File Coverage

blib/lib/VOMS/Lite.pm

Criterion	Covered	Total	%
statement	38	106	35.8
branch	1	34	2.9
condition	0	18	0.0
subroutine	12	16	75.0
pod	0	7	0.0
total	51	181	28.1

line	stmt	bran	cond	sub	pod	time	code
1							package VOMS::Lite;
2
3							#This package issues VOMS credentials
4	1			1		1456	use 5.004;
	1					5
	1					51
5	1			1		6	use strict;
	1					2
	1					44
6	1			1		6	use VOMS::Lite::PEMHelper qw(readCert readPrivateKey);
	1					2
	1					78
7	1			1		6	use VOMS::Lite::CertKeyHelper qw(buildchain);
	1					2
	1					49
8	1			1		6	use VOMS::Lite::ASN1Helper qw(Hex);
	1					3
	1					52
9	1			1		887	use VOMS::Lite::AC;
	1					3
	1					86
10	1			1		6	use Digest::MD5 qw(md5_hex);
	1					2
	1					72
11
12							require Exporter;
13	1			1		8	use vars qw($VERSION @EXPORT_OK @EXPORT);
	1					3
	1					89
14							BEGIN {
15	1			1		4	@EXPORT = qw( %conf );
16	1					2728	@EXPORT_OK = qw( Issue );
17							}
18
19							$VERSION = '0.20';
20
21							###########################################################
22
23							my $configfile;
24							my %conf;
25							if (defined $ENV{'VOMS_CONFIG_FILE'}) { $configfile=$ENV{'VOMS_CONFIG_FILE'}; }
26							elsif ( $< == 0 ) { $configfile="/etc/grid-security/voms.config"; }
27							else { $configfile=$ENV{'HOME'}."/.grid-security/voms.config"; }
28
29							# Check for config file
30							if ( -r $configfile ) {
31							if ( (stat($configfile))[2] & 077 ) {
32							if ( $^O =~ /^MSWin/ ) { print STDERR "WARNING: VOMS::Lite: Inapropriate permissions on config file: $configfile\n"; }
33							else { die "VOMS::Lite: Inapropriate permissions on config file: $configfile"; }
34							}
35							if ( open(CONF,"<$configfile") ) {
36							while () {
37							chomp;
38							if ( /^\s([a-zA-Z0-9_-]+)\s=\s(.+?)\s$/ ) { $conf{"$1"} = $2; }
39							}
40							close CONF;
41							}
42							else {
43							die "VOMS::Lite: Unable to open config file: $configfile";
44							}
45							}
46							else { die "VOMS::Lite: Unable to open config file: $configfile"; }
47
48							# Set CertDir (where the CAs are stored
49							if (! defined $conf{CertDir}) {
50							if (-d "$ENV{HOME}/.grid-security/certificates" ) { $conf{CertDir} = "$ENV{HOME}/.grid-security/certificates"; }
51							elsif (-d "/etc/grid-security/certificates" ) { $conf{CertDir} = "/etc/grid-security/certificates"; }
52							}
53
54							# Set VOMS Certificate
55							if (defined $conf{VOMSCert}) { $conf{VOMSCert} = readCert("$conf{VOMSCert}"); }
56							else {
57							if (-d "$ENV{HOME}/.grid-security/vomscert.pem" ) { $conf{VOMSCert} = readCert("$ENV{HOME}/.grid-security/vomscert.pem"); }
58							elsif (-d "/etc/grid-security/vomscert.pem" ) { $conf{VOMSCert} = readCert("/etc/grid-security/vomscert.pem"); }
59							}
60
61							# Set VOMS Key
62							if (defined $conf{VOMSKey}) { $conf{VOMSKey} = readPrivateKey("$conf{VOMSKey}"); }
63							else {
64							if (-d "$ENV{HOME}/.grid-security/vomskey.pem" ) { $conf{VOMSKey} = readPrivateKey("$ENV{HOME}/.grid-security/vomskey.pem"); }
65							elsif (-d "/etc/grid-security/vomskey.pem" ) { $conf{VOMSKey} = readPrivateKey("/etc/grid-security/vomskey.pem"); }
66							}
67
68							# Set Type of VO user database
69							my $AttribCodeRef;
70							if (defined $conf{'AttribType'}) {
71							if ($conf{'AttribType'} eq "Database") {
72							require VOMS::Lite::Attribs::DBHelper;
73							$AttribCodeRef = \&GetDBAttribs;
74							if (!defined $conf{'DBHost'}) { $conf{'DBHost'}="localhost"; }
75							if (!defined $conf{'DBPort'}) { $conf{'DBPort'}="3306"; }
76							if (!defined $conf{'DBUser'}) { die "VOMS::Lite: Database username not specified."}
