mirror/netcdf-c
2
0
Fork 0
mirror of https://github.com/Unidata/netcdf-c.git synced 2025-04-18 18:20:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

1. Allow for the user specified rc file via the env variable

Browse Source 
DAPRCFILE.  Note that the value of this environment
   variable should be the absolute path of the rc file, not
   the path to its containing directory.
2. fixup testauth.sh and add some new tests
3. synch oc
This commit is contained in:
dmh 2015-05-24 17:31:39 -06:00
parent 853eb066c5
commit be5e3cd606
12 changed files with 2184 additions and 1244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cf
View File

@ -122,8 +122,8 @@ FLAGS="$FLAGS --disable-examples"
#FLAGS="$FLAGS --enable-large-file-tests"
#FLAGS="$FLAGS --disable-testsets"
#FLAGS="$FLAGS --disable-dap-remote-tests"
#FLAGS="$FLAGS --enable-dap-auth-tests"
FLAGS="$FLAGS --enable-doxygen"
FLAGS="$FLAGS --enable-dap-auth-tests"
#FLAGS="$FLAGS --enable-doxygen"
#FLAGS="$FLAGS --enable-logging"
#FLAGS="$FLAGS --disable-diskless"
#FLAGS="$FLAGS --enable-mmap"

826
docs/auth.md
View File

@ -1,479 +1,449 @@
OC Authorization Support {#auth}
========================
Authorization Support in the netDF-C Libraries {#auth}
==================================================
[TOC]
\brief It is possible to support a number of authorization schemes
in the netCDF-C library.
###### Author: Dennis Heimbigner
dmh at ucar dot edu
With one exception, authorization in the netCDF-C library is
delegated to the oc2 code, which in turn delegates it to the
libcurl library. The exception is that the location of the rc
file can be specified by setting the environment variable *NCRCFILE*.
Note that the value of this environment variable should be the
absolute path of the rc file, not the path to its containing directory.
###### Draft: 11/21/2014
Last Revised: 12/23/2014
OC Version 2.1
###### Table of Contents {.break}
1. [Introduction](#Introduction)
2. [URL-Based Authentication](#URL-AUTH)
3. [RC File Authentication](#DODSRC)
4. [Redirection-Based Authentication](#REDIR)
5. [URL Constrained RC File Entries](#URLCONS)
6. [Client-Side Certificates](#CLIENTCERTS)
7. [Appendix A. All RC-File Keys](#allkeys)
8. [Appendix B. ESG Access in Detail](#ESGDETAIL)
Introduction {.break}
------------
Following is the authorization documentation.
<!- Copyright 2014, UCAR/Unidata and OPeNDAP, Inc. -->
<!- See the COPYRIGHT file for more information. -->
<html>
<style>
.break { page-break-before: always; }
body { counter-reset: H2; font-size: 12pt; }
h2:before {
content: counter(H2) " ";
counter-increment: H2;
}
h2 { counter-reset: H3; }
h3:before {
content: counter(H2) "." counter(H3) " ";
counter-increment:H3;
}
h3 { counter-reset: H4; }
h4:before {
content: counter(H2) "." counter(H3) "." counter(H4) " ";
counter-increment:H4;
}
h5 {font-size: 14pt; } /* For Appendices */
h6 {font-size: 16pt; } /* For Subtitles */
</style>
<body>
<center>
<h1>OC Authorization Support</h1>
<h6>Author: Dennis Heimbigner<br>
dmh at ucar dot edu</h6>
<h6>Draft: 11/21/2014<br>
Last Revised: 12/23/2014<br>
OC Version 2.1</h6>
</center>
<h6 class="break"><u>Table of Contents</u></h6>
<ol>
<li> <a href="#Introduction">Introduction</a>
<li> <a href="#URL-AUTH">URL-Based Authentication</a>
<li> <a href="#DODSRC">RC File Authentication</a>
<li> <a href="#REDIR">Redirection-Based Authentication</a>
<li> <a href="#URLCONS">URL Constrained RC File Entries</a>
<li> <a href="#CLIENTCERTS">Client-Side Certificates</a>
<li> <a href="#allkeys">Appendix A. All RC-File Keys</a>
<li> <a href="#ESGDETAIL">Appendix B. ESG Access in Detail</a>
</ol>
<h2 class="break"><a name="Introduction"><u>Introduction</u></a></h2>
OC can support user authorization using those provided by the curl
library. This includes basic password authentication as well as
certificate-based authorization.
<p>
With some exceptions (e.g. see the section on <a href="#REDIR">redirection</a>)
The libcurl authorization mechanisms can be accessed in two ways
<ol>
<li> Inserting the username and password into the url, or
<li> Accessing information from a so-called <i>rc</i> file named either
<i>.daprc</i> or <i>.dodsrc</i>
</ol>
With some exceptions (e.g. see the section on [redirection](#REDIR)) The
libcurl authorization mechanisms can be accessed in two ways
1. Inserting the username and password into the url, or
2. Accessing information from a so-called *rc* file named either
*.daprc* or *.dodsrc*
URL-Based Authentication {.break}
------------------------
For simple password based authentication, it is possible to directly
insert the username and the password into a url in this form.
http://username:password@host/...
<h2 class="break"><a name="URL-AUTH"><u>URL-Based Authentication</u></a></h2>
For simple password based authentication, it is possible to
directly insert the username and the password into a url in this form.
<pre>
http://username:password@host/...
</pre>
This username and password will be used if the server asks for
authentication. Note that only simple password authentication is
supported in this format. Specifically note that [redirection](#REDIR)
based authorization will not work with this.
RC File Authentication {.break}
----------------------
The oc library supports an *rc* file mechanism to allow the passing of a
number of parameters to liboc and libcurl.
The file must be called one of the following names: ".daprc" or
".dodsrc" If both .daprc and .dodsrc exist, then the .daprc file will
take precedence.
Searching for the rc file first looks in the current directory and then
in the home directory (as defined by the HOME environment variable). It
is also possible to specify a direct path using the *-R* option to
ocprint or using the *oc\_set\_rcfile* procedure (see oc.h). Note that
for these latter cases, the path must be to the file itself, not to the
containing directory.
authentication. Note that only simple password authentication
is supported in this format.
Specifically note that <a href="#REDIR">redirection</a> based
authorization will not work with this.
<h2 class="break"><a name="DODSRC"><u>RC File Authentication</u></a></h2>
The oc library supports an <i>rc</i> file mechanism to allow the passing
of a number of parameters to liboc and libcurl.
<p>
The file must be called one of the following names:
".daprc" or ".dodsrc"
If both .daprc and .dodsrc exist, then
the .daprc file will take precedence.
<p>
Searching for the rc file first looks in the current directory
and then in the home directory (as defined by the HOME environment
variable). It is also possible to specify a direct path using
the <i>-R</i> option to ocprint or using the <i>oc_set_rcfile</i>
procedure (see oc.h). Note that for these latter cases, the path
must be to the file itself, not to the containing directory.
<p>
The rc file format is a series of lines of the general form:
[<host:port>]<key>=<value>
where the bracket-enclosed host:port is optional and will be discussed
<pre>
[&lt;host:port&gt;]&lt;key&gt;=&lt;value&gt;
</pre>
where the bracket-enclosed host:port is optional and will be discussed
subsequently.
<p>
The currently defined set of authorization-related keys are as follows.
The second column is the affected curl\_easy\_setopt option(s).
Key
curl\_easy\_setopt Option
HTTP.COOKIEJAR
CURLOPT\_COOKIEJAR, CURLOPT\_COOKIEFILE
HTTP.PROXY\_SERVER
CURLOPT\_PROXY, CURLOPT\_PROXYPORT, CURLOPT\_PROXYUSERPWD
HTTP.SSL.CERTIFICATE
CURLOPT\_SSLCERT
HTTP.SSL.KEY
CURLOPT\_SSLKEY
HTTP.SSL.KEYPASSWORD
CURLOPT\_KEYPASSWORD
HTTP.SSL.CAINFO
CURLOPT\_SSLCAINFO
HTTP.SSL.CAPATH
CURLOPT\_SSLCAPATH
HTTP.SSL.VERIFYPEER
CURLOPT\_SSL\_VERIFYPEER
The second column is the affected curl_easy_setopt option(s).
<table>
<tr><th>Key<th>curl_easy_setopt Option
<tr><td>HTTP.COOKIEJAR<td>CURLOPT_COOKIEJAR, CURLOPT_COOKIEFILE
<tr><td>HTTP.PROXY_SERVER<td>CURLOPT_PROXY, CURLOPT_PROXYPORT, CURLOPT_PROXYUSERPWD
<tr><td>HTTP.SSL.CERTIFICATE<td>CURLOPT_SSLCERT
<tr><td>HTTP.SSL.KEY<td>CURLOPT_SSLKEY
<tr><td>HTTP.SSL.KEYPASSWORD<td>CURLOPT_KEYPASSWORD
<tr><td>HTTP.SSL.CAINFO<td>CURLOPT_SSLCAINFO
<tr><td>HTTP.SSL.CAPATH<td>CURLOPT_SSLCAPATH
<tr><td>HTTP.SSL.VERIFYPEER<td>CURLOPT_SSL_VERIFYPEER
<tr><td>HTTP.CREDENTIALS.USERPASSWORD<td>CURLOPT_USERPASSWORD
</table>
</ul>
<h3><u>Password Authentication</u></h3>
The key
HTTP.CREDENTIALS.USERPASSWORD
can be used to set the simple password authentication.
This is an alternative to setting it in the url.
The value must be of the form "username:password".
CURLOPT\_USERPASSWORD
<h3><u>Cookie Jar</u></h3>
The HTTP.COOKIEJAR key
specifies the name of file from which
to read cookies (CURLOPT_COOKIEJAR) and also
the file into which to store cookies (CURLOPT_COOKIEFILE).
The same value is used for both CURLOPT values.
It defaults to in-memory storage.
### Password Authentication
The key HTTP.CREDENTIALS.USERPASSWORD can be used to set the simple
password authentication. This is an alternative to setting it in the
url. The value must be of the form "username:password".
### Cookie Jar
The HTTP.COOKIEJAR key specifies the name of file from which to read
cookies (CURLOPT\_COOKIEJAR) and also the file into which to store
cookies (CURLOPT\_COOKIEFILE). The same value is used for both CURLOPT
values. It defaults to in-memory storage.
### Certificate Authentication
HTTP.SSL.CERTIFICATE specifies a file path for a file containing a PEM
cerficate. This is typically used for client-side authentication.
HTTP.SSL.KEY is essentially the same as HTTP.SSL.CERTIFICATE and should
usually have the same value.
HTTP.SSL.KEYPASSWORD specifies the password for accessing the
HTTP.SSL.KEY/HTTP.SSL.CERTIFICATE file.
HTTP.SSL.CAPATH specifies the path to a directory containing trusted
certificates for validating server sertificates.
HTTP.SSL.VALIDATE is a boolean (1/0) value that if true (1) specifies
that the client should verify the server's presented certificate.
HTTP.PROXY\_SERVER specified the url for accessing the proxy:
<h3><u>Certificate Authentication</u></h3>
HTTP.SSL.CERTIFICATE
specifies a file path for a file containing a PEM cerficate.
This is typically used for client-side authentication.
<p>
HTTP.SSL.KEY is essentially the same as HTTP.SSL.CERTIFICATE
and should usually have the same value.
<p>
HTTP.SSL.KEYPASSWORD
specifies the password for accessing the HTTP.SSL.KEY/HTTP.SSL.CERTIFICATE
file.
<p>
HTTP.SSL.CAPATH
specifies the path to a directory containing
trusted certificates for validating server sertificates.
<p>
HTTP.SSL.VALIDATE
is a boolean (1/0) value that if true (1)
specifies that the client should verify the server's presented certificate.
<p>
HTTP.PROXY_SERVER
specified the url for accessing the proxy:
(e.g.http://[username:password@]host[:port])
Redirection-Based Authentication {.break}
--------------------------------
Some sites provide authentication by using a third party site to to the
authentication. One example is
[URS](https://uat.urs.earthdata.nasa.gov), the EOSDIS User Registration
System.
<h2 class="break"><a name="REDIR"><u>Redirection-Based Authentication</u></a> </h2>
Some sites provide authentication by using a third party site
to to the authentication. One example is
<a href="https://uat.urs.earthdata.nasa.gov">URS</a>,
the EOSDIS User Registration System.
<p>
The process is usually as follows.
1. The client contacts the server of interest (SOI), the actual data
provider.
2. The SOI sends a redirect to the client to connect to the URS system.
3. The client authenticates with URS.
4. URS sends a redirect (with authorization information) to send the
client back to the SOI to actually obtain the data.
In order for this to work with libcurl, the client will usually need to
provide a .netrc file so that the redirection will work correctly. The
format of this .netrc file will contain content that typically look like
this.
machine uat.urs.earthdata.nasa.gov login xxxxxx password yyyyyy
where the machine is the one to which the client is redirected for
authorization, and the login and password are those needed to
authenticate.
<ol>
<li>The client contacts the server of interest (SOI), the actual data provider.
<li>The SOI sends a redirect to the client to connect to the URS system.
<li>The client authenticates with URS.
<li>URS sends a redirect (with authorization information) to send
the client back to the SOI to actually obtain the data.
</ol>
<p>
In order for this to work with libcurl, the client will usually need
to provide a .netrc file so that the redirection will work correctly.
The format of this .netrc file will contain content that
typically look like this.
<pre>
machine uat.urs.earthdata.nasa.gov login xxxxxx password yyyyyy
</pre>
where the machine is the one to which the client is redirected
for authorization, and the login and password are those
needed to authenticate.
<p>
The .netrc file can be specified in two ways.
<ol>
<li> Specify the netrc file to liboc using the procedure in oc.h:
<pre>
oc_set_netrc(OClink* link, const char* file)
</pre>
(This is equivalent to the -N flag to ocprint).
<p>
<li> Put the following line in your .daprc/.dodsrc file.
<pre>
HTTP.NETRC=&lt;path to netrc file&gt;
</pre>
</ol>
<p>
One final note. In using this, it is probable that you will
need to specify a cookie jar (HTTP.COOKIEJAR) so that the
redirect site can pass back authorization information.
1. Specify the netrc file to liboc using the procedure in oc.h:
oc_set_netrc(OClink* link, const char* file)
(This is equivalent to the -N flag to ocprint).
2. Put the following line in your .daprc/.dodsrc file.
HTTP.NETRC=<path to netrc file>
One final note. In using this, it is probable that you will need to
specify a cookie jar (HTTP.COOKIEJAR) so that the redirect site can pass
back authorization information.
URL Constrained RC File Entries {.break}
-------------------------------
Each line of the rc file can begin with a host+port enclosed in square
brackets. The form is "host:port". If the port is not specified then the
form is just "host". The reason that more of the url is not used is that
<h2 class="break"><a name="URLCONS"><u>URL Constrained RC File Entries</u></a></h2>
Each line of the rc file can begin with
a host+port enclosed in square brackets.
The form is "host:port". If the port is not specified
then the form is just "host".
The reason that more of the url is not used is that
libcurl's authorization grain is not any finer than host level.
<p>
Examples.
[remotetest.unidata.ucar.edu]HTTP.VERBOSE=1
or
[fake.ucar.edu:9090]HTTP.VERBOSE=0
If the url request from, say, the *oc\_open* method has a host+port
matchine one of the prefixes in the rc file, then the corresponding
entry will be used, otherwise ignored.
<pre>
[remotetest.unidata.ucar.edu]HTTP.VERBOSE=1
or
[fake.ucar.edu:9090]HTTP.VERBOSE=0
</pre>
If the url request from, say, the <i>oc_open</i> method
has a host+port matchine one of the prefixes in the rc file, then
the corresponding entry will be used, otherwise ignored.
<p>
For example, the URL
http://remotetest.unidata.ucar.edu/thredds/dodsC/testdata/testData.nc
<pre>
http://remotetest.unidata.ucar.edu/thredds/dodsC/testdata/testData.nc
</pre>
will have HTTP.VERBOSE set to 1.
Similarly,
http://fake.ucar.edu:9090/dts/test.01
<p>
Similarly,
<pre>
http://fake.ucar.edu:9090/dts/test.01
</pre>
will have HTTP.VERBOSE set to 0.
Client-Side Certificates {.break}
------------------------
Some systems, notably ESG (Earth System Grid), requires the use of
client-side certificates, as well as being [re-direction based](#REDIR).
<h2 class="break"><a name="CLIENTCERTS"><u>Client-Side Certificates</u></a></h2>
Some systems, notably ESG (Earth System Grid), requires
the use of client-side certificates, as well as being
<a href="#REDIR">re-direction based</a>.
This requires setting the following entries:
<ul>
<li>HTTP.COOKIEJAR &mdash; a file path for storing cookies across re-direction.
<li>HTTP.NETRC &mdash; the path to the netrc file.
<li>HTTP.SSL.CERTIFICATE &mdash; the file path for the client side certificate file.
<li>HTTP.SSL.KEY &mdash; this should have the same value as HTTP.SSL.CERTIFICATE.
<li>HTTP.SSL.CAPATH &mdash; the path to a "certificates" directory.
<li>HTTP.SSL.VALIDATE &mdash; force validation of the server certificate.
</ul>
Note that the first two are to support re-direction based authentication.
- HTTP.COOKIEJAR — a file path for storing cookies across
re-direction.
- HTTP.NETRC — the path to the netrc file.
- HTTP.SSL.CERTIFICATE — the file path for the client side certificate
file.
- HTTP.SSL.KEY — this should have the same value as
HTTP.SSL.CERTIFICATE.
- HTTP.SSL.CAPATH — the path to a "certificates" directory.
- HTTP.SSL.VALIDATE — force validation of the server certificate.
Note that the first two are to support re-direction based
authentication.
##### Appendix A. All RC-File Keys {.break}
<h5 class="break"><a name="allkeys"><u>Appendix A. All RC-File Keys</u></a></h5>
For completeness, this is the list of all rc-file keys.
<table>
<tr><th>Key<th>curl_easy_setopt Option
<tr valign="top"><td>HTTP.DEFLATE<td>CUROPT_DEFLATE<br>with value "deflate,gzip"
<tr><td>HTTP.VERBOSE <td>CUROPT_VERBOSE
<tr><td>HTTP.TIMEOUT<td>CUROPT_TIMEOUT
<tr><td>HTTP.USERAGENT<td>CUROPT_USERAGENT
<tr><td>HTTP.COOKIEJAR<td>CUROPT_COOKIEJAR
<tr><td>HTTP.COOKIE_JAR<td>CUROPT_COOKIEJAR
<tr valign="top"><td>HTTP.PROXY_SERVER<td>CURLOPT_PROXY,<br>CURLOPT_PROXYPORT,<br>CURLOPT_PROXYUSERPWD
<tr><td>HTTP.SSL.CERTIFICATE<td>CUROPT_SSLCERT
<tr><td>HTTP.SSL.KEY<td>CUROPT_SSLKEY
<tr><td>HTTP.SSL.KEYPASSWORD<td>CUROPT_KEYPASSWORD
<tr><td>HTTP.SSL.CAINFO<td>CUROPT_SSLCAINFO
<tr><td>HTTP.SSL.CAPATH<td>CUROPT_SSLCAPATH
<tr><td>HTTP.SSL.VERIFYPEER<td>CUROPT_SSL_VERIFYPEER
<tr><td>HTTP.CREDENTIALS.USERPASSWORD<td>CUROPT_USERPASSWORD
<tr><td>HTTP.NETRC<td>CURLOPT_NETRC,CURLOPT_NETRC_FILE
</table>
</ul>
Key
<h5 class="break"><a name="ESGDETAIL"><u>Appendix B. ESG Access in Detail</u></a></h5>
It is possible to access Earth Systems Grid (ESG) datasets
from ESG servers through the OC API using the techniques
described in the section on <a href="#CLIENTCERTS">Client-Side Certificates</a>.
<p>
In order to access ESG datasets, however, it is necessary to
register as a user with ESG and to setup your environment
so that proper authentication is established between an oc
client program and the ESG data server. Specifically, it
is necessary to use what is called "client-side keys" to
enable this authentication. Normally, when a client accesses
a server in a secure fashion (using "https"), the server
provides an authentication certificate to the client.
With client-side keys, the client must also provide a
certificate to the server so that the server can know with
whom it is communicating.
<p>
The oc library uses the <i>curl</i> library and it is that
underlying library that must be properly configured.
curl\_easy\_setopt Option
<h3><u>Terminology</u></h3>
The key elements for client-side keys requires the constructions of
two "stores" on the client side.
<ul>
<li> Keystore - a repository to hold the client side key.
<li> Truststore - a repository to hold a chain of certificates
that can be used to validate the certificate
sent by the server to the client.
</ul>
The server actually has a similar set of stores, but the client
need not be concerned with those.
HTTP.DEFLATE
<h3><u>Initial Steps</u></h3>
CUROPT\_DEFLATE\
with value "deflate,gzip"
The first step is to obtain authorization from ESG.
Note that this information may evolve over time, and
may be out of date.
This discussion is in terms of BADC and NCSA. You will need
to substitute as necessary.
<ol>
<li> Register at http://badc.nerc.ac.uk/register
to obtain access to badc and to obtain an openid,
which will looks something like:
<pre>https://ceda.ac.uk/openid/Firstname.Lastname</pre>
<li> Ask BADC for access to whatever datasets are of interest.
<p>
<li> Obtain short term credentials at
http://grid.ncsa.illinois.edu/myproxy/MyProxyLogon/
You will need to download and run the MyProxyLogon
program.
This will create a keyfile in, typically, the directory ".globus".
The keyfile will have a name similar to this: "x509up_u13615"
The other elements in ".globus" are certificates to use in
validating the certificate your client gets from the server.
<p>
<li> Obtain the program source ImportKey.java
from this location: http://www.agentbob.info/agentbob/79-AB.html
(read the whole page, it will help you understand the remaining steps).
</ol>
HTTP.VERBOSE
<h3><u>Building the KeyStore</u></h3>
You will have to modify the keyfile in the previous step
and then create a keystore and install the key and a certificate.
The commands are these:
<pre>
openssl pkcs8 -topk8 -nocrypt -in x509up_u13615 -inform PEM -out key.der -outform DER
CUROPT\_VERBOSE
openssl x509 -in x509up_u13615 -inform PEM -out cert.der -outform DER
HTTP.TIMEOUT
CUROPT\_TIMEOUT
HTTP.USERAGENT
CUROPT\_USERAGENT
HTTP.COOKIEJAR
CUROPT\_COOKIEJAR
HTTP.COOKIE\_JAR
CUROPT\_COOKIEJAR
HTTP.PROXY\_SERVER
CURLOPT\_PROXY,\
CURLOPT\_PROXYPORT,\
CURLOPT\_PROXYUSERPWD
HTTP.SSL.CERTIFICATE
CUROPT\_SSLCERT
HTTP.SSL.KEY
CUROPT\_SSLKEY
HTTP.SSL.KEYPASSWORD
CUROPT\_KEYPASSWORD
HTTP.SSL.CAINFO
CUROPT\_SSLCAINFO
HTTP.SSL.CAPATH
CUROPT\_SSLCAPATH
HTTP.SSL.VERIFYPEER
CUROPT\_SSL\_VERIFYPEER
HTTP.CREDENTIALS.USERPASSWORD
CUROPT\_USERPASSWORD
HTTP.NETRC
CURLOPT\_NETRC,CURLOPT\_NETRC\_FILE
##### Appendix B. ESG Access in Detail {.break}
It is possible to access Earth Systems Grid (ESG) datasets from ESG
servers through the OC API using the techniques described in the section
on [Client-Side Certificates](#CLIENTCERTS).
In order to access ESG datasets, however, it is necessary to register as
a user with ESG and to setup your environment so that proper
authentication is established between an oc client program and the ESG
data server. Specifically, it is necessary to use what is called
"client-side keys" to enable this authentication. Normally, when a
client accesses a server in a secure fashion (using "https"), the server
provides an authentication certificate to the client. With client-side
keys, the client must also provide a certificate to the server so that
the server can know with whom it is communicating.
The oc library uses the *curl* library and it is that underlying library
that must be properly configured.
### Terminology
The key elements for client-side keys requires the constructions of two
"stores" on the client side.
- Keystore - a repository to hold the client side key.
- Truststore - a repository to hold a chain of certificates that can
be used to validate the certificate sent by the server to the
client.
The server actually has a similar set of stores, but the client need not
be concerned with those.
### Initial Steps
The first step is to obtain authorization from ESG. Note that this
information may evolve over time, and may be out of date. This
discussion is in terms of BADC and NCSA. You will need to substitute as
necessary.
1. Register at http://badc.nerc.ac.uk/register to obtain access to badc
and to obtain an openid, which will looks something like:
https://ceda.ac.uk/openid/Firstname.Lastname
2. Ask BADC for access to whatever datasets are of interest.
3. Obtain short term credentials at
http://grid.ncsa.illinois.edu/myproxy/MyProxyLogon/ You will need to
download and run the MyProxyLogon program. This will create a
keyfile in, typically, the directory ".globus". The keyfile will
have a name similar to this: "x509up\_u13615" The other elements in
".globus" are certificates to use in validating the certificate your
client gets from the server.
4. Obtain the program source ImportKey.java from this location:
http://www.agentbob.info/agentbob/79-AB.html (read the whole page,
it will help you understand the remaining steps).
### Building the KeyStore
You will have to modify the keyfile in the previous step and then create
a keystore and install the key and a certificate. The commands are
these:
openssl pkcs8 -topk8 -nocrypt -in x509up_u13615 -inform PEM -out key.der -outform DER
openssl x509 -in x509up_u13615 -inform PEM -out cert.der -outform DER
java -classpath -Dkeypassword="" -Dkeystore=./ key.der cert.der
Note, the file names "key.der" and "cert.der" can be whatever you
choose. It is probably best to leave the .der extension, though.
### Building the TrustStore
java -classpath <path to ImportKey.class> -Dkeypassword="<password>" -Dkeystore=./<keystorefilename> key.der cert.der
</pre>
Note, the file names "key.der" and "cert.der" can be whatever you choose.
It is probably best to leave the .der extension, though.
<h3><u>Building the TrustStore</u></h3>
Building the truststore is a bit tricky because as provided, the
certificates in ".globus" need some massaging. See the script below for
the details. The primary command is this, which is executed for every
certificate, c, in globus. It sticks the certificate into the file named
"truststore"
certificates in ".globus" need some massaging. See the script below
for the details. The primary command is this, which is executed for every
certificate, c, in globus. It sticks the certificate into the file
named "truststore"
<pre>
keytool -trustcacerts -storepass "password" -v -keystore "truststore" -importcert -file "${c}"
</pre>
keytool -trustcacerts -storepass "password" -v -keystore "truststore" -importcert -file "${c}"
<h3><u>Running the C Client</u></h3>
### Running the C Client
Refer to the section on [Client-Side Certificates](#CLIENTCERTS). The
keys specified there must be set in the rc file to support ESG access.
- HTTP.COOKIEJAR=\~/.dods\_cookies
- HTTP.NETRC=\~/.netrc
- HTTP.SSL.CERTIFICATE=\~/esgkeystore
- HTTP.SSL.KEY=\~/esgkeystore
- HTTP.SSL.CAPATH=\~/.globus
- HTTP.SSL.VALIDATE=1
Of course, the file paths above are suggestions only; you can modify as
needed. The HTTP.SSL.CERTIFICATE and HTTP.SSL.KEY entries should have
same value, which is the file path for the certificate produced by
MyProxyLogon. The HTTP.SSL.CAPATH entry should be the path to the
"certificates" directory produced by MyProxyLogon.
As noted, also uses re-direction based authentication. So, when it
receives an initial connection from a client, it redirects to a separate
authentication server. When that server has authenticated the client, it
redirects back to the original url to complete the request.
### Script for creating Stores
Refer to the section on <a href="#CLIENTCERTS">Client-Side Certificates</a>.
The keys specified there must be set in the rc file to support
ESG access.
<ul>
<li> HTTP.COOKIEJAR=~/.dods_cookies
<li> HTTP.NETRC=~/.netrc
<li> HTTP.SSL.CERTIFICATE=~/esgkeystore
<li> HTTP.SSL.KEY=~/esgkeystore
<li> HTTP.SSL.CAPATH=~/.globus
<li> HTTP.SSL.VALIDATE=1
</ul>
Of course, the file paths above are suggestions only;
you can modify as needed.
The HTTP.SSL.CERTIFICATE and HTTP.SSL.KEY
entries should have same value, which is the file path for the
certificate produced by MyProxyLogon. The HTTP.SSL.CAPATH entry
should be the path to the "certificates" directory produced by
MyProxyLogon.
<p>
As noted, also uses re-direction based authentication.
So, when it receives an initial connection from a client, it
redirects to a separate authentication server. When that
server has authenticated the client, it redirects back to
the original url to complete the request.
<h3><u>Script for creating Stores</u></h3>
The following script shows in detail how to actually construct the key
and trust stores. It is specific to the format of the globus file as it
was when ESG support was first added. It may have changed since then, in
which case, you will need to seek some help in fixing this script. It
would help if you communicated what you changed to the author so this
document can be updated.
and trust stores. It is specific to the format of the globus file
as it was when ESG support was first added. It may have changed
since then, in which case, you will need to seek some help
in fixing this script. It would help if you communicated
what you changed to the author so this document can be updated.
<pre>
#!/bin/sh -x
KEYSTORE="esgkeystore"
TRUSTSTORE="esgtruststore"
GLOBUS="globus"
TRUSTROOT="certificates"
CERT="x509up_u13615"
TRUSTROOTPATH="$GLOBUS/$TRUSTROOT"
CERTFILE="$GLOBUS/$CERT"
PWD="password"
#!/bin/sh -x
KEYSTORE="esgkeystore"
TRUSTSTORE="esgtruststore"
GLOBUS="globus"
TRUSTROOT="certificates"
CERT="x509up_u13615"
TRUSTROOTPATH="$GLOBUS/$TRUSTROOT"
CERTFILE="$GLOBUS/$CERT"
PWD="password"
D="-Dglobus=$GLOBUS"
CCP="bcprov-jdk16-145.jar"
CP="./build:${CCP}"
JAR="myproxy.jar"
D="-Dglobus=$GLOBUS"
CCP="bcprov-jdk16-145.jar"
CP="./build:${CCP}"
JAR="myproxy.jar"
# Initialize needed directories
rm -fr build
mkdir build
rm -fr $GLOBUS
mkdir $GLOBUS
rm -f $KEYSTORE
rm -f $TRUSTSTORE
# Initialize needed directories
rm -fr build
mkdir build
rm -fr $GLOBUS
mkdir $GLOBUS
rm -f $KEYSTORE
rm -f $TRUSTSTORE
# