->length); } return found; } bool vomsdata::retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how, AC_SEQ **listnew, std::string &subject, std::string &ca, X509 **holder) { bool found = false; if (!cert || (!chain && (how != RECURSE_NONE))) { seterror(VERR_PARAM, "Parameters unset!"); return false; } /* * check credential and get the globus name */ ca.clear(); subject.clear(); X509 *h = get_real_cert(cert, chain); if (!h) { seterror(VERR_IDCHECK, "Cannot discover holder from certificate chain!"); return false; } *holder = X509_dup(h); if (!*holder) { seterror(VERR_MEM, "Cannot find enough memory to work!"); return false; } char *buf = NULL; buf = X509_NAME_oneline(X509_get_issuer_name(*holder), NULL, 0); ca = std::string(buf ? buf : "" ); OPENSSL_free(buf); buf = X509_NAME_oneline(X509_get_subject_name(*holder), NULL, 0); subject = std::string(buf ? buf : ""); OPENSSL_free(buf); if (ca.empty() || subject.empty()) { seterror(VERR_IDCHECK, "Cannot discover CA name or DN from user's certificate."); return false; } /* object's nid */ found = findexts(cert, listnew, extra_data, workvo); /* * RECURSE_DEEP means find *all* extensions, even if they are * superceded by newer ones. * * Because of this, the search cannot stop here but must continue. */ if (found && how != RECURSE_DEEP) return true; /* * May need to travel up the chain. */ if (how != RECURSE_NONE) { int chain_length = sk_X509_num(chain); int position = 0; while (position < chain_length) { cert = sk_X509_value(chain,position); found |= findexts(cert, listnew, extra_data, workvo); /* * RECURSE_DEEP means find *all* extensions, even if they are * superceded by newer ones. * * Because of this, the search cannot stop here but must continue. */ if (found && how != RECURSE_DEEP) return true; position++; } } seterror(VERR_NOEXT, "VOMS extension not found!"); return found; } static bool verifyID(X509 *cert, const std::string &server, const std::string &serverca) { bool result = true; /* check server subject */ char *bufsub = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); char *bufiss = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); if (!bufsub || !bufiss || strcmp(bufsub, server.c_str()) || strcmp(bufiss, serverca.c_str())) result = false; OPENSSL_free(bufsub); OPENSSL_free(bufiss); return result; } bool vomsdata::verifydata(std::string &message, UNUSED(std::string subject), UNUSED(std::string ca), X509 *holder, voms &v) { error = VERR_PARAM; if (message.empty()) return false; error = VERR_FORMAT; VOMS_MAYBECONST unsigned char *str = (VOMS_MAYBECONST unsigned char *)(message.data()); VOMS_MAYBECONST unsigned char *orig = str; AC *tmp = d2i_AC(NULL, &str, message.size()); if (tmp) { size_t off = str - orig; message = message.substr(off); bool result = verifydata(tmp, subject, ca, holder, v); AC_free(tmp); return result; } return false; } bool vomsdata::verifydata(AC *ac, UNUSED(const std::string& subject), UNUSED(const std::string& ca), X509 *holder, voms &v) { error = VERR_PARAM; if (!ac) return false; if (!holder && (ver_type & VERIFY_ID)) { error = VERR_NOIDENT; return false; } bool result = false; error = VERR_FORMAT; X509 *issuer = NULL; if (ver_type & VERIFY_SIGN) { issuer = check((void *)ac); if (!issuer) { std::string oldmessage = ErrorMessage(); if (oldmessage.empty()) { seterror(VERR_SIGN, "Cannot verify AC signature!"); } else { seterror(VERR_SIGN, "Cannot verify AC signature! Underlying error: " + oldmessage); } return false; } } result = verifyac(holder, issuer, ac, verificationtime, v); if (!result) { X509_free(issuer); // seterror(VERR_VERIFY, "Cannot verify AC"); return false; } else { ((struct realdata *)v.realdata)->ac = AC_dup(ac); } if (result && (ver_type & VERIFY_ID)) { if (!verifyID(issuer, v.server, v.serverca)) { seterror(VERR_SERVER, "Mismatch between AC signer and AC issuer"); result = false; } } X509_free(issuer); if (result) v.holder = holder ? X509_dup(holder) : NULL; return result; } bool vomsdata::check_sig_ac(X509 *cert, void *data) { if (!cert || !data) return false; EVP_PKEY *key = X509_extract_key(cert); if (!key) return false; AC *ac = (AC *)data; int res = AC_verify(ac->sig_alg, ac->signature, (char *)ac->acinfo, key); if (!res) seterror(VERR_SIGN, "Unable to verify AC signature"); EVP_PKEY_free(key); return (res == 1); } X509 * vomsdata::check(void *data) { error = VERR_DIR; /* extract vo name from AC */ AC * ac = (AC *)data; const STACK_OF(AC_ATTR) * atts = ac->acinfo->attrib; int nid = OBJ_txt2nid("idatcap"); int pos = X509at_get_attr_by_NID((const STACK_OF(X509_ATTRIBUTE)*)atts, nid, -1); if (!(pos >=0)) { seterror(VERR_DIR, "Unable to extract vo name from AC."); return NULL; } AC_ATTR * caps = sk_AC_ATTR_value(atts, pos); if(!caps) { seterror(VERR_DIR, "Unable to extract vo name from AC."); return NULL; } AC_IETFATTR * capattr = sk_AC_IETFATTR_value(caps->ietfattr, 0); if(!capattr) { seterror(VERR_DIR, "Unable to extract vo name from AC."); return NULL; } GENERAL_NAME * name = sk_GENERAL_NAME_value(capattr->names, 0); if(!name) { seterror(VERR_DIR, "Unable to extract vo name from AC."); return NULL; } std::string voname((const char *)name->d.ia5->data, 0, name->d.ia5->length); std::string::size_type cpos = voname.find("://"); std::string hostname; if (cpos != std::string::npos) { std::string::size_type cpos2 = voname.find(":", cpos+1); if (cpos2 != std::string::npos) hostname = voname.substr(cpos + 3, (cpos2 - cpos - 3)); else { seterror(VERR_DIR, "Unable to determine hostname from AC."); return NULL; } voname = voname.substr(0, cpos); } else { seterror(VERR_DIR, "Unable to extract vo name from AC."); return NULL; } /* check if the DN/CA file is installed for a given VO. */ int nidc = OBJ_txt2nid("certseq"); int posc = X509v3_get_ext_by_NID(ac->acinfo->exts, nidc, -1); if (posc >= 0) { std::string filecerts = voms_cert_dir + "/" + voname + "/" + hostname + ".lsc"; std::ifstream file(filecerts.c_str()); if (file) return check_from_file(ac, file, voname, filecerts); } /* check if able to find the signing certificate among those specific for the vo or else in the vomsdir directory */ return check_from_certs(ac, voname); } X509 *vomsdata::check_from_certs(AC *ac, const std::string& voname) { bool found = false; DIR * dp = NULL; BIO * in = NULL; X509 * x = NULL; for(int i = 0; (i < 2 && !found); ++i) { std::string directory = voms_cert_dir + (i ? "" : "/" + voname); dp = opendir(directory.c_str()); if (!dp) { if(!i) { continue; } else { break; } } while(struct dirent * de = readdir(dp)) { char * name = de->d_name; if (name) { in = BIO_new(BIO_s_file()); if (in) { std::string temp = directory + "/" + name; if (BIO_read_filename(in, temp.c_str()) > 0) { x = PEM_read_bio_X509(in, NULL, 0, NULL); if (x) { if (check_sig_ac(x, ac)) { found = true; break; } else { X509_free(x); x = NULL; } } } BIO_free(in); in = NULL; } } } closedir(dp); dp = NULL; } BIO_free(in); if (dp) (void)closedir(dp); if (found) { if (!check_cert(x)) { X509_free(x); x = NULL; } } else seterror(VERR_SIGN, std::string("Cannot find certificate of AC issuer for vo ") + voname); return x; } static bool readdn(std::ifstream &file, char *buffer, int buflen) { int len = 0; if (!file) return false; do { file.getline(buffer, buflen -1); if (!file) return false; len = strlen(buffer); int start = 0; while (buffer[start] && isspace(buffer[start])) start++; if (start == len) { len = 0; continue; } bool bounded = false; if (buffer[start] == '"') { start ++; bounded = true; } memmove(buffer, buffer+start, len - start); len -= start; start = 0; int mode; if (bounded) { mode = 1; do { switch(buffer[start]) { case '\\': mode = 2; start ++; break; case '"': start ++; if (mode != 2) bounded = false; break; case 0: break; default: start++; break; } } while (bounded); } if (start) buffer[start-1]=' '; while (len && isspace(buffer[len-1])) len--; buffer[len]='\0'; } while (len == 0); return true; } X509 *vomsdata::check_from_file(AC *ac, std::ifstream &file, const std::string &voname, const std::string& filename) { if (!file || !ac) { return NULL; } int nid = OBJ_txt2nid("certseq"); STACK_OF(X509_EXTENSION) *exts = ac->acinfo->exts; int pos = X509v3_get_ext_by_NID(exts, nid, -1); X509_EXTENSION *ext=sk_X509_EXTENSION_value(exts, pos); AC_CERTS *certs = (AC_CERTS *)X509V3_EXT_d2i(ext); STACK_OF(X509) *certstack = certs != NULL ? certs->stackcert : NULL; if (certs == NULL || certstack == NULL) { AC_CERTS_free(certs); seterror(VERR_SIGN, "Malformed AC: the AC does not contain the issuer certificate chain"); return NULL; } bool success = false; bool final = false; do { success = true; for (int i = 0; i < sk_X509_num(certstack); i++) { if (!file) break; char subjcandidate[1000]; char issuercandidate[1000]; X509 *current = sk_X509_value(certstack, i); if (!readdn(file, subjcandidate, 999) || !readdn(file, issuercandidate, 999)) { success = false; final = true; break; } subjcandidate[999] = issuercandidate[999] = '\0'; char *realsubj = X509_NAME_oneline(X509_get_subject_name(current), NULL, 0); char *realiss = X509_NAME_oneline(X509_get_issuer_name(current), NULL, 0); if (!dncompare(realsubj, subjcandidate) || !dncompare(realiss, issuercandidate)) { do { file.getline(subjcandidate, 999); subjcandidate[999] = '\0'; } while (file && strcmp(subjcandidate, "------ NEXT CHAIN ------")); success = false; break; } OPENSSL_free(realsubj); OPENSSL_free(realiss); } if (success || !file) final = true; } while (!final); file.close(); if (!success) { AC_CERTS_free(certs); seterror(VERR_SIGN, "Unable to match certificate chain against file: " + filename); return NULL; } /* check if able to find the signing certificate among those specific for the vo or else in the vomsdir directory */ X509 *cert = X509_dup(sk_X509_value(certstack, 0)); if ( ! check_sig_ac(cert,ac) ){ char * cert_subject = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); std::string msg("AC signature check failed for certificate '"); msg += cert_subject; msg += std::string("' for vo "); msg += voname; seterror(VERR_SIGN, msg); OPENSSL_free(cert_subject); } else { if ( ! check_cert(certstack) ) { // check_cert sets the error message cert = 0; } } AC_CERTS_free(certs); return cert; } bool vomsdata::check_cert(X509 *cert) { STACK_OF(X509) *stack = sk_X509_new_null(); if (stack) { sk_X509_push(stack, cert); bool result = check_cert(stack); sk_X509_free(stack); return result; } return false; } bool vomsdata::check_cert(STACK_OF(X509) *stack) { X509_STORE *ctx = NULL; X509_STORE_CTX *csc = NULL; X509_LOOKUP *lookup = NULL; int index = 0; csc = X509_STORE_CTX_new(); ctx = X509_STORE_new(); error = VERR_MEM; if (ctx && csc) { proxy_verify_desc *pvd = setup_initializers(strdup((char*)ca_cert_dir.c_str())); X509_STORE_set_verify_cb_func(ctx,proxy_verify_callback); #ifdef SIGPIPE void (*oldsignal)(int) = signal(SIGPIPE,SIG_IGN); #endif if ((lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()))) { X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); if ((lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()))) { X509_LOOKUP_add_dir(lookup, ca_cert_dir.c_str(), X509_FILETYPE_PEM); for (int i = 1; i < sk_X509_num(stack); i++) X509_STORE_add_cert(ctx,sk_X509_value(stack, i)); ERR_clear_error(); error = VERR_VERIFY; if (X509_STORE_CTX_init(csc, ctx, sk_X509_value(stack, 0), NULL)==0) { error = VERR_MEM; } else { X509_STORE_CTX_set_ex_data(csc, PVD_STORE_EX_DATA_IDX, pvd); /* X509_STORE_CTX_get0_param() only returns NULL if * X509_STORE_CTX_init() has failed */ if (verificationtime){ X509_VERIFY_PARAM_set_time(X509_STORE_CTX_get0_param(csc), verificationtime); } index = X509_verify_cert(csc); } } } #ifdef SIGPIPE signal(SIGPIPE, oldsignal); #endif destroy_initializers(pvd); } if (!index){ // Certificate validation failed, fetch underlying error std::string vfy_error("Certificate verification failed "); X509 *invalid_cert = X509_STORE_CTX_get_current_cert(csc); if (invalid_cert){ vfy_error += "for certificate '"; char *cert_subject = X509_NAME_oneline(X509_get_subject_name(invalid_cert), NULL, 0); vfy_error += cert_subject; vfy_error += "': "; OPENSSL_free(cert_subject); } vfy_error += X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)); vfy_error += "."; seterror(VERR_VERIFY, vfy_error); } X509_STORE_free(ctx); if (csc) X509_STORE_CTX_free(csc); return (index != 0); } bool vomsdata::contact(const std::string &hostname, int port, UNUSED(const std::string &contact), const std::string &command, std::string &buf, std::string &u, std::string &uc, int timeout) { GSISocketClient sock(hostname, port); char *cacert = NULL; char *certdir = NULL; char *outfile = NULL; char *certfile = NULL; char *keyfile = NULL; bool noregen = false; X509 *ucert = NULL; STACK_OF(X509) *cert_chain = NULL; EVP_PKEY *upkey = NULL; pthread_mutex_lock(&privatelock); vomsspace::internal *data = privatedata[this]; pthread_mutex_unlock(&privatelock); ucert = data->cert; cert_chain = data->chain; upkey = data->key; if (!ucert || !upkey) { if (determine_filenames(&cacert, &certdir, &outfile, &certfile, &keyfile, noregen)) { if (!load_credentials(certfile, keyfile, &ucert, &cert_chain, &upkey, NULL)) { seterror(VERR_NOIDENT, "Cannot load credentials."); return false; } } else { seterror(VERR_NOIDENT, "Cannot discover credentials."); return false; } } sock.LoadCredentials(ca_cert_dir.c_str(), ucert, cert_chain, upkey); sock.SetTimeout(timeout); if (!sock.Open()) { seterror(VERR_COMM, sock.GetError()); sock.Close(); return false; } u = sock.own_subject; uc.clear(); if (u.empty()) { seterror(VERR_NOIDENT, sock.GetError()); sock.Close(); return false; } if (!sock.Send(command)) { seterror(VERR_COMM, sock.GetError()); sock.Close(); return false; } std::string msg; bool ret; do { ret = sock.Receive(msg); if (!ret) { seterror(VERR_COMM, sock.GetError()); sock.Close(); return false; } buf += msg; } while (ret && ! msg.empty()); sock.Close(); return true; } voms-2.1.2/src/api/ccapi/api_util.h000066400000000000000000000045131477131364200171110ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_API_UTIL_H #define VOMS_API_UTIL_H #include "voms_api.h" extern "C" { #include #include #include #include #include #include #include #ifdef HAVE_OPENSSL_E_OS_H #include #else #ifdef HAVE_OPENSSL_E_OS2_H #include #else #include #endif #endif #include "credentials.h" #include #include #include #include #include #include } #include "Client.h" #include #include #include #ifndef MS_CALLBACK #define MS_CALLBACK #endif extern bool contact(const std::string &hostname, int port, const std::string &contact, const std::string &command, std::string &buffer, std::string &subject, std::string &ca, verror_type &error); extern bool retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how, std::string &buffer, std::string &vo, std::string &file, std::string &subject, std::string &ca, verror_type &error); extern bool verify(std::string message, vomsdata &voms, verror_type &error, std::string vdir, std::string cdir, std::string subject, std::string ca); #endif voms-2.1.2/src/api/ccapi/ccval.cc000066400000000000000000000035521477131364200165330ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ extern "C" { #include "config.h" #include "replace.h" } #include #include #include "voms_api.h" extern "C" { #include #include "newformat.h" #include "listfunc.h" } #include "realdata.h" #include "validate.h" bool vomsdata::verifyac(X509 *cert, X509 *issuer, AC *ac, time_t verificationtime, voms &v) { int result; struct realdata *rd = (struct realdata *)v.realdata; delete rd->attributes; AC_free(rd->ac); rd->ac = NULL; rd->attributes = NULL; rd->attributes = new std::vector; try { result = validate(cert, issuer, ac, v, ver_type, verificationtime, rd); } catch (std::bad_alloc& e) { seterror(VERR_MEM, "Out of Memory"); return false; } if (result) seterror(VERR_VERIFY, get_error(result)); return result == 0; } voms-2.1.2/src/api/ccapi/ccval.h000066400000000000000000000023071477131364200163720ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_API_CCVAL_H #define VOMS_API_CCVAL_H extern "C" { #include #include "newformat.h" } #include "voms_api.h" #endif voms-2.1.2/src/api/ccapi/cinterface.cc000066400000000000000000000476721477131364200175610ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include "replace.h" #include "voms_api.h" /* Interface routines from C++ API to C API */ extern "C" { #include "cinterface.h" #include #include #include } #include "realdata.h" #include "data.h" #include #include void VOMS_Destroy(struct vomsdatar *vd); int TranslateVOMS(struct vomsdatar *vd, std::vector &v, UNUSED(int *error)) { if (vd->data) { /* Delete old store */ free(vd->data[0]); free(vd->data); } struct vomsr **arr2 = (struct vomsr **)malloc((v.size()+1) * sizeof(struct vomsr *)); if (arr2) { std::vector::iterator cur = v.begin(); std::vector::iterator end = v.end(); int i = 0; while (cur != end) { arr2[i] = cur->translate(); arr2[i]->mydata = i; arr2[i]->my2 = (void *)vd; i++; ++cur; } arr2[i] = NULL; vd->data = arr2; return 1; } free(arr2); return 0; } static char * mystrdup(const char *str, int len = 0) { if (!str) return NULL; else { if (!len) len = strlen(str); char *res = (char*)malloc(len+1); if (!res) throw std::bad_alloc(); memcpy(res, str, len); res[len]='\0'; return res; } } extern "C" { struct vomsdatar *VOMS_Init(char *voms, char *cert) { struct vomsdatar *vd = NULL; try { if ((vd = (struct vomsdatar *)malloc(sizeof(struct vomsdatar)))) { vd->cdir = mystrdup(voms ? voms : ""); vd->vdir = mystrdup(cert ? cert : ""); vd->data = NULL; vd->extra_data = vd->workvo = NULL; vd->volen = vd->extralen = 0; vd->real = new vomsdata((voms ? std::string(voms) : ""), (cert ? std::string(cert) : ""));; vd->timeout = -1; } } catch(...) { goto err; } return vd; err: VOMS_Destroy(vd); return NULL; } #define GetPointer(v) (((struct realdata *)(((struct vomsdatar *)((v)->my2))->real->data[v->mydata].realdata))) #define GetV(v) (((struct vomsdatar *)((v)->my2))->real->data[v->mydata]) int VOMS_GetAttributeSourcesNumber(struct vomsr *v, UNUSED(struct vomsdatar *vd), int *error) { try { return GetV(v).GetAttributes().size(); } catch(...) { *error = VERR_PARAM; return -1; } } int VOMS_GetAttributeSourceHandle(struct vomsr *v, int num, struct vomsdatar *vd, int *error) { try { if (VOMS_GetAttributeSourcesNumber(v, vd, error) >= num) return num; } catch(...) { } *error = VERR_PARAM; return -1; } const char *VOMS_GetAttributeGrantor(struct vomsr *v, int handle, UNUSED(struct vomsdatar *vd), int *error) { try { return ((GetV(v).GetAttributes())[handle].grantor.c_str()); } catch(...) { *error = VERR_PARAM; return NULL; } } int VOMS_GetAttributesNumber(struct vomsr *v, int handle, UNUSED(struct vomsdatar *vd), int *error) { try { return ((GetV(v).GetAttributes())[handle].attributes.size()); } catch (...) { *error = VERR_PARAM; return -1; } } int VOMS_GetAttribute(struct vomsr *v, int handle, int num, struct attributer *at, UNUSED(struct vomsdatar *vd), int *error) { try { struct attribute a = ((GetV(v).GetAttributes())[handle]).attributes[num]; at->name = a.name.c_str(); at->qualifier = (a.qualifier.empty() ? NULL : a.qualifier.c_str()); at->value = a.value.c_str(); return 1; } catch(...) { *error = VERR_PARAM; return 0; } } static struct contactdatar **Arrayize(std::vector &cd, int *error) { if (cd.empty()) return NULL; int size1 = cd.size() * sizeof(struct contactdatar); int size2 = (cd.size()+1) * sizeof(struct contactdatar *); struct contactdatar **cdr = (struct contactdatar **)malloc(size2); struct contactdatar *cda = (struct contactdatar *)malloc(size1); if (cdr && cda) { std::vector::const_iterator cur = cd.begin(), end = cd.end(); int i = 0; while (cur != end) { cdr[i] = &cda[i]; cda[i].nick = mystrdup(cur->nick.c_str()); cda[i].host = mystrdup(cur->host.c_str()); cda[i].contact = mystrdup(cur->contact.c_str()); cda[i].vo = mystrdup(cur->vo.c_str()); cda[i].port = cur->port; cda[i].version = cur->version; i++; ++cur; } cdr[i] = NULL; return cdr; } else { *error = VERR_MEM; free(cdr); free(cda); return NULL; } } struct contactdatar **VOMS_FindByVO(struct vomsdatar *vd, char *vo, char *system, char *user, int *error) { if (!vd || !vd->real || !vo || !error) { *error = VERR_PARAM; return NULL; } vomsdata *v = (vomsdata *)vd->real; (void)v->LoadSystemContacts(system ? std::string(system) : ""); (void)v->LoadUserContacts(user ? std::string(user) : ""); std::vector cd = v->FindByVO(vo); if (!cd.empty()) return Arrayize(cd, error); *error = v->error; return NULL; } struct contactdatar **VOMS_FindByAlias(struct vomsdatar *vd, char *vo, char *system, char *user, int *error) { if (!vd || !vd->real || !vo || !error) { *error = VERR_PARAM; return NULL; } vomsdata *v = (vomsdata *)vd->real; (void)v->LoadSystemContacts(system ? std::string(system) : ""); (void)v->LoadUserContacts(user ? std::string(user) : ""); std::vector cd = v->FindByAlias(vo); if (!cd.empty()) return Arrayize(cd, error); *error = v->error; return NULL; } void VOMS_DeleteContacts(struct contactdatar **list) { if (list) { free(list[0]); free(list); } } struct vomsr *voms::translate() { struct vomsr *dst = NULL; if ((dst = (struct vomsr *)calloc(1, sizeof(struct vomsr)))) { try { dst->version = version; dst->siglen = siglen; dst->signature = mystrdup(signature.c_str(), signature.size()); dst->user = mystrdup(user.c_str()); dst->userca = mystrdup(userca.c_str()); dst->server = mystrdup(server.c_str()); dst->serverca = mystrdup(serverca.c_str()); dst->voname = mystrdup(voname.c_str()); dst->uri = mystrdup(uri.c_str()); dst->date1 = mystrdup(date1.c_str()); dst->date2 = mystrdup(date2.c_str()); dst->type = type; dst->custom = mystrdup(custom.c_str(), custom.size()); dst->serial = mystrdup(serial.c_str()); dst->datalen = custom.size(); dst->ac = AC_dup((((struct realdata *)realdata)->ac)); dst->holder = X509_dup(holder); if ((!dst->holder && holder) || !dst->ac) throw 3; dst->fqan = vectoarray(fqan); if (!dst->fqan) throw 3; dst->std = (struct datar **)calloc(1, sizeof(struct datar *)*(std.size()+1)); if (!dst->std) throw 3; int j = 0; std::vector::const_iterator end = std.end(); for (std::vector::const_iterator i = std.begin(); i != end; ++i) { struct datar *d = (struct datar *)calloc(1, sizeof(struct datar)); if (d) { dst->std[j++] = d; d->group = mystrdup(i->group.c_str()); d->role = mystrdup(i->role.c_str()); d->cap = mystrdup(i->cap.c_str()); } else throw 3; } return dst; } catch (...) { VOMS_Delete(dst); return NULL; } } return NULL; } static void freeDatar(struct datar *dr) { if (dr){ free(dr->group); free(dr->role); free(dr->cap); free(dr); } } void VOMS_Delete(struct vomsr *v) { if (v) { listfree(v->fqan, free); listfree((char**)v->std, (freefn)freeDatar); free(v->signature); free(v->user); free(v->userca); free(v->server); free(v->serverca); free(v->voname); free(v->uri); free(v->date1); free(v->date2); free(v->custom); free(v->serial); AC_free(v->ac); X509_free(v->holder); } free(v); } struct vomsdatar *VOMS_CopyALL(struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return NULL; } *error = VERR_MEM; return VOMS_Duplicate(vd); } void VOMS_Destroy(struct vomsdatar *vd) { if (vd) { free(vd->cdir); free(vd->vdir); free(vd->workvo); free(vd->extra_data); listfree((char**)vd->data, (freefn)VOMS_Delete); delete vd->real; free(vd); } } int VOMS_LoadCredentials(X509 *cert, EVP_PKEY *pkey, STACK_OF(X509) *chain, struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; return v->LoadCredentials(cert, pkey, chain) ? 1 : 0; } int VOMS_AddTarget(struct vomsdatar *vd, char *target, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; if (target) v->AddTarget(std::string(target)); return 1; } void VOMS_FreeTargets(struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return; } vomsdata *v = vd->real; v->ResetTargets(); } char *VOMS_ListTargets(struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return NULL; } vomsdata *v = vd->real; std::vector list = v->ListTargets(); std::vector::const_iterator cur = list.begin(); std::vector::const_iterator begin = list.begin(); std::vector::const_iterator end = list.end(); std::string total = ""; while(cur != end) { if (cur != begin) total += ","; total += *cur; ++cur; } char *res = mystrdup(total.c_str()); if (!res) *error = VERR_MEM; return res; } int VOMS_SetVerificationType(int type, struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; v->SetVerificationType(verify_type(type)); return 1; } int VOMS_SetVerificationTime(time_t vertime, struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; v->SetVerificationTime(vertime); return 1; } int VOMS_SetLifetime(int length, struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; v->SetLifetime(length); return 1; } int VOMS_SetTimeout(int t, struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vd->timeout = t; return 1; } int VOMS_Ordering(char *order, struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } if (order) { vomsdata *v = vd->real; v->Order(std::string(order)); } return 1; } int VOMS_ResetOrder(struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; v->ResetOrder(); return 1; } int VOMS_Contact(char *host, int port, char *servsub, char *comm, struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; if (v->Contact(std::string(host), port, std::string(servsub), std::string(comm), vd->timeout)) { return TranslateVOMS(vd, v->data, error); } *error = v->error; return 0; } int VOMS_ContactRaw(char *host, int port, char *servsub, char *comm, void **data, int *datalen, int *version, struct vomsdatar *vd, int *error) { if (!host || !port || !servsub || !comm || !data || !datalen || !version || !vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; std::string output; if (v->ContactRaw(std::string(host), port, std::string(servsub), std::string(comm), output, *version, vd->timeout)) { *datalen = output.size(); char *d = (char *)malloc(output.size()); if (d) { memcpy(d, output.data(), *datalen); *data = d; return 1; } else { *error = VERR_MEM; return 0; } } *error = v->error; return 0; } int VOMS_Retrieve(X509 *cert, STACK_OF(X509) *chain, int how, struct vomsdatar *vd, int *error) { if (!cert || !vd || !vd->real || !error || (!chain && how == RECURSE_CHAIN)) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; if (v->Retrieve(cert, chain, recurse_type(how))) return TranslateVOMS(vd, v->data, error); *error = v->error; return 0; } int VOMS_RetrieveEXT(X509_EXTENSION *ext, struct vomsdatar *vd, int *error) { if (!ext || !vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; if (v->Retrieve(ext)) return TranslateVOMS(vd, v->data, error); *error = v->error; return 0; } int VOMS_RetrieveFromFile(FILE *file, int how, struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; if (v->Retrieve(file, recurse_type(how))) return TranslateVOMS(vd, v->data, error); *error = v->error; return 0; } int VOMS_RetrieveFromCred(gss_cred_id_t cred, int how, struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; if (v->RetrieveFromCred(cred, recurse_type(how))) return TranslateVOMS(vd, v->data, error); *error = v->error; return 0; } int VOMS_RetrieveFromCtx(gss_ctx_id_t ctx, int how, struct vomsdatar *vd, int *error) { if (error) *error = VERR_NOTAVAIL; return 0; } int VOMS_RetrieveFromProxy(int how, struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; if (v->RetrieveFromProxy(recurse_type(how))) return TranslateVOMS(vd, v->data, error); *error = v->error; return 0; } int VOMS_RetrieveFromAC(AC *ac, struct vomsdatar *vd, int *error) { if (!vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; if (v->Retrieve(ac)) return TranslateVOMS(vd, v->data, error); *error = v->error; return 0; } int VOMS_Import(char *buffer, int buflen, struct vomsdatar *vd, int *error) { if (!buffer || !buflen || !vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; if (v->Import(std::string(buffer, buflen))) return TranslateVOMS(vd, v->data, error); *error = v->error; return 0; } int VOMS_Export(char **buffer, int *buflen, struct vomsdatar *vd, int *error) { if (!buffer || !buflen || !vd || !vd->real || !error) { *error = VERR_PARAM; return 0; } vomsdata *v = vd->real; std::string data; if (v->Export(data)) { *buflen = data.size(); char *d; if ((d = (char *)malloc(*buflen))) { memcpy(d, data.data(), *buflen); *buffer = d; return 1; } else { *error = VERR_MEM; return 0; } } *error = v->error; return 0; } struct vomsr *VOMS_DefaultData(struct vomsdatar *vd, int *error) { if (!vd || !error) { *error = VERR_PARAM; return NULL; } return vd->data[0]; } struct vomsr *VOMS_Copy(struct vomsr *org, int *error) { if (!org || !error) { *error = VERR_PARAM; return NULL; } *error = VERR_MEM; struct vomsr *dst = NULL; if ((dst = (struct vomsr *)calloc(1, sizeof(struct vomsr)))) { try { dst->version = org->version; dst->siglen = org->siglen; dst->signature = mystrdup(org->signature, org->siglen); dst->user = mystrdup(org->user); dst->userca = mystrdup(org->userca); dst->server = mystrdup(org->server); dst->serverca = mystrdup(org->serverca); dst->voname = mystrdup(org->voname); dst->uri = mystrdup(org->uri); dst->date1 = mystrdup(org->date1); dst->date2 = mystrdup(org->date2); dst->type = org->type; dst->custom = mystrdup(org->custom, org->datalen); dst->serial = mystrdup(org->serial); dst->datalen = org->datalen; dst->ac = AC_dup(org->ac); dst->holder = X509_dup(org->holder); dst->mydata = org->mydata; dst->my2 = org->my2; if (!dst->holder || !dst->ac) throw 3; int size = 0; while (org->fqan[size++]) ; dst->fqan = (char **)calloc(1, sizeof(char *)*size); size = 0; while (org->std[size++]) ; dst->std = (struct datar **)calloc(1, sizeof(struct datar *)*size); if (!(dst->fqan) || !(dst->std)) throw 3; int j = 0; while(org->fqan[j]) { if (!(dst->fqan[j] = mystrdup(org->fqan[j]))) throw 3; j++; } j = 0; while (org->std[j]) { struct datar *d = (struct datar *)calloc(1, sizeof(struct datar)); if (d) { dst->std[j] = d; d->group = mystrdup(org->std[j]->group); d->role = mystrdup(org->std[j]->role); d->cap = mystrdup(org->std[j++]->cap); } if (!d || !d->group || !d->role || !d->cap) throw 3; } return dst; } catch (...) { VOMS_Delete(dst); return NULL; } } return NULL; } char *VOMS_ErrorMessage(struct vomsdatar *vd, int error, char *buffer, int len) { if (!vd || !vd->real || (buffer && !len)) { return NULL; } vomsdata *v = vd->real; std::string msg; switch (error) { case VERR_MEM: msg = "Out of memory."; break; case VERR_PARAM: msg = "Parameters incorrect."; break; default: msg = v->ErrorMessage(); break; } if (buffer) { if ((msg.size()+1) <= (unsigned int)len) { strcpy(buffer, msg.c_str()); return buffer; } else return NULL; } else { char *buf = (char*)malloc(msg.size()+1); if (buf) strcpy(buf, msg.c_str()); return buf; } } vomsdatar *VOMS_Duplicate(vomsdatar *orig) { struct vomsdatar *vd = NULL; try { if ((vd = (struct vomsdatar *)malloc(sizeof(struct vomsdatar)))) { int error = 0; vd->cdir = (orig->cdir ? strdup(orig->cdir) : NULL ); vd->vdir = (orig->vdir ? strdup(orig->vdir) : NULL ); vd->data = NULL; vd->extra_data = (orig->extra_data ? strdup(orig->extra_data) : NULL); vd->workvo = (orig->workvo ? strdup(orig->workvo) : NULL); vd->volen = orig->volen; vd->extralen = orig->extralen; vd->timeout = orig->timeout; vd->real = new vomsdata(*(orig->real)); if (!TranslateVOMS(vd, vd->real->data, &error)) goto err; } } catch(...) { goto err; } return vd; err: VOMS_Destroy(vd); return NULL; } AC *VOMS_GetAC(vomsr *v) { return AC_dup(v->ac); } char **VOMS_GetTargetsList(struct vomsr *v, struct vomsdatar *vd, int *error) { if (!v || !vd) { if (error) *error = VERR_PARAM; return NULL; } std::vector targets = GetV(v).GetTargets(); return vectoarray(targets); } void VOMS_FreeTargetsList(char **targets) { listfree(targets, free); } } voms-2.1.2/src/api/ccapi/cinterface.h000066400000000000000000000406461477131364200174150ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_CINTERFACE_H #define VOMS_CINTERFACE_H #include #include "newformat.h" /*!< \brief User's characteristics: can be repeated. */ struct datar { char *group; /*!< user's group */ char *role; /*!< user's role */ char *cap; /*!< user's capability */ }; struct contactdatar { /*!< You must never allocate directly this structure. Its sizeof() is subject to change without notice. The only supported way to obtain it is via the VOMS_FindBy* functions. */ char *nick; /*!< The alias of the server */ char *host; /*!< The hostname of the server */ char *contact; /*!< The subject of the server's certificate */ char *vo; /*!< The VO served by this server */ int port; /*!< The port on which the server is listening */ char *reserved; /*!< HANDS OFF! */ int version; }; struct attributer { const char *name; const char *value; const char *qualifier; }; /*!< \brief The type of data returned. */ #define TYPE_NODATA 0 /*!< no data */ #define TYPE_STD 1 /*!< group, role, capability triplet */ #define TYPE_CUSTOM 2 /*!< result of an S command */ struct vomsr { int siglen; /*!< The length of the VOMS server signature */ char *signature; /*!< The VOMS server signature */ char *user; /*!< The user's DN, as from his certificate */ char *userca; /*!< The CA which signed the user's certificate */ char *server; /*!< The VOMS server DN, as from its certificate */ char *serverca; /*!< The CA which signed the VOMS certificate */ char *voname; /*!< The name of the VO to which the VOMS belongs */ char *uri; /*!< The URI of the VOMS server */ char *date1; /*!< Beginning of validity of the user info */ char *date2; /*!< End of validity of the user info */ int type; /*!< The type of data returned */ struct datar **std; /*!< User's characteristics */ char *custom; /*!< The data returned by an S command */ int datalen; int version; char **fqan; /*!< User's FQANs */ char *serial; /*!< Serial number. Only significant if coming from AC. Null otherwise */ /* Fields below this line are reserved. */ AC *ac; X509 *holder; int mydata; void *my2; }; #define RECURSE_CHAIN 0 #define RECURSE_NONE 1 #define VERIFY_FULL 0xffffffff #define VERIFY_NONE 0x00000000 #define VERIFY_DATE 0x00000001 #define VERIFY_NOTARGET 0x00000002 #define VERIFY_KEY 0x00000004 #define VERIFY_SIGN 0x00000008 #define VERIFY_ORDER 0x00000010 #define VERIFY_ID 0x00000020 /*! \brief Error codes. */ #define VERR_NONE 0 #define VERR_NOSOCKET 1 /*!< Socket problem*/ #define VERR_NOIDENT 2 /*!< Cannot identify itself (certificate problem) */ #define VERR_COMM 3 /*!< Server problem */ #define VERR_PARAM 4 /*!< Wrong parameters*/ #define VERR_NOEXT 5 /*!< VOMS extension missing */ #define VERR_NOINIT 6 /*!< Initialization error */ #define VERR_TIME 7 /*!< Error in time checking */ #define VERR_IDCHECK 8 /*!< User data in extension different from the real ones */ #define VERR_EXTRAINFO 9 /*!< VO name and URI missing */ #define VERR_FORMAT 10 /*!< Wrong data format */ #define VERR_NODATA 11 /*!< Empty extension */ #define VERR_PARSE 12 /*!< Parse error */ #define VERR_DIR 13 /*!< Directory error */ #define VERR_SIGN 14 /*!< Signature error */ #define VERR_SERVER 15 /*!< Unidentifiable VOMS server */ #define VERR_MEM 16 /*!< Memory problems */ #define VERR_VERIFY 17 /*!< Generic verification error*/ #define VERR_TYPE 18 /*!< Returned data of unknown type */ #define VERR_ORDER 19 /*!< Ordering different than required */ #define VERR_SERVERCODE 20 /*!< Error from the server */ #define VERR_NOTAVAIL 21 /*!< Method not available */ struct vomsdatar { char *cdir; char *vdir; struct vomsr **data; /*!< User's info, as in the certificate extension. It may contain data gathered from more than one VOMS server, */ char *workvo; /*!< The value of the -vo option of the voms-proxy-init command */ char *extra_data; /*!< The data specified by the user with the --include switch. Note that this field doesn't contain the result of a request to the VOMS server, but instead data specified by the user. The reason for the introduction of this extension is to let a user include important data into his proxy certificate, like, for example, a kerberos ticket */ int volen; int extralen; /* Fields below this line are reserved. */ struct vomsdata *real; int timeout; }; extern struct contactdatar **VOMS_FindByAlias(struct vomsdatar *vd, char *alias, char *system, char *user, int *error); /*!< Gets a list of VOMS servers which share an alias. \param vd The correctly initialized vomsdata structured. \param alias The alias to look for. \param system The directory in which to look for the system configuration files. If NULL, defaults to /opt/edc/etc/vomses \param user The directory in which to look for the user configuration files. Defaults to $VOMS_USERCONF if NULL. Again defaults to $HOME/.edg/vomses if the latter is NULL, or to ~/.edg/vomses as a last resort. \param error RETURN PARAMETER: qualifies the error message. \return NULL, or a NULL-terminated vector of contactdata structures. The only supported way to free this array is via the VOMS_DeleteContacts function. Note also that the order in which the servers are returned is unspecified.*/ extern struct contactdatar **VOMS_FindByVO(struct vomsdatar *vd, char *vo, char *system, char *user, int *error); /*!< Gets a list of VOMS servers which serve the same VO. \param vd The correctly initialized vomsdata structured. \param vo The VO to look for. \param system The directory in which to look for the system configuration files. If NULL, defaults to /opt/edc/etc/vomses \param user The directory in which to look for the user configuration files. Defaults to $VOMS_USERCONF if NULL. Again defaults to $HOME/.edg/vomses if the latter is NULL, or to ~/.edg/vomses as a last resort. \param error RETURN PARAMETER: qualifies the error message. \return NULL, or a NULL-terminated vector of contactdata structures. The only supported way to free this array is via the VOMS_DeleteContacts function. Note also that the order in which the servers are returned is unspecified.*/ extern void VOMS_DeleteContacts(struct contactdatar **list); /*!< Frees a contactdata vector. \param list The vector to free. \return NONE */ extern struct vomsdatar *VOMS_Init(char *voms, char *cert); /*!< Initializes a vomsdata structure for use by the other functions. N.B: This is the ONLY way to correctly initialize a vomsdata structure. It is also forbidden to directly take the sizeof() of this structure. \param voms The directory which contains the certificates of the VOMS servers \param cert The directory which contains the CA certificates If voms_dir is empty, the value of the environment variable X509_VOMS_DIR is taken If cert_dir is empty, the value of the environment variable X509_CERT_DIR is taken \return NULL for failure, or a pointer to a properly initialized structure. */ extern struct vomsr *VOMS_Copy(struct vomsr *v, int *error); /*!< Copies a voms structure. N.B: This is the ONLY way to correctly initialize a voms structure. \param v The structure to copy. \param error RETURN PARAMETER: qualifies the error message. \return NULL (error) or the new voms structure. */ extern struct vomsdatar *VOMS_CopyAll(struct vomsdatar *vd, int *error); /*!< Copies a vomsdata structure. N.B: This is the ONLY way to correctly initialize a vomsdata structure. \param vd The structure to copy. \param error RETURN PARAMETER: qualifies the error message. \return NULL (error) or the new vomsdata structure. */ extern void VOMS_Delete(struct vomsr *v); /*!< Deletes a voms structure \param v Pointer to the structure to delete.*/ extern int VOMS_AddTarget(struct vomsdatar *vd, char *target, int *error); /*!< Adds a target to the AC. \param vd The vomsdata structure. \param target The target to add. It should be a FQDN. \param error RETURN PARAMETER: qualifies the error message. \return failure (0) or success (<>0) */ extern void VOMS_FreeTargets(struct vomsdatar *vd, int *error); /*!< Delete the targets from the AC. \param vd The vomsdata structure. \param error RETURN PARAMETER: qualifies the error message. */ extern char *VOMS_ListTargets(struct vomsdatar *vd, int *error); /*< Gets the list of targets for the AC. \param vd The vomsdata structure. \param error RETURN PARAMETER: qualifies the error message. */ extern int VOMS_SetVerificationType(int type, struct vomsdatar *vd, int *error); /* Sets the verification type. \param type. The verification type. \param vd The vomsdata structure. \param error RETURN PARAMETER: qualifies the error message. */ extern int VOMS_SetLifetime(int length, struct vomsdatar *vd, int *error); /*!< Set requested lifetime for VOMS_Contact() calls. \param length Lifetime requested. \param vd RETURN PARAMETER: contains the modified data. \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern void VOMS_Destroy(struct vomsdatar *vd); /*!< Destroys a proper vomsdata structure /param vd The structure to deallocate. */ extern int VOMS_ResetOrder(struct vomsdatar *vd, int *error); /*!< Unsets the return order of the attributes. \param vd RETURN PARAMETER: contains the modified data. \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern int VOMS_Ordering(char *order, struct vomsdatar *vd, int *error); /*!< Further specified the order of the returned attributes. Please do note that calls are cumulative unless VOMS_ResetOrder() is called. \param order the group:role attribute. \param vd RETURN PARAMETER: contains the modified data. \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern int VOMS_Contact(char *hostname, int port, char *servsubject, char *command, struct vomsdatar *vd, int *error); /*!< Contacts a VOMS server to get a certificate It is the equivalent of the voms_proxy_init command, but without the --include functionality. \param hostname FQDN of the VOMS server \param port the port on which the VOMS server is listening \param servsubject the subject of the server's certificate \param command Command \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern int VOMS_ContactRaw(char *hostname, int port, char *servsubject, char *command, void **data, int *datalen, int *version, struct vomsdatar *vd, int *error); /*!< The same as VOMS_Contact, except that instead of starting the verification process, the data is returned as is in the \param data and \param datalen fields. \param version is the version number of the data. */ extern int VOMS_Retrieve(X509 *cert, STACK_OF(X509) *chain, int how, struct vomsdatar *vd, int *error); /*!< Extracts the VOMS extension from an X.509 certificate. The function doesn't check the validity of the certificates, but it does check the content of the user data. \param cert The certificate with the VOMS extensions \param chain The chain of the validation certificates (only the intermediate ones) \param how Recursion type \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern int VOMS_Import(char *buffer, int buflen, struct vomsdatar *vd, int *error); /*!< Converts data from the format used for inclusion into a certificate to the internal format The function does verify the data. \param buffer contains the data to be converted \param buflen contains the length of buffer \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern int VOMS_Export(char **buffer, int *buflen, struct vomsdatar *vd, int *error); extern struct vomsr *VOMS_DefaultData(struct vomsdatar *vd, int *error); /*!< Gets the default attributes from a vomsdata structure. \param vd the vomsdata structure to analyze \param error RETURN PARAMETER: Qualifies the error message \return a pointer to the relevant voms structure. DO NOT modify the fields. */ extern char *VOMS_ErrorMessage(struct vomsdatar *vd, int error, char *buffer, int len); extern int VOMS_RetrieveEXT(X509_EXTENSION *ext, struct vomsdatar *vd, int *error); extern int VOMS_RetrieveFromCred(gss_cred_id_t, int, struct vomsdatar *vd, int *error); extern int VOMS_RetrieveFromCtx(gss_ctx_id_t, int, struct vomsdatar *vd, int *error); extern int VOMS_RetrieveFromProxy(int, struct vomsdatar *vd, int *error); extern int VOMS_RetrieveFromFILE(FILE *f, int, struct vomsdatar *vd, int *error); extern struct vomsdatar *VOMS_Duplicate(struct vomsdatar *vd); extern AC *VOMS_GetAC(struct vomsr *v); extern int VOMS_SetVerificationTime(time_t verificationtime, struct vomsdatar *vd, int *error); extern char **VOMS_GetTargetsList(struct vomsr *v, struct vomsdatar *vd, int *error); extern void VOMS_FreeTargetsList(char **); #endif voms-2.1.2/src/api/ccapi/internal.cc000066400000000000000000000020521477131364200172510ustar00rootroot00000000000000/* * Author: Vincenzo Ciaschini * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include "internal.h" namespace vomsspace { internal::internal(): cert(NULL), key(NULL), chain(NULL) { } internal::~internal() { X509_free(cert); EVP_PKEY_free(key); sk_X509_pop_free(chain, X509_free); } } voms-2.1.2/src/api/ccapi/internal.h000066400000000000000000000017401477131364200171160ustar00rootroot00000000000000/* * Author: Vincenzo Ciaschini * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include namespace vomsspace { class internal { public: internal(); ~internal(); X509 *cert; EVP_PKEY *key; STACK_OF(X509) *chain; }; }; voms-2.1.2/src/api/ccapi/realdata.h000066400000000000000000000021771477131364200170640ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ struct realdata { AC *ac; std::vector *attributes; }; voms-2.1.2/src/api/ccapi/voms-2.0.pc.in000066400000000000000000000003341477131364200173410ustar00rootroot00000000000000prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ includedir=@includedir@ Name: voms api Description: VOMS C/C++ APIs Requires.private: openssl Version: 2.0.0 Libs: -L${libdir} -lvomsapi Cflags: -I${includedir} voms-2.1.2/src/api/ccapi/voms_api.cc000066400000000000000000000667671477131364200173010ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef NOGLOBUS #define NOGLOBUS #endif extern "C" { #ifdef NOGLOBUS #include #endif #include "config.h" #include "replace.h" #include #include #include #ifdef HAVE_GETPWNAM #include #endif #include #include #include "newformat.h" #include #include #include #include #include #include #include #include #include #include "credentials.h" #include "sslutils.h" #include "gssapi_compat.h" #ifndef NOGLOBUS #ifdef HAVE_GLOBUS_MODULE_ACTIVATE #include #include #endif #else #include #endif extern int InitProxyCertInfoExtension(int); } #include #include #include #include #include #include #include #include "data.h" #include "vomsxml.h" #include "realdata.h" #include "internal.h" extern bool retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how, std::string &buffer, std::string &vo, std::string &file, std::string &subject, std::string &ca, verror_type &error); static std::string parse_commands(const std::string& commands); extern int AC_Init(void); std::map privatedata; pthread_mutex_t privatelock = PTHREAD_MUTEX_INITIALIZER; void vomsdata::seterror(verror_type err, std::string message) { error = err; errmessage = message; } std::string vomsdata::ErrorMessage(void) { return errmessage; } static pthread_once_t initialized = PTHREAD_ONCE_INIT; static bool ssl_is_initialized = false; static void initialize() { #if OPENSSL_VERSION_NUMBER < 0x10100000L if (!ssl_is_initialized) { // not strictly necessary, since initialize is called only once ssl_is_initialized = true; SSL_library_init(); OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); OpenSSL_add_all_ciphers(); } #endif AC_Init(); InitProxyCertInfoExtension(1); } void vomsdata::SkipSslInitialization() { ssl_is_initialized = true; } vomsdata::vomsdata(std::string voms_dir, std::string cert_dir) : ca_cert_dir(cert_dir), voms_cert_dir(voms_dir), duration(0), ordering(""), error(VERR_NONE), workvo(""), extra_data(""), ver_type(VERIFY_FULL), retry_count(1), verificationtime(0), vdp(NULL) { pthread_once(&initialized, initialize); if (voms_cert_dir.empty()) { char *v; if ( (v = getenv("X509_VOMS_DIR"))) voms_cert_dir = std::string(v); else voms_cert_dir = "/etc/grid-security/vomsdir"; } if (ca_cert_dir.empty()) { char *c; if ((c = getenv("X509_CERT_DIR"))) ca_cert_dir = std::string(c); else ca_cert_dir = "/etc/grid-security/certificates"; } DIR *vdir, *cdir; vdir = opendir(voms_cert_dir.c_str()); cdir = opendir(ca_cert_dir.c_str()); if (!vdir) seterror(VERR_DIR, "Unable to find vomsdir directory"); if (!cdir) seterror(VERR_DIR, "Unable to find ca certificates"); if (cdir) (void)closedir(cdir); if (vdir) (void)closedir(vdir); vomsspace::internal *data = new vomsspace::internal(); pthread_mutex_lock(&privatelock); privatedata[this] = data; pthread_mutex_unlock(&privatelock); } vomsdata::~vomsdata() { pthread_mutex_lock(&privatelock); vomsspace::internal *data = privatedata[this]; (void)privatedata.erase(this); pthread_mutex_unlock(&privatelock); delete data; } std::string vomsdata::ServerErrors(void) { std::string err = serverrors; serverrors.clear(); return err; } void vomsdata::ResetTargets(void) { targets.clear(); } std::vector vomsdata::ListTargets(void) { return targets; } void vomsdata::AddTarget(std::string target) { targets.push_back(target); } void vomsdata::SetLifetime(int lifetime) { duration = lifetime; } void vomsdata::SetVerificationType(verify_type t) { ver_type = t; } void vomsdata::ResetOrder(void) { ordering.clear(); } void vomsdata::Order(std::string att) { ordering += (ordering.empty() ? "" : ",") + att; } bool vomsdata::ContactRaw(std::string hostname, int port, std::string servsubject, std::string command, std::string &raw, int& version) { return ContactRaw(hostname, port, servsubject, command, raw, version, -1); } bool vomsdata::InterpretOutput(const std::string &message, std::string& output) { answer a; if (XML_Ans_Decode(message, a)) { bool result = true; if (!a.ac.empty()) { output = a.ac; } else if (!a.data.empty()) { output = a.data; } for (std::vector::const_iterator i = a.errs.begin(), end = a.errs.end(); i != end; ++i) { serverrors += i->message; if (i->num > ERROR_OFFSET) result = false; if (i->num == WARN_NO_FIRST_SELECT) seterror(VERR_ORDER, "Cannot put requested attributes in the specified order."); } if (!result && ver_type) { seterror(VERR_SERVERCODE, "The server returned an error."); return false; } } else { seterror(VERR_FORMAT, "Server Answer was incorrectly formatted."); return false; } return true; } bool vomsdata::ContactRaw(std::string hostname, int port, std::string servsubject, std::string command, std::string &raw, int& version, int timeout) { std::string buffer; std::string subject, ca; std::string lifetime; std::string comm; std::string targs; version = 1; /* Try REST connection first */ bool ret = ContactRESTRaw(hostname, port, command, raw, version, timeout); if (ret || serverrors.find("User unknown to this VO") != std::string::npos || serverrors.find("suspended") != std::string::npos || serverrors.find("not active") != std::string::npos) return ret; // reset the errors serverrors.clear(); std::vector::const_iterator end = targets.end(); std::vector::const_iterator begin = targets.begin(); for (std::vector::const_iterator i = begin; i != end; ++i) { if (i == begin) targs = *i; else targs += std::string(",") + *i; } comm = XML_Req_Encode(command, ordering, targs, duration); ret = contact(hostname, port, servsubject, comm, buffer, subject, ca, timeout); // std::cerr << '\n' << comm << '\n' << buffer << '\n'; if (!ret) { return false; } version = 1; return InterpretOutput(buffer, raw); } static X509 *get_own_cert() { char *certname = NULL; if (determine_filenames(NULL, NULL, NULL, &certname, NULL, 0)) { X509 *cert = NULL; if (load_credentials(certname, NULL, &cert, NULL, NULL, NULL)) return cert; } return NULL; } static void change(std::string &name, const std::string& from, const std::string& to) { std::string::size_type pos = name.find(from); while (pos != std::string::npos) { name = name.substr(0, pos) + to + name.substr(pos+from.length()); pos = name.find(from, pos+1); } } static std::vector split(std::string const& source, char delim) { std::vector result; std::istringstream is(source); std::string token; while (std::getline(is, token, delim)) { if (!token.empty()) { result.push_back(token); } } return result; } static std::string join(std::vector const& v, char delim) { std::vector::const_iterator it = v.begin(); std::vector::const_iterator const end = v.end(); std::string result; if (it != end) { result += *it; ++it; } for (; it != end; ++it) { result += delim; result += *it; } return result; } static bool is_role(std::string const& s) { return s.find("/Role=") != std::string::npos; } static std::string merge_order_and_fqans(std::string const& fqans, std::string const& ordering) { std::vector ordering_v = split(ordering, ','); std::vector fqans_v = split(fqans, ','); std::vector merged_v; for (std::vector::iterator it = ordering_v.begin(), end = ordering_v.end(); it != end; ++it) { std::vector::iterator fqans_it = std::find(fqans_v.begin(), fqans_v.end(), *it); if (fqans_it != fqans_v.end()) { merged_v.push_back(*it); fqans_v.erase(fqans_it); } else if (!is_role(*it)) { merged_v.push_back(*it); } } merged_v.insert(merged_v.end(), fqans_v.begin(), fqans_v.end()); return join(merged_v, ','); } bool vomsdata::ContactRESTRaw(const std::string& hostname, int port, const std::string& command, std::string& raw, UNUSED(int version), int timeout) { std::string temp; std::string fqans = parse_commands(command); if (fqans != "all" && !ordering.empty()) { change(ordering, ":", "/Role="); fqans = merge_order_and_fqans(fqans, ordering); } std::string realCommand = "GET /generate-ac?fqans=" + fqans; realCommand += "&lifetime="+ stringify(duration, temp); if (!ordering.empty()) realCommand +="&order=" + ordering; if (targets.size() != 0) { std::string targs; std::vector::const_iterator end = targets.end(); std::vector::const_iterator begin = targets.begin(); for (std::vector::const_iterator i = targets.begin(); i != end; ++i) { if (i == begin) targs = *i; else targs += std::string(",") + *i; } realCommand +="&targets="+targs; } realCommand += std::string(" HTTP/1.0\n") + "User-Agent: voms APIs 2.0\nAccept: */*\nHost: "+ hostname+":"+ stringify(port,temp) +"\n\n"; std::string user, userca, output; bool res = contact(hostname, port, "", realCommand, output, user, userca, timeout); // std::cerr << '\n' << realCommand << '\n' << output << '\n'; bool ret = false; if (res) { std::string::size_type pos = output.find("cred_handle->cert_chain; cert = ((gss2_cred_id_desc *)cred)->cred_handle->cert; return Retrieve(cert, chain, how); } bool vomsdata::RetrieveFromCtx(UNUSED(gss_ctx_id_t cred), UNUSED(recurse_type how)) { return false; } bool vomsdata::RetrieveFromProxy(recurse_type how) { char *outfile = NULL; if (determine_filenames(NULL, NULL, &outfile, NULL, NULL, 0)) { X509 *cert = NULL; STACK_OF(X509) *stk = NULL; EVP_PKEY *key = NULL; if (load_credentials(outfile, outfile, &cert, &stk, &key, NULL)) { return Retrieve(cert, stk, how); } } return false; } bool vomsdata::Retrieve(X509_EXTENSION *ext) { verify_type v = ver_type; ver_type = (verify_type)((int)ver_type & (~VERIFY_ID)); bool ret = evaluate((AC_SEQ*)X509V3_EXT_d2i(ext), "", "", NULL); ver_type = v; return ret; } bool vomsdata::Retrieve(AC *ac) { verify_type v = ver_type; ver_type = (verify_type)((int) ver_type & (~VERIFY_ID)); voms vv; bool ret = verifydata(ac, "", "", NULL, vv); if (ret) data.push_back(vv); return ret; } bool vomsdata::Retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how) { bool ok = false; std::string subject; std::string ca; AC_SEQ *acs = NULL; X509 *holder = NULL; if (retrieve(cert, chain, how, &acs, subject, ca, &holder)) { ok = evaluate(acs, subject, ca, holder); } if (acs) AC_SEQ_free(acs); if (holder) X509_free(holder); return ok; } bool vomsdata::Import(std::string buffer) { bool result = false; X509 *holder; char *buf = NULL; std::string subject, ca; #if OPENSSL_VERSION_NUMBER >= 0x00908000L const unsigned char *buftmp, *copy; #else unsigned char *buftmp, *copy; #endif buffer = Decode(buffer); if (buffer.empty()) { seterror(VERR_FORMAT, "Malformed input data."); return false; } do { copy = buftmp = (unsigned char *)(const_cast(buffer.data())); holder = d2i_X509(NULL, ©, buffer.size()); if (holder) { buf = X509_NAME_oneline(X509_get_subject_name(holder), NULL, 0); if (buf) subject = std::string(buf); OPENSSL_free(buf); buf = X509_NAME_oneline(X509_get_issuer_name(holder), NULL, 0); if (buf) ca = std::string(buf); OPENSSL_free(buf); voms v; buffer = buffer.substr(copy - buftmp); result = verifydata(buffer, subject, ca, holder, v); if (result) data.push_back(v); X509_free(holder); } else { seterror(VERR_NOIDENT, "Cannot discovere AC issuer."); return false; } } while (!buffer.empty() && result); return result; } bool vomsdata::Export(std::string &buffer) { std::string result; std::string temp; if (data.empty()) { buffer.clear(); return true; } std::vector::const_iterator end = data.end(); for (std::vector::const_iterator v=data.begin(); v != end; ++v) { /* Dump owner's certificate */ int l; unsigned char *xtmp, *xtmp2; l = i2d_X509(v->holder, NULL); if (!l) { seterror(VERR_FORMAT, "Malformed input data."); return false; } if ((xtmp2 = (xtmp = (unsigned char *)OPENSSL_malloc(l)))) { i2d_X509(v->holder, &xtmp); result += std::string((char *)xtmp2, l); OPENSSL_free(xtmp2); } else { seterror(VERR_MEM, "Out of memory!"); return false; } /* This is an AC format. */ int len = i2d_AC(((struct realdata *)v->realdata)->ac, NULL); unsigned char *tmp, *tmp2; if ((tmp2 = (tmp = (unsigned char *)OPENSSL_malloc(len)))) { i2d_AC(((struct realdata *)v->realdata)->ac,&tmp); result += std::string((char *)tmp2, len); OPENSSL_free(tmp2); } else { seterror(VERR_MEM, "Out of memory!"); return false; } } buffer = Encode(result, 0); if (!buffer.empty()) return true; else return false; } bool vomsdata::DefaultData(voms &d) { if (data.empty()) { seterror(VERR_NOEXT, "No VOMS extensions have been processed."); return false; } d = data.front(); return true; } bool vomsdata::loadfile(std::string filename, UNUSED(uid_t uid), UNUSED(gid_t gid)) { struct stat stats; struct vomsdata data; std::string temp; if (filename.empty()) { seterror(VERR_DIR, "Filename for vomses file or dir (system or user) unspecified!"); return false; } if (stat(filename.c_str(), &stats) == -1) { seterror(VERR_DIR, "Cannot find file or dir: " + filename); return false; } if (stats.st_mode & S_IFREG) return loadfile0(filename, 0, 0); else { DIR *dp = opendir(filename.c_str()); struct dirent *de; if (dp) { bool cumulative = false; while ((de = readdir(dp))) { char *name = de->d_name; if (name && (strcmp(name, ".") != 0) && (strcmp(name, "..") != 0)) cumulative |= loadfile(filename + "/" + name, 0, 0); } closedir(dp); return cumulative; } } return false; } static bool tokenize(std::string str, std::string::size_type &start, std::string &value) { if (start != std::string::npos) { std::string::size_type begin = str.find('"',start); if (begin != std::string::npos) { std::string::size_type end = str.find('"',begin+1); if (end != std::string::npos) { value = str.substr(begin+1, end-begin-1); start = end+1; if (start >= str.size()) start = std::string::npos; return true; } } } return false; } static bool empty(std::string c) { if (c[0] == '#') return true; for (unsigned int i = 0; i < c.size(); i++) if (!isspace(c[i])) return false; return true; } bool vomsdata::loadfile0(std::string filename, UNUSED(uid_t uid), UNUSED(gid_t gid)) { struct contactdata data; if (filename.empty()) { seterror(VERR_DIR, "Filename unspecified."); return false; } /* Opens the file */ std::ifstream f(filename.c_str()); if (!f) { seterror(VERR_DIR, "Cannot open file: " + filename); return false; } /* Load the file */ int linenum = 1; bool ok = true; bool verok = true; while (ok && f) { std::string line; if (getline(f,line) && !empty(line)) { ok = verok = true; std::string::size_type start = 0; std::string port, version; ok &= tokenize(line, start, data.nick); ok &= tokenize(line, start, data.host); ok &= tokenize(line, start, port); ok &= tokenize(line, start, data.contact); ok &= tokenize(line, start, data.vo); verok &= tokenize(line, start, version); if (ok) { data.port = atoi(port.c_str()); if (verok) data.version = atoi(version.c_str()); else data.version = -1; servers.push_back(data); } else { seterror(VERR_FORMAT, "data format in file: " + filename + " incorrect!\nLine: " + line); return false; } } linenum++; } return true; } bool vomsdata::LoadSystemContacts(std::string dir) { if (dir.empty()) dir = "/etc/vomses"; return loadfile(dir, 0, 0); } bool vomsdata::LoadUserContacts(std::string dir) { if (dir.empty()) { char *name = getenv("VOMS_USERCONF"); if (name) dir = std::string(name); else { char *home = getenv("HOME"); if (home) dir = std::string(home) + "/.glite/vomses"; else { #ifdef HAVE_GETPWNAM struct passwd *pw = getpwuid(getuid()); if (pw) { dir = std::string(pw->pw_dir) + "/.glite/vomses"; } else { #endif return false; #ifdef HAVE_GETPWNAM } #endif } } } return loadfile(dir, 0, 0); } std::vector vomsdata::FindByAlias(std::string nick) { std::vector::const_iterator beg = servers.begin(), end = servers.end(); std::vector results; while (beg != end) { if (beg->nick == nick) results.push_back(*beg); ++beg; } return std::vector(results); } std::vector vomsdata::FindByVO(std::string vo) { std::vector::const_iterator beg = servers.begin(), end = servers.end(); std::vector results; while (beg != end) { if (beg->vo == vo) results.push_back(*beg); ++beg; } return std::vector(results); } voms::voms(const voms &orig) { version = orig.version; siglen = orig.siglen; signature = orig.signature; user = orig.user; userca = orig.userca; server = orig.server; serverca = orig.serverca; voname = orig.voname; uri = orig.uri; date1 = orig.date1; date2 = orig.date2; type = orig.type; std = orig.std; custom = orig.custom; fqan = orig.fqan; serial = orig.serial; realdata = calloc(1, sizeof(struct realdata)); ((struct realdata *)realdata)->ac = AC_dup(((struct realdata *)orig.realdata)->ac); holder = X509_dup(orig.holder); ((struct realdata *)realdata)->attributes = new std::vector(*(((struct realdata *)orig.realdata)->attributes)); vp = NULL; } voms::voms(): version(0), siglen(0), holder(NULL), vp(NULL) { realdata = (void *)calloc(1, sizeof(struct realdata)); } voms &voms::operator=(const voms &orig) { if (this == &orig) return *this; version = orig.version; siglen = orig.siglen; signature = orig.signature; user = orig.user; userca = orig.userca; server = orig.server; serverca = orig.serverca; voname = orig.voname; uri = orig.uri; date1 = orig.date1; date2 = orig.date2; type = orig.type; std = orig.std; custom = orig.custom; fqan = orig.fqan; serial = orig.serial; vp = NULL; AC_free(((struct realdata *)realdata)->ac); ((struct realdata *)realdata)->ac = AC_dup(((struct realdata *)orig.realdata)->ac); holder = X509_dup(orig.holder); delete ((struct realdata *)realdata)->attributes; ((struct realdata *)realdata)->attributes = new std::vector(*(((struct realdata *)orig.realdata)->attributes)); return *this; } voms::~voms() { AC_free(((struct realdata *)realdata)->ac); delete (((struct realdata *)realdata)->attributes); free(realdata); X509_free(holder); } AC *voms::GetAC() { return AC_dup(((struct realdata *)realdata)->ac); } std::vector& voms::GetAttributes() { return *((struct realdata *)realdata)->attributes; } vomsdata::vomsdata(const vomsdata &orig) : ca_cert_dir(orig.ca_cert_dir), voms_cert_dir(orig.voms_cert_dir), duration(orig.duration), ordering(orig.ordering), servers(orig.servers), targets(orig.targets), error(orig.error), data(orig.data), workvo(orig.workvo), extra_data(orig.extra_data), ver_type(orig.ver_type), serverrors(orig.serverrors), errmessage(orig.errmessage), retry_count(orig.retry_count), verificationtime(orig.verificationtime), vdp(NULL) {} extern "C" { int getVOMSMajorVersionNumber(void) {return 2;} int getVOMSMinorVersionNumber(void) {return 0;} int getVOMSPatchVersionNumber(void) {return 0;} } void vomsdata::SetRetryCount(int retryCount) { retry_count = retryCount; } void vomsdata::SetVerificationTime(time_t thistime) { verificationtime = thistime; } std::vector voms::GetTargets() { AC *ac = GetAC(); std::vector targets; STACK_OF(X509_EXTENSION) *exts = ac->acinfo->exts; int nid = OBJ_txt2nid("idceTargets"); int pos = X509v3_get_ext_by_NID(exts, nid, -1); if (pos >= 0) { X509_EXTENSION *ex = sk_X509_EXTENSION_value(exts, pos); AC_TARGETS *target = (AC_TARGETS *)X509V3_EXT_d2i(ex); if (target != NULL) { for (int i = 0; i < sk_AC_TARGET_num(target->targets); i++) { AC_TARGET *name = NULL; name = sk_AC_TARGET_value(target->targets, i); if (name->name->type == GEN_URI) targets.push_back(std::string((char*)(name->name->d.ia5->data), name->name->d.ia5->length)); } } AC_TARGETS_free(target); } AC_free(ac); return targets; } bool vomsdata::LoadCredentials(X509 *cert, EVP_PKEY *pkey, STACK_OF(X509) *chain) { pthread_mutex_lock(&privatelock); vomsspace::internal *data = privatedata[this]; pthread_mutex_unlock(&privatelock); /* The condition below should never be true. */ if (!data) return false; if (cert) { X509_free(data->cert); data->cert = X509_dup(cert); } if (pkey) { EVP_PKEY_free(data->key); data->key = EVP_PKEY_dup(pkey); } /* sk_dup does *not* duplicate the stack content. Only the stack itself. */ /* So, do the duplication by hand. */ if (chain) { sk_X509_pop_free(data->chain, X509_free); data->chain = sk_X509_new_null(); if (data->chain) { for (int i =0; i < sk_X509_num(chain); i++) { X509 *newcert = X509_dup(sk_X509_value(chain, i)); if (!newcert) { sk_X509_pop_free(data->chain, X509_free); data->chain = NULL; break; } sk_X509_push(data->chain, newcert); } } } if ((cert && !data->cert) || (pkey && !data->key) || (chain && !data->chain)) { X509_free(cert); EVP_PKEY_free(pkey); sk_X509_pop_free(data->chain, X509_free); data->cert = NULL; data->chain = NULL; data->key = NULL; return false; } return true; } static std::string parse_commands(const std::string& commands) { if (commands[0] == '/') return commands; if (commands[0] == 'A') return std::string("all"); std::string temp = commands; change(temp, ":", "/Role="); change(temp, "G/", "/"); change(temp, "B/", "/"); change(temp, "R/", "/Role="); return temp; } voms-2.1.2/src/api/ccapi/voms_api.h000066400000000000000000000464251477131364200171300ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_API_H #define VOMS_API_H #include #include #include #ifndef NOGLOBUS #define NOGLOBUS #endif extern "C" { #ifndef GSSAPI_H_ /* * Also check against _GSSAPI_H_ as that is what the Kerberos 5 code defines and * what header files on some systems look for. */ #ifndef _GSSAPI_H_ typedef void * gss_cred_id_t; typedef void * gss_ctx_id_t; #endif #endif #include #include #include #include "newformat.h" } /*! \brief User's characteristics: can be repeated. */ struct data { std::string group; /*!< user's group */ std::string role; /*!< user's role */ std::string cap; /*!< user's capability */ }; /*!< \brief Generic name-value attribute : can be repeated. */ struct attribute { std::string name; /*!< attribute's group */ std::string qualifier; /*!< attribute's qualifier */ std::string value; /*!< attribute's value */ }; struct attributelist { std::string grantor; /*!< Who granted these attributes. */ std::vector attributes; /*!< The attributes themselves. */ }; /*! \brief The type of data returned. */ enum data_type { TYPE_NODATA, /*!< no data */ TYPE_STD, /*!< group, role, capability triplet */ TYPE_CUSTOM /*!< result of an S command */ }; struct contactdata { /*!< You must never allocate directly this structure. Its sizeof() is subject to change without notice. The only supported way to obtain it is via the FindBy* functions. */ std::string nick; /*!< The alias of the server */ std::string host; /*!< The hostname of the server */ std::string contact; /*!< The subject of the server's certificate */ std::string vo; /*!< The VO served by this server */ int port; /*!< The port on which the server is listening */ int version; /*!< The version of globus under which the server is running */ }; class vomspriv; struct voms { friend class vomsdata; int version; /*!< 0 means data didn't originate from an AC */ int siglen; /*!< The length of the VOMS server signature */ std::string signature; /*!< The VOMS server signature */ std::string user; /*!< The user's DN, as from his certificate */ std::string userca; /*!< The CA which signed the user's certificate */ std::string server; /*!< The VOMS server DN, as from its certificate */ std::string serverca; /*!< The CA which signed the VOMS certificate */ std::string voname; /*!< The name of the VO to which the VOMS belongs */ std::string uri; /*!< The URI of the VOMS server */ std::string date1; /*!< Beginning of validity of the user info */ std::string date2; /*!< End of validity of the user info */ data_type type; /*!< The type of data returned */ std::vector std; /*!< User's characteristics */ std::string custom; /*!< The data returned by an S command */ /* Data below this line only makes sense if version >= 1 */ std::vector fqan; /*!< Keeps the data in the compact format */ std::string serial; /*!< Serial number. "0" if coming from non-ac */ /* Data below this line is private. */ private: void *realdata; /*!< Original AC format. */ X509 *holder; public: voms(const voms &); voms(); voms &operator=(const voms &); ~voms(); private: struct vomsr *translate(); friend int TranslateVOMS(struct vomsdatar *vd, std::vector&v, int *error); public: AC *GetAC(); public: std::vector& GetAttributes(); /*!< Generic attributes */ std::vector GetTargets(); private: vomspriv *vp; }; enum recurse_type { RECURSE_CHAIN, RECURSE_NONE, RECURSE_DEEP }; enum verify_type { VERIFY_FULL = 0xffffffff, VERIFY_NONE = 0x00000000, VERIFY_DATE = 0x00000001, VERIFY_TARGET = 0x00000002, VERIFY_KEY = 0x00000004, VERIFY_SIGN = 0x00000008, VERIFY_ORDER = 0x00000010, VERIFY_ID = 0x00000020, VERIFY_CERTLIST = 0x00000040 }; /*! \brief Error codes. */ enum verror_type { VERR_NONE, VERR_NOSOCKET, /*!< Socket problem*/ VERR_NOIDENT, /*!< Cannot identify itself (certificate problem) */ VERR_COMM, /*!< Server problem */ VERR_PARAM, /*!< Wrong parameters*/ VERR_NOEXT, /*!< VOMS extension missing */ VERR_NOINIT, /*!< Initialization error */ VERR_TIME, /*!< Error in time checking */ VERR_IDCHECK, /*!< User data in extension different from the real ones */ VERR_EXTRAINFO, /*!< VO name and URI missing */ VERR_FORMAT, /*!< Wrong data format */ VERR_NODATA, /*!< Empty extension */ VERR_PARSE, /*!< Parse error */ VERR_DIR, /*!< Directory error */ VERR_SIGN, /*!< Signature error */ VERR_SERVER, /*!< Unidentifiable VOMS server */ VERR_MEM, /*!< Memory problems */ VERR_VERIFY, /*!< Generic verification error*/ // VERR_IDENT, VERR_TYPE, /*!< Returned data of unknown type */ VERR_ORDER, /*!< Ordering different than required */ VERR_SERVERCODE, /*!< Error message from the server */ VERR_NOTAVAIL, /*!< Method not available */ VERR_FILE /*!< Error reading data from file */ }; typedef bool (*check_sig)(X509 *, void *, verror_type &); /*!<*/ class vomsdatapriv; struct vomsdata { private: class Initializer { public: Initializer(); private: Initializer(Initializer &); }; private: static Initializer init; std::string ca_cert_dir; std::string voms_cert_dir; int duration; std::string ordering; std::vector servers; std::vector targets; public: verror_type error; /*!< Error code */ static void SkipSslInitialization(); vomsdata(std::string voms_dir = "", std::string cert_dir = ""); /*!< \param voms_dir The directory which contains the certificate of the VOMS server \param cert_dir The directory which contains the certificate of the CA If voms_dir is empty, the value of the environment variable X509_VOMS_DIR is taken. If cert_dir is empty, the value of the environment variable X509_CERT_DIR is taken. */ bool LoadSystemContacts(std::string dir = ""); /*!< Loads the system wide configuration files. \param dir The directory in which the files are stored. If dir is empty, defaults to /opt/edg/etc/vomses. \return True if all went OK, false otherwise. */ bool LoadUserContacts(std::string dir = ""); /*!< Loads the user-specific configuration files. \param dir The directory in which the files are stored. If dir is empty, defaults to $VOMS_USERCONF. If this is empty too, defaults to $HOME/.edg/vomses, or to ~/.edg/vomses as a last resort. \return True if all went OK, false otherwise. */ std::vector FindByAlias(std::string alias); /*!< Finds servers which share a common alias. \param alias The alias to look for. \return The servers found. The order in which they are returned is unspecified. */ std::vector FindByVO(std::string vo); /*!< Finds servers which serve a common VO \param vo The VO name to look for. \return The servers found. The order in which they are returned is unspecified. */ void Order(std::string att); /*!< Sets up the ordering of the results. Defines the ordering of the data returned by Contact(). Results are ordered in the same order as the calls to this function. \param att The attribute to be ordered. */ void ResetOrder(void); /*!< Resets the ordering. */ void AddTarget(std::string target); /*!< Adds a target to the AC. \param target The target to be added. it should be a FQDN. */ std::vector ListTargets(void); /*!< Returns the list of targets. */ void ResetTargets(void); /*!< Resets the target list. */ std::string ServerErrors(void); /*!< Gets the error message returned by the server */ bool Retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how = RECURSE_CHAIN); /*!< Extracts the VOMS extension from an X.509 certificate. The function doesn't check the validity of the certificates, but it does check the content of the user data. \param cert The certificate with the VOMS extensions \param chain The chain of the validation certificates (only the intermediate ones) \param how Recursion type \return failure (F) or success (T) */ bool Contact(std::string hostname, int port, std::string servsubject, std::string command); /*!< Contacts a VOMS server to get a certificate It is the equivalent of the voms_proxy_init command, but without the --include functionality. \param hostname FQDN of the VOMS server \param port the port on which the VOMS server is listening \param servsubject the subject of the server's certificate \param command the command sent to the server \return failure (F) or success (T) */ bool Contact(std::string hostname, int port, std::string servsubject, std::string command, int timeout); /*!< Contacts a VOMS server to get a certificate It is the equivalent of the voms_proxy_init command, but without the --include functionality. \param hostname FQDN of the VOMS server \param port the port on which the VOMS server is listening \param servsubject the subject of the server's certificate \param command the command sent to the server \param timeout Timeout for server connections in seconds \return failure (F) or success (T) */ bool ContactRaw(std::string hostname, int port, std::string servsubject, std::string command, std::string &raw, int& version); /*!< Same as Contact, however it does not start the verification process, and the message receviedfrom the server is not parsed. \param hostname FQDN of the VOMS server \param port the port on which the VOMS server is listening \param servsubject the subject of the server's certificate \param command the command sent to the server \param raw OUTPUT PARAMETER the answer from the server \param version OUTPUT PARAMETER the version of the answer \return failure (F) or success (T) */ bool ContactRaw(std::string hostname, int port, std::string servsubject, std::string command, std::string &raw, int& version, int timeout); /*!< Same as Contact, however it does not start the verification process, and the message receviedfrom the server is not parsed. \param hostname FQDN of the VOMS server \param port the port on which the VOMS server is listening \param servsubject the subject of the server's certificate \param command the command sent to the server \param raw OUTPUT PARAMETER the answer from the server \param version OUTPUT PARAMETER the version of the answer \param timeout Timeout for server connections in seconds \return failure (F) or success (T) */ void SetVerificationType(verify_type how); /*!< Sets the type of verification done on the data. \param how The type of verification. */ void SetLifetime(int lifetime); /*!< Set requested lifetime for the Contact() call. \param lifetime Requested lifetime, in seconds */ bool Import(std::string buffer);/*!< Converts data from the format used for inclusion into a certificate to the internal format The function does verify the data. \param buffer contains the data to be converted \return Failure (F) or Success (T) */ bool Export(std::string &data); /*!< Exports data from vomsdata::data to the format used for inclusion into a certificate. The function doesn't verify the data \param data The certificate extension \return Failure (F) or Success (T) */ bool DefaultData(voms &); /*!< Get the default data extension from those present in the pseudo certificate */ std::vector data; /*!< User's info, as in the certificate extension. It may contain data gathered from more than one VOMS server, */ std::string workvo; /*!< The value of the -vo option of the voms-proxy-init command */ std::string extra_data; /*!< The data specified by the user with the --include switch. Note that this field doesn't contain the result of a request to the VOMS server, but instead data specified by the user. The reason for the introduction of this extension is to let a user include important data into his proxy certificate, like, for example, a kerberos ticket */ private: bool loadfile(std::string, uid_t uid, gid_t gid); bool loadfile0(std::string, uid_t uid, gid_t gid); bool verifydata(std::string &message, std::string subject, std::string ca, X509 *holder, voms &v); bool check_cert(X509 *cert); bool retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how, AC_SEQ **listnew, std::string &subject, std::string &ca, X509 **holder); verify_type ver_type; std::string serverrors; std::string errmessage; void seterror(verror_type, std::string); bool check_sig_ac(X509 *, void *); X509 *check(void *); bool contact(const std::string&, int, const std::string&, const std::string&, std::string&, std::string&, std::string&, int timeout); bool verifydata(AC *ac, const std::string& subject, const std::string& ca, X509 *holder, voms &v); bool evaluate(AC_SEQ *, const std::string&, const std::string&, X509*); public: std::string ErrorMessage(void); /*!< Gets a textual description of the error. \return A string containg the error message. */ #ifdef NOGLOBUS bool RetrieveFromCtx(gss_ctx_id_t context, recurse_type how); /*!< Gets VOMS information from the given globus context \param context The context from which to retrieve the certificate. \param how Recursion type \return failure (F) or success (T)*/ bool RetrieveFromCred(gss_cred_id_t credential, recurse_type how); /*!< Gets VOMS information from the given globus credential \param credential The credential from which to retrieve the certificate. \param how Recursion type \return failure (F) or success (T)*/ #endif bool Retrieve(X509_EXTENSION *ext); /*!< Gets VOMS information from the given extension \param ext The extension to parse. \return failure (F) or success (T) */ bool RetrieveFromProxy(recurse_type how); /*!< Gets VOMS information from an existing globus proxy \param how Recursion type \return failure (F) or success (T)*/ bool Retrieve(FILE *file, recurse_type how); /*!< Gets VOMS information from a proxy saved as a file. \param file the file name \param how Recursion type \return failure (F) or success (T) Note: Does NOT verify that the proxy is valid. Such verification must be obtained through other means. */ bool Retrieve(AC *ac);/*!< Gets VOMS information from the AC \param ac The extension to parse. \return failure (F) or success (T) */ ~vomsdata(); private: // X509 *check_file(void *); bool check_cert(STACK_OF(X509) *); X509 *check_from_certs(AC *ac, const std::string& voname); X509 *check_from_file(AC *, std::ifstream&, const std::string &vo, const std::string &filename); public: vomsdata(const vomsdata &); private: int retry_count; public: void SetRetryCount(int retryCount); public: void SetVerificationTime(time_t); private: time_t verificationtime; bool verifyac(X509 *, X509 *, AC*, time_t, voms&); public: bool LoadCredentials(X509*, EVP_PKEY *, STACK_OF(X509) *); bool ContactRESTRaw(const std::string&, int, const std::string&, std::string&, int, int); private: bool InterpretOutput(const std::string&, std::string&); private: vomsdatapriv *vdp; }; extern "C" { int getVOMSMajorVersionNumber(void); int getVOMSMinorVersionNumber(void); int getVOMSPatchVersionNumber(void); } #endif voms-2.1.2/src/api/ccapi/voms_api_nog.h000066400000000000000000000024021477131364200177560ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_API_NOG_H #define VOMS_API_NOG_H #ifndef VOMS_API_H #define NOGLOBUS #include #undef NOGLOBUS #else #error The Globus and Globus-free versions are not compatible! #endif #endif voms-2.1.2/src/api/ccapi/voms_apic.h000066400000000000000000000517431477131364200172720ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_APIC_H #define VOMS_APIC_H #ifdef __cplusplus extern "C" { #endif #define NOGLOBUS #if !(defined(GSSAPI_H_) || defined(_GSSAPI_H) || defined(_GSSAPI_H_)) typedef void * gss_cred_id_t; typedef void * gss_ctx_id_t; #endif #include #include #include "newformat.h" /*#include "voms_api.h"*/ /*!< \brief User's characteristics: can be repeated. */ struct data { char *group; /*!< user's group */ char *role; /*!< user's role */ char *cap; /*!< user's capability */ }; struct attribute { const char *name; const char *value; const char *qualifier; }; struct contactdata { /*!< You must never allocate directly this structure. Its sizeof() is subject to change without notice. The only supported way to obtain it is via the VOMS_FindBy* functions. */ char *nick; /*!< The alias of the server */ char *host; /*!< The hostname of the server */ char *contact; /*!< The subject of the server's certificate */ char *vo; /*!< The VO served by this server */ int port; /*!< The port on which the server is listening */ char *reserved; /*!< HANDS OFF! */ int version; /*!< The version of Globus on which this server runs. */ }; /*!< \brief The type of data returned. */ #define TYPE_NODATA 0 /*!< no data */ #define TYPE_STD 1 /*!< group, role, capability triplet */ #define TYPE_CUSTOM 2 /*!< result of an S command */ struct voms { int siglen; /*!< The length of the VOMS server signature */ char *signature; /*!< The VOMS server signature */ char *user; /*!< The user's DN, as from his certificate */ char *userca; /*!< The CA which signed the user's certificate */ char *server; /*!< The VOMS server DN, as from its certificate */ char *serverca; /*!< The CA which signed the VOMS certificate */ char *voname; /*!< The name of the VO to which the VOMS belongs */ char *uri; /*!< The URI of the VOMS server */ char *date1; /*!< Beginning of validity of the user info */ char *date2; /*!< End of validity of the user info */ int type; /*!< The type of data returned */ struct data **std; /*!< User's characteristics */ char *custom; /*!< The data returned by an S command */ int datalen; int version; char **fqan; /*!< User's attributes in compact format */ char *serial; /*!< Serial number. Only significant if coming from AC. Null otherwise */ /* Fields below this line are reserved. */ AC *ac; X509 *holder; }; #define RECURSE_CHAIN 0 #define RECURSE_NONE 1 #define VERIFY_FULL 0xffffffff #define VERIFY_NONE 0x00000000 #define VERIFY_DATE 0x00000001 #define VERIFY_NOTARGET 0x00000002 #define VERIFY_KEY 0x00000004 #define VERIFY_SIGN 0x00000008 #define VERIFY_ORDER 0x00000010 #define VERIFY_ID 0x00000020 #define VERIFY_CERTLIST 0x00000040 /*! \brief Error codes. */ #define VERR_NONE 0 #define VERR_NOSOCKET 1 /*!< Socket problem*/ #define VERR_NOIDENT 2 /*!< Cannot identify itself (certificate problem) */ #define VERR_COMM 3 /*!< Server problem */ #define VERR_PARAM 4 /*!< Wrong parameters*/ #define VERR_NOEXT 5 /*!< VOMS extension missing */ #define VERR_NOINIT 6 /*!< Initialization error */ #define VERR_TIME 7 /*!< Error in time checking */ #define VERR_IDCHECK 8 /*!< User data in extension different from the real ones */ #define VERR_EXTRAINFO 9 /*!< VO name and URI missing */ #define VERR_FORMAT 10 /*!< Wrong data format */ #define VERR_NODATA 11 /*!< Empty extension */ #define VERR_PARSE 12 /*!< Parse error */ #define VERR_DIR 13 /*!< Directory error */ #define VERR_SIGN 14 /*!< Signature error */ #define VERR_SERVER 15 /*!< Unidentifiable VOMS server */ #define VERR_MEM 16 /*!< Memory problems */ #define VERR_VERIFY 17 /*!< Generic verification error*/ #define VERR_TYPE 18 /*!< Returned data of unknown type */ #define VERR_ORDER 19 /*!< Ordering different than required */ #define VERR_SERVERCODE 20 /*!< Error from the server */ #define VERR_NOTAVAIL 21 /*!< Method not available */ struct vomsdata { char *cdir; char *vdir; struct voms **data; /*!< User's info, as in the certificate extension. It may contain data gathered from more than one VOMS server, */ char *workvo; /*!< The value of the -vo option of the voms-proxy-init command */ char *extra_data; /*!< The data specified by the user with the --include switch. Note that this field doesn't contain the result of a request to the VOMS server, but instead data specified by the user. The reason for the introduction of this extension is to let a user include important data into his proxy certificate, like, for example, a kerberos ticket */ int volen; int extralen; /* Fields below this line are reserved. */ struct vomsdata *real; }; extern struct contactdata **VOMS_FindByAlias(struct vomsdata *vd, char *alias, char *system, char *user, int *error); /*!< Gets a list of VOMS servers which share an alias. \param vd The correctly initialized vomsdata structured. \param alias The alias to look for. \param system The directory in which to look for the system configuration files. If NULL, defaults to /opt/edc/etc/vomses \param user The directory in which to look for the user configuration files. Defaults to $VOMS_USERCONF if NULL. Again defaults to $HOME/.edg/vomses if the latter is NULL, or to ~/.edg/vomses as a last resort. \param error RETURN PARAMETER: qualifies the error message. \return NULL, or a NULL-terminated vector of contactdata structures. The only supported way to free this array is via the VOMS_DeleteContacts function. Note also that the order in which the servers are returned is unspecified.*/ extern struct contactdata **VOMS_FindByVO(struct vomsdata *vd, char *vo, char *system, char *user, int *error); /*!< Gets a list of VOMS servers which serve the same VO. \param vd The correctly initialized vomsdata structured. \param vo The VO to look for. \param system The directory in which to look for the system configuration files. If NULL, defaults to /opt/edc/etc/vomses \param user The directory in which to look for the user configuration files. Defaults to $VOMS_USERCONF if NULL. Again defaults to $HOME/.edg/vomses if the latter is NULL, or to ~/.edg/vomses as a last resort. \param error RETURN PARAMETER: qualifies the error message. \return NULL, or a NULL-terminated vector of contactdata structures. The only supported way to free this array is via the VOMS_DeleteContacts function. Note also that the order in which the servers are returned is unspecified.*/ extern void VOMS_DeleteContacts(struct contactdata **list); /*!< Frees a contactdata vector. \param list The vector to free.*/ extern struct vomsdata *VOMS_Init(char *voms, char *cert); /*!< Initializes a vomsdata structure for use by the other functions. N.B: This is the ONLY way to correctly initialize a vomsdata structure. It is also forbidden to directly take the sizeof() of this structure. \param voms The directory which contains the certificates of the VOMS servers \param cert The directory which contains the CA certificates If voms_dir is empty, the value of the environment variable X509_VOMS_DIR is taken If cert_dir is empty, the value of the environment variable X509_CERT_DIR is taken \return NULL for failure, or a pointer to a properly initialized structure. */ extern struct voms *VOMS_Copy(struct voms *v, int *error); /*!< Copies a voms structure. N.B: This is the ONLY way to correctly initialize a voms structure as a copy of another voms structure. \param v The structure to copy. \param error RETURN PARAMETER: qualifies the error message. \return NULL (error) or the new voms structure. */ extern struct vomsdata *VOMS_CopyAll(struct vomsdata *vd, int *error); /*!< Copies a vomsdata structure. N.B: This is the ONLY way to correctly initialize a vomsdata structure as a copy of another vomsdata structure. \param vd The structure to copy. \param error RETURN PARAMETER: qualifies the error message. \return NULL (error) or the new vomsdata structure. */ extern void VOMS_Delete(struct voms *v); /*!< Deletes a voms structure \param v Pointer to the structure to delete.*/ extern int VOMS_AddTarget(struct vomsdata *vd, char *target, int *error); /*!< Adds a target to the AC. \param vd The vomsdata structure. \param target The target to add. It should be a FQDN. \param error RETURN PARAMETER: qualifies the error message. \return failure (0) or success (<>0) */ extern void VOMS_FreeTargets(struct vomsdata *vd, int *error); /*!< Delete the targets from the AC. \param vd The vomsdata structure. \param error RETURN PARAMETER: qualifies the error message. */ extern char *VOMS_ListTargets(struct vomsdata *vd, int *error); /*< Gets the list of targets for the AC. \param vd The vomsdata structure. \param error RETURN PARAMETER: qualifies the error message. */ extern int VOMS_SetVerificationType(int type, struct vomsdata *vd, int *error); /* Sets the verification type. \param type. The verification type. \param vd The vomsdata structure. \param error RETURN PARAMETER: qualifies the error message. */ extern int VOMS_SetLifetime(int length, struct vomsdata *vd, int *error); /*!< Set requested lifetime for VOMS_Contact() calls. \param length Lifetime requested. \param vd RETURN PARAMETER: contains the modified data. \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern void VOMS_Destroy(struct vomsdata *vd); /*!< Destroys a proper vomsdata structure /param vd The structure to deallocate. */ extern int VOMS_ResetOrder(struct vomsdata *vd, int *error); /*!< Unsets the return order of the attributes. \param vd RETURN PARAMETER: contains the modified data. \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern int VOMS_Ordering(char *order, struct vomsdata *vd, int *error); /*!< Further specified the order of the returned attributes. Please do note that calls are cumulative unless VOMS_ResetOrder() is called. \param order the group:role attribute. \param vd RETURN PARAMETER: contains the modified data. \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern int VOMS_Contact(char *hostname, int port, char *servsubject, char *command, struct vomsdata *vd, int *error); /*!< Contacts a VOMS server to get a certificate It is the equivalent of the voms_proxy_init command, but without the --include functionality. \param hostname FQDN of the VOMS server \param port the port on which the VOMS server is listening \param servsubject the subject of the server's certificate \param command Command \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern int VOMS_ContactRaw(char *hostname, int port, char *servsubject, char *command, void **data, int *datalen, int *version, struct vomsdata *vd, int *error); /*!< The same as VOMS_Contact, except that instead of starting the verification process, the data is returned as is in the \param data and \param datalen fields. \param hostname FQDN of the VOMS server \param port the port on which the VOMS server is listening \param servsubject the subject of the server's certificate \param command the command sent to the server \param version is the version number of the data. \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern int VOMS_Retrieve(X509 *cert, STACK_OF(X509) *chain, int how, struct vomsdata *vd, int *error); /*!< Extracts the VOMS extension from an X.509 certificate. The function doesn't check the validity of the certificates, but it does check the content of the user data. \param cert The certificate with the VOMS extensions \param chain The chain of the validation certificates (only the intermediate ones) \param how Recursion type \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern int VOMS_Import(char *buffer, int buflen, struct vomsdata *vd, int *error); /*!< Converts data from the format used for inclusion into a certificate to the internal format The function does verify the data. \param buffer contains the data to be converted \param buflen contains the length of buffer \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern int VOMS_Export(char **buffer, int *buflen, struct vomsdata *vd, int *error); /*!< Converts data into a test format \param buffer OUTPUT PARAMETER contains the converted data \param buflen OUTPUT PARAMETER contains the length of buffer \param vd contains the data to convert \param error RETURN PARAMETER Qualifies the error message \return failure (0) or success (<>0)*/ extern struct voms *VOMS_DefaultData(struct vomsdata *vd, int *error); /*!< Gets the default attributes from a vomsdata structure. \param vd the vomsdata structure to analyze \param error RETURN PARAMETER: Qualifies the error message \return a pointer to the relevant voms structure. DO NOT modify the fields. */ extern char *VOMS_ErrorMessage(struct vomsdata *vd, int error, char *buffer, int len); /*!< Gets a textual description of the error. \param vd The vomsdata structure to analyze \param error The error returned by the last function \param buffer A pointer to a buffer where the error message will be written. If NULL, then memory is allocated by the function, and will have to be free()ed by the caller. \param len The length of the memory pointed to by the buffer parameter. \return A pointer to the error message. */ extern int VOMS_RetrieveEXT(X509_EXTENSION *ext, struct vomsdata *vd, int *error); /*!< Gets VOMS information from the given extension \param ext The extension to parse. \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0) */ extern int VOMS_RetrieveFromCred(gss_cred_id_t cred, int how, struct vomsdata *vd, int *error); /*!< Gets VOMS information from the given globus credential \param cred The credential from which to retrieve the certificate. \param how Recursion type \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0)*/ extern int VOMS_RetrieveFromFile(FILE *file, int how, struct vomsdata *vd, int *error); /*!< Gets VOMS information from the given globus credential \param file The file from which to retrieve the certificate. \param how Recursion type \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0)*/ extern int VOMS_RetrieveFromCtx(gss_ctx_id_t ctx, int how, struct vomsdata *vd, int *error); /*!< Gets VOMS information from the given globus context \param ctx The context from which to retrieve the certificate. \param how Recursion type \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0)*/ extern int VOMS_RetrieveFromProxy(int how, struct vomsdata *vd, int *error); /*!< Gets VOMS information from an existing globus proxy \param how Recursion type \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0)*/ extern int VOMS_RetrieveFromAC(AC*ac, struct vomsdata *vd, int *error); /*!< Gets VOMS information from an existing globus proxy \param ac AC from which to get the credentials \param vd RETURN PARAMETER: contains the data returned by the connection \param error RETURN PARAMETER: Qualifies the error message \return failure (0) or success (<>0)*/ extern int VOMS_GetAttributeSourcesNumber(struct voms *v, struct vomsdata *vd, int *error); extern int VOMS_GetAttributeSourceHandle(struct voms *v, int num, struct vomsdata *vd, int *error); extern const char *VOMS_GetAttributeGrantor(struct voms *v, int handle, struct vomsdata *vd, int *error); extern int VOMS_GetAttributesNumber(struct voms *v, int handle, struct vomsdata *vd, int *error); extern int VOMS_GetAttribute(struct voms *v, int handle, int num, struct attribute *at, struct vomsdata *vd, int *error); extern struct vomsdata *VOMS_Duplicate(struct vomsdata *vd); extern AC *VOMS_GetAC(struct voms *v); extern int getMajorVersionNumber(void); extern int getMinorVersionNumber(void); extern int getPatchVersionNumber(void); extern int VOMS_SetVerificationTime(time_t verificationtime, struct vomsdata *vd, int *error); extern char **VOMS_GetTargetsList(struct voms *v, struct vomsdata *vd, int *error); extern void VOMS_FreeTargetsList(char **); extern int VOMS_SetTimeout(int t, struct vomsdata *vd, int *error); extern int VOMS_LoadCredentials(X509 *cert, EVP_PKEY *pkey, STACK_OF(X509)* chain, struct vomsdata *vd, int *error); #ifdef __cplusplus } #endif #endif voms-2.1.2/src/api/ccapi/voms_apic_nog.h000066400000000000000000000024061477131364200201250ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_APIC_NOG_H #define VOMS_APIC_NOG_H #ifndef VOMS_APIC_H #define NOGLOBUS #include #undef NOGLOBUS #else #error The Globus and Globus-free versions are not compatible! #endif #endif voms-2.1.2/src/client/000077500000000000000000000000001477131364200145555ustar00rootroot00000000000000voms-2.1.2/src/client/Makefile.am000066400000000000000000000011321477131364200166060ustar00rootroot00000000000000AM_CPPFLAGS = \ -I$(top_srcdir)/src/api/ccapi \ -I$(top_srcdir)/src/include \ -I$(top_srcdir)/src/sslutils \ $(NO_GLOBUS_FLAGS) \ $(EXPAT_CFLAGS) \ $(OPENSSL_CFLAGS) if BUILD_CLIENTS bin_PROGRAMS = voms-proxy-init voms_proxy_init_SOURCES = \ main.cc \ vomsclient.cc \ vomsclient.h \ contact.hpp voms_proxy_init_LDADD = \ $(top_builddir)/src/api/ccapi/libvomsapi.la \ $(top_builddir)/src/sslutils/libssl_utils_nog.la \ $(OPENSSL_LIBS) \ $(top_builddir)/src/common/libutilc_nog.la \ $(EXPAT_LIBS) install-exec-hook: -ln -s voms-proxy-init $(DESTDIR)$(bindir)/voms-proxy-list endif voms-2.1.2/src/client/contact.hpp000066400000000000000000000034261477131364200167260ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include #include "fqan.h" class Contact { public: Contact(const std::string& s) : vo_(""), fqan_(""), nick_("") { /* separate nick from fqan */ std::string::size_type pos = s.find(':'); if (pos != std::string::npos) { nick_ = vo_ = s.substr(0, pos); fqan_ = s.substr(pos+1); } else { nick_ = s; } } std::string vo() const { return vo_; } std::string fqan() const { return fqan_; } std::string nick() const { return nick_; } private: std::string vo_; std::string fqan_; std::string nick_; }; voms-2.1.2/src/client/main.cc000066400000000000000000000026651477131364200160210ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ extern "C" { #include "config.h" #include #include #include } #include #include "vomsclient.h" int main(int argc, char** argv) { struct rlimit newlimit = {0,0}; if (setrlimit(RLIMIT_CORE, &newlimit) != 0) exit(1); Client v(argc, argv); return v.Run(); } voms-2.1.2/src/client/vomsclient.cc000066400000000000000000001171371477131364200172610ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include "data.h" extern "C" { #include #include #include #include #include #include #include #include #include #include #include #include #include "listfunc.h" #include "credentials.h" #include "replace.h" #include "doio.h" #include } #include #include #include #include #include #include #include "options.h" #include "vomsxml.h" #include #include "vomsclient.h" #include "fqan.h" #include "contact.hpp" extern "C" { #include "vomsproxy.h" } #include "init.h" #ifndef VOMS_MAYBECONST #if defined(D2I_OF) #define VOMS_MAYBECONST const #else #define VOMS_MAYBECONST #endif #endif static AC *getAC(const std::string& data); const std::string SUBPACKAGE = "voms-proxy-init"; /* use name specific to each distribution (defined in configure.in) */ std::string conf_location; std::string CONFILENAME; std::string USERCONFILENAME; std::string OLDDIR; /* global variable for output control */ bool debug = false; bool quiet = false; bool dontverifyac = false; extern "C" { static pem_password_cb *pw_cb = NULL; static int pwstdin_callback(char * buf, int num, UNUSED(int w), UNUSED(void *u)) { int i; if (!(fgets(buf, num, stdin))) { std::cerr << "Failed to read pass-phrase from stdin" << std::endl; return -1; } i = strlen(buf); if (buf[i-1] == '\n') { buf[i-1] = '\0'; i--; } return i; } static void kpcallback(int p, UNUSED(int n), UNUSED(void* v)) { char c='B'; if (quiet) return; if (p == 0) c='.'; if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; if (!debug) c = '.'; fputc(c,stderr); } extern int proxy_verify_cert_chain(X509 * ucert, STACK_OF(X509) * cert_chain, proxy_verify_desc * pvd); extern void proxy_verify_ctx_init(proxy_verify_ctx_desc * pvxd); } Client::Client(int argc, char ** argv) : ignorewarn(false), failonwarn(false), cacertfile(NULL), certdir(NULL), certfile(NULL), keyfile(NULL), confile(CONFILENAME), userconf(""), incfile(""), separate(""), bits(-1), hours(12), minutes(0), ac_hours(12), ac_minutes(0), limit_proxy(false), proxyver(0), pathlength(-1), verify(false), noregen(false), version(0), #ifdef CLASS_ADD class_add_buf(NULL), class_add_buf_len(0), #endif aclist(NULL), voID(""), listing(false), cert_chain(NULL), ucert(NULL), private_key(NULL), timeout(60), acfile(""), v(NULL) { bool progversion = false; std::string valid; std::string vomslife; std::string certdir; std::string certfile; std::string keyfile; std::string outfile; std::vector order; std::vector targets; bool rfc = false; bool old = false; bool pwstdin = false; conf_location = ETC_DIR; CONFILENAME = (conf_location + "/vomses"); USERCONFILENAME = std::string(USER_DIR) + std::string("/vomses"); OLDDIR = (strcmp(USER_DIR, ".glite") ? ".glite/vomses" : ".voms/vomses"); if (strrchr(argv[0],'/')) program = strrchr(argv[0],'/') + 1; else program = argv[0]; if ((strcmp(program.c_str(), "voms-proxy-list") == 0) || (strcmp(program.c_str(), "edg-voms-proxy-list") == 0)) listing = true; /* usage message */ static const char *LONG_USAGE = NULL; if (!listing) { LONG_USAGE = \ "\n" \ " Options\n" \ " -help, -usage Displays usage\n" \ " -version Displays version\n" \ " -debug Enables extra debug output\n" \ " -quiet, -q Quiet mode, minimal output\n" \ " -verify Verifies certificate to make proxy for\n" \ " -pwstdin Allows passphrase from stdin\n" \ " -limited Creates a limited proxy\n" \ " -valid Proxy and AC are valid for h hours and m minutes\n" \ " (defaults to 12:00)\n" \ " -hours H Proxy is valid for H hours (default:12)\n" \ " -bits Number of bits in key {512|1024|2048|4096}\n" \ " -cert Non-standard location of user certificate\n" \ " -key Non-standard location of user key\n" \ " -certdir Non-standard location of trusted cert dir\n" \ " -out Non-standard location of new proxy cert\n" \ " -voms > Specify voms server. :command is optional,\n" \ " and is used to ask for specific attributes\n" \ " (e.g: roles)\n" \ " -order > Specify ordering of attributes.\n" \ " -target Targets the AC against a specific hostname.\n" \ " -vomslife Try to get a VOMS pseudocert valid for h hours\n" \ " and m minutes (default to value of -valid).\n" \ " -include Include the contents of the specified file.\n" \ " -conf Read options from .\n" \ " -confile Non-standard location of voms server addresses. Deprecated\n" \ " -userconf Non-standard location of user-defined voms server addresses. Deprecated\n" \ " -vomses Non-standard location of configuration files.\n" " -policy File containing policy to store in the ProxyCertInfo extension.\n" \ " -pl, -policy-language OID string for the policy language.\n" \ " -policy-language OID string for the policy language.\n" \ " -path-length Allow a chain of at most l proxies to be generated from this ones.\n" \ " -globus Globus version. (MajorMinor)\n" \ " -proxyver Version of proxy certificate.\n" \ " -noregen Use existing proxy certificate to connect to server and sign the new proxy.\n" \ " -separate Saves the information returned by the server on file .\n" \ " -ignorewarn Ignore warnings.\n" \ " -failonwarn Treat warnings as errors.\n" \ " -list Show all available attributes.\n" \ " -rfc Creates RFC 3820 compliant proxy (synonymous with -proxyver 4)\n" \ " -old Creates GT2 compliant proxy (synonymous with -proxyver 2)\n" \ " -timeout Timeout for server connections, in seconds.\n" " -includeac get AC from file.\n" " -dont-verify-ac Skips AC verification.\n" "\n"; set_usage(LONG_USAGE); /* parse command-line option */ struct option opts[] = { {"help", 0, NULL, OPT_HELP}, {"usage", 0, NULL, OPT_HELP}, {"version", 0, (int *)&progversion, OPT_BOOL}, {"cert", 1, (int *)&certfile, OPT_STRING}, {"certdir", 1, (int *)&certdir, OPT_STRING}, {"out", 1, (int *)&outfile, OPT_STRING}, {"key", 1, (int *)&keyfile, OPT_STRING}, {"include", 1, (int *)&incfile, OPT_STRING}, {"hours", 1, &hours, OPT_NUM}, {"valid", 1, (int *)&valid, OPT_STRING}, {"vomslife", 1, (int *)&vomslife, OPT_STRING}, {"bits", 1, &bits, OPT_NUM}, {"debug", 0, (int *)&debug, OPT_BOOL}, {"limited", 0, (int *)&limit_proxy, OPT_BOOL}, {"verify", 0, (int *)&verify, OPT_BOOL}, {"q", 0, (int *)&quiet, OPT_BOOL}, {"quiet", 0, (int *)&quiet, OPT_BOOL}, {"pwstdin", 0, (int *)&pwstdin, OPT_BOOL}, {"conf", 1, NULL, OPT_CONFIG}, {"confile", 1, (int *)&confile, OPT_STRING}, {"userconf", 1, (int *)&userconf, OPT_STRING}, {"vomses", 1, (int *)&confiles, OPT_MULTI}, {"voms", 1, (int *)&vomses, OPT_MULTI}, {"order", 1, (int *)&order, OPT_MULTI}, {"target", 1, (int *)&targets, OPT_MULTI}, {"globus", 1, &version, OPT_NUM}, {"proxyver", 1, &proxyver, OPT_NUM}, {"policy", 1, (int *)&policyfile, OPT_STRING}, {"policy-language", 1, (int *)&policylang, OPT_STRING}, {"pl", 1, (int *)&policylang, OPT_STRING}, {"path-length", 1, &pathlength, OPT_NUM}, {"noregen", 0, (int *)&noregen, OPT_BOOL}, {"separate", 1, (int *)&separate, OPT_STRING}, {"ignorewarn", 0, (int *)&ignorewarn, OPT_BOOL}, {"failonwarn", 0, (int *)&failonwarn, OPT_BOOL}, {"list", 0, (int *)&listing, OPT_BOOL}, {"rfc", 0, (int *)&rfc, OPT_BOOL}, {"old", 0, (int *)&old, OPT_BOOL}, #ifdef CLASS_ADD {"classadd", 1, (int *)class_add_buf,OPT_STRING}, #endif {"timeout", 1, &timeout, OPT_NUM}, {"includeac", 1, (int *)&acfile, OPT_STRING}, {"dont-verify-ac", 0, (int *)&dontverifyac,OPT_BOOL}, {0, 0, 0, 0} }; if (!getopts(argc, argv, opts)) exit(1); } else { /* listing mode */ LONG_USAGE = \ "\n" \ " Options\n" \ " -help, -usage Displays usage\n" \ " -version Displays version\n" \ " -debug Enables extra debug output\n" \ " -quiet, -q Quiet mode, minimal output\n" \ " -pwstdin Allows passphrase from stdin\n" \ " -cert Non-standard location of user certificate\n" \ " -key Non-standard location of user key\n" \ " -certdir Non-standard location of trusted cert dir\n" \ " -out Non-standard location of new proxy cert\n" \ " -voms > Specify voms server. :command is optional,\n" \ " and is used to ask for specific attributes\n" \ " (e.g: roles)\n" \ " -include Include the contents of the specified file.\n" \ " -conf Read options from .\n" \ " -confile Non-standard location of voms server addresses.\n" \ " -userconf Non-standard location of user-defined voms server addresses.\n" \ " -vomses Non-standard loation of configuration files.\n" " -globus Globus version.\n" \ " -noregen Use existing proxy certificate to connect to server and sign the new proxy.\n" \ " -ignorewarn Ignore warnings.\n" \ " -failonwarn Treat warnings as errors.\n" \ " -timeout Timeout for server connections, in seconds.\n" \ " -list Show all available attributes.\n" \ "\n"; set_usage(LONG_USAGE); /* parse command-line option */ struct option opts[] = { {"help", 0, NULL, OPT_HELP}, {"usage", 0, NULL, OPT_HELP}, {"version", 0, (int *)&progversion, OPT_BOOL}, {"cert", 1, (int *)&certfile, OPT_STRING}, {"certdir", 1, (int *)&certdir, OPT_STRING}, {"out", 1, (int *)&outfile, OPT_STRING}, {"key", 1, (int *)&keyfile, OPT_STRING}, {"debug", 0, (int *)&debug, OPT_BOOL}, {"verify", 0, (int *)&verify, OPT_BOOL}, {"q", 0, (int *)&quiet, OPT_BOOL}, {"quiet", 0, (int *)&quiet, OPT_BOOL}, {"pwstdin", 0, (int *)&pwstdin, OPT_BOOL}, {"conf", 1, NULL, OPT_CONFIG}, {"confile", 1, (int *)&confile, OPT_STRING}, {"userconf", 1, (int *)&userconf, OPT_STRING}, {"vomses", 1, (int *)&confiles, OPT_MULTI}, {"voms", 1, (int *)&vomses, OPT_MULTI}, {"globus", 1, &version, OPT_NUM}, {"noregen", 0, (int *)&noregen, OPT_BOOL}, {"ignorewarn", 0, (int *)&ignorewarn, OPT_BOOL}, {"failonwarn", 0, (int *)&failonwarn, OPT_BOOL}, {"list", 0, (int *)&listing, OPT_BOOL}, {"timeout", 0, &timeout, OPT_NUM}, {0, 0, 0, 0} }; if (!getopts(argc, argv, opts)) exit(1); } if (!progversion && listing && vomses.size() != 1) { Print(ERROR) << "Exactly ONE voms server must be specified!\n" << std::endl; exit(1); } /* wouldn't make sense */ if (debug) ignorewarn = failonwarn = quiet = false; if (quiet) ignorewarn = true; if (failonwarn) ignorewarn = false; /* show version and exit */ if (progversion) { Print(FORCED) << SUBPACKAGE << "\nVersion: " << VERSION << std::endl; Print(FORCED) << "Compiled: " << __DATE__ << " " << __TIME__ << std::endl; exit(0); } if (getenv("VOMS_PROXY_INIT_DONT_VERIFY_AC") != NULL) { dontverifyac = true; } /* set proxy version */ if (rfc) proxyver = 4; if (old) proxyver = 2; if (proxyver!=2 && proxyver!=3 && proxyver != 4 && proxyver!=0) { Print(ERROR) << "Error: proxyver must be 2, 3 or 4" << std::endl; exit(1); } else if (proxyver==0) { proxyver = 4; Print(DEBUG) << "Unspecified proxy version, settling on version 4 (RFC)" << std::endl; } /* PCI extension option */ if (proxyver >= 3) { if (!policylang.empty()) if (policyfile.empty()) { Print(ERROR) << "Error: if you specify a policy language you also need to specify a policy file" << std::endl; exit(1); } } if (proxyver >= 3) { Print(DEBUG) << "PCI extension info: " << std::endl << " Path length: " << pathlength << std::endl; if (policylang.empty()) Print(DEBUG) << " Policy language not specified." << policylang << std::endl; else Print(DEBUG) << " Policy language: " << policylang << std::endl; if (policyfile.empty()) Print(DEBUG) << " Policy file not specified." << std::endl; else Print(DEBUG) << " Policy file: " << policyfile << std::endl; } /* get vo */ char *vo = getenv("VO"); if (vo != NULL && strcmp(vo, "") != 0) voID = vo; /* controls that number of bits for the key is appropiate */ if (bits == -1) bits = 2048; if ((bits != 0) && (bits!=512) && (bits!=1024) && (bits!=2048) && (bits!=4096)) { Print(ERROR) << "Error: number of bits in key must be one of 512, 1024, 2048, 4096." << std::endl; exit(1); } Print(DEBUG) << "Number of bits in key :" << bits << std::endl; /* parse valid options */ /* parse_time exits directly in case of errors */ parse_time(valid, "valid", hours, minutes); ac_hours = hours; ac_minutes = minutes; parse_time(vomslife, "vomslife", ac_hours, ac_minutes); /* allow password from stdin */ if (pwstdin) pw_cb = pwstdin_callback; /* file used */ this->cacertfile = NULL; this->certdir = (certdir.empty() ? NULL : strdup(const_cast(certdir.c_str()))); this->outfile = (outfile.empty() ? NULL : strdup(const_cast(outfile.c_str()))); this->certfile = (certfile.empty() ? NULL : strdup(const_cast(certfile.c_str()))); this->keyfile = (keyfile.empty() ? NULL : strdup(const_cast(keyfile.c_str()))); /* prepare proxy_cred_desc */ if (!pcdInit()) { CleanAll(); exit(3); } v = new vomsdata("", certdir); /* Do VOMS-specific tests only if (at least) a voms server needs to be contacted (aside from simple parsing for correctness) */ if (!vomses.empty()) { /* configuration files */ if (userconf.empty()) { char *uc = getenv("VOMS_USERCONF"); if (uc && (strlen(uc) != 0)) { userconf = uc; confiles.push_back(userconf); } } /* If userconf is still empty, then VOMS_USERCONF was not defined */ if (userconf.empty()) { char *uc = getenv("HOME"); if (uc && (strlen(uc) != 0)) { userconf = std::string(uc) + "/" + USERCONFILENAME; if (!fileexists(userconf.c_str())) userconf = std::string(uc) + "/" + OLDDIR; } else { userconf = std::string("~/") + USERCONFILENAME; if (!fileexists(userconf.c_str())) userconf = std::string("~/") + OLDDIR; } } /* parse order and target vector to a comma-separated list */ ordering = parse_fqan(order, true); for (std::vector::iterator i = targets.begin(); i != targets.end(); ++i) targetlist += (i == targets.begin() ? ("") : std::string(",")) + *i; /* preliminary checks if at least a server for each vo is known, else exit */ if (confiles.empty()) { confiles.push_back(userconf); confiles.push_back(CONFILENAME); } else userconf=""; if (!LoadVomses()) { delete v; exit(1); } for (unsigned int i = 0; i < vomses.size(); i++) { Contact contact(vomses[i]); /* exit if any server for that vo known */ std::vector servers; servers = v->FindByAlias(contact.vo().empty() ? contact.nick() : contact.vo()); if (servers.empty()) { Print(ERROR) << "VOMS Server for " << vomses[i] << " not known!" << std::endl; delete v; exit(1); } if (listing) break; } } if (!certdir.empty()) setenv("X509_CERT_DIR", certdir.c_str(), 1); } void Client::CleanAll() { sk_X509_pop_free(cert_chain, X509_free); X509_free(ucert); EVP_PKEY_free(private_key); free(cacertfile); free(certdir); free(certfile); free(keyfile); free(outfile); listfree((char **)aclist, (freefn)AC_free); delete v; OBJ_cleanup(); #warning if X509V3_EXT_cleanup is called valgrind moves some "still reachable" to "definitely lost"! // X509V3_EXT_cleanup(); } Client::~Client() { CleanAll(); } int Client::Run() { /* set output file and environment */ char * oldenv = getenv("X509_USER_PROXY"); std::string command; if (!noregen) { std::stringstream tmpproxyname; tmpproxyname << "/tmp/tmp_x509up_u" << getuid() << "_" << getpid(); proxyfile = tmpproxyname.str(); setenv("X509_USER_PROXY", proxyfile.c_str(), 1); } /* vomsdata */ v->SetLifetime(ac_hours * 3600 + ac_minutes * 60); v->Order(ordering); if (!targetlist.empty()) v->AddTarget(targetlist); (void)v->LoadCredentials(ucert, private_key, cert_chain); /* contacts servers for each vo */ for(std::vector::iterator i = vomses.begin(); i != vomses.end(); ++i) { if ((*i).empty()) continue; /* will contain all fqans requested for the vo */ std::vector fqans; Contact contact(*i); /* find servers for that vo */ std::vector servers; servers = v->FindByAlias(contact.nick()); std::default_random_engine rd{std::random_device{}()}; std::shuffle(servers.begin(), servers.end(), rd); std::string vo = (contact.vo().empty() ? servers[0].vo : contact.vo()); fqans.push_back(contact.fqan().empty() ? "/" + vo : contact.fqan()); /* determine which command to send to the server. */ if (listing) { /* when called as voms-proxy-list or --list is specified */ v->SetVerificationType(VERIFY_NONE); command = "A"; } else { /* check if other requests for the same vo exists */ for (std::vector::iterator j = i + 1; j < vomses.end(); ++j) { Contact tmp(*j); if ((tmp.vo() == vo) || (tmp.nick() == contact.nick())) { fqans.push_back(tmp.fqan().empty() ? "/" + vo : tmp.fqan()); *j = ""; } } /* parse fqans vector to build the command to send to the server */ command = parse_fqan(fqans); } /* and contact them */ std::string buffer; int version; /* contact each server until one answers */ for (std::vector::iterator beg = servers.begin(); beg != servers.end(); ++beg) { /* create a temporary proxy to contact the server */ if (!noregen) { Print(INFO) << "Creating temporary proxy " << std::flush; Print(DEBUG) << "to " << proxyfile << " " << std::flush; int tmp = hours; hours = 1; if (CreateProxy("", NULL, (beg->version == -1 ? proxyver : beg->version/10))) goto err2; hours = tmp; } /* contact server */ Print(INFO) << "Contacting " << " " << beg->host << ":" << beg->port << " [" << beg->contact << "] \"" << beg->vo << "\"" << std::flush; int status = v->ContactRaw(beg->host, beg->port, beg->contact, command, buffer, version, timeout); /* If it returns, all is ok */ PrintConnectResult(status, beg->contact); /* digest AC */ if (status) { AC *ac; if ((ac = getAC(buffer))) { if (listing) { v->Retrieve(ac); voms vv; if (v->DefaultData(vv)) { for (std::vector::iterator fqan = vv.fqan.begin(); fqan != vv.fqan.end(); ++fqan) data += *fqan + "\n"; } break; } /* retrieve AC and add to list */ else if (!AddToList(ac)) { Print(ERROR) << "Error while handling AC." << std::endl; if (!noregen) unlink(proxyfile.c_str()); return 3; } /* if contact succeded jumps to other vos */ break; } else if (listing) { data += buffer; break; } else { Print(ERROR) << "\nError decoding AC." << std::endl << "Error: " << v->ErrorMessage() << std::endl; } } if (beg != servers.end()-1) { Print(INFO) << std::endl << "Trying next server for " << beg->nick << "." << std::endl; } else { Print(ERROR) << std::endl << "None of the contacted servers for " << beg->vo << " were capable\nof returning a valid AC for the user." << std::endl; if (!noregen) unlink(proxyfile.c_str()); return 1; } } } /* unlink tmp proxy file */ if (!noregen) unlink(proxyfile.c_str()); /* set output file and environment */ proxyfile = outfile; setenv("X509_USER_PROXY", proxyfile.c_str(), 1); /* with separate write info to file and exit */ if (!separate.empty() && (!data.empty() || aclist)) { if (!WriteSeparate()) { Print(ERROR) << "Wasn't able to write to " << separate << std::endl; return 1; } return 0; } if (listing) { Print(FORCED) << "Available attributes:\n" << data <ErrorMessage().empty()) Print(ERROR) << "ERROR: " << v->ErrorMessage() << std::endl; err2: return 1; } bool Client::CreateProxy(std::string data, AC ** aclist, int version) { struct VOMSProxyArguments *args = VOMS_MakeProxyArguments(); int ret = 0; if (args) { args->proxyfilename = strdup(proxyfile.c_str()); if (!incfile.empty()) args->filename = strdup(incfile.c_str()); args->aclist = aclist; args->proxyversion = version; if (!data.empty()) { args->data = (char*)data.data(); args->datalen = data.length(); } args->newsubject = NULL; args->newsubjectlen = 0; args->cert = ucert; args->chain = cert_chain; args->key = private_key; args->bits = bits; if (!policyfile.empty()) args->policyfile = strdup(policyfile.c_str()); if (!policylang.empty()) args->policylang = strdup(policylang.c_str()); args->pathlength = pathlength; args->hours = hours; args->minutes = minutes; args->limited = limit_proxy; args->voID = strdup(voID.c_str()); args->callback = kpcallback; int warn = 0; void *additional = NULL; struct VOMSProxy *proxy = VOMS_MakeProxy(args, &warn, &additional); PrintProxyCreationError(warn, additional); if (proxy) { /* In case of success, OpenSSL routines have already automagically cleaned the contents of the aclist */ if (args->aclist == this->aclist) { free(args->aclist); this->aclist = NULL; } ret = VOMS_WriteProxy(proxyfile.c_str(), proxy); if (ret == -1) Print(ERROR) << "\nERROR: Cannot write proxy to: " << proxyfile << std::endl << std::flush; } if (ret != -1) Print(INFO) << " Done" << std::endl << std::flush; VOMS_FreeProxy(proxy); free(args->proxyfilename); free(args->policyfile); free(args->policylang); free(args->voID); free(args->filename); VOMS_FreeProxyArguments(args); } return ret == -1; } void Client::PrintProxyCreationError(int error, void *additional) { char *msg = ProxyCreationError(error, additional); if (msg) { if (PROXY_ERROR_IS_WARNING(error)) Print(DEBUG) << msg; else Print(ERROR) << msg; free(msg); } } AC *Client::ReadSeparate(const std::string& file) { BIO *in = BIO_new(BIO_s_file()); int res = BIO_read_filename(in, (char*)(file.c_str())); AC * ac = NULL; if (res) #ifdef TYPEDEF_I2D_OF ac = (AC*)PEM_ASN1_read_bio((d2i_of_void*)d2i_AC, "ATTRIBUTE CERTIFICATE", in, NULL, NULL, NULL); #else ac = (AC*)PEM_ASN1_read_bio(((char * (*)())d2i_AC), "ATTRIBUTE CERTIFICATE", in, NULL, NULL, NULL); #endif BIO_free(in); return ac; } bool Client::WriteSeparate() { std::string acfilename = separate + (data.empty() ? "" : ".ac"); if (aclist) { AC **aclisttmp = aclist; BIO * out = BIO_new(BIO_s_file()); BIO_write_filename(out, (char *)(acfilename).c_str()); while(*aclisttmp) { #ifdef TYPEDEF_I2D_OF if (!PEM_ASN1_write_bio((i2d_of_void *)i2d_AC, "ATTRIBUTE CERTIFICATE", out, (char *)*(aclisttmp++), NULL, NULL, 0, NULL, NULL)) #else if (!PEM_ASN1_write_bio(((int (*)())i2d_AC), "ATTRIBUTE CERTIFICATE", out, (char *)*(aclisttmp++), NULL, NULL, 0, NULL, NULL)) #endif { Print(INFO) << "Unable to write to BIO" << std::endl; BIO_free(out); return false; } } BIO_free(out); Print(INFO) << "Wrote ACs to " << acfilename << std::endl; } if (!data.empty()) { std::ofstream fs; std::string datafilename = separate + ".data"; fs.open(datafilename.c_str()); if (!fs) { Print(ERROR) << "cannot open file: " << datafilename << std::endl; return false; } else { for (std::string::iterator pos = data.begin(); pos != data.end(); ++pos) fs << *pos; fs.close(); } Print(INFO) << "Wrote data to " << datafilename << std::endl; } return true; } int Client::Verify() { X509 *cert = NULL; STACK_OF(X509) *chain = NULL; load_credentials(outfile, outfile, &cert, &chain, NULL, pw_cb); /* First step: Verify certificate chain. */ proxy_verify_ctx_init(&pvxd); proxy_verify_init(&pvd, &pvxd); pvxd.certdir = this->certdir; if (proxy_verify_cert_chain(cert, chain, &pvd)) { /* Second step: Verify AC. */ if (!dontverifyac) { if (!v->Retrieve(cert, chain, RECURSE_CHAIN)) { if (v->error != VERR_NOEXT) { Print(ERROR) << "Error: verification failed." << std::endl << v->ErrorMessage() << std::endl; goto err; } } } if (verify) Print(FORCED) << "verify OK" << std::endl; sk_X509_pop_free(chain, X509_free); X509_free(cert); return 0; } else { Print(ERROR) << "Error: Certificate verification failed." << std::endl; Error(); goto err; } // Should never reach here Error(); err: sk_X509_pop_free(chain, X509_free); X509_free(cert); return 1; } bool Client::Test() { ASN1_UTCTIME * asn1_time = ASN1_UTCTIME_new(); X509_gmtime_adj(asn1_time, 0); time_t time_now = ASN1_UTCTIME_mktime(asn1_time); ASN1_UTCTIME_free(asn1_time); time_t time_after = ASN1_UTCTIME_mktime(X509_get_notAfter(ucert)); time_t time_diff = time_after - time_now ; int length = hours*60*60 + minutes*60; if (time_diff < 0) { Print(WARN) << std::endl << "ERROR: Your certificate expired " << asctime(localtime(&time_after)) << std::endl; return true; } if (hours && time_diff < length) { Print(WARN) << std::endl << "Warning: your certificate and proxy will expire " << asctime(localtime(&time_after)) << "which is within the requested lifetime of the proxy" << std::endl; return false; } if (!quiet) { time_t time_after_proxy; time_after_proxy = time_now + length; Print(INFO) << "Your proxy is valid until " << asctime(localtime(&time_after_proxy)) << std::flush; } return false; } bool Client::AddToList(AC *ac) { AC **actmplist = NULL; if (!ac) return false; actmplist = (AC **)listadd((char **)aclist, (char *)ac); if (actmplist) { /* Only for comaptibility with APIs version <= 1.5 */ aclist = actmplist; return true; } else { listfree((char **)aclist, (freefn)AC_free); aclist = NULL; Error(); return false; } /* Control should never reach here */ /* return false; */ } bool Client::checkstats(char *file, int mode) { struct stat stats; if (stat(file, &stats) == -1) { Print(ERROR) << "Unable to find user certificate or key: " << file << std::endl; return false; } if (stats.st_mode & mode) { Print(ERROR) << std::endl << "ERROR: Couldn't find valid credentials to generate a proxy." << std::endl << "Use --debug for further information." << std::endl; Print(DEBUG) << "Wrong permissions on file: " << file << std::endl; return false; } return true; } bool Client::pcdInit() { int status = false; ERR_load_prxyerr_strings(0); SSLeay_add_ssl_algorithms(); ERR_load_crypto_strings(); OpenSSL_add_all_ciphers(); PKCS12_PBE_add(); if (!determine_filenames(&cacertfile, &certdir, &outfile, &certfile, &keyfile, noregen ? 1 : 0)) goto err; if (!certfile){ Print(ERROR) << "ERROR: Coudln't find valid credentials to generate a proxy." << std::endl; goto err; } if (certfile == keyfile) keyfile = strdup(certfile); if (!noregen) { if (certfile) setenv("X509_USER_CERT", certfile, 1); if (keyfile) setenv("X509_USER_KEY", keyfile, 1); } else { if (outfile) { setenv("X509_USER_CERT", outfile, 1); setenv("X509_USER_KEY", outfile, 1); } } // verify that user's certificate and key have the correct permissions if (!checkstats(certfile, S_IXUSR | S_IWGRP | S_IXGRP | S_IWOTH | S_IXOTH) || !checkstats(keyfile, S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IRGRP | S_IWOTH | S_IXOTH)) exit(1); Print(DEBUG) << "Files being used:" << std::endl << " CA certificate file: " << (cacertfile ? cacertfile : "none") << std::endl << " Trusted certificates directory : " << (certdir ? certdir : "none") << std::endl << " Proxy certificate file : " << (outfile ? outfile : "none") << std::endl << " User certificate file: " << (certfile ? certfile : "none") << std::endl << " User key file: " << (keyfile ? keyfile : "none") << std::endl << "Output to " << outfile << std::endl; if (!load_credentials(certfile, keyfile, &ucert, &cert_chain, &private_key, pw_cb)) goto err; if (!quiet) { char * s = NULL; s = X509_NAME_oneline(X509_get_subject_name(ucert),NULL,0); Print(INFO) << "Your identity: " << s << std::endl; OPENSSL_free(s); } status = true; err: Error(); return status; } void Client::Error() { Print(ERROR) << OpenSSLError(debug); } static AC *getAC(const std::string& data) { VOMS_MAYBECONST unsigned char *p; char *pp; AC *ac = NULL; int len = data.size(); pp = (char *)malloc(len); if (pp) { pp = (char *)memcpy(pp, data.data(), len); p = (VOMS_MAYBECONST unsigned char*)pp; ac = d2i_AC(NULL, (VOMS_MAYBECONST unsigned char **)&p, len); free(pp); } return ac; } bool Client::LoadVomses() { bool failfatal = failonwarn || confiles.size() == 1; bool alwaysprint = !ignorewarn || confiles.size() == 1; for (std::vector::iterator i = confiles.begin(); i != confiles.end(); ++i) { if (debug) std::cout << "Using configuration file "<< *i << std::endl; bool res = v->LoadSystemContacts(*i); if (!res) { if (v->error == VERR_FORMAT) { Print(ERROR) << v->ErrorMessage() << std::endl; return false; } else if (v->error == VERR_DIR) { /* Ignore errors while reading default file unless that is the only file */ if (*i != userconf || confiles.size() == 1) { if (alwaysprint) Print(ERROR) << v->ErrorMessage() << std::endl; if (failfatal) return false; } } } } return true; } struct nullstream: std::ostream { struct nullbuf: std::streambuf { int overflow(int c) { return traits_type::not_eof(c); } } m_sbuf; nullstream(): std::ios(&m_sbuf), std::ostream(&m_sbuf) {} }; nullstream voidstream; std::ostream& Client::Print(message_type type) { if (type == FORCED) return std::cout; if (type == ERROR || (failonwarn && type == WARN)) return std::cerr; if (quiet || (ignorewarn && type == WARN)) return voidstream; if (type == WARN) return std::cerr; if (type == DEBUG && !debug) return voidstream; return std::cout; } void Client::PrintConnectResult(int status, const std::string& contact) { /* print status */ Print(INFO) << (status ? " Done" : " Failed") << std::endl; std::string serror = v->ServerErrors(); /* check for errors from the server */ if (!status) { /* Something wrong during connection: Is it a socket error? */ if (v->error == VERR_NOSOCKET) Error(); /* Is it a server error? */ if (!serror.empty()) { Print(ERROR) << std::endl << "Error: " << serror << std::endl; } /* Is it a local error? */ std::string cerror = v->ErrorMessage(); if (!status && serror.empty() && !cerror.empty()) { Print(ERROR) << std::endl << "Error: " << cerror << std::endl; } } /* check for warnings from the server */ else if (!serror.empty() && !ignorewarn) { /* No error but errorstring not empty implies a warning. */ Print(WARN) << std::endl << "Warning: " << serror << std::endl << std::endl; if (failonwarn) { Print(ERROR) << std::endl << "Error in getting data from VOMS server:" << contact << " (or in memorizing)" << std::endl; /* Remove temporary proxy */ if (!noregen) unlink(proxyfile.c_str()); CleanAll(); exit(1); } } } void Client::parse_time(const std::string& timespec, const std::string& option, int& hours, int& minutes) { if (!timespec.empty()) { std::string::size_type pos = timespec.find(':'); if (pos != std::string::npos && pos > 0) { hours = atoi(timespec.substr(0, pos).c_str()); minutes = atoi(timespec.substr(pos+1).c_str()); } else { Print(ERROR) << "-" << option << " argument must be in the format: h:m" << std::endl; exit(1); } if (hours < 0) { Print(ERROR) << "specified hours must be positive" << std::endl; exit(1); } if (minutes < 0 || minutes > 59) { Print(ERROR) << "specified minutes must be in the range 0-59" << std::endl; exit(1); } } } voms-2.1.2/src/client/vomsclient.h000066400000000000000000000104401477131364200171100ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_CLIENT_VOMSCLIENT_H #define VOMS_CLIENT_VOMSCLIENT_H #include #include #include #include #include "voms_api.h" extern "C" { #include "openssl/bn.h" #include "sslutils.h" #include "newformat.h" } enum message_type {FORCED, INFO, WARN, ERROR, DEBUG}; class VOMSException : public std::exception { public: VOMSException(const std::string &er = "") : error(er) {} ~VOMSException() throw () {} const std::string error; //: The error message virtual const char* what( void ) const throw () { return error.c_str(); } }; class Client { private: std::string program; bool ignorewarn; bool failonwarn; // PKI files char * cacertfile; char * certdir; char * certfile; char * keyfile; // output files char * outfile; std::string proxyfile; // special location for configuration files */ std::string confile; std::string userconf; std::string incfile; std::string separate; // proxy and AC settings */ int bits; int hours; int minutes; int ac_hours; int ac_minutes; bool limit_proxy; int proxyver; std::string policyfile; std::string policylang; int pathlength; // verify the cert is good bool verify; // doesn't regenerate proxy, use old bool noregen; // globus version int version; std::vector vomses; std::string ordering; std::string targetlist; std::vector confiles; #ifdef CLASS_ADD void * class_add_buf; size_t class_add_buf_len; #endif // proxy_cred_desc * pcd; proxy_verify_desc pvd; proxy_verify_ctx_desc pvxd; // store data retrieved from server AC ** aclist; std::string data; // vo std::string voID; bool listing; STACK_OF(X509) *cert_chain; X509 *ucert; EVP_PKEY *private_key; int timeout; std::string acfile; vomsdata *v; public: Client(int argc, char** argv); ~Client(); int Run(); private: bool CreateProxy(std::string data, AC ** aclist, int version); bool AddToList(AC *ac); // write AC and data retrieved form server to file bool WriteSeparate(); // test if certificate used for signing is expired bool Test(); bool pcdInit(); // verify the certificate is signed by a trusted CA int Verify(); // get openssl error */ void Error(); void CleanAll(); bool LoadVomses(); std::ostream& Print(message_type type); bool checkstats(char *file, int mode); void PrintProxyCreationError(int, void *); AC *ReadSeparate(const std::string&); void PrintConnectResult(int status, const std::string& contact); void parse_time(const std::string& timespec, const std::string& option, int& hours, int& minutes); }; #endif voms-2.1.2/src/common/000077500000000000000000000000001477131364200145675ustar00rootroot00000000000000voms-2.1.2/src/common/Makefile.am000066400000000000000000000010401477131364200166160ustar00rootroot00000000000000 AM_CPPFLAGS = \ -I $(top_srcdir)/src/include \ -I $(top_srcdir)/src/sslutils \ $(EXPAT_CFLAGS) \ $(OPENSSL_CFLAGS) AM_LDFLAGS = \ $(EXPAT_LIBS) \ $(OPENSSL_LIBS) noinst_LTLIBRARIES = \ libutilities_nog.la \ libutilc_nog.la libutilities_nog_la_SOURCES = \ data.cc \ options.cc \ pass.cc \ fqan.cc \ xmlcc.cc libutilities_nog_la_CFLAGS = \ -DNOGLOBUS \ $(NO_GLOBUS_FLAGS) libutilc_nog_la_CFLAGS = \ $(NO_GLOBUS_FLAGS) \ -DNOGLOBUS libutilc_nog_la_SOURCES = \ list.c \ failure.c \ doio.c \ normalize.c \ credentials.c voms-2.1.2/src/common/credentials.c000066400000000000000000000046131477131364200172340ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "replace.h" #include #include #include #include #include #include #include #include #include "credentials.h" #include "sslutils.h" #include "voms_cert_type.h" X509 * get_real_cert(X509 *base, STACK_OF(X509) *stk) { X509 *cert = NULL; int i; voms_cert_type_t cert_type; if (voms_get_cert_type(base, &cert_type)){ // FIXME: This is just for backward compatibility, where error in the // proxy_check_proxy_name call weren't handled return base; } if (!VOMS_IS_PROXY(cert_type)){ return base; } int num_certs = sk_X509_num(stk); /* Determine id data */ for (i = 0; i < num_certs; i++) { cert = sk_X509_value(stk, i); if (voms_get_cert_type(cert, &cert_type)){ // FIXME: This is just for backward compatibility, where error in the // proxy_check_proxy_name call weren't handled return cert; } if (!VOMS_IS_PROXY(cert_type)){ return cert; } } return NULL; } char * get_peer_serial(X509 *cert) { char *res = NULL; ASN1_INTEGER * tmp; if (!cert) return NULL; tmp = X509_get_serialNumber(cert); if (tmp) { BIGNUM *bn = ASN1_INTEGER_to_BN(tmp, NULL); if (bn) res = BN_bn2hex(bn); BN_free(bn); } return res; } voms-2.1.2/src/common/data.cc000066400000000000000000000132201477131364200160050ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" extern "C" { #include #include #include #include #include #include #include #include #include #include #include #include #include "listfunc.h" } #include #include #include /* * Function: * filter(c) * * Description: * This function verifies if character 'c' is suitable to be included as * user input into an SQL query. * * Parameters: * 'c' - The character to test. * * Result: * A boolean indicating success or failure. * * Note: * This function could have been implemented more easily using the * isalnum() and the like. The problem with those functions is that * they are subject to the current LOCALE, and so there is no way to * actually be sure about the characters tested. This way should be * free of that problem. */ static bool filter(char c) { switch (c) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': case '_': case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': case 'G': case 'H': case 'I': case 'J': case 'K': case 'L': case 'M': case 'N': case 'O': case 'P': case 'Q': case 'R': case 'S': case 'T': case 'U': case 'V': case 'W': case 'X': case 'Y': case 'Z': case 'a': case 'b': case 'c': case 'd': case 'e': case 'f': case 'g': case 'h': case 'i': case 'j': case 'k': case 'l': case 'm': case 'n': case 'o': case 'p': case 'q': case 'r': case 's': case 't': case 'u': case 'v': case 'w': case 'x': case 'y': case 'z': case '/': case '-': case '.': return true; default: return false; } } /* * Function: * acceptable(str) * * Description: * This function tests a whole string for suitability for insertion * into an SQL query. * * Parameters: * 'str' - The string to be tested. Note that the NULL string always * tests true. * * Result: * A boolean indicating success or failure. */ bool acceptable(const char *str) { if (str) { while (*str) { if (!filter(*str)) return false; str++; } } return true; } char * timestamp(void) { time_t clock; struct tm *tmp; time(&clock); tmp = localtime(&clock); return asctime(tmp); } std::string stringify(int i, std::string &s) { // Gets an integer' size in chars + '\0' #define INTSIZE (((sizeof(int)*CHAR_BIT)/3)+2) static char val[INTSIZE]; memset(val, 0, INTSIZE); #undef INTSIZE sprintf(val, "%d", i); s = val; return s; } std::string OpenSSLError(bool debug) { std::ostringstream os; char const *file; int line; char const *data; int flags; unsigned long code = ERR_get_error_line_data(&file, &line, &data, &flags); while (code) { std::size_t const buf_size = 256; char buf[buf_size]; ERR_error_string_n(code, buf, buf_size); os << file << ':' << line << ':' << buf << (data && (flags & ERR_TXT_STRING) ? data : "") << '\n'; code = ERR_get_error_line_data(&file, &line, &data, &flags); } return os.str(); } static char *readfile(const char *file, int *size) { int fd = open(file,O_RDONLY); char *buffer = NULL; if (fd != -1) { struct stat filestats; if (!fstat(fd, &filestats)) { *size = filestats.st_size; buffer = (char *)malloc(*size); if (buffer) { int offset = 0; int ret = 0; do { ret = read(fd, buffer+offset, *size - offset); offset += ret; } while ( ret > 0); if (ret < 0) { free(buffer); buffer = NULL; } } } close(fd); } return buffer; } std::string readfile(std::string filename) { int len = 0; char *buffer = NULL; std::string result = ""; buffer = readfile(filename.c_str(), &len); if (buffer) { result = std::string(buffer, len); free(buffer); } return result; } extern "C" { int hex2num(char c) { if (isdigit(c)) return c - '0'; else { char d = tolower(c); if (d >= 'a' && d <= 'f') return d - 'a' + 10; return 0; } } } // convert vector of strings to char** char **vectoarray(std::vector& vector) { char **array = (char**)calloc(vector.size() + 1, sizeof(char*)); if (array) { int j = 0; std::vector::const_iterator end = vector.end(); for (std::vector::const_iterator i = vector.begin(); i != end; ++i) { array[j] = strdup((*i).c_str()); if (!array[j]) { listfree(array, free); return NULL; } j++; } } return array; } voms-2.1.2/src/common/doio.c000066400000000000000000000033601477131364200156670ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include char *vsnprintf_wrap(const char *format, va_list v) { va_list w; va_copy(w,v);; char *str = NULL; int plen = 0; plen = vsnprintf(str, 0, format, v); if (plen > 0) { str = (char *)malloc(plen+1); if (str) { (void)vsnprintf(str, plen+1, format, w); va_end(w); } } return str; } char *snprintf_wrap(const char *format, ...) { va_list v; char *str = NULL; va_start(v, format); str = vsnprintf_wrap(format, v); va_end(v); return str; } int fileexists(const char *file) { FILE *f = fopen(file, "r"); if (f) { fclose(f); return 1; } return 0; } voms-2.1.2/src/common/failure.c000066400000000000000000000103431477131364200163630ustar00rootroot00000000000000/** * This source file is used to print out a stack-trace when your program * segfaults. It is relatively reliable and spot-on accurate. * * This code is in the public domain. Use it as you see fit, some credit * would be appreciated, but is not a prerequisite for usage. Feedback * on it's use would encourage further development and maintenance. * * Due to a bug in gcc-4.x.x you currently have to compile as C++ if you want * demangling to work. * * Please note that it's been ported into my ULS library, thus the check for * HAS_ULSLIB and the use of the sigsegv_outp macro based on that define. * * Author: Jaco Kroon * * Copyright (C) 2005 - 2009 Jaco Kroon */ #include "config.h" static int dummy = 0; #if 0 #if 0 #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif /* Bug in gcc prevents from using CPP_DEMANGLE in pure "C" */ #if !defined(__cplusplus) && !defined(NO_CPP_DEMANGLE) #define NO_CPP_DEMANGLE #endif #include #include #include #include #include #include #include #ifndef NO_CPP_DEMANGLE #include #ifdef __cplusplus using __cxxabiv1::__cxa_demangle; #endif #endif #define sigsegv_outp(x, ...) fprintf(outfile, x "\n", ##__VA_ARGS__) /* extern char **argv; */ /* extern int argc; */ #if defined(REG_RIP) # define SIGSEGV_STACK_IA64 # define REGFORMAT "%016lx" #elif defined(REG_EIP) # define SIGSEGV_STACK_X86 # define REGFORMAT "%08x" #else # define SIGSEGV_STACK_GENERIC # define REGFORMAT "%x" #endif void signal_segv(int signum, siginfo_t* info, void*ptr) { ucontext_t *ucontext = (ucontext_t*)ptr; Dl_info dlinfo; void **bp = 0; void *ip = 0; int f = 0; static const char *si_codes[3] = {"", "SEGV_MAPERR", "SEGV_ACCERR"}; FILE *outfile = fopen("/tmp/sigsegv_report", "w+"); if (!outfile) outfile = stderr; sigsegv_outp("Segmentation Fault!"); sigsegv_outp("info.si_signo = %d", signum); sigsegv_outp("info.si_errno = %d", info->si_errno); sigsegv_outp("info.si_code = %d (%s)", info->si_code, si_codes[info->si_code]); sigsegv_outp("info.si_addr = %p", info->si_addr); #if defined(SIGSEGV_STACK_IA64) || defined(SIGSEGV_STACK_X86) #if defined(SIGSEGV_STACK_IA64) ip = (void*)ucontext->uc_mcontext.gregs[REG_RIP]; bp = (void**)ucontext->uc_mcontext.gregs[REG_RBP]; #elif defined(SIGSEGV_STACK_X86) ip = (void*)ucontext->uc_mcontext.gregs[REG_EIP]; bp = (void**)ucontext->uc_mcontext.gregs[REG_EBP]; #endif sigsegv_outp("Stack trace:"); while(bp && ip) { if(!dladdr(ip, &dlinfo)) break; { const char *symname = dlinfo.dli_sname; #ifndef NO_CPP_DEMANGLE int status; char * tmp = __cxa_demangle(symname, NULL, 0, &status); if (status == 0 && tmp) symname = tmp; #endif sigsegv_outp("% 2d: %p <%s+%lu> (%s)", ++f, ip, symname, (unsigned long)ip - (unsigned long)dlinfo.dli_saddr, dlinfo.dli_fname); #ifndef NO_CPP_DEMANGLE if (tmp) free(tmp); #endif } if(dlinfo.dli_sname && !strcmp(dlinfo.dli_sname, "main")) break; ip = bp[1]; bp = (void**)bp[0]; } #else sigsegv_outp("Stack trace (non-dedicated):"); { int i; int sz; char *bt[21]; char **strings; sz = backtrace(bt, 20); strings = backtrace_symbols(bt, sz); for(i = 0; i < sz; ++i) { sigsegv_outp("%s", strings[i]); } } #endif sigsegv_outp("End of stack trace."); /* sigsegv_outp("Command line: "); */ /* for (i = 0; i < argc; i++) */ /* sigsegv_outp("%s ", argv[i]); */ /* sigsegv_outp("\n"); */ if (outfile != stderr) fclose(outfile); fprintf(stderr, "Segmentation Fault!\nThe program had a serious failure.\nIf you wish to help the developers fix it,\nplease send the /tmp/sigsegv_report file\n to a@cnaf.infn.it.\nThe file contains no personally identifying information.\nThanks for your help!\n"); _exit (-1); } void __attribute__((constructor)) setup_sigsegv() { struct sigaction action; memset(&action, 0, sizeof(action)); action.sa_sigaction = signal_segv; action.sa_flags = SA_SIGINFO; if(sigaction(SIGSEGV, &action, NULL) < 0) perror("sigaction"); } #else static int dummy = 0; #endif #endif voms-2.1.2/src/common/fqan.cc000066400000000000000000000047301477131364200160270ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include "fqan.h" static std::string FQANParse(const std::string& fqan, bool add_command); std::string parse_fqan(const std::vector& fqans, bool clean) { std::string parsed; for(std::vector::const_iterator i = fqans.begin(); i != fqans.end(); ++i) { parsed += FQANParse(*i, !clean); if(i != (fqans.end() - 1)) parsed += ","; } return parsed; } static std::string FQANParse(const std::string& fqan, bool add_command) { std::string parsed = fqan; /* check if fqan is all */ if (fqan == "all" || fqan == "ALL") parsed = (add_command ? "A" : ""); else { /* check for presence of capability selection */ std::string::size_type cap_pos = fqan.find("/Capability="); if(cap_pos!=std::string::npos) { std::cerr << "capability selection not supported" << std::endl; exit(1); } /* check for role selection*/ std::string::size_type role_pos = fqan.find("/Role="); if (role_pos != std::string::npos && role_pos > 0) parsed = (add_command ? "B" : "") + fqan.substr(0, role_pos) + ":" + fqan.substr(role_pos+6); else if (role_pos==0) parsed = (add_command ? "R" : "") + fqan.substr(role_pos+6); else if (fqan[0] == '/') parsed = (add_command ? "G" : "") + fqan.substr(0); } return parsed; } voms-2.1.2/src/common/list.c000066400000000000000000000033471477131364200157150ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include char **listadd(char **vect, char *data) { int i = 0; char **newvect; if (!data) return vect; if (vect) while (vect[i++]) ; else i=1; if ((newvect = (char **)malloc((i+1)*sizeof(char *)))) { if (vect) { memcpy(newvect, vect, (sizeof(char*)*(i-1))); newvect[i-1] = data; newvect[i] = NULL; free(vect); } else { newvect[0] = data; newvect[1] = NULL; } return newvect; } return NULL; } void listfree(char **vect, void (*f)(void *)) { char **tmp = vect; if (tmp) { int i = 0; while (tmp[i]) f(tmp[i++]); free(vect); } } voms-2.1.2/src/common/normalize.c000066400000000000000000000035201477131364200167330ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include "doio.h" static char *change(const char *str, const char *from, const char *to) { char *copy = strdup(str); if (!copy) return NULL; char *pos = strstr(copy, from); char *tmp = NULL; while (pos) { *pos = '\0'; tmp = snprintf_wrap("%s%s%s", copy, to, pos + strlen(from)); if (tmp) { free(copy); copy = tmp; } pos = strstr(copy + strlen(to), from); } return copy; } char *normalize(const char *str) { char *tmp = NULL; char *tmp2 = NULL; tmp = change(str, "/USERID=", "/UID="); tmp2 = change(tmp, "/emailAddress=", "/Email="); free(tmp); tmp = change(tmp2, "/E=", "/Email="); free(tmp2); tmp2 = change(tmp, "\\/", "/"); free(tmp); return tmp2; } voms-2.1.2/src/common/options.cc000066400000000000000000000231111477131364200165670ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #define __USE_GNU 1 extern "C" { #include #include #if defined(HAVE_GETOPT_LONG) || defined(HAVE_GETOPT_LONG_ONLY) #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #include #endif #include "getopts.h" #include } #include "options.h" #include #include #include extern "C" { extern char *optarg; extern int optind, opterr, optopt; } /******************************/ static char *savea; static int savei, savee, saveo; bool getopts(int argc, char * const argv[], struct option *longopts); void set_usage(std::string); static void usage(char *); static bool getopts_real(int argc, char * const argv[], struct option *longopts, struct option *opts); static std::string usage_string = ""; /* * Function: * set_usage(std::string) * * Description: * The following function sets the usage std::string used by the usage() * function (See). * * Parameters: * 'std::string' - The usage std::string. * * Result: * None. */ void set_usage(std::string str) { usage_string = str; savei=optind; savee=opterr; saveo=optopt; savea=optarg; } /* * Function: * usage(name) * * Description: * This function prints the usage std::string previously memorized with the * set_usage() function. (See) * * Parameters: * 'name' - The name of the program that calls this function. * * Result: * None. */ static void usage(char *name) { std::cerr << name << ": " << usage_string << std::endl; } /* * Function: * getopts(argc, argv, longopts) * * Description: * This function parses the command line using the getopt_long_only() * function, and then does initialize some variables base on the * parameters it finds. The scanning itself stops as soon as a * non-option argument is encountered. * * Parameters: * 'argc' - The program's argc. * 'argv' - The program's argv. * 'longopts' - This is an array of option structures (see getopt_long(3)). * However, the semantics of its fields have changed. First * of all, the has_arg is now irrelevant, and the meaning of * the flag field depends on the content of the val one. So, * let's see the possible values of the val field: * * OPT_NONE : Nothing happens. * OPT_HELP : The usage std::string is printed and the function * failes. * OPT_BOOL : The flag field is expected to be a pointer to * an integer that will be set to 1 if the option * is specified and left alone otherwise. * OPT_STD::STRING : The flag field is expected to be a pointer to a * std::string that will be set to point at the * argument. * OPT_NUM : The flag field is expected to be a pointer to * an integer whose pointed value will be set with * the numeric value of the argument of the * option. * OPT_CONFIG : The flag field is irrelevant. The argument of * the option is the name of a file that will be * loaded into memory and that is expected to * contain more options that will be evaluated * immediately. The format of its contents is the * following: * -[-]name[=value] * where the parts between [] are optional. There * must be at most one such option per line. * OPT_MULTI : A flag so specified may be present multiple * times in the command line, it is expected to * have a value, all the values are recorded. The * flag field is supposed to be a pointer to an * array of std::string. The first two elements must * be filled by the caller and are not actual * std::strings. The first pointer of the array is in * reality expected to be the number of elements * that the array can accomodate minus 2, and the * second element must be the number of elements * already present (again, minus the first two). * On output, the second element will contain the * number of std::strings entered in the array. The * pointers to the std::strings themselves will start * from the third element. * * Result: * Failure: * false. * Success: * true. */ bool getopts(int argc, char * const argv[], struct option *longopts) { int i = 0, num=0; struct option *opts; optind=savei; opterr=savee; optopt=saveo; optarg=savea; optind = 0; /* * Count the number of options passed. */ while(!