[Pvfs2-cvs] commit by sampson in
pvfs2/src/client/windows/client-service: cert.c
client-service.h config.c dokan-interface.c
CVS commit program
cvs at parl.clemson.edu
Tue May 3 10:54:48 EDT 2011
Update of /projects/cvsroot/pvfs2/src/client/windows/client-service
In directory parlweb1:/tmp/cvs-serv7992/src/client/windows/client-service
Modified Files:
Tag: windows-client
cert.c client-service.h config.c dokan-interface.c
Log Message:
Coding Windows certificates
Index: cert.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/client/windows/client-service/Attic/cert.c,v
diff -p -u -r1.1.2.2 -r1.1.2.3
--- cert.c 26 Apr 2011 21:30:47 -0000 1.1.2.2
+++ cert.c 3 May 2011 14:54:48 -0000 1.1.2.3
@@ -2,6 +2,7 @@
Certificate functions */
#include <Windows.h>
+#include <LM.h>
#include <stdio.h>
#include <openssl/ssl.h>
@@ -11,9 +12,15 @@
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
+#include "pvfs2.h"
+
+extern char *convert_wstring(const wchar_t *);
+extern wchar_t *convert_mbstring(const char *);
+
/* initialize OpenSSL */
static void openssl_init()
{
+ SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
@@ -28,7 +35,8 @@ static void openssl_cleanup()
}
/* load certificate from file (PEM format) */
-static unsigned long load_cert_from_file(char *path, X509 **cert)
+static unsigned long load_cert_from_file(char *path,
+ X509 **cert)
{
FILE *f;
@@ -47,7 +55,8 @@ static unsigned long load_cert_from_file
}
/* verify certificate */
-static unsigned long verify_cert(X509 *cert, X509 *ca_cert)
+static unsigned long verify_cert(X509 *cert,
+ X509 *ca_cert)
{
X509_STORE *trust_store;
X509_STORE_CTX *ctx;
@@ -92,3 +101,119 @@ verify_cert_exit:
return err;
}
+
+/* get user profile directory */
+static unsigned int get_profile_dir(char *userid,
+ char *profile_dir)
+{
+ USER_INFO_4 user_info;
+ LPCWSTR wuserid;
+ int ret;
+ char *mbstr;
+
+ /* convert to unicode */
+ wuserid = convert_mbstring(userid);
+ if (wuserid == NULL)
+ return -1;
+
+ /* get user information */
+ ret = NetUserGetInfo(NULL, wuserid, 4, &user_info);
+
+ if (ret == 0)
+ {
+ mbstr = convert_wstring(user_info.usri4_profile);
+ if (mbstr == NULL)
+ {
+ free(wuserid);
+ return -1;
+ }
+
+ strcpy(profile_dir, mbstr);
+
+ free(mbstr);
+ }
+
+ free(wuserid);
+
+ return ret;
+}
+
+/* retrieve OrangeFS credentials from cert */
+static unsigned int get_cert_credentials(char *userid,
+ char *cert_dir_prefix,
+ char *ca_path,
+ PVFS_credentials *credentials)
+{
+ char cert_path[MAX_PATH];
+ char *temp;
+ X509 *cert, *ca_cert;
+ int ret;
+
+ if (userid == NULL || credentials == NULL ||
+ ca_path)
+ return -1;
+
+ /* checked for cached credentials */
+ ret = get_cached_credentials(userid, credentials);
+ if (ret == 0)
+ {
+ /* cache hit */
+ return 0;
+ }
+ else if (ret != 1)
+ {
+ /* error */
+ return ret;
+ }
+
+ /* credentials not in cache... */
+
+ /* locate the certificate and CA */
+ if (cert_dir_prefix != NULL)
+ {
+ if ((strlen(cert_dir_prefix) + strlen(userid) + 10) > MAX_PATH)
+ {
+ DbgPrint("User %s: path to cert too long\n", userid);
+ return -1;
+ }
+
+ /* cert file is cert.pem in directory of user name */
+ strcpy(cert_path, cert_dir_prefix);
+ strcat(cert_path, userid);
+ strcat(cert_path, "\\cert.pem");
+ }
+ else
+ {
+ /* get profile directory */
+ ret = get_profile_dir(userid, cert_path);
+ if (ret != 0)
+ {
+ DbgPrint("User %s: could not locate profile dir: %d\n", userid,
+ ret);
+ return ret;
+ }
+
+ if (strlen(cert_path) + 9 >= MAX_PATH)
+ {
+ DbgPrint("User %s: profile dir too long\n", userid);
+ return -1;
+ }
+
+ strcat(cert_path, "\\cert.pem");
+ }
+
+ /* verify the certificate */
+ ret = load_cert_from_file(cert_path, &cert);
+ if (ret != 0)
+ return ret;
+
+ ret = load_cert_from_file(ca_path, &ca_cert);
+ if (ret != 0)
+ {
+ X509_free(cert);
+ return ret;
+ }
+
+ /* read and cache credentials from certificate */
+
+}
\ No newline at end of file
Index: client-service.h
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/client/windows/client-service/Attic/client-service.h,v
diff -p -u -r1.1.2.2 -r1.1.2.3
--- client-service.h 24 Mar 2011 21:32:57 -0000 1.1.2.2
+++ client-service.h 3 May 2011 14:54:48 -0000 1.1.2.3
@@ -9,6 +9,8 @@
typedef struct
{
char mount_point[MAX_PATH];
+ char cert_dir_prefix[MAX_PATH];
+ char ca_path[MAX_PATH];
int threads;
int debug;
} ORANGEFS_OPTIONS, *PORANGEFS_OPTIONS;
Index: config.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/client/windows/client-service/Attic/config.c,v
diff -p -u -r1.1.2.3 -r1.1.2.4
--- config.c 25 Apr 2011 21:32:52 -0000 1.1.2.3
+++ config.c 3 May 2011 14:54:48 -0000 1.1.2.4
@@ -31,7 +31,7 @@ FILE *open_config_file()
file_name = (char *) malloc(MAX_PATH);
malloc_flag = TRUE;
- strcpy(file_name, exe_path);
+ strncpy(file_name, exe_path, MAX_PATH-14);
strcat(file_name, "\\orangefs.cfg");
ret = 0;
@@ -171,8 +171,7 @@ int get_config(PORANGEFS_OPTIONS options
if (token == NULL)
continue;
- if (!stricmp(token, "-mount") ||
- !stricmp(token, "mount"))
+ if (!stricmp(token, "mount"))
{
/* copy the remaining portion of the line
as the mount point */
@@ -185,8 +184,7 @@ int get_config(PORANGEFS_OPTIONS options
token = strtok(NULL, " \t");
strncpy(options->mount_point, token, MAX_PATH);
}
- else if (!stricmp(token, "-threads") ||
- !stricmp(token, "threads"))
+ else if (!stricmp(token, "threads"))
{
/*
p = line + strlen(token);
@@ -197,18 +195,44 @@ int get_config(PORANGEFS_OPTIONS options
token = strtok(NULL, " \t");
options->threads = atoi(token);
}
- else if (!stricmp(token, "-user") ||
- !stricmp(token, "user"))
+ else if (!stricmp(token, "user"))
{
if (parse_user() != 0)
{
- fprintf(stderr, "-user option: parse error\n");
+ fprintf(stderr, "user option: parse error\n");
close_config_file(config_file);
return 1;
}
}
- else if (!stricmp(token, "-debug") ||
- !stricmp(token, "debug"))
+ else if (!stricmp(token, "cert-dir-prefix"))
+ {
+ if (strlen(line) > 16)
+ {
+ strncpy(options->cert_dir_prefix, line + 16, MAX_PATH-2);
+ options->cert_dir_prefix[MAX_PATH-2] = '\0';
+ if (options->cert_dir_prefix[strlen(options->cert_dir_prefix)-1] != '\\')
+ strcat(options->cert_dir_prefix, "\\");
+ }
+ else
+ {
+ fprintf(stderr, "cert-dir-prefix option: parse error\n");
+ }
+ }
+ else if (!stricmp(token, "ca-path"))
+ {
+ if (strlen(line) > 8)
+ {
+ strncpy(options->ca_path, line + 8, MAX_PATH-2);
+ options->ca_path[MAX_PATH-2] = '\0';
+ if (options->ca_path[strlen(options->ca_path)-1] != '\\')
+ strcat(options->ca_path, "\\");
+ }
+ else
+ {
+ fprintf(stderr, "ca-path option: parse error\n");
+ }
+ }
+ else if (!stricmp(token, "debug"))
{
options->debug = TRUE;
}
Index: dokan-interface.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/client/windows/client-service/Attic/dokan-interface.c,v
diff -p -u -r1.1.2.34 -r1.1.2.35
--- dokan-interface.c 25 Apr 2011 21:32:52 -0000 1.1.2.34
+++ dokan-interface.c 3 May 2011 14:54:48 -0000 1.1.2.35
@@ -412,6 +412,7 @@ static int get_requestor_credentials(PDO
{
err = GetLastError();
DbgPrint(" LookupAccountSid failed: %u\n", err);
+ return err * -1;
}
/* system user functions as root */
More information about the Pvfs2-cvs
mailing list