77							if (!defined $conf{'DBPass'}) { die "VOMS::Lite: Database password not specified."}
78							}
79							elsif ($conf{'AttribType'} eq "GridMap") {
80							$AttribCodeRef = \&GetGridMapping;
81							if (!defined $conf{'grid-mapfiles'}) {
82							if (-d "$ENV{HOME}/.grid-security/grid-mapfile.d" ) { $conf{'grid-mapfiles'}="$ENV{HOME}/.grid-security/grid-mapfile.d"; }
83							elsif (-d "/etc/grid-security/grid-mapfile.d" ) { $conf{'grid-mapfiles'}="/etc/grid-security/grid-mapfile.d"; }
84							else { die "VOMS::Lite: grid-mapfile method specified but no grid-mapfile.d directory found"; }
85							}
86							}
87							elsif ($conf{'AttribType'} eq "GridSite") {
88							$AttribCodeRef = \&GetGridSiteAttribs;
89							if (!defined $conf{'GridSiteURI'}) { die "VOMS::Lite: GridSite method specified but no GridSiteURI specified."; }
90							}
91							elsif ($conf{'AttribType'} eq "Shibboleth") {
92							require VOMS::Lite::Attribs::SHIBHelper;
93							$AttribCodeRef = \&GetShibAttribs;
94							}
95							elsif ($conf{'AttribType'} eq "Dummy") { $AttribCodeRef = \&GetDummyAttribs; }
96							else { die "VOMS::Lite: Attribute Method unknown."; }
97							}
98							else {
99							die "VOMS::Lite: Attribute method unspecified in config file $configfile";
100							}
101
102							###########################################################
103
104							sub UserCert {
105							#This function takes in an array of certificates, completes the chain if necessary and returns
106							#The reference to the chain
107	1			1	0	3	my @certs=@_;
108	1					2	my %Chain = %{ buildchain( { trustedCAdirs => [ $conf{CertDir} ], suppliedcerts => \@certs} ) };
	1					11
109	1					18	return ($Chain{Certs},$Chain{EndEntityDN},$Chain{EndEntityIssuerDN},$Chain{EndEntityCert});
110							}
111
112							###########################################################
113
114							sub Issue {
115
116	1			1	0	416	my ($CertsRef,$ReqAttribs)=@_;
117	1					3	my @Certs=@$CertsRef;
118	1					3	my ($CertChainRef,$DN,$CA,$CERT)=UserCert(@Certs);
119
120							# Get the attributes
121	1					5	my $AttribRef=&$AttribCodeRef($DN,$CA,$ReqAttribs);
122	1					5	my %Attribs=%$AttribRef;
123
124	1	50				4	if ( defined $Attribs{'Errors'} ) { return $AttribRef; }
	0					0
125
126							# Get AC
127	1					18	return VOMS::Lite::AC::Create( { Cert => $CERT,
128							VOMSCert => $conf{'VOMSCert'},
129							VOMSKey => $conf{'VOMSKey'},
130							Lifetime => $conf{'Lifetime'},
131							Server => $conf{'Server'},
132							Port => $conf{'Port'},
133							Serial => $Attribs{'Serial'},
134							Code => $conf{'Code'},
135							Attribs => $Attribs{'Attribs'},
136							Broken => 1 } );
137							}
138
139							###########################################################
140
141							sub GetDBAttribs {
142	0			0	0	0	my ($DN,$CA,$ReqAttrib)=@_;
143
144	0					0	my $DB=undef;
145	0					0	my ($VO,$subGroup,$Role,$Capability) = $ReqAttrib =~ m#^(/[^/]+)(/.)?(/Role=[^/])?(/Capability=[^/]*)?$#;
146	0	0				0	if (! defined $VO ) { return { Errors => [ "VOMS::Lite: No VO specified" ] }; }
	0					0
147
148	0					0	my $function;
149
150	0	0	0			0	if ( defined $subGroup && defined $Role ) { $function="groupandrole"; }
	0	0				0
		0
151	0					0	elsif ( defined $Role ) { $function="role"; }
152	0					0	elsif ( defined $subGroup ) { $function="attributes"; } # or maybe all
153	0					0	else { $function="group";}
154
155	0					0	$DB=$VO;
156	0					0	$DB=~s/^\///;
157
158	0					0	foreach (keys %conf) {
159	0	0				0	if ( /^(DBMapping_[0-9]+)$/ ) {
160	0	0				0	if ( $conf{$1} =~ /^$DB\s+(\S)\s$/ ) { $DB = $1; print "------ $1\n" }
	0					0
	0					0
161							}
162							}
163
164	0	0	0			0	if ( $DB =~ /^[\000\377\\\/.]$/ \|\| $DB =~/ $/ \|\| length($DB) > 64) { return { Errors => [ "VOMS::Lite: Bad Database name $DB" ] }; }
	0		0			0
165
166							# Get VO data from Database
167	0					0	my @Attribs=VOMS::Lite::Attribs::DBHelper::GetAttrib($DB,$conf{'DBHost'},$conf{'DBPort'},$conf{'DBUser'},$conf{'DBPass'},$Role,"$VO$subGroup",$CA,$DN,$function);
168	0					0	my $Serial=hex(shift @Attribs); #stored as hex in DB
169
170	0					0	return { Serial => $Serial, Attribs=>\@Attribs};
171							}
172
173							###########################################################
174
175							sub GetGridMapping {
176	0			0	0	0	my ($DN,$CA,$ReqAttrib)=@_;
177
178	0					0	my @Attribs;
179	0					0	my ($VO,$subGroup,$Role,$Capability) = $ReqAttrib =~ m#^(/[^/]+)(/.)?(/Role=[^/])?(/Capability=[^/]*)?$#;
180	0	0				0	if (! defined $VO ) { return { Errors => [ "VOMS::Lite: No VO specified" ] }; }
	0					0
181	0	0				0	open GRIDMAP,"<$conf{'grid-mapfiles'}$VO" or return { Errors => [ "VOMS::Lite: No Gridmapfile for VO" ] };
182	0	0				0	foreach () { if ( m\|^\s"$DN"\s+(.)\| ) { @Attribs= split(/,/,$1); last; } }
	0					0
	0					0
	0					0
183	0					0	close GRIDMAP;
184
185	0					0	my $serial=0;
186	0	0				0	open(SERIAL, "+>> $conf{'grid-mapfiles'}$VO.serial") or return { Errors => [ "VOMS::Lite: Unable to open/create serial file $conf{'grid-mapfiles'}/$VO.serial, Check Permissions" ] };
187	0					0	seek(SERIAL,0,0);
188	0					0	my @lines=;
189
190	0	0				0	if ( $lines[0] =~ /^[0-9]+$/ ) { $serial=$1; }
	0					0
191	0					0	seek(SERIAL,0,0);
192	0					0	print SERIAL ++$serial;
193	0					0	close SERIAL;
194
195	0					0	my @Roles;
196							my @Capabilities;
197	0					0	my @Groups;
198	0					0	foreach (@Attribs) {
199	0					0	s/^\s*//;
200	0					0	s/\s*$//;
201	0	0	0			0	if ( defined $Role && /Role=$Role/o ) { push @Roles,$Role; }
	0					0
202	0	0	0			0	if ( defined $Capability && /Capability=$Capability/o ) { push @Capabilities,$Capability; }
	0					0
203	0	0	0			0	if ( defined $subGroup && /$VO$subGroup^/o ) { push @Groups,$_; }
	0	0				0
204	0					0	elsif ( /^$VO(?:\/\|$)/ ) { push @Groups,$_; }
205							}
206	0					0	push @Roles,"/Role=NULL";
207	0					0	push @Capabilities,"/Capability=NULL";
208	0					0	my @RetAttribs=();
209	0					0	foreach my $group (@Groups) {
210	0					0	foreach my $role (@Roles) {
211	0					0	foreach my $capability (@Capabilities) { push @RetAttribs,"$group$role$capability"; }
	0					0
212							}
213							}
214
215	0					0	return { Serial => $serial, Attribs=>\@RetAttribs};
216							}
217
218							###########################################################
219
220							sub GetGridSiteAttribs {
221							# eval "use use LWP::UserAgent;";
222							# voms-proxy-init.pl:
223							# my $agent = LWP::UserAgent->new;
224							#
225							### Cert,
226							### get https://www.blah/primary.group/subgroup/Role=nuff
227							#
228							#
229							#
230	0			0	0	0	return { Serial => 01, Attribs=> [ "/GridSiteDummy/Role=NULL/Capability=NULL" ] };
231							}
232
233							###########################################################
234
235							sub GetShibAttribs {
236							# If ShibExportAssertion is on in your http.conf The following Env variable should be set it will be XML
237	0			0	0	0	my @Attribs=VOMS::Lite::Attribs::SHIBHelper::GetAttrib($ENV{'HTTP_SHIB_ATTRIBUTES'});
238	0					0	my $Serial=shift @Attribs;
239	0					0	return { Serial => 01, Attribs=> [ "/ShibDummy/Role=NULL/Capability=NULL" ] };
240							}
241
242							###########################################################
243
244							sub GetDummyAttribs {
245	1			1	0	6	return { Serial => 01, Attribs => [ "/Dummy/Role=NULL/Capability=NULL" ] };
246							}
247
248
249							1;
250
251
252							__END__