(longopts[num].name == 0 && longopts[num].has_arg == 0 && longopts[num].flag == 0 && longopts[num].val == 0)) num++; /* * Allocates and fills a properly formatted struct option array. */ try { opts = new struct option[num+1]; } catch (std::bad_alloc &e) { return false; } for (i = 0; i *v =((std::vector *)(longopts[index].flag)); if(optarg) v->push_back((std::string)(optarg)); else c = '?'; } break; case OPT_CONFIG: { std::ifstream f(optarg); bool res = true; std::string line; char *optargsave; int optindsave, opterrsave, optoptsave; while (f >> line) { if (line.c_str()[0] != '#') { std::vector v; v.push_back(argv[0]); v.push_back(line.c_str()); optargsave = optarg; optindsave = optind; opterrsave = opterr; optoptsave = optopt; optind = 0; res &= getopts_real(2, const_cast(&v[0]), longopts, opts); optarg = optargsave; optind = optindsave; opterr = opterrsave; optopt = optoptsave; } } if (!res) c = '?'; } break; case OPT_HELP: usage(argv[0]); exit(0); break; default: c = -2; break; } } if (c == ':') { c = '?'; } } while (c != '?' && c != -1); if (c == '?') { exit(1); } else if (optind < argc && argv[optind][0] != '#' ) { std::cerr << "Found non option element " << argv[optind] << " in command line." << std::endl; return false; } return true; } voms-2.1.2/src/common/pass.cc000066400000000000000000000134661477131364200160560ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" extern "C" { #include #include #include #include #include #include #include #include #include #include #include } #include extern "C" { #include "log.h" } #define MAXSIZE 1024 static char password[MAXSIZE]; /* Will contain the password */ static pid_t fatherpid=0; /* Will contain the pid of the process that * obtained the password.*/ /* * Function: * freepasswd() * * Description: * This function deletes the password and unlocks the memory that contained * it. * * Parameters: * NONE. * * Result: * NONE. */ static void freepasswd(void) { int i; for (i = 0; i < MAXSIZE; i++) password[i]='\0'; munlock(password, MAXSIZE); } /* * Function: * fun() * * Description: * This function is called during the process shutdown to delete the password * from memory. A check is made to ensure that the process that is closing is * the same one the got the password in memory. * * Parameters: * NONE. * * Result: * NONE. */ static void fun(void) { if (getpid() == fatherpid) { freepasswd(); } } /* * Function: * getpasswd(passfile) * * Description: * This file reads a password into memory, from a file if 'passfile' is not * NULL or from the console. It MUST be called only one time. * * Parameters: * 'passfile' - The name of the file that contains the password or NULL. * * Result: * Failure: * 0. * Success: * 1 */ bool getpasswd(std::string passfile, void *logh) { FILE *f = NULL; int ch = 0; int i = 0; struct termios term, term2; struct stat pf_stat; uid_t uid; LOGM(VARP, logh, LEV_INFO, T_STARTUP, "Password file: %s", passfile.c_str()); /* register the pid */ fatherpid = getpid(); atexit(fun); uid = geteuid(); if (uid == 0) { /* Need to be root to lock memory */ /* lock needed memory */ if (mlock(password, MAXSIZE) != 0) return false; if (mlock(&ch, sizeof(ch)) != 0) { munlock(password, MAXSIZE); return false; } } if (passfile.empty()) { /* read from the console */ if ((f = fopen("/dev/tty","r+"))) { fprintf(f, "password: "); fflush(f); if (0 == tcgetattr(fileno(f), &term)) { term2 = term; term.c_lflag &= ~(ECHO|ISIG); if ((tcsetattr (fileno (f), TCSAFLUSH, &term))) goto error; } else goto error; while (((ch = fgetc(f)) != '\n') && (ch != EOF) && (i < (MAXSIZE-1))) password[i++] = ch; if (i >= (MAXSIZE - 1)) { LOG(logh, LEV_ERROR, T_STARTUP, "password too long!"); goto error; } if (ch == EOF) { LOG(logh, LEV_ERROR, T_STARTUP, "missing new line at end of file!"); goto error; } password[i] = '\0'; tcsetattr(fileno(f),TCSAFLUSH, &term2); fflush(f); fprintf(f,"\n"); } else goto error; } else { /* read from a file */ if ((f = fopen(passfile.c_str(),"r"))) { if (fstat(fileno(f),&pf_stat) == 0) { if (pf_stat.st_mode != (S_IRUSR|S_IRGRP|S_IWUSR|S_IFREG)) { LOG(logh, LEV_ERROR, T_STARTUP, "Wrong permissions of password file!\n" "Needs to be 640.\n"); goto error; } if(pf_stat.st_uid != 0 && pf_stat.st_uid != uid) { LOG(logh, LEV_ERROR, T_STARTUP, "Wrong ownership of password file %s\n" "Needs to be owned by root or by the user.\n"); goto error; } if (!setvbuf(f, NULL, _IONBF, 0)) { while (((ch = fgetc(f)) != '\n') && (ch != EOF) && (i < (MAXSIZE-1))) password[i++] = ch; if (i >= (MAXSIZE - 1)) { LOGM(VARP, logh, LEV_ERROR, T_STARTUP, "Password too long! Max length = %d", (MAXSIZE-1)); goto error; } if (ch == EOF) { LOG(logh, LEV_ERROR, T_STARTUP, "Missing new line at end of file!"); goto error; } password[i] = '\0'; } else goto error; } else goto error; } else goto error; } fclose(f); ch = 0; if (uid == 0) munlock(&ch, sizeof(ch)); return true; error: ch = 0; for (i = 0; i < MAXSIZE; i++) password[i] = '\0'; if (uid == 0) { munlock(&ch, sizeof(ch)); munlock(password, MAXSIZE); } if (f) fclose(f); return false; } /* * Function: * passwd() * * Description: * This function returns the password entered via the getpasswd() function. * * Parameters: * NONE. * * Result: * The password. This value is meaningless if getpasswd() hasn't been called * before this function. */ char * passwd(void) { return password; } voms-2.1.2/src/common/xmlcc.cc000066400000000000000000000276671477131364200162260ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include "vomsxml.h" #include "errors.h" #include extern "C" { #include #include #include #include #include #include "doio.h" static void startans(void *userdata, UNUSED(const char *name), UNUSED(const char **attrs)); static void startreq(void *userdata, UNUSED(const char *name), UNUSED(const char **attrs)); static void endreq(void *userdata, const char *name); static void endans(void *userdata, const char *name); static void handlerreq(void *userdata, const char *s, int len); static void handlerans(void *userdata, const char *s, int len); } struct req { struct request *r; std::string value; int error; int depth; }; struct ans { struct answer *a; std::string value; int error; int depth; int num; std::string message; }; static char trans[] = "abcdefghijklmnopqrstuvwxyz" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "0123456789[]"; static char trans2[128] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 0, 0, 0, 0, 0, 0, 0, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 62, 0, 63, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 0, 0, 0, 0, 0}; static char *MyEncode(const char *data, int size, int *j); static char *MyDecode(const char *data, int size, int *j); static char *base64Encode(const char *data, int size, int *j) { BIO *in = NULL; BIO *b64 = NULL; int len = 0; char *buffer = NULL; in = BIO_new(BIO_s_mem()); b64 = BIO_new(BIO_f_base64()); if (!in || !b64) goto err; b64 = BIO_push(b64, in); BIO_write(b64, data, size); BIO_flush(b64); *j = len = BIO_pending(in); buffer = (char *)malloc(len); if (!buffer) goto err; if (BIO_read(in, buffer, len) != len) { free(buffer); buffer = NULL; goto err; } err: BIO_free(b64); BIO_free(in); return buffer; } static char *base64Decode(const char *data, int size, int *j) { BIO *b64 = NULL; BIO *in = NULL; char *buffer = (char *)malloc(size); if (!buffer) return NULL; memset(buffer, 0, size); b64 = BIO_new(BIO_f_base64()); in = BIO_new_mem_buf((char*)data, size); in = BIO_push(b64, in); *j = BIO_read(in, buffer, size); BIO_free_all(in); return buffer; } std::string Decode(const std::string& data) { int j = 0; char * tmp = NULL; if (data.find_first_of('\n') != std::string::npos) tmp = base64Decode(data.data(), data.size(), &j); else tmp = MyDecode(data.data(), data.size(), &j); if (tmp) { std::string s = std::string(tmp, j); free(tmp); return s; } return ""; } static char *MyEncode(const char *data, int size, int *j) { char *res; if (!data || !size) { *j = 0; return NULL; } if ((res = (char *)calloc(1, (size*4)/3+2))) { int i = 0; int bit = 0; *j = 0; while (i < size) { char c = data[i]; char c2 = ((i < (size-1)) ? data[i+1] : 0); switch (bit) { case 0: res[*j] = (c & 0xfc) >> 2; bit=2; break; case 2: res[*j] = ((c & 0x03) << 4) | ((c2 & 0xf0) >> 4); bit=4; i++; break; case 4: res[*j] = ((c & 0x0f) << 2) | ((c2 & 0xc0) >> 6); bit=6; i++; break; case 6: res[*j] = c & 0x3f; bit=0; i++; break; default: free(res); return NULL; break; } res[*j] = trans[(int)res[*j]]; (*j)++; } res[*j]='\0'; return res; } return NULL; } static char *MyDecode(const char *data, int size, int *n) { char *res; if (!data || !size) return NULL; if ((res = (char *)calloc(1, (size*3)/4 + 2))) { int bit = 0; int i = 0; *n = 0; while (i < size) { char c = trans2[(int)data[i]]; char c2 = (((i+1) < size) ? trans2[(int)data[i+1]] : 0); switch(bit) { case 0: res[*n] = ((c & 0x3f) << 2) | ((c2 & 0x30) >> 4); if ((i+1) < size) (*n)++; bit=4; i++; break; case 4: res[*n] = ((c & 0x0f) << 4) | ((c2 & 0x3c) >> 2); if ((i+1) < size) (*n)++; bit=2; i++; break; case 2: res[*n] = ((c & 0x03) << 6) | (c2 & 0x3f); if ((i+1) < size) (*n)++; i += 2; bit = 0; break; } } return res; } return NULL; } std::string XML_Req_Encode(const std::string &command, const std::string &order, const std::string &targets, const int lifetime) { std::ostringstream res; std::istringstream cmds(command); std::string preamble = ""; res << preamble; std::string c; while(getline(cmds,c,',')) res << "" << c << ""; if (!order.empty()) res << "" << order << ""; if (!targets.empty()) res << "" << targets << ""; res << "14"; if (lifetime <= 0) res << ""; else res << "" << lifetime << ""; res << ""; return res.str(); } std::string Encode(const std::string &data, int base64) { int j = 0; char *tmp = NULL; std::string result; if (base64) tmp = base64Encode(data.data(), data.size(), &j); else tmp = MyEncode(data.data(), data.size(), &j); if (tmp) { result = std::string(tmp, j); free(tmp); } return result; } std::string XML_Ans_Encode(const std::string &ac, const std::string &data, const std::vector& e, bool base64) { char *str = NULL; if (ac.empty() && data.empty()) return ""; std::string codedac = Encode(ac, base64); std::string codeddata = Encode(data, base64); if ((codedac.empty() && !ac.empty()) && (codeddata.empty() && !data.empty())) { return ""; } std::string res="3"; if (!e.empty()) { res += ""; std::vector::const_iterator end = e.end(); for (std::vector::const_iterator i = e.begin(); i != end; ++i) { res +=""; str = snprintf_wrap("%d", (*i).num); res += std::string(str ? str : ""); free(str); res += "" + (*i).message + ""; } res +=""; } if (!codeddata.empty()) res += "" + codeddata + ""; if (!codedac.empty()) res += "" + codedac + ""; res += ""; return res; } bool XML_Req_Decode(const std::string &message, request &r) { struct req d; d.r = &r; d.value=""; d.depth = d.error = 0; r.order = ""; r.targets = ""; r.lifetime = r.version = 0; r.base64 = false; XML_Parser p = XML_ParserCreate(NULL); XML_SetUserData(p, (void*)&d); XML_SetElementHandler(p,startreq,endreq); XML_SetCharacterDataHandler(p,handlerreq); int res = XML_Parse(p, message.data(), message.size(), 1); XML_ParserFree(p); return res != 0; } bool XML_Ans_Decode(const std::string &message, answer &a) { struct ans d; d.a = &a; d.value = ""; d.depth = d.error = 0; XML_Parser p = XML_ParserCreate(NULL); XML_SetUserData(p, (void *)&d); XML_SetElementHandler(p,startans,endans); XML_SetCharacterDataHandler(p,handlerans); int res = XML_Parse(p, message.data(), message.size(), 1); XML_ParserFree(p); return res != 0; } extern "C" { static void startans(void *userdata, UNUSED(const char *name), UNUSED(const char **attrs)) { struct ans *a = (struct ans *)userdata; if (a->depth == 4) a->error = 1; else { a->depth++; a->value = ""; } } static void startreq(void *userdata, UNUSED(const char *name), UNUSED(const char **attrs)) { struct req *d = (struct req *)userdata; if (!d || d->error) return; if (d->depth == 2) { d->error = 1; return; } d->depth++; d->value = ""; } static void endreq(void *userdata, const char *name) { struct req *d = (struct req *)userdata; if (!d || d->error) return; if (d->depth == 0) { d->error = 1; return; } d->depth--; if (strcmp(name, "order") == 0) d->r->order = d->value; else if (strcmp(name, "targets") == 0) d->r->targets = d->value; else if (strcmp(name, "command") == 0) d->r->command.push_back(d->value); else if (strcmp(name, "lifetime") == 0) d->r->lifetime = atoi(d->value.c_str()); else if (strcmp(name, "base64") == 0) d->r->base64 = 1; else if (strcmp(name, "version") == 0) d->r->version = atoi(d->value.c_str()); d->value=""; } static void endans(void *userdata, const char *name) { struct ans *a = (struct ans *)userdata; if (!a) return; if(a->error || !a->depth) { a->error = 1; return; } a->depth--; if (!strcmp(name,"ac")) { a->a->ac = Decode(a->value); if (a->a->ac.empty()) a->error=1; } else if (!strcmp(name, "bitstr")) { a->a->data = Decode(a->value); if (a->a->data.empty()) a->error=1; } else if (!strcmp(name, "error")) { struct errorp e; e.num = a->num; e.message = a->message; a->a->errs.push_back(e); } else if ((!strcmp(name, "number")) && (a->depth == 3)) { a->num = atoi(a->value.c_str()); } else if ((!strcmp(name, "message")) && (a->depth == 3 || a->depth == 2)) { a->message = a->value; } else if (!strcmp(name, "warning")) { struct errorp e; e.num = WARN_OFFSET; e.message = a->value; a->a->errs.push_back(e); } else if ((!strcmp(name, "code")) && (a->depth == 2)) { const char *msg = a->value.c_str(); if (!strcmp(msg, "NoSuchUser") || atoi(msg) == ERR_NOT_MEMBER) a->num = ERR_NOT_MEMBER; else if (!strcmp(msg, "SuspendedUser")) a->num = ERR_SUSPENDED; else if (!strcmp(msg, "BadRequest")) a->num = ERR_WITH_DB; else a->num = ERR_UNEXPECTED_ERROR; } else if ((!strcmp(name, "version"))) { a->a->version = atoi(a->value.c_str()); } a->value = ""; } static void handlerreq(void *userdata, const char *s, int len) { struct req *d = (struct req *)userdata; if (!d || d->error) return; d->value = std::string(s, len); if (d->value.empty() && len) d->error = 1; } static void handlerans(void *userdata, const char *s, int len) { struct ans *a = (struct ans *)userdata; if (!a || a->error) return; if (a->value.empty()) a->value = std::string(s, len); else { a->value += std::string(s, len); } if (a->value.empty() && len) a->error = 1; } } voms-2.1.2/src/include/000077500000000000000000000000001477131364200147225ustar00rootroot00000000000000voms-2.1.2/src/include/Client.h000066400000000000000000000074461477131364200163240ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /*************************************************************************** * filename : GSISocketClient.h * authors : Salvatore Monforte * copyright : (C) 2001 by INFN ***************************************************************************/ // $Id: /** * @file GSISocketServer.h * @brief The header file for ssh based Socket Server Object. * This file contains definitions for secure Socket Server used in * order to communicate with the Resource Broker.\ It uses SSH standard. * @author Salvatore Monforte salvatore.monforte@ct.infn.it * @author comments by Marco Pappalardo marco.pappalardo@ct.infn.it and Salvatore Monforte */ #ifndef VOMS_GSISOCKETCLIENT #define VOMS_GSISOCKETCLIENT /** This super class header file. */ #include #include #include #include #include #include extern "C" { #include "sslutils.h" } /** * The secure Client. * This object acts as Client in the message exchange. It asks the client for * connections referencing an agent for secure message exchange. * @author Salvatore Monforte salvatore.monforte@ct.infn.it * @author comments by Marco Pappalardo marco.pappalardo@ct.infn.it and Salvatore Monforte */ class GSISocketClient { public: /** * Constructor. * @param p the secure server port. * @param b the backlog, that is the maximum number of outstanding connection requests. */ GSISocketClient(const std::string&, int); /** * Destructor. */ ~GSISocketClient(); /** * Open the connection. * @return true for successful opening, false otherwise. */ bool Open(); /** * Close the connection. * @return true for successful close, false otehrwise. */ void Close(); bool post_connection_check(SSL*); bool LoadCredentials(const char *, X509 *, STACK_OF(X509) *, EVP_PKEY *); protected: /** * Initialize GSI Authentication. * This method asks the server for authentication. * @param sock the socket descriptot * @return true on success, false otherwise. */ bool InitGSIAuthentication(int sock); private: std::string host; int port; bool opened; int sck; public: std::string own_subject; EVP_PKEY *upkey; X509 *ucert; STACK_OF(X509) *cert_chain; char *cacertdir; SSL *ssl; SSL_CTX *ctx; BIO *conn; bool Send(const std::string &s); bool Receive(std::string &s); private: std::string error; void SetError(const std::string&); void SetErrorGlobus(const std::string&, int, int, int); void SetErrorOpenSSL(const std::string& ); public: std::string GetError(); void SetTimeout(int t); private: int timeout; }; #endif /* Local Variables: mode: c++ End: */ voms-2.1.2/src/include/Makefile.am000066400000000000000000000007161477131364200167620ustar00rootroot00000000000000 includedir = @includedir@/voms if BUILD_INTERFACES include_HEADERS = \ newformat.h \ acstack.h endif EXTRA_DIST = Client.h data.h gssapi_compat.h \ options.h pass.h Server.h fqan.h doio.h \ vomsxml.h errors.h log.h sslutils.h normalize.h \ listfunc.h credentials.h newformat.h proxycertinfo.h proxypolicy.h \ acstack.h validate.h ccac.h init.h ccwrite.h getopts.h replace.h dbwrap.h \ stamp-h.in stamp-h1.in ssl_compat.h MAINTAINERCLEANFILES = Makefile.in voms-2.1.2/src/include/Server.h000066400000000000000000000105421477131364200163430ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /*************************************************************************** * filename : GSISocketServer.h * authors : Salvatore Monforte * copyright : (C) 2001 by INFN ***************************************************************************/ // $Id: /** * @file GSISocketServer.h * @brief The header file for ssh based Socket Server Object. * This file contains definitions for secure Socket Server used in * order to communicate with the Resource Broker.\ It uses SSH standard. * @author Salvatore Monforte salvatore.monforte@ct.infn.it * @author comments by Marco Pappalardo marco.pappalardo@ct.infn.it and Salvatore Monforte */ #ifndef VOMS_GSISOCKETSERVER #define VOMS_GSISOCKETSERVER /** Include the secure socket globus definition. */ #include #include #include #include #include #include #include #include #include #include /** * The secure Server. * This object acts as Server in the message exchange. It listens for client * connections and, when asked for, it receives, sets and sends back the reference to the * agent to be used for secure message exchange. * @author Salvatore Monforte salvatore.monforte@ct.infn.it * @author comments by Marco Pappalardo marco.pappalardo@ct.infn.it and Salvatore Monforte */ class GSISocketServer { public: /** * Constructor. * @param p the secure server port. * @param b the backlog, that is the maximum number of outstanding connection requests. */ GSISocketServer(int, void * = NULL, int=5, bool=true); /** * Destructor. * This method must be also implemented by object subclassing server socket. */ ~GSISocketServer(); /** * Close the connection. */ void Close(); bool Open(); void CloseListener(void); void CloseListened(void); /** * Listen for incoming connection requests. * Accept incoming requests and redirect communication on a dedicated port. * @param a a reference to the secure GSI Socket Agent sent by Client. * @return the GSI Socket Agent redirecting communication on a dedicated port. */ bool Listen(); void SetLogger(void *log); void CleanSocket(); bool Send(const std::string &s); bool Receive(std::string &s); bool Peek(int size, std::string &s); bool AcceptGSIAuthentication(void); void AdjustBacklog(int b); bool ReOpen(int, int=5, bool=true); void SetTimeout(int); void SetError(const std::string &g); void SetErrorOpenSSL(const std::string &message); const std::vector& GetOpenSSLErrors(); public: std::string own_subject; std::string own_ca; std::string peer_subject; std::string peer_ca; std::string peer_serial; EVP_PKEY *own_key; X509 *own_cert; X509 *peer_cert; X509 *actual_cert; STACK_OF(X509) *own_stack; STACK_OF(X509) *peer_stack; SSL *ssl; SSL_CTX *ctx; BIO *conn; void *pvd; char *cacertdir; EVP_PKEY *upkey; X509 *ucert; std::string error; public: int port; bool opened; int sck; int backlog; int newsock; int timeout; bool newopened; bool mustclose; void *logh; private: std::vector openssl_errors; }; #endif /* Local Variables: mode: c++ End: */ voms-2.1.2/src/include/acstack.h000066400000000000000000000116261477131364200165120ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_ACSTACK_H #define VOMS_ACSTACK_H #include #include #include #include #ifndef VOMS_MAYBECONST #if defined(D2I_OF) #define VOMS_MAYBECONST const #else #define VOMS_MAYBECONST /* typedef void *d2i_of_void(void *, unsigned char **); */ #endif #endif #if OPENSSL_VERSION_NUMBER >= 0x10100000L #define DECL_STACK(type) DEFINE_STACK_OF(type) #define IMPL_STACK(type) #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ #define IMPL_STACK(type) \ DECLARE_STACK_OF(type) \ STACK_OF(type) *sk_##type##_new (int (*cmp)(const type *, const type *)) \ { return (STACK_OF(type) *)sk_new ( (int (*)(const void *, const void *))cmp);} \ STACK_OF(type) *sk_##type##_new_null () { return (STACK_OF(type) *)sk_new_null(); } \ void sk_##type##_free (STACK_OF(type) *st) { sk_free((_STACK *)st); } \ int sk_##type##_num (const STACK_OF(type) *st) { return sk_num((_STACK *)st); } \ type *sk_##type##_value (const STACK_OF(type) *st, int i) { return (type *)sk_value((const _STACK *)st, i); } \ int sk_##type##_push (STACK_OF(type) *st, type *val) { return sk_push((_STACK *)st, (char *)val); } \ STACK_OF(type) *sk_##type##_dup (STACK_OF(type) *st) { return (STACK_OF(type) *)sk_dup((_STACK *)st); } \ void sk_##type##_pop_free (STACK_OF(type) *st, void (*func)(type *)) { sk_pop_free((_STACK *)st, (void (*)(void *))func); } /* the following are not part of the stack interface * * STACK_OF(type) *d2i_ASN1_SET_OF_##type (STACK_OF(type) **st, VOMS_MAYBECONST unsigned char **pp, long length, type *(*d2ifunc)(), void (*freefunc)(type *), int ex_tag, int ex_class) \ * { return d2i_ASN1_SET(st, pp, length, (char *(*)())d2ifunc, (void (*)(void *))freefunc, ex_tag, ex_class); } \ * int i2d_ASN1_SET_OF_##type (STACK_OF(type) *st, unsigned char **pp, int (*i2dfunc)(), int ex_tag, int ex_class, int is_set) \ * { return i2d_ASN1_SET(st, pp, i2dfunc, ex_tag, ex_class, is_set); } \ */ #define DECL_STACK(type) \ PREDECLARE_STACK_OF(type) \ extern STACK_OF(type) *sk_##type##_new (int (*)(const type *, const type *)); \ extern STACK_OF(type) *sk_##type##_new_null (); \ extern void sk_##type##_free (STACK_OF(type) *); \ extern int sk_##type##_num (const STACK_OF(type) *); \ extern type *sk_##type##_value (const STACK_OF(type) *, int); \ extern type *sk_##type##_set (STACK_OF(type) *, int, type *); \ extern void sk_##type##_zero (STACK_OF(type) *); \ extern int sk_##type##_push (STACK_OF(type) *, type *); \ extern int sk_##type##_unshift (STACK_OF(type) *, type *); \ extern int sk_##type##_find (STACK_OF(type) *, type *); \ extern type *sk_##type##_delete (STACK_OF(type) *, int); \ extern type *sk_##type##_delete_ptr (STACK_OF(type) *, type *); \ extern int sk_##type##_insert (STACK_OF(type) *, type *, int); \ extern int (*sk_##type##_set_cmp_func (STACK_OF(type) *, int (*)(const type * const *, const type * const *)))(const type * const *, const type * const *); \ extern STACK_OF(type) *sk_##type##_dup (STACK_OF(type) *); \ extern void sk_##type##_pop_free (STACK_OF(type) *, void (*)(type *)); \ extern type *sk_##type##_shift (STACK_OF(type) *); \ extern type *sk_##type##_pop (STACK_OF(type) *); \ extern void sk_##type##_sort (STACK_OF(type) *); /* the following are not part of the stack interface * * extern STACK_OF(type) *d2i_ASN1_SET_OF_##type (STACK_OF(type) **, VOMS_MAYBECONST unsigned char **, long, type *(*)(), void (*)(type *), int, int); \ * extern int i2d_ASN1_SET_OF_##type (STACK_OF(type) *, unsigned char **, int (*)(), int, int, int); \ * extern unsigned char *ASN1_seq_pack_##type (STACK_OF(type) *, int (*)(), unsigned char **, int *); \ * extern STACK_OF(type) *ASN1_seq_unpack_##type (unsigned char *, int, type *(*)(), void (*)(type *)) ; */ #endif #endif voms-2.1.2/src/include/ccac.h000066400000000000000000000025051477131364200157660ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_CCAC_H #define VOMS_CCAC_H extern "C" { #include #include "newformat.h" } #include "voms_api.h" enum ver_type { TYPE_COMPLETE, TYPE_NOTARGET }; extern bool verifyac(X509 *, X509 *, AC *, voms &, ver_type type=TYPE_COMPLETE); #endif voms-2.1.2/src/include/ccwrite.h000066400000000000000000000031071477131364200165340ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_CCWRITE_H #define VOMS_CCWRITE_H extern "C" { #include #include #include #include "newformat.h" } #include #include extern int createac(X509 *, STACK_OF(X509) *, X509 *, EVP_PKEY *, BIGNUM *, std::vector &, std::vector &, std::vector& attributes, AC **, std::string, std::string, int valid, bool old, STACK_OF(X509_EXTENSION) *extensions); #endif voms-2.1.2/src/include/credentials.h000066400000000000000000000024141477131364200173710ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_CREDENTIALS_H #define VOMS_CREDENTIALS_H #include #include extern X509 *get_real_cert(X509 *base, STACK_OF(X509) *stk); extern char *get_peer_serial(X509 *); #endif voms-2.1.2/src/include/data.h000066400000000000000000000030751477131364200160110ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_DATA_H #define VOMS_DATA_H #ifdef __cplusplus #include #include extern bool acceptable(const char *str); extern bool acceptable(std::string s); extern char * timestamp(void); extern std::string stringify(int i, std::string &s); extern std::string OpenSSLError(bool debug); extern std::string readfile(std::string filename); extern char **vectoarray(std::vector& vector); extern "C" { #endif extern int hex2num(char c); #ifdef __cplusplus } #endif #endif voms-2.1.2/src/include/dbwrap.h000066400000000000000000000057501477131364200163610ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef SQLDBWRAP_H #define SQLDBWRAP_H #include extern "C" { #include } #define ERR_DBERR 1 #define ERR_NO_PARAM 2 #define ERR_NO_MEMORY 3 #define ERR_ACCOUNT_SUSPENDED 4 #define ERR_X509 5 #define ERR_USER_UNKNOWN 6 #define ERR_NO_CA 7 #define ERR_NO_IDDATA 8 #define ERR_NO_DB 9 #define ERR_NO_SESSION 10 #define ERR_USER_SUSPENDED 11 #define OPTION_SET_SOCKET 1 #define OPTION_SET_PORT 2 #define OPTION_SET_INSECURE 3 #define OPERATION_GET_ALL 0 #define OPERATION_GET_ROLE 1 #define OPERATION_GET_GROUPS 2 #define OPERATION_GET_GROUPS_AND_ROLE 3 #define OPERATION_GET_ALL_ATTRIBS 4 #define OPERATION_GET_ROLE_ATTRIBS 5 #define OPERATION_GET_GROUPS_ATTRIBS 6 #define OPERATION_GET_GROUPS_AND_ROLE_ATTRIBS 7 #define OPERATION_GET_VERSION 8 #define OPERATION_GET_USER 9 class gattrib { public: std::string name; std::string qualifier; std::string value; std::string str() const { return (qualifier.empty() ? "" : qualifier) + "::" + name + "=" + value; } }; namespace sqliface { class interface { public: virtual ~interface(void) {}; virtual int error(void) const = 0; virtual bool connect(const char *, const char *, const char *, const char *) = 0; virtual bool reconnect() = 0; virtual void close(void) = 0; virtual bool setOption(int option, void *value) = 0; virtual bool operation(int operation_type, void *result, ...) = 0; virtual interface *getSession() = 0; virtual void releaseSession(interface *) = 0; virtual bool isConnected(void) = 0; virtual char *errorMessage(void) = 0; }; }; // namespace sqliface extern "C" { sqliface::interface *CreateDB(); int getDBInterfaceVersion(); int getDBInterfaceVersionMinor(); } #endif voms-2.1.2/src/include/doio.h000066400000000000000000000024221477131364200160250ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_DOIO_H #define VOMS_DOIO_H #include extern char *snprintf_wrap(const char *format, ...); extern char *vsnprintf_wrap(const char *format, va_list v); extern int fileexists(const char*); #endif voms-2.1.2/src/include/errors.h000066400000000000000000000033041477131364200164070ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_ERRORS_H #define VOMS_ERRORS_H #include struct errorp { int num; std::string message; }; #define ERROR_OFFSET 1000 #define WARN_OFFSET 0 #define WARN_NO_FIRST_SELECT (WARN_OFFSET + 1) #define WARN_SHORT_VALIDITY (WARN_OFFSET + 2) #define WARN_ATTR_SUBSET (WARN_OFFSET + 3) #define WARN_UNKNOWN_COMMAND (WARN_OFFSET + 4) #define ERR_WITH_DB (ERROR_OFFSET + 3) #define ERR_NOT_MEMBER (ERROR_OFFSET + 1) #define ERR_ATTR_EMPTY (ERROR_OFFSET + 2) #define ERR_SUSPENDED (ERROR_OFFSET + 4) #define ERR_NO_COMMAND (ERROR_OFFSET + 5) #define ERR_UNEXPECTED_ERROR (ERROR_OFFSET + 6) #endif voms-2.1.2/src/include/fqan.h000066400000000000000000000024571477131364200160300ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_COMMON_FQAN_H #define VOMS_COMMON_FQAN_H #include #include extern std::string parse_fqan(const std::vector& fqans, bool clean = false); #endif voms-2.1.2/src/include/getopts.h000066400000000000000000000042231477131364200165610ustar00rootroot00000000000000/* Declarations for getopt. Copyright (C) 1989-1994, 1996-1999, 2001 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with the GNU C Library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. */ #ifndef VOMS_REP_GETOPT_H #define VOMS_REP_GETOPT_H 1 #if defined __cplusplus extern "C" { #endif #ifndef HAVE_GETOPT_LONG struct option { # if (defined __STDC__ && __STDC__) || defined __cplusplus const char *name; # else char *name; # endif /* has_arg can't be an enum because some compilers complain about type mismatches in all the code that assumes it is an int. */ int has_arg; int *flag; int val; }; extern char *optarg; extern int optind; extern int opterr; extern int optopt; /* Names for the values of the `has_arg' field of `struct option'. */ # define no_argument 0 # define required_argument 1 # define optional_argument 2 #if (defined __STDC__ && __STDC__) || defined __cplusplus extern int getopt_long (int ___argc, char *const *___argv, const char *__shortopts, const struct option *__longopts, int *__longind); extern int getopt_long_only (int ___argc, char *const *___argv, const char *__shortopts, const struct option *__longopts, int *__longind); #else /* not __STDC__ */ extern int getopt_long (); extern int getopt_long_only (); #endif /* __STDC__ */ #endif /* HAVE_GETOPT_LONG */ #ifdef __cplusplus } #endif /* Make sure we later can get all the definitions and declarations. */ #endif /* getopt.h */ voms-2.1.2/src/include/gssapi_compat.h000066400000000000000000000055101477131364200177250ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /********************************************************************** gssapi_ssleay.h: Description: This header file used internally by the gssapi_ssleay routines **********************************************************************/ #ifndef VOMS_GSSAPI_COMPAT_H #define VOMS_GSSAPI_COMPAT_H /********************************************************************** Include header files **********************************************************************/ #include "config.h" #include "openssl/ssl.h" #include "openssl/err.h" #include "openssl/bio.h" #include "openssl/pem.h" #include "openssl/x509.h" #if SSLEAY_VERSION_NUMBER >= 0x0090581fL #include "openssl/x509v3.h" #endif #include "openssl/stack.h" typedef void *globus_gsi_callback_data_t; typedef struct globus_l_gsi_cred_handle_s { /** The credential's signed certificate */ X509 * cert; /** The private key of the credential */ EVP_PKEY * key; /** The chain of signing certificates */ STACK_OF(X509) * cert_chain; } globus_i_gsi_cred_handle_t; typedef struct globus_l_gsi_cred_handle_s * globus_gsi_cred_handle_t; typedef struct gss2_cred_id_desc_struct { globus_gsi_cred_handle_t cred_handle; } gss2_cred_id_desc; #if !defined(GLOBUS_INCLUDE_GLOBUS_THREAD) typedef int globus_mutex_t; #endif typedef struct gss2_ctx_id_desc_struct{ globus_mutex_t mutex; globus_gsi_callback_data_t callback_data; gss2_cred_id_desc * peer_cred_handle; } gss2_ctx_id_desc; #ifndef GSSAPI_H_ typedef void * gss_cred_id_t; typedef void * gss_ctx_id_t; #endif #endif /* VOMS_GSSAPI_COMPAT_H */ voms-2.1.2/src/include/init.h000066400000000000000000000022031477131364200160330ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_INIT_H #define VOMS_INIT_H extern void declareOIDs(void); #endif voms-2.1.2/src/include/listfunc.h000066400000000000000000000024011477131364200167170ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_LISTFUNC_H #define VOMS_LISTFUNC_H #include typedef void (*freefn)(void *); extern char **listadd(char **vect, char *data); extern void listfree(char **vect, freefn f); #endif voms-2.1.2/src/include/log.h000066400000000000000000000053031477131364200156550ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_LOG_H #define VOMS_LOG_H typedef enum { T_PRE = 0x00, T_STARTUP = 0x01, T_REQUEST = 0x02, T_RESULT = 0x04 } logtypes; typedef enum { LEV_ERROR = 0, LEV_WARN, LEV_INFO, LEV_DEBUG, LEV_NONE} loglevels; #include "config.h" #include #include #include extern void *LogInit(); extern void *LogAddStreamer(void *, const char *, void * (*)(), int (*)(void *, const char *), void (*)(void *), void (*)(void *, const char *, const char*)); extern void LogDestroy(void *); extern loglevels LogLevel(void *, loglevels); extern logtypes LogType(void *, int); extern const char *LogDateFormat(void *, const char *); extern const char *LogService(void *, const char *); extern const char *LogFormat(void *, const char *); extern int LogMessage(void *, loglevels, logtypes, const char *, const char *, int, const char *); extern int LogMessageF(const char *, int, const char *, void *, loglevels, logtypes, const char *, ...); extern logtypes SetCurLogType(void *, logtypes); extern void LogActivate(void *, const char *); extern void LogDeactivate(void *, const char *); extern void LogOption(void *, const char *, const char *); extern void LogOptionInt(void *, const char *, int); extern int LogLevelMin(void *, loglevels); #define LOG(h, lev, type, str) \ LogMessage((h), (lev), (type), (str), FUNC_NAME, __LINE__, __FILE__) #define LOGM LogMessageF #define VARP FUNC_NAME, __LINE__, __FILE__ #endif /* VOMS_LOG_H */ voms-2.1.2/src/include/newformat.h000066400000000000000000000102571477131364200171020ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_NEW_FORMAT_H #define VOMS_NEW_FORMAT_H #include #include #include #include #include #include #include "acstack.h" #ifndef VOMS_MAYBECONST #if defined(D2I_OF) #define VOMS_MAYBECONST const #else #define VOMS_MAYBECONST #endif #endif typedef struct ACDIGEST { ASN1_ENUMERATED *type; ASN1_OBJECT *oid; X509_ALGOR *algor; ASN1_BIT_STRING *digest; } AC_DIGEST; typedef struct ACIS { GENERAL_NAMES *issuer; ASN1_INTEGER *serial; ASN1_BIT_STRING *uid; } AC_IS; typedef struct ACFORM { GENERAL_NAMES *names; AC_IS *is; AC_DIGEST *digest; } AC_FORM; typedef struct ACACI { GENERAL_NAMES *names; AC_FORM *form; } AC_ACI; typedef struct ACHOLDER { AC_IS *baseid; STACK_OF(GENERAL_NAMES) *name; AC_DIGEST *digest; } AC_HOLDER; typedef struct ACVAL { ASN1_GENERALIZEDTIME *notBefore; ASN1_GENERALIZEDTIME *notAfter; } AC_VAL; typedef ASN1_OCTET_STRING AC_IETFATTRVAL; typedef struct ACIETFATTR { GENERAL_NAMES *names; STACK_OF(AC_IETFATTRVAL) *values; } AC_IETFATTR; typedef struct ACTARGET { GENERAL_NAME *name; GENERAL_NAME *group; AC_IS *cert; } AC_TARGET; typedef struct ACTARGETS { STACK_OF(AC_TARGET) *targets; } AC_TARGETS; typedef struct ACATTR { ASN1_OBJECT * type; STACK_OF(AC_IETFATTR) *ietfattr; STACK_OF(AC_FULL_ATTRIBUTES) *fullattributes; } AC_ATTR; typedef STACK_OF(AC_ATTR) AC_ATTRS; typedef struct ACINFO { ASN1_INTEGER *version; AC_HOLDER *holder; GENERAL_NAMES *form; X509_ALGOR *alg; ASN1_INTEGER *serial; AC_VAL *validity; AC_ATTRS *attrib; ASN1_BIT_STRING *id; X509_EXTENSIONS *exts; } AC_INFO; typedef struct ACC { AC_INFO *acinfo; X509_ALGOR *sig_alg; ASN1_BIT_STRING *signature; } AC; typedef struct ACSEQ { STACK_OF(AC) *acs; } AC_SEQ; typedef struct ACCERTS { STACK_OF(X509) *stackcert; } AC_CERTS; DECL_STACK(AC_TARGET) DECL_STACK(AC_TARGETS) DECL_STACK(AC_IETFATTR) DECL_STACK(AC_IETFATTRVAL) DECL_STACK(AC_ATTR) DECL_STACK(AC) DECL_STACK(AC_INFO) DECL_STACK(AC_VAL) DECL_STACK(AC_HOLDER) DECL_STACK(AC_ACI) DECL_STACK(AC_FORM) DECL_STACK(AC_IS) DECL_STACK(AC_DIGEST) DECL_STACK(AC_CERTS) DECLARE_ASN1_FUNCTIONS(AC_ATTRS) DECLARE_ASN1_FUNCTIONS(AC_DIGEST) DECLARE_ASN1_FUNCTIONS(AC_IS) DECLARE_ASN1_FUNCTIONS(AC_FORM) DECLARE_ASN1_FUNCTIONS(AC_ACI) DECLARE_ASN1_FUNCTIONS(AC_HOLDER) DECLARE_ASN1_FUNCTIONS(AC_VAL) DECLARE_ASN1_FUNCTIONS(AC_IETFATTR) DECLARE_ASN1_FUNCTIONS(AC_TARGET) DECLARE_ASN1_FUNCTIONS(AC_TARGETS) DECLARE_ASN1_FUNCTIONS(AC_ATTR) DECLARE_ASN1_FUNCTIONS(AC_INFO) DECLARE_ASN1_FUNCTIONS(AC) DECLARE_ASN1_FUNCTIONS(AC_SEQ) DECLARE_ASN1_FUNCTIONS(AC_CERTS) DECLARE_ASN1_PRINT_FUNCTION(AC) #if OPENSSL_VERSION_NUMBER < 0x30000000L extern AC *AC_dup(AC *ac); #else extern AC *AC_dup(const AC *ac); #endif extern EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey); extern int AC_verify(X509_ALGOR *algor1, ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); #endif voms-2.1.2/src/include/normalize.h000066400000000000000000000023411477131364200170730ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef _VOMS_NORMALIZE_H #define _VOMS_NORMALIZE_H #ifdef __cplusplus extern "C" { #endif extern char *normalize(const char *str); #ifdef __cplusplus } #endif #endif voms-2.1.2/src/include/options.h000066400000000000000000000032001477131364200165610ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_OPTIONS_H #define VOMS_OPTIONS_H #define __USE_GNU 1 #include extern "C" { #if defined(HAVE_GETOPT_LONG) || defined(HAVE_GETOPT_LONG_ONLY) #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #include #endif #include #include "getopts.h" } #define OPT_NONE 0 #define OPT_BOOL 1 #define OPT_NUM 2 #define OPT_STRING 3 #define OPT_MULTI 4 #define OPT_CONFIG 5 #define OPT_HELP 6 extern bool getopts(int argc, char * const argv[], struct option *longopts); extern void set_usage(std::string); #endif /*___OPTIONS_H */ voms-2.1.2/src/include/pass.h000066400000000000000000000022761477131364200160500ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_PASS_H #define VOMS_PASS_H #include extern bool getpasswd(std::string, void *); extern char *passwd(void); #endif voms-2.1.2/src/include/proxycertinfo.h000066400000000000000000000043561477131364200200160ustar00rootroot00000000000000/* * Copyright 1999-2006 University of Chicago * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef HEADER_PROXYCERTINFO_H #define HEADER_PROXYCERTINFO_H /** * @file proxycertinfo.h * @brief Proxy Certificate Info * @author Sam Meder * @author Sam Lang */ #include "proxypolicy.h" #include #include #include #include #ifdef __cplusplus extern "C" { #endif /** * @defgroup proxycertinfo ProxyCertInfo * @ingroup globus_gsi_proxy_ssl_api * * The proxycertinfo.h file defines a method of * maintaining information about proxy certificates. */ #define PROXYCERTINFO_OLD_OID "1.3.6.1.4.1.3536.1.222" #define PROXYCERTINFO_OID "1.3.6.1.5.5.7.1.14" #define PROXYCERTINFO_SN "PROXYCERTINFO" #define PROXYCERTINFO_LN "Proxy Certificate Info Extension" #define PROXYCERTINFO_OLD_SN "OLD_PROXYCERTINFO" #define PROXYCERTINFO_OLD_LN "Proxy Certificate Info Extension (old OID)" /* * Used for error checking */ #define ASN1_F_PROXYCERTINFO_NEW 430 #define ASN1_F_D2I_PROXYCERTINFO 431 X509V3_EXT_METHOD * PROXYCERTINFO_OLD_x509v3_ext_meth(); void InitProxyCertInfoExtension(int full); int PROXY_CERT_INFO_EXTENSION_set_path_length( PROXY_CERT_INFO_EXTENSION* pci , long pl ); PROXY_POLICY* PROXY_CERT_INFO_EXTENSION_get_policy(PROXY_CERT_INFO_EXTENSION const* pci); int PROXY_CERT_INFO_EXTENSION_set_policy( PROXY_CERT_INFO_EXTENSION* pci , PROXY_POLICY* policy ); long PROXY_CERT_INFO_EXTENSION_get_path_length(PROXY_CERT_INFO_EXTENSION const* pci); #ifdef __cplusplus } #endif #endif /* HEADER_PROXYCERTINFO_H */ voms-2.1.2/src/include/proxypolicy.h000066400000000000000000000055041477131364200175000ustar00rootroot00000000000000/* * Copyright 1999-2006 University of Chicago * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef HEADER_PROXYPOLICY_H #define HEADER_PROXYPOLICY_H /** * @file proxypolicy.h * @brief Proxy Policy * @author Sam Meder * @author Sam Lang */ /** * @defgroup proxypolicy ProxyPolicy * @ingroup globus_gsi_proxy_ssl_api * * The proxypolicy set of data structures * and functions provides an interface to generating * a PROXYPOLICY structure which is maintained as * a field in the PROXYCERTINFO structure, * and ultimately gets written to a DER encoded string. * * Further Information about proxy policies * is available in the X.509 Proxy Certificate Profile document. */ #include #include #include #ifdef __cplusplus extern "C" { #endif #define ANY_LANGUAGE_OID "1.3.6.1.5.5.7.21.0" #define ANY_LANGUAGE_SN "ANY_LANGUAGE" #define ANY_LANGUAGE_LN "Any Language" #define IMPERSONATION_PROXY_OID "1.3.6.1.5.5.7.21.1" #define IMPERSONATION_PROXY_SN "IMPERSONATION_PROXY" #define IMPERSONATION_PROXY_LN "GSI impersonation proxy" #define INDEPENDENT_PROXY_OID "1.3.6.1.5.5.7.21.2" #define INDEPENDENT_PROXY_SN "INDEPENDENT_PROXY" #define INDEPENDENT_PROXY_LN "GSI independent proxy" /* generic policy language */ #define GLOBUS_GSI_PROXY_GENERIC_POLICY_OID "1.3.6.1.4.1.3536.1.1.1.8" #define LIMITED_PROXY_OID "1.3.6.1.4.1.3536.1.1.1.9" #define LIMITED_PROXY_SN "LIMITED_PROXY" #define LIMITED_PROXY_LN "GSI limited proxy" /* Used for error handling */ #define ASN1_F_PROXYPOLICY_NEW 450 #define ASN1_F_D2I_PROXYPOLICY 451 int PROXY_POLICY_set_policy_language( PROXY_POLICY * policy , ASN1_OBJECT * policy_language); int PROXY_POLICY_set_policy( PROXY_POLICY * proxypolicy , unsigned char * policy , int length); #if OPENSSL_VERSION_NUMBER < 0x30000000L PROXY_POLICY* PROXY_POLICY_dup(PROXY_POLICY* policy); #else PROXY_POLICY* PROXY_POLICY_dup(const PROXY_POLICY* policy); #endif #ifdef __cplusplus } #endif #endif /* HEADER_PROXYPOLICY_H */ voms-2.1.2/src/include/replace.h000066400000000000000000000030321477131364200165040ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_REPLACES_H #define VOMS_REPLACES_H #include "config.h" #ifdef __cplusplus extern "C" { #endif #ifndef HAVE_DAEMON extern int daemon(int, int); #endif #ifndef HAVE_SETENV extern int setenv(const char *, const char *, int); extern void unsetenv(const char *); #endif #ifndef HAVE_STRNDUP #include extern char *strndup(const char *, size_t); #endif #ifdef __cplusplus } #endif #endif /* REPLACES_H */ voms-2.1.2/src/include/ssl_compat.h000066400000000000000000000063221477131364200172420ustar00rootroot00000000000000#ifndef VOMS_SSL_COMPAT_H #define VOMS_SSL_COMPAT_H #include #if OPENSSL_VERSION_NUMBER < 0x10100000L #include #include #include #ifdef __cplusplus extern "C" { #endif const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); int X509_REQ_get_signature_nid(const X509_REQ *req); const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); const ASN1_TIME *X509_get0_notAfter(const X509 *x); void X509_set_proxy_flag(X509 *x); void X509_set_proxy_pathlen(X509 *x, long l); X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); X509_OBJECT *X509_OBJECT_new(void); X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); long X509_get_proxy_pathlen(X509 *x); uint32_t X509_get_extension_flags(X509 *x); void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); void X509_OBJECT_free(X509_OBJECT *a); typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); void X509_STORE_set_check_issued(X509_STORE *ctx, X509_STORE_CTX_check_issued_fn check_issued); void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, const ASN1_BIT_STRING **psuid); int BIO_get_new_index(void); BIO_METHOD *BIO_meth_new(int type, const char *name); int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int); int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int)); long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *); int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom))(BIO *, int, bio_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, bio_info_cb *)); BN_GENCB *BN_GENCB_new(void); void BN_GENCB_free(BN_GENCB *cb); #ifdef __cplusplus } #endif #endif #endif voms-2.1.2/src/include/sslutils.h000066400000000000000000000475201477131364200167650ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /********************************************************************** sslutils.h: Description: This header file used internally by the gssapi_ssleay routines **********************************************************************/ #ifndef VOMS_SSLUTILS_H #define VOMS_SSLUTILS_H #ifndef EXTERN_C_BEGIN #ifdef __cplusplus #define EXTERN_C_BEGIN extern "C" { #define EXTERN_C_END } #else #define EXTERN_C_BEGIN #define EXTERN_C_END #endif #endif EXTERN_C_BEGIN /********************************************************************** Include header files **********************************************************************/ #include "config.h" #include #include #include #include "openssl/crypto.h" #if SSLEAY_VERSION_NUMBER < 0x0090581fL #define RAND_add(a,b,c) RAND_seed(a,b) #define RAND_status() 1 #endif #if SSLEAY_VERSION_NUMBER >= 0x00904100L /* Support both OpenSSL 0.9.4 and SSLeay 0.9.0 */ #define OPENSSL_PEM_CB(A,B) A, B #else #define RAND_add(a,b,c) RAND_seed(a,b) #define OPENSSL_PEM_CB(A,B) A #define STACK_OF(A) STACK #define sk_X509_num sk_num #define sk_X509_value (X509 *)sk_value #define sk_X509_push(A, B) sk_push(A, (char *) B) #define sk_X509_insert(A,B,C) sk_insert(A, (char *) B, C) #define sk_X509_delete sk_delete #define sk_X509_new_null sk_new_null #define sk_X509_pop_free sk_pop_free #define sk_X509_NAME_ENTRY_num sk_num #define sk_X509_NAME_ENTRY_value (X509_NAME_ENTRY *)sk_value #define sk_SSL_CIPHER_num sk_num #define sk_SSL_CIPHER_value (SSL_CIPHER*)sk_value #define sk_SSL_CIPHER_insert(A,B,C) sk_insert(A, (char *) B, C) #define sk_SSL_CIPHER_delete sk_delete #define sk_SSL_CIPHER_push(A, B) sk_push(A, (char *) B) #define sk_SSL_CIPHER_shift(A) sk_shift(A) #define sk_SSL_CIPHER_dup(A) sk_dup(A) #define sk_SSL_CIPHER_unshift(A, B) sk_unshift(A, (char *) B) #define sk_SSL_CIPHER_pop(A) sk_pop(A) #define sk_SSL_CIPHER_delete_ptr(A, B) sk_delete_ptr(A, B) #define sk_X509_EXTENSION_num sk_num #define sk_X509_EXTENSION_value (X509_EXTENSION *)sk_value #define sk_X509_EXTENSION_push(A, B) sk_push(A, (char *) B) #define sk_X509_EXTENSION_new_null sk_new_null #define sk_X509_EXTENSION_pop_free sk_pop_free #define sk_X509_REVOKED_num sk_num #define sk_X509_REVOKED_value (X509_REVOKED*)sk_value #endif #include "openssl/ssl.h" #include "openssl/err.h" #include "openssl/bio.h" #include "openssl/pem.h" #include "openssl/x509.h" #include "openssl/stack.h" /********************************************************************** Define constants **********************************************************************/ #define X509_CERT_DIR "X509_CERT_DIR" #define X509_CERT_FILE "X509_CERT_FILE" #define X509_USER_PROXY "X509_USER_PROXY" #define X509_USER_CERT "X509_USER_CERT" #define X509_USER_KEY "X509_USER_KEY" #define X509_USER_DELEG_PROXY "X509_USER_DELEG_PROXY" #define X509_USER_DELEG_FILE "x509up_p" #define X509_USER_PROXY_FILE "x509up_u" /* This is added after the CA name hash to make the policy filename */ #define SIGNING_POLICY_FILE_EXTENSION ".signing_policy" #ifdef WIN32 #define GSI_REGISTRY_DIR "software\\Globus\\GSI" #define X509_DEFAULT_CERT_DIR ".globus\\certificates" #define X509_DEFAULT_USER_CERT ".globus\\usercert.pem" #define X509_DEFAULT_USER_CERT_P12 ".globus\\usercert.p12" #define X509_DEFAULT_USER_CERT_P12_GT ".globus\\usercred.p12" #define X509_DEFAULT_USER_KEY ".globus\\userkey.pem" #define X509_INSTALLED_CERT_DIR "share\\certificates" #define X509_INSTALLED_HOST_CERT_DIR "NEEDS_TO_BE_DETERMINED" #define X509_DEFAULT_HOST_CERT "NEEDS_TO_BE_DETERMINED" #define X509_DEFAULT_HOST_KEY "NEEDS_TO_BE_DETERMINED" #else #define X509_DEFAULT_CERT_DIR ".globus/certificates" #define X509_DEFAULT_USER_CERT ".globus/usercert.pem" #define X509_DEFAULT_USER_CERT_P12 ".globus/usercert.p12" #define X509_DEFAULT_USER_CERT_P12_GT ".globus/usercred.p12" #define X509_DEFAULT_USER_KEY ".globus/userkey.pem" #define X509_INSTALLED_CERT_DIR "share/certificates" #define X509_INSTALLED_HOST_CERT_DIR "/etc/grid-security/certificates" #define X509_DEFAULT_HOST_CERT "/etc/grid-security/hostcert.pem" #define X509_DEFAULT_HOST_KEY "/etc/grid-security/hostkey.pem" #endif /* * To allow the use of the proxy_verify_callback with * applications which already use the SSL_set_app_data, * we define here the index for use with the * SSL_set_ex_data. This is hardcoded today, but * if needed we could add ours at the highest available, * then look at all of them for the magic number. * To allow for recursive calls to proxy_verify_callback * when verifing a delegate cert_chain, we also have * PVD_STORE_EX_DATA_IDX */ #define PVD_SSL_EX_DATA_IDX 5 #define PVD_STORE_EX_DATA_IDX 6 #define PVD_MAGIC_NUMBER 22222 #define PVXD_MAGIC_NUMBER 33333 /* Used by ERR_set_continue_needed as a flag for error routines */ #define ERR_DISPLAY_CONTINUE_NEEDED 64 /* Location relative to ERR_LIB_USER where PRXYERR library will be stored */ #define ERR_USER_LIB_PRXYERR_NUMBER ERR_LIB_USER /* * Use the SSLeay error facility with the ERR_LIB_USER */ #define PRXYerr(f,r) ERR_PUT_error(ERR_USER_LIB_PRXYERR_NUMBER,(f),(r),__FILE__,__LINE__) /* * SSLeay 0.9.0 added the error_data feature. We may be running * with 0.8.1 which does not have it, if so, define a dummy * ERR_add_error_data and ERR_get_error_line_data */ #if SSLEAY_VERSION_NUMBER < 0x0900 void ERR_add_error_data( VAR_PLIST( int, num ) ); unsigned long ERR_get_error_line_data(char **file,int *line, char **data, int *flags); #endif void ERR_set_continue_needed(void); /* * defines for function codes our minor error codes * These match strings defined in gsserr.c. */ #define PRXYERR_F_BASE 100 #define PRXYERR_F_PROXY_GENREQ PRXYERR_F_BASE + 0 #define PRXYERR_F_PROXY_SIGN PRXYERR_F_BASE + 1 #define PRXYERR_F_VERIFY_CB PRXYERR_F_BASE + 2 #define PRXYERR_F_PROXY_LOAD PRXYERR_F_BASE + 3 #define PRXYERR_F_PROXY_TMP PRXYERR_F_BASE + 4 #define PRXYERR_F_INIT_CRED PRXYERR_F_BASE + 5 #define PRXYERR_F_LOCAL_CREATE PRXYERR_F_BASE + 6 #define PRXYERR_F_CB_NO_PW PRXYERR_F_BASE + 7 #define PRXYERR_F_GET_CA_SIGN_PATH PRXYERR_F_BASE + 8 #define PRXYERR_F_PROXY_SIGN_EXT PRXYERR_F_BASE + 9 #define PRXYERR_F_PROXY_VERIFY_NAME PRXYERR_F_BASE + 10 #define PRXYERR_F_PROXY_CONSTRUCT_NAME PRXYERR_F_BASE + 11 #define PRXYERR_F_VOMS_GET_CERT_TYPE PRXYERR_F_BASE + 12 /* * defines for reasons * The match strings defined in gsserr.c * These are also used for the minor_status codes. * We want to make sure these don't overlap with the errors in * gssapi_ssleay.h. */ #define PRXYERR_R_BASE 1000 #define PRXYERR_R_PROCESS_PROXY_KEY PRXYERR_R_BASE + 1 #define PRXYERR_R_PROCESS_REQ PRXYERR_R_BASE + 2 #define PRXYERR_R_PROCESS_SIGN PRXYERR_R_BASE + 3 #define PRXYERR_R_MALFORM_REQ PRXYERR_R_BASE + 4 #define PRXYERR_R_SIG_VERIFY PRXYERR_R_BASE + 5 #define PRXYERR_R_SIG_BAD PRXYERR_R_BASE + 6 #define PRXYERR_R_PROCESS_PROXY PRXYERR_R_BASE + 7 #define PRXYERR_R_PROXY_NAME_BAD PRXYERR_R_BASE + 8 #define PRXYERR_R_PROCESS_SIGNC PRXYERR_R_BASE + 9 #define PRXYERR_R_BAD_PROXY_ISSUER PRXYERR_R_BASE + 10 #define PRXYERR_R_PROBLEM_PROXY_FILE PRXYERR_R_BASE + 11 #define PRXYERR_R_SIGN_NOT_CA PRXYERR_R_BASE + 12 #define PRXYERR_R_PROCESS_KEY PRXYERR_R_BASE + 13 #define PRXYERR_R_PROCESS_CERT PRXYERR_R_BASE + 14 #define PRXYERR_R_PROCESS_CERTS PRXYERR_R_BASE + 15 #define PRXYERR_R_NO_TRUSTED_CERTS PRXYERR_R_BASE + 16 #define PRXYERR_R_PROBLEM_KEY_FILE PRXYERR_R_BASE + 17 #define PRXYERR_R_USER_ZERO_LENGTH_KEY_FILE PRXYERR_R_BASE + 18 #define PRXYERR_R_SERVER_ZERO_LENGTH_KEY_FILE PRXYERR_R_BASE + 19 #define PRXYERR_R_ZERO_LENGTH_CERT_FILE PRXYERR_R_BASE + 20 #define PRXYERR_R_PROBLEM_USER_NOCERT_FILE PRXYERR_R_BASE + 21 #define PRXYERR_R_PROBLEM_SERVER_NOCERT_FILE PRXYERR_R_BASE + 22 #define PRXYERR_R_PROBLEM_USER_NOKEY_FILE PRXYERR_R_BASE + 23 #define PRXYERR_R_PROBLEM_SERVER_NOKEY_FILE PRXYERR_R_BASE + 24 #define PRXYERR_R_USER_CERT_EXPIRED PRXYERR_R_BASE + 25 #define PRXYERR_R_SERVER_CERT_EXPIRED PRXYERR_R_BASE + 26 #define PRXYERR_R_CRL_SIGNATURE_FAILURE PRXYERR_R_BASE + 27 #define PRXYERR_R_CRL_NEXT_UPDATE_FIELD PRXYERR_R_BASE + 28 #define PRXYERR_R_CRL_HAS_EXPIRED PRXYERR_R_BASE + 29 #define PRXYERR_R_CERT_REVOKED PRXYERR_R_BASE + 30 #define PRXYERR_R_NO_HOME PRXYERR_R_BASE + 31 #define PRXYERR_R_LPROXY_MISSED_USED PRXYERR_R_BASE + 32 #define PRXYERR_R_LPROXY_REJECTED PRXYERR_R_BASE + 33 #define PRXYERR_R_KEY_CERT_MISMATCH PRXYERR_R_BASE + 34 #define PRXYERR_R_WRONG_PASSPHRASE PRXYERR_R_BASE + 35 #define PRXYERR_R_CA_POLICY_VIOLATION PRXYERR_R_BASE + 36 #define PRXYERR_R_CA_POLICY_RETRIEVE PRXYERR_R_BASE + 37 #define PRXYERR_R_CA_POLICY_PARSE PRXYERR_R_BASE + 38 #define PRXYERR_R_PROBLEM_CLIENT_CA PRXYERR_R_BASE + 39 #define PRXYERR_R_CB_NO_PW PRXYERR_R_BASE + 40 #define PRXYERR_R_CB_CALLED_WITH_ERROR PRXYERR_R_BASE + 41 #define PRXYERR_R_CB_ERROR_MSG PRXYERR_R_BASE + 42 #define PRXYERR_R_CLASS_ADD_OID PRXYERR_R_BASE + 43 #define PRXYERR_R_CLASS_ADD_EXT PRXYERR_R_BASE + 44 #define PRXYERR_R_DELEGATE_VERIFY PRXYERR_R_BASE + 45 #define PRXYERR_R_EXT_ADD PRXYERR_R_BASE + 46 #define PRXYERR_R_DELEGATE_COPY PRXYERR_R_BASE + 47 #define PRXYERR_R_DELEGATE_CREATE PRXYERR_R_BASE + 48 #define PRXYERR_R_BUFFER_TOO_SMALL PRXYERR_R_BASE + 49 #define PRXYERR_R_PROXY_EXPIRED PRXYERR_R_BASE + 50 #define PRXYERR_R_NO_PROXY PRXYERR_R_BASE + 51 #define PRXYERR_R_CA_UNKNOWN PRXYERR_R_BASE + 52 #define PRXYERR_R_CA_NOPATH PRXYERR_R_BASE + 53 #define PRXYERR_R_CA_NOFILE PRXYERR_R_BASE + 54 #define PRXYERR_R_CA_POLICY_ERR PRXYERR_R_BASE + 55 #define PRXYERR_R_INVALID_CERT PRXYERR_R_BASE + 56 #define PRXYERR_R_CERT_NOT_YET_VALID PRXYERR_R_BASE + 57 #define PRXYERR_R_LOCAL_CA_UNKNOWN PRXYERR_R_BASE + 58 #define PRXYERR_R_REMOTE_CRED_EXPIRED PRXYERR_R_BASE + 59 #define PRXYERR_R_OUT_OF_MEMORY PRXYERR_R_BASE + 60 #define PRXYERR_R_BAD_ARGUMENT PRXYERR_R_BASE + 61 #define PRXYERR_R_BAD_MAGIC PRXYERR_R_BASE + 62 #define PRXYERR_R_UNKNOWN_CRIT_EXT PRXYERR_R_BASE + 63 #define PRXYERR_R_NON_COMPLIANT_PROXY PRXYERR_R_BASE + 64 #define PRXYERR_R_ERROR_GETTING_NAME_ENTRY_OF_SUBJECT PRXYERR_R_BASE + 65 #define PRXYERR_R_ERROR_COPYING_SUBJECT PRXYERR_R_BASE + 66 #define PRXYERR_R_ERROR_GETTING_CN_ENTRY PRXYERR_R_BASE + 67 #define PRXYERR_R_ERROR_BUILDING_SUBJECT PRXYERR_R_BASE + 68 /* NOTE: Don't go over 1500 here or will conflict with errors in scutils.h */ /********************************************************************** Type definitions **********************************************************************/ /* proxy_verify_ctx_desc - common to all verifys */ typedef struct proxy_verify_ctx_desc_struct { int magicnum ; char * certdir; time_t goodtill; } proxy_verify_ctx_desc ; /* proxy_verify_desc - allows for recursive verifys with delegation */ typedef struct proxy_verify_desc_struct proxy_verify_desc; struct proxy_verify_desc_struct { int magicnum; proxy_verify_desc * previous; proxy_verify_ctx_desc * pvxd; int flags; X509_STORE_CTX * cert_store; int recursive_depth; /* unused */ int proxy_depth; int cert_depth; int limited_proxy; STACK_OF(X509) * cert_chain; /* X509 */ int multiple_limited_proxy_ok; }; /********************************************************************** Global variables **********************************************************************/ /********************************************************************** Function prototypes **********************************************************************/ int ERR_load_prxyerr_strings(int i); int ERR_load_proxy_error_strings(); int proxy_load_user_cert_and_key_pkcs12(const char *user_cert, X509 **cert, STACK_OF(X509) **stack, EVP_PKEY **pkey, pem_password_cb *pw_cb); int proxy_get_filenames( int proxy_in, char ** p_cert_file, char ** p_cert_dir, char ** p_user_proxy, char ** p_user_cert, char ** p_user_key); int proxy_load_user_cert( const char * user_cert, X509 ** certificate, pem_password_cb * pw_cb, unsigned long * hSession); int proxy_load_user_key( EVP_PKEY ** private_key, X509 * ucert, const char * user_key, pem_password_cb * pw_cb, unsigned long * hSession); void proxy_verify_init( proxy_verify_desc * pvd, proxy_verify_ctx_desc * pvxd); void proxy_verify_release( proxy_verify_desc * pvd); void proxy_verify_ctx_init( proxy_verify_ctx_desc *pvxd); void proxy_verify_ctx_release( proxy_verify_ctx_desc *pvxd); int proxy_check_proxy_name( X509 *); int proxy_check_issued( X509_STORE_CTX * ctx, X509 * x, X509 * issuer); int proxy_verify_certchain( STACK_OF(X509) * certchain, proxy_verify_desc * ppvd); int proxy_verify_callback( int ok, X509_STORE_CTX * ctx); int proxy_genreq( X509 * ucert, X509_REQ ** reqp, EVP_PKEY ** pkeyp, int bits, const char * newdn, void (*callback)(int, int, void*)); int proxy_sign( X509 * user_cert, EVP_PKEY * user_private_key, X509_REQ * req, X509 ** new_cert, int seconds, STACK_OF(X509_EXTENSION) * extensions, int limited_proxy, int proxyver, const char * newdn, const char * newissuer, int pastproxy, const char * newserial, int selfsigned ); int proxy_sign_ext( X509 * user_cert, EVP_PKEY * user_private_key, const EVP_MD * method, X509_REQ * req, X509 ** new_cert, X509_NAME * subject_name, X509_NAME * issuer_name, int seconds, STACK_OF(X509_EXTENSION) * extensions, int proxyver, int pastproxy, const char * newserial, int selfsigned); int proxy_check_subject_name( X509_REQ * req, X509_NAME * subject_name); int proxy_construct_name( X509 * cert, X509_NAME ** name, char * newcn, unsigned int len); int proxy_marshal_tmp( X509 * ncert, EVP_PKEY * npkey, X509 * ucert, STACK_OF(X509) * store_ctx, char ** filename); int proxy_marshal_bp( BIO * bp, X509 * ncert, EVP_PKEY * npkey, X509 * ucert, STACK_OF(X509) * store_ctx); int proxy_load_user_proxy( STACK_OF(X509) * cert_chain, const char * file); int proxy_get_base_name( X509_NAME * subject); X509_EXTENSION * proxy_extension_class_add_create( void * buffer, size_t length); /* * SSLeay does not have a compare time function * So we add a convert to time_t function */ time_t ASN1_UTCTIME_mktime( ASN1_UTCTIME * ctm); time_t ASN1_TIME_mktime(ASN1_TIME *ctm); int PRIVATE determine_filenames(char **cacert, char **certdir, char **outfile, char **certfile, char **keyfile, int noregen); int load_credentials(const char *certname, const char *keyname, X509 **cert, STACK_OF(X509) **stack, EVP_PKEY **key, pem_password_cb *callback); int PRIVATE load_certificate_from_file(FILE *file, X509 **cert, STACK_OF(X509) **stack); int proxy_app_verify_callback(X509_STORE_CTX *ctx, UNUSED(void *empty)); STACK_OF(X509) *load_chain(BIO *in, char*); int my_txt2nid(char *name); EXTERN_C_END #endif /* _SSLUTILS_H */ voms-2.1.2/src/include/stamp-h.in000066400000000000000000000000121477131364200166140ustar00rootroot00000000000000timestamp voms-2.1.2/src/include/stamp-h1.in000066400000000000000000000000001477131364200166720ustar00rootroot00000000000000voms-2.1.2/src/include/validate.h000066400000000000000000000025141477131364200166660ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_VALIDATE_H #define VOMS_VALIDATE_H #include "newformat.h" #include #include extern int validate(X509 *cert, X509 *issuer, AC *ac, voms &v, verify_type valids, time_t vertime, struct realdata *rd); extern std::string get_error(int e); #endif voms-2.1.2/src/include/vomsxml.h000066400000000000000000000036611477131364200166060ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_VOMSXML_H #define VOMS_VOMSXML_H #include #include #include "errors.h" struct request { std::string order; std::string targets; std::vector command; int lifetime; bool base64; int version; }; struct answer { std::string data; std::string ac; std::vector errs; bool base64; int version; }; extern std::string XML_Req_Encode(const std::string&, const std::string&, const std::string&, const int); extern std::string XML_Ans_Encode(const std::string&, const std::string&, const std::vector&, bool); extern bool XML_Req_Decode(const std::string&, request &); extern bool XML_Ans_Decode(const std::string&, answer &); extern std::string Encode(const std::string& data, int base64); extern std::string Decode(const std::string& data); #endif voms-2.1.2/src/install/000077500000000000000000000000001477131364200147455ustar00rootroot00000000000000voms-2.1.2/src/install/Makefile.am000066400000000000000000000015041477131364200170010ustar00rootroot00000000000000sysconfigdir = @sysconfdir@/sysconfig vomsesdir = @datadir@/voms if BUILD_CONFIG vomses_DATA = \ vomses.template \ voms.data endif libexecdir = @datadir@/voms if BUILD_CONFIG libexec_SCRIPTS = \ voms_install_db \ upgrade1to2 \ voms-ping \ mysql2oracle endif initdir = @sysconfdir@/rc.d/init.d EXTRA_DIST = \ vomses.template \ voms.data \ mysql2oracle \ voms_install_db \ upgrade1to2 \ voms.start \ voms-ping \ voms.sh.in \ sysconfig-voms MAINTAINERCLEANFILES = Makefile.in if BUILD_SERVER install-exec-hook: voms.start $(mkinstalldirs) $(DESTDIR)$(initdir) $(INSTALL) $(top_builddir)/src/install/voms.start $(DESTDIR)$(initdir)/voms install-data-hook: sysconfig-voms $(mkinstalldirs) $(DESTDIR)$(sysconfigdir) $(INSTALL) -m 644 $(top_builddir)/src/install/sysconfig-voms $(DESTDIR)$(sysconfigdir)/voms endif voms-2.1.2/src/install/mysql2oracle.in000066400000000000000000000073451477131364200177230ustar00rootroot00000000000000#!/bin/bash #set -x usage () { echo echo "usage : mysql2oracle [OPTIONS]" echo echo -ne "\t--mysql-home location of mysql (\$MYSQL_HOME)\n" echo -ne "\t--oracle-home location of oracle (\$ORACLE_HOME)\n" echo -ne "\t--db name of vosm MySQL db\n" echo -ne "\t--mysql-admin MySQL admin account\n" echo -ne "\t--mysql-pwd password of MySQL account\n" echo -ne "\t--oracle-admin Oracle account\n" echo -ne "\t--oracle-pwd password of Oracle account\n" echo -ne "\t--oracle-db name of Oracle db\n" echo -ne "\t--out output file where to put the dump (prevent from querying the oracle db)\n" echo exit 0 } # install prefix MYSQL_HOME=${MYSQL_HOME:-/usr} ORACLE_HOME=${ORACLE_HOME:-/usr} # VOMS database voms_database="" # MySQL admin user mysql_username_admin="" mysql_password_admin="" # Oracle admin user oracle_username_admin="" oracle_password_admin="" dump_output_file="" TEMP=`getopt -o h --long help,mysql-home:,oracle-home:,db:,mysql-admin:,mysql-pwd:,oracle-admin:,oracle-pwd:,oracle-db:,out: -n 'mysql2oracle' -- "$@"` if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi eval set -- "$TEMP" while true ; do case "$1" in --mysql-home) MYSQL_HOME=$2 ; shift 2 ;; --oracle-home) ORACLE_HOME=$2 ; shift 2 ;; --db) voms_database=$2 ; shift 2 ;; --mysql-admin) mysql_username_admin=$2 ; shift 2 ;; --mysql-pwd) mysql_password_admin=$2 ; shift 2 ;; --oracle-admin) oracle_username_admin=$2 ; shift 2 ;; --oracle-pwd) oracle_password_admin=$2 ; shift 2 ;; --oracle-db) oracle_database=$2 ; shift 2 ;; --out) dump_output_file=$2 ; shift 2 ;; --) shift ; break ;; --help) usage ; break ;; \?) usage ; break ;; esac done if [ "${voms_database}" = "" ]; then echo -e "\nERROR : database not selected. Use --db option.\n" exit 1 fi if [ "${mysql_username_admin}" = "" ]; then echo -e "\nERROR : MySQL admin not selected. Use --mysql-admin option.\n" exit 1 fi # Default prefix @LOCATION_ENV@=@LOCATION_DIR@ # check TNS_ADMIN is set TNS_ADMIN=${TNS_ADMIN} if [ "${TNS_ADMIN}" = "" ]; then echo -e "\nERROR : \$TNS_ADMIN not set. \n" fi # MySQL client if test -z $mysql_password_admin ; then MYSQLDUMP="$MYSQL_HOME/bin/mysqldump -u $mysql_username_admin --no-create-info --extended-insert=false --quote-names=false" else MYSQLDUMP="$MYSQL_HOME/bin/mysqldump -u $mysql_username_admin -p$mysql_password_admin --no-create-info --extended-insert=false --quote-names=false" fi # Oracle client CLIENT="$ORACLE_HOME/bin/sqlplus -S $oracle_username_admin/$oracle_password_admin@$oracle_database" DUMPFILE=`mktemp temp.XXXXXX` # clean oracle database if [ "$dump_output_file" = "" ] ; then echo "Cleaning oracle database ... " if test -f $EDG_LOCATION/etc/voms/voms-oracle.data ; then $CLIENT < $EDG_LOCATION/etc/voms/voms-oracle.data else echo $EDG_LOCATION/etc/voms/voms-oracle.data not installed! exit 1 fi fi # dump mysql database, translate and fill oracle database echo "Dumping data ..." $MYSQLDUMP $voms_database | sed '/--/d' | sed '/\/\*/d' | sed -e s/"IF EXISTS "/""/g | sed '/LOCK TABLES/d' | sed '/UNLOCK TABLES/d' | tr -s '\n' &> $DUMPFILE if [ "$dump_output_file" = "" ] ; then cat $DUMPFILE | $CLIENT rm $DUMPFILE else mv $DUMPFILE $dump_output_file fi voms-2.1.2/src/install/sysconfig-voms.in000066400000000000000000000000321477131364200202560ustar00rootroot00000000000000VOMS_USER=@with_vomsuser@ voms-2.1.2/src/install/upgrade1to2.in000066400000000000000000000025441477131364200174370ustar00rootroot00000000000000#!/bin/sh # MySQL install prefix MYSQL_HOME=/usr # VOMS database voms_database="voms" # MySQL admin user mysql_username_admin="root" mysql_password_admin="" TEMP=`getopt -o h --long mysql-home:,db:,mysql-admin:,mysql-pwd: -n 'upgrade1to2' -- "$@"` if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi eval set -- "$TEMP" while true ; do case "$1" in --mysql-home) MYSQL_HOME=$2 ; shift 2 ;; --db) voms_database=$2 ; shift 2 ;; --mysql-admin) mysql_username_admin=$2 ; shift 2 ;; --mysql-pwd) mysql_password_admin=$2 ; shift 2 ;; --) shift ; break ;; *) echo "Internal Error!" >&2 ; exit 1 ;; esac done # MySQL client if test -z $mysql_password_admin ; then MYSQLADMIN="$MYSQL_HOME/bin/mysqladmin -u $mysql_username_admin" MYSQL="$MYSQL_HOME/bin/mysql -u $mysql_username_admin" else MYSQLADMIN="$MYSQL_HOME/bin/mysqladmin -u $mysql_username_admin -p$mysql_password_admin" MYSQL="$MYSQL_HOME/bin/mysql -u $mysql_username_admin -p$mysql_password_admin" fi # Update Database $MYSQL -e " USE $voms_database; ALTER TABLE m CHANGE uid userid bigint(20); ALTER TABLE usr CHANGE uid userid bigint(20); ALTER TABLE usrd CHANGE uid userid bigint(20); UPDATE version SET version=2;" voms-2.1.2/src/install/voms-ping000066400000000000000000000026401477131364200166110ustar00rootroot00000000000000#!/bin/sh #set -x RES_COL=40 MOVE_TO_COL="echo -en \\033[${RES_COL}G" SETCOLOR_SUCCESS="echo -en \\033[1;32m" SETCOLOR_FAILURE="echo -en \\033[1;31m" SETCOLOR_WARNING="echo -en \\033[1;33m" SETCOLOR_NORMAL="echo -en \\033[0;39m" echo_success() { $MOVE_TO_COL echo -n "[ " $SETCOLOR_SUCCESS echo -n $1 $SETCOLOR_NORMAL echo " ]" } echo_failure() { $MOVE_TO_COL echo -n "[ " $SETCOLOR_FAILURE echo -n $1 $SETCOLOR_NORMAL echo " ]" } test_vo() { local voname="$1" local port=`cat $GLITE_LOCATION/etc/voms/$voname/voms.conf | grep '^--port' | sed 's/^--port=//'` local dn=`openssl x509 -subject -noout -in /etc/grid-security/hostcert.pem|cut -d' ' -f2-` set -e if nc localhost $port < /dev/null; then : else echo_failure Core return 1 fi set +e cat >/tmp/vomses </tmp/oo >/dev/null res=$? if test $res -ne 0; then grep "User unknown to this VO" /tmp/oo >/dev/null res=$? if test $res -ne 0; then echo_failure Core return 1 fi fi echo_success OK return 0 } vos=$@ # Space-separated list of VOs result=0 for vo in $vos; do echo -n "Testing $vo: " if test_vo $vo; then : else result=1 fi done exit $result voms-2.1.2/src/install/voms.csh.in000066400000000000000000000003371477131364200170400ustar00rootroot00000000000000setenv VOMS_OPTIONS "--vo unspecified --port 15000 --username voms --dbname voms --passfile @prefix@/etc/voms/voms.pass --logfile @prefix@/var/log/voms" if ( $?EDG_LOCATION ) then setenv EDG_LOCATION $EDG_LOCATION endif voms-2.1.2/src/install/voms.data000066400000000000000000000256551477131364200166010ustar00rootroot00000000000000######################################################################## # # Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it # Akos Frohner - Akos.Frohner@cern.ch # Karoly Lorentey - Karoly.Lorentey@cern.ch # # Copyright (c) 2002, 2003 INFN-CNAF on behalf of the EU DataGrid. # For license conditions see LICENSE file or # http://www.edg.org/license.html # # Parts of this code may be based upon or even include verbatim pieces, # originally written by other people, in which case the original header # follows. # ######################################################################## # MySQL dump 8.16 # # Host: localhost Database: voms #-------------------------------------------------------- # Server version 3.23.42 # # # Current Database: voms # # # Access Control List for containers (group/role/capability) # CREATE TABLE acl ( -- ACL identifier (common id for all entries in one list) aid bigint unsigned NOT NULL, -- Administrator's identifier adminid bigint NOT NULL, -- Operation on the container operation smallint NOT NULL, -- Allow/deny flag (default deny). allow tinyint NOT NULL, -- Changelog createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, -- Keys and indices. INDEX (aid), -- not primary key! INDEX (aid, adminid, operation) ) TYPE=InnoDB; CREATE TABLE acld ( aid bigint unsigned NOT NULL, adminid bigint NOT NULL, operation bigint NOT NULL, allow tinyint NOT NULL, createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, deletedBy bigint unsigned NOT NULL, deletedSerial bigint unsigned NOT NULL, -- Keys and indices. INDEX (aid), INDEX (aid, adminid, operation) ) TYPE=InnoDB; # # List of the administrator users (to be referenced in acls) # CREATE TABLE admins ( -- Administrator's identifier adminid bigint NOT NULL, -- the DN of the administrator dn varchar(250) NOT NULL, -- Issuer certificate authority ca smallint unsigned NOT NULL, createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, -- Keys and indices. PRIMARY KEY (adminid), UNIQUE KEY admin (dn,ca) ) TYPE=InnoDB; # # Known Certificate Authorities # (generated from /etc/grid-security/certificates). # CREATE TABLE ca ( -- Internal id. cid smallint unsigned NOT NULL auto_increment, -- Distinguished name (UTF-8). ca varchar(250) NOT NULL, -- free-form description of the CA cadescr varchar(250), PRIMARY KEY (cid), UNIQUE KEY ca (ca) -- No createdBy/createdSerial, the rows in this table, because -- they should be never changed by the administrative interface. ) TYPE=InnoDB; # # Holds all groups in a VO # CREATE TABLE groups ( -- Internal entity identifier. gid bigint unsigned NOT NULL auto_increment, -- Fully Qualified Group Name dn varchar(255) NOT NULL, -- Parent group. parent bigint unsigned NOT NULL, -- Applied ACL (entries are in 'or' relation). aclid bigint unsigned NOT NULL, -- Default ACL for a group/role created under this group. defaultAclid bigint unsigned NOT NULL, -- Changelog. createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, must tinyint default null, -- Keys and indices. PRIMARY KEY (gid), KEY parentg (parent), KEY groupname (dn) ) TYPE=InnoDB; -- archive table for groups CREATE TABLE groupsd ( gid bigint unsigned NOT NULL, dn varchar(255) NOT NULL, parent bigint unsigned NOT NULL, aclid bigint unsigned NOT NULL, must tinyint, defaultAclid bigint unsigned NOT NULL, createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, deletedBy bigint unsigned NOT NULL, deletedSerial bigint unsigned NOT NULL, PRIMARY KEY (gid), KEY parentg (parent), KEY groupname (dn) ) TYPE=InnoDB; # # Link table between usr and (roles/groups/capabilities) # CREATE TABLE m ( -- user's identifier uid bigint unsigned NOT NULL REFERENCES usr(uid), -- group gid bigint unsigned NOT NULL REFERENCES groups(gid), -- role rid bigint unsigned REFERENCES roles(rid), -- capability cid bigint unsigned REFERENCES capabilities(cid), vid bigint unsigned REFERENCES validity(vid), pid bigint unsigned REFERENCES periodicity(pid), -- Changelog createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, -- Keys and indices UNIQUE m (uid,gid,rid,cid), KEY uid (uid), KEY rid (rid), KEY cid (cid), KEY container (gid,rid,cid) ) TYPE=InnoDB; -- archives for membership CREATE TABLE md ( uid bigint unsigned NOT NULL, gid bigint unsigned NOT NULL, rid bigint unsigned, cid bigint unsigned, vid bigint unsigned, pid bigint unsigned, createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, deletedBy bigint unsigned NOT NULL, deletedSerial bigint unsigned NOT NULL, UNIQUE m (uid,gid,rid,cid), KEY uid (uid), KEY rid (rid), KEY cid (cid), KEY container (gid,rid,cid) ) TYPE=InnoDB; # # Table structure for table 'validity' # CREATE TABLE validity ( vid bigint unsigned NOT NULL, begin TIMESTAMP NOT NULL, end TIMESTAMP NOT NULL, PRIMARY KEY(vid) ) TYPE=InnoDB; # # Table structure for table 'periodicity' # CREATE TABLE periodicity ( pid bigint unsigned NOT NULL, hour TINYINT NOT NULL, day TINYINT NOT NULL, wday TINYINT NOT NULL, month TINYINT NOT NULL, year TINYINT NOT NULL, hduration INTEGER NOT NULL, PRIMARY KEY(pid) ) TYPE=InnoDB; # # Support for special queries # CREATE TABLE queries ( qid bigint unsigned NOT NULL auto_increment, query varchar(255) NOT NULL, PRIMARY KEY (qid) ) TYPE=InnoDB; # # Holds all roles in a VO # CREATE TABLE roles ( -- Internal entity identifier. rid bigint unsigned NOT NULL auto_increment, -- the role name (relative to a group) role varchar(255) NOT NULL, -- Applied ACL (entries are in 'or' relation). aclid bigint NOT NULL, -- Changelog. createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, PRIMARY KEY (rid), KEY role (role) ) TYPE=InnoDB; -- archive table for roles CREATE TABLE rolesd ( rid bigint unsigned NOT NULL, role varchar(255) NOT NULL, aclid bigint NOT NULL, createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, deletedBy bigint unsigned NOT NULL, deletedSerial bigint unsigned NOT NULL, PRIMARY KEY (rid), KEY role (role) ) TYPE=InnoDB; # # Holds all capabilities in the VO. # CREATE TABLE capabilities ( -- Internal entity identifier. cid bigint unsigned NOT NULL auto_increment, -- Name of the capability (for administration) capability varchar(255) NOT NULL, -- Applied ACL (entries are in 'or' relation). aclid bigint NOT NULL, -- Changelog createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, -- Keys and indices. PRIMARY KEY (cid), KEY capability (capability) ) TYPE=InnoDB; -- archive table for capabilities CREATE TABLE capabilitiesd ( cid bigint unsigned NOT NULL, capability varchar(255) NOT NULL, aclid bigint NOT NULL, createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, deletedBy bigint unsigned NOT NULL, deletedSerial bigint unsigned NOT NULL, PRIMARY KEY (cid), KEY capability (capability) ) TYPE=InnoDB; # # Lists all users administered by the VOMS. # CREATE TABLE usr ( -- Internal entity identifier. uid bigint unsigned NOT NULL auto_increment, -- Distinguished name (UTF-8). dn varchar(250) NOT NULL, -- Issuer certificate authority. ca smallint unsigned NOT NULL, -- Common Name (UTF-8) cn varchar(250) NOT NULL, -- User's mail address (optional) mail varchar(250) default NULL, -- pointer to the user's certificate (optional) cauri varchar(250) default NULL, -- Changelog. createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, -- Keys and indices. KEY (uid), UNIQUE KEY dnca (dn,ca), KEY dn (dn) ) TYPE=InnoDB; -- The archive records for usr. CREATE TABLE usrd ( uid bigint unsigned NOT NULL, dn varchar(250) NOT NULL, ca smallint unsigned NOT NULL, cn varchar(250) NOT NULL, mail varchar(250), cauri varchar(250), createdBy bigint unsigned NOT NULL, createdSerial bigint unsigned NOT NULL, deletedBy bigint unsigned NOT NULL, deletedSerial bigint unsigned NOT NULL, KEY (uid), -- This is not unique! KEY dnca (dn,ca), -- This is not unique! KEY dn (dn) ) TYPE=InnoDB; # # Changelog tables. # CREATE TABLE realtime ( transaction bigint unsigned NOT NULL, time timestamp NOT NULL, PRIMARY KEY(transaction), INDEX (time) ) TYPE=InnoDB; CREATE TABLE sequences ( name varchar(32) NOT NULL, value bigint, INDEX (name) ) TYPE=InnoDB; CREATE TABLE createuser_queue ( -- Request id. reqid BIGINT NOT NULL, -- DN of user to be created. dn VARCHAR(255) NOT NULL, -- CA id of user to be created. cid SMALLINT NOT NULL, -- CN of user to be created. cn VARCHAR(255), -- CAURI of user to be created. cauri VARCHAR(255), -- Email address of user to be created. mail VARCHAR(255), -- Email address to notify when request is closed. clientemail VARCHAR(255), -- Client notification address. clientcomment VARCHAR(255), -- Comment given by the client. admincomment VARCHAR(255), -- Comment given by the admin. status BIGINT NOT NULL, PRIMARY KEY (reqid), INDEX (dn, cid) ) TYPE=InnoDB; -- Database version number. -- -- Version 0 is, where the version table doesn't exists. -- Later versions can be tested by -- -- select max(version) from version; -- CREATE TABLE version ( version INT ) TYPE = InnoDB; -- Sequence number of the issued attribute certificates in bigint format. CREATE TABLE seqnumber ( seq VARCHAR(50) NOT NULL ) TYPE = InnoDB; -- Persistent storage of serialized Java request objects. It would be -- a nightmare to define and maintain a detailed database mapping for -- request type hierarchies, state hierarchies, the chronicle, etc., -- so we cheat by storing the domain objects themselves in the -- database. We speed up database access by duplicating some of the -- request data in indexed columns. CREATE TABLE requests ( -- Request id. reqid BIGINT NOT NULL, -- True if the request has been fully processed. complete BOOL, -- The type of the request. (A fully qualified Java class name.) type VARCHAR(128), -- The requested action. (A fully qualified Java class name.) action VARCHAR(128), -- The fqdn of the container that this request wants to change. container VARCHAR(128), -- The short name of the state of the request. state VARCHAR(32), -- Id of the client sending the request. (Points to ADMINS table.) requester BIGINT, -- The time of the last state change. lastchange TIMESTAMP, -- The serialized Java Request object. request BLOB NOT NULL, PRIMARY KEY(reqid), INDEX (reqid), INDEX (state), INDEX (type), INDEX (action), INDEX (container), INDEX (requester), INDEX (lastchange) ) TYPE=InnoDB; voms-2.1.2/src/install/voms.sh.in000066400000000000000000000002561477131364200166750ustar00rootroot00000000000000export VOMS_OPTIONS="--vo unspecified --port 15000 --username voms --dbname voms --passfile @prefix@/etc/voms/voms.pass --logfile @prefix@/var/log/voms" export EDG_LOCATION voms-2.1.2/src/install/voms.start.in000066400000000000000000000276211477131364200174250ustar00rootroot00000000000000#!/bin/bash #set -x ######################################################################## # # Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it # # Copyright (c) Members of the EGEE Collaboration. 2004-2010. # See http://www.eu-egee.org/partners/ for details on the copyright holders. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Parts of this code may be based upon or even include verbatim pieces, # originally written by other people, in which case the original header # follows. # ######################################################################## # # voms This shell script takes care of starting and stopping # voms servers. # # chkconfig: 2345 95 05 # description: Virtual Organization Membership Service # processname: voms # pidfile: /var/run/voms.pid # ### BEGIN INIT INFO # Provides: voms # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Virtual Organization Membership Service # Description: Virtual Organization Membership Service ### END INIT INFO RUN=yes etcpath=@ETC_DIR@ # Source an auxiliary profile file if we have one and pick up VOMS_USER and RUN if [ -r ${etcpath}/default/voms ] ; then . ${etcpath}/default/voms fi if [ -r ${etcpath}/sysconfig/voms ] ; then . ${etcpath}/sysconfig/voms fi # Default prefix @LOCATION_ENV@=@LOCATION_DIR@ @VAR_LOCATION_ENV@=@VAR_DIR@ # check whether $@VAR_LOCATION_ENV@/lock/subsys exists if ! test -d $@VAR_LOCATION_ENV@/lock/subsys ; then mkdir -p $@VAR_LOCATION_ENV@/lock/subsys fi # Default path basepath=$@LOCATION_ENV@ binpath=@BIN_DIR@/sbin # Don't run until configuration is done if [ "x$RUN" != "xyes" ] ; then echo "voms disabled, please adjust the configuration to your needs " echo "and then set RUN to 'yes' in /etc/default/voms to enable it." exit 0 fi voms=${binpath}/voms if !(test -x ${voms}) ; then echo "Cannot find voms." exit 0 fi RETVAL=0 function start() { RETGLOB=0 # Start daemons. prog=`basename ${voms}` if test -z $1; then vos=`ls ${etcpath}/voms` if test -z "$vos" ; then echo "No VOMS servers configured." return 0 fi else vos=$1 fi for vo in $vos ; do if test -f ${etcpath}/voms/$vo/voms.conf ; then echo -n "Starting $prog($vo): " if test -f ${etcpath}/voms/$vo/tnsnames.ora ; then tnsvalue=${etcpath}/voms/$vo else tnsvalue="$TNS_ADMIN" fi if [ -f $@VAR_LOCATION_ENV@/lock/subsys/voms.$vo ]; then read pid < $@VAR_LOCATION_ENV@/lock/subsys/voms.$vo if test "x$pid" != "x"; then checkpid $pid value=$? if test $value -eq 0; then echo "VOMS ($pid) is already running" continue; fi if test $value -eq 2; then echo "lock file $VOMS_LOCATION_VAR/lock/subsys/voms.$vo seems to be stale" echo "it points to a process which does not seem to be a voms server." echo "If you are certain that this is the case, remove it and restart voms again." continue; fi fi fi if [ -n "$VOMS_USER" ]; then su -c "TNS_ADMIN=\"$tnsvalue\" ${voms} --conf ${etcpath}/voms/$vo/voms.conf" -s /bin/bash $VOMS_USER else TNS_ADMIN="$tnsvalue" ${voms} --conf ${etcpath}/voms/$vo/voms.conf fi # get process id pid=$(ps axo pid,args | grep "${voms} --conf ${etcpath}/voms/$vo/voms.conf" | grep -v grep | cut -f 1 -d '/'|head -1) pids=`ps -efww | grep "${voms} --conf ${etcpath}/voms/$vo/voms.conf" | grep -v grep | awk '{ print $2; }'` NUM=$(($pid)) if test $NUM -eq 0; then RETVAL=1 else RETVAL=0 fi [ $RETVAL -eq 0 ] && echo $pid > $@VAR_LOCATION_ENV@/lock/subsys/voms.$vo if test $RETVAL -ne 0; then RETGLOB=$(($RETGLOB + 1 )) fi [ "$RETVAL" -eq 0 ] && success || failure echo fi done return $RETGLOB } if [ -r /etc/init.d/functions ] ; then . /etc/init.d/functions else success() { echo $1 RES_COL=60 echo -en "\\033[${RES_COL}G" echo -n "[ " echo -en "\\033[1;32m" echo -n OK echo -en "\\033[0;39m" echo -n " ]" echo -ne "\r" echo return 0 } failure() { rc=$? echo $1 RES_COL=60 echo -en "\\033[${RES_COL}G" echo -n "[" echo -en "\\033[1;31m" echo -n FAILED echo -en "\\033[0;39m" echo -n "]" echo -ne "\r" echo return $rc } fi checkpid() { ps --pid $1 >> /dev/null if [ $? == 0 ]; then ps --pid $1 | grep voms >>/dev/null if [ $? == 0 ]; then #pid file is current. The Process is a VOMS return 0 else #pid file is stale. The Process running is not a voms. return 2 fi else #pid file is stale. The Process does not exist anymore. return 1 fi } # A function to stop a program. killprocs() { RC=0 # Test syntax. if [ "$#" -eq 0 ]; then echo $"Usage: killproc {pids} [signal]" return 1 fi notset=0 # check for second arg to be kill level if [ "$2" != "" ] ; then killlevel=$2 else notset=1 killlevel="-9" fi # Find pid. pid=$1 # Kill it. if [ -n "${pid:-}" ] ; then [ "$BOOTUP" = "verbose" -a -z "$LSB" ] && echo -n "$base " if [ "$notset" -eq "1" ] ; then if checkpid $pid 2>&1; then # TERM first, then KILL if not dead kill -TERM $pid sleep 0.1 if checkpid $pid && sleep 1 && checkpid $pid && sleep 3 && checkpid $pid ; then kill -KILL $pid sleep 0.1 fi fi checkpid $pid RC=$? [ "$RC" -eq 0 ] && failure $"$base shutdown" || success $"$base shutdown" RC=$((! $RC)) else # use specified level only if checkpid $pid >/dev/null 2>&1; then kill $killlevel $pid RC=$? [ "$RC" -eq 0 ] && success $"$base $killlevel" || failure $"$base $killlevel" fi fi else failure $"$base shutdown" RC=1 fi # Remove pid file if any. if [ "$notset" = "1" ]; then rm -f /var/run/$base.pid fi return $RC } function stop() { RETGLOB=0 # Stop daemons. prog=`basename ${voms}` if test -z $1; then vos=`ls ${etcpath}/voms` if test -z "$vos" ; then echo "No VOMS servers configured." return 0 fi else vos=$1 fi for vo in $vos ; do if test -f ${etcpath}/voms/$vo/voms.conf ; then echo -n "Stopping $prog($vo): " pids=`ps -efww | grep "${voms} --conf ${etcpath}/voms/$vo/voms.conf" | grep -v grep | awk '{ print $2; }'` dbname=`grep dbname ${etcpath}/voms/$vo/voms.conf | awk -F"=" '{ print $2; }'` username=`grep username ${etcpath}/voms/$vo/voms.conf | awk -F"=" '{ print $2; }'` if test "x$username" = "x"; then pids=""; pids2=""; else pids2=`ps -efww | grep middleman$dbname | grep $username | grep -v grep | awk '{ print $2; }'` fi if test "x$pids2" != "x"; then kill -TERM $pids2 usleep 100000 if checkpid $pids2 && sleep 1 && checkpid $pids2 && sleep 3 && checkpid $pids2 ; then kill -KILL $pids2 usleep 100000 fi fi if test -z "$pids"; then echo "(already stopped)" continue fi for pid in $pids; do killprocs ${pid} done RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f $@VAR_LOCATION_ENV@/lock/subsys/voms.$vo RETGLOB=$((RETGLOB + RETVAL)) fi done return $RETGLOB } function condrestart() { RETGLOB=0 # Conditionally restart daemons. prog=`basename ${voms}` if test -z $1; then vos=`ls ${etcpath}/voms` if test -z "$vos" ; then echo "No VOMS servers configured." return 0 fi else vos=$1 fi for vo in $vos ; do if test -f ${etcpath}/voms/$vo/voms.conf ; then pids=`ps -efww | grep "${voms} --conf ${etcpath}/voms/$vo/voms.conf" | grep -v grep | awk '{ print $2; }'` if test -n "$pids"; then $0 restart $vo RETVAL=$? RETGLOB=$((RETGLOB + RETVAL)) fi fi done return $RETGLOB } function getstatus() { value=0 # Get status. prog=`basename ${voms}` if test -z $1; then vos=`ls ${etcpath}/voms` if test -z "$vos" ; then echo "No VOMS servers configured." return 0 fi else vos=$1 fi for vo in $vos ; do if test -f ${etcpath}/voms/$vo/voms.conf ; then echo -n "Status $prog($vo): " pids=`ps -efww | grep "${voms} --conf ${etcpath}/voms/$vo/voms.conf" | grep -v grep | awk '{ print $2; }'` if test -z "$pids"; then if [ -f $@VAR_LOCATION_ENV@/lock/subsys/voms.$vo ]; then echo "dead but subsys locked" value=$[$value < 2 ? 2 : $value] continue fi echo "stopped" value=$[$value < 3 ? 3 : $value] continue else echo -n "(pid $pids) is running..." | tr '\n' ' ' echo value=$[$value < 0 ? 0 : $value] continue fi fi done return $value } function reload() { RETGLOB=0 # Stop daemons. prog=`basename ${voms}` if test -z $1; then vos=`ls ${etcpath}/voms` else vos=$1 fi for vo in $vos ; do if test -f ${etcpath}/voms/$vo/voms.conf ; then echo -n "Reload $prog($vo): " pids=`ps -efww | grep "${voms} --conf ${etcpath}/voms/$vo/voms.conf" | grep -v grep | awk '{ print $2; }'` if test -z "$pids"; then failure; echo RETVAL=1 continue else kill -HUP $pids fi RETVAL=$? RETGLOB=$((RETGLOB + RETVAL)) fi done return $RETGLOB } # See how we were called. case "$1" in start) start $2 RETVAL=$? ;; stop) stop $2 RETVAL=$? ;; status) getstatus $2 RETVAL=$? ;; restart | force-reload) stop $2 start $2 RETVAL=$? ;; condrestart | try-restart) condrestart $2 RETVAL=$? ;; reload) reload $2 RETVAL=$? ;; *) echo $"Usage: $0 {start|stop|restart|status|condrestart} [VO]" RETVAL=1 esac exit $RETVAL voms-2.1.2/src/install/voms_install_db.in000066400000000000000000000273561477131364200204710ustar00rootroot00000000000000#!/bin/sh #set -x # Default prefix @LOCATION_ENV@=@LOCATION_DIR@ # Logfile location LOG_DIR=@VAR_DIR@/log/voms # Trust anchors location CERTDIR=${CERTDIR:-/etc/grid-security/certificates} # openssl SSLPROG="openssl" # MySQL install prefix MYSQL_HOME=${MYSQL_HOME:-/usr} # MySQL install prefix ORACLE_HOME=${ORACLE_HOME:-/usr/} # VOMS database voms_database="" # VOMS VO voms_vo="" # MySQL admin user db_username_admin="root" db_password_admin="" # VOMS query user voms_username_query="" voms_password_query="" ECHO=/bin/echo # Default path basepath=$@LOCATION_ENV@ datapath=@ETC_DIR@ # Default Suffix code=0 compat_mode="" timeout=30 loglevel=2 logtype=7 logdateformat="" logformat="" sqlloc="" help="" newformat="yes" vomscert="/etc/grid-security/voms/hostcert.pem" vomskey="/etc/grid-security/voms/hostkey.pem" if test "x@with_mysqlconf@" != "x" ; then MYSQLCONF=" --defaults-file=@with_mysqlconf@ " else MYSQLCONF="" fi TEMP=`getopt -o h --long vomscert:,vomskey:,mysql-home:,loglevel:,logtype:,logformat:,logdateformat:,oracle-home:,db:,port:,code:,voms-vo:,socktimeout:,db-type:,sqlloc:,db-admin:,db-pwd:,voms-name:,voms-pwd:,newformat,oldformat,compat -n 'voms_install_db' -- "$@"` if [ $? != 0 ] ; then $ECHO "Terminating..." >&2 ; exit 1 ; fi eval set -- "$TEMP" while true ; do case "$1" in --mysql-home) MYSQL_HOME=$2 ; shift 2 ;; --oracle-home) ORACLE_HOME=$2 ; shift 2 ;; --db) voms_database=$2 ; shift 2 ;; --port) port=$2 ; shift 2 ;; --code) code=0 ; shift 2 ;; --voms-vo) voms_vo=$2 ; shift 2 ;; --db-type) db_type=$2 ; shift 2 ;; --sqlloc) sqlloc=$2 ; shift 2 ;; --db-admin) db_username_admin=$2 ; shift 2 ;; --db-pwd) db_password_admin=$2 ; shift 2 ;; --voms-name) voms_username_query=$2 ; shift 2 ;; --voms-pwd) voms_password_query=$2 ; shift 2 ;; --compat) compat_mode="-compat" ; shift 1 ;; --socktimeout) timeout=$2 ; shift 2 ;; --loglevel) loglevel=$2 ; shift 2 ;; --logtype) logtype=$2 ; shift 2 ;; --logformat) logformat=$2 ; shift 2 ;; --logdateformat) logdateformat=$2 ; shift 2 ;; --newformat) newformat="yes" ; shift 1 ;; --oldformat) newformat="no" ; shift 1 ;; --vomscert) vomscert=$2 ; shift 2 ;; --vomskey) vomskey=$2 ; shift 2 ;; -h) help="yes" ; shift 1 ;; --) shift ; break ;; *) $ECHO "$1: Internal Error!" >&2 ; exit 1 ;; esac done if test "x$help" = "xyes"; then $ECHO "USAGE: voms_install_db [--option value] ... [--option value]" $ECHO $ECHO "Where --option may be:" $ECHO " --mysql-home path Where the MySQL installation is based." $ECHO " Defaults to the value of \$MYSQL_HOME" $ECHO " if specified, and /usr otherwise. Only" $ECHO " needed if MySQL support is desired." $ECHO " --oracle-home path Where the Oracle installation is based." $ECHO " Only needed if Oracle support is desired." $ECHO " No defaults." $ECHO " --port port The port on which the server will listen." $ECHO " The default value is 15000." $ECHO " --code num Only present for compatibility with older" $ECHO " versions of this script. It is ignored." $ECHO " --voms-vo name The name of the VO. No defaults." $ECHO " --db-type type The type of the underlying DB. Only" $ECHO " 'mysql' and 'oracle' are accepted now." $ECHO " There are no defaults. This must always be." $ECHO " specified." $ECHO " --sqlloc path The name of the db access library to use." $ECHO " The library path must be in \$LD_LIRARY_PATH" $ECHO " or in ld.so.conf, or the option must specify" $ECHO " the full path. Defaults to libvoms.so." $ECHO " --db-admin name The name of the DB administrator account." $ECHO " Defaults to 'root'." $ECHO " --db-pwd password The password associated to the db-admin account." $ECHO " No defaults." $ECHO " --voms-name name The name of the DB account that will be created to" $ECHO " let VOMS access the DB. Defaults to voms_." $ECHO " --voms-pwd The password of the previous account. The default" $ECHO " is randomly generated." $ECHO " --compat If specified, allows the server to work with an" $ECHO " existing DB coming from VOMS 1.4.x or before." $ECHO " --socktimeout sec Specifies the length of time after which connections" $ECHO " to the server will be dropped, in seconds. The" $ECHO " default is 60 seconds." $ECHO " --loglevel lev Sets the amount of leveling. Higher values imply more" $ECHO " logging. The default is 2. (LOG_ERROR)" $ECHO " --logtype type Specifies what to log. See the voms(8) man page for details." $ECHO " --logformat format See the voms(8) man page for details." $ECHO " --logdateformat format See the voms(8) man page for details." $ECHO " --newformat Creates AC according to the new format." $ECHO " --oldformat Creates AC according to the old format." $ECHO " --help This output." exit 0; fi if test "x$voms_vo" = "x"; then $ECHO "The VO name MUST be specified!" exit 1; fi if test "x$voms_username_query" = "x"; then voms_username_query="voms_"$voms_vo fi if test "x$voms_database" = "x"; then voms_database="voms_"$voms_vo fi if test "x$voms_password_query" = "x"; then voms_password_query="`$SSLPROG rand -base64 6`"; fi if test "x$db_type" != "xmysql"; then if test "x$db_type" != "xoracle"; then $ECHO "Only 'mysql' or 'oracle' are accepted values for --db-type." $ECHO "Instead $db_type was given!" exit 1 fi fi if test "x$compat_mode" = "x-compat" ; then if test "x$db_type" != "xmysql"; then $ECHO "compatibility mode only works with MySQL!"; exit 1; fi fi if test "x$sqlloc" = "x"; then sqlloc="libvoms$db_type.so" fi # choose client if test "x$db_type" = "xmysql" ; then if test -z $db_password_admin ; then MYSQLADMIN="$MYSQL_HOME/bin/mysqladmin $MYSQLCONF -u $db_username_admin" CLIENT="$MYSQL_HOME/bin/mysql $MYSQLCONF -u $db_username_admin" else MYSQLADMIN="$MYSQL_HOME/bin/mysqladmin $MYSQLCONF -u $db_username_admin -p$db_password_admin" CLIENT="$MYSQL_HOME/bin/mysql $MYSQLCONF -u $db_username_admin -p$db_password_admin" fi elif test "x$db_type" = "xoracle" ; then CLIENT="$ORACLE_HOME/bin/sqlplus -S $db_username_admin/$db_password_admin@$voms_database" else $ECHO "Please select one beetween --db-type oracle and --db-type mysql." exit 1; fi # Create Database if test "x$db_type" = "xmysql" ; then $CLIENT -e "DROP DATABASE IF EXISTS $voms_database; CREATE DATABASE $voms_database;" if test $? -ne 0 ; then $ECHO "Could not execute $CLIENT command" exit 1; fi CLIENT="$CLIENT -D$voms_database" fi # Create Tables $CLIENT < "${basepath}/share/voms/voms-"$db_type$compat_mode".data" # Create users if test "x$db_type" = "xmysql" ; then $CLIENT -e " GRANT SELECT ON $voms_database.* TO $voms_username_query IDENTIFIED BY '$voms_password_query'; GRANT LOCK TABLES ON $voms_database.* TO $voms_username_query IDENTIFIED BY '$voms_password_query'; GRANT SELECT ON $voms_database.* TO $voms_username_query@localhost IDENTIFIED BY '$voms_password_query'; GRANT LOCK TABLES ON $voms_database.* TO $voms_username_query@localhost IDENTIFIED BY '$voms_password_query'; FLUSH PRIVILEGES;" fi # Populate database $CLIENT </dev/null # Creating voms user #useradd -g voms voms 2>/dev/null # Setting ownership and permission for voms_password_query file mkdir -p $datapath/voms/$voms_vo mkdir -p $LOG_DIR #$datapath/log $ECHO $voms_password_query > $datapath/voms/$voms_vo/voms.pass uid=`/usr/bin/id -u` [ $uid = "0" ] && chown root:voms $datapath/voms/$voms_vo/voms.pass chmod 640 $datapath/voms/$voms_vo/voms.pass if test -z $voms_vo ; then logname=voms else logname=voms.$voms_vo fi $ECHO -en "--vo=$voms_vo\n--dbname=$voms_database\n--port=$port\n--username=$voms_username_query\n--passfile=$datapath/voms/$voms_vo/voms.pass\n--sqlloc=$sqlloc\n--logfile=$LOG_DIR/$logname\n" > $datapath/voms/$voms_vo/voms.conf $ECHO -en "--socktimeout=$timeout\n--loglevel=$loglevel\n--logtype=$logtype\n" >>$datapath/voms/$voms_vo/voms.conf if test "x$compat_mode" = "x-compat"; then $ECHO -en "--compat\n" >> $datapath/voms/$voms_vo/voms.conf fi if test "x$logformat" != "x"; then $ECHO -en "--logformat=\"$logformat\"\n" >> $datapath/voms/$voms_vo/voms.conf fi if test "x$logdateformat" != "x"; then $ECHO -en "--logdateformat=\"$logdateformat\"\n" >> $datapath/voms/$voms_vo/voms.conf fi if test "x$newformat" = "xyes"; then $ECHO -en "--newformat\n" >> $datapath/voms/$voms_vo/voms.conf fi $ECHO -en "--x509_user_cert=$vomscert\n" >> $datapath/voms/$voms_vo/voms.conf $ECHO -en "--x509_user_key=$vomskey\n" >> $datapath/voms/$voms_vo/voms.conf voms-2.1.2/src/install/vomses.template000066400000000000000000000002571477131364200200220ustar00rootroot00000000000000# "nickname" "host" "port" "hostcert's dn" "vo" "globus version (of the server to contact)" "wpsix" "gppvom06.gridpp.rl.ac.uk" "50001" "gppvom06.gridpp.rl.ac.uk" "wpsix" "22" voms-2.1.2/src/log/000077500000000000000000000000001477131364200140605ustar00rootroot00000000000000voms-2.1.2/src/log/Makefile.am000066400000000000000000000002341477131364200161130ustar00rootroot00000000000000 noinst_LTLIBRARIES = liblog.la EXTRA_DIST = streamers.h liblog_la_SOURCES = \ log.c \ fs.c \ sl.c liblog_la_CFLAGS = \ -I $(top_srcdir)/src/include voms-2.1.2/src/log/fs.c000066400000000000000000000142351477131364200146410ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include "log.h" #include "streamers.h" #include #include #include #include #include #include #include #include #include #include "doio.h" struct localdata { char *name; char *dateformat; int maxlog; int fd; }; static int filereopen(struct localdata *ld); static int logfile_rotate(const char * name); static char *translate(char *format, char *date) { char *position = strstr(format, "%d"); char *newstring = NULL; while (position) { *position++='\0'; position++; newstring = snprintf_wrap("%s%s%s", format, date, position); free(format); format = newstring; position = strstr(format, "%d"); } return format; } static int fileoutputter(void *data, const char *s) { int written = 0; int size; int total = 0; char *output = NULL; struct localdata *ld = (struct localdata *)data; if (!ld || ld->fd == -1) return 0; off_t position = lseek(ld->fd, 0, SEEK_CUR); if (ld->maxlog) { if (position > ld->maxlog) { if (!logfile_rotate(ld->name) || !filereopen(ld)) { UNUSED(int ret); ret= write(ld->fd, "VOMS: LOGGING ROTATION ERROR\n", 29); } } } output = strdup(s); if (ld->dateformat) { char *data = NULL; int datasize = 256; size_t len = 0; time_t t; struct tm *ti; time(&t); ti = localtime(&t); do { free(data); if ((data = malloc(datasize))) len = strftime(data, datasize, ld->dateformat, ti); datasize += 50; } while (len == 0 && data); output = translate(output, data); free(data); } size = strlen(output); do { written = write(ld->fd, output + total, size - total); total += written; } while (total != size && written != -1); free(output); return 1; } static int filereopen(struct localdata *ld) { int newfd = open(ld->name, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR); if (newfd != -1) { close(ld->fd); ld->fd = newfd; return 1; } return 0; } static void filedestroy(void *data) { struct localdata *ld = (struct localdata *)data; if (!ld) return; if (ld->fd != -1) close(ld->fd); free (ld->name); free(ld); } static void *fileinit(void) { struct localdata *ld = NULL; ld = malloc(sizeof(struct localdata)); if (ld) { ld->name = NULL; ld->dateformat = NULL; ld->fd = -1; ld->maxlog = 0; } return ld; } static void fileoptioner(void *data, const char *name, const char *value) { struct localdata *ld = (struct localdata *)data; if (!ld) return; if (strcmp(name, "NAME") == 0) { int fd = open(value, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR); if (fd != -1) { if (ld->name) { free(ld->name); if (ld->fd != -1) close(ld->fd); } ld->name = strdup(value); ld->fd = fd; } } else if (strcmp(name, "MAXSIZE") == 0) { ld->maxlog = atoi(value); } else if (strcmp(name, "DATEFORMAT") == 0) { if (ld->dateformat) free(ld->dateformat); ld->dateformat = strdup(value); } } void *FILEStreamerAdd(void *h) { if (h) { return LogAddStreamer(h, "FILE", fileinit, fileoutputter, filedestroy, fileoptioner); } return NULL; } static int logfile_rotate(const char * name) { char *pos, *dirname, *newname, *oldname; char const* basename = NULL; DIR * dir = NULL; struct dirent * de = NULL; int result = 0; char *fname = NULL; int fd; newname = NULL; /* get the name of the directory and of the file */ fname = snprintf_wrap("%s-lck", name); if (!fname) goto err; if ((fd = open(fname, O_CREAT|O_EXCL|O_RDONLY, S_IRUSR|S_IWUSR)) != -1) { int i = 0; int max = 0; pos = strrchr(name, '/'); if (pos == NULL) { dirname = snprintf_wrap("."); basename = name; } else if (pos == name) { dirname = snprintf_wrap("/"); basename = ++pos; } else { dirname = snprintf_wrap("%s", name); dirname[pos-name] = '\0'; basename = ++pos; } if (!dirname) goto err; dir = opendir(dirname); if (dir) { int baselen = strlen(basename); while ((de = readdir(dir))) { pos = strrchr(de->d_name, '.'); if (pos && atoi(pos+1) > max && (size_t)(pos - de->d_name) == baselen && strncmp(basename, de->d_name, baselen) == 0) max = atoi(pos+1); } closedir(dir); } free(dirname); /* rename each file increasing the suffix */ if (max) { for(i = max; i > 0 ; --i) { newname = snprintf_wrap("%s.%d", name, i+1); oldname = snprintf_wrap("%s.%d", name, i); if (newname && oldname) (void)rename(oldname, newname); free(oldname); free(newname); } } newname = snprintf_wrap("%s.1", name); /* rename the main file to .1 */ if (newname) { if (rename(name, newname) != -1) result = 1; } free(newname); unlink(fname); close(fd); } err: free(fname); return result; } voms-2.1.2/src/log/log.c000066400000000000000000000306631477131364200150150ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "streamers.h" #include "doio.h" static char *typenames[] = { "STARTUP", "REQUEST", "RESULT" }; static char *levnames[] = { "LOG_ERROR", "LOG_WARN", "LOG_INFO", "LOG_DEBUG", "NONE"}; struct OutputStream { void *userdata; char *name; void * (*initter)(); int (*outputter)(void *, const char *); void (*destroyer)(void *); void (*optioner)(void *, const char *, const char *); int active; struct OutputStream *next; }; struct LogInfo { loglevels currlev; int currtype; logtypes deftype; const char *format; const char *dateformat; const char *service; struct OutputStream *streamers; }; void *LogInit() { struct LogInfo *info = NULL; info = calloc(1, sizeof(struct LogInfo)); if (info) { FILEStreamerAdd(info); SYSLOGStreamerAdd(info); } return info; } void LogOption(void *data, const char *name, const char *value) { struct LogInfo *li=(struct LogInfo *)data; struct OutputStream *stream = li->streamers; while (stream) { stream->optioner(stream->userdata, name, value); stream = stream->next; } } void LogOptionInt(void *data, const char *name, int value) { #define INTSIZE (((sizeof(int)*CHAR_BIT)/3)+2) static char val[INTSIZE]; memset(val, 0, INTSIZE); (void)snprintf(val, INTSIZE, "%d", value); #undef INTSIZE LogOption(data, name, val); } void LogActivate(void *data, const char *name) { struct LogInfo *li=(struct LogInfo *)data; struct OutputStream *stream; if (!li) return; stream = li->streamers; while (stream) { if (strcmp(name, stream->name) == 0) { stream->userdata = stream->initter(); if (stream->userdata) stream->active = 1; } stream = stream->next; } } void LogDeactivate(void *data, const char *name) { struct LogInfo *li=(struct LogInfo *)data; struct OutputStream *stream; if (!li) return; stream = li->streamers; while (stream) { if (strcmp(name, stream->name) == 0) { stream->destroyer(stream->userdata); stream->userdata = NULL; stream->active = 0; } stream = stream->next; } } void *LogAddStreamer(void *data, const char *name, void * (*i)(), int (*o)(void *, const char *s), void (*d)(void *), void (*op)(void *, const char *, const char *)) { struct LogInfo *li=(struct LogInfo *)data; struct OutputStream *out = NULL; out = malloc(sizeof(struct OutputStream)); if (out) { out->userdata = NULL; out->name = (char *)name; out->initter = i; out->outputter = o; out->destroyer = d; out->optioner = op; out->active = 0; out->next = li->streamers; li->streamers = out; } return out; } void LogDestroy(void *data) { free(data); } loglevels LogLevel(void *data, loglevels l) { struct LogInfo *li=(struct LogInfo *)data; loglevels oldl = LEV_INFO; if (li) { oldl = li->currlev; li->currlev = l; } return oldl; } logtypes LogType(void *data, int t) { struct LogInfo *li=(struct LogInfo *)data; logtypes oldt = T_STARTUP; if (li) { oldt = li->currtype; li->currtype = t; } return oldt; } logtypes SetCurLogType(void *data, logtypes t) { struct LogInfo *li=(struct LogInfo *)data; logtypes oldt = T_STARTUP; if (li) { oldt = li->deftype; li->deftype = t; } return oldt; } const char *LogDateFormat(void *data, const char *format) { struct LogInfo *li = (struct LogInfo *)data; const char *oldfmt = NULL; if (li) { oldfmt = li->dateformat; li->dateformat = strdup(format); if (!li->dateformat) { li->dateformat = oldfmt; return NULL; } } return oldfmt; } const char *LogService(void *data, const char *servicename) { struct LogInfo *li = (struct LogInfo *)data; const char *oldname = NULL; if (li) { oldname = li->service; li->service = strdup(servicename); if (!li->service) { li->service = oldname; return NULL; } } return oldname; } const char *LogFormat(void *data, const char *format) { struct LogInfo *li=(struct LogInfo *)data; const char *oldfmt = NULL; if (li) { oldfmt = li->format; li->format = strdup(format); if (!li->format) { li->format = oldfmt; return NULL; } } return oldfmt; } static int LogOutput(void *data, const char *str) { struct LogInfo *li=(struct LogInfo *)data; struct OutputStream *stream = li->streamers; while (stream) { if (stream->active) stream->outputter(stream->userdata, str); stream = stream->next; } return 1; } static char *StringAdd(char *dest, const char *src, signed int len) { char *tmp = NULL; int slen; if (!src) return dest; slen = strlen(src); if ((tmp = malloc((dest ? strlen(dest) : 0) + (((len == -1) || (slen < len)) ? slen : len) + 1))) { tmp[0]='\0'; if (dest) tmp = strcpy(tmp, dest); if (len == -1) tmp = strcat(tmp, src); else tmp = strncat(tmp, src, len); } free(dest); return tmp; } int LogLevelMin(void *data, loglevels lev) { struct LogInfo *li=(struct LogInfo *)data; if (li && ((li->currlev >= lev) && (li->currlev != LEV_NONE))) return 1; return 0; } int LogMessageF(const char *func, int line, const char *file, void *data, loglevels lev, logtypes type, const char *format, ...) { va_list v; char *str = NULL; struct LogInfo *li=(struct LogInfo *)data; if (!data) return 1; /* Ensures that LOG_NONE level means nothing is logged. */ if (lev >= LEV_NONE) lev = LEV_DEBUG; if (li) { if ((li->currlev >= lev) || (li->currlev == LEV_DEBUG)) { int res = 0; va_start(v, format); str = vsnprintf_wrap(format, v); va_end(v); if (str) { res = LogMessage(data, lev, type, str, func, line, file); free(str); } return res; } } return 1; } static signed int GetLen(const char **message) { signed int i = 0; const char *tmp; if (!message || !(*message)) return -1; tmp = *message; if (!isdigit(*tmp)) return -1; while (isdigit(*tmp)) { i *= 10; i += (*tmp) - '0'; tmp++; } *message = tmp; return i; } int LogMessage(void *data, loglevels lev, logtypes type, const char *message, const char *func, int line, const char *file) { struct LogInfo *li=(struct LogInfo *)data; char *msgcopy = NULL; if (!data) return 1; /* Ensures that LOG_NONE level means nothing is logged. */ if (lev >= LEV_NONE) lev = LEV_DEBUG; if (li) { if (type == T_PRE) type = li->deftype; LogOption(data, "LEVEL", levnames[lev]); if (((li->currlev >= lev) && (li->currtype & type)) || (li->currlev == LEV_DEBUG)) { const char *format = li->format; int mode = 0; char *str = NULL; char *holder = NULL; signed int len = 0; msgcopy = strdup(message); holder = msgcopy; if (!msgcopy) return 0; while (*holder != '\0') { if (!isprint(*holder)) *holder = '.'; ++holder; } while (*format) { switch(*format) { case '%': if (mode == 1) { str = StringAdd(str, "%", len); mode=0; } else if (mode == 0) { len = GetLen(&format); mode = 1; } else goto err; break; case 'm': if (mode == 0) str = StringAdd(str, "m", len); else if (mode == 1) { str = StringAdd(str, msgcopy, len); mode = 0; } else goto err; break; case 'd': str = StringAdd(str, "%d", len); break; case 'p': if (mode == 0) str = StringAdd(str, "p", len); else if (mode == 1) { pid_t pid = getpid(); char val[(((sizeof(pid_t)*CHAR_BIT)/3)+2)]; sprintf(val,"%d",(int)pid); str = StringAdd(str, val, len); mode = 0; } else goto err; break; case 's': if (mode == 0) str = StringAdd(str, "s", len); else if (mode == 1) { if (li->service) str = StringAdd(str, li->service, len); } else goto err; break; case 'f': if (mode == 0) str = StringAdd(str, "f", len); else if (mode == 1) { str = StringAdd(str, file, len); } else goto err; break; case 'l': if (mode == 0) str = StringAdd(str, "l", len); else if (mode == 1) { char val[(((sizeof(pid_t)*CHAR_BIT)/3)+2)]; sprintf(val,"%d",line); str = StringAdd(str, val, len); } else goto err; break; case 'T': if (mode == 0) str = StringAdd(str, "N", len); else if (mode == 1) { int i = 0; int k = 0x01; while (!(type&k)) k <<= 1, i++; str = StringAdd(str, typenames[i], len); } else goto err; break; case 't': if (mode == 0) str = StringAdd(str, "n", len); else if (mode == 1) { char val[(((sizeof(pid_t)*CHAR_BIT)/3)+2)]; sprintf(val,"%d",type); str = StringAdd(str, val, len); } else goto err; break; case 'v': if (mode == 0) str = StringAdd(str, "v", len); else if (mode == 1) { char val[(((sizeof(pid_t)*CHAR_BIT)/3)+2)]; sprintf(val,"%d",lev); str = StringAdd(str, val, len); } else goto err; break; case 'V': if (mode == 0) str = StringAdd(str, "V", len); else if (mode == 1) { str = StringAdd(str, levnames[lev], len); } else goto err; break; case 'F': if (mode == 0) str = StringAdd(str, "F", len); else if (mode == 1) { if (func) str = StringAdd(str, func, len); } else goto err; break; case 'h': if (mode == 0) str = StringAdd(str, "h", len); else if (mode == 1) { struct utsname u; if (!uname(&u)) str = StringAdd(str, u.nodename, len); else goto err; } else goto err; break; default: { char s[2]; s[0] = *format; s[1] = '\0'; str = StringAdd(str, s, -1); } mode =0; break; } format++; } str = StringAdd(str, "\n", -1); LogOutput(data, str); free(str); } } free(msgcopy); return 1; err: free(msgcopy); return 0; } voms-2.1.2/src/log/sl.c000066400000000000000000000072651477131364200146540ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include "log.h" #include "streamers.h" #include #include #include struct localdata { int feature; int level; char *service; }; const char *level[] = {"LOG_ERROR", "LOG_WARN", "LOG_INFO", "LOG_DEBUG", NULL }; const int levelvalue[] = { LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_DEBUG, 0}; static int syslogtrans(const char *v) { int i = -1; int result = LOG_ALERT; while (level[++i]) { if (strcmp(level[i], v) == 0) { result = levelvalue[i]; break; } } return result; } static char *translate(char *format) { char *position = strstr(format, "%d"); char *newstring = NULL; while (position) { newstring = malloc(strlen(format) + 1 - 2); *position++='\0'; position++; newstring = strcpy(newstring, format); newstring = strcat(newstring, position); free(format); format = newstring; position = strstr(format, "%d"); } return format; } static int syslogoutputter(void *data, const char *str) { struct localdata *ld = (struct localdata *)data; if (!ld) return 0; char *realstr = strdup(str); realstr = translate(realstr); if (strlen(realstr) > 1000) realstr[1000]='\0'; syslog(ld->feature|ld->level, "%s", realstr); free(realstr); return 1; } static void syslogoptioner(void *data, const char *name, const char *value) { struct localdata *ld = (struct localdata *)data; if (!ld) return; if (strcmp(name, "SERVICE") == 0) { if (ld->service) { free(ld->service); closelog(); } ld->service=strdup(value); openlog(ld->service, 0, LOG_DAEMON|LOG_DEBUG); } else if (strcmp(name, "FACILITY") == 0) { if (strcmp(value, "LOG_AUTH") == 0 || strcmp(value, "LOG_AUTHPRIV") == 0) ld->feature = LOG_AUTHPRIV; else if (strcmp(value, "LOG_DAEMON") == 0) ld->feature = LOG_DAEMON; else ld->feature = LOG_USER; } else if (strcmp(name, "LEVEL") == 0) { ld->level = syslogtrans(value); } } static void *sysloginit() { struct localdata *ld = malloc(sizeof(struct localdata)); if (ld) { ld->feature = LOG_DAEMON; ld->service = strdup("vomsd"); ld->level = 0; openlog(ld->service, 0, LOG_DAEMON|LOG_DEBUG); } return ld; } static void syslogdestroyer(void *data) { struct localdata *ld = (struct localdata *)data; free(ld->service); free(ld); closelog(); } void *SYSLOGStreamerAdd(void *h) { if (h) { return LogAddStreamer(h, "SYSLOG", sysloginit, syslogoutputter, syslogdestroyer, syslogoptioner); } return NULL; } voms-2.1.2/src/log/streamers.h000066400000000000000000000023001477131364200162310ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_STREAMERS_H #define VOMS_STREAMERS_H extern void *FILEStreamerAdd(void *h); extern void *SYSLOGStreamerAdd(void *h); #endif voms-2.1.2/src/replib/000077500000000000000000000000001477131364200145545ustar00rootroot00000000000000voms-2.1.2/src/replib/Makefile.am000066400000000000000000000004471477131364200166150ustar00rootroot00000000000000noinst_LTLIBRARIES = librep.la librep_la_SOURCES = dummy.c librep_la_LIBADD = @LTLIBOBJS@ librep_la_CFLAGS = \ -I$(top_srcdir)/include \ -I$(srcdir) \ -I$(srcdir)/include \ -I$(GLOBUS_LOCATION)/include/$(GLOBUS_FLAVOR_NAME) \ -I$(top_srcdir)/sslutils MAINTAINERCLEANFILES = Makefile.in voms-2.1.2/src/replib/daemon.c000066400000000000000000000050151477131364200161640ustar00rootroot00000000000000/*- * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "config.h" #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)daemon.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ #include #include #include #include int daemon(int nochdir, int noclose) { int fd; switch (fork()) { case -1: return (-1); case 0: break; default: exit(0); } if (setsid() == -1) return (-1); if (!nochdir) (void)chdir("/"); if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) { struct stat st; if ((fstat (fd, &st) == 0) && (S_ISCHR (st.st_mode) != 0) #if defined DEV_NULL_MAJOR && defined DEV_NULL_MINOR && (st.st_rdev == makedev (DEV_NULL_MAJOR, DEV_NULL_MINOR)) #endif ) { (void)dup2(fd, STDIN_FILENO); (void)dup2(fd, STDOUT_FILENO); (void)dup2(fd, STDERR_FILENO); if (fd > 2) (void)close (fd); } else { (void)close (fd); return -1; } } return (0); } voms-2.1.2/src/replib/dummy.c000066400000000000000000000001551477131364200160540ustar00rootroot00000000000000/* just a dummy function to make sure we don't have an empty replib */ static int dummy() { return 0; } voms-2.1.2/src/replib/getopt_long.c000066400000000000000000001141121477131364200172410ustar00rootroot00000000000000/* Getopt for GNU. NOTE: getopt is now part of the C library, so if you don't know what "Keep this file name-space clean" means, talk to drepper@gnu.org before changing it! Copyright (C) 1987,88,89,90,91,92,93,94,95,96,98,99,2000,2001,2002 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with the GNU C Library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. */ /* This tells Alpha OSF/1 not to define a getopt prototype in . Ditto for AIX 3.2 and . */ #include "config.h" #ifndef _NO_PROTO # define _NO_PROTO #endif #if !defined __STDC__ || !__STDC__ /* This is a separate conditional since some stdc systems reject `defined (const)'. */ # ifndef const # define const # endif #endif #include /* Comment out all this code if we are using the GNU C Library, and are not actually compiling the library itself. This code is part of the GNU C Library, but also included in many other GNU distributions. Compiling and linking in this code is a waste when using the GNU C library (especially if it is a shared library). Rather than having every GNU program understand `configure --with-gnu-libc' and omit the object files, it is simpler to just do this in the source for each such file. */ #define GETOPT_INTERFACE_VERSION 2 #if !defined _LIBC && defined __GLIBC__ && __GLIBC__ >= 2 # include # if _GNU_GETOPT_INTERFACE_VERSION == GETOPT_INTERFACE_VERSION # define ELIDE_CODE # endif #endif #ifndef ELIDE_CODE /* This needs to come after some library #include to get __GNU_LIBRARY__ defined. */ #ifdef __GNU_LIBRARY__ /* Don't include stdlib.h for non-GNU C libraries because some of them contain conflicting prototypes for getopt. */ # include # include #endif /* GNU C library. */ #ifdef VMS # include # if HAVE_STRING_H - 0 # include # endif #endif #ifndef _ /* This is for other GNU distributions with internationalized messages. */ # if (HAVE_LIBINTL_H && ENABLE_NLS) || defined _LIBC # include # ifndef _ # define _(msgid) gettext (msgid) # endif # else # define _(msgid) (msgid) # endif # if defined _LIBC && defined USE_IN_LIBIO # include # endif #endif #ifndef attribute_hidden # define attribute_hidden #endif /* This version of `getopt' appears to the caller like standard Unix `getopt' but it behaves differently for the user, since it allows the user to intersperse the options with the other arguments. As `getopt' works, it permutes the elements of ARGV so that, when it is done, all the options precede everything else. Thus all application programs are extended to handle flexible argument order. Setting the environment variable POSIXLY_CORRECT disables permutation. Then the behavior is completely standard. GNU application programs can use a third alternative mode in which they can distinguish the relative order of options and other arguments. */ #include "getopts.h" /* For communication from `getopt' to the caller. When `getopt' finds an option that takes an argument, the argument value is returned here. Also, when `ordering' is RETURN_IN_ORDER, each non-option ARGV-element is returned here. */ char *optarg; /* Index in ARGV of the next element to be scanned. This is used for communication to and from the caller and for communication between successive calls to `getopt'. On entry to `getopt', zero means this is the first call; initialize. When `getopt' returns -1, this is the index of the first of the non-option elements that the caller should itself scan. Otherwise, `optind' communicates from one call to the next how much of ARGV has been scanned so far. */ /* 1003.2 says this must be 1 before any call. */ int optind = 1; /* Formerly, initialization of getopt depended on optind==0, which causes problems with re-calling getopt as programs generally don't know that. */ int __getopt_initialized attribute_hidden; /* The next char to be scanned in the option-element in which the last option character we returned was found. This allows us to pick up the scan where we left off. If this is zero, or a null string, it means resume the scan by advancing to the next ARGV-element. */ static char *nextchar; /* Callers store zero here to inhibit the error message for unrecognized options. */ int opterr = 1; /* Set to an option character which was unrecognized. This must be initialized on some systems to avoid linking in the system's own getopt implementation. */ int optopt = '?'; /* Describe how to deal with options that follow non-option ARGV-elements. If the caller did not specify anything, the default is REQUIRE_ORDER if the environment variable POSIXLY_CORRECT is defined, PERMUTE otherwise. REQUIRE_ORDER means don't recognize them as options; stop option processing when the first non-option is seen. This is what Unix does. This mode of operation is selected by either setting the environment variable POSIXLY_CORRECT, or using `+' as the first character of the list of option characters. PERMUTE is the default. We permute the contents of ARGV as we scan, so that eventually all the non-options are at the end. This allows options to be given in any order, even with programs that were not written to expect this. RETURN_IN_ORDER is an option available to programs that were written to expect options and other ARGV-elements in any order and that care about the ordering of the two. We describe each non-option ARGV-element as if it were the argument of an option with character code 1. Using `-' as the first character of the list of option characters selects this mode of operation. The special argument `--' forces an end of option-scanning regardless of the value of `ordering'. In the case of RETURN_IN_ORDER, only `--' can cause `getopt' to return -1 with `optind' != ARGC. */ static enum { REQUIRE_ORDER, PERMUTE, RETURN_IN_ORDER } ordering; /* Value of POSIXLY_CORRECT environment variable. */ static char *posixly_correct; #ifdef __GNU_LIBRARY__ /* We want to avoid inclusion of string.h with non-GNU libraries because there are many ways it can cause trouble. On some systems, it contains special magic macros that don't work in GCC. */ # include # define my_index strchr #else # if HAVE_STRING_H # include # else # include # endif /* Avoid depending on library functions or files whose names are inconsistent. */ #ifndef getenv extern char *getenv (); #endif static char * my_index (str, chr) const char *str; int chr; { while (*str) { if (*str == chr) return (char *) str; str++; } return 0; } /* If using GCC, we can safely declare strlen this way. If not using GCC, it is ok not to declare it. */ #ifdef __GNUC__ /* Note that Motorola Delta 68k R3V7 comes with GCC but not stddef.h. That was relevant to code that was here before. */ # if (!defined __STDC__ || !__STDC__) && !defined strlen /* gcc with -traditional declares the built-in strlen to return int, and has done so at least since version 2.4.5. -- rms. */ extern int strlen (const char *); # endif /* not __STDC__ */ #endif /* __GNUC__ */ #endif /* not __GNU_LIBRARY__ */ /* Handle permutation of arguments. */ /* Describe the part of ARGV that contains non-options that have been skipped. `first_nonopt' is the index in ARGV of the first of them; `last_nonopt' is the index after the last of them. */ static int first_nonopt; static int last_nonopt; #ifdef _LIBC /* Stored original parameters. XXX This is no good solution. We should rather copy the args so that we can compare them later. But we must not use malloc(3). */ extern int __libc_argc; extern char **__libc_argv; /* Bash 2.0 gives us an environment variable containing flags indicating ARGV elements that should not be considered arguments. */ # ifdef USE_NONOPTION_FLAGS /* Defined in getopt_init.c */ extern char *__getopt_nonoption_flags; static int nonoption_flags_max_len; static int nonoption_flags_len; # endif # ifdef USE_NONOPTION_FLAGS # define SWAP_FLAGS(ch1, ch2) \ if (nonoption_flags_len > 0) \ { \ char __tmp = __getopt_nonoption_flags[ch1]; \ __getopt_nonoption_flags[ch1] = __getopt_nonoption_flags[ch2]; \ __getopt_nonoption_flags[ch2] = __tmp; \ } # else # define SWAP_FLAGS(ch1, ch2) # endif #else /* !_LIBC */ # define SWAP_FLAGS(ch1, ch2) #endif /* _LIBC */ /* Exchange two adjacent subsequences of ARGV. One subsequence is elements [first_nonopt,last_nonopt) which contains all the non-options that have been skipped so far. The other is elements [last_nonopt,optind), which contains all the options processed since those non-options were skipped. `first_nonopt' and `last_nonopt' are relocated so that they describe the new indices of the non-options in ARGV after they are moved. */ #if defined __STDC__ && __STDC__ static void exchange (char **); #endif static void exchange (argv) char **argv; { int bottom = first_nonopt; int middle = last_nonopt; int top = optind; char *tem; /* Exchange the shorter segment with the far end of the longer segment. That puts the shorter segment into the right place. It leaves the longer segment in the right place overall, but it consists of two parts that need to be swapped next. */ #if defined _LIBC && defined USE_NONOPTION_FLAGS /* First make sure the handling of the `__getopt_nonoption_flags' string can work normally. Our top argument must be in the range of the string. */ if (nonoption_flags_len > 0 && top >= nonoption_flags_max_len) { /* We must extend the array. The user plays games with us and presents new arguments. */ char *new_str = malloc (top + 1); if (new_str == NULL) nonoption_flags_len = nonoption_flags_max_len = 0; else { memset (__mempcpy (new_str, __getopt_nonoption_flags, nonoption_flags_max_len), '\0', top + 1 - nonoption_flags_max_len); nonoption_flags_max_len = top + 1; __getopt_nonoption_flags = new_str; } } #endif while (top > middle && middle > bottom) { if (top - middle > middle - bottom) { /* Bottom segment is the short one. */ int len = middle - bottom; register int i; /* Swap it with the top part of the top segment. */ for (i = 0; i < len; i++) { tem = argv[bottom + i]; argv[bottom + i] = argv[top - (middle - bottom) + i]; argv[top - (middle - bottom) + i] = tem; SWAP_FLAGS (bottom + i, top - (middle - bottom) + i); } /* Exclude the moved bottom segment from further swapping. */ top -= len; } else { /* Top segment is the short one. */ int len = top - middle; register int i; /* Swap it with the bottom part of the bottom segment. */ for (i = 0; i < len; i++) { tem = argv[bottom + i]; argv[bottom + i] = argv[middle + i]; argv[middle + i] = tem; SWAP_FLAGS (bottom + i, middle + i); } /* Exclude the moved top segment from further swapping. */ bottom += len; } } /* Update records for the slots the non-options now occupy. */ first_nonopt += (optind - last_nonopt); last_nonopt = optind; } /* Initialize the internal data when the first call is made. */ #if defined __STDC__ && __STDC__ static const char *_getopt_initialize (int, char *const *, const char *); #endif static const char * _getopt_initialize (argc, argv, optstring) int argc; char *const *argv; const char *optstring; { /* Start processing options with ARGV-element 1 (since ARGV-element 0 is the program name); the sequence of previously skipped non-option ARGV-elements is empty. */ first_nonopt = last_nonopt = optind; nextchar = NULL; posixly_correct = getenv ("POSIXLY_CORRECT"); /* Determine how to handle the ordering of options and nonoptions. */ if (optstring[0] == '-') { ordering = RETURN_IN_ORDER; ++optstring; } else if (optstring[0] == '+') { ordering = REQUIRE_ORDER; ++optstring; } else if (posixly_correct != NULL) ordering = REQUIRE_ORDER; else ordering = PERMUTE; #if defined _LIBC && defined USE_NONOPTION_FLAGS if (posixly_correct == NULL && argc == __libc_argc && argv == __libc_argv) { if (nonoption_flags_max_len == 0) { if (__getopt_nonoption_flags == NULL || __getopt_nonoption_flags[0] == '\0') nonoption_flags_max_len = -1; else { const char *orig_str = __getopt_nonoption_flags; int len = nonoption_flags_max_len = strlen (orig_str); if (nonoption_flags_max_len < argc) nonoption_flags_max_len = argc; __getopt_nonoption_flags = (char *) malloc (nonoption_flags_max_len); if (__getopt_nonoption_flags == NULL) nonoption_flags_max_len = -1; else memset (__mempcpy (__getopt_nonoption_flags, orig_str, len), '\0', nonoption_flags_max_len - len); } } nonoption_flags_len = nonoption_flags_max_len; } else nonoption_flags_len = 0; #endif return optstring; } /* Scan elements of ARGV (whose length is ARGC) for option characters given in OPTSTRING. If an element of ARGV starts with '-', and is not exactly "-" or "--", then it is an option element. The characters of this element (aside from the initial '-') are option characters. If `getopt' is called repeatedly, it returns successively each of the option characters from each of the option elements. If `getopt' finds another option character, it returns that character, updating `optind' and `nextchar' so that the next call to `getopt' can resume the scan with the following option character or ARGV-element. If there are no more option characters, `getopt' returns -1. Then `optind' is the index in ARGV of the first ARGV-element that is not an option. (The ARGV-elements have been permuted so that those that are not options now come last.) OPTSTRING is a string containing the legitimate option characters. If an option character is seen that is not listed in OPTSTRING, return '?' after printing an error message. If you set `opterr' to zero, the error message is suppressed but we still return '?'. If a char in OPTSTRING is followed by a colon, that means it wants an arg, so the following text in the same ARGV-element, or the text of the following ARGV-element, is returned in `optarg'. Two colons mean an option that wants an optional arg; if there is text in the current ARGV-element, it is returned in `optarg', otherwise `optarg' is set to zero. If OPTSTRING starts with `-' or `+', it requests different methods of handling the non-option ARGV-elements. See the comments about RETURN_IN_ORDER and REQUIRE_ORDER, above. Long-named options begin with `--' instead of `-'. Their names may be abbreviated as long as the abbreviation is unique or is an exact match for some defined option. If they have an argument, it follows the option name in the same ARGV-element, separated from the option name by a `=', or else the in next ARGV-element. When `getopt' finds a long-named option, it returns 0 if that option's `flag' field is nonzero, the value of the option's `val' field if the `flag' field is zero. The elements of ARGV aren't really const, because we permute them. But we pretend they're const in the prototype to be compatible with other systems. LONGOPTS is a vector of `struct option' terminated by an element containing a name which is zero. LONGIND returns the index in LONGOPT of the long-named option found. It is only valid when a long-named option has been found by the most recent call. If LONG_ONLY is nonzero, '-' as well as '--' can introduce long-named options. */ static int _getopt_internal (argc, argv, optstring, longopts, longind, long_only) int argc; char *const *argv; const char *optstring; const struct option *longopts; int *longind; int long_only; { int print_errors = opterr; if (optstring[0] == ':') print_errors = 0; if (argc < 1) return -1; optarg = NULL; if (optind == 0 || !__getopt_initialized) { if (optind == 0) optind = 1; /* Don't scan ARGV[0], the program name. */ optstring = _getopt_initialize (argc, argv, optstring); __getopt_initialized = 1; } /* Test whether ARGV[optind] points to a non-option argument. Either it does not have option syntax, or there is an environment flag from the shell indicating it is not an option. The later information is only used when the used in the GNU libc. */ #if defined _LIBC && defined USE_NONOPTION_FLAGS # define NONOPTION_P (argv[optind][0] != '-' || argv[optind][1] == '\0' \ || (optind < nonoption_flags_len \ && __getopt_nonoption_flags[optind] == '1')) #else # define NONOPTION_P (argv[optind][0] != '-' || argv[optind][1] == '\0') #endif if (nextchar == NULL || *nextchar == '\0') { /* Advance to the next ARGV-element. */ /* Give FIRST_NONOPT & LAST_NONOPT rational values if OPTIND has been moved back by the user (who may also have changed the arguments). */ if (last_nonopt > optind) last_nonopt = optind; if (first_nonopt > optind) first_nonopt = optind; if (ordering == PERMUTE) { /* If we have just processed some options following some non-options, exchange them so that the options come first. */ if (first_nonopt != last_nonopt && last_nonopt != optind) exchange ((char **) argv); else if (last_nonopt != optind) first_nonopt = optind; /* Skip any additional non-options and extend the range of non-options previously skipped. */ while (optind < argc && NONOPTION_P) optind++; last_nonopt = optind; } /* The special ARGV-element `--' means premature end of options. Skip it like a null option, then exchange with previous non-options as if it were an option, then skip everything else like a non-option. */ if (optind != argc && !strcmp (argv[optind], "--")) { optind++; if (first_nonopt != last_nonopt && last_nonopt != optind) exchange ((char **) argv); else if (first_nonopt == last_nonopt) first_nonopt = optind; last_nonopt = argc; optind = argc; } /* If we have done all the ARGV-elements, stop the scan and back over any non-options that we skipped and permuted. */ if (optind == argc) { /* Set the next-arg-index to point at the non-options that we previously skipped, so the caller will digest them. */ if (first_nonopt != last_nonopt) optind = first_nonopt; return -1; } /* If we have come to a non-option and did not permute it, either stop the scan or describe it to the caller and pass it by. */ if (NONOPTION_P) { if (ordering == REQUIRE_ORDER) return -1; optarg = argv[optind++]; return 1; } /* We have found another option-ARGV-element. Skip the initial punctuation. */ nextchar = (argv[optind] + 1 + (longopts != NULL && argv[optind][1] == '-')); } /* Decode the current option-ARGV-element. */ /* Check whether the ARGV-element is a long option. If long_only and the ARGV-element has the form "-f", where f is a valid short option, don't consider it an abbreviated form of a long option that starts with f. Otherwise there would be no way to give the -f short option. On the other hand, if there's a long option "fubar" and the ARGV-element is "-fu", do consider that an abbreviation of the long option, just like "--fu", and not "-f" with arg "u". This distinction seems to be the most useful approach. */ if (longopts != NULL && (argv[optind][1] == '-' || (long_only && (argv[optind][2] || !my_index (optstring, argv[optind][1]))))) { char *nameend; const struct option *p; const struct option *pfound = NULL; int exact = 0; int ambig = 0; int indfound = -1; int option_index; for (nameend = nextchar; *nameend && *nameend != '='; nameend++) /* Do nothing. */ ; /* Test all long options for either exact match or abbreviated matches. */ for (p = longopts, option_index = 0; p->name; p++, option_index++) if (!strncmp (p->name, nextchar, nameend - nextchar)) { if ((unsigned int) (nameend - nextchar) == (unsigned int) strlen (p->name)) { /* Exact match found. */ pfound = p; indfound = option_index; exact = 1; break; } else if (pfound == NULL) { /* First nonexact match found. */ pfound = p; indfound = option_index; } else if (long_only || pfound->has_arg != p->has_arg || pfound->flag != p->flag || pfound->val != p->val) /* Second or later nonexact match found. */ ambig = 1; } if (ambig && !exact) { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("%s: option `%s' is ambiguous\n"), argv[0], argv[optind]) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("%s: option `%s' is ambiguous\n"), argv[0], argv[optind]); #endif } nextchar += strlen (nextchar); optind++; optopt = 0; return '?'; } if (pfound != NULL) { option_index = indfound; optind++; if (*nameend) { /* Don't test has_arg with >, because some C compilers don't allow it to be used on enums. */ if (pfound->has_arg) optarg = nameend + 1; else { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; int n; #endif if (argv[optind - 1][1] == '-') { /* --option */ #if defined _LIBC && defined USE_IN_LIBIO n = __asprintf (&buf, _("\ %s: option `--%s' doesn't allow an argument\n"), argv[0], pfound->name); #else fprintf (stderr, _("\ %s: option `--%s' doesn't allow an argument\n"), argv[0], pfound->name); #endif } else { /* +option or -option */ #if defined _LIBC && defined USE_IN_LIBIO n = __asprintf (&buf, _("\ %s: option `%c%s' doesn't allow an argument\n"), argv[0], argv[optind - 1][0], pfound->name); #else fprintf (stderr, _("\ %s: option `%c%s' doesn't allow an argument\n"), argv[0], argv[optind - 1][0], pfound->name); #endif } #if defined _LIBC && defined USE_IN_LIBIO if (n >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #endif } nextchar += strlen (nextchar); optopt = pfound->val; return '?'; } } else if (pfound->has_arg == 1) { if (optind < argc) optarg = argv[optind++]; else { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("\ %s: option `%s' requires an argument\n"), argv[0], argv[optind - 1]) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("%s: option `%s' requires an argument\n"), argv[0], argv[optind - 1]); #endif } nextchar += strlen (nextchar); optopt = pfound->val; return optstring[0] == ':' ? ':' : '?'; } } nextchar += strlen (nextchar); if (longind != NULL) *longind = option_index; if (pfound->flag) { *(pfound->flag) = pfound->val; return 0; } return pfound->val; } /* Can't find it as a long option. If this is not getopt_long_only, or the option starts with '--' or is not a valid short option, then it's an error. Otherwise interpret it as a short option. */ if (!long_only || argv[optind][1] == '-' || my_index (optstring, *nextchar) == NULL) { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; int n; #endif if (argv[optind][1] == '-') { /* --option */ #if defined _LIBC && defined USE_IN_LIBIO n = __asprintf (&buf, _("%s: unrecognized option `--%s'\n"), argv[0], nextchar); #else fprintf (stderr, _("%s: unrecognized option `--%s'\n"), argv[0], nextchar); #endif } else { /* +option or -option */ #if defined _LIBC && defined USE_IN_LIBIO n = __asprintf (&buf, _("%s: unrecognized option `%c%s'\n"), argv[0], argv[optind][0], nextchar); #else fprintf (stderr, _("%s: unrecognized option `%c%s'\n"), argv[0], argv[optind][0], nextchar); #endif } #if defined _LIBC && defined USE_IN_LIBIO if (n >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #endif } nextchar = (char *) ""; optind++; optopt = 0; return '?'; } } /* Look at and handle the next short option-character. */ { char c = *nextchar++; char *temp = my_index (optstring, c); /* Increment `optind' when we start to process its last character. */ if (*nextchar == '\0') ++optind; if (temp == NULL || c == ':') { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; int n; #endif if (posixly_correct) { /* 1003.2 specifies the format of this message. */ #if defined _LIBC && defined USE_IN_LIBIO n = __asprintf (&buf, _("%s: illegal option -- %c\n"), argv[0], c); #else fprintf (stderr, _("%s: illegal option -- %c\n"), argv[0], c); #endif } else { #if defined _LIBC && defined USE_IN_LIBIO n = __asprintf (&buf, _("%s: invalid option -- %c\n"), argv[0], c); #else fprintf (stderr, _("%s: invalid option -- %c\n"), argv[0], c); #endif } #if defined _LIBC && defined USE_IN_LIBIO if (n >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #endif } optopt = c; return '?'; } /* Convenience. Treat POSIX -W foo same as long option --foo */ if (temp[0] == 'W' && temp[1] == ';') { char *nameend; const struct option *p; const struct option *pfound = NULL; int exact = 0; int ambig = 0; int indfound = 0; int option_index; /* This is an option that requires an argument. */ if (*nextchar != '\0') { optarg = nextchar; /* If we end this ARGV-element by taking the rest as an arg, we must advance to the next element now. */ optind++; } else if (optind == argc) { if (print_errors) { /* 1003.2 specifies the format of this message. */ #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("%s: option requires an argument -- %c\n"), argv[0], c) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("%s: option requires an argument -- %c\n"), argv[0], c); #endif } optopt = c; if (optstring[0] == ':') c = ':'; else c = '?'; return c; } else /* We already incremented `optind' once; increment it again when taking next ARGV-elt as argument. */ optarg = argv[optind++]; /* optarg is now the argument, see if it's in the table of longopts. */ for (nextchar = nameend = optarg; *nameend && *nameend != '='; nameend++) /* Do nothing. */ ; /* Test all long options for either exact match or abbreviated matches. */ for (p = longopts, option_index = 0; p->name; p++, option_index++) if (!strncmp (p->name, nextchar, nameend - nextchar)) { if ((unsigned int) (nameend - nextchar) == strlen (p->name)) { /* Exact match found. */ pfound = p; indfound = option_index; exact = 1; break; } else if (pfound == NULL) { /* First nonexact match found. */ pfound = p; indfound = option_index; } else /* Second or later nonexact match found. */ ambig = 1; } if (ambig && !exact) { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("%s: option `-W %s' is ambiguous\n"), argv[0], argv[optind]) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("%s: option `-W %s' is ambiguous\n"), argv[0], argv[optind]); #endif } nextchar += strlen (nextchar); optind++; return '?'; } if (pfound != NULL) { option_index = indfound; if (*nameend) { /* Don't test has_arg with >, because some C compilers don't allow it to be used on enums. */ if (pfound->has_arg) optarg = nameend + 1; else { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("\ %s: option `-W %s' doesn't allow an argument\n"), argv[0], pfound->name) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("\ %s: option `-W %s' doesn't allow an argument\n"), argv[0], pfound->name); #endif } nextchar += strlen (nextchar); return '?'; } } else if (pfound->has_arg == 1) { if (optind < argc) optarg = argv[optind++]; else { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("\ %s: option `%s' requires an argument\n"), argv[0], argv[optind - 1]) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("%s: option `%s' requires an argument\n"), argv[0], argv[optind - 1]); #endif } nextchar += strlen (nextchar); return optstring[0] == ':' ? ':' : '?'; } } nextchar += strlen (nextchar); if (longind != NULL) *longind = option_index; if (pfound->flag) { *(pfound->flag) = pfound->val; return 0; } return pfound->val; } nextchar = NULL; return 'W'; /* Let the application handle it. */ } if (temp[1] == ':') { if (temp[2] == ':') { /* This is an option that accepts an argument optionally. */ if (*nextchar != '\0') { optarg = nextchar; optind++; } else optarg = NULL; nextchar = NULL; } else { /* This is an option that requires an argument. */ if (*nextchar != '\0') { optarg = nextchar; /* If we end this ARGV-element by taking the rest as an arg, we must advance to the next element now. */ optind++; } else if (optind == argc) { if (print_errors) { /* 1003.2 specifies the format of this message. */ #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("\ %s: option requires an argument -- %c\n"), argv[0], c) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("%s: option requires an argument -- %c\n"), argv[0], c); #endif } optopt = c; if (optstring[0] == ':') c = ':'; else c = '?'; } else /* We already incremented `optind' once; increment it again when taking next ARGV-elt as argument. */ optarg = argv[optind++]; nextchar = NULL; } } return c; } } #endif /* Not ELIDE_CODE. */ /* getopt_long and getopt_long_only entry points for GNU getopt. Copyright (C) 1987,88,89,90,91,92,93,94,96,97,98 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with the GNU C Library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. */ #ifdef _LIBC # include #else # include "getopt.h" #endif #endif #if !defined __STDC__ || !__STDC__ /* This is a separate conditional since some stdc systems reject `defined (const)'. */ #ifndef const #define const #endif #endif #include /* Comment out all this code if we are using the GNU C Library, and are not actually compiling the library itself. This code is part of the GNU C Library, but also included in many other GNU distributions. Compiling and linking in this code is a waste when using the GNU C library (especially if it is a shared library). Rather than having every GNU program understand `configure --with-gnu-libc' and omit the object files, it is simpler to just do this in the source for each such file. */ #define GETOPT_INTERFACE_VERSION 2 #if !defined _LIBC && defined __GLIBC__ && __GLIBC__ >= 2 #include #if _GNU_GETOPT_INTERFACE_VERSION == GETOPT_INTERFACE_VERSION #define ELIDE_CODE #endif #endif #ifndef ELIDE_CODE /* This needs to come after some library #include to get __GNU_LIBRARY__ defined. */ #ifdef __GNU_LIBRARY__ #include #endif #ifndef NULL #define NULL 0 #endif int getopt_long (argc, argv, options, long_options, opt_index) int argc; char *const *argv; const char *options; const struct option *long_options; int *opt_index; { return _getopt_internal (argc, argv, options, long_options, opt_index, 0); } /* Like getopt_long, but '-' as well as '--' can indicate a long option. If an option that starts with '-' (not '--') doesn't match a long option, but does match a short option, it is parsed as a short option instead. */ int getopt_long_only (argc, argv, options, long_options, opt_index) int argc; char *const *argv; const char *options; const struct option *long_options; int *opt_index; { return _getopt_internal (argc, argv, options, long_options, opt_index, 1); } # ifdef _LIBC libc_hidden_def (getopt_long) libc_hidden_def (getopt_long_only) # endif #endif /* Not ELIDE_CODE. */ /* Perform additional initialization for getopt functions in GNU libc. Copyright (C) 1997, 1998, 2001 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper , 1997. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with the GNU C Library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. */ #ifdef USE_NONOPTION_FLAGS /* Attention: this file is *not* necessary when the GNU getopt functions are used outside the GNU libc. Some additional functionality of the getopt functions in GNU libc require this additional work. */ #include #include #include #include #include /* Variable to synchronize work. */ char *__getopt_nonoption_flags; /* Remove the environment variable "__GNU_nonoption_argv_flags_" if it is still available. If the getopt functions are also used in the application it does not exist anymore since it was saved for the use in getopt. */ static void __getopt_clean_environment (char **env) { /* Bash 2.0 puts a special variable in the environment for each command it runs, specifying which ARGV elements are the results of file name wildcard expansion and therefore should not be considered as options. */ static const char envvar_tail[] = "_GNU_nonoption_argv_flags_="; char var[50]; char *cp, **ep; size_t len; /* Construct the "__GNU_nonoption_argv_flags_=" string. We must not use `sprintf'. */ cp = memcpy (&var[sizeof (var) - sizeof (envvar_tail)], envvar_tail, sizeof (envvar_tail)); cp = _itoa_word (__getpid (), cp, 10, 0); /* Note: we omit adding the leading '_' since we explicitly test for it before calling strncmp. */ len = (var + sizeof (var) - 1) - cp; for (ep = env; *ep != NULL; ++ep) if ((*ep)[0] == '_' && __builtin_expect (strncmp (*ep + 1, cp, len) == 0, 0)) { /* Found it. Store this pointer and move later ones back. */ char **dp = ep; __getopt_nonoption_flags = &(*ep)[len]; do dp[0] = dp[1]; while (*dp++); /* Continue the loop in case the name appears again. */ } } #endif /* USE_NONOPTION_FLAGS */ voms-2.1.2/src/replib/getopt_long_only.c000066400000000000000000001141121477131364200203020ustar00rootroot00000000000000/* Getopt for GNU. NOTE: getopt is now part of the C library, so if you don't know what "Keep this file name-space clean" means, talk to drepper@gnu.org before changing it! Copyright (C) 1987,88,89,90,91,92,93,94,95,96,98,99,2000,2001,2002 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with the GNU C Library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. */ /* This tells Alpha OSF/1 not to define a getopt prototype in . Ditto for AIX 3.2 and . */ #include "config.h" #ifndef _NO_PROTO # define _NO_PROTO #endif #if !defined __STDC__ || !__STDC__ /* This is a separate conditional since some stdc systems reject `defined (const)'. */ # ifndef const # define const # endif #endif #include /* Comment out all this code if we are using the GNU C Library, and are not actually compiling the library itself. This code is part of the GNU C Library, but also included in many other GNU distributions. Compiling and linking in this code is a waste when using the GNU C library (especially if it is a shared library). Rather than having every GNU program understand `configure --with-gnu-libc' and omit the object files, it is simpler to just do this in the source for each such file. */ #define GETOPT_INTERFACE_VERSION 2 #if !defined _LIBC && defined __GLIBC__ && __GLIBC__ >= 2 # include # if _GNU_GETOPT_INTERFACE_VERSION == GETOPT_INTERFACE_VERSION # define ELIDE_CODE # endif #endif #ifndef ELIDE_CODE /* This needs to come after some library #include to get __GNU_LIBRARY__ defined. */ #ifdef __GNU_LIBRARY__ /* Don't include stdlib.h for non-GNU C libraries because some of them contain conflicting prototypes for getopt. */ # include # include #endif /* GNU C library. */ #ifdef VMS # include # if HAVE_STRING_H - 0 # include # endif #endif #ifndef _ /* This is for other GNU distributions with internationalized messages. */ # if (HAVE_LIBINTL_H && ENABLE_NLS) || defined _LIBC # include # ifndef _ # define _(msgid) gettext (msgid) # endif # else # define _(msgid) (msgid) # endif # if defined _LIBC && defined USE_IN_LIBIO # include # endif #endif #ifndef attribute_hidden # define attribute_hidden #endif /* This version of `getopt' appears to the caller like standard Unix `getopt' but it behaves differently for the user, since it allows the user to intersperse the options with the other arguments. As `getopt' works, it permutes the elements of ARGV so that, when it is done, all the options precede everything else. Thus all application programs are extended to handle flexible argument order. Setting the environment variable POSIXLY_CORRECT disables permutation. Then the behavior is completely standard. GNU application programs can use a third alternative mode in which they can distinguish the relative order of options and other arguments. */ #include "getopts.h" /* For communication from `getopt' to the caller. When `getopt' finds an option that takes an argument, the argument value is returned here. Also, when `ordering' is RETURN_IN_ORDER, each non-option ARGV-element is returned here. */ char *optarg; /* Index in ARGV of the next element to be scanned. This is used for communication to and from the caller and for communication between successive calls to `getopt'. On entry to `getopt', zero means this is the first call; initialize. When `getopt' returns -1, this is the index of the first of the non-option elements that the caller should itself scan. Otherwise, `optind' communicates from one call to the next how much of ARGV has been scanned so far. */ /* 1003.2 says this must be 1 before any call. */ int optind = 1; /* Formerly, initialization of getopt depended on optind==0, which causes problems with re-calling getopt as programs generally don't know that. */ int __getopt_initialized attribute_hidden; /* The next char to be scanned in the option-element in which the last option character we returned was found. This allows us to pick up the scan where we left off. If this is zero, or a null string, it means resume the scan by advancing to the next ARGV-element. */ static char *nextchar; /* Callers store zero here to inhibit the error message for unrecognized options. */ int opterr = 1; /* Set to an option character which was unrecognized. This must be initialized on some systems to avoid linking in the system's own getopt implementation. */ int optopt = '?'; /* Describe how to deal with options that follow non-option ARGV-elements. If the caller did not specify anything, the default is REQUIRE_ORDER if the environment variable POSIXLY_CORRECT is defined, PERMUTE otherwise. REQUIRE_ORDER means don't recognize them as options; stop option processing when the first non-option is seen. This is what Unix does. This mode of operation is selected by either setting the environment variable POSIXLY_CORRECT, or using `+' as the first character of the list of option characters. PERMUTE is the default. We permute the contents of ARGV as we scan, so that eventually all the non-options are at the end. This allows options to be given in any order, even with programs that were not written to expect this. RETURN_IN_ORDER is an option available to programs that were written to expect options and other ARGV-elements in any order and that care about the ordering of the two. We describe each non-option ARGV-element as if it were the argument of an option with character code 1. Using `-' as the first character of the list of option characters selects this mode of operation. The special argument `--' forces an end of option-scanning regardless of the value of `ordering'. In the case of RETURN_IN_ORDER, only `--' can cause `getopt' to return -1 with `optind' != ARGC. */ static enum { REQUIRE_ORDER, PERMUTE, RETURN_IN_ORDER } ordering; /* Value of POSIXLY_CORRECT environment variable. */ static char *posixly_correct; #ifdef __GNU_LIBRARY__ /* We want to avoid inclusion of string.h with non-GNU libraries because there are many ways it can cause trouble. On some systems, it contains special magic macros that don't work in GCC. */ # include # define my_index strchr #else # if HAVE_STRING_H # include # else # include # endif /* Avoid depending on library functions or files whose names are inconsistent. */ #ifndef getenv extern char *getenv (); #endif static char * my_index (str, chr) const char *str; int chr; { while (*str) { if (*str == chr) return (char *) str; str++; } return 0; } /* If using GCC, we can safely declare strlen this way. If not using GCC, it is ok not to declare it. */ #ifdef __GNUC__ /* Note that Motorola Delta 68k R3V7 comes with GCC but not stddef.h. That was relevant to code that was here before. */ # if (!defined __STDC__ || !__STDC__) && !defined strlen /* gcc with -traditional declares the built-in strlen to return int, and has done so at least since version 2.4.5. -- rms. */ extern int strlen (const char *); # endif /* not __STDC__ */ #endif /* __GNUC__ */ #endif /* not __GNU_LIBRARY__ */ /* Handle permutation of arguments. */ /* Describe the part of ARGV that contains non-options that have been skipped. `first_nonopt' is the index in ARGV of the first of them; `last_nonopt' is the index after the last of them. */ static int first_nonopt; static int last_nonopt; #ifdef _LIBC /* Stored original parameters. XXX This is no good solution. We should rather copy the args so that we can compare them later. But we must not use malloc(3). */ extern int __libc_argc; extern char **__libc_argv; /* Bash 2.0 gives us an environment variable containing flags indicating ARGV elements that should not be considered arguments. */ # ifdef USE_NONOPTION_FLAGS /* Defined in getopt_init.c */ extern char *__getopt_nonoption_flags; static int nonoption_flags_max_len; static int nonoption_flags_len; # endif # ifdef USE_NONOPTION_FLAGS # define SWAP_FLAGS(ch1, ch2) \ if (nonoption_flags_len > 0) \ { \ char __tmp = __getopt_nonoption_flags[ch1]; \ __getopt_nonoption_flags[ch1] = __getopt_nonoption_flags[ch2]; \ __getopt_nonoption_flags[ch2] = __tmp; \ } # else # define SWAP_FLAGS(ch1, ch2) # endif #else /* !_LIBC */ # define SWAP_FLAGS(ch1, ch2) #endif /* _LIBC */ /* Exchange two adjacent subsequences of ARGV. One subsequence is elements [first_nonopt,last_nonopt) which contains all the non-options that have been skipped so far. The other is elements [last_nonopt,optind), which contains all the options processed since those non-options were skipped. `first_nonopt' and `last_nonopt' are relocated so that they describe the new indices of the non-options in ARGV after they are moved. */ #if defined __STDC__ && __STDC__ static void exchange (char **); #endif static void exchange (argv) char **argv; { int bottom = first_nonopt; int middle = last_nonopt; int top = optind; char *tem; /* Exchange the shorter segment with the far end of the longer segment. That puts the shorter segment into the right place. It leaves the longer segment in the right place overall, but it consists of two parts that need to be swapped next. */ #if defined _LIBC && defined USE_NONOPTION_FLAGS /* First make sure the handling of the `__getopt_nonoption_flags' string can work normally. Our top argument must be in the range of the string. */ if (nonoption_flags_len > 0 && top >= nonoption_flags_max_len) { /* We must extend the array. The user plays games with us and presents new arguments. */ char *new_str = malloc (top + 1); if (new_str == NULL) nonoption_flags_len = nonoption_flags_max_len = 0; else { memset (__mempcpy (new_str, __getopt_nonoption_flags, nonoption_flags_max_len), '\0', top + 1 - nonoption_flags_max_len); nonoption_flags_max_len = top + 1; __getopt_nonoption_flags = new_str; } } #endif while (top > middle && middle > bottom) { if (top - middle > middle - bottom) { /* Bottom segment is the short one. */ int len = middle - bottom; register int i; /* Swap it with the top part of the top segment. */ for (i = 0; i < len; i++) { tem = argv[bottom + i]; argv[bottom + i] = argv[top - (middle - bottom) + i]; argv[top - (middle - bottom) + i] = tem; SWAP_FLAGS (bottom + i, top - (middle - bottom) + i); } /* Exclude the moved bottom segment from further swapping. */ top -= len; } else { /* Top segment is the short one. */ int len = top - middle; register int i; /* Swap it with the bottom part of the bottom segment. */ for (i = 0; i < len; i++) { tem = argv[bottom + i]; argv[bottom + i] = argv[middle + i]; argv[middle + i] = tem; SWAP_FLAGS (bottom + i, middle + i); } /* Exclude the moved top segment from further swapping. */ bottom += len; } } /* Update records for the slots the non-options now occupy. */ first_nonopt += (optind - last_nonopt); last_nonopt = optind; } /* Initialize the internal data when the first call is made. */ #if defined __STDC__ && __STDC__ static const char *_getopt_initialize (int, char *const *, const char *); #endif static const char * _getopt_initialize (argc, argv, optstring) int argc; char *const *argv; const char *optstring; { /* Start processing options with ARGV-element 1 (since ARGV-element 0 is the program name); the sequence of previously skipped non-option ARGV-elements is empty. */ first_nonopt = last_nonopt = optind; nextchar = NULL; posixly_correct = getenv ("POSIXLY_CORRECT"); /* Determine how to handle the ordering of options and nonoptions. */ if (optstring[0] == '-') { ordering = RETURN_IN_ORDER; ++optstring; } else if (optstring[0] == '+') { ordering = REQUIRE_ORDER; ++optstring; } else if (posixly_correct != NULL) ordering = REQUIRE_ORDER; else ordering = PERMUTE; #if defined _LIBC && defined USE_NONOPTION_FLAGS if (posixly_correct == NULL && argc == __libc_argc && argv == __libc_argv) { if (nonoption_flags_max_len == 0) { if (__getopt_nonoption_flags == NULL || __getopt_nonoption_flags[0] == '\0') nonoption_flags_max_len = -1; else { const char *orig_str = __getopt_nonoption_flags; int len = nonoption_flags_max_len = strlen (orig_str); if (nonoption_flags_max_len < argc) nonoption_flags_max_len = argc; __getopt_nonoption_flags = (char *) malloc (nonoption_flags_max_len); if (__getopt_nonoption_flags == NULL) nonoption_flags_max_len = -1; else memset (__mempcpy (__getopt_nonoption_flags, orig_str, len), '\0', nonoption_flags_max_len - len); } } nonoption_flags_len = nonoption_flags_max_len; } else nonoption_flags_len = 0; #endif return optstring; } /* Scan elements of ARGV (whose length is ARGC) for option characters given in OPTSTRING. If an element of ARGV starts with '-', and is not exactly "-" or "--", then it is an option element. The characters of this element (aside from the initial '-') are option characters. If `getopt' is called repeatedly, it returns successively each of the option characters from each of the option elements. If `getopt' finds another option character, it returns that character, updating `optind' and `nextchar' so that the next call to `getopt' can resume the scan with the following option character or ARGV-element. If there are no more option characters, `getopt' returns -1. Then `optind' is the index in ARGV of the first ARGV-element that is not an option. (The ARGV-elements have been permuted so that those that are not options now come last.) OPTSTRING is a string containing the legitimate option characters. If an option character is seen that is not listed in OPTSTRING, return '?' after printing an error message. If you set `opterr' to zero, the error message is suppressed but we still return '?'. If a char in OPTSTRING is followed by a colon, that means it wants an arg, so the following text in the same ARGV-element, or the text of the following ARGV-element, is returned in `optarg'. Two colons mean an option that wants an optional arg; if there is text in the current ARGV-element, it is returned in `optarg', otherwise `optarg' is set to zero. If OPTSTRING starts with `-' or `+', it requests different methods of handling the non-option ARGV-elements. See the comments about RETURN_IN_ORDER and REQUIRE_ORDER, above. Long-named options begin with `--' instead of `-'. Their names may be abbreviated as long as the abbreviation is unique or is an exact match for some defined option. If they have an argument, it follows the option name in the same ARGV-element, separated from the option name by a `=', or else the in next ARGV-element. When `getopt' finds a long-named option, it returns 0 if that option's `flag' field is nonzero, the value of the option's `val' field if the `flag' field is zero. The elements of ARGV aren't really const, because we permute them. But we pretend they're const in the prototype to be compatible with other systems. LONGOPTS is a vector of `struct option' terminated by an element containing a name which is zero. LONGIND returns the index in LONGOPT of the long-named option found. It is only valid when a long-named option has been found by the most recent call. If LONG_ONLY is nonzero, '-' as well as '--' can introduce long-named options. */ static int _getopt_internal (argc, argv, optstring, longopts, longind, long_only) int argc; char *const *argv; const char *optstring; const struct option *longopts; int *longind; int long_only; { int print_errors = opterr; if (optstring[0] == ':') print_errors = 0; if (argc < 1) return -1; optarg = NULL; if (optind == 0 || !__getopt_initialized) { if (optind == 0) optind = 1; /* Don't scan ARGV[0], the program name. */ optstring = _getopt_initialize (argc, argv, optstring); __getopt_initialized = 1; } /* Test whether ARGV[optind] points to a non-option argument. Either it does not have option syntax, or there is an environment flag from the shell indicating it is not an option. The later information is only used when the used in the GNU libc. */ #if defined _LIBC && defined USE_NONOPTION_FLAGS # define NONOPTION_P (argv[optind][0] != '-' || argv[optind][1] == '\0' \ || (optind < nonoption_flags_len \ && __getopt_nonoption_flags[optind] == '1')) #else # define NONOPTION_P (argv[optind][0] != '-' || argv[optind][1] == '\0') #endif if (nextchar == NULL || *nextchar == '\0') { /* Advance to the next ARGV-element. */ /* Give FIRST_NONOPT & LAST_NONOPT rational values if OPTIND has been moved back by the user (who may also have changed the arguments). */ if (last_nonopt > optind) last_nonopt = optind; if (first_nonopt > optind) first_nonopt = optind; if (ordering == PERMUTE) { /* If we have just processed some options following some non-options, exchange them so that the options come first. */ if (first_nonopt != last_nonopt && last_nonopt != optind) exchange ((char **) argv); else if (last_nonopt != optind) first_nonopt = optind; /* Skip any additional non-options and extend the range of non-options previously skipped. */ while (optind < argc && NONOPTION_P) optind++; last_nonopt = optind; } /* The special ARGV-element `--' means premature end of options. Skip it like a null option, then exchange with previous non-options as if it were an option, then skip everything else like a non-option. */ if (optind != argc && !strcmp (argv[optind], "--")) { optind++; if (first_nonopt != last_nonopt && last_nonopt != optind) exchange ((char **) argv); else if (first_nonopt == last_nonopt) first_nonopt = optind; last_nonopt = argc; optind = argc; } /* If we have done all the ARGV-elements, stop the scan and back over any non-options that we skipped and permuted. */ if (optind == argc) { /* Set the next-arg-index to point at the non-options that we previously skipped, so the caller will digest them. */ if (first_nonopt != last_nonopt) optind = first_nonopt; return -1; } /* If we have come to a non-option and did not permute it, either stop the scan or describe it to the caller and pass it by. */ if (NONOPTION_P) { if (ordering == REQUIRE_ORDER) return -1; optarg = argv[optind++]; return 1; } /* We have found another option-ARGV-element. Skip the initial punctuation. */ nextchar = (argv[optind] + 1 + (longopts != NULL && argv[optind][1] == '-')); } /* Decode the current option-ARGV-element. */ /* Check whether the ARGV-element is a long option. If long_only and the ARGV-element has the form "-f", where f is a valid short option, don't consider it an abbreviated form of a long option that starts with f. Otherwise there would be no way to give the -f short option. On the other hand, if there's a long option "fubar" and the ARGV-element is "-fu", do consider that an abbreviation of the long option, just like "--fu", and not "-f" with arg "u". This distinction seems to be the most useful approach. */ if (longopts != NULL && (argv[optind][1] == '-' || (long_only && (argv[optind][2] || !my_index (optstring, argv[optind][1]))))) { char *nameend; const struct option *p; const struct option *pfound = NULL; int exact = 0; int ambig = 0; int indfound = -1; int option_index; for (nameend = nextchar; *nameend && *nameend != '='; nameend++) /* Do nothing. */ ; /* Test all long options for either exact match or abbreviated matches. */ for (p = longopts, option_index = 0; p->name; p++, option_index++) if (!strncmp (p->name, nextchar, nameend - nextchar)) { if ((unsigned int) (nameend - nextchar) == (unsigned int) strlen (p->name)) { /* Exact match found. */ pfound = p; indfound = option_index; exact = 1; break; } else if (pfound == NULL) { /* First nonexact match found. */ pfound = p; indfound = option_index; } else if (long_only || pfound->has_arg != p->has_arg || pfound->flag != p->flag || pfound->val != p->val) /* Second or later nonexact match found. */ ambig = 1; } if (ambig && !exact) { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("%s: option `%s' is ambiguous\n"), argv[0], argv[optind]) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("%s: option `%s' is ambiguous\n"), argv[0], argv[optind]); #endif } nextchar += strlen (nextchar); optind++; optopt = 0; return '?'; } if (pfound != NULL) { option_index = indfound; optind++; if (*nameend) { /* Don't test has_arg with >, because some C compilers don't allow it to be used on enums. */ if (pfound->has_arg) optarg = nameend + 1; else { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; int n; #endif if (argv[optind - 1][1] == '-') { /* --option */ #if defined _LIBC && defined USE_IN_LIBIO n = __asprintf (&buf, _("\ %s: option `--%s' doesn't allow an argument\n"), argv[0], pfound->name); #else fprintf (stderr, _("\ %s: option `--%s' doesn't allow an argument\n"), argv[0], pfound->name); #endif } else { /* +option or -option */ #if defined _LIBC && defined USE_IN_LIBIO n = __asprintf (&buf, _("\ %s: option `%c%s' doesn't allow an argument\n"), argv[0], argv[optind - 1][0], pfound->name); #else fprintf (stderr, _("\ %s: option `%c%s' doesn't allow an argument\n"), argv[0], argv[optind - 1][0], pfound->name); #endif } #if defined _LIBC && defined USE_IN_LIBIO if (n >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #endif } nextchar += strlen (nextchar); optopt = pfound->val; return '?'; } } else if (pfound->has_arg == 1) { if (optind < argc) optarg = argv[optind++]; else { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("\ %s: option `%s' requires an argument\n"), argv[0], argv[optind - 1]) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("%s: option `%s' requires an argument\n"), argv[0], argv[optind - 1]); #endif } nextchar += strlen (nextchar); optopt = pfound->val; return optstring[0] == ':' ? ':' : '?'; } } nextchar += strlen (nextchar); if (longind != NULL) *longind = option_index; if (pfound->flag) { *(pfound->flag) = pfound->val; return 0; } return pfound->val; } /* Can't find it as a long option. If this is not getopt_long_only, or the option starts with '--' or is not a valid short option, then it's an error. Otherwise interpret it as a short option. */ if (!long_only || argv[optind][1] == '-' || my_index (optstring, *nextchar) == NULL) { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; int n; #endif if (argv[optind][1] == '-') { /* --option */ #if defined _LIBC && defined USE_IN_LIBIO n = __asprintf (&buf, _("%s: unrecognized option `--%s'\n"), argv[0], nextchar); #else fprintf (stderr, _("%s: unrecognized option `--%s'\n"), argv[0], nextchar); #endif } else { /* +option or -option */ #if defined _LIBC && defined USE_IN_LIBIO n = __asprintf (&buf, _("%s: unrecognized option `%c%s'\n"), argv[0], argv[optind][0], nextchar); #else fprintf (stderr, _("%s: unrecognized option `%c%s'\n"), argv[0], argv[optind][0], nextchar); #endif } #if defined _LIBC && defined USE_IN_LIBIO if (n >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #endif } nextchar = (char *) ""; optind++; optopt = 0; return '?'; } } /* Look at and handle the next short option-character. */ { char c = *nextchar++; char *temp = my_index (optstring, c); /* Increment `optind' when we start to process its last character. */ if (*nextchar == '\0') ++optind; if (temp == NULL || c == ':') { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; int n; #endif if (posixly_correct) { /* 1003.2 specifies the format of this message. */ #if defined _LIBC && defined USE_IN_LIBIO n = __asprintf (&buf, _("%s: illegal option -- %c\n"), argv[0], c); #else fprintf (stderr, _("%s: illegal option -- %c\n"), argv[0], c); #endif } else { #if defined _LIBC && defined USE_IN_LIBIO n = __asprintf (&buf, _("%s: invalid option -- %c\n"), argv[0], c); #else fprintf (stderr, _("%s: invalid option -- %c\n"), argv[0], c); #endif } #if defined _LIBC && defined USE_IN_LIBIO if (n >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #endif } optopt = c; return '?'; } /* Convenience. Treat POSIX -W foo same as long option --foo */ if (temp[0] == 'W' && temp[1] == ';') { char *nameend; const struct option *p; const struct option *pfound = NULL; int exact = 0; int ambig = 0; int indfound = 0; int option_index; /* This is an option that requires an argument. */ if (*nextchar != '\0') { optarg = nextchar; /* If we end this ARGV-element by taking the rest as an arg, we must advance to the next element now. */ optind++; } else if (optind == argc) { if (print_errors) { /* 1003.2 specifies the format of this message. */ #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("%s: option requires an argument -- %c\n"), argv[0], c) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("%s: option requires an argument -- %c\n"), argv[0], c); #endif } optopt = c; if (optstring[0] == ':') c = ':'; else c = '?'; return c; } else /* We already incremented `optind' once; increment it again when taking next ARGV-elt as argument. */ optarg = argv[optind++]; /* optarg is now the argument, see if it's in the table of longopts. */ for (nextchar = nameend = optarg; *nameend && *nameend != '='; nameend++) /* Do nothing. */ ; /* Test all long options for either exact match or abbreviated matches. */ for (p = longopts, option_index = 0; p->name; p++, option_index++) if (!strncmp (p->name, nextchar, nameend - nextchar)) { if ((unsigned int) (nameend - nextchar) == strlen (p->name)) { /* Exact match found. */ pfound = p; indfound = option_index; exact = 1; break; } else if (pfound == NULL) { /* First nonexact match found. */ pfound = p; indfound = option_index; } else /* Second or later nonexact match found. */ ambig = 1; } if (ambig && !exact) { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("%s: option `-W %s' is ambiguous\n"), argv[0], argv[optind]) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("%s: option `-W %s' is ambiguous\n"), argv[0], argv[optind]); #endif } nextchar += strlen (nextchar); optind++; return '?'; } if (pfound != NULL) { option_index = indfound; if (*nameend) { /* Don't test has_arg with >, because some C compilers don't allow it to be used on enums. */ if (pfound->has_arg) optarg = nameend + 1; else { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("\ %s: option `-W %s' doesn't allow an argument\n"), argv[0], pfound->name) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("\ %s: option `-W %s' doesn't allow an argument\n"), argv[0], pfound->name); #endif } nextchar += strlen (nextchar); return '?'; } } else if (pfound->has_arg == 1) { if (optind < argc) optarg = argv[optind++]; else { if (print_errors) { #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("\ %s: option `%s' requires an argument\n"), argv[0], argv[optind - 1]) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("%s: option `%s' requires an argument\n"), argv[0], argv[optind - 1]); #endif } nextchar += strlen (nextchar); return optstring[0] == ':' ? ':' : '?'; } } nextchar += strlen (nextchar); if (longind != NULL) *longind = option_index; if (pfound->flag) { *(pfound->flag) = pfound->val; return 0; } return pfound->val; } nextchar = NULL; return 'W'; /* Let the application handle it. */ } if (temp[1] == ':') { if (temp[2] == ':') { /* This is an option that accepts an argument optionally. */ if (*nextchar != '\0') { optarg = nextchar; optind++; } else optarg = NULL; nextchar = NULL; } else { /* This is an option that requires an argument. */ if (*nextchar != '\0') { optarg = nextchar; /* If we end this ARGV-element by taking the rest as an arg, we must advance to the next element now. */ optind++; } else if (optind == argc) { if (print_errors) { /* 1003.2 specifies the format of this message. */ #if defined _LIBC && defined USE_IN_LIBIO char *buf; if (__asprintf (&buf, _("\ %s: option requires an argument -- %c\n"), argv[0], c) >= 0) { if (_IO_fwide (stderr, 0) > 0) __fwprintf (stderr, L"%s", buf); else fputs (buf, stderr); free (buf); } #else fprintf (stderr, _("%s: option requires an argument -- %c\n"), argv[0], c); #endif } optopt = c; if (optstring[0] == ':') c = ':'; else c = '?'; } else /* We already incremented `optind' once; increment it again when taking next ARGV-elt as argument. */ optarg = argv[optind++]; nextchar = NULL; } } return c; } } #endif /* Not ELIDE_CODE. */ /* getopt_long and getopt_long_only entry points for GNU getopt. Copyright (C) 1987,88,89,90,91,92,93,94,96,97,98 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with the GNU C Library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. */ #ifdef _LIBC # include #else # include "getopt.h" #endif #endif #if !defined __STDC__ || !__STDC__ /* This is a separate conditional since some stdc systems reject `defined (const)'. */ #ifndef const #define const #endif #endif #include /* Comment out all this code if we are using the GNU C Library, and are not actually compiling the library itself. This code is part of the GNU C Library, but also included in many other GNU distributions. Compiling and linking in this code is a waste when using the GNU C library (especially if it is a shared library). Rather than having every GNU program understand `configure --with-gnu-libc' and omit the object files, it is simpler to just do this in the source for each such file. */ #define GETOPT_INTERFACE_VERSION 2 #if !defined _LIBC && defined __GLIBC__ && __GLIBC__ >= 2 #include #if _GNU_GETOPT_INTERFACE_VERSION == GETOPT_INTERFACE_VERSION #define ELIDE_CODE #endif #endif #ifndef ELIDE_CODE /* This needs to come after some library #include to get __GNU_LIBRARY__ defined. */ #ifdef __GNU_LIBRARY__ #include #endif #ifndef NULL #define NULL 0 #endif int getopt_long (argc, argv, options, long_options, opt_index) int argc; char *const *argv; const char *options; const struct option *long_options; int *opt_index; { return _getopt_internal (argc, argv, options, long_options, opt_index, 0); } /* Like getopt_long, but '-' as well as '--' can indicate a long option. If an option that starts with '-' (not '--') doesn't match a long option, but does match a short option, it is parsed as a short option instead. */ int getopt_long_only (argc, argv, options, long_options, opt_index) int argc; char *const *argv; const char *options; const struct option *long_options; int *opt_index; { return _getopt_internal (argc, argv, options, long_options, opt_index, 1); } # ifdef _LIBC libc_hidden_def (getopt_long) libc_hidden_def (getopt_long_only) # endif #endif /* Not ELIDE_CODE. */ /* Perform additional initialization for getopt functions in GNU libc. Copyright (C) 1997, 1998, 2001 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper , 1997. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with the GNU C Library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. */ #ifdef USE_NONOPTION_FLAGS /* Attention: this file is *not* necessary when the GNU getopt functions are used outside the GNU libc. Some additional functionality of the getopt functions in GNU libc require this additional work. */ #include #include #include #include #include /* Variable to synchronize work. */ char *__getopt_nonoption_flags; /* Remove the environment variable "__GNU_nonoption_argv_flags_" if it is still available. If the getopt functions are also used in the application it does not exist anymore since it was saved for the use in getopt. */ static void __getopt_clean_environment (char **env) { /* Bash 2.0 puts a special variable in the environment for each command it runs, specifying which ARGV elements are the results of file name wildcard expansion and therefore should not be considered as options. */ static const char envvar_tail[] = "_GNU_nonoption_argv_flags_="; char var[50]; char *cp, **ep; size_t len; /* Construct the "__GNU_nonoption_argv_flags_=" string. We must not use `sprintf'. */ cp = memcpy (&var[sizeof (var) - sizeof (envvar_tail)], envvar_tail, sizeof (envvar_tail)); cp = _itoa_word (__getpid (), cp, 10, 0); /* Note: we omit adding the leading '_' since we explicitly test for it before calling strncmp. */ len = (var + sizeof (var) - 1) - cp; for (ep = env; *ep != NULL; ++ep) if ((*ep)[0] == '_' && __builtin_expect (strncmp (*ep + 1, cp, len) == 0, 0)) { /* Found it. Store this pointer and move later ones back. */ char **dp = ep; __getopt_nonoption_flags = &(*ep)[len]; do dp[0] = dp[1]; while (*dp++); /* Continue the loop in case the name appears again. */ } } #endif /* USE_NONOPTION_FLAGS */ voms-2.1.2/src/replib/memcmp.c000066400000000000000000000024751477131364200162060ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include int memcmp(const void *s1, const void *s2, size_t n) { const char *st1 = (const char *)s1; const char *st2 = (const char *)s2; while (n--) { if (!(*st1++ != *st2++)) break; } return (*(--st1) - *(--st2)); } voms-2.1.2/src/replib/memset.c000066400000000000000000000023511477131364200162130ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include void *memset(const void *s1, int v, size_t n) { const char *st1 = (const char *)s1; while (n--) { *st1++ = v; } return s1; } voms-2.1.2/src/replib/setenv.c000066400000000000000000000113731477131364200162310ustar00rootroot00000000000000/* Copyright (C) 1992, 1995, 1996, 1997, 2002 Free Software Foundation, Inc. This file based on setenv.c in the GNU C Library. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with the GNU C Library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* @deftypefn Supplemental int setenv (const char *@var{name}, const char *@var{value}, int @var{overwrite}) @deftypefnx Supplemental void unsetenv (const char *@var{name}) @code{setenv} adds @var{name} to the environment with value @var{value}. If the name was already present in the environment, the new value will be stored only if @var{overwrite} is nonzero. The companion @code{unsetenv} function removes @var{name} from the environment. This implementation is not safe for multithreaded code. @end deftypefn */ #include"config.h" #define setenv libiberty_setenv #define unsetenv libiberty_unsetenv //#include "ansidecl.h" #include /* For `size_t' */ #include /* For `NULL' */ #include #if !defined(errno) && !defined(HAVE_ERRNO_DECL) extern int errno; #endif #define __set_errno(ev) ((errno) = (ev)) #if HAVE_STDLIB_H # include #endif #if HAVE_STRING_H # include #endif #if HAVE_UNISTD_H # include #endif #define __environ environ #ifndef HAVE_ENVIRON_DECL extern char **environ; #endif #undef setenv #undef unsetenv /* LOCK and UNLOCK are defined as no-ops. This makes the libiberty * implementation MT-Unsafe. */ #define LOCK #define UNLOCK /* Below this point, it's verbatim code from the glibc-2.0 implementation */ /* If this variable is not a null pointer we allocated the current environment. */ static char **last_environ; int setenv (name, value, replace) const char *name; const char *value; int replace; { register char **ep = 0; register size_t size; const size_t namelen = strlen (name); const size_t vallen = strlen (value) + 1; LOCK; size = 0; if (__environ != NULL) { for (ep = __environ; *ep != NULL; ++ep) if (!strncmp (*ep, name, namelen) && (*ep)[namelen] == '=') break; else ++size; } if (__environ == NULL || *ep == NULL) { char **new_environ; if (__environ == last_environ && __environ != NULL) /* We allocated this space; we can extend it. */ new_environ = (char **) realloc (last_environ, (size + 2) * sizeof (char *)); else new_environ = (char **) malloc ((size + 2) * sizeof (char *)); if (new_environ == NULL) { UNLOCK; return -1; } new_environ[size] = malloc (namelen + 1 + vallen); if (new_environ[size] == NULL) { free ((char *) new_environ); __set_errno (ENOMEM); UNLOCK; return -1; } if (__environ != last_environ) memcpy ((char *) new_environ, (char *) __environ, size * sizeof (char *)); memcpy (new_environ[size], name, namelen); new_environ[size][namelen] = '='; memcpy (&new_environ[size][namelen + 1], value, vallen); new_environ[size + 1] = NULL; last_environ = __environ = new_environ; } else if (replace) { size_t len = strlen (*ep); if (len + 1 < namelen + 1 + vallen) { /* The existing string is too short; malloc a new one. */ char *new = malloc (namelen + 1 + vallen); if (new == NULL) { UNLOCK; return -1; } *ep = new; } memcpy (*ep, name, namelen); (*ep)[namelen] = '='; memcpy (&(*ep)[namelen + 1], value, vallen); } UNLOCK; return 0; } void unsetenv (name) const char *name; { const size_t len = strlen (name); char **ep; LOCK; for (ep = __environ; *ep; ++ep) if (!strncmp (*ep, name, len) && (*ep)[len] == '=') { /* Found it. Remove this pointer by moving later ones back. */ char **dp = ep; do dp[0] = dp[1]; while (*dp++); /* Continue the loop in case NAME appears again. */ } UNLOCK; } voms-2.1.2/src/replib/strndup.c000066400000000000000000000024271477131364200164240ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include char *strndup(const char *s, size_t n) { char *r; if (!s) return NULL; if (r=(char *)malloc(n+1)) { r[n]='\0'; memcpy(r,s,n); } return r; } voms-2.1.2/src/replica/000077500000000000000000000000001477131364200147165ustar00rootroot00000000000000voms-2.1.2/src/replica/Makefile.am000066400000000000000000000003521477131364200167520ustar00rootroot00000000000000 replicadir = @datadir@/voms if BUILD_SERVER replica_SCRIPTS = voms_replica_master_setup.sh voms_replica_slave_setup.sh endif EXTRA_DIST = voms_replica_master_setup.sh voms_replica_slave_setup.sh MAINTAINERCLEANFILES = Makefile.in voms-2.1.2/src/replica/voms_install_replica.in000066400000000000000000000133231477131364200214610ustar00rootroot00000000000000#!/bin/sh # # Default prefix @LOCATION_ENV@=@LOCATION_DIR@ @VAR_LOCATION_ENV@=@VAR_DIR@ CERTDIR=${CERTDIR:-/etc/grid-security/certificates} #CERTDIR SSLPROG="openssl" #openssl MYSQL_HOME=/usr # MySQL install prefi voms_database="voms" # VOMS database master_host="" # Master master_mysql_user="replica" # Master MySQL admin user master_mysql_pwd="" # Master MySQL admin pass master_log_file="" # Master LOG file master_log_pos="" # Master LOG file mysql_username_admin="root" # MySQL admin username mysql_password_admin="" # MySQL admin pass basepath=$@LOCATION_ENV@ # Default path datapath=$@LOCATION_ENV@ verbose="" TEMP=`getopt -o hv --long mysql-home:,db:,mysql-admin:,mysql-pwd:,master-host:,master-mysql-user:,master-mysql-pwd:,master-log-file:,master-db:,master-log-pos: -n 'voms_install_replica' -- "$@"` if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi eval set -- "$TEMP" while true ; do case "$1" in --mysql-home) MYSQL_HOME=$2 ; shift 2 ;; --db) voms_database=$2 ; shift 2 ;; --mysql-admin) mysql_username_admin=$2 ; shift 2 ;; --mysql-pwd) mysql_password_admin=$2 ; shift 2 ;; --master-host) master_host=$2 ; shift 2 ;; --master-mysql-user) master_mysql_user=$2 ; shift 2 ;; --master-mysql-pwd) master_mysql_pwd=$2 ; shift 2 ;; --master-db) master_db=$2 ; shift 2 ;; --master-log-file) master_log_file=$2 ; shift 2 ;; --master-log-pos) master_log_pos=$2 ; shift 2 ;; -v) verbose="1" ; shift ;; -h) echo "This is the help" ; exit 1 ;; --) shift ; break ;; *) echo "Internal Error!" >&2 ; exit 1 ;; esac done ############################################################################### #STOP ACTIVITY MYSQL=mysql if ! test -z $verbose ; then echo "VOMS_INSTALL_REPLICA: LOCK MASTER TABLES.."; fi $MYSQL -h $master_host -u $master_mysql_user -p$master_mysql_pwd -e "FLUSH TABLES WITH READ LOCK" # STOP MASTER MYSQL="mysql -u$mysql_username_admin -p$mysql_password_admin" if ! test -z $verbose ; then echo "VOMS_INSTALL_REPLICA: STOP SLAVE.." ; fi #$MYSQL -e "RESET SLAVE" # May help.. $MYSQL -e "STOP SLAVE" # STOP SLAVE #DUPLICATE DATABASE if ! test -z $verbose ; then echo "VOMS_INSTALL_REPLICA: DUPLICATE DB (MYSQLDUMP).." ; fi $MYSQL -e "DROP DATABASE IF EXISTS $voms_database; CREATE DATABASE $voms_database;" mysqldump --host $master_host -u $master_mysql_user -p$master_mysql_pwd --opt $master_db | $MYSQL -C $voms_database; $MYSQL -D $voms_database -e "update seqnumber set seq=00" #GET MASTER STATUS if test -z $master_log_file; then if ! test -z $verbose ; then echo "VOMS_INSTALL_REPLICA: GET MASTER LOG FILE AND POS.." ; fi master_log_file=`mysql -h $master_host -u $master_mysql_user -p$master_mysql_pwd -e "show master status" | awk 'NR==2 {print $1}'` master_log_pos=`mysql -h $master_host -u $master_mysql_user -p$master_mysql_pwd -e "show master status" | awk 'NR==2 {print $2}'` fi #WRITE MASTER INFO $MYSQL < /etc/my.cnf < /etc/my.cnf <> @ETC_DIR@/etc/vomses <&2 ; exit 1 ; fi eval set -- "$TEMP" while true ; do case "$1" in --mysql-home) MYSQL_HOME=$2 ; shift 2 ;; --force) do_force="y" ; shift ;; --mysql-admin) mysql_username_admin=$2 ; shift 2 ;; --mysql-pwd) mysql_password_admin=$2 ; shift 2 ;; --replica-user) mysql_replica_user=$2 ; shift 2 ;; --replica-user-pwd) mysql_replica_user_pwd=$2 ; shift 2 ;; --slave-host) slave_host=$2 ; shift 2 ;; --mysql-conf-file) mysql_conf_file=$2 ; shift 2 ;; --master-db) master_db=$2 ; shift 2 ;; --ssl-capath) ssl_capath=$2 ; shift 2 ;; --ssl-mysqlcert) ssl_mysqlcert=$2 ; shift 2 ;; --ssl-mysqlkey) ssl_mysqlkey=$2 ; shift 2 ;; --dry-run) dryrun="y" ; shift ;; --require-ssl) require_ssl="y" ; shift ;; --mysql-version) mysql_version="$2" ; shift 2 ;; -v) verbose="1" ; shift ;; -verbose) verbose="1" ; shift ;; -h) help="yes" ; shift ;; --help) help="yes" ; shift ;; --) shift ; break ;; *) echo "Unknown Option!" >&2 ; exit 1 ;; esac done if test "x$help" = "xyes" ; then $ECHO "USAGE: voms-replica-master-setup.sh [--option value] ... [--option value]" $ECHO $ECHO "Where --option may be:" $ECHO " --mysql-home Where the MySQL installation is based." $ECHO " Defaults to \$MYSQL_HOME if set, otherwise" $ECHO " assumes that the executables can be" $ECHO " found in \$PATH" $ECHO " --force Skips the initial warning." $ECHO " --mysql-admin The MySQL Admin account. Defaults to 'root'" $ECHO " --mysql-pwd The password of the MySQL Admin account." $ECHO " Does not have a default." $ECHO " --replica-user The user which will be setup for replication." $ECHO " Defaults to 'replica'" $ECHO " --replica-user-pwd The password of the above account. No defaults," $ECHO " but one will be generated if not specified." $ECHO " --slave-host The fully qualified hostname from which the" $ECHO " replica will connect." $ECHO " --mysql-conf-file The location of the MySQL configuration file." $ECHO " Defaults to /etc/my.cnf" $ECHO " --master-db The name of the DB to replicate. No defaults." $ECHO " MUST be specified." $ECHO " --require-ssl Activates the following three options, and" $ECHO " requires a SSL connection for the replication." $ECHO " --ssl-capath The location where the CA certificates will be found." $ECHO " Defaults to '/etc/grid-security/certificates'" $ECHO " --ssl-mysqlcert The location where the host certificate for MySQL" $ECHO " will be found." $ECHO " Defaults to '/etc/grid-security/mysqlcert.pem'" $ECHO " --ssl-mysqlkey The location where the key of the certificate will" $ECHO " be found. Defaults to '/etc/grid-security/mysqlkey.pem" $ECHO " --dry-run Do not actually modify anything." $ECHO " --mysql-version Major version of mysql." $ECHO " -h, --help This test" $ECHO $ECHO "Note: Due to a bug on some versions of MySQL 5, admin running those version" $ECHO "should either regenerate the dump file and overwrite that created by the script" $ECHO "or ensure that no other process updates the master-db during its creation." exit 0; fi if test "x$do_force" != "xy" ; then echo "WARNING: This script assumes that it can thrash the current server" echo "configuration. If instead you wish to keep it, read the" echo "documentation and perform the procedure by hand." echo "Do you wish to continue? type YES if it is so." read answer if test "z$answer" != "zYES" ; then echo "Operation aborted." exit 1; fi fi if test "x$mysql_replica_user_pwd" = "x" ; then mysql_replica_user_pwd="`$SSLPROG rand -base64 6`" fi if test "x$master_db" = "x" ; then echo "--master-db MUST be specified." exit 1; fi ############################################################################### #CREATE USER if test "x$dryrun" = "xy" ; then MYSQL=echo elif test "x$mysql_password_admin" = "x" ; then MYSQL="$MYSQL_HOME/bin/mysql -u$mysql_username_admin" else MYSQL="$MYSQL_HOME/bin/mysql -u$mysql_username_admin -p$mysql_password_admin" fi MYSQLDUMP=$MYSQL_HOME/bin/mysqldump MYSQLINIT="" if test -e /etc/rc.d/init.d/mysqld ; then MYSQLINIT=/etc/rc.d/init.d/mysqld elif test -e /etc/rc.d/init.d/mysql ; then MYSQLINIT=/etc/rc.d/init.d/mysql fi if test "x$require_ssl" = "xy" ; then $MYSQL -e "GRANT REPLICATION SLAVE ON *.* TO '$mysql_replica_user'@'$slave_host' IDENTIFIED BY '$mysql_replica_user_pwd' REQUIRE SSL; GRANT SELECT ON $master_db.* TO '$mysql_replica_user'@'$slave_host' IDENTIFIED BY '$mysql_replica_user_pwd' REQUIRE SSL; FLUSH PRIVILEGES;" else $MYSQL -e "GRANT REPLICATION SLAVE ON *.* TO '$mysql_replica_user'@'$slave_host' IDENTIFIED BY '$mysql_replica_user_pwd'; GRANT SELECT ON $master_db.* TO '$mysql_replica_user'@'$slave_host' IDENTIFIED BY '$mysql_replica_user_pwd'; FLUSH PRIVILEGES;" fi if test "x$mysql_version" = "x5" ; then if test "x$mysql_password_admin" = "x" ; then $MYSQLDUMP -u$mysql_username_admin -B $master_db >$master_db.dump else $MYSQLDUMP -u$mysql_username_admin -p$mysql_password_admin -B $master_db >$master_db.dump fi if test "x$mysql_password_admin" = "x" ; then $MYSQL -e "FLUSH TABLES WITH READ LOCK; SHOW MASTER STATUS" >/tmp/outfile else $MYSQL -e "FLUSH TABLES WITH READ LOCK; SHOW MASTER STATUS" > /tmp/outfile fi else if test "x$mysql_password_admin" = "x" ; then $MYSQL -e "FLUSH TABLES WITH READ LOCK; SHOW MASTER STATUS; SYSTEM $MYSQLDUMP -u$mysql_username_admin -B $master_db >$master_db.dump;" >/tmp/outfile else $MYSQL -e "FLUSH TABLES WITH READ LOCK; SHOW MASTER STATUS; SYSTEM $MYSQLDUMP -u$mysql_username_admin -p$mysql_password_admin -B $master_db >$master_db.dump;" > /tmp/outfile fi fi master_log_file=`cat /tmp/outfile | awk 'NR==2 {print $1}'` master_log_pos=`cat /tmp/outfile | awk 'NR==2 {print $2}'` $MYSQL -e "USE $master_db; select * from seqnumber" 2>/dev/null >/dev/null if test $? -eq 0 ; then ignoretables="seqnumber" else ignoretables="" fi if test "x$dryrun" = "xn" ; then $MYSQLINIT stop #GET MUST PRESERVE DATA set datadir=`cat $mysql_conf_file|grep -E '[\t ]*datadir[\t ]*='` set socket=`cat $mysql_conf_file|grep -E '[\t ]*socket[\t ]*='` set oldpass=`cat $mysql_conf_file|grep -E '[\t ]*old_passwords[\t ]*='` cat >$mysql_conf_file <>$mysql_conf_file <>$mysql_conf_file <&2 ; exit 1 ; fi eval set -- "$TEMP" while true ; do case "$1" in --mysql-home) MYSQL_HOME=$2 ; shift 2 ;; --force) do_force="y" ; shift ;; --mysql-admin) mysql_username_admin=$2 ; shift 2 ;; --mysql-pwd) mysql_password_admin=$2 ; shift 2 ;; --replica-user) mysql_replica_user=$2 ; shift 2 ;; --replica-user-pwd) mysql_replica_user_pwd=$2 ; shift 2 ;; --master-host) master_host=$2 ; shift 2 ;; --mysql-conf-file) mysql_conf_file=$2 ; shift 2 ;; --master-db) master_db=$2 ; shift 2 ;; --ssl-capath) ssl_capath=$2 ; shift 2 ;; --ssl-mysqlcert) ssl_mysqlcert=$2 ; shift 2 ;; --ssl-mysqlkey) ssl_mysqlkey=$2 ; shift 2 ;; --use-ssl) require_ssl="y" ; shift ;; --log-file) log_file=$2 ; shift 2 ;; --log-file-position) log_file_pos=$2 ; shift 2 ;; --ignore) ignore_tables=$2 ; shift 2 ;; --dry-run) dryrun="y" ; shift ;; --slave-id) slaveid=$2 ; shift 2 ;; -v) verbose="1" ; shift ;; --verbose) verbose="1" ; shift ;; -h) help="yes" ; shift ;; --help) help="yes" ; shift ;; --) shift ; break ;; *) echo "Unknown Option:$1" >&2 ; exit 1 ;; esac done if test "x$help" = "xyes" ; then $ECHO "USAGE: voms-replica-slave-setup.sh [--option value] ... [--option value]" $ECHO "" $ECHO "Where --option may be:" $ECHO " --mysql-home Where the MySQL installation is based." $ECHO " Defaults to \$MYSQL_HOME if set, otherwise" $ECHO " assumes that the executables can be" $ECHO " found in \$PATH" $ECHO " --force Skips the initial warning." $ECHO " --mysql-admin The MySQL Admin account. Defaults to 'root'" $ECHO " --mysql-pwd The password of the MySQL Admin account." $ECHO " Does not have a default." $ECHO " --replica-user The user which will be setup for replication." $ECHO " Defaults to 'replica'" $ECHO " --replica-user-pwd The password of the above account. No defaults," $ECHO " this MUST be specified." $ECHO " --master-host The fully qualified hostname to which the" $ECHO " replica will connect." $ECHO " --mysql-conf-file The location of the MySQL configuration file." $ECHO " Defaults to /etc/my.cnf" $ECHO " --master-db The name of the DB to replicate. No defaults." $ECHO " MUST be specified." $ECHO " --use-ssl Activates the following three options, and" $ECHO " specifies a SSL connection for the replication." $ECHO " --ssl-capath The location where the CA certificates will be found." $ECHO " Defaults to '/etc/grid-security/certificates'" $ECHO " --ssl-mysqlcert The location where the host certificate for MySQL" $ECHO " will be found." $ECHO " Defaults to '/etc/grid-security/mysqlcert.pem'" $ECHO " --ssl-mysqlkey The location where the key of the certificate will" $ECHO " be found. Defaults to '/etc/grid-security/mysqlkey.pem" $ECHO " --log-file Specifies the master's log file from which to" $ECHO " replicate transactions." $ECHO " --log-file-position Specifies the position in the log file from which" $ECHO " to start replication." $ECHO " --ignore Comma-separated list of tables to ignore during" $ECHO " replication." $ECHO " --dry-run Do not actually modify anything." $ECHO " --slave-id Must be a number >=2, a different number for" $ECHO " slave. Defaults to 2." $ECHO " -h, --help This test" exit 0; fi if test "x$do_force" != "xy" ; then echo "WARNING: This script assumes that it can thrash the current server configuration" echo "If instead you wish to keep it, read the documentation and perform the procedure by hand." echo "Do you wish to continue? type YES if it is so." read answer if test "z$answer" != "zYES" ; then exit 1; fi fi if test "x$mysql_replica_user_pwd" = "x" ; then echo "Did not specify the replication password."; exit 1; fi if test "x$log_file_pos" = "x" ; then echo "Did not specify the mater log file position."; echo "is this intentional? Type YES if it is so" read answer if test "z$answer" != "zYES" ; then exit 1; fi fi if test "x$master_db" = "x" ; then echo "Did not specify which db to replicate"; exit 1; fi ############################################################################### #CREATE USER if test "x$dryrun" = "xy" ; then MYSQL=echo elif test "x$mysql_password_admin" = "x" ; then MYSQL="$MYSQL_HOME/bin/mysql -u$mysql_username_admin" else MYSQL="$MYSQL_HOME/bin/mysql -u$mysql_username_admin -p$mysql_password_admin" fi MYSQLDUMP=$MYSQL_HOME/bin/mysqldump if test -e /etc/rc.d/init.d/mysqld ; then MYSQLINIT=/etc/rc.d/init.d/mysqld elif test -e /etc/rc.d/init.d/mysql ; then MYSQLINIT=/etc/rc.d/init.d/mysql fi if test "x$dryrun" = "xn" ; then $MYSQLINIT stop #GET MUST PRESERVE DATA set datadir=`cat $mysql_conf_file|grep -E '[\t ]*datadir[\t ]*='` set socket=`cat $mysql_conf_file|grep -E '[\t ]*socket[\t ]*='` set oldpass=`cat $mysql_conf_file|grep -E '[\t ]*old_passwords[\t ]*='` set replicate=`cat $mysql_conf_file|grep -E '[\t ]*replicate-do-db'` set ignore=`cat $mysql_conf_file|grep -E '[\t ]*replicate-ignore-table'` cat >$mysql_conf_file <>$mysql_conf_file <>$mysql_conf_file <>$mysql_conf_file <>$mysql_conf_file <>$mysql_conf_file fi cat >>$mysql_conf_file < voms-2.1.2/src/server/VOMSServer.h000066400000000000000000000076501477131364200167410ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_SERVER_VOMSSERVER_H #define VOMS_SERVER_VOMSSERVER_H #include #include #include #include #include "Server.h" #include "errors.h" #include "vomsxml.h" #include #include "data.h" #include struct voms_init_error: public std::runtime_error { voms_init_error(std::string const& m): runtime_error(m){} virtual const char* what() throw() { return std::runtime_error::what(); } }; struct voms_execution_error: public std::runtime_error { voms_execution_error(std::string const& m): runtime_error(m){} virtual const char* what() throw() { return std::runtime_error::what(); } }; class vomsresult { private: std::string ac; std::string data; std::vector errs; bool base64; public: vomsresult() : ac("A"), data(""), base64(true) {}; void setError(int num, std::string message) { errorp t; t.num = num; t.message = message; errs.push_back(t); } void setError(errorp p) { errs.push_back(p); } void setBase64(bool b64) { base64 = b64; } void setAC(std::string ac) { this->ac = ac; } void setData(std::string data) { this->data = data; } std::string makeXMLAnswer(void) { return XML_Ans_Encode(ac, data, errs, base64); } std::string makeRESTAnswer(int& code); }; class VOMSServer { public: VOMSServer(int argc, char *argv[]); ~VOMSServer(); void UpdateOpts(void); void Run(); bool makeAC(vomsresult& vr, EVP_PKEY *key, X509 *issuer, X509 *holder, const std::string &message); private: VOMSServer &operator=(VOMSServer const &) {exit(1);} void Execute(EVP_PKEY *, X509 *, X509 *); public: GSISocketServer sock; int ac; char **av; int validity; std::string logfile; bool gatekeeper_test; int daemon_port; bool foreground; std::string x509_cert_dir; std::string x509_cert_file; std::string x509_user_proxy; std::string x509_user_cert; std::string x509_user_key; std::string desired_name_char; std::string username; std::string dbname; std::string contactstring; int mysql_port; std::string mysql_socket; std::string passfile; std::string voname; std::string uri; int version; std::string subject; std::string ca; bool debug; int code; int backlog; void *logger; int socktimeout; int logmax; int loglev; int logt; std::string logdf; std::string logf; bool newformat; bool insecure; bool shortfqans; bool do_syslog; bool base64encoding; bool nologfile; int max_active_requests; }; #endif voms-2.1.2/src/server/attribute.cc000066400000000000000000000026051477131364200171220ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include bool operator==(const gattrib &lhs, const gattrib &rhs) { return ((lhs.name == rhs.name) && (lhs.qualifier == rhs.qualifier) && (lhs.value == rhs.value)); } bool operator<(const gattrib &lhs, const gattrib &rhs) { return lhs.str() < rhs.str(); } voms-2.1.2/src/server/attribute.h000066400000000000000000000024751477131364200167710ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_ATTRIBUTE_H #define VOMS_ATTRIBUTE_H #include #include "dbwrap.h" bool operator==(const gattrib& lhs, const gattrib& rhs); bool operator<(const gattrib& lhs, const gattrib& rhs); #endif /* __ATTRIBUTE_H */ voms-2.1.2/src/server/main.cc000066400000000000000000000033521477131364200160430ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include "replace.h" #include "VOMSServer.h" #include "dbwrap.h" #include "sslutils.h" #include extern "C" { #include } int main(int argc, char *argv[]) { ERR_load_proxy_error_strings(); OpenSSL_add_ssl_algorithms(); SSL_library_init(); try { VOMSServer v(argc,argv); v.Run(); } catch(voms_init_error& e) { std::cout << "Initialization error: " << e.what() << std::endl; return EXIT_FAILURE; } catch(std::exception& e) { std::cout << "Error: " << e.what() << std::endl; return EXIT_FAILURE; } catch(...) { std::cout << "Undefined error." << std::endl; return EXIT_FAILURE; } } voms-2.1.2/src/server/uuid.c000066400000000000000000000041241477131364200157200ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include #include #include #include static int have_urandom = 0; void initialize_uuid_generator() { int fd = open("/dev/urandom", O_RDONLY); if (fd == -1) { srandom(time(NULL)); have_urandom = 0; } else { close(fd); have_urandom = 1; } } void generate_uuid(unsigned char uuid[16]) { if (have_urandom) { int fd = open("/dev/urandom", O_RDONLY); int hasread = 0; int readb = 0; do { readb = read(fd, uuid+hasread, 16 - hasread); hasread += readb; } while (readb > 0 && hasread <16); close(fd); } else { int i; for (i =0 ; i < 16; i ++) uuid[i] = (random() & 0x000ff000) >> 12; } /* Set highest bits to 01 (point 1 of RFC 4122 4.4 */ uuid[8] &= 0x3f; uuid[8] |= 0x80; /* Set the four highest bits to 0100 (point 2 of RFC 4122 4.4 */ uuid[6] &= 0x0f; uuid[6] |= 0x40; } voms-2.1.2/src/server/uuid.h000066400000000000000000000023141477131364200157240ustar00rootroot00000000000000 /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_UUID_H #define VOMS_UUID_H extern "C" { extern void initialize_uuid_generator(); extern void generate_uuid(unsigned char[16]); } #endif voms-2.1.2/src/server/vomsd-rest.cc000066400000000000000000000144721477131364200172270ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" extern "C" { #include "replace.h" #include #include #include #include #include #include "sslutils.h" #include "log.h" #include "credentials.h" } #include #include #include "soapH.h" #include "VOMSServer.h" #include "fqan.h" #include "data.h" static pem_password_cb *pw_cb = NULL; static bool makeACSSL(vomsresult &vr, SSL *ssl, const std::string& command, const std::string &orderstring, const std::string& targets, int requested, VOMSServer *v); static int makeACREST(struct soap *soap, const std::string& command, const std::string& orderstring, const std::string& targets, int requested, int unknown); int http_get(soap *soap); static int pwstdin_callback(char * buf, int num, UNUSED(int w), UNUSED(void *u)); static bool get_parameter(char **path, char **name, char **value); extern VOMSServer *selfpointer; extern void *logh; extern char *maingroup; static int pwstdin_callback(char * buf, int num, UNUSED(int w), UNUSED(void *u)) { int i; if (!(fgets(buf, num, stdin))) { std::cerr << "Failed to read pass-phrase from stdin" << std::endl; return -1; } i = strlen(buf); if (buf[i-1] == '\n') { buf[i-1] = '\0'; i--; } return i; } static bool makeACSSL(vomsresult &vr, SSL *ssl, const std::string& command, const std::string &orderstring, const std::string& targets, int requested, VOMSServer *v) { X509 *holder = SSL_get_peer_certificate(ssl); STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl); X509 *realholder = get_real_cert(holder, chain); X509 *issuer = NULL; EVP_PKEY *key = NULL; pw_cb = pwstdin_callback; char *hostcert = (char*)"/etc/grid-security/hostcert.pem"; char *hostkey = (char*)"/etc/grid-security/hostkey.pem"; if (!v->x509_user_cert.empty()) hostcert = (char*)v->x509_user_cert.c_str(); if (!v->x509_user_key.empty()) hostkey = (char *)v->x509_user_key.c_str(); if (!load_credentials(hostcert, hostkey, &issuer, NULL, &key, pw_cb)) { X509_free(issuer); EVP_PKEY_free(key); return false; } std::string message = XML_Req_Encode(command, orderstring, targets, requested); bool ret = selfpointer->makeAC(vr, key, issuer, realholder, message); X509_free(issuer); EVP_PKEY_free(key); return ret; } static int makeACREST(struct soap *soap, const std::string& command, const std::string& orderstring, const std::string& targets, int requested, int unknown) { vomsresult vr; if (unknown) vr.setError(WARN_UNKNOWN_COMMAND, "Unknown parameters in the request were ignored!"); (void)makeACSSL(vr, (SSL*)soap->ssl, command, orderstring, targets, requested, selfpointer); int value; std::string output = vr.makeRESTAnswer(value); soap->http_content = "text/xml"; soap_response(soap, value); soap_send(soap, output.c_str()); soap_end_send(soap); return SOAP_OK; } int http_get(soap *soap) { char *path = strdup(soap->path); int unknown = 0; LOGM(VARP, logh, LEV_DEBUG, T_PRE, "HTTP request: %s", soap->path); if (!path) return SOAP_GET_METHOD; char *s = strchr(path, '?'); if (s) *s='\0'; if (strcmp(path, "/generate-ac") != 0) { free(path); soap_response(soap, 404); soap_end_send(soap); return 404; } soap_response(soap, SOAP_HTML); /* determine parameters */ std::vector fqans; int lifetime = -1; std::string orderstring; std::string targetstring; if (s) { ++s; if (!strlen(s)) { free(path); soap_response(soap, 404); soap_end_send(soap); return 500; } char *basis = s; do { char *cname; char *cvalue; if (!get_parameter(&basis, &cname, &cvalue)) { free(path); soap_response(soap, 404); soap_end_send(soap); return 500; } if (strcmp(cname, "lifetime") == 0) lifetime = atoi(cvalue); else if (strcmp(cname, "fqans") == 0) { char *position = strchr(cvalue, ','); while (position) { *position = '\0'; fqans.push_back(std::string(cvalue)); cvalue = ++position; position = strchr(cvalue, ','); } fqans.push_back(std::string(cvalue)); } else if (strcmp(cname, "order") == 0) { if (orderstring.empty()) orderstring = std::string(cvalue); else orderstring += ", " + std::string(cvalue); } else if (strcmp(cname, "targets") == 0) { targetstring = std::string(cvalue); } else { /* purposefully ignore other parameters */ /* but put it in an otherwise positive response */ unknown = 1; } } while (basis); } if (fqans.size()==0) fqans.push_back(maingroup); std::string command = parse_fqan(fqans); int res = makeACREST(soap, command, orderstring, targetstring, lifetime, unknown); free(path); return res; } static bool get_parameter(char **path, char **name, char **value) { if (!path || !name || !value) return false; char* next = strchr(*path, '&'); if (next) *next='\0'; char *equal = strchr(*path, '='); if (!equal) return false; *equal='\0'; *name = *path; *value = equal+1; if (next) *path = ++next; else *path = next; return true; } voms-2.1.2/src/server/vomsd.cc000066400000000000000000001356061477131364200162570ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" extern "C" { #include "replace.h" #include "uuid.h" #include "doio.h" #define SUBPACKAGE "voms" #include #include #include #include #include #include #include #include #include "newformat.h" #include "init.h" #include "credentials.h" #include "log.h" #include "sslutils.h" static int reload = 0; void *logh = NULL; #include "proxycertinfo.h" } #include #include "Server.h" #include "options.h" #include "data.h" #include "pass.h" #include "errors.h" #include "vomsxml.h" #include #include #include #include #include #include "attribute.h" #include "dbwrap.h" #include "voms_api.h" #include "soapH.h" extern int AC_Init(void); extern int http_get(soap *soap); #include "ccwrite.h" #include "validate.h" #include "VOMSServer.h" static bool file_is_readable(const char* filename){ std::ifstream f(filename); return f.good(); } std::string vomsresult::makeRESTAnswer(int& code) { std::string output = ""; code = SOAP_HTML; if (ac != "A" && !ac.empty()){ std::string encoded_ac = Encode(ac,true); output += ""+encoded_ac+""; } if (!data.empty()){ std::string encoded_data = Encode(data,true); output += ""+encoded_data+""; } std::vector::const_iterator end = errs.end(); for (std::vector::const_iterator i = errs.begin(); i != end; ++i) { bool warning = i->num < ERROR_OFFSET ? true : false; std::string strcode; switch (i->num) { case ERR_SUSPENDED: strcode = "SuspendedUser"; code = 403; break; case ERR_NOT_MEMBER: if (strstr(i->message.c_str(), "Unable to satisfy") == NULL) { strcode = "NoSuchUser"; code = 403; } else { strcode = "BadRequest"; code = 400; } break; case ERR_NO_COMMAND: strcode="BadRequest"; code = 400; break; default: strcode = "InternalError"; code = 500; } if (warning) output += "" + i->message + ""; else output += "" + strcode + "" + i->message + ""; if (code != SOAP_HTML) break; } output += ""; return output; } SOAP_NMAC struct Namespace namespaces[] = { {NULL, NULL, NULL, NULL} }; static const int DEFAULT_PORT = 15000; static const int DEFAULT_TIMEOUT = 60; static std::string dummy; sqliface::interface *db = NULL; typedef std::map ordermap; static ordermap ordering; static std::string sqllib = ""; char *maingroup = NULL; typedef sqliface::interface* (*cdb)(); typedef int (*gv)(); cdb NewDB; gv getlibversion; bool dummyb = false; static bool checkinside(gattrib g, std::vector list); static long long get_userid(sqliface::interface *db, X509 *cert, const std::string& voname, vomsresult &vr); static std::string addtoorder(std::string previous, char *group, char *role); static bool determine_group_and_role(std::string command, char *comm, char **group, char **role); static BIGNUM *get_serial(); static void sighup_handler(int signo); static void sigterm_handler(int signo); static bool compare(const std::string &lhs, const std::string &rhs); static void orderattribs(std::vector &v); static std::string parse_order(const std::string &message, ordermap &ordering); static void parse_targets(const std::string &message, std::vector &target); static bool not_in(std::string fqan, std::vector fqans); static void AdjustURI(std::string &uri, int port); static int active_requests = 0; static void sigchld_handler(int signo) { int save_errno = errno; pid_t pid; int status; do{ pid = waitpid(-1,&status, WNOHANG); if (pid > 0) { active_requests--; if ( active_requests < 0 ) active_requests = 0; } } while ((pid > 0) || (pid < 0 && errno == EINTR)); errno = save_errno; } static void sighup_handler(int signo) { reload = 1; } static void sigterm_handler(int signo) { exit(1); } static bool compare(const std::string &lhs, const std::string &rhs) { ordermap::iterator lhi=ordering.find(lhs); ordermap::iterator rhi=ordering.find(rhs); LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Comparing: %s to %s", lhs.c_str(), rhs.c_str()); if (lhi == ordering.end()) { LOG(logh, LEV_DEBUG, T_PRE, "No left hand side"); return false; } if (rhi == ordering.end()) { LOG(logh, LEV_DEBUG, T_PRE, "No Right hand side"); return true; } LOGM(VARP, logh, LEV_DEBUG, T_PRE, "%d:%d",lhi->second, rhi->second); return (lhi->second < rhi->second); } static void orderattribs(std::vector &v) { int sortsize = (ordering.size() < v.size() ? ordering.size() : v.size()); std::partial_sort(v.begin(), v.begin() + sortsize, v.end(), compare); } static std::string parse_order(const std::string &message, ordermap &ordering) { int order = 0; std::string first; std::string::size_type position = 0; // Will be set to 0 at first iteration LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Initiating parse order: %s",message.c_str()); while (position != std::string::npos) { LOG(logh, LEV_DEBUG, T_PRE, "Entered loop"); /* There is a specified ordering */ std::string::size_type end_token = message.find_first_of(',', position); std::string attribute; if (end_token == std::string::npos) attribute = message.substr(position); else attribute = message.substr(position, end_token - position); LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Attrib: %s",attribute.c_str()); std::string::size_type divider = attribute.find(':'); std::string fqan; if (divider == std::string::npos) fqan = attribute; else fqan = attribute.substr(0, divider) + "/Role=" + attribute.substr(divider+1); if (first.empty()) first = fqan; LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Order: %s",fqan.c_str()); ordering.insert(std::make_pair(fqan,order)); order++; position = end_token; if (position != std::string::npos) position ++; } return first; } static void parse_targets(const std::string &message, std::vector &target) { std::string::size_type position = 0; // Will be set to 0 at first iteration while (position != std::string::npos) { /* There is a specified ordering */ std::string::size_type end_token = message.find_first_of(',',position); std::string attribute; if (end_token == std::string::npos) attribute = message.substr(position); else attribute = message.substr(position, end_token - position); target.push_back(attribute); position = end_token; if (position != std::string::npos) position ++; } } static bool not_in(std::string fqan, std::vector fqans) { return (find(fqans.begin(), fqans.end(), fqan) == fqans.end()); } VOMSServer *selfpointer = NULL; VOMSServer::VOMSServer(int argc, char *argv[]) : sock(0,NULL,50,false), validity(86400), logfile("/var/log/voms"), gatekeeper_test(false), daemon_port(DEFAULT_PORT), foreground(false), x509_cert_dir(""), x509_cert_file(""), x509_user_proxy(""), x509_user_cert(""), x509_user_key(""), desired_name_char(""), username("voms"), dbname("voms"), contactstring(""), mysql_port(0), mysql_socket(""), passfile(""), voname("unspecified"), uri(""), version(0), subject(""), ca(""), debug(false), code(-1), backlog(50), logger(NULL), socktimeout(-1), logmax(10000000),loglev(2), logt(T_STARTUP|T_REQUEST|T_RESULT), logdf("%c"), logf("%d:%h:%s[%p]: msg=\"%V:%T:%F (%f:%l):%m\""), newformat(false), insecure(false), shortfqans(false), do_syslog(false), base64encoding(false), nologfile(false), max_active_requests(50) { selfpointer = this; signal(SIGCHLD, sigchld_handler); signal(SIGTERM, sigterm_handler); ac = argc; av = argv; InitProxyCertInfoExtension(1); bool progversion = false; struct option opts[] = { {"help", 0, NULL, OPT_HELP}, {"usage", 0, NULL, OPT_HELP}, {"test", 0, (int *)&gatekeeper_test, OPT_BOOL}, {"conf", 1, NULL, OPT_CONFIG}, {"port", 1, &daemon_port, OPT_NUM}, {"logfile", 1, (int *)&logfile, OPT_STRING}, {"globusid", 1, (int *)&dummy, OPT_STRING}, {"globuspwd", 1, (int *)&dummy, OPT_STRING}, {"x509_cert_dir", 1, (int *)&x509_cert_dir, OPT_STRING}, {"x509_cert_file", 1, (int *)&x509_cert_file, OPT_STRING}, {"x509_user_proxy", 1, (int *)&x509_user_proxy, OPT_STRING}, {"x509_user_cert", 1, (int *)&x509_user_cert, OPT_STRING}, {"x509_user_key", 1, (int *)&x509_user_key, OPT_STRING}, {"desired_name", 1, (int *)&desired_name_char, OPT_STRING}, {"foreground", 0, (int *)&foreground, OPT_BOOL}, {"username", 1, (int *)&username, OPT_STRING}, {"timeout", 1, &validity, OPT_NUM}, {"dbname", 1, (int *)&dbname, OPT_STRING}, {"contactstring", 1, (int *)&contactstring, OPT_STRING}, {"mysql-port", 1, (int *)&mysql_port, OPT_NUM}, {"mysql-socket", 1, (int *)&mysql_socket, OPT_STRING}, {"passfile", 1, (int *)&passfile, OPT_STRING}, {"vo", 1, (int *)&voname, OPT_STRING}, {"uri", 1, (int *)&uri, OPT_STRING}, {"globus", 1, &version, OPT_NUM}, {"version", 0, (int *)&progversion, OPT_BOOL}, {"backlog", 1, &backlog, OPT_NUM}, {"debug", 0, (int *)&debug, OPT_BOOL}, {"code", 1, &code, OPT_NUM}, {"loglevel", 1, &loglev, OPT_NUM}, {"logtype", 1, &logt, OPT_NUM}, {"logformat", 1, (int *)&logf, OPT_STRING}, {"logdateformat", 1, (int *)&logdf, OPT_STRING}, {"sqlloc", 1, (int *)&sqllib, OPT_STRING}, {"compat", 1, (int *)&dummyb, OPT_BOOL}, {"socktimeout", 1, &socktimeout, OPT_NUM}, {"logmax", 1, &logmax, OPT_NUM}, {"newformat", 1, (int *)&newformat, OPT_BOOL}, {"skipcacheck", 1, (int *)&insecure, OPT_BOOL}, {"shortfqans", 0, (int *)&shortfqans, OPT_BOOL}, {"syslog", 0, (int *)&do_syslog, OPT_BOOL}, {"base64", 0, (int *)&base64encoding, OPT_BOOL}, {"nologfile", 0, (int *)&nologfile, OPT_BOOL}, {"max-reqs", 1, &max_active_requests, OPT_NUM}, {0, 0, 0, 0} }; /* * Parse the command line arguments */ set_usage("[-help] [-usage] [-conf parmfile] [-foreground] [-port port]\n" "[-logfile file] [-passfile file] [-vo voname]\n" "[-globus version]\n" "[-x509_cert_dir path] [-x509_cert_file file]\n" "[-x509_user_cert file] [-x509_user_key file]\n" "[-dbname name] [-username name] [-contactstring name]\n" "[-mysql-port port] [-mysql-socket socket] [-timeout limit]\n" "[-x509_user_proxy file] [-test] [-uri uri] [-code num]\n" "[-loglevel lev] [-logtype type] [-logformat format]\n" "[-logdateformat format] [-debug] [-backlog num] [-skipcacheck]\n" "[-version] [-sqlloc path] [-compat] [-logmax n] [-socktimeout n]\n" "[-shortfqans] [-newformat] [-syslog] [-base64] [-nologfile]\n" "[-max_reqs max_concurrent_request_number]\n"); if (!getopts(argc, argv, opts)) throw voms_init_error("unable to read options"); maingroup = snprintf_wrap("/%s", voname.c_str()); if (socktimeout == -1) socktimeout = DEFAULT_TIMEOUT; if (code == -1) code = daemon_port; if (progversion) { std::cout << SUBPACKAGE << "\nVersion: " << VERSION << std::endl; std::cout << "Compiled: " << __DATE__ << " " << __TIME__ << std::endl; return; } /* Test if logging can start. */ if (!do_syslog) { struct stat statbuf; int dounlink = 1; int res = stat(logfile.c_str(), &statbuf); if (!res) { /* It exists. Must not be unlinked. */ dounlink = 0; } int newfd = open(logfile.c_str(), O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR); if (newfd == -1) { fprintf(stderr, "logging could not start! Logfile %s could not be opened, and syslogging is disabled.", logfile.c_str()); throw voms_execution_error("Logging system startup error."); } if (dounlink) unlink(logfile.c_str()); close(newfd); } if ((logh = LogInit())) { loglevels lev; switch(loglev) { case 1: lev = LEV_NONE; break; case 2: lev = LEV_ERROR; break; case 3: lev = LEV_WARN; break; case 4: lev = LEV_INFO; break; case 5: lev = LEV_DEBUG; break; default: lev = LEV_DEBUG; break; } if (lev == LEV_DEBUG) logt = T_STARTUP|T_REQUEST|T_RESULT; (void)LogLevel(logh, lev); (void)LogType(logh, logt); (void)SetCurLogType(logh, T_STARTUP); (void)LogService(logh, "vomsd"); (void)LogFormat(logh, logf.c_str()); if (!nologfile) (void)LogActivate(logh, "FILE"); if (do_syslog) (void)LogActivate(logh, "SYSLOG"); (void)LogOption(logh, "NAME", logfile.c_str()); (void)LogOptionInt(logh, "MAXSIZE", logmax); (void)LogOption(logh, "DATEFORMAT", logdf.c_str()); } else throw voms_init_error("logging startup failure"); LOGM(VARP, logh, LEV_INFO, T_PRE, "Package: %s", SUBPACKAGE); LOGM(VARP, logh, LEV_INFO, T_PRE, "Version: %s", VERSION); LOGM(VARP, logh, LEV_INFO, T_PRE, "Compiled: %s %s", __DATE__, __TIME__); for (int i = 0; i < argc; i++) LOGM(VARP, logh, LEV_DEBUG, T_PRE, "argv[%d] = \"%s\"", i, argv[i]); LOG(logh, LEV_INFO, T_PRE, "Reconfigured server."); if (!sqllib.empty()) { void * library = dlopen(sqllib.c_str(), RTLD_LAZY); if(!library) { LOG(logh, LEV_ERROR, T_PRE, ((std::string)("Cannot load library: " + sqllib)).c_str()); std::cout << "Cannot load library: "<< sqllib << std::endl; char *message = dlerror(); if (message) { LOG(logh, LEV_ERROR, T_PRE, message); std::cout << dlerror() << std::endl; } throw voms_init_error("Cannot load database library"); } getlibversion = (gv)dlsym(library, "getDBInterfaceVersion"); if (!getlibversion || getlibversion() != 3) { std::string error_msg("Old version of interface library found. Expecting >= 3, found: "); error_msg += (getlibversion ? getlibversion() : 1); LOGM(VARP, logh, LEV_ERROR, T_PRE, error_msg.c_str()); throw voms_init_error(error_msg); } NewDB = (cdb)dlsym(library, "CreateDB"); if (!NewDB) { std::string error_msg("Cannot find initialization symbol in: "); error_msg += sqllib; LOG(logh, LEV_ERROR, T_PRE, error_msg.c_str()); throw voms_init_error(error_msg); } } else { LOG(logh, LEV_ERROR, T_PRE, "Empty SQL library. Cannot start." ); throw voms_init_error("Empty SQL library. Cannot start."); } if (!getpasswd(passfile, logh)) { LOG(logh, LEV_ERROR, T_PRE, "can't read password file!\n"); throw voms_init_error("can't read password file!"); } if(contactstring.empty()) contactstring = (std::string)"localhost"; db = NewDB(); if (!db) { LOG(logh, LEV_ERROR, T_PRE, "Cannot initialize DB library."); throw voms_init_error("Cannot initialize DB library."); } db->setOption(OPTION_SET_PORT, &mysql_port); if (!mysql_socket.empty()) db->setOption(OPTION_SET_SOCKET, (void*)mysql_socket.c_str()); db->setOption(OPTION_SET_INSECURE, &insecure); if (!db->connect(dbname.c_str(), contactstring.c_str(), username.c_str(), passwd())) { std::string error_msg("Unable to connect to database: "); error_msg += db->errorMessage(); LOGM(VARP, logh, LEV_ERROR, T_PRE, error_msg.c_str()); throw voms_init_error(error_msg); } int v = 0; sqliface::interface *session = db->getSession(); bool result = session->operation(OPERATION_GET_VERSION, &v, NULL); std::string errormessage = session->errorMessage(); db->releaseSession(session); if (result) { if (v < 2) { LOGM(VARP, logh, LEV_ERROR, T_PRE, "Detected DB Version: %d. Required DB version >= 2", v); throw voms_init_error("Wrong database version"); } } else { LOGM(VARP, logh, LEV_ERROR, T_PRE, "Error connecting to the database : %s", errormessage.c_str()); throw voms_init_error((std::string("Error connecting to the database : ") + errormessage)); } /* Check the value of max_active_requests passed in from voms configuration */ if (max_active_requests <= 0){ LOGM(VARP, logh, LEV_ERROR, T_PRE, "Wrong value set for max_reqs option. Resetting default value: 50"); max_active_requests = 50; } LOGM(VARP, logh, LEV_INFO, T_PRE, "Maximum number of active requests: %d", max_active_requests); AdjustURI(uri, daemon_port); sock = GSISocketServer(daemon_port, NULL, backlog); /* * Dont use default env proxy cert for gatekeeper if run as root * this might get left over. You can still use -x509_user_proxy */ unsetenv("X509_USER_PROXY"); if (!x509_cert_dir.empty()) { setenv("X509_CERT_DIR", x509_cert_dir.c_str(), 1); } if (!x509_cert_file.empty()) { setenv("X509_CERT_FILE", x509_cert_file.c_str(), 1); } if (!x509_user_proxy.empty()) { setenv("X509_USER_PROXY", x509_user_proxy.c_str(), 1); } if (!x509_user_cert.empty()) { setenv("X509_USER_CERT", x509_user_cert.c_str(), 1); } if (!x509_user_key.empty()) { setenv("X509_USER_KEY", x509_user_key.c_str(), 1); } sock.SetLogger(logh); std::string msg = "URI: " + uri; LOGM(VARP, logh, LEV_INFO, T_PRE, "URI: %s", uri.c_str()); AC_Init(); } VOMSServer::~VOMSServer() {} static char *cacertdir = (char*)"/etc/grid-security/certificates"; static char *hostcert = (char*)"/etc/grid-security/hostcert.pem"; static char *hostkey = (char*)"/etc/grid-security/hostkey.pem"; extern proxy_verify_desc *setup_initializers(char*); void VOMSServer::Run() { pid_t pid = 0; struct soap *sop = NULL; int wait_status = 0; if (!x509_user_cert.empty()) hostcert = (char*)x509_user_cert.c_str(); if (!x509_user_key.empty()) hostkey = (char *)x509_user_key.c_str(); if (!x509_cert_dir.empty()) cacertdir = (char *)x509_cert_dir.c_str(); // Check AA certificate and private key can be opened // or refuse to start up if (!file_is_readable(hostcert)) { LOGM(VARP, logh, LEV_ERROR, T_PRE, "Error opening VOMS certificate file: %s", hostcert); throw voms_init_error(std::string("Cannot open file: ")+hostcert); } if (!file_is_readable(hostkey)) { LOGM(VARP, logh, LEV_ERROR, T_PRE, "Error opening VOMS private key file: %s", hostkey); throw voms_init_error(std::string("Cannot open file: ")+hostkey); } if (!debug) { if (daemon(0,0)) return; } fd_set rset; FD_ZERO(&rset); sop = soap_new(); sop->fget = http_get; try { signal(SIGHUP, sighup_handler); LOG(logh, LEV_DEBUG, T_PRE, "Trying to open socket."); sock.Open(); LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Opened Socket: %d", sock.sck); if (sock.sck == -1) { LOG(logh, LEV_ERROR, T_PRE, "Unable to bind socket"); throw voms_execution_error("Unable to bind socket"); } sock.SetTimeout(socktimeout); FD_SET(sock.sck, &rset); for (;;) { if (reload) { reload=0; UpdateOpts(); } int selret = -1; do { selret = select(sock.sck+1, &rset, NULL, NULL, NULL); } while (selret <= 0); if (reload) { reload=0; UpdateOpts(); } if (FD_ISSET(sock.sck, &rset)) { if (!sock.Listen()){ std::ostringstream error_msg; error_msg << "Cannot listen on port " << daemon_port; LOGM(VARP, logh, LEV_ERROR, T_PRE, error_msg.str().c_str()); throw voms_execution_error(error_msg.str()); } (void)SetCurLogType(logh, T_REQUEST); // Wait for children termination before accepting // new requests if we exceeded the number of active // requests if (active_requests > max_active_requests){ LOGM( VARP, logh, LEV_INFO, T_PRE, "Reached number of maximum active requests: %d. Waiting for some children process to finish.", max_active_requests); wait(&wait_status); active_requests--; } pid = fork(); if (pid) { // Parent process active_requests++; LOGM(VARP, logh, LEV_INFO, T_PRE, "Started child executor with pid = %d. Active requests = %d", pid, active_requests); sock.Close(); // Reset socket descriptors FD_ZERO(&rset); FD_SET(sock.sck, &rset); } if (!pid) { //Children process if (!sock.AcceptGSIAuthentication()){ LOGM(VARP, logh, LEV_INFO, T_PRE, sock.error.c_str()); for (std::vector::const_iterator err_it = sock.GetOpenSSLErrors().begin(); err_it != sock.GetOpenSSLErrors().end(); ++err_it){ std::string err_string = *err_it; LOGM(VARP, logh, LEV_INFO, T_PRE, err_string.c_str()); } sock.CleanSocket(); sock.Close(); return; } LOGM(VARP, logh, LEV_INFO, T_PRE, "SSL handshake completed successfully."); std::string user = sock.peer_subject; std::string userca = sock.peer_ca; subject = sock.own_subject; ca = sock.own_ca; LOGM(VARP, logh, LEV_INFO, T_PRE, "Received request from: %s, %s (serial: %s)", user.c_str(), userca.c_str(), sock.peer_serial.c_str()); std::string peek; (void)sock.Peek(3, peek); LOGM(VARP, logh, LEV_DEBUG, T_PRE, "peek data: %s", peek.c_str()); if (peek == "0") { LOG(logh, LEV_DEBUG, T_PRE, "worhtless message for GSI compatibility. Discard"); std::string tmp; sock.Receive(tmp); LOGM(VARP, logh, LEV_DEBUG, T_PRE, " discarded: %s", tmp.c_str()); (void)sock.Peek(3, peek); LOGM(VARP, logh, LEV_DEBUG, T_PRE, "peek data: %s", peek.c_str()); } // This is where all the handling logic happens now, when // a REST request is received. if (peek == "GET") { LOG(logh, LEV_DEBUG, T_PRE, "Received HTTP request..."); sop->socket = sock.newsock; sop->ssl = sock.ssl; // GSOAP will handle this // newer versions of gsoap don't call the http handlers (eg fget) in fparse // fparse returns SOAP_STOP if any of the handlers were called instead of SOAP_OK (older versions) // if the return value is SOAP_OK then no hander has been called (newer versions) and we call // fget manually if it's a get request (SOAP_GET) if(sop->fparse(sop) == SOAP_OK && sop->status == SOAP_GET) sop->fget(sop); sock.Close(); } else { // Old legacy interface (pre voms 2.0) LOG(logh, LEV_DEBUG, T_PRE, "Received VOMS legacy protocol request..."); Execute(sock.own_key, sock.own_cert, sock.peer_cert); sock.Close(); } return; } // Children execution frame } } // Outer foor loop }catch (voms_execution_error &e){ LOGM(VARP, logh, LEV_ERROR, T_PRE, e.what()); } catch (...) { LOGM(VARP, logh, LEV_WARN, T_PRE, "Exception caught in main server loop (and swallowed)."); } } bool VOMSServer::makeAC(vomsresult& vr, EVP_PKEY *key, X509 *issuer, X509 *holder, const std::string &message) { LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Received Request: %s", message.c_str()); struct request r; if (!XML_Req_Decode(message, r)) { LOGM(VARP, logh, LEV_ERROR, T_PRE, "Unable to interpret command: %s",message.c_str()); vr.setError(ERR_NO_COMMAND, "Unable to interpret command: " + message); return false; } std::vector comm = r.command; vr.setBase64(base64encoding | r.base64); int requested = r.lifetime; if (requested < 0){ requested = validity; } std::vector targs; ordering.clear(); parse_targets(r.targets, targs); std::string tmp; if (comm.empty()){ throw voms_execution_error("Invalid VOMS request received: no command found!"); } std::string command(comm[0]); bool result = true; bool result2 = true; /* Interpret user requests */ /* Shorten validity if needed */ if (requested != 0) { if (requested == -1){ requested = validity; } else if (validity < requested) { requested = validity; std::ostringstream msg; msg << uri << ": The validity of this VOMS AC in your proxy is shortened to " << validity << " seconds!"; vr.setError(WARN_SHORT_VALIDITY, msg.str()); } } std::vector fqans; std::vector attribs; sqliface::interface *newdb = db->getSession(); if (!newdb) { vr.setError(ERR_WITH_DB, voname + ": Problems in DB communication."); LOGM(VARP, logh, LEV_ERROR, T_PRE, "%s: Problems in DB communication.", voname.c_str()); return false; } /* Determine user ID in the DB */ long long uid = -1; if ((uid = get_userid(newdb, holder, voname, vr)) == -1) { db->releaseSession(newdb); return false; } LOGM(VARP, logh, LEV_INFO, T_PRE, "Userid = \"%ld\"", uid); bool setuporder = false; if (r.order.empty()) setuporder = true; int k = 0; /* Parse and execute requests */ std::vector::const_iterator end = comm.end(); for(std::vector::const_iterator i = comm.begin(); i != end; ++i) { char commletter = '\0'; command = comm[k++]; char *group = NULL; char *role = NULL; bool valid = determine_group_and_role(*i, &commletter, &group, &role); LOGM(VARP, logh, LEV_INFO, T_PRE, "Next command : %s", i->c_str()); if (valid) { /* Interpret request by first character */ switch (commletter) { case 'A': if ((result = newdb->operation(OPERATION_GET_ALL, &fqans, uid))) result2 = newdb->operation(OPERATION_GET_ALL_ATTRIBS, &attribs, uid); break; case 'R': if ((result = newdb->operation(OPERATION_GET_ROLE, &fqans, uid, role))) result2 = newdb->operation(OPERATION_GET_ROLE_ATTRIBS, &attribs, uid, role); result2 |= newdb->operation(OPERATION_GET_GROUPS_ATTRIBS, &attribs, uid); break; case 'G': if ((result = newdb->operation(OPERATION_GET_GROUPS, &fqans, uid))) { if (not_in(std::string(group), fqans)) result = false; else result2 = newdb->operation(OPERATION_GET_GROUPS_ATTRIBS, &attribs, uid); } break; case 'B': if ((result = newdb->operation(OPERATION_GET_GROUPS_AND_ROLE, &fqans, uid, group, role))) result2 = newdb->operation(OPERATION_GET_GROUPS_AND_ROLE_ATTRIBS, &attribs, uid, group, role); result2 |= newdb->operation(OPERATION_GET_GROUPS_ATTRIBS, &attribs, uid); break; case 'N': result = newdb->operation(OPERATION_GET_ALL, &fqans, uid); break; default: result = false; LOGM(VARP, logh, LEV_ERROR, T_PRE, "Unknown Command \"%c\"", commletter); break; } if (setuporder) r.order = addtoorder(r.order, group, role); } else result = false; free(group); // role is automatically freed. if(!result) { LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Error while retrieving fqans: %s", newdb->errorMessage()); break; } if (!result2) LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Error while retrieving generic attributes: %s", newdb->errorMessage()); } db->releaseSession(newdb); /* Error in executing queries ? */ if (!result) { LOG(logh, LEV_ERROR, T_PRE, "Error in executing request!"); std::string msg; if (command == (std::string("G/")+ voname) || command == (std::string("/") + voname)) msg = voname + ": User unknown to this VO."; else msg = voname + ": Unable to satisfy " + command + " request!"; vr.setError(ERR_NOT_MEMBER, msg); LOG(logh, LEV_ERROR, T_PRE, msg.c_str()); return false; } /* do ordering */ LOGM(VARP, logh, LEV_DEBUG,T_PRE, "ordering: %s", r.order.c_str()); std::string firstfqan = parse_order(r.order, ordering); // remove duplicates std::sort(fqans.begin(), fqans.end()); fqans.erase(std::unique(fqans.begin(), fqans.end()), fqans.end()); // remove duplicates from attributes std::sort(attribs.begin(), attribs.end()); attribs.erase(std::unique(attribs.begin(), attribs.end()), attribs.end()); if(result && !fqans.empty()) { orderattribs(fqans); } if (!firstfqan.empty()) { std::vector::iterator i = fqans.begin(); if (i != fqans.end()) { LOGM(VARP, logh, LEV_DEBUG, T_PRE, "first fqan = %s", firstfqan.c_str()); if (*i != firstfqan) vr.setError(WARN_NO_FIRST_SELECT, "FQAN: " + *i + " is not the first selected!\n"); } } // Adjust for long/short format if (!shortfqans && !fqans.empty()) { LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Translating FQANs to long format."); std::vector newfqans(fqans); fqans.clear(); std::vector::iterator i = newfqans.begin(); std::vector::iterator end = newfqans.end(); while (i != end) { std::string fqan = *i; if (fqan.find("/Role=") != std::string::npos) fqan += "/Capability=NULL"; else fqan += "/Role=NULL/Capability=NULL"; LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Translated FQAN: %s", fqan.c_str()); fqans.push_back(fqan); ++i; } } if(!fqans.empty()) { LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Checking if user comes with valid fqans."); vomsdata vd("", ""); vd.SetVerificationType((verify_type)(VERIFY_SIGN | VERIFY_DATE)); if (!vd.Retrieve(sock.actual_cert, sock.peer_stack, RECURSE_DEEP)){ std::string voms_error = vd.ErrorMessage(); LOGM(VARP, logh, LEV_DEBUG, T_PRE, "No valid VOMS attributes found in client cert chain. VOMS retrieve error: %s", voms_error.c_str()); } std::vector existing; std::vector::iterator end = (vd.data).end(); for (std::vector::iterator index = (vd.data).begin(); index != end; ++index) { if (index->voname == voname) { std::vector::iterator fqan_it = index->fqan.begin(); for ( ; fqan_it != index->fqan.end(); ++fqan_it) { LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Found fqan in user credential: %s", fqan_it->c_str()); existing.push_back(*fqan_it); } } } /* if attributes were found, only release an intersection beetween the requested and the owned */ std::vector::iterator fend = fqans.end(); bool subset = false; if (!existing.empty()) { LOGM(VARP, logh, LEV_DEBUG, T_PRE, "User comes with valid fqans for this VO. Computing fqans intersection."); if (fqans.erase(std::remove_if(fqans.begin(), fqans.end(), [&](std::string const& s) { return not_in(s, existing); }), fqans.end()) != fend) { LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Only a subset of the requested attributes will be returned."); subset = true; } } if (subset) { LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Dropping generic attributes for fqans which cannot be issued for current request."); attribs.erase(std::remove_if(attribs.begin(), attribs.end(), [&](gattrib const& a) { return checkinside(a, fqans); }), attribs.end()); } if (fqans.empty()) { LOG(logh, LEV_ERROR, T_PRE, "Error in executing request!"); vr.setError(ERR_ATTR_EMPTY, voname + " : no valid VOMS attributes found for your request."); return false; } if(subset) { LOG(logh, LEV_WARN, T_PRE, "Only a subset of the requested attributes will be issued."); vr.setError(WARN_ATTR_SUBSET, voname + " : your certificate already contains attributes, only a subset of them can be issued."); } } if (fqans.empty()) { vr.setError(ERR_NOT_MEMBER, std::string("You are not a member of the ") + voname + " VO!"); return false; } else { std::vector::const_iterator end = fqans.end(); for (std::vector::const_iterator i = fqans.begin(); i != end; ++i) LOGM(VARP, logh, LEV_INFO, T_PRE, "Issued FQAN: %s", (*i).c_str()); if (LogLevelMin(logh, LEV_INFO)) { if(result && !attribs.empty()) { std::vector::const_iterator end = attribs.end(); for(std::vector::const_iterator i = attribs.begin(); i != end; ++i) LOGM(VARP, logh, LEV_INFO, T_PRE, "Issued generic attribute: %s", i->str().c_str()); } else LOGM(VARP, logh, LEV_DEBUG, T_PRE, "No generic attributes found for user."); } std::string codedac; std::string data; if (comm[0] == "N") { std::vector::const_iterator end = fqans.end(); for (std::vector::const_iterator i = fqans.begin(); i != end; ++i) data += (*i).c_str() + std::string("\n"); } else { // This is the real AC encoding int res = 1; BIGNUM * serial = get_serial(); if (!serial) LOG(logh, LEV_ERROR, T_PRE, "Can't get Serial Number!"); else { /* Make AC */ AC *a = AC_new(); if (a) { std::vector attributes_compact; std::vector::const_iterator end = attribs.end(); for(std::vector::const_iterator i = attribs.begin(); i != end; ++i) attributes_compact.push_back(i->str()); res = createac(issuer, sock.own_stack, holder, key, serial, fqans, targs, attributes_compact, &a, voname, uri, requested, !newformat, NULL); } /* Encode AC */ if (!res) { unsigned char *buf = NULL; int len = i2d_AC(a, &buf); if (len > 0) { codedac = std::string(reinterpret_cast(buf), len); } OPENSSL_free(buf); } else vr.setError(ERR_NOT_MEMBER, get_error(res)); AC_free(a); BN_free(serial); } if (res || codedac.empty()) { LOG(logh, LEV_ERROR, T_PRE, "Error in executing request!"); vr.setError(ERR_NOT_MEMBER, ": Unable to satisfy " + command + " request due to database error."); return false; } } (void)SetCurLogType(logh, T_RESULT); vr.setAC(codedac); vr.setData(data); return true; } } void VOMSServer::Execute(EVP_PKEY *key, X509 *issuer, X509 *holder) { std::string message; if (!sock.Receive(message)) { LOG(logh, LEV_ERROR, T_PRE, "Unable to receive request."); sock.CleanSocket(); } if (message == "0") { /* GSI Clients may send a "0" first (spurious) message. Just ignore it. */ if (!sock.Receive(message)) { LOG(logh, LEV_ERROR, T_PRE, "Unable to receive request."); sock.CleanSocket(); } } vomsresult vr; (void)makeAC(vr, key, issuer, holder, message); std::string answer = vr.makeXMLAnswer(); LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Sending: %s", answer.c_str()); sock.Send(answer); } void VOMSServer::UpdateOpts(void) { std::string nlogfile = logfile; int nblog = 50; bool progversion = false; int nport; struct option opts[] = { {"test", 0, (int *)&gatekeeper_test, OPT_BOOL}, {"conf", 1, NULL, OPT_CONFIG}, {"port", 1, &nport, OPT_NUM}, {"logfile", 1, (int *)&nlogfile, OPT_STRING}, {"globusid", 1, (int *)&dummy, OPT_STRING}, {"globuspwd", 1, (int *)&dummy, OPT_STRING}, {"x509_cert_dir", 1, (int *)&x509_cert_dir, OPT_STRING}, {"x509_cert_file", 1, (int *)&x509_cert_file, OPT_STRING}, {"x509_user_proxy", 1, (int *)&x509_user_proxy, OPT_STRING}, {"x509_user_cert", 1, (int *)&x509_user_cert, OPT_STRING}, {"x509_user_key", 1, (int *)&x509_user_key, OPT_STRING}, {"desired_name", 1, (int *)&desired_name_char, OPT_STRING}, {"foreground", 0, (int *)&foreground, OPT_BOOL}, {"username", 1, (int *)&username, OPT_STRING}, {"timeout", 1, &validity, OPT_NUM}, {"dbname", 1, (int *)&dbname, OPT_STRING}, {"contactstring", 1, (int *)&contactstring, OPT_STRING}, {"mysql-port", 1, (int *)&mysql_port, OPT_NUM}, {"mysql-socket", 1, (int *)&mysql_socket, OPT_STRING}, {"passfile", 1, (int *)&passfile, OPT_STRING}, {"vo", 1, (int *)&voname, OPT_STRING}, {"uri", 1, (int *)&uri, OPT_STRING}, {"globus", 1, &version, OPT_NUM}, {"version", 0, (int *)&progversion, OPT_BOOL}, {"backlog", 1, &nblog, OPT_NUM}, {"debug", 0, (int *)&debug, OPT_BOOL}, {"code", 1, &code, OPT_NUM}, {"loglevel", 1, &loglev, OPT_NUM}, {"logtype", 1, &logt, OPT_NUM}, {"logformat", 1, (int *)&logf, OPT_STRING}, {"logdateformat", 1, (int *)&logdf, OPT_STRING}, {"sqlloc", 1, (int *)&sqllib, OPT_STRING}, {"compat", 0, (int *)&dummyb, OPT_BOOL}, {"socktimeout", 1, &socktimeout, OPT_NUM}, {"logmax", 1, &logmax, OPT_NUM}, {"newformat", 0, (int *)&newformat, OPT_BOOL}, {"skipcacheck", 0, (int *)&insecure, OPT_BOOL}, {"shortfqans", 0, (int *)&shortfqans, OPT_BOOL}, {"syslog", 0, (int *)&do_syslog, OPT_BOOL}, {"base64", 0, (int *)&base64encoding, OPT_BOOL}, {"nologfile", 0, (int *)&nologfile, OPT_BOOL}, {0, 0, 0, 0} }; (void)SetCurLogType(logh, T_STARTUP); nlogfile = ""; if (!getopts(ac, av, opts)) { LOG(logh, LEV_ERROR, T_PRE, "Unable to read options!"); throw voms_init_error("unable to read options"); } if (nlogfile.size() != 0) { LOGM(VARP, logh, LEV_INFO, T_PRE, "Attempt redirecting logs to: %s", logfile.c_str()); LogOption(logh, "NAME", nlogfile.c_str()); logfile = nlogfile; } LogOptionInt(logh, "MAXSIZE", logmax); LogOption(logh, "DATEFORMAT", logdf.c_str()); if (logh) { loglevels lev; switch(loglev) { case 1: lev = LEV_NONE; break; case 2: lev = LEV_ERROR; break; case 3: lev = LEV_WARN; break; case 4: lev = LEV_INFO; break; case 5: lev = LEV_DEBUG; break; default: lev = LEV_DEBUG; break; } (void)LogLevel(logh, lev); if (lev == LEV_DEBUG) logt = T_STARTUP|T_REQUEST|T_RESULT; (void)LogType(logh, logt); (void)SetCurLogType(logh, T_STARTUP); (void)LogService(logh, "vomsd"); (void)LogFormat(logh, logf.c_str()); } if (nport != daemon_port) { if (!sock.ReOpen(daemon_port = nport, nblog, true)) LOG(logh, LEV_ERROR, T_PRE, "Failed to reopen socket! Server in unconsistent state."); } else if (nblog != backlog) sock.AdjustBacklog(backlog = nblog); AdjustURI(uri, daemon_port); if (!getpasswd(passfile, logh)){ throw voms_init_error("can't read password file!"); } if (!x509_cert_dir.empty()) { setenv("X509_CERT_DIR", x509_cert_dir.c_str(), 1); } if (!x509_cert_file.empty()) { setenv("X509_CERT_FILE", x509_cert_file.c_str(), 1); } if (!x509_user_proxy.empty()) { setenv("X509_USER_PROXY", x509_user_proxy.c_str(), 1); } if (!x509_user_cert.empty()) { setenv("X509_USER_CERT", x509_user_cert.c_str(), 1); } if (!x509_user_key.empty()) { setenv("X509_USER_KEY", x509_user_key.c_str(), 1); } LOG(logh, LEV_INFO, T_PRE, "Reconfigured server."); } static BIGNUM *get_serial() { unsigned char uuid[16]; initialize_uuid_generator(); generate_uuid(uuid); BIGNUM *number = NULL; return BN_bin2bn(uuid, 16, number); } static bool determine_group_and_role(std::string command, char *comm, char **group, char **role) { *role = *group = NULL; if (command.empty()) return false; char *string = strdup(command.c_str()+1); if (strcmp(string, "all") == 0) { *comm = 'A'; *role = *group = NULL; free(string); return true; } if (string[0] != '/') { /* old syntax */ *comm = command[0]; *group = string; switch (*comm) { case 'G': *role = NULL; break; case 'R': *role = string; break; case 'B': *role = strchr(string, ':'); if (*role) { (**role) = '\0'; (*role)++; } break; } } else { /* fqan syntax */ char *divider = strstr(string, "/Role="); char *divider2 = strstr(string, ":"); if (divider) { if (divider == string) { *group = NULL; *role = divider + 6; *comm = 'R'; } else { *group = string; *role = divider + 6; *divider='\0'; *comm='B'; } } else if (divider2) { if (divider2 == string) { *group = NULL; *role = divider2+1; *comm = 'R'; } else { *group = string; *role = divider2+1; *divider2 = '\0'; *comm = 'B'; } } else { *group = string; *role = NULL; *comm='G'; } if (strcmp(*group, "/") == 0) { free(string); *role = *group = NULL; *comm = 'A'; } if (strcmp(*group, "//") == 0) { free(string); *role = *group = NULL; *comm='N'; } } if (!acceptable(*group) || !acceptable(*role)) { free(string); *role = *group = NULL; return false; } return true; } static bool checkinside(gattrib g, std::vector list) { return !g.qualifier.empty() && not_in(g.qualifier, list); } static long long get_userid(sqliface::interface *db, X509 *cert, const std::string& voname, vomsresult &vr) { long long uid = -1; if (!db->operation(OPERATION_GET_USER, &uid, cert)) { std::string message = db->errorMessage() ? db->errorMessage() : "unknown"; LOG(logh, LEV_ERROR, T_PRE, "Error in executing request!"); LOG(logh, LEV_ERROR, T_PRE, message.c_str()); int code = db->error(); std::string msg; if (code == ERR_USER_SUSPENDED) { msg = "User is currently suspended!\nSuspension reason: " + std::string(message); vr.setError(ERR_SUSPENDED, msg); } else if (code != ERR_NO_DB) { msg = voname + ": User unknown to this VO."; vr.setError(ERR_NOT_MEMBER, msg); } else { msg = voname + ": Problems in DB communication: " + message; vr.setError(ERR_WITH_DB, msg); } LOG(logh, LEV_ERROR, T_PRE, msg.c_str()); } return uid; } static std::string addtoorder(std::string previous, char *group, char *role) { if (!group && !role) return previous; if (!previous.empty()) previous += ","; previous += (group ? std::string(group) : "") + (role ? std::string("/Role=") + role : ""); return previous; } static void AdjustURI(std::string &uri, int port) { if (uri.empty()) { int hostnamesize = 50; char *hostname = new char[1]; int ok = 0; do { delete[] hostname; hostname = new char[hostnamesize]; ok = gethostname(hostname, hostnamesize); hostnamesize += 50; } while (ok); std::string temp; uri = std::string(hostname) + ":" + stringify(port, temp); delete[] hostname; } } voms-2.1.2/src/socklib/000077500000000000000000000000001477131364200147255ustar00rootroot00000000000000voms-2.1.2/src/socklib/Client.cpp000066400000000000000000000203271477131364200166530ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /*************************************************************************** * filename : GSISocketClient.cpp * authors : Salvatore Monforte * copyright : (C) 2001 by INFN ***************************************************************************/ // $Id: #include "config.h" extern "C" { #include "replace.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "sslutils.h" } #include "ipv6sock.h" #include "io.h" #include #include "data.h" /** This class header file. */ #include "Client.h" /** * Constructor. * @param p the secure server port. * @param b the backlog, that is the maximum number of outstanding connection requests. */ GSISocketClient::GSISocketClient(const std::string &h, int p) : host(h), port(p), opened(false), own_subject(""), upkey(NULL), ucert(NULL), cacertdir(NULL), ssl(NULL), ctx(NULL), conn(NULL), error(""), timeout(-1) { OBJ_create("0.9.2342.19200300.100.1.1","USERID","userId"); } /** * Destructor. */ GSISocketClient::~GSISocketClient() { Close(); } void GSISocketClient::SetTimeout(int t) { timeout= t; } void GSISocketClient::SetError(const std::string &g) { error = g; } void GSISocketClient::SetErrorOpenSSL(const std::string &message) { error = message; error += OpenSSLError(true); } std::string GSISocketClient::GetError() { return error; } /** * Initialize GSI Authentication. * This method asks the server for authentication. * @param sock the socket descriptot * @return true on success, false otherwise. */ bool GSISocketClient::post_connection_check(SSL *ssl) { bool ret = true; X509 *peer_cert = SSL_get_peer_certificate(ssl); if (!peer_cert) ret = false; X509_free(peer_cert); return ret; } bool GSISocketClient::LoadCredentials(const char *cadir, X509 *cert, STACK_OF(X509) *chain, EVP_PKEY *key) { ucert = cert; cert_chain = chain; upkey = key; if (cadir) cacertdir = strdup((char*)cadir); else cacertdir = strdup("/etc/grid-security/certificates"); char *name = NULL; name = X509_NAME_oneline(X509_get_subject_name(ucert), NULL, 0); own_subject = std::string(name); OPENSSL_free(name); return true; } extern "C" { extern int proxy_app_verify_callback(X509_STORE_CTX *, void *); } proxy_verify_desc *setup_initializers(char *cadir) { proxy_verify_ctx_desc *pvxd = NULL; proxy_verify_desc *pvd = NULL; pvd = (proxy_verify_desc*) malloc(sizeof(proxy_verify_desc)); pvxd = (proxy_verify_ctx_desc *)malloc(sizeof(proxy_verify_ctx_desc)); if (!pvd || !pvxd) { free(pvd); free(pvxd); return NULL; } proxy_verify_ctx_init(pvxd); proxy_verify_init(pvd, pvxd); pvd->pvxd->certdir = cadir; return pvd; } void destroy_initializers(void *data) { proxy_verify_desc *pvd = (proxy_verify_desc *)data; if (pvd) { if (pvd->pvxd) proxy_verify_ctx_release(pvd->pvxd); free(pvd->pvxd); pvd->pvxd = NULL; proxy_verify_release(pvd); /* X509_STORE_CTX_free segfaults if passed a NULL store_ctx */ if (pvd->cert_store) X509_STORE_CTX_free(pvd->cert_store); pvd->cert_store = NULL; free(pvd); } } extern "C" { int proxy_verify_callback_server(X509_STORE_CTX *ctx, UNUSED(void *empty)) { return proxy_app_verify_callback(ctx, NULL); } int proxy_verify_callback_client(int ok, X509_STORE_CTX *ctx) { return proxy_verify_callback(ok, ctx); } void setup_SSL_proxy_handler(SSL *ssl, char *cadir) { SSL_set_ex_data(ssl, PVD_SSL_EX_DATA_IDX, setup_initializers(cadir)); } void destroy_SSL_proxy_handler(SSL *ssl) { if (ssl) { destroy_initializers(SSL_get_ex_data(ssl, PVD_SSL_EX_DATA_IDX)); } } } /** * Open the connection. * @return true for successful opening, false otherwise. */ bool GSISocketClient::Open() { #if OPENSSL_VERSION_NUMBER >= 0x10000000L const SSL_METHOD *meth = NULL; #else SSL_METHOD *meth = NULL; #endif int fd = -1; char portstring[36]; std::string error; meth = SSLv23_method(); ctx = SSL_CTX_new(meth); if (!ctx) { SetErrorOpenSSL("Cannot create context."); goto err; } SSL_CTX_set_options(ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_NO_SSLv3 | SSL_OP_NO_SSLv2); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, proxy_verify_callback); SSL_CTX_set_verify_depth(ctx, 100); SSL_CTX_load_verify_locations(ctx, NULL, cacertdir); SSL_CTX_use_certificate(ctx, ucert); SSL_CTX_use_PrivateKey(ctx, upkey); SSL_CTX_set_cipher_list(ctx, "ALL:!LOW:!EXP:!MD5:!MD2"); SSL_CTX_set_purpose(ctx, X509_PURPOSE_ANY); SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); if (cert_chain){ int num_certs = sk_X509_num(cert_chain); for (int i=0; i< num_certs;i++){ // Dup certificate X509* cert = X509_dup(sk_X509_value(cert_chain,i)); if(!SSL_CTX_add_extra_chain_cert(ctx, cert)){ if (ERR_GET_REASON(ERR_peek_error()) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { ERR_clear_error(); continue; } else { SetErrorOpenSSL("Cannot add certificate to the SSL context's certificate store"); goto err; } } } } snprintf(portstring, 35, "%ld", (long int)port); fd = sock_connect(host.c_str(), portstring); if (fd != -1) { int flags = fcntl(fd, F_GETFL, 0); (void)fcntl(fd, F_SETFL, flags | O_NONBLOCK); conn = BIO_new_socket(fd, BIO_NOCLOSE); (void)BIO_set_nbio(conn,1); ssl = SSL_new(ctx); setup_SSL_proxy_handler(ssl, cacertdir); SSL_set_bio(ssl, conn, conn); SSL_set_tlsext_host_name(ssl, host.c_str()); conn = NULL; if (!do_connect(ssl, fd, timeout, error)) { SetError(error); goto err; } if (post_connection_check(ssl)) { opened = true; (void)Send("0"); return true; } } err: if (opened) { destroy_SSL_proxy_handler(ssl); SSL_clear(ssl); SSL_free(ssl); SSL_CTX_free(ctx); BIO_free(conn); opened = false; } return false; } /** * Close the connection. * @return true for successful close, false otherwise. */ void GSISocketClient::Close() { if (opened) { upkey = NULL; ucert = NULL; cert_chain = NULL; SSL_clear(ssl); destroy_SSL_proxy_handler(ssl); SSL_free(ssl); SSL_CTX_free(ctx); BIO_free(conn); opened=false; } } /** * Send a string value. * @param s the string value to send. * @return true on success, false otherwise. */ bool GSISocketClient::Send(const std::string &s) { std::string error; bool result = do_write(ssl, timeout, s, error); if (!result) SetError(error); return result; } /** * Receive a string value. * @param s the string to fill. * @return true on success, false otherwise. */ bool GSISocketClient::Receive(std::string& s) { std::string output; bool result = do_read(ssl, timeout, output); if (result) s = output; else SetError(output); return result; } voms-2.1.2/src/socklib/Makefile.am000066400000000000000000000011341477131364200167600ustar00rootroot00000000000000includedir = @includedir@/voms if BUILD_INTERFACES include_HEADERS = \ vomsssl.h endif noinst_LTLIBRARIES = libsock_nog.la SOURCES = Client.cpp ipv6sock.cc io.cc libsock_nog_la_SOURCES = Client.cpp Server.cpp ipv6sock.cc io.cc libsock_nog_la_CXXFLAGS = \ $(NO_GLOBUS_FLAGS) \ -I $(top_srcdir)/src/include \ -I $(top_srcdir)/src/sslutils \ $(OPENSSL_CFLAGS) libsock_nog_la_LIBADD = \ -lcrypto -lssl # $(top_builddir)/src/sslutils/libssl_utils_nog.la \ # $(top_builddir)/src/common/libutilc_nog.la EXTRA_DIST = vomsssl.h ipv6sock.h io.h ### CLEANFILES = \ libsock_nog.la \ libsock.la ### voms-2.1.2/src/socklib/Server.cpp000066400000000000000000000434601477131364200167060ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /*************************************************************************** * filename : GSISocketServer.cpp * authors : Salvatore Monforte * copyright : (C) 2001 by INFN ***************************************************************************/ // $Id: #include "config.h" /** The globus secure shell API definitions. */ extern "C" { #include "replace.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "credentials.h" #include "log.h" #include "vomsssl.h" #include "sslutils.h" #include "ssl_compat.h" } #include "ipv6sock.h" #include "io.h" #include "data.h" /** This class header file. */ #include "Server.h" static int globusf_read(BIO *b, char *out, int outl); static int globusf_write(BIO *b, const char *in, int inl); extern "C" { extern int proxy_app_verify_callback(X509_STORE_CTX *ctx, UNUSED(void *empty)); } typedef enum { UNKNOWN, GSI, SSL2, TLS, SSL_GLOBUS} mode_type; static mode_type mode = UNKNOWN; /* Global, since it needs to be shared between send and receive. */ static int expected = 0; static mode_type detect_mode(unsigned char *beginning) { if (beginning[0] >= 20 && beginning[0] <= 23) { /* * either TLS or SSL3. They are equivalent for our purposes. */ return TLS; } if (beginning[0] == 26) return SSL_GLOBUS; /* Globus' own SSL variant */ if (beginning[0] & 0x80) { /* * The data length of an SSL packet is at most 32767. */ return SSL2; } return GSI; } int (*readb)(BIO *, char *, int); int (*writeb)(BIO *, const char *, int); static int globusf_read(BIO *b, char *out, int outl) { int ret = 0; ret = readb(b, out, outl); if (ret >= 4) { if (mode == UNKNOWN) mode = detect_mode((unsigned char*)out); if (mode == GSI) { if (expected == 0) { expected = ((((((unsigned char)out[0] << 8) + (unsigned char)out[1]) << 8) + (unsigned char)out[2]) << 8) + (unsigned char)out[3]; memmove(out, out + 4, ret - 4); ret -= 4; } expected -= ret; if (ret == 0) { // implies only size was read. Better reread. ret = readb(b, out, outl); if (ret > 0) { expected -= ret; } } } } else if (ret > 0) { if ((mode == GSI) && (expected > 0)) expected -= ret; } return ret; } static int globusf_write(BIO *b, const char *in, int inl) { int ret = 0; if (mode != GSI) ret = writeb(b, in, inl); else { unsigned char buffer[4]; buffer[0] = (inl & 0xff000000) >> 24; buffer[1] = (inl & 0x00ff0000) >> 16; buffer[2] = (inl & 0x0000ff00) >> 8; buffer[3] = (inl & 0x000000ff); writeb(b, (const char*)(buffer), 4); ret = writeb(b, in, inl); } return ret; } /** * Constructor. * @param p the secure server port. * @param b the backlog, that is the maximum number of outstanding connection requests. */ GSISocketServer::GSISocketServer(int p, void *l, int b, bool m) : own_subject(""), own_ca(""), peer_subject(""), peer_ca(""), peer_serial(""), own_key(NULL), own_cert(NULL), peer_cert(NULL), own_stack(NULL), peer_stack(NULL), ssl(NULL), ctx(NULL), conn(NULL), pvd(NULL), cacertdir(NULL), upkey(NULL), ucert(NULL), error(""), port(p), opened(false), sck(-1), backlog(b), newsock(-1), timeout(30), newopened(false), mustclose(m), logh(l), openssl_errors() { if (OBJ_txt2nid("UID") == NID_undef) OBJ_create("0.9.2342.19200300.100.1.1","USERID","userId"); } void GSISocketServer::SetTimeout(int sec) { timeout = sec; } bool GSISocketServer::ReOpen(int p, int b, bool m) { Close(); port = p; mustclose = m; backlog = b; return Open(); } void GSISocketServer::SetLogger(void *l) { logh = l; } bool GSISocketServer::Open() { char portstring[36]; snprintf(portstring, 35, "%ld", (long int)port); sck = bind_and_listen(portstring, backlog, logh); return sck != -1; } void GSISocketServer::AdjustBacklog(int n) { backlog = n; listen(sck, n); } /** * Destructor. */ GSISocketServer::~GSISocketServer() { Close(); } void GSISocketServer::CleanSocket() { if (newopened) { struct linger l = {1,0}; setsockopt(newsock, SOL_SOCKET, SO_LINGER, (void *)&l, sizeof(struct linger)); } } /** * Close the connection. */ void GSISocketServer::Close() { if (newopened) { close(newsock); } newopened=false; if (opened) close(sck); opened = false; own_key = NULL; own_cert = peer_cert = NULL; opened=false; error.clear(); openssl_errors.clear(); } void GSISocketServer::CloseListener(void) { if (opened) { struct linger l = {1,0}; setsockopt(sck, SOL_SOCKET, SO_LINGER, (void *)&l, sizeof(struct linger)); close(sck); } opened = false; } void GSISocketServer::CloseListened(void) { if (newopened) close(newsock); newopened = false; } static BIO* make_VOMS_BIO(int sock) { int ret; int const biom_type = BIO_get_new_index(); static char const* const biom_name = "VOMS I/O"; BIO_METHOD* voms_biom = BIO_meth_new(biom_type|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR, biom_name); assert(voms_biom && "BIO_meth_new failed"); BIO_METHOD const* sock_biom = BIO_s_socket(); assert(sock_biom != NULL && "BIO_s_socket"); writeb = BIO_meth_get_write(const_cast(sock_biom)); assert(writeb != NULL && "BIO_meth_get_write failed"); ret = BIO_meth_set_write(voms_biom, globusf_write); assert(ret == 1 && "BIO_meth_set_write failed"); readb = BIO_meth_get_read(const_cast(sock_biom)); assert(readb != NULL && "BIO_meth_get_read failed"); ret = BIO_meth_set_read(voms_biom, globusf_read); assert(ret == 1 && "BIO_meth_set_read failed"); ret = BIO_meth_set_puts( voms_biom , BIO_meth_get_puts(const_cast(sock_biom)) ); assert(ret == 1 && "BIO_meth_get/set_puts failed"); ret = BIO_meth_set_gets( voms_biom , BIO_meth_get_gets(const_cast(sock_biom)) ); assert(ret == 1 && "BIO_meth_get/set_gets failed"); ret = BIO_meth_set_ctrl( voms_biom , BIO_meth_get_ctrl(const_cast(sock_biom)) ); assert(ret == 1 && "BIO_meth_get/set_ctrl failed"); ret = BIO_meth_set_create( voms_biom , BIO_meth_get_create(const_cast(sock_biom)) ); assert(ret == 1 && "BIO_meth_get/set_create failed"); ret = BIO_meth_set_destroy( voms_biom , BIO_meth_get_destroy(const_cast(sock_biom)) ); assert(ret == 1 && "BIO_meth_get/set_destroy failed"); ret = BIO_meth_set_callback_ctrl( voms_biom , BIO_meth_get_callback_ctrl(const_cast(sock_biom)) ); assert(ret == 1 && "BIO_meth_get/set_callback_ctrl failed"); BIO* voms_bio = BIO_new(voms_biom); assert(voms_bio && "BIO_new failed"); BIO_set_fd(voms_bio, sock, BIO_NOCLOSE); (void)BIO_set_nbio(voms_bio, 1); return voms_bio; } /** * Accept the GSI Authentication. * @param sock the socket for communication. * @param ctx the authorization context. * @return the context identifier. */ bool GSISocketServer::AcceptGSIAuthentication() { char *name = NULL; long errorcode = 0; int flags; time_t curtime, starttime; int ret, accept_status; bool accept_timed_out = false; int expected = 0; BIO *bio = NULL; BIO_METHOD* bio_method = NULL; char *cert_file, *user_cert, *user_key, *user_proxy; char *serial=NULL; cert_file = user_cert = user_key = user_proxy = NULL; if (proxy_get_filenames(0, &cert_file, &cacertdir, &user_proxy, &user_cert, &user_key) == 0) { (void)load_credentials(user_cert, user_key, &ucert, &own_stack, &upkey, NULL); } free(cert_file); free(user_cert); free(user_key); free(user_proxy); own_cert = ucert; own_key = upkey; ctx = SSL_CTX_new(SSLv23_method()); SSL_CTX_load_verify_locations(ctx, NULL, cacertdir); SSL_CTX_use_certificate(ctx, ucert); SSL_CTX_use_PrivateKey(ctx,upkey); SSL_CTX_set_cipher_list(ctx, "ALL:!LOW:!EXP:!MD5:!MD2:!3DES:!RC4:!IDEA"); SSL_CTX_set_purpose(ctx, X509_PURPOSE_ANY); SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, proxy_verify_callback); SSL_CTX_set_verify_depth(ctx, 100); SSL_CTX_set_cert_verify_callback(ctx, proxy_app_verify_callback, 0); if (!SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1)) { SetErrorOpenSSL("Cannot set minimum TLS protocol version"); goto err; } if (own_stack) { /* * Certificate was a proxy with a cert. chain. * Add the certificates one by one to the chain. */ X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx), ucert); for (int i = 0; i = timeout)){ LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Socket timed out. Failing the handshake."); accept_timed_out = true; break; }else{ LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Socket timed out, but global timeout still not reached. Continuing..."); continue; } } if (ret > 0) { accept_status = SSL_accept(ssl); expected = errorcode = SSL_get_error(ssl, accept_status); } if (ret < 0) { LOGM(VARP, logh, LEV_DEBUG, T_PRE, "No more data from select."); break; } if (accept_status == 1) { LOGM(VARP, logh, LEV_DEBUG, T_PRE, "SSL accept completed."); break; } curtime = time(NULL); if (timeout != -1 && (curtime - starttime >= timeout)) { accept_timed_out = true; LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Handshake timeout."); break; } if (accept_status <= 0 && ( errorcode != SSL_ERROR_WANT_READ && errorcode != SSL_ERROR_WANT_WRITE )) { break; } } while (true); if (accept_status != 1){ LOGM(VARP, logh, LEV_INFO, T_PRE, "Error enstabilishing SSL context."); if (accept_timed_out){ SetError("SSL Handshake failed due to server timeout!"); }else{ SetErrorOpenSSL("SSL Handshake error"); } goto err; } actual_cert = SSL_get_peer_certificate(ssl); peer_stack = SSL_get_peer_cert_chain(ssl); char buffer[1000]; LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Certificate DN: %s", X509_NAME_oneline(X509_get_subject_name(actual_cert), buffer, 999)); LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Certificate CA: %s", X509_NAME_oneline(X509_get_issuer_name(actual_cert), buffer, 999)); LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Stack Size: %d", sk_X509_num(peer_stack)); peer_cert = get_real_cert(actual_cert, peer_stack); if (!peer_cert) { LOGM(VARP, logh, LEV_INFO, T_PRE, "No end user certificate found for peer..."); goto err; } if (!peer_stack) { LOGM(VARP, logh, LEV_INFO, T_PRE, "No certificate stack found for peer. Exiting..."); goto err; } if (peer_cert) { char* name = X509_NAME_oneline(X509_get_subject_name(peer_cert), NULL, 0); if (!name) { LOGM(VARP, logh, LEV_INFO, T_PRE, "Could not fetch name from peer cert. Exiting..."); goto err; } own_subject = std::string(name); OPENSSL_free(name); } if (LogLevelMin(logh, LEV_DEBUG)) { for (int i = 0; i < sk_X509_num(peer_stack); i++) { X509 *cert = sk_X509_value(peer_stack, i); if (cert) { LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Certificate DN: %s", X509_NAME_oneline(X509_get_subject_name(cert), buffer, 999)); LOGM(VARP, logh, LEV_DEBUG, T_PRE, "Certificate CA: %s", X509_NAME_oneline(X509_get_issuer_name(cert), buffer, 999)); } } } name = X509_NAME_oneline(X509_get_subject_name(peer_cert), NULL, 0); if (name) peer_subject = std::string(name); OPENSSL_free(name); name = X509_NAME_oneline(X509_get_issuer_name(peer_cert), NULL, 0); if (name) peer_ca = std::string(name); OPENSSL_free(name); serial = get_peer_serial(actual_cert); peer_serial = std::string(serial ? serial : ""); OPENSSL_free(serial); return true; err: destroy_SSL_proxy_handler(ssl); SSL_free(ssl); SSL_CTX_free(ctx); return false; } /** * Listen for incoming connection requests. * Accept incoming requests and redirect communication on a dedicated port. * @param a a reference to the secure GSI Socket Agent sent by Client. * @return the GSI Socket Agent redirecting communication on a dedicated port. */ bool GSISocketServer::Listen() { newsock = accept_ipv6(sck, logh); if (newsock != -1) newopened = true; return newsock != -1; } /** * Send a string value. * @param s the string value to send. * @return true on success, false otherwise. */ bool GSISocketServer::Send(const std::string &s) { std::string error; bool result = do_write(ssl, timeout, s, error); if (!result) SetError(error); return result; } bool GSISocketServer::Peek(int bufsize, std::string& s) { if (!ssl) { SetError("No connection established"); return false; } ERR_clear_error(); int ret = -1, ret2 = -1; char *buffer = (char *)OPENSSL_malloc(bufsize); int fd = BIO_get_fd(SSL_get_rbio(ssl), NULL); time_t starttime, curtime; int error = 0; int expected = 0; starttime = time(NULL); do { ret = do_select(fd, starttime, timeout, expected); curtime = time(NULL); if (ret > 0) { ret2 = SSL_peek(ssl, buffer, bufsize); if (ret2 <= 0) expected = error = SSL_get_error(ssl, ret2); } } while ((ret > 0) && ((ret2 <= 0) && (((timeout == -1) || ((timeout != -1) && (curtime - starttime < timeout))) && ((error == SSL_ERROR_WANT_READ) || (error == SSL_ERROR_WANT_WRITE))))); if (ret <= 0 || ret2 <= 0) { if (timeout != -1 && (curtime - starttime >= timeout)) SetError("Connection stuck during read: timeout reached."); else SetErrorOpenSSL("Error during SSL read"); OPENSSL_free(buffer); ERR_clear_error(); return false; } s = std::string(buffer, ret2); OPENSSL_free(buffer); ERR_clear_error(); return true; } /** * Receive a string value. * @param s the string to fill. * @return true on success, false otherwise. */ bool GSISocketServer::Receive(std::string& s) { std::string output; bool result = do_read(ssl, timeout, output); if (result) s = output; else SetError(output); ERR_clear_error(); return result; } void GSISocketServer::SetError(const std::string &g) { error = g; openssl_errors.clear(); } void GSISocketServer::SetErrorOpenSSL(const std::string &err) { error = err; openssl_errors.clear(); while( ERR_peek_error() ){ std::size_t const error_msg_buf_size = 512; char error_msg_buf[error_msg_buf_size]; const char *filename; int lineno; const char* data; int flags; long error_code = ERR_get_error_line_data(&filename, &lineno, &data, &flags); const char *lib = ERR_lib_error_string(error_code); const char *error_reason = ERR_reason_error_string(error_code); if (lib == NULL) { int lib_no = ERR_GET_LIB(error_code); if (lib_no == ERR_USER_LIB_PRXYERR_NUMBER){ lib = "VOMS proxy routines"; } } snprintf(error_msg_buf, error_msg_buf_size, "%s %s [err:%lu,lib:%s,file:%s+%d]", (error_reason) ? error_reason : "", (data && (flags & ERR_TXT_STRING)) ? data : "", error_code,lib,filename,lineno); openssl_errors.push_back(error_msg_buf); } } const std::vector& GSISocketServer::GetOpenSSLErrors(){ return openssl_errors; } voms-2.1.2/src/socklib/io.cc000066400000000000000000000142601477131364200156460ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" extern "C" { #include "replace.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include } #include #include "data.h" /* * Encapsulates select behaviour * * Returns: * > 0 : Ready to read or write. * = 0 : timeout reached. * < 0 : error. */ int do_select(int fd, time_t starttime, int timeout, int wanted) { fd_set rset; fd_set wset; FD_ZERO(&rset); FD_ZERO(&wset); if (wanted == 0 || wanted == SSL_ERROR_WANT_READ) FD_SET(fd, &rset); if (wanted == 0 || wanted == SSL_ERROR_WANT_WRITE) FD_SET(fd, &wset); int ret = 0; if (timeout != -1) { timeval endtime; time_t curtime = time(NULL); if (curtime - starttime >= timeout) return 0; endtime.tv_sec = timeout - (curtime - starttime); endtime.tv_usec = 0; ret = select(fd+1, &rset, &wset, NULL, &endtime); } else { ret = select(fd+1, &rset, &wset, NULL, NULL); } if (ret == 0) return 0; if ((wanted == SSL_ERROR_WANT_READ && !FD_ISSET(fd, &rset)) || (wanted == SSL_ERROR_WANT_WRITE && !FD_ISSET(fd, &wset))) return -1; if (ret < 0 && (!FD_ISSET(fd, &rset) || !FD_ISSET(fd, &wset))) return 1; return ret; } #define TEST_SELECT(ret, ret2, timeout, curtime, starttime, errorcode) \ ((ret) > 0 && ((ret2) <= 0 && (((timeout) == -1) || \ (((timeout) != -1) && \ ((curtime) - (starttime)) < (timeout))) && \ ((errorcode) == SSL_ERROR_WANT_READ || \ (errorcode) == SSL_ERROR_WANT_WRITE))) bool do_connect(SSL *ssl, int fd, int timeout, std::string& error) { time_t starttime, curtime; int ret = -1, ret2 = -1; long errorcode = 0; int expected = 0; curtime = starttime = time(NULL); do { ret = do_select(fd, starttime, timeout, expected); if (ret > 0) { ret2 = SSL_connect(ssl); curtime = time(NULL); expected = errorcode = SSL_get_error(ssl, ret2); } } while (TEST_SELECT(ret, ret2, timeout, curtime, starttime, errorcode)); if (ret2 <= 0 || ret <= 0) { if (timeout != -1 && (curtime - starttime >= timeout)) error = "Connection stuck during handshake: timeout reached."; else error = "Error during SSL handshake:" + OpenSSLError(true); return false; } return true; } bool do_write(SSL *ssl, int timeout, const std::string& text, std::string &error) { errno = 0; if (!ssl) { error = "No connection established"; return false; } ERR_clear_error(); int ret = 0, nwritten=0; const char *str = text.c_str(); int fd = BIO_get_fd(SSL_get_rbio(ssl), NULL); time_t starttime, curtime; bool do_continue = false; int expected = 0; curtime = starttime = time(NULL); do { ret = do_select(fd, starttime, timeout, expected); do_continue = false; if (ret > 0) { int v; errno = 0; ret = SSL_write(ssl, str + nwritten, strlen(str) - nwritten); curtime = time(NULL); v = SSL_get_error(ssl, ret); switch (v) { case SSL_ERROR_NONE: nwritten += ret; if ((size_t)nwritten == strlen(str)) do_continue = false; else do_continue = true; break; case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: expected = v; ret = 1; do_continue = true; break; default: do_continue = false; } } } while (ret <= 0 && do_continue); if (ret <=0) { if (timeout != -1 && (curtime - starttime >= timeout)) error ="Connection stuck during write: timeout reached."; else error = "Error during SSL write:" + OpenSSLError(true); return false; } return true; } bool do_read(SSL *ssl, int timeout, std::string& output) { if (!ssl) { output = "No connection established"; return false; } ERR_clear_error(); int ret = -1, ret2 = -1; int bufsize=16384; char *buffer = (char *)OPENSSL_malloc(bufsize); int fd = BIO_get_fd(SSL_get_rbio(ssl), NULL); time_t starttime, curtime; int error = 0; long int expected = 0; starttime = time(NULL); do { ret = do_select(fd, starttime, timeout, expected); curtime = time(NULL); if (ret > 0) { ret2 = SSL_read(ssl, buffer, bufsize); if (ret2 <= 0) { expected = error = SSL_get_error(ssl, ret2); } } } while (TEST_SELECT(ret, ret2, timeout, curtime, starttime, error)); if (ret <= 0 || ret2 < 0) { if (timeout != -1 && (curtime - starttime >= timeout)) output = "Connection stuck during read: timeout reached."; else output = "Error during SSL read:" + OpenSSLError(true); OPENSSL_free(buffer); ERR_clear_error(); return false; } output = std::string(buffer, ret2); OPENSSL_free(buffer); ERR_clear_error(); return true; } voms-2.1.2/src/socklib/io.h000066400000000000000000000030131477131364200155020ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_IO_H #define VOMS_IO_H #include "config.h" extern "C" { #include "replace.h" #include #include } #include extern int do_select(int fd, time_t starttime, int timeout, int wanted); extern bool do_connect(SSL *ssl, int fd, int timeout, std::string& error); extern bool do_write(SSL *ssl, int timeout, const std::string& text, std::string &error); extern bool do_read(SSL *ssl, int timeout, std::string& output); #endif voms-2.1.2/src/socklib/ipv6sock.cc000066400000000000000000000112251477131364200170010ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #ifndef _POSIX_SOURCE # define _POSIX_SOURCE 1 #endif #ifndef NI_MAXHOST # define NI_MAXHOST 1025 #endif #ifndef NI_MAXSERV # define NI_MAXSERV 32 #endif #include #include #include #include #include #include extern "C" { #include "log.h" } static void logconnection(struct sockaddr *client, void *logh) { char hostname_buf[NI_MAXHOST]; char port_no_buf[NI_MAXSERV]; int nameinfo_status = getnameinfo( client, sizeof(sockaddr_storage), hostname_buf, NI_MAXHOST, port_no_buf, NI_MAXSERV, NI_NUMERICHOST | NI_NUMERICSERV); if (nameinfo_status){ LOGM(VARP, logh, LEV_ERROR, T_PRE, "Error resolving name information for current client, no logging."); return; } LOGM(VARP, logh, LEV_INFO, T_PRE, "Received connection from: %s:%s\n", hostname_buf, port_no_buf); } int bind_and_listen(char* port, int backlog, void *logh) { int sock = -1; unsigned int on = 1; unsigned int off = 0; struct addrinfo hints, *address_list, *paddress; memset(&hints, 0, sizeof(hints)); hints.ai_flags |= AI_PASSIVE; hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; if (getaddrinfo(NULL, port, &hints, &address_list)){ LOGM(VARP, logh, LEV_ERROR, T_PRE, "getaddrinfo() failed for port %s!", port); return -1; } paddress = address_list; while (paddress) { sock = socket(paddress->ai_family, paddress->ai_socktype, paddress->ai_protocol); if (sock == -1) { paddress = paddress->ai_next; continue; } setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &on, sizeof(socklen_t)); if (paddress->ai_family == AF_INET6) setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (void*) &off, sizeof(off)); if ((bind(sock, paddress->ai_addr, paddress->ai_addrlen) == -1) || (listen(sock, backlog) == -1)) { close(sock); paddress = paddress->ai_next; sock = -1; continue; } break; } if (sock == -1) LOGM(VARP, logh, LEV_ERROR, T_PRE, "Cannot bind to socket %s!", port); freeaddrinfo(address_list); return sock; } int accept_ipv6(int sock, void *logh) { int newsock = -1; struct sockaddr_storage sock_addr; struct sockaddr *client = (struct sockaddr *)&sock_addr; socklen_t len = sizeof(sock_addr); if (sock == -1) return -1; #ifndef HAVE_SOCKLEN_T newsock = accept(sock, client, (int*)(&(len))); #else newsock = accept(sock, client, &len); #endif if (newsock != -1) { logconnection(client, logh); } return newsock; } int sock_connect(const char *host, char *port) { struct addrinfo hints, *address_list, *paddress; int sock = -1; unsigned int on = 1; unsigned int off = 0; memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; if (getaddrinfo(host, port, &hints, &address_list)) { return -1; } paddress = address_list; while (paddress) { sock = socket(paddress->ai_family, paddress->ai_socktype, paddress->ai_protocol); if (sock == -1) { paddress = paddress->ai_next; continue; } setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &on, sizeof(on)); if (paddress->ai_family == AF_INET6) setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (void*) &off, sizeof(off)); if (connect(sock, paddress->ai_addr, paddress->ai_addrlen) == -1) { close(sock); paddress = paddress->ai_next; continue; } break; } freeaddrinfo(address_list); return sock; } voms-2.1.2/src/socklib/ipv6sock.h000066400000000000000000000024071477131364200166450ustar00rootroot00000000000000 #ifndef IPV6SOCK #define IPV6SOCK /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ extern int bind_and_listen(char* port, int backlog, void *logh); extern int accept_ipv6(int sock, void *logh); extern int sock_connect(const char *host, char *port); #endif voms-2.1.2/src/socklib/vomsssl.h000066400000000000000000000027521477131364200166120ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_VOMSSSL_H #define VOMS_VOMSSSL_H #include #include #ifdef __cplusplus extern "C" { #endif extern int proxy_verify_callback_server(X509_STORE_CTX *ctx, void *empty); extern int proxy_verify_callback_client(int ok, X509_STORE_CTX *ctx); extern void setup_SSL_proxy_handler(SSL *ssl, char *cadir); extern void destroy_SSL_proxy_handler(SSL *); #ifdef __cplusplus } #endif #endif voms-2.1.2/src/sslutils/000077500000000000000000000000001477131364200151615ustar00rootroot00000000000000voms-2.1.2/src/sslutils/Makefile.am000066400000000000000000000025141477131364200172170ustar00rootroot00000000000000includedir = @includedir@/voms if BUILD_INTERFACES include_HEADERS = \ vomsproxy.h endif noinst_LTLIBRARIES = libssl_utils_nog.la SOURCES= scutils.c scutils.h sslutils.c proxycertinfo.c proxypolicy.c \ signing_policy.c lex.signing.c namespaces.c lex.namespaces.c \ evaluate.c proxy.c vomsproxy.h voms_cert_type.h voms_cert_type.c \ ssl_compat.c EXTRA_DIST = namespaces.l namespaces.y namespaces.h \ signing_policy.y signing_policy.l signing_policy.h \ parsertypes.h lexparse.h evaluate.$(OBJEXT): signing_policy.h namespaces.h parsertypes.h evaluate.c signing_policy.$(OBJEXT): signing_policy.h if REGENERATE_PARSERS signing_policy.h signing_policy.c: signing_policy.y $(YACC) -t -d -o signing_policy.c $(srcdir)/signing_policy.y lex.signing.c: signing_policy.l signing_policy.h signing_policy.c $(LEX) -b -f -d $(srcdir)/signing_policy.l endif namespaces.$(OBJEXT): namespaces.h if REGENERATE_PARSERS namespaces.h namespaces.c: namespaces.y $(YACC) -t -d -o namespaces.c $(srcdir)/namespaces.y lex.namespaces.c: namespaces.l namespaces.h namespaces.c $(LEX) -b -f -d $(srcdir)/namespaces.l endif libssl_utils_nog_la_SOURCES= $(SOURCES) libssl_utils_la_CFLAGS = \ -I $(top_srcdir)/src/include \ $(OPENSSL_CFLAGS) libssl_utils_nog_la_CFLAGS = \ $(NO_GLOBUS_FLAGS) \ -I $(top_srcdir)/src/include \ $(OPENSSL_CFLAGS) ### voms-2.1.2/src/sslutils/evaluate.c000066400000000000000000000233731477131364200171430ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include "parsertypes.h" #include "doio.h" #include "listfunc.h" #include "normalize.h" #include #include #include static char *gethash(X509 *cert, char *hash); static int find_policy(struct policy **policies, X509 *cert, int current); static int evaluate_match_namespace(char *pattern, char *subject, int type); static int evaluate_match_signing(char *pattern, char *subject, int type); static int restriction_evaluate_policy(X509 *cert, struct policy *policy); static int evaluate_cert(X509 *cert, struct policy **namespaces); static int restriction_evaluate_namespace(STACK_OF(X509) *chain, struct policy **namespaces); static int restriction_evaluate_signing(STACK_OF(X509) *chain, struct policy **signings); static FILE *open_from_dir(char *path, char *file); extern int signinglex_init (void** scanner); extern void signingset_in (FILE * in_str ,void *yyscanner ); extern int signinglex_destroy (void* yyscanner ); extern int signingparse(struct policy ***policies, void *scanner); extern int namespaceslex_init (void** scanner); extern void namespacesset_in (FILE * in_str ,void *yyscanner ); extern int namespaceslex_destroy (void* yyscanner ); extern int namespacesparse(struct policy ***policies, void *scanner); static int find_policy(struct policy **policies, X509 *cert, int current) { int i = (current == -1 ? 0 : current + 1); char hash[EVP_MAX_MD_SIZE+1]; if (!policies || !(policies[0]) || !cert) return -1; while (policies[i]) { if (policies[i]->self) { if (!strcmp(gethash(cert, hash), policies[i]->caname)) return i; } else { char *issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); int ret = strcmp(issuer, policies[i]->caname); OPENSSL_free(issuer); if (!ret) return i; } i++; } /* If code reaches here, no match was found. */ return -1; } static char *gethash(X509 *cert, char *hash) { unsigned long hashvalue = X509_subject_name_hash(cert); sprintf(hash, "%08lx", hashvalue); return hash; } static int evaluate_match_namespace(char *pattern, char *subject, int type) { regex_t compiled; regmatch_t match[1]; int success = SUCCESS_UNDECIDED; char *patterntmp = normalize(pattern); char *subjecttmp = normalize(subject); if (!regcomp(&compiled, patterntmp, REG_NOSUB)) { if (!regexec(&compiled, subjecttmp, 0, match, 0)) { /* matched */ if (type) success = SUCCESS_PERMIT; else success = SUCCESS_DENY; } } regfree(&compiled); free(patterntmp); free(subjecttmp); return success; } static int evaluate_match_signing(char *pattern, char *subject, int type) { int success = SUCCESS_UNDECIDED; int len = 0; int compare; char *patterntmp = normalize(pattern); char *subjecttmp = normalize(subject); if (!pattern || !subject) return success; len = strlen(pattern); if (pattern[len-1] == '*') compare = strncmp(patterntmp, subjecttmp, len-1); else compare = strcmp(patterntmp, subjecttmp); free(patterntmp); free(subjecttmp); if (!compare) { if (type) return SUCCESS_PERMIT; else return SUCCESS_DENY; } return success; } static int restriction_evaluate_policy(X509 *cert, struct policy *policy) { int success = SUCCESS_UNDECIDED; char *subject = NULL; struct condition **cond = NULL; int condindex = 0; int subjindex = 0; if (!policy || !cert || !policy->conds) return success; subject = X509_NAME_oneline(X509_get_subject_name(cert), 0 ,0); if (!subject) return success; cond = policy->conds; while (cond[condindex]) { if (cond[condindex]->subjects) { char **subjects = cond[condindex]->subjects; int tempsuccess; while (subjects[subjindex]) { if (policy->type == TYPE_NAMESPACE) tempsuccess = evaluate_match_namespace(subjects[subjindex], subject, cond[condindex]->positive); else tempsuccess = evaluate_match_signing(subjects[subjindex], subject, cond[condindex]->positive); if (tempsuccess != SUCCESS_UNDECIDED) success = tempsuccess; if (success == SUCCESS_DENY) goto end; subjindex++; } } condindex++; } end: OPENSSL_free(subject); return success; } static int isselfsigned(X509*cert) { return !X509_NAME_cmp(X509_get_subject_name(cert), X509_get_issuer_name(cert)); } static int evaluate_cert(X509 *cert, struct policy **namespaces) { int result = SUCCESS_UNDECIDED; int policyindex = -1, currentindex = -1; /* self-signed certificates always pass */ if (isselfsigned(cert)) { char *subject = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); OPENSSL_free(subject); return SUCCESS_PERMIT; } while ((policyindex = find_policy(namespaces, cert, currentindex)) != -1) { struct policy *policy = namespaces[policyindex]; result = restriction_evaluate_policy(cert, policy); if (result != SUCCESS_UNDECIDED) break; currentindex = policyindex; } return result; } static int restriction_evaluate_namespace(STACK_OF(X509) *chain, struct policy **namespaces) { int size = sk_X509_num(chain); int i = 0; int result = 0; int start = 0, end = 0; int step = 0; if (size > 1 && isselfsigned(sk_X509_value(chain,0))) { /* reverse certificate ordering. Reverse direction of visit */ start = size - 1; end = -1; step = -1; } else { /* right order */ start = 0; end = size; step = 1; } for (i = start; i != end; i += step) { int j; X509 *cert = sk_X509_value(chain, i); for (j = i; j >= 0; j--) { result = evaluate_cert(cert, namespaces); if (result != SUCCESS_UNDECIDED) break; } } if (result == SUCCESS_UNDECIDED) { result = SUCCESS_PERMIT; } return result; } static int restriction_evaluate_signing(STACK_OF(X509) *chain, struct policy **signings) { int size = sk_X509_num(chain); int i = 0; int result = 0; for (i = 0; i < size; i++) { X509 *cert = sk_X509_value(chain, i); result = evaluate_cert(cert, signings); if (result != SUCCESS_UNDECIDED) break; } if (result == SUCCESS_UNDECIDED) result = SUCCESS_DENY; return result; } int PRIVATE restriction_evaluate(STACK_OF(X509) *chain, struct policy **namespaces, struct policy **signings) { int result = 0; result = restriction_evaluate_namespace(chain, namespaces); if (result == SUCCESS_UNDECIDED) { result = restriction_evaluate_signing(chain, signings); } return result; } static void free_condition(struct condition *cond) { free(cond->original); free(cond->subjects); free(cond); } static void free_policy(struct policy *pol) { free(pol->caname); listfree((char**)(pol->conds), (freefn)free_condition); free(pol); } void PRIVATE voms_free_policies(struct policy **policies) { listfree((char**)policies, (freefn)free_policy); } static FILE *open_from_dir(char *path, char *filename) { char *realpath=snprintf_wrap("%s%s", path, filename); FILE *file = NULL; file = fopen(realpath, "rb"); free(realpath); return file; } void PRIVATE read_pathrestriction(STACK_OF(X509) *chain, char *path, struct policy ***names, struct policy ***signs) { int size = sk_X509_num(chain); char hashed[9]; char *hash; char signing[25] = "/XXXXXXXX.signing_policy"; char namespace[21] = "/XXXXXXXX.namespaces"; int i = 0, j = 0; FILE *file = NULL; for (i = 0; i < size; i++) { X509 *cert = sk_X509_value(chain, i); hash = gethash(cert, hashed); /* Determine file names */ memcpy(signing + 1, hash, 8); memcpy(namespace + 1, hash, 8); file = open_from_dir(path, signing); if (file) { void *scanner = NULL; signinglex_init(&scanner); signingset_in(file, scanner); (void)signingparse(signs, scanner); signinglex_destroy(scanner); fclose(file); } j = 0; if (*signs) { while ((*signs)[j]) { if ((*signs)[j]->self) (*signs)[j]->caname = strdup(hash); j++; } } file = open_from_dir(path, namespace); if (file) { void *scanner = NULL; namespaceslex_init(&scanner); namespacesset_in(file, scanner); (void)namespacesparse(names, scanner); namespaceslex_destroy(scanner); fclose(file); } if (*names) { int j = 0; while ((*names)[j]) { if ((*names)[j]->self) (*names)[j]->caname = strdup(hash); j++; } } } } voms-2.1.2/src/sslutils/lex.namespaces.c000066400000000000000000003242231477131364200202410ustar00rootroot00000000000000 #line 2 "lex.namespaces.c" #define YY_INT_ALIGNED short int /* A lexical scanner generated by flex */ /* %not-for-header */ /* %if-c-only */ /* %if-not-reentrant */ /* %endif */ /* %endif */ /* %ok-for-header */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 6 #define YY_FLEX_SUBMINOR_VERSION 4 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif /* %if-c++-only */ /* %endif */ /* %if-c-only */ #ifdef yy_create_buffer #define namespaces_create_buffer_ALREADY_DEFINED #else #define yy_create_buffer namespaces_create_buffer #endif #ifdef yy_delete_buffer #define namespaces_delete_buffer_ALREADY_DEFINED #else #define yy_delete_buffer namespaces_delete_buffer #endif #ifdef yy_scan_buffer #define namespaces_scan_buffer_ALREADY_DEFINED #else #define yy_scan_buffer namespaces_scan_buffer #endif #ifdef yy_scan_string #define namespaces_scan_string_ALREADY_DEFINED #else #define yy_scan_string namespaces_scan_string #endif #ifdef yy_scan_bytes #define namespaces_scan_bytes_ALREADY_DEFINED #else #define yy_scan_bytes namespaces_scan_bytes #endif #ifdef yy_init_buffer #define namespaces_init_buffer_ALREADY_DEFINED #else #define yy_init_buffer namespaces_init_buffer #endif #ifdef yy_flush_buffer #define namespaces_flush_buffer_ALREADY_DEFINED #else #define yy_flush_buffer namespaces_flush_buffer #endif #ifdef yy_load_buffer_state #define namespaces_load_buffer_state_ALREADY_DEFINED #else #define yy_load_buffer_state namespaces_load_buffer_state #endif #ifdef yy_switch_to_buffer #define namespaces_switch_to_buffer_ALREADY_DEFINED #else #define yy_switch_to_buffer namespaces_switch_to_buffer #endif #ifdef yypush_buffer_state #define namespacespush_buffer_state_ALREADY_DEFINED #else #define yypush_buffer_state namespacespush_buffer_state #endif #ifdef yypop_buffer_state #define namespacespop_buffer_state_ALREADY_DEFINED #else #define yypop_buffer_state namespacespop_buffer_state #endif #ifdef yyensure_buffer_stack #define namespacesensure_buffer_stack_ALREADY_DEFINED #else #define yyensure_buffer_stack namespacesensure_buffer_stack #endif #ifdef yylex #define namespaceslex_ALREADY_DEFINED #else #define yylex namespaceslex #endif #ifdef yyrestart #define namespacesrestart_ALREADY_DEFINED #else #define yyrestart namespacesrestart #endif #ifdef yylex_init #define namespaceslex_init_ALREADY_DEFINED #else #define yylex_init namespaceslex_init #endif #ifdef yylex_init_extra #define namespaceslex_init_extra_ALREADY_DEFINED #else #define yylex_init_extra namespaceslex_init_extra #endif #ifdef yylex_destroy #define namespaceslex_destroy_ALREADY_DEFINED #else #define yylex_destroy namespaceslex_destroy #endif #ifdef yyget_debug #define namespacesget_debug_ALREADY_DEFINED #else #define yyget_debug namespacesget_debug #endif #ifdef yyset_debug #define namespacesset_debug_ALREADY_DEFINED #else #define yyset_debug namespacesset_debug #endif #ifdef yyget_extra #define namespacesget_extra_ALREADY_DEFINED #else #define yyget_extra namespacesget_extra #endif #ifdef yyset_extra #define namespacesset_extra_ALREADY_DEFINED #else #define yyset_extra namespacesset_extra #endif #ifdef yyget_in #define namespacesget_in_ALREADY_DEFINED #else #define yyget_in namespacesget_in #endif #ifdef yyset_in #define namespacesset_in_ALREADY_DEFINED #else #define yyset_in namespacesset_in #endif #ifdef yyget_out #define namespacesget_out_ALREADY_DEFINED #else #define yyget_out namespacesget_out #endif #ifdef yyset_out #define namespacesset_out_ALREADY_DEFINED #else #define yyset_out namespacesset_out #endif #ifdef yyget_leng #define namespacesget_leng_ALREADY_DEFINED #else #define yyget_leng namespacesget_leng #endif #ifdef yyget_text #define namespacesget_text_ALREADY_DEFINED #else #define yyget_text namespacesget_text #endif #ifdef yyget_lineno #define namespacesget_lineno_ALREADY_DEFINED #else #define yyget_lineno namespacesget_lineno #endif #ifdef yyset_lineno #define namespacesset_lineno_ALREADY_DEFINED #else #define yyset_lineno namespacesset_lineno #endif #ifdef yyget_column #define namespacesget_column_ALREADY_DEFINED #else #define yyget_column namespacesget_column #endif #ifdef yyset_column #define namespacesset_column_ALREADY_DEFINED #else #define yyset_column namespacesset_column #endif #ifdef yywrap #define namespaceswrap_ALREADY_DEFINED #else #define yywrap namespaceswrap #endif /* %endif */ #ifdef yyget_lval #define namespacesget_lval_ALREADY_DEFINED #else #define yyget_lval namespacesget_lval #endif #ifdef yyset_lval #define namespacesset_lval_ALREADY_DEFINED #else #define yyset_lval namespacesset_lval #endif #ifdef yyalloc #define namespacesalloc_ALREADY_DEFINED #else #define yyalloc namespacesalloc #endif #ifdef yyrealloc #define namespacesrealloc_ALREADY_DEFINED #else #define yyrealloc namespacesrealloc #endif #ifdef yyfree #define namespacesfree_ALREADY_DEFINED #else #define yyfree namespacesfree #endif /* %if-c-only */ /* %endif */ /* First, we deal with platform-specific or compiler-specific issues. */ /* begin standard C headers. */ /* %if-c-only */ #include #include #include #include /* %endif */ /* %if-tables-serialization */ /* %endif */ /* end standard C headers. */ /* %if-c-or-c++ */ /* flex integer type definitions */ #ifndef FLEXINT_H #define FLEXINT_H /* C99 systems have . Non-C99 systems may or may not. */ #if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L /* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, * if you want the limit (max/min) macros for int types. */ #ifndef __STDC_LIMIT_MACROS #define __STDC_LIMIT_MACROS 1 #endif #include typedef int8_t flex_int8_t; typedef uint8_t flex_uint8_t; typedef int16_t flex_int16_t; typedef uint16_t flex_uint16_t; typedef int32_t flex_int32_t; typedef uint32_t flex_uint32_t; #else typedef signed char flex_int8_t; typedef short int flex_int16_t; typedef int flex_int32_t; typedef unsigned char flex_uint8_t; typedef unsigned short int flex_uint16_t; typedef unsigned int flex_uint32_t; /* Limits of integral types. */ #ifndef INT8_MIN #define INT8_MIN (-128) #endif #ifndef INT16_MIN #define INT16_MIN (-32767-1) #endif #ifndef INT32_MIN #define INT32_MIN (-2147483647-1) #endif #ifndef INT8_MAX #define INT8_MAX (127) #endif #ifndef INT16_MAX #define INT16_MAX (32767) #endif #ifndef INT32_MAX #define INT32_MAX (2147483647) #endif #ifndef UINT8_MAX #define UINT8_MAX (255U) #endif #ifndef UINT16_MAX #define UINT16_MAX (65535U) #endif #ifndef UINT32_MAX #define UINT32_MAX (4294967295U) #endif #ifndef SIZE_MAX #define SIZE_MAX (~(size_t)0) #endif #endif /* ! C99 */ #endif /* ! FLEXINT_H */ /* %endif */ /* begin standard C++ headers. */ /* %if-c++-only */ /* %endif */ /* TODO: this is always defined, so inline it */ #define yyconst const #if defined(__GNUC__) && __GNUC__ >= 3 #define yynoreturn __attribute__((__noreturn__)) #else #define yynoreturn #endif /* %not-for-header */ /* Returned upon end-of-file. */ #define YY_NULL 0 /* %ok-for-header */ /* %not-for-header */ /* Promotes a possibly negative, possibly signed char to an * integer in range [0..255] for use as an array index. */ #define YY_SC_TO_UI(c) ((YY_CHAR) (c)) /* %ok-for-header */ /* %if-reentrant */ /* An opaque pointer. */ #ifndef YY_TYPEDEF_YY_SCANNER_T #define YY_TYPEDEF_YY_SCANNER_T typedef void* yyscan_t; #endif /* For convenience, these vars (plus the bison vars far below) are macros in the reentrant scanner. */ #define yyin yyg->yyin_r #define yyout yyg->yyout_r #define yyextra yyg->yyextra_r #define yyleng yyg->yyleng_r #define yytext yyg->yytext_r #define yylineno (YY_CURRENT_BUFFER_LVALUE->yy_bs_lineno) #define yycolumn (YY_CURRENT_BUFFER_LVALUE->yy_bs_column) #define yy_flex_debug yyg->yy_flex_debug_r /* %endif */ /* %if-not-reentrant */ /* %endif */ /* Enter a start condition. This macro really ought to take a parameter, * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ #define BEGIN yyg->yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ #define YY_START ((yyg->yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ #define YY_NEW_FILE yyrestart( yyin , yyscanner ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ #ifndef YY_BUF_SIZE #ifdef __ia64__ /* On IA-64, the buffer size is 16k, not 8k. * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. * Ditto for the __ia64__ case accordingly. */ #define YY_BUF_SIZE 32768 #else #define YY_BUF_SIZE 16384 #endif /* __ia64__ */ #endif /* The state buf must be large enough to hold one state per character in the main buffer. */ #define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) #ifndef YY_TYPEDEF_YY_BUFFER_STATE #define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif #ifndef YY_TYPEDEF_YY_SIZE_T #define YY_TYPEDEF_YY_SIZE_T typedef size_t yy_size_t; #endif /* %if-not-reentrant */ /* %endif */ /* %if-c-only */ /* %if-not-reentrant */ /* %endif */ /* %endif */ #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 #define YY_LESS_LINENO(n) #define YY_LINENO_REWIND_TO(ptr) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ *yy_cp = yyg->yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ yyg->yy_c_buf_p = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) #define unput(c) yyunput( c, yyg->yytext_ptr , yyscanner ) #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { /* %if-c-only */ FILE *yy_input_file; /* %endif */ /* %if-c++-only */ /* %endif */ char *yy_ch_buf; /* input buffer */ char *yy_buf_pos; /* current position in input buffer */ /* Size of input buffer in bytes, not including room for EOB * characters. */ int yy_buf_size; /* Number of characters read into yy_ch_buf, not including EOB * characters. */ int yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to * delete it. */ int yy_is_our_buffer; /* Whether this is an "interactive" input source; if so, and * if we're using stdio for input, then we want to use getc() * instead of fread(), to make sure we stop fetching input after * each newline. */ int yy_is_interactive; /* Whether we're considered to be at the beginning of a line. * If so, '^' rules will be active on the next match, otherwise * not. */ int yy_at_bol; int yy_bs_lineno; /**< The line count. */ int yy_bs_column; /**< The column count. */ /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process * then we mark the buffer as YY_EOF_PENDING, to indicate that we * shouldn't try reading from the input source any more. We might * still have a bunch of tokens to match, though, because of * possible backing-up. * * When we actually see the EOF, we change the status to "new" * (via yyrestart()), so that the user can continue scanning by * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 }; #endif /* !YY_STRUCT_YY_BUFFER_STATE */ /* %if-c-only Standard (non-C++) definition */ /* %not-for-header */ /* %if-not-reentrant */ /* %endif */ /* %ok-for-header */ /* %endif */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". * * Returns the top of the stack, or NULL. */ #define YY_CURRENT_BUFFER ( yyg->yy_buffer_stack \ ? yyg->yy_buffer_stack[yyg->yy_buffer_stack_top] \ : NULL) /* Same as previous macro, but useful when we know that the buffer stack is not * NULL or when we need an lvalue. For internal use only. */ #define YY_CURRENT_BUFFER_LVALUE yyg->yy_buffer_stack[yyg->yy_buffer_stack_top] /* %if-c-only Standard (non-C++) definition */ /* %if-not-reentrant */ /* %not-for-header */ /* %ok-for-header */ /* %endif */ void yyrestart ( FILE *input_file , yyscan_t yyscanner ); void yy_switch_to_buffer ( YY_BUFFER_STATE new_buffer , yyscan_t yyscanner ); YY_BUFFER_STATE yy_create_buffer ( FILE *file, int size , yyscan_t yyscanner ); void yy_delete_buffer ( YY_BUFFER_STATE b , yyscan_t yyscanner ); void yy_flush_buffer ( YY_BUFFER_STATE b , yyscan_t yyscanner ); void yypush_buffer_state ( YY_BUFFER_STATE new_buffer , yyscan_t yyscanner ); void yypop_buffer_state ( yyscan_t yyscanner ); static void yyensure_buffer_stack ( yyscan_t yyscanner ); static void yy_load_buffer_state ( yyscan_t yyscanner ); static void yy_init_buffer ( YY_BUFFER_STATE b, FILE *file , yyscan_t yyscanner ); #define YY_FLUSH_BUFFER yy_flush_buffer( YY_CURRENT_BUFFER , yyscanner) YY_BUFFER_STATE yy_scan_buffer ( char *base, yy_size_t size , yyscan_t yyscanner ); YY_BUFFER_STATE yy_scan_string ( const char *yy_str , yyscan_t yyscanner ); YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, int len , yyscan_t yyscanner ); /* %endif */ void *yyalloc ( yy_size_t , yyscan_t yyscanner ); void *yyrealloc ( void *, yy_size_t , yyscan_t yyscanner ); void yyfree ( void * , yyscan_t yyscanner ); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ if ( ! YY_CURRENT_BUFFER ){ \ yyensure_buffer_stack (yyscanner); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ if ( ! YY_CURRENT_BUFFER ){\ yyensure_buffer_stack (yyscanner); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) /* %% [1.0] yytext/yyin/yyout/yy_state_type/yylineno etc. def's & init go here */ /* Begin user sect3 */ #define namespaceswrap(yyscanner) (/*CONSTCOND*/1) #define YY_SKIP_YYWRAP #define FLEX_DEBUG typedef flex_uint8_t YY_CHAR; typedef int yy_state_type; #define yytext_ptr yytext_r /* %% [1.5] DFA */ static const flex_int16_t yy_nxt[][128] = { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, { 7, 8, 8, 8, 8, 8, 8, 8, 8, 8, 9, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 10, 11, 8, 8, 8, 12, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 13, 8, 8, 8, 8, 14, 8, 8, 8, 8, 8, 8, 15, 8, 8, 16, 17, 8, 8, 8, 8, 8, 8, 8, 18, 8, 8, 8, 8, 8, 8, 8, 13, 8, 8, 8, 8, 14, 8, 8, 8, 8, 8, 8, 15, 8, 8, 16, 17, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8 }, { 7, 8, 8, 8, 8, 8, 8, 8, 8, 8, 9, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 10, 11, 8, 8, 8, 12, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 13, 8, 8, 8, 8, 14, 8, 8, 8, 8, 8, 8, 15, 8, 8, 16, 17, 8, 8, 8, 8, 8, 8, 8, 18, 8, 8, 8, 8, 8, 8, 8, 13, 8, 8, 8, 8, 14, 8, 8, 8, 8, 8, 8, 15, 8, 8, 16, 17, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8 }, { 7, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 20, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19 }, { 7, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 20, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, 19 }, { 7, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 22, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21 }, { 7, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 22, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21 }, { -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7 }, { 7, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8 }, { 7, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9 }, { 7, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10 }, { 7, 23, 23, 23, 23, 23, 23, 23, 23, 23, -11, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23 }, { 7, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12 }, { 7, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, 24, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, 24, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13 }, { 7, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, 25, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, 25, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14 }, { 7, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, 26, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, 26, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15 }, { 7, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, 27, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, 28, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, 27, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, 28, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16 }, { 7, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, 29, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, 29, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17 }, { 7, -18, -18, -18, -18, -18, -18, -18, -18, -18, 30, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18 }, { 7, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 32, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31 }, { 7, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, -20 }, { 7, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 34, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33 }, { 7, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22, -22 }, { 7, 23, 23, 23, 23, 23, 23, 23, 23, 23, -23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23 }, { 7, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, 35, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, 35, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24, -24 }, { 7, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, 36, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, 36, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25 }, { 7, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, 37, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, 37, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26 }, { 7, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, 38, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, 38, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27 }, { 7, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, 39, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, 39, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28 }, { 7, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29 }, { 7, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30 }, { 7, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 32, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31, 31 }, { 7, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32 }, { 7, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 34, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33, 33 }, { 7, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34, -34 }, { 7, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, 40, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, 40, -35, -35, -35, -35, -35, -35 }, { 7, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, 41, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, 41, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36 }, { 7, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, 42, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, 42, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37 }, { 7, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, 43, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, 43, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38 }, { 7, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, 44, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, 44, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39 }, { 7, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40 }, { 7, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, 45, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, 45, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41 }, { 7, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, 46, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, 46, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42 }, { 7, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43 }, { 7, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, 47, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, 47, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44 }, { 7, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, 48, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, 48, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45 }, { 7, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, 49, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, 49, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46 }, { 7, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, 50, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, 50, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47 }, { 7, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48 }, { 7, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49 }, { 7, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, 51, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, 51, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50 }, { 7, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51 }, } ; /* %if-c-only Standard (non-C++) definition */ static yy_state_type yy_get_previous_state ( yyscan_t yyscanner ); static yy_state_type yy_try_NUL_trans ( yy_state_type current_state , yyscan_t yyscanner); static int yy_get_next_buffer ( yyscan_t yyscanner ); static void yynoreturn yy_fatal_error ( const char* msg , yyscan_t yyscanner ); /* %endif */ /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ yyg->yytext_ptr = yy_bp; \ /* %% [2.0] code to fiddle yytext and yyleng for yymore() goes here \ */\ yyleng = (int) (yy_cp - yy_bp); \ yyg->yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ /* %% [3.0] code to copy yytext_ptr to yytext[] goes here, if %array \ */\ yyg->yy_c_buf_p = yy_cp; /* %% [4.0] data tables for the DFA and the user's section 1 definitions go here */ #define YY_NUM_RULES 15 #define YY_END_OF_BUFFER 16 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info { flex_int32_t yy_verify; flex_int32_t yy_nxt; }; static const flex_int16_t yy_accept[52] = { 0, 0, 0, 0, 0, 0, 0, 16, 14, 13, 4, 1, 2, 14, 14, 14, 14, 14, 14, 15, 3, 15, 5, 1, 0, 0, 0, 0, 0, 6, 12, 0, 3, 0, 5, 0, 0, 0, 0, 0, 9, 0, 0, 10, 0, 0, 0, 0, 7, 8, 0, 11 } ; static const yy_state_type yy_NUL_trans[52] = { 0, 8, 8, 19, 19, 21, 21, 0, 0, 0, 0, 23, 0, 0, 0, 0, 0, 0, 0, 31, 0, 33, 0, 23, 0, 0, 0, 0, 0, 0, 0, 31, 0, 33, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } ; static const flex_int16_t yy_rule_linenum[15] = { 0, 50, 52, 54, 56, 57, 60, 61, 62, 63, 64, 65, 66, 67, 68 } ; /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ #define REJECT reject_used_but_not_detected #define yymore() yymore_used_but_not_detected #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET #line 1 "namespaces.l" #line 2 "namespaces.l" /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include "parsertypes.h" #include "lexparse.h" #include "namespaces.h" #ifndef strndup extern char *strndup(const char*, size_t); #endif #line 1625 "lex.namespaces.c" #line 1627 "lex.namespaces.c" #define INITIAL 0 #define SINGLE_QUOTED 1 #define DOUBLE_QUOTED 2 #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way * down here because we want the user's section 1 to have been scanned first. * The user has a chance to override it with an option. */ /* %if-c-only */ #include /* %endif */ /* %if-c++-only */ /* %endif */ #endif #ifndef YY_EXTRA_TYPE #define YY_EXTRA_TYPE void * #endif /* %if-c-only Reentrant structure and macros (non-C++). */ /* %if-reentrant */ /* Holds the entire state of the reentrant scanner. */ struct yyguts_t { /* User-defined. Not touched by flex. */ YY_EXTRA_TYPE yyextra_r; /* The rest are the same as the globals declared in the non-reentrant scanner. */ FILE *yyin_r, *yyout_r; size_t yy_buffer_stack_top; /**< index of top of stack. */ size_t yy_buffer_stack_max; /**< capacity of stack. */ YY_BUFFER_STATE * yy_buffer_stack; /**< Stack as an array. */ char yy_hold_char; int yy_n_chars; int yyleng_r; char *yy_c_buf_p; int yy_init; int yy_start; int yy_did_buffer_switch_on_eof; int yy_start_stack_ptr; int yy_start_stack_depth; int *yy_start_stack; yy_state_type yy_last_accepting_state; char* yy_last_accepting_cpos; int yylineno_r; int yy_flex_debug_r; char *yytext_r; int yy_more_flag; int yy_more_len; YYSTYPE * yylval_r; }; /* end struct yyguts_t */ /* %if-c-only */ static int yy_init_globals ( yyscan_t yyscanner ); /* %endif */ /* %if-reentrant */ /* This must go here because YYSTYPE and YYLTYPE are included * from bison output in section 1.*/ # define yylval yyg->yylval_r int yylex_init (yyscan_t* scanner); int yylex_init_extra ( YY_EXTRA_TYPE user_defined, yyscan_t* scanner); /* %endif */ /* %endif End reentrant structures and macros. */ /* Accessor methods to globals. These are made visible to non-reentrant scanners for convenience. */ int yylex_destroy ( yyscan_t yyscanner ); int yyget_debug ( yyscan_t yyscanner ); void yyset_debug ( int debug_flag , yyscan_t yyscanner ); YY_EXTRA_TYPE yyget_extra ( yyscan_t yyscanner ); void yyset_extra ( YY_EXTRA_TYPE user_defined , yyscan_t yyscanner ); FILE *yyget_in ( yyscan_t yyscanner ); void yyset_in ( FILE * _in_str , yyscan_t yyscanner ); FILE *yyget_out ( yyscan_t yyscanner ); void yyset_out ( FILE * _out_str , yyscan_t yyscanner ); int yyget_leng ( yyscan_t yyscanner ); char *yyget_text ( yyscan_t yyscanner ); int yyget_lineno ( yyscan_t yyscanner ); void yyset_lineno ( int _line_number , yyscan_t yyscanner ); int yyget_column ( yyscan_t yyscanner ); void yyset_column ( int _column_no , yyscan_t yyscanner ); /* %if-bison-bridge */ YYSTYPE * yyget_lval ( yyscan_t yyscanner ); void yyset_lval ( YYSTYPE * yylval_param , yyscan_t yyscanner ); /* %endif */ /* Macros after this point can all be overridden by user definitions in * section 1. */ #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus extern "C" int yywrap ( yyscan_t yyscanner ); #else extern int yywrap ( yyscan_t yyscanner ); #endif #endif /* %not-for-header */ #ifndef YY_NO_UNPUT static void yyunput ( int c, char *buf_ptr , yyscan_t yyscanner); #endif /* %ok-for-header */ /* %endif */ #ifndef yytext_ptr static void yy_flex_strncpy ( char *, const char *, int , yyscan_t yyscanner); #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen ( const char * , yyscan_t yyscanner); #endif #ifndef YY_NO_INPUT /* %if-c-only Standard (non-C++) definition */ /* %not-for-header */ #ifdef __cplusplus static int yyinput ( yyscan_t yyscanner ); #else static int input ( yyscan_t yyscanner ); #endif /* %ok-for-header */ /* %endif */ #endif /* %if-c-only */ /* %endif */ /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE #ifdef __ia64__ /* On IA-64, the buffer size is 16k, not 8k */ #define YY_READ_BUF_SIZE 16384 #else #define YY_READ_BUF_SIZE 8192 #endif /* __ia64__ */ #endif /* Copy whatever the last rule matched to the standard output. */ #ifndef ECHO /* %if-c-only Standard (non-C++) definition */ /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ #define ECHO do { if (fwrite( yytext, (size_t) yyleng, 1, yyout )) {} } while (0) /* %endif */ /* %if-c++-only C++ definition */ /* %endif */ #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, * is returned in "result". */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ /* %% [5.0] fread()/read() definition of YY_INPUT goes here unless we're doing C++ \ */\ errno=0; \ while ( (result = (int) read( fileno(yyin), buf, (yy_size_t) max_size )) < 0 ) \ { \ if( errno != EINTR) \ { \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ break; \ } \ errno=0; \ clearerr(yyin); \ }\ \ /* %if-c++-only C++ definition \ */\ /* %endif */ #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - * we don't want an extra ';' after the "return" because that will cause * some compilers to complain about unreachable statements. */ #ifndef yyterminate #define yyterminate() return YY_NULL #endif /* Number of entries by which start-condition stack grows. */ #ifndef YY_START_STACK_INCR #define YY_START_STACK_INCR 25 #endif /* Report a fatal error. */ #ifndef YY_FATAL_ERROR /* %if-c-only */ #define YY_FATAL_ERROR(msg) yy_fatal_error( msg , yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ #endif /* %if-tables-serialization structures and prototypes */ /* %not-for-header */ /* %ok-for-header */ /* %not-for-header */ /* %tables-yydmap generated elements */ /* %endif */ /* end tables serialization structures and prototypes */ /* %ok-for-header */ /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL #define YY_DECL_IS_OURS 1 /* %if-c-only Standard (non-C++) definition */ extern int yylex \ (YYSTYPE * yylval_param , yyscan_t yyscanner); #define YY_DECL int yylex \ (YYSTYPE * yylval_param , yyscan_t yyscanner) /* %endif */ /* %if-c++-only C++ definition */ /* %endif */ #endif /* !YY_DECL */ /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. */ #ifndef YY_USER_ACTION #define YY_USER_ACTION #endif /* Code executed at the end of each rule. */ #ifndef YY_BREAK #define YY_BREAK /*LINTED*/break; #endif /* %% [6.0] YY_RULE_SETUP definition goes here */ #define YY_RULE_SETUP \ YY_USER_ACTION /* %not-for-header */ /** The main scanner function which does all the work. */ YY_DECL { yy_state_type yy_current_state; char *yy_cp, *yy_bp; int yy_act; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yylval = yylval_param; if ( !yyg->yy_init ) { yyg->yy_init = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif if ( ! yyg->yy_start ) yyg->yy_start = 1; /* first start state */ if ( ! yyin ) /* %if-c-only */ yyin = stdin; /* %endif */ /* %if-c++-only */ /* %endif */ if ( ! yyout ) /* %if-c-only */ yyout = stdout; /* %endif */ /* %if-c++-only */ /* %endif */ if ( ! YY_CURRENT_BUFFER ) { yyensure_buffer_stack (yyscanner); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); } yy_load_buffer_state( yyscanner ); } { /* %% [7.0] user's declarations go here */ #line 48 "namespaces.l" #line 1958 "lex.namespaces.c" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { /* %% [8.0] yymore()-related code goes here */ yy_cp = yyg->yy_c_buf_p; /* Support of yytext. */ *yy_cp = yyg->yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; /* %% [9.0] code to set up and find next match goes here */ yy_current_state = yyg->yy_start; yy_match: while ( (yy_current_state = yy_nxt[yy_current_state][ YY_SC_TO_UI(*yy_cp) ]) > 0 ) { if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; yyg->yy_last_accepting_cpos = yy_cp; } ++yy_cp; } yy_current_state = -yy_current_state; yy_find_action: /* %% [10.0] code to find the action number goes here */ yy_act = yy_accept[yy_current_state]; YY_DO_BEFORE_ACTION; /* %% [11.0] code for yylineno update goes here */ do_action: /* This label is used only to access EOF actions. */ /* %% [12.0] debug code goes here */ if ( yy_flex_debug ) { if ( yy_act == 0 ) fprintf( stderr, "--scanner backing up\n" ); else if ( yy_act < 15 ) fprintf( stderr, "--accepting rule at line %ld (\"%s\")\n", (long)yy_rule_linenum[yy_act], yytext ); else if ( yy_act == 15 ) fprintf( stderr, "--accepting default rule (\"%s\")\n", yytext ); else if ( yy_act == 16 ) fprintf( stderr, "--(end of buffer or a NUL)\n" ); else fprintf( stderr, "--EOF (start condition %d)\n", YY_START ); } switch ( yy_act ) { /* beginning of action switch */ /* %% [13.0] actions go here */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ *yy_cp = yyg->yy_hold_char; yy_cp = yyg->yy_last_accepting_cpos + 1; yy_current_state = yyg->yy_last_accepting_state; goto yy_find_action; case 1: YY_RULE_SETUP #line 50 "namespaces.l" /* comment. Ignore */ YY_BREAK case 2: YY_RULE_SETUP #line 52 "namespaces.l" BEGIN(SINGLE_QUOTED); YY_BREAK case 3: /* rule 3 can match eol */ YY_RULE_SETUP #line 54 "namespaces.l" yytext[strlen(yytext)-1]='\0'; yylval_param->string = yytext; BEGIN(INITIAL); return SUBJECT; YY_BREAK case 4: YY_RULE_SETUP #line 56 "namespaces.l" BEGIN(DOUBLE_QUOTED); YY_BREAK case 5: /* rule 5 can match eol */ YY_RULE_SETUP #line 57 "namespaces.l" yytext[strlen(yytext)-1]='\0'; yylval_param->string = yytext; BEGIN(INITIAL); return SUBJECT; YY_BREAK case 6: YY_RULE_SETUP #line 60 "namespaces.l" return TO; YY_BREAK case 7: YY_RULE_SETUP #line 61 "namespaces.l" return ISSUER; YY_BREAK case 8: YY_RULE_SETUP #line 62 "namespaces.l" return PERMIT; YY_BREAK case 9: YY_RULE_SETUP #line 63 "namespaces.l" return DENY; YY_BREAK case 10: YY_RULE_SETUP #line 64 "namespaces.l" return SELF; YY_BREAK case 11: YY_RULE_SETUP #line 65 "namespaces.l" return SUBJECT_WORD; YY_BREAK case 12: *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ yyg->yy_c_buf_p = yy_cp -= 1; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP #line 66 "namespaces.l" YY_BREAK case 13: /* rule 13 can match eol */ YY_RULE_SETUP #line 67 "namespaces.l" YY_BREAK case 14: YY_RULE_SETUP #line 68 "namespaces.l" YY_BREAK case 15: YY_RULE_SETUP #line 70 "namespaces.l" ECHO; YY_BREAK #line 2107 "lex.namespaces.c" case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(SINGLE_QUOTED): case YY_STATE_EOF(DOUBLE_QUOTED): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ int yy_amount_of_matched_text = (int) (yy_cp - yyg->yytext_ptr) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ *yy_cp = yyg->yy_hold_char; YY_RESTORE_YY_MORE_OFFSET if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; /* %if-c-only */ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; /* %endif */ /* %if-c++-only */ /* %endif */ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position * of the first EOB in the buffer, since yy_c_buf_p will * already have been incremented past the NUL character * (since all states make transitions on EOB to the * end-of-buffer state). Contrast this with the test * in input(). */ if ( yyg->yy_c_buf_p <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars] ) { /* This was really a NUL. */ yy_state_type yy_next_state; yyg->yy_c_buf_p = yyg->yytext_ptr + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( yyscanner ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have * yy_get_previous_state() go ahead and do it * for us because it doesn't know how to deal * with the possibility of jamming (and we don't * want to build jamming into it because then it * will run more slowly). */ yy_next_state = yy_try_NUL_trans( yy_current_state , yyscanner); yy_bp = yyg->yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ yy_cp = ++yyg->yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { /* %% [14.0] code to do back-up for compressed tables and set up yy_cp goes here */ yy_cp = yyg->yy_c_buf_p; goto yy_find_action; } } else switch ( yy_get_next_buffer( yyscanner ) ) { case EOB_ACT_END_OF_FILE: { yyg->yy_did_buffer_switch_on_eof = 0; if ( yywrap( yyscanner ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up * yytext, we can now set up * yy_c_buf_p so that if some total * hoser (like flex itself) wants to * call the scanner after we return the * YY_NULL, it'll still work - another * YY_NULL will get returned. */ yyg->yy_c_buf_p = yyg->yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; } else { if ( ! yyg->yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: yyg->yy_c_buf_p = yyg->yytext_ptr + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( yyscanner ); yy_cp = yyg->yy_c_buf_p; yy_bp = yyg->yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: yyg->yy_c_buf_p = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars]; yy_current_state = yy_get_previous_state( yyscanner ); yy_cp = yyg->yy_c_buf_p; yy_bp = yyg->yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; } default: YY_FATAL_ERROR( "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ } /* end of user's declarations */ } /* end of yylex */ /* %ok-for-header */ /* %if-c++-only */ /* %not-for-header */ /* %ok-for-header */ /* %endif */ /* yy_get_next_buffer - try to read in a new buffer * * Returns a code representing an action: * EOB_ACT_LAST_MATCH - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ /* %if-c-only */ static int yy_get_next_buffer (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; char *source = yyg->yytext_ptr; int number_to_move, i; int ret_val; if ( yyg->yy_c_buf_p > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ if ( yyg->yy_c_buf_p - yyg->yytext_ptr - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. */ return EOB_ACT_END_OF_FILE; } else { /* We matched some text prior to the EOB, first * process it. */ return EOB_ACT_LAST_MATCH; } } /* Try to read more data. */ /* First move last chars to start of buffer. */ number_to_move = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr - 1); for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = 0; else { int num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; int yy_c_buf_p_offset = (int) (yyg->yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { int new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; else b->yy_buf_size *= 2; b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ yyrealloc( (void *) b->yy_ch_buf, (yy_size_t) (b->yy_buf_size + 2) , yyscanner ); } else /* Can't grow it, we don't own it. */ b->yy_ch_buf = NULL; if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); yyg->yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), yyg->yy_n_chars, num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars; } if ( yyg->yy_n_chars == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; yyrestart( yyin , yyscanner); } else { ret_val = EOB_ACT_LAST_MATCH; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } else ret_val = EOB_ACT_CONTINUE_SCAN; if ((yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ int new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc( (void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf, (yy_size_t) new_size , yyscanner ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); /* "- 2" to take care of EOB's */ YY_CURRENT_BUFFER_LVALUE->yy_buf_size = (int) (new_size - 2); } yyg->yy_n_chars += number_to_move; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars] = YY_END_OF_BUFFER_CHAR; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; yyg->yytext_ptr = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; return ret_val; } /* yy_get_previous_state - get the state just before the EOB char was reached */ /* %if-c-only */ /* %not-for-header */ static yy_state_type yy_get_previous_state (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { yy_state_type yy_current_state; char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* %% [15.0] code to get the start state into yy_current_state goes here */ yy_current_state = yyg->yy_start; for ( yy_cp = yyg->yytext_ptr + YY_MORE_ADJ; yy_cp < yyg->yy_c_buf_p; ++yy_cp ) { /* %% [16.0] code to find the next state goes here */ if ( *yy_cp ) { yy_current_state = yy_nxt[yy_current_state][YY_SC_TO_UI(*yy_cp)]; } else yy_current_state = yy_NUL_trans[yy_current_state]; if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; yyg->yy_last_accepting_cpos = yy_cp; } } return yy_current_state; } /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ /* %if-c-only */ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { int yy_is_jam; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */ /* %% [17.0] code to find the next state, and perhaps do backing up, goes here */ char *yy_cp = yyg->yy_c_buf_p; yy_current_state = yy_NUL_trans[yy_current_state]; yy_is_jam = (yy_current_state == 0); if ( ! yy_is_jam ) { if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; yyg->yy_last_accepting_cpos = yy_cp; } } (void)yyg; return yy_is_jam ? 0 : yy_current_state; } #ifndef YY_NO_UNPUT /* %if-c-only */ static void yyunput (int c, char * yy_bp , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yy_cp = yyg->yy_c_buf_p; /* undo effects of setting up yytext */ *yy_cp = yyg->yy_hold_char; if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ int number_to_move = yyg->yy_n_chars + 2; char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = (int) YY_CURRENT_BUFFER_LVALUE->yy_buf_size; if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; /* %% [18.0] update yylineno here */ yyg->yytext_ptr = yy_bp; yyg->yy_hold_char = *yy_cp; yyg->yy_c_buf_p = yy_cp; } /* %if-c-only */ /* %endif */ #endif /* %if-c-only */ #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (yyscan_t yyscanner) #else static int input (yyscan_t yyscanner) #endif /* %endif */ /* %if-c++-only */ /* %endif */ { int c; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; *yyg->yy_c_buf_p = yyg->yy_hold_char; if ( *yyg->yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ if ( yyg->yy_c_buf_p < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars] ) /* This was really a NUL. */ *yyg->yy_c_buf_p = '\0'; else { /* need more input */ int offset = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr); ++yyg->yy_c_buf_p; switch ( yy_get_next_buffer( yyscanner ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() * sees that we've accumulated a * token and flags that we need to * try matching the token before * proceeding. But for input(), * there's no matching to consider. * So convert the EOB_ACT_LAST_MATCH * to EOB_ACT_END_OF_FILE. */ /* Reset buffer status. */ yyrestart( yyin , yyscanner); /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { if ( yywrap( yyscanner ) ) return 0; if ( ! yyg->yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(yyscanner); #else return input(yyscanner); #endif } case EOB_ACT_CONTINUE_SCAN: yyg->yy_c_buf_p = yyg->yytext_ptr + offset; break; } } } c = *(unsigned char *) yyg->yy_c_buf_p; /* cast for 8-bit char's */ *yyg->yy_c_buf_p = '\0'; /* preserve yytext */ yyg->yy_hold_char = *++yyg->yy_c_buf_p; /* %% [19.0] update BOL and yylineno */ return c; } /* %if-c-only */ #endif /* ifndef YY_NO_INPUT */ /* %endif */ /** Immediately switch to a different input stream. * @param input_file A readable stream. * @param yyscanner The scanner object. * @note This function does not reset the start condition to @c INITIAL . */ /* %if-c-only */ void yyrestart (FILE * input_file , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if ( ! YY_CURRENT_BUFFER ){ yyensure_buffer_stack (yyscanner); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); } yy_init_buffer( YY_CURRENT_BUFFER, input_file , yyscanner); yy_load_buffer_state( yyscanner ); } /* %if-c++-only */ /* %endif */ /** Switch to a different input buffer. * @param new_buffer The new input buffer. * @param yyscanner The scanner object. */ /* %if-c-only */ void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* TODO. We should be able to replace this entire function body * with * yypop_buffer_state(); * yypush_buffer_state(new_buffer); */ yyensure_buffer_stack (yyscanner); if ( YY_CURRENT_BUFFER == new_buffer ) return; if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *yyg->yy_c_buf_p = yyg->yy_hold_char; YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = yyg->yy_c_buf_p; YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars; } YY_CURRENT_BUFFER_LVALUE = new_buffer; yy_load_buffer_state( yyscanner ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ yyg->yy_did_buffer_switch_on_eof = 1; } /* %if-c-only */ static void yy_load_buffer_state (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; yyg->yytext_ptr = yyg->yy_c_buf_p = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; /* %if-c-only */ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; /* %endif */ /* %if-c++-only */ /* %endif */ yyg->yy_hold_char = *yyg->yy_c_buf_p; } /** Allocate and initialize an input buffer state. * @param file A readable stream. * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. * @param yyscanner The scanner object. * @return the allocated buffer state. */ /* %if-c-only */ YY_BUFFER_STATE yy_create_buffer (FILE * file, int size , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { YY_BUFFER_STATE b; b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) , yyscanner ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_buf_size = size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) , yyscanner ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; yy_init_buffer( b, file , yyscanner); return b; } /* %if-c++-only */ /* %endif */ /** Destroy the buffer. * @param b a buffer created with yy_create_buffer() * @param yyscanner The scanner object. */ /* %if-c-only */ void yy_delete_buffer (YY_BUFFER_STATE b , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if ( ! b ) return; if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) yyfree( (void *) b->yy_ch_buf , yyscanner ); yyfree( (void *) b , yyscanner ); } /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, * such as during a yyrestart() or at EOF. */ /* %if-c-only */ static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { int oerrno = errno; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yy_flush_buffer( b , yyscanner); /* %if-c-only */ b->yy_input_file = file; /* %endif */ /* %if-c++-only */ /* %endif */ b->yy_fill_buffer = 1; /* If b is the current buffer, then yy_init_buffer was _probably_ * called from yyrestart() or through yy_get_next_buffer. * In that case, we don't want to reset the lineno or column. */ if (b != YY_CURRENT_BUFFER){ b->yy_bs_lineno = 1; b->yy_bs_column = 0; } /* %if-c-only */ b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; /* %endif */ /* %if-c++-only */ /* %endif */ errno = oerrno; } /** Discard all buffered characters. On the next scan, YY_INPUT will be called. * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. * @param yyscanner The scanner object. */ /* %if-c-only */ void yy_flush_buffer (YY_BUFFER_STATE b , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if ( ! b ) return; b->yy_n_chars = 0; /* We always need two end-of-buffer characters. The first causes * a transition to the end-of-buffer state. The second causes * a jam in that state. */ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; b->yy_buf_pos = &b->yy_ch_buf[0]; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; if ( b == YY_CURRENT_BUFFER ) yy_load_buffer_state( yyscanner ); } /* %if-c-or-c++ */ /** Pushes the new state onto the stack. The new state becomes * the current state. This function will allocate the stack * if necessary. * @param new_buffer The new state. * @param yyscanner The scanner object. */ /* %if-c-only */ void yypush_buffer_state (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (new_buffer == NULL) return; yyensure_buffer_stack(yyscanner); /* This block is copied from yy_switch_to_buffer. */ if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *yyg->yy_c_buf_p = yyg->yy_hold_char; YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = yyg->yy_c_buf_p; YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars; } /* Only push if top exists. Otherwise, replace top. */ if (YY_CURRENT_BUFFER) yyg->yy_buffer_stack_top++; YY_CURRENT_BUFFER_LVALUE = new_buffer; /* copied from yy_switch_to_buffer. */ yy_load_buffer_state( yyscanner ); yyg->yy_did_buffer_switch_on_eof = 1; } /* %endif */ /* %if-c-or-c++ */ /** Removes and deletes the top of the stack, if present. * The next element becomes the new top. * @param yyscanner The scanner object. */ /* %if-c-only */ void yypop_buffer_state (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (!YY_CURRENT_BUFFER) return; yy_delete_buffer(YY_CURRENT_BUFFER , yyscanner); YY_CURRENT_BUFFER_LVALUE = NULL; if (yyg->yy_buffer_stack_top > 0) --yyg->yy_buffer_stack_top; if (YY_CURRENT_BUFFER) { yy_load_buffer_state( yyscanner ); yyg->yy_did_buffer_switch_on_eof = 1; } } /* %endif */ /* %if-c-or-c++ */ /* Allocates the stack if it does not exist. * Guarantees space for at least one push. */ /* %if-c-only */ static void yyensure_buffer_stack (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { yy_size_t num_to_alloc; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (!yyg->yy_buffer_stack) { /* First allocation is just for 2 elements, since we don't know if this * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ yyg->yy_buffer_stack = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); if ( ! yyg->yy_buffer_stack ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); memset(yyg->yy_buffer_stack, 0, num_to_alloc * sizeof(struct yy_buffer_state*)); yyg->yy_buffer_stack_max = num_to_alloc; yyg->yy_buffer_stack_top = 0; return; } if (yyg->yy_buffer_stack_top >= (yyg->yy_buffer_stack_max) - 1){ /* Increase the buffer to prepare for a possible push. */ yy_size_t grow_size = 8 /* arbitrary grow size */; num_to_alloc = yyg->yy_buffer_stack_max + grow_size; yyg->yy_buffer_stack = (struct yy_buffer_state**)yyrealloc (yyg->yy_buffer_stack, num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); if ( ! yyg->yy_buffer_stack ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset(yyg->yy_buffer_stack + yyg->yy_buffer_stack_max, 0, grow_size * sizeof(struct yy_buffer_state*)); yyg->yy_buffer_stack_max = num_to_alloc; } } /* %endif */ /* %if-c-only */ /** Setup the input buffer state to scan directly from a user-specified character buffer. * @param base the character buffer * @param size the size in bytes of the character buffer * @param yyscanner The scanner object. * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size , yyscan_t yyscanner) { YY_BUFFER_STATE b; if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return NULL; b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) , yyscanner ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); b->yy_buf_size = (int) (size - 2); /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; b->yy_is_our_buffer = 0; b->yy_input_file = NULL; b->yy_n_chars = b->yy_buf_size; b->yy_is_interactive = 0; b->yy_at_bol = 1; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; yy_switch_to_buffer( b , yyscanner ); return b; } /* %endif */ /* %if-c-only */ /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. * @param yystr a NUL-terminated string to scan * @param yyscanner The scanner object. * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use * yy_scan_bytes() instead. */ YY_BUFFER_STATE yy_scan_string (const char * yystr , yyscan_t yyscanner) { return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner); } /* %endif */ /* %if-c-only */ /** Setup the input buffer state to scan the given bytes. The next call to yylex() will * scan from a @e copy of @a bytes. * @param yybytes the byte buffer to scan * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. * @param yyscanner The scanner object. * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_bytes (const char * yybytes, int _yybytes_len , yyscan_t yyscanner) { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; /* Get memory for full buffer, including space for trailing EOB's. */ n = (yy_size_t) (_yybytes_len + 2); buf = (char *) yyalloc( n , yyscanner ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); for ( i = 0; i < _yybytes_len; ++i ) buf[i] = yybytes[i]; buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; b = yy_scan_buffer( buf, n , yyscanner); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); /* It's okay to grow etc. this buffer, and we should throw it * away when we're done. */ b->yy_is_our_buffer = 1; return b; } /* %endif */ #ifndef YY_EXIT_FAILURE #define YY_EXIT_FAILURE 2 #endif /* %if-c-only */ static void yynoreturn yy_fatal_error (const char* msg , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; (void)yyg; fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* %endif */ /* %if-c++-only */ /* %endif */ /* Redefine yyless() so it works in section 3 code. */ #undef yyless #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ yytext[yyleng] = yyg->yy_hold_char; \ yyg->yy_c_buf_p = yytext + yyless_macro_arg; \ yyg->yy_hold_char = *yyg->yy_c_buf_p; \ *yyg->yy_c_buf_p = '\0'; \ yyleng = yyless_macro_arg; \ } \ while ( 0 ) /* Accessor methods (get/set functions) to struct members. */ /* %if-c-only */ /* %if-reentrant */ /** Get the user-defined data for this scanner. * @param yyscanner The scanner object. */ YY_EXTRA_TYPE yyget_extra (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyextra; } /* %endif */ /** Get the current line number. * @param yyscanner The scanner object. */ int yyget_lineno (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (! YY_CURRENT_BUFFER) return 0; return yylineno; } /** Get the current column number. * @param yyscanner The scanner object. */ int yyget_column (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (! YY_CURRENT_BUFFER) return 0; return yycolumn; } /** Get the input stream. * @param yyscanner The scanner object. */ FILE *yyget_in (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyin; } /** Get the output stream. * @param yyscanner The scanner object. */ FILE *yyget_out (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyout; } /** Get the length of the current token. * @param yyscanner The scanner object. */ int yyget_leng (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyleng; } /** Get the current token. * @param yyscanner The scanner object. */ char *yyget_text (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yytext; } /* %if-reentrant */ /** Set the user-defined data. This data is never touched by the scanner. * @param user_defined The data to be associated with this scanner. * @param yyscanner The scanner object. */ void yyset_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyextra = user_defined ; } /* %endif */ /** Set the current line number. * @param _line_number line number * @param yyscanner The scanner object. */ void yyset_lineno (int _line_number , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* lineno is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) YY_FATAL_ERROR( "yyset_lineno called with no buffer" ); yylineno = _line_number; } /** Set the current column. * @param _column_no column number * @param yyscanner The scanner object. */ void yyset_column (int _column_no , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* column is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) YY_FATAL_ERROR( "yyset_column called with no buffer" ); yycolumn = _column_no; } /** Set the input stream. This does not discard the current * input buffer. * @param _in_str A readable stream. * @param yyscanner The scanner object. * @see yy_switch_to_buffer */ void yyset_in (FILE * _in_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyin = _in_str ; } void yyset_out (FILE * _out_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyout = _out_str ; } int yyget_debug (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yy_flex_debug; } void yyset_debug (int _bdebug , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yy_flex_debug = _bdebug ; } /* %endif */ /* %if-reentrant */ /* Accessor methods for yylval and yylloc */ /* %if-bison-bridge */ YYSTYPE * yyget_lval (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yylval; } void yyset_lval (YYSTYPE * yylval_param , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yylval = yylval_param; } /* %endif */ /* User-visible API */ /* yylex_init is special because it creates the scanner itself, so it is * the ONLY reentrant function that doesn't take the scanner as the last argument. * That's why we explicitly handle the declaration, instead of using our macros. */ int yylex_init(yyscan_t* ptr_yy_globals) { if (ptr_yy_globals == NULL){ errno = EINVAL; return 1; } *ptr_yy_globals = (yyscan_t) yyalloc ( sizeof( struct yyguts_t ), NULL ); if (*ptr_yy_globals == NULL){ errno = ENOMEM; return 1; } /* By setting to 0xAA, we expose bugs in yy_init_globals. Leave at 0x00 for releases. */ memset(*ptr_yy_globals,0x00,sizeof(struct yyguts_t)); return yy_init_globals ( *ptr_yy_globals ); } /* yylex_init_extra has the same functionality as yylex_init, but follows the * convention of taking the scanner as the last argument. Note however, that * this is a *pointer* to a scanner, as it will be allocated by this call (and * is the reason, too, why this function also must handle its own declaration). * The user defined value in the first argument will be available to yyalloc in * the yyextra field. */ int yylex_init_extra( YY_EXTRA_TYPE yy_user_defined, yyscan_t* ptr_yy_globals ) { struct yyguts_t dummy_yyguts; yyset_extra (yy_user_defined, &dummy_yyguts); if (ptr_yy_globals == NULL){ errno = EINVAL; return 1; } *ptr_yy_globals = (yyscan_t) yyalloc ( sizeof( struct yyguts_t ), &dummy_yyguts ); if (*ptr_yy_globals == NULL){ errno = ENOMEM; return 1; } /* By setting to 0xAA, we expose bugs in yy_init_globals. Leave at 0x00 for releases. */ memset(*ptr_yy_globals,0x00,sizeof(struct yyguts_t)); yyset_extra (yy_user_defined, *ptr_yy_globals); return yy_init_globals ( *ptr_yy_globals ); } /* %endif if-c-only */ /* %if-c-only */ static int yy_init_globals (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* Initialization is the same as for the non-reentrant scanner. * This function is called from yylex_destroy(), so don't allocate here. */ yyg->yy_buffer_stack = NULL; yyg->yy_buffer_stack_top = 0; yyg->yy_buffer_stack_max = 0; yyg->yy_c_buf_p = NULL; yyg->yy_init = 0; yyg->yy_start = 0; yyg->yy_start_stack_ptr = 0; yyg->yy_start_stack_depth = 0; yyg->yy_start_stack = NULL; /* Defined in main.c */ #ifdef YY_STDINIT yyin = stdin; yyout = stdout; #else yyin = NULL; yyout = NULL; #endif /* For future reference: Set errno on error, since we are called by * yylex_init() */ return 0; } /* %endif */ /* %if-c-only SNIP! this currently causes conflicts with the c++ scanner */ /* yylex_destroy is for both reentrant and non-reentrant scanners. */ int yylex_destroy (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* Pop the buffer stack, destroying each element. */ while(YY_CURRENT_BUFFER){ yy_delete_buffer( YY_CURRENT_BUFFER , yyscanner ); YY_CURRENT_BUFFER_LVALUE = NULL; yypop_buffer_state(yyscanner); } /* Destroy the stack itself. */ yyfree(yyg->yy_buffer_stack , yyscanner); yyg->yy_buffer_stack = NULL; /* Destroy the start condition stack. */ yyfree( yyg->yy_start_stack , yyscanner ); yyg->yy_start_stack = NULL; /* Reset the globals. This is important in a non-reentrant scanner so the next time * yylex() is called, initialization will occur. */ yy_init_globals( yyscanner); /* %if-reentrant */ /* Destroy the main struct (reentrant only). */ yyfree ( yyscanner , yyscanner ); yyscanner = NULL; /* %endif */ return 0; } /* %endif */ /* * Internal utility routines. */ #ifndef yytext_ptr static void yy_flex_strncpy (char* s1, const char * s2, int n , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; (void)yyg; int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen (const char * s , yyscan_t yyscanner) { int n; for ( n = 0; s[n]; ++n ) ; return n; } #endif void *yyalloc (yy_size_t size , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; (void)yyg; return malloc(size); } void *yyrealloc (void * ptr, yy_size_t size , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; (void)yyg; /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter * because both ANSI C and C++ allow castless assignment from * any pointer type to void*, and deal with argument conversions * as though doing an assignment. */ return realloc(ptr, size); } void yyfree (void * ptr , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; (void)yyg; free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ } /* %if-tables-serialization definitions */ /* %define-yytables The name for this specific scanner's tables. */ #define YYTABLES_NAME "yytables" /* %endif */ /* %ok-for-header */ #line 70 "namespaces.l" voms-2.1.2/src/sslutils/lex.signing.c000066400000000000000000004566371477131364200175770ustar00rootroot00000000000000 #line 2 "lex.signing.c" #define YY_INT_ALIGNED short int /* A lexical scanner generated by flex */ /* %not-for-header */ /* %if-c-only */ /* %if-not-reentrant */ /* %endif */ /* %endif */ /* %ok-for-header */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 6 #define YY_FLEX_SUBMINOR_VERSION 4 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif /* %if-c++-only */ /* %endif */ /* %if-c-only */ #ifdef yy_create_buffer #define signing_create_buffer_ALREADY_DEFINED #else #define yy_create_buffer signing_create_buffer #endif #ifdef yy_delete_buffer #define signing_delete_buffer_ALREADY_DEFINED #else #define yy_delete_buffer signing_delete_buffer #endif #ifdef yy_scan_buffer #define signing_scan_buffer_ALREADY_DEFINED #else #define yy_scan_buffer signing_scan_buffer #endif #ifdef yy_scan_string #define signing_scan_string_ALREADY_DEFINED #else #define yy_scan_string signing_scan_string #endif #ifdef yy_scan_bytes #define signing_scan_bytes_ALREADY_DEFINED #else #define yy_scan_bytes signing_scan_bytes #endif #ifdef yy_init_buffer #define signing_init_buffer_ALREADY_DEFINED #else #define yy_init_buffer signing_init_buffer #endif #ifdef yy_flush_buffer #define signing_flush_buffer_ALREADY_DEFINED #else #define yy_flush_buffer signing_flush_buffer #endif #ifdef yy_load_buffer_state #define signing_load_buffer_state_ALREADY_DEFINED #else #define yy_load_buffer_state signing_load_buffer_state #endif #ifdef yy_switch_to_buffer #define signing_switch_to_buffer_ALREADY_DEFINED #else #define yy_switch_to_buffer signing_switch_to_buffer #endif #ifdef yypush_buffer_state #define signingpush_buffer_state_ALREADY_DEFINED #else #define yypush_buffer_state signingpush_buffer_state #endif #ifdef yypop_buffer_state #define signingpop_buffer_state_ALREADY_DEFINED #else #define yypop_buffer_state signingpop_buffer_state #endif #ifdef yyensure_buffer_stack #define signingensure_buffer_stack_ALREADY_DEFINED #else #define yyensure_buffer_stack signingensure_buffer_stack #endif #ifdef yylex #define signinglex_ALREADY_DEFINED #else #define yylex signinglex #endif #ifdef yyrestart #define signingrestart_ALREADY_DEFINED #else #define yyrestart signingrestart #endif #ifdef yylex_init #define signinglex_init_ALREADY_DEFINED #else #define yylex_init signinglex_init #endif #ifdef yylex_init_extra #define signinglex_init_extra_ALREADY_DEFINED #else #define yylex_init_extra signinglex_init_extra #endif #ifdef yylex_destroy #define signinglex_destroy_ALREADY_DEFINED #else #define yylex_destroy signinglex_destroy #endif #ifdef yyget_debug #define signingget_debug_ALREADY_DEFINED #else #define yyget_debug signingget_debug #endif #ifdef yyset_debug #define signingset_debug_ALREADY_DEFINED #else #define yyset_debug signingset_debug #endif #ifdef yyget_extra #define signingget_extra_ALREADY_DEFINED #else #define yyget_extra signingget_extra #endif #ifdef yyset_extra #define signingset_extra_ALREADY_DEFINED #else #define yyset_extra signingset_extra #endif #ifdef yyget_in #define signingget_in_ALREADY_DEFINED #else #define yyget_in signingget_in #endif #ifdef yyset_in #define signingset_in_ALREADY_DEFINED #else #define yyset_in signingset_in #endif #ifdef yyget_out #define signingget_out_ALREADY_DEFINED #else #define yyget_out signingget_out #endif #ifdef yyset_out #define signingset_out_ALREADY_DEFINED #else #define yyset_out signingset_out #endif #ifdef yyget_leng #define signingget_leng_ALREADY_DEFINED #else #define yyget_leng signingget_leng #endif #ifdef yyget_text #define signingget_text_ALREADY_DEFINED #else #define yyget_text signingget_text #endif #ifdef yyget_lineno #define signingget_lineno_ALREADY_DEFINED #else #define yyget_lineno signingget_lineno #endif #ifdef yyset_lineno #define signingset_lineno_ALREADY_DEFINED #else #define yyset_lineno signingset_lineno #endif #ifdef yyget_column #define signingget_column_ALREADY_DEFINED #else #define yyget_column signingget_column #endif #ifdef yyset_column #define signingset_column_ALREADY_DEFINED #else #define yyset_column signingset_column #endif #ifdef yywrap #define signingwrap_ALREADY_DEFINED #else #define yywrap signingwrap #endif /* %endif */ #ifdef yyget_lval #define signingget_lval_ALREADY_DEFINED #else #define yyget_lval signingget_lval #endif #ifdef yyset_lval #define signingset_lval_ALREADY_DEFINED #else #define yyset_lval signingset_lval #endif #ifdef yyalloc #define signingalloc_ALREADY_DEFINED #else #define yyalloc signingalloc #endif #ifdef yyrealloc #define signingrealloc_ALREADY_DEFINED #else #define yyrealloc signingrealloc #endif #ifdef yyfree #define signingfree_ALREADY_DEFINED #else #define yyfree signingfree #endif /* %if-c-only */ /* %endif */ /* First, we deal with platform-specific or compiler-specific issues. */ /* begin standard C headers. */ /* %if-c-only */ #include #include #include #include /* %endif */ /* %if-tables-serialization */ /* %endif */ /* end standard C headers. */ /* %if-c-or-c++ */ /* flex integer type definitions */ #ifndef FLEXINT_H #define FLEXINT_H /* C99 systems have . Non-C99 systems may or may not. */ #if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L /* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, * if you want the limit (max/min) macros for int types. */ #ifndef __STDC_LIMIT_MACROS #define __STDC_LIMIT_MACROS 1 #endif #include typedef int8_t flex_int8_t; typedef uint8_t flex_uint8_t; typedef int16_t flex_int16_t; typedef uint16_t flex_uint16_t; typedef int32_t flex_int32_t; typedef uint32_t flex_uint32_t; #else typedef signed char flex_int8_t; typedef short int flex_int16_t; typedef int flex_int32_t; typedef unsigned char flex_uint8_t; typedef unsigned short int flex_uint16_t; typedef unsigned int flex_uint32_t; /* Limits of integral types. */ #ifndef INT8_MIN #define INT8_MIN (-128) #endif #ifndef INT16_MIN #define INT16_MIN (-32767-1) #endif #ifndef INT32_MIN #define INT32_MIN (-2147483647-1) #endif #ifndef INT8_MAX #define INT8_MAX (127) #endif #ifndef INT16_MAX #define INT16_MAX (32767) #endif #ifndef INT32_MAX #define INT32_MAX (2147483647) #endif #ifndef UINT8_MAX #define UINT8_MAX (255U) #endif #ifndef UINT16_MAX #define UINT16_MAX (65535U) #endif #ifndef UINT32_MAX #define UINT32_MAX (4294967295U) #endif #ifndef SIZE_MAX #define SIZE_MAX (~(size_t)0) #endif #endif /* ! C99 */ #endif /* ! FLEXINT_H */ /* %endif */ /* begin standard C++ headers. */ /* %if-c++-only */ /* %endif */ /* TODO: this is always defined, so inline it */ #define yyconst const #if defined(__GNUC__) && __GNUC__ >= 3 #define yynoreturn __attribute__((__noreturn__)) #else #define yynoreturn #endif /* %not-for-header */ /* Returned upon end-of-file. */ #define YY_NULL 0 /* %ok-for-header */ /* %not-for-header */ /* Promotes a possibly negative, possibly signed char to an * integer in range [0..255] for use as an array index. */ #define YY_SC_TO_UI(c) ((YY_CHAR) (c)) /* %ok-for-header */ /* %if-reentrant */ /* An opaque pointer. */ #ifndef YY_TYPEDEF_YY_SCANNER_T #define YY_TYPEDEF_YY_SCANNER_T typedef void* yyscan_t; #endif /* For convenience, these vars (plus the bison vars far below) are macros in the reentrant scanner. */ #define yyin yyg->yyin_r #define yyout yyg->yyout_r #define yyextra yyg->yyextra_r #define yyleng yyg->yyleng_r #define yytext yyg->yytext_r #define yylineno (YY_CURRENT_BUFFER_LVALUE->yy_bs_lineno) #define yycolumn (YY_CURRENT_BUFFER_LVALUE->yy_bs_column) #define yy_flex_debug yyg->yy_flex_debug_r /* %endif */ /* %if-not-reentrant */ /* %endif */ /* Enter a start condition. This macro really ought to take a parameter, * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ #define BEGIN yyg->yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ #define YY_START ((yyg->yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ #define YY_NEW_FILE yyrestart( yyin , yyscanner ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ #ifndef YY_BUF_SIZE #ifdef __ia64__ /* On IA-64, the buffer size is 16k, not 8k. * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. * Ditto for the __ia64__ case accordingly. */ #define YY_BUF_SIZE 32768 #else #define YY_BUF_SIZE 16384 #endif /* __ia64__ */ #endif /* The state buf must be large enough to hold one state per character in the main buffer. */ #define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) #ifndef YY_TYPEDEF_YY_BUFFER_STATE #define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif #ifndef YY_TYPEDEF_YY_SIZE_T #define YY_TYPEDEF_YY_SIZE_T typedef size_t yy_size_t; #endif /* %if-not-reentrant */ /* %endif */ /* %if-c-only */ /* %if-not-reentrant */ /* %endif */ /* %endif */ #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 #define YY_LESS_LINENO(n) #define YY_LINENO_REWIND_TO(ptr) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ *yy_cp = yyg->yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ yyg->yy_c_buf_p = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) #define unput(c) yyunput( c, yyg->yytext_ptr , yyscanner ) #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { /* %if-c-only */ FILE *yy_input_file; /* %endif */ /* %if-c++-only */ /* %endif */ char *yy_ch_buf; /* input buffer */ char *yy_buf_pos; /* current position in input buffer */ /* Size of input buffer in bytes, not including room for EOB * characters. */ int yy_buf_size; /* Number of characters read into yy_ch_buf, not including EOB * characters. */ int yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to * delete it. */ int yy_is_our_buffer; /* Whether this is an "interactive" input source; if so, and * if we're using stdio for input, then we want to use getc() * instead of fread(), to make sure we stop fetching input after * each newline. */ int yy_is_interactive; /* Whether we're considered to be at the beginning of a line. * If so, '^' rules will be active on the next match, otherwise * not. */ int yy_at_bol; int yy_bs_lineno; /**< The line count. */ int yy_bs_column; /**< The column count. */ /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process * then we mark the buffer as YY_EOF_PENDING, to indicate that we * shouldn't try reading from the input source any more. We might * still have a bunch of tokens to match, though, because of * possible backing-up. * * When we actually see the EOF, we change the status to "new" * (via yyrestart()), so that the user can continue scanning by * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 }; #endif /* !YY_STRUCT_YY_BUFFER_STATE */ /* %if-c-only Standard (non-C++) definition */ /* %not-for-header */ /* %if-not-reentrant */ /* %endif */ /* %ok-for-header */ /* %endif */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". * * Returns the top of the stack, or NULL. */ #define YY_CURRENT_BUFFER ( yyg->yy_buffer_stack \ ? yyg->yy_buffer_stack[yyg->yy_buffer_stack_top] \ : NULL) /* Same as previous macro, but useful when we know that the buffer stack is not * NULL or when we need an lvalue. For internal use only. */ #define YY_CURRENT_BUFFER_LVALUE yyg->yy_buffer_stack[yyg->yy_buffer_stack_top] /* %if-c-only Standard (non-C++) definition */ /* %if-not-reentrant */ /* %not-for-header */ /* %ok-for-header */ /* %endif */ void yyrestart ( FILE *input_file , yyscan_t yyscanner ); void yy_switch_to_buffer ( YY_BUFFER_STATE new_buffer , yyscan_t yyscanner ); YY_BUFFER_STATE yy_create_buffer ( FILE *file, int size , yyscan_t yyscanner ); void yy_delete_buffer ( YY_BUFFER_STATE b , yyscan_t yyscanner ); void yy_flush_buffer ( YY_BUFFER_STATE b , yyscan_t yyscanner ); void yypush_buffer_state ( YY_BUFFER_STATE new_buffer , yyscan_t yyscanner ); void yypop_buffer_state ( yyscan_t yyscanner ); static void yyensure_buffer_stack ( yyscan_t yyscanner ); static void yy_load_buffer_state ( yyscan_t yyscanner ); static void yy_init_buffer ( YY_BUFFER_STATE b, FILE *file , yyscan_t yyscanner ); #define YY_FLUSH_BUFFER yy_flush_buffer( YY_CURRENT_BUFFER , yyscanner) YY_BUFFER_STATE yy_scan_buffer ( char *base, yy_size_t size , yyscan_t yyscanner ); YY_BUFFER_STATE yy_scan_string ( const char *yy_str , yyscan_t yyscanner ); YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, int len , yyscan_t yyscanner ); /* %endif */ void *yyalloc ( yy_size_t , yyscan_t yyscanner ); void *yyrealloc ( void *, yy_size_t , yyscan_t yyscanner ); void yyfree ( void * , yyscan_t yyscanner ); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ if ( ! YY_CURRENT_BUFFER ){ \ yyensure_buffer_stack (yyscanner); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ if ( ! YY_CURRENT_BUFFER ){\ yyensure_buffer_stack (yyscanner); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) /* %% [1.0] yytext/yyin/yyout/yy_state_type/yylineno etc. def's & init go here */ #define signingwrap(yyscanner) (/*CONSTCOND*/1) #define YY_SKIP_YYWRAP #define FLEX_DEBUG typedef flex_uint8_t YY_CHAR; typedef int yy_state_type; #define yytext_ptr yytext_r /* %% [1.5] DFA */ static const flex_int16_t yy_nxt[][128] = { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, { 7, 8, 8, 8, 8, 8, 8, 8, 8, 8, 9, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 10, 11, 8, 8, 8, 12, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 13, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 14, 8, 8, 8, 8, 8, 8, 8, 8, 15, 8, 16, 8, 8, 8, 17, 8, 8, 8, 8, 8, 8, 18, 8, 19, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8 }, { 7, 8, 8, 8, 8, 8, 8, 8, 8, 8, 9, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 10, 11, 8, 8, 8, 12, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 13, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 14, 8, 8, 8, 8, 8, 8, 8, 8, 15, 8, 16, 8, 8, 8, 17, 8, 8, 8, 8, 8, 8, 18, 8, 19, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8 }, { 7, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 21, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20 }, { 7, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 21, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20 }, { 7, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22 }, { 7, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22 }, { -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7, -7 }, { 7, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8, -8 }, { 7, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9 }, { 7, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10 }, { 7, 24, 24, 24, 24, 24, 24, 24, 24, 24, -11, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24 }, { 7, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12, -12 }, { 7, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, 25, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13, -13 }, { 7, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, 26, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14, -14 }, { 7, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, 27, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15, -15 }, { 7, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, 28, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16, -16 }, { 7, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, 29, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17, -17 }, { 7, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, 30, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18, -18 }, { 7, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, 31, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19, -19 }, { 7, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 33, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32 }, { 7, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21, -21 }, { 7, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 35, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34 }, { 7, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23, -23 }, { 7, 24, 24, 24, 24, 24, 24, 24, 24, 24, -24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24 }, { 7, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, 36, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25, -25 }, { 7, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, 37, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26, -26 }, { 7, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, 38, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27, -27 }, { 7, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, 39, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28, -28 }, { 7, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, 40, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29, -29 }, { 7, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, 41, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30, -30 }, { 7, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, 42, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31, -31 }, { 7, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 33, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32 }, { 7, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33, -33 }, { 7, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 35, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34 }, { 7, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35, -35 }, { 7, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, 43, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36, -36 }, { 7, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, 44, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37, -37 }, { 7, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, 45, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38, -38 }, { 7, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, 46, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39, -39 }, { 7, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, 47, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40, -40 }, { 7, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, 48, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41, -41 }, { 7, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, 49, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42, -42 }, { 7, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, 50, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43, -43 }, { 7, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44, -44 }, { 7, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, 51, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45, -45 }, { 7, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, 52, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46, -46 }, { 7, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47, 53, -47, -47, -47, -47, -47, -47, -47, -47, -47, -47 }, { 7, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, 54, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48, -48 }, { 7, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, 55, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49, -49 }, { 7, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, 56, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50, -50 }, { 7, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, 57, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51, -51 }, { 7, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, 58, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, 59, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52, -52 }, { 7, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, 60, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53, -53 }, { 7, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, 61, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54, -54 }, { 7, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, 62, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55, -55 }, { 7, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, 63, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56, -56 }, { 7, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, 64, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57, -57 }, { 7, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, 65, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58, -58 }, { 7, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59, 66, -59, -59, -59, -59, -59, -59, -59, -59, -59, -59 }, { 7, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60, -60 }, { 7, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, 67, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61, -61 }, { 7, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, 68, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62, -62 }, { 7, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63, -63 }, { 7, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, 69, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64, -64 }, { 7, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, 70, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65, -65 }, { 7, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, 71, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66, -66 }, { 7, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, 72, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67, -67 }, { 7, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, 73, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68, -68 }, { 7, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, 74, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69, -69 }, { 7, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, 75, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70, -70 }, { 7, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, 76, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71, -71 }, { 7, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, 77, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72, -72 }, { 7, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, 78, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73, -73 }, { 7, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, 79, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74, -74 }, { 7, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, 80, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75, -75 }, { 7, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, 81, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76, -76 }, { 7, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, 82, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77, -77 }, { 7, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, 83, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78, -78 }, { 7, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, 84, -79, 85, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79, -79 }, { 7, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, 86, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80 }, { 7, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, 87, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81, -81 }, { 7, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82, -82 }, { 7, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83, -83 }, { 7, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, 88, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84, -84 }, { 7, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, 89, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85, -85 }, { 7, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, 90, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86, -86 }, { 7, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, 91, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87, -87 }, { 7, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, 92, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88, -88 }, { 7, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89, -89 }, { 7, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, 93, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90, -90 }, { 7, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, 94, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91, -91 }, { 7, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, 95, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92, -92 }, { 7, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93, 96, -93, -93, -93, -93, -93, -93, -93, -93, -93, -93 }, { 7, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, -94 }, { 7, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, 97, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95, -95 }, { 7, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, 98, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96, -96 }, { 7, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, 99, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97, -97 }, { 7, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, 100, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98, -98 }, { 7, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, 101, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, -99 }, { 7, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, 102, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, -100 }, { 7, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101, -101 }, { 7, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, 103, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102, -102 }, { 7, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, 104, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103, -103 }, { 7, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, 105, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104, -104 }, { 7, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105, -105 }, } ; /* %if-c-only Standard (non-C++) definition */ static yy_state_type yy_get_previous_state ( yyscan_t yyscanner ); static yy_state_type yy_try_NUL_trans ( yy_state_type current_state , yyscan_t yyscanner); static int yy_get_next_buffer ( yyscan_t yyscanner ); static void yynoreturn yy_fatal_error ( const char* msg , yyscan_t yyscanner ); /* %endif */ /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ yyg->yytext_ptr = yy_bp; \ /* %% [2.0] code to fiddle yytext and yyleng for yymore() goes here \ */\ yyleng = (int) (yy_cp - yy_bp); \ yyg->yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ /* %% [3.0] code to copy yytext_ptr to yytext[] goes here, if %array \ */\ yyg->yy_c_buf_p = yy_cp; /* %% [4.0] data tables for the DFA and the user's section 1 definitions go here */ #define YY_NUM_RULES 17 #define YY_END_OF_BUFFER 18 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info { flex_int32_t yy_verify; flex_int32_t yy_nxt; }; static const flex_int16_t yy_accept[106] = { 0, 0, 0, 0, 0, 0, 0, 18, 16, 15, 4, 1, 2, 16, 16, 16, 16, 16, 16, 16, 17, 3, 17, 5, 1, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 8, 0, 0, 11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, 9, 0, 0, 0, 0, 0, 12, 0, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 7 } ; static const yy_state_type yy_NUL_trans[106] = { 0, 8, 8, 20, 20, 22, 22, 0, 0, 0, 0, 24, 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, 34, 0, 24, 0, 0, 0, 0, 0, 0, 0, 32, 0, 34, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } ; static const flex_int16_t yy_rule_linenum[17] = { 0, 50, 51, 53, 55, 56, 59, 60, 61, 62, 63, 64, 65, 66, 67, 69, 70 } ; /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ #define REJECT reject_used_but_not_detected #define yymore() yymore_used_but_not_detected #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET #line 1 "signing_policy.l" #line 2 "signing_policy.l" /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include "parsertypes.h" #include "signing_policy.h" #include "lexparse.h" #ifndef strndup extern char *strndup(const char*, size_t); #endif #line 2570 "lex.signing.c" #line 2572 "lex.signing.c" #define INITIAL 0 #define SINGLE_QUOTED 1 #define DOUBLE_QUOTED 2 #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way * down here because we want the user's section 1 to have been scanned first. * The user has a chance to override it with an option. */ /* %if-c-only */ #include /* %endif */ /* %if-c++-only */ /* %endif */ #endif #ifndef YY_EXTRA_TYPE #define YY_EXTRA_TYPE void * #endif /* %if-c-only Reentrant structure and macros (non-C++). */ /* %if-reentrant */ /* Holds the entire state of the reentrant scanner. */ struct yyguts_t { /* User-defined. Not touched by flex. */ YY_EXTRA_TYPE yyextra_r; /* The rest are the same as the globals declared in the non-reentrant scanner. */ FILE *yyin_r, *yyout_r; size_t yy_buffer_stack_top; /**< index of top of stack. */ size_t yy_buffer_stack_max; /**< capacity of stack. */ YY_BUFFER_STATE * yy_buffer_stack; /**< Stack as an array. */ char yy_hold_char; int yy_n_chars; int yyleng_r; char *yy_c_buf_p; int yy_init; int yy_start; int yy_did_buffer_switch_on_eof; int yy_start_stack_ptr; int yy_start_stack_depth; int *yy_start_stack; yy_state_type yy_last_accepting_state; char* yy_last_accepting_cpos; int yylineno_r; int yy_flex_debug_r; char *yytext_r; int yy_more_flag; int yy_more_len; YYSTYPE * yylval_r; }; /* end struct yyguts_t */ /* %if-c-only */ static int yy_init_globals ( yyscan_t yyscanner ); /* %endif */ /* %if-reentrant */ /* This must go here because YYSTYPE and YYLTYPE are included * from bison output in section 1.*/ # define yylval yyg->yylval_r int yylex_init (yyscan_t* scanner); int yylex_init_extra ( YY_EXTRA_TYPE user_defined, yyscan_t* scanner); /* %endif */ /* %endif End reentrant structures and macros. */ /* Accessor methods to globals. These are made visible to non-reentrant scanners for convenience. */ int yylex_destroy ( yyscan_t yyscanner ); int yyget_debug ( yyscan_t yyscanner ); void yyset_debug ( int debug_flag , yyscan_t yyscanner ); YY_EXTRA_TYPE yyget_extra ( yyscan_t yyscanner ); void yyset_extra ( YY_EXTRA_TYPE user_defined , yyscan_t yyscanner ); FILE *yyget_in ( yyscan_t yyscanner ); void yyset_in ( FILE * _in_str , yyscan_t yyscanner ); FILE *yyget_out ( yyscan_t yyscanner ); void yyset_out ( FILE * _out_str , yyscan_t yyscanner ); int yyget_leng ( yyscan_t yyscanner ); char *yyget_text ( yyscan_t yyscanner ); int yyget_lineno ( yyscan_t yyscanner ); void yyset_lineno ( int _line_number , yyscan_t yyscanner ); int yyget_column ( yyscan_t yyscanner ); void yyset_column ( int _column_no , yyscan_t yyscanner ); /* %if-bison-bridge */ YYSTYPE * yyget_lval ( yyscan_t yyscanner ); void yyset_lval ( YYSTYPE * yylval_param , yyscan_t yyscanner ); /* %endif */ /* Macros after this point can all be overridden by user definitions in * section 1. */ #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus extern "C" int yywrap ( yyscan_t yyscanner ); #else extern int yywrap ( yyscan_t yyscanner ); #endif #endif /* %not-for-header */ #ifndef YY_NO_UNPUT static void yyunput ( int c, char *buf_ptr , yyscan_t yyscanner); #endif /* %ok-for-header */ /* %endif */ #ifndef yytext_ptr static void yy_flex_strncpy ( char *, const char *, int , yyscan_t yyscanner); #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen ( const char * , yyscan_t yyscanner); #endif #ifndef YY_NO_INPUT /* %if-c-only Standard (non-C++) definition */ /* %not-for-header */ #ifdef __cplusplus static int yyinput ( yyscan_t yyscanner ); #else static int input ( yyscan_t yyscanner ); #endif /* %ok-for-header */ /* %endif */ #endif /* %if-c-only */ /* %endif */ /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE #ifdef __ia64__ /* On IA-64, the buffer size is 16k, not 8k */ #define YY_READ_BUF_SIZE 16384 #else #define YY_READ_BUF_SIZE 8192 #endif /* __ia64__ */ #endif /* Copy whatever the last rule matched to the standard output. */ #ifndef ECHO /* %if-c-only Standard (non-C++) definition */ /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ #define ECHO do { if (fwrite( yytext, (size_t) yyleng, 1, yyout )) {} } while (0) /* %endif */ /* %if-c++-only C++ definition */ /* %endif */ #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, * is returned in "result". */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ /* %% [5.0] fread()/read() definition of YY_INPUT goes here unless we're doing C++ \ */\ errno=0; \ while ( (result = (int) read( fileno(yyin), buf, (yy_size_t) max_size )) < 0 ) \ { \ if( errno != EINTR) \ { \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ break; \ } \ errno=0; \ clearerr(yyin); \ }\ \ /* %if-c++-only C++ definition \ */\ /* %endif */ #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - * we don't want an extra ';' after the "return" because that will cause * some compilers to complain about unreachable statements. */ #ifndef yyterminate #define yyterminate() return YY_NULL #endif /* Number of entries by which start-condition stack grows. */ #ifndef YY_START_STACK_INCR #define YY_START_STACK_INCR 25 #endif /* Report a fatal error. */ #ifndef YY_FATAL_ERROR /* %if-c-only */ #define YY_FATAL_ERROR(msg) yy_fatal_error( msg , yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ #endif /* %if-tables-serialization structures and prototypes */ /* %not-for-header */ /* %ok-for-header */ /* %not-for-header */ /* %tables-yydmap generated elements */ /* %endif */ /* end tables serialization structures and prototypes */ /* %ok-for-header */ /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL #define YY_DECL_IS_OURS 1 /* %if-c-only Standard (non-C++) definition */ extern int yylex \ (YYSTYPE * yylval_param , yyscan_t yyscanner); #define YY_DECL int yylex \ (YYSTYPE * yylval_param , yyscan_t yyscanner) /* %endif */ /* %if-c++-only C++ definition */ /* %endif */ #endif /* !YY_DECL */ /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. */ #ifndef YY_USER_ACTION #define YY_USER_ACTION #endif /* Code executed at the end of each rule. */ #ifndef YY_BREAK #define YY_BREAK /*LINTED*/break; #endif /* %% [6.0] YY_RULE_SETUP definition goes here */ #define YY_RULE_SETUP \ YY_USER_ACTION /* %not-for-header */ /** The main scanner function which does all the work. */ YY_DECL { yy_state_type yy_current_state; char *yy_cp, *yy_bp; int yy_act; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yylval = yylval_param; if ( !yyg->yy_init ) { yyg->yy_init = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif if ( ! yyg->yy_start ) yyg->yy_start = 1; /* first start state */ if ( ! yyin ) /* %if-c-only */ yyin = stdin; /* %endif */ /* %if-c++-only */ /* %endif */ if ( ! yyout ) /* %if-c-only */ yyout = stdout; /* %endif */ /* %if-c++-only */ /* %endif */ if ( ! YY_CURRENT_BUFFER ) { yyensure_buffer_stack (yyscanner); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); } yy_load_buffer_state( yyscanner ); } { /* %% [7.0] user's declarations go here */ #line 48 "signing_policy.l" #line 2903 "lex.signing.c" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { /* %% [8.0] yymore()-related code goes here */ yy_cp = yyg->yy_c_buf_p; /* Support of yytext. */ *yy_cp = yyg->yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; /* %% [9.0] code to set up and find next match goes here */ yy_current_state = yyg->yy_start; yy_match: while ( (yy_current_state = yy_nxt[yy_current_state][ YY_SC_TO_UI(*yy_cp) ]) > 0 ) { if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; yyg->yy_last_accepting_cpos = yy_cp; } ++yy_cp; } yy_current_state = -yy_current_state; yy_find_action: /* %% [10.0] code to find the action number goes here */ yy_act = yy_accept[yy_current_state]; YY_DO_BEFORE_ACTION; /* %% [11.0] code for yylineno update goes here */ do_action: /* This label is used only to access EOF actions. */ /* %% [12.0] debug code goes here */ if ( yy_flex_debug ) { if ( yy_act == 0 ) fprintf( stderr, "--scanner backing up\n" ); else if ( yy_act < 17 ) fprintf( stderr, "--accepting rule at line %ld (\"%s\")\n", (long)yy_rule_linenum[yy_act], yytext ); else if ( yy_act == 17 ) fprintf( stderr, "--accepting default rule (\"%s\")\n", yytext ); else if ( yy_act == 18 ) fprintf( stderr, "--(end of buffer or a NUL)\n" ); else fprintf( stderr, "--EOF (start condition %d)\n", YY_START ); } switch ( yy_act ) { /* beginning of action switch */ /* %% [13.0] actions go here */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ *yy_cp = yyg->yy_hold_char; yy_cp = yyg->yy_last_accepting_cpos + 1; yy_current_state = yyg->yy_last_accepting_state; goto yy_find_action; case 1: YY_RULE_SETUP #line 50 "signing_policy.l" /* ignore comments */ YY_BREAK case 2: YY_RULE_SETUP #line 51 "signing_policy.l" BEGIN(SINGLE_QUOTED); YY_BREAK case 3: /* rule 3 can match eol */ YY_RULE_SETUP #line 53 "signing_policy.l" yytext[strlen(yytext)-1]='\0'; yylval_param->string = yytext; BEGIN(INITIAL); return SUBJECTS; YY_BREAK case 4: YY_RULE_SETUP #line 55 "signing_policy.l" BEGIN(DOUBLE_QUOTED); YY_BREAK case 5: /* rule 5 can match eol */ YY_RULE_SETUP #line 56 "signing_policy.l" yytext[strlen(yytext)-1]='\0'; yylval_param->string = yytext; BEGIN(INITIAL); return SUBJECTS; YY_BREAK case 6: YY_RULE_SETUP #line 59 "signing_policy.l" return COND_SUBJECTS; YY_BREAK case 7: YY_RULE_SETUP #line 60 "signing_policy.l" return COND_BANNED; YY_BREAK case 8: YY_RULE_SETUP #line 61 "signing_policy.l" return GLOBUS; YY_BREAK case 9: YY_RULE_SETUP #line 62 "signing_policy.l" return POS_RIGHTS; YY_BREAK case 10: YY_RULE_SETUP #line 63 "signing_policy.l" return NEG_RIGHTS; YY_BREAK case 11: YY_RULE_SETUP #line 64 "signing_policy.l" return CA_SIGN; YY_BREAK case 12: YY_RULE_SETUP #line 65 "signing_policy.l" return ACCESS_ID_CA; YY_BREAK case 13: YY_RULE_SETUP #line 66 "signing_policy.l" return ACCESS_ID_ANYBODY; YY_BREAK case 14: YY_RULE_SETUP #line 67 "signing_policy.l" return X509; YY_BREAK case 15: /* rule 15 can match eol */ YY_RULE_SETUP #line 69 "signing_policy.l" YY_BREAK case 16: YY_RULE_SETUP #line 70 "signing_policy.l" YY_BREAK case 17: YY_RULE_SETUP #line 72 "signing_policy.l" ECHO; YY_BREAK #line 3059 "lex.signing.c" case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(SINGLE_QUOTED): case YY_STATE_EOF(DOUBLE_QUOTED): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ int yy_amount_of_matched_text = (int) (yy_cp - yyg->yytext_ptr) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ *yy_cp = yyg->yy_hold_char; YY_RESTORE_YY_MORE_OFFSET if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; /* %if-c-only */ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; /* %endif */ /* %if-c++-only */ /* %endif */ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position * of the first EOB in the buffer, since yy_c_buf_p will * already have been incremented past the NUL character * (since all states make transitions on EOB to the * end-of-buffer state). Contrast this with the test * in input(). */ if ( yyg->yy_c_buf_p <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars] ) { /* This was really a NUL. */ yy_state_type yy_next_state; yyg->yy_c_buf_p = yyg->yytext_ptr + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( yyscanner ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have * yy_get_previous_state() go ahead and do it * for us because it doesn't know how to deal * with the possibility of jamming (and we don't * want to build jamming into it because then it * will run more slowly). */ yy_next_state = yy_try_NUL_trans( yy_current_state , yyscanner); yy_bp = yyg->yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ yy_cp = ++yyg->yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { /* %% [14.0] code to do back-up for compressed tables and set up yy_cp goes here */ yy_cp = yyg->yy_c_buf_p; goto yy_find_action; } } else switch ( yy_get_next_buffer( yyscanner ) ) { case EOB_ACT_END_OF_FILE: { yyg->yy_did_buffer_switch_on_eof = 0; if ( yywrap( yyscanner ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up * yytext, we can now set up * yy_c_buf_p so that if some total * hoser (like flex itself) wants to * call the scanner after we return the * YY_NULL, it'll still work - another * YY_NULL will get returned. */ yyg->yy_c_buf_p = yyg->yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; } else { if ( ! yyg->yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: yyg->yy_c_buf_p = yyg->yytext_ptr + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( yyscanner ); yy_cp = yyg->yy_c_buf_p; yy_bp = yyg->yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: yyg->yy_c_buf_p = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars]; yy_current_state = yy_get_previous_state( yyscanner ); yy_cp = yyg->yy_c_buf_p; yy_bp = yyg->yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; } default: YY_FATAL_ERROR( "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ } /* end of user's declarations */ } /* end of yylex */ /* %ok-for-header */ /* %if-c++-only */ /* %not-for-header */ /* %ok-for-header */ /* %endif */ /* yy_get_next_buffer - try to read in a new buffer * * Returns a code representing an action: * EOB_ACT_LAST_MATCH - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ /* %if-c-only */ static int yy_get_next_buffer (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; char *source = yyg->yytext_ptr; int number_to_move, i; int ret_val; if ( yyg->yy_c_buf_p > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ if ( yyg->yy_c_buf_p - yyg->yytext_ptr - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. */ return EOB_ACT_END_OF_FILE; } else { /* We matched some text prior to the EOB, first * process it. */ return EOB_ACT_LAST_MATCH; } } /* Try to read more data. */ /* First move last chars to start of buffer. */ number_to_move = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr - 1); for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = 0; else { int num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; int yy_c_buf_p_offset = (int) (yyg->yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { int new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; else b->yy_buf_size *= 2; b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ yyrealloc( (void *) b->yy_ch_buf, (yy_size_t) (b->yy_buf_size + 2) , yyscanner ); } else /* Can't grow it, we don't own it. */ b->yy_ch_buf = NULL; if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); yyg->yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), yyg->yy_n_chars, num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars; } if ( yyg->yy_n_chars == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; yyrestart( yyin , yyscanner); } else { ret_val = EOB_ACT_LAST_MATCH; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } else ret_val = EOB_ACT_CONTINUE_SCAN; if ((yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ int new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc( (void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf, (yy_size_t) new_size , yyscanner ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); /* "- 2" to take care of EOB's */ YY_CURRENT_BUFFER_LVALUE->yy_buf_size = (int) (new_size - 2); } yyg->yy_n_chars += number_to_move; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars] = YY_END_OF_BUFFER_CHAR; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; yyg->yytext_ptr = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; return ret_val; } /* yy_get_previous_state - get the state just before the EOB char was reached */ /* %if-c-only */ /* %not-for-header */ static yy_state_type yy_get_previous_state (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { yy_state_type yy_current_state; char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* %% [15.0] code to get the start state into yy_current_state goes here */ yy_current_state = yyg->yy_start; for ( yy_cp = yyg->yytext_ptr + YY_MORE_ADJ; yy_cp < yyg->yy_c_buf_p; ++yy_cp ) { /* %% [16.0] code to find the next state goes here */ if ( *yy_cp ) { yy_current_state = yy_nxt[yy_current_state][YY_SC_TO_UI(*yy_cp)]; } else yy_current_state = yy_NUL_trans[yy_current_state]; if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; yyg->yy_last_accepting_cpos = yy_cp; } } return yy_current_state; } /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ /* %if-c-only */ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { int yy_is_jam; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */ /* %% [17.0] code to find the next state, and perhaps do backing up, goes here */ char *yy_cp = yyg->yy_c_buf_p; yy_current_state = yy_NUL_trans[yy_current_state]; yy_is_jam = (yy_current_state == 0); if ( ! yy_is_jam ) { if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; yyg->yy_last_accepting_cpos = yy_cp; } } (void)yyg; return yy_is_jam ? 0 : yy_current_state; } #ifndef YY_NO_UNPUT /* %if-c-only */ static void yyunput (int c, char * yy_bp , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yy_cp = yyg->yy_c_buf_p; /* undo effects of setting up yytext */ *yy_cp = yyg->yy_hold_char; if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ int number_to_move = yyg->yy_n_chars + 2; char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = (int) YY_CURRENT_BUFFER_LVALUE->yy_buf_size; if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; /* %% [18.0] update yylineno here */ yyg->yytext_ptr = yy_bp; yyg->yy_hold_char = *yy_cp; yyg->yy_c_buf_p = yy_cp; } /* %if-c-only */ /* %endif */ #endif /* %if-c-only */ #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (yyscan_t yyscanner) #else static int input (yyscan_t yyscanner) #endif /* %endif */ /* %if-c++-only */ /* %endif */ { int c; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; *yyg->yy_c_buf_p = yyg->yy_hold_char; if ( *yyg->yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ if ( yyg->yy_c_buf_p < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars] ) /* This was really a NUL. */ *yyg->yy_c_buf_p = '\0'; else { /* need more input */ int offset = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr); ++yyg->yy_c_buf_p; switch ( yy_get_next_buffer( yyscanner ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() * sees that we've accumulated a * token and flags that we need to * try matching the token before * proceeding. But for input(), * there's no matching to consider. * So convert the EOB_ACT_LAST_MATCH * to EOB_ACT_END_OF_FILE. */ /* Reset buffer status. */ yyrestart( yyin , yyscanner); /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { if ( yywrap( yyscanner ) ) return 0; if ( ! yyg->yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(yyscanner); #else return input(yyscanner); #endif } case EOB_ACT_CONTINUE_SCAN: yyg->yy_c_buf_p = yyg->yytext_ptr + offset; break; } } } c = *(unsigned char *) yyg->yy_c_buf_p; /* cast for 8-bit char's */ *yyg->yy_c_buf_p = '\0'; /* preserve yytext */ yyg->yy_hold_char = *++yyg->yy_c_buf_p; /* %% [19.0] update BOL and yylineno */ return c; } /* %if-c-only */ #endif /* ifndef YY_NO_INPUT */ /* %endif */ /** Immediately switch to a different input stream. * @param input_file A readable stream. * @param yyscanner The scanner object. * @note This function does not reset the start condition to @c INITIAL . */ /* %if-c-only */ void yyrestart (FILE * input_file , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if ( ! YY_CURRENT_BUFFER ){ yyensure_buffer_stack (yyscanner); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); } yy_init_buffer( YY_CURRENT_BUFFER, input_file , yyscanner); yy_load_buffer_state( yyscanner ); } /* %if-c++-only */ /* %endif */ /** Switch to a different input buffer. * @param new_buffer The new input buffer. * @param yyscanner The scanner object. */ /* %if-c-only */ void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* TODO. We should be able to replace this entire function body * with * yypop_buffer_state(); * yypush_buffer_state(new_buffer); */ yyensure_buffer_stack (yyscanner); if ( YY_CURRENT_BUFFER == new_buffer ) return; if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *yyg->yy_c_buf_p = yyg->yy_hold_char; YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = yyg->yy_c_buf_p; YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars; } YY_CURRENT_BUFFER_LVALUE = new_buffer; yy_load_buffer_state( yyscanner ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ yyg->yy_did_buffer_switch_on_eof = 1; } /* %if-c-only */ static void yy_load_buffer_state (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; yyg->yytext_ptr = yyg->yy_c_buf_p = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; /* %if-c-only */ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; /* %endif */ /* %if-c++-only */ /* %endif */ yyg->yy_hold_char = *yyg->yy_c_buf_p; } /** Allocate and initialize an input buffer state. * @param file A readable stream. * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. * @param yyscanner The scanner object. * @return the allocated buffer state. */ /* %if-c-only */ YY_BUFFER_STATE yy_create_buffer (FILE * file, int size , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { YY_BUFFER_STATE b; b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) , yyscanner ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_buf_size = size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) , yyscanner ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; yy_init_buffer( b, file , yyscanner); return b; } /* %if-c++-only */ /* %endif */ /** Destroy the buffer. * @param b a buffer created with yy_create_buffer() * @param yyscanner The scanner object. */ /* %if-c-only */ void yy_delete_buffer (YY_BUFFER_STATE b , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if ( ! b ) return; if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) yyfree( (void *) b->yy_ch_buf , yyscanner ); yyfree( (void *) b , yyscanner ); } /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, * such as during a yyrestart() or at EOF. */ /* %if-c-only */ static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { int oerrno = errno; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yy_flush_buffer( b , yyscanner); /* %if-c-only */ b->yy_input_file = file; /* %endif */ /* %if-c++-only */ /* %endif */ b->yy_fill_buffer = 1; /* If b is the current buffer, then yy_init_buffer was _probably_ * called from yyrestart() or through yy_get_next_buffer. * In that case, we don't want to reset the lineno or column. */ if (b != YY_CURRENT_BUFFER){ b->yy_bs_lineno = 1; b->yy_bs_column = 0; } /* %if-c-only */ b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; /* %endif */ /* %if-c++-only */ /* %endif */ errno = oerrno; } /** Discard all buffered characters. On the next scan, YY_INPUT will be called. * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. * @param yyscanner The scanner object. */ /* %if-c-only */ void yy_flush_buffer (YY_BUFFER_STATE b , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if ( ! b ) return; b->yy_n_chars = 0; /* We always need two end-of-buffer characters. The first causes * a transition to the end-of-buffer state. The second causes * a jam in that state. */ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; b->yy_buf_pos = &b->yy_ch_buf[0]; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; if ( b == YY_CURRENT_BUFFER ) yy_load_buffer_state( yyscanner ); } /* %if-c-or-c++ */ /** Pushes the new state onto the stack. The new state becomes * the current state. This function will allocate the stack * if necessary. * @param new_buffer The new state. * @param yyscanner The scanner object. */ /* %if-c-only */ void yypush_buffer_state (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (new_buffer == NULL) return; yyensure_buffer_stack(yyscanner); /* This block is copied from yy_switch_to_buffer. */ if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *yyg->yy_c_buf_p = yyg->yy_hold_char; YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = yyg->yy_c_buf_p; YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars; } /* Only push if top exists. Otherwise, replace top. */ if (YY_CURRENT_BUFFER) yyg->yy_buffer_stack_top++; YY_CURRENT_BUFFER_LVALUE = new_buffer; /* copied from yy_switch_to_buffer. */ yy_load_buffer_state( yyscanner ); yyg->yy_did_buffer_switch_on_eof = 1; } /* %endif */ /* %if-c-or-c++ */ /** Removes and deletes the top of the stack, if present. * The next element becomes the new top. * @param yyscanner The scanner object. */ /* %if-c-only */ void yypop_buffer_state (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (!YY_CURRENT_BUFFER) return; yy_delete_buffer(YY_CURRENT_BUFFER , yyscanner); YY_CURRENT_BUFFER_LVALUE = NULL; if (yyg->yy_buffer_stack_top > 0) --yyg->yy_buffer_stack_top; if (YY_CURRENT_BUFFER) { yy_load_buffer_state( yyscanner ); yyg->yy_did_buffer_switch_on_eof = 1; } } /* %endif */ /* %if-c-or-c++ */ /* Allocates the stack if it does not exist. * Guarantees space for at least one push. */ /* %if-c-only */ static void yyensure_buffer_stack (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { yy_size_t num_to_alloc; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (!yyg->yy_buffer_stack) { /* First allocation is just for 2 elements, since we don't know if this * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ yyg->yy_buffer_stack = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); if ( ! yyg->yy_buffer_stack ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); memset(yyg->yy_buffer_stack, 0, num_to_alloc * sizeof(struct yy_buffer_state*)); yyg->yy_buffer_stack_max = num_to_alloc; yyg->yy_buffer_stack_top = 0; return; } if (yyg->yy_buffer_stack_top >= (yyg->yy_buffer_stack_max) - 1){ /* Increase the buffer to prepare for a possible push. */ yy_size_t grow_size = 8 /* arbitrary grow size */; num_to_alloc = yyg->yy_buffer_stack_max + grow_size; yyg->yy_buffer_stack = (struct yy_buffer_state**)yyrealloc (yyg->yy_buffer_stack, num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); if ( ! yyg->yy_buffer_stack ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset(yyg->yy_buffer_stack + yyg->yy_buffer_stack_max, 0, grow_size * sizeof(struct yy_buffer_state*)); yyg->yy_buffer_stack_max = num_to_alloc; } } /* %endif */ /* %if-c-only */ /** Setup the input buffer state to scan directly from a user-specified character buffer. * @param base the character buffer * @param size the size in bytes of the character buffer * @param yyscanner The scanner object. * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size , yyscan_t yyscanner) { YY_BUFFER_STATE b; if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return NULL; b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) , yyscanner ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); b->yy_buf_size = (int) (size - 2); /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; b->yy_is_our_buffer = 0; b->yy_input_file = NULL; b->yy_n_chars = b->yy_buf_size; b->yy_is_interactive = 0; b->yy_at_bol = 1; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; yy_switch_to_buffer( b , yyscanner ); return b; } /* %endif */ /* %if-c-only */ /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. * @param yystr a NUL-terminated string to scan * @param yyscanner The scanner object. * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use * yy_scan_bytes() instead. */ YY_BUFFER_STATE yy_scan_string (const char * yystr , yyscan_t yyscanner) { return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner); } /* %endif */ /* %if-c-only */ /** Setup the input buffer state to scan the given bytes. The next call to yylex() will * scan from a @e copy of @a bytes. * @param yybytes the byte buffer to scan * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. * @param yyscanner The scanner object. * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_bytes (const char * yybytes, int _yybytes_len , yyscan_t yyscanner) { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; /* Get memory for full buffer, including space for trailing EOB's. */ n = (yy_size_t) (_yybytes_len + 2); buf = (char *) yyalloc( n , yyscanner ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); for ( i = 0; i < _yybytes_len; ++i ) buf[i] = yybytes[i]; buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; b = yy_scan_buffer( buf, n , yyscanner); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); /* It's okay to grow etc. this buffer, and we should throw it * away when we're done. */ b->yy_is_our_buffer = 1; return b; } /* %endif */ #ifndef YY_EXIT_FAILURE #define YY_EXIT_FAILURE 2 #endif /* %if-c-only */ static void yynoreturn yy_fatal_error (const char* msg , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; (void)yyg; fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* %endif */ /* %if-c++-only */ /* %endif */ /* Redefine yyless() so it works in section 3 code. */ #undef yyless #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ yytext[yyleng] = yyg->yy_hold_char; \ yyg->yy_c_buf_p = yytext + yyless_macro_arg; \ yyg->yy_hold_char = *yyg->yy_c_buf_p; \ *yyg->yy_c_buf_p = '\0'; \ yyleng = yyless_macro_arg; \ } \ while ( 0 ) /* Accessor methods (get/set functions) to struct members. */ /* %if-c-only */ /* %if-reentrant */ /** Get the user-defined data for this scanner. * @param yyscanner The scanner object. */ YY_EXTRA_TYPE yyget_extra (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyextra; } /* %endif */ /** Get the current line number. * @param yyscanner The scanner object. */ int yyget_lineno (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (! YY_CURRENT_BUFFER) return 0; return yylineno; } /** Get the current column number. * @param yyscanner The scanner object. */ int yyget_column (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (! YY_CURRENT_BUFFER) return 0; return yycolumn; } /** Get the input stream. * @param yyscanner The scanner object. */ FILE *yyget_in (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyin; } /** Get the output stream. * @param yyscanner The scanner object. */ FILE *yyget_out (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyout; } /** Get the length of the current token. * @param yyscanner The scanner object. */ int yyget_leng (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyleng; } /** Get the current token. * @param yyscanner The scanner object. */ char *yyget_text (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yytext; } /* %if-reentrant */ /** Set the user-defined data. This data is never touched by the scanner. * @param user_defined The data to be associated with this scanner. * @param yyscanner The scanner object. */ void yyset_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyextra = user_defined ; } /* %endif */ /** Set the current line number. * @param _line_number line number * @param yyscanner The scanner object. */ void yyset_lineno (int _line_number , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* lineno is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) YY_FATAL_ERROR( "yyset_lineno called with no buffer" ); yylineno = _line_number; } /** Set the current column. * @param _column_no column number * @param yyscanner The scanner object. */ void yyset_column (int _column_no , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* column is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) YY_FATAL_ERROR( "yyset_column called with no buffer" ); yycolumn = _column_no; } /** Set the input stream. This does not discard the current * input buffer. * @param _in_str A readable stream. * @param yyscanner The scanner object. * @see yy_switch_to_buffer */ void yyset_in (FILE * _in_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyin = _in_str ; } void yyset_out (FILE * _out_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyout = _out_str ; } int yyget_debug (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yy_flex_debug; } void yyset_debug (int _bdebug , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yy_flex_debug = _bdebug ; } /* %endif */ /* %if-reentrant */ /* Accessor methods for yylval and yylloc */ /* %if-bison-bridge */ YYSTYPE * yyget_lval (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yylval; } void yyset_lval (YYSTYPE * yylval_param , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yylval = yylval_param; } /* %endif */ /* User-visible API */ /* yylex_init is special because it creates the scanner itself, so it is * the ONLY reentrant function that doesn't take the scanner as the last argument. * That's why we explicitly handle the declaration, instead of using our macros. */ int yylex_init(yyscan_t* ptr_yy_globals) { if (ptr_yy_globals == NULL){ errno = EINVAL; return 1; } *ptr_yy_globals = (yyscan_t) yyalloc ( sizeof( struct yyguts_t ), NULL ); if (*ptr_yy_globals == NULL){ errno = ENOMEM; return 1; } /* By setting to 0xAA, we expose bugs in yy_init_globals. Leave at 0x00 for releases. */ memset(*ptr_yy_globals,0x00,sizeof(struct yyguts_t)); return yy_init_globals ( *ptr_yy_globals ); } /* yylex_init_extra has the same functionality as yylex_init, but follows the * convention of taking the scanner as the last argument. Note however, that * this is a *pointer* to a scanner, as it will be allocated by this call (and * is the reason, too, why this function also must handle its own declaration). * The user defined value in the first argument will be available to yyalloc in * the yyextra field. */ int yylex_init_extra( YY_EXTRA_TYPE yy_user_defined, yyscan_t* ptr_yy_globals ) { struct yyguts_t dummy_yyguts; yyset_extra (yy_user_defined, &dummy_yyguts); if (ptr_yy_globals == NULL){ errno = EINVAL; return 1; } *ptr_yy_globals = (yyscan_t) yyalloc ( sizeof( struct yyguts_t ), &dummy_yyguts ); if (*ptr_yy_globals == NULL){ errno = ENOMEM; return 1; } /* By setting to 0xAA, we expose bugs in yy_init_globals. Leave at 0x00 for releases. */ memset(*ptr_yy_globals,0x00,sizeof(struct yyguts_t)); yyset_extra (yy_user_defined, *ptr_yy_globals); return yy_init_globals ( *ptr_yy_globals ); } /* %endif if-c-only */ /* %if-c-only */ static int yy_init_globals (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* Initialization is the same as for the non-reentrant scanner. * This function is called from yylex_destroy(), so don't allocate here. */ yyg->yy_buffer_stack = NULL; yyg->yy_buffer_stack_top = 0; yyg->yy_buffer_stack_max = 0; yyg->yy_c_buf_p = NULL; yyg->yy_init = 0; yyg->yy_start = 0; yyg->yy_start_stack_ptr = 0; yyg->yy_start_stack_depth = 0; yyg->yy_start_stack = NULL; /* Defined in main.c */ #ifdef YY_STDINIT yyin = stdin; yyout = stdout; #else yyin = NULL; yyout = NULL; #endif /* For future reference: Set errno on error, since we are called by * yylex_init() */ return 0; } /* %endif */ /* %if-c-only SNIP! this currently causes conflicts with the c++ scanner */ /* yylex_destroy is for both reentrant and non-reentrant scanners. */ int yylex_destroy (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* Pop the buffer stack, destroying each element. */ while(YY_CURRENT_BUFFER){ yy_delete_buffer( YY_CURRENT_BUFFER , yyscanner ); YY_CURRENT_BUFFER_LVALUE = NULL; yypop_buffer_state(yyscanner); } /* Destroy the stack itself. */ yyfree(yyg->yy_buffer_stack , yyscanner); yyg->yy_buffer_stack = NULL; /* Destroy the start condition stack. */ yyfree( yyg->yy_start_stack , yyscanner ); yyg->yy_start_stack = NULL; /* Reset the globals. This is important in a non-reentrant scanner so the next time * yylex() is called, initialization will occur. */ yy_init_globals( yyscanner); /* %if-reentrant */ /* Destroy the main struct (reentrant only). */ yyfree ( yyscanner , yyscanner ); yyscanner = NULL; /* %endif */ return 0; } /* %endif */ /* * Internal utility routines. */ #ifndef yytext_ptr static void yy_flex_strncpy (char* s1, const char * s2, int n , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; (void)yyg; int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen (const char * s , yyscan_t yyscanner) { int n; for ( n = 0; s[n]; ++n ) ; return n; } #endif void *yyalloc (yy_size_t size , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; (void)yyg; return malloc(size); } void *yyrealloc (void * ptr, yy_size_t size , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; (void)yyg; /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter * because both ANSI C and C++ allow castless assignment from * any pointer type to void*, and deal with argument conversions * as though doing an assignment. */ return realloc(ptr, size); } void yyfree (void * ptr , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; (void)yyg; free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ } /* %if-tables-serialization definitions */ /* %define-yytables The name for this specific scanner's tables. */ #define YYTABLES_NAME "yytables" /* %endif */ /* %ok-for-header */ #line 72 "signing_policy.l" voms-2.1.2/src/sslutils/lexparse.h000066400000000000000000000002271477131364200171560ustar00rootroot00000000000000/* Declarations for lexer/parser integration. */ union YYSTYPE; int signinglex (union YYSTYPE *, void *); int namespaceslex (union YYSTYPE *, void *); voms-2.1.2/src/sslutils/namespaces.c000066400000000000000000001511471477131364200174550ustar00rootroot00000000000000/* A Bison parser, made by GNU Bison 3.7.4. */ /* Bison implementation for Yacc-like parsers in C Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* C LALR(1) parser skeleton written by Richard Stallman, by simplifying the original so-called "semantic" parser. */ /* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, especially those whose name start with YY_ or yy_. They are private implementation details that can be changed or removed. */ /* All symbols defined below should begin with yy or YY, to avoid infringing on user name space. This should be done even for local variables, as they might otherwise be expanded by user macros. There are some unavoidable exceptions within include files to define necessary library symbols; they are noted "INFRINGES ON USER NAME SPACE" below. */ /* Identify Bison output, and Bison version. */ #define YYBISON 30704 /* Bison version string. */ #define YYBISON_VERSION "3.7.4" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" /* Pure parsers. */ #define YYPURE 1 /* Push parsers. */ #define YYPUSH 0 /* Pull parsers. */ #define YYPULL 1 /* Substitute the variable and function names. */ #define yyparse namespacesparse #define yylex namespaceslex #define yyerror namespaceserror #define yydebug namespacesdebug #define yynerrs namespacesnerrs /* First part of user prologue. */ #line 1 "namespaces.y" /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include "parsertypes.h" #include "lexparse.h" #include "listfunc.h" char **parse_subjects(char *string); void namespaceserror(void *policies, void *scanner, char const *msg); #line 114 "namespaces.c" # ifndef YY_CAST # ifdef __cplusplus # define YY_CAST(Type, Val) static_cast (Val) # define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast (Val) # else # define YY_CAST(Type, Val) ((Type) (Val)) # define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val)) # endif # endif # ifndef YY_NULLPTR # if defined __cplusplus # if 201103L <= __cplusplus # define YY_NULLPTR nullptr # else # define YY_NULLPTR 0 # endif # else # define YY_NULLPTR ((void*)0) # endif # endif #include "namespaces.h" /* Symbol kind. */ enum yysymbol_kind_t { YYSYMBOL_YYEMPTY = -2, YYSYMBOL_YYEOF = 0, /* "end of file" */ YYSYMBOL_YYerror = 1, /* error */ YYSYMBOL_YYUNDEF = 2, /* "invalid token" */ YYSYMBOL_SUBJECT = 3, /* SUBJECT */ YYSYMBOL_TO = 4, /* TO */ YYSYMBOL_SELF = 5, /* SELF */ YYSYMBOL_PERMIT = 6, /* PERMIT */ YYSYMBOL_DENY = 7, /* DENY */ YYSYMBOL_SUBJECT_WORD = 8, /* SUBJECT_WORD */ YYSYMBOL_ISSUER = 9, /* ISSUER */ YYSYMBOL_YYACCEPT = 10, /* $accept */ YYSYMBOL_eacl = 11, /* eacl */ YYSYMBOL_rule = 12, /* rule */ YYSYMBOL_condition = 13, /* condition */ YYSYMBOL_permit_or_deny = 14 /* permit_or_deny */ }; typedef enum yysymbol_kind_t yysymbol_kind_t; #ifdef short # undef short #endif /* On compilers that do not define __PTRDIFF_MAX__ etc., make sure and (if available) are included so that the code can choose integer types of a good width. */ #ifndef __PTRDIFF_MAX__ # include /* INFRINGES ON USER NAME SPACE */ # if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ # include /* INFRINGES ON USER NAME SPACE */ # define YY_STDINT_H # endif #endif /* Narrow types that promote to a signed type and that can represent a signed or unsigned integer of at least N bits. In tables they can save space and decrease cache pressure. Promoting to a signed type helps avoid bugs in integer arithmetic. */ #ifdef __INT_LEAST8_MAX__ typedef __INT_LEAST8_TYPE__ yytype_int8; #elif defined YY_STDINT_H typedef int_least8_t yytype_int8; #else typedef signed char yytype_int8; #endif #ifdef __INT_LEAST16_MAX__ typedef __INT_LEAST16_TYPE__ yytype_int16; #elif defined YY_STDINT_H typedef int_least16_t yytype_int16; #else typedef short yytype_int16; #endif #if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__ typedef __UINT_LEAST8_TYPE__ yytype_uint8; #elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \ && UINT_LEAST8_MAX <= INT_MAX) typedef uint_least8_t yytype_uint8; #elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX typedef unsigned char yytype_uint8; #else typedef short yytype_uint8; #endif #if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__ typedef __UINT_LEAST16_TYPE__ yytype_uint16; #elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \ && UINT_LEAST16_MAX <= INT_MAX) typedef uint_least16_t yytype_uint16; #elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX typedef unsigned short yytype_uint16; #else typedef int yytype_uint16; #endif #ifndef YYPTRDIFF_T # if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__ # define YYPTRDIFF_T __PTRDIFF_TYPE__ # define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__ # elif defined PTRDIFF_MAX # ifndef ptrdiff_t # include /* INFRINGES ON USER NAME SPACE */ # endif # define YYPTRDIFF_T ptrdiff_t # define YYPTRDIFF_MAXIMUM PTRDIFF_MAX # else # define YYPTRDIFF_T long # define YYPTRDIFF_MAXIMUM LONG_MAX # endif #endif #ifndef YYSIZE_T # ifdef __SIZE_TYPE__ # define YYSIZE_T __SIZE_TYPE__ # elif defined size_t # define YYSIZE_T size_t # elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ # include /* INFRINGES ON USER NAME SPACE */ # define YYSIZE_T size_t # else # define YYSIZE_T unsigned # endif #endif #define YYSIZE_MAXIMUM \ YY_CAST (YYPTRDIFF_T, \ (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1) \ ? YYPTRDIFF_MAXIMUM \ : YY_CAST (YYSIZE_T, -1))) #define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X)) /* Stored state numbers (used for stacks). */ typedef yytype_int8 yy_state_t; /* State numbers in computations. */ typedef int yy_state_fast_t; #ifndef YY_ # if defined YYENABLE_NLS && YYENABLE_NLS # if ENABLE_NLS # include /* INFRINGES ON USER NAME SPACE */ # define YY_(Msgid) dgettext ("bison-runtime", Msgid) # endif # endif # ifndef YY_ # define YY_(Msgid) Msgid # endif #endif #ifndef YY_ATTRIBUTE_PURE # if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__) # define YY_ATTRIBUTE_PURE __attribute__ ((__pure__)) # else # define YY_ATTRIBUTE_PURE # endif #endif #ifndef YY_ATTRIBUTE_UNUSED # if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__) # define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) # else # define YY_ATTRIBUTE_UNUSED # endif #endif /* Suppress unused-variable warnings by "using" E. */ #if ! defined lint || defined __GNUC__ # define YYUSE(E) ((void) (E)) #else # define YYUSE(E) /* empty */ #endif #if defined __GNUC__ && ! defined __ICC && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ /* Suppress an incorrect diagnostic about yylval being uninitialized. */ # define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ _Pragma ("GCC diagnostic push") \ _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") # define YY_IGNORE_MAYBE_UNINITIALIZED_END \ _Pragma ("GCC diagnostic pop") #else # define YY_INITIAL_VALUE(Value) Value #endif #ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN # define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN # define YY_IGNORE_MAYBE_UNINITIALIZED_END #endif #ifndef YY_INITIAL_VALUE # define YY_INITIAL_VALUE(Value) /* Nothing. */ #endif #if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__ # define YY_IGNORE_USELESS_CAST_BEGIN \ _Pragma ("GCC diagnostic push") \ _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"") # define YY_IGNORE_USELESS_CAST_END \ _Pragma ("GCC diagnostic pop") #endif #ifndef YY_IGNORE_USELESS_CAST_BEGIN # define YY_IGNORE_USELESS_CAST_BEGIN # define YY_IGNORE_USELESS_CAST_END #endif #define YY_ASSERT(E) ((void) (0 && (E))) #if 1 /* The parser invokes alloca or malloc; define the necessary symbols. */ # ifdef YYSTACK_USE_ALLOCA # if YYSTACK_USE_ALLOCA # ifdef __GNUC__ # define YYSTACK_ALLOC __builtin_alloca # elif defined __BUILTIN_VA_ARG_INCR # include /* INFRINGES ON USER NAME SPACE */ # elif defined _AIX # define YYSTACK_ALLOC __alloca # elif defined _MSC_VER # include /* INFRINGES ON USER NAME SPACE */ # define alloca _alloca # else # define YYSTACK_ALLOC alloca # if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS # include /* INFRINGES ON USER NAME SPACE */ /* Use EXIT_SUCCESS as a witness for stdlib.h. */ # ifndef EXIT_SUCCESS # define EXIT_SUCCESS 0 # endif # endif # endif # endif # endif # ifdef YYSTACK_ALLOC /* Pacify GCC's 'empty if-body' warning. */ # define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) # ifndef YYSTACK_ALLOC_MAXIMUM /* The OS might guarantee only one guard page at the bottom of the stack, and a page size can be as small as 4096 bytes. So we cannot safely invoke alloca (N) if N exceeds 4096. Use a slightly smaller number to allow for a few compiler-allocated temporary stack slots. */ # define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ # endif # else # define YYSTACK_ALLOC YYMALLOC # define YYSTACK_FREE YYFREE # ifndef YYSTACK_ALLOC_MAXIMUM # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM # endif # if (defined __cplusplus && ! defined EXIT_SUCCESS \ && ! ((defined YYMALLOC || defined malloc) \ && (defined YYFREE || defined free))) # include /* INFRINGES ON USER NAME SPACE */ # ifndef EXIT_SUCCESS # define EXIT_SUCCESS 0 # endif # endif # ifndef YYMALLOC # define YYMALLOC malloc # if ! defined malloc && ! defined EXIT_SUCCESS void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ # endif # endif # ifndef YYFREE # define YYFREE free # if ! defined free && ! defined EXIT_SUCCESS void free (void *); /* INFRINGES ON USER NAME SPACE */ # endif # endif # endif #endif /* 1 */ #if (! defined yyoverflow \ && (! defined __cplusplus \ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) /* A type that is properly aligned for any stack member. */ union yyalloc { yy_state_t yyss_alloc; YYSTYPE yyvs_alloc; }; /* The size of the maximum gap between one aligned stack and the next. */ # define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1) /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) # define YYCOPY_NEEDED 1 /* Relocate STACK from its old location to the new one. The local variables YYSIZE and YYSTACKSIZE give the old and new number of elements in the stack, and YYPTR gives the new location of the stack. Advance YYPTR to a properly aligned location for the next stack. */ # define YYSTACK_RELOCATE(Stack_alloc, Stack) \ do \ { \ YYPTRDIFF_T yynewbytes; \ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ Stack = &yyptr->Stack_alloc; \ yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \ yyptr += yynewbytes / YYSIZEOF (*yyptr); \ } \ while (0) #endif #if defined YYCOPY_NEEDED && YYCOPY_NEEDED /* Copy COUNT objects from SRC to DST. The source and destination do not overlap. */ # ifndef YYCOPY # if defined __GNUC__ && 1 < __GNUC__ # define YYCOPY(Dst, Src, Count) \ __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src))) # else # define YYCOPY(Dst, Src, Count) \ do \ { \ YYPTRDIFF_T yyi; \ for (yyi = 0; yyi < (Count); yyi++) \ (Dst)[yyi] = (Src)[yyi]; \ } \ while (0) # endif # endif #endif /* !YYCOPY_NEEDED */ /* YYFINAL -- State number of the termination state. */ #define YYFINAL 5 /* YYLAST -- Last index in YYTABLE. */ #define YYLAST 12 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 10 /* YYNNTS -- Number of nonterminals. */ #define YYNNTS 5 /* YYNRULES -- Number of rules. */ #define YYNRULES 8 /* YYNSTATES -- Number of states. */ #define YYNSTATES 16 /* YYMAXUTOK -- Last valid token kind. */ #define YYMAXUTOK 264 /* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM as returned by yylex, with out-of-bounds checking. */ #define YYTRANSLATE(YYX) \ (0 <= (YYX) && (YYX) <= YYMAXUTOK \ ? YY_CAST (yysymbol_kind_t, yytranslate[YYX]) \ : YYSYMBOL_YYUNDEF) /* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM as returned by yylex. */ static const yytype_int8 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_int8 yyrline[] = { 0, 67, 67, 68, 71, 81, 92, 107, 108 }; #endif /** Accessing symbol of state STATE. */ #define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State]) #if 1 /* The user-facing name of the symbol whose (internal) number is YYSYMBOL. No bounds checking. */ static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED; /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { "\"end of file\"", "error", "\"invalid token\"", "SUBJECT", "TO", "SELF", "PERMIT", "DENY", "SUBJECT_WORD", "ISSUER", "$accept", "eacl", "rule", "condition", "permit_or_deny", YY_NULLPTR }; static const char * yysymbol_name (yysymbol_kind_t yysymbol) { return yytname[yysymbol]; } #endif #ifdef YYPRINT /* YYTOKNUM[NUM] -- (External) token number corresponding to the (internal) symbol number NUM (which must be that of a token). */ static const yytype_int16 yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264 }; #endif #define YYPACT_NINF (-8) #define yypact_value_is_default(Yyn) \ ((Yyn) == YYPACT_NINF) #define YYTABLE_NINF (-1) #define yytable_value_is_error(Yyn) \ 0 /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ static const yytype_int8 yypact[] = { 3, -7, 0, -8, -2, -8, -8, -1, -1, -8, -8, -8, 1, -8, 5, -8 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. Performed when YYTABLE does not specify something else to do. Zero means the default is an error. */ static const yytype_int8 yydefact[] = { 0, 0, 0, 2, 0, 1, 3, 0, 0, 7, 8, 4, 0, 5, 0, 6 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int8 yypgoto[] = { -8, -8, 8, 4, -8 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int8 yydefgoto[] = { -1, 2, 3, 11, 12 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If positive, shift that token. If negative, reduce the rule whose number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_int8 yytable[] = { 5, 7, 4, 8, 1, 9, 10, 1, 15, 14, 6, 0, 13 }; static const yytype_int8 yycheck[] = { 0, 3, 9, 5, 4, 6, 7, 4, 3, 8, 2, -1, 8 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_int8 yystos[] = { 0, 4, 11, 12, 9, 0, 12, 3, 5, 6, 7, 13, 14, 13, 8, 3 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_int8 yyr1[] = { 0, 10, 11, 11, 12, 12, 13, 14, 14 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ static const yytype_int8 yyr2[] = { 0, 2, 1, 2, 4, 4, 3, 1, 1 }; enum { YYENOMEM = -2 }; #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) #define YYACCEPT goto yyacceptlab #define YYABORT goto yyabortlab #define YYERROR goto yyerrorlab #define YYRECOVERING() (!!yyerrstatus) #define YYBACKUP(Token, Value) \ do \ if (yychar == YYEMPTY) \ { \ yychar = (Token); \ yylval = (Value); \ YYPOPSTACK (yylen); \ yystate = *yyssp; \ goto yybackup; \ } \ else \ { \ yyerror (policies, scanner, YY_("syntax error: cannot back up")); \ YYERROR; \ } \ while (0) /* Backward compatibility with an undocumented macro. Use YYerror or YYUNDEF. */ #define YYERRCODE YYUNDEF /* Enable debugging if requested. */ #if YYDEBUG # ifndef YYFPRINTF # include /* INFRINGES ON USER NAME SPACE */ # define YYFPRINTF fprintf # endif # define YYDPRINTF(Args) \ do { \ if (yydebug) \ YYFPRINTF Args; \ } while (0) /* This macro is provided for backward compatibility. */ # ifndef YY_LOCATION_PRINT # define YY_LOCATION_PRINT(File, Loc) ((void) 0) # endif # define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ yy_symbol_print (stderr, \ Kind, Value, policies, scanner); \ YYFPRINTF (stderr, "\n"); \ } \ } while (0) /*-----------------------------------. | Print this symbol's value on YYO. | `-----------------------------------*/ static void yy_symbol_value_print (FILE *yyo, yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep, struct policy ***policies, void *scanner) { FILE *yyoutput = yyo; YYUSE (yyoutput); YYUSE (policies); YYUSE (scanner); if (!yyvaluep) return; # ifdef YYPRINT if (yykind < YYNTOKENS) YYPRINT (yyo, yytoknum[yykind], *yyvaluep); # endif YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN YYUSE (yykind); YY_IGNORE_MAYBE_UNINITIALIZED_END } /*---------------------------. | Print this symbol on YYO. | `---------------------------*/ static void yy_symbol_print (FILE *yyo, yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep, struct policy ***policies, void *scanner) { YYFPRINTF (yyo, "%s %s (", yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind)); yy_symbol_value_print (yyo, yykind, yyvaluep, policies, scanner); YYFPRINTF (yyo, ")"); } /*------------------------------------------------------------------. | yy_stack_print -- Print the state stack from its BOTTOM up to its | | TOP (included). | `------------------------------------------------------------------*/ static void yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop) { YYFPRINTF (stderr, "Stack now"); for (; yybottom <= yytop; yybottom++) { int yybot = *yybottom; YYFPRINTF (stderr, " %d", yybot); } YYFPRINTF (stderr, "\n"); } # define YY_STACK_PRINT(Bottom, Top) \ do { \ if (yydebug) \ yy_stack_print ((Bottom), (Top)); \ } while (0) /*------------------------------------------------. | Report that the YYRULE is going to be reduced. | `------------------------------------------------*/ static void yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp, int yyrule, struct policy ***policies, void *scanner) { int yylno = yyrline[yyrule]; int yynrhs = yyr2[yyrule]; int yyi; YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n", yyrule - 1, yylno); /* The symbols being reduced. */ for (yyi = 0; yyi < yynrhs; yyi++) { YYFPRINTF (stderr, " $%d = ", yyi + 1); yy_symbol_print (stderr, YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]), &yyvsp[(yyi + 1) - (yynrhs)], policies, scanner); YYFPRINTF (stderr, "\n"); } } # define YY_REDUCE_PRINT(Rule) \ do { \ if (yydebug) \ yy_reduce_print (yyssp, yyvsp, Rule, policies, scanner); \ } while (0) /* Nonzero means print parse trace. It is left uninitialized so that multiple parsers can coexist. */ int yydebug; #else /* !YYDEBUG */ # define YYDPRINTF(Args) ((void) 0) # define YY_SYMBOL_PRINT(Title, Kind, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ /* YYINITDEPTH -- initial size of the parser's stacks. */ #ifndef YYINITDEPTH # define YYINITDEPTH 200 #endif /* YYMAXDEPTH -- maximum size the stacks can grow to (effective only if the built-in stack extension method is used). Do not make this value too large; the results are undefined if YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ #ifndef YYMAXDEPTH # define YYMAXDEPTH 10000 #endif /* Context of a parse error. */ typedef struct { yy_state_t *yyssp; yysymbol_kind_t yytoken; } yypcontext_t; /* Put in YYARG at most YYARGN of the expected tokens given the current YYCTX, and return the number of tokens stored in YYARG. If YYARG is null, return the number of expected tokens (guaranteed to be less than YYNTOKENS). Return YYENOMEM on memory exhaustion. Return 0 if there are more than YYARGN expected tokens, yet fill YYARG up to YYARGN. */ static int yypcontext_expected_tokens (const yypcontext_t *yyctx, yysymbol_kind_t yyarg[], int yyargn) { /* Actual size of YYARG. */ int yycount = 0; int yyn = yypact[+*yyctx->yyssp]; if (!yypact_value_is_default (yyn)) { /* Start YYX at -YYN if negative to avoid negative indexes in YYCHECK. In other words, skip the first -YYN actions for this state because they are default actions. */ int yyxbegin = yyn < 0 ? -yyn : 0; /* Stay within bounds of both yycheck and yytname. */ int yychecklim = YYLAST - yyn + 1; int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; int yyx; for (yyx = yyxbegin; yyx < yyxend; ++yyx) if (yycheck[yyx + yyn] == yyx && yyx != YYSYMBOL_YYerror && !yytable_value_is_error (yytable[yyx + yyn])) { if (!yyarg) ++yycount; else if (yycount == yyargn) return 0; else yyarg[yycount++] = YY_CAST (yysymbol_kind_t, yyx); } } if (yyarg && yycount == 0 && 0 < yyargn) yyarg[0] = YYSYMBOL_YYEMPTY; return yycount; } #ifndef yystrlen # if defined __GLIBC__ && defined _STRING_H # define yystrlen(S) (YY_CAST (YYPTRDIFF_T, strlen (S))) # else /* Return the length of YYSTR. */ static YYPTRDIFF_T yystrlen (const char *yystr) { YYPTRDIFF_T yylen; for (yylen = 0; yystr[yylen]; yylen++) continue; return yylen; } # endif #endif #ifndef yystpcpy # if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE # define yystpcpy stpcpy # else /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in YYDEST. */ static char * yystpcpy (char *yydest, const char *yysrc) { char *yyd = yydest; const char *yys = yysrc; while ((*yyd++ = *yys++) != '\0') continue; return yyd - 1; } # endif #endif #ifndef yytnamerr /* Copy to YYRES the contents of YYSTR after stripping away unnecessary quotes and backslashes, so that it's suitable for yyerror. The heuristic is that double-quoting is unnecessary unless the string contains an apostrophe, a comma, or backslash (other than backslash-backslash). YYSTR is taken from yytname. If YYRES is null, do not copy; instead, return the length of what the result would have been. */ static YYPTRDIFF_T yytnamerr (char *yyres, const char *yystr) { if (*yystr == '"') { YYPTRDIFF_T yyn = 0; char const *yyp = yystr; for (;;) switch (*++yyp) { case '\'': case ',': goto do_not_strip_quotes; case '\\': if (*++yyp != '\\') goto do_not_strip_quotes; else goto append; append: default: if (yyres) yyres[yyn] = *yyp; yyn++; break; case '"': if (yyres) yyres[yyn] = '\0'; return yyn; } do_not_strip_quotes: ; } if (yyres) return yystpcpy (yyres, yystr) - yyres; else return yystrlen (yystr); } #endif static int yy_syntax_error_arguments (const yypcontext_t *yyctx, yysymbol_kind_t yyarg[], int yyargn) { /* Actual size of YYARG. */ int yycount = 0; /* There are many possibilities here to consider: - If this state is a consistent state with a default action, then the only way this function was invoked is if the default action is an error action. In that case, don't check for expected tokens because there are none. - The only way there can be no lookahead present (in yychar) is if this state is a consistent state with a default action. Thus, detecting the absence of a lookahead is sufficient to determine that there is no unexpected or expected token to report. In that case, just report a simple "syntax error". - Don't assume there isn't a lookahead just because this state is a consistent state with a default action. There might have been a previous inconsistent state, consistent state with a non-default action, or user semantic action that manipulated yychar. - Of course, the expected token list depends on states to have correct lookahead information, and it depends on the parser not to perform extra reductions after fetching a lookahead from the scanner and before detecting a syntax error. Thus, state merging (from LALR or IELR) and default reductions corrupt the expected token list. However, the list is correct for canonical LR with one exception: it will still contain any token that will not be accepted due to an error action in a later state. */ if (yyctx->yytoken != YYSYMBOL_YYEMPTY) { int yyn; if (yyarg) yyarg[yycount] = yyctx->yytoken; ++yycount; yyn = yypcontext_expected_tokens (yyctx, yyarg ? yyarg + 1 : yyarg, yyargn - 1); if (yyn == YYENOMEM) return YYENOMEM; else yycount += yyn; } return yycount; } /* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message about the unexpected token YYTOKEN for the state stack whose top is YYSSP. Return 0 if *YYMSG was successfully written. Return -1 if *YYMSG is not large enough to hold the message. In that case, also set *YYMSG_ALLOC to the required number of bytes. Return YYENOMEM if the required number of bytes is too large to store. */ static int yysyntax_error (YYPTRDIFF_T *yymsg_alloc, char **yymsg, const yypcontext_t *yyctx) { enum { YYARGS_MAX = 5 }; /* Internationalized format string. */ const char *yyformat = YY_NULLPTR; /* Arguments of yyformat: reported tokens (one for the "unexpected", one per "expected"). */ yysymbol_kind_t yyarg[YYARGS_MAX]; /* Cumulated lengths of YYARG. */ YYPTRDIFF_T yysize = 0; /* Actual size of YYARG. */ int yycount = yy_syntax_error_arguments (yyctx, yyarg, YYARGS_MAX); if (yycount == YYENOMEM) return YYENOMEM; switch (yycount) { #define YYCASE_(N, S) \ case N: \ yyformat = S; \ break default: /* Avoid compiler warnings. */ YYCASE_(0, YY_("syntax error")); YYCASE_(1, YY_("syntax error, unexpected %s")); YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); #undef YYCASE_ } /* Compute error message size. Don't count the "%s"s, but reserve room for the terminator. */ yysize = yystrlen (yyformat) - 2 * yycount + 1; { int yyi; for (yyi = 0; yyi < yycount; ++yyi) { YYPTRDIFF_T yysize1 = yysize + yytnamerr (YY_NULLPTR, yytname[yyarg[yyi]]); if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) yysize = yysize1; else return YYENOMEM; } } if (*yymsg_alloc < yysize) { *yymsg_alloc = 2 * yysize; if (! (yysize <= *yymsg_alloc && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; return -1; } /* Avoid sprintf, as that infringes on the user's name space. Don't have undefined behavior even if the translation produced a string with the wrong number of "%s"s. */ { char *yyp = *yymsg; int yyi = 0; while ((*yyp = *yyformat) != '\0') if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) { yyp += yytnamerr (yyp, yytname[yyarg[yyi++]]); yyformat += 2; } else { ++yyp; ++yyformat; } } return 0; } /*-----------------------------------------------. | Release the memory associated to this symbol. | `-----------------------------------------------*/ static void yydestruct (const char *yymsg, yysymbol_kind_t yykind, YYSTYPE *yyvaluep, struct policy ***policies, void *scanner) { YYUSE (yyvaluep); YYUSE (policies); YYUSE (scanner); if (!yymsg) yymsg = "Deleting"; YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp); YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN YYUSE (yykind); YY_IGNORE_MAYBE_UNINITIALIZED_END } /*----------. | yyparse. | `----------*/ int yyparse (struct policy ***policies, void *scanner) { /* Lookahead token kind. */ int yychar; /* The semantic value of the lookahead symbol. */ /* Default value used for initialization, for pacifying older GCCs or non-GCC compilers. */ YY_INITIAL_VALUE (static YYSTYPE yyval_default;) YYSTYPE yylval YY_INITIAL_VALUE (= yyval_default); /* Number of syntax errors so far. */ int yynerrs = 0; yy_state_fast_t yystate = 0; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus = 0; /* Refer to the stacks through separate pointers, to allow yyoverflow to reallocate them elsewhere. */ /* Their size. */ YYPTRDIFF_T yystacksize = YYINITDEPTH; /* The state stack: array, bottom, top. */ yy_state_t yyssa[YYINITDEPTH]; yy_state_t *yyss = yyssa; yy_state_t *yyssp = yyss; /* The semantic value stack: array, bottom, top. */ YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs = yyvsa; YYSTYPE *yyvsp = yyvs; int yyn; /* The return value of yyparse. */ int yyresult; /* Lookahead symbol kind. */ yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY; /* The variables used to return semantic value and location from the action routines. */ YYSTYPE yyval; /* Buffer for error messages, and its allocated size. */ char yymsgbuf[128]; char *yymsg = yymsgbuf; YYPTRDIFF_T yymsg_alloc = sizeof yymsgbuf; #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) /* The number of symbols on the RHS of the reduced rule. Keep to zero when no symbol should be popped. */ int yylen = 0; YYDPRINTF ((stderr, "Starting parse\n")); yychar = YYEMPTY; /* Cause a token to be read. */ goto yysetstate; /*------------------------------------------------------------. | yynewstate -- push a new state, which is found in yystate. | `------------------------------------------------------------*/ yynewstate: /* In all cases, when you get here, the value and location stacks have just been pushed. So pushing a state here evens the stacks. */ yyssp++; /*--------------------------------------------------------------------. | yysetstate -- set current state (the top of the stack) to yystate. | `--------------------------------------------------------------------*/ yysetstate: YYDPRINTF ((stderr, "Entering state %d\n", yystate)); YY_ASSERT (0 <= yystate && yystate < YYNSTATES); YY_IGNORE_USELESS_CAST_BEGIN *yyssp = YY_CAST (yy_state_t, yystate); YY_IGNORE_USELESS_CAST_END YY_STACK_PRINT (yyss, yyssp); if (yyss + yystacksize - 1 <= yyssp) #if !defined yyoverflow && !defined YYSTACK_RELOCATE goto yyexhaustedlab; #else { /* Get the current used size of the three stacks, in elements. */ YYPTRDIFF_T yysize = yyssp - yyss + 1; # if defined yyoverflow { /* Give user a chance to reallocate the stack. Use copies of these so that the &'s don't force the real ones into memory. */ yy_state_t *yyss1 = yyss; YYSTYPE *yyvs1 = yyvs; /* Each stack pointer address is followed by the size of the data in use in that stack, in bytes. This used to be a conditional around just the two extra args, but that might be undefined if yyoverflow is a macro. */ yyoverflow (YY_("memory exhausted"), &yyss1, yysize * YYSIZEOF (*yyssp), &yyvs1, yysize * YYSIZEOF (*yyvsp), &yystacksize); yyss = yyss1; yyvs = yyvs1; } # else /* defined YYSTACK_RELOCATE */ /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; { yy_state_t *yyss1 = yyss; union yyalloc *yyptr = YY_CAST (union yyalloc *, YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); if (! yyptr) goto yyexhaustedlab; YYSTACK_RELOCATE (yyss_alloc, yyss); YYSTACK_RELOCATE (yyvs_alloc, yyvs); # undef YYSTACK_RELOCATE if (yyss1 != yyssa) YYSTACK_FREE (yyss1); } # endif yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; YY_IGNORE_USELESS_CAST_BEGIN YYDPRINTF ((stderr, "Stack size increased to %ld\n", YY_CAST (long, yystacksize))); YY_IGNORE_USELESS_CAST_END if (yyss + yystacksize - 1 <= yyssp) YYABORT; } #endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ if (yystate == YYFINAL) YYACCEPT; goto yybackup; /*-----------. | yybackup. | `-----------*/ yybackup: /* Do appropriate processing given the current state. Read a lookahead token if we need one and don't already have one. */ /* First try to decide what to do without reference to lookahead token. */ yyn = yypact[yystate]; if (yypact_value_is_default (yyn)) goto yydefault; /* Not known => get a lookahead token if don't already have one. */ /* YYCHAR is either empty, or end-of-input, or a valid lookahead. */ if (yychar == YYEMPTY) { YYDPRINTF ((stderr, "Reading a token\n")); yychar = yylex (&yylval, scanner); } if (yychar <= YYEOF) { yychar = YYEOF; yytoken = YYSYMBOL_YYEOF; YYDPRINTF ((stderr, "Now at end of input.\n")); } else if (yychar == YYerror) { /* The scanner already issued an error message, process directly to error recovery. But do not keep the error token as lookahead, it is too special and may lead us to an endless loop in error recovery. */ yychar = YYUNDEF; yytoken = YYSYMBOL_YYerror; goto yyerrlab1; } else { yytoken = YYTRANSLATE (yychar); YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); } /* If the proper action on seeing token YYTOKEN is to reduce or to detect an error, take that action. */ yyn += yytoken; if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) goto yydefault; yyn = yytable[yyn]; if (yyn <= 0) { if (yytable_value_is_error (yyn)) goto yyerrlab; yyn = -yyn; goto yyreduce; } /* Count tokens shifted since error; after three, turn off error status. */ if (yyerrstatus) yyerrstatus--; /* Shift the lookahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); yystate = yyn; YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; YY_IGNORE_MAYBE_UNINITIALIZED_END /* Discard the shifted token. */ yychar = YYEMPTY; goto yynewstate; /*-----------------------------------------------------------. | yydefault -- do the default action for the current state. | `-----------------------------------------------------------*/ yydefault: yyn = yydefact[yystate]; if (yyn == 0) goto yyerrlab; goto yyreduce; /*-----------------------------. | yyreduce -- do a reduction. | `-----------------------------*/ yyreduce: /* yyn is the number of a rule to reduce with. */ yylen = yyr2[yyn]; /* If YYLEN is nonzero, implement the default value of the action: '$$ = $1'. Otherwise, the following line sets YYVAL to garbage. This behavior is undocumented and Bison users should not rely upon it. Assigning to YYVAL unconditionally makes the parser a bit smaller, and it avoids a GCC warning that YYVAL may be used uninitialized. */ yyval = yyvsp[1-yylen]; YY_REDUCE_PRINT (yyn); switch (yyn) { case 2: /* eacl: rule */ #line 67 "namespaces.y" { *policies = (struct policy**)listadd((char**)*policies, (char*)((yyvsp[0].policy))); } #line 1383 "namespaces.c" break; case 3: /* eacl: eacl rule */ #line 68 "namespaces.y" { *policies = (struct policy**)listadd((char**)*policies, (char*)((yyvsp[0].policy))); } #line 1389 "namespaces.c" break; case 4: /* rule: TO ISSUER SUBJECT condition */ #line 71 "namespaces.y" { (yyval.policy) = (struct policy *)calloc(1, sizeof(struct policy)); if ((yyval.policy)) { (yyval.policy)->self = 0; (yyval.policy)->caname = strdup((yyvsp[-1].string)); (yyval.policy)->conds = (struct condition**)listadd(NULL, (char*)((yyvsp[0].cond))); (yyval.policy)->type = TYPE_NAMESPACE; } } #line 1404 "namespaces.c" break; case 5: /* rule: TO ISSUER SELF condition */ #line 81 "namespaces.y" { (yyval.policy) = (struct policy *)calloc(1, sizeof(struct policy)); if ((yyval.policy)) { (yyval.policy)->self = 1; (yyval.policy)->caname = NULL; (yyval.policy)->conds = (struct condition**)listadd(NULL, (char*)((yyvsp[0].cond))); (yyval.policy)->type = TYPE_NAMESPACE; } } #line 1418 "namespaces.c" break; case 6: /* condition: permit_or_deny SUBJECT_WORD SUBJECT */ #line 92 "namespaces.y" { (yyval.cond) = (struct condition *)calloc(1, sizeof(struct condition)); if ((yyval.cond)) { (yyval.cond)->positive = (yyvsp[-2].integer); (yyval.cond)->original = strdup((yyvsp[0].string)); (yyval.cond)->subjects = listadd(NULL, (yyval.cond)->original); if (!(yyval.cond)->subjects) { free((yyval.cond)->original); free((yyval.cond)); (yyval.cond) = NULL; } } } #line 1436 "namespaces.c" break; case 7: /* permit_or_deny: PERMIT */ #line 107 "namespaces.y" { (yyval.integer) = 1; } #line 1442 "namespaces.c" break; case 8: /* permit_or_deny: DENY */ #line 108 "namespaces.y" { (yyval.integer) = 0; } #line 1448 "namespaces.c" break; #line 1452 "namespaces.c" default: break; } /* User semantic actions sometimes alter yychar, and that requires that yytoken be updated with the new translation. We take the approach of translating immediately before every use of yytoken. One alternative is translating here after every semantic action, but that translation would be missed if the semantic action invokes YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an incorrect destructor might then be invoked immediately. In the case of YYERROR or YYBACKUP, subsequent parser actions might lead to an incorrect destructor call or verbose syntax error message before the lookahead is translated. */ YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc); YYPOPSTACK (yylen); yylen = 0; *++yyvsp = yyval; /* Now 'shift' the result of the reduction. Determine what state that goes to, based on the state we popped back to and the rule number reduced by. */ { const int yylhs = yyr1[yyn] - YYNTOKENS; const int yyi = yypgoto[yylhs] + *yyssp; yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp ? yytable[yyi] : yydefgoto[yylhs]); } goto yynewstate; /*--------------------------------------. | yyerrlab -- here on detecting error. | `--------------------------------------*/ yyerrlab: /* Make sure we have latest lookahead translation. See comments at user semantic actions for why this is necessary. */ yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar); /* If not already recovering from an error, report this error. */ if (!yyerrstatus) { ++yynerrs; { yypcontext_t yyctx = {yyssp, yytoken}; char const *yymsgp = YY_("syntax error"); int yysyntax_error_status; yysyntax_error_status = yysyntax_error (&yymsg_alloc, &yymsg, &yyctx); if (yysyntax_error_status == 0) yymsgp = yymsg; else if (yysyntax_error_status == -1) { if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); yymsg = YY_CAST (char *, YYSTACK_ALLOC (YY_CAST (YYSIZE_T, yymsg_alloc))); if (yymsg) { yysyntax_error_status = yysyntax_error (&yymsg_alloc, &yymsg, &yyctx); yymsgp = yymsg; } else { yymsg = yymsgbuf; yymsg_alloc = sizeof yymsgbuf; yysyntax_error_status = YYENOMEM; } } yyerror (policies, scanner, yymsgp); if (yysyntax_error_status == YYENOMEM) goto yyexhaustedlab; } } if (yyerrstatus == 3) { /* If just tried and failed to reuse lookahead token after an error, discard it. */ if (yychar <= YYEOF) { /* Return failure if at end of input. */ if (yychar == YYEOF) YYABORT; } else { yydestruct ("Error: discarding", yytoken, &yylval, policies, scanner); yychar = YYEMPTY; } } /* Else will try to reuse lookahead token after shifting the error token. */ goto yyerrlab1; /*---------------------------------------------------. | yyerrorlab -- error raised explicitly by YYERROR. | `---------------------------------------------------*/ yyerrorlab: /* Pacify compilers when the user code never invokes YYERROR and the label yyerrorlab therefore never appears in user code. */ if (0) YYERROR; /* Do not reclaim the symbols of the rule whose action triggered this YYERROR. */ YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); yystate = *yyssp; goto yyerrlab1; /*-------------------------------------------------------------. | yyerrlab1 -- common code for both syntax error and YYERROR. | `-------------------------------------------------------------*/ yyerrlab1: yyerrstatus = 3; /* Each real token shifted decrements this. */ /* Pop stack until we find a state that shifts the error token. */ for (;;) { yyn = yypact[yystate]; if (!yypact_value_is_default (yyn)) { yyn += YYSYMBOL_YYerror; if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror) { yyn = yytable[yyn]; if (0 < yyn) break; } } /* Pop the current state because it cannot handle the error token. */ if (yyssp == yyss) YYABORT; yydestruct ("Error: popping", YY_ACCESSING_SYMBOL (yystate), yyvsp, policies, scanner); YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; YY_IGNORE_MAYBE_UNINITIALIZED_END /* Shift the error token. */ YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp); yystate = yyn; goto yynewstate; /*-------------------------------------. | yyacceptlab -- YYACCEPT comes here. | `-------------------------------------*/ yyacceptlab: yyresult = 0; goto yyreturn; /*-----------------------------------. | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: yyresult = 1; goto yyreturn; #if 1 /*-------------------------------------------------. | yyexhaustedlab -- memory exhaustion comes here. | `-------------------------------------------------*/ yyexhaustedlab: yyerror (policies, scanner, YY_("memory exhausted")); yyresult = 2; goto yyreturn; #endif /*-------------------------------------------------------. | yyreturn -- parsing is finished, clean up and return. | `-------------------------------------------------------*/ yyreturn: if (yychar != YYEMPTY) { /* Make sure we have latest lookahead translation. See comments at user semantic actions for why this is necessary. */ yytoken = YYTRANSLATE (yychar); yydestruct ("Cleanup: discarding lookahead", yytoken, &yylval, policies, scanner); } /* Do not reclaim the symbols of the rule whose action triggered this YYABORT or YYACCEPT. */ YYPOPSTACK (yylen); YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct ("Cleanup: popping", YY_ACCESSING_SYMBOL (+*yyssp), yyvsp, policies, scanner); YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); return yyresult; } #line 111 "namespaces.y" #if 0 int main() { namespacesdebug = 1; struct policy **arg = NULL; void *scanner=NULL; namespaceslex_init(&scanner); namespacesset_debug(1, scanner); return namespacesparse(&arg, scanner); } #endif void namespaceserror(UNUSED(void *policies), UNUSED(void *scanner), UNUSED(char const *msg)) { } voms-2.1.2/src/sslutils/namespaces.h000066400000000000000000000062761477131364200174640ustar00rootroot00000000000000/* A Bison parser, made by GNU Bison 3.7.4. */ /* Bison interface for Yacc-like parsers in C Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, especially those whose name start with YY_ or yy_. They are private implementation details that can be changed or removed. */ #ifndef YY_NAMESPACES_NAMESPACES_H_INCLUDED # define YY_NAMESPACES_NAMESPACES_H_INCLUDED /* Debug traces. */ #ifndef YYDEBUG # define YYDEBUG 1 #endif #if YYDEBUG extern int namespacesdebug; #endif /* Token kinds. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE enum yytokentype { YYEMPTY = -2, YYEOF = 0, /* "end of file" */ YYerror = 256, /* error */ YYUNDEF = 257, /* "invalid token" */ SUBJECT = 258, /* SUBJECT */ TO = 259, /* TO */ SELF = 260, /* SELF */ PERMIT = 261, /* PERMIT */ DENY = 262, /* DENY */ SUBJECT_WORD = 263, /* SUBJECT_WORD */ ISSUER = 264 /* ISSUER */ }; typedef enum yytokentype yytoken_kind_t; #endif /* Token kinds. */ #define YYEMPTY -2 #define YYEOF 0 #define YYerror 256 #define YYUNDEF 257 #define SUBJECT 258 #define TO 259 #define SELF 260 #define PERMIT 261 #define DENY 262 #define SUBJECT_WORD 263 #define ISSUER 264 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { #line 46 "namespaces.y" char *string; struct condition *cond; struct policy *policy; int integer; #line 92 "namespaces.h" }; typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 #endif int namespacesparse (struct policy ***policies, void *scanner); #endif /* !YY_NAMESPACES_NAMESPACES_H_INCLUDED */ voms-2.1.2/src/sslutils/namespaces.l000066400000000000000000000036101477131364200174550ustar00rootroot00000000000000%{ /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include "parsertypes.h" #include "lexparse.h" #include "namespaces.h" #ifndef strndup extern char *strndup(const char*, size_t); #endif %} %x SINGLE_QUOTED %x DOUBLE_QUOTED %option reentrant %option noyywrap %option prefix="namespaces" %option bison-bridge %% \#.* /* comment. Ignore */ \' BEGIN(SINGLE_QUOTED); [^']*\' yytext[strlen(yytext)-1]='\0'; yylval_param->string = yytext; BEGIN(INITIAL); return SUBJECT; \" BEGIN(DOUBLE_QUOTED); [^"]*\" yytext[strlen(yytext)-1]='\0'; yylval_param->string = yytext; BEGIN(INITIAL); return SUBJECT; (?i:TO) return TO; (?i:ISSUER) return ISSUER; (?i:PERMIT) return PERMIT; (?i:DENY) return DENY; (?i:SELF) return SELF; (?i:SUBJECT) return SUBJECT_WORD; \\$ \n . %% voms-2.1.2/src/sslutils/namespaces.y000066400000000000000000000061201477131364200174710ustar00rootroot00000000000000%{ /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include "parsertypes.h" #include "lexparse.h" #include "listfunc.h" char **parse_subjects(char *string); void namespaceserror(void *policies, void *scanner, char const *msg); %} %error-verbose %pure-parser %name-prefix="namespaces" %parse-param {struct policy ***policies} %parse-param {void *scanner} %lex-param {void *scanner} %union{ char *string; struct condition *cond; struct policy *policy; int integer; } %token SUBJECT %token TO %token SELF %token PERMIT %token DENY %token SUBJECT_WORD %token ISSUER %type rule %type condition %type permit_or_deny %% eacl: rule { *policies = (struct policy**)listadd((char**)*policies, (char*)($1)); } | eacl rule { *policies = (struct policy**)listadd((char**)*policies, (char*)($2)); } ; rule: TO ISSUER SUBJECT condition { $$ = (struct policy *)calloc(1, sizeof(struct policy)); if ($$) { $$->self = 0; $$->caname = strdup($3); $$->conds = (struct condition**)listadd(NULL, (char*)($4)); $$->type = TYPE_NAMESPACE; } } | TO ISSUER SELF condition { $$ = (struct policy *)calloc(1, sizeof(struct policy)); if ($$) { $$->self = 1; $$->caname = NULL; $$->conds = (struct condition**)listadd(NULL, (char*)($4)); $$->type = TYPE_NAMESPACE; } } ; condition: permit_or_deny SUBJECT_WORD SUBJECT { $$ = (struct condition *)calloc(1, sizeof(struct condition)); if ($$) { $$->positive = $1; $$->original = strdup($3); $$->subjects = listadd(NULL, $$->original); if (!$$->subjects) { free($$->original); free($$); $$ = NULL; } } } ; permit_or_deny: PERMIT { $$ = 1; } | DENY { $$ = 0; } ; %% #if 0 int main() { namespacesdebug = 1; struct policy **arg = NULL; void *scanner=NULL; namespaceslex_init(&scanner); namespacesset_debug(1, scanner); return namespacesparse(&arg, scanner); } #endif void namespaceserror(UNUSED(void *policies), UNUSED(void *scanner), UNUSED(char const *msg)) { } voms-2.1.2/src/sslutils/parsertypes.h000066400000000000000000000027441477131364200177220ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef _OLDGAA_PARSERTYPES_H #define _OLDGAA_PARSERTYPES_H struct condition { char **subjects; char *original; int positive; }; #define TYPE_SIGNING 0 #define TYPE_NAMESPACE 1 struct policy { char *caname; int self; int type; struct condition **conds; }; #define SUCCESS_PERMIT 0 #define SUCCESS_DENY 1 #define SUCCESS_UNDECIDED 2 #endif voms-2.1.2/src/sslutils/proxy.c000066400000000000000000000557331477131364200165230ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include "vomsproxy.h" #include "proxycertinfo.h" #include "sslutils.h" #include "doio.h" static char *readfromfile(char *file, int *size, int *warning); static void setWarning(int *warning, int value); static void setAdditional(void **additional, void *data); static X509_EXTENSION *set_KeyUsageFlags(int flags); static int get_KeyUsageFlags(X509 *cert); static X509_EXTENSION *set_ExtendedKeyUsageFlags(char *flagnames); static char *getBitName(char**string); static int getBitValue(char *bitname); static int convertMethod(char *bits, int *warning, void **additional); static X509_EXTENSION *get_BasicConstraints(int ca); AC_SEQ* create_ac_seq(AC** aclist) { if (!aclist) return NULL; AC_SEQ* seq = AC_SEQ_new(); while(*aclist) { sk_AC_push(seq->acs, *aclist++); } return seq; } struct VOMSProxyArguments *VOMS_MakeProxyArguments() { return (struct VOMSProxyArguments*)calloc(1, sizeof(struct VOMSProxyArguments)); } void VOMS_FreeProxyArguments(struct VOMSProxyArguments *args) { free(args); } void VOMS_FreeProxy(struct VOMSProxy *proxy) { if (proxy) { X509_free(proxy->cert); sk_X509_pop_free(proxy->chain, X509_free); EVP_PKEY_free(proxy->key); free(proxy); } } struct VOMSProxy *VOMS_AllocProxy() { return (struct VOMSProxy*)calloc(1, sizeof(struct VOMSProxy)); } int VOMS_WriteProxy(const char *filename, struct VOMSProxy *proxy) { int ret = -1; int fd = -1; int retry = 3; BIO *bp = NULL; while (fd < 0 && retry > 0) { unlink(filename); fd = open(filename, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600); retry --; } #ifndef WIN32 if (fd != -1) { if (fchmod(fd, S_IRUSR|S_IWUSR) < 0) { close(fd); return -1; } } #endif if (fd != -1) { if ((bp = BIO_new_fd(fd, BIO_NOCLOSE)) != NULL) { ret = proxy_marshal_bp(bp, proxy->cert, proxy->key, NULL, proxy->chain); BIO_free(bp); } close(fd); } return ret; } static void kpcallback(int UNUSED(p), int UNUSED(n), UNUSED(void* v)) { } #define SET_EXT(ex) (!sk_X509_EXTENSION_push(extensions, (ex)) ? \ (PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT), 0) : \ ((ex = ((X509_EXTENSION*)NULL)), 1)) struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, void **additional) { char *value = NULL; X509 * ncert = NULL; EVP_PKEY * npkey = NULL; X509_REQ * req = NULL; STACK_OF(X509_EXTENSION) * extensions = NULL; int ku_flags = 0; char* policy = NULL; X509_EXTENSION *ex1 = NULL, *ex2 = NULL, *ex3 = NULL, *ex4 = NULL, *ex5 = NULL, *ex6 = NULL, *ex7 = NULL, *ex8 = NULL, *ex9 = NULL, *ex10 = NULL, *ex11 = NULL, *ex12 = NULL, *ex13 = NULL; int i = 0; struct VOMSProxy *proxy = NULL; void (*cback)(int, int, void*); InitProxyCertInfoExtension(1); setWarning(warning, PROXY_NO_ERROR); if (args->callback) { cback = args->callback; } else { cback = kpcallback; } if (args->proxyrequest == NULL) { if (proxy_genreq(args->cert, &req, &npkey, args->bits, args->newsubject ? args->newsubject : NULL, cback)) { goto err; } } else { req = args->proxyrequest; } /* initialize extensions stack */ if ((extensions = sk_X509_EXTENSION_new_null()) == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } /* Add passed extensions */ if (args->extensions) { int proxyindex; for (proxyindex = 0; proxyindex < sk_X509_EXTENSION_num(args->extensions); proxyindex++) { X509_EXTENSION *ext = X509_EXTENSION_dup(sk_X509_EXTENSION_value(args->extensions, i)); if (ext) { if (!sk_X509_EXTENSION_push(extensions, ext)) { X509_EXTENSION_free(ext); PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } } else { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } } } /* Add proxy extensions */ /* voms extension */ if (args->datalen) { if ((ex1 = CreateProxyExtension("voms", args->data, args->datalen, 0)) == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } if (!SET_EXT(ex1)) { goto err; } } /* include extension */ if (args->filename) { int filesize; char *filedata = readfromfile(args->filename, &filesize, warning); if (filedata) { if ((ex3 = CreateProxyExtension("incfile", filedata, filesize, 0)) == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); free(filedata); goto err; } free(filedata); if (!SET_EXT(ex3)) { goto err; } } else { setAdditional(additional, args->filename); goto err; } } /* AC extension */ if (args->aclist) { AC_SEQ* acseq = create_ac_seq(args->aclist); if (!acseq){ // FIXME: set this error to out of memory PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } ex5 = X509V3_EXT_i2d(OBJ_txt2nid("acseq"),0, acseq); if ( ex5 == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } if (!SET_EXT(ex5)) { goto err; } } /* keyUsage extension */ if (args->keyusage) { ku_flags = convertMethod(args->keyusage, warning, additional); if (ku_flags == -1) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } } else if (args->selfsigned) { ku_flags = X509v3_KU_DIGITAL_SIGNATURE | X509v3_KU_KEY_CERT_SIGN | X509v3_KU_CRL_SIGN; } else { ku_flags = get_KeyUsageFlags(args->cert); if (ku_flags != 0) { ku_flags &= ~X509v3_KU_KEY_CERT_SIGN; ku_flags &= ~X509v3_KU_NON_REPUDIATION; } } if (ku_flags != 0) { if ((ex8 = set_KeyUsageFlags(ku_flags)) == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } X509_EXTENSION_set_critical(ex8, 1); if (!SET_EXT(ex8)) { goto err; } } /* netscapeCert extension */ if (args->netscape) { if ((ex9 = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, args->netscape)) == NULL) { /* PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); */ goto err; } if (!SET_EXT(ex9)) { goto err; } } /* extended key usage */ if (args->exkusage) { if ((ex10 = set_ExtendedKeyUsageFlags(args->exkusage)) == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); setWarning(warning, PROXY_ERROR_UNKNOWN_EXTENDED_BIT); setAdditional(additional,args->exkusage); goto err; } if (!SET_EXT(ex10)) { goto err; } } /* Basic Constraints */ if ((ex12 = get_BasicConstraints(args->selfsigned ? 1 : 0)) == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } X509_EXTENSION_set_critical(ex12, 1); if (!SET_EXT(ex12)) { goto err; } /* vo extension */ if (strlen(args->voID)) { if ((ex4 = CreateProxyExtension("vo", args->voID, strlen(args->voID), 0)) == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_CLASS_ADD_EXT); goto err; } if (!SET_EXT(ex4)) { goto err; } } /* authority key identifier and subject key identifier extension (certificates only, not proxies) */ if (args->proxyversion == 0) { X509V3_CTX ctx; X509V3_set_ctx(&ctx, (args->selfsigned ? NULL : args->cert), NULL, req, NULL, 0); if (args->selfsigned) { X509 *tmpcert = NULL; ex13 = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, "hash"); if (!ex13) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_CLASS_ADD_EXT); goto err; } if (!SET_EXT(ex13)) { goto err; } tmpcert = X509_new(); if (tmpcert) { EVP_PKEY *key = X509_REQ_get_pubkey(req); X509_set_pubkey(tmpcert, key); X509_add_ext(tmpcert, ex13, -1); X509V3_set_ctx(&ctx, tmpcert, tmpcert, req, NULL, 0); ex11 = X509V3_EXT_conf_nid(NULL, &ctx, NID_authority_key_identifier, "keyid"); X509_free(tmpcert); EVP_PKEY_free(key); } else { ex11 = NULL; } } else { ex11 = X509V3_EXT_conf_nid(NULL, &ctx, NID_authority_key_identifier, "keyid"); } if (ex11) { if (!SET_EXT(ex11)) { goto err; } } else if (args->selfsigned) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_CLASS_ADD_EXT); goto err; } } /* class_add extension */ #ifdef CLASS_ADD if (class_add_buf && class_add_buf_len > 0) { if ((ex2 = proxy_extension_class_add_create((void *)args->class_add_buf, args->class_add_buf_len)) == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_CLASS_ADD_EXT); goto err; } if (!SET_EXT(ex2)) goto err; } #endif /* PCI extension */ if (args->proxyversion>=3) { PROXY_POLICY* proxypolicy; PROXY_CERT_INFO_EXTENSION* proxycertinfo = NULL; ASN1_OBJECT* policy_language; /* char* policy = NULL; */ /* getting contents of policy file */ int policysize = 0; char *policylang = args->policylang; if (args->policyfile) { policy = readfromfile(args->policyfile, &policysize, warning); if (!policy) { setAdditional(additional, args->policyfile); goto err; } } /* setting policy language field */ if (!policylang) { if (!args->policyfile) { policylang = IMPERSONATION_PROXY_OID; setWarning(warning, PROXY_WARNING_GSI_ASSUMED); } else { policylang = GLOBUS_GSI_PROXY_GENERIC_POLICY_OID; setWarning(warning, PROXY_WARNING_GENERIC_LANGUAGE_ASSUMED); } /* predefined policy language can be specified with simple name string */ } else if (strcmp(policylang, IMPERSONATION_PROXY_SN) == 0) { policylang = IMPERSONATION_PROXY_OID; } else if (strcmp(policylang, INDEPENDENT_PROXY_SN) == 0) { policylang = INDEPENDENT_PROXY_OID; } /* does limited prevail on others? don't know what does grid-proxy_init since if pl is given with limited options it crash */ if (args->limited) { policylang = LIMITED_PROXY_OID; } if (OBJ_txt2nid(policylang) == NID_undef) { int nid = OBJ_create(policylang, policylang, policylang); assert(nid != NID_undef && "OBJ_create failed"); } if (!(policy_language = OBJ_txt2obj(policylang, 1))) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_OID); goto err; } if (args->proxyversion == 3) { /* proxypolicy */ proxypolicy = PROXY_POLICY_new(); if (policy) { PROXY_POLICY_set_policy(proxypolicy, (unsigned char*)policy, policysize); free(policy); policy = NULL; } else if (args->policytext) { PROXY_POLICY_set_policy(proxypolicy, (unsigned char*)args->policytext, strlen(args->policytext)); } PROXY_POLICY_set_policy_language(proxypolicy, policy_language); /* proxycertinfo */ proxycertinfo = PROXY_CERT_INFO_EXTENSION_new(); #warning is the call to PROXYCERTINFO_set_version needed/useful? /* PROXYCERTINFO_set_version(proxycertinfo, args->proxyversion); */ PROXY_CERT_INFO_EXTENSION_set_policy(proxycertinfo, proxypolicy); PROXY_POLICY_free(proxypolicy); if (args->pathlength>=0) PROXY_CERT_INFO_EXTENSION_set_path_length(proxycertinfo, args->pathlength); value = (char *)proxycertinfo; } else { if (args->pathlength != -1) { char *buffer = snprintf_wrap("%d", args->pathlength); if (policy) { value = snprintf_wrap("language:%s,pathlen:%s,policy:text:%s", policylang, buffer, policy); free(policy); policy = NULL; } else if (args->policytext) { value = snprintf_wrap("language:%s,pathlen:%s,policy:text:%s", policylang, buffer, args->policytext); } else { value = snprintf_wrap("language:%s,pathlen:%s", policylang, buffer); } free(buffer); } else { if (policy) { value = snprintf_wrap("language:%s,policy:text:%s", policylang, policy); } else if (args->policytext) { value = snprintf_wrap("language:%s,policy:text:%s", policylang, args->policytext); } else { value = snprintf_wrap("language:%s", policylang); } } } if (args->proxyversion == 3) { /* Convert internal representation to DER */ unsigned char* der = NULL; int len; ASN1_OCTET_STRING* oct = NULL; int v3nid = my_txt2nid(PROXYCERTINFO_OLD_OID); X509V3_EXT_METHOD const* method = X509V3_EXT_get_nid(v3nid); assert(method != NULL && "X509V3_EXT_get_nid failed"); assert(method->it != NULL && "method->it cannot be null"); len = ASN1_item_i2d((void*)proxycertinfo, &der, ASN1_ITEM_ptr(method->it)); oct = ASN1_OCTET_STRING_new(); assert(oct != NULL && "ASN1_OCTET_STRING_new failed"); oct->data = der; oct->length = len; ex7 = X509_EXTENSION_create_by_NID(NULL, v3nid, 1 /*critical*/, oct); ASN1_OCTET_STRING_free(oct); value = NULL; } else { assert(args->proxyversion == 4); X509V3_CTX ctx; X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0L); ctx.db = (void*)&ctx; X509V3_CONF_METHOD method = { NULL, NULL, NULL, NULL }; ctx.db_meth = &method; ex7 = X509V3_EXT_conf_nid(NULL, &ctx, my_txt2nid(PROXYCERTINFO_OID), (char*)value); assert(ex7 != NULL && "X509V3_EXT_conf_nid failed"); free(value); X509_EXTENSION_set_critical(ex7, 1); value = NULL; } free(policy); policy = NULL; if (ex7 == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } if (!SET_EXT(ex7)) goto err; } if (!args->selfsigned) { if (proxy_sign(args->cert, args->key, req, &ncert, args->hours*60*60 + args->minutes*60, extensions, args->limited, args->proxyversion, args->newsubject, args->newissuer, args->pastproxy, args->newserial, args->selfsigned)) { goto err; } } else if (proxy_sign(NULL, npkey, req, &ncert, args->hours*60*60 + args->minutes*60, extensions, args->limited, 0, args->newsubject, args->newsubject, args->pastproxy, NULL, args->selfsigned)) { goto err; } proxy = (struct VOMSProxy*)malloc(sizeof(struct VOMSProxy)); if (proxy) { proxy->cert = ncert; proxy->key = npkey; proxy->chain = sk_X509_new_null(); if (args->cert) { sk_X509_push(proxy->chain, X509_dup(args->cert)); } for (i = 0; i < sk_X509_num(args->chain); i++) { sk_X509_push(proxy->chain, X509_dup(sk_X509_value(args->chain, i))); } } err: if (!proxy) { X509_free(ncert); EVP_PKEY_free(npkey); } if (extensions) { sk_X509_EXTENSION_pop_free(extensions, X509_EXTENSION_free); } if (!args->proxyrequest) { X509_REQ_free(req); } X509_EXTENSION_free(ex13); X509_EXTENSION_free(ex12); X509_EXTENSION_free(ex11); X509_EXTENSION_free(ex10); X509_EXTENSION_free(ex9); X509_EXTENSION_free(ex8); X509_EXTENSION_free(ex6); X509_EXTENSION_free(ex7); X509_EXTENSION_free(ex5); X509_EXTENSION_free(ex2); X509_EXTENSION_free(ex3); X509_EXTENSION_free(ex4); X509_EXTENSION_free(ex1); free(policy); free(value); return proxy; } X509_EXTENSION *CreateProxyExtension(char * name, char *data, int datalen, int crit) { X509_EXTENSION * ex = NULL; ASN1_OBJECT * ex_obj = NULL; ASN1_OCTET_STRING * ex_oct = NULL; int nid = OBJ_txt2nid(name); if (nid != 0) ex_obj = OBJ_nid2obj(nid); else ex_obj = OBJ_txt2obj(name, 0); if (!ex_obj) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_CLASS_ADD_OID); goto err; } if (!(ex_oct = ASN1_OCTET_STRING_new())) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_CLASS_ADD_EXT); goto err; } ex_oct->data = (unsigned char*)data; ex_oct->length = datalen; if (!(ex = X509_EXTENSION_create_by_OBJ(NULL, ex_obj, crit, ex_oct))) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_CLASS_ADD_EXT); } err: if (ex_oct) { /* avoid spurious free of the contents. */ ex_oct->length = 0; ex_oct->data = NULL; ASN1_OCTET_STRING_free(ex_oct); } ASN1_OBJECT_free(ex_obj); return ex; } static char *readfromfile(char *file, int *size, int *warning) { int fd = open(file,O_RDONLY); char *buffer = NULL; if (fd != -1) { struct stat filestats; if (!fstat(fd, &filestats)) { *size = filestats.st_size; buffer = (char *)malloc(*size); if (buffer) { int offset = 0; int ret = 0; do { ret = read(fd, buffer+offset, *size - offset); offset += ret; } while ( ret > 0); if (ret < 0) { free(buffer); buffer = NULL; setWarning(warning, PROXY_ERROR_FILE_READ); } } else setWarning(warning, PROXY_ERROR_OUT_OF_MEMORY); } else setWarning(warning, PROXY_ERROR_STAT_FILE); close(fd); } else setWarning(warning, PROXY_ERROR_OPEN_FILE); return buffer; } static void setWarning(int *warning, int value) { if (warning) *warning = value; } static void setAdditional(void **additional, void *data) { if (additional) *additional = data; } static X509_EXTENSION *set_KeyUsageFlags(int flags) { unsigned char data[2]; X509_EXTENSION *ext = NULL; ASN1_BIT_STRING *str = ASN1_BIT_STRING_new(); if (str) { int len =0; data[0] = flags & 0x00ff; data[1] = (flags & 0xff00) >> 8; len = (data[1] ? 2 : 1); ASN1_BIT_STRING_set(str, data, len); ext = X509V3_EXT_i2d(NID_key_usage, 1, str); ASN1_BIT_STRING_free(str); return ext; } return NULL; } static X509_EXTENSION *set_ExtendedKeyUsageFlags(char *flagnames) { if (!flagnames) return NULL; return X509V3_EXT_conf_nid(NULL, NULL, NID_ext_key_usage, flagnames); } static X509_EXTENSION *get_BasicConstraints(int ca) { return X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, (ca ? "CA:true" : "CA:false")); } static int get_KeyUsageFlags(X509 *cert) { int keyusage = 0; ASN1_BIT_STRING *usage = X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL); if (usage) { if (usage->length > 0) keyusage = usage->data[0]; if (usage->length > 1) keyusage |= usage->data[1] << 8; ASN1_BIT_STRING_free(usage); } return keyusage; } static char *getBitName(char**string) { char *div = NULL; char *temp = NULL; if (!string || !(*string) || (*(*string) == '\0')) return NULL; div = strchr(*string, ','); if (div) { temp = *string; *div++ = '\0'; *string = div; } else { temp = *string; *string = *string + strlen(*string); } return temp; } static int getBitValue(char *bitname) { if (!strcmp(bitname, "digitalSignature")) return KU_DIGITAL_SIGNATURE; else if (!strcmp(bitname, "nonRepudiation")) return KU_NON_REPUDIATION; else if (!strcmp(bitname, "keyEncipherment")) return KU_KEY_ENCIPHERMENT; else if (!strcmp(bitname, "dataEncipherment")) return KU_DATA_ENCIPHERMENT; else if (!strcmp(bitname, "keyAgreement")) return KU_KEY_AGREEMENT; else if (!strcmp(bitname, "keyCertSign")) return KU_KEY_CERT_SIGN; else if (!strcmp(bitname, "cRLSign")) return KU_CRL_SIGN; else if (!strcmp(bitname, "encipherOnly")) return KU_ENCIPHER_ONLY; else if (!strcmp(bitname, "decipherOnly")) return KU_DECIPHER_ONLY; return 0; } static int convertMethod(char *bits, int *warning, void **additional) { char *bitname = NULL; int value = 0; int total = 0; while ((bitname = getBitName(&bits))) { value = getBitValue(bitname); if (value == 0) { setWarning(warning, PROXY_ERROR_UNKNOWN_BIT); setAdditional(additional, bitname); return -1; } total |= value; } return total; } char *ProxyCreationError(int error, void *additional) { switch (error) { case PROXY_NO_ERROR: return NULL; break; case PROXY_ERROR_OPEN_FILE: return snprintf_wrap("Error: cannot open file: %s\n%s\n", additional, strerror(errno)); break; case PROXY_ERROR_FILE_READ: return snprintf_wrap("Error: cannot read from file: %s\n%s\n", additional, strerror(errno)); break; case PROXY_ERROR_STAT_FILE: return snprintf_wrap("Error: cannot stat file: %s\n%s\n", additional, strerror(errno)); break; case PROXY_ERROR_OUT_OF_MEMORY: return snprintf_wrap("Error: out of memory"); break; case PROXY_ERROR_UNKNOWN_BIT: return snprintf_wrap("KeyUsage bit: %s unknown\n", additional); break; case PROXY_ERROR_UNKNOWN_EXTENDED_BIT: return snprintf_wrap("ExtKeyUsage bit value: %s invalid. One or more of the bits are unknown\n", additional); break; case PROXY_WARNING_GSI_ASSUMED: return snprintf_wrap("\nNo policy language specified, Gsi impersonation proxy assumed."); break; case PROXY_WARNING_GENERIC_LANGUAGE_ASSUMED: return snprintf_wrap("\nNo policy language specified with policy file, assuming generic."); break; default: return snprintf_wrap("Unknown error"); break; } } voms-2.1.2/src/sslutils/proxycertinfo.c000066400000000000000000000227751477131364200202550ustar00rootroot00000000000000/* * Copyright 1999-2006 University of Chicago * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include "doio.h" #include "proxycertinfo.h" #include "ssl_compat.h" typedef PROXY_CERT_INFO_EXTENSION PROXYCERTINFO_OLD; ASN1_SEQUENCE(PROXYCERTINFO_OLD) = { ASN1_SIMPLE(PROXYCERTINFO_OLD, proxyPolicy, PROXY_POLICY), ASN1_EXP_OPT(PROXYCERTINFO_OLD, pcPathLengthConstraint, ASN1_INTEGER, 1), } ASN1_SEQUENCE_END(PROXYCERTINFO_OLD) IMPLEMENT_ASN1_FUNCTIONS(PROXYCERTINFO_OLD) IMPLEMENT_ASN1_DUP_FUNCTION(PROXYCERTINFO_OLD) static void* PROXYCERTINFO_OLD_s2i( struct v3_ext_method const* method , struct v3_ext_ctx* ctx , char const* data ) { return (PROXY_CERT_INFO_EXTENSION*)data; } static char* PROXYCERTINFO_OLD_i2s(struct v3_ext_method* method, void* ext) { PROXY_CERT_INFO_EXTENSION* pci = NULL; char *encoding = NULL; char *output = NULL; PROXY_POLICY *pp; int dooid = 0; char oid[256]; pci = (PROXY_CERT_INFO_EXTENSION *)ext; if (!pci) return ""; if (pci->pcPathLengthConstraint) { int j = ASN1_INTEGER_get(pci->pcPathLengthConstraint); char *buffer = snprintf_wrap("%X", j); output = snprintf_wrap("Path Length Constraint: %s%s\n\n", strlen(buffer)%2 ? "0" : "", buffer); free(buffer); } else output = strdup("Path Length Constraint: unlimited\n"); pp = pci->proxyPolicy; if (pp && i2t_ASN1_OBJECT(oid, 256, pp->policyLanguage)) { dooid = 1; } encoding = snprintf_wrap("%sPolicy Language: %s%s%s%s\n", output, ( dooid ? oid : ""), ( (pp && pp->policy) ? "\nPolicy Text: " : ""), ( (pp && pp->policy) ? (const char*)ASN1_STRING_get0_data(pp->policy) : ""), ( (pp && pp->policy) ? "\n" : "")); free(output); return encoding; } STACK_OF(CONF_VALUE) * i2v_PROXYCERTINFO_OLD( struct v3_ext_method * method, PROXY_CERT_INFO_EXTENSION * ext, STACK_OF(CONF_VALUE) * extlist); static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, BIO *out, int indent) { BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); if (pci->pcPathLengthConstraint) i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); else BIO_printf(out, "infinite"); BIO_puts(out, "\n"); BIO_printf(out, "%*sPolicy Language: ", indent, ""); i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); BIO_puts(out, "\n"); if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", pci->proxyPolicy->policy->data); return 1; } X509V3_EXT_METHOD * PROXYCERTINFO_OLD_x509v3_ext_meth() { static X509V3_EXT_METHOD proxycertinfo_x509v3_ext_meth = { -1, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(PROXYCERTINFO_OLD), 0, 0, 0, 0, (X509V3_EXT_I2S) 0,//PROXYCERTINFO_OLD_i2s, (X509V3_EXT_S2I) 0,//PROXYCERTINFO_OLD_s2i, (X509V3_EXT_I2V) 0 /*i2v_PROXYCERTINFO_OLD*/, 0, (X509V3_EXT_I2R) i2r_pci, 0, NULL }; return (&proxycertinfo_x509v3_ext_meth); } ASN1_OBJECT * PROXY_POLICY_get_policy_language( PROXY_POLICY * policy) { return policy->policyLanguage; } unsigned char * PROXY_POLICY_get_policy( PROXY_POLICY * policy, int * length) { if(policy->policy) { (*length) = policy->policy->length; if(*length > 0 && policy->policy->data) { unsigned char * copy = malloc(*length); memcpy(copy, policy->policy->data, *length); return copy; } } return NULL; } STACK_OF(CONF_VALUE) * i2v_PROXYPOLICY( struct v3_ext_method * method, PROXY_POLICY * ext, STACK_OF(CONF_VALUE) * extlist) { unsigned char * policy = NULL; char policy_lang[128]; unsigned char * tmp_string = NULL; unsigned char * index = NULL; int nid; int policy_length; X509V3_add_value("Proxy Policy:", NULL, &extlist); nid = OBJ_obj2nid(PROXY_POLICY_get_policy_language(ext)); if(nid != NID_undef) { BIO_snprintf(policy_lang, 128, " %s", OBJ_nid2ln(nid)); } else { policy_lang[0] = ' '; i2t_ASN1_OBJECT(&policy_lang[1], 127, PROXY_POLICY_get_policy_language(ext)); } X509V3_add_value(" Policy Language", policy_lang, &extlist); policy = PROXY_POLICY_get_policy(ext, &policy_length); if(!policy) { X509V3_add_value(" Policy", " EMPTY", &extlist); } else { X509V3_add_value(" Policy:", NULL, &extlist); tmp_string = policy; while (policy_length > 0) { int policy_line_length; index = memchr(tmp_string, '\n', (size_t) policy_length); /* Weird to indent the last line only... */ if (!index) { char * last_string; policy_line_length = policy_length; last_string = malloc(policy_line_length + 9); BIO_snprintf( last_string, (size_t) (policy_line_length +9), "%8s%.*s", "", policy_line_length, (char *) tmp_string); X509V3_add_value(NULL, last_string, &extlist); free(last_string); } else { *(index++) = '\0'; policy_line_length = index - tmp_string; X509V3_add_value(NULL, (char *) tmp_string, &extlist); tmp_string = index; } policy_length -= policy_line_length; } free(policy); } return extlist; } STACK_OF(CONF_VALUE) * i2v_PROXYCERTINFO_OLD( struct v3_ext_method * method, PROXY_CERT_INFO_EXTENSION * ext, STACK_OF(CONF_VALUE) * extlist) { int len = 128; char tmp_string[128]; if (!ext) { extlist = NULL; return extlist; } if (extlist == NULL) { extlist = sk_CONF_VALUE_new_null(); if(extlist == NULL) { return NULL; } } if (PROXY_CERT_INFO_EXTENSION_get_path_length(ext) > -1) { memset(tmp_string, 0, len); BIO_snprintf(tmp_string, len, " %lu (0x%lx)", PROXY_CERT_INFO_EXTENSION_get_path_length(ext), PROXY_CERT_INFO_EXTENSION_get_path_length(ext)); X509V3_add_value("Path Length", tmp_string, &extlist); } if(PROXY_CERT_INFO_EXTENSION_get_policy(ext)) { i2v_PROXYPOLICY(NULL, PROXY_CERT_INFO_EXTENSION_get_policy(ext), extlist); } return extlist; } int PROXY_CERT_INFO_EXTENSION_set_path_length( PROXY_CERT_INFO_EXTENSION* pci , long pl ) { if (pci != NULL) { if (pl != -1) { if (pci->pcPathLengthConstraint == NULL) { pci->pcPathLengthConstraint = ASN1_INTEGER_new(); } return ASN1_INTEGER_set(pci->pcPathLengthConstraint, pl); } else { ASN1_INTEGER_free(pci->pcPathLengthConstraint); pci->pcPathLengthConstraint = NULL; } return 1; } return 0; } long PROXY_CERT_INFO_EXTENSION_get_path_length(PROXY_CERT_INFO_EXTENSION const* pci) { if (pci && pci->pcPathLengthConstraint) { return ASN1_INTEGER_get(pci->pcPathLengthConstraint); } else { return -1; } } int PROXY_CERT_INFO_EXTENSION_set_policy( PROXY_CERT_INFO_EXTENSION* pci , PROXY_POLICY* policy ) { PROXY_POLICY_free(pci->proxyPolicy); pci->proxyPolicy = PROXY_POLICY_dup(policy); return 1; } PROXY_POLICY* PROXY_CERT_INFO_EXTENSION_get_policy(PROXY_CERT_INFO_EXTENSION const* pci) { if (pci) { return pci->proxyPolicy; } else { return NULL; } } void InitProxyCertInfoExtension(int full) { if (OBJ_txt2nid(PROXYCERTINFO_OLD_OID) == NID_undef) { int ret = 0; X509V3_EXT_METHOD* meth = NULL; char const* pci_v3_sn = "proxyCertInfo_V3"; char const* pci_v3_ln = "Proxy Certificate Information (V3)"; int const v3nid = OBJ_create(PROXYCERTINFO_OLD_OID, pci_v3_sn, pci_v3_ln); assert(v3nid != NID_undef && "OBJ_create failed"); meth = PROXYCERTINFO_OLD_x509v3_ext_meth(); assert(meth != NULL && "PROXYCERTINFO_OLD_x509v3_ext_meth failed"); meth->ext_nid = v3nid; ret = X509V3_EXT_add(meth); assert(ret != 0 && "X509V3_EXT_add failed"); } } voms-2.1.2/src/sslutils/proxypolicy.c000066400000000000000000000044161477131364200177330ustar00rootroot00000000000000/* * Copyright 1999-2006 University of Chicago * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include "proxypolicy.h" /** * Sets the policy language of the PROXY_POLICY * * @param policy the PROXY_POLICY to set the policy language of * @param policy_language the policy language to set it to * * @return 1 on success, 0 on error */ int PROXY_POLICY_set_policy_language( PROXY_POLICY * policy, ASN1_OBJECT * policy_language) { if(policy_language != NULL) { ASN1_OBJECT_free(policy->policyLanguage); policy->policyLanguage = OBJ_dup(policy_language); return 1; } return 0; } /** * Sets the policy of the PROXY_POLICY * * @param proxypolicy the proxy policy to set the policy of * @param policy the policy to set it to * @param length the length of the policy * * @return 1 on success, 0 on error */ int PROXY_POLICY_set_policy( PROXY_POLICY * proxypolicy, unsigned char * policy, int length) { assert(length >= 0); if(policy != NULL) { unsigned char * copy = malloc(length); assert(copy != NULL && "malloc failed"); memcpy(copy, policy, length); if(!proxypolicy->policy) { proxypolicy->policy = ASN1_OCTET_STRING_new(); } ASN1_OCTET_STRING_set(proxypolicy->policy, copy, length); } else { if(proxypolicy->policy) { ASN1_OCTET_STRING_free(proxypolicy->policy); } } return 1; } IMPLEMENT_ASN1_DUP_FUNCTION(PROXY_POLICY); voms-2.1.2/src/sslutils/scutils.c000066400000000000000000000705701477131364200170240ustar00rootroot00000000000000/********************************************************************** scutils.c Description: Routines used internally to work with smart card using PKCS11 **********************************************************************/ /********************************************************************** Include header files **********************************************************************/ #include "config.h" #ifdef USE_PKCS11 #include "scutils.h" #include "sslutils.h" #ifndef WIN32 #define FILE_SEPERATOR "/" #else #define FILE_SEPERATOR "\\" #include #endif #include #include #include #ifdef USE_PKCS11_DL #include #endif #include "buffer.h" #include "crypto.h" #include "objects.h" #include "asn1.h" #include "evp.h" #include "x509.h" #include "pem.h" #include "ssl.h" #include "rsa.h" /********************************************************************** Type definitions **********************************************************************/ /********************************************************************** Module specific prototypes **********************************************************************/ static int sc_RSA_eay_private_decrypt(int flen, unsigned char * from, unsigned char * to, RSA * rsa, int padding); static int sc_RSA_eay_private_encrypt(int flen, unsigned char * from, unsigned char * to, RSA * rsa, int padding); /********************************************************************** Define module specific variables **********************************************************************/ static ERR_STRING_DATA scerr_str_functs[]= { {ERR_PACK(0,SCERR_F_RSA_ENCRYPT,0),"sc_RSA_private_encrypt"}, {ERR_PACK(0,SCERR_F_RSA_DECRYPT,0),"sc_RSA_private_decrypt"}, {ERR_PACK(0,SCERR_F_SCINIT,0),"sc_init"}, {ERR_PACK(0,SCERR_F_GET_RSA_PRIV_KEY_OBJ,0),"sc_get_rsa_priv_key_obj"}, {ERR_PACK(0,SCERR_F_GET_PRIV_KEY_OBJ,0),"sc_get_priv_key_obj"}, {ERR_PACK(0,SCERR_F_GET_PRIV_KEY_BY_LABEL,0),"sc_get_priv_key_by_label"}, {ERR_PACK(0,SCERR_F_GET_CERT_OBJ,0),"sc_get_cert_obj"}, {ERR_PACK(0,SCERR_F_FIND_ONE_OBJ,0),"sc_find_one_obj"}, {ERR_PACK(0,SCERR_F_FIND_CERT_BY_LABEL,0),"sc_find_cert_by_label"}, {ERR_PACK(0,SCERR_F_LOAD_DLL,0),"sc_get_function_list"}, {0,NULL}, }; static ERR_STRING_DATA scerr_str_reasons[]= { {SCERR_R_PKCS11_ERROR, "PKCS11 error"}, {SCERR_R_SIGNINIT, "C_SignInit"}, {SCERR_R_SIGN, "C_Sign"}, {SCERR_R_SIGNRECINIT, "C_SignRecoverInit"}, {SCERR_R_SIGNREC, "C_SignRecover"}, {SCERR_R_INITIALIZE, "C_Initialize"}, {SCERR_R_GETSLOTLIST, "C-GetSlotList"}, {SCERR_R_OPENSESSION, "C_OpenSession"}, {SCERR_R_LOGIN, "C_Login"}, {SCERR_R_CREATEOBJ, "C_CreateObject"}, {SCERR_R_UNSUPPORTED, "Unsupported feature"}, {SCERR_R_GETATTRVAL, "C_GetAttributeValue"}, {SCERR_R_FINDOBJINIT, "C_FindObjectInit"}, {SCERR_R_FINDOBJ, "C_FindObject"}, {SCERR_R_FOUNDMANY, "Found more then one matching key"}, {SCERR_R_FIND_FAILED, "Unable to find object on smart card"}, {SCERR_R_NO_PKCS11_DLL,"Unable to load the PKCS11 support"}, {0,NULL}, }; CK_FUNCTION_LIST_PTR pFunctionList = NULL; #ifdef WIN32 HMODULE h_m_pkcs11 = NULL; #else void * h_m_pkcs11 = NULL; #endif /********************************************************************** Function: sc_get_function_list() Description: Get the name of the PKCS11 dll to use from the registry, load it, get the entry for the C_GetFunctionList call it to set the pFunctionList. Parameters: Returns: the pFunctionList or NULL **********************************************************************/ CK_FUNCTION_LIST_PTR sc_get_function_list() { CK_RV status; #if defined(USE_PKCS11_DL) || defined(WIN32) CK_RV (*gfl)(CK_FUNCTION_LIST_PTR_PTR); #endif if (pFunctionList) { return pFunctionList; } #if defined(USE_PKCS11_DL) || defined(WIN32) if (!h_m_pkcs11) { char * dllname = NULL; #ifdef WIN32 HKEY hkDir = NULL; char val_dllname[512] = {"NONE"}; LONG lval; DWORD type; if (!h_m_pkcs11) { RegOpenKey(HKEY_CURRENT_USER,GSI_REGISTRY_DIR,&hkDir); lval = sizeof(val_dllname) -1; if (hkDir && (RegQueryValueEx(hkDir, "PKCS11.DLL", 0, &type, val_dllname,&lval) == ERROR_SUCCESS)) { h_m_pkcs11 = LoadLibrary(val_dllname); } if (hkDir) { RegCloseKey(hkDir); } if (!h_m_pkcs11) { SCerr(SCERR_F_SCINIT,SCERR_R_NO_PKCS11_DLL); ERR_add_error_data(2,"Name of DLL=", dllname? dllname:"NONE"); return NULL; } } gfl = (CK_RV (*)(CK_FUNCTION_LIST_PTR *)) GetProcAddress(h_m_pkcs11,"C_GetFunctionList"); #else if (!h_m_pkcs11) { dllname = getenv("PKCS11_LIB"); if (!dllname) { dllname = "libDSPKCS.so"; } h_m_pkcs11 = dlopen("libDSPKCS.so",RTLD_LAZY); } if (!h_m_pkcs11) { SCerr(SCERR_F_SCINIT,SCERR_R_NO_PKCS11_DLL); ERR_add_error_data(2,"Name of shared library=", dllname); return NULL; } gfl = (CK_RV(*)(CK_FUNCTION_LIST_PTR_PTR)) dlsym(h_m_pkcs11,"C_GetFunctionList"); #endif if (!gfl) { SCerr(SCERR_F_LOAD_DLL,SCERR_R_NO_PKCS11_DLL); ERR_add_error_data(1,"Cant find C_GetFunctionList"); return NULL; } } status = (*gfl)(&pFunctionList); #else status = C_GetFunctionList(&pFunctionList); #endif /* PKCS11_DYNLOAD */ if (status != CKR_OK) { SCerr(SCERR_F_LOAD_DLL,SCERR_R_UNSUPPORTED); ERR_add_error_data(1,sc_ERR_code(status)); return NULL; } return pFunctionList; } /********************************************************************** Function: ERR_load_scerr_strings() Description: Sets up the error tables used by SSL and adds ours using the ERR_LIB_USER Only the first call does anything. Parameters: i should be zero the first time any of the ERR_load_.*_string functions is called and non-zero for the rest of the calls. Returns: **********************************************************************/ int ERR_load_scerr_strings( int i) { static int init=1; if (init) { init=0; if (i == 0) { SSL_load_error_strings(); } ERR_load_strings(ERR_USER_LIB_SCERR_NUMBER,scerr_str_functs); ERR_load_strings(ERR_USER_LIB_SCERR_NUMBER,scerr_str_reasons); i++; } return i; } /********************************************************************/ /*******************************************************************/ /* Temporary function to reuten the error number. Should return char */ char * sc_ERR_code( CK_RV status) { static char buf[256]; sprintf(buf,"PKCS#11 return=0x%8.8lx",status); return buf; } /********************************************************************/ int sc_init( CK_SESSION_HANDLE_PTR PsessionHandle, char * card, CK_SLOT_ID_PTR ppslot, char * ppin, CK_USER_TYPE userType, int initialized) { int rc; CK_SLOT_ID rslot; CK_SLOT_ID_PTR pslot; CK_TOKEN_INFO tokeninfo; if (ppslot) { pslot = ppslot; } else { pslot = &rslot; } if (!initialized) { rc = sc_init_one(pslot); if (rc) { return rc; } } /* rc = sc_init_info(pslot, &tokenInfo); if (rc) { return rc; } */ rc = sc_init_open_login(PsessionHandle, pslot, ppin, userType); if (rc) { return rc; } return 0; } /*********************************************************** Function: sc_init_one Description: get the function list pointer first. initialize and find the slot with the card ***********************************************************/ int sc_init_one( CK_SLOT_ID_PTR pslot) { CK_RV status; CK_SLOT_ID list[20]; CK_SLOT_ID slot; CK_SLOT_ID_PTR slotList = &list[0]; CK_TOKEN_INFO tokeninfo; CK_ULONG count = 0; CK_C_Initialize pC_Initialize; if (!sc_get_function_list()) { return SCERR_R_INITIALIZE; } pC_Initialize = pFunctionList->C_Initialize; status = (*pC_Initialize)(0); if (status != CKR_OK) { SCerr(SCERR_F_SCINIT,SCERR_R_INITIALIZE); ERR_add_error_data(1,sc_ERR_code(status)); return SCERR_R_INITIALIZE; } /* status = (*(pFunctionList->C_GetSlotList))(FALSE, NULL, &count); if (status != CKR_OK) { SCerr(SCERR_F_SCINIT,SCERR_R_GETSLOTLIST); ERR_add_error_data(1,sc_ERR_code(status)); return SCERR_R_GETSLOTLIST; } fprintf(stderr,"Slotlist count = %d\n",count); */ count = 20; status = (*(pFunctionList->C_GetSlotList))(FALSE, slotList, &count); if (status != CKR_OK) { SCerr(SCERR_F_SCINIT,SCERR_R_GETSLOTLIST); ERR_add_error_data(1,sc_ERR_code(status)); return SCERR_R_GETSLOTLIST; } if (count == 0) { SCerr(SCERR_F_SCINIT,SCERR_R_OPENSESSION); ERR_add_error_data(1,"\n No SmartCard readers found"); return SCERR_R_OPENSESSION; } /* * need to look at all the slots. * Maybe provide the card label then look for it */ slot = list[0]; if (pslot) { *pslot = slot; } return 0; } /*************************************************************** Function: sc_init_info Description: Read the card info and print debuging **************************************************************/ int sc_init_info( CK_SLOT_ID_PTR pslot, CK_TOKEN_INFO_PTR ptokenInfo) { CK_RV status; status = (*(pFunctionList->C_GetTokenInfo))(*pslot, ptokenInfo); if (status != CKR_OK) { SCerr(SCERR_F_SCINIT,SCERR_R_LOGIN); ERR_add_error_data(2, "While reading Smart Card Info", sc_ERR_code(status)); return SCERR_R_LOGIN; } return 0; } /***************************************************************** Function: sc_init_open_login Description: Open a session to the card, and login *****************************************************************/ int sc_init_open_login( CK_SESSION_HANDLE_PTR PsessionHandle, CK_SLOT_ID_PTR pslot, char * ppin, CK_USER_TYPE userType) { CK_RV status; char * pin; char rpin[256]; /* could also add CKF_EXCLUSIVE_SESSION */ int flags = CKF_RW_SESSION | CKF_SERIAL_SESSION ; status = (*(pFunctionList->C_OpenSession))(*pslot, flags, 0, NULL, PsessionHandle); if (status != CKR_OK) { SCerr(SCERR_F_SCINIT,SCERR_R_OPENSESSION); ERR_add_error_data(1,sc_ERR_code(status)); return SCERR_R_OPENSESSION; } if (ppin) /* did user provide the pin? */ { pin = ppin; } else { pin = rpin; memset(rpin,0,sizeof(rpin)); #ifdef WIN32 read_passphrase_win32_prompt( (userType == CKU_USER) ? "Smart Card User PIN:" : "Smart Card SO PIN:",0); read_passphrase_win32(rpin,sizeof(rpin),0); #else des_read_pw_string(rpin,sizeof(rpin), (userType == CKU_USER) ? "Smart Card User PIN:" : "Smart Card SO PIN:",0); #endif /*DEE should test this too */ } status = (*(pFunctionList->C_Login))(*PsessionHandle, userType, (CK_CHAR_PTR)pin, strlen(pin)); memset(rpin,0,sizeof(rpin)); if (status != CKR_OK) { SCerr(SCERR_F_SCINIT,SCERR_R_LOGIN); ERR_add_error_data(1,sc_ERR_code(status)); return SCERR_R_LOGIN; } return 0; } /*********************************************************************/ int sc_final( CK_SESSION_HANDLE sessionHandle) { CK_RV status; status = (*(pFunctionList->C_Logout))(sessionHandle); status = (*(pFunctionList->C_CloseSession))(sessionHandle); return 0; } /*******************************************************************/ /* find and get data off the card */ /*******************************************************************/ int sc_get_rsa_priv_key_obj( CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPrivKey, RSA ** nrkey) { CK_RV sc_status; CK_BYTE_PTR pModulus = NULL; CK_BYTE_PTR pExponent = NULL; CK_ATTRIBUTE template[] = { {CKA_MODULUS, NULL_PTR, 0}, {CKA_PUBLIC_EXPONENT, NULL_PTR, 0} }; RSA * rsa = NULL; RSA_METHOD * ometh = NULL; RSA_METHOD * nmeth = NULL; rsa = RSA_new(); /* * set to use our method for this key. i * This will use the smart card for this key * But to do this requires us to copy the RSA method, and * replace two routines. This is done this way to avoid * chanfges to the SSLeay, and since these routines are not * exported in the Win32 DLL. */ nmeth = (RSA_METHOD *)malloc(sizeof(RSA_METHOD)); if (!nmeth) { return 1; /* DEE need to fix */ } ometh = rsa->meth; nmeth->name = ometh->name; nmeth->rsa_pub_enc = ometh->rsa_pub_enc; nmeth->rsa_pub_dec = ometh->rsa_pub_dec; nmeth->rsa_priv_enc = sc_RSA_eay_private_encrypt; nmeth->rsa_priv_dec = sc_RSA_eay_private_decrypt; nmeth->rsa_mod_exp = ometh->rsa_mod_exp; nmeth->bn_mod_exp = ometh->bn_mod_exp; nmeth->init = ometh->init; nmeth->finish = ometh->finish; nmeth->flags = ometh->flags; nmeth->app_data = ometh->app_data; rsa->meth = nmeth; RSA_set_ex_data(rsa,SC_RSA_EX_DATA_INDEX_SESSION,(char *) hSession); RSA_set_ex_data(rsa,SC_RSA_EX_DATA_INDEX_OBJECT, (char *) hPrivKey); sc_status = (*(pFunctionList->C_GetAttributeValue)) (hSession, hPrivKey, template, 2); /* * HACK for the LITRONIC cards, as the RSA PKCS11 says * Section 9.7.1, the card must return the Modulus */ if (sc_status == CKR_ATTRIBUTE_TYPE_INVALID) { *nrkey = rsa; return 0; } if (sc_status == CKR_OK) { pModulus = (CK_BYTE_PTR) malloc(template[0].ulValueLen); template[0].pValue = pModulus; pExponent = (CK_BYTE_PTR) malloc(template[1].ulValueLen); template[1].pValue = pExponent; sc_status = (*(pFunctionList->C_GetAttributeValue))(hSession, hPrivKey, template, 1); } if (sc_status != CKR_OK) { SCerr(SCERR_F_GET_RSA_PRIV_KEY_OBJ,SCERR_R_GETATTRVAL); ERR_add_error_data(1,sc_ERR_code(sc_status)); free(pModulus); free(pExponent); return 1; } rsa->n = BN_bin2bn(pModulus,template[0].ulValueLen,NULL); rsa->e = BN_bin2bn(pExponent,template[1].ulValueLen,NULL); free(pModulus); free(pExponent); *nrkey = rsa; return 0; } /*******************************************************************/ int sc_get_priv_key_obj( CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPrivKey, EVP_PKEY ** npkey) { int rc; CK_RV sc_status; CK_KEY_TYPE keyType = 0; CK_ATTRIBUTE template[] = { {CKA_KEY_TYPE, &keyType, sizeof(keyType)} }; RSA * newrkey = NULL; EVP_PKEY * upkey=NULL; upkey = EVP_PKEY_new(); /* We should look at the attribute of the key found to * deside if it is RSA or DSA, then call correct routine. * For now only support RSA. */ sc_status = (*(pFunctionList->C_GetAttributeValue))(hSession, hPrivKey, template, 1); if (sc_status != CKR_OK) { SCerr(SCERR_F_GET_PRIV_KEY_OBJ,SCERR_R_GETATTRVAL); ERR_add_error_data(1,sc_ERR_code(sc_status)); return 1; } switch (keyType) { case (CKK_RSA): rc = sc_get_rsa_priv_key_obj(hSession, hPrivKey, &newrkey); if (rc) { return rc; } EVP_PKEY_assign(upkey, EVP_PKEY_RSA, (char *)newrkey); break; default: SCerr(SCERR_F_GET_PRIV_KEY_OBJ,SCERR_R_UNSUPPORTED); return 1; } *npkey = upkey; return 0; } /*******************************************************************/ int sc_get_priv_key_obj_by_label( CK_SESSION_HANDLE hSession, char * mylabel, EVP_PKEY ** npkey) { int rc; CK_OBJECT_HANDLE hKey; rc = sc_find_priv_key_obj_by_label(hSession,mylabel,&hKey); if (rc) { return rc; } return sc_get_priv_key_obj(hSession, hKey, npkey); } /*******************************************************************/ int sc_find_priv_key_obj_by_label( CK_SESSION_HANDLE hSession, char * mylabel, CK_OBJECT_HANDLE_PTR phPrivKey) { CK_RV status; CK_KEY_TYPE keyType = CKK_RSA; CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY; CK_BBOOL true = TRUE; CK_BBOOL false = FALSE; CK_ATTRIBUTE template[20]; int ai; int li = -1; int rc; ai = 0; template[ai].type = CKA_CLASS; template[ai].pValue = &keyClass; template[ai].ulValueLen = sizeof(keyClass); ai++; template[ai].type = CKA_TOKEN; template[ai].pValue = &true; template[ai].ulValueLen = sizeof(true); ai++; if (strlen(mylabel)) { template[ai].type = CKA_LABEL; template[ai].pValue = mylabel; template[ai].ulValueLen = strlen(mylabel) + HACK_PKCS11_LOCAL_STRING_NULL; li = ai; ai++; } rc = sc_find_one_obj(hSession, template, ai, phPrivKey); /* * we may or may not have a null as part of the name, * so we will try again this is a modified HACK * If we added the NULL to the test, we wont this time. * If we did not, we will this time. */ if (rc && li >= 0) { template[li].ulValueLen += 1 - 2 * HACK_PKCS11_LOCAL_STRING_NULL; rc = sc_find_one_obj(hSession, template, ai, phPrivKey); } if (rc) { SCerr(SCERR_F_GET_PRIV_KEY_BY_LABEL,SCERR_R_FIND_FAILED); return 1; } return 0; } /*****************************************************************/ int sc_find_one_obj( CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR template, int ai, CK_OBJECT_HANDLE_PTR phObject) { CK_RV status; CK_ULONG ulObjectCount; status = (*(pFunctionList->C_FindObjectsInit))(hSession,template,ai); if (status != CKR_OK) { SCerr(SCERR_F_FIND_ONE_OBJ,SCERR_R_FINDOBJINIT); ERR_add_error_data(1,sc_ERR_code(status)); return 1; } ulObjectCount = 0; status = (*(pFunctionList->C_FindObjects))(hSession, phObject, 1, &ulObjectCount); (*(pFunctionList->C_FindObjectsFinal))(hSession); if (status != CKR_OK) { SCerr(SCERR_F_FIND_ONE_OBJ,SCERR_R_FINDOBJ); ERR_add_error_data(1,sc_ERR_code(status)); return 1; } if (ulObjectCount != 1) { SCerr(SCERR_F_FIND_ONE_OBJ,SCERR_R_FOUNDMANY); return 1; } return 0; } /*******************************************************************/ /* find and get certificates off of card */ /*******************************************************************/ int sc_get_cert_obj( CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hCert, X509 ** ncert) { CK_RV sc_status; CK_BYTE_PTR pCert = NULL; unsigned char * tasn1; CK_ATTRIBUTE template[] = { {CKA_VALUE, NULL_PTR, 0} }; X509 * x509 = NULL; sc_status = (*(pFunctionList->C_GetAttributeValue))(hSession, hCert, template, 1); if (sc_status == CKR_OK) { pCert = (CK_BYTE_PTR) malloc(template[0].ulValueLen); template[0].pValue = pCert; } sc_status = (*(pFunctionList->C_GetAttributeValue))(hSession, hCert, template, 1); if (sc_status != CKR_OK) { SCerr(SCERR_F_GET_CERT_OBJ,SCERR_R_GETATTRVAL); ERR_add_error_data(1,sc_ERR_code(sc_status)); free(pCert); return 1; } tasn1 = pCert; x509 = d2i_X509(NULL,&tasn1,template[0].ulValueLen); if (x509 == NULL) { SCerr(SCERR_F_GET_CERT_OBJ,SCERR_R_BAD_CERT_OBJ); free(pCert); return 1; } *ncert = x509; free(pCert); return 0; } /*******************************************************************/ int sc_find_cert_obj_by_label( CK_SESSION_HANDLE hSession, char * mylabel, CK_OBJECT_HANDLE_PTR phCert) { CK_RV status; CK_CERTIFICATE_TYPE certType = CKC_X_509; CK_OBJECT_CLASS certClass = CKO_CERTIFICATE; CK_BBOOL true = TRUE; CK_BBOOL false = FALSE; CK_ULONG ulObjectCount; CK_ATTRIBUTE template[20]; int ai; int li = -1; int rc; ai = 0; template[ai].type = CKA_CLASS; template[ai].pValue = &certClass; template[ai].ulValueLen = sizeof(certClass); ai++; template[ai].type = CKA_CERTIFICATE_TYPE; template[ai].pValue = &certType; template[ai].ulValueLen = sizeof(certType); ai++; template[ai].type = CKA_TOKEN; template[ai].pValue = &true; template[ai].ulValueLen = sizeof(true); ai++; if (strlen(mylabel)) { template[ai].type = CKA_LABEL; template[ai].pValue = mylabel; template[ai].ulValueLen = strlen(mylabel) + HACK_PKCS11_LOCAL_STRING_NULL; li = ai; ai++; } rc = sc_find_one_obj(hSession, template, ai, phCert); /* * we may or may not have a null as part of the name, * so we will try again this is a modified HACK * If we added the NULL to the test, we wont this time. * If we did not, we will this time. */ if (rc && li >= 0) { template[li].ulValueLen += 1 - 2 * HACK_PKCS11_LOCAL_STRING_NULL; rc = sc_find_one_obj(hSession, template, ai, phCert); } if (rc) { SCerr(SCERR_F_FIND_CERT_BY_LABEL,SCERR_R_FIND_FAILED); return 1; } return 0; } /*******************************************************************/ int sc_get_cert_obj_by_label( CK_SESSION_HANDLE hSession, char * mylabel, X509 ** ncert) { int rc; CK_OBJECT_HANDLE hCert; rc = sc_find_cert_obj_by_label(hSession,mylabel,&hCert); if (rc) { return rc; } return sc_get_cert_obj(hSession, hCert, ncert); } /****************************************************************/ static int sc_RSA_eay_private_encrypt( int flen, unsigned char * from, unsigned char * to, RSA * rsa, int padding) { CK_ULONG ulsiglen; CK_MECHANISM_PTR pMech = NULL; CK_MECHANISM m_rsa_pkcs = {CKM_RSA_PKCS, 0,0}; CK_MECHANISM m_rsa_raw = {CKM_RSA_X_509, 0,0}; CK_RV ck_status; CK_SESSION_HANDLE hSession; CK_OBJECT_HANDLE hObject; hSession = (CK_SESSION_HANDLE )RSA_get_ex_data( rsa, SC_RSA_EX_DATA_INDEX_SESSION); hObject = (CK_OBJECT_HANDLE) RSA_get_ex_data( rsa, SC_RSA_EX_DATA_INDEX_OBJECT); switch (padding) { case RSA_PKCS1_PADDING: pMech = &m_rsa_pkcs; break; case RSA_NO_PADDING: pMech = &m_rsa_raw; break; case RSA_SSLV23_PADDING: default: RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); } if (pMech == NULL) { return 0; } ck_status = (*(pFunctionList->C_SignInit))(hSession, pMech, hObject); if (ck_status != CKR_OK) { SCerr(SCERR_F_RSA_ENCRYPT,SCERR_R_SIGNINIT); ERR_add_error_data(1,sc_ERR_code(ck_status)); return 0; } ck_status = (*(pFunctionList->C_Sign))(hSession, from, flen, to, &ulsiglen); if (ck_status != CKR_OK) { SCerr(SCERR_F_RSA_ENCRYPT,SCERR_R_SIGN); ERR_add_error_data(1,sc_ERR_code(ck_status)); return 0; } return ulsiglen; } /***************************************************************/ static int sc_RSA_eay_private_decrypt( int flen, unsigned char * from, unsigned char * to, RSA * rsa, int padding) { CK_ULONG ulsiglen; CK_MECHANISM_PTR pMech = NULL; CK_MECHANISM m_rsa_pkcs = {CKM_RSA_PKCS, 0,0}; CK_MECHANISM m_rsa_raw = {CKM_RSA_X_509, 0,0}; CK_RV ck_status; CK_SESSION_HANDLE hSession; CK_OBJECT_HANDLE hObject; hSession = (CK_SESSION_HANDLE )RSA_get_ex_data( rsa, SC_RSA_EX_DATA_INDEX_SESSION); hObject = (CK_OBJECT_HANDLE) RSA_get_ex_data( rsa, SC_RSA_EX_DATA_INDEX_OBJECT); switch (padding) { case RSA_PKCS1_PADDING: pMech = &m_rsa_pkcs; break; case RSA_NO_PADDING: pMech = &m_rsa_raw; break; case RSA_SSLV23_PADDING: default: RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); } if (pMech == NULL) { return 0; } ulsiglen = BN_num_bytes(rsa->n); ck_status = (*(pFunctionList->C_SignRecoverInit))(hSession, pMech, hObject); if (ck_status != CKR_OK) { SCerr(SCERR_F_RSA_DECRYPT,SCERR_R_SIGNRECINIT); ERR_add_error_data(1,sc_ERR_code(ck_status)); return 0; } ck_status = (*(pFunctionList->C_SignRecover))(hSession, from, flen, to, &ulsiglen); if (ck_status != CKR_OK) { SCerr(SCERR_F_RSA_DECRYPT,SCERR_R_SIGNREC); ERR_add_error_data(1,sc_ERR_code(ck_status)); return 0; } return ulsiglen; } #endif /*USE_PKCS11*/ voms-2.1.2/src/sslutils/scutils.h000066400000000000000000000163551477131364200170320ustar00rootroot00000000000000/********************************************************************** scutils.h: Description: This header file used internally for smart card access via PKCS11 For windows we can dynamicly load, and so PKCS#11 support can allways be compiled, as we now have the RSA header files included from the PKCS#11 2.01 version **********************************************************************/ #ifndef VOMS_SCUTILS_H #define VOMS_SCUTILS_H /********************************************************************** Include header files **********************************************************************/ #ifndef NO_GSSAPI_CONFIG_H #include "gssapi_config.h" #endif #include #include "ssl.h" #include "err.h" #include "bio.h" #include "pem.h" #include "x509.h" #include "stack.h" #include "evp.h" #include "rsa.h" #include "pkcs11.h" #ifdef USE_TYPEMAP #include "typemap.h" #endif /********************************************************************** Define constants **********************************************************************/ /* RSA PKCS#11 says local strings donot include the null, * but examples do. Litronics writes the null in their labels * and expect them when formating. * The following will be added when writing a label or * other local string which might have this problem. * If other cards dont require, or this gets fixed, * set this to 0 * * This was with Litronic before NetSign 2.0 * * We have added code to try with and without the null, * So set this to 0 for now. */ #define HACK_PKCS11_LOCAL_STRING_NULL 0 /* * We need to store the session and object handles with the key. * In order to avoid changes to SSLeay, for the RSA structire, * we will use two of the ex_data fields, by grabing 3 and 4. * This may be a problem in future versions. * These are used by the _get_ key routines when creating * the key structure below, and by the sc_RSA_eay routines when * they go to use the key. */ #define SC_RSA_EX_DATA_INDEX_SESSION 3 #define SC_RSA_EX_DATA_INDEX_OBJECT 4 /* Location where the SCERR library will be stored */ #define ERR_USER_LIB_SCERR_NUMBER ((ERR_LIB_USER) + 1) /* * Use the SSLeay error facility with the ERR_LIB_USER */ #define SCerr(f,r) ERR_PUT_error(ERR_USER_LIB_SCERR_NUMBER,(f),(r),__FILE__,__LINE__) /* * defines for function codes our minor error codes */ #define SCERR_F_RSA_ENCRYPT 100 #define SCERR_F_RSA_DECRYPT 101 #define SCERR_F_SCINIT 102 #define SCERR_F_CREATE_DATA_OBJ 103 #define SCERR_F_CREATE_CERT_OBJ 104 #define SCERR_F_CREATE_RSA_PRIV_KEY_OBJ 105 #define SCERR_F_CREATE_PRIV_KEY_OBJ 106 #define SCERR_F_GET_RSA_PRIV_KEY_OBJ 107 #define SCERR_F_GET_PRIV_KEY_OBJ 108 #define SCERR_F_GET_PRIV_KEY_BY_LABEL 109 #define SCERR_F_GET_CERT_OBJ 110 #define SCERR_F_FIND_ONE_OBJ 111 #define SCERR_F_FIND_CERT_BY_LABEL 112 #define SCERR_F_LOAD_DLL 113 /* * defines for reasons */ #define SCERR_R_BASE 1500 #define SCERR_R_PKCS11_ERROR SCERR_R_BASE + 1 #define SCERR_R_SIGNINIT SCERR_R_BASE + 2 #define SCERR_R_SIGN SCERR_R_BASE + 3 #define SCERR_R_SIGNRECINIT SCERR_R_BASE + 4 #define SCERR_R_SIGNREC SCERR_R_BASE + 5 #define SCERR_R_INITIALIZE SCERR_R_BASE + 6 #define SCERR_R_GETSLOTLIST SCERR_R_BASE + 7 #define SCERR_R_OPENSESSION SCERR_R_BASE + 8 #define SCERR_R_LOGIN SCERR_R_BASE + 9 #define SCERR_R_CREATEOBJ SCERR_R_BASE + 10 #define SCERR_R_UNSUPPORTED SCERR_R_BASE + 11 #define SCERR_R_GETATTRVAL SCERR_R_BASE + 12 #define SCERR_R_FINDOBJINIT SCERR_R_BASE + 13 #define SCERR_R_FINDOBJ SCERR_R_BASE + 14 #define SCERR_R_FOUNDMANY SCERR_R_BASE + 15 #define SCERR_R_BAD_CERT_OBJ SCERR_R_BASE + 16 #define SCERR_R_FIND_FAILED SCERR_R_BASE + 17 #define SCERR_R_NO_PKCS11_DLL SCERR_R_BASE + 18 /* NOTE: Reason codes are limited to <4096 by openssl error handler */ /********************************************************************** Type definitions **********************************************************************/ /********************************************************************** Global variables *********************************************************************/ /* The pFunctionList is a pointer to the PKCS11 list * of functions which is in the lib or DLL. * It is initialized once on the first call to the * sc_init() by sc_get_funct_list() */ extern CK_FUNCTION_LIST_PTR pFunctionList; /********************************************************************** Function prototypes **********************************************************************/ int ERR_load_scerr_strings(int i); char * sc_ERR_code(CK_RV status); CK_FUNCTION_LIST_PTR sc_get_function_list(); int sc_init(CK_SESSION_HANDLE_PTR PsessionHandle, char *card, CK_SLOT_ID_PTR pslot, char * ppin, CK_USER_TYPE userType, int initialized); int sc_init_one(CK_SLOT_ID_PTR pslot); int sc_init_info(CK_SLOT_ID_PTR pslot, CK_TOKEN_INFO_PTR ptokenInfo); int sc_init_open_login(CK_SESSION_HANDLE_PTR PsessionHandle, CK_SLOT_ID_PTR pslot, char * ppin, CK_USER_TYPE userType); int sc_final(CK_SESSION_HANDLE sessionHandle); int sc_create_data_obj(CK_SESSION_HANDLE sessionHandle, char *mylabel, char *myvalue, int mylen); int sc_create_rsa_priv_key_obj(CK_SESSION_HANDLE sessionHandle, char *mylabel, RSA *rkey); int sc_create_priv_key_obj(CK_SESSION_HANDLE sessionHandle, char *mylabel, EVP_PKEY *key); int sc_create_cert_obj(CK_SESSION_HANDLE sessionHandle, char *mylabel, X509 *ucert); /**********************/ int sc_get_rsa_priv_key_obj(CK_SESSION_HANDLE sessionHandle, CK_OBJECT_HANDLE hPrivKey, RSA ** nrkey); int sc_get_priv_key_obj(CK_SESSION_HANDLE sessionHandle, CK_OBJECT_HANDLE hPrivKey, EVP_PKEY ** nkey); int sc_get_priv_key_obj_by_label(CK_SESSION_HANDLE sessionHandle, char *mylabel, EVP_PKEY ** nkey); int sc_get_cert_obj_by_label(CK_SESSION_HANDLE sessionHandle, char *mylabel, X509 ** ncert); int sc_find_one_obj(CK_SESSION_HANDLE sessionHandle, CK_ATTRIBUTE_PTR template, int ai, CK_OBJECT_HANDLE_PTR phObject); int sc_find_priv_key_obj_by_label(CK_SESSION_HANDLE sessionHandle, char * mylabel, CK_OBJECT_HANDLE_PTR phPrivKey); int sc_find_cert_obj_by_label(CK_SESSION_HANDLE hSession, char * mylabel, CK_OBJECT_HANDLE_PTR phCert); int sc_find_cert_obj_by_subject(CK_SESSION_HANDLE hSession, X509_NAME * x509name, CK_OBJECT_HANDLE_PTR phCert); /************************************************************************/ /* replacement RSA_PKCS1_SSLeay routines which will use the key on the */ /* smart card We have our own method which will call PKCS11 */ /* These are in sc_rsa_ssleay.c */ /************************************************************************/ RSA_METHOD * sc_RSA_PKCS1_SSLeay(); #endif /* _SCUTILS_H */ voms-2.1.2/src/sslutils/signing_policy.c000066400000000000000000001573561477131364200203630ustar00rootroot00000000000000/* A Bison parser, made by GNU Bison 3.7.4. */ /* Bison implementation for Yacc-like parsers in C Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* C LALR(1) parser skeleton written by Richard Stallman, by simplifying the original so-called "semantic" parser. */ /* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, especially those whose name start with YY_ or yy_. They are private implementation details that can be changed or removed. */ /* All symbols defined below should begin with yy or YY, to avoid infringing on user name space. This should be done even for local variables, as they might otherwise be expanded by user macros. There are some unavoidable exceptions within include files to define necessary library symbols; they are noted "INFRINGES ON USER NAME SPACE" below. */ /* Identify Bison output, and Bison version. */ #define YYBISON 30704 /* Bison version string. */ #define YYBISON_VERSION "3.7.4" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" /* Pure parsers. */ #define YYPURE 1 /* Push parsers. */ #define YYPUSH 0 /* Pull parsers. */ #define YYPULL 1 /* Substitute the variable and function names. */ #define yyparse signingparse #define yylex signinglex #define yyerror signingerror #define yydebug signingdebug #define yynerrs signingnerrs /* First part of user prologue. */ #line 1 "signing_policy.y" /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include #include "parsertypes.h" #include "lexparse.h" #include "listfunc.h" char **parse_subjects(char *string); void signingerror(void *policies, void *scanner, char const *msg); #line 116 "signing_policy.c" # ifndef YY_CAST # ifdef __cplusplus # define YY_CAST(Type, Val) static_cast (Val) # define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast (Val) # else # define YY_CAST(Type, Val) ((Type) (Val)) # define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val)) # endif # endif # ifndef YY_NULLPTR # if defined __cplusplus # if 201103L <= __cplusplus # define YY_NULLPTR nullptr # else # define YY_NULLPTR 0 # endif # else # define YY_NULLPTR ((void*)0) # endif # endif #include "signing_policy.h" /* Symbol kind. */ enum yysymbol_kind_t { YYSYMBOL_YYEMPTY = -2, YYSYMBOL_YYEOF = 0, /* "end of file" */ YYSYMBOL_YYerror = 1, /* error */ YYSYMBOL_YYUNDEF = 2, /* "invalid token" */ YYSYMBOL_SUBJECTS = 3, /* SUBJECTS */ YYSYMBOL_COND_SUBJECTS = 4, /* COND_SUBJECTS */ YYSYMBOL_COND_BANNED = 5, /* COND_BANNED */ YYSYMBOL_GLOBUS = 6, /* GLOBUS */ YYSYMBOL_POS_RIGHTS = 7, /* POS_RIGHTS */ YYSYMBOL_NEG_RIGHTS = 8, /* NEG_RIGHTS */ YYSYMBOL_CA_SIGN = 9, /* CA_SIGN */ YYSYMBOL_ACCESS_ID_CA = 10, /* ACCESS_ID_CA */ YYSYMBOL_ACCESS_ID_ANYBODY = 11, /* ACCESS_ID_ANYBODY */ YYSYMBOL_X509 = 12, /* X509 */ YYSYMBOL_YYACCEPT = 13, /* $accept */ YYSYMBOL_eacl = 14, /* eacl */ YYSYMBOL_eacl_entry = 15, /* eacl_entry */ YYSYMBOL_access_identities = 16, /* access_identities */ YYSYMBOL_restrictions = 17, /* restrictions */ YYSYMBOL_access_identity = 18, /* access_identity */ YYSYMBOL_realcondition = 19 /* realcondition */ }; typedef enum yysymbol_kind_t yysymbol_kind_t; #ifdef short # undef short #endif /* On compilers that do not define __PTRDIFF_MAX__ etc., make sure and (if available) are included so that the code can choose integer types of a good width. */ #ifndef __PTRDIFF_MAX__ # include /* INFRINGES ON USER NAME SPACE */ # if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ # include /* INFRINGES ON USER NAME SPACE */ # define YY_STDINT_H # endif #endif /* Narrow types that promote to a signed type and that can represent a signed or unsigned integer of at least N bits. In tables they can save space and decrease cache pressure. Promoting to a signed type helps avoid bugs in integer arithmetic. */ #ifdef __INT_LEAST8_MAX__ typedef __INT_LEAST8_TYPE__ yytype_int8; #elif defined YY_STDINT_H typedef int_least8_t yytype_int8; #else typedef signed char yytype_int8; #endif #ifdef __INT_LEAST16_MAX__ typedef __INT_LEAST16_TYPE__ yytype_int16; #elif defined YY_STDINT_H typedef int_least16_t yytype_int16; #else typedef short yytype_int16; #endif #if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__ typedef __UINT_LEAST8_TYPE__ yytype_uint8; #elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \ && UINT_LEAST8_MAX <= INT_MAX) typedef uint_least8_t yytype_uint8; #elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX typedef unsigned char yytype_uint8; #else typedef short yytype_uint8; #endif #if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__ typedef __UINT_LEAST16_TYPE__ yytype_uint16; #elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \ && UINT_LEAST16_MAX <= INT_MAX) typedef uint_least16_t yytype_uint16; #elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX typedef unsigned short yytype_uint16; #else typedef int yytype_uint16; #endif #ifndef YYPTRDIFF_T # if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__ # define YYPTRDIFF_T __PTRDIFF_TYPE__ # define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__ # elif defined PTRDIFF_MAX # ifndef ptrdiff_t # include /* INFRINGES ON USER NAME SPACE */ # endif # define YYPTRDIFF_T ptrdiff_t # define YYPTRDIFF_MAXIMUM PTRDIFF_MAX # else # define YYPTRDIFF_T long # define YYPTRDIFF_MAXIMUM LONG_MAX # endif #endif #ifndef YYSIZE_T # ifdef __SIZE_TYPE__ # define YYSIZE_T __SIZE_TYPE__ # elif defined size_t # define YYSIZE_T size_t # elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ # include /* INFRINGES ON USER NAME SPACE */ # define YYSIZE_T size_t # else # define YYSIZE_T unsigned # endif #endif #define YYSIZE_MAXIMUM \ YY_CAST (YYPTRDIFF_T, \ (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1) \ ? YYPTRDIFF_MAXIMUM \ : YY_CAST (YYSIZE_T, -1))) #define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X)) /* Stored state numbers (used for stacks). */ typedef yytype_int8 yy_state_t; /* State numbers in computations. */ typedef int yy_state_fast_t; #ifndef YY_ # if defined YYENABLE_NLS && YYENABLE_NLS # if ENABLE_NLS # include /* INFRINGES ON USER NAME SPACE */ # define YY_(Msgid) dgettext ("bison-runtime", Msgid) # endif # endif # ifndef YY_ # define YY_(Msgid) Msgid # endif #endif #ifndef YY_ATTRIBUTE_PURE # if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__) # define YY_ATTRIBUTE_PURE __attribute__ ((__pure__)) # else # define YY_ATTRIBUTE_PURE # endif #endif #ifndef YY_ATTRIBUTE_UNUSED # if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__) # define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) # else # define YY_ATTRIBUTE_UNUSED # endif #endif /* Suppress unused-variable warnings by "using" E. */ #if ! defined lint || defined __GNUC__ # define YYUSE(E) ((void) (E)) #else # define YYUSE(E) /* empty */ #endif #if defined __GNUC__ && ! defined __ICC && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ /* Suppress an incorrect diagnostic about yylval being uninitialized. */ # define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ _Pragma ("GCC diagnostic push") \ _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") # define YY_IGNORE_MAYBE_UNINITIALIZED_END \ _Pragma ("GCC diagnostic pop") #else # define YY_INITIAL_VALUE(Value) Value #endif #ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN # define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN # define YY_IGNORE_MAYBE_UNINITIALIZED_END #endif #ifndef YY_INITIAL_VALUE # define YY_INITIAL_VALUE(Value) /* Nothing. */ #endif #if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__ # define YY_IGNORE_USELESS_CAST_BEGIN \ _Pragma ("GCC diagnostic push") \ _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"") # define YY_IGNORE_USELESS_CAST_END \ _Pragma ("GCC diagnostic pop") #endif #ifndef YY_IGNORE_USELESS_CAST_BEGIN # define YY_IGNORE_USELESS_CAST_BEGIN # define YY_IGNORE_USELESS_CAST_END #endif #define YY_ASSERT(E) ((void) (0 && (E))) #if 1 /* The parser invokes alloca or malloc; define the necessary symbols. */ # ifdef YYSTACK_USE_ALLOCA # if YYSTACK_USE_ALLOCA # ifdef __GNUC__ # define YYSTACK_ALLOC __builtin_alloca # elif defined __BUILTIN_VA_ARG_INCR # include /* INFRINGES ON USER NAME SPACE */ # elif defined _AIX # define YYSTACK_ALLOC __alloca # elif defined _MSC_VER # include /* INFRINGES ON USER NAME SPACE */ # define alloca _alloca # else # define YYSTACK_ALLOC alloca # if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS # include /* INFRINGES ON USER NAME SPACE */ /* Use EXIT_SUCCESS as a witness for stdlib.h. */ # ifndef EXIT_SUCCESS # define EXIT_SUCCESS 0 # endif # endif # endif # endif # endif # ifdef YYSTACK_ALLOC /* Pacify GCC's 'empty if-body' warning. */ # define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) # ifndef YYSTACK_ALLOC_MAXIMUM /* The OS might guarantee only one guard page at the bottom of the stack, and a page size can be as small as 4096 bytes. So we cannot safely invoke alloca (N) if N exceeds 4096. Use a slightly smaller number to allow for a few compiler-allocated temporary stack slots. */ # define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ # endif # else # define YYSTACK_ALLOC YYMALLOC # define YYSTACK_FREE YYFREE # ifndef YYSTACK_ALLOC_MAXIMUM # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM # endif # if (defined __cplusplus && ! defined EXIT_SUCCESS \ && ! ((defined YYMALLOC || defined malloc) \ && (defined YYFREE || defined free))) # include /* INFRINGES ON USER NAME SPACE */ # ifndef EXIT_SUCCESS # define EXIT_SUCCESS 0 # endif # endif # ifndef YYMALLOC # define YYMALLOC malloc # if ! defined malloc && ! defined EXIT_SUCCESS void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ # endif # endif # ifndef YYFREE # define YYFREE free # if ! defined free && ! defined EXIT_SUCCESS void free (void *); /* INFRINGES ON USER NAME SPACE */ # endif # endif # endif #endif /* 1 */ #if (! defined yyoverflow \ && (! defined __cplusplus \ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) /* A type that is properly aligned for any stack member. */ union yyalloc { yy_state_t yyss_alloc; YYSTYPE yyvs_alloc; }; /* The size of the maximum gap between one aligned stack and the next. */ # define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1) /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) # define YYCOPY_NEEDED 1 /* Relocate STACK from its old location to the new one. The local variables YYSIZE and YYSTACKSIZE give the old and new number of elements in the stack, and YYPTR gives the new location of the stack. Advance YYPTR to a properly aligned location for the next stack. */ # define YYSTACK_RELOCATE(Stack_alloc, Stack) \ do \ { \ YYPTRDIFF_T yynewbytes; \ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ Stack = &yyptr->Stack_alloc; \ yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \ yyptr += yynewbytes / YYSIZEOF (*yyptr); \ } \ while (0) #endif #if defined YYCOPY_NEEDED && YYCOPY_NEEDED /* Copy COUNT objects from SRC to DST. The source and destination do not overlap. */ # ifndef YYCOPY # if defined __GNUC__ && 1 < __GNUC__ # define YYCOPY(Dst, Src, Count) \ __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src))) # else # define YYCOPY(Dst, Src, Count) \ do \ { \ YYPTRDIFF_T yyi; \ for (yyi = 0; yyi < (Count); yyi++) \ (Dst)[yyi] = (Src)[yyi]; \ } \ while (0) # endif # endif #endif /* !YYCOPY_NEEDED */ /* YYFINAL -- State number of the termination state. */ #define YYFINAL 8 /* YYLAST -- Last index in YYTABLE. */ #define YYLAST 21 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 13 /* YYNNTS -- Number of nonterminals. */ #define YYNNTS 7 /* YYNRULES -- Number of rules. */ #define YYNRULES 12 /* YYNSTATES -- Number of states. */ #define YYNSTATES 27 /* YYMAXUTOK -- Last valid token kind. */ #define YYMAXUTOK 267 /* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM as returned by yylex, with out-of-bounds checking. */ #define YYTRANSLATE(YYX) \ (0 <= (YYX) && (YYX) <= YYMAXUTOK \ ? YY_CAST (yysymbol_kind_t, yytranslate[YYX]) \ : YYSYMBOL_YYUNDEF) /* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM as returned by yylex. */ static const yytype_int8 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_uint8 yyrline[] = { 0, 73, 73, 74, 76, 82, 88, 92, 95, 100, 115, 119, 132 }; #endif /** Accessing symbol of state STATE. */ #define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State]) #if 1 /* The user-facing name of the symbol whose (internal) number is YYSYMBOL. No bounds checking. */ static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED; /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { "\"end of file\"", "error", "\"invalid token\"", "SUBJECTS", "COND_SUBJECTS", "COND_BANNED", "GLOBUS", "POS_RIGHTS", "NEG_RIGHTS", "CA_SIGN", "ACCESS_ID_CA", "ACCESS_ID_ANYBODY", "X509", "$accept", "eacl", "eacl_entry", "access_identities", "restrictions", "access_identity", "realcondition", YY_NULLPTR }; static const char * yysymbol_name (yysymbol_kind_t yysymbol) { return yytname[yysymbol]; } #endif #ifdef YYPRINT /* YYTOKNUM[NUM] -- (External) token number corresponding to the (internal) symbol number NUM (which must be that of a token). */ static const yytype_int16 yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267 }; #endif #define YYPACT_NINF (-16) #define yypact_value_is_default(Yyn) \ ((Yyn) == YYPACT_NINF) #define YYTABLE_NINF (-1) #define yytable_value_is_error(Yyn) \ 0 /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ static const yytype_int8 yypact[] = { -8, 1, -16, 0, -16, -1, -16, 9, -16, -16, -2, 8, -16, 6, 7, 4, 4, 11, 12, -16, 4, -16, 16, 17, -16, -16, -16 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. Performed when YYTABLE does not specify something else to do. Zero means the default is an error. */ static const yytype_int8 yydefact[] = { 0, 0, 10, 0, 2, 0, 6, 0, 1, 3, 0, 0, 9, 0, 0, 0, 0, 0, 0, 4, 7, 5, 0, 0, 8, 11, 12 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int8 yypgoto[] = { -16, -16, 18, -16, -15, -16, -16 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int8 yydefgoto[] = { -1, 3, 4, 5, 19, 6, 20 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If positive, shift that token. If negative, reduce the rule whose number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_int8 yytable[] = { 8, 21, 1, 2, 13, 24, 10, 11, 17, 18, 1, 2, 12, 7, 14, 15, 16, 22, 23, 25, 26, 9 }; static const yytype_int8 yycheck[] = { 0, 16, 10, 11, 6, 20, 7, 8, 4, 5, 10, 11, 3, 12, 6, 9, 9, 6, 6, 3, 3, 3 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_int8 yystos[] = { 0, 10, 11, 14, 15, 16, 18, 12, 0, 15, 7, 8, 3, 6, 6, 9, 9, 4, 5, 17, 19, 17, 6, 6, 17, 3, 3 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_int8 yyr1[] = { 0, 13, 14, 14, 15, 15, 16, 17, 17, 18, 18, 19, 19 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ static const yytype_int8 yyr2[] = { 0, 2, 1, 2, 5, 5, 1, 1, 2, 3, 1, 3, 3 }; enum { YYENOMEM = -2 }; #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) #define YYACCEPT goto yyacceptlab #define YYABORT goto yyabortlab #define YYERROR goto yyerrorlab #define YYRECOVERING() (!!yyerrstatus) #define YYBACKUP(Token, Value) \ do \ if (yychar == YYEMPTY) \ { \ yychar = (Token); \ yylval = (Value); \ YYPOPSTACK (yylen); \ yystate = *yyssp; \ goto yybackup; \ } \ else \ { \ yyerror (policies, scanner, YY_("syntax error: cannot back up")); \ YYERROR; \ } \ while (0) /* Backward compatibility with an undocumented macro. Use YYerror or YYUNDEF. */ #define YYERRCODE YYUNDEF /* Enable debugging if requested. */ #if YYDEBUG # ifndef YYFPRINTF # include /* INFRINGES ON USER NAME SPACE */ # define YYFPRINTF fprintf # endif # define YYDPRINTF(Args) \ do { \ if (yydebug) \ YYFPRINTF Args; \ } while (0) /* This macro is provided for backward compatibility. */ # ifndef YY_LOCATION_PRINT # define YY_LOCATION_PRINT(File, Loc) ((void) 0) # endif # define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ yy_symbol_print (stderr, \ Kind, Value, policies, scanner); \ YYFPRINTF (stderr, "\n"); \ } \ } while (0) /*-----------------------------------. | Print this symbol's value on YYO. | `-----------------------------------*/ static void yy_symbol_value_print (FILE *yyo, yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep, struct policy ***policies, void *scanner) { FILE *yyoutput = yyo; YYUSE (yyoutput); YYUSE (policies); YYUSE (scanner); if (!yyvaluep) return; # ifdef YYPRINT if (yykind < YYNTOKENS) YYPRINT (yyo, yytoknum[yykind], *yyvaluep); # endif YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN YYUSE (yykind); YY_IGNORE_MAYBE_UNINITIALIZED_END } /*---------------------------. | Print this symbol on YYO. | `---------------------------*/ static void yy_symbol_print (FILE *yyo, yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep, struct policy ***policies, void *scanner) { YYFPRINTF (yyo, "%s %s (", yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind)); yy_symbol_value_print (yyo, yykind, yyvaluep, policies, scanner); YYFPRINTF (yyo, ")"); } /*------------------------------------------------------------------. | yy_stack_print -- Print the state stack from its BOTTOM up to its | | TOP (included). | `------------------------------------------------------------------*/ static void yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop) { YYFPRINTF (stderr, "Stack now"); for (; yybottom <= yytop; yybottom++) { int yybot = *yybottom; YYFPRINTF (stderr, " %d", yybot); } YYFPRINTF (stderr, "\n"); } # define YY_STACK_PRINT(Bottom, Top) \ do { \ if (yydebug) \ yy_stack_print ((Bottom), (Top)); \ } while (0) /*------------------------------------------------. | Report that the YYRULE is going to be reduced. | `------------------------------------------------*/ static void yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp, int yyrule, struct policy ***policies, void *scanner) { int yylno = yyrline[yyrule]; int yynrhs = yyr2[yyrule]; int yyi; YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n", yyrule - 1, yylno); /* The symbols being reduced. */ for (yyi = 0; yyi < yynrhs; yyi++) { YYFPRINTF (stderr, " $%d = ", yyi + 1); yy_symbol_print (stderr, YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]), &yyvsp[(yyi + 1) - (yynrhs)], policies, scanner); YYFPRINTF (stderr, "\n"); } } # define YY_REDUCE_PRINT(Rule) \ do { \ if (yydebug) \ yy_reduce_print (yyssp, yyvsp, Rule, policies, scanner); \ } while (0) /* Nonzero means print parse trace. It is left uninitialized so that multiple parsers can coexist. */ int yydebug; #else /* !YYDEBUG */ # define YYDPRINTF(Args) ((void) 0) # define YY_SYMBOL_PRINT(Title, Kind, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ /* YYINITDEPTH -- initial size of the parser's stacks. */ #ifndef YYINITDEPTH # define YYINITDEPTH 200 #endif /* YYMAXDEPTH -- maximum size the stacks can grow to (effective only if the built-in stack extension method is used). Do not make this value too large; the results are undefined if YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ #ifndef YYMAXDEPTH # define YYMAXDEPTH 10000 #endif /* Context of a parse error. */ typedef struct { yy_state_t *yyssp; yysymbol_kind_t yytoken; } yypcontext_t; /* Put in YYARG at most YYARGN of the expected tokens given the current YYCTX, and return the number of tokens stored in YYARG. If YYARG is null, return the number of expected tokens (guaranteed to be less than YYNTOKENS). Return YYENOMEM on memory exhaustion. Return 0 if there are more than YYARGN expected tokens, yet fill YYARG up to YYARGN. */ static int yypcontext_expected_tokens (const yypcontext_t *yyctx, yysymbol_kind_t yyarg[], int yyargn) { /* Actual size of YYARG. */ int yycount = 0; int yyn = yypact[+*yyctx->yyssp]; if (!yypact_value_is_default (yyn)) { /* Start YYX at -YYN if negative to avoid negative indexes in YYCHECK. In other words, skip the first -YYN actions for this state because they are default actions. */ int yyxbegin = yyn < 0 ? -yyn : 0; /* Stay within bounds of both yycheck and yytname. */ int yychecklim = YYLAST - yyn + 1; int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; int yyx; for (yyx = yyxbegin; yyx < yyxend; ++yyx) if (yycheck[yyx + yyn] == yyx && yyx != YYSYMBOL_YYerror && !yytable_value_is_error (yytable[yyx + yyn])) { if (!yyarg) ++yycount; else if (yycount == yyargn) return 0; else yyarg[yycount++] = YY_CAST (yysymbol_kind_t, yyx); } } if (yyarg && yycount == 0 && 0 < yyargn) yyarg[0] = YYSYMBOL_YYEMPTY; return yycount; } #ifndef yystrlen # if defined __GLIBC__ && defined _STRING_H # define yystrlen(S) (YY_CAST (YYPTRDIFF_T, strlen (S))) # else /* Return the length of YYSTR. */ static YYPTRDIFF_T yystrlen (const char *yystr) { YYPTRDIFF_T yylen; for (yylen = 0; yystr[yylen]; yylen++) continue; return yylen; } # endif #endif #ifndef yystpcpy # if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE # define yystpcpy stpcpy # else /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in YYDEST. */ static char * yystpcpy (char *yydest, const char *yysrc) { char *yyd = yydest; const char *yys = yysrc; while ((*yyd++ = *yys++) != '\0') continue; return yyd - 1; } # endif #endif #ifndef yytnamerr /* Copy to YYRES the contents of YYSTR after stripping away unnecessary quotes and backslashes, so that it's suitable for yyerror. The heuristic is that double-quoting is unnecessary unless the string contains an apostrophe, a comma, or backslash (other than backslash-backslash). YYSTR is taken from yytname. If YYRES is null, do not copy; instead, return the length of what the result would have been. */ static YYPTRDIFF_T yytnamerr (char *yyres, const char *yystr) { if (*yystr == '"') { YYPTRDIFF_T yyn = 0; char const *yyp = yystr; for (;;) switch (*++yyp) { case '\'': case ',': goto do_not_strip_quotes; case '\\': if (*++yyp != '\\') goto do_not_strip_quotes; else goto append; append: default: if (yyres) yyres[yyn] = *yyp; yyn++; break; case '"': if (yyres) yyres[yyn] = '\0'; return yyn; } do_not_strip_quotes: ; } if (yyres) return yystpcpy (yyres, yystr) - yyres; else return yystrlen (yystr); } #endif static int yy_syntax_error_arguments (const yypcontext_t *yyctx, yysymbol_kind_t yyarg[], int yyargn) { /* Actual size of YYARG. */ int yycount = 0; /* There are many possibilities here to consider: - If this state is a consistent state with a default action, then the only way this function was invoked is if the default action is an error action. In that case, don't check for expected tokens because there are none. - The only way there can be no lookahead present (in yychar) is if this state is a consistent state with a default action. Thus, detecting the absence of a lookahead is sufficient to determine that there is no unexpected or expected token to report. In that case, just report a simple "syntax error". - Don't assume there isn't a lookahead just because this state is a consistent state with a default action. There might have been a previous inconsistent state, consistent state with a non-default action, or user semantic action that manipulated yychar. - Of course, the expected token list depends on states to have correct lookahead information, and it depends on the parser not to perform extra reductions after fetching a lookahead from the scanner and before detecting a syntax error. Thus, state merging (from LALR or IELR) and default reductions corrupt the expected token list. However, the list is correct for canonical LR with one exception: it will still contain any token that will not be accepted due to an error action in a later state. */ if (yyctx->yytoken != YYSYMBOL_YYEMPTY) { int yyn; if (yyarg) yyarg[yycount] = yyctx->yytoken; ++yycount; yyn = yypcontext_expected_tokens (yyctx, yyarg ? yyarg + 1 : yyarg, yyargn - 1); if (yyn == YYENOMEM) return YYENOMEM; else yycount += yyn; } return yycount; } /* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message about the unexpected token YYTOKEN for the state stack whose top is YYSSP. Return 0 if *YYMSG was successfully written. Return -1 if *YYMSG is not large enough to hold the message. In that case, also set *YYMSG_ALLOC to the required number of bytes. Return YYENOMEM if the required number of bytes is too large to store. */ static int yysyntax_error (YYPTRDIFF_T *yymsg_alloc, char **yymsg, const yypcontext_t *yyctx) { enum { YYARGS_MAX = 5 }; /* Internationalized format string. */ const char *yyformat = YY_NULLPTR; /* Arguments of yyformat: reported tokens (one for the "unexpected", one per "expected"). */ yysymbol_kind_t yyarg[YYARGS_MAX]; /* Cumulated lengths of YYARG. */ YYPTRDIFF_T yysize = 0; /* Actual size of YYARG. */ int yycount = yy_syntax_error_arguments (yyctx, yyarg, YYARGS_MAX); if (yycount == YYENOMEM) return YYENOMEM; switch (yycount) { #define YYCASE_(N, S) \ case N: \ yyformat = S; \ break default: /* Avoid compiler warnings. */ YYCASE_(0, YY_("syntax error")); YYCASE_(1, YY_("syntax error, unexpected %s")); YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); #undef YYCASE_ } /* Compute error message size. Don't count the "%s"s, but reserve room for the terminator. */ yysize = yystrlen (yyformat) - 2 * yycount + 1; { int yyi; for (yyi = 0; yyi < yycount; ++yyi) { YYPTRDIFF_T yysize1 = yysize + yytnamerr (YY_NULLPTR, yytname[yyarg[yyi]]); if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) yysize = yysize1; else return YYENOMEM; } } if (*yymsg_alloc < yysize) { *yymsg_alloc = 2 * yysize; if (! (yysize <= *yymsg_alloc && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; return -1; } /* Avoid sprintf, as that infringes on the user's name space. Don't have undefined behavior even if the translation produced a string with the wrong number of "%s"s. */ { char *yyp = *yymsg; int yyi = 0; while ((*yyp = *yyformat) != '\0') if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) { yyp += yytnamerr (yyp, yytname[yyarg[yyi++]]); yyformat += 2; } else { ++yyp; ++yyformat; } } return 0; } /*-----------------------------------------------. | Release the memory associated to this symbol. | `-----------------------------------------------*/ static void yydestruct (const char *yymsg, yysymbol_kind_t yykind, YYSTYPE *yyvaluep, struct policy ***policies, void *scanner) { YYUSE (yyvaluep); YYUSE (policies); YYUSE (scanner); if (!yymsg) yymsg = "Deleting"; YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp); YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN YYUSE (yykind); YY_IGNORE_MAYBE_UNINITIALIZED_END } /*----------. | yyparse. | `----------*/ int yyparse (struct policy ***policies, void *scanner) { /* Lookahead token kind. */ int yychar; /* The semantic value of the lookahead symbol. */ /* Default value used for initialization, for pacifying older GCCs or non-GCC compilers. */ YY_INITIAL_VALUE (static YYSTYPE yyval_default;) YYSTYPE yylval YY_INITIAL_VALUE (= yyval_default); /* Number of syntax errors so far. */ int yynerrs = 0; yy_state_fast_t yystate = 0; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus = 0; /* Refer to the stacks through separate pointers, to allow yyoverflow to reallocate them elsewhere. */ /* Their size. */ YYPTRDIFF_T yystacksize = YYINITDEPTH; /* The state stack: array, bottom, top. */ yy_state_t yyssa[YYINITDEPTH]; yy_state_t *yyss = yyssa; yy_state_t *yyssp = yyss; /* The semantic value stack: array, bottom, top. */ YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs = yyvsa; YYSTYPE *yyvsp = yyvs; int yyn; /* The return value of yyparse. */ int yyresult; /* Lookahead symbol kind. */ yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY; /* The variables used to return semantic value and location from the action routines. */ YYSTYPE yyval; /* Buffer for error messages, and its allocated size. */ char yymsgbuf[128]; char *yymsg = yymsgbuf; YYPTRDIFF_T yymsg_alloc = sizeof yymsgbuf; #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) /* The number of symbols on the RHS of the reduced rule. Keep to zero when no symbol should be popped. */ int yylen = 0; YYDPRINTF ((stderr, "Starting parse\n")); yychar = YYEMPTY; /* Cause a token to be read. */ goto yysetstate; /*------------------------------------------------------------. | yynewstate -- push a new state, which is found in yystate. | `------------------------------------------------------------*/ yynewstate: /* In all cases, when you get here, the value and location stacks have just been pushed. So pushing a state here evens the stacks. */ yyssp++; /*--------------------------------------------------------------------. | yysetstate -- set current state (the top of the stack) to yystate. | `--------------------------------------------------------------------*/ yysetstate: YYDPRINTF ((stderr, "Entering state %d\n", yystate)); YY_ASSERT (0 <= yystate && yystate < YYNSTATES); YY_IGNORE_USELESS_CAST_BEGIN *yyssp = YY_CAST (yy_state_t, yystate); YY_IGNORE_USELESS_CAST_END YY_STACK_PRINT (yyss, yyssp); if (yyss + yystacksize - 1 <= yyssp) #if !defined yyoverflow && !defined YYSTACK_RELOCATE goto yyexhaustedlab; #else { /* Get the current used size of the three stacks, in elements. */ YYPTRDIFF_T yysize = yyssp - yyss + 1; # if defined yyoverflow { /* Give user a chance to reallocate the stack. Use copies of these so that the &'s don't force the real ones into memory. */ yy_state_t *yyss1 = yyss; YYSTYPE *yyvs1 = yyvs; /* Each stack pointer address is followed by the size of the data in use in that stack, in bytes. This used to be a conditional around just the two extra args, but that might be undefined if yyoverflow is a macro. */ yyoverflow (YY_("memory exhausted"), &yyss1, yysize * YYSIZEOF (*yyssp), &yyvs1, yysize * YYSIZEOF (*yyvsp), &yystacksize); yyss = yyss1; yyvs = yyvs1; } # else /* defined YYSTACK_RELOCATE */ /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; { yy_state_t *yyss1 = yyss; union yyalloc *yyptr = YY_CAST (union yyalloc *, YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); if (! yyptr) goto yyexhaustedlab; YYSTACK_RELOCATE (yyss_alloc, yyss); YYSTACK_RELOCATE (yyvs_alloc, yyvs); # undef YYSTACK_RELOCATE if (yyss1 != yyssa) YYSTACK_FREE (yyss1); } # endif yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; YY_IGNORE_USELESS_CAST_BEGIN YYDPRINTF ((stderr, "Stack size increased to %ld\n", YY_CAST (long, yystacksize))); YY_IGNORE_USELESS_CAST_END if (yyss + yystacksize - 1 <= yyssp) YYABORT; } #endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ if (yystate == YYFINAL) YYACCEPT; goto yybackup; /*-----------. | yybackup. | `-----------*/ yybackup: /* Do appropriate processing given the current state. Read a lookahead token if we need one and don't already have one. */ /* First try to decide what to do without reference to lookahead token. */ yyn = yypact[yystate]; if (yypact_value_is_default (yyn)) goto yydefault; /* Not known => get a lookahead token if don't already have one. */ /* YYCHAR is either empty, or end-of-input, or a valid lookahead. */ if (yychar == YYEMPTY) { YYDPRINTF ((stderr, "Reading a token\n")); yychar = yylex (&yylval, scanner); } if (yychar <= YYEOF) { yychar = YYEOF; yytoken = YYSYMBOL_YYEOF; YYDPRINTF ((stderr, "Now at end of input.\n")); } else if (yychar == YYerror) { /* The scanner already issued an error message, process directly to error recovery. But do not keep the error token as lookahead, it is too special and may lead us to an endless loop in error recovery. */ yychar = YYUNDEF; yytoken = YYSYMBOL_YYerror; goto yyerrlab1; } else { yytoken = YYTRANSLATE (yychar); YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); } /* If the proper action on seeing token YYTOKEN is to reduce or to detect an error, take that action. */ yyn += yytoken; if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) goto yydefault; yyn = yytable[yyn]; if (yyn <= 0) { if (yytable_value_is_error (yyn)) goto yyerrlab; yyn = -yyn; goto yyreduce; } /* Count tokens shifted since error; after three, turn off error status. */ if (yyerrstatus) yyerrstatus--; /* Shift the lookahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); yystate = yyn; YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; YY_IGNORE_MAYBE_UNINITIALIZED_END /* Discard the shifted token. */ yychar = YYEMPTY; goto yynewstate; /*-----------------------------------------------------------. | yydefault -- do the default action for the current state. | `-----------------------------------------------------------*/ yydefault: yyn = yydefact[yystate]; if (yyn == 0) goto yyerrlab; goto yyreduce; /*-----------------------------. | yyreduce -- do a reduction. | `-----------------------------*/ yyreduce: /* yyn is the number of a rule to reduce with. */ yylen = yyr2[yyn]; /* If YYLEN is nonzero, implement the default value of the action: '$$ = $1'. Otherwise, the following line sets YYVAL to garbage. This behavior is undocumented and Bison users should not rely upon it. Assigning to YYVAL unconditionally makes the parser a bit smaller, and it avoids a GCC warning that YYVAL may be used uninitialized. */ yyval = yyvsp[1-yylen]; YY_REDUCE_PRINT (yyn); switch (yyn) { case 2: /* eacl: eacl_entry */ #line 73 "signing_policy.y" { *policies = (struct policy **)listadd((char**)(*policies), (char*)((yyvsp[0].policy))); } #line 1401 "signing_policy.c" break; case 3: /* eacl: eacl eacl_entry */ #line 74 "signing_policy.y" { *policies = (struct policy **)listadd((char**)(*policies), (char*)((yyvsp[0].policy))); } #line 1407 "signing_policy.c" break; case 4: /* eacl_entry: access_identities POS_RIGHTS GLOBUS CA_SIGN restrictions */ #line 76 "signing_policy.y" { if ((yyvsp[-4].policy)) { (yyval.policy)->conds = (struct condition**)((yyvsp[0].array)); } (yyval.policy) = (yyvsp[-4].policy); } #line 1418 "signing_policy.c" break; case 5: /* eacl_entry: access_identities NEG_RIGHTS GLOBUS CA_SIGN restrictions */ #line 82 "signing_policy.y" { /* Ignore this. Globus does. */ free((yyvsp[-4].policy)); (yyval.policy) = NULL; } #line 1428 "signing_policy.c" break; case 6: /* access_identities: access_identity */ #line 88 "signing_policy.y" { (yyval.policy) = (yyvsp[0].policy); } #line 1436 "signing_policy.c" break; case 7: /* restrictions: realcondition */ #line 92 "signing_policy.y" { (yyval.array) = listadd(NULL, (char*)((yyvsp[0].cond))); } #line 1444 "signing_policy.c" break; case 8: /* restrictions: realcondition restrictions */ #line 95 "signing_policy.y" { (yyval.array) = listadd((yyvsp[0].array), (char*)((yyvsp[-1].cond))); } #line 1452 "signing_policy.c" break; case 9: /* access_identity: ACCESS_ID_CA X509 SUBJECTS */ #line 100 "signing_policy.y" { (yyval.policy) = (struct policy *)calloc(1, sizeof(struct policy)); if ((yyval.policy)) { char **subjects = parse_subjects((yyvsp[0].string)); (yyval.policy)->caname = strdup(subjects[0]); free(subjects); (yyval.policy)->type = TYPE_SIGNING; } if ((yyval.policy) && !(yyval.policy)->caname) { free((yyval.policy)); (yyval.policy) = NULL; } } #line 1472 "signing_policy.c" break; case 10: /* access_identity: ACCESS_ID_ANYBODY */ #line 115 "signing_policy.y" { (yyval.policy) = (struct policy *)calloc(1, sizeof(struct policy)); } #line 1480 "signing_policy.c" break; case 11: /* realcondition: COND_SUBJECTS GLOBUS SUBJECTS */ #line 119 "signing_policy.y" { (yyval.cond) = (struct condition*)malloc(sizeof(struct condition)); if ((yyval.cond)) { (yyval.cond)->positive = 1; (yyval.cond)->original = strdup((yyvsp[0].string)); (yyval.cond)->subjects = parse_subjects((yyval.cond)->original); if (!(yyval.cond)->subjects) { free((yyval.cond)->original); free((yyval.cond)); (yyval.cond) = NULL; } } } #line 1498 "signing_policy.c" break; case 12: /* realcondition: COND_BANNED GLOBUS SUBJECTS */ #line 132 "signing_policy.y" { (yyval.cond) = (struct condition*)malloc(sizeof(struct condition)); if ((yyval.cond)) { (yyval.cond)->positive = 0; (yyval.cond)->original = strdup((yyvsp[0].string)); (yyval.cond)->subjects = parse_subjects((yyval.cond)->original); if (!(yyval.cond)->subjects) { free((yyval.cond)->original); free((yyval.cond)); (yyval.cond) = NULL; } } } #line 1517 "signing_policy.c" break; #line 1521 "signing_policy.c" default: break; } /* User semantic actions sometimes alter yychar, and that requires that yytoken be updated with the new translation. We take the approach of translating immediately before every use of yytoken. One alternative is translating here after every semantic action, but that translation would be missed if the semantic action invokes YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an incorrect destructor might then be invoked immediately. In the case of YYERROR or YYBACKUP, subsequent parser actions might lead to an incorrect destructor call or verbose syntax error message before the lookahead is translated. */ YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc); YYPOPSTACK (yylen); yylen = 0; *++yyvsp = yyval; /* Now 'shift' the result of the reduction. Determine what state that goes to, based on the state we popped back to and the rule number reduced by. */ { const int yylhs = yyr1[yyn] - YYNTOKENS; const int yyi = yypgoto[yylhs] + *yyssp; yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp ? yytable[yyi] : yydefgoto[yylhs]); } goto yynewstate; /*--------------------------------------. | yyerrlab -- here on detecting error. | `--------------------------------------*/ yyerrlab: /* Make sure we have latest lookahead translation. See comments at user semantic actions for why this is necessary. */ yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar); /* If not already recovering from an error, report this error. */ if (!yyerrstatus) { ++yynerrs; { yypcontext_t yyctx = {yyssp, yytoken}; char const *yymsgp = YY_("syntax error"); int yysyntax_error_status; yysyntax_error_status = yysyntax_error (&yymsg_alloc, &yymsg, &yyctx); if (yysyntax_error_status == 0) yymsgp = yymsg; else if (yysyntax_error_status == -1) { if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); yymsg = YY_CAST (char *, YYSTACK_ALLOC (YY_CAST (YYSIZE_T, yymsg_alloc))); if (yymsg) { yysyntax_error_status = yysyntax_error (&yymsg_alloc, &yymsg, &yyctx); yymsgp = yymsg; } else { yymsg = yymsgbuf; yymsg_alloc = sizeof yymsgbuf; yysyntax_error_status = YYENOMEM; } } yyerror (policies, scanner, yymsgp); if (yysyntax_error_status == YYENOMEM) goto yyexhaustedlab; } } if (yyerrstatus == 3) { /* If just tried and failed to reuse lookahead token after an error, discard it. */ if (yychar <= YYEOF) { /* Return failure if at end of input. */ if (yychar == YYEOF) YYABORT; } else { yydestruct ("Error: discarding", yytoken, &yylval, policies, scanner); yychar = YYEMPTY; } } /* Else will try to reuse lookahead token after shifting the error token. */ goto yyerrlab1; /*---------------------------------------------------. | yyerrorlab -- error raised explicitly by YYERROR. | `---------------------------------------------------*/ yyerrorlab: /* Pacify compilers when the user code never invokes YYERROR and the label yyerrorlab therefore never appears in user code. */ if (0) YYERROR; /* Do not reclaim the symbols of the rule whose action triggered this YYERROR. */ YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); yystate = *yyssp; goto yyerrlab1; /*-------------------------------------------------------------. | yyerrlab1 -- common code for both syntax error and YYERROR. | `-------------------------------------------------------------*/ yyerrlab1: yyerrstatus = 3; /* Each real token shifted decrements this. */ /* Pop stack until we find a state that shifts the error token. */ for (;;) { yyn = yypact[yystate]; if (!yypact_value_is_default (yyn)) { yyn += YYSYMBOL_YYerror; if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror) { yyn = yytable[yyn]; if (0 < yyn) break; } } /* Pop the current state because it cannot handle the error token. */ if (yyssp == yyss) YYABORT; yydestruct ("Error: popping", YY_ACCESSING_SYMBOL (yystate), yyvsp, policies, scanner); YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; YY_IGNORE_MAYBE_UNINITIALIZED_END /* Shift the error token. */ YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp); yystate = yyn; goto yynewstate; /*-------------------------------------. | yyacceptlab -- YYACCEPT comes here. | `-------------------------------------*/ yyacceptlab: yyresult = 0; goto yyreturn; /*-----------------------------------. | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: yyresult = 1; goto yyreturn; #if 1 /*-------------------------------------------------. | yyexhaustedlab -- memory exhaustion comes here. | `-------------------------------------------------*/ yyexhaustedlab: yyerror (policies, scanner, YY_("memory exhausted")); yyresult = 2; goto yyreturn; #endif /*-------------------------------------------------------. | yyreturn -- parsing is finished, clean up and return. | `-------------------------------------------------------*/ yyreturn: if (yychar != YYEMPTY) { /* Make sure we have latest lookahead translation. See comments at user semantic actions for why this is necessary. */ yytoken = YYTRANSLATE (yychar); yydestruct ("Cleanup: discarding lookahead", yytoken, &yylval, policies, scanner); } /* Do not reclaim the symbols of the rule whose action triggered this YYABORT or YYACCEPT. */ YYPOPSTACK (yylen); YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct ("Cleanup: popping", YY_ACCESSING_SYMBOL (+*yyssp), yyvsp, policies, scanner); YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); return yyresult; } #line 148 "signing_policy.y" char **parse_subjects(char *string) { char **list = NULL; char divider; if (!string) return NULL; do { divider = string[0]; if (divider == '\'' || divider == '"') { char *end = strchr(string + 1, divider); if (!end) return list; *end = '\0'; list = (char**)listadd(list, string+1); string = ++end; while (isspace(*string)) string++; } else if (divider == '\0') break; else { list = (char**)listadd(list, string); string += strlen(string); } } while (string && string[0] != '\0'); return list; } #if 0 int main() { signingdebug = 1; void **arg = NULL; void *scanner=NULL; signinglex_init(&scanner); signingset_debug(1, scanner); return signingparse(arg, scanner); } #endif void signingerror(UNUSED(void *policies), UNUSED(void *scanner), UNUSED(char const *msg)) { } voms-2.1.2/src/sslutils/signing_policy.h000066400000000000000000000067351477131364200203620ustar00rootroot00000000000000/* A Bison parser, made by GNU Bison 3.7.4. */ /* Bison interface for Yacc-like parsers in C Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, especially those whose name start with YY_ or yy_. They are private implementation details that can be changed or removed. */ #ifndef YY_SIGNING_SIGNING_POLICY_H_INCLUDED # define YY_SIGNING_SIGNING_POLICY_H_INCLUDED /* Debug traces. */ #ifndef YYDEBUG # define YYDEBUG 1 #endif #if YYDEBUG extern int signingdebug; #endif /* Token kinds. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE enum yytokentype { YYEMPTY = -2, YYEOF = 0, /* "end of file" */ YYerror = 256, /* error */ YYUNDEF = 257, /* "invalid token" */ SUBJECTS = 258, /* SUBJECTS */ COND_SUBJECTS = 259, /* COND_SUBJECTS */ COND_BANNED = 260, /* COND_BANNED */ GLOBUS = 261, /* GLOBUS */ POS_RIGHTS = 262, /* POS_RIGHTS */ NEG_RIGHTS = 263, /* NEG_RIGHTS */ CA_SIGN = 264, /* CA_SIGN */ ACCESS_ID_CA = 265, /* ACCESS_ID_CA */ ACCESS_ID_ANYBODY = 266, /* ACCESS_ID_ANYBODY */ X509 = 267 /* X509 */ }; typedef enum yytokentype yytoken_kind_t; #endif /* Token kinds. */ #define YYEMPTY -2 #define YYEOF 0 #define YYerror 256 #define YYUNDEF 257 #define SUBJECTS 258 #define COND_SUBJECTS 259 #define COND_BANNED 260 #define GLOBUS 261 #define POS_RIGHTS 262 #define NEG_RIGHTS 263 #define CA_SIGN 264 #define ACCESS_ID_CA 265 #define ACCESS_ID_ANYBODY 266 #define X509 267 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { #line 48 "signing_policy.y" char *string; struct condition *cond; struct policy *policy; void *array; #line 98 "signing_policy.h" }; typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 #endif int signingparse (struct policy ***policies, void *scanner); #endif /* !YY_SIGNING_SIGNING_POLICY_H_INCLUDED */ voms-2.1.2/src/sslutils/signing_policy.l000066400000000000000000000042721477131364200203600ustar00rootroot00000000000000%{ /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include "parsertypes.h" #include "signing_policy.h" #include "lexparse.h" #ifndef strndup extern char *strndup(const char*, size_t); #endif %} %x SINGLE_QUOTED %x DOUBLE_QUOTED %option reentrant %option noyywrap %option prefix="signing" %option bison-bridge %% #.* /* ignore comments */ \' BEGIN(SINGLE_QUOTED); [^']*\' yytext[strlen(yytext)-1]='\0'; yylval_param->string = yytext; BEGIN(INITIAL); return SUBJECTS; \" BEGIN(DOUBLE_QUOTED); [^"]*\" yytext[strlen(yytext)-1]='\0'; yylval_param->string = yytext; BEGIN(INITIAL); return SUBJECTS; cond_subjects return COND_SUBJECTS; cond_banned_subjects return COND_BANNED; globus return GLOBUS; pos_rights return POS_RIGHTS; neg_rights return NEG_RIGHTS; CA\:sign return CA_SIGN; access_id_CA return ACCESS_ID_CA; access_id_ANYBODY return ACCESS_ID_ANYBODY; X509 return X509; \n . voms-2.1.2/src/sslutils/signing_policy.y000066400000000000000000000111171477131364200203710ustar00rootroot00000000000000%{ /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include #include "parsertypes.h" #include "lexparse.h" #include "listfunc.h" char **parse_subjects(char *string); void signingerror(void *policies, void *scanner, char const *msg); %} %error-verbose %pure-parser %name-prefix="signing" %parse-param {struct policy ***policies} %parse-param {void *scanner} %lex-param {void *scanner} %union{ char *string; struct condition *cond; struct policy *policy; void *array; } %token SUBJECTS %token COND_SUBJECTS %token COND_BANNED %token GLOBUS %token POS_RIGHTS %token NEG_RIGHTS %token CA_SIGN %token ACCESS_ID_CA %token ACCESS_ID_ANYBODY %token X509 %type eacl_entry %type access_identity %type realcondition %type restrictions %type access_identities %% eacl: eacl_entry { *policies = (struct policy **)listadd((char**)(*policies), (char*)($1)); } | eacl eacl_entry { *policies = (struct policy **)listadd((char**)(*policies), (char*)($2)); } eacl_entry: access_identities POS_RIGHTS GLOBUS CA_SIGN restrictions { if ($1) { $$->conds = (struct condition**)($5); } $$ = $1; } | access_identities NEG_RIGHTS GLOBUS CA_SIGN restrictions { /* Ignore this. Globus does. */ free($1); $$ = NULL; } access_identities: access_identity { $$ = $1; } restrictions: realcondition { $$ = listadd(NULL, (char*)($1)); } | realcondition restrictions { $$ = listadd($2, (char*)($1)); } access_identity: ACCESS_ID_CA X509 SUBJECTS { $$ = (struct policy *)calloc(1, sizeof(struct policy)); if ($$) { char **subjects = parse_subjects($3); $$->caname = strdup(subjects[0]); free(subjects); $$->type = TYPE_SIGNING; } if ($$ && !$$->caname) { free($$); $$ = NULL; } } | ACCESS_ID_ANYBODY { $$ = (struct policy *)calloc(1, sizeof(struct policy)); } realcondition: COND_SUBJECTS GLOBUS SUBJECTS { $$ = (struct condition*)malloc(sizeof(struct condition)); if ($$) { $$->positive = 1; $$->original = strdup($3); $$->subjects = parse_subjects($$->original); if (!$$->subjects) { free($$->original); free($$); $$ = NULL; } } } | COND_BANNED GLOBUS SUBJECTS { $$ = (struct condition*)malloc(sizeof(struct condition)); if ($$) { $$->positive = 0; $$->original = strdup($3); $$->subjects = parse_subjects($$->original); if (!$$->subjects) { free($$->original); free($$); $$ = NULL; } } } ; %% char **parse_subjects(char *string) { char **list = NULL; char divider; if (!string) return NULL; do { divider = string[0]; if (divider == '\'' || divider == '"') { char *end = strchr(string + 1, divider); if (!end) return list; *end = '\0'; list = (char**)listadd(list, string+1); string = ++end; while (isspace(*string)) string++; } else if (divider == '\0') break; else { list = (char**)listadd(list, string); string += strlen(string); } } while (string && string[0] != '\0'); return list; } #if 0 int main() { signingdebug = 1; void **arg = NULL; void *scanner=NULL; signinglex_init(&scanner); signingset_debug(1, scanner); return signingparse(arg, scanner); } #endif void signingerror(UNUSED(void *policies), UNUSED(void *scanner), UNUSED(char const *msg)) { } voms-2.1.2/src/sslutils/ssl_compat.c000066400000000000000000000156151477131364200175010ustar00rootroot00000000000000#include "ssl_compat.h" #if OPENSSL_VERSION_NUMBER < 0x10100000L #include #include #include #include #define X509_F_X509_PUBKEY_GET0 119 #define EVP_F_EVP_PKEY_GET0_RSA 121 #define X509_F_X509_PUBKEY_DECODE 148 #define X509_F_X509_OBJECT_NEW 150 static void *CRYPTO_zalloc(size_t num, const char *file, int line) { void *ret = CRYPTO_malloc(num, file, line); if (ret != NULL) memset(ret, 0, num); return ret; } #define OPENSSL_zalloc(num) CRYPTO_zalloc(num, __FILE__, __LINE__) const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) { return x->data; } struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_RSA) { EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY); return NULL; } return pkey->pkey.rsa; } int X509_REQ_get_signature_nid(const X509_REQ *req) { return OBJ_obj2nid(req->sig_alg->algorithm); } const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x) { return x->cert_info->serialNumber; } static int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm) { ASN1_TIME *in; in = *ptm; if (in != tm) { in = ASN1_STRING_dup(tm); if (in != NULL) { ASN1_TIME_free(*ptm); *ptm = in; } } return (in != NULL); } int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) { if (x == NULL) return 0; return x509_set1_time(&x->cert_info->validity->notAfter, tm); } const ASN1_TIME *X509_get0_notAfter(const X509 *x) { return x->cert_info->validity->notAfter; } void X509_set_proxy_flag(X509 *x) { x->ex_flags |= EXFLAG_PROXY; } void X509_set_proxy_pathlen(X509 *x, long l) { x->ex_pcpathlen = l; } X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) { return ctx->cert; } #define X509_LU_NONE 0 X509_OBJECT *X509_OBJECT_new(void) { X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE); return NULL; } ret->type = X509_LU_NONE; return ret; } X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a) { if (a == NULL || a->type != X509_LU_CRL) return NULL; return a->data.crl; } const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) { return crl->crl->nextUpdate; } const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) { return x->serialNumber; } STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx) { return ctx->chain; } long X509_get_proxy_pathlen(X509 *x) { /* Called for side effect of caching extensions */ if (X509_check_purpose(x, -1, -1) != 1 || (x->ex_flags & EXFLAG_PROXY) == 0) return -1; return x->ex_pcpathlen; } uint32_t X509_get_extension_flags(X509 *x) { /* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, -1); return x->ex_flags; } void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x) { ctx->current_cert = x; } void X509_OBJECT_free(X509_OBJECT *a) { if (a == NULL) return; switch (a->type) { default: break; case X509_LU_X509: X509_free(a->data.x509); break; case X509_LU_CRL: X509_CRL_free(a->data.crl); break; } OPENSSL_free(a); } void X509_STORE_set_check_issued(X509_STORE *ctx, X509_STORE_CTX_check_issued_fn check_issued) { ctx->check_issued = check_issued; } void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) { if (p != NULL) *p = r->p; if (q != NULL) *q = r->q; } void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) { if (n != NULL) *n = r->n; if (e != NULL) *e = r->e; if (d != NULL) *d = r->d; } int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { /* If the fields n and e in r are NULL, the corresponding input * parameters MUST be non-NULL for n and e. d may be * left NULL (in case only the public key is used). */ if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) return 0; if (n != NULL) { BN_free(r->n); r->n = n; } if (e != NULL) { BN_free(r->e); r->e = e; } if (d != NULL) { BN_free(r->d); r->d = d; } return 1; } const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) { return x->cert_info->extensions; } const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) { return x->cert_info->signature; } void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, const ASN1_BIT_STRING **psuid) { if (piuid != NULL) *piuid = x->cert_info->issuerUID; if (psuid != NULL) *psuid = x->cert_info->subjectUID; } #define BIO_TYPE_START 128 int BIO_get_new_index(void) { static int bio_count = BIO_TYPE_START; /* not thread-safe */ return ++bio_count; } BIO_METHOD *BIO_meth_new(int type, const char *name) { BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD)); if (biom != NULL) { biom->type = type; biom->name = name; } return biom; } int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int) { return biom->bwrite; } int BIO_meth_set_write(BIO_METHOD *biom, int (*bwrite) (BIO *, const char *, int)) { biom->bwrite = bwrite; return 1; } int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int) { return biom->bread; } int BIO_meth_set_read(BIO_METHOD *biom, int (*bread) (BIO *, char *, int)) { biom->bread = bread; return 1; } int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *) { return biom->bputs; } int BIO_meth_set_puts(BIO_METHOD *biom, int (*bputs) (BIO *, const char *)) { biom->bputs = bputs; return 1; } int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int) { return biom->bgets; } int BIO_meth_set_gets(BIO_METHOD *biom, int (*bgets) (BIO *, char *, int)) { biom->bgets = bgets; return 1; } long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *) { return biom->ctrl; } int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)) { biom->ctrl = ctrl; return 1; } int (*BIO_meth_get_create(BIO_METHOD *biom)) (BIO *) { return biom->create; } int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)) { biom->create = create; return 1; } int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *) { return biom->destroy; } int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)) { biom->destroy = destroy; return 1; } long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) (BIO *, int, bio_info_cb *) { return biom->callback_ctrl; } int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, bio_info_cb *)) { biom->callback_ctrl = callback_ctrl; return 1; } BN_GENCB *BN_GENCB_new(void) { return OPENSSL_malloc(sizeof(BN_GENCB)); } void BN_GENCB_free(BN_GENCB *cb) { OPENSSL_free(cb); } #endif voms-2.1.2/src/sslutils/sslutils.c000066400000000000000000003235341477131364200172210ustar00rootroot00000000000000/********************************************************************* * * Authors: Valerio Venturi - Valerio.Venturi@cnaf.infn.it * Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) 2002-2009 INFN-CNAF on behalf of the EU DataGrid * and EGEE I, II and III * For license conditions see LICENSE file or * http://www.apache.org/licenses/LICENSE-2.0.txt * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /********************************************************************** sslutils.c Description: Routines used internally to implement delegation and proxy certificates for use with Globus The same file is also used for the non-exportable sslk5 which allows Kerberos V5 to accept SSLv3 with certificates as proof of identiy and issue a TGT. **********************************************************************/ /********************************************************************** Include header files **********************************************************************/ #define _GNU_SOURCE #include "config.h" #include "replace.h" #include "proxycertinfo.h" #include "sslutils.h" #include "parsertypes.h" #include "doio.h" #include "data.h" #include "voms_cert_type.h" #include "ssl_compat.h" #ifdef HAVE_UNISTD_H #include #endif #ifndef DEFAULT_SECURE_TMP_DIR #ifndef WIN32 #define DEFAULT_SECURE_TMP_DIR "/tmp" #else #define DEFAULT_SECURE_TMP_DIR "c:\\tmp" #endif #endif #ifndef WIN32 #define FILE_SEPERATOR "/" #else #define FILE_SEPERATOR "\\" #endif #ifdef WIN32 #include "winglue.h" #include #else #ifdef HAVE_UNISTD_H #include #endif #include #endif #include #include #include #include #include #include #include #include "openssl/buffer.h" #include "openssl/crypto.h" #include "openssl/objects.h" #include "openssl/asn1.h" #include "openssl/evp.h" #include "openssl/pkcs12.h" #include "openssl/rsa.h" #include "openssl/rand.h" #if SSLEAY_VERSION_NUMBER >= 0x0090581fL #include "openssl/x509v3.h" #endif #ifndef X509_V_ERR_INVALID_PURPOSE #define X509_V_ERR_INVALID_PURPOSE X509_V_ERR_CERT_CHAIN_TOO_LONG #endif #ifdef USE_PKCS11 #include "scutils.h" #endif #include static int fix_add_entry_asn1_set_param = 0; #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) #define xku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) #define ns_reject(x, usage) \ (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) static X509_NAME *make_DN(const char *dnstring); extern int restriction_evaluate(STACK_OF(X509) *chain, struct policy **namespaces, struct policy **signings); extern void voms_free_policies(struct policy **policies); extern int read_pathrestriction(STACK_OF(X509) *chain, char *path, struct policy ***namespaces, struct policy ***signings); static int check_critical_extensions(X509 *cert, int itsaproxy); /********************************************************************** Type definitions **********************************************************************/ /********************************************************************** Module specific prototypes **********************************************************************/ /********************************************************************** Define module specific variables **********************************************************************/ static ERR_STRING_DATA prxyerr_str_functs[]= { {ERR_PACK(0,PRXYERR_F_PROXY_GENREQ ,0),"proxy_genreq"}, {ERR_PACK(0,PRXYERR_F_PROXY_SIGN ,0),"proxy_sign"}, {ERR_PACK(0,PRXYERR_F_VERIFY_CB ,0),"proxy_verify_callback"}, {ERR_PACK(0,PRXYERR_F_PROXY_TMP ,0),"proxy_marshal_tmp"}, {ERR_PACK(0,PRXYERR_F_INIT_CRED ,0),"proxy_init_cred"}, {ERR_PACK(0,PRXYERR_F_LOCAL_CREATE, 0),"proxy_local_create"}, {ERR_PACK(0,PRXYERR_F_CB_NO_PW, 0),"proxy_pw_cb"}, {ERR_PACK(0,PRXYERR_F_GET_CA_SIGN_PATH, 0),"get_ca_signing_policy_path"}, {ERR_PACK(0,PRXYERR_F_PROXY_SIGN_EXT ,0),"proxy_sign_ext"}, {ERR_PACK(0,PRXYERR_F_PROXY_VERIFY_NAME,0), "proxy_verify_name"}, {ERR_PACK(0,PRXYERR_F_PROXY_CONSTRUCT_NAME ,0),"proxy_construct_name"}, {ERR_PACK(0,PRXYERR_F_VOMS_GET_CERT_TYPE,0),"voms_get_cert_type"}, {0,NULL}, }; static ERR_STRING_DATA prxyerr_str_reasons[]= { {PRXYERR_R_PROCESS_PROXY_KEY, "processing proxy key"}, {PRXYERR_R_PROCESS_REQ, "creating proxy req"}, {PRXYERR_R_PROCESS_SIGN, "while signing proxy req"}, {PRXYERR_R_MALFORM_REQ, "malformed proxy req"}, {PRXYERR_R_SIG_VERIFY, "proxy req signature verification error"}, {PRXYERR_R_SIG_BAD, "proxy req signature does not match"}, {PRXYERR_R_PROCESS_PROXY, "processing user proxy cert"}, {PRXYERR_R_PROXY_NAME_BAD, "proxy name does not match"}, {PRXYERR_R_PROCESS_SIGNC, "while signing proxy cert"}, {PRXYERR_R_BAD_PROXY_ISSUER, "invalid proxy issuer certificate"}, {PRXYERR_R_SIGN_NOT_CA ,"user cert not signed by CA"}, {PRXYERR_R_PROBLEM_PROXY_FILE ,"problems creating proxy file"}, {PRXYERR_R_PROCESS_KEY, "processing key"}, {PRXYERR_R_PROCESS_CERT, "processing cert"}, {PRXYERR_R_PROCESS_CERTS, "unable to access trusted certificates in:"}, {PRXYERR_R_PROCESS_PROXY, "processing user proxy cert"}, {PRXYERR_R_NO_TRUSTED_CERTS, "check X509_CERT_DIR and X509_CERT_FILE"}, {PRXYERR_R_PROBLEM_KEY_FILE, "bad file system permissions on private key\n" " key must only be readable by the user"}, {PRXYERR_R_SERVER_ZERO_LENGTH_KEY_FILE, "system key file is empty"}, {PRXYERR_R_USER_ZERO_LENGTH_KEY_FILE, "user private key file is empty"}, {PRXYERR_R_PROBLEM_SERVER_NOKEY_FILE, "system key cannot be accessed"}, {PRXYERR_R_PROBLEM_USER_NOKEY_FILE, "user private key cannot be accessed"}, {PRXYERR_R_PROBLEM_SERVER_NOCERT_FILE, "system certificate not found"}, {PRXYERR_R_PROBLEM_USER_NOCERT_FILE, "user certificate not found"}, {PRXYERR_R_INVALID_CERT, "no certificate in file"}, {PRXYERR_R_REMOTE_CRED_EXPIRED, "peer certificate has expired"}, {PRXYERR_R_USER_CERT_EXPIRED, "user certificate has expired"}, {PRXYERR_R_SERVER_CERT_EXPIRED, "system certificate has expired"}, {PRXYERR_R_PROXY_EXPIRED, "proxy expired: run grid-proxy-init or wgpi first"}, {PRXYERR_R_NO_PROXY, "no proxy credentials: run grid-proxy-init or wgpi first"}, {PRXYERR_R_CRL_SIGNATURE_FAILURE, "invalid signature on a CRL"}, {PRXYERR_R_CRL_NEXT_UPDATE_FIELD, "invalid nextupdate field in CRL"}, {PRXYERR_R_CRL_HAS_EXPIRED, "outdated CRL found, revoking all certs till you get new CRL"}, {PRXYERR_R_CERT_REVOKED, "certificate revoked by CRL"}, {PRXYERR_R_NO_HOME, "can't determine HOME directory"}, {PRXYERR_R_KEY_CERT_MISMATCH, "user key and certificate don't match"}, {PRXYERR_R_WRONG_PASSPHRASE, "wrong pass phrase"}, {PRXYERR_R_CA_POLICY_VIOLATION, "remote certificate CA signature not allowed by policy"}, {PRXYERR_R_CA_POLICY_ERR,"no matching CA found in file for remote certificate"}, {PRXYERR_R_CA_NOFILE,"could not find CA policy file"}, {PRXYERR_R_CA_NOPATH,"could not determine path to CA policy file"}, {PRXYERR_R_CA_POLICY_RETRIEVE, "CA policy retrieve problems"}, {PRXYERR_R_CA_POLICY_PARSE, "CA policy parse problems"}, {PRXYERR_R_CA_UNKNOWN,"remote certificate signed by unknown CA"}, {PRXYERR_R_PROBLEM_CLIENT_CA, "problems getting client_CA list"}, {PRXYERR_R_CB_NO_PW, "no proxy credentials: run grid-proxy-init or wgpi first"}, {PRXYERR_R_CB_CALLED_WITH_ERROR,"certificate validation error"}, {PRXYERR_R_CB_ERROR_MSG, "certificate validation error"}, {PRXYERR_R_CLASS_ADD_OID,"can't find CLASS_ADD OID"}, {PRXYERR_R_CLASS_ADD_EXT,"problem adding CLASS_ADD Extension"}, {PRXYERR_R_DELEGATE_VERIFY,"problem verifiying the delegate extension"}, {PRXYERR_R_EXT_ADD,"problem adding extension"}, {PRXYERR_R_DELEGATE_CREATE,"problem creating delegate extension"}, {PRXYERR_R_DELEGATE_COPY,"problem copying delegate extension to proxy"}, {PRXYERR_R_BUFFER_TOO_SMALL,"buffer too small"}, {PRXYERR_R_CERT_NOT_YET_VALID,"remote certificate not yet valid"}, {PRXYERR_R_LOCAL_CA_UNKNOWN,"cannot find a locally trusted CA certificate that matches the issuer of the peer credential"}, {PRXYERR_R_OUT_OF_MEMORY,"out of memory error"}, {PRXYERR_R_BAD_ARGUMENT,"bad argument"}, {PRXYERR_R_BAD_MAGIC,"bad magic number"}, {PRXYERR_R_UNKNOWN_CRIT_EXT,"unable to handle critical extension"}, {PRXYERR_R_NON_COMPLIANT_PROXY,"non compliant proxy"}, {PRXYERR_R_ERROR_GETTING_NAME_ENTRY_OF_SUBJECT, "error getting name entry from certificate subject name"}, {PRXYERR_R_ERROR_COPYING_SUBJECT, "error copying subject"}, {PRXYERR_R_ERROR_GETTING_CN_ENTRY, "error getting CommonName entry from certificate subject name"}, {PRXYERR_R_ERROR_BUILDING_SUBJECT, "error building certificate subject for proxy name integrity checks"}, {0,NULL} }; int my_txt2nid(char *name) { ASN1_OBJECT *obj = OBJ_txt2obj(name,1); int nid = OBJ_obj2nid(obj); ASN1_OBJECT_free(obj); return nid; } /********************************************************************* Function: X509_NAME_cmp_no_set Description: To circumvent a bug with adding X509_NAME_ENTRIES with the wrong "set", we will compare names without the set. This is a temporary fix which will be removed when we fix the creation of the names using the correct sets. This is only being done this way for some compatability while installing the these fixes. This fix is needed in all previous versions of Globus. Parameters: same as X509_NAME_cmp Returns : same as X509_NAME_cmp ********************************************************************/ static int X509_NAME_cmp_no_set( X509_NAME * a, X509_NAME * b) { int i; int j; X509_NAME_ENTRY * na; X509_NAME_ENTRY * nb; if (X509_NAME_entry_count(a) != X509_NAME_entry_count(b)) { return(X509_NAME_entry_count(a) - X509_NAME_entry_count(b)); } for (i=X509_NAME_entry_count(a)-1; i>=0; i--) { na = X509_NAME_get_entry(a,i); nb = X509_NAME_get_entry(b,i); ASN1_STRING* sa = X509_NAME_ENTRY_get_data(na); ASN1_STRING* sb = X509_NAME_ENTRY_get_data(nb); j = ASN1_STRING_length(sa) - ASN1_STRING_length(sb); if (j) { return(j); } j = memcmp(ASN1_STRING_get0_data(sa), ASN1_STRING_get0_data(sb), ASN1_STRING_length(sa)); if (j) { return(j); } } /* We will check the object types after checking the values * since the values will more often be different than the object * types. */ for (i=X509_NAME_entry_count(a)-1; i>=0; i--) { na = X509_NAME_get_entry(a,i); nb = X509_NAME_get_entry(b,i); j = OBJ_cmp(X509_NAME_ENTRY_get_object(na),X509_NAME_ENTRY_get_object(nb)); if (j) { return(j); } } return(0); } #ifdef WIN32 /********************************************************************* Function: getuid, getpid Descriptions: For Windows95, WIN32, we don't have these, so we will default to using uid 0 and pid 0 Need to look at this better for NT. ******************************************************************/ static unsigned long getuid() { return 0; } static int getpid() { return 0; } #endif /* WIN32 */ #if SSLEAY_VERSION_NUMBER < 0x0900 /********************************************************************** Function: ERR_add_error_data() Description: Dummy routine only defined if running with SSLeay-0.8.x this feature was introduced with SSLeay-0.9.0 Parameters: Returns: **********************************************************************/ void PRIVATE ERR_add_error_data( VAR_PLIST( int, num )) VAR_ALIST { VAR_BDEFN(args, int, num); } /********************************************************************** Function: ERR_get_error_line_data() Description: Dummy routine only defined if running with SSLeay-0.8.x this feature was introduced with SSLeay-0.9.0. We will simulate it for 0.8.1 Parameters: Returns: **********************************************************************/ unsigned long PRIVATE ERR_get_error_line_data( char ** file, int * line, char ** data, int * flags) { if (data) { *data = ""; } if (flags) { *flags = 0; } return (ERR_get_error_line(file, line)); } #endif /********************************************************************** Function: ERR_set_continue_needed() Description: Sets state information which error display routines can use to determine if the error just added is enough information to describe the error or if further error information need displayed. (By default gss_display_status will only show one user level error) note: This function must be called after (or instead of) the ssl add error data functions. Parameters: Returns: **********************************************************************/ void PRIVATE ERR_set_continue_needed(void) { ERR_STATE *es; es = ERR_get_state(); es->err_data_flags[es->top] = es->err_data_flags[es->top] | ERR_DISPLAY_CONTINUE_NEEDED; } int ERR_load_proxy_error_strings(){ static int do_init = 1; if (do_init) { do_init = 0; ERR_load_strings(ERR_USER_LIB_PRXYERR_NUMBER,prxyerr_str_functs); ERR_load_strings(ERR_USER_LIB_PRXYERR_NUMBER,prxyerr_str_reasons); } return 0; } /********************************************************************** Function: ERR_load_prxyerr_strings() Description: Sets up the error tables used by SSL and adds ours using the ERR_LIB_USER Only the first call does anything. Will also add any builtin objects for SSLeay. Parameters: i should be zero the first time one of the ERR_load functions is called and non-zero for each additional call. Returns: **********************************************************************/ int PRIVATE ERR_load_prxyerr_strings( int i) { static int init = 1; struct stat stx; clock_t cputime; #if SSLEAY_VERSION_NUMBER >= 0x00904100L const char * randfile; #else char * randfile; #endif #if SSLEAY_VERSION_NUMBER >= 0x0090581fL && !defined(OPENSSL_NO_EGD) char * egd_path; #endif char buffer[200]; if (init) { init = 0; #ifndef RAND_DO_NOT_USE_CLOCK clock(); #endif if (i == 0) { SSL_load_error_strings(); } if (OBJ_txt2nid("1.3.6.1.4.1.3536.1.1.1.1") == NID_undef) { int nid = OBJ_create("1.3.6.1.4.1.3536.1.1.1.1","CLASSADD","ClassAdd"); assert(nid != NID_undef && "OBJ_create failed"); } if (OBJ_txt2nid("1.3.6.1.4.1.3536.1.1.1.2") == NID_undef) { int nid = OBJ_create("1.3.6.1.4.1.3536.1.1.1.2","DELEGATE","Delegate"); assert(nid != NID_undef && "OBJ_create failed"); } if (OBJ_txt2nid("1.3.6.1.4.1.3536.1.1.1.3") == NID_undef) { int nid = OBJ_create("1.3.6.1.4.1.3536.1.1.1.3","RESTRICTEDRIGHTS", "RestrictedRights"); assert(nid != NID_undef && "OBJ_create failed"); } if (OBJ_txt2nid("0.9.2342.19200300.100.1.1") == NID_undef) { int nid = OBJ_create("0.9.2342.19200300.100.1.1","USERID","userId"); assert(nid != NID_undef && "OBJ_create failed"); } ERR_load_strings(ERR_USER_LIB_PRXYERR_NUMBER,prxyerr_str_functs); ERR_load_strings(ERR_USER_LIB_PRXYERR_NUMBER,prxyerr_str_reasons); /* * We need to get a lot of randomness for good security * OpenSSL will use /dev/urandom (if available), * uid, time, and gid. * * If user has RANDFILE set, or $HOME/.rnd * load it for extra random seed. * This may also not be enough, so we will also add in * the time it takes to run this routine, which includes * reading the randfile. * Later we will also add in some keys and some stats * if we have them. * look for RAND_add in this source file. * * Other methods we could use: * * Librand from Don Mitchell and Matt Blaze * * Doing a netstat -in * * some form of pstat * But /dev/random and/or egd should be enough. */ randfile = RAND_file_name(buffer,200); if (randfile && access(randfile, R_OK) == 0) { RAND_load_file(randfile,1024L*1024L); } #if SSLEAY_VERSION_NUMBER >= 0x0090581fL && !defined(OPENSSL_NO_EGD) /* * Try to use the Entropy Garthering Deamon * See the OpenSSL crypto/rand/rand_egd.c */ egd_path = getenv("EGD_PATH"); if (egd_path == NULL) { egd_path = "/etc/entropy"; } RAND_egd(egd_path); #endif /* if still not enough entropy*/ if (RAND_status() == 0) { stat("/tmp",&stx); /* get times /tmp was modified */ RAND_add((void*)&stx,sizeof(stx),16); } #ifndef RAND_DO_NOT_USE_CLOCK cputime = clock(); RAND_add((void*)&cputime, sizeof(cputime),8); #endif i++; #ifdef USE_PKCS11 i = ERR_load_scerr_strings(i); #endif } return i; } /********************************************************************** Function: checkstat() Description: check the status of a file Parameters: Returns: 0 pass all the following tests 1 does not exist 2 not owned by user 3 readable by someone else 4 zero length **********************************************************************/ static int checkstat(const char* filename) { struct stat stx; if (stat(filename,&stx) != 0) { return 1; } /* * use any stat output as random data, as it will * have file sizes, and last use times in it. */ RAND_add((void*)&stx,sizeof(stx),2); #if !defined(WIN32) && !defined(TARGET_ARCH_CYGWIN) if (stx.st_uid != getuid()) { return 2; } if (stx.st_mode & 066) { return 3; } #endif /* !WIN32 && !TARGET_ARCH_CYGWIN */ if (stx.st_size == 0) { return 4; } return 0; } /********************************************************************** Function: proxy_load_user_proxy() Description: Given the user_proxy file, skip the first cert, and add any additional certs to the cert_chain. These must be additional proxies, or the user's cert which signed the proxy. This is based on the X509_load_cert_file routine. Parameters: Returns: **********************************************************************/ int PRIVATE proxy_load_user_proxy( STACK_OF(X509) * cert_chain, const char * file) { int ret = -1; BIO * in = NULL; int count=0; X509 * x = NULL; if (file == NULL) return(1); in = BIO_new(BIO_s_file()); if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) { X509err(PRXYERR_F_PROXY_LOAD, PRXYERR_R_PROCESS_PROXY); goto err; } for (;;) { x = PEM_read_bio_X509(in,NULL, OPENSSL_PEM_CB(NULL,NULL)); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { ERR_clear_error(); break; } else { X509err(PRXYERR_F_PROXY_LOAD, PRXYERR_R_PROCESS_PROXY); goto err; } } if (count) { (void)sk_X509_push(cert_chain,x); } else { X509_free(x); } count++; } ret = count; err: X509_free(x); BIO_free(in); return(ret); } /********************************************************************** Function: proxy_genreq() Description: generate certificate request for a proxy certificate. This is based on using the current user certificate. If the current user cert is NULL, we are asking fke the server to fill this in, and give us a new cert. Used with k5cert. Parameters: Returns: **********************************************************************/ int PRIVATE proxy_genreq( X509 * ucert, X509_REQ ** reqp, EVP_PKEY ** pkeyp, int bits, const char * newdn, void (*callback)(int, int, void*)) { RSA * rsa = NULL; EVP_PKEY * pkey = NULL; EVP_PKEY * upkey = NULL; X509_NAME * name = NULL; X509_REQ * req = NULL; X509_NAME_ENTRY * ne = NULL; int rbits; BIGNUM * rsa_exp = NULL; BN_GENCB * cb = NULL; if (bits) { rbits = bits; } else if (ucert) { if ((upkey = X509_get_pubkey(ucert)) == NULL) { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); goto err; } if (!EVP_PKEY_get0_RSA(upkey)) { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); goto err; } rbits = 8 * EVP_PKEY_size(upkey); EVP_PKEY_free(upkey); } else { rbits = 512; } if ((pkey = EVP_PKEY_new()) == NULL) { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); goto err; } if ((rsa_exp = BN_new()) == NULL || ! BN_set_word(rsa_exp, RSA_F4)) { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); goto err; } if ((cb = BN_GENCB_new()) == NULL) { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); goto err; } BN_GENCB_set_old(cb, callback, NULL); if ((rsa = RSA_new()) == NULL) { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); goto err; } if (RSA_generate_key_ex(rsa, rbits, rsa_exp, cb)) { BN_free(rsa_exp); rsa_exp = NULL; BN_GENCB_free(cb); cb = NULL; } else { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); goto err; } if (EVP_PKEY_assign_RSA(pkey,rsa)) { rsa = NULL; } else { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); goto err; } if ((req = X509_REQ_new()) == NULL) { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_REQ); goto err; } X509_REQ_set_version(req,0L); if (!newdn) { if (ucert) { if ((name = X509_NAME_dup(X509_get_subject_name(ucert))) == NULL) { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_REQ); goto err; } } else { name = X509_NAME_new(); } if ((ne = X509_NAME_ENTRY_create_by_NID(NULL,NID_commonName, V_ASN1_APP_CHOOSE, (unsigned char *)"proxy", -1)) == NULL) { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_REQ); goto err; } X509_NAME_add_entry(name, ne, X509_NAME_entry_count(name), fix_add_entry_asn1_set_param); } else { name = make_DN(newdn); if (!name) { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_REQ); goto err; } } X509_REQ_set_subject_name(req,name); X509_NAME_free(name); name = NULL; X509_REQ_set_pubkey(req,pkey); EVP_MD const* md = EVP_get_digestbynid(X509_REQ_get_signature_nid(req)); if ( ucert ){ md = EVP_get_digestbynid(X509_get_signature_nid(ucert)); } if (md == NULL) md = EVP_sha1(); if (!X509_REQ_sign(req,pkey,md)) { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_SIGN); goto err; } if (ne) { X509_NAME_ENTRY_free(ne); ne = NULL; } *pkeyp = pkey; *reqp = req; return 0; err: if (upkey) EVP_PKEY_free(upkey); if (rsa_exp) { BN_free(rsa_exp); } if (cb) { BN_GENCB_free(cb); } if(rsa) { RSA_free(rsa); } if (pkey) { EVP_PKEY_free(pkey); } if (name) { X509_NAME_free(name); } if (req) { X509_REQ_free(req); } if (ne) { X509_NAME_ENTRY_free(ne); } return 1; } /** * Sign a certificate request * * This function is a wrapper function for proxy_sign_ext. The subject * name of the resulting certificate is generated by adding either * cn=proxy or cn=limited proxy to the subject name of user_cert. The * issuer name is set to the subject name of user_cert. * * @param user_cert * A certificate to be used for subject and issuer name * information if that information isn't provided. * @param user_private_key * The private key to be used for signing the certificate * request. * @param req * The certificate request * @param new_cert * This parameter will contain the signed certficate upon * success. * @param seconds * The number of seconds the new cert is going to be * valid. The validity should not exceed that of the issuing * key pair. If this parameter is 0 the generated cert will * have the same lifetime as the issuing key pair. * @param extensions * Extensions to be placed in the new certificate. * @param limited_proxy * If this value is non zero the resulting cert will be a * limited proxy. * * @return * This functions returns 0 upon success, 1 upon failure. It * will also place a more detailed error on an error stack. */ int PRIVATE proxy_sign( X509 * user_cert, EVP_PKEY * user_private_key, X509_REQ * req, X509 ** new_cert, int seconds, STACK_OF(X509_EXTENSION) * extensions, int limited_proxy, int proxyver, const char * newdn, const char * newissuer, int pastproxy, const char * newserial, int selfsigned ) { char * newcn; X509_NAME * subject_name = NULL; X509_NAME * issuer_name = NULL; int rc = 0; unsigned char md[SHA_DIGEST_LENGTH]; unsigned int len; EVP_MD const* sig_algo; sig_algo = EVP_get_digestbynid(X509_REQ_get_signature_nid(req)); if (sig_algo == NULL) sig_algo = EVP_sha1(); if(proxyver>=3) { unsigned sub_hash; EVP_MD const* cn_sig_algo; EVP_PKEY* req_public_key; cn_sig_algo = EVP_sha1(); req_public_key = X509_REQ_get_pubkey(req); #ifdef TYPEDEF_I2D_OF ASN1_digest((i2d_of_void*)i2d_PUBKEY, cn_sig_algo, (char *) req_public_key, md, &len); #else ASN1_digest(i2d_PUBKEY, cn_sig_algo, (char *) req_public_key, md, &len); #endif EVP_PKEY_free(req_public_key); sub_hash = md[0] | md[1] << 8 | md[2] << 16 | md[3] << 24; newcn = snprintf_wrap("%u", sub_hash); newserial = snprintf_wrap("%x", sub_hash); } else { if(limited_proxy) newcn = "limited proxy"; else newcn = "proxy"; } if (newdn == NULL) { if(proxy_construct_name( user_cert, &subject_name, newcn, -1)) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_PROCESS_SIGN); if (proxyver >= 3) { free(newcn); free((void*)newserial); } return 1; } } else subject_name = make_DN(newdn); if (newissuer) issuer_name = make_DN(newissuer); else issuer_name = NULL; if(proxy_sign_ext(user_cert, user_private_key, sig_algo, req, new_cert, subject_name, issuer_name, seconds, extensions, proxyver, pastproxy, newserial, selfsigned)) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_PROCESS_SIGN); rc = 1; } X509_NAME_free(subject_name); if (issuer_name) X509_NAME_free(issuer_name); if (proxyver >= 3) { free(newcn); free((void*)newserial); } return rc; } /** * Sign a certificate request * * This function signs the given certificate request. Before signing * the certificate the certificate's subject and issuer names may be * replaced and extensions may be added to the certificate. * * @param user_cert * A certificate to be used for lifetime and serial number * information if that information isn't provided. * @param user_private_key * The private key to be used for signing the certificate * request. * @param method * The method to employ for signing * @param req * The certificate request * @param new_cert * This parameter will contain the signed certficate upon * success. * @param subject_name * The subject name to be used for the new certificate. If no * subject name is provided the subject name in the certificate * request will remain untouched. * @param issuer_name * The issuer name to be used for the new certificate. If no * issuer name is provided the issuer name will be set to the * subject name of the user cert. * @param seconds * The number of seconds the new cert is going to be * valid. The validity should not exceed that of the issuing * key pair. If this parameter is 0 the generated cert will * have the same lifetime as the issuing key pair. * @param serial_num * The serial number to be used for the new cert. If this * parameter is 0 the serial number of the user_cert is used. * @param extensions * Extensions to be placed in the new certificate. * * @return * This functions returns 0 upon success, 1 upon failure. It * will also place a more detailed error on an error stack. */ int PRIVATE proxy_sign_ext( X509 * user_cert, EVP_PKEY * user_private_key, const EVP_MD * method, X509_REQ * req, X509 ** new_cert, X509_NAME * subject_name, X509_NAME * issuer_name, int seconds, STACK_OF(X509_EXTENSION) *extensions, int proxyver, int pastproxy, const char *newserial, int selfsigned) { EVP_PKEY * new_public_key = NULL; EVP_PKEY * tmp_public_key = NULL; time_t time_diff, time_now, time_after; ASN1_UTCTIME * asn1_time = NULL; int i; unsigned int len; EVP_MD const* sig_algo; sig_algo = EVP_sha1(); *new_cert = NULL; if ((new_public_key=X509_REQ_get_pubkey(req)) == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_MALFORM_REQ); goto err; } i = X509_REQ_verify(req,new_public_key); EVP_PKEY_free(new_public_key); new_public_key = NULL; if (i < 0) { PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_SIG_VERIFY); goto err; } if (i == 0) { PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_SIG_BAD); goto err; } /* signature ok. */ if ((*new_cert = X509_new()) == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_PROCESS_PROXY); goto err; } /* set the subject name */ if(subject_name && !X509_set_subject_name(*new_cert,subject_name)) { PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_PROCESS_PROXY); goto err; } /* DEE? will use same serial number, this may help * with revocations, or may cause problems. */ if (newserial) { BIGNUM *bn = NULL; if (BN_hex2bn(&bn, newserial) != 0) { ASN1_INTEGER *a_int = BN_to_ASN1_INTEGER(bn, NULL); BN_free(bn); /* Note: The a_int == NULL case is handled below. */ X509_set_serialNumber(*new_cert, a_int); ASN1_INTEGER_free(a_int); } } else if (proxyver > 2) { unsigned char md[SHA_DIGEST_LENGTH + 1]; ASN1_INTEGER_free(X509_get_serialNumber(*new_cert)); new_public_key = X509_REQ_get_pubkey(req); #ifdef TYPEDEF_I2D_OF ASN1_digest((i2d_of_void*)i2d_PUBKEY, sig_algo, (char *) new_public_key, md, &len); #else ASN1_digest(i2d_PUBKEY, sig_algo, (char *) new_public_key, md, &len); #endif md[len] = '\0'; EVP_PKEY_free(new_public_key); new_public_key = NULL; BIGNUM* bn = NULL; if (BN_hex2bn(&bn, (char*)md) != 0) { ASN1_INTEGER *a_int = BN_to_ASN1_INTEGER(bn, NULL); BN_free(bn); X509_set_serialNumber(*new_cert, a_int); ASN1_INTEGER_free(a_int); } } else if (selfsigned) { ASN1_INTEGER *a_int = ASN1_INTEGER_new(); if (a_int) { ASN1_INTEGER_set(a_int, 1); X509_set_serialNumber(*new_cert, a_int); ASN1_INTEGER_free(a_int); } else goto err; } else { ASN1_INTEGER *a_int = ASN1_INTEGER_dup(X509_get0_serialNumber(user_cert)); X509_set_serialNumber(*new_cert, a_int); ASN1_INTEGER_free(a_int); } /* set the issuer name */ if (issuer_name) { if(!X509_set_issuer_name(*new_cert,issuer_name)) { PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_PROCESS_PROXY); goto err; } } else { if(!X509_set_issuer_name(*new_cert,X509_get_subject_name(user_cert))) { PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_PROCESS_PROXY); goto err; } } /* Allow for a five minute clock skew here. */ X509_gmtime_adj(X509_get_notBefore(*new_cert),-5*60 -pastproxy); /* DEE? should accept an seconds parameter, and set to min of * hours or the ucert notAfter * for now use seconds if not zero. */ if (selfsigned) { X509_gmtime_adj(X509_get_notAfter(*new_cert),(long) seconds - pastproxy); } else { /* doesn't create a proxy longer than the user cert */ asn1_time = ASN1_UTCTIME_new(); X509_gmtime_adj(asn1_time, -pastproxy); time_now = ASN1_UTCTIME_mktime(asn1_time); ASN1_UTCTIME_free(asn1_time); time_after = ASN1_UTCTIME_mktime(X509_get_notAfter(user_cert)); time_diff = time_after - time_now; if(time_diff > (seconds - pastproxy)) { X509_gmtime_adj(X509_get_notAfter(*new_cert),(long) seconds - pastproxy); } else { int ret = X509_set1_notAfter(*new_cert, X509_get0_notAfter(user_cert)); assert(ret == 1 && "X509_set1_notAfter failed"); } } /* transfer the public key from req to new cert */ { EVP_PKEY* const pub_key = X509_REQ_get_pubkey(req); assert(pub_key && "X509_REQ_get0_pubkey failed"); int const ret = X509_set_pubkey(*new_cert, pub_key); assert(ret == 1 && "X509_set_pubkey failed"); EVP_PKEY_free(pub_key); } /* * We can now add additional extentions here * such as to control the usage of the cert */ { int const ret = X509_set_version(*new_cert, 2L); assert(ret == 1 && "X509_set_version failed"); } /* Add extensions provided by the client */ /* TODO: who frees extensions? */ if (extensions) { for (i=0; imagicnum = PVD_MAGIC_NUMBER; /* used for debuging */ pvd->flags = 0; pvd->previous = NULL; pvd->pvxd = pvxd; pvd->proxy_depth = 0; pvd->cert_depth = 0; pvd->cert_chain = NULL; pvd->limited_proxy = 0; pvd->multiple_limited_proxy_ok = 0; pvd->cert_store = NULL; pvd->recursive_depth = 0; } /********************************************************************** Function: proxy_verify_ctx_init() Description: Parameters: Returns: **********************************************************************/ void proxy_verify_ctx_init( proxy_verify_ctx_desc * pvxd) { pvxd->magicnum = PVXD_MAGIC_NUMBER; /* used for debuging */ pvxd->certdir = NULL; pvxd->goodtill = 0; } /********************************************************************** Function: proxy_verify_release() Description: Parameters: Returns: **********************************************************************/ void proxy_verify_release( proxy_verify_desc * pvd) { pvd->cert_chain = NULL; pvd->pvxd = NULL; } /********************************************************************** Function: proxy_verify_ctx_release() Description: Parameters: Returns: **********************************************************************/ void proxy_verify_ctx_release( proxy_verify_ctx_desc * pvxd) { if (pvxd->certdir) { free(pvxd->certdir); pvxd->certdir = NULL; } } #if SSLEAY_VERSION_NUMBER >= 0x0090600fL /********************************************************************** Function: proxy_app_verify_callback() Description: SSL callback which lets us do the x509_verify_cert ourself. We use this to set the ctx->check_issued routine so we can override some of the tests if needed. Parameters: Returns: Same as X509_verify_cert **********************************************************************/ int proxy_app_verify_callback(X509_STORE_CTX *ctx, UNUSED(void *empty)) { #if OPENSSL_VERSION_NUMBER < 0x10100000L ctx->check_issued = proxy_check_issued; #else X509_STORE_set_check_issued(X509_STORE_CTX_get0_store(ctx), proxy_check_issued); #endif #if defined(X509_V_FLAG_ALLOW_PROXY_CERTS) X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); #endif return X509_verify_cert(ctx); } #endif /* Ifdef out all extra code not needed for k5cert * This includes the OLDGAA */ #ifndef BUILD_FOR_K5CERT_ONLY /********************************************************************** Function: proxy_verify_name Description: Checks if the subject name is a proxy, and the issuer name is the same as the subject name, but without the proxy entry. Returns: -1 if there was an error 0 if not a proxy 1 if a proxy 2 if a limited proxy *********************************************************************/ int proxy_verify_name(X509* cert){ voms_cert_type_t cert_type; if (voms_get_cert_type(cert, &cert_type)) { return -1; } if (!VOMS_IS_PROXY(cert_type)) { return 0; } // If we reach this point, name checks on the proxy have // succeeded, and this is actually a proxy, inform OpenSSL // (is this still needed?) X509_set_proxy_flag(cert); X509_set_proxy_pathlen(cert, -1L); if (VOMS_IS_LIMITED_PROXY(cert_type)) { X509_set_proxy_pathlen(cert, 0L); return 2; } return 1; } int PRIVATE proxy_check_issued(UNUSED(X509_STORE_CTX * ctx), X509 * x, X509 * issuer) { int return_value; int return_code = 1; return_value = X509_check_issued(issuer, x); if (return_value != X509_V_OK) { return_code = 0; switch (return_value) { case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: if (proxy_verify_name(x) >= 1) { return_code = 1; } break; default: break; } } return return_code; } /********************************************************************** Function: proxy_verify_callback() Description: verify callback for SSL. Used to check that proxy certificates are only signed by the correct user, and used for debuging. Also on the server side, the s3_srvr.c code does not appear to save the peer cert_chain, like the client side does. We need these for additional proxies, so we need to copy the X509 to our own stack. Parameters: ok 1 then we are given one last chance to check this certificate. 0 then this certificate has failed, and ctx->error has the reason. We may want to override the failure. ctx the X509_STORE_CTX which has as a user arg, our proxy verify desc. Returns: 1 - Passed the tests 0 - failed. The x509_vfy.c will return a failed to caller. **********************************************************************/ int proxy_verify_callback( int ok, X509_STORE_CTX * ctx) { X509_OBJECT* obj = NULL; X509 * cert = NULL; X509 * prev_cert = NULL; X509_CRL * crl; X509_REVOKED * revoked; SSL * ssl = NULL; proxy_verify_desc * pvd; int itsaproxy = 0; int i; int ret; time_t goodtill; char * ca_policy_file_path = NULL; char * cert_dir = NULL; EVP_PKEY *key = NULL; int objset = 0; /* fetch proxy specific information */ if (!(pvd = (proxy_verify_desc *) X509_STORE_CTX_get_ex_data(ctx, PVD_STORE_EX_DATA_IDX))) { ssl = (SSL *)X509_STORE_CTX_get_app_data(ctx); if (ssl) pvd = (proxy_verify_desc *)SSL_get_ex_data(ssl, PVD_SSL_EX_DATA_IDX); } if (pvd) { if(pvd->magicnum != PVD_MAGIC_NUMBER) { PRXYerr(PRXYERR_F_VERIFY_CB, PRXYERR_R_BAD_MAGIC); return(0); } } if (!ok) { switch (X509_STORE_CTX_get_error(ctx)) { case X509_V_ERR_PATH_LENGTH_EXCEEDED: /* * Since OpenSSL does not know about proxies, * it will count them against the path length * So we will ignore the errors and do our * own checks later on, when we check the last * certificate in the chain we will check the chain. */ ok = 1; break; case X509_V_ERR_INVALID_CA: /* * This may happen since proxy issuers are not recognized as CAs * by OpenSSL */ prev_cert = sk_X509_value(X509_STORE_CTX_get_chain(ctx), X509_STORE_CTX_get_error_depth(ctx) -1); if (proxy_verify_name(prev_cert) > 0 && proxy_check_issued(ctx, X509_STORE_CTX_get_current_cert(ctx), prev_cert)){ ok = 1; } break; case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: if (proxy_verify_name(X509_STORE_CTX_get0_cert(ctx)) > 0) { if (check_critical_extensions(X509_STORE_CTX_get0_cert(ctx), 1)) /* Allows proxy specific extensions on proxies. */ ok = 1; } break; default: break; } /* if already failed, skip the rest, but add error messages */ if (!ok) { if (X509_STORE_CTX_get_error(ctx)==X509_V_ERR_CERT_NOT_YET_VALID) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CERT_NOT_YET_VALID); ERR_set_continue_needed(); } else if (X509_STORE_CTX_get_error(ctx)==X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_LOCAL_CA_UNKNOWN); ERR_set_continue_needed(); } else if (X509_STORE_CTX_get_error(ctx)==X509_V_ERR_CERT_HAS_EXPIRED) { PRXYerr(PRXYERR_F_VERIFY_CB, PRXYERR_R_REMOTE_CRED_EXPIRED); ERR_set_continue_needed(); } goto fail_verify; } X509_STORE_CTX_set_error(ctx,0); return(ok); } if (!pvd) return ok; /* * All of the OpenSSL tests have passed and we now get to * look at the certificate to verify the proxy rules, * and ca-signing-policy rules. We will also do a CRL check */ ret = proxy_verify_name(X509_STORE_CTX_get_current_cert(ctx)); if (ret < 0) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_BAD_PROXY_ISSUER); ERR_set_continue_needed(); X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_SIGNATURE_FAILURE); goto fail_verify; } else if (ret > 0) { /* Its a proxy */ if (ret == 2) { pvd->limited_proxy = 1; /* its a limited proxy */ if (X509_STORE_CTX_get_error_depth(ctx) && !pvd->multiple_limited_proxy_ok) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_LPROXY_MISSED_USED); ERR_set_continue_needed(); X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_SIGNATURE_FAILURE); goto fail_verify; } } pvd->proxy_depth++; itsaproxy = 1; } if (!itsaproxy) { obj = X509_OBJECT_new(); /** CRL checks **/ int n = 0; if (obj != NULL && X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_subject_name(X509_STORE_CTX_get0_current_issuer(ctx)), obj)) { objset = 1; crl = X509_OBJECT_get0_X509_CRL(obj); assert(crl != NULL && "X509_OBJECT_get0_X509_CRL failed"); /* verify the signature on this CRL */ key = X509_get_pubkey(X509_STORE_CTX_get0_current_issuer(ctx)); if (X509_CRL_verify(crl, key) <= 0) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CRL_SIGNATURE_FAILURE); ERR_set_continue_needed(); X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE); goto fail_verify; } /* Check date see if expired */ i = X509_cmp_current_time(X509_CRL_get0_nextUpdate(crl)); if (i == 0) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CRL_NEXT_UPDATE_FIELD); ERR_set_continue_needed(); X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD); goto fail_verify; } if (i < 0) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CRL_HAS_EXPIRED); ERR_set_continue_needed(); X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED); goto fail_verify; } /* check if this cert is revoked */ n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl)); for (i=0; ipvxd->goodtill == 0 || goodtill < pvd->pvxd->goodtill) { pvd->pvxd->goodtill = goodtill; } /* We need to make up a cert_chain if we are the server. * The ssl code does not save this as I would expect. * This is used to create a new proxy by delegation. */ pvd->cert_depth++; if (ca_policy_file_path != NULL) { free(ca_policy_file_path); } if (!check_critical_extensions(X509_STORE_CTX_get_current_cert(ctx), itsaproxy)) { PRXYerr(PRXYERR_F_VERIFY_CB, PRXYERR_R_UNKNOWN_CRIT_EXT); X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED); goto fail_verify; } /* * We ignored any path length restrictions above because * OpenSSL was counting proxies against the limit. * If we are on the last cert in the chain, we * know how many are proxies, so we can do the * path length check now. * See x509_vfy.c check_chain_purpose * all we do is substract off the proxy_dpeth */ if(X509_STORE_CTX_get_current_cert(ctx) == X509_STORE_CTX_get0_cert(ctx)) { for (i=0; i < sk_X509_num(X509_STORE_CTX_get0_chain(ctx)); i++) { cert = sk_X509_value(X509_STORE_CTX_get0_chain(ctx),i); if (((i - pvd->proxy_depth) > 1) && (X509_get_proxy_pathlen(cert) != -1) && ((i - pvd->proxy_depth) > (X509_get_proxy_pathlen(cert) + 1)) && (X509_get_extension_flags(cert) & EXFLAG_BCONS)) { X509_STORE_CTX_set_current_cert(ctx, cert); /* point at failing cert */ X509_STORE_CTX_set_error(ctx, X509_V_ERR_PATH_LENGTH_EXCEEDED); goto fail_verify; } } } EVP_PKEY_free(key); if (objset) { X509_OBJECT_free(obj); } return(ok); fail_verify: if (key) { EVP_PKEY_free(key); } if (objset) { X509_OBJECT_free(obj); } if (X509_STORE_CTX_get_current_cert(ctx)) { char *subject_s = NULL; char *issuer_s = NULL; subject_s = X509_NAME_oneline( X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),NULL,0); issuer_s = X509_NAME_oneline( X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)),NULL,0); int const error = X509_STORE_CTX_get_error(ctx); char const* const error_str = X509_verify_cert_error_string(error); switch (error) { case X509_V_OK: case X509_V_ERR_INVALID_PURPOSE: case X509_V_ERR_APPLICATION_VERIFICATION: ERR_add_error_data(9, ": ", error_str ? error_str : "", " [file=", ca_policy_file_path ? ca_policy_file_path : "UNKNOWN", ",subject=", subject_s ? subject_s : "UNKNOWN", ",issuer =", issuer_s ? issuer_s : "UNKNOWN", "]"); break; default: PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CB_CALLED_WITH_ERROR); ERR_add_error_data(7, ": ", error_str ? error_str : "", " [subject=", subject_s ? subject_s : "UNKNOWN", ",issuer=", issuer_s ? issuer_s : "UNKNOWN", "]"); } free(subject_s); free(issuer_s); } if (ca_policy_file_path != NULL) { free(ca_policy_file_path); } return(0); } /********************************************************************** Function: proxy_verify_cert_chain() Description: Parameters: Returns: **********************************************************************/ int PRIVATE proxy_verify_cert_chain( X509 * ucert, STACK_OF(X509) * cert_chain, proxy_verify_desc * pvd) { int retval = 0; X509_STORE * cert_store = NULL; X509_LOOKUP * lookup = NULL; X509_STORE_CTX* csc = NULL; X509 * xcert = NULL; X509 * scert = NULL; int cscinitialized = 0; scert = ucert; cert_store = X509_STORE_new(); X509_STORE_set_verify_cb(cert_store, proxy_verify_callback); #if SSLEAY_VERSION_NUMBER >= 0x0090600fL /* override the check_issued with our version */ X509_STORE_set_check_issued(cert_store, proxy_check_issued); #endif if (cert_chain != NULL) { int i =0; for (i=0;ipvxd->certdir,X509_FILETYPE_PEM); csc = X509_STORE_CTX_new(); X509_STORE_CTX_init(csc,cert_store,scert,NULL); cscinitialized = 1; X509_STORE_CTX_set_ex_data(csc, PVD_STORE_EX_DATA_IDX, (void *)pvd); #ifdef X509_V_FLAG_ALLOW_PROXY_CERTS X509_STORE_CTX_set_flags(csc, X509_V_FLAG_ALLOW_PROXY_CERTS); #endif if(!X509_verify_cert(csc)) { goto err; } } retval = 1; err: if (cscinitialized) X509_STORE_CTX_free(csc); if (cert_store) X509_STORE_free(cert_store); return retval; } #endif /* NO_PROXY_VERIFY_CALLBACK */ /********************************************************************** Function: proxy_get_filenames() Description: Gets the filenames for the various files used to store the cert, key, cert_dir and proxy. Environment variables to use: X509_CERT_DIR Directory of trusted certificates File names are hash values, see the SSLeay c_hash script. X509_CERT_FILE File of trusted certifiates X509_USER_PROXY File with a proxy certificate, key, and additional certificates to makeup a chain of certificates used to sign the proxy. X509_USER_CERT User long term certificate. X509_USER_KEY private key for the long term certificate. All of these are assumed to be in PEM form. If there is a X509_USER_PROXY, it will be searched first for the cert and key. If not defined, but a file /tmp/x509up_u is present, it will be used, otherwise the X509_USER_CERT and X509_USER_KEY will be used to find the certificate and key. If X509_USER_KEY is not defined, it will be assumed that the key is is the same file as the certificate. If windows, look in the registry HKEY_CURRENT_USER for the GSI_REGISTRY_DIR, then look for the x509_user_cert, etc. Then try $HOME/.globus/usercert.pem and $HOME/.globus/userkey.pem Unless it is being run as root, then look for /etc/grid-security/hostcert.pem and /etc/grid-security/hostkey.pem X509_CERT_DIR and X509_CERT_FILE can point to world readable shared director and file. One of these must be present. if not use $HOME/.globus/certificates or /etc/grid-security/certificates or $GLOBUS_DEPLOY_PATH/share/certificates or $GLOBUS_LOCATION/share/certificates or $GSI_DEPLOY_PATH/share/certificates or $GSI_INSTALL_PATH/share/certificates The file with the key must be owned by the user, and readable only by the user. This could be the X509_USER_PROXY, X509_USER_CERT or the X509_USER_KEY X509_USER_PROXY_FILE is used to generate the default proxy file name. In other words: proxy_get_filenames() is used by grid-proxy-init, wgpi, grid-proxy-info and Indirectly by gss_acquire_creds. For grid-proxy-init and wgpi, the proxy_in is 0, for acquire_creds its 1. This is used to signal how the proxy file is to be used, 1 for input 0 for output. The logic for output is to use the provided input parameter, registry, environment, or default name for the proxy. Wgpi calls this multiple times as the options window is updated. The file will be created if needed. The logic for input is to use the provided input parameter, registry, environment variable. But only use the default file if it exists, is owned by the user, and has something in it. But not when run as root. Then on input if there is a proxy, the user_cert and user_key are set to use the proxy. Smart card support using PKCS#11 is controled by the USE_PKCS11 flag. If the filename for the user key starts with SC: then it is assumed to be of the form SC:card:label where card is the name of a smart card, and label is the label of the key on the card. The card must be using Cryptoki (PKCS#11) This code has been developed using the DataKey implementation under Windows 95. This will allow the cert to have the same form, with the same label as well in the future. Parameters: Returns: **********************************************************************/ int proxy_get_filenames( int proxy_in, char ** p_cert_file, char ** p_cert_dir, char ** p_user_proxy, char ** p_user_cert, char ** p_user_key) { int status = -1; char * cert_file = NULL; char * cert_dir = NULL; char * user_proxy = NULL; char * user_cert = NULL; char * user_key = NULL; char * home = NULL; char * default_user_proxy = NULL; char * default_user_cert = NULL; char * default_user_key = NULL; char * default_cert_dir = NULL; char * installed_cert_dir = NULL; #ifdef WIN32 HKEY hkDir = NULL; char val_user_cert[512]; char val_user_key[512]; char val_user_proxy[512]; char val_cert_dir[512]; char val_cert_file[512]; LONG lval; DWORD type; #endif #ifdef WIN32 RegOpenKey(HKEY_CURRENT_USER,GSI_REGISTRY_DIR,&hkDir); #endif /* setup some default values */ if (p_cert_dir) { cert_dir = *p_cert_dir; } if (!cert_dir) { cert_dir = (char *)getenv(X509_CERT_DIR); } #ifdef WIN32 if (!cert_dir) { lval = sizeof(val_cert_dir)-1; if (hkDir && (RegQueryValueEx(hkDir,"x509_cert_dir",0,&type, val_cert_dir,&lval) == ERROR_SUCCESS)) { cert_dir = val_cert_dir; } } #endif if (p_cert_file) { cert_file = *p_cert_file; } if (!cert_file) { cert_file = (char *)getenv(X509_CERT_FILE); } #ifdef WIN32 if (!cert_file) { lval = sizeof(val_cert_file)-1; if (hkDir && (RegQueryValueEx(hkDir,"x509_cert_file",0,&type, val_cert_file,&lval) == ERROR_SUCCESS)) { cert_file = val_cert_file; } } #endif if (cert_dir == NULL) { /* * If ~/.globus/certificates exists, then use that */ home = getenv("HOME"); #ifndef WIN32 /* Under windows use c:\windows as default home */ if (!home) { home = "c:\\windows"; } #endif /* WIN32 */ if (home) { default_cert_dir = snprintf_wrap("%s%s%s", home, FILE_SEPERATOR, X509_DEFAULT_CERT_DIR); if (!default_cert_dir) { PRXYerr(PRXYERR_F_INIT_CRED, PRXYERR_R_OUT_OF_MEMORY); goto err; } if (checkstat(default_cert_dir) != 1) { /* default_cert_dir exists */ cert_dir = default_cert_dir; } } /* * Now check for host based default directory */ if (!cert_dir) { if (checkstat(X509_INSTALLED_HOST_CERT_DIR) != 1) { /* default_cert_dir exists */ cert_dir = X509_INSTALLED_HOST_CERT_DIR; } } if (!cert_dir) { /* * ...else look for (in order) * $GLOBUS_DEPLOY_PATH/share/certificates * $GLOBUS_LOCATION/share/certficates */ char *globus_location; globus_location = getenv("GLOBUS_DEPLOY_PATH"); if (!globus_location) { globus_location = getenv("GLOBUS_LOCATION"); } if (!globus_location) { globus_location = getenv("GSI_DEPLOY_PATH"); } if (!globus_location) { globus_location = getenv("GSI_INSTALL_PATH"); } if (globus_location) { installed_cert_dir = snprintf_wrap("%s%s%s", globus_location, FILE_SEPERATOR, X509_INSTALLED_CERT_DIR); if (!installed_cert_dir) { PRXYerr(PRXYERR_F_INIT_CRED, PRXYERR_R_OUT_OF_MEMORY); goto err; } /* * Previous code always set cert_dir to * default_cert_dir without checking for its * existance, so we'll also skip the existance * check here. */ cert_dir = installed_cert_dir; } } if (!cert_dir) { cert_dir = X509_INSTALLED_HOST_CERT_DIR; } } if (cert_dir) { if (checkstat(cert_dir) == 1) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROCESS_CERTS); ERR_add_error_data(2,"x509_cert_dir=",cert_dir); goto err; } } if (cert_file) { if (checkstat(cert_file) == 1) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROCESS_CERTS); ERR_add_error_data(2,"x509_cert_file=",cert_file); goto err; } } /* if X509_USER_PROXY is defined, use it for cert and key, * and for additional certs. * if not, and the default user_proxy file is present, * use it. * If not, get the X509_USER_CERT and X509_USER_KEY * if not, use ~/.globus/usercert.pem ~/.globus/userkey.pem */ if (p_user_proxy) { user_proxy = *p_user_proxy; } if (!user_proxy) { user_proxy = (char *)getenv(X509_USER_PROXY); } #ifdef WIN32 if (!user_proxy) { lval = sizeof(val_user_proxy)-1; if (hkDir && (RegQueryValueEx(hkDir,"x509_user_proxy",0,&type, val_user_proxy,&lval) == ERROR_SUCCESS)) { user_proxy = val_user_proxy; } } #endif if (!user_proxy && !getenv("X509_RUN_AS_SERVER")) { default_user_proxy = snprintf_wrap("%s%s%s%lu", DEFAULT_SECURE_TMP_DIR, FILE_SEPERATOR, X509_USER_PROXY_FILE, getuid()); if (!default_user_proxy) { PRXYerr(PRXYERR_F_INIT_CRED, PRXYERR_R_OUT_OF_MEMORY); goto err; } #ifndef WIN32 if ((!proxy_in || getuid() != 0) && checkstat(default_user_proxy) == 0) #endif { user_proxy = default_user_proxy; } } if (proxy_in && user_proxy) { user_cert = user_proxy; user_key = user_proxy; } else { if (!user_proxy && !proxy_in) { user_proxy = default_user_proxy; } if (p_user_cert) { user_cert = *p_user_cert; } if(!user_cert) { user_cert = (char *)getenv(X509_USER_CERT); } #ifdef WIN32 if (!user_cert) { lval = sizeof(val_user_cert)-1; if (hkDir && (RegQueryValueEx( hkDir, "x509_user_cert", 0, &type, val_user_cert,&lval) == ERROR_SUCCESS)) { user_cert = val_user_cert; } } #endif if (user_cert) { if (p_user_key) { user_key = *p_user_key; } if (!user_key) { user_key = (char *)getenv(X509_USER_KEY); } #ifdef WIN32 if (!user_key) { lval = sizeof(val_user_key)-1; if (hkDir && (RegQueryValueEx( hkDir, "x509_user_key", 0, &type, val_user_key,&lval) == ERROR_SUCCESS)) { user_key = val_user_key; } } #endif if (!user_key) { user_key = user_cert; } } else { #ifndef WIN32 if (getuid() == 0) { if (checkstat(X509_DEFAULT_HOST_CERT) != 1) { user_cert = X509_DEFAULT_HOST_CERT; } if (checkstat(X509_DEFAULT_HOST_KEY) != 1) { user_key = X509_DEFAULT_HOST_KEY; } } else #endif { if (!home) { home = getenv("HOME"); } if (!home) { #ifndef WIN32 PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_NO_HOME); goto err; #else home = "c:\\"; #endif } default_user_cert = snprintf_wrap("%s%s%s", home, FILE_SEPERATOR, X509_DEFAULT_USER_CERT); if (!default_user_cert) { PRXYerr(PRXYERR_F_INIT_CRED, PRXYERR_R_OUT_OF_MEMORY); goto err; } default_user_key = snprintf_wrap("%s%s%s", home,FILE_SEPERATOR, X509_DEFAULT_USER_KEY); if (!default_user_key) { PRXYerr(PRXYERR_F_INIT_CRED, PRXYERR_R_OUT_OF_MEMORY); goto err; } user_cert = default_user_cert; user_key = default_user_key; /* Support for pkcs12 credentials. */ { int fd = open(default_user_cert, O_RDONLY); if (fd >= 0) close(fd); else { /* Cannot open normal file -- look for pkcs12. */ char *certname = NULL; free(default_user_cert); free(default_user_key); certname = getenv("X509_USER_CRED"); if (!certname) { default_user_cert = snprintf_wrap("%s%s%s", home, FILE_SEPERATOR, X509_DEFAULT_USER_CERT_P12); if (!default_user_cert) { PRXYerr(PRXYERR_F_INIT_CRED, PRXYERR_R_OUT_OF_MEMORY); goto err; } if (checkstat(default_user_cert) != 0) { free(default_user_cert); default_user_cert = snprintf_wrap("%s%s%s", home, FILE_SEPERATOR, X509_DEFAULT_USER_CERT_P12_GT); } if (!default_user_cert) { PRXYerr(PRXYERR_F_INIT_CRED, PRXYERR_R_OUT_OF_MEMORY); goto err; } } else { default_user_cert = strndup(certname, strlen(certname)); if (!default_user_cert) { PRXYerr(PRXYERR_F_INIT_CRED, PRXYERR_R_OUT_OF_MEMORY); goto err; } } default_user_key = strndup(default_user_cert, strlen(default_user_cert)); if (!default_user_key) { PRXYerr(PRXYERR_F_INIT_CRED, PRXYERR_R_OUT_OF_MEMORY); goto err; } user_cert = default_user_cert; user_key = default_user_key; } } } } } status = 0; err: if (!status) { if (p_cert_file && cert_file && !(*p_cert_file)) { *p_cert_file = strdup(cert_file); } if (p_cert_dir && cert_dir && !(*p_cert_dir)) { *p_cert_dir = strdup(cert_dir); } if (p_user_proxy && user_proxy && !(*p_user_proxy)) { *p_user_proxy = strdup(user_proxy); } if (p_user_cert && user_cert && !(*p_user_cert)) { free(*p_user_cert); *p_user_cert = strdup(user_cert); } if (p_user_key && user_key && !(*p_user_key)) { free(*p_user_key); *p_user_key = strdup(user_key); } } #ifdef WIN32 if (hkDir) { RegCloseKey(hkDir); } #endif free(default_user_proxy); free(installed_cert_dir); free(default_cert_dir); free(default_user_cert); free(default_user_key); return status; } /********************************************************************** Function: proxy_load_user_cert() Description: loads the users cert. May need a pw callback for Smartcard PIN. May use a smartcard too. Parameters: Returns: **********************************************************************/ static int cert_load_pkcs12(BIO *bio, pem_password_cb *pw_cb, X509 **cert, EVP_PKEY **key, STACK_OF(X509) **chain) { PKCS12 *p12 = NULL; char *password = NULL; char buffer[1024]; int ret = 0; p12 = d2i_PKCS12_bio(bio, NULL); if (!p12) return 0; if (!PKCS12_verify_mac(p12, "", 0)) { int sz = 0; if (pw_cb) sz = pw_cb(buffer, 1024, 0, NULL); else if (EVP_read_pw_string(buffer, 1024, EVP_get_pw_prompt(), 0) != -1) sz = strlen(buffer); if (sz) password = buffer; else goto err; } else password=""; ret = PKCS12_parse(p12, password, key, cert, chain); err: memset(buffer, 0, 1024); if (p12) PKCS12_free(p12); return ret; } int PRIVATE proxy_load_user_cert_and_key_pkcs12(const char *user_cert, X509 **cert, STACK_OF(X509) **stack, EVP_PKEY **pkey, pem_password_cb *pw_cb) { BIO *bio = BIO_new_file(user_cert, "rb"); int res = cert_load_pkcs12(bio, pw_cb, cert, pkey, stack); BIO_free(bio); if (res) return 1; else { if (ERR_peek_error() == ERR_PACK(ERR_LIB_PEM,PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE)) { ERR_clear_error(); PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_INVALID_CERT); } else { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROCESS_CERT); } ERR_add_error_data(2, "\n File=", user_cert); return 0; } } int PRIVATE proxy_load_user_cert( const char * user_cert, X509 ** certificate, UNUSED(pem_password_cb * pw_cb), UNUSED(unsigned long * hSession)) { int status = -1; FILE * fp; /* Check arguments */ if (!user_cert) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROBLEM_USER_NOCERT_FILE); status = PRXYERR_R_PROBLEM_USER_NOCERT_FILE; ERR_add_error_data(1, "\n No certificate file found"); goto err; } if (!strncmp(user_cert,"SC:",3)) { #ifdef USE_PKCS11 char * cp; char * kp; int rc; cp = user_cert + 3; kp = strchr(cp,':'); if (kp == NULL) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROBLEM_USER_NOCERT_FILE); ERR_add_error_data(2, "\n SmartCard reference=", user_cert); status = PRXYERR_R_PROBLEM_USER_NOCERT_FILE; goto err; } kp++; /* skip the : */ if (*hSession == 0) { rc = sc_init(hSession, cp, NULL, NULL, CKU_USER, 0); if (rc) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROCESS_CERT); ERR_add_error_data( 1, "\n Failed to open session to smartcard"); status = PRXYERR_R_PROCESS_CERT; goto err; } } rc = sc_get_cert_obj_by_label(*hSession,kp, certificate); if (rc) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROCESS_CERT); ERR_add_error_data( 2, "\n Could not find certificate on smartcard, label=", kp); status = PRXYERR_R_PROCESS_CERT; goto err; } #else PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROCESS_CERT); ERR_add_error_data( 1, "\n Smartcard support not compiled with this program"); status = PRXYERR_R_PROCESS_CERT; goto err; /* * DEE? need to add a random number routine here, to use * the random number generator on the card */ #endif /* USE_PKCS11 */ } else { if((fp = fopen(user_cert,"rb")) == NULL) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROBLEM_USER_NOCERT_FILE); status = PRXYERR_R_PROBLEM_USER_NOCERT_FILE; ERR_add_error_data(2, "\n Cert File=", user_cert); goto err; } if (PEM_read_X509(fp, certificate, OPENSSL_PEM_CB(NULL,NULL)) == NULL) { if (ERR_peek_error() == ERR_PACK(ERR_LIB_PEM,PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE)) { ERR_clear_error(); PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_INVALID_CERT); status = PRXYERR_R_INVALID_CERT; } else { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROCESS_CERT); status = PRXYERR_R_PROCESS_CERT; } ERR_add_error_data(2, "\n File=", user_cert); fclose(fp); goto err; } fclose(fp); } status = 0; err: return status; } /********************************************************************** Function: proxy_load_user_key() Description: loads the users key. Assumes the cert has been loaded, and checks they match. May use a smartcard too. Parameters: Returns: an int specifying the error **********************************************************************/ int PRIVATE proxy_load_user_key( EVP_PKEY ** private_key, X509 * ucert, const char * user_key, pem_password_cb * pw_cb, UNUSED(unsigned long * hSession)) { int status = -1; FILE * fp; EVP_PKEY * ucertpkey; pem_password_cb * xpw_cb; if (!private_key) return 0; xpw_cb = pw_cb; #ifdef WIN32 if (!xpw_cb) { xpw_cb = read_passphrase_win32; } #endif /* Check arguments */ if (!user_key) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROBLEM_USER_NOKEY_FILE); status = PRXYERR_R_PROBLEM_USER_NOKEY_FILE; ERR_add_error_data(1,"\n No key file found"); goto err; } if (!strncmp(user_key,"SC:",3)) { #ifdef USE_PKCS11 char *cp; char *kp; int rc; cp = user_key + 3; kp = strchr(cp,':'); if (kp == NULL) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROBLEM_KEY_FILE); ERR_add_error_data(2,"\n SmartCard reference=",user_key); status = PRXYERR_R_PROBLEM_KEY_FILE; goto err; } kp++; /* skip the : */ if (*hSession == 0) { rc = sc_init(hSession, cp, NULL, NULL, CKU_USER, 0); if (rc) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROCESS_KEY); ERR_add_error_data( 1, "\n Failed to open session to smartcard"); status = PRXYERR_R_PROCESS_KEY; goto err; } } rc = sc_get_priv_key_obj_by_label(hSession,kp, private_key); if (rc) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROCESS_KEY); ERR_add_error_data( 2, "\n Could not find key on smartcard, label=", kp); status = PRXYERR_R_PROCESS_KEY; goto err; } #else PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROCESS_KEY); ERR_add_error_data( 1, "\n Smartcard support not compiled with this program"); status = PRXYERR_R_PROCESS_KEY; goto err; /* * DEE? could add a random number routine here, to use * the random number generator on the card */ #endif /* USE_PKCS11 */ } else { int keystatus; if ((fp = fopen(user_key,"rb")) == NULL) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROBLEM_USER_NOKEY_FILE); status = PRXYERR_R_PROBLEM_USER_NOKEY_FILE; ERR_add_error_data(2, "\n File=",user_key); goto err; } /* user key must be owned by the user, and readable * only be the user */ if ((keystatus = checkstat(user_key))) { if (keystatus == 4) { status = PRXYERR_R_USER_ZERO_LENGTH_KEY_FILE; PRXYerr(PRXYERR_F_INIT_CRED, PRXYERR_R_USER_ZERO_LENGTH_KEY_FILE); } else { status = PRXYERR_R_PROBLEM_KEY_FILE; PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROBLEM_KEY_FILE); } ERR_add_error_data(2, "\n File=", user_key); fclose(fp); goto err; } if (PEM_read_PrivateKey(fp, private_key, OPENSSL_PEM_CB(xpw_cb,NULL)) == NULL) { unsigned long error = ERR_peek_error(); fclose(fp); #ifdef PEM_F_PEM_DEF_CALLBACK if (error == ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD)) #else if (error == ERR_PACK(ERR_LIB_PEM, PEM_F_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD)) #endif { ERR_clear_error(); } #ifdef EVP_F_EVP_DECRYPTFINAL_EX else if (error == ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT)) #else else if (error == ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL, EVP_R_BAD_DECRYPT)) #endif { ERR_clear_error(); PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_WRONG_PASSPHRASE); status = PRXYERR_R_WRONG_PASSPHRASE; } else { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_PROCESS_KEY); ERR_add_error_data(2, "\n File=", user_key); status = PRXYERR_R_PROCESS_KEY; } goto err; } fclose(fp); } /* * check that the private key matches the certificate * Dont want a mixup of keys and certs * Will only check rsa type for now. */ if (ucert) { ucertpkey = X509_get_pubkey(ucert); int mismatch = 0; if (ucertpkey != NULL && EVP_PKEY_base_id(ucertpkey) == EVP_PKEY_base_id(*private_key)) { RSA* public_rsa = EVP_PKEY_get0_RSA(ucertpkey); if (public_rsa) { { /* add in key as random data too */ BIGNUM const* p; BIGNUM const* q; RSA_get0_factors(public_rsa, &p, &q); if(p != NULL) { RAND_add(p, /* awful hack; d is the first field */ BN_num_bytes(p), BN_num_bytes(p)); } if (q != NULL) { RAND_add(q, BN_num_bytes(q), BN_num_bytes(q)); } } { BIGNUM const* public_n; BIGNUM const* public_e; RSA* private_rsa = EVP_PKEY_get0_RSA(*private_key); RSA_get0_key(public_rsa, &public_n, &public_e, NULL); if (public_n != NULL && private_rsa != NULL) { BIGNUM const* private_n; BIGNUM const* private_e; RSA_get0_key(private_rsa, &private_n, &private_e, NULL); if (private_n != NULL && BN_num_bytes(private_n)) { if (BN_cmp(public_n, private_n)) { mismatch=1; } } else { int ret; BIGNUM* n = BN_dup(public_n); assert(n != NULL && "BN_dup failed"); BIGNUM* e = BN_dup(public_e); assert(e != NULL && "BN_dup failed"); ret = RSA_set0_key(private_rsa, n, e, NULL); assert(ret == 1 && "RSA_set0_key failed"); } } } } } else { mismatch=1; } EVP_PKEY_free(ucertpkey); if (mismatch) { PRXYerr(PRXYERR_F_INIT_CRED,PRXYERR_R_KEY_CERT_MISMATCH); status = PRXYERR_R_KEY_CERT_MISMATCH; goto err; } } status = 0; err: /* DEE need more cleanup */ return status; } /********************************************************************** Function: ASN1_UTCTIME_mktime() Description: SSLeay only has compare functions to the current So we define a convert to time_t from which we can do differences Much of this it taken from the X509_cmp_current_time() routine. Parameters: Returns: time_t **********************************************************************/ time_t PRIVATE ASN1_TIME_mktime(ASN1_TIME *ctm) { /* * note: ASN1_TIME, ASN1_UTCTIME, ASN1_GENERALIZEDTIME are different * typedefs of the same type. */ return ASN1_UTCTIME_mktime(ctm); } time_t PRIVATE ASN1_UTCTIME_mktime( ASN1_UTCTIME * ctm) { char *str; time_t offset; time_t newtime; char buff1[32]; char *p; int i; struct tm tm; int size = 0; switch (ctm->type) { case V_ASN1_UTCTIME: size=10; break; case V_ASN1_GENERALIZEDTIME: size=12; break; } p = buff1; i = ctm->length; str = (char *)ctm->data; if ((i < 11) || (i > 17)) { return 0; } memcpy(p,str,size); p += size; str += size; if ((*str == 'Z') || (*str == '-') || (*str == '+')) { *(p++)='0'; *(p++)='0'; } else { *(p++)= *(str++); *(p++)= *(str++); } *(p++) = 'Z'; *p = '\0'; if (*str == 'Z') { offset=0; } else { if ((*str != '+') && (str[5] != '-')) { return 0; } offset=((str[1]-'0')*10+(str[2]-'0'))*60; offset+=(str[3]-'0')*10+(str[4]-'0'); if (*str == '-') { offset=-offset; } } tm.tm_isdst = 0; int index = 0; if (ctm->type == V_ASN1_UTCTIME) { tm.tm_year = (buff1[index++]-'0')*10; tm.tm_year += (buff1[index++]-'0'); } else { tm.tm_year = (buff1[index++]-'0')*1000; tm.tm_year += (buff1[index++]-'0')*100; tm.tm_year += (buff1[index++]-'0')*10; tm.tm_year += (buff1[index++]-'0'); } if (tm.tm_year < 70) { tm.tm_year+=100; } if (tm.tm_year > 1900) { tm.tm_year -= 1900; } tm.tm_mon = (buff1[index++]-'0')*10; tm.tm_mon += (buff1[index++]-'0')-1; tm.tm_mday = (buff1[index++]-'0')*10; tm.tm_mday += (buff1[index++]-'0'); tm.tm_hour = (buff1[index++]-'0')*10; tm.tm_hour += (buff1[index++]-'0'); tm.tm_min = (buff1[index++]-'0')*10; tm.tm_min += (buff1[index++]-'0'); tm.tm_sec = (buff1[index++]-'0')*10; tm.tm_sec += (buff1[index]-'0'); /* * mktime assumes local time, so subtract off * timezone, which is seconds off of GMT. first * we need to initialize it with tzset() however. */ tzset(); #if defined(HAVE_TIMEGM) newtime = (timegm(&tm) + offset*60*60); #elif defined(HAVE_TIME_T_TIMEZONE) newtime = (mktime(&tm) + offset*60*60 - timezone); #elif defined(HAVE_TIME_T__TIMEZONE) newtime = (mktime(&tm) + offset*60*60 - _timezone); #else newtime = (mktime(&tm) + offset*60*60); #endif return newtime; } #ifdef CLASS_ADD /********************************************************************** Function: proxy_extension_class_add_create() Description: create a X509_EXTENSION for the class_add info. Parameters: A buffer and length. The date is added as ANS1_OCTET_STRING to an extension with the class_add OID. Returns: **********************************************************************/ X509_EXTENSION PRIVATE * proxy_extension_class_add_create( void * buffer, size_t length) { X509_EXTENSION * ex = NULL; ASN1_OBJECT * class_add_obj = NULL; ASN1_OCTET_STRING * class_add_oct = NULL; int crit = 0; if(!(class_add_obj = OBJ_nid2obj(OBJ_txt2nid("CLASSADD")))) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_CLASS_ADD_OID); goto err; } if(!(class_add_oct = ASN1_OCTET_STRING_new())) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_CLASS_ADD_EXT); goto err; } class_add_oct->data = buffer; class_add_oct->length = length; if (!(ex = X509_EXTENSION_create_by_OBJ(NULL, class_add_obj, crit, class_add_oct))) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_CLASS_ADD_EXT); goto err; } class_add_oct = NULL; return ex; err: if (class_add_oct) { ASN1_OCTET_STRING_free(class_add_oct); } if (class_add_obj) { ASN1_OBJECT_free(class_add_obj); } return NULL; } #endif int PRIVATE determine_filenames(char **cacert, char **certdir, char **outfile, char **certfile, char **keyfile, int noregen) { char *oldoutfile = NULL; if (noregen) { int modify = 0; if (*certfile == NULL && *keyfile == NULL) modify = 1; if (proxy_get_filenames(0, NULL, NULL, &oldoutfile, certfile, keyfile)) goto err; if (modify) { free(*certfile); free(*keyfile); *certfile = strdup(oldoutfile); *keyfile = oldoutfile; } else free(oldoutfile); if (proxy_get_filenames(0, cacert, certdir, outfile, certfile, keyfile)) goto err; } else if (proxy_get_filenames(0, cacert, certdir, outfile, certfile, keyfile)) goto err; return 1; err: return 0; } int load_credentials(const char *certname, const char *keyname, X509 **cert, STACK_OF(X509) **stack, EVP_PKEY **key, pem_password_cb *callback) { STACK_OF(X509) *chain = NULL; if (!certname) return 0; unsigned long hSession = 0; if (!strncmp(certname, "SC:", 3)) EVP_set_pw_prompt("Enter card pin:"); else EVP_set_pw_prompt("Enter GRID pass phrase for this identity:"); if (strcmp(certname + strlen(certname) - 4, ".p12")) { if(proxy_load_user_cert(certname, cert, callback, &hSession)) goto err; EVP_set_pw_prompt("Enter GRID pass phrase:"); if (keyname) { if (!strncmp(keyname, "SC:", 3)) EVP_set_pw_prompt("Enter card pin:"); if (proxy_load_user_key(key, *cert, keyname, callback, &hSession)) goto err; } if (stack && (strncmp(certname, "SC:", 3) && (!keyname || !strcmp(certname, keyname)))) { chain = sk_X509_new_null(); if (proxy_load_user_proxy(chain, certname) < 0) goto err; *stack = chain; } } else { if (!proxy_load_user_cert_and_key_pkcs12(certname, cert, stack, key, callback)) goto err; } return 1; err: if (chain) sk_X509_pop_free(chain, X509_free); if (cert) { X509_free(*cert); *cert = NULL; } if (key) { EVP_PKEY_free(*key); *key = NULL; } return 0; } int PRIVATE load_certificate_from_file(FILE *file, X509 **cert, STACK_OF(X509) **stack) { BIO *in = NULL; if (!cert) return 0; in = BIO_new_fp(file, BIO_NOCLOSE); if (in) { *cert = PEM_read_bio_X509(in, NULL, 0, NULL); if(!*cert) goto err; if (stack) { *stack = load_chain(in, 0); if (!(*stack)) goto err; } } BIO_free(in); return 1; err: BIO_free(in); if (cert) X509_free(*cert); if (stack) sk_X509_pop_free(*stack, X509_free); return 0; } STACK_OF(X509) *load_chain(BIO *in, char *certfile) { STACK_OF(X509_INFO) *sk=NULL; STACK_OF(X509) *stack=NULL, *ret=NULL; X509_INFO *xi; int first = 1; if(!(stack = sk_X509_new_null())) { if (certfile) printf("memory allocation failure\n"); goto end; } /* This loads from a file, a stack of x509/crl/pkey sets */ if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) { if (certfile) printf("error reading the file, %s\n",certfile); goto end; } /* scan over it and pull out the certs */ while (sk_X509_INFO_num(sk)) { /* skip first cert */ if (first) { first = 0; continue; } xi=sk_X509_INFO_shift(sk); if (xi->x509 != NULL) { sk_X509_push(stack,xi->x509); xi->x509=NULL; } X509_INFO_free(xi); } if(!sk_X509_num(stack)) { if (certfile) printf("no certificates in file, %s\n",certfile); sk_X509_free(stack); goto end; } ret=stack; end: sk_X509_INFO_free(sk); return(ret); } static char hextoint(char r, char s) { int v = 0; if (isxdigit(r) && isxdigit(s)) { v = hex2num(r); v <<= 4; v += hex2num(s); } return v; } static unsigned char *reencode_string(unsigned char *string, int *len) { unsigned char *temp = string; unsigned char *pos = string; char t = '\0'; char r = '\0'; *len = 0; while(*string) { switch (*string) { case '\\': t = *++string; if (t == '\\') { *pos++ = '\\'; ++(*len); } else if (isxdigit(t)) { r = *++string; *pos++ = hextoint(tolower(t), tolower(r)); ++(*len); ++string; } else { *pos++ = t; ++(*len); ++string; } break; default: ++(*len); *pos++ = *string++; break; } } return temp; } static X509_NAME *make_DN(const char *dnstring) { char *buffername = (char*)malloc(strlen(dnstring)+1); unsigned char *buffervalue = (unsigned char*)malloc(strlen(dnstring)+1); char *currentname; unsigned char *currentvalue; X509_NAME *name = NULL; int valuelen = 0; char next = 0; name = X509_NAME_new(); int status = 0; /* * 0 = looking for /type * 1 = looking for value */ do { switch (status) { case 0: /* Parse for /Name= */ currentname=buffername; while (*dnstring) { if (*dnstring == '\\') { *currentname++ = *++dnstring; if (*dnstring == '\0') { break; } dnstring++; } else if (*dnstring == '=') { *currentname='\0'; break; } else if (*dnstring == '\0') { break; } else *currentname++ = *dnstring++; } /* now, if *dnstring == '\0' then error; */ if (*dnstring == '\0') goto err; /* else, we got a type, now look for a value. */ status = 1; dnstring++; break; case 1: /* Parse for value */ currentvalue=buffervalue; while (*dnstring) { if (*dnstring == '\\') { next = *++dnstring; if (next == '\0') { break; } else if (next != '/') { *currentvalue++ = '\\'; *currentvalue++ = next; } else { *currentvalue++ = '/'; } dnstring++; } else if (*dnstring == '/') { *currentvalue='\0'; break; } else if (*dnstring == '\0') { *currentvalue='\0'; break; } else *currentvalue++ = *dnstring++; } *currentvalue='\0'; if (strlen((char*)buffervalue) == 0) goto err; /* Now we have both type and value. Add to the X509_NAME_ENTRY */ buffervalue = reencode_string(buffervalue, &valuelen); X509_NAME_add_entry_by_txt(name, buffername+1, /* skip initial '/' */ V_ASN1_APP_CHOOSE, buffervalue, valuelen, X509_NAME_entry_count(name), 0); status = 0; break; } } while (*dnstring); free(buffername); free(buffervalue); return name; err: free(buffername); free(buffervalue); X509_NAME_free(name); return NULL; } static int check_critical_extensions(X509 *cert, int itsaproxy) { int i = 0; ASN1_OBJECT *extension_obj; int nid; X509_EXTENSION *ex; int nid_pci3 = my_txt2nid(PROXYCERTINFO_OLD_OID); int nid_pci4 = my_txt2nid(PROXYCERTINFO_OID); STACK_OF(X509_EXTENSION) const* extensions = X509_get0_extensions(cert); for (i=0; i < sk_X509_EXTENSION_num(extensions); i++) { ex = (X509_EXTENSION *) sk_X509_EXTENSION_value(extensions,i); if(X509_EXTENSION_get_critical(ex)) { extension_obj = X509_EXTENSION_get_object(ex); nid = OBJ_obj2nid(extension_obj); if (itsaproxy) { if (nid != NID_basic_constraints && nid != NID_key_usage && nid != NID_ext_key_usage && nid != NID_netscape_cert_type && nid != NID_subject_key_identifier && nid != NID_authority_key_identifier && nid != nid_pci3 && nid != nid_pci4) { return 0; } } else { if (nid != NID_basic_constraints && nid != NID_key_usage && nid != NID_ext_key_usage && nid != NID_netscape_cert_type && nid != NID_subject_key_identifier && nid != NID_authority_key_identifier) { return 0; } } } } return 1; } voms-2.1.2/src/sslutils/voms_cert_type.c000066400000000000000000000162531477131364200203760ustar00rootroot00000000000000#include "config.h" #include "voms_cert_type.h" #include "sslutils.h" #include "openssl/asn1.h" #include "openssl/x509.h" #include "openssl/x509v3.h" #include #include #include #define LIMITED_PROXY_OID "1.3.6.1.4.1.3536.1.1.1.9" #define PROXYCERTINFO_OLD_OID "1.3.6.1.4.1.3536.1.222" #define NULL_STR "" static voms_result_t voms_validation_error_with_detail(int code, X509_NAME* subject, const char* detail) { char sub_buf[256]; PRXYerr(PRXYERR_F_VOMS_GET_CERT_TYPE,code); X509_NAME_oneline(subject,sub_buf,256); if (detail != NULL) { ERR_add_error_data(5, ": ", detail, " [subject: '", sub_buf, "']"); } else { ERR_add_error_data(3, "[subject: '", sub_buf, "']"); } return VOMS_ERROR; } static voms_result_t voms_validation_error(int code, X509_NAME* subject){ return voms_validation_error_with_detail(code, subject, NULL); } static X509_NAME_ENTRY* get_last_cn_entry_from_subject(X509_NAME* subject){ X509_NAME_ENTRY* ne = NULL; if (subject == NULL){ return NULL; } if ((ne = X509_NAME_get_entry(subject, X509_NAME_entry_count(subject) -1)) == NULL) { return NULL; } if (OBJ_cmp(X509_NAME_ENTRY_get_object(ne), OBJ_nid2obj(NID_commonName))){ return NULL; } return ne; } static voms_cert_type_t get_proxy_type(ASN1_OBJECT *policy_lang){ int policy_nid = OBJ_obj2nid(policy_lang); int limited_proxy_nid = OBJ_txt2nid(LIMITED_PROXY_OID); if (policy_nid == NID_id_ppl_inheritAll) { return VOMS_CERT_TYPE_IMPERSONATION_PROXY; } if (policy_nid == NID_Independent) { return VOMS_CERT_TYPE_INDEPENDENT_PROXY; } else if (policy_nid == limited_proxy_nid ) { return VOMS_CERT_TYPE_LIMITED_PROXY; } else { return VOMS_CERT_TYPE_RESTRICTED_PROXY; } } voms_result_t voms_get_cert_type(X509* cert, voms_cert_type_t* cert_type){ voms_result_t result = VOMS_SUCCESS; BASIC_CONSTRAINTS* bc_ext = NULL; X509_EXTENSION* ext = NULL; PROXY_CERT_INFO_EXTENSION *pci_ext = NULL; PROXY_POLICY *policy = NULL; ASN1_OBJECT *policy_lang = NULL; X509_NAME *subject = NULL; X509_NAME *expected_subject = NULL; X509_NAME_ENTRY *ne = NULL; X509_NAME_ENTRY *new_ne = NULL; ASN1_STRING *ne_data = NULL; int critical; int index = -1; *cert_type = VOMS_CERT_TYPE_EEC; subject = X509_get_subject_name(cert); if ((bc_ext = X509_get_ext_d2i(cert, NID_basic_constraints, &critical, &index)) && bc_ext->ca){ *cert_type = VOMS_CERT_TYPE_CA; goto exit; } if ((index=X509_get_ext_by_NID(cert, NID_proxyCertInfo,-1)) != -1 && (ext = X509_get_ext(cert,index)) && X509_EXTENSION_get_critical(ext)) { // Found RFC compliant proxy cert info extension, try to deserialize it if ((pci_ext = X509V3_EXT_d2i(ext)) == NULL) { result = voms_validation_error_with_detail( PRXYERR_R_NON_COMPLIANT_PROXY, subject, "PROXYCERTINFO conversion error"); goto exit; } if ((policy = pci_ext->proxyPolicy) == NULL) { result = voms_validation_error_with_detail( PRXYERR_R_NON_COMPLIANT_PROXY, subject, "Error accessing policy from PROXYCERTINFO extension"); goto exit; } if ((policy_lang = policy->policyLanguage) == NULL) { result = voms_validation_error_with_detail( PRXYERR_R_NON_COMPLIANT_PROXY, subject, "Error accessing policy language from PROXYCERTINFO extension"); goto exit; } *cert_type = VOMS_CERT_TYPE_RFC | get_proxy_type(policy_lang); if (X509_get_ext_by_NID(cert,NID_proxyCertInfo,index) != -1) { result = voms_validation_error_with_detail( PRXYERR_R_NON_COMPLIANT_PROXY, subject, "Muliple PROXYCERTINFO extensions found"); goto exit; } } else if ((index=X509_get_ext_by_NID(cert,OBJ_txt2nid(PROXYCERTINFO_OLD_OID),-1)) != -1 && (ext = X509_get_ext(cert,index)) && X509_EXTENSION_get_critical(ext)) { // Found GSI 3 proxy cert info extension, try to deserialize it if ((pci_ext = X509V3_EXT_d2i(ext)) == NULL) { result = voms_validation_error_with_detail( PRXYERR_R_NON_COMPLIANT_PROXY, subject, "Error converting DER encoded GSI_3 PROXYCERTINFO extension"); goto exit; } if ((policy = pci_ext->proxyPolicy) == NULL) { result = voms_validation_error_with_detail( PRXYERR_R_NON_COMPLIANT_PROXY, subject, "Error accessing policy from GSI_3 PROXYCERTINFO extension"); goto exit; } if ((policy_lang = policy->policyLanguage) == NULL) { result = voms_validation_error_with_detail( PRXYERR_R_NON_COMPLIANT_PROXY, subject, "Error accessing policy from GSI_3 PROXYCERTINFO extension"); goto exit; } *cert_type = VOMS_CERT_TYPE_GSI_3 | get_proxy_type(policy_lang); if (X509_get_ext_by_NID(cert,OBJ_txt2nid(PROXYCERTINFO_OLD_OID),index) != -1) { result = voms_validation_error_with_detail( PRXYERR_R_NON_COMPLIANT_PROXY, subject, "Muliple GSI_3 PROXYCERTINFO extensions found"); goto exit; } } else { // Check if we have a legacy GSI_2 proxy by looking // at the certificate subject subject = X509_get_subject_name(cert); if ((ne = get_last_cn_entry_from_subject(subject)) == NULL){ result = voms_validation_error( PRXYERR_R_ERROR_GETTING_CN_ENTRY, subject); goto exit; } ne_data = X509_NAME_ENTRY_get_data(ne); if (ne_data->length == 5 && !memcmp(ne_data->data,"proxy",5)) { *cert_type = VOMS_CERT_TYPE_GSI_2_PROXY; } else if (ne_data->length == 13 && !memcmp(ne_data->data,"limited proxy",13)) { *cert_type = VOMS_CERT_TYPE_GSI_2_LIMITED_PROXY; } } // Check proxy name if it's a proxy if (VOMS_IS_PROXY(*cert_type)) { if ((expected_subject = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL) { result = voms_validation_error( PRXYERR_R_ERROR_COPYING_SUBJECT, subject); goto exit; } subject = X509_get_subject_name(cert); if ((ne = get_last_cn_entry_from_subject(subject)) == NULL){ result = voms_validation_error( PRXYERR_R_ERROR_GETTING_CN_ENTRY, subject); goto exit; } ne_data = X509_NAME_ENTRY_get_data(ne); if ((new_ne = X509_NAME_ENTRY_create_by_NID( NULL, NID_commonName, ne_data->type, ne_data->data, -1)) == NULL){ result = voms_validation_error( PRXYERR_R_ERROR_BUILDING_SUBJECT, subject); goto exit; } if(!X509_NAME_add_entry(expected_subject, new_ne, X509_NAME_entry_count(expected_subject),0)) { result = voms_validation_error( PRXYERR_R_ERROR_BUILDING_SUBJECT, subject); goto exit; } if (X509_NAME_cmp(expected_subject,subject)) { result = voms_validation_error_with_detail( PRXYERR_R_NON_COMPLIANT_PROXY, subject, "Issuer name + proxy CN entry does not equal subject name"); goto exit; } } result = VOMS_SUCCESS; exit: if (bc_ext) { BASIC_CONSTRAINTS_free(bc_ext); } if (pci_ext) { PROXY_CERT_INFO_EXTENSION_free(pci_ext); } if (expected_subject) { X509_NAME_free(expected_subject); } if (new_ne) { X509_NAME_ENTRY_free(new_ne); } return result; } voms-2.1.2/src/sslutils/voms_cert_type.h000066400000000000000000000075661477131364200204120ustar00rootroot00000000000000#ifndef VOMS_CERT_TYPE_H #define VOMS_CERT_TYPE_H #ifdef __cplusplus extern "C" { #endif #include "openssl/x509.h" /** * This is shamelessly inspired by the Globus toolkit cert utils library * * https://github.com/globus/globus-toolkit/blob/globus_6_branch/gsi/cert_utils/source/library/globus_gsi_cert_utils_constants.h **/ typedef enum { VOMS_SUCCESS = 0, VOMS_ERROR = -1 } voms_result_t; typedef enum { VOMS_CERT_TYPE_UNKNOWN = 0, VOMS_CERT_TYPE_EEC = (1 << 0), VOMS_CERT_TYPE_CA = (1 << 1), VOMS_CERT_TYPE_GSI_2 = (1 << 2), VOMS_CERT_TYPE_GSI_3 = (1 << 3), VOMS_CERT_TYPE_RFC = (1 << 4), /** Supported certificate types mask **/ VOMS_CERT_TYPE_SUPPORTED_MASK = ( VOMS_CERT_TYPE_EEC | VOMS_CERT_TYPE_CA | VOMS_CERT_TYPE_GSI_2 | VOMS_CERT_TYPE_GSI_3 | VOMS_CERT_TYPE_RFC ), /** Proxy types */ VOMS_CERT_TYPE_IMPERSONATION_PROXY = (1 << 5), VOMS_CERT_TYPE_LIMITED_PROXY = (1 << 6), VOMS_CERT_TYPE_RESTRICTED_PROXY = (1 << 7), VOMS_CERT_TYPE_INDEPENDENT_PROXY = (1 << 8), /** Proxy types mask **/ VOMS_CERT_TYPE_PROXY_TYPE_MASK = ( VOMS_CERT_TYPE_IMPERSONATION_PROXY | VOMS_CERT_TYPE_LIMITED_PROXY | VOMS_CERT_TYPE_RESTRICTED_PROXY | VOMS_CERT_TYPE_INDEPENDENT_PROXY), VOMS_CERT_TYPE_GSI_3_IMPERSONATION_PROXY = ( VOMS_CERT_TYPE_GSI_3 | VOMS_CERT_TYPE_INDEPENDENT_PROXY), VOMS_CERT_TYPE_GSI_3_INDEPENDENT_PROXY = (VOMS_CERT_TYPE_GSI_3 | VOMS_CERT_TYPE_INDEPENDENT_PROXY), /** A X.509 Proxy Certificate Profile (pre-RFC) compliant * limited proxy */ VOMS_CERT_TYPE_GSI_3_LIMITED_PROXY = (VOMS_CERT_TYPE_GSI_3 | VOMS_CERT_TYPE_LIMITED_PROXY), /** A X.509 Proxy Certificate Profile (pre-RFC) compliant * restricted proxy */ VOMS_CERT_TYPE_GSI_3_RESTRICTED_PROXY = (VOMS_CERT_TYPE_GSI_3 | VOMS_CERT_TYPE_RESTRICTED_PROXY), /** A legacy Globus impersonation proxy */ VOMS_CERT_TYPE_GSI_2_PROXY = (VOMS_CERT_TYPE_GSI_2 | VOMS_CERT_TYPE_IMPERSONATION_PROXY), /** A legacy Globus limited impersonation proxy */ VOMS_CERT_TYPE_GSI_2_LIMITED_PROXY = (VOMS_CERT_TYPE_GSI_2 | VOMS_CERT_TYPE_LIMITED_PROXY), /** A X.509 Proxy Certificate Profile RFC compliant impersonation proxy */ VOMS_CERT_TYPE_RFC_IMPERSONATION_PROXY = (VOMS_CERT_TYPE_RFC | VOMS_CERT_TYPE_IMPERSONATION_PROXY), /** A X.509 Proxy Certificate Profile RFC compliant independent proxy */ VOMS_CERT_TYPE_RFC_INDEPENDENT_PROXY = (VOMS_CERT_TYPE_RFC | VOMS_CERT_TYPE_INDEPENDENT_PROXY), /** A X.509 Proxy Certificate Profile RFC compliant limited proxy */ VOMS_CERT_TYPE_RFC_LIMITED_PROXY = (VOMS_CERT_TYPE_RFC | VOMS_CERT_TYPE_LIMITED_PROXY), /** A X.509 Proxy Certificate Profile RFC compliant restricted proxy */ VOMS_CERT_TYPE_RFC_RESTRICTED_PROXY = (VOMS_CERT_TYPE_RFC | VOMS_CERT_TYPE_RESTRICTED_PROXY) } voms_cert_type_t; #define VOMS_IS_PROXY(cert_type) \ ((cert_type & VOMS_CERT_TYPE_PROXY_TYPE_MASK) != 0) #define VOMS_IS_RFC_PROXY(cert_type) \ (((cert_type & VOMS_CERT_TYPE_PROXY_TYPE_MASK) != 0) && \ ((cert_type & VOMS_CERT_TYPE_RFC) != 0)) #define VOMS_IS_GSI_3_PROXY(cert_type) \ (((cert_type & VOMS_CERT_TYPE_PROXY_TYPE_MASK) != 0) && \ ((cert_type & VOMS_CERT_TYPE_GSI_3) != 0)) #define VOMS_IS_GSI_2_PROXY(cert_type) \ (((cert_type & VOMS_CERT_TYPE_PROXY_TYPE_MASK) != 0) && \ ((cert_type & VOMS_CERT_TYPE_GSI_2) != 0)) #define VOMS_IS_INDEPENDENT_PROXY(cert_type) \ ((cert_type & VOMS_CERT_TYPE_INDEPENDENT_PROXY) != 0) #define VOMS_IS_RESTRICTED_PROXY(cert_type) \ ((cert_type & VOMS_CERT_TYPE_RESTRICTED_PROXY) != 0) #define VOMS_IS_LIMITED_PROXY(cert_type) \ ((cert_type & VOMS_CERT_TYPE_LIMITED_PROXY) != 0) #define VOMS_IS_IMPERSONATION_PROXY(cert_type) \ ((cert_type & VOMS_CERT_TYPE_IMPERSONATION_PROXY) != 0) voms_result_t voms_get_cert_type(X509* cert, voms_cert_type_t* cert_type); #ifdef __cplusplus } #endif #endif voms-2.1.2/src/sslutils/vomsproxy.h000066400000000000000000000063641477131364200174310ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_PROXY_H #define VOMS_PROXY_H #ifdef __cplusplus extern "C" { #endif #include #include #include #include "newformat.h" struct VOMSProxyArguments { X509_REQ *proxyrequest; char *proxyfilename; char *filename; AC **aclist; int proxyversion; char *data; int datalen; char *newsubject; int newsubjectlen; X509 *cert; EVP_PKEY *key; int bits; char *policyfile; char *policylang; char *policytext; int pathlength; int hours; int minutes; int limited; char *voID; void (*callback)(int, int, void*); STACK_OF(X509_EXTENSION) *extensions; STACK_OF(X509) *chain; int pastproxy; char *keyusage; char *netscape; char *exkusage; char *newissuer; char *newserial; int selfsigned; }; struct VOMSProxy { X509 *cert; STACK_OF(X509) *chain; EVP_PKEY *key; }; struct VOMSProxyArguments *VOMS_MakeProxyArguments(); void VOMS_FreeProxyArguments(struct VOMSProxyArguments *args); void VOMS_FreeProxy(struct VOMSProxy *proxy); struct VOMSProxy *VOMS_AllocProxy(); int VOMS_WriteProxy(const char *filename, struct VOMSProxy *proxy); struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, void **additional); X509_EXTENSION *CreateProxyExtension(char * name, char *data, int datalen, int crit); char *ProxyCreationError(int error, void *additional); #define PROXY_ERROR_IS_WARNING(error) (error >= 1000) #define PROXY_NO_ERROR 0 #define PROXY_ERROR_OPEN_FILE 1 #define PROXY_ERROR_STAT_FILE 2 #define PROXY_ERROR_OUT_OF_MEMORY 3 #define PROXY_ERROR_FILE_READ 4 #define PROXY_ERROR_UNKNOWN_BIT 5 #define PROXY_ERROR_UNKNOWN_EXTENDED_BIT 6 #define PROXY_WARNING_GSI_ASSUMED 1000 #define PROXY_WARNING_GENERIC_LANGUAGE_ASSUMED 1001 #ifdef __cplusplus } #endif #endif voms-2.1.2/src/utils/000077500000000000000000000000001477131364200144375ustar00rootroot00000000000000voms-2.1.2/src/utils/Makefile.am000066400000000000000000000030641477131364200164760ustar00rootroot00000000000000if BUILD_CLIENTS bin_PROGRAMS = \ voms-proxy-info \ voms-proxy-destroy \ voms-proxy-fake \ voms-verify AM_CPPFLAGS = \ -I$(top_srcdir)/src/api/ccapi \ -I$(top_srcdir)/src/include \ -I$(top_srcdir)/src/sslutils \ $(NO_GLOBUS_FLAGS) \ $(OPENSSL_CFLAGS) voms_proxy_info_SOURCES = \ voms_proxy_info.cc voms_proxy_info_LDADD = \ $(top_builddir)/src/api/ccapi/libvomsapi.la \ $(top_builddir)/src/replib/librep.la \ $(top_builddir)/src/sslutils/libssl_utils_nog.la \ $(OPENSSL_LIBS) \ $(EXPAT_LIBS) voms_proxy_destroy_SOURCES = \ voms_proxy_destroy.cc voms_proxy_destroy_LDADD = \ $(top_builddir)/src/api/ccapi/libvomsapi.la \ $(top_builddir)/src/sslutils/libssl_utils_nog.la \ $(top_builddir)/src/replib/librep.la \ $(OPENSSL_LIBS) \ $(EXPAT_LIBS) voms_verify_SOURCES = \ voms_verify.cc voms_verify_LDADD = \ $(top_builddir)/src/api/ccapi/libvomsapi.la \ $(top_builddir)/src/sslutils/libssl_utils_nog.la \ $(top_builddir)/src/replib/librep.la \ $(OPENSSL_LIBS) voms_proxy_fake_SOURCES = \ vomsfake.h \ vomsfake.cc \ vomsparser.c \ lex.yy.c EXTRA_DIST = vomsfake.y vomsparser.l vomsparser.h fakeparsertypes.h lexparse.h vomsfake.$(OBJEXT): vomsparser.h vomsparser.$(OBJEXT): vomsparser.h if REGENERATE_PARSERS vomsparser.h vomsparser.c: vomsfake.y $(YACC) -t -d -o vomsparser.c vomsfake.y lex.yy.c: vomsparser.l vomsparser.h $(LEX) vomsparser.l endif voms_proxy_fake_LDADD = \ $(top_builddir)/src/api/ccapi/libvomsapi.la \ $(top_builddir)/src/replib/librep.la \ $(top_builddir)/src/sslutils/libssl_utils_nog.la \ $(OPENSSL_LIBS) endif voms-2.1.2/src/utils/fakeparsertypes.h000066400000000000000000000032141477131364200200200ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_PARSERTYPES_H #define VOMS_PARSERTYPES_H typedef struct param { char *name; char *value; } PARAM; typedef struct paramlist { int current; PARAM **params; } PARAMLIST; typedef struct vo { char *voname; char *hostcert; char *hostkey; int fqansize; char **fqans; int gasize; char **gas; int vomslife; char *targets; char *uri; int newformat; char *pastac; PARAMLIST *params; char **extensions; int extsize; } VO; typedef struct volist { int current; VO **vos; } VOLIST; #endif voms-2.1.2/src/utils/lex.yy.c000066400000000000000000001324251477131364200160420ustar00rootroot00000000000000 #line 2 "lex.yy.c" #define YY_INT_ALIGNED short int /* A lexical scanner generated by flex */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 6 #define YY_FLEX_SUBMINOR_VERSION 4 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif /* First, we deal with platform-specific or compiler-specific issues. */ /* begin standard C headers. */ #include #include #include #include /* end standard C headers. */ /* flex integer type definitions */ #ifndef FLEXINT_H #define FLEXINT_H /* C99 systems have . Non-C99 systems may or may not. */ #if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L /* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, * if you want the limit (max/min) macros for int types. */ #ifndef __STDC_LIMIT_MACROS #define __STDC_LIMIT_MACROS 1 #endif #include typedef int8_t flex_int8_t; typedef uint8_t flex_uint8_t; typedef int16_t flex_int16_t; typedef uint16_t flex_uint16_t; typedef int32_t flex_int32_t; typedef uint32_t flex_uint32_t; #else typedef signed char flex_int8_t; typedef short int flex_int16_t; typedef int flex_int32_t; typedef unsigned char flex_uint8_t; typedef unsigned short int flex_uint16_t; typedef unsigned int flex_uint32_t; /* Limits of integral types. */ #ifndef INT8_MIN #define INT8_MIN (-128) #endif #ifndef INT16_MIN #define INT16_MIN (-32767-1) #endif #ifndef INT32_MIN #define INT32_MIN (-2147483647-1) #endif #ifndef INT8_MAX #define INT8_MAX (127) #endif #ifndef INT16_MAX #define INT16_MAX (32767) #endif #ifndef INT32_MAX #define INT32_MAX (2147483647) #endif #ifndef UINT8_MAX #define UINT8_MAX (255U) #endif #ifndef UINT16_MAX #define UINT16_MAX (65535U) #endif #ifndef UINT32_MAX #define UINT32_MAX (4294967295U) #endif #ifndef SIZE_MAX #define SIZE_MAX (~(size_t)0) #endif #endif /* ! C99 */ #endif /* ! FLEXINT_H */ /* begin standard C++ headers. */ /* TODO: this is always defined, so inline it */ #define yyconst const #if defined(__GNUC__) && __GNUC__ >= 3 #define yynoreturn __attribute__((__noreturn__)) #else #define yynoreturn #endif /* Returned upon end-of-file. */ #define YY_NULL 0 /* Promotes a possibly negative, possibly signed char to an * integer in range [0..255] for use as an array index. */ #define YY_SC_TO_UI(c) ((YY_CHAR) (c)) /* Enter a start condition. This macro really ought to take a parameter, * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ #define BEGIN (yy_start) = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ #define YY_START (((yy_start) - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ #define YY_NEW_FILE yyrestart( yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ #ifndef YY_BUF_SIZE #ifdef __ia64__ /* On IA-64, the buffer size is 16k, not 8k. * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. * Ditto for the __ia64__ case accordingly. */ #define YY_BUF_SIZE 32768 #else #define YY_BUF_SIZE 16384 #endif /* __ia64__ */ #endif /* The state buf must be large enough to hold one state per character in the main buffer. */ #define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) #ifndef YY_TYPEDEF_YY_BUFFER_STATE #define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif #ifndef YY_TYPEDEF_YY_SIZE_T #define YY_TYPEDEF_YY_SIZE_T typedef size_t yy_size_t; #endif extern int yyleng; extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 #define YY_LESS_LINENO(n) #define YY_LINENO_REWIND_TO(ptr) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ *yy_cp = (yy_hold_char); \ YY_RESTORE_YY_MORE_OFFSET \ (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) #define unput(c) yyunput( c, (yytext_ptr) ) #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { FILE *yy_input_file; char *yy_ch_buf; /* input buffer */ char *yy_buf_pos; /* current position in input buffer */ /* Size of input buffer in bytes, not including room for EOB * characters. */ int yy_buf_size; /* Number of characters read into yy_ch_buf, not including EOB * characters. */ int yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to * delete it. */ int yy_is_our_buffer; /* Whether this is an "interactive" input source; if so, and * if we're using stdio for input, then we want to use getc() * instead of fread(), to make sure we stop fetching input after * each newline. */ int yy_is_interactive; /* Whether we're considered to be at the beginning of a line. * If so, '^' rules will be active on the next match, otherwise * not. */ int yy_at_bol; int yy_bs_lineno; /**< The line count. */ int yy_bs_column; /**< The column count. */ /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process * then we mark the buffer as YY_EOF_PENDING, to indicate that we * shouldn't try reading from the input source any more. We might * still have a bunch of tokens to match, though, because of * possible backing-up. * * When we actually see the EOF, we change the status to "new" * (via yyrestart()), so that the user can continue scanning by * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 }; #endif /* !YY_STRUCT_YY_BUFFER_STATE */ /* Stack of input buffers. */ static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ static YY_BUFFER_STATE * yy_buffer_stack = NULL; /**< Stack as an array. */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". * * Returns the top of the stack, or NULL. */ #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ : NULL) /* Same as previous macro, but useful when we know that the buffer stack is not * NULL or when we need an lvalue. For internal use only. */ #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; static int yy_n_chars; /* number of characters read into yy_ch_buf */ int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = NULL; static int yy_init = 0; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches * instead of setting up a fresh yyin. A bit of a hack ... */ static int yy_did_buffer_switch_on_eof; void yyrestart ( FILE *input_file ); void yy_switch_to_buffer ( YY_BUFFER_STATE new_buffer ); YY_BUFFER_STATE yy_create_buffer ( FILE *file, int size ); void yy_delete_buffer ( YY_BUFFER_STATE b ); void yy_flush_buffer ( YY_BUFFER_STATE b ); void yypush_buffer_state ( YY_BUFFER_STATE new_buffer ); void yypop_buffer_state ( void ); static void yyensure_buffer_stack ( void ); static void yy_load_buffer_state ( void ); static void yy_init_buffer ( YY_BUFFER_STATE b, FILE *file ); #define YY_FLUSH_BUFFER yy_flush_buffer( YY_CURRENT_BUFFER ) YY_BUFFER_STATE yy_scan_buffer ( char *base, yy_size_t size ); YY_BUFFER_STATE yy_scan_string ( const char *yy_str ); YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, int len ); void *yyalloc ( yy_size_t ); void *yyrealloc ( void *, yy_size_t ); void yyfree ( void * ); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ if ( ! YY_CURRENT_BUFFER ){ \ yyensure_buffer_stack (); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer( yyin, YY_BUF_SIZE ); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ if ( ! YY_CURRENT_BUFFER ){\ yyensure_buffer_stack (); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer( yyin, YY_BUF_SIZE ); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) /* Begin user sect3 */ #define yywrap() (/*CONSTCOND*/1) #define YY_SKIP_YYWRAP typedef flex_uint8_t YY_CHAR; FILE *yyin = NULL, *yyout = NULL; typedef int yy_state_type; extern int yylineno; int yylineno = 1; extern char *yytext; #ifdef yytext_ptr #undef yytext_ptr #endif #define yytext_ptr yytext static yy_state_type yy_get_previous_state ( void ); static yy_state_type yy_try_NUL_trans ( yy_state_type current_state ); static int yy_get_next_buffer ( void ); static void yynoreturn yy_fatal_error ( const char* msg ); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ (yytext_ptr) = yy_bp; \ yyleng = (int) (yy_cp - yy_bp); \ (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; #define YY_NUM_RULES 8 #define YY_END_OF_BUFFER 9 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info { flex_int32_t yy_verify; flex_int32_t yy_nxt; }; static const flex_int16_t yy_accept[16] = { 0, 4, 4, 2, 2, 9, 5, 7, 6, 1, 4, 2, 3, 4, 2, 0 } ; static const YY_CHAR yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 1, 1, 1, 1, 1, 1, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 1, 1, 1, 1, 5, 1, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; static const YY_CHAR yy_meta[6] = { 0, 1, 1, 1, 2, 3 } ; static const flex_int16_t yy_base[19] = { 0, 0, 0, 10, 9, 12, 15, 15, 15, 15, 0, 0, 15, 0, 0, 15, 5, 7, 8 } ; static const flex_int16_t yy_def[19] = { 0, 15, 1, 16, 16, 15, 15, 15, 15, 15, 17, 18, 15, 17, 18, 0, 15, 15, 15 } ; static const flex_int16_t yy_nxt[21] = { 0, 6, 7, 8, 9, 10, 11, 11, 11, 14, 13, 14, 15, 12, 12, 5, 15, 15, 15, 15, 15 } ; static const flex_int16_t yy_chk[21] = { 0, 1, 1, 1, 1, 1, 16, 16, 16, 18, 17, 18, 5, 4, 3, 15, 15, 15, 15, 15, 15 } ; static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; extern int yy_flex_debug; int yy_flex_debug = 0; /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ #define REJECT reject_used_but_not_detected #define yymore() yymore_used_but_not_detected #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "vomsparser.l" #line 2 "vomsparser.l" /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include "fakeparsertypes.h" #include "vomsparser.h" #include "lexparse.h" #line 482 "lex.yy.c" #line 484 "lex.yy.c" #define INITIAL 0 #define STR 1 #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way * down here because we want the user's section 1 to have been scanned first. * The user has a chance to override it with an option. */ #include #endif #ifndef YY_EXTRA_TYPE #define YY_EXTRA_TYPE void * #endif static int yy_init_globals ( void ); /* Accessor methods to globals. These are made visible to non-reentrant scanners for convenience. */ int yylex_destroy ( void ); int yyget_debug ( void ); void yyset_debug ( int debug_flag ); YY_EXTRA_TYPE yyget_extra ( void ); void yyset_extra ( YY_EXTRA_TYPE user_defined ); FILE *yyget_in ( void ); void yyset_in ( FILE * _in_str ); FILE *yyget_out ( void ); void yyset_out ( FILE * _out_str ); int yyget_leng ( void ); char *yyget_text ( void ); int yyget_lineno ( void ); void yyset_lineno ( int _line_number ); /* Macros after this point can all be overridden by user definitions in * section 1. */ #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus extern "C" int yywrap ( void ); #else extern int yywrap ( void ); #endif #endif #ifndef YY_NO_UNPUT static void yyunput ( int c, char *buf_ptr ); #endif #ifndef yytext_ptr static void yy_flex_strncpy ( char *, const char *, int ); #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen ( const char * ); #endif #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput ( void ); #else static int input ( void ); #endif #endif /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE #ifdef __ia64__ /* On IA-64, the buffer size is 16k, not 8k */ #define YY_READ_BUF_SIZE 16384 #else #define YY_READ_BUF_SIZE 8192 #endif /* __ia64__ */ #endif /* Copy whatever the last rule matched to the standard output. */ #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ #define ECHO do { if (fwrite( yytext, (size_t) yyleng, 1, yyout )) {} } while (0) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, * is returned in "result". */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ int n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ if ( c == '\n' ) \ buf[n++] = (char) c; \ if ( c == EOF && ferror( yyin ) ) \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ else \ { \ errno=0; \ while ( (result = (int) fread(buf, 1, (yy_size_t) max_size, yyin)) == 0 && ferror(yyin)) \ { \ if( errno != EINTR) \ { \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ break; \ } \ errno=0; \ clearerr(yyin); \ } \ }\ \ #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - * we don't want an extra ';' after the "return" because that will cause * some compilers to complain about unreachable statements. */ #ifndef yyterminate #define yyterminate() return YY_NULL #endif /* Number of entries by which start-condition stack grows. */ #ifndef YY_START_STACK_INCR #define YY_START_STACK_INCR 25 #endif /* Report a fatal error. */ #ifndef YY_FATAL_ERROR #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif /* end tables serialization structures and prototypes */ /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL #define YY_DECL_IS_OURS 1 extern int yylex (void); #define YY_DECL int yylex (void) #endif /* !YY_DECL */ /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. */ #ifndef YY_USER_ACTION #define YY_USER_ACTION #endif /* Code executed at the end of each rule. */ #ifndef YY_BREAK #define YY_BREAK /*LINTED*/break; #endif #define YY_RULE_SETUP \ YY_USER_ACTION /** The main scanner function which does all the work. */ YY_DECL { yy_state_type yy_current_state; char *yy_cp, *yy_bp; int yy_act; if ( !(yy_init) ) { (yy_init) = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif if ( ! (yy_start) ) (yy_start) = 1; /* first start state */ if ( ! yyin ) yyin = stdin; if ( ! yyout ) yyout = stdout; if ( ! YY_CURRENT_BUFFER ) { yyensure_buffer_stack (); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer( yyin, YY_BUF_SIZE ); } yy_load_buffer_state( ); } { #line 40 "vomsparser.l" #line 704 "lex.yy.c" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { yy_cp = (yy_c_buf_p); /* Support of yytext. */ *yy_cp = (yy_hold_char); /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; yy_current_state = (yy_start); yy_match: do { YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 16 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; ++yy_cp; } while ( yy_base[yy_current_state] != 15 ); yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ yy_cp = (yy_last_accepting_cpos); yy_current_state = (yy_last_accepting_state); yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; do_action: /* This label is used only to access EOF actions. */ switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ *yy_cp = (yy_hold_char); yy_cp = (yy_last_accepting_cpos); yy_current_state = (yy_last_accepting_state); goto yy_find_action; case 1: YY_RULE_SETUP #line 41 "vomsparser.l" BEGIN(STR); YY_BREAK case 2: /* rule 2 can match eol */ YY_RULE_SETUP #line 43 "vomsparser.l" yylval.string = strdup(yytext); return STRING; YY_BREAK case 3: YY_RULE_SETUP #line 44 "vomsparser.l" BEGIN(INITIAL); YY_BREAK case 4: YY_RULE_SETUP #line 46 "vomsparser.l" yylval.string = strdup(yytext); return ID; YY_BREAK case 5: YY_RULE_SETUP #line 48 "vomsparser.l" return yytext[0]; YY_BREAK case 6: /* rule 6 can match eol */ YY_RULE_SETUP #line 50 "vomsparser.l" YY_BREAK case 7: YY_RULE_SETUP #line 51 "vomsparser.l" YY_BREAK case 8: YY_RULE_SETUP #line 53 "vomsparser.l" ECHO; YY_BREAK #line 803 "lex.yy.c" case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(STR): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ *yy_cp = (yy_hold_char); YY_RESTORE_YY_MORE_OFFSET if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position * of the first EOB in the buffer, since yy_c_buf_p will * already have been incremented past the NUL character * (since all states make transitions on EOB to the * end-of-buffer state). Contrast this with the test * in input(). */ if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) { /* This was really a NUL. */ yy_state_type yy_next_state; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have * yy_get_previous_state() go ahead and do it * for us because it doesn't know how to deal * with the possibility of jamming (and we don't * want to build jamming into it because then it * will run more slowly). */ yy_next_state = yy_try_NUL_trans( yy_current_state ); yy_bp = (yytext_ptr) + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ yy_cp = ++(yy_c_buf_p); yy_current_state = yy_next_state; goto yy_match; } else { yy_cp = (yy_c_buf_p); goto yy_find_action; } } else switch ( yy_get_next_buffer( ) ) { case EOB_ACT_END_OF_FILE: { (yy_did_buffer_switch_on_eof) = 0; if ( yywrap( ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up * yytext, we can now set up * yy_c_buf_p so that if some total * hoser (like flex itself) wants to * call the scanner after we return the * YY_NULL, it'll still work - another * YY_NULL will get returned. */ (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; } else { if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( ); yy_cp = (yy_c_buf_p); yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: (yy_c_buf_p) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; yy_current_state = yy_get_previous_state( ); yy_cp = (yy_c_buf_p); yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_find_action; } break; } default: YY_FATAL_ERROR( "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ } /* end of user's declarations */ } /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer * * Returns a code representing an action: * EOB_ACT_LAST_MATCH - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ static int yy_get_next_buffer (void) { char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; char *source = (yytext_ptr); int number_to_move, i; int ret_val; if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. */ return EOB_ACT_END_OF_FILE; } else { /* We matched some text prior to the EOB, first * process it. */ return EOB_ACT_LAST_MATCH; } } /* Try to read more data. */ /* First move last chars to start of buffer. */ number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr) - 1); for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; else { int num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; int yy_c_buf_p_offset = (int) ((yy_c_buf_p) - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { int new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; else b->yy_buf_size *= 2; b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ yyrealloc( (void *) b->yy_ch_buf, (yy_size_t) (b->yy_buf_size + 2) ); } else /* Can't grow it, we don't own it. */ b->yy_ch_buf = NULL; if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), (yy_n_chars), num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } if ( (yy_n_chars) == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; yyrestart( yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } else ret_val = EOB_ACT_CONTINUE_SCAN; if (((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ int new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc( (void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf, (yy_size_t) new_size ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); /* "- 2" to take care of EOB's */ YY_CURRENT_BUFFER_LVALUE->yy_buf_size = (int) (new_size - 2); } (yy_n_chars) += number_to_move; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; return ret_val; } /* yy_get_previous_state - get the state just before the EOB char was reached */ static yy_state_type yy_get_previous_state (void) { yy_state_type yy_current_state; char *yy_cp; yy_current_state = (yy_start); for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 16 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; } return yy_current_state; } /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) { int yy_is_jam; char *yy_cp = (yy_c_buf_p); YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 16 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; yy_is_jam = (yy_current_state == 15); return yy_is_jam ? 0 : yy_current_state; } #ifndef YY_NO_UNPUT static void yyunput (int c, char * yy_bp ) { char *yy_cp; yy_cp = (yy_c_buf_p); /* undo effects of setting up yytext */ *yy_cp = (yy_hold_char); if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ int number_to_move = (yy_n_chars) + 2; char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = (int) YY_CURRENT_BUFFER_LVALUE->yy_buf_size; if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; (yytext_ptr) = yy_bp; (yy_hold_char) = *yy_cp; (yy_c_buf_p) = yy_cp; } #endif #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void) #else static int input (void) #endif { int c; *(yy_c_buf_p) = (yy_hold_char); if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) /* This was really a NUL. */ *(yy_c_buf_p) = '\0'; else { /* need more input */ int offset = (int) ((yy_c_buf_p) - (yytext_ptr)); ++(yy_c_buf_p); switch ( yy_get_next_buffer( ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() * sees that we've accumulated a * token and flags that we need to * try matching the token before * proceeding. But for input(), * there's no matching to consider. * So convert the EOB_ACT_LAST_MATCH * to EOB_ACT_END_OF_FILE. */ /* Reset buffer status. */ yyrestart( yyin ); /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { if ( yywrap( ) ) return 0; if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); #else return input(); #endif } case EOB_ACT_CONTINUE_SCAN: (yy_c_buf_p) = (yytext_ptr) + offset; break; } } } c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ *(yy_c_buf_p) = '\0'; /* preserve yytext */ (yy_hold_char) = *++(yy_c_buf_p); return c; } #endif /* ifndef YY_NO_INPUT */ /** Immediately switch to a different input stream. * @param input_file A readable stream. * * @note This function does not reset the start condition to @c INITIAL . */ void yyrestart (FILE * input_file ) { if ( ! YY_CURRENT_BUFFER ){ yyensure_buffer_stack (); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer( yyin, YY_BUF_SIZE ); } yy_init_buffer( YY_CURRENT_BUFFER, input_file ); yy_load_buffer_state( ); } /** Switch to a different input buffer. * @param new_buffer The new input buffer. * */ void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) { /* TODO. We should be able to replace this entire function body * with * yypop_buffer_state(); * yypush_buffer_state(new_buffer); */ yyensure_buffer_stack (); if ( YY_CURRENT_BUFFER == new_buffer ) return; if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *(yy_c_buf_p) = (yy_hold_char); YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } YY_CURRENT_BUFFER_LVALUE = new_buffer; yy_load_buffer_state( ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ (yy_did_buffer_switch_on_eof) = 1; } static void yy_load_buffer_state (void) { (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; (yy_hold_char) = *(yy_c_buf_p); } /** Allocate and initialize an input buffer state. * @param file A readable stream. * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. * * @return the allocated buffer state. */ YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) { YY_BUFFER_STATE b; b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_buf_size = size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; yy_init_buffer( b, file ); return b; } /** Destroy the buffer. * @param b a buffer created with yy_create_buffer() * */ void yy_delete_buffer (YY_BUFFER_STATE b ) { if ( ! b ) return; if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) yyfree( (void *) b->yy_ch_buf ); yyfree( (void *) b ); } /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, * such as during a yyrestart() or at EOF. */ static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) { int oerrno = errno; yy_flush_buffer( b ); b->yy_input_file = file; b->yy_fill_buffer = 1; /* If b is the current buffer, then yy_init_buffer was _probably_ * called from yyrestart() or through yy_get_next_buffer. * In that case, we don't want to reset the lineno or column. */ if (b != YY_CURRENT_BUFFER){ b->yy_bs_lineno = 1; b->yy_bs_column = 0; } b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; errno = oerrno; } /** Discard all buffered characters. On the next scan, YY_INPUT will be called. * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. * */ void yy_flush_buffer (YY_BUFFER_STATE b ) { if ( ! b ) return; b->yy_n_chars = 0; /* We always need two end-of-buffer characters. The first causes * a transition to the end-of-buffer state. The second causes * a jam in that state. */ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; b->yy_buf_pos = &b->yy_ch_buf[0]; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; if ( b == YY_CURRENT_BUFFER ) yy_load_buffer_state( ); } /** Pushes the new state onto the stack. The new state becomes * the current state. This function will allocate the stack * if necessary. * @param new_buffer The new state. * */ void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) { if (new_buffer == NULL) return; yyensure_buffer_stack(); /* This block is copied from yy_switch_to_buffer. */ if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *(yy_c_buf_p) = (yy_hold_char); YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } /* Only push if top exists. Otherwise, replace top. */ if (YY_CURRENT_BUFFER) (yy_buffer_stack_top)++; YY_CURRENT_BUFFER_LVALUE = new_buffer; /* copied from yy_switch_to_buffer. */ yy_load_buffer_state( ); (yy_did_buffer_switch_on_eof) = 1; } /** Removes and deletes the top of the stack, if present. * The next element becomes the new top. * */ void yypop_buffer_state (void) { if (!YY_CURRENT_BUFFER) return; yy_delete_buffer(YY_CURRENT_BUFFER ); YY_CURRENT_BUFFER_LVALUE = NULL; if ((yy_buffer_stack_top) > 0) --(yy_buffer_stack_top); if (YY_CURRENT_BUFFER) { yy_load_buffer_state( ); (yy_did_buffer_switch_on_eof) = 1; } } /* Allocates the stack if it does not exist. * Guarantees space for at least one push. */ static void yyensure_buffer_stack (void) { yy_size_t num_to_alloc; if (!(yy_buffer_stack)) { /* First allocation is just for 2 elements, since we don't know if this * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) ); if ( ! (yy_buffer_stack) ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; (yy_buffer_stack_top) = 0; return; } if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ /* Increase the buffer to prepare for a possible push. */ yy_size_t grow_size = 8 /* arbitrary grow size */; num_to_alloc = (yy_buffer_stack_max) + grow_size; (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc ((yy_buffer_stack), num_to_alloc * sizeof(struct yy_buffer_state*) ); if ( ! (yy_buffer_stack) ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; } } /** Setup the input buffer state to scan directly from a user-specified character buffer. * @param base the character buffer * @param size the size in bytes of the character buffer * * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) { YY_BUFFER_STATE b; if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return NULL; b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); b->yy_buf_size = (int) (size - 2); /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; b->yy_is_our_buffer = 0; b->yy_input_file = NULL; b->yy_n_chars = b->yy_buf_size; b->yy_is_interactive = 0; b->yy_at_bol = 1; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; yy_switch_to_buffer( b ); return b; } /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. * @param yystr a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use * yy_scan_bytes() instead. */ YY_BUFFER_STATE yy_scan_string (const char * yystr ) { return yy_scan_bytes( yystr, (int) strlen(yystr) ); } /** Setup the input buffer state to scan the given bytes. The next call to yylex() will * scan from a @e copy of @a bytes. * @param yybytes the byte buffer to scan * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. * * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_bytes (const char * yybytes, int _yybytes_len ) { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; /* Get memory for full buffer, including space for trailing EOB's. */ n = (yy_size_t) (_yybytes_len + 2); buf = (char *) yyalloc( n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); for ( i = 0; i < _yybytes_len; ++i ) buf[i] = yybytes[i]; buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; b = yy_scan_buffer( buf, n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); /* It's okay to grow etc. this buffer, and we should throw it * away when we're done. */ b->yy_is_our_buffer = 1; return b; } #ifndef YY_EXIT_FAILURE #define YY_EXIT_FAILURE 2 #endif static void yynoreturn yy_fatal_error (const char* msg ) { fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* Redefine yyless() so it works in section 3 code. */ #undef yyless #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ yytext[yyleng] = (yy_hold_char); \ (yy_c_buf_p) = yytext + yyless_macro_arg; \ (yy_hold_char) = *(yy_c_buf_p); \ *(yy_c_buf_p) = '\0'; \ yyleng = yyless_macro_arg; \ } \ while ( 0 ) /* Accessor methods (get/set functions) to struct members. */ /** Get the current line number. * */ int yyget_lineno (void) { return yylineno; } /** Get the input stream. * */ FILE *yyget_in (void) { return yyin; } /** Get the output stream. * */ FILE *yyget_out (void) { return yyout; } /** Get the length of the current token. * */ int yyget_leng (void) { return yyleng; } /** Get the current token. * */ char *yyget_text (void) { return yytext; } /** Set the current line number. * @param _line_number line number * */ void yyset_lineno (int _line_number ) { yylineno = _line_number; } /** Set the input stream. This does not discard the current * input buffer. * @param _in_str A readable stream. * * @see yy_switch_to_buffer */ void yyset_in (FILE * _in_str ) { yyin = _in_str ; } void yyset_out (FILE * _out_str ) { yyout = _out_str ; } int yyget_debug (void) { return yy_flex_debug; } void yyset_debug (int _bdebug ) { yy_flex_debug = _bdebug ; } static int yy_init_globals (void) { /* Initialization is the same as for the non-reentrant scanner. * This function is called from yylex_destroy(), so don't allocate here. */ (yy_buffer_stack) = NULL; (yy_buffer_stack_top) = 0; (yy_buffer_stack_max) = 0; (yy_c_buf_p) = NULL; (yy_init) = 0; (yy_start) = 0; /* Defined in main.c */ #ifdef YY_STDINIT yyin = stdin; yyout = stdout; #else yyin = NULL; yyout = NULL; #endif /* For future reference: Set errno on error, since we are called by * yylex_init() */ return 0; } /* yylex_destroy is for both reentrant and non-reentrant scanners. */ int yylex_destroy (void) { /* Pop the buffer stack, destroying each element. */ while(YY_CURRENT_BUFFER){ yy_delete_buffer( YY_CURRENT_BUFFER ); YY_CURRENT_BUFFER_LVALUE = NULL; yypop_buffer_state(); } /* Destroy the stack itself. */ yyfree((yy_buffer_stack) ); (yy_buffer_stack) = NULL; /* Reset the globals. This is important in a non-reentrant scanner so the next time * yylex() is called, initialization will occur. */ yy_init_globals( ); return 0; } /* * Internal utility routines. */ #ifndef yytext_ptr static void yy_flex_strncpy (char* s1, const char * s2, int n ) { int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen (const char * s ) { int n; for ( n = 0; s[n]; ++n ) ; return n; } #endif void *yyalloc (yy_size_t size ) { return malloc(size); } void *yyrealloc (void * ptr, yy_size_t size ) { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter * because both ANSI C and C++ allow castless assignment from * any pointer type to void*, and deal with argument conversions * as though doing an assignment. */ return realloc(ptr, size); } void yyfree (void * ptr ) { free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ } #define YYTABLES_NAME "yytables" #line 53 "vomsparser.l" void yyerror(char const *s) { fprintf(stderr, "ERROR: %s\n",s); } voms-2.1.2/src/utils/lexparse.h000066400000000000000000000001511477131364200164300ustar00rootroot00000000000000/* Declarations for lexer/parser integration. */ union YYSTYPE; int yylex(); void yyerror(const char *); voms-2.1.2/src/utils/voms_proxy_destroy.cc000066400000000000000000000125731477131364200207540ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /* * No original header was present, but the still_valid() function was * adapted from original Globus code. */ /********************************************************************** Include header files **********************************************************************/ #include "config.h" #include "replace.h" #include const std::string SUBPACKAGE = "voms-proxy-destroy"; extern "C" { #include #include #include #include #include #include #include #include #include #include #include #ifdef USE_PKCS11 #include "scutils.h" #endif #include "sslutils.h" } #include "data.h" #include "options.h" #include bool debug = false; bool quiet = false; /********************************************************************** Define module specific variables **********************************************************************/ static bool delete_proxy(void); static int destroy_proxy(char *, bool); std::string program; static std::string file; static bool progversion = false; static bool dryrun = false; int main(int argc, char **argv) { if (strrchr(argv[0],'/')) program = strrchr(argv[0],'/') + 1; else program = argv[0]; static std::string LONG_USAGE = \ "\n" \ " Options\n" \ " -help, -usage Displays usage\n" \ " -version Displays version\n" \ " -debug Enables extra debug output\n" \ " -file Specifies proxy file name.\n" \ " -dry Only go in dryrun mode.\n" \ " -conf Load options from file .\n" \ " -q, -quiet Quiet mode, minimal output.\n" \ "\n"; set_usage(LONG_USAGE); struct option opts[] = { {"help", 0, NULL, OPT_HELP}, {"usage", 0, NULL, OPT_HELP}, {"version", 0, (int *)&progversion, OPT_BOOL}, {"file", 1, (int *)&file, OPT_STRING}, {"debug", 0, (int *)&debug, OPT_BOOL}, {"q", 0, (int *)&quiet, OPT_BOOL}, {"quiet", 0, (int *)&quiet, OPT_BOOL}, {"conf", 1, NULL, OPT_CONFIG}, {"dryrun", 1, (int *)&dryrun, OPT_BOOL}, {0, 0, 0, 0} }; if (!getopts(argc, argv, opts)) exit(1); if (progversion) { std::cout << SUBPACKAGE << "\nVersion: " << VERSION << std::endl; std::cout << "Compiled: " << __DATE__ << " " << __TIME__ << std::endl; exit(0); } return delete_proxy(); } /* * Function: * delete_proxy() * */ static bool delete_proxy(void) { char *of; #ifdef WIN32 CRYPTO_malloc_init(); #endif ERR_load_prxyerr_strings(0); SSLeay_add_ssl_algorithms(); /* * These 5 const_cast are allowed because proxy_get_filenames will * overwrite the pointers, not the data itself. */ of = (file.empty() ? NULL : strdup(const_cast(file.c_str()))); if (!determine_filenames(NULL, NULL, &of, NULL, NULL, 0)) { free(of); return 0; } int ret = destroy_proxy(of, dryrun); free(of); return ret; } static int real_write(int fd, char *buffer, int size) { int written = 0; int current = 0; do { written = write(fd, buffer + current, size - current); if (written >= 0) { current += written; } } while ((written > 0) && (current != size)); return (current == size ? size : -1); } int destroy_proxy(char *file, bool dry) { char delblock[100]; int fd = open(file, O_RDWR); if (fd != -1) { if (dry) { if (!quiet) std::cerr << "Would remove " << file << std::endl; close(fd); } else { memset(delblock, 0, 100); int size = lseek(fd, 0L, SEEK_END); lseek(fd, 0L, SEEK_SET); if (size > 0) { int num = size / 100; int rem = size % 100; while (num--) (void)real_write(fd, delblock, 100); if (rem) (void)real_write(fd, delblock, rem); } close(fd); remove(file); } } else { if (!quiet) std::cerr << "\nProxy file doesn't exist or has bad permissions\n" << std::endl; return 1; } return 0; } voms-2.1.2/src/utils/voms_proxy_info.cc000066400000000000000000000540551477131364200202170ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ /********************************************************************** Include header files **********************************************************************/ #include "config.h" #include "replace.h" extern "C" { #include #include #include #include #include #include #include #include #include #include #include #include "openssl/buffer.h" #include "openssl/crypto.h" #include "openssl/objects.h" #include "openssl/asn1.h" #include "openssl/evp.h" #include "openssl/x509.h" #include "openssl/x509v3.h" #include "openssl/pem.h" #include "openssl/ssl.h" #include "openssl/rsa.h" #include "openssl/conf.h" #include "openssl/stack.h" #include "openssl/opensslv.h" #ifdef USE_PKCS11 #include "scutils.h" #endif #include "sslutils.h" #include "newformat.h" #include "listfunc.h" #include "proxycertinfo.h" } extern int AC_Init(void); #include "data.h" #include "options.h" #include #include "voms_api.h" #include "normalize.h" #include #include #include #include #include #include bool debug = false; bool quiet = false; const std::string SUBPACKAGE = "voms-proxy-info"; /********************************************************************** Define module specific variables **********************************************************************/ static bool test_proxy(); static bool print(X509 *cert, STACK_OF(X509) *chain, vomsdata &vd); static STACK_OF(X509) *load_chain_from_file(char *certfile); static time_t stillvalid(ASN1_TIME *ctm); static const char *proxy_type(X509 *cert); static std::string getKeyUsage(X509 *cert); std::string program; #ifdef WIN32 static int getuid() { return 0;} #endif static std::string file; static bool progversion = false; static bool subject = false; static bool issuer = false; static bool identity = false; static bool type = false; static bool timeleft = false; static bool strength = false; static bool all = false; static bool path = false; static bool text = false; static bool vo = false; static bool fqan = false; static bool acsubject = false; static bool acissuer = false; static bool actimeleft = false; static bool defaultinfo = false; static bool exists = false; static std::string valid; static int hours = 0; static int minutes = 0; static int bits = 0; static std::vector acexists; static bool dochain = false; static bool serial = false; static bool dont_verify_ac = false; static bool targets = false; static bool included = false; static bool printuri = false; static bool keyusage = false; int main(int argc, char **argv) { InitProxyCertInfoExtension(1); if (strrchr(argv[0],'/')) program = strrchr(argv[0],'/') + 1; else program = argv[0]; static std::string LONG_USAGE = "\n\n" "Syntax: voms-proxy-info [-help][-file proxyfile][-subject][...][-exists [-hours H][-bits B][-valid H:M]]\n\n" " Options\n" " -help, -usage Displays usage\n" " -version Displays version\n" " -debug Displays debugging output\n" " -file Non-standard location of proxy\n" " -dont-verify-ac Skips AC verification\n" " [printoptions] Prints information about proxy and attribute certificate\n" " -exists [options] Returns 0 if valid proxy exists, 1 otherwise\n" " -acexists Returns 0 if AC exists corresponding to voname, 1 otherwise\n" " -conf Read options from file \n" " -included Print included file\n" "\n" " [printoptions]\n" " -chain Prints information about the whol proxy chain (CA excluded)\n" " -subject Distinguished name (DN) of proxy subject\n" " -issuer DN of proxy issuer (certificate signer)\n" " -identity DN of the identity represented by the proxy\n" " -type Type of proxy (full or limited)\n" " -timeleft Time (in seconds) until proxy expires\n" " -strength Key size (in bits)\n" " -all All proxy options in a human readable format\n" " -text All of the certificate\n" " -path Pathname of proxy file\n" " -vo Vo name\n" " -fqan Attribute in FQAN format" " -acsubject Distinguished name (DN) of AC subject\n" " -acissuer DN of AC issuer (certificate signer)\n" " -actimeleft Time (in seconds) until AC expires\n" " -serial AC serial number \n" " -uri Server URI\n" " -keyusage Print content of KeyUsage extension.\n" "\n" " [options to -exists] (if none are given, H = B = 0 are assumed)\n" " -valid H:M time requirement for proxy to be valid\n" " -hours H time requirement for proxy to be valid (deprecated, use -valid instead)\n" " -bits B strength requirement for proxy to be valid\n" "\n"; set_usage(LONG_USAGE); struct option opts[] = { {"help", 0, NULL, OPT_HELP}, {"usage", 0, NULL, OPT_HELP}, {"version", 0, (int *)&progversion, OPT_BOOL}, {"debug", 0, (int *)&debug, OPT_BOOL}, {"file", 1, (int *)&file, OPT_STRING}, {"exists", 1, (int *)&exists, OPT_BOOL}, {"acexists", 1, (int *)&acexists, OPT_MULTI}, {"chain", 0, (int *)&dochain, OPT_BOOL}, {"conf", 1, NULL, OPT_CONFIG}, {"subject", 1, (int *)&subject, OPT_BOOL}, {"issuer", 1, (int *)&issuer, OPT_BOOL}, {"identity", 1, (int *)&issuer, OPT_BOOL}, {"type", 1, (int *)&type, OPT_BOOL}, {"timeleft", 1, (int *)&timeleft, OPT_BOOL}, {"strength", 1, (int *)&strength, OPT_BOOL}, {"path", 1, (int *)&path, OPT_BOOL}, {"all", 1, (int *)&all, OPT_BOOL}, {"text", 1, (int *)&text, OPT_BOOL}, {"vo", 1, (int *)&vo, OPT_BOOL}, {"fqan", 1, (int *)&fqan, OPT_BOOL}, {"acsubject", 1, (int *)&acsubject, OPT_BOOL}, {"acissuer", 1, (int *)&acissuer, OPT_BOOL}, {"actimeleft", 1, (int *)&actimeleft, OPT_BOOL}, {"serial", 1, (int *)&serial, OPT_BOOL}, {"valid", 1, (int *)&valid, OPT_STRING}, {"bits", 1, &bits, OPT_NUM}, {"hours", 1, &hours, OPT_NUM}, {"dont-verify-ac", 0, (int *)&dont_verify_ac, OPT_BOOL}, {"targets", 0, (int *)&targets, OPT_BOOL}, {"included-file", 0, (int *)&included, OPT_BOOL}, {"uri", 0, (int *)&printuri, OPT_BOOL}, {"keyusage", 0, (int *)&keyusage, OPT_BOOL}, {0, 0, 0, 0} }; if (!getopts(argc, argv, opts)) exit(1); if (progversion) { std::cout << SUBPACKAGE << "\nVersion: " << VERSION << std::endl; std::cout << "Compiled: " << __DATE__ << " " << __TIME__ << std::endl; exit(0); } if (getenv("VOMS_PROXY_INFO_DONT_VERIFY_AC") != NULL) { dont_verify_ac = true; } AC_Init(); if(!subject && !issuer && !type && !timeleft && !strength && !path && !text && !vo && !fqan && !acsubject && ! acissuer && !actimeleft && !serial && !exists && !targets && !included && !printuri && acexists.empty()) defaultinfo = true; // exists ..... if(exists) { if(!valid.empty()) { /* parse valid option */ std::string::size_type pos = valid.find(':'); if (pos != std::string::npos && pos > 0) { if (hours==0) { hours = atoi(valid.substr(0, pos).c_str()); minutes = atoi(valid.substr(pos+1).c_str()); } } else std::cerr << "value must be in the format: H:M" << std::endl; if (minutes < 0 || minutes >60) std::cerr << "specified minutes must be in the range 0-60" << std::endl; } } return !test_proxy(); } int numbits(X509 *cert) { EVP_PKEY *key = X509_extract_key(cert); int bits = 8 * EVP_PKEY_size(key); EVP_PKEY_free(key); return bits; } static const char *findlast(const char *haystack, const char *needle) { const char *point = strstr(haystack, needle); const char *tmp = point; while (tmp) { tmp = strstr(tmp+1, needle); if (tmp) point = (char*)tmp; } return point; } static const char *proxy_type(X509 *cert) { char *buffer = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); const char *point1 = findlast(buffer,"CN=proxy"); const char *point2 = findlast(buffer,"CN=limited proxy"); OPENSSL_free(buffer); /* * check whether "proxy" or "limited proxy" came last */ if (point1 > point2) return "proxy"; if (point2 > point1) return "limited proxy"; int nidv3 = OBJ_txt2nid(PROXYCERTINFO_OLD_OID); int nidv4 = OBJ_txt2nid(PROXYCERTINFO_OID); int indexv3 = X509_get_ext_by_NID(cert, nidv3, -1); int indexv4 = X509_get_ext_by_NID(cert, nidv4, -1); if (indexv4 != -1) return "RFC compliant proxy"; if (indexv3 != -1) return "GT3-style proxy"; return "unknown"; } /* * Function: * test_proxy() * */ static bool test_proxy() { char *ccaf; char *of; char *inof; bool res = false; BIO *bio_err; BIO *in = NULL; X509 *x = NULL; STACK_OF(X509) *chain = NULL; #ifdef WIN32 CRYPTO_malloc_init(); #endif ERR_load_prxyerr_strings(0); SSLeay_add_ssl_algorithms(); EVP_set_pw_prompt("Enter GRID pass phrase:"); if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); /* * These 5 const_cast are allowed because proxy_get_filenames will * overwrite the pointers, not the data itself. */ ccaf = NULL; inof = of = (file.empty() ? NULL : const_cast(file.c_str())); if (!determine_filenames(&ccaf, NULL, &of, NULL, NULL, 0)) { std::string output = OpenSSLError(debug); std::cerr << output; goto err; } if (of != inof) file = std::string(of); in = BIO_new(BIO_s_file()); if (in) { if (BIO_read_filename(in, of) > 0) { x = PEM_read_bio_X509(in, NULL, 0, NULL); if(!x) { std::cerr << "Couldn't find a valid proxy." << std::endl; goto err; } chain = load_chain_from_file(of); vomsdata d("",""); if (!dont_verify_ac) { d.SetVerificationType(static_cast(VERIFY_SIGN | VERIFY_KEY)); res = d.Retrieve(x, chain, RECURSE_CHAIN); // no VOMS extension is not an error if (d.error == VERR_NOEXT) { res = true; } if (!res) { std::cerr << "\nWARNING: " << d.ErrorMessage() << "\n\n"; } } if (dont_verify_ac || !res) { d.data.clear(); d.SetVerificationType(VERIFY_NONE); d.Retrieve(x, chain, RECURSE_CHAIN); if (dont_verify_ac || d.error == VERR_NOEXT) { res = true; } } res = print(x, chain, d) && res; } else { std::cerr << "\nCouldn't find a valid proxy.\n\n"; goto err; } } err: BIO_free(in); BIO_free(bio_err); X509_free(x); sk_X509_pop_free(chain, X509_free); if (of != inof) free(of); return res; } static STACK_OF(X509) *load_chain_from_file(char *certfile) { BIO *bio = NULL; STACK_OF(X509) *stack = NULL; bio = BIO_new_file(certfile, "r"); if (bio) { stack = load_chain(bio, certfile); BIO_free(bio); } else { printf("error opening the file, %s\n",certfile); } return stack; } static ASN1_TIME * convtime(std::string data) { ASN1_TIME *t= ASN1_TIME_new(); t->data = (unsigned char*)strdup(data.data()); t->length = data.size(); switch(t->length) { case 10: t->type = V_ASN1_UTCTIME; break; case 15: t->type = V_ASN1_GENERALIZEDTIME; break; default: ASN1_TIME_free(t); return NULL; } return t; } static bool print(X509 *cert, STACK_OF(X509) *chain, vomsdata &vd) { time_t now; time(&now); time_t leftcert = stillvalid(X509_get_notAfter(cert)) - now; leftcert = (leftcert < 0) ? 0 : leftcert; int totbits = numbits(cert); bool res = true; time_t leftac; if (dochain && chain) { int start = sk_X509_num(chain); X509 *cert = NULL; if (start >= 1) { std::cout << "=== Proxy Chain Information ===" << std::endl; for (start = sk_X509_num(chain)-1; start >= 1; start--) { int totbits = 0; time_t leftcert = 0; cert = sk_X509_value(chain, start); totbits = numbits(cert); leftcert = stillvalid(X509_get_notAfter(cert)) - now; leftcert = (leftcert < 0) ? 0 : leftcert; const char *type = proxy_type(cert); char *name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); std::cout << "subject : " << name << "\n"; OPENSSL_free(name); name = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); std::cout << "issuer : " << name << "\n"; OPENSSL_free(name); if (strcmp(type, "unknown") != 0) std::cout << "type : " << type << "\n"; if (all || keyusage) std::cout << "key usage : " << getKeyUsage(cert) << "\n"; std::cout << "strength : " << totbits << " bits" << "\n"; std::cout << "timeleft : " << leftcert/3600 << ":" << std::setw(2) << std::setfill('0') << (leftcert%3600)/60 << ":" << std::setw(2) << std::setfill('0') << (leftcert%3600)%60 << "\n\n"; } } std::cout << "=== Proxy Information ===\n"; } if (defaultinfo || all || text) { char * name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); std::cout << "subject : " << name << "\n"; OPENSSL_free(name); name = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); std::cout << "issuer : " << name << "\n"; std::cout << "identity : " << name << "\n"; OPENSSL_free(name); std::cout << "type : " << proxy_type(cert) << "\n"; std::cout << "strength : " << totbits << " bits" << "\n"; std::cout << "path : " << file << "\n"; std::cout << "timeleft : " << leftcert/3600 << ":" << std::setw(2) << std::setfill('0') << (leftcert%3600)/60 << ":" << std::setw(2) << std::setfill('0') << (leftcert%3600)%60 << "\n"; if (!vd.extra_data.empty()) std::cout << "included : " << vd.extra_data << "\n"; if (all || text || keyusage) std::cout << "key usage : " << getKeyUsage(cert) << "\n"; } if (all) { std::vector::const_iterator vend = vd.data.end(); for (std::vector::iterator v = vd.data.begin(); v != vend; ++v) { ASN1_TIME * after = convtime(v->date2); leftac = stillvalid(after) - now; leftac = (leftac<0) ? 0 : leftac; ASN1_TIME_free(after); std::cout << "=== VO " << v->voname << " extension information ===\n"; std::cout << "VO : " << v->voname << "\n"; std::cout << "subject : " << v->user << "\n"; char* server = normalize(v->server.c_str()); std::cout << "issuer : " << server << "\n"; free(server); std::vector::const_iterator send = v->fqan.end(); for (std::vector::const_iterator s = v->fqan.begin(); s != send; ++s) std::cout << "attribute : " << *s << "\n"; std::vector alist = v->GetAttributes(); std::vector::const_iterator aend = alist.end(); for (std::vector::const_iterator s = alist.begin(); s != aend; ++s) { std::vector::const_iterator tend = s->attributes.end(); for (std::vector::const_iterator t = s->attributes.begin(); t != tend; ++t) std::cout << "attribute : " << t->name + " = " + t->value + (t->qualifier.empty() ? "" : " (" + t->qualifier + ")") << std::endl; } std::cout << "timeleft : " << leftac/3600 << ":" << std::setw(2) << std::setfill('0') << (leftac%3600)/60 << ":" << std::setw(2) << std::setfill('0') << (leftac%3600)%60 << "\n"; std::vector targetlist = v->GetTargets(); if (!targetlist.empty()) { std::vector::const_iterator tend = targetlist.end(); for (std::vector::const_iterator targ = targetlist.begin(); targ != tend; ++targ) std::cout << "target : " << *targ << "\n"; } std::cout << "uri : " << v->uri << "\n"; } } if (subject) { char *name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); std::cout << name << "\n"; OPENSSL_free(name); } if (issuer) { char *name = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); std::cout << name << "\n"; OPENSSL_free(name); } if (identity) { char *name = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); std::cout << name << "\n"; OPENSSL_free(name); } if (type) std::cout << proxy_type(cert) << "\n"; if (strength) std::cout << totbits << "\n"; if(path) std::cout << file << "\n"; if(timeleft) std::cout << leftcert << "\n"; if (included) if (!vd.extra_data.empty()) std::cout << "included : " << vd.extra_data << "\n"; if(text) { X509 *tmp = X509_dup(cert); X509_print_fp(stdout, tmp); X509_free(tmp); if (dochain) { for (int start = sk_X509_num(chain)-1; start >= 1; start--) { X509 *tmp = sk_X509_value(chain, start); X509 *cert = X509_dup(tmp); X509_print_fp(stdout, cert); X509_free(cert); } } } if (vd.data.empty()) if (vo || acsubject || acissuer || actimeleft || fqan || serial || targets || printuri) res = false; std::vector::const_iterator vend = vd.data.end(); for (std::vector::iterator v = vd.data.begin(); v != vend; ++v) { if(vo) std::cout << v->voname << "\n"; if (acsubject) std::cout << v->user << "\n"; if (acissuer) std::cout << v->server << "\n"; if (printuri) std::cout << v->uri << "\n"; ASN1_TIME * after = convtime(v->date2); leftac = stillvalid(after) - now; leftac = (leftac<0) ? 0 : leftac; ASN1_TIME_free(after); if (actimeleft) std::cout << leftac << "\n"; if (fqan) { std::vector::const_iterator send = v->fqan.end(); for (std::vector::const_iterator s = v->fqan.begin(); s != send; ++s) std::cout << *s << "\n"; if (v->fqan.empty()) res = false; } if (serial) std::cout << v->serial << "\n"; if (targets) { std::vector targetlist = v->GetTargets(); if (!targetlist.empty()) { std::vector::const_iterator tend = targetlist.end(); for (std::vector::const_iterator targ = targetlist.begin(); targ != tend; ++targ) std::cout << "target : " << *targ << "\n"; } } } /* -exists */ if (exists) { if(leftcert==0) res = false; if(leftcert < (hours*3600 + minutes*60)) res = false; if(totbits < bits) res = false; } /* -acexists */ if(res) { std::vector::const_iterator acend = acexists.end(); for (std::vector::const_iterator i = acexists.begin(); i != acend; ++i) { bool found = false; if(res) { std::vector::const_iterator vend = vd.data.end(); for (std::vector::iterator v = vd.data.begin(); v != vd.data.end(); ++v) { if(v->voname == *i) { found = true; break; } } } if (!found) res = false; } } return res; } static time_t stillvalid(ASN1_TIME *ctm) { return ASN1_TIME_mktime(ctm); } static std::string getKeyUsage(X509 *cert) { STACK_OF(CONF_VALUE) *confs = NULL; ASN1_BIT_STRING *usage = NULL; std::string keyusage; #if OPENSSL_VERSION_NUMBER >= 0x10000000L const X509V3_EXT_METHOD *method = X509V3_EXT_get_nid(NID_key_usage); #else X509V3_EXT_METHOD *method = X509V3_EXT_get_nid(NID_key_usage); #endif if (method) { confs = NULL; usage = (ASN1_BIT_STRING*)X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL); confs = method->i2v(method, usage, confs); for (int i =0; i < sk_CONF_VALUE_num(confs); i ++) { CONF_VALUE *conf = (CONF_VALUE*)sk_CONF_VALUE_value(confs, i); keyusage += std::string(conf->name); if (i != (sk_CONF_VALUE_num(confs) -1)) keyusage += ", "; } ASN1_BIT_STRING_free(usage); sk_CONF_VALUE_pop_free(confs, X509V3_conf_free); } return keyusage; } voms-2.1.2/src/utils/voms_verify.cc000066400000000000000000000113461477131364200173230ustar00rootroot00000000000000#include "sslutils.h" #include #include #include "ssl_compat.h" #include #include int load_user_proxy(STACK_OF(X509) *cert_chain, const char *file) { int ret = -1; BIO * in = NULL; int count=0; X509 * x = NULL; if (file == NULL) return(1); in = BIO_new(BIO_s_file()); if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) { X509err(PRXYERR_F_PROXY_LOAD, PRXYERR_R_PROCESS_PROXY); goto err; } for (;;) { x = PEM_read_bio_X509(in,NULL, OPENSSL_PEM_CB(NULL,NULL)); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) && (count > 0)) { ERR_clear_error(); break; } else { X509err(PRXYERR_F_PROXY_LOAD, PRXYERR_R_PROCESS_PROXY); goto err; } } (void)sk_X509_insert(cert_chain,x,sk_X509_num(cert_chain)); count++; } ret = count; err: if (x != NULL) { X509_free(x); } if (in != NULL) { BIO_free(in); } return(ret); } int verify_cert(X509_STORE_CTX *ctx) { return X509_verify_cert(ctx); } proxy_verify_desc *setup_initializers(const char *cadir) { proxy_verify_ctx_desc *pvxd = NULL; proxy_verify_desc *pvd = NULL; pvd = (proxy_verify_desc*) malloc(sizeof(proxy_verify_desc)); pvxd = (proxy_verify_ctx_desc *) malloc(sizeof(proxy_verify_ctx_desc)); if (!pvd || !pvxd) { free(pvd); free(pvxd); return NULL; } proxy_verify_ctx_init(pvxd); proxy_verify_init(pvd, pvxd); pvd->pvxd->certdir = (char*) cadir; return pvd; } void destroy_initializers(void *data) { proxy_verify_desc *pvd = (proxy_verify_desc *)data; if (pvd) { if (pvd->pvxd) proxy_verify_ctx_release(pvd->pvxd); free(pvd->pvxd); pvd->pvxd = NULL; proxy_verify_release(pvd); /* X509_STORE_CTX_free segfaults if passed a NULL store_ctx */ if (pvd->cert_store) X509_STORE_CTX_free(pvd->cert_store); pvd->cert_store = NULL; free(pvd); } } void handle_error(const char* file, int lineno, const char* msg) { fprintf(stderr, "%s:%i %s\n", file, lineno, msg); ERR_print_errors_fp(stderr); exit(-1); } void validation_error(){ ERR_print_errors_fp(stderr); exit(1); } #define internal_error(msg) handle_error(__FILE__, __LINE__, msg) void init_openssl(){ OpenSSL_add_ssl_algorithms(); ERR_load_proxy_error_strings(); ERR_load_crypto_strings(); } int main(int argc, char* argv[]){ using namespace std; const char* cert_file = NULL; const char* ca_dir = NULL; FILE *cert_fp = NULL; STACK_OF(X509) *cert_chain = sk_X509_new_null(); X509* cert = NULL; X509_STORE *store = NULL; X509_STORE_CTX *ctx = NULL; X509_LOOKUP *lookup = NULL; proxy_verify_desc *pvd = NULL; if (argc != 1){ internal_error("This program does not accept command line arguments"); } init_openssl(); if (!(cert_file = getenv("X509_USER_CERT"))){ internal_error("Please define the X509_USER_CERT env variable pointing to the file containing the cert chain to be verified"); } if (!(ca_dir = getenv("X509_CERT_DIR"))){ internal_error("Please define the X509_CERT_DIR env variable pointing to the CA certificates directory"); } if (!(cert_fp = fopen(cert_file, "r"))){ internal_error("Error opening client certificate file"); } if (load_user_proxy(cert_chain, cert_file) < 1){ internal_error("Error loading proxy chain"); } cert = sk_X509_delete(cert_chain,0); if (!(store = X509_STORE_new())){ internal_error("Error creating X.509 store"); } X509_STORE_set_verify_cb(store, proxy_verify_callback); if (!(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()))){ internal_error("Error creating store CA dir lookup"); } if (!X509_LOOKUP_add_dir(lookup, ca_dir, X509_FILETYPE_PEM)){ internal_error("Error setting ca dir lookup for X509 store"); } if (!(pvd = setup_initializers(ca_dir))){ internal_error("Error setting up proxy verification data"); } if (!(ctx = X509_STORE_CTX_new())) { internal_error("Error creating X509_STORE_CTX object"); } X509_STORE_set_check_issued(store, proxy_check_issued); if (X509_STORE_CTX_init(ctx, store, cert, cert_chain) != 1) { internal_error("Error initializing verification context"); } if (!X509_STORE_CTX_set_ex_data(ctx, PVD_STORE_EX_DATA_IDX, pvd)) { internal_error("Error setting pvd in verification context"); } X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); if (verify_cert(ctx) != 1){ validation_error(); exit(-1); } printf("Certificate chain verified successfully\n"); return 0; } voms-2.1.2/src/utils/vomsfake.cc000066400000000000000000001144141477131364200165660ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include "replace.h" #include "options.h" #include "data.h" #include #include #include #include #include extern "C" { #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "listfunc.h" #include "credentials.h" #include "fakeparsertypes.h" #define YYTOKENTYPE #include "vomsparser.h" #include "vomsproxy.h" VOLIST *volist = NULL; extern int yyparse(); extern FILE *yyin; } #include #include "vomsfake.h" #include "ccwrite.h" extern "C" { #include "proxycertinfo.h" extern int writeac(const X509 *issuerc, const STACK_OF(X509) *certstack, const X509 *holder, const EVP_PKEY *pkey, BIGNUM *s, char **c, const char *t, char **attributes, AC **ac, const char *voname, const char *uri, int valid, int old, int startpast, STACK_OF(X509_EXTENSION) *extensions); } static int time_to_sec(std::string timestring); static long mystrtol(char *number, long int limit); static std::string hextostring(const std::string &data); static int parse_ga_value(char *ga, char **id, char **value, const char **qual); extern int AC_Init(); #include "init.h" const std::string SUBPACKAGE = "voms-proxy-fake"; /* FIXME: should take locations from /etc/sysconfig/voms */ const std::string location = (getenv("VOMS_LOCATION") ? getenv("VOMS_LOCATION") : ""); const std::string conf_file_name = (location + "/etc/vomses"); const std::string USERCONFILENAME = std::string(".voms") + std::string("/vomses"); /* global variable for output control */ bool debug = false; bool quiet = false; extern "C" { static pem_password_cb *pw_cb = NULL; static int pwstdin_callback(char * buf, int num, UNUSED(int w), UNUSED(void *u)) { int i; if (!(fgets(buf, num, stdin))) { std::cerr << "Failed to read pass-phrase from stdin" << std::endl; return -1; } i = strlen(buf); if (buf[i-1] == '\n') { buf[i-1] = '\0'; i--; } return i; } static void kpcallback(int p, int UNUSED(n), UNUSED(void* v)) { char c='B'; if (quiet) return; if (p == 0) c='.'; if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; if (!debug) c = '.'; fputc(c,stderr); } extern int proxy_verify_cert_chain(X509 * ucert, STACK_OF(X509) * cert_chain, proxy_verify_desc * pvd); extern void proxy_verify_ctx_init(proxy_verify_ctx_desc * pvxd); } std::vector targets; int main(int argc, char** argv) { struct rlimit newlimit = {0,0}; if (setrlimit(RLIMIT_CORE, &newlimit) != 0) exit(1); if (AC_Init()) { InitProxyCertInfoExtension(1); Fake v(argc, argv); v.Run(); return 0; } return 1; } extern int yydebug; Fake::Fake(int argc, char ** argv) : confile(conf_file_name), cacertfile(NULL), certdir(NULL), certfile(NULL), keyfile(NULL), outfile(NULL), separate(""), uri(""),bits(-1), hours(12), limit_proxy(false), vomslife(-1), proxyver(0), pathlength(1), verify(false), noregen(false), version(0), #ifdef CLASS_ADD class_add_buf(NULL), class_add_buf_len(0), #endif ucert(NULL), upkey(NULL), cert_chain(NULL), aclist(NULL), voID(""), hostcert(""), hostkey(""), newformat(false), newsubject(""), newissuer(""), rfc(false), pastac("0"), pastproxy("0"), keyusage(""), netscape(""), exkusage(""), newserial(""), selfsigned(false) { bool progversion = false; std::string crtdir; std::string crtfile; std::string kfile; std::string ofile; bool pwstdin = false; yydebug = 0; if (strrchr(argv[0],'/')) program = strrchr(argv[0],'/') + 1; else program = argv[0]; /* usage message */ static std::string LONG_USAGE = \ "\n" \ " Options\n" \ " -help, -usage Displays usage\n" \ " -version Displays version\n" \ " -debug Enables extra debug output\n" \ " -quiet, -q Quiet mode, minimal output\n" \ " -verify Verifies certificate to make proxy for\n" \ " -pwstdin Allows passphrase from stdin\n" \ " -limited Creates a limited proxy\n" \ " -hours H Proxy is valid for H hours (default:12)\n" \ " -bits Number of bits in key {512|1024|2048|4096} (default:2048)\n" \ " -cert Non-standard location of user certificate\n" \ " -key Non-standard location of user key\n" \ " -certdir Non-standard location of trusted cert dir\n" \ " -out Non-standard location of new proxy cert\n" \ " -voms Specify voms server. :command is optional.\n" \ " -uri Specifies the : of the fake server.\n" \ " -target Targets the AC against a specific hostname.\n" \ " -vomslife Try to get a VOMS pseudocert valid for H hours.\n" \ " -voinfo Gets AC information from \n" \ " -include Include the contents of the specified file.\n" \ " -conf Read options from .\n" \ " -policy File containing policy to store in the ProxyCertInfo extension.\n" \ " -pl, -policy-language OID string for the policy language.\n" \ " -path-length Allow a chain of at most l proxies to be generated from this ones.\n" \ " -globus Globus version.\n" \ " -proxyver Version of proxy certificate.\n" \ " -rfc Create RFC-conforming proxies (synonim of --proxyver 4)\n" " -noregen Doesn't regenerate a new proxy for the connection.\n" \ " -separate Saves the information returned by the server on file .\n" \ " -hostcert Fake host certificate.\n" \ " -hostkey Fake host private key.\n" \ " -fqan String to include in the AC as the granted FQAN.\n" \ " -newformat Creates ACs according to the new format.\n" \ " -newsubject Subject of the new certificate.\n" \ " -newissuer Issuer of the new certificate.\n"\ " -pastac \n" " -pastac Start the validity of the AC in the past,\n"\ " -pastproxy \n" " -pastproxy Start the validity of the proxy in the past,\n"\ " -keyusage >> Specifies the bits to put in the keyusage field.\n"\ " Allowed values: digitalSignature,nonRepudiation,\n"\ " keyEncipherment,dataEncipherment,keyAgreement,\n"\ " keyCertSign,cRLSign,encipherOnly,decipherOnly.\n"\ " -nscert >> Specifies the bits to put in the Netscape Certificate\n"\ " extension. Allowed values: client,server,email,\n"\ " objsign,sslCA,emailCA,ojbCA.\n" " -extkeyusage >> Specifies the bits to put in the extended key usage\n"\ " field. Allowed values: serverAuth,clientAuth,\n"\ " codeSigning,emailProtection,timeStamping,msCodeInd,\n"\ " msCodeCom,msCTLSign,msSGC,msEFS,nsSGC,deltaCRL\n"\ " CRLReason,invalidityDate,SXNetID,OCSPSigning.\n"\ " -newserial Specifies the serial number of the generated proxy\n"\ " in hex notation. Any length is possible.\n"\ " Default: let voms-proxy-fake choose.\n"\ " -extension > Add Extension with the specified OID and with the specified value\n"\ " -acextension > Add Extension to the AC with the specified OID and with the specified value\n"\ " -selfsigned Create a self-signed certificate.\n"\ " -ga = [(context)] Set a GA with name 'id', value 'value' and optional context.\n"\ "\n"; set_usage(LONG_USAGE); /* parse command-line option */ std::string voinfo; struct option opts[] = { {"help", 0, NULL, OPT_HELP}, {"usage", 0, NULL, OPT_HELP}, {"version", 0, (int *)&progversion, OPT_BOOL}, {"cert", 1, (int *)&crtfile, OPT_STRING}, {"certdir", 1, (int *)&crtdir, OPT_STRING}, {"out", 1, (int *)&ofile, OPT_STRING}, {"key", 1, (int *)&kfile, OPT_STRING}, {"include", 1, (int *)&incfile, OPT_STRING}, {"hours", 1, &hours, OPT_NUM}, {"vomslife", 1, &vomslife, OPT_NUM}, {"bits", 1, &bits, OPT_NUM}, {"debug", 0, (int *)&debug, OPT_BOOL}, {"limited", 0, (int *)&limit_proxy, OPT_BOOL}, {"verify", 0, (int *)&verify, OPT_BOOL}, {"q", 0, (int *)&quiet, OPT_BOOL}, {"quiet", 0, (int *)&quiet, OPT_BOOL}, {"pwstdin", 0, (int *)&pwstdin, OPT_BOOL}, {"conf", 1, NULL, OPT_CONFIG}, {"voms", 1, (int *)&voms, OPT_STRING}, {"target", 1, (int *)&targets, OPT_MULTI}, {"globus", 1, &version, OPT_NUM}, {"proxyver", 1, &proxyver, OPT_NUM}, {"rfc", 0, (int *)&rfc, OPT_BOOL}, {"policy", 1, (int *)&policyfile, OPT_STRING}, {"policy-language", 1, (int *)&policylang, OPT_STRING}, {"pl", 1, (int *)&policylang, OPT_STRING}, {"path-length", 1, &pathlength, OPT_NUM}, {"separate", 1, (int *)&separate, OPT_STRING}, {"uri", 1, (int *)&uri, OPT_STRING}, {"hostcert", 1, (int *)&hostcert, OPT_STRING}, {"hostkey", 1, (int *)&hostkey, OPT_STRING}, {"fqan", 1, (int *)&fqans, OPT_MULTI}, {"newformat", 1, (int *)&newformat, OPT_BOOL}, {"newsubject", 1, (int *)&newsubject, OPT_STRING}, {"newissuer", 1, (int *)&newissuer, OPT_STRING}, {"voinfo", 1, (int *)&voinfo, OPT_STRING}, {"pastac", 1, (int *)&pastac, OPT_STRING}, {"pastproxy", 1, (int *)&pastproxy, OPT_STRING}, {"keyusage", 1, (int *)&keyusage, OPT_STRING}, {"nscert", 1, (int *)&netscape, OPT_STRING}, {"extkeyusage", 1, (int *)&exkusage, OPT_STRING}, {"newserial", 1, (int *)&newserial, OPT_STRING}, {"extension", 1, (int *)&extensions, OPT_MULTI}, {"acextension", 1, (int *)&acextensions,OPT_MULTI}, {"selfsigned", 0, (int *)&selfsigned, OPT_BOOL}, {"ga", 1, (int *)&galist, OPT_MULTI}, #ifdef CLASS_ADD {"classadd", 1, (int *)class_add_buf,OPT_STRING}, #endif {0, 0, 0, 0} }; if (!getopts(argc, argv, opts)) exit(1); if(debug) { quiet = false; yydebug = 1; } if (!voinfo.empty()) { FILE *file = fopen(voinfo.c_str(), "rb"); if (file) { yyin = file; if (yyparse()) { Print(ERROR) << "Error: Cannot parse voinfo file: " << voinfo << std::endl; exit(1); } } else { Print(ERROR) << "Error opening voinfo file: " << voinfo << std::endl; exit(1); } } /* show version and exit */ if (progversion) { Print(FORCED) << SUBPACKAGE << "\nVersion: " << VERSION << std::endl; Print(FORCED) << "Compiled: " << __DATE__ << " " << __TIME__ << std::endl; exit(0); } /* get vo */ char *vo = getenv("VO"); if (vo != NULL && strcmp(vo, "") != 0) voID = vo; /* certficate duration option */ if (vomslife == -1) vomslife = hours; VO *voelem = NULL; /* collect local vo information */ if (!voms.empty()) { if (!volist) { volist = (VOLIST *)calloc(1, sizeof(VOLIST)); volist->vos = NULL; } voelem = (VO*)calloc(1, sizeof(VO)); volist->vos = (VO**)listadd((char**)volist->vos, (char*)voelem); voelem->hostcert = (char*)hostcert.c_str(); voelem->hostkey = (char*)hostkey.c_str(); voelem->uri = (char*)uri.c_str(); voelem->voname = strdup(voms.c_str()); voelem->vomslife = vomslife; voelem->pastac = strdup(pastac.c_str()); voelem->fqans = (char **)malloc(sizeof(char*)*(fqans.size()+1)); for (unsigned int i = 0; i < fqans.size(); i++) voelem->fqans[i] = (char*)strdup((fqans[i].c_str())); voelem->fqans[fqans.size()] = NULL; voelem->gas = (char **)malloc(sizeof(char*)*(galist.size()+1)); int down = 0; for (unsigned int i = 0; i < galist.size(); i++) { char *temp = strdup(galist[i].c_str()); char *id, *value; const char *qual; if (parse_ga_value(temp, &id, &value, &qual)) { std::string realga = std::string(qual) + "::" + id + "=" + value; voelem->gas[i] = (char*)strdup((realga.c_str())); } else { Print(ERROR) << "ga: " << galist[i] << "Does not respect 'id = value [{qual}]' syntax!\n"; down++; } free(temp); } voelem->gas[galist.size()-down] = NULL; std::string targ; for (unsigned int i = 0; i < targets.size(); i++) targ += targets[i]; voelem->targets = targ.empty() ? NULL : (char*)(targ.c_str()); if (!acextensions.empty()) { voelem->extensions = (char**)malloc(sizeof(char*)*(acextensions.size()+1)); for (unsigned int i = 0; i < acextensions.size(); i++) voelem->extensions[i] = strdup(acextensions[i].c_str()); voelem->extsize = acextensions.size(); voelem->extensions[voelem->extsize] = NULL; } } /* A failure here exits the program entirely */ VerifyOptions(); /* allow password from stdin */ if(pwstdin) pw_cb = pwstdin_callback; /* with --debug prints configuration files used */ Print(DEBUG) << "Using configuration directory " << confile << std::endl; /* file used */ cacertfile = NULL; certdir = (crtdir.empty() ? NULL : strdup(const_cast(crtdir.c_str()))); outfile = (ofile.empty() ? NULL : strdup(const_cast(ofile.c_str()))); certfile = (crtfile.empty() ? NULL : strdup(const_cast(crtfile.c_str()))); keyfile = (kfile.empty() ? NULL : strdup(const_cast(kfile.c_str()))); /* prepare proxy_cred_desc */ if(!pcdInit()) { CleanAll(); exit(3); } } void Fake::CleanAll() { free(cacertfile); free(certdir); free(outfile); free(certfile); free(keyfile); X509_free(ucert); EVP_PKEY_free(upkey); sk_X509_pop_free(cert_chain, X509_free); cacertfile = certdir = outfile = certfile = keyfile = NULL; ucert = NULL; upkey = NULL; cert_chain = NULL; } Fake::~Fake() { CleanAll(); } bool Fake::Run() { /* set output file and environment */ char * oldenv = getenv("X509_USER_PROXY"); if(!noregen) { std::stringstream tmpproxyname; tmpproxyname << "/tmp/tmp_x509up_u" << getuid() << "_" << getpid(); proxyfile = tmpproxyname.str(); setenv("X509_USER_PROXY", proxyfile.c_str(), 1); } /* contacts servers for each vo */ if (volist) if (!MakeACs(volist)) exit(1); /* set output file and environment */ proxyfile = outfile; setenv("X509_USER_PROXY", proxyfile.c_str(), 1); /* with separate write info to file and exit */ if (!separate.empty() && aclist) { if(!WriteSeparate()) Print(WARN) << "Wasn't able to write to " << separate << std::endl; exit(0); } /* create a proxy containing the data retrieved from VOMS servers */ Print(INFO) << "Creating proxy " << std::flush; Print(DEBUG) << "to " << proxyfile << " " << std::flush; if(CreateProxy("", aclist, proxyver)) { listfree((char **)aclist, (freefn)AC_free); goto err; } else free(aclist); /* unset environment */ if (!oldenv) unsetenv("X509_USER_PROXY"); else { setenv("X509_USER_PROXY", oldenv, 1); } /* assure user certificate is not expired or going to, else ad but still create proxy */ Test(); return true; err: Error(); return false; } static int parse_ga_value(char *ga, char **id, char **value, const char **qual) { static const char *empty=""; char *eqpoint = strchr(ga, '='); char *qualpoint = strchr(ga, '('); char *qualend = strchr(ga, ')'); if (!eqpoint) return 0; *id = ga; *eqpoint='\0'; *value = ++eqpoint; --eqpoint; while (isspace(*(--eqpoint))) *eqpoint='\0'; eqpoint = *value; while (isspace(*eqpoint)) eqpoint++; *value =eqpoint; if (!qualpoint) *qual = empty; else { if (qualpoint && !qualend) return 0; *qualpoint='\0'; *qual = ++qualpoint; *qualend='\0'; while (isspace(*(--qualpoint))) *qualpoint='\0'; } return 1; } bool Fake::CreateProxy(std::string data, AC ** aclist, int version) { struct VOMSProxyArguments *args = VOMS_MakeProxyArguments(); int ret = -1; if (args) { args->proxyfilename = strdup(proxyfile.c_str()); if (!incfile.empty()) args->filename = strdup(incfile.c_str()); args->aclist = aclist; args->proxyversion = version; if (!data.empty()) { args->data = (char*)data.data(); args->datalen = data.length(); } if (!newsubject.empty()) { args->newsubject = strdup(newsubject.c_str()); args->newsubjectlen = strlen(args->newsubject); } if (!newissuer.empty()) { args->newissuer = strdup(newissuer.c_str()); } args->cert = ucert; args->chain = cert_chain; args->key = upkey; args->bits = bits; if (!policyfile.empty()) args->policyfile = strdup(policyfile.c_str()); if (!policylang.empty()) args->policylang = strdup(policylang.c_str()); args->pathlength = pathlength; args->hours = hours; args->minutes = 0; args->limited = limit_proxy; args->voID = strdup(voID.c_str()); args->callback = kpcallback; args->pastproxy = time_to_sec(pastproxy); if (!keyusage.empty()) args->keyusage = strdup(keyusage.c_str()); if (!netscape.empty()) args->netscape = strdup(netscape.c_str()); if (!exkusage.empty()) args->exkusage = strdup(exkusage.c_str()); if (args->pastproxy == -1) { Print(ERROR) << "Minutes and seconds should be < 59 and >= 0" << std::endl; exit(1); } if (!newserial.empty()) args->newserial = strdup(newserial.c_str()); args->selfsigned = (selfsigned ? 1 : 0); /* Read through extensions */ std::vector::const_iterator end = extensions.end(); for (std::vector::const_iterator i = extensions.begin(); i != end; ++i) { args->extensions = create_and_add_extension(*i, args->extensions); } int warn = 0; void *additional = NULL; struct VOMSProxy *proxy = VOMS_MakeProxy(args, &warn, &additional); PrintProxyCreationError(warn, additional); free(args->voID); free(args->proxyfilename); free(args->filename); free(args->newsubject); free(args->newissuer); free(args->newserial); free(args->policyfile); free(args->policylang); free(args->keyusage); free(args->netscape); free(args->exkusage); sk_X509_EXTENSION_pop_free(args->extensions, X509_EXTENSION_free); VOMS_FreeProxyArguments(args); if (proxy) { ret = VOMS_WriteProxy(proxyfile.c_str(), proxy); VOMS_FreeProxy(proxy); } else { Print(ERROR) << std::endl << "Unable to create proxy!" << std::endl; exit (1); ret = -1; } if (ret == -1) { Print(ERROR) << std::endl << "Unable to write proxy to file " << proxyfile << "! " << std::endl << " " << strerror(errno) << std::endl; exit(1); } Print(INFO) << " Done" << std::endl << std::flush; } return ret == -1; } bool Fake::WriteSeparate() { if (aclist) { BIO * out = BIO_new(BIO_s_file()); BIO_write_filename(out, (char *)separate.c_str()); while(*aclist) #ifdef TYPEDEF_I2D_OF if (!PEM_ASN1_write_bio(((i2d_of_void*)i2d_AC), "ATTRIBUTE CERTIFICATE", out, (char *)*(aclist++), NULL, NULL, 0, NULL, NULL)) #else if (!PEM_ASN1_write_bio(((int (*)())i2d_AC), "ATTRIBUTE CERTIFICATE", out, (char *)*(aclist++), NULL, NULL, 0, NULL, NULL)) #endif { Print(ERROR) << "Unable to write to file" << std::endl; return false; } BIO_free(out); Print(INFO) << "Wrote ACs to " << separate << std::endl; } return true; } void Fake::Test() { if (!selfsigned) { ASN1_UTCTIME * asn1_time = ASN1_UTCTIME_new(); X509_gmtime_adj(asn1_time, 0); time_t time_now = ASN1_UTCTIME_mktime(asn1_time); ASN1_UTCTIME_free(asn1_time); time_t time_after = ASN1_UTCTIME_mktime(X509_get_notAfter(ucert)); time_t time_diff = time_after - time_now ; if (time_diff < 0) Print(INFO) << std::endl << "Error: your certificate expired " << asctime(localtime(&time_after)) << std::endl << std::flush; else if (hours && time_diff < hours*60*60) Print(INFO) << "Warning: your certificate and proxy will expire " << asctime(localtime(&time_after)) << "which is within the requested lifetime of the proxy" << std::endl << std::flush; time_t time_after_proxy; if (hours) time_after_proxy = time_now + hours*60*60; else time_after_proxy = time_after; Print(INFO) << "Your proxy is valid until " << asctime(localtime(&time_after_proxy)) << std::endl << std::flush; } } bool Fake::MakeACs(VOLIST *volist) { AC **actmplist = NULL; AC *ac = NULL; int res = 0; BIO *hcrt = BIO_new(BIO_s_file()), *hckey = BIO_new(BIO_s_file()), *owncert = BIO_new(BIO_s_file()); X509 *hcert = NULL, *holder = NULL; EVP_PKEY *hkey = NULL; for (int i = 0; volist->vos[i]; i++) { VO *vo = volist->vos[i]; // generic attributes char ** attributes = vo->gas; if (hcrt && hckey && owncert) { int hcertres = BIO_read_filename(hcrt, vo->hostcert); int holderres = BIO_read_filename(hckey, vo->hostkey); int hkeyres = BIO_read_filename(owncert, certfile); if ((hcertres > 0) && (holderres > 0) && (hkeyres > 0)) { hcert = PEM_read_bio_X509(hcrt, NULL, 0, NULL); holder = PEM_read_bio_X509(owncert, NULL, 0, NULL); hkey = PEM_read_bio_PrivateKey(hckey, NULL, 0, NULL); if (hcert && hkey) { ac = AC_new(); // const char *uri = vo->uri ? vo->uri : ""; // The following two lines allow the creation of an AC // without any FQAN. char *vector[1] = {NULL }; char **fqanlist = vo->fqans ? vo->fqans : vector; int seconds = vo->pastac ? time_to_sec(vo->pastac) : 0; if (seconds == -1) { Print(ERROR) << "Minutes and seconds for VO: " << vo->voname << " should be < 59 and >= 0" << std::endl; exit(1); } /* Now do extensions */ STACK_OF(X509_EXTENSION) *exts = NULL; for (int i = 0; i < vo->extsize; i++) exts = create_and_add_extension(std::string(vo->extensions[i]), exts); if (ac) res = writeac(hcert, NULL, holder, hkey, (BIGNUM *)(BN_value_one()), fqanlist, vo->targets, attributes, &ac, vo->voname, vo->uri, vo->vomslife * 3600, !newformat, seconds, exts); if (vo->fqans) listfree(vo->fqans, (freefn)free); if (attributes) listfree(attributes, (freefn)free); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); free(vo->voname); free(vo->pastac); } } else { if (hcertres <= 0) { if (vo->hostcert == NULL) Print(ERROR) << "Host credential file unspecified!" << std::endl; else Print(ERROR) << "Could not open host credential file: " << vo->hostcert << std::endl; } if (holderres <= 0) { if (vo->hostkey == NULL) Print(ERROR) << "Host key file unspecified!" << std::endl; else Print(ERROR) << "Could not open host key file: " << vo->hostkey << std::endl; } if (hkeyres <= 0) { if (certfile == NULL) Print(ERROR) << "Holder key file unspecified!" << std::endl; else Print(ERROR) << "Could not open holder key file: " << certfile << std::endl; } return false; } } if (!res) actmplist = (AC **)listadd((char **)aclist, (char *)ac); if (actmplist) aclist = actmplist; X509_free(hcert); X509_free(holder); EVP_PKEY_free(hkey); BIO_free(hcrt); BIO_free(hckey); BIO_free(owncert); hcrt = BIO_new(BIO_s_file()); hckey = BIO_new(BIO_s_file()); owncert = BIO_new(BIO_s_file()); } BIO_free(hcrt); BIO_free(hckey); BIO_free(owncert); if (!actmplist) { AC_free(ac); listfree((char **)aclist, (freefn)AC_free); Error(); return false; } return true; } bool Fake::pcdInit() { int status = false; ERR_load_prxyerr_strings(0); SSLeay_add_ssl_algorithms(); PKCS12_PBE_add(); BIO * bio_err = NULL; if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE); if (!determine_filenames(&cacertfile, &certdir, &outfile, &certfile, &keyfile, noregen)) goto err; Print(DEBUG) << "Files being used:" << std::endl << " CA certificate file: " << (cacertfile ? cacertfile : "none") << std::endl << " Trusted certificates directory : " << (this->certdir ? this->certdir : "none") << std::endl << " Proxy certificate file : " << (this->outfile ? this->outfile : "none") << std::endl << " User certificate file: " << (this->certfile ? this->certfile : "none") << std::endl << " User key file: " << (this->keyfile ? this->keyfile : "none") << std::endl << std::flush; Print(DEBUG) << "Output to " << outfile << std::endl << std::flush; /* No need to load certificates if we are creating a self-signed cert. */ if (!selfsigned) { if (!load_credentials(certfile, keyfile, &ucert, &cert_chain, &upkey, pw_cb)) goto err; } status = true; err: BIO_free(bio_err); Error(); if (!status) CleanAll(); return status; } void Fake::Error() { std::string output = OpenSSLError(debug); if (debug) Print(DEBUG) << output; else Print(ERROR) << output; } void Fake::exitError(const char *string) { Print(ERROR) << string << std::endl; exit(1); } bool Fake::VerifyOptions() { if (debug) { quiet = false; yydebug = 1; } if (!voms.empty()) { if (hostcert.empty()) exitError("Error: You must specify an host certificate!"); if (hostcert.empty() || hostkey.empty()) exitError("Error: You must specify an host key!"); } if (!selfsigned) { /* proxyversion is only significant if this is not a selfsigned certificate */ if (rfc && proxyver != 0) exitError("Used both -rfc and --proxyver!\nChoose one or the other."); if (rfc) proxyver = 4; /* set proxy version */ if (proxyver!=2 && proxyver!=3 && proxyver!=4 && proxyver!=0) exitError("Error: proxyver must be 2 or 3 or 4"); else if (proxyver==0) { Print(DEBUG) << "Unspecified proxy version, settling on version 4 (RFC)" << std::endl; proxyver = 4; } /* PCI extension option */ if (proxyver>3) { if (!policylang.empty()) if (policyfile.empty()) exitError("Error: if you specify a policy language you also need to specify a policy file"); } if (proxyver>3) { Print(DEBUG) << "PCI extension info: " << std::endl << " Path length: " << pathlength << std::endl; if (policylang.empty()) Print(DEBUG) << " Policy language not specified." << std::endl; else Print(DEBUG) << " Policy language: " << policylang << std::endl; if (policyfile.empty()) Print(DEBUG) << " Policy file not specified." << std::endl; else Print(DEBUG) << " Policy file: " << policyfile << std::endl; } } else { /* selfsigned is specified */ if (proxyver != 0 || noregen || rfc || !policyfile.empty() || !policylang.empty()) exitError("Error: --proxyver, --rfc, --policyfile, --policylang, --noregen are only significant when --selfsigned is not specified."); if (newsubject.empty() && newissuer.empty()) exitError("Error: At least one of --newsubject and --newissuer must be specified for --selfsigned."); if (newsubject.empty()) newsubject = newissuer; if (newissuer.empty()) newissuer = newsubject; if (newissuer != newsubject) exitError("Error: --newsubject and --newissuer should be the same for self-signed certificates."); } /* controls that number of bits for the key is appropiate */ if (bits == -1) bits = 2048; if ((bits!=512) && (bits!=1024) && (bits!=2048) && (bits!=4096) && (bits != 0)) exitError("Error: number of bits in key must be one of 512, 1024, 2048, 4096."); else Print(DEBUG) << "Number of bits in key :" << bits << std::endl; /* certificate duration option */ if (hours < 0) exitError("Error: duration must be positive."); if (volist) { for (int i = 0; i < volist->current; i++) { VO *vo = volist->vos[i]; if (!vo->voname) exitError("Error: You must give a name to a VO!"); if (vo->hostcert == NULL) exitError("Error: You must specify an host certificate!"); if (vo->hostkey == NULL) exitError("Error: You must specify an host key!"); if (vo->vomslife < 0) exitError("Error: Duration of AC must be positive."); } } /* newserial option */ if (!newserial.empty()) for (unsigned int i = 0; i < newserial.length(); i++) if (!isxdigit(newserial[i])) exitError("Error: Serial number should be an hexadecimal string."); return true; } struct nullstream: std::ostream { struct nullbuf: std::streambuf { int overflow(int c) { return traits_type::not_eof(c); } } m_sbuf; nullstream(): std::ios(&m_sbuf), std::ostream(&m_sbuf) {} }; nullstream voidstream; std::ostream& Fake::Print(message_type type) { if (type == FORCED) return std::cout; if (type == ERROR) return std::cerr; if (quiet) return voidstream; if (type == WARN) return std::cerr; if (type == DEBUG && !debug) return voidstream; return std::cout; } static int time_to_sec(std::string timestring) { int seconds = 0; int hours = 0; int minutes = 0; std::string::size_type pos = timestring.find(':'); if (pos == std::string::npos) { /* Seconds format */ seconds = mystrtol((char*)timestring.c_str(), LONG_MAX); } else { /* hours:minutes(:seconds) format */ hours = mystrtol((char*)timestring.substr(0, pos).c_str(), LONG_MAX); std::string::size_type pos2 = timestring.substr(pos+1).find(':'); if (pos2 == std::string::npos) { minutes = mystrtol((char*)timestring.substr(pos+1).c_str(), 59); } else { minutes = mystrtol((char*)timestring.substr(pos+1, pos2).c_str(), 59); seconds = mystrtol((char*)timestring.substr(pos2+1).c_str(), 59); } } if (seconds == -1 || minutes == -1 || hours == -1) return -1; return seconds + minutes * 60 + hours * 3600; } static long mystrtol(char *number, long int limit) { char *end = NULL; errno = 0; long value = strtol(number, &end, 10); /* Was there extraneous data at the end ? */ if ((size_t)(end - number) != strlen(number)) return -1; /* Conversion errors of some kind */ if (errno != 0 || value < 0) return -1; /* Value greater than maximum */ if (value > limit) return -1; return value; } STACK_OF(X509_EXTENSION) *Fake::create_and_add_extension(const std::string &string, STACK_OF(X509_EXTENSION) *exts) { bool alloced = false; X509_EXTENSION *ext = NULL; if (!exts) { exts= sk_X509_EXTENSION_new_null(); if (!exts) { Print(ERROR) << "Memory problems." << std::endl; goto err; } alloced = true; } ext = create_extension(string); if (ext) { if (!sk_X509_EXTENSION_push(exts, ext)) { Print(ERROR) << "Memory problems." << std::endl; goto err; } } else { Print(ERROR) << std::endl << "Cannot create extension: " << string << std::endl; goto err; } return exts; err: if (alloced) sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); X509_EXTENSION_free(ext); exit(1); } static std::string::size_type get_minimum(std::string::size_type s1, std::string::size_type s2, std::string::size_type s3) { std::string::size_type minimum = std::string::npos; if (s1 < minimum) minimum = s1; if (s2 < minimum) minimum = s2; if (s3 < minimum) minimum = s3; return minimum; } X509_EXTENSION *Fake::create_extension(const std::string &string) { std::string::size_type colon_position = string.find_first_of(':'); std::string::size_type slash_position = string.find_first_of('/'); std::string::size_type gate_position = string.find_first_of('~'); std::string::size_type file_position = string.find_first_of('+'); std::string::size_type data_position = get_minimum(colon_position, gate_position, file_position); bool critical = false; bool critical_present = slash_position < data_position; std::string oid = string.substr(0, (critical_present ? slash_position : data_position)); if (critical_present) { std::string crit = string.substr(slash_position+1, (data_position == std::string::npos ? std::string::npos : data_position - slash_position-1)); if (!crit.compare("false")) critical = false; else if (!crit.compare("true")) critical = true; else { Print(ERROR) << "\nCriticality must be either true or false. Found" << crit << std::endl; exit(1); } } std::string data = " "; if (data_position != std::string::npos) { data = string.substr(data_position+1); if (gate_position == data_position) data = hextostring(data); if (file_position == data_position) { std::string file = data; data = readfile(file); if (data.empty()) { Print(ERROR) << "\nProblem in reading file: " << file << ": " << strerror(errno) << std::endl; exit(1); } } } return CreateProxyExtension((char*)oid.c_str(), (char*)data.c_str(), data.size(), critical); } static std::string hextostring(const std::string &data) { std::string temp = data; /* Add initial 0 if needed */ if ((temp.length() %2) == 1) temp = std::string("0") + temp; int len = temp.length()/2; char *newdata= new char[len]; for (int i =0; i < len; i++) { char first = temp[i*2]; char second = temp[i*2+1]; if (isxdigit(first) && isxdigit(second)) newdata[i] = (hex2num(first) << 4) +hex2num(second); else { delete[] newdata; return ""; } } std::string value = std::string(newdata, len); delete[] newdata; return value; } void Fake::PrintProxyCreationError(int error, void *additional) { char *msg = ProxyCreationError(error, additional); if (msg) { if (PROXY_ERROR_IS_WARNING(error)) Print(DEBUG) << "\n" << msg; else Print(ERROR) << "\n" << msg; free(msg); } } voms-2.1.2/src/utils/vomsfake.h000066400000000000000000000076101477131364200164270ustar00rootroot00000000000000/********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #ifndef VOMS_UTILS_VOMSFAKE_H #define VOMS_UTILS_VOMSFAKE_H #include "config.h" #include #include extern "C" { #include "openssl/bn.h" #include "sslutils.h" #include "newformat.h" #include "fakeparsertypes.h" } enum message_type {FORCED, INFO, WARN, ERROR, DEBUG}; class Fake { private: std::string program; std::string confile; // PKI files char * cacertfile; char * certdir; char * certfile; char * keyfile; // output files char * outfile; std::string proxyfile; std::string incfile; std::string separate; std::string uri; // proxy and AC settings */ int bits; int hours; bool limit_proxy; int vomslife; int proxyver; std::string policyfile; std::string policylang; int pathlength; // verify the cert is good bool verify; // doesn't regenerate proxy, use old bool noregen; // globus version int version; std::string voms; std::string targetlist; std::vector fqans; #ifdef CLASS_ADD void * class_add_buf = NULL; size_t class_add_buf_len = 0; #endif X509 *ucert; EVP_PKEY *upkey; STACK_OF(X509) *cert_chain; proxy_verify_desc pvd; proxy_verify_ctx_desc pvxd; // store data retrieved from server AC ** aclist; // vo std::string voID; std::string hostcert, hostkey; bool newformat; std::string newsubject; std::string newissuer; public: Fake(int argc, char** argv); ~Fake(); bool Run(); std::vector galist; private: bool CreateProxy(std::string filedata, AC ** aclist, int version); bool MakeACs(VOLIST *list); // write AC and data retrieved form server to file bool WriteSeparate(); // test if certificate used for signing is expired void Test(); bool pcdInit(); // verify the certificate is signed by a trusted CA bool Verify(); void CleanAll(); // get openssl error */ void Error(); bool VerifyOptions(); void exitError(const char *message); std::ostream& Print(message_type type); X509_EXTENSION *create_extension(const std::string &string); STACK_OF(X509_EXTENSION) *create_and_add_extension(const std::string &string, STACK_OF(X509_EXTENSION) *exts); bool rfc; std::string pastac; std::string pastproxy; std::string keyusage; std::string netscape; std::string exkusage; std::string newserial; std::vector extensions; std::vector acextensions; bool selfsigned; void PrintProxyCreationError(int error, void *additional); }; #endif voms-2.1.2/src/utils/vomsfake.y000066400000000000000000000105271477131364200164510ustar00rootroot00000000000000%{ /* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include "fakeparsertypes.h" #include "lexparse.h" #define MAX_SIZE 200 extern VOLIST* volist; static void convertparam(VO *vo, PARAM* param); %} %error-verbose %union{ char *string; char *input; PARAM *param; PARAMLIST *params; VO *vo; VOLIST *vos; } %token STRING %token ID; %type value; %type voparam %type voparams %type vo %type text %% text: vo { $$ = (VOLIST*)malloc(sizeof(VOLIST)); $$->vos= (VO**)malloc(sizeof(VO*)*MAX_SIZE); $$->current=0; $$->vos[$$->current++] = $1; volist = $$; } | text vo { $$ = $1; $$->vos[$$->current++] = $2; volist = $$; } ; vo: '[' ID ']' voparams { $$ = (VO *)calloc(1,sizeof(VO)); $$->fqans = (char**)malloc(sizeof(char*)*MAX_SIZE); $$->fqansize = 0; $$->gas = (char**)malloc(sizeof(char*)*MAX_SIZE); $$->gasize = 0; $$->targets = NULL; $$->voname = $2; $$->extensions = (char**)malloc(sizeof(char*)*MAX_SIZE); $$->extsize = 0; $$->params = $4; { int i =0; for (i = 0 ; i < $$->params->current; i++) convertparam($$, $$->params->params[i]); } } | '[' ID ']' { $$ = (VO *)calloc(1,sizeof(VO)); $$->fqans = NULL; $$->fqansize = 0; $$->gas = NULL; $$->gasize = 0; $$->targets = NULL; $$->voname = $2; $$->extensions = NULL; $$->extsize = 0; $$->params = NULL; } ; voparams: voparam { $$ = (PARAMLIST *)malloc(sizeof(PARAMLIST)); $$->params = (PARAM**)malloc(sizeof(PARAM*)*MAX_SIZE); $$->current=0; $$->params[$$->current++] = $1; } | voparams voparam { $$ = $1; $$->params[$$->current++] = $2; } ; voparam: ID '=' value { $$ = (PARAM *)calloc(1,sizeof(PARAM)); $$->name = $1; $$->value = $3; } | ID '=' value '=' value { $$ = (PARAM *)calloc(1,sizeof(PARAM)); $$->name = $1; $$->value = malloc(strlen($3)+strlen($5)+4); strcpy($$->value, "::"); strcat($$->value, $3); strcat($$->value,"="); strcat($$->value, $5); free($3); free($5); } | ID '=' value '=' value '(' value ')' { $$ = (PARAM *)calloc(1,sizeof(PARAM)); $$->name = $1; $$->value = malloc(strlen($3)+strlen($5)+strlen($7)+4); strcpy($$->value, $7); strcat($$->value, "::"); strcat($$->value, $3); strcat($$->value,"="); strcat($$->value, $5); free($3); free($5); free($7); } ; value: ID { $$ = $1; } | STRING { $$ = $1; } ; %% static void convertparam(VO *vo, PARAM* param) { if (strcmp(param->name, "-hostcert") == 0) { vo->hostcert = strdup(param->value); } else if (strcmp(param->name,"-hostkey") == 0) { vo->hostkey = strdup(param->value); } else if (strcmp(param->name, "-fqan") == 0) { vo->fqans[vo->fqansize++] = strdup(param->value); } else if (strcmp(param->name, "-vomslife") == 0) { vo->vomslife = atoi(param->value)*3600; } else if (strcmp(param->name, "-pastac") == 0) { vo->pastac = strdup(param->value); } else if (strcmp(param->name, "-target") == 0) { int do_add = 1; if (vo->targets == NULL) { do_add = 0; vo->targets = malloc(1); vo->targets[0] = '\0'; } vo->targets = realloc(vo->targets, strlen(vo->targets) + strlen(param->value) + 4); if (do_add) vo->targets = strcat(vo->targets, ","); vo->targets = strcat(vo->targets, param->value); } else if (strcmp(param->name, "-uri") == 0) { vo->uri = strdup(param->value); } else if (strcmp(param->name, "-ga") == 0) { vo->gas[vo->gasize++] = strdup(param->value); vo->gas[vo->gasize] = NULL; } else if (strcmp(param->name, "-acextension") == 0) { vo->extensions[vo->extsize++] = strdup(param->value); } free(param->value); free(param->name); } voms-2.1.2/src/utils/vomsparser.c000066400000000000000000001545551477131364200170230ustar00rootroot00000000000000/* A Bison parser, made by GNU Bison 3.7.4. */ /* Bison implementation for Yacc-like parsers in C Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* C LALR(1) parser skeleton written by Richard Stallman, by simplifying the original so-called "semantic" parser. */ /* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, especially those whose name start with YY_ or yy_. They are private implementation details that can be changed or removed. */ /* All symbols defined below should begin with yy or YY, to avoid infringing on user name space. This should be done even for local variables, as they might otherwise be expanded by user macros. There are some unavoidable exceptions within include files to define necessary library symbols; they are noted "INFRINGES ON USER NAME SPACE" below. */ /* Identify Bison output, and Bison version. */ #define YYBISON 30704 /* Bison version string. */ #define YYBISON_VERSION "3.7.4" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" /* Pure parsers. */ #define YYPURE 0 /* Push parsers. */ #define YYPUSH 0 /* Pull parsers. */ #define YYPULL 1 /* First part of user prologue. */ #line 1 "vomsfake.y" /* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include "fakeparsertypes.h" #include "lexparse.h" #define MAX_SIZE 200 extern VOLIST* volist; static void convertparam(VO *vo, PARAM* param); #line 100 "vomsparser.c" # ifndef YY_CAST # ifdef __cplusplus # define YY_CAST(Type, Val) static_cast (Val) # define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast (Val) # else # define YY_CAST(Type, Val) ((Type) (Val)) # define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val)) # endif # endif # ifndef YY_NULLPTR # if defined __cplusplus # if 201103L <= __cplusplus # define YY_NULLPTR nullptr # else # define YY_NULLPTR 0 # endif # else # define YY_NULLPTR ((void*)0) # endif # endif #include "vomsparser.h" /* Symbol kind. */ enum yysymbol_kind_t { YYSYMBOL_YYEMPTY = -2, YYSYMBOL_YYEOF = 0, /* "end of file" */ YYSYMBOL_YYerror = 1, /* error */ YYSYMBOL_YYUNDEF = 2, /* "invalid token" */ YYSYMBOL_STRING = 3, /* STRING */ YYSYMBOL_ID = 4, /* ID */ YYSYMBOL_5_ = 5, /* '[' */ YYSYMBOL_6_ = 6, /* ']' */ YYSYMBOL_7_ = 7, /* '=' */ YYSYMBOL_8_ = 8, /* '(' */ YYSYMBOL_9_ = 9, /* ')' */ YYSYMBOL_YYACCEPT = 10, /* $accept */ YYSYMBOL_text = 11, /* text */ YYSYMBOL_vo = 12, /* vo */ YYSYMBOL_voparams = 13, /* voparams */ YYSYMBOL_voparam = 14, /* voparam */ YYSYMBOL_value = 15 /* value */ }; typedef enum yysymbol_kind_t yysymbol_kind_t; #ifdef short # undef short #endif /* On compilers that do not define __PTRDIFF_MAX__ etc., make sure and (if available) are included so that the code can choose integer types of a good width. */ #ifndef __PTRDIFF_MAX__ # include /* INFRINGES ON USER NAME SPACE */ # if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ # include /* INFRINGES ON USER NAME SPACE */ # define YY_STDINT_H # endif #endif /* Narrow types that promote to a signed type and that can represent a signed or unsigned integer of at least N bits. In tables they can save space and decrease cache pressure. Promoting to a signed type helps avoid bugs in integer arithmetic. */ #ifdef __INT_LEAST8_MAX__ typedef __INT_LEAST8_TYPE__ yytype_int8; #elif defined YY_STDINT_H typedef int_least8_t yytype_int8; #else typedef signed char yytype_int8; #endif #ifdef __INT_LEAST16_MAX__ typedef __INT_LEAST16_TYPE__ yytype_int16; #elif defined YY_STDINT_H typedef int_least16_t yytype_int16; #else typedef short yytype_int16; #endif #if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__ typedef __UINT_LEAST8_TYPE__ yytype_uint8; #elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \ && UINT_LEAST8_MAX <= INT_MAX) typedef uint_least8_t yytype_uint8; #elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX typedef unsigned char yytype_uint8; #else typedef short yytype_uint8; #endif #if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__ typedef __UINT_LEAST16_TYPE__ yytype_uint16; #elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \ && UINT_LEAST16_MAX <= INT_MAX) typedef uint_least16_t yytype_uint16; #elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX typedef unsigned short yytype_uint16; #else typedef int yytype_uint16; #endif #ifndef YYPTRDIFF_T # if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__ # define YYPTRDIFF_T __PTRDIFF_TYPE__ # define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__ # elif defined PTRDIFF_MAX # ifndef ptrdiff_t # include /* INFRINGES ON USER NAME SPACE */ # endif # define YYPTRDIFF_T ptrdiff_t # define YYPTRDIFF_MAXIMUM PTRDIFF_MAX # else # define YYPTRDIFF_T long # define YYPTRDIFF_MAXIMUM LONG_MAX # endif #endif #ifndef YYSIZE_T # ifdef __SIZE_TYPE__ # define YYSIZE_T __SIZE_TYPE__ # elif defined size_t # define YYSIZE_T size_t # elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ # include /* INFRINGES ON USER NAME SPACE */ # define YYSIZE_T size_t # else # define YYSIZE_T unsigned # endif #endif #define YYSIZE_MAXIMUM \ YY_CAST (YYPTRDIFF_T, \ (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1) \ ? YYPTRDIFF_MAXIMUM \ : YY_CAST (YYSIZE_T, -1))) #define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X)) /* Stored state numbers (used for stacks). */ typedef yytype_int8 yy_state_t; /* State numbers in computations. */ typedef int yy_state_fast_t; #ifndef YY_ # if defined YYENABLE_NLS && YYENABLE_NLS # if ENABLE_NLS # include /* INFRINGES ON USER NAME SPACE */ # define YY_(Msgid) dgettext ("bison-runtime", Msgid) # endif # endif # ifndef YY_ # define YY_(Msgid) Msgid # endif #endif #ifndef YY_ATTRIBUTE_PURE # if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__) # define YY_ATTRIBUTE_PURE __attribute__ ((__pure__)) # else # define YY_ATTRIBUTE_PURE # endif #endif #ifndef YY_ATTRIBUTE_UNUSED # if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__) # define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) # else # define YY_ATTRIBUTE_UNUSED # endif #endif /* Suppress unused-variable warnings by "using" E. */ #if ! defined lint || defined __GNUC__ # define YYUSE(E) ((void) (E)) #else # define YYUSE(E) /* empty */ #endif #if defined __GNUC__ && ! defined __ICC && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ /* Suppress an incorrect diagnostic about yylval being uninitialized. */ # define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ _Pragma ("GCC diagnostic push") \ _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") # define YY_IGNORE_MAYBE_UNINITIALIZED_END \ _Pragma ("GCC diagnostic pop") #else # define YY_INITIAL_VALUE(Value) Value #endif #ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN # define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN # define YY_IGNORE_MAYBE_UNINITIALIZED_END #endif #ifndef YY_INITIAL_VALUE # define YY_INITIAL_VALUE(Value) /* Nothing. */ #endif #if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__ # define YY_IGNORE_USELESS_CAST_BEGIN \ _Pragma ("GCC diagnostic push") \ _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"") # define YY_IGNORE_USELESS_CAST_END \ _Pragma ("GCC diagnostic pop") #endif #ifndef YY_IGNORE_USELESS_CAST_BEGIN # define YY_IGNORE_USELESS_CAST_BEGIN # define YY_IGNORE_USELESS_CAST_END #endif #define YY_ASSERT(E) ((void) (0 && (E))) #if 1 /* The parser invokes alloca or malloc; define the necessary symbols. */ # ifdef YYSTACK_USE_ALLOCA # if YYSTACK_USE_ALLOCA # ifdef __GNUC__ # define YYSTACK_ALLOC __builtin_alloca # elif defined __BUILTIN_VA_ARG_INCR # include /* INFRINGES ON USER NAME SPACE */ # elif defined _AIX # define YYSTACK_ALLOC __alloca # elif defined _MSC_VER # include /* INFRINGES ON USER NAME SPACE */ # define alloca _alloca # else # define YYSTACK_ALLOC alloca # if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS # include /* INFRINGES ON USER NAME SPACE */ /* Use EXIT_SUCCESS as a witness for stdlib.h. */ # ifndef EXIT_SUCCESS # define EXIT_SUCCESS 0 # endif # endif # endif # endif # endif # ifdef YYSTACK_ALLOC /* Pacify GCC's 'empty if-body' warning. */ # define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) # ifndef YYSTACK_ALLOC_MAXIMUM /* The OS might guarantee only one guard page at the bottom of the stack, and a page size can be as small as 4096 bytes. So we cannot safely invoke alloca (N) if N exceeds 4096. Use a slightly smaller number to allow for a few compiler-allocated temporary stack slots. */ # define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ # endif # else # define YYSTACK_ALLOC YYMALLOC # define YYSTACK_FREE YYFREE # ifndef YYSTACK_ALLOC_MAXIMUM # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM # endif # if (defined __cplusplus && ! defined EXIT_SUCCESS \ && ! ((defined YYMALLOC || defined malloc) \ && (defined YYFREE || defined free))) # include /* INFRINGES ON USER NAME SPACE */ # ifndef EXIT_SUCCESS # define EXIT_SUCCESS 0 # endif # endif # ifndef YYMALLOC # define YYMALLOC malloc # if ! defined malloc && ! defined EXIT_SUCCESS void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ # endif # endif # ifndef YYFREE # define YYFREE free # if ! defined free && ! defined EXIT_SUCCESS void free (void *); /* INFRINGES ON USER NAME SPACE */ # endif # endif # endif #endif /* 1 */ #if (! defined yyoverflow \ && (! defined __cplusplus \ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) /* A type that is properly aligned for any stack member. */ union yyalloc { yy_state_t yyss_alloc; YYSTYPE yyvs_alloc; }; /* The size of the maximum gap between one aligned stack and the next. */ # define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1) /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) # define YYCOPY_NEEDED 1 /* Relocate STACK from its old location to the new one. The local variables YYSIZE and YYSTACKSIZE give the old and new number of elements in the stack, and YYPTR gives the new location of the stack. Advance YYPTR to a properly aligned location for the next stack. */ # define YYSTACK_RELOCATE(Stack_alloc, Stack) \ do \ { \ YYPTRDIFF_T yynewbytes; \ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ Stack = &yyptr->Stack_alloc; \ yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \ yyptr += yynewbytes / YYSIZEOF (*yyptr); \ } \ while (0) #endif #if defined YYCOPY_NEEDED && YYCOPY_NEEDED /* Copy COUNT objects from SRC to DST. The source and destination do not overlap. */ # ifndef YYCOPY # if defined __GNUC__ && 1 < __GNUC__ # define YYCOPY(Dst, Src, Count) \ __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src))) # else # define YYCOPY(Dst, Src, Count) \ do \ { \ YYPTRDIFF_T yyi; \ for (yyi = 0; yyi < (Count); yyi++) \ (Dst)[yyi] = (Src)[yyi]; \ } \ while (0) # endif # endif #endif /* !YYCOPY_NEEDED */ /* YYFINAL -- State number of the termination state. */ #define YYFINAL 5 /* YYLAST -- Last index in YYTABLE. */ #define YYLAST 19 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 10 /* YYNNTS -- Number of nonterminals. */ #define YYNNTS 6 /* YYNRULES -- Number of rules. */ #define YYNRULES 12 /* YYNSTATES -- Number of states. */ #define YYNSTATES 21 /* YYMAXUTOK -- Last valid token kind. */ #define YYMAXUTOK 259 /* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM as returned by yylex, with out-of-bounds checking. */ #define YYTRANSLATE(YYX) \ (0 <= (YYX) && (YYX) <= YYMAXUTOK \ ? YY_CAST (yysymbol_kind_t, yytranslate[YYX]) \ : YYSYMBOL_YYUNDEF) /* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM as returned by yylex. */ static const yytype_int8 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 8, 9, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 7, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 5, 2, 6, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, 3, 4 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_uint8 yyrline[] = { 0, 52, 52, 59, 66, 83, 98, 104, 110, 115, 126, 141, 142 }; #endif /** Accessing symbol of state STATE. */ #define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State]) #if 1 /* The user-facing name of the symbol whose (internal) number is YYSYMBOL. No bounds checking. */ static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED; /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { "\"end of file\"", "error", "\"invalid token\"", "STRING", "ID", "'['", "']'", "'='", "'('", "')'", "$accept", "text", "vo", "voparams", "voparam", "value", YY_NULLPTR }; static const char * yysymbol_name (yysymbol_kind_t yysymbol) { return yytname[yysymbol]; } #endif #ifdef YYPRINT /* YYTOKNUM[NUM] -- (External) token number corresponding to the (internal) symbol number NUM (which must be that of a token). */ static const yytype_int16 yytoknum[] = { 0, 256, 257, 258, 259, 91, 93, 61, 40, 41 }; #endif #define YYPACT_NINF (-16) #define yypact_value_is_default(Yyn) \ ((Yyn) == YYPACT_NINF) #define YYTABLE_NINF (-1) #define yytable_value_is_error(Yyn) \ 0 /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ static const yytype_int8 yypact[] = { -3, 4, 0, -16, -2, -16, -16, 5, 6, 5, -16, 3, -16, -16, -16, 7, 3, 2, 3, 8, -16 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. Performed when YYTABLE does not specify something else to do. Zero means the default is an error. */ static const yytype_int8 yydefact[] = { 0, 0, 0, 2, 0, 1, 3, 5, 0, 4, 6, 0, 7, 12, 11, 8, 0, 9, 0, 0, 10 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int8 yypgoto[] = { -16, -16, 9, -16, 10, -15 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int8 yydefgoto[] = { -1, 2, 3, 9, 10, 15 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If positive, shift that token. If negative, reduce the rule whose number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_int8 yytable[] = { 5, 17, 1, 19, 7, 1, 13, 14, 4, 8, 18, 6, 0, 11, 16, 0, 0, 20, 0, 12 }; static const yytype_int8 yycheck[] = { 0, 16, 5, 18, 6, 5, 3, 4, 4, 4, 8, 2, -1, 7, 7, -1, -1, 9, -1, 9 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_int8 yystos[] = { 0, 5, 11, 12, 4, 0, 12, 6, 4, 13, 14, 7, 14, 3, 4, 15, 7, 15, 8, 15, 9 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_int8 yyr1[] = { 0, 10, 11, 11, 12, 12, 13, 13, 14, 14, 14, 15, 15 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ static const yytype_int8 yyr2[] = { 0, 2, 1, 2, 4, 3, 1, 2, 3, 5, 8, 1, 1 }; enum { YYENOMEM = -2 }; #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) #define YYACCEPT goto yyacceptlab #define YYABORT goto yyabortlab #define YYERROR goto yyerrorlab #define YYRECOVERING() (!!yyerrstatus) #define YYBACKUP(Token, Value) \ do \ if (yychar == YYEMPTY) \ { \ yychar = (Token); \ yylval = (Value); \ YYPOPSTACK (yylen); \ yystate = *yyssp; \ goto yybackup; \ } \ else \ { \ yyerror (YY_("syntax error: cannot back up")); \ YYERROR; \ } \ while (0) /* Backward compatibility with an undocumented macro. Use YYerror or YYUNDEF. */ #define YYERRCODE YYUNDEF /* Enable debugging if requested. */ #if YYDEBUG # ifndef YYFPRINTF # include /* INFRINGES ON USER NAME SPACE */ # define YYFPRINTF fprintf # endif # define YYDPRINTF(Args) \ do { \ if (yydebug) \ YYFPRINTF Args; \ } while (0) /* This macro is provided for backward compatibility. */ # ifndef YY_LOCATION_PRINT # define YY_LOCATION_PRINT(File, Loc) ((void) 0) # endif # define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ yy_symbol_print (stderr, \ Kind, Value); \ YYFPRINTF (stderr, "\n"); \ } \ } while (0) /*-----------------------------------. | Print this symbol's value on YYO. | `-----------------------------------*/ static void yy_symbol_value_print (FILE *yyo, yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) { FILE *yyoutput = yyo; YYUSE (yyoutput); if (!yyvaluep) return; # ifdef YYPRINT if (yykind < YYNTOKENS) YYPRINT (yyo, yytoknum[yykind], *yyvaluep); # endif YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN YYUSE (yykind); YY_IGNORE_MAYBE_UNINITIALIZED_END } /*---------------------------. | Print this symbol on YYO. | `---------------------------*/ static void yy_symbol_print (FILE *yyo, yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) { YYFPRINTF (yyo, "%s %s (", yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind)); yy_symbol_value_print (yyo, yykind, yyvaluep); YYFPRINTF (yyo, ")"); } /*------------------------------------------------------------------. | yy_stack_print -- Print the state stack from its BOTTOM up to its | | TOP (included). | `------------------------------------------------------------------*/ static void yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop) { YYFPRINTF (stderr, "Stack now"); for (; yybottom <= yytop; yybottom++) { int yybot = *yybottom; YYFPRINTF (stderr, " %d", yybot); } YYFPRINTF (stderr, "\n"); } # define YY_STACK_PRINT(Bottom, Top) \ do { \ if (yydebug) \ yy_stack_print ((Bottom), (Top)); \ } while (0) /*------------------------------------------------. | Report that the YYRULE is going to be reduced. | `------------------------------------------------*/ static void yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp, int yyrule) { int yylno = yyrline[yyrule]; int yynrhs = yyr2[yyrule]; int yyi; YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n", yyrule - 1, yylno); /* The symbols being reduced. */ for (yyi = 0; yyi < yynrhs; yyi++) { YYFPRINTF (stderr, " $%d = ", yyi + 1); yy_symbol_print (stderr, YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]), &yyvsp[(yyi + 1) - (yynrhs)]); YYFPRINTF (stderr, "\n"); } } # define YY_REDUCE_PRINT(Rule) \ do { \ if (yydebug) \ yy_reduce_print (yyssp, yyvsp, Rule); \ } while (0) /* Nonzero means print parse trace. It is left uninitialized so that multiple parsers can coexist. */ int yydebug; #else /* !YYDEBUG */ # define YYDPRINTF(Args) ((void) 0) # define YY_SYMBOL_PRINT(Title, Kind, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ /* YYINITDEPTH -- initial size of the parser's stacks. */ #ifndef YYINITDEPTH # define YYINITDEPTH 200 #endif /* YYMAXDEPTH -- maximum size the stacks can grow to (effective only if the built-in stack extension method is used). Do not make this value too large; the results are undefined if YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ #ifndef YYMAXDEPTH # define YYMAXDEPTH 10000 #endif /* Context of a parse error. */ typedef struct { yy_state_t *yyssp; yysymbol_kind_t yytoken; } yypcontext_t; /* Put in YYARG at most YYARGN of the expected tokens given the current YYCTX, and return the number of tokens stored in YYARG. If YYARG is null, return the number of expected tokens (guaranteed to be less than YYNTOKENS). Return YYENOMEM on memory exhaustion. Return 0 if there are more than YYARGN expected tokens, yet fill YYARG up to YYARGN. */ static int yypcontext_expected_tokens (const yypcontext_t *yyctx, yysymbol_kind_t yyarg[], int yyargn) { /* Actual size of YYARG. */ int yycount = 0; int yyn = yypact[+*yyctx->yyssp]; if (!yypact_value_is_default (yyn)) { /* Start YYX at -YYN if negative to avoid negative indexes in YYCHECK. In other words, skip the first -YYN actions for this state because they are default actions. */ int yyxbegin = yyn < 0 ? -yyn : 0; /* Stay within bounds of both yycheck and yytname. */ int yychecklim = YYLAST - yyn + 1; int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; int yyx; for (yyx = yyxbegin; yyx < yyxend; ++yyx) if (yycheck[yyx + yyn] == yyx && yyx != YYSYMBOL_YYerror && !yytable_value_is_error (yytable[yyx + yyn])) { if (!yyarg) ++yycount; else if (yycount == yyargn) return 0; else yyarg[yycount++] = YY_CAST (yysymbol_kind_t, yyx); } } if (yyarg && yycount == 0 && 0 < yyargn) yyarg[0] = YYSYMBOL_YYEMPTY; return yycount; } #ifndef yystrlen # if defined __GLIBC__ && defined _STRING_H # define yystrlen(S) (YY_CAST (YYPTRDIFF_T, strlen (S))) # else /* Return the length of YYSTR. */ static YYPTRDIFF_T yystrlen (const char *yystr) { YYPTRDIFF_T yylen; for (yylen = 0; yystr[yylen]; yylen++) continue; return yylen; } # endif #endif #ifndef yystpcpy # if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE # define yystpcpy stpcpy # else /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in YYDEST. */ static char * yystpcpy (char *yydest, const char *yysrc) { char *yyd = yydest; const char *yys = yysrc; while ((*yyd++ = *yys++) != '\0') continue; return yyd - 1; } # endif #endif #ifndef yytnamerr /* Copy to YYRES the contents of YYSTR after stripping away unnecessary quotes and backslashes, so that it's suitable for yyerror. The heuristic is that double-quoting is unnecessary unless the string contains an apostrophe, a comma, or backslash (other than backslash-backslash). YYSTR is taken from yytname. If YYRES is null, do not copy; instead, return the length of what the result would have been. */ static YYPTRDIFF_T yytnamerr (char *yyres, const char *yystr) { if (*yystr == '"') { YYPTRDIFF_T yyn = 0; char const *yyp = yystr; for (;;) switch (*++yyp) { case '\'': case ',': goto do_not_strip_quotes; case '\\': if (*++yyp != '\\') goto do_not_strip_quotes; else goto append; append: default: if (yyres) yyres[yyn] = *yyp; yyn++; break; case '"': if (yyres) yyres[yyn] = '\0'; return yyn; } do_not_strip_quotes: ; } if (yyres) return yystpcpy (yyres, yystr) - yyres; else return yystrlen (yystr); } #endif static int yy_syntax_error_arguments (const yypcontext_t *yyctx, yysymbol_kind_t yyarg[], int yyargn) { /* Actual size of YYARG. */ int yycount = 0; /* There are many possibilities here to consider: - If this state is a consistent state with a default action, then the only way this function was invoked is if the default action is an error action. In that case, don't check for expected tokens because there are none. - The only way there can be no lookahead present (in yychar) is if this state is a consistent state with a default action. Thus, detecting the absence of a lookahead is sufficient to determine that there is no unexpected or expected token to report. In that case, just report a simple "syntax error". - Don't assume there isn't a lookahead just because this state is a consistent state with a default action. There might have been a previous inconsistent state, consistent state with a non-default action, or user semantic action that manipulated yychar. - Of course, the expected token list depends on states to have correct lookahead information, and it depends on the parser not to perform extra reductions after fetching a lookahead from the scanner and before detecting a syntax error. Thus, state merging (from LALR or IELR) and default reductions corrupt the expected token list. However, the list is correct for canonical LR with one exception: it will still contain any token that will not be accepted due to an error action in a later state. */ if (yyctx->yytoken != YYSYMBOL_YYEMPTY) { int yyn; if (yyarg) yyarg[yycount] = yyctx->yytoken; ++yycount; yyn = yypcontext_expected_tokens (yyctx, yyarg ? yyarg + 1 : yyarg, yyargn - 1); if (yyn == YYENOMEM) return YYENOMEM; else yycount += yyn; } return yycount; } /* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message about the unexpected token YYTOKEN for the state stack whose top is YYSSP. Return 0 if *YYMSG was successfully written. Return -1 if *YYMSG is not large enough to hold the message. In that case, also set *YYMSG_ALLOC to the required number of bytes. Return YYENOMEM if the required number of bytes is too large to store. */ static int yysyntax_error (YYPTRDIFF_T *yymsg_alloc, char **yymsg, const yypcontext_t *yyctx) { enum { YYARGS_MAX = 5 }; /* Internationalized format string. */ const char *yyformat = YY_NULLPTR; /* Arguments of yyformat: reported tokens (one for the "unexpected", one per "expected"). */ yysymbol_kind_t yyarg[YYARGS_MAX]; /* Cumulated lengths of YYARG. */ YYPTRDIFF_T yysize = 0; /* Actual size of YYARG. */ int yycount = yy_syntax_error_arguments (yyctx, yyarg, YYARGS_MAX); if (yycount == YYENOMEM) return YYENOMEM; switch (yycount) { #define YYCASE_(N, S) \ case N: \ yyformat = S; \ break default: /* Avoid compiler warnings. */ YYCASE_(0, YY_("syntax error")); YYCASE_(1, YY_("syntax error, unexpected %s")); YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); #undef YYCASE_ } /* Compute error message size. Don't count the "%s"s, but reserve room for the terminator. */ yysize = yystrlen (yyformat) - 2 * yycount + 1; { int yyi; for (yyi = 0; yyi < yycount; ++yyi) { YYPTRDIFF_T yysize1 = yysize + yytnamerr (YY_NULLPTR, yytname[yyarg[yyi]]); if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) yysize = yysize1; else return YYENOMEM; } } if (*yymsg_alloc < yysize) { *yymsg_alloc = 2 * yysize; if (! (yysize <= *yymsg_alloc && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; return -1; } /* Avoid sprintf, as that infringes on the user's name space. Don't have undefined behavior even if the translation produced a string with the wrong number of "%s"s. */ { char *yyp = *yymsg; int yyi = 0; while ((*yyp = *yyformat) != '\0') if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) { yyp += yytnamerr (yyp, yytname[yyarg[yyi++]]); yyformat += 2; } else { ++yyp; ++yyformat; } } return 0; } /*-----------------------------------------------. | Release the memory associated to this symbol. | `-----------------------------------------------*/ static void yydestruct (const char *yymsg, yysymbol_kind_t yykind, YYSTYPE *yyvaluep) { YYUSE (yyvaluep); if (!yymsg) yymsg = "Deleting"; YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp); YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN YYUSE (yykind); YY_IGNORE_MAYBE_UNINITIALIZED_END } /* Lookahead token kind. */ int yychar; /* The semantic value of the lookahead symbol. */ YYSTYPE yylval; /* Number of syntax errors so far. */ int yynerrs; /*----------. | yyparse. | `----------*/ int yyparse (void) { yy_state_fast_t yystate = 0; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus = 0; /* Refer to the stacks through separate pointers, to allow yyoverflow to reallocate them elsewhere. */ /* Their size. */ YYPTRDIFF_T yystacksize = YYINITDEPTH; /* The state stack: array, bottom, top. */ yy_state_t yyssa[YYINITDEPTH]; yy_state_t *yyss = yyssa; yy_state_t *yyssp = yyss; /* The semantic value stack: array, bottom, top. */ YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs = yyvsa; YYSTYPE *yyvsp = yyvs; int yyn; /* The return value of yyparse. */ int yyresult; /* Lookahead symbol kind. */ yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY; /* The variables used to return semantic value and location from the action routines. */ YYSTYPE yyval; /* Buffer for error messages, and its allocated size. */ char yymsgbuf[128]; char *yymsg = yymsgbuf; YYPTRDIFF_T yymsg_alloc = sizeof yymsgbuf; #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) /* The number of symbols on the RHS of the reduced rule. Keep to zero when no symbol should be popped. */ int yylen = 0; YYDPRINTF ((stderr, "Starting parse\n")); yychar = YYEMPTY; /* Cause a token to be read. */ goto yysetstate; /*------------------------------------------------------------. | yynewstate -- push a new state, which is found in yystate. | `------------------------------------------------------------*/ yynewstate: /* In all cases, when you get here, the value and location stacks have just been pushed. So pushing a state here evens the stacks. */ yyssp++; /*--------------------------------------------------------------------. | yysetstate -- set current state (the top of the stack) to yystate. | `--------------------------------------------------------------------*/ yysetstate: YYDPRINTF ((stderr, "Entering state %d\n", yystate)); YY_ASSERT (0 <= yystate && yystate < YYNSTATES); YY_IGNORE_USELESS_CAST_BEGIN *yyssp = YY_CAST (yy_state_t, yystate); YY_IGNORE_USELESS_CAST_END YY_STACK_PRINT (yyss, yyssp); if (yyss + yystacksize - 1 <= yyssp) #if !defined yyoverflow && !defined YYSTACK_RELOCATE goto yyexhaustedlab; #else { /* Get the current used size of the three stacks, in elements. */ YYPTRDIFF_T yysize = yyssp - yyss + 1; # if defined yyoverflow { /* Give user a chance to reallocate the stack. Use copies of these so that the &'s don't force the real ones into memory. */ yy_state_t *yyss1 = yyss; YYSTYPE *yyvs1 = yyvs; /* Each stack pointer address is followed by the size of the data in use in that stack, in bytes. This used to be a conditional around just the two extra args, but that might be undefined if yyoverflow is a macro. */ yyoverflow (YY_("memory exhausted"), &yyss1, yysize * YYSIZEOF (*yyssp), &yyvs1, yysize * YYSIZEOF (*yyvsp), &yystacksize); yyss = yyss1; yyvs = yyvs1; } # else /* defined YYSTACK_RELOCATE */ /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; { yy_state_t *yyss1 = yyss; union yyalloc *yyptr = YY_CAST (union yyalloc *, YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); if (! yyptr) goto yyexhaustedlab; YYSTACK_RELOCATE (yyss_alloc, yyss); YYSTACK_RELOCATE (yyvs_alloc, yyvs); # undef YYSTACK_RELOCATE if (yyss1 != yyssa) YYSTACK_FREE (yyss1); } # endif yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; YY_IGNORE_USELESS_CAST_BEGIN YYDPRINTF ((stderr, "Stack size increased to %ld\n", YY_CAST (long, yystacksize))); YY_IGNORE_USELESS_CAST_END if (yyss + yystacksize - 1 <= yyssp) YYABORT; } #endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ if (yystate == YYFINAL) YYACCEPT; goto yybackup; /*-----------. | yybackup. | `-----------*/ yybackup: /* Do appropriate processing given the current state. Read a lookahead token if we need one and don't already have one. */ /* First try to decide what to do without reference to lookahead token. */ yyn = yypact[yystate]; if (yypact_value_is_default (yyn)) goto yydefault; /* Not known => get a lookahead token if don't already have one. */ /* YYCHAR is either empty, or end-of-input, or a valid lookahead. */ if (yychar == YYEMPTY) { YYDPRINTF ((stderr, "Reading a token\n")); yychar = yylex (); } if (yychar <= YYEOF) { yychar = YYEOF; yytoken = YYSYMBOL_YYEOF; YYDPRINTF ((stderr, "Now at end of input.\n")); } else if (yychar == YYerror) { /* The scanner already issued an error message, process directly to error recovery. But do not keep the error token as lookahead, it is too special and may lead us to an endless loop in error recovery. */ yychar = YYUNDEF; yytoken = YYSYMBOL_YYerror; goto yyerrlab1; } else { yytoken = YYTRANSLATE (yychar); YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); } /* If the proper action on seeing token YYTOKEN is to reduce or to detect an error, take that action. */ yyn += yytoken; if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) goto yydefault; yyn = yytable[yyn]; if (yyn <= 0) { if (yytable_value_is_error (yyn)) goto yyerrlab; yyn = -yyn; goto yyreduce; } /* Count tokens shifted since error; after three, turn off error status. */ if (yyerrstatus) yyerrstatus--; /* Shift the lookahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); yystate = yyn; YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; YY_IGNORE_MAYBE_UNINITIALIZED_END /* Discard the shifted token. */ yychar = YYEMPTY; goto yynewstate; /*-----------------------------------------------------------. | yydefault -- do the default action for the current state. | `-----------------------------------------------------------*/ yydefault: yyn = yydefact[yystate]; if (yyn == 0) goto yyerrlab; goto yyreduce; /*-----------------------------. | yyreduce -- do a reduction. | `-----------------------------*/ yyreduce: /* yyn is the number of a rule to reduce with. */ yylen = yyr2[yyn]; /* If YYLEN is nonzero, implement the default value of the action: '$$ = $1'. Otherwise, the following line sets YYVAL to garbage. This behavior is undocumented and Bison users should not rely upon it. Assigning to YYVAL unconditionally makes the parser a bit smaller, and it avoids a GCC warning that YYVAL may be used uninitialized. */ yyval = yyvsp[1-yylen]; YY_REDUCE_PRINT (yyn); switch (yyn) { case 2: /* text: vo */ #line 52 "vomsfake.y" { (yyval.vos) = (VOLIST*)malloc(sizeof(VOLIST)); (yyval.vos)->vos= (VO**)malloc(sizeof(VO*)*MAX_SIZE); (yyval.vos)->current=0; (yyval.vos)->vos[(yyval.vos)->current++] = (yyvsp[0].vo); volist = (yyval.vos); } #line 1371 "vomsparser.c" break; case 3: /* text: text vo */ #line 59 "vomsfake.y" { (yyval.vos) = (yyvsp[-1].vos); (yyval.vos)->vos[(yyval.vos)->current++] = (yyvsp[0].vo); volist = (yyval.vos); } #line 1381 "vomsparser.c" break; case 4: /* vo: '[' ID ']' voparams */ #line 66 "vomsfake.y" { (yyval.vo) = (VO *)calloc(1,sizeof(VO)); (yyval.vo)->fqans = (char**)malloc(sizeof(char*)*MAX_SIZE); (yyval.vo)->fqansize = 0; (yyval.vo)->gas = (char**)malloc(sizeof(char*)*MAX_SIZE); (yyval.vo)->gasize = 0; (yyval.vo)->targets = NULL; (yyval.vo)->voname = (yyvsp[-2].string); (yyval.vo)->extensions = (char**)malloc(sizeof(char*)*MAX_SIZE); (yyval.vo)->extsize = 0; (yyval.vo)->params = (yyvsp[0].params); { int i =0; for (i = 0 ; i < (yyval.vo)->params->current; i++) convertparam((yyval.vo), (yyval.vo)->params->params[i]); } } #line 1403 "vomsparser.c" break; case 5: /* vo: '[' ID ']' */ #line 83 "vomsfake.y" { (yyval.vo) = (VO *)calloc(1,sizeof(VO)); (yyval.vo)->fqans = NULL; (yyval.vo)->fqansize = 0; (yyval.vo)->gas = NULL; (yyval.vo)->gasize = 0; (yyval.vo)->targets = NULL; (yyval.vo)->voname = (yyvsp[-1].string); (yyval.vo)->extensions = NULL; (yyval.vo)->extsize = 0; (yyval.vo)->params = NULL; } #line 1421 "vomsparser.c" break; case 6: /* voparams: voparam */ #line 98 "vomsfake.y" { (yyval.params) = (PARAMLIST *)malloc(sizeof(PARAMLIST)); (yyval.params)->params = (PARAM**)malloc(sizeof(PARAM*)*MAX_SIZE); (yyval.params)->current=0; (yyval.params)->params[(yyval.params)->current++] = (yyvsp[0].param); } #line 1432 "vomsparser.c" break; case 7: /* voparams: voparams voparam */ #line 104 "vomsfake.y" { (yyval.params) = (yyvsp[-1].params); (yyval.params)->params[(yyval.params)->current++] = (yyvsp[0].param); } #line 1441 "vomsparser.c" break; case 8: /* voparam: ID '=' value */ #line 110 "vomsfake.y" { (yyval.param) = (PARAM *)calloc(1,sizeof(PARAM)); (yyval.param)->name = (yyvsp[-2].string); (yyval.param)->value = (yyvsp[0].input); } #line 1451 "vomsparser.c" break; case 9: /* voparam: ID '=' value '=' value */ #line 115 "vomsfake.y" { (yyval.param) = (PARAM *)calloc(1,sizeof(PARAM)); (yyval.param)->name = (yyvsp[-4].string); (yyval.param)->value = malloc(strlen((yyvsp[-2].input))+strlen((yyvsp[0].input))+4); strcpy((yyval.param)->value, "::"); strcat((yyval.param)->value, (yyvsp[-2].input)); strcat((yyval.param)->value,"="); strcat((yyval.param)->value, (yyvsp[0].input)); free((yyvsp[-2].input)); free((yyvsp[0].input)); } #line 1467 "vomsparser.c" break; case 10: /* voparam: ID '=' value '=' value '(' value ')' */ #line 126 "vomsfake.y" { (yyval.param) = (PARAM *)calloc(1,sizeof(PARAM)); (yyval.param)->name = (yyvsp[-7].string); (yyval.param)->value = malloc(strlen((yyvsp[-5].input))+strlen((yyvsp[-3].input))+strlen((yyvsp[-1].input))+4); strcpy((yyval.param)->value, (yyvsp[-1].input)); strcat((yyval.param)->value, "::"); strcat((yyval.param)->value, (yyvsp[-5].input)); strcat((yyval.param)->value,"="); strcat((yyval.param)->value, (yyvsp[-3].input)); free((yyvsp[-5].input)); free((yyvsp[-3].input)); free((yyvsp[-1].input)); } #line 1485 "vomsparser.c" break; case 11: /* value: ID */ #line 141 "vomsfake.y" { (yyval.input) = (yyvsp[0].string); } #line 1491 "vomsparser.c" break; case 12: /* value: STRING */ #line 142 "vomsfake.y" { (yyval.input) = (yyvsp[0].string); } #line 1497 "vomsparser.c" break; #line 1501 "vomsparser.c" default: break; } /* User semantic actions sometimes alter yychar, and that requires that yytoken be updated with the new translation. We take the approach of translating immediately before every use of yytoken. One alternative is translating here after every semantic action, but that translation would be missed if the semantic action invokes YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an incorrect destructor might then be invoked immediately. In the case of YYERROR or YYBACKUP, subsequent parser actions might lead to an incorrect destructor call or verbose syntax error message before the lookahead is translated. */ YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc); YYPOPSTACK (yylen); yylen = 0; *++yyvsp = yyval; /* Now 'shift' the result of the reduction. Determine what state that goes to, based on the state we popped back to and the rule number reduced by. */ { const int yylhs = yyr1[yyn] - YYNTOKENS; const int yyi = yypgoto[yylhs] + *yyssp; yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp ? yytable[yyi] : yydefgoto[yylhs]); } goto yynewstate; /*--------------------------------------. | yyerrlab -- here on detecting error. | `--------------------------------------*/ yyerrlab: /* Make sure we have latest lookahead translation. See comments at user semantic actions for why this is necessary. */ yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar); /* If not already recovering from an error, report this error. */ if (!yyerrstatus) { ++yynerrs; { yypcontext_t yyctx = {yyssp, yytoken}; char const *yymsgp = YY_("syntax error"); int yysyntax_error_status; yysyntax_error_status = yysyntax_error (&yymsg_alloc, &yymsg, &yyctx); if (yysyntax_error_status == 0) yymsgp = yymsg; else if (yysyntax_error_status == -1) { if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); yymsg = YY_CAST (char *, YYSTACK_ALLOC (YY_CAST (YYSIZE_T, yymsg_alloc))); if (yymsg) { yysyntax_error_status = yysyntax_error (&yymsg_alloc, &yymsg, &yyctx); yymsgp = yymsg; } else { yymsg = yymsgbuf; yymsg_alloc = sizeof yymsgbuf; yysyntax_error_status = YYENOMEM; } } yyerror (yymsgp); if (yysyntax_error_status == YYENOMEM) goto yyexhaustedlab; } } if (yyerrstatus == 3) { /* If just tried and failed to reuse lookahead token after an error, discard it. */ if (yychar <= YYEOF) { /* Return failure if at end of input. */ if (yychar == YYEOF) YYABORT; } else { yydestruct ("Error: discarding", yytoken, &yylval); yychar = YYEMPTY; } } /* Else will try to reuse lookahead token after shifting the error token. */ goto yyerrlab1; /*---------------------------------------------------. | yyerrorlab -- error raised explicitly by YYERROR. | `---------------------------------------------------*/ yyerrorlab: /* Pacify compilers when the user code never invokes YYERROR and the label yyerrorlab therefore never appears in user code. */ if (0) YYERROR; /* Do not reclaim the symbols of the rule whose action triggered this YYERROR. */ YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); yystate = *yyssp; goto yyerrlab1; /*-------------------------------------------------------------. | yyerrlab1 -- common code for both syntax error and YYERROR. | `-------------------------------------------------------------*/ yyerrlab1: yyerrstatus = 3; /* Each real token shifted decrements this. */ /* Pop stack until we find a state that shifts the error token. */ for (;;) { yyn = yypact[yystate]; if (!yypact_value_is_default (yyn)) { yyn += YYSYMBOL_YYerror; if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror) { yyn = yytable[yyn]; if (0 < yyn) break; } } /* Pop the current state because it cannot handle the error token. */ if (yyssp == yyss) YYABORT; yydestruct ("Error: popping", YY_ACCESSING_SYMBOL (yystate), yyvsp); YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; YY_IGNORE_MAYBE_UNINITIALIZED_END /* Shift the error token. */ YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp); yystate = yyn; goto yynewstate; /*-------------------------------------. | yyacceptlab -- YYACCEPT comes here. | `-------------------------------------*/ yyacceptlab: yyresult = 0; goto yyreturn; /*-----------------------------------. | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: yyresult = 1; goto yyreturn; #if 1 /*-------------------------------------------------. | yyexhaustedlab -- memory exhaustion comes here. | `-------------------------------------------------*/ yyexhaustedlab: yyerror (YY_("memory exhausted")); yyresult = 2; goto yyreturn; #endif /*-------------------------------------------------------. | yyreturn -- parsing is finished, clean up and return. | `-------------------------------------------------------*/ yyreturn: if (yychar != YYEMPTY) { /* Make sure we have latest lookahead translation. See comments at user semantic actions for why this is necessary. */ yytoken = YYTRANSLATE (yychar); yydestruct ("Cleanup: discarding lookahead", yytoken, &yylval); } /* Do not reclaim the symbols of the rule whose action triggered this YYABORT or YYACCEPT. */ YYPOPSTACK (yylen); YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct ("Cleanup: popping", YY_ACCESSING_SYMBOL (+*yyssp), yyvsp); YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); return yyresult; } #line 145 "vomsfake.y" static void convertparam(VO *vo, PARAM* param) { if (strcmp(param->name, "-hostcert") == 0) { vo->hostcert = strdup(param->value); } else if (strcmp(param->name,"-hostkey") == 0) { vo->hostkey = strdup(param->value); } else if (strcmp(param->name, "-fqan") == 0) { vo->fqans[vo->fqansize++] = strdup(param->value); } else if (strcmp(param->name, "-vomslife") == 0) { vo->vomslife = atoi(param->value)*3600; } else if (strcmp(param->name, "-pastac") == 0) { vo->pastac = strdup(param->value); } else if (strcmp(param->name, "-target") == 0) { int do_add = 1; if (vo->targets == NULL) { do_add = 0; vo->targets = malloc(1); vo->targets[0] = '\0'; } vo->targets = realloc(vo->targets, strlen(vo->targets) + strlen(param->value) + 4); if (do_add) vo->targets = strcat(vo->targets, ","); vo->targets = strcat(vo->targets, param->value); } else if (strcmp(param->name, "-uri") == 0) { vo->uri = strdup(param->value); } else if (strcmp(param->name, "-ga") == 0) { vo->gas[vo->gasize++] = strdup(param->value); vo->gas[vo->gasize] = NULL; } else if (strcmp(param->name, "-acextension") == 0) { vo->extensions[vo->extsize++] = strdup(param->value); } free(param->value); free(param->name); } voms-2.1.2/src/utils/vomsparser.h000066400000000000000000000054701477131364200170170ustar00rootroot00000000000000/* A Bison parser, made by GNU Bison 3.7.4. */ /* Bison interface for Yacc-like parsers in C Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, especially those whose name start with YY_ or yy_. They are private implementation details that can be changed or removed. */ #ifndef YY_YY_VOMSPARSER_H_INCLUDED # define YY_YY_VOMSPARSER_H_INCLUDED /* Debug traces. */ #ifndef YYDEBUG # define YYDEBUG 1 #endif #if YYDEBUG extern int yydebug; #endif /* Token kinds. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE enum yytokentype { YYEMPTY = -2, YYEOF = 0, /* "end of file" */ YYerror = 256, /* error */ YYUNDEF = 257, /* "invalid token" */ STRING = 258, /* STRING */ ID = 259 /* ID */ }; typedef enum yytokentype yytoken_kind_t; #endif /* Token kinds. */ #define YYEMPTY -2 #define YYEOF 0 #define YYerror 256 #define YYUNDEF 257 #define STRING 258 #define ID 259 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { #line 32 "vomsfake.y" char *string; char *input; PARAM *param; PARAMLIST *params; VO *vo; VOLIST *vos; #line 84 "vomsparser.h" }; typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 #endif extern YYSTYPE yylval; int yyparse (void); #endif /* !YY_YY_VOMSPARSER_H_INCLUDED */ voms-2.1.2/src/utils/vomsparser.l000066400000000000000000000031311477131364200170130ustar00rootroot00000000000000%{ /********************************************************************* * * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it * Valerio Venturi - Valerio.Venturi@cnaf.infn.it * * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Parts of this code may be based upon or even include verbatim pieces, * originally written by other people, in which case the original header * follows. * *********************************************************************/ #include "config.h" #include #include #include #include "fakeparsertypes.h" #include "vomsparser.h" #include "lexparse.h" %} %x STR %option noyywrap %% \" BEGIN(STR); [^\"]* yylval.string = strdup(yytext); return STRING; \" BEGIN(INITIAL); [a-zA-Z0-9_\.\:\/\-]* yylval.string = strdup(yytext); return ID; [^ \t\n] return yytext[0]; \n . %% void yyerror(char const *s) { fprintf(stderr, "ERROR: %s\n",s); } voms-2.1.2/systemd/000077500000000000000000000000001477131364200142005ustar00rootroot00000000000000voms-2.1.2/systemd/voms@.service000066400000000000000000000004061477131364200166460ustar00rootroot00000000000000[Unit] Description=VOMS service for VO %i [Service] WorkingDirectory=/ EnvironmentFile=-/etc/sysconfig/voms User=voms Type=forking ExecStart=/usr/sbin/voms --conf /etc/voms/%i/voms.conf KillMode=process SuccessExitStatus=1 [Install] WantedBy=multi-user.target voms-2.1.2/testsuite/000077500000000000000000000000001477131364200145415ustar00rootroot00000000000000voms-2.1.2/testsuite/Makefile.am000066400000000000000000000001031477131364200165670ustar00rootroot00000000000000AUTOMAKE_OPTIONS = dejagnu DEJATOOL = voms AM_RUNTESTFLAGS=--debug voms-2.1.2/testsuite/SuiteConfig.in000066400000000000000000000006441477131364200173140ustar00rootroot00000000000000INSTALLDIR @prefix@ ETC_DIR @ETC_DIR@ LOG_DIR @VAR_DIR@/log/voms LOCK_DIR @VAR_DIR@/lock/subsys REPORTDIR @with_reportdir@ HAVEORACLE @enable_oracletests@ HAVEMYSQL @enable_mysqltests@ DBUSERNAME @with_dbuser@ SCRATCHDIR @with_scratchdir@ DOCOVERAGE @enable_coverage@ DBPASSWORD @with_dbpwd@ MYSQLCONF @with_mysqlconf@ COBERTURA @with_cobertura_prefix@ DOVALGRIND @with_valgrind@ JAVAPATH @JAVA_CLASSPATH@ voms-2.1.2/testsuite/lib/000077500000000000000000000000001477131364200153075ustar00rootroot00000000000000voms-2.1.2/testsuite/lib/db.exp000066400000000000000000000027111477131364200164130ustar00rootroot00000000000000variable _dbinitscript variable _dbstarted variable DBTYPE proc _startdb {} { global _dbstarted if [expr $::_dbinitscript == ""] then { return } if {[info exists _dbstarted] == 0} then { set _dbstarted 1 exec $::_dbinitscript start } else { if [expr $_dbstarted == 0] then { set _dbstarted 1 exec $::_dbinitscript start } else { puts "Another DB was already started!" exit } } } proc _stopdb {} { global _dbstarted if [expr $::_dbinitscript == ""] then { return } if [expr $_dbstarted == 1] then { set _dbstarted 0 exec $::_dbinitscript stop } else { puts "No DB was started!" exit } } proc _setdbtype {name} { _inittests # are we root or not ? set id [id -u] if [expr $name == 'oracle'] then { #oracle is typically remote, and cannot be shutdown from a local user set _dbinitscript "" } if [expr $name != "mysql"] then { puts "Only oracle and mysql are supported as DBs." exit } set ::DBTYPE $name if [expr $id == 0] then { #we are root set ::_dbinitscript /etc/init.d/mysql } else { set ::_dbinitscript $::env(MYSQLPATH) } } proc _execdb {name script} { if [expr $name == "mysql"] { exec $::_dbscript -e "$script" } else if [expr $name = "oracle" ] { } } voms-2.1.2/testsuite/lib/newfail.exp000066400000000000000000000276521477131364200174660ustar00rootroot00000000000000rename fail _fail rename pass _pass rename xfail _xfail rename load_lib _load_lib rename clone_output _clone_output rename cleanup _cleanup rename unsupported _unsupported set _test_prolog "" set _test_epilog "" set _testmessage "" set LOGOUTS "" proc load_lib {file} { global loaded_libs if [info exists loaded_libs($file)] { return } set loaded_libs($file) "" if { [search_and_load_file "library file" $file [list $::objdir/lib]] == 0 } { _load_lib $file } } proc fail message { global LOGOUTS global REPORTDIR global _logdescriptor global INSTALLDIR global LOG_DIR addlog $LOG_DIR/voms.voms1 puts $_logdescriptor "$message" puts $_logdescriptor "
    " foreach name [split $LOGOUTS] { if [file exists $name] then { set newname [exec mktemp $REPORTDIR/out-XXXXXX] file copy -force $name $newname puts $_logdescriptor "
  • $name
    • " } } puts $_logdescriptor "
" puts $_logdescriptor "" puts $_logdescriptor "failed" flush $_logdescriptor _fail $message } proc pass message { global LOGOUTS global REPORTDIR global _logdescriptor global INSTALLDIR global LOG_DIR addlog $LOG_DIR/voms.voms1 puts $_logdescriptor "
    " foreach name [split $LOGOUTS] { if [file exists $name] then { set newname [exec mktemp $REPORTDIR/out-XXXXXX] file copy -force $name $newname puts $_logdescriptor "
  • $name
    • " } } puts $_logdescriptor "
" puts $_logdescriptor "passed" puts $_logdescriptor "" flush $_logdescriptor _pass $message } proc xfail message { global _logdescriptor puts $_logdescriptor "expected failure" puts $_logdescriptor "" _xfail $message } proc unsupported message { global _logdescriptor puts $_logdescriptor "unsupported" puts $_logdescriptor "" _unsupported $message } proc clone_output {message} { set value [string compare -length 25 "ERROR: tcl error sourcing" $message] if [expr ! $value] then { fail "$message" } set msg [_clone_output "$message"] return "$msg" } proc logvar {pattern} { upvar $pattern value set outname [exec mktemp $::SCRATCHDIR/var-$pattern-XXXXXX] set id [open $outname "w+"] puts $id "$value" close $id addlog $outname } proc loadvar {var file} { upvar $var temp set temp [exec cat $file] } proc _do_valgrind_log_file {} { set outname [exec mktemp $::SCRATCHDIR/valg-XXXXXX] return $outname } proc _do_valgrind_cl {} { set VALGRINDPART "" if {[info exists ::VALGRIND]} then { #check wether leakage occurred set VALGRINDPART "$::DOVALGRIND --trace-children=yes --leak-resolution=high --num-callers=25 --suppressions=suppressions --leak-check=full --log-file=[_do_valgrind_log_file] " } return $VALGRINDPART } proc log_exec {outname command} { if ([info exists ::VALGRIND]) then { set VALGRINDPART [_do_valgrind_cl] return [log_exec_real $outname $command "$VALGRINDPART"] } else { return [log_exec_real $outname $command] } } proc log_exec_real {outname command {valgrindpart ""} } { upvar 2 $outname myname # The following (complicated) code ensures that the output file name # starts with the name of the command being executed set command [string trim $command] set idx [string first " " $command] set idx2 [string last "/" [string range $command 0 [expr {$idx-1}]]] if [expr {$idx != -1}] then { set cname [string range $command [expr {$idx2+1}] [expr {$idx-1}]] } else { set cname $command } set cname "$cname-XXXXXX" # end output file name creation set myname [exec mktemp $::SCRATCHDIR/$cname] # for voms-* commands run them from the install path # for other commands, look for them in the system path set voms [string first "voms" $cname] if [expr {$voms == 0}] then { set command "$::INSTALLDIR/bin/$command" } set command "$valgrindpart $command" set command [string trim $command] set bis [catch {set out [uplevel 2 exec $command >& $myname]} out3] return $bis } proc cleanup {} { _cleanup puts $::_logdescriptor "" puts $::_logdescriptor "" flush $::_logdescriptor close $::_logdescriptor if [string equal $::DOCOVERAGE "yes"] then { exec lcov --directory ../src --capture -o app.info -q >/dev/null 2>/dev/null exec lcov -a zero.info -a app.info -o total.info >/dev/null 2>/dev/null exec rm app.info zero.info exec lcov -r total.info "*/../../*" "/usr*" "*/mystack.c" "*/lex.yy.c" "*/vomsfake.tab.c" "*/vomsparser.c" "soapC.c" stdsoap2.c lex.namespaces.c lex.signing.c namespaces.c signing_policy.c failure.c -o voms.info 2>/dev/null exec rm total.info exec genhtml --no-branch-coverage --show-details --legend --highlight -o $::REPORTDIR/coverage voms.info >/dev/null exec rm voms.info if [expr ![string equal $::COBERTURA "no"]] then { exec $::COBERTURA/cobertura-report.sh --destination $::REPORTDIR/javacoverage --datafile ../src/api/java/cobertura.ser ../src/api/java } } catch {exec rm -rf $::INSTALLDIR/ca} catch {exec rm -rf $::SCRATCHDIR} } proc testheader {description {related_issue ""}} { global REPORTDIR set scriptname [file normalize [uplevel info script]] set fname [file dirname [file dirname $scriptname]] set realname [string range $scriptname [string length $$fname] end] set newname [exec mktemp $REPORTDIR/out-XXXXXX] file copy -force $scriptname $newname puts $::_logdescriptor "$description$realname" if { [string length $related_issue] > 0 } then { puts $::_logdescriptor "
$related_issue
" } puts $::_logdescriptor "" set ::LOGOUTS "" set ::_testmessage "" } #Error codes should be > 6 to avoid conflicting with DejaGNU's own codes set ::PASSTEST 1000 set ::FAILTEST 1100 set ::UNDECIDEDTEST 1200 proc testmessage { {message "" } } { global _testmessage set _testmessage $message } proc addlog { name } { global LOGOUTS set LOGOUTS "$LOGOUTS $name" } proc test_set_prolog { name } { set ::_test_prolog $name } proc test_set_epilog { name } { set ::_test_epilog $name } proc real_do_test { name } { global _testmessage set res $::UNDECIDEDTEST set res2 0 set scriptname [file normalize [uplevel info script]] set fname [file dirname [file dirname $scriptname]] set realname [string range $scriptname [string length $$fname] end] #kill everything, just to be sure catch {exec killall voms 2>/dev/null} catch {exec killall edg-voms 2>/dev/null} catch {exec killall middleman 2>/dev/null} catch {exec killall valgrind 2>/dev/null} catch {exec kill -a valgrind 2>/dev/null} catch {exec kill -9 `ps aux |grep valgrind | grep -v grep | tr -s ' ' | cut -d' ' -f2`} if {[info exists ::VALGRIND]} then { #clean valgrind files set list [glob -nocomplain -directory $::SCRATCHDIR valg-*] set listed "" if { [expr ![catch {set listed [glob -directory $::SCRATCHDIR valg-*]}]]} then { foreach f $listed { file delete -force $f } } set list [glob -nocomplain -directory $::SCRATCHDIR valg-*] } if {[info exists ::NOJAVALIB] != 0} then { if [regexp "vomsapi-java*" $realname] { set $_testmessage "Test disabled." unsupported $_testmessage return $res } } if {[info exists ::NOCCLIB] != 0} then { if [regexp "vomsapi-cpp*" $realname] { set $_testmessage "Test disabled." unsupported $_testmessage return $res } } if {[info exists ::NOCLIB] != 0} then { if [regexp "vomsapi-c[0-9]*" $realname] { set $_testmessage "Test disabled." unsupported $_testmessage return $res } } _backupVOMS voms1 if [expr ![string equal $::_test_prolog ""]] then { set res2 [catch {set out [$::_test_prolog]} out] set $_testmessage "Failure during prolog execution." } if { $res2 == 0 } then { if [expr ! [string equal $name "" ]] then { set res [catch {set out [$name]} out] } else { set res [catch {set out [mytest]} out] } if { $res == 0 } then { set res $out } else { logvar out } if [expr ! [ string equal $::_test_epilog ""]] then { set res2 [catch {set out2 [$::_test_epilog]} out2] } # Ensures that an eventual failure from the epilog # is considered a failure for the whole test if { $res2 != 0 } then { set res $res2 set $_testmessage "Failure during epilog execution." } } else { set res $res2 } _restoreVOMS voms1 return $res } proc do_test { {name "" } } { global _testmessage set res [real_do_test $name] if { $res == $::PASSTEST} then { if {[info exists ::DOVALGRIND]} then { if {[expr ! [string equal $::DOVALGRIND ""]]} then { set ::VALGRIND "1" set res2 [real_do_test $name] set listed "" set failed 0 if { [expr ![catch {set listed [glob -directory $::SCRATCHDIR valg-*]}]]} then { foreach f $listed { if [file size $f] then { loadvar filecontent $f set match "definitely lost: 0" set match2 "All heap blocks were freed" if [expr ![regexp $match $filecontent dummy] && ![regexp $match2 $filecontent dummy]] then { set failed 1 addlog $f } # set match2 "possibly lost: 0" # if [expr ![regexp $match $filecontent dummy]] then { # set failed 1 # } # if $failed then { # addlog $f # } } } } unset ::VALGRIND if $failed then { set res $::FAILTEST testmessage "failed valgrind check." } } } } set ::_test_prolog "" set ::_test_epilog "" if {$res == $::PASSTEST } then { if [expr [string equal $_testmessage ""]] then { pass "test succeeded" } else { pass $_testmessage } } elseif {$res == $::FAILTEST } then { if [expr [string equal $_testmessage ""]] then { fail "test failed" } else { fail $_testmessage } } elseif {$res == $::UNDECIDEDTEST } then { if [expr [string equal $_testmessage ""]] then { unsupported "test undecided" } else { unsupported $_testmessage } } else { set outname [exec mktemp $::SCRATCHDIR/voms-proxy-init-XXXXXX] set id [open $outname "w+"] puts $id $res close $id addlog $outname fail "test could not be executed correctly." } file delete -force $::SCRATCHDIR/valg-* } voms-2.1.2/testsuite/lib/vomslib.exp000066400000000000000000000320351477131364200175030ustar00rootroot00000000000000variable LOGOUTS variable REPORTDIR variable INSTALLDIR variable SCRATCHDIR variable CADIR variable _initted variable _logdescriptor variable _cadir variable _capath variable _certdir variable _vomsdir proc _cleanproxy {} { set filename "/tmp/x509up_u[exec id -u]" file delete $filename } proc _proxyname {} { return "/tmp/x509up_u[exec id -u]" } proc _activateCert {cert} { file mkdir $::env(HOME)/.globus2 file copy -force "$::_certdir/$cert-cert.pem" $::env(HOME)/.globus2/usercert.pem file copy -force "$::_certdir/$cert-key.pem" $::env(HOME)/.globus2/userkey.pem exec chmod 644 $::env(HOME)/.globus2/usercert.pem exec chmod 400 $::env(HOME)/.globus2/userkey.pem } proc _activateHostCertificate {cert} { file mkdir $::INSTALLDIR/certs file copy -force "$::_certdir/$cert-cert.pem" $::INSTALLDIR/certs/hostcert.pem file copy -force "$::_certdir/$cert-key.pem" $::INSTALLDIR/certs/hostkey.pem exec chmod 644 $::INSTALLDIR/certs/hostcert.pem exec chmod 400 $::INSTALLDIR/certs/hostkey.pem } proc _getcert {cert} { return "$::_certdir/$cert-cert.pem" } proc _getkey {cert} { return "$::_certdir/$cert-key.pem" } proc _getdn {cert} { regexp {subject= (.*)} [exec openssl x509 -subject -noout -in [_getcert $cert]] dummy value return $value } proc _getdnfile {cert} { regexp {subject= (.*)} [exec openssl x509 -subject -noout -in $cert] dummy value return $value } proc _getca {cert} { regexp {issuer= (.*)} [exec openssl x509 -issuer -noout -in [_getcert $cert]] dummy value return $value } proc _revoke_cert { cert name } { exec openssl ca -config $::_capath/$name/$name.cnf -revoke $::_certdir/$cert-cert.pem -batch 2>/dev/null } proc _do_ca_dir_setup {} { set ::_cadir $::ETC_DIR/grid-security/certificates set ::_capath $::INSTALLDIR/ca set ::_certdir $::INSTALLDIR/certs catch { file delete -force $::_capath } catch { file delete -force $::_cadir } catch { file delete -force $::_certdir } file mkdir $::_capath file mkdir $::_cadir file mkdir $::_certdir set ::CADIR ::_cadir } proc _make_crl { ca } { exec openssl ca -gencrl -config $::_capath/$ca/$ca.cnf -out $::_capath/$ca/$ca.crl 2>/dev/null # some versions of openssl are buggy and return 1 in case of CRL hash success. # so we get the hashname from the corresponding CA certificate set hashname [exec openssl x509 -hash -noout -in $::_capath/$ca/cacert.pem ] file copy -force $::_capath/$ca/$ca.crl $::_cadir/$hashname.r0 } proc _make_ca { dn name len { day 365 } {condsubject "" }} { if [expr ![file exists "$::_capath/$name"]] then { file mkdir $::_capath/$name file mkdir $::_capath/$name/private if [string equal $len "-1"] then { _ca_make_config $dn $name "$::_capath/$name" "" } else { _ca_make_config $dn $name "$::_capath/$name" $len } exec touch $::_capath/$name/index.txt set id [open "$::_capath/$name/serial" w+] puts $id "00" flush $id close $id exec openssl req -config $::_capath/$name/$name.cnf -new -x509 -nodes -keyout $::_capath/$name/certkey.pem -out $::_capath/$name/cacertreq.pem -batch 2>/dev/null file copy $::_capath/$name/cacertreq.pem $::_capath/$name/cacert.pem if [expr $day < 0] then { set seconds [clock scan [exec date -u]] set expireddate [clock format [expr $seconds + (86400 * $day)] -format "%y%m%d%H%M%SZ" ] set startdate [clock format [expr $seconds + (86400 * ($day - 1))] -format "%y%m%d%H%M%SZ" ] exec openssl ca -config $::_capath/$name/$name.cnf -startdate "$startdate" -enddate "$expireddate" -ss_cert $::_capath/$name/cacertreq.pem -extensions usrca_cert -out $::_capath/$name/cacert.pem -batch 2>/dev/null } else { exec openssl ca -config $::_capath/$name/$name.cnf -days $day -ss_cert $::_capath/$name/cacertreq.pem -extensions usrca_cert -out $::_capath/$name/cacert.pem -batch 2>/dev/null } set hashname [exec openssl x509 -hash -noout -in $::_capath/$name/cacert.pem] file copy -force $::_capath/$name/cacert.pem $::_cadir/$hashname.0 set dn [_getdnfile $::_cadir/$hashname.0] set id [open "$::_cadir/$hashname.signing_policy" w+] set out "/C=IT/*" if {[string bytelength $condsubject]} then { set out $condsubject } puts $id "access_id_CA X509 '$dn' pos_rights globus CA:sign cond_subjects globus '\"$out\"'" flush $id close $id set id [open "$::_cadir/$hashname.namespaces" w+] puts $id "TO ISSUER SELF PERMIT SUBJECT \"$out\"" flush $id close $id } } proc _make_ca_from_ca { dn fathername name len {day 365 } {condsubject ""}} { if [expr ![file exists "$::_capath/$name"]] then { file mkdir $::_capath/$name file mkdir $::_capath/$name/private _ca_make_config $dn $name "$::_capath/$name" "" exec touch $::_capath/$name/index.txt set id [open "$::_capath/$name/serial" w+] puts $id "00" flush $id close $id set id [open "$::_capath/$name/extfile" w+] if [string equal $len "-1"] then { puts $id "basicConstraints=CA:TRUE" } else { puts $id "basicConstraints=CA:TRUE,pathlen:$len" } puts $id "nsComment = \"OpenSSL Generated Certificate for VOMS testing purposes\"" puts $id "subjectKeyIdentifier=hash" puts $id "authorityKeyIdentifier=keyid,issuer:always" puts $id "keyUsage = critical, keyCertSign, cRLSign" close $id exec openssl req -config $::_capath/$fathername/$fathername.cnf -new -nodes -keyout $::_capath/$name/certkey.pem -subj "$dn" -out $::_capath/$name/careq.pem -extensions usrca_cert -batch 2>/dev/null if [expr $day >= 0] then { exec openssl ca -config $::_capath/$fathername/$fathername.cnf -days $day -policy policy_anything -days 2 -out $::_capath/$name/cacert.pem -in $::_capath/$name/careq.pem -extfile $::_capath/$name/extfile -batch 2>/dev/null } else { set seconds [clock scan [exec date -u]] set expireddate [clock format [expr $seconds + (86400 * $day)] -format "%y%m%d%H%M%SZ" ] set startdate [clock format [expr $seconds + (86400 * ($day - 1))] -format "%y%m%d%H%M%SZ" ] exec openssl ca -config $::_capath/$fathername/$fathername.cnf -startdate "$startdate" -enddate "$expireddate" -policy policy_anything -days 2 -out $::_capath/$name/cacert.pem -in $::_capath/$name/careq.pem -extfile $::_capath/$name/extfile -batch 2>/dev/null } set hashname [exec openssl x509 -hash -noout -in $::_capath/$name/cacert.pem] file copy -force $::_capath/$name/cacert.pem $::_cadir/$hashname.0 set dn [_getdnfile $::_cadir/$hashname.0] set id [open "$::_cadir/$hashname.signing_policy" w+] set out "/C=IT/*" if {[string bytelength $condsubject]} then { set out $consubject } puts $id "access_id_CA X509 '$dn' pos_rights globus CA:sign cond_subjects globus '\"$out\"'" flush $id close $id set id [open "$::_cadir/$hashname.namespaces" w+] puts $id "TO ISSUER \"$dn\" PERMIT SUBJECT \"$out\"" flush $id close $id file copy $::_capath/$name/cacert.pem $::_certdir/$name-cert.pem file copy $::_capath/$name/certkey.pem $::_certdir/$name-key.pem } } proc _protect_key { certname { password "password" } } { exec openssl rsa -in $::_certdir/$certname-key.pem -out $::_certdir/$certname-key.pem -inform PEM -outform PEM -des3 -passout "pass:$password" 2>/dev/null } proc _make_cert_from_ca { dn name certname {day 2}} { if [expr ![file exists "$::_capath/$name"]] then { puts "CA $name does not exist!" exit } if [expr ![file exists "$::_certdir"]] then { file mkdir $::_certdir } exec openssl req -config $::_capath/$name/$name.cnf -new -nodes -keyout $::_certdir/$certname-key.pem -subj "$dn" -out $::_certdir/$certname-cert.req -batch 2>/dev/null if [expr $day < 0 ] then { set seconds [clock scan [exec date -u]] set expireddate [clock format [expr $seconds + (86400 * $day)] -format "%y%m%d%H%M%SZ" ] set startdate [clock format [expr $seconds + (86400 * ($day - 1))] -format "%y%m%d%H%M%SZ" ] exec openssl ca -config $::_capath/$name/$name.cnf -policy policy_anything -startdate "$startdate" -enddate "$expireddate" -out $::_certdir/$certname-cert.pem -in $::_certdir/$certname-cert.req -batch 2>/dev/null } else { exec openssl ca -config $::_capath/$name/$name.cnf -policy policy_anything -days $day -out $::_certdir/$certname-cert.pem -in $::_certdir/$certname-cert.req -batch 2>/dev/null } } proc _ca_make_config { dn name path {len ""}} { if [catch {set cadesc [open $path/$name.cnf w+]}] then { puts "ERROR" exit } set CVAL "" set STVAL "" set OVAL "" set OUVAL "" set CNVAL "" set EVAL "" set LVAL "" regexp {.*/C=([^/]*).*} $dn dummy CVAL regexp {.*/ST=([^/]*).*} $dn dummy STVAL regexp {.*/O=([^/]*).*} $dn dummy OVAL regexp {.*/OU=([^/]*).*} $dn dummy OUVAL regexp {.*/CN=([^/]*).*} $dn dummy CNVAL regexp {.*/Email=([^/]*).*} $dn dummy EVAL regexp {.*/L=([^/]*).*} $dn dummy LVAL if [string length $len] then { set PATHLEN ", pathlen:$len" } else { set PATHLEN "" } # # OpenSSL example configuration file. # This is mostly being used for generation of certificate requests. # puts $cadesc " HOME = $path RANDFILE = \$ENV::HOME/.rnd oid_section = new_oids \[ new_oids \] \[ ca \] default_ca = CA_default # The default ca section \[ CA_default \] dir = $path # Where everything is kept certs = \$dir # Where the issued certs are kept crl_dir = \$dir # Where the issued crl are kept database = \$dir/index.txt # database index file. new_certs_dir = \$dir # default place for new certs. certificate = \$dir/cacert.pem # The CA certificate serial = \$dir/serial # The current serial number crl = \$dir/crl.pem # The current CRL private_key = \$dir/certkey.pem # The private key RANDFILE = \$dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = sha1 # which md to use. preserve = no # keep passed DN ordering policy = policy_anything basicConstraints = CA:TRUE$PATHLEN \[ policy_match \] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional \[ policy_anything \] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional \[req\] default_bits = 2048 default_keyfile = privkey.pem distinguished_name=req_distinguished_name #attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert string_mask = nombstr \[req_distinguished_name\] countryName = Country Name (2 letter code) countryName_default = $CVAL countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = $STVAL localityName = Locality Name (eg, city) localityName_default = $LVAL 0.organizationName = Organization Name (eg, company) 0.organizationName_default = $OVAL organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = $OUVAL commonName = Common Name (eg, your name or your server\'s hostname) commonName_default = $CNVAL commonName_max = 64 emailAddress = Email Address emailAddress_default = $EVAL emailAddress_max = 64 \[ req_attributes \] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name \[ usr_cert \] basicConstraints=CA:FALSE$PATHLEN nsComment = \"OpenSSL Generated Certificate for VOMS testing purposes\" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always keyUsage = nonRepudiation, digitalSignature, keyEncipherment \[ usrca_cert \] basicConstraints=CA:TRUE$PATHLEN nsComment = \"OpenSSL Generated Certificate for VOMS testing purposes\" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always keyUsage = critical, keyCertSign, cRLSign \[ v3_req \] basicConstraints = CA:FALSE$PATHLEN keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment \[ v3_ca \] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always basicConstraints = CA:TRUE$PATHLEN \[ crl_ext \] authorityKeyIdentifier=keyid,issuer:always" flush $cadesc close $cadesc } voms-2.1.2/testsuite/lib/vomssetup.exp000066400000000000000000000356611477131364200201050ustar00rootroot00000000000000variable _vomsdefinitions variable _buildout variable _javaProperty variable _vomschannel proc _doScript {command} { set id [open "$::SCRATCHDIR/script.sh" w+] puts $id "#!/bin/sh" puts $id $command flush $id close $id exec chmod 700 $::SCRATCHDIR/script.sh set val [exec $::SCRATCHDIR/script.sh] file delete $::SCRATCHDIR/script.sh return $val } proc _determineVomsPID {name} { set pids "" catch { set pids [exec ps aux | grep voms | grep -v grep | grep /etc/voms/$name] } if {[string equal $pids ""]} then { error "server $name is not running." } else { } } #proc _vomsServersInit {} { # catch { file delete -force $::_vomsdefinitions } # set ::_vomsdefinitions $::INSTALLDIR/vomsservers # file mkdir $::_vomsdefinitions #} proc _defineVOMSServer {name} { if [expr ![file exists "$::_vomsdefinitions/$name"]] then { file mkdir $::_vomsdefinitions/$name file mkdir $::_vomsdefinitions/$name/options } else { set files [glob -directory $::_vomsdefinitions/$name/options *] foreach f $files { file delete $f } } } proc _undefineVOMSServer {name} { catch { file delete -force $::_vomsdefinitions/$name } } proc _defineVOMSOption {name option { value ""}} { if [expr ![file exists "$::_vomsdefinitions/$name"]] then { puts "VOMS $name does not exists!" exit } set id [open "$::_vomsdefinitions/$name/options/$option" w+] puts $id "$value" flush $id close $id } proc _undefVOMSOption {name option} { if [expr ![file exists "$::_vomsdefinitions/$name"]] then { error "VOMS $name does not exists!" } catch { file delete -force $::_vomsdefinitions/$name/options/$option } } proc _makeVomses {name} { file mkdir $::ETC_DIR/vomses file attributes $::ETC_DIR/vomses -permissions 00700 set id [open "$::ETC_DIR/vomses/$name" "w+"] puts $id "\"$name\" \"localhost\" \"[exec cat $::_vomsdefinitions/$name/options/port]\" \"[_getdnfile $::INSTALLDIR/certs/hostcert.pem]\" \"$name\"" close $id file attributes $::ETC_DIR/vomses/$name -permissions 00644 } proc _addVOMSOption {name option {value ""}} { set filename $::ETC_DIR/voms/$name/voms.conf set id [open $filename "a"] if [expr ! [string equal $value ""]] then { puts $id "--$option=$value" } else { puts $id "--$option" } close $id } proc _removeVOMSOption {name option} { exec grep -v "^--$option" $::ETC_DIR/voms/$name/voms.conf >$::SCRATCHDIR/newconf.conf file copy -force $::SCRATCHDIR/newconf.conf $::ETC_DIR/voms/$name/voms.conf } proc _backupVOMS {name} { file copy -force $::ETC_DIR/voms/$name/voms.conf $::ETC_DIR/voms/$name/voms.conf.back } proc _restoreVOMS {name} { file copy -force $::ETC_DIR/voms/$name/voms.conf.back $::ETC_DIR/voms/$name/voms.conf } proc _vomsReload { name } { set saved "" catch {set saved $::env(GLITE_LOCATION)} set ::env(GLITE_LOCATION) $::INSTALLDIR exec $::ETC_DIR/rc.d/init.d/voms reload [exec cat $::_vomsdefinitions/$name/options/voms-vo] >/dev/null if [expr ! [string equal $saved ""]] then { set ::env(GLITE_LOCATION) $saved } else { unset ::env(GLITE_LOCATION) } } proc _vomsStart {name } { set saved "" set ::_vomschannel "" catch {set saved $::env(GLITE_LOCATION)} set ::env(GLITE_LOCATION) $::INSTALLDIR exec /bin/sh -c "rm -f $::LOG_DIR/voms.$name*" set myname [exec mktemp $::SCRATCHDIR/voms-stop-XXXXXX] if {[info exists ::VALGRIND]} then { set VALGRINDPART [_do_valgrind_cl] set voms_start "$::SCRATCHDIR/voms-start" log_exec voms_start {$::INSTALLDIR/sbin/edg-voms --conf $::ETC_DIR/voms/$name/voms.conf >/dev/null} exec touch $myname } else { exec $::ETC_DIR/rc.d/init.d/voms start [exec cat $::_vomsdefinitions/$name/options/voms-vo] >& $myname } loadvar ::startOutput $myname if [expr ! [string equal $saved ""]] then { set ::env(GLITE_LOCATION) $saved } else { unset ::env(GLITE_LOCATION) } } proc _vomsStop {name } { set saved "" set ::stopOutput "" catch {set saved $::env(GLITE_LOCATION)} set ::env(GLITE_LOCATION) $::INSTALLDIR set myname [exec mktemp $::SCRATCHDIR/voms-stop-XXXXXX] if {[info exists ::VALGRIND]} then { # kill must be done by hand catch {exec killall edg-voms 2>/dev/null} catch {exec killall middleman 2>/dev/null} catch {exec killall valgrind 2>/dev/null} catch {exec kill -a valgrind 2>/dev/null} catch {exec kill -9 `ps aux |grep valgrind | grep -v grep | tr -s ' ' | cut -d' ' -f2`} exec touch $myname } else { exec $::ETC_DIR/rc.d/init.d/voms stop [exec cat $::_vomsdefinitions/$name/options/voms-vo] >& $myname } loadvar ::stopOutput $myname if [expr ![string equal $saved ""]] then { set ::env(GLITE_LOCATION) $saved } else { unset ::env(GLITE_LOCATION) } } proc _vomsSetup {name} { if [expr ![file exists "$::_vomsdefinitions/$name"]] then { error "VOMS $name does not exists!" } # voms exists set files [glob -directory $::_vomsdefinitions/$name/options *] set options "" set id [open "$::SCRATCHDIR/vomsinit.sh" w+] puts $id "#!/bin/sh" foreach f $files { set value [exec cat $f] if [string equal $value ""] then { set options "$options --[file tail $f] " } else { set options "$options --[file tail $f]=[exec cat $f] " } } puts $id "GLITE_LOCATION=$::INSTALLDIR CERTDIR=$::ETC_DIR/grid-security/certificates $::INSTALLDIR/share/voms/voms_install_db $options" flush $id close $id set outname [exec mktemp $::SCRATCHDIR/vomsinit-XXXXXX] exec chmod 700 $::SCRATCHDIR/vomsinit.sh set val [catch {exec $::SCRATCHDIR/vomsinit.sh 2>$outname}] # file delete $::SCRATCHDIR/vomsinit.sh if {$val} { puts [exec cat $outname] file delete $outname error "error while executing _vomsSetup: cannot start voms" } file delete $outname # file mkdir $::env(HOME)/.vomses2 # set id [open "$::env(HOME)/.vomses2/$name" w+] # puts $id "\"$name\" \"localhost\" \"[exec cat $::_vomsdefinitions/$name/options/port]\" \"\" \"$name\"" # close $id } proc _doVOMSDB { name script } { set file [open "$::_vomsdefinitions/$name/options/db-type" r] set dbtype [gets $file] close $file if [expr [string equal $dbtype "mysql"]] then { set options "" if [file exists $::_vomsdefinitions/$name/options/contactstring] then { set id [open "$::_vomsdefinitions/$name/options/contactstring"] set contactstring [gets $id] close $id set options "$options -h$contactstring" } if [file exists $::_vomsdefinitions/$name/options/port] then { set id [open "$::_vomsdefinitions/$name/options/port"] set port [gets $id] close $id set options "$options -P$port" } set id [open "$::_vomsdefinitions/$name/options/db"] set dbname [gets $id] close $id set options "$options -D$dbname" if [file exists $::_vomsdefinitions/$name/options/db-pwd] then { set id [open $::_vomsdefinitions/$name/options/db-pwd] set passwd [gets $id] close $id set options "$options -p$passwd" } set id [open $::_vomsdefinitions/$name/options/db-admin] set usr [gets $id] close $id set options "$options -u$usr" set options "$options -ss -e\"$script\"" # build command line if [expr [string equal $::MYSQLCONF ""]] then { return [_doScript "mysql ${options}"] } else { return [_doScript "mysql --defaults-file=${::MYSQLCONF} ${options}"] } } else { if [expr [string equal $dbtype "oracle"]] then { set id [open "$::_vomsdefinitions/$name/options/db"] set dbname [gets $id] close $id set id [open $::_vomsdefinitions/$name/options/db-pwd] set passwd [gets $id] close $id set id [open $::_vomsdefinitions/$name/options/db-admin] set usr [gets $id] close $id set options "$usr/$passwd@$dbname <$script" # build command line return [_doScript "sqlplus -S ${options}"] } else { error "Unknown DB type" } } } proc _vomscreateuser {name cert} { set subject [_getdn $cert] set issuer [_getca $cert] set cid [_doVOMSDB $name "SELECT cid FROM ca where ca='$issuer';"] _doVOMSDB $name "INSERT INTO usr VALUES (0, '$subject', $cid, '', '', '');" } proc _vomscreategroup {name group parent} { set gid [_doVOMSDB $name "SELECT gid FROM groups WHERE dn='$parent'"] _doVOMSDB $name "INSERT INTO groups VALUES (0, '$group', $gid, 1);" } proc _vomscreaterole {name role} { _doVOMSDB $name "INSERT INTO roles VALUES (0, '$role');" } proc _vomsaddusertogroup {name cert group} { set subject [_getdn $cert] set issuer [_getca $cert] set uid [_doVOMSDB $name "SELECT userid FROM usr,ca WHERE usr.dn='$subject' AND usr.ca=ca.cid AND ca.ca='$issuer'"] set gid [_doVOMSDB $name "SELECT gid FROM groups WHERE dn='$group'"] _doVOMSDB $name "INSERT INTO m VALUES (0, $uid, $gid, NULL, NULL);" } proc _vomsaddusertogroupandrole {name cert group role} { set subject [_getdn $cert] set issuer [_getca $cert] set uid [_doVOMSDB $name "SELECT userid FROM usr,ca WHERE usr.dn='$subject' AND usr.ca=ca.cid AND ca.ca='$issuer'"] set gid [_doVOMSDB $name "SELECT gid FROM groups WHERE dn='$group'"] set rid [_doVOMSDB $name "SELECT rid FROM roles WHERE role='$role'"] _doVOMSDB $name "INSERT INTO m VALUES (0, $uid, $gid, $rid, NULL);" } proc _vomscreatega { name id } { _doVOMSDB $name "INSERT INTO attributes VALUES (1, '$id', '', 1);" } proc _vomsgivegatouser { name user id value } { set subject [_getdn $user] set issuer [_getca $user] set uid [_doVOMSDB $name "SELECT userid FROM usr,ca WHERE usr.dn='$subject' AND usr.ca=ca.cid AND ca.ca='$issuer'"] set aid [_doVOMSDB $name "SELECT a_id FROM attributes WHERE attributes.a_name='$id';"] _doVOMSDB $name "INSERT INTO usr_attrs VALUES ($aid, $uid, '$value');" } proc _vomsgivegatogroup { name group id value } { set gid [_doVOMSDB $name "SELECT gid FROM groups WHERE dn='$group'"] set aid [_doVOMSDB $name "SELECT a_id FROM attributes WHERE attributes.a_name='$id';"] _doVOMSDB $name "INSERT INTO group_attrs VALUES ($aid, $gid, '$value');" } proc _vomsgivegatogroupandrole { name group role id value } { set rid [_doVOMSDB $name "SELECT rid FROM roles WHERE role='$role'"] set gid [_doVOMSDB $name "SELECT gid FROM groups WHERE dn='$group'"] set aid [_doVOMSDB $name "SELECT a_id FROM attributes WHERE attributes.a_name='$id';"] _doVOMSDB $name "INSERT INTO role_attrs VALUES ($aid, $gid, $rid, '$value');" } proc _buildC { name } { set realname "[file dirname [info script]]/$name" set realout "$::SCRATCHDIR/a.out" if [file exists $realname] then { return [catch {set out [ exec gcc -g -O0 -o $realout -I$::INSTALLDIR/include/voms $realname -L $::INSTALLDIR/lib64 -L $::INSTALLDIR/lib -lvomsapi >& $::_buildout ]}] } else { fail "File does not exists!" } } proc _buildCC { name } { set realname "[file dirname [info script]]/$name" set realout "$::SCRATCHDIR/a.out" if [file exists $realname] then { return [catch {set out [ exec g++ -g -O0 -o $realout -I$::INSTALLDIR/include/voms $realname -L $::INSTALLDIR/lib64 -L $::INSTALLDIR/lib -lvomsapi >& $::_buildout ]}] } else { fail "File does not exists!" } } proc _setJavaProperty { name value } { set ::_javaProperty($name) "$value" } proc _unsetJavaProperty { name } { unset ::_javaProperty($name) } proc _buildJava { name } { set realname "[file dirname [info script]]/$name" set realout "$::SCRATCHDIR/a.out" if [file exists $realname] then { return [catch {set out [ exec javac -classpath $::INSTALLDIR/share/java/vomsjapi.jar:$::JAVAPATH $realname >& $::_buildout]}] } else { fail "File does not exists!" } } proc _execJava { name {arg1 ""} {arg2 ""} {arg3 ""}} { set res [_buildJava $name] set classname [string range $name 0 [expr [string last .java $name] -1]] if $res then { return $res } else { set PROPERTIES "" #build property list if {[array size ::_javaProperty] == 0} then { set PROPERTIES "" } else { foreach {name value} [array get ::_javaProperty] { set PROPERTIES "$PROPERTIES -D$name=\"$value\"" } } set DIRNAME "[file dirname [info script]]" if [expr ![string equal $::COBERTURA "no"]] then { set VALUE "java [format %s $PROPERTIES] -classpath $::COBERTURA/cobertura.jar:.:$::INSTALLDIR/share/java/vomsjapi.jar:$::JAVAPATH:$DIRNAME $classname" } else { set VALUE "java [format %s $PROPERTIES] -classpath .:$::INSTALLDIR/share/java/vomsjapi.jar:$::JAVAPATH:$DIRNAME $classname" } if [string equal $arg1 ""] then { set VALUE "$VALUE" } else { set VALUE "$VALUE $arg1 $arg2 $arg3" } set res [catch {exec /bin/sh -c $VALUE >& $::_buildout }] return $res } } proc _exeC { name {arg1 ""} {arg2 ""}} { if [string equal $arg1 "-useproxy"] then { set arg $arg2 set proxy 1 } else { set arg $arg1 set proxy 0 } set res [_buildC $name] if $res then { return $res } else { # Workaround for buggy globus libs if [expr $proxy == 1] then { set back $::env(X509_USER_KEY) set ::env(X509_USER_KEY) "" } if [string equal $arg ""] then { set res [catch {exec $::SCRATCHDIR/a.out >& $::_buildout}] } else { set res [catch {exec $::SCRATCHDIR/a.out $arg >& $::_buildout}] } if [expr $proxy == 1] then { set ::env(X509_USER_KEY) $back } return $res } } proc _exeCC { name {arg1 ""} {arg2 ""}} { if [string equal $arg1 "-useproxy"] then { set arg $arg2 set proxy 1 } else { set arg $arg1 set proxy 0 } set res [_buildCC $name] if $res then { return $res } else { # Workaround for buggy glubs libs if [expr $proxy == 1] then { set back $::env(X509_USER_KEY) set ::env(X509_USER_KEY) "" } if [string equal $arg ""] then { set res [catch {exec $::SCRATCHDIR/a.out >& $::_buildout}] } else { set res [catch {exec $::SCRATCHDIR/a.out $arg >& $::_buildout}] } if [expr $proxy == 1] then { set ::env(X509_USER_KEY) $back } return $res } } voms-2.1.2/testsuite/lib/vomstest.exp000066400000000000000000000300011477131364200177030ustar00rootroot00000000000000load_lib vomslib.exp load_lib db.exp load_lib newfail.exp load_lib vomssetup.exp proc _inittests {} { global _initted global HOSTNAME if {[info exists _initted] == 0} then { set _initted 1 fconfigure stdout -buffering none puts -nonewline "Doing Initialization..." #killing stray processes catch {exec killall edg-voms 2>/dev/null} catch {exec killall middleman 2>/dev/null} catch {exec killall valgrind 2>/dev/null} catch {exec kill -a valgrind 2>/dev/null} puts -nonewline "." if [catch {set basepath $::env(INSTALLDIR)}] then { set basepath "@prefix@" } set ::INSTALLDIR $basepath if [catch {set ::REPORTDIR $::env(REPORTDIR)}] then { set ::REPORTDIR $basepath if [file exists $basepath/reports] then { set ::REPORTDIR $basepath/reports } } puts -nonewline "." if [file exists $::objdir/SuiteConfig] then { _readConfigFile $::objdir/SuiteConfig } puts -nonewline "." if [file exists $::env(HOME)/.SuiteConfig] then { _readConfigFile $::env(HOME)/.SuiteConfig } puts -nonewline "." if [expr ![catch {file exists $::env(SUITECONFIG)}]] then { _readConfigFile $::env(SUITECONFIG) } if [expr ! [file exists $::REPORTDIR]] then { file mkdir $::REPORTDIR } puts -nonewline "." # if [file exists $::SCRATCHDIR/suitefiles] then { # file delete -force $::SCRATCHDIR/suitefiles # } # file mkdir $::SCRATCHDIR/suitefiles # set ::SCRATCHDIR "$::SCRATCHDIR/suitefiles" set outname [exec mktemp -d $::SCRATCHDIR/suitefiles-XXXXXX] set ::SCRATCHDIR "$outname" puts -nonewline "." if [catch {set ::_logdescriptor [open $::REPORTDIR/index.html w+]}] then { error "ERROR in opening REPORTDIR($::REPORTDIR/index.html)" } puts -nonewline "." puts $::_logdescriptor "VOMS Testsuite results

VOMS testsuite results

  • Date: [exec date]
  • Hostname: [exec hostname]
  • Architecture: [exec uname -a]
" puts -nonewline "." if [string equal $::DOCOVERAGE "yes"] then { exec lcov --directory ../src/common --directory ../src/ac --directory ../src/sslutils --directory ../src/socklib --directory ../src/server --directory ../src/client --directory ../src/api/ccapi --directory ../src/utils -z -q >/dev/null exec lcov --directory ../src/common --directory ../src/ac --directory ../src/sslutils --directory ../src/socklib --directory ../src/server --directory ../src/client --directory ../src/api/ccapi --directory ../src/utils -i --capture -o zero.info -q 2>/dev/null if [expr ![string equal $::COBERTURA "no"]] then { set ::env(CLASSPATH) "$::COBERTURA/cobertura.jar:$::env(CLASSPATH)" } } puts -nonewline "." _setupPKI puts -nonewline "." _activateHostCertificate mycert3 puts -nonewline "." set ::env(CERTDIR) "$::ETC_DIR/grid-security/certificates" _vomsServersInit puts -nonewline "." set ::env(X509_USER_CERT) $::env(HOME)/.globus2/usercert.pem set ::env(X509_USER_KEY) $::env(HOME)/.globus2/userkey.pem set ::env(X509_USER_PROXY) "/tmp/x509up_u[exec id -u]" set ::env(X509_CERT_DIR) $::_cadir set ::env(X509_VOMS_DIR) $::_vomsdir set ::env(VOMS_USERCONF) $::ETC_DIR/vomses if [catch {set ::env(LD_LIBRARY_PATH) "$::INSTALLDIR/lib64:$::INSTALLDIR/lib:$::env(LD_LIBRARY_PATH)"}] then { set ::env(LD_LIBRARY_PATH) "$::INSTALLDIR/lib64:$::INSTALLDIR/lib" } puts -nonewline "." _setJavaProperty CADIR $::ETC_DIR/grid-security/certificates _setJavaProperty VOMSDIR $::INSTALLDIR/vomsdir _setJavaProperty VOMSES_LOCATION $::ETC_DIR _setJavaProperty net.sourceforge.cobertura.datafile /home/marotta/gits/voms/src/api/java/cobertura.ser puts -nonewline "." set ::vomsproxyinit $::INSTALLDIR/bin/voms-proxy-init set ::vomsproxyinfo $::INSTALLDIR/bin/voms-proxy-info set ::vomsproxydestroy $::INSTALLDIR/bin/voms-proxy-destroy set HOSTNAME [exec hostname] if [info exists ::env(NOCLIB)] then { set ::NOCLIB "no" } if [info exists ::env(NOCCLIB)] then { set ::NOCCLIB "no" } if [info exists ::env(NOJAVALIB)] then { set ::NOJAVALIB "no" } puts ". Done!" } } proc _vomsServersInit {} { puts -nonewline "." catch { file delete -force $::_vomsdefinitions } set ::_vomsdefinitions $::INSTALLDIR/vomsservers file mkdir $::_vomsdefinitions puts -nonewline "." _setupNormalVomsMysql puts -nonewline "." _vomscreategroup voms1 /voms1/group1 /voms1 _vomscreategroup voms1 /voms1/group2 /voms1 _vomscreategroup voms1 /voms1/group1/subgroup1 /voms1/group1 puts -nonewline "." _vomscreaterole voms1 TestRole _vomscreaterole voms1 TestRole2 _vomscreaterole voms1 TestRole3 _vomscreaterole voms1 TestRole4 _vomscreaterole voms1 TestRole5 _vomscreateuser voms1 mycert2 _vomscreateuser voms1 passcert _vomscreateuser voms1 limitedcert puts -nonewline "." _vomsaddusertogroup voms1 mycert2 "/voms1" _vomsaddusertogroup voms1 passcert "/voms1" _vomsaddusertogroup voms1 limitedcert "/voms1" _vomsaddusertogroup voms1 mycert2 "/voms1/group1" _vomsaddusertogroupandrole voms1 mycert2 "/voms1/group1" TestRole _vomscreatega voms1 shortid _vomsgivegatouser voms1 mycert2 shortid mycert2 _vomsgivegatogroup voms1 "/voms1/group1" shortid mycert2-g _vomsgivegatogroupandrole voms1 "/voms1/group1" "TestRole" shortid mycert2-r puts -nonewline "." ## Test for https://savannah.cern.ch/bugs/?91228 ## Create user with multiple roles _vomscreateuser voms1 test_91228 _vomsaddusertogroup voms1 test_91228 "/voms1" _vomsaddusertogroup voms1 test_91228 "/voms1/group1" _vomsaddusertogroupandrole voms1 test_91228 "/voms1" TestRole2 _vomsaddusertogroupandrole voms1 test_91228 "/voms1" TestRole3 _vomsaddusertogroupandrole voms1 test_91228 "/voms1" TestRole4 _vomsaddusertogroupandrole voms1 test_91228 "/voms1" TestRole5 ## Put user with revoked certificate inside VOMS database _vomscreateuser voms1 mycertrevoked _vomsaddusertogroup voms1 mycertrevoked "/voms1" if {[string equal $::HAVEORACLE "yes"] } then { _setupNormalVomsOracle puts -nonewline "." _vomscreategroup voms2 /voms2/group1 /voms2 _vomscreategroup voms2 /voms2/group2 /voms2 _vomscreategroup voms2 /voms2/group1/subgroup1 /voms2/group1 puts -nonewline "." _vomscreaterole voms2 TestRole _vomscreateuser voms2 mycert2 puts -nonewline "." _vomsaddusertogroup voms2 mycert2 "/voms2" _vomsaddusertogroup voms2 mycert2 "/voms2/group1" _vomsaddusertogroupandrole voms2 mycert2 "/voms2/group1" TestRole puts -nonewline "." } } proc _readConfigFile {file} { set id [open $file r+] while {[expr ! [eof $id]]} { gets $id text regexp {\s*([a-zA-Z0-9_]*)\s*(.*)} $text dummy name value if [expr ! [string equal $dummy ""]] then { set ::$name $value } } } proc _setupPKI {} { puts -nonewline "." _do_ca_dir_setup _make_ca "/C=IT/O=INFN/ST=IT/L=THISL/OU=INFN/CN=thisCN" testCA -1 _make_crl testCA puts -nonewline "." _make_ca_from_ca "/C=IT/O=INFN/CN=CAFromthisCN" testCA caFromTestCA -1 _make_crl caFromTestCA puts -nonewline "." _make_ca_from_ca "/C=IT/O=INFN/CN=pathlimitedCA" testCA pathLimitedCA 0 puts -nonewline "." _make_cert_from_ca "/C=IT/CN=test-91228" caFromTestCA test_91228 _make_cert_from_ca "/C=IT/CN=000" caFromTestCA mycert1 _make_cert_from_ca "/C=IT/CN=001" caFromTestCA mycert2 _make_cert_from_ca "/C=IT/CN=003" caFromTestCA mycert3 _make_cert_from_ca "/C=IT/CN=004" caFromTestCA mycert4 _make_cert_from_ca "/C=IT/emailAddress=this@email.com/CN=005" caFromTestCA mycert5 _make_cert_from_ca "/C=IT/CN= 005 " caFromTestCA mycertwithspaces _make_cert_from_ca "/C=IT/CN=expired" caFromTestCA mycertexpired -2 _make_cert_from_ca "/C=IT/CN=revoked" caFromTestCA mycertrevoked _make_cert_from_ca "/C=IT/CN=001" testCA mycertsameasmycert2 _make_cert_from_ca "/C=IT/CN=passcert" testCA passcert _protect_key passcert _make_cert_from_ca "/C=IT/CN=limited" pathLimitedCA limitedcert puts -nonewline "." _revoke_cert mycertrevoked caFromTestCA puts -nonewline "." _make_crl caFromTestCA _make_ca_from_ca "/C=IT/O=INFN/CN=RevokedCA" testCA revokedCA -1 puts -nonewline "." _make_crl revokedCA _make_cert_from_ca "/C=IT/CN=Valid From Revoked" revokedCA validFromRevoked _revoke_cert revokedCA testCA puts -nonewline "." _make_crl testCA } proc _setupNormalVomsMysql {} { _defineVOMSServer voms1 _defineVOMSOption voms1 db-type mysql _defineVOMSOption voms1 db voms_test1777 if [expr ! [string equal $::DBPASSWORD ""]] then { _defineVOMSOption voms1 db-pwd $::DBPASSWORD } _defineVOMSOption voms1 db-admin $::DBUSERNAME _defineVOMSOption voms1 voms-vo voms1 if [file exists $::INSTALLDIR/lib64/libvomsmysql.so] then { _defineVOMSOption voms1 sqlloc $::INSTALLDIR/lib64/libvomsmysql.so } else { _defineVOMSOption voms1 sqlloc $::INSTALLDIR/lib/libvomsmysql.so } _defineVOMSOption voms1 voms-name user_test1 _defineVOMSOption voms1 voms-pwd passwd _defineVOMSOption voms1 loglevel 5 _defineVOMSOption voms1 newformat _defineVOMSOption voms1 port 33334 _vomsSetup voms1 _addVOMSOption voms1 x509_user_cert $::INSTALLDIR/certs/hostcert.pem _addVOMSOption voms1 x509_user_key $::INSTALLDIR/certs/hostkey.pem _addVOMSOption voms1 shortfqans _addVOMSOption voms1 syslog _makeVomses voms1 set ::_vomsdir $::INSTALLDIR/vomsdir file mkdir $::_vomsdir file copy -force $::INSTALLDIR/certs/hostcert.pem $::_vomsdir/voms1.pem } proc _setupNormalVomsOracle {} { _defineVOMSServer voms2 _defineVOMSOption voms2 db-type oracle _defineVOMSOption voms2 db voms_test2 if [expr ! [string equal $::ORACLEDBPASSWORD ""]] then { _defineVOMSOption voms2 db-pwd $::ORACLEDBPASSWORD _defineVOMSOption voms2 voms-pwd $::ORACLEDBPASSWORD } _defineVOMSOption voms2 db-admin $::ORACLEDBUSERNAME _defineVOMSOption voms2 voms-vo voms2 if [file exists $::INSTALLDIR/lib64/libvomsoracle.so] then { _defineVOMSOption voms1 sqlloc $::INSTALLDIR/lib64/libvomsoracle.so } else { _defineVOMSOption voms1 sqlloc $::INSTALLDIR/lib/libvomsoracle.so } _defineVOMSOption voms2 voms-name $::ORACLEDBUSERNAME _defineVOMSOption voms2 loglevel 5 _defineVOMSOption voms2 port 33333 _defineVOMSOption voms2 newformat _vomsSetup voms2 } _inittests voms-2.1.2/testsuite/lib/whois.exp000066400000000000000000000000161477131364200171530ustar00rootroot00000000000000set tool voms voms-2.1.2/testsuite/suppressions000066400000000000000000000147441477131364200172530ustar00rootroot00000000000000##----------------------------------------------------------------------## # Errors to suppress by default with XFree86 3.3.6) # Format of this file is: # { # name_of_suppression # skin_name:supp_kind # (optional extra info for some suppression types) # caller0 name, or /name/of/so/file.so # caller1 name, or ditto # (optionally: caller2 name) # (optionally: caller3 name) # } # # For Memcheck, the supp_kinds are: # # Param Value1 Value2 Value4 Value8 # Free Addr1 Addr2 Addr4 Addr8 # Cond (previously known as Value0) # # and the optional extra info is: # if Param: name of system call param # if Free: name of free-ing fn) ##----------------------------------------------------------------------## { OpenSSL-Cond-0 Memcheck:Cond fun:bn_sqr_comba8 } { OpenSSL-Cond-1 Memcheck:Cond fun:BN_is_bit_set } { OpenSSL-Cond-2 Memcheck:Cond fun:BN_usub } { OpenSSL-Cond-3 Memcheck:Cond fun:BN_sqr } { OpenSSL-Cond-4 Memcheck:Cond fun:BN_ucmp } { OpenSSL-Cond-5 Memcheck:Cond fun:BN_cmp } { OpenSSL-Cond-6 Memcheck:Cond fun:BN_from_montgomery } { OpenSSL-Cond-7 Memcheck:Cond fun:bn_mul_comba8 } { OpenSSL-Cond-8 Memcheck:Cond fun:BN_mul } { OpenSSL-Cond-9 Memcheck:Cond fun:BN_div } { OpenSSL-Cond-10 Memcheck:Cond fun:BN_add_word } { OpenSSL-Cond-11 Memcheck:Cond fun:BN_sub_word } { OpenSSL-Cond-12 Memcheck:Cond fun:BN_lshift } { OpenSSL-Cond-13 Memcheck:Cond fun:BN_mod_inverse } { OpenSSL-Cond-14 Memcheck:Cond fun:BN_num_bits_word } { OpenSSL-Cond-15 Memcheck:Cond fun:__udivdi3 } { OpenSSL-Cond-16 Memcheck:Cond fun:BN_rshift1 } { OpenSSL-Cond-17 Memcheck:Cond fun:euclid } { OpenSSL-Cond-18 Memcheck:Cond fun:BN_bin2bn } { OpenSSL-Cond-19 Memcheck:Cond fun:BN_lshift } { OpenSSL-Cond-20 Memcheck:Cond fun:BN_rshift } { OpenSSL-Cond-21 Memcheck:Cond fun:__umoddi3 } { OpenSSL-Cond-22 Memcheck:Cond fun:probable_prime } { OpenSSL-Cond-23 Memcheck:Cond fun:BN_is_bit_set } { OpenSSL-Cond-24 Memcheck:Cond fun:d2i_ASN1_OBJECT } { OpenSSL-Cond-25 Memcheck:Cond fun:c2i_ASN1_OBJECT } { OpenSSL-Cond-26 Memcheck:Cond fun:ASN1_get_object } { OpenSSL-Cond-27 Memcheck:Cond fun:asn1_GetSequence } { OpenSSL-Cond-28 Memcheck:Cond fun:d2i_X509_ALGOR } { OpenSSL-Cond-29 Memcheck:Cond fun:asn1_get_length } { OpenSSL-Cond-30 Memcheck:Cond fun:RSA_padding_check_PKCS1_type_1 } { OpenSSL-Cond-31 Memcheck:Cond fun:bn_sub_words } { OpenSSL-Cond-32 Memcheck:Cond fun:memcmp } { OpenSSL-Cond-33 Memcheck:Cond fun:RSA_verify } { OpenSSL-Cond-34 Memcheck:Cond fun:OBJ_bsearch } { OpenSSL-Cond-35 Memcheck:Cond fun:obj_cmp } { OpenSSL-Cond-36 Memcheck:Cond fun:getrn } { OpenSSL-Cond-37 Memcheck:Cond fun:add_hash } { OpenSSL-Cond-38 Memcheck:Cond fun:asn1_Finish } { OpenSSL-Cond-39 Memcheck:Cond fun:memcpy } { OpenSSL-Cond-40 Memcheck:Cond fun:d2i_ASN1_bytes } { OpenSSL-Cond-41 Memcheck:Cond fun:memcpy fun:d2i_ASN1_bytes } { OpenSSL-Cond-42 Memcheck:Cond fun:d2i_ASN1_TYPE } { OpenSSL-Cond-43 Memcheck:Cond fun:malloc } { OpenSSL-Cond-44 Memcheck:Cond fun:BN_mod_exp_mont } { OpenSSL-Cond-45 Memcheck:Cond fun:bn_sub_words } { OpenSSL-Cond-46 Memcheck:Cond fun:bn_mul_recursive } { OpenSSL-Cond-47 Memcheck:Cond fun:bn_cmp_words } { OpenSSL-Cond-48 Memcheck:Cond fun:witness } { OpenSSL-Cond-49 Memcheck:Cond fun:BN_uadd } { OpenSSL-Cond-50 Memcheck:Cond fun:bn_sqr_recursive } { OpenSSL-Cond-51 Memcheck:Cond fun:i2c_ASN1_INTEGER } { OpenSSL-Cond-52 Memcheck:Cond fun:RSA_generate_key } { OpenSSL-Cond-53 Memcheck:Cond fun:ssl3_read_bytes } { OpenSSL-Cond-54 Memcheck:Cond fun:ssl3_get_finished } { OpenSSL-Cond-55 Memcheck:Cond fun:SHA1_Update } { OpenSSL-Cond-56 Memcheck:Cond fun:MD5_Update } { OpenSSL-Cond-57 Memcheck:Cond fun:ssl3_get_message } { OpenSSL-Cond-58 Memcheck:Cond fun:BUF_MEM_grow } { OpenSSL-Cond-59 Memcheck:Cond fun:RSA_padding_add_PKCS1_type_2 } { OpenSSL-Cond-60 Memcheck:Cond fun:MD5_Final } { OpenSSL-Cond-61 Memcheck:Cond fun:SHA1_Final } { OpenSSL-Cond-62 Memcheck:Cond fun:BN_sub } { OpenSSL-Cond-63 Memcheck:Cond fun:BN_add } { OpenSSL-Addr-1 Memcheck:Value4 fun:memcpy } { OpenSSL-Addr-2 Memcheck:Value4 fun:EVP_EncodeBlock } { OpenSSL-Addr-3 Memcheck:Value4 fun:BN_num_bits_word } { OpenSSL-Addr-4 Memcheck:Value4 fun:BN_memcmp } { OpenSSL-Addr-5 Memcheck:Value4 fun:getrn } { OpenSSL-Addr-6 Memcheck:Value4 fun:asn1_get_length } { OpenSSL-Addr-7 Memcheck:Value4 fun:d2i_ASN1_bytes } { OpenSSL-Addr-8 Memcheck:Value4 fun:ASN1_get_object } { OpenSSL-Addr-9 Memcheck:Value4 fun:memcmp } { OpenSSL-Addr-10 Memcheck:Value4 fun:d2i_ASN1_TYPE } { OpenSSL-Addr-11 Memcheck:Value4 fun:des_encrypt2 } { OpenSSL-Addr-12 Memcheck:Value4 fun:des_set_key_unchecked } { OpenSSL-Addr-13 Memcheck:Value4 fun:MD5_Update } { OpenSSL-Addr-14 Memcheck:Value4 fun:SHA1_Update } { OpenSSL-Addr-15 Memcheck:Value4 fun:SHA1_Final } { OpenSSL-Addr-16 Memcheck:Value4 fun:MD5_Final } { globus1 Memcheck:Value4 fun:globus_gss_assist_wrap_send } { globus2 Memcheck:Value4 fun:globus_gss_assist_init_sec_context } { OpenSSL-Addr-17 Memcheck:Value4 fun:BN_from_montgomery } { OpenSSL-Addr-18 Memcheck:Value4 fun:BN_mod_exp_mont_consttime } { OpenSSL-Addr-19 Memcheck:Value4 fun:bn_mul_recursive } { OpenSSL-Addr-20 Memcheck:Value4 fun:BN_is_prime_fasttest } { OpenSSL-Addr-21 Memcheck:Value4 fun:BN_gcd } { OpenSSL-Addr-22 Memcheck:Value4 fun:BN_mod_exp_mont_consttime } { OpenSSL-Addr-23 Memcheck:Cond fun:BN_mod_exp_mont_consttime } { OpenSSL-Addr-24 Memcheck:Cond fun:ASN1_item_ex_d2i } { OpenSSL-Addr-25 Memcheck:Cond fun:BN_is_prime_fasttest } { OpenSSL-Addr-26 Memcheck:Cond fun:BN_gcd } { OpenSSL-Addr-27 Memcheck:Cond fun:/lib/libcrypto.so.0.9.7a fun:BN_mod_word } { OpenSSL-Addr-28 Memcheck:Cond fun:/lib/libcrypto.so.0.9.7a fun:OBJ_bsearch } ##----------------------------------------------------------------------## voms-2.1.2/testsuite/voms/000077500000000000000000000000001477131364200155255ustar00rootroot00000000000000voms-2.1.2/testsuite/voms/voms/000077500000000000000000000000001477131364200165115ustar00rootroot00000000000000voms-2.1.2/testsuite/voms/voms/server.c000066400000000000000000000111631477131364200201650ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include //#undef DEBUG //#define DEBUG( out ) // Namespace //--------------------------------------------------------------------------- int main(int argc, char *argv[]) { // default paths currently point to my test certificates char *m_caCertPath; char *m_serverCert; char *m_serverKey; char *stoparg; m_caCertPath= argv[1]; fprintf(stdout, "phase1\n"); m_serverCert = strchr(m_caCertPath, ';'); fprintf(stdout, "phase2\n"); *m_serverCert++ ='\0'; m_serverKey = strchr(m_serverCert, ';'); fprintf(stdout, "phase3\n"); *m_serverKey++ ='\0'; stoparg = strchr(m_serverKey, ';'); fprintf(stdout, "phase4\n"); *stoparg++ = '\0'; fprintf(stdout, "ca:%s\ncert:%s\nkey:%s\nstop:%s\n", m_caCertPath, m_serverCert, m_serverKey, stoparg); SSL_CTX *m_sslCtx = NULL; // Initializing OpenSSL // FIXME should this only be called once? OpenSSL_add_all_algorithms(); SSLeay_add_all_algorithms(); SSL_load_error_strings(); ERR_load_crypto_strings(); ERR_load_BIO_strings(); SSL_library_init(); m_sslCtx = SSL_CTX_new( SSLv23_method() ); if (!m_sslCtx) { ERR_print_errors_fp( stdout ); printf("error1\n"); } SSL_CTX_set_options(m_sslCtx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); /* SSL_CTX_set_cipher_list(m_sslCtx, "ALL:!LOW:!EXP:!MD5:!MD2"); */ SSL_CTX_set_purpose(m_sslCtx, X509_PURPOSE_ANY); /* SSL_CTX_set_mode(m_sslCtx, SSL_MODE_AUTO_RETRY); */ printf("test\n"); // load server certificate if ( SSL_CTX_use_certificate_file( m_sslCtx, m_serverCert, SSL_FILETYPE_PEM ) <= 0 ) { ERR_print_errors_fp( stdout ); printf("error1\n"); } // load private key if ( SSL_CTX_use_PrivateKey_file( m_sslCtx, m_serverKey, SSL_FILETYPE_PEM) <= 0 ) { ERR_print_errors_fp( stdout ); printf("error2\n"); } // load trusted Certificate Authority if ( !SSL_CTX_load_verify_locations( m_sslCtx, 0, m_caCertPath ) ) { ERR_print_errors_fp( stdout ); printf("error3\n"); } // require peer (client) certificate verification SSL_CTX_set_verify( m_sslCtx, SSL_VERIFY_PEER, 0 ); // Set the verification depth to 1 SSL_CTX_set_verify_depth( m_sslCtx, 100 ); // set the verify call back to girdsite, which understands // proxy certificates SSL_CTX_set_cert_verify_callback( m_sslCtx, proxy_verify_callback_server, 0); // create new ssl structure and pass the fd to it SSL *m_sslCon = SSL_new( m_sslCtx ); BIO *bio = BIO_new_accept("33334"); if (BIO_do_accept(bio) <= 0) fprintf(stdout, "BIO_do_accept failed\n"); fprintf(stdout, "now accepting\n"); fprintf(stdout, "bio=%ld\n", bio); BIO_do_accept(bio); fprintf(stdout, "part1\n"); BIO *client= BIO_pop(bio); fprintf(stdout, "part2\n"); SSL_set_bio(m_sslCon, client, client); fprintf(stdout,"bio set\n"); if (strcmp(stoparg, "stop") == 0) { sleep(100); } fprintf(stdout,"sleep finished\n"); // initiate the handshake int error; if ( (error = SSL_accept( m_sslCon )) <= 0 ) { unsigned long l; char buf[256]; #if SSLEAY_VERSION_NUMBER >= 0x00904100L const char *file; #else char *file; #endif char *dat; int line; /* WIN32 does not have the ERR_get_error_line_data */ /* exported, so simulate it till it is fixed */ /* in SSLeay-0.9.0 */ while ( ERR_peek_error() != 0 ) { int i; ERR_STATE *es; es = ERR_get_state(); i = (es->bottom+1)%ERR_NUM_ERRORS; if (es->err_data[i] == NULL) dat = (char*)""; else dat = es->err_data[i]; if (dat) { l = ERR_get_error_line(&file, &line); // if (debug) fprintf(stdout, "%s:%s,%d,%s\n", ERR_error_string(l, buf), file, line, dat); } } fprintf(stdout, "ERROR\n"); exit(1); } /* connected */ sleep(100); exit(0); } voms-2.1.2/testsuite/voms/voms/server2.c000066400000000000000000000110741477131364200202500ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include //#undef DEBUG //#define DEBUG( out ) // Namespace //--------------------------------------------------------------------------- int main(int argc, char *argv[]) { // default paths currently point to my test certificates char *m_caCertPath; char *m_serverCert; char *m_serverKey; char *stoparg; m_caCertPath= argv[1]; fprintf(stdout, "phase1\n"); m_serverCert = strchr(m_caCertPath, ';'); fprintf(stdout, "phase2\n"); *m_serverCert++ ='\0'; m_serverKey = strchr(m_serverCert, ';'); fprintf(stdout, "phase3\n"); *m_serverKey++ ='\0'; stoparg = strchr(m_serverKey, ';'); fprintf(stdout, "phase4\n"); *stoparg++ = '\0'; fprintf(stdout, "ca:%s\ncert:%s\nkey:%s\nstop:%s\n", m_caCertPath, m_serverCert, m_serverKey, stoparg); SSL_CTX *m_sslCtx = NULL; // Initializing OpenSSL // FIXME should this only be called once? OpenSSL_add_all_algorithms(); SSLeay_add_all_algorithms(); SSL_load_error_strings(); ERR_load_crypto_strings(); ERR_load_BIO_strings(); SSL_library_init(); m_sslCtx = SSL_CTX_new( SSLv23_method() ); if (!m_sslCtx) { ERR_print_errors_fp( stdout ); printf("error1\n"); } SSL_CTX_set_options(m_sslCtx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); /* SSL_CTX_set_cipher_list(m_sslCtx, "ALL:!LOW:!EXP:!MD5:!MD2"); */ SSL_CTX_set_purpose(m_sslCtx, X509_PURPOSE_ANY); /* SSL_CTX_set_mode(m_sslCtx, SSL_MODE_AUTO_RETRY); */ printf("test\n"); // load server certificate if ( SSL_CTX_use_certificate_file( m_sslCtx, m_serverCert, SSL_FILETYPE_PEM ) <= 0 ) { ERR_print_errors_fp( stdout ); printf("error1\n"); } // load private key if ( SSL_CTX_use_PrivateKey_file( m_sslCtx, m_serverKey, SSL_FILETYPE_PEM) <= 0 ) { ERR_print_errors_fp( stdout ); printf("error2\n"); } // load trusted Certificate Authority if ( !SSL_CTX_load_verify_locations( m_sslCtx, 0, m_caCertPath ) ) { ERR_print_errors_fp( stdout ); printf("error3\n"); } // require peer (client) certificate verification SSL_CTX_set_verify( m_sslCtx, SSL_VERIFY_PEER, 0 ); // Set the verification depth to 1 SSL_CTX_set_verify_depth( m_sslCtx, 100 ); // set the verify call back to girdsite, which understands // proxy certificates SSL_CTX_set_cert_verify_callback( m_sslCtx, proxy_verify_callback_server, 0); // create new ssl structure and pass the fd to it SSL *m_sslCon = SSL_new( m_sslCtx ); BIO *bio = BIO_new_accept("33334"); if (BIO_do_accept(bio) <= 0) fprintf(stdout, "BIO_do_accept failed\n"); fprintf(stdout, "now accepting\n"); fprintf(stdout, "bio=%ld\n", bio); BIO_do_accept(bio); fprintf(stdout, "part1\n"); BIO *client= BIO_pop(bio); fprintf(stdout, "part2\n"); SSL_set_bio(m_sslCon, client, client); fprintf(stdout,"bio set\n"); // initiate the handshake int error; if ( (error = SSL_accept( m_sslCon )) <= 0 ) { unsigned long l; char buf[256]; #if SSLEAY_VERSION_NUMBER >= 0x00904100L const char *file; #else char *file; #endif char *dat; int line; /* WIN32 does not have the ERR_get_error_line_data */ /* exported, so simulate it till it is fixed */ /* in SSLeay-0.9.0 */ while ( ERR_peek_error() != 0 ) { int i; ERR_STATE *es; es = ERR_get_state(); i = (es->bottom+1)%ERR_NUM_ERRORS; if (es->err_data[i] == NULL) dat = (char*)""; else dat = es->err_data[i]; if (dat) { l = ERR_get_error_line(&file, &line); // if (debug) fprintf(stdout, "%s:%s,%d,%s\n", ERR_error_string(l, buf), file, line, dat); } } fprintf(stdout, "ERROR\n"); exit(1); } fprintf(stdout, "Handshake done!\n"); /* connected */ sleep(100); exit(0); } voms-2.1.2/testsuite/voms/voms/voms001.exp000066400000000000000000000002161477131364200204330ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if the testsuite starts." proc mytest {} { testmessage "noerror" return $::PASSTEST } do_test voms-2.1.2/testsuite/voms/voms/voms002.exp000066400000000000000000000013631477131364200204400ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms can be started and stopped." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set out "" catch {set out [exec ps aux | grep voms1 | grep -v grep | grep etc/voms/voms1]} if {[string equal $out ""] } then { testmessage "error - cannot start" return $::FAILTEST } else { _vomsStop voms1 set out "" exec sleep 5 catch {set out [exec ps aux | grep voms1 | grep -v grep | grep etc/voms/voms1]} if {[string equal $out ""] } then { testmessage "noerror" return $::PASSTEST } else { testmessage "error - cannot stop" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms003.exp000066400000000000000000000001761477131364200204420ustar00rootroot00000000000000load_lib vomstest.exp testheader "Dummied out." proc mytest {} { testmessage "noerror" return $::PASSTEST } do_test voms-2.1.2/testsuite/voms/voms/voms004.exp000066400000000000000000000006271477131364200204440ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a normal proxy can be created." proc mytest {} { _activateCert mycert2 set res [log_exec outname {voms-proxy-init}] if $res then { addlog $outname testmessage "voms-proxy-init returned error message." return $::FAILTEST } else { testmessage "proxy successfully created." return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms005.exp000066400000000000000000000007611477131364200204440ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a voms proxy can be created." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname addlog $::LOG_DIR/voms.voms1 testmessage "voms-proxy-init returned error message." return $::FAILTEST } else { testmessage "proxy successfully created." return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms006.exp000066400000000000000000000011621477131364200204410ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a voms-proxy-info works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info execution failed." return $::FAILTEST } else { testmessage "voms-proxy-info succeeded." return $::PASSTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms007.exp000066400000000000000000000027231477131364200204460ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a voms proxy has the right attributes." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment === VO voms1 extension information === VO : voms1 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 attribute : /voms1 attribute : /voms1/group1 attribute : shortid = mycert2-g \\\(/voms1/group1\\\) attribute : shortid = mycert2 \\\(voms1\\\) timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "proxy successfully created." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms008.exp000066400000000000000000000020031477131364200204360ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a role can be requested." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1:/voms1/group1/Role=TestRole}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "\[.\\n\]*attribute : /voms1/group1/Role=TestRole\[.\\n\]*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "proxy successfully created." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms009.exp000066400000000000000000000031141477131364200204430ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if all attributes can be retrieved by a voms proxy." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1:all}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment === VO voms1 extension information === VO : voms1 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 attribute : /voms1 attribute : /voms1/group1 attribute : /voms1/group1/Role=TestRole attribute : shortid = mycert2-r \\\(/voms1/group1/Role=TestRole\\\) attribute : shortid = mycert2-g \\\(/voms1/group1\\\) attribute : shortid = mycert2 \\\(voms1\\\) timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "proxy successfully created." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms010.exp000066400000000000000000000031611477131364200204350ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --order works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1:/voms1/group1/Role=TestRole --order /voms1/group1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment === VO voms1 extension information === VO : voms1 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 attribute : /voms1/group1 attribute : /voms1 attribute : /voms1/group1/Role=TestRole attribute : shortid = mycert2-r \\\(/voms1/group1/Role=TestRole\\\) attribute : shortid = mycert2-g \\\(/voms1/group1\\\) attribute : shortid = mycert2 \\\(voms1\\\) timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "proxy successfully created." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms011.exp000066400000000000000000000032611477131364200204370ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --order works with multiple arguments." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1:/voms1/group1/Role=TestRole --order /voms1/group1,/voms1/group1/Role=TestRole}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment === VO voms1 extension information === VO : voms1 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 attribute : /voms1/group1 attribute : /voms1/group1/Role=TestRole attribute : /voms1 attribute : shortid = mycert2-r \\\(/voms1/group1/Role=TestRole\\\) attribute : shortid = mycert2-g \\\(/voms1/group1\\\) attribute : shortid = mycert2 \\\(voms1\\\) timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-init --order a,b worked successfully." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms012.exp000066400000000000000000000016101477131364200204340ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-list works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-list --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-list failed." return $::FAILTEST } #match against known (correct) output set correct "Your identity: /C=IT/CN=001 Creating temporary proxy \.* Done Contacting localhost:33334 \\\[/C=IT/CN=003\\\] \"voms1\" Done Available attributes: /voms1 /voms1/group1 /voms1/group1/Role=TestRole" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-list run successfully." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-list" return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms013.exp000066400000000000000000000010021477131364200204300ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init detects fake arguments ." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 junk}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed correctly." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-init did not detect fake arguments." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms014.exp000066400000000000000000000036471477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --valid works." proc mytest {} { _activateCert mycert2 _addVOMSOption voms1 timeout 8640000 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --valid 18:00}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \(\[0-9\]*\):\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment === VO voms1 extension information === VO : voms1 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 attribute : /voms1 attribute : /voms1/group1 attribute : shortid = mycert2-g \\\(/voms1/group1\\\) attribute : shortid = mycert2 \\\(voms1\\\) timeleft : \(\[0-9\]*\):\[0-9\]*:\[0-9\]*" loadvar out2 $outname set PLENGTH "" set ACLENGTH "" if [regexp $correct $out2 dummy PLENGTH ACLENGTH] then { if [ expr {(( $PLENGTH == "17" || $PLENGTH == "18" )) && (( $ACLENGTH == "17" || $ACLENGTH == "18" ))} ] then { testmessage "voms-proxy-init --valid xx:yy worked successfully." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-init --valid xx:yy did not work correctly." return $::FAILTEST } } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/voms/voms015.exp000066400000000000000000000007431477131364200204450ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if requesting a too long proxy fails." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --valid 100:00}] _vomsStop voms1 if $res then { testmessage "voms-proxy-init correctly failed." return $::PASSTEST } else { addlog $outname testmesasge "voms-proxy-init incorrectly suceeded." return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms016.exp000066400000000000000000000035721477131364200204510ustar00rootroot00000000000000load_lib vomstest.exp testheader "Can AC validity be limited?" proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --vomslife 5:00}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \(\[0-9\]*\):\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment === VO voms1 extension information === VO : voms1 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 attribute : /voms1 attribute : /voms1/group1 attribute : shortid = mycert2-g \\\(/voms1/group1\\\) attribute : shortid = mycert2 \\\(voms1\\\) timeleft : \(\[0-9\]*\):\[0-9\]*:\[0-9\]*" loadvar out2 $outname set PLENGTH "" set ACLENGTH "" if [regexp $correct $out2 dummy PLENGTH ACLENGTH] then { if [ expr {(( $PLENGTH == "12" || $PLENGTH == "11" )) && (( $ACLENGTH == "4" || $ACLENGTH == "5" ))} ] then { testmessage "voms-proxy-init --vomslife xx:yy worked successfully." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-init --vomslife xx:yy did not work correctly." return $::FAILTEST } } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms017.exp000066400000000000000000000015061477131364200204450ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if requesting a too long ac length fails." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --vomslife 100:00}] _vomsStop voms1 if $res then { testmessage "voms-proxy-init correctly failed." return $::PASSTEST } set correct "Your identity: /C=IT/CN=001 Creating temporary proxy \.* Done Contacting localhost:33334 \\\[/C=IT/CN=003\\\] \"voms1\" Done Warning: .* 86400 seconds.* .* .*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-init correctly returned a warning." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-init incorrectly succeeded." return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms018.exp000066400000000000000000000011221477131364200204400ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if the log file permissions are 600." proc mytest {} { _activateCert mycert2 _vomsStart voms1 _vomsStop voms1 set attrs [file attributes $::LOG_DIR/voms.voms1 -permissions] if [expr $attrs == 0600] then { testmessage "Attributes on log file are ok." return $::PASSTEST } else { set outname [exec mktemp $::SCRATCHDIR/voms-XXXXXX] exec ls -l $::LOG_DIR/voms.voms1 > $outname addlog $outname testmessage "Log file permissions incorrect." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms019.exp000066400000000000000000000015431477131364200204500ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --exists --valid works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --valid 10:00}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --exists --valid 20:00}] if $res then { testmessage "voms-proxy-info correctly returned an error." return $::PASSTEST } else { if [log_exec outname {voms-proxy-info --exists --valid 5:00}] then { testmessage "voms-proxy-info returned an error." return $::FAILTEST } else { testmessage "voms-proxy-info did not fail." return $::PASSTEST } } } do_test voms-2.1.2/testsuite/voms/voms/voms020.exp000066400000000000000000000031111477131364200204310ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms defaults to long FQANs." proc mytest {} { _activateCert mycert2 _removeVOMSOption voms1 shortfqans _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 addlog $::ETC_DIR/voms/voms1/voms.conf if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment === VO voms1 extension information === VO : voms1 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 attribute : /voms1/Role=NULL/Capability=NULL attribute : /voms1/group1/Role=NULL/Capability=NULL attribute : shortid = mycert2-g \\\(/voms1/group1\\\) attribute : shortid = mycert2 \\\(voms1\\\) timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2 dummy] then { testmessage "voms returned long FQANs." return $::PASSTEST } else { logvar correct addlog $outname testmessage "VOMS returned short FQANs" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/voms/voms021.exp000066400000000000000000000031751477131364200204440ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a targets can be added to a proxy." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --target testbed.cnaf.infn.it --target prova.cnaf.infn.it --target [exec hostname] --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment === VO voms1 extension information === VO : voms1 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 attribute : /voms1 attribute : /voms1/group1 attribute : shortid = mycert2-g \\\(/voms1/group1\\\) attribute : shortid = mycert2 \\\(voms1\\\) timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* target : testbed.cnaf.infn.it target : prova.cnaf.infn.it target : [exec hostname]" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "targets correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms022.exp000066400000000000000000000015201477131364200204350ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if -acexists works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --acexists voms1}] if $res then { addlog $outname testmessage "expected AC does not exists." return $::FAILTEST } else { if [log_exec outname {voms-proxy-info --acexists voms2}] then { testmessage "uneexpected AC verified to not exist." return $::PASSTEST } else { addlog $outname testmessage "unexpected ac found!" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms023.exp000066400000000000000000000043351477131364200204450ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a proxy type is detected correctly." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --type}] if $res then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } #match against known (correct) output set correct "proxy" loadvar out2 $outname if ![regexp $correct $out2] then { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } _vomsStart voms1 set res [log_exec outname {voms-proxy-init --rfc --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --type}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } #match against known (correct) output set correct "RFC compliant proxy" loadvar out2 $outname if ![regexp $correct $out2] then { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } _vomsStart voms1 set res [log_exec outname {voms-proxy-init --proxyver 3 --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --type}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } #match against known (correct) output set correct "GT3-style proxy" loadvar out2 $outname if ![regexp $correct $out2] then { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } else { testmessage "proxy type reported correctly." return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms024.exp000066400000000000000000000016271477131364200204470ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info -text works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --text}] then { addlog $outname testmessage "voms-proxy-info returned an error." return $::FAILTEST } else { set correct "\[.\\\n\]*Certificate" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "targets -text worked correcly." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms025.exp000066400000000000000000000024411477131364200204430ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --chain works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --chain}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "=== Proxy Chain Information === subject : /C=IT/CN=001 issuer : /C=IT/O=INFN/CN=CAFromthisCN strength : 2048 bits timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* === Proxy Information === subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "chain correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms026.exp000066400000000000000000000016771477131364200204560ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --subject works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --subject}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "/C=IT/CN=001/CN=proxy" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "subject correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms027.exp000066400000000000000000000016631477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --issuer works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --issuer}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "/C=IT/CN=001" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "issuer correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms028.exp000066400000000000000000000016721477131364200204530ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --identity works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --identity}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "/C=IT/CN=001" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "identity correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/voms/voms029.exp000066400000000000000000000016651477131364200204560ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --timeleft works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --timeleft}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "timeleft correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms030.exp000066400000000000000000000016611477131364200204420ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --strength works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --strength}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "2048" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "strength correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms031.exp000066400000000000000000000017471477131364200204500ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --path works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --out $::SCRATCHDIR/prp}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --path --file $::SCRATCHDIR/prp}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "$::SCRATCHDIR/prp" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "path correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms032.exp000066400000000000000000000016401477131364200204410ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --vo works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --vo}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "voms1" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "vo correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms033.exp000066400000000000000000000016661477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --fqan works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --fqan}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "/voms1 /voms1/group1" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "fqans correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms034.exp000066400000000000000000000016741477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --acsubject works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --acsubject}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "/C=IT/CN=001" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "acsubject correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms035.exp000066400000000000000000000016751477131364200204540ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --acissuer works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --acissuer}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "/C=IT/CN=003" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "acissuer correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms036.exp000066400000000000000000000016731477131364200204530ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --actimeleft works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --actimeleft}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "actimeleft correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms037.exp000066400000000000000000000016661477131364200204560ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --serial works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --serial}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "\[0-9A-Z\]*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "serial correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms038.exp000066400000000000000000000011611477131364200204450ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --quiet works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --quiet}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } loadvar out2 $outname if ![string compare $out2 ""] then { testmessage "--quiet worked." return $::PASSTEST } else { addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms039.exp000066400000000000000000000007771477131364200204620ustar00rootroot00000000000000load_lib vomstest.exp testheader "Check that revoked certificate is not accepted by VOMS." proc mytest {} { _activateCert mycertrevoked _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --verify}] _vomsStop voms1 if $res then { testmessage "certificate detected as revoked." addlog $outname return $::PASSTEST } else { addlog $outname testmessage "success with a revoked certificate" return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms040.exp000066400000000000000000000017001477131364200204350ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --limited (gt2) works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --limited}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --type}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "limited proxy" loadvar out2 $outname if ![regexp $correct $out2] then { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } else { testmessage "proxy correctly limited" return $::PASSTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms041.exp000066400000000000000000000026661477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --hours works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --hours 3}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \(\[0-9\]*\):\[0-9\]*:\[0-9\]*" loadvar out2 $outname set PLENGTH "" if [regexp $correct $out2 dummy PLENGTH] then { if [ expr {(( $PLENGTH == "2" || $PLENGTH == "3" ))} ] then { testmessage "voms-proxy-init --hours xx worked successfully." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-init --hours xx did not work correctly." return $::FAILTEST } } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms042.exp000066400000000000000000000022051477131364200204400ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --bits works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --bits 4096}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 4096 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2 dummy] then { testmessage "voms-proxy-init --bits worked successfully." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms043.exp000066400000000000000000000024751477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --include works." proc mytest {} { _activateCert mycert2 set id [open $::SCRATCHDIR/testfile "w"] puts $id "testo di prova" close $id _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --include $::SCRATCHDIR/testfile}] _vomsStop voms1 file delete $::SCRATCHDIR/testfile if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* included : testo di prova" loadvar out2 $outname if [regexp $correct $out2 dummy] then { testmessage "voms-proxy-init --bits worked successfully." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms044.exp000066400000000000000000000030571477131364200204500ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --noregen works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init}] set res [log_exec outname {voms-proxy-init --voms voms1 --valid 10:00 --noregen}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --chain}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "=== Proxy Chain Information === subject : /C=IT/CN=001 issuer : /C=IT/O=INFN/CN=CAFromthisCN strength : 2048 bits timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 type : proxy strength : 2048 bits timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* === Proxy Information === subject : /C=IT/CN=001/CN=proxy/CN=proxy issuer : /C=IT/CN=001/CN=proxy identity : /C=IT/CN=001/CN=proxy type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2 dummy] then { testmessage "voms-proxy-init --noregen worked successfully." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms045.exp000066400000000000000000000015101477131364200204410ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --separate works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --separate $::SCRATCHDIR/tempout}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } #match against known (correct) output set correct "-----BEGIN ATTRIBUTE CERTIFICATE-----" loadvar out2 $::SCRATCHDIR/tempout if [regexp -- $correct $out2 dummy] then { testmessage "voms-proxy-init --separate worked successfully." return $::PASSTEST } else { logvar correct addlog $::SCRATCHDIR/tempout testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms046.exp000066400000000000000000000007411477131364200204470ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --failonwarn works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --vomslife 1000:00 --failonwarn}] _vomsStop voms1 if $res then { testmessage "voms-proxy-init failed." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-init succeeded." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms047.exp000066400000000000000000000007411477131364200204500ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --ignorewarn works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --vomslife 1000:00 --ignorewarn}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } else { testmessage "voms-proxy-init succeeded." return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms048.exp000066400000000000000000000011061477131364200204450ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --conf works." proc mytest {} { _activateCert mycert2 set id [open "$::SCRATCHDIR/vconf" "w"] puts $id "--voms=voms1" close $id _vomsStart voms1 set res [log_exec outname {voms-proxy-init --conf $::SCRATCHDIR/vconf}] _vomsStop voms1 file delete "$::SCRATCHDIR/vconf" if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } else { testmessage "voms-proxy-init succeeded." return $::PASSTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms049.exp000066400000000000000000000017631477131364200204570ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --path-length works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --rfc --path-length 1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --text}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct ".*Path Length Constraint: 01" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-init --path-length worked successfully." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms050.exp000066400000000000000000000027411477131364200204440ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --pl and --policy works." proc mytest {} { _activateCert mycert2 set id [open "$::SCRATCHDIR/file" "w"] puts $id "prova" close $id _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --rfc --pl 1.3.6.1.5.5.100.100.101 --policy $::SCRATCHDIR/file}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --text}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct ".*Policy Language: 1.3.6.1.5.5.100.100.101" set correct2 ".*Policy Text:.*prova" loadvar out2 $outname if [regexp $correct $out2] then { if [regexp $correct2 $out2] then { testmessage "voms-proxy-init --path-length worked successfully." return $::PASSTEST } else { logvar correct logvar correct2 addlog $outname testmessage "--pl and --policy did not work." return $::FAILTEST } } else { logvar correct logvar correct2 addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms051.exp000066400000000000000000000014011477131364200204350ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-destroy works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-destroy}] if $res then { addlog $outname testmessage "voms-proxy-destroy failed." return $::FAILTEST } else { if [file exists /tmp/x509up_u[exec id -u]] then { testmessage "proxy exists." return $::FAILTEST } else { testmessage "proxy deleted." return $::PASSTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms052.exp000066400000000000000000000014671477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-destroy --file works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --out=$::SCRATCHDIR/proxy --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-destroy --file $::SCRATCHDIR/proxy}] if $res then { addlog $outname testmessage "voms-proxy-destroy failed." return $::FAILTEST } else { if [file exists $::SCRATCHDIR/proxy] then { testmessage "proxy exists." return $::FAILTEST } else { testmessage "proxy deleted." return $::PASSTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms053.exp000066400000000000000000000022061477131364200204430ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms --logmax works." proc mytest {} { _activateCert mycert2 _addVOMSOption voms1 logmax 200 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 addlog $::ETC_DIR/voms/voms1/voms.conf if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [file exists $::LOG_DIR/voms.voms1.1] then { if {[file size $::LOG_DIR/voms.voms1.1] <= 400} then { testmessage "--logmax works." return $::PASSTEST } else { set outname1 [exec mktemp $::SCRATCHDIR/voms-proxy-init-XXXXXX] set res [catch {set out [exec ls -l $::LOG_DIR >& $outname1]}] addlog $outname1 testmessage "file too long" return $::FAILTEST } } else { set outname1 [exec mktemp $::SCRATCHDIR/voms-proxy-init-XXXXXX] set res [catch {set out [exec ls -l $::LOG_DIR >& $outname1]}] addlog $outname1 testmessage "log did not split" return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms054.exp000066400000000000000000000010161477131364200204420ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms --skipcacheck works." proc mytest {} { _activateCert mycertsameasmycert2 _addVOMSOption voms1 skipcacheck _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 addlog $::ETC_DIR/voms/voms1/voms.conf if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } else { testmessage "--skipcacheck works." return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms055.exp000066400000000000000000000010341477131364200204430ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms certificates are distinguished by CA." proc mytest {} { _activateCert mycertsameasmycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 addlog $::ETC_DIR/voms/voms1/voms.conf if $res then { testmessage "certificates were considered different." return $::PASSTEST } else { addlog $outname testmessage "certificates were considered the same." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms056.exp000066400000000000000000000007331477131364200204510ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms --socktimeout works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set timeout 100 spawn telnet localhost 33334 expect { eof { set dopass 1 } timeout { set dopass 0 } } _vomsStop voms1 if $dopass then { testmessage "Timeout worked" return $::PASSTEST } else { testmessage "Timeout did not work" return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms057.exp000066400000000000000000000017721477131364200204560ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms --uri works." proc mytest {} { _activateCert mycert2 _addVOMSOption voms1 uri testsite:10000 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 addlog $::ETC_DIR/voms/voms1/voms.conf if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --uri}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "testsite:10000" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "uri correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/voms/voms058.exp000066400000000000000000000016561477131364200204600ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info--uri works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --uri}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "$::HOSTNAME:33334" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "uri correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms059.exp000066400000000000000000000024431477131364200204540ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an asked role is put first." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1:/voms1/group1/Role=TestRole}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --all}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment === VO voms1 extension information === VO : voms1 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 attribute : /voms1/group1/Role=TestRole" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "role is first." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Role is not first" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms060.exp000066400000000000000000000030771477131364200204500ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if two --voms options work." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --voms voms1:/voms1/group1/Role=TestRole}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --all}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment === VO voms1 extension information === VO : voms1 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 attribute : /voms1 attribute : /voms1/group1/Role=TestRole attribute : /voms1/group1 attribute : shortid = mycert2-r \\\(/voms1/group1/Role=TestRole\\\) attribute : shortid = mycert2-g \\\(/voms1/group1\\\) attribute : shortid = mycert2 \\\(voms1\\\) timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "two --voms options work." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Two --voms options do not work." return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms061.exp000066400000000000000000000031371477131364200204460ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --noregen of an existing proxy works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1:/voms1/group1}] set res [log_exec outname {voms-proxy-init --voms voms1 --valid 10:00 --noregen}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --chain}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "=== Proxy Chain Information === subject : /C=IT/CN=001 issuer : /C=IT/O=INFN/CN=CAFromthisCN strength : 2048 bits timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 type : proxy strength : 2048 bits timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* === Proxy Information === subject : /C=IT/CN=001/CN=proxy/CN=proxy issuer : /C=IT/CN=001/CN=proxy identity : /C=IT/CN=001/CN=proxy type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2 dummy] then { testmessage "voms-proxy-init --noregen worked successfully." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms062.exp000066400000000000000000000015361477131364200204500ustar00rootroot00000000000000load_lib vomstest.exp testheader "Check message in case of user not registered (role request)." proc mytest {} { _activateCert mycert3 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1:/voms1/group1/Role=TestRole}] _vomsStop voms1 if $res then { set correct "Error: voms1: User unknown to this VO." loadvar out2 $outname if [regexp $correct $out2 dummy] then { testmessage "voms-proxy-init returned the correct error message." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-init" return $::FAILTEST } } else { addlog $outname testmessage "voms-prxoy-init did not return an error." return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms063.exp000066400000000000000000000015031477131364200204430ustar00rootroot00000000000000load_lib vomstest.exp testheader "Check message in case of user not registered (basic request)." proc mytest {} { _activateCert mycert3 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { set correct "Error: voms1: User unknown to this VO." loadvar out2 $outname if [regexp $correct $out2 dummy] then { testmessage "voms-proxy-init returned the correct error message." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-init" return $::FAILTEST } } else { addlog $outname testmessage "voms-prxoy-init did not return an error." return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms064.exp000066400000000000000000000015701477131364200204500ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a non-existent role and normal groups can be requested." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --voms voms1:/voms1/Role=product --voms voms1:/Role=rt}] _vomsStop voms1 if $res then { addlog $outname set correct "\[.\\n\]*Unable to satisfy\[.\\n\]*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-init failed for the correct reason." return $::PASSTEST } else { logvar correct testmessage "voms-proxy-init failed for the wrong reason." return $::FAILTEST } } else { addlog $outname testmessage "voms-proxy-init succeeded when it should not have" return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms065.exp000066400000000000000000000007441477131364200204530ustar00rootroot00000000000000load_lib vomstest.exp testheader "Requesting a non-existent role should fail." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1:/Role=product}] _vomsStop voms1 if $res then { testmessage "Failed as expected." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-init succeeded with a non-existent role." return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms066.exp000066400000000000000000000016141477131364200204510ustar00rootroot00000000000000load_lib vomstest.exp testheader "Checking if -+option works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init -cert $::env(X509_USER_CERT) -key $::env(X509_USER_KEY) -+debug}] _vomsStop voms1 if $res then { if {[info exists outname] == 0} then { addlog $outname testmessage "Did a core dump." return $::FAILTEST } elseif {[file size $outname] == "0" } then { addlog $outname testmessage "Did have empty output (possibly core dump)." return $::FAILTEST } else { testmessage "Did have output and error return." return $::PASSTEST } } else { addlog $outname addlog $out testmessage "voms-proxy-init succeeded with a non-existent role." return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms067.exp000066400000000000000000000017451477131364200204570ustar00rootroot00000000000000load_lib vomstest.exp testheader "Checking if wrong X509_CERT_DIR is reported as an error." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set dirsave $::env(X509_CERT_DIR) set ::env(X509_CERT_DIR) $::INSTALLDIR/tmp/tmp/tmp set res [log_exec outname {voms-proxy-info --all}] set ::env(X509_CERT_DIR) $dirsave _vomsStop voms1 if $res then { if {[info exists outname] == 0} then { addlog $outname testmessage "Did a core dump." return $::FAILTEST } elseif {[file size $outname] == "0" } then { addlog $outname testmessage "Did not have output (possibly core dump)." return $::FAILTEST } else { testmessage "Did have output and error return." return $::PASSTEST } } else { addlog $outname testmessage "voms-proxy-info succeeded with a non-existent X509_CERT_DIR." return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms068.exp000066400000000000000000000016231477131364200204530ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms --nologfile vorks." proc mytest {} { _activateCert mycert2 _addVOMSOption voms1 nologfile file delete $::LOG_DIR/voms.voms1 set outname [exec mktemp $::SCRATCHDIR/voms-proxy-init-XXXXXX] set res [catch {set out [_vomsStart voms1]}] set res [expr $res + [log_exec outname {voms-proxy-init --voms voms1}]] _vomsStop voms1 addlog $::ETC_DIR/voms/voms1/voms.conf if $res then { addlog $outname addlog $::LOG_DIR/voms/voms.voms1 testmessage "voms-proxy-init failed." return $::FAILTEST } else { if {[file exists $::LOG_DIR/voms.voms1] == 1 } then { addlog $::LOG_DIR/voms.voms1 testmessage "Log file exists." return $::FAILTEST } else { testmessage "log file did not exist." return $::PASSTEST } } } do_test voms-2.1.2/testsuite/voms/voms/voms069.exp000066400000000000000000000025041477131364200204530ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms log rotation fails when prevously rotated logs are missing." proc mytest {} { _activateCert mycert2 _addVOMSOption voms1 logmax 200 set outname [exec mktemp $::SCRATCHDIR/voms-proxy-init-XXXXXX] _vomsStart voms1 set res [catch {set out [exec $::INSTALLDIR/bin/voms-proxy-init --voms voms1 >>& $outname]}] set res [expr $res + [catch {set out [exec $::INSTALLDIR/bin/voms-proxy-init --voms voms1 >>& $outname]}]] set res [expr $res + [catch {set out [exec $::INSTALLDIR/bin/voms-proxy-init --voms voms1 >>& $outname]}]] file delete $::LOG_DIR/voms.voms1.2 set res [expr $res + [catch {set out [exec $::INSTALLDIR/bin/voms-proxy-init --voms voms1 >>& $outname]}]] set res [expr $res + [catch {set out [exec $::INSTALLDIR/bin/voms-proxy-init --voms voms1 >>& $outname]}]] _vomsStop voms1 if [file exists $::LOG_DIR/voms.voms1] then { testmessage "Making rotation less sensible to missing files worked." return $::PASSTEST } else { set outname1 [exec mktemp $::SCRATCHDIR/voms-proxy-init-XXXXXX] exec ls $::LOG_DIR >& $outname1 file delete -force $::LOG_DIR file mkdir $::LOG_DIR addlog $outname1 testmessage "State of logs is inconsistent." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms070.exp000066400000000000000000000007031477131364200204420ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --old works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --old --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } else { testmessage "voms-proxy-init succeeded." return $::PASSTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms071.exp000066400000000000000000000007641477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init with unrecognized options works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --ogreg --voms voms1}] _vomsStop voms1 if $res then { testmessage "voms-proxy-init succeeded." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-init succeeded when it should have failed." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms072.exp000066400000000000000000000010171477131364200204430ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms starts when it cannot log." proc mytest {} { _activateCert mycert2 _removeVOMSOption voms1 syslog file delete -force $::LOG_DIR set out [catch { _vomsStart voms1 } var] file mkdir $::LOG_DIR catch { _vomsStop voms1 } if {$out == 1 } then { testmessage "Voms correctly refused to start" return $::PASSTEST } else { testmessage "VOMS Start without errors while it could not log." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms073.exp000066400000000000000000000016031477131364200204450ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms --logmax 0 stops rotation." proc mytest {} { _activateCert mycert2 _addVOMSOption voms1 logmax 0 file delete -force $::LOG_DIR file mkdir $::LOG_DIR exec dd if=/dev/zero of=$::LOG_DIR/voms.voms1 count=21K >&/dev/null _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if [file exists $::LOG_DIR/voms.voms1.1] then { set outname1 [exec mktemp $::SCRATCHDIR/voms-proxy-init-XXXXXX] exec ls $::LOG_DIR >& $outname1 file delete -force $::LOG_DIR file mkdir $::LOG_DIR addlog $outname1 testmessage "Rotation happened anyway." return $::FAILTEST } else { file delete -force $::LOG_DIR file mkdir $::LOG_DIR testmessage "Rotation stopped as expected." return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms074.exp000066400000000000000000000005141477131364200204460ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } return $::PASSTEST } do_testvoms-2.1.2/testsuite/voms/voms/voms075.exp000066400000000000000000000010061477131364200204440ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info fails when no ac is present in proxy." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } return $::PASSTEST } do_testvoms-2.1.2/testsuite/voms/voms/voms076a.exp000066400000000000000000000014111477131364200206060ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init does timeout during negotiation (1)." proc mytest {} { _activateCert mycert2 set outname [exec mktemp $::SCRATCHDIR/voms-proxy-init-XXXXXX] set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_buildC server.c] exec /bin/sh -c "$::SCRATCHDIR/a.out '$::ETC_DIR/grid-security/certificates;$::INSTALLDIR/certs/hostcert.pem;$::INSTALLDIR/certs/hostkey.pem;start' >/dev/null &" set timeout 40 set begin [clock seconds] set res [catch {set out [exec $::INSTALLDIR/bin/voms-proxy-init --voms voms1 -timeout 30 >& $outname]}] set end [clock seconds] if {$end - $begin > 35} then { return $::FAILTEST } else { return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms076b.exp000066400000000000000000000017631477131364200206210ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init does timeout during negotiation (2)." proc mytest {} { _activateCert mycert2 set outname [exec mktemp $::SCRATCHDIR/voms-proxy-init-XXXXXX] set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_buildC server2.c] exec /bin/sh -c "$::SCRATCHDIR/a.out '$::ETC_DIR/grid-security/certificates;$::INSTALLDIR/certs/hostcert.pem;$::INSTALLDIR/certs/hostkey.pem;start' >/dev/null &" set timeout 40 spawn $::INSTALLDIR/bin/voms-proxy-init --voms voms1 -timeout 30 expect { stuck { set dopass 1 } Answer { set dopass 0 } eof { set dopass 1 } timeout { set dopass 0 } } set res [catch {set out [exec killall a.out]}] loadvar out2 $outname if $dopass then { testmessage "Timeout worked" return $::PASSTEST } else { addlog $outname testmessage "Timeout did not work after handshake" return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms077.exp000066400000000000000000000013121477131364200204460ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-list with two --voms fails." proc mytest {} { _activateCert mycert2 _cleanproxy _vomsStart voms1 set res [log_exec outname {voms-proxy-list --voms voms1 --voms voms1}] _vomsStop voms1 addlog $outname if $res then { set correct "Exactly ONE voms server must be specified!" set out2 [exec cat $outname] if [regexp $correct $out2] then { testmessage "voms-proxy-list failed with correct message." return $::PASSTEST } else { testmessage "voms-proxy-list failed with wrong message." return $::FAILTEST } } return $::FAILTEST } do_testvoms-2.1.2/testsuite/voms/voms/voms078.exp000066400000000000000000000012221477131364200204470ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake --version works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --version}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set correct "voms-proxy-fake Version: .* Compiled: .*" loadvar out $outname if [regexp $correct $out] then { testmessage "voms-proxy-fake --version succeeded." return $::PASSTEST } addlog $outname logvar correct testmessage "voms-proxy-fake --version failed." return $::FAILTEST } do_testvoms-2.1.2/testsuite/voms/voms/voms079.exp000066400000000000000000000015341477131364200204560ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake --voms inserts an AC." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info -all}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } set correct "voms1" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "vo correctly reported" return $::PASSTEST } logvar correct addlog $outname testmessage "vo AC was absent from proxy" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms080.exp000066400000000000000000000021421477131364200204420ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init returns correct message when the certificate expires." set temp "" proc myprolog {} { if [info exists ::env(VOMS_LOCATION)] then { set ::temp $::env(VOMS_LOCATION) } else { set ::temp "" } set ::env(VOMS_LOCATION) "/tmp" } proc myepilog {} { if [string equal $::temp ""] then { unset ::env(VOMS_LOCATION) } else { set ::env(VOMS_LOCATION) $::temp } } proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 set uncorrect "Cannot find file or dir" loadvar out2 $outname if [regexp $uncorrect $out2 dummy] then { addlog $outname testmessage "warning about missing dir present when it should not be." return $::FAILTEST } else { return $::PASSTEST } if $res then { testmessage "voms-proxy-init failed when it should not have." addlog $outname return $::FAILTEST } } test_set_prolog myprolog test_set_epilog myepilog do_test voms-2.1.2/testsuite/voms/voms/voms081.exp000066400000000000000000000021151477131364200204430ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info writes an error messages without CA certificates." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::env(X509_CERT_DIR) "/tmp/crt" set res [log_exec outname {voms-proxy-info --all}] set ::env(X509_CERT_DIR) $::_cadir if $res then { set correct "unable to access trusted certificates in:x509_cert_dir=/tmp/crt" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "failed with correct error message." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-info failed with incorrect error message." return $::FAILTEST } } else { addlog $outname testmessage "voms-proxy-info unexpectedly succeeded." return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms082.exp000066400000000000000000000012271477131364200204470ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --exists --bits works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --exists --bits 10000}] if $res then { testmessage "correctly failed." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-info unexpectedly succeeded." return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms083.exp000066400000000000000000000012531477131364200204470ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --exists --valid fails when it should." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --exists --valid 10000:50}] if $res then { testmessage "correctly failed." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-info unexpectedly succeeded." return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms084.exp000066400000000000000000000014041477131364200204460ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init returns an error message when the server certificate is absent." proc myprolog {} { file rename $::env(X509_VOMS_DIR)/voms1.pem $::SCRATCHDIR/voms1.pem } proc myepilog {} { file rename $::SCRATCHDIR/voms1.pem $::env(X509_VOMS_DIR)/voms1.pem } proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --verify}] _vomsStop voms1 if $res then { testmessage "voms-proxy-init correctly failed." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-init unexpectedly succeeded." return $::FAILTEST } } test_set_prolog myprolog test_set_epilog myepilog do_testvoms-2.1.2/testsuite/voms/voms/voms085.exp000066400000000000000000000016251477131364200204540ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info -acexists works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --acexists voms1}] then { addlog $outname testmessage "voms-proxy-info -acexists failed to detect VO." return $::FAILTEST } else { if [log_exec outname {voms-proxy-info --acexists vms}] then { testmessage "voms-proxy-info correctly detected non-existent VO." return $::PASSTEST } else { addlog $outname testmessage "voms-proxy-info -acexists detected non-existent VO." return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms086.exp000066400000000000000000000016651477131364200204610ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info --text works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --text}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "X509v3 extensions" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "--text correctly reported." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/voms/voms087.exp000066400000000000000000000013431477131364200204530ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --version works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --version}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } #match against known (correct) output set correct "voms-proxy-init Version: .* Compiled: .*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "--version worked." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-init" return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms088.exp000066400000000000000000000074341477131364200204630ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --help works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --help}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } #match against known (correct) output set correct ".*voms-proxy-init: Options -help, -usage Displays usage -version Displays version -debug Enables extra debug output -quiet, -q Quiet mode, minimal output -verify Verifies certificate to make proxy for -pwstdin Allows passphrase from stdin -limited Creates a limited proxy -valid Proxy and AC are valid for h hours and m minutes \(defaults to 12:00\) -hours H Proxy is valid for H hours \(default:12\) -bits Number of bits in key \\{512\|1024\|2048\|4096\\} -cert Non-standard location of user certificate -key Non-standard location of user key -certdir Non-standard location of trusted cert dir -out Non-standard location of new proxy cert -voms > Specify voms server. :command is optional, and is used to ask for specific attributes \(e.g: roles\) -order > Specify ordering of attributes. -target Targets the AC against a specific hostname. -vomslife Try to get a VOMS pseudocert valid for h hours and m minutes \(default to value of -valid\). -include Include the contents of the specified file. -conf Read options from . -confile Non-standard location of voms server addresses. Deprecated -userconf Non-standard location of user-defined voms server addresses. Deprecated -vomses Non-standard location of configuration files. -policy File containing policy to store in the ProxyCertInfo extension. -pl, -policy-language OID string for the policy language. -policy-language OID string for the policy language. -path-length Allow a chain of at most l proxies to be generated from this ones. -globus Globus version. \(MajorMinor\) -proxyver Version of proxy certificate. -noregen Use existing proxy certificate to connect to server and sign the new proxy. -separate Saves the information returned by the server on file . -ignorewarn Ignore warnings. -failonwarn Treat warnings as errors. -list Show all available attributes. -rfc Creates RFC 3820 compliant proxy \(synonymous with -proxyver 4\) -old Creates GT2 compliant proxy \(synonymous with -proxyver 2\) -timeout Timeout for server connections, in seconds. -includeac get AC from file." loadvar out2 $outname if [regexp $correct $out2] then { testmessage "--help worked." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-init" return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms089.exp000066400000000000000000000021571477131364200204610ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms allows expansion of credential set." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] set res [log_exec outname {voms-proxy-init --voms voms1:/voms1/group1/Role=TestRole --valid 10:00 --noregen}] _vomsStop voms1 if $res then { addlog $outname testmessage "Second voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --all}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct "/voms1/group1/Role=TestRole" loadvar out2 $outname if [regexp $correct $out2 dummy] then { logvar correct addlog $outname testmessage "Role present in output." return $::FAILTEST } else { logvar correct addlog $outname testmessage "Role correctly absent" return $::PASSTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms090.exp000066400000000000000000000016701477131364200204500ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake --newsubject works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --newsubject /CN=FAKEDN}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info -all}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } set correct "subject : /CN=FAKEDN issuer : /C=IT/CN=001 identity : /C=IT/CN=001" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "DN faked but identity correct" return $::PASSTEST } logvar correct addlog $outname testmessage "problems in faking DN" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms091.exp000066400000000000000000000046101477131364200204460ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake --voinfo works." proc mytest {} { _activateCert mycert2 _cleanproxy set outinfo [exec mktemp $::SCRATCHDIR/vo-info-XXXXXX] set id [open $outinfo "w+"] puts $id "\[voms1\]" puts $id "-hostcert = $::INSTALLDIR/certs/hostcert.pem" puts $id "-hostkey = $::INSTALLDIR/certs/hostkey.pem" puts $id "-fqan = /voms1" puts $id "-uri = testmachine.cnaf.infn.it" puts $id "\[voms2\]" puts $id "-hostcert = $::INSTALLDIR/certs/hostcert.pem" puts $id "-hostkey = $::INSTALLDIR/certs/hostkey.pem" puts $id "-fqan = /voms3" puts $id "-uri = testmachine.cnaf.infn.it:5000" puts $id "-ga = nome = \"prova di prova\"" puts $id "-ga = nome = prova" puts $id "-ga = \"non lo so\" = boh (/vom3)" puts $id "-target = r.f.c.it" puts $id "-target = r.f.s.it" puts $id "-vomslife = 10" close $id set res [log_exec outname {voms-proxy-fake --voinfo $outinfo}] if $res then { addlog $outname addlog $outinfo testmessage "voms-proxy-fake failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info -all}] then { addlog $outname addlog $outinfo testmessage "voms-proxy-info failed." return $::FAILTEST } set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment === VO voms1 extension information === VO : voms1 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 attribute : /voms1 timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* uri : testmachine.cnaf.infn.it === VO voms2 extension information === VO : voms2 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 attribute : /voms3 attribute : nome = prova di prova \\(voms2\\) attribute : nome = prova \\(voms2\\) attribute : non lo so = boh \\(/vom3\\) timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* target : r.f.c.it target : r.f.s.it uri : testmachine.cnaf.infn.it:5000" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "File voinfo read correctly" return $::PASSTEST } logvar correct addlog $outname testmessage "proxy and specification in voinfo do not match" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms092.exp000066400000000000000000000027601477131364200204530ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake --voinfo segfaults when --uri is absent." proc mytest {} { _activateCert mycert2 _cleanproxy set outinfo [exec mktemp $::SCRATCHDIR/vo-info-XXXXXX] set id [open $outinfo "w+"] puts $id "\[voms1\]" puts $id "-hostcert = $::INSTALLDIR/certs/hostcert.pem" puts $id "-hostkey = $::INSTALLDIR/certs/hostkey.pem" close $id set res [log_exec outname {voms-proxy-fake --voinfo $outinfo}] if $res then { addlog $outname addlog $outinfo testmessage "voms-proxy-fake failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info -all}] then { addlog $outname addlog $outinfo testmessage "voms-proxy-info failed." return $::FAILTEST } set correct "subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment === VO voms1 extension information === VO : voms1 subject : /C=IT/CN=001 issuer : /C=IT/CN=003 timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* uri :" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "File voinfo read correctly" return $::PASSTEST } logvar correct addlog $outname testmessage "proxy and specification in voinfo do not match" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms093.exp000066400000000000000000000017401477131364200204510ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init works with a server certificate containing email." proc myprolog {} { _activateHostCertificate mycert5 file copy -force $::INSTALLDIR/certs/hostcert.pem $::_vomsdir/voms1.pem _makeVomses voms1 file copy -force "$::_certdir/mycert5-cert.pem" $::_vomsdir/voms1.pem } proc myepilog {} { _activateHostCertificate mycert3 file copy -force $::INSTALLDIR/certs/hostcert.pem $::_vomsdir/voms1.pem _makeVomses voms1 file copy -force "$::_certdir/mycert3-cert.pem" $::_vomsdir/voms1.pem } proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --limited}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init did not work." return $::FAILTEST } testmessage "voms-proxy-init did work." return $::PASSTEST } test_set_prolog myprolog test_set_epilog myepilog do_testvoms-2.1.2/testsuite/voms/voms/voms094.exp000066400000000000000000000020731477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if LSC files work." proc myprolog {} { file mkdir $::_vomsdir/voms1 set id [open "$::_vomsdir/voms1/testsite.lsc" "w+"] puts $id " /C=IT/CN=003 /C=IT/O=INFN/CN=CAFromthisCN /C=IT/O=INFN/CN=CAFromthisCN /C=IT/O=INFN/ST=IT/L=THISL/OU=INFN/CN=thisCN" close $id _addVOMSOption voms1 uri testsite:10000 } proc myepilog {} { file delete $::_vomsdir/voms1/testsite.lsc _removeVOMSOption voms1 uri } proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init did not work." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info execution failed." return $::FAILTEST } else { testmessage "voms-proxy-info succeeded." return $::PASSTEST } } test_set_prolog myprolog test_set_epilog myepilog do_test voms-2.1.2/testsuite/voms/voms/voms095.exp000066400000000000000000000012301477131364200204450ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if missing certificate implies an error." proc myprolog {} { _activateCert mycert2 file delete -force $::env(X509_USER_CERT) } proc myepilog {} { _activateCert mycert2 } proc mytest {} { _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init correctly returned an error." return $::PASSTEST } else { testmessage "voms-proxy-init incorrectly returned a success." return $::FAILTEST } } test_set_prolog myprolog test_set_epilog myepilog do_test voms-2.1.2/testsuite/voms/voms/voms096.exp000066400000000000000000000011671477131364200204570ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if -pwstdin works with voms-proxy-init." proc mytest {} { _activateCert passcert _vomsStart voms1 set timeout 100 set dopass 0 spawn $::INSTALLDIR/bin/voms-proxy-init --voms voms1 --pwstdin send "password\r" expect { eof { set dopass 1 } timeout { set dopass 0 } } _vomsStop voms1 if $dopass then { testmessage "proxy successfully created." return $::PASSTEST } else { addlog $::LOG_DIR/voms.voms1 testmessage "voms proxy init returned error message." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms097.exp000066400000000000000000000012471477131364200204570ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --proxyver 10 fails correctly." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --proxyver 10}] _vomsStop voms1 addlog $outname if $res then { set correct "Error: proxyver must be 2, 3 or 4" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-init failed with correct message." return $::PASSTEST } else { testmessage "voms-proxy-init failed with wrong message." return $::FAILTEST } } return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms098.exp000066400000000000000000000017331477131364200204600ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if reloading configuration works." proc myprolog {} { } proc myepilog {} { _removeVOMSOption voms1 timeout } proc mytest {} { _activateCert mycert2 _vomsStart voms1 _addVOMSOption voms1 timeout 10000 _vomsReload voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --vomslife 23:50}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init incorrectly failed." return $::FAILTEST } else { set correct "The validity of this VOMS AC in your proxy is shortened" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "Warning correctly returned" return $::PASSTEST } logvar correct addlog $outname testmessage "voms-proxy-init incorrectly returned a success." return $::FAILTEST } } #test_set_prolog myprolog test_set_epilog myepilog do_test voms-2.1.2/testsuite/voms/voms/voms099.exp000066400000000000000000000055531477131364200204650ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a default REST request works." global CADIR proc mytest {} { _activateCert mycert2 _vomsStart voms1 set outname [exec mktemp $::SCRATCHDIR/openssl-output-XXXXXX] set errname [exec mktemp $::SCRATCHDIR/openssl-error-XXXXXX] set tempfile [exec mktemp $::SCRATCHDIR/openssl-input-XXXXXX] set id [open $tempfile "w+"] puts $id "GET /generate-ac HTTP/1.1" puts $id "" close $id set out "" set res [catch {set out [exec openssl s_client -connect localhost:33334 -CApath $::_cadir -cert $::env(X509_USER_CERT) -key $::env(X509_USER_KEY) -quiet 2>$errname <$tempfile >$outname]}] _vomsStop voms1 loadvar out $outname if $res then { addlog $outname addlog $errname testmessage "openssl s_client incorrectly failed." return $::FAILTEST } else { set correct1 "HTTP/1.1 200 OK" loadvar out2 $outname if [regexp $correct1 $out] then { #result is correctly ok set correct1 "<\\?xml version=\"1.0\" encoding=\"UTF-8\"\\?>(.*)" if [regexp $correct1 $out all ac] then { # Output was as intended. Is it a valid AC? set acfile [exec mktemp $::SCRATCHDIR/ac-XXXXXX] set acid [open $acfile "w+"] puts $acid "-----BEGIN ATTRIBUTE CERTIFICATE-----" puts $acid [string trim $ac] puts $acid "-----END ATTRIBUTE CERTIFICATE-----" close $acid addlog $acfile set res [log_exec vomsout {voms-proxy-init --includeac $acfile}] addlog $vomsout if $res then { testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec infoout {voms-proxy-info --all}] then { addlog $infoout testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct3 "attribute : /voms1" loadvar out3 $infoout if [regexp $correct3 $out3] then { testmessage "AC was valid" return $::PASSTEST } logvar correct3 addlog $out3 testmessage "AC did not contain correct information." return $::FAILTEST } } else { logvar correct1 testmessage "Output was not as intended." addlog $outname return $::FAILTEST } } addlog $outname testmessage "REST output was incorrect." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms100.exp000066400000000000000000000055641477131364200204460ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a default REST request for specific FQANs works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set outname [exec mktemp $::SCRATCHDIR/openssl-output-XXXXXX] set errname [exec mktemp $::SCRATCHDIR/openssl-error-XXXXXX] set tempfile [exec mktemp $::SCRATCHDIR/openssl-input-XXXXXX] set id [open $tempfile "w+"] puts $id "GET /generate-ac?fqans=/voms1/group1 HTTP/1.1" puts $id "" close $id set res [catch {set out [exec openssl s_client -connect localhost:33334 -CApath $::_cadir -cert $::env(X509_USER_CERT) -key $::env(X509_USER_KEY) -quiet 2>$errname <$tempfile >$outname]}] _vomsStop voms1 loadvar out $outname if $res then { addlog $outname addlog $errname testmessage "openssl s_client incorrectly failed." return $::FAILTEST } else { set correct1 "HTTP/1.1 200 OK" loadvar out2 $outname if [regexp $correct1 $out] then { #result is correctly ok set correct1 "<\\?xml version=\"1.0\" encoding=\"UTF-8\"\\?>(.*)" if [regexp $correct1 $out all ac] then { # Output was as intended. Is it a valid AC? set acfile [exec mktemp $::SCRATCHDIR/ac-XXXXXX] set acid [open $acfile "w+"] puts $acid "-----BEGIN ATTRIBUTE CERTIFICATE-----" puts $acid [string trim $ac] puts $acid "-----END ATTRIBUTE CERTIFICATE-----" close $acid addlog $acfile set res [log_exec vomsout {voms-proxy-init --includeac $acfile}] addlog $vomsout if $res then { testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec infoout {voms-proxy-info --all}] then { addlog $infoout testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct3 "attribute : /voms1/group1 attribute : /voms1" loadvar out3 $infoout if [regexp $correct3 $out3] then { testmessage "AC was valid" return $::PASSTEST } logvar correct3 addlog $out3 testmessage "AC did not contain correct information." return $::FAILTEST } } else { testmessage "Output was not as intended." addlog $outname return $::FAILTEST } } addlog $outname testmessage "REST output was incorrect." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms101.exp000066400000000000000000000030351477131364200204360ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a default REST request for not existing FQANs fails." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set outname [exec mktemp $::SCRATCHDIR/openssl-output-XXXXXX] set errname [exec mktemp $::SCRATCHDIR/openssl-error-XXXXXX] set tempfile [exec mktemp $::SCRATCHDIR/openssl-input-XXXXXX] set id [open $tempfile "w+"] puts $id "GET /generate-ac?fqans=/voms1/Role=group9000 HTTP/1.1" puts $id "" close $id set res [catch {set out [exec openssl s_client -connect localhost:33334 -CApath $::_cadir -cert $::env(X509_USER_CERT) -key $::env(X509_USER_KEY) -quiet 2>$errname <$tempfile >$outname]}] _vomsStop voms1 loadvar out $outname if $res then { addlog $outname addlog $errname testmessage "openssl s_client incorrectly failed." return $::FAILTEST } else { set correct1 "HTTP/1.1 400 Bad Request" if [regexp $correct1 $out] then { #result is correctly bad request set correct2 "<\\?xml version=\"1.0\" encoding=\"UTF-8\"\\?>BadRequestvoms1: Unable to satisfy B/voms1:group9000 Request\\!" if [regexp $correct2 $out] then { testmessage "Output was as intended." return $::PASSTEST } logvar correct2 } logvar correct1 addlog $outname testmessage "REST output was incorrect." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms102.exp000066400000000000000000000027671477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a default REST request for not registeres user fails." proc mytest {} { _activateCert mycert3 _vomsStart voms1 set outname [exec mktemp $::SCRATCHDIR/openssl-output-XXXXXX] set errname [exec mktemp $::SCRATCHDIR/openssl-error-XXXXXX] set tempfile [exec mktemp $::SCRATCHDIR/openssl-input-XXXXXX] set id [open $tempfile "w+"] puts $id "GET /generate-ac?fqans=/voms1 HTTP/1.1" puts $id "" close $id set res [catch {set out [exec openssl s_client -connect localhost:33334 -CApath $::_cadir -cert $::env(X509_USER_CERT) -key $::env(X509_USER_KEY) -quiet 2>$errname <$tempfile >$outname]}] _vomsStop voms1 loadvar out $outname if $res then { addlog $outname addlog $errname testmessage "openssl s_client incorrectly failed." return $::FAILTEST } else { set correct1 "HTTP/1.1 403 Forbidden" if [regexp $correct1 $out] then { #result is correctly bad request set correct2 "<\\?xml version=\"1.0\" encoding=\"UTF-8\"\\?>NoSuchUservoms1: User unknown to this VO." if [regexp $correct2 $out] then { testmessage "Output was as intended." return $::PASSTEST } logvar correct2 } logvar correct1 addlog $outname testmessage "REST output was incorrect." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms103.exp000066400000000000000000000062641477131364200204470ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a default REST request for specific lifetime works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set outname [exec mktemp $::SCRATCHDIR/openssl-output-XXXXXX] set errname [exec mktemp $::SCRATCHDIR/openssl-error-XXXXXX] set tempfile [exec mktemp $::SCRATCHDIR/openssl-input-XXXXXX] set id [open $tempfile "w+"] puts $id "GET /generate-ac?lifetime=3599 HTTP/1.1" puts $id "" close $id set res [catch {set out [exec openssl s_client -connect localhost:33334 -CApath $::_cadir -cert $::env(X509_USER_CERT) -key $::env(X509_USER_KEY) -quiet 2>$errname <$tempfile >$outname]}] _vomsStop voms1 loadvar out $outname if $res then { addlog $outname addlog $errname testmessage "openssl s_client incorrectly failed." return $::FAILTEST } else { set correct1 "HTTP/1.1 200 OK" loadvar out2 $outname if [regexp $correct1 $out] then { #result is correctly ok set correct2 "<\\?xml version=\"1.0\" encoding=\"UTF-8\"\\?>(.*)" if [regexp $correct2 $out all ac] then { # Output was as intended. Is it a valid AC? set acfile [exec mktemp $::SCRATCHDIR/ac-XXXXXX] set acid [open $acfile "w+"] puts $acid "-----BEGIN ATTRIBUTE CERTIFICATE-----" puts $acid [string trim $ac] puts $acid "-----END ATTRIBUTE CERTIFICATE-----" close $acid addlog $acfile set res [log_exec vomsout {voms-proxy-init --includeac $acfile}] addlog $vomsout if $res then { testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec infoout {voms-proxy-info --all}] then { addlog $infoout testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct3 "timeleft : 0:(\[0-9\]*):(\[0-9\]*)" loadvar out3 $infoout addlog $infoout if [regexp $correct3 $out3 all min sec] then { if [ expr {(($min < 60 && $sec < 60))}] then { testmessage "AC was valid" return $::PASSTEST } else { testmessage "validity times were wrong" return $::FAILTEST } } logvar correct3 addlog $out3 testmessage "AC did not contain correct information." return $::FAILTEST } } else { logvar correct2 testmessage "Output was not as intended." addlog $outname return $::FAILTEST } } addlog $outname testmessage "REST output was incorrect." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms104.exp000066400000000000000000000060201477131364200204360ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a default REST request for multiple FQANs works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set outname [exec mktemp $::SCRATCHDIR/openssl-output-XXXXXX] set errname [exec mktemp $::SCRATCHDIR/openssl-error-XXXXXX] set tempfile [exec mktemp $::SCRATCHDIR/openssl-input-XXXXXX] set id [open $tempfile "w+"] puts $id "GET /generate-ac?fqans=/voms1/group1,/voms1/group1/Role=TestRole HTTP/1.1" puts $id "" close $id set res [catch {set out [exec openssl s_client -connect localhost:33334 -CApath $::_cadir -cert $::env(X509_USER_CERT) -key $::env(X509_USER_KEY) -quiet 2>$errname <$tempfile >$outname]}] _vomsStop voms1 loadvar out $outname if $res then { addlog $outname addlog $errname testmessage "openssl s_client incorrectly failed." return $::FAILTEST } else { set correct1 "HTTP/1.1 200 OK" loadvar out2 $outname if [regexp $correct1 $out] then { #result is correctly ok set correct2 "<\\?xml version=\"1.0\" encoding=\"UTF-8\"\\?>(.*)" if [regexp $correct2 $out all ac] then { # Output was as intended. Is it a valid AC? set acfile [exec mktemp $::SCRATCHDIR/ac-XXXXXX] set acid [open $acfile "w+"] puts $acid "-----BEGIN ATTRIBUTE CERTIFICATE-----" puts $acid [string trim $ac] puts $acid "-----END ATTRIBUTE CERTIFICATE-----" close $acid addlog $acfile set res [log_exec vomsout {voms-proxy-init --includeac $acfile}] addlog $vomsout if $res then { testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec infoout {voms-proxy-info --all}] then { addlog $infoout testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct3 "attribute : /voms1/group1 attribute : /voms1/group1/Role=TestRole attribute : /voms1" loadvar out3 $infoout addlog $infoout if [regexp $correct3 $out3] then { testmessage "AC was valid" return $::PASSTEST } logvar correct3 addlog $out3 testmessage "AC did not contain correct information." return $::FAILTEST } } else { logvar correct2 testmessage "Output was not as intended." addlog $outname return $::FAILTEST } } addlog $outname testmessage "REST output was incorrect." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms105.exp000066400000000000000000000022451477131364200204440ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --includeac works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --separate $::SCRATCHDIR/tempout}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init --separate failed." return $::FAILTEST } set res [log_exec includename {voms-proxy-init --includeac $::SCRATCHDIR/tempout}] if $res then { addlog $includename testmessage "voms-proxy-init --includeac failed." return $::FAILTEST } #match against known (correct) output set correct "attribute : /voms1" if [log_exec infoout {voms-proxy-info --all}] then { addlog $infoout testmessage "voms-proxy-info failed." return $::FAILTEST } addlog $infoout loadvar out2 $infoout if [regexp -- $correct $out2 dummy] then { testmessage "voms-proxy-init --includeac worked successfully." return $::PASSTEST } else { logvar correct testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/voms/voms106.exp000066400000000000000000000011251477131364200204410ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --includeac get an error with bogus input." proc mytest {} { _activateCert mycert2 set tempout [exec mktemp $::SCRATCHDIR/ac-XXXXXX] set id [open $tempout "w+"] puts $id "bobh" close $id set res [log_exec includename {voms-proxy-init --includeac $tempout}] if $res then { testmessage "voms-proxy-init --includeac correctly failed." return $::PASSTEST } addlog $includename testmessage "voms-proxy-init --includeac incorrectly returned success." return $::FAILTEST } do_testvoms-2.1.2/testsuite/voms/voms/voms107.exp000066400000000000000000000072731477131364200204540ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if a default REST request with multiple parameters works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set outname [exec mktemp $::SCRATCHDIR/openssl-output-XXXXXX] set errname [exec mktemp $::SCRATCHDIR/openssl-error-XXXXXX] set tempfile [exec mktemp $::SCRATCHDIR/openssl-input-XXXXXX] set id [open $tempfile "w+"] puts $id "GET /generate-ac?fqans=/voms1/group1,/voms1/group1/Role=TestRole&lifetime=3599 HTTP/1.1" puts $id "" close $id set res [catch {set out [exec openssl s_client -connect localhost:33334 -CApath $::_cadir -cert $::env(X509_USER_CERT) -key $::env(X509_USER_KEY) -quiet 2>$errname <$tempfile >$outname]}] _vomsStop voms1 loadvar out $outname if $res then { addlog $outname addlog $errname testmessage "openssl s_client incorrectly failed." return $::FAILTEST } else { set correct1 "HTTP/1.1 200 OK" loadvar out2 $outname if [regexp $correct1 $out] then { #result is correctly ok set correct2 "<\\?xml version=\"1.0\" encoding=\"UTF-8\"\\?>(.*)" if [regexp $correct2 $out all ac] then { # Output was as intended. Is it a valid AC? set acfile [exec mktemp $::SCRATCHDIR/ac-XXXXXX] set acid [open $acfile "w+"] puts $acid "-----BEGIN ATTRIBUTE CERTIFICATE-----" puts $acid [string trim $ac] puts $acid "-----END ATTRIBUTE CERTIFICATE-----" close $acid addlog $acfile set res [log_exec vomsout {voms-proxy-init --includeac $acfile}] addlog $vomsout if $res then { testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec infoout {voms-proxy-info --all}] then { addlog $infoout testmessage "voms-proxy-info failed." return $::FAILTEST } else { #match against known (correct) output set correct3 "attribute : /voms1/group1 attribute : /voms1/group1/Role=TestRole attribute : /voms1" loadvar out3 $infoout addlog $infoout if [regexp $correct3 $out3] then { set correct4 "timeleft : 0:(\[0-9\]*):(\[0-9\]*)" if [regexp $correct4 $out3 all min sec] then { if [ expr {(($min < 60 && $sec < 60))}] then { testmessage "AC was valid" return $::PASSTEST } else { logvar correct4 testmessage "validity times were wrong" return $::FAILTEST } } logvar correct4 testmessage "Dates were not valid" addlog $out3 return $::FAILTEST } logvar correct3 addlog $out3 testmessage "AC did not contain correct information." return $::FAILTEST } } else { logvar correct2 testmessage "Output was not as intended." addlog $outname return $::FAILTEST } } addlog $outname testmessage "REST output was incorrect." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms108.exp000066400000000000000000000016731477131364200204530ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-info -keyusage works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info --text}] then { addlog $outname testmessage "voms-proxy-info returned an error." return $::FAILTEST } else { set correct "\[.\\\n\]*key usage : Digital Signature, Key Encipherment" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "-keyusage worked correcly." return $::PASSTEST } else { logvar correct addlog $outname testmessage "Unexpected output in voms-proxy-info" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms109.exp000066400000000000000000000014231477131364200204450ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-destroy --dryrun works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set res [log_exec outname {voms-proxy-destroy --dryrun}] if $res then { addlog $outname testmessage "voms-proxy-destroy failed." return $::FAILTEST } else { if [file exists /tmp/x509up_u[exec id -u]] then { testmessage "proxy exists." return $::PASSTEST } else { testmessage "proxy deleted." return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/voms/voms110.exp000066400000000000000000000016021477131364200204340ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -pastac works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --pastac 11:30}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info -all}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } set correct "timeleft : 0:\[2-3\]" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "AC validity backdated correctly" return $::PASSTEST } logvar correct addlog $outname testmessage "problems in moving AC validity" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms111.exp000066400000000000000000000016161477131364200204420ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -pastproxy works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --pastproxy 11:30}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info -all}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } set correct "timeleft : 0:\[2-3\]" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "proxy validity backdated correctly" return $::PASSTEST } logvar correct addlog $outname testmessage "problems in moving proxy validity" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms112.exp000066400000000000000000000021541477131364200204410ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -keyusage works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --keyusage cRLSign,encipherOnly,digitalSignature,nonRepudiation,keyEncipherment,keyAgreement,keyCertSign,decipherOnly}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set proxy [_proxyname] if [catch {set out2 [exec openssl x509 -text -noout -in $proxy >& $outname]}] then { addlog $outname testmessage "openssl failed." return $::FAILTEST } set correct "Digital Signature, Non Repudiation, Key Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "keyusage correctly" return $::PASSTEST } logvar correct addlog $outname testmessage "keyusage not set" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms113.exp000066400000000000000000000017311477131364200204420ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -extkeyusage works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --extkeyusage serverAuth,timeStamping}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set proxy [_proxyname] if [catch {set out2 [exec openssl x509 -text -noout -in $proxy >& $outname]}] then { addlog $outname testmessage "openssl failed." return $::FAILTEST } set correct "TLS Web Server Authentication, Time Stamping" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "extkeyusage correctly set." return $::PASSTEST } logvar correct addlog $outname testmessage "extkeyusage not set" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms114.exp000066400000000000000000000016601477131364200204440ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -nscert works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --nscert email,objCA}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set proxy [_proxyname] if [catch {set out2 [exec openssl x509 -text -noout -in $proxy >& $outname]}] then { addlog $outname testmessage "openssl failed." return $::FAILTEST } set correct "S/MIME, Object Signing CA" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "extkeyusage correctly set." return $::PASSTEST } logvar correct addlog $outname testmessage "extkeyusage not set" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms115.exp000066400000000000000000000017641477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -selfsigned works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --selfsigned -newsubject "/C=IT/O=CA"}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set proxy [_proxyname] if [catch {set out2 [exec openssl x509 -text -noout -in $proxy >& $outname]}] then { addlog $outname testmessage "openssl failed." return $::FAILTEST } set correct "\[ \t\]*Issuer: C=IT, O=CA .* \[ \t\]*Subject: C=IT, O=CA .* \[ \t\]*CA:TRUE" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "selfsigned works." return $::PASSTEST } logvar correct addlog $outname testmessage "selfsigned does not work" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms116.exp000066400000000000000000000017711477131364200204510ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -extensions (binary) works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --extension 1.3.6.1.9.9.9.9.100.100.100.100~70726f7661}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set proxy [_proxyname] if [catch {set out2 [exec openssl x509 -text -noout -in $proxy >& $outname]}] then { addlog $outname testmessage "openssl failed." return $::FAILTEST } set correct "\[ \t\]*1.3.6.1.9.9.9.9.100.100.100.100: \[ \t\]*prova" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "extension works." return $::PASSTEST } logvar correct addlog $outname testmessage "--extension does not work" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms117.exp000066400000000000000000000017531477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -extensions works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --extension 1.3.6.1.9.9.9.9.100.100.100.100:prova}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set proxy [_proxyname] if [catch {set out2 [exec openssl x509 -text -noout -in $proxy >& $outname]}] then { addlog $outname testmessage "openssl failed." return $::FAILTEST } set correct "\[ \t\]*1.3.6.1.9.9.9.9.100.100.100.100: \[ \t\]*prova" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "extension works." return $::PASSTEST } logvar correct addlog $outname testmessage "--extension does not work" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms118.exp000066400000000000000000000021631477131364200204470ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -extensions (file) works." proc mytest {} { _activateCert mycert2 _cleanproxy set filename [exec mktemp $::SCRATCHDIR/ext-XXXXXX] set id [open $filename "w+"] puts $id "prova" close $id set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --extension 1.3.6.1.9.9.9.9.100.100.100.100+$filename}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set proxy [_proxyname] if [catch {set out2 [exec openssl x509 -text -noout -in $proxy >& $outname]}] then { addlog $outname testmessage "openssl failed." return $::FAILTEST } set correct "\[ \t\]*1.3.6.1.9.9.9.9.100.100.100.100: \[ \t\]*prova" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "extension works." return $::PASSTEST } logvar correct addlog $outname testmessage "--extension does not work" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms119.exp000066400000000000000000000020031477131364200204410ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -extensions (critical) works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --extension 1.3.6.1.9.9.9.9.100.100.100.100/true:prova}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set proxy [_proxyname] if [catch {set out2 [exec openssl x509 -text -noout -in $proxy >& $outname]}] then { addlog $outname testmessage "openssl failed." return $::FAILTEST } set correct "\[ \t\]*1.3.6.1.9.9.9.9.100.100.100.100: critical \[ \t\]*prova" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "extension works." return $::PASSTEST } logvar correct addlog $outname testmessage "--extension does not work" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms120.exp000066400000000000000000000017011477131364200204350ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -acextensions works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --acextension 1.3.6.1.9.9.9.9.100.100.100.100:prova}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set proxy [_proxyname] if [catch {set out2 [exec openssl x509 -text -noout -in $proxy >& $outname]}] then { addlog $outname testmessage "openssl failed." return $::FAILTEST } set correct "prova" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "acextension works." return $::PASSTEST } logvar correct addlog $outname testmessage "--acextension does not work" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms121.exp000066400000000000000000000017251477131364200204440ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -newserial works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --newserial 0102030405060708090a0b0c0d0e0f}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set proxy [_proxyname] if [catch {set out2 [exec openssl x509 -serial -noout -in $proxy >& $outname]}] then { addlog $outname testmessage "openssl failed." return $::FAILTEST } set correct "serial=0102030405060708090A0B0C0D0E0F" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "--newserial works." return $::PASSTEST } logvar correct addlog $outname testmessage "--newserial does not work" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms122.exp000066400000000000000000000014251477131364200204420ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --out fails correctly." proc mytest {} { _activateCert mycert2 _cleanproxy _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --out $::SCRATCHDIR/tfhasdfbk/fregio}] _vomsStop voms1 addlog $outname if $res then { set correct "ERROR: Cannot write proxy to: $::SCRATCHDIR/tfhasdfbk/fregio" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-init failed with correct message." return $::PASSTEST } else { logvar correct testmessage "voms-proxy-init failed with wrong message." return $::FAILTEST } } return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms123.exp000066400000000000000000000014771477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --separate works correctly with extra data." proc mytest {} { _activateCert mycert2 _cleanproxy _vomsStart voms1 set listname [exec mktemp $::SCRATCHDIR/voms-proxy-init-XXXXXX] set res [log_exec outname {voms-proxy-init --list --voms voms1 --separate $listname}] _vomsStop voms1 addlog $outname if $res then { testmessage "voms-proxy-init failed." return $::FAILTEST } set correct "/voms1 /voms1/group1 /voms1/group1/Role=TestRole" addlog $listname addlog $listname.data loadvar out2 $listname.data if [regexp $correct $out2] then { testmessage "output correct" return $::PASSTEST } logvar correct testmessage "unexpected output" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms124.exp000066400000000000000000000017571477131364200204540ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --debug works." proc mytest {} { _activateCert mycert2 _cleanproxy _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --debug}] _vomsStop voms1 addlog $outname if $res then { testmessage "voms-proxy-init failed." return $::FAILTEST } set correct "Detected Globus version: 2.2 Unspecified proxy version, settling on Globus version: 2 Number of bits in key :2048 Files being used: CA certificate file: none Trusted certificates directory : $::ETC_DIR/grid-security/certificates Proxy certificate file : /tmp/x509up_u\[0-9\]* User certificate file: $::env(X509_USER_CERT) User key file: $::env(X509_USER_KEY) Output to /tmp/x509up_u\[0-9\]*" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "output correct" return $::PASSTEST } logvar correct testmessage "unexpected output" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms125.exp000066400000000000000000000017141477131364200204460ustar00rootroot00000000000000load_lib vomstest.ex testheader "See if voms-proxy-init --vomses fails correctly." proc mytest {} { _activateCert mycert2 _cleanproxy set filename [exec mktemp $::SCRATCHDIR/vomses-XXXXXX] set id [open $filename "w+"] puts $id "Wrong line" close $id addlog $filename _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 --vomses $filename}] _vomsStop voms1 addlog $outname if $res then { set correct "data format in file: $filename incorrect! Line: Wrong line" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-init failed correctly." return $::PASSTEST } else { logvar correct testmessage "voms-proxy-init returned wrong message." return $::FAILTEST } } testmessage "voms-proxy-init incorrectly succeeded." return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms126.exp000066400000000000000000000013761477131364200204530ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init with wrong options correctly exits." proc mytest {} { _activateCert mycert2 _cleanproxy _vomsStart voms1 set res [log_exec outname {voms-proxy-init --vrms voms1}] _vomsStop voms1 addlog $outname if $res then { set correct ".*unrecognized option .--vrms." loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-init failed correctly." return $::PASSTEST } else { logvar correct testmessage "voms-proxy-init returned wrong message." return $::FAILTEST } } testmessage "voms-proxy-init incorrectly succeeded." return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms127.exp000066400000000000000000000013701477131364200204460ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init -pwstdin fails correctly when no password is provided." proc mytest {} { _activateCert passcert _cleanproxy set res [log_exec outname {voms-proxy-init --pwstdin & $outname]}] then { addlog $outname testmessage "openssl failed." return $::FAILTEST } set correct "Key: \\(2048 bit\\)" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "--bits 0 works." return $::PASSTEST } logvar correct addlog $outname testmessage "--bits 0 does not work" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms144.exp000066400000000000000000000014501477131364200204440ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init fails correctly when cert and key do not match." proc mytest {} { _activateCert mycert2 file copy -force "$::_certdir/mycert1-key.pem" $::env(X509_USER_KEY) exec chmod 400 $::env(X509_USER_KEY) set res [log_exec outname {voms-proxy-init}] if $res then { set correct "user key and certificate don't match" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-init failed with correct message." return $::PASSTEST } addlog $outname testmessage "voms-proxy-init failed with an incorrect message." return $::FAILTEST } testmessage "voms-proxy-init incorrectly succeeded." return $::FAILTEST } do_testvoms-2.1.2/testsuite/voms/voms/voms145.exp000066400000000000000000000013441477131364200204470ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init fails correctly when the key has incorrect permissions." proc mytest {} { _activateCert mycert2 exec chmod 444 $::env(X509_USER_KEY) set res [log_exec outname {voms-proxy-init --debug}] if $res then { set correct "Wrong permissions on file" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-init failed with correct message." return $::PASSTEST } addlog $outname testmessage "voms-proxy-init failed with an incorrect message." return $::FAILTEST } testmessage "voms-proxy-init incorrectly succeeded." return $::FAILTEST } do_testvoms-2.1.2/testsuite/voms/voms/voms146.exp000066400000000000000000000014341477131364200204500ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init fails correctly when the key is empty." proc mytest {} { _activateCert mycert2 exec rm -f $::env(X509_USER_KEY) exec touch $::env(X509_USER_KEY) exec chmod 400 $::env(X509_USER_KEY) set res [log_exec outname {voms-proxy-init}] if $res then { set correct "user private key file is empty" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-init failed with correct message." return $::PASSTEST } addlog $outname testmessage "voms-proxy-init failed with an incorrect message." return $::FAILTEST } testmessage "voms-proxy-init incorrectly succeeded." return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms147.exp000066400000000000000000000016001477131364200204440ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init fails correctly when the key is corrupted." proc mytest {} { _activateCert mycert2 exec chmod 600 $::env(X509_USER_KEY) exec cat $::env(X509_USER_KEY) | tr "\[a-z\]" "\[A-Z\]" > $::SCRATCHDIR/o.pem exec cp $::SCRATCHDIR/o.pem $::env(X509_USER_KEY) exec chmod 400 $::env(X509_USER_KEY) set res [log_exec outname {voms-proxy-init}] if $res then { set correct "Function: proxy_init_cred" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-init failed with correct message." return $::PASSTEST } addlog $outname testmessage "voms-proxy-init failed with an incorrect message." return $::FAILTEST } testmessage "voms-proxy-init incorrectly succeeded." return $::FAILTEST } do_testvoms-2.1.2/testsuite/voms/voms/voms148.exp000066400000000000000000000016671477131364200204620ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake hex interpretation works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --newsubject /CN=\\46\\41\\4bED\N\\\\\N}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info -all}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } set correct "subject : /CN=FAKEDN\\\N" loadvar out2 $outname if [expr [string first $correct $out2] != -1] then { testmessage "Hex interpretation correct" return $::PASSTEST } logvar correct addlog $outname testmessage "Hex interpretation incorrect" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms149.exp000066400000000000000000000016401477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -selfsigned (bare) works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake -bits 0 --selfsigned -newsubject "/C=IT/O=CA"}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set proxy [_proxyname] if [catch {set out2 [exec openssl x509 -text -noout -in $proxy >& $outname]}] then { addlog $outname testmessage "openssl failed." return $::FAILTEST } set correct "\[ \t\]*Issuer: C=IT, O=CA .* \[ \t\]*Subject: C=IT, O=CA .* \[ \t\]*CA:TRUE" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "selfsigned works." return $::PASSTEST } logvar correct addlog $outname testmessage "selfsigned does not work" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms150.exp000066400000000000000000000014271477131364200204450ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake -selfsigned fails correctly when subject AND issuer are not specified." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --selfsigned}] addlog $outname if $res then { set correct "Error: At least one of --newsubject and --newissuer must be specified for --selfsigned." loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-fake failed with the expected message." return $::PASSTEST } testmessage "voms-proxy-fake failed with an incorrect message." return $::FAILTEST } testmessage "voms-proxy-fake unexpectedly succeeded" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms151.exp000066400000000000000000000027741477131364200204540ustar00rootroot00000000000000 load_lib vomstest.exp testheader "See if voms-proxy-fake --separate works." proc mytest {} { _activateCert mycert2 _cleanproxy set outinfo [exec mktemp $::SCRATCHDIR/vo-info-XXXXXX] set id [open $outinfo "w+"] puts $id "\[voms1\]" puts $id "-hostcert = $::INSTALLDIR/certs/hostcert.pem" puts $id "-hostkey = $::INSTALLDIR/certs/hostkey.pem" puts $id "-fqan = /voms1" puts $id "-uri = testmachine.cnaf.infn.it" puts $id "\[voms2\]" puts $id "-hostcert = $::INSTALLDIR/certs/hostcert.pem" puts $id "-hostkey = $::INSTALLDIR/certs/hostkey.pem" puts $id "-fqan = /voms3" puts $id "-uri = testmachine.cnaf.infn.it:5000" puts $id "-ga = nome = \"prova di prova\"" puts $id "-ga = nome = prova" puts $id "-ga = \"non lo so\" = boh (/vom3)" puts $id "-target = r.f.c.it" puts $id "-target = r.f.s.it" puts $id "-vomslife = 10" close $id set res [log_exec outname {voms-proxy-fake --voinfo $outinfo --separate $::SCRATCHDIR/fake}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } set correct "-----BEGIN ATTRIBUTE CERTIFICATE-----" loadvar out2 $::SCRATCHDIR/fake if [regexp -- $correct $out2 dummy] then { testmessage "voms-proxy-init --separate worked successfully." return $::PASSTEST } logvar correct addlog $::SCRATCHDIR/fake testmessage "Unexpected output in voms-proxy-fake --separate" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms152.exp000066400000000000000000000014061477131364200204440ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --dont-verify-ac works." proc myprolog {} { file copy -force $::_vomsdir/voms1.pem $::SCRATCHDIR/voms1.pem } proc myepilog {} { file copy -force $::SCRATCHDIR/voms1.pem $::_vomsdir/voms1.pem } proc mytest {} { _activateCert mycert2 _cleanproxy _vomsStart voms1 file delete -force $::_vomsdir/voms1.pem set res [log_exec outname {voms-proxy-init --voms voms1 --dont-verify-ac}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init --dont-verify-ac failed." return $::FAILTEST } testmessage "voms-proxy-init --dont-verify-ac succeeded." return $::PASSTEST } test_set_prolog myprolog test_set_epilog myepilog do_test voms-2.1.2/testsuite/voms/voms/voms153.exp000066400000000000000000000012451477131364200204460ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --dont-verify-ac works." proc myprolog {} { set ::env(VOMS_PROXY_INIT_DONT_VERIFY_AC) "1" } proc myepilog {} { unset ::env(VOMS_PROXY_INIT_DONT_VERIFY_AC) } proc mytest {} { _activateCert mycert2 _cleanproxy _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init --dont-verify-ac failed." return $::FAILTEST } testmessage "voms-proxy-init --dont-verify-ac succeeded." return $::PASSTEST } test_set_prolog myprolog test_set_epilog myepilog do_test voms-2.1.2/testsuite/voms/voms/voms154.exp000066400000000000000000000021711477131364200204460ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if LSC files work with multiple chains." proc myprolog {} { file mkdir $::_vomsdir/voms1 set id [open "$::_vomsdir/voms1/testsite.lsc" "w+"] puts $id " /C=false /Dn=CA ------ NEXT CHAIN ------ /C=IT/CN=003 /C=IT/O=INFN/CN=CAFromthisCN /C=IT/O=INFN/CN=CAFromthisCN /C=IT/O=INFN/ST=IT/L=THISL/OU=INFN/CN=thisCN" close $id _addVOMSOption voms1 uri testsite:10000 } proc myepilog {} { file delete $::_vomsdir/voms1/testsite.lsc _removeVOMSOption voms1 uri } proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init did not work." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info execution failed." return $::FAILTEST } else { testmessage "voms-proxy-info succeeded." return $::PASSTEST } } test_set_prolog myprolog test_set_epilog myepilog do_test voms-2.1.2/testsuite/voms/voms/voms155.exp000066400000000000000000000023271477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if LSC files work with Email field." proc myprolog {} { _activateHostCertificate mycert5 _makeVomses voms1 file mkdir $::_vomsdir/voms1 set id [open "$::_vomsdir/voms1/testsite.lsc" "w+"] puts $id " /C=IT/CN=005/Email=this@email.com /C=IT/O=INFN/CN=CAFromthisCN /C=IT/O=INFN/CN=CAFromthisCN /C=IT/O=INFN/ST=IT/L=THISL/OU=INFN/CN=thisCN" close $id _addVOMSOption voms1 uri testsite:10000 } proc myepilog {} { _activateHostCertificate mycert3 _makeVomses voms1 file delete $::_vomsdir/voms1/testsite.lsc _removeVOMSOption voms1 uri } proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init did not work." return $::FAILTEST } set res [log_exec outname {voms-proxy-info --all}] if $res then { addlog $outname testmessage "voms-proxy-info execution failed." return $::FAILTEST } else { testmessage "voms-proxy-info succeeded." return $::PASSTEST } } test_set_prolog myprolog test_set_epilog myepilog do_test voms-2.1.2/testsuite/voms/voms/voms156.exp000066400000000000000000000022661477131364200204550ustar00rootroot00000000000000load_lib vomstest.exp testheader "check the error message if a file cannot be written." proc myprolog {} { file mkdir $::SCRATCHDIR/tmp file attributes $::SCRATCHDIR/tmp -permissions 00000 } proc myepilog {} { file attributes $::SCRATCHDIR/tmp -permissions 00700 file delete -force $::SCRATCHDIR/tmp } proc mytest {} { _activateCert mycert2 if [expr [exec id -u] == 0] then { set ::_test_epilog "" return $::UNDECIDEDTEST } set res [log_exec outname {voms-proxy-init --out $::SCRATCHDIR/tmp/file}] if $res then { set match "ERROR: Cannot write proxy to: $::SCRATCHDIR/tmp/file" loadvar out2 $outname if [regexp $match $out2] then { testmessage "voms-proxy-init failed with the correct message." return $::PASSTEST } else { addlog $match logvar correct testmessage "voms-proxy-init returned an incorrect error message." return $::FAILTEST } } else { addlog $outname testmessage "proxy created successfully when it should have failed." return $::FAILTEST } } test_set_prolog myprolog test_set_epilog myepilog do_test voms-2.1.2/testsuite/voms/voms/voms157.exp000066400000000000000000000017331477131364200204540ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake with incorrect -keyusage fails correctly." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --keyusage cRLSign,encipherOnly,digitalSiature,nonRepudiation,keyEncipherment,keyAgreement,keyCertSign,decipherOnly,dataEncipherment}] if $res then { set correct "KeyUsage bit: digitalSiature unknown" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-fake succeeded with the correct error." return $::PASSTEST } addlog $outname logvar correct testmessage "voms-proxy-fake failed with the wrong error." return $::FAILTEST } testmessage "voms-proxy-fake succeeded when it should have failed." addlog $outname return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms158.exp000066400000000000000000000013321477131364200204500ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if \"Email\" OID is redefined somewhere." proc mytest {} { set res1 [log_exec outnama1 {strings $::INSTALLDIR/bin/* $::INSTALLDIR/sbin/* | grep "Email" | grep -v "/Email"} ] set res2 [log_exec outname2 {strings $::INSTALLDIR/lib/lib* | grep "Email" | grep -v "/Email"}] set res3 [log_exec outname2 {strings $::INSTALLDIR/lib64/lib* | grep "Email" | grep -v "/Email"} ] if [expr $res1 && $res2 && $res3] then { testmessage "Email OID is not redefined." return $::PASSTEST } else { addlog outname1 addlog outname2 addlog outname3 testmessage "Email OID is redefined somewhere." return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms159.exp000066400000000000000000000007061477131364200204550ustar00rootroot00000000000000load_lib vomstest.exp testheader "check if references to edg have been removed from the manpages." proc mytest {} { set res [log_exec outname {grep -r edg $::INSTALLDIR/share/man}] if $res then { testmessage "No reference to edg remains in the man pages." return $::PASSTEST } else { testmessage "some references to edg remain in the man pages." addlog $outname return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms160.exp000066400000000000000000000011611477131364200204410ustar00rootroot00000000000000load_lib vomstest.exp testheader "check if voms-proxy-info suceeds on a plain proxy." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-init}] if $res then { testmessage "proxy creation failed." addlog $outname return $::FAILTEST } set res [log_exec outname {voms-proxy-info}] if $res then { testmessage "voms-proxy-info failed on a plain proxy." addlog $outname return $::FAILTEST } else { testmessage "voms-proxy-info succeeded on a plain proxy." return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/voms/voms161.exp000066400000000000000000000014041477131364200204420ustar00rootroot00000000000000load_lib vomstest.exp testheader "check if there are world writable files/dirs in the installed software." proc mytest {} { set res "[glob $::INSTALLDIR/*] [glob -nocomplain $::INSTALLDIR/*/*] [glob -nocomplain $::INSTALLDIR/*/*/*] [glob -nocomplain %::INSTALLDIR/*/*/*/*] [glob -nocomplain $::INSTALLDIR/*/*/*/*/*]" set files "" set err 0 foreach var $res { set perms [file attributes $var -permissions] set lc [string range $perms end end] if [expr [string first $lc "2367"] != -1] then { set files "$var $files" set err 1 } } if $err then { testmessage "The following files or dirs:$files were world writable." return $::FAILTEST } return $::PASSTEST } do_test voms-2.1.2/testsuite/voms/voms/voms162.exp000066400000000000000000000012451477131364200204460ustar00rootroot00000000000000load_lib vomstest.exp testheader "check if the jar file has executable permissions." proc mytest {} { set res "[glob -nocomplain $::INSTALLDIR/share/java/vomsjapi.jar] [glob -nocomplain $::INSTALLDIR/usr/share/java/vomsjapi.jar]" set files "" set err 0 foreach var $res { set perms [file attributes $var -permissions] set lc [string range $perms end end] if [expr [string first $lc "1357"] != -1] then { set files "$var $files" set err 1 } } if $err then { testmessage "The jar file: $fileshas executable permissions." return $::FAILTEST } return $::PASSTEST } do_test voms-2.1.2/testsuite/voms/voms/voms163.exp000066400000000000000000000016651477131364200204550ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake with incorrect -extkeyusage fails correctly." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --extkeyusage serverAuth,timeStampig}] if $res then { set correct "ExtKeyUsage bit value: serverAuth,timeStampig invalid. One or more of the bits are unknown" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "voms-proxy-fake succeeded with the correct error." return $::PASSTEST } addlog $outname logvar correct testmessage "voms-proxy-fake failed with the wrong error." return $::FAILTEST } testmessage "voms-proxy-fake succeeded when it should have failed." addlog $outname return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms164.exp000066400000000000000000000022521477131364200204470ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if /etc/rc.d/init.d/voms fails correctly to start correctly when the lokfile points to the wrong process." proc myepilog {} { _vomsStop voms1 exec rm $::LOCK_DIR/voms.voms1 } proc mytest {} { if {[info exists ::VALGRIND]} then { return $::UNDECIDEDTEST } set start "start" logvar start set prid [exec ps] logvar prid set pid [exec ps | grep sh | grep -v grep | head -1] logvar pid set ppid [string range $pid 0 [string first " " $pid]] logvar ppid set file "$::LOCK_DIR/voms.voms1" logvar file set id [open $::LOCK_DIR/voms.voms1 "w+"] puts $id $pid close $id set opened "op" logvar opened _activateCert mycert2 set var "$::LOCK_DIR/voms.voms1" logvar var _vomsStart voms1 set correct "lock file $::LOCK_DIR/voms.voms1 seems to be stale" logvar correct if [regexp $correct $::startOutput] then { testmessage "voms failed to start with the correct error." return $::PASSTEST } logvar ::startOutput testmessage "voms returned an incorrect error message" return $::FAILTEST } test_set_epilog myepilog do_test voms-2.1.2/testsuite/voms/voms/voms165.exp000066400000000000000000000007331477131364200204520ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init --noregen of an rfc proxy works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --rfc}] set res [log_exec outname {voms-proxy-init --valid 01:00 --voms voms1 --noregen}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } return $::PASSTEST } do_testvoms-2.1.2/testsuite/voms/voms/voms166.exp000066400000000000000000000020651477131364200204530ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init reads ~/.voms/vomses." global ::__ENVVAR proc myprolog {} { # protect .voms if it already exists if [file exists ~/.voms] { if [file exists ~/.voms.testsuite] { file delete -force ~/.voms.testsuite } file rename ~/.voms ~/.voms.testsuite } file mkdir ~/.voms file rename $::ETC_DIR/vomses ~/.voms/vomses set ::__ENVVAR $::env(VOMS_USERCONF) unset ::env(VOMS_USERCONF) } proc myepilog {} { file rename ~/.voms/vomses $::ETC_DIR/vomses if [file exists ~/.voms.testsuite] { file rename ~/.voms.testsuite ~/.voms } set ::env(VOMS_USERCONF) $::__ENVVAR unset ::__ENVVAR } proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } return $::PASSTEST } test_set_prolog myprolog test_set_epilog myepilog do_test voms-2.1.2/testsuite/voms/voms/voms167.exp000066400000000000000000000025701477131364200204550ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-init reads ~/.glite/vomses if ~/.voms/vomses is absent." global ::__ENVVAR proc myprolog {} { # protect .voms if it already exists if [file exists ~/.voms] { if [file exists ~/.voms.testsuite] { file delete -force ~/.voms.testsuite } file rename ~/.voms ~/.voms.testsuite } if [file exists ~/.glite] { if [file exists ~/.glite.testsuite] { file delete -force ~/.glite.testsuite } file rename ~/.glite ~/.glite.testsuite } file mkdir ~/.glite file rename $::ETC_DIR/vomses ~/.glite/vomses set ::__ENVVAR $::env(VOMS_USERCONF) unset ::env(VOMS_USERCONF) } proc myepilog {} { file rename ~/.glite/vomses $::ETC_DIR/vomses if [file exists ~/.voms.testsuite] { file rename ~/.voms.testsuite ~/.voms } if [file exists ~/.glite.testsuite] { file rename ~/.glite.testsuite ~/.glite } set ::env(VOMS_USERCONF) $::__ENVVAR unset ::__ENVVAR } proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } return $::PASSTEST } test_set_prolog myprolog test_set_epilog myepilog do_test voms-2.1.2/testsuite/voms/voms/voms168.exp000066400000000000000000000016221477131364200204530ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if voms-proxy-fake --ga works." proc mytest {} { _activateCert mycert2 _cleanproxy set res [log_exec outname {voms-proxy-fake --voms voms1 --fqan /voms1 --hostcert $::INSTALLDIR/certs/hostcert.pem --hostkey $::INSTALLDIR/certs/hostkey.pem --ga=id=vcia(log)}] if $res then { addlog $outname testmessage "voms-proxy-fake failed." return $::FAILTEST } if [log_exec outname {voms-proxy-info -all}] then { addlog $outname testmessage "voms-proxy-info failed." return $::FAILTEST } set correct "attribute : id = vcia \\(log\\)" loadvar out2 $outname if [regexp $correct $out2] then { testmessage "ga specified correctlyt" return $::PASSTEST } logvar correct addlog $outname testmessage "ga not specified correctly" return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/voms/voms169.exp000066400000000000000000000006551477131364200204610ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if verification works with cert created from pathlimited CA." global ::__ENVVAR proc mytest {} { _activateCert limitedcert _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } return $::PASSTEST } do_test voms-2.1.2/testsuite/voms/voms/voms170.exp000066400000000000000000000011251477131364200204420ustar00rootroot00000000000000load_lib vomstest.exp testheader "Check that voms-proxy-init requesting more than two FQANs works as expected." "https://savannah.cern.ch/bugs/?91228" proc mytest {} { _activateCert test_91228 _vomsStart voms1 set res [log_exec outname {voms-proxy-init -voms voms1:/voms1/Role=TestRole2 -voms voms1:/voms1/Role=TestRole3 -voms voms1:/voms1/Role=TestRole4 -voms voms1:/voms1/Role=TestRole5}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed in requesting > 2 FQANS!" return $::FAILTEST } addlog $outname return $::PASSTEST } do_test voms-2.1.2/testsuite/voms/vomsapi-c/000077500000000000000000000000001477131364200174235ustar00rootroot00000000000000voms-2.1.2/testsuite/voms/vomsapi-c/basictest.c000066400000000000000000000015011477131364200215450ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); } voms-2.1.2/testsuite/voms/vomsapi-c/copydata.c000066400000000000000000000157641477131364200214100ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include static void errorp(char *message) { fprintf(stderr, message); exit(1); } static int mystrcmp(char *l, char *r) { if (!l && !r) return 0; if ((!l && r) || (l && !r)) return 1; return strcmp(l,r); } static int mystrcmplen(int n, char *l, char *r) { if (!l && !r) return 0; if ((!l && r) || (l && !r)) return 1; return memcmp(l,r,n); } int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; int i = 0; if (vd) { if (VOMS_RetrieveFromProxy(RECURSE_CHAIN, vd, &error)) { struct vomsdata *copy = VOMS_Duplicate(vd); if (copy) { /* check base level parameters */ if (mystrcmp(copy->cdir, vd->cdir)) errorp("cdir differs"); if (mystrcmp(copy->vdir, vd->vdir)) errorp("vdir differs"); if (copy->volen != vd->volen) errorp("volen differs"); if (copy->extralen != vd->extralen) errorp("extradata differs"); if (mystrcmp(copy->workvo, vd->workvo)) errorp("workvo differs"); if (mystrcmplen(copy->extralen, copy->extra_data, vd->extra_data)) errorp("extradata differs"); struct voms **copylist = copy->data; struct voms **origlist = vd->data; do { struct voms *cp = copylist[i]; struct voms *or = origlist[i]; struct data **copystd = NULL; struct data **origstd = NULL; char **orfqan = NULL; char **cpfqan = NULL; int j = 0; if ((!cp && or) || (cp && !or)) errorp("Extra AC somewhere"); if (!cp && !or) break; if (cp->siglen != or->siglen) errorp("siglen differs"); if (mystrcmplen(cp->siglen, cp->signature, or->signature)) errorp("signature differs"); if (mystrcmp(cp->userca, or->userca)) errorp("userca differs"); if (mystrcmp(cp->user, or->user)) errorp("user differs"); if (mystrcmp(cp->server, or->server)) errorp("server differs"); if (mystrcmp(cp->serverca, or->serverca)) errorp("serverca differs"); if (mystrcmp(cp->voname, or->voname)) errorp("voname differs"); if (mystrcmp(cp->uri, or->uri)) errorp("uri differs"); if (mystrcmp(cp->date1, or->date1)) errorp("date1 differs"); if (mystrcmp(cp->date2, or->date2)) errorp("date2 differs"); if (cp->type != or->type) errorp("type differs"); if ((or->std && !cp->std) || (!or->std && cp->std)) errorp("Extra FQAN"); origstd = or->std; copystd = cp->std; do { struct data *dcp = copystd[j]; struct data *dor = origstd[j]; if ((dcp && !dor) || (!dcp && dor)) errorp("Extra FQAN"); if (!dcp && !dor) break; if (mystrcmp(dcp->group, dor->group)) errorp("Group differs"); if (mystrcmp(dcp->role, dor->role)) errorp("Role differs"); if (mystrcmp(dcp->cap, dor->cap)) errorp("Capability differs"); j++; } while (1); if (cp->datalen != or->datalen) errorp("datalen differs:"); if (mystrcmplen(cp->datalen, cp->custom, or->custom)) errorp("custom differs"); if (mystrcmp(cp->serial, or->serial)) errorp("serial differs"); orfqan = or->fqan; cpfqan = cp->fqan; j = 0; if ((!orfqan && cpfqan) || (orfqan && !cpfqan)) errorp("FQAN differ"); do { char *ofqan = orfqan[j]; char *cfqan = cpfqan[j]; if ((ofqan && !cfqan) || (!ofqan && cfqan)) errorp("Extra FQAN"); if (!ofqan && ! cfqan) break; if (mystrcmp(ofqan, cfqan)) errorp("FQAN differs"); j++; } while (1); /* Now do generic attributes. */ { int onum = VOMS_GetAttributeSourcesNumber(or, vd, &error); int cnum = VOMS_GetAttributeSourcesNumber(cp, copy, &error); int k = 0; if (onum != cnum) errorp("Different GA number"); if (onum == -1) errorp("Error in retrieving GA"); if (onum) for (k = 0; k < onum; k++) { int oh = VOMS_GetAttributeSourceHandle(or, k, vd, &error); int ch = VOMS_GetAttributeSourceHandle(cp, k, copy, &error); int on = 0; int cn = 0; char *ogrnt = NULL; char *cgrnt = NULL; int l = 0; if (oh == -1 || ch == -1) errorp("Error in retrieving GA"); ogrnt = VOMS_GetAttributeGrantor(or, oh, vd, &error); cgrnt = VOMS_GetAttributeGrantor(cp, ch, copy, &error); if (mystrcmp(ogrnt, cgrnt)) errorp("Difference in grantors"); on = VOMS_GetAttributesNumber(or, oh, vd, &error); cn = VOMS_GetAttributesNumber(cp, ch, copy, &error); if (on != cn || on == -1) errorp("Error in retrieving GAs"); for (l = 0; l < on; l++) { struct attribute oa; struct attribute ca; if (!VOMS_GetAttribute(or, oh, l, &oa, vd, &error) || !VOMS_GetAttribute(cp, ch, l, &ca, copy, &error)) errorp("Error in getting Attribute"); if (mystrcmp(oa.name, ca.name)) errorp("Error in name"); if (mystrcmp(oa.qualifier, ca.qualifier)) errorp("Error in qualifier"); if (mystrcmp(oa.value, ca.value)) errorp("Error in value"); } } } i++; } while (1); } else errorp("Error in making copy"); exit(0); } else { errorp("Cannot retrieve from proxy."); } } exit (1); } voms-2.1.2/testsuite/voms/vomsapi-c/copydata2.c000066400000000000000000000157721477131364200214710ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include static void errorp(char *message) { fprintf(stderr, message); exit(1); } static int mystrcmp(char *l, char *r) { if (!l && !r) return 0; if ((!l && r) || (l && !r)) return 1; return strcmp(l,r); } static int mystrcmplen(int n, char *l, char *r) { if (!l && !r) return 0; if ((!l && r) || (l && !r)) return 1; return memcmp(l,r,n); } int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; int i = 0; if (vd) { if (VOMS_RetrieveFromProxy(RECURSE_CHAIN, vd, &error)) { struct vomsdata *copy = VOMS_CopyALL(vd, &error); if (copy) { /* check base level parameters */ if (mystrcmp(copy->cdir, vd->cdir)) errorp("cdir differs"); if (mystrcmp(copy->vdir, vd->vdir)) errorp("vdir differs"); if (copy->volen != vd->volen) errorp("volen differs"); if (copy->extralen != vd->extralen) errorp("extradata differs"); if (mystrcmp(copy->workvo, vd->workvo)) errorp("workvo differs"); if (mystrcmplen(copy->extralen, copy->extra_data, vd->extra_data)) errorp("extradata differs"); struct voms **copylist = copy->data; struct voms **origlist = vd->data; do { struct voms *cp = copylist[i]; struct voms *or = origlist[i]; struct data **copystd = NULL; struct data **origstd = NULL; char **orfqan = NULL; char **cpfqan = NULL; int j = 0; if ((!cp && or) || (cp && !or)) errorp("Extra AC somewhere"); if (!cp && !or) break; if (cp->siglen != or->siglen) errorp("siglen differs"); if (mystrcmplen(cp->siglen, cp->signature, or->signature)) errorp("signature differs"); if (mystrcmp(cp->userca, or->userca)) errorp("userca differs"); if (mystrcmp(cp->user, or->user)) errorp("user differs"); if (mystrcmp(cp->server, or->server)) errorp("server differs"); if (mystrcmp(cp->serverca, or->serverca)) errorp("serverca differs"); if (mystrcmp(cp->voname, or->voname)) errorp("voname differs"); if (mystrcmp(cp->uri, or->uri)) errorp("uri differs"); if (mystrcmp(cp->date1, or->date1)) errorp("date1 differs"); if (mystrcmp(cp->date2, or->date2)) errorp("date2 differs"); if (cp->type != or->type) errorp("type differs"); if ((or->std && !cp->std) || (!or->std && cp->std)) errorp("Extra FQAN"); origstd = or->std; copystd = cp->std; do { struct data *dcp = copystd[j]; struct data *dor = origstd[j]; if ((dcp && !dor) || (!dcp && dor)) errorp("Extra FQAN"); if (!dcp && !dor) break; if (mystrcmp(dcp->group, dor->group)) errorp("Group differs"); if (mystrcmp(dcp->role, dor->role)) errorp("Role differs"); if (mystrcmp(dcp->cap, dor->cap)) errorp("Capability differs"); j++; } while (1); if (cp->datalen != or->datalen) errorp("datalen differs:"); if (mystrcmplen(cp->datalen, cp->custom, or->custom)) errorp("custom differs"); if (mystrcmp(cp->serial, or->serial)) errorp("serial differs"); orfqan = or->fqan; cpfqan = cp->fqan; j = 0; if ((!orfqan && cpfqan) || (orfqan && !cpfqan)) errorp("FQAN differ"); do { char *ofqan = orfqan[j]; char *cfqan = cpfqan[j]; if ((ofqan && !cfqan) || (!ofqan && cfqan)) errorp("Extra FQAN"); if (!ofqan && ! cfqan) break; if (mystrcmp(ofqan, cfqan)) errorp("FQAN differs"); j++; } while (1); /* Now do generic attributes. */ { int onum = VOMS_GetAttributeSourcesNumber(or, vd, &error); int cnum = VOMS_GetAttributeSourcesNumber(cp, copy, &error); int k = 0; if (onum != cnum) errorp("Different GA number"); if (onum == -1) errorp("Error in retrieving GA"); if (onum) for (k = 0; k < onum; k++) { int oh = VOMS_GetAttributeSourceHandle(or, k, vd, &error); int ch = VOMS_GetAttributeSourceHandle(cp, k, copy, &error); int on = 0; int cn = 0; char *ogrnt = NULL; char *cgrnt = NULL; int l = 0; if (oh == -1 || ch == -1) errorp("Error in retrieving GA"); ogrnt = VOMS_GetAttributeGrantor(or, oh, vd, &error); cgrnt = VOMS_GetAttributeGrantor(cp, ch, copy, &error); if (mystrcmp(ogrnt, cgrnt)) errorp("Difference in grantors"); on = VOMS_GetAttributesNumber(or, oh, vd, &error); cn = VOMS_GetAttributesNumber(cp, ch, copy, &error); if (on != cn || on == -1) errorp("Error in retrieving GAs"); for (l = 0; l < on; l++) { struct attribute oa; struct attribute ca; if (!VOMS_GetAttribute(or, oh, l, &oa, vd, &error) || !VOMS_GetAttribute(cp, ch, l, &ca, copy, &error)) errorp("Error in getting Attribute"); if (mystrcmp(oa.name, ca.name)) errorp("Error in name"); if (mystrcmp(oa.qualifier, ca.qualifier)) errorp("Error in qualifier"); if (mystrcmp(oa.value, ca.value)) errorp("Error in value"); } } } i++; } while (1); } else errorp("Error in making copy"); exit(0); } else { errorp("Cannot retrieve from proxy."); } } exit (1); } voms-2.1.2/testsuite/voms/vomsapi-c/copydata3.c000066400000000000000000000140221477131364200214550ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include static void errorp(char *message) { fprintf(stderr, message); exit(1); } static int mystrcmp(char *l, char *r) { if (!l && !r) return 0; if ((!l && r) || (l && !r)) return 1; return strcmp(l,r); } static int mystrcmplen(int n, char *l, char *r) { if (!l && !r) return 0; if ((!l && r) || (l && !r)) return 1; return memcmp(l,r,n); } int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; int i = 0; if (vd) { if (VOMS_RetrieveFromProxy(RECURSE_CHAIN, vd, &error)) { struct voms *or = vd->data[0]; struct voms *cp = VOMS_Copy(vd->data[0], &error); if (cp) { struct data **copystd = NULL; struct data **origstd = NULL; char **orfqan = NULL; char **cpfqan = NULL; int j = 0; if ((!cp && or) || (cp && !or)) errorp("Extra AC somewhere"); if (!cp && !or) exit(0); if (cp->siglen != or->siglen) errorp("siglen differs"); if (mystrcmplen(cp->siglen, cp->signature, or->signature)) errorp("signature differs"); if (mystrcmp(cp->userca, or->userca)) errorp("userca differs"); if (mystrcmp(cp->user, or->user)) errorp("user differs"); if (mystrcmp(cp->server, or->server)) errorp("server differs"); if (mystrcmp(cp->serverca, or->serverca)) errorp("serverca differs"); if (mystrcmp(cp->voname, or->voname)) errorp("voname differs"); if (mystrcmp(cp->uri, or->uri)) errorp("uri differs"); if (mystrcmp(cp->date1, or->date1)) errorp("date1 differs"); if (mystrcmp(cp->date2, or->date2)) errorp("date2 differs"); if (cp->type != or->type) errorp("type differs"); if ((or->std && !cp->std) || (!or->std && cp->std)) errorp("Extra FQAN"); origstd = or->std; copystd = cp->std; do { struct data *dcp = copystd[j]; struct data *dor = origstd[j]; if ((dcp && !dor) || (!dcp && dor)) errorp("Extra FQAN"); if (!dcp && !dor) break; if (mystrcmp(dcp->group, dor->group)) errorp("Group differs"); if (mystrcmp(dcp->role, dor->role)) errorp("Role differs"); if (mystrcmp(dcp->cap, dor->cap)) errorp("Capability differs"); j++; } while (1); if (cp->datalen != or->datalen) errorp("datalen differs:"); if (mystrcmplen(cp->datalen, cp->custom, or->custom)) errorp("custom differs"); if (mystrcmp(cp->serial, or->serial)) errorp("serial differs"); orfqan = or->fqan; cpfqan = cp->fqan; j = 0; if ((!orfqan && cpfqan) || (orfqan && !cpfqan)) errorp("FQAN differ"); do { char *ofqan = orfqan[j]; char *cfqan = cpfqan[j]; if ((ofqan && !cfqan) || (!ofqan && cfqan)) errorp("Extra FQAN"); if (!ofqan && ! cfqan) break; if (mystrcmp(ofqan, cfqan)) errorp("FQAN differs"); j++; } while (1); /* Now do generic attributes. */ { int onum = VOMS_GetAttributeSourcesNumber(or, vd, &error); int cnum = VOMS_GetAttributeSourcesNumber(cp, vd, &error); int k = 0; if (onum != cnum) errorp("Different GA number"); if (onum == -1) errorp("Error in retrieving GA"); if (onum) for (k = 0; k < onum; k++) { int oh = VOMS_GetAttributeSourceHandle(or, k, vd, &error); int ch = VOMS_GetAttributeSourceHandle(cp, k, vd, &error); int on = 0; int cn = 0; char *ogrnt = NULL; char *cgrnt = NULL; int l = 0; if (oh == -1 || ch == -1) errorp("Error in retrieving GA"); ogrnt = VOMS_GetAttributeGrantor(or, oh, vd, &error); cgrnt = VOMS_GetAttributeGrantor(cp, ch, vd, &error); if (mystrcmp(ogrnt, cgrnt)) errorp("Difference in grantors"); on = VOMS_GetAttributesNumber(or, oh, vd, &error); cn = VOMS_GetAttributesNumber(cp, ch, vd, &error); if (on != cn || on == -1) errorp("Error in retrieving GAs"); for (l = 0; l < on; l++) { struct attribute oa; struct attribute ca; if (!VOMS_GetAttribute(or, oh, l, &oa, vd, &error) || !VOMS_GetAttribute(cp, ch, l, &ca, vd, &error)) errorp("Error in getting Attribute"); if (mystrcmp(oa.name, ca.name)) errorp("Error in name"); if (mystrcmp(oa.qualifier, ca.qualifier)) errorp("Error in qualifier"); if (mystrcmp(oa.value, ca.value)) errorp("Error in value"); } } } } else errorp("Error in making copy"); exit(0); } else { errorp("Cannot retrieve from proxy."); } } exit (1); } voms-2.1.2/testsuite/voms/vomsapi-c/ddtest.c000066400000000000000000000047401477131364200210630ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; if (vd) { if (VOMS_RetrieveFromProxy(RECURSE_CHAIN, vd, &error)) { int total = 0; int count = 0; /* now we have parsed and verified the data */ struct voms *voms = VOMS_DefaultData(vd, &error); if (argc == 2 && !strcmp(argv[1], "total")) printf("total: %d\n", 1); if (argc == 1 || !strcmp(argv[1], "voname1")) printf("voname1: %s\n", voms->voname); if (argc == 1 || !strcmp(argv[1], "user1")) printf("user1: %s\n", voms->user); if (argc == 1 || !strcmp(argv[1], "userca1")) printf("userca1: %s\n", voms->userca); if (argc == 1 || !strcmp(argv[1], "server1")) printf("server1: %s\n", voms->server); if (argc == 1 || !strcmp(argv[1], "serverca1")) printf("serverca1: %s\n", voms->serverca); if (argc == 1 || !strcmp(argv[1], "uri1")) printf("uri1: %s\n", voms->uri); if (argc == 1 || !strcmp(argv[1], "begdate1")) printf("begdate1: %s\n", voms->date1); if (argc == 1 || !strcmp(argv[1], "enddate1")) printf("enddate1: %s\n", voms->date2); if (argc == 1 || !strcmp(argv[1], "fqan1")) { int index = 0; while (voms->fqan[index]) printf("fqan1: %s\n", voms->fqan[index++]); } if (argc == 1 || !strcmp(argv[1], "version1")) printf("version1: %ld\n", voms->version); exit (0); } else { fprintf(stderr, "Error Message2: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } } else { fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } } voms-2.1.2/testsuite/voms/vomsapi-c/delete.c000066400000000000000000000021101477131364200210230ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; if (vd) { if (VOMS_RetrieveFromProxy(RECURSE_CHAIN, vd, &error)) { struct voms *or = VOMS_DefaultData(vd, &error); struct voms *cp = VOMS_Copy(vd->data[0], &error); VOMS_Delete(cp); exit(0); } } exit(1); } voms-2.1.2/testsuite/voms/vomsapi-c/destroy.c000066400000000000000000000016221477131364200212610ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; if (vd) { VOMS_Destroy(vd); exit(0); } exit(1); } voms-2.1.2/testsuite/voms/vomsapi-c/expimp.c000066400000000000000000000173151477131364200211000ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include static void errorp(char *message) { fprintf(stderr, message); exit(1); } static int mystrcmp(char *l, char *r) { if (!l && !r) return 0; if ((!l && r) || (l && !r)) return 1; return strcmp(l,r); } static int mystrcmplen(int n, char *l, char *r) { if (!l && !r) return 0; if ((!l && r) || (l && !r)) return 1; return memcmp(l,r,n); } int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; int i = 0; if (vd) { if (VOMS_RetrieveFromProxy(RECURSE_CHAIN, vd, &error)) { char *buffer; int len; struct vomsdata *copy = VOMS_Init(NULL, NULL); if (copy) { if (VOMS_Export(&buffer, &len, vd, &error)) { if (VOMS_Import(buffer, len, copy, &error)) { /* check base level parameters */ if (mystrcmp(copy->cdir, vd->cdir)) errorp("cdir differs"); if (mystrcmp(copy->vdir, vd->vdir)) errorp("vdir differs"); if (copy->volen != vd->volen) errorp("volen differs"); if (copy->extralen != vd->extralen) errorp("extradata differs"); if (mystrcmp(copy->workvo, vd->workvo)) errorp("workvo differs"); if (mystrcmplen(copy->extralen, copy->extra_data, vd->extra_data)) errorp("extradata differs"); struct voms **copylist = copy->data; struct voms **origlist = vd->data; do { struct voms *cp = copylist[i]; struct voms *or = origlist[i]; struct data **copystd = NULL; struct data **origstd = NULL; char **orfqan = NULL; char **cpfqan = NULL; int j = 0; if ((!cp && or) || (cp && !or)) errorp("Extra AC somewhere"); if (!cp && !or) break; if (cp->siglen != or->siglen) errorp("siglen differs"); if (mystrcmplen(cp->siglen, cp->signature, or->signature)) errorp("signature differs"); if (mystrcmp(cp->userca, or->userca)) errorp("userca differs"); if (mystrcmp(cp->user, or->user)) errorp("user differs"); if (mystrcmp(cp->server, or->server)) errorp("server differs"); if (mystrcmp(cp->serverca, or->serverca)) errorp("serverca differs"); if (mystrcmp(cp->voname, or->voname)) errorp("voname differs"); if (mystrcmp(cp->uri, or->uri)) errorp("uri differs"); if (mystrcmp(cp->date1, or->date1)) errorp("date1 differs"); if (mystrcmp(cp->date2, or->date2)) errorp("date2 differs"); if (cp->type != or->type) errorp("type differs"); if ((or->std && !cp->std) || (!or->std && cp->std)) errorp("Extra FQAN"); origstd = or->std; copystd = cp->std; do { struct data *dcp = copystd[j]; struct data *dor = origstd[j]; if ((dcp && !dor) || (!dcp && dor)) errorp("Extra FQAN"); if (!dcp && !dor) break; if (mystrcmp(dcp->group, dor->group)) errorp("Group differs"); if (mystrcmp(dcp->role, dor->role)) errorp("Role differs"); if (mystrcmp(dcp->cap, dor->cap)) errorp("Capability differs"); j++; } while (1); if (cp->datalen != or->datalen) errorp("datalen differs:"); if (mystrcmplen(cp->datalen, cp->custom, or->custom)) errorp("custom differs"); if (mystrcmp(cp->serial, or->serial)) errorp("serial differs"); orfqan = or->fqan; cpfqan = cp->fqan; j = 0; if ((!orfqan && cpfqan) || (orfqan && !cpfqan)) errorp("FQAN differ"); do { char *ofqan = orfqan[j]; char *cfqan = cpfqan[j]; if ((ofqan && !cfqan) || (!ofqan && cfqan)) errorp("Extra FQAN"); if (!ofqan && ! cfqan) break; if (mystrcmp(ofqan, cfqan)) errorp("FQAN differs"); j++; } while (1); /* Now do generic attributes. */ { int onum = VOMS_GetAttributeSourcesNumber(or, vd, &error); int cnum = VOMS_GetAttributeSourcesNumber(cp, copy, &error); int k = 0; if (onum != cnum) errorp("Different GA number"); if (onum == -1) errorp("Error in retrieving GA"); if (onum) for (k = 0; k < onum; k++) { int oh = VOMS_GetAttributeSourceHandle(or, k, vd, &error); int ch = VOMS_GetAttributeSourceHandle(cp, k, copy, &error); int on = 0; int cn = 0; char *ogrnt = NULL; char *cgrnt = NULL; int l = 0; if (oh == -1 || ch == -1) errorp("Error in retrieving GA"); ogrnt = VOMS_GetAttributeGrantor(or, oh, vd, &error); cgrnt = VOMS_GetAttributeGrantor(cp, ch, copy, &error); if (mystrcmp(ogrnt, cgrnt)) errorp("Difference in grantors"); on = VOMS_GetAttributesNumber(or, oh, vd, &error); cn = VOMS_GetAttributesNumber(cp, ch, copy, &error); if (on != cn || on == -1) errorp("Error in retrieving GAs"); for (l = 0; l < on; l++) { struct attribute oa; struct attribute ca; if (!VOMS_GetAttribute(or, oh, l, &oa, vd, &error) || !VOMS_GetAttribute(cp, ch, l, &ca, copy, &error)) errorp("Error in getting Attribute"); if (mystrcmp(oa.name, ca.name)) errorp("Error in name"); if (mystrcmp(oa.qualifier, ca.qualifier)) errorp("Error in qualifier"); if (mystrcmp(oa.value, ca.value)) errorp("Error in value"); } } } i++; } while (1); } } } else errorp("Error in making copy"); exit(0); } else { errorp("Cannot retrieve from proxy."); } } exit (1); } voms-2.1.2/testsuite/voms/vomsapi-c/freetarget.c000066400000000000000000000033721477131364200217240ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; char * command; char *host = NULL; command="G/voms1"; if (argc == 1 || !strcmp(argv[1],"")) host="localhost"; else host = argv[1]; if (vd) { struct contactdata **vomses = VOMS_FindByAlias(vd, "voms1", NULL, NULL, &error); if (vomses[0]) { VOMS_AddTarget(vd, host, &error); VOMS_FreeTargets(vd, &error); if (VOMS_Contact(vomses[0]->host, vomses[0]->port, vomses[0]->contact, command, vd, &error)) { struct voms **vomsarray = vd->data; if (vomsarray && vomsarray[0]) { int index = 0; char **targets = VOMS_GetTargetsList(vomsarray[0], vd, &error); if (targets[0] == NULL) { printf("No targets present."); exit(0); } } } } } fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } voms-2.1.2/testsuite/voms/vomsapi-c/getac.c000066400000000000000000000021521477131364200206520ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error; if (vd) { if (VOMS_RetrieveFromProxy(RECURSE_CHAIN, vd, &error)) { struct voms *or = VOMS_DefaultData(vd, &error); if (or) { struct AC *ac = VOMS_GetAC(or); if (ac) { AC_free(ac); exit(0); } } } } exit(1); } voms-2.1.2/testsuite/voms/vomsapi-c/lifetime.c000066400000000000000000000103721477131364200213700ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include #include #include #include #include #include #include #include #include #include static time_t stillvalid(ASN1_TIME *ctm); static ASN1_TIME *convtime(char *data, int len); int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; char * command; command="G/voms1"; if (vd) { struct contactdata **vomses = VOMS_FindByAlias(vd, "voms1", NULL, NULL, &error); if (vomses[0]) { VOMS_SetLifetime(10*60, vd, &error); if (VOMS_Contact(vomses[0]->host, vomses[0]->port, vomses[0]->contact, command, vd, &error)) { struct voms *voms = VOMS_DefaultData(vd, &error); int life1 = stillvalid(convtime(voms->date1, strlen(voms->date1))); int life2 = stillvalid(convtime(voms->date2, strlen(voms->date2))); if (voms) { printf("validity: %ld\n", life2 - life1); exit(0); } } } } fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } static ASN1_TIME * convtime(char *data, int len) { ASN1_TIME *t= ASN1_TIME_new(); t->data = data; t->length = len; switch(t->length) { case 10: t->type = V_ASN1_UTCTIME; break; case 15: t->type = V_ASN1_GENERALIZEDTIME; break; default: ASN1_TIME_free(t); return NULL; } return t; } static time_t stillvalid(ASN1_TIME *ctm) { char *str; time_t offset; time_t newtime; char buff1[32]; char *p; int i; struct tm tm; int size = 0; switch (ctm->type) { case V_ASN1_UTCTIME: size=10; break; case V_ASN1_GENERALIZEDTIME: size=12; break; } p = buff1; i = ctm->length; str = (char *)ctm->data; if ((i < 11) || (i > 17)) { newtime = 0; } memcpy(p,str,size); p += size; str += size; if ((*str == 'Z') || (*str == '-') || (*str == '+')) { *(p++)='0'; *(p++)='0'; } else { *(p++)= *(str++); *(p++)= *(str++); } *(p++)='Z'; *(p++)='\0'; if (*str == 'Z') { offset=0; } else { if ((*str != '+') && (str[5] != '-')) { newtime = 0; } offset=((str[1]-'0')*10+(str[2]-'0'))*60; offset+=(str[3]-'0')*10+(str[4]-'0'); if (*str == '-') { offset=-offset; } } tm.tm_isdst = 0; int index = 0; if (ctm->type == V_ASN1_UTCTIME) { tm.tm_year = (buff1[index++]-'0')*10; tm.tm_year += (buff1[index++]-'0'); } else { tm.tm_year = (buff1[index++]-'0')*1000; tm.tm_year += (buff1[index++]-'0')*100; tm.tm_year += (buff1[index++]-'0')*10; tm.tm_year += (buff1[index++]-'0'); } if (tm.tm_year < 70) { tm.tm_year+=100; } if (tm.tm_year > 1900) { tm.tm_year -= 1900; } tm.tm_mon = (buff1[index++]-'0')*10; tm.tm_mon += (buff1[index++]-'0')-1; tm.tm_mday = (buff1[index++]-'0')*10; tm.tm_mday += (buff1[index++]-'0'); tm.tm_hour = (buff1[index++]-'0')*10; tm.tm_hour += (buff1[index++]-'0'); tm.tm_min = (buff1[index++]-'0')*10; tm.tm_min += (buff1[index++]-'0'); tm.tm_sec = (buff1[index++]-'0')*10; tm.tm_sec += (buff1[index++]-'0'); /* * mktime assumes local time, so subtract off * timezone, which is seconds off of GMT. first * we need to initialize it with tzset() however. */ tzset(); /* * for this usage, timezone does not matter. */ newtime = (mktime(&tm) + offset*60*60); return newtime; } voms-2.1.2/testsuite/voms/vomsapi-c/listtarg.c000066400000000000000000000022321477131364200214170ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; char *list = NULL; VOMS_AddTarget(vd, "prova.it", &error); VOMS_AddTarget(vd, "prova.com", &error); list = VOMS_ListTargets(vd, &error); if (list) { printf("targets: %s\n", list); exit(0); } fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } voms-2.1.2/testsuite/voms/vomsapi-c/loadbyalias.c000066400000000000000000000033031477131364200220520ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; if (vd) { struct contactdata **vomses = VOMS_FindByAlias(vd, "voms1", NULL, NULL, &error); if (vomses) { int total = 0; int count = 0; /* now we have parsed and verified the data */ while (vomses[total++]) ; total --; for (count = 0; count < total; count ++) printf("\"%s\" \"%s\" \"%s\" \"%s\" \"%ld\" \"%d\"\n", vomses[count]->nick, vomses[count]->host, vomses[count]->contact, vomses[count]->vo, vomses[count]->port, vomses[count]->version); VOMS_DeleteContacts(vomses); exit(0); } else { fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } } else { fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } } voms-2.1.2/testsuite/voms/vomsapi-c/loadbyvo.c000066400000000000000000000033001477131364200214020ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; if (vd) { struct contactdata **vomses = VOMS_FindByVO(vd, "voms1", NULL, NULL, &error); if (vomses) { int total = 0; int count = 0; /* now we have parsed and verified the data */ while (vomses[total++]) ; total --; for (count = 0; count < total; count ++) printf("\"%s\" \"%s\" \"%s\" \"%s\" \"%ld\" \"%d\"\n", vomses[count]->nick, vomses[count]->host, vomses[count]->contact, vomses[count]->vo, vomses[count]->port, vomses[count]->version); VOMS_DeleteContacts(vomses); exit(0); } else { fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } } else { fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } } voms-2.1.2/testsuite/voms/vomsapi-c/makeac.c000066400000000000000000000041121477131364200210060ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; char * command; if (argc == 1 || !strcmp(argv[1],"")) command="G/voms1"; else command = argv[1]; if (vd) { struct contactdata **vomses = VOMS_FindByAlias(vd, "voms1", NULL, NULL, &error); if (vomses[0]) { if (VOMS_Contact(vomses[0]->host, vomses[0]->port, vomses[0]->contact, command, vd, &error)) { struct voms **vomsarray = vd->data; if (vomsarray && vomsarray[0]) { int index = 0; printf("voname1: %s\n", vomsarray[0]->voname); printf("user1: %s\n", vomsarray[0]->user); printf("userca1: %s\n", vomsarray[0]->userca); printf("server1: %s\n", vomsarray[0]->server); printf("serverca1: %s\n", vomsarray[0]->serverca); printf("uri1: %s\n", vomsarray[0]->uri); printf("begdate1: %s\n", vomsarray[0]->date1); printf("enddate1: %s\n", vomsarray[0]->date2); while (vomsarray[0]->fqan[index]) printf("fqan1: %s\n", vomsarray[0]->fqan[index++]); printf("version1: %d\n", vomsarray[0]->version); exit(0); } } } } fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } voms-2.1.2/testsuite/voms/vomsapi-c/ordering.c000066400000000000000000000030211477131364200213740ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; char * command; command="G/voms1"; if (vd) { struct contactdata **vomses = VOMS_FindByAlias(vd, "voms1", NULL, NULL, &error); if (vomses[0]) { VOMS_Ordering("/voms1/group1,/voms1", vd, &error); if (VOMS_Contact(vomses[0]->host, vomses[0]->port, vomses[0]->contact, command, vd, &error)) { struct voms *voms = VOMS_DefaultData(vd, &error); if (voms) { char **fqans = voms->fqan; while (*fqans) { printf("fqan: %s\n", *fqans++); } exit(0); } } } } fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } voms-2.1.2/testsuite/voms/vomsapi-c/parsetest.c000066400000000000000000000076411477131364200216110ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; if (vd) { if (VOMS_RetrieveFromProxy(RECURSE_CHAIN, vd, &error)) { int total = 0; int count = 0; /* now we have parsed and verified the data */ struct voms **vomsarray = vd->data; while (vomsarray[total++]) ; total --; if (argc == 2 && !strcmp(argv[1], "total")) printf("total: %d\n", total); if (argc == 1 || !strcmp(argv[1], "voname1")) printf("voname1: %s\n", vomsarray[0]->voname); if (argc == 1 || !strcmp(argv[1], "user1")) printf("user1: %s\n", vomsarray[0]->user); if (argc == 1 || !strcmp(argv[1], "userca1")) printf("userca1: %s\n", vomsarray[0]->userca); if (argc == 1 || !strcmp(argv[1], "server1")) printf("server1: %s\n", vomsarray[0]->server); if (argc == 1 || !strcmp(argv[1], "serverca1")) printf("serverca1: %s\n", vomsarray[0]->serverca); if (argc == 1 || !strcmp(argv[1], "uri1")) printf("uri1: %s\n", vomsarray[0]->uri); if (argc == 1 || !strcmp(argv[1], "begdate1")) printf("begdate1: %s\n", vomsarray[0]->date1); if (argc == 1 || !strcmp(argv[1], "enddate1")) printf("enddate1: %s\n", vomsarray[0]->date2); if (argc == 1 || !strcmp(argv[1], "fqan1")) { int index = 0; while (vomsarray[0]->fqan[index]) printf("fqan1: %s\n", vomsarray[0]->fqan[index++]); } if (argc == 1 || !strcmp(argv[1], "version1")) printf("version1: %ld\n", vomsarray[0]->version); if ((argc == 1 || !strcmp(argv[1], "voname2")) && total == 2) printf("voname2: %s\n", vomsarray[1]->voname); if ((argc == 1 || !strcmp(argv[1], "user2")) && total == 2) printf("user2: %s\n", vomsarray[1]->user); if ((argc == 1 || !strcmp(argv[1], "userca2")) && total == 2) printf("userca2: %s\n", vomsarray[1]->userca); if ((argc == 1 || !strcmp(argv[1], "server2")) && total == 2) printf("server2: %s\n", vomsarray[1]->server); if ((argc == 1 || !strcmp(argv[1], "serverca2")) && total == 2) printf("serverca2: %s\n", vomsarray[1]->serverca); if ((argc == 1 || !strcmp(argv[1], "uri2")) && total == 2) printf("uri2: %s\n", vomsarray[1]->uri); if ((argc == 1 || !strcmp(argv[1], "begdate2")) && total == 2) printf("begdate2: %s\n", vomsarray[1]->date1); if ((argc == 1 || !strcmp(argv[1], "enddate2")) && total == 2) printf("enddate2: %s\n", vomsarray[1]->date2); if ((argc == 1 || !strcmp(argv[1], "fqan2")) && total == 2) { int index = 0; while (vomsarray[1]->fqan[index]) printf("fqan2: %s\n", vomsarray[1]->fqan[index++]); } if ((argc == 1 || !strcmp(argv[1], "version2")) && total == 2) printf("version2: %ld\n", vomsarray[1]->version); exit (0); } else { fprintf(stderr, "Error Message2: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } } else { fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } } voms-2.1.2/testsuite/voms/vomsapi-c/printtargets.c000066400000000000000000000025351477131364200223220ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; int i = 0; if (vd) { VOMS_SetVerificationType(VERIFY_NONE, vd,&error); if (VOMS_RetrieveFromProxy(RECURSE_CHAIN, vd, &error)) { struct voms *or = vd->data[0]; char **targets = VOMS_GetTargetsList(or, vd, &error); if (targets) { int j = 0; while (targets[j]) printf("Target: %s\n", targets[j++]); } VOMS_FreeTargetsList(targets); exit(0); } printf("Error: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); } exit (1); } voms-2.1.2/testsuite/voms/vomsapi-c/proxyfromfile.c000066400000000000000000000023571477131364200225030ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; int i = 0; if (vd) { if (argc !=2) { fprintf(stderr, "File argument missing.\n"); exit(1); } FILE *f = fopen(argv[1], "rb"); if (f) { if (!VOMS_RetrieveFromFile(f,RECURSE_CHAIN, vd, &error)) { fclose(f); fprintf(stderr, "Error is: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit(1); } fclose(f); exit(0); } } exit(1); } voms-2.1.2/testsuite/voms/vomsapi-c/readfromproxy.c000066400000000000000000000020371477131364200224720ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; int i = 0; if (vd) { if (!VOMS_RetrieveFromProxy(RECURSE_CHAIN, vd, &error)) { fprintf(stderr, "Error is: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit(1); } } exit (0); } voms-2.1.2/testsuite/voms/vomsapi-c/resetorder.c000066400000000000000000000030641477131364200217500ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; char * command; command="G/voms1"; if (vd) { struct contactdata **vomses = VOMS_FindByAlias(vd, "voms1", NULL, NULL, &error); if (vomses[0]) { VOMS_Ordering("/voms1/group1,/voms1", vd, &error); VOMS_ResetOrder(vd, &error); if (VOMS_Contact(vomses[0]->host, vomses[0]->port, vomses[0]->contact, command, vd, &error)) { struct voms *voms = VOMS_DefaultData(vd, &error); if (voms) { char **fqans = voms->fqan; while (*fqans) { printf("fqan: %s\n", *fqans++); } exit(0); } } } } fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } voms-2.1.2/testsuite/voms/vomsapi-c/retrieve.c000066400000000000000000000052361477131364200214220ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include #include #include static STACK_OF(X509) *load_chain(char *certfile) { STACK_OF(X509_INFO) *sk=NULL; STACK_OF(X509) *stack=NULL, *ret=NULL; BIO *in=NULL; X509_INFO *xi; int first = 1; if(!(stack = sk_X509_new_null())) { printf("memory allocation failure\n"); goto end; } if(!(in=BIO_new_file(certfile, "r"))) { printf("error opening the file, %s\n",certfile); goto end; } /* This loads from a file, a stack of x509/crl/pkey sets */ if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) { printf("error reading the file, %s\n",certfile); goto end; } /* scan over it and pull out the certs */ while (sk_X509_INFO_num(sk)) { /* skip first cert */ if (first) { first = 0; continue; } xi=sk_X509_INFO_shift(sk); if (xi->x509 != NULL) { sk_X509_push(stack,xi->x509); xi->x509=NULL; } X509_INFO_free(xi); } if(!sk_X509_num(stack)) { printf("no certificates in file, %s\n",certfile); sk_X509_free(stack); goto end; } ret=stack; end: BIO_free(in); sk_X509_INFO_free(sk); return(ret); } int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; int i = 0; BIO *in = NULL; char *of = argv[1]; STACK_OF(X509)* chain = NULL; X509 *x = NULL; if (vd) { in = BIO_new(BIO_s_file()); if (in) { if (BIO_read_filename(in, of) > 0) { x = PEM_read_bio_X509(in, NULL, 0, NULL); if(!x) exit(1); chain = load_chain(of); if (VOMS_Retrieve(x, chain, RECURSE_CHAIN, vd, &error)) { struct voms *voms = VOMS_DefaultData(vd, &error); if (voms) { char **fqans = voms->fqan; while (*fqans) { printf("fqan: %s\n", *fqans++); } exit(0); } } } } } exit(1); } voms-2.1.2/testsuite/voms/vomsapi-c/retrieveext.c000066400000000000000000000043141477131364200221370ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include #include #include #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; BIO *in = NULL; char *of = argv[1]; X509 *x = NULL; int nid = -1; int index = -1; X509_EXTENSION *ext = NULL; if (vd) { in = BIO_new(BIO_s_file()); if (in) { if (BIO_read_filename(in, of) > 0) { x = PEM_read_bio_X509(in, NULL, 0, NULL); if(!x) { printf("cannot read proxy:%s\n",of); exit(1); } nid = OBJ_txt2nid("acseq"); index = X509_get_ext_by_NID(x, nid, -1); if (index >= 0) { ext = X509_get_ext(x, index); if (ext) { if (VOMS_RetrieveEXT(ext, vd, &error)) { struct voms *voms = VOMS_DefaultData(vd, &error); if (voms) { char **fqans = voms->fqan; while (*fqans) { printf("fqan: %s\n", *fqans++); } exit(0); } else { printf("no voms data found."); exit(1); } } else { printf("Error1 is: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit(1); } } } else printf("No extension found"); } } } exit(1); } voms-2.1.2/testsuite/voms/vomsapi-c/target.c000066400000000000000000000031731477131364200210610ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; char * command; char *host = NULL; command="G/voms1"; if (argc == 1 || !strcmp(argv[1],"")) host="localhost"; else host = argv[1]; if (vd) { struct contactdata **vomses = VOMS_FindByAlias(vd, "voms1", NULL, NULL, &error); if (vomses[0]) { VOMS_AddTarget(vd, host, &error); if (VOMS_Contact(vomses[0]->host, vomses[0]->port, vomses[0]->contact, command, vd, &error)) { struct voms **vomsarray = vd->data; if (vomsarray && vomsarray[0]) { int index = 0; printf("target: %s\n", VOMS_GetTargetsList(vomsarray[0], vd, &error)[0]); exit(0); } } } } fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0)); exit (1); } voms-2.1.2/testsuite/voms/vomsapi-c/vertime.c000066400000000000000000000051441477131364200212460ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_apic.h" #include #include #include #include #include static STACK_OF(X509) *load_chain(char *certfile) { STACK_OF(X509_INFO) *sk=NULL; STACK_OF(X509) *stack=NULL, *ret=NULL; BIO *in=NULL; X509_INFO *xi; int first = 1; if(!(stack = sk_X509_new_null())) { printf("memory allocation failure\n"); goto end; } if(!(in=BIO_new_file(certfile, "r"))) { printf("error opening the file, %s\n",certfile); goto end; } /* This loads from a file, a stack of x509/crl/pkey sets */ if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) { printf("error reading the file, %s\n",certfile); goto end; } /* scan over it and pull out the certs */ while (sk_X509_INFO_num(sk)) { /* skip first cert */ if (first) { first = 0; continue; } xi=sk_X509_INFO_shift(sk); if (xi->x509 != NULL) { sk_X509_push(stack,xi->x509); xi->x509=NULL; } X509_INFO_free(xi); } if(!sk_X509_num(stack)) { printf("no certificates in file, %s\n",certfile); sk_X509_free(stack); goto end; } ret=stack; end: BIO_free(in); sk_X509_INFO_free(sk); return(ret); } int main(int argc, char *argv[]) { struct vomsdata *vd = VOMS_Init(NULL, NULL); int error = 0; int i = 0; BIO *in = NULL; char *of = argv[1]; STACK_OF(X509)* chain = NULL; X509 *x = NULL; if (vd) { in = BIO_new(BIO_s_file()); if (in) { if (BIO_read_filename(in, of) > 0) { x = PEM_read_bio_X509(in, NULL, 0, NULL); if(!x) exit(1); chain = load_chain(of); VOMS_SetVerificationTime(time(NULL) - 1000000, vd, &error); if (VOMS_Retrieve(x, chain, RECURSE_CHAIN, vd, &error)) { /* Verified? This should not be the case! */ exit(1); } else { /* Verification failed. This is ok. */ exit(0); } } } } exit(1); } voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c001.exp000066400000000000000000000002241477131364200222560ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if the C API testsuite starts." proc mytest {} { testmessage "noerror" return $::PASSTEST } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c002.exp000066400000000000000000000007641477131364200222700ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if the library can be linked." proc mytest {} { set ::_buildout [exec mktemp $::SCRATCHDIR/program-out-XXXXXX] set res [_buildC basictest.c] if $res then { addlog $::_buildout set ::NOCLIB "no" testmessage "library cannot be linked or compiled. All other C API tests moved to unsupported status" return $::FAILTEST } else { testmessage "library can be linked" return $::PASSTEST } } do_testvoms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c003.exp000066400000000000000000000021251477131364200222620ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if data can be retrieved." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC parsetest.c -useproxy] addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "voname1: voms1 user1: /C=IT/CN=001 userca1: /C=IT/O=INFN/CN=CAFromthisCN server1: /C=IT/CN=003 serverca1: /C=IT/O=INFN/CN=CAFromthisCN uri1: $::HOSTNAME:33334 begdate1: .* enddate1: .* fqan1: /voms1 fqan1: /voms1/group1 version1: 1" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c004.exp000066400000000000000000000012331477131364200222620ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if server data can be retrieved (one server, by alias)." proc mytest {} { set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC loadbyalias.c] addlog $::_buildout if $res then { testmessage "execution failed." return $::FAILTEST } set correct "\"voms1\" \"localhost\" \"/C=IT/CN=003\" \"voms1\" \"33334\" \"-1\"" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c005.exp000066400000000000000000000017431477131364200222710ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if server data can be retrieved (multiple servers, by alias)." proc mytest {} { set id [open "$::env(VOMS_USERCONF)/temp" w+] puts $id "\"voms1\" \"localhost\" \"33334\" \"/C=IT/CN=003\" \"voms1\" \"35\"" close $id exec chmod 744 $::env(VOMS_USERCONF)/temp set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC loadbyalias.c] file delete "$::env(VOMS_USERCONF)/temp" addlog $::_buildout if $res then { testmessage "execution failed." return $::FAILTEST } set correct "\"voms1\" \"localhost\" \"/C=IT/CN=003\" \"voms1\" \"33334\" \"-1\" \"voms1\" \"localhost\" \"/C=IT/CN=003\" \"voms1\" \"33334\" \"35\"" set out [exec cat $::_buildout | sort] if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } do_testvoms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c006.exp000066400000000000000000000020341477131364200222640ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an AC can be retrieved by the APIs." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC makeac.c] _vomsStop voms1 if $res then { addlog $::_buildout testmessage "could not create failed." return $::FAILTEST } addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "voname1: voms1 user1: /C=IT/CN=001 userca1: /C=IT/O=INFN/CN=CAFromthisCN server1: /C=IT/CN=003 serverca1: /C=IT/O=INFN/CN=CAFromthisCN uri1: $::HOSTNAME:33334 begdate1: .* enddate1: .* fqan1: /voms1 fqan1: /voms1/group1 version1: 1" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c007.exp000066400000000000000000000012711477131364200222670ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an VOMS_RetrieveFromProxy() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC readfromproxy.c -useproxy] if $res then { addlog $::_buildout testmessage "cannot read credentials from proxy." return $::FAILTEST } else { testmessage "read from proxy correct" return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c008.exp000066400000000000000000000012261477131364200222700ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an VOMS_Duplicate() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC copydata.c -useproxy] if $res then { addlog $::_buildout testmessage "VOMS_Duplicate() failed." return $::FAILTEST } else { testmessage "copy correct" return $::PASSTEST } } do_testvoms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c009.exp000066400000000000000000000014471477131364200222760ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an AddTarget() with other host fails verification." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC target.c nofrtcju.fdrfgeg.com] _vomsStop voms1 if $res then { set correct "Cannot find match among allowed hosts." loadvar out $::_buildout if [regexp $correct $out] then { testmessage "validation correctly failed" return $::PASSTEST } else { logvar correct addlog $::_buildout testmessage "wrong error message" return $::FAILTEST } } addlog $::_buildout testmessage "compile/execution failed." return $::FAILTEST } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c010.exp000066400000000000000000000012161477131364200222600ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an VOMS_Copy() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC copydata3.c -useproxy] if $res then { addlog $::_buildout testmessage "VOMS_Copy() failed." return $::FAILTEST } else { testmessage "copy correct" return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c011.exp000066400000000000000000000013311477131364200222570ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an VOMS_RetrieveFromFile() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 -out $::SCRATCHDIR/proxy}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC proxyfromfile.c $::SCRATCHDIR/proxy] if $res then { addlog $::_buildout testmessage "cannot read credentials from file." return $::FAILTEST } else { testmessage "read from file correct" return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c012.exp000066400000000000000000000012311477131364200222570ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if server data can be retrieved (one server, by vo)." proc mytest {} { set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC loadbyvo.c] addlog $::_buildout if $res then { testmessage "execution failed." return $::FAILTEST } set correct "\"voms1\" \"localhost\" \"/C=IT/CN=003\" \"voms1\" \"33334\" \"-1\"" set out [exec cat $::_buildout] if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c013.exp000066400000000000000000000021541477131364200222650ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an VOMS_GetTargetsList() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --target testbed.cnaf.infn.it --target prova.cnaf.infn.it --target [exec hostname] --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC printtargets.c -useproxy] if $res then { addlog $::_buildout testmessage "cannot read credentials from file." return $::FAILTEST } else { loadvar out $::_buildout set correct "Target: testbed.cnaf.infn.it Target: prova.cnaf.infn.it Target: [exec hostname]" if [regexp $correct $out] then { testmessage "targets successfully set" return $::PASSTEST } else { logvar correct addlog $::_buildout testmessage "read from file incorrect" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c014.exp000066400000000000000000000021551477131364200222670ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if data can be retrieved from an RFC proxy." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init -rfc --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC parsetest.c -useproxy] addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "voname1: voms1 user1: /C=IT/CN=001 userca1: /C=IT/O=INFN/CN=CAFromthisCN server1: /C=IT/CN=003 serverca1: /C=IT/O=INFN/CN=CAFromthisCN uri1: $::HOSTNAME:33334 begdate1: .* enddate1: .* fqan1: /voms1 fqan1: /voms1/group1 version1: 1" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c015.exp000066400000000000000000000015371477131364200222730ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an AddTarget()/GetTargetsList() work." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC target.c [exec hostname]] _vomsStop voms1 if $res then { addlog $::_buildout testmessage "compile/execution failed." return $::FAILTEST } addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "target: [exec hostname]" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c016.exp000066400000000000000000000012231477131364200222640ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an VOMS_CopyALL() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC copydata2.c -useproxy] if $res then { addlog $::_buildout testmessage "VOMS_CopyALL() failed." return $::FAILTEST } else { testmessage "copy correct" return $::PASSTEST } } do_testvoms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c017.exp000066400000000000000000000021251477131364200222670ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if VOMS_DefaultData() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC ddtest.c -useproxy] addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "voname1: voms1 user1: /C=IT/CN=001 userca1: /C=IT/O=INFN/CN=CAFromthisCN server1: /C=IT/CN=003 serverca1: /C=IT/O=INFN/CN=CAFromthisCN uri1: $::HOSTNAME:33334 begdate1: .* enddate1: .* fqan1: /voms1 fqan1: /voms1/group1 version1: 1" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c018.exp000066400000000000000000000012361477131364200222720ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an VOMS_Delete() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC delete.c -useproxy] if $res then { addlog $::_buildout testmessage "VOMS_Delete() failed." return $::FAILTEST } else { testmessage "VOMS_Delete() works correct" return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c019.exp000066400000000000000000000007001477131364200222660ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an VOMS_Destroy() works." proc mytest {} { _activateCert mycert2 set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC destroy.c -useproxy] if $res then { addlog $::_buildout testmessage "VOMS_Destroy() failed." return $::FAILTEST } else { testmessage "VOMS_Destroy() works correctly" return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c020.exp000066400000000000000000000015241477131364200222630ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an VOMS_FreeTargets() work." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC freetarget.c [exec hostname]] _vomsStop voms1 if $res then { addlog $::_buildout testmessage "compile/execution failed." return $::FAILTEST } addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "No targets present" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c021.exp000066400000000000000000000012471477131364200222660ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if VOMS_Export()/VOMS_Import() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC expimp.c -useproxy] if $res then { addlog $::_buildout testmessage "VOMS_Export()/VOMS_Import() failed." return $::FAILTEST } else { testmessage "copy correct" return $::PASSTEST } } do_testvoms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c022.exp000066400000000000000000000012271477131364200222650ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if an VOMS_GetAC() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC getac.c -useproxy] if $res then { addlog $::_buildout testmessage "VOMS_GetAC() failed." return $::FAILTEST } else { testmessage "VOMS_GetAC() was correct" return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c023.exp000066400000000000000000000014601477131364200222650ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if VOMS_ListTargets() works." proc mytest {} { _activateCert mycert2 set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC listtarg.c [exec hostname]] if $res then { addlog $::_buildout testmessage "compile/execution failed." return $::FAILTEST } addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "targets: prova.it,prova.com" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c024.exp000066400000000000000000000015331477131364200222670ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if VOMS_Ordering() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC ordering.c [exec hostname]] _vomsStop voms1 if $res then { addlog $::_buildout testmessage "compile/execution failed." return $::FAILTEST } addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "fqan: /voms1/group1 fqan: /voms1" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c025.exp000066400000000000000000000015371477131364200222740ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if VOMS_ResetOrder() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC resetorder.c [exec hostname]] _vomsStop voms1 if $res then { addlog $::_buildout testmessage "compile/execution failed." return $::FAILTEST } addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "fqan: /voms1 fqan: /voms1/group1" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c026.exp000066400000000000000000000021031477131364200222630ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if VOMS_Retrieve() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 -out $::SCRATCHDIR/prxy}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC retrieve.c $::SCRATCHDIR/prxy] if $res then { addlog $::_buildout testmessage "compile/execution failed." return $::FAILTEST } addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "fqan: /voms1 fqan: /voms1/group1" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "VOMS_Retrieve() Works" return $::PASSTEST } else { logvar correct testmessage "Failed to retreive FQANs" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c027.exp000066400000000000000000000021141477131364200222660ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if VOMS_RetrieveEXT() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 -out $::SCRATCHDIR/prxy}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC retrieveext.c $::SCRATCHDIR/prxy] if $res then { addlog $::_buildout testmessage "compile/execution failed." return $::FAILTEST } addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "fqan: /voms1 fqan: /voms1/group1" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "VOMS_RetrieveEXT() Works" return $::PASSTEST } else { logvar correct testmessage "Failed to retreive FQANs" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c028.exp000066400000000000000000000015531477131364200222750ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if VOMS_SetVerificationTime() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1 -out $::SCRATCHDIR/prxy}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC vertime.c $::SCRATCHDIR/prxy] if $res then { addlog $::_buildout testmessage "compile/execution failed." return $::FAILTEST } addlog $::_buildout if $res then { testmessage "verification succeeded (incorrect behaviour)" return $::FAILTEST } else { testmessage "verification failed (correct behaviour)." return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/vomsapi-c/vomsapi-c029.exp000066400000000000000000000015131477131364200222720ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if VOMS_SetLifetime() works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeC lifetime.c [exec hostname]] _vomsStop voms1 if $res then { addlog $::_buildout testmessage "compile/execution failed." return $::FAILTEST } addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "validity: 600" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_test voms-2.1.2/testsuite/voms/vomsapi-cpp/000077500000000000000000000000001477131364200177635ustar00rootroot00000000000000voms-2.1.2/testsuite/voms/vomsapi-cpp/basictest.cc000066400000000000000000000014141477131364200222530ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_api.h" int main(int argc, char *argv[]) { vomsdata vd; } voms-2.1.2/testsuite/voms/vomsapi-cpp/defaultdata.cc000066400000000000000000000034501477131364200225520ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_api.h" #include #include #include #include #include #include int main(int argc, char *argv[]) { vomsdata vd; int error = 0; if (vd.RetrieveFromProxy(RECURSE_CHAIN)) { int total = 0; int count = 0; /* now we have parsed and verified the data */ std::vector vomsarray = vd.data; voms v; if (vd.DefaultData(v)) { printf("voname1: %s\n", v.voname.c_str()); printf("user1: %s\n", v.user.c_str()); printf("userca1: %s\n", v.userca.c_str()); printf("server1: %s\n", v.server.c_str()); printf("serverca1: %s\n", v.serverca.c_str()); printf("uri1: %s\n", v.uri.c_str()); printf("begdate1: %s\n", v.date1.c_str()); printf("enddate1: %s\n", v.date2.c_str()); std::vector fqans = v.fqan; for (int index = 0; index < fqans.size(); index ++) printf("fqan1: %s\n", fqans[index].c_str()); printf("version1: %d\n", v.version); exit (0); } } std::cerr << "Error Message2: " << vd.ErrorMessage() << "\n"; exit(1); } voms-2.1.2/testsuite/voms/vomsapi-cpp/duplication.cc000066400000000000000000000076571477131364200226240ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_api.h" #include #include #include #include #include #include int main(int argc, char *argv[]) { vomsdata va; int error = 0; if (va.RetrieveFromProxy(RECURSE_CHAIN)) { vomsdata vd (va); int total = 0; int count = 0; /* now we have parsed and verified the data */ std::vector vomsarray = vd.data; total = vomsarray.size(); if (argc == 2 && !strcmp(argv[1], "total")) std::cout << "total: " << total <<"\n"; if (argc == 1 || !strcmp(argv[1], "voname1")) printf("voname1: %s\n", vomsarray[0].voname.c_str()); if (argc == 1 || !strcmp(argv[1], "user1")) printf("user1: %s\n", vomsarray[0].user.c_str()); if (argc == 1 || !strcmp(argv[1], "userca1")) printf("userca1: %s\n", vomsarray[0].userca.c_str()); if (argc == 1 || !strcmp(argv[1], "server1")) printf("server1: %s\n", vomsarray[0].server.c_str()); if (argc == 1 || !strcmp(argv[1], "serverca1")) printf("serverca1: %s\n", vomsarray[0].serverca.c_str()); if (argc == 1 || !strcmp(argv[1], "uri1")) printf("uri1: %s\n", vomsarray[0].uri.c_str()); if (argc == 1 || !strcmp(argv[1], "begdate1")) printf("begdate1: %s\n", vomsarray[0].date1.c_str()); if (argc == 1 || !strcmp(argv[1], "enddate1")) printf("enddate1: %s\n", vomsarray[0].date2.c_str()); if (argc == 1 || !strcmp(argv[1], "fqan1")) { std::vector fqans = vomsarray[0].fqan; int index = 0; for (index = 0; index < fqans.size(); index ++) printf("fqan1: %s\n", fqans[index].c_str()); } if (argc == 1 || !strcmp(argv[1], "version1")) printf("version1: %ld\n", (long int)vomsarray[0].version); if ((argc == 1 || !strcmp(argv[1], "voname2")) && total == 2) printf("voname2: %s\n", vomsarray[1].voname.c_str()); if ((argc == 1 || !strcmp(argv[1], "user2")) && total == 2) printf("user2: %s\n", vomsarray[1].user.c_str()); if ((argc == 1 || !strcmp(argv[1], "userca2")) && total == 2) printf("userca2: %s\n", vomsarray[1].userca.c_str()); if ((argc == 1 || !strcmp(argv[1], "server2")) && total == 2) printf("server2: %s\n", vomsarray[1].server.c_str()); if ((argc == 1 || !strcmp(argv[1], "serverca2")) && total == 2) printf("serverca2: %s\n", vomsarray[1].serverca.c_str()); if ((argc == 1 || !strcmp(argv[1], "uri2")) && total == 2) printf("uri2: %s\n", vomsarray[1].uri.c_str()); if ((argc == 1 || !strcmp(argv[1], "begdate2")) && total == 2) printf("begdate2: %s\n", vomsarray[1].date1.c_str()); if ((argc == 1 || !strcmp(argv[1], "enddate2")) && total == 2) printf("enddate2: %s\n", vomsarray[1].date2.c_str()); if ((argc == 1 || !strcmp(argv[1], "fqan2")) &&total == 2) { std::vector fqans = vomsarray[1].fqan; int index = 0; for (index = 0; index < fqans.size(); index ++) printf("fqan2: %s\n", fqans[index].c_str()); } if ((argc == 1 || !strcmp(argv[1], "version2")) && total == 2) printf("version2: %ld\n", (long int)vomsarray[1].version); exit (0); } else { std::cerr << "Error Message2: " << va.ErrorMessage() << "\n"; exit (1); } } voms-2.1.2/testsuite/voms/vomsapi-cpp/parsertest.cc000066400000000000000000000076051477131364200224760ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_api.h" #include #include #include #include #include #include int main(int argc, char *argv[]) { vomsdata vd; int error = 0; if (vd.RetrieveFromProxy(RECURSE_CHAIN)) { int total = 0; int count = 0; /* now we have parsed and verified the data */ std::vector vomsarray = vd.data; total = vomsarray.size(); if (argc == 2 && !strcmp(argv[1], "total")) std::cout << "total: " << total <<"\n"; if (argc == 1 || !strcmp(argv[1], "voname1")) printf("voname1: %s\n", vomsarray[0].voname.c_str()); if (argc == 1 || !strcmp(argv[1], "user1")) printf("user1: %s\n", vomsarray[0].user.c_str()); if (argc == 1 || !strcmp(argv[1], "userca1")) printf("userca1: %s\n", vomsarray[0].userca.c_str()); if (argc == 1 || !strcmp(argv[1], "server1")) printf("server1: %s\n", vomsarray[0].server.c_str()); if (argc == 1 || !strcmp(argv[1], "serverca1")) printf("serverca1: %s\n", vomsarray[0].serverca.c_str()); if (argc == 1 || !strcmp(argv[1], "uri1")) printf("uri1: %s\n", vomsarray[0].uri.c_str()); if (argc == 1 || !strcmp(argv[1], "begdate1")) printf("begdate1: %s\n", vomsarray[0].date1.c_str()); if (argc == 1 || !strcmp(argv[1], "enddate1")) printf("enddate1: %s\n", vomsarray[0].date2.c_str()); if (argc == 1 || !strcmp(argv[1], "fqan1")) { std::vector fqans = vomsarray[0].fqan; int index = 0; for (index = 0; index < fqans.size(); index ++) printf("fqan1: %s\n", fqans[index].c_str()); } if (argc == 1 || !strcmp(argv[1], "version1")) printf("version1: %ld\n", vomsarray[0].version); if ((argc == 1 || !strcmp(argv[1], "voname2")) && total == 2) printf("voname2: %s\n", vomsarray[1].voname.c_str()); if ((argc == 1 || !strcmp(argv[1], "user2")) && total == 2) printf("user2: %s\n", vomsarray[1].user.c_str()); if ((argc == 1 || !strcmp(argv[1], "userca2")) && total == 2) printf("userca2: %s\n", vomsarray[1].userca.c_str()); if ((argc == 1 || !strcmp(argv[1], "server2")) && total == 2) printf("server2: %s\n", vomsarray[1].server.c_str()); if ((argc == 1 || !strcmp(argv[1], "serverca2")) && total == 2) printf("serverca2: %s\n", vomsarray[1].serverca.c_str()); if ((argc == 1 || !strcmp(argv[1], "uri2")) && total == 2) printf("uri2: %s\n", vomsarray[1].uri.c_str()); if ((argc == 1 || !strcmp(argv[1], "begdate2")) && total == 2) printf("begdate2: %s\n", vomsarray[1].date1.c_str()); if ((argc == 1 || !strcmp(argv[1], "enddate2")) && total == 2) printf("enddate2: %s\n", vomsarray[1].date2.c_str()); if ((argc == 1 || !strcmp(argv[1], "fqan2")) &&total == 2) { std::vector fqans = vomsarray[1].fqan; int index = 0; for (index = 0; index < fqans.size(); index ++) printf("fqan2: %s\n", fqans[index].c_str()); } if ((argc == 1 || !strcmp(argv[1], "version2")) && total == 2) printf("version2: %ld\n", vomsarray[1].version); exit (0); } else { std::cerr << "Error Message2: " << vd.ErrorMessage() << "\n"; exit (1); } } voms-2.1.2/testsuite/voms/vomsapi-cpp/retrievefromctx.cc000066400000000000000000000017111477131364200235220ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_api.h" #include #include int main(int argc, char *argv[]) { vomsdata vd; int error = 0; if (vd.RetrieveFromCtx((void*)0,RECURSE_CHAIN)) { std::cerr << "No error message!" << std::endl; exit(1); } exit(0); } voms-2.1.2/testsuite/voms/vomsapi-cpp/verifier.cc000066400000000000000000000024721477131364200221120ustar00rootroot00000000000000/* * Copyright (c) Members of the EGEE Collaboration. 2004-2010. * See http://www.eu-egee.org/partners/ for details on the copyright holders. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "voms_api.h" #include #include #include #include #include int main(int argc, char *argv[]) { vomsdata vd; int error = 0; time_t curtime; time(&curtime); if (argc != 2) { std::cout << "Time offset argument missing." << std::endl; exit(1); } vd.SetVerificationTime(curtime + atoi(argv[1])); vd.SetVerificationType(VERIFY_DATE); if (vd.RetrieveFromProxy(RECURSE_CHAIN)) { std::cout << "Verification succeeded!" << std::endl; exit (0); } else { std::cout << "Error Message: " << vd.ErrorMessage() << std::endl; exit (0); } } voms-2.1.2/testsuite/voms/vomsapi-cpp/vomsapi-cpp001.exp000066400000000000000000000002251477131364200231570ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if the C++ API testsuite starts." proc mytest {} { testmessage "noerror" return $::PASSTEST } do_testvoms-2.1.2/testsuite/voms/vomsapi-cpp/vomsapi-cpp002.exp000066400000000000000000000006761477131364200231720ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if the C++ library can be linked." proc mytest {} { set ::_buildout [exec mktemp $::SCRATCHDIR/program-out-XXXXXX] set res [_buildCC basictest.cc] if $res then { addlog $::_buildout set ::NOCCLIB "no" testmessage "library cannot be linked." return $::FAILTEST } else { testmessage "library can be linked" return $::PASSTEST } } do_test voms-2.1.2/testsuite/voms/vomsapi-cpp/vomsapi-cpp003.exp000066400000000000000000000021301477131364200231560ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if data can be retrieved." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeCC parsertest.cc -useproxy] addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "voname1: voms1 user1: /C=IT/CN=001 userca1: /C=IT/O=INFN/CN=CAFromthisCN server1: /C=IT/CN=003 serverca1: /C=IT/O=INFN/CN=CAFromthisCN uri1: $::HOSTNAME:33334 begdate1: .* enddate1: .* fqan1: /voms1 fqan1: /voms1/group1 version1: 1" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/vomsapi-cpp/vomsapi-cpp004.exp000066400000000000000000000024331477131364200231650ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if error messages for dates can be distinguished." proc mytest {} { _activateCert mycert2 _addVOMSOption voms1 timeout 1 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } else { set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-cpp-XXXXXX] set res [_exeCC verifier.cc -useproxy 1000] set id [open $outname "w+"] puts $id [exec cat $::_buildout] close $id set res [_exeCC verifier.cc -useproxy -1000] set id [open $outname "a+"] puts $id [exec cat $::_buildout] close $id addlog $outname set numlines [exec uniq $outname | wc -l] if [expr $numlines == 1] then { testmessage "cannot distinguish values." return $::FAILTEST } set numlines [exec grep Error $outname | wc -l] if [expr $numlines != 2] then { testmessage "Validation succeeded (shouls have failed)" return $::FAILTEST } else { testmessage "different failure messages." return $::PASSTEST } } } do_testvoms-2.1.2/testsuite/voms/vomsapi-cpp/vomsapi-cpp005.exp000066400000000000000000000021361477131364200231660ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if DefaultData() method works." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeCC defaultdata.cc -useproxy] addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "voname1: voms1 user1: /C=IT/CN=001 userca1: /C=IT/O=INFN/CN=CAFromthisCN server1: /C=IT/CN=003 serverca1: /C=IT/O=INFN/CN=CAFromthisCN uri1: $::HOSTNAME:33334 begdate1: .* enddate1: .* fqan1: /voms1 fqan1: /voms1/group1 version1: 1" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_testvoms-2.1.2/testsuite/voms/vomsapi-cpp/vomsapi-cpp006.exp000066400000000000000000000006221477131364200231650ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if RetrieveFromCtx correctl fails." proc mytest {} { set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeCC retrievefromctx.cc -useproxy] if $res then { addlog $::_buildout testmessage "incorrectly succeded." return $::FAILTEST } else { testmessage "correctly failed." return $::PASSTEST } } do_testvoms-2.1.2/testsuite/voms/vomsapi-cpp/vomsapi-cpp007.exp000066400000000000000000000021321477131364200231640ustar00rootroot00000000000000load_lib vomstest.exp testheader "See if vomsdata can be copied." proc mytest {} { _activateCert mycert2 _vomsStart voms1 set res [log_exec outname {voms-proxy-init --voms voms1}] _vomsStop voms1 if $res then { addlog $outname testmessage "voms-proxy-init failed." return $::FAILTEST } set ::_buildout [exec mktemp $::SCRATCHDIR/voms-api-c-XXXXXX] set res [_exeCC duplication.cc -useproxy] addlog $::_buildout if $res then { testmessage "parsing failed." return $::FAILTEST } else { set correct "voname1: voms1 user1: /C=IT/CN=001 userca1: /C=IT/O=INFN/CN=CAFromthisCN server1: /C=IT/CN=003 serverca1: /C=IT/O=INFN/CN=CAFromthisCN uri1: $::HOSTNAME:33334 begdate1: .* enddate1: .* fqan1: /voms1 fqan1: /voms1/group1 version1: 1" loadvar out $::_buildout if [regexp $correct $out] then { testmessage "output correct" return $::PASSTEST } else { logvar correct testmessage "output wrong" return $::FAILTEST } } } do_test
Test info Comment Artifacts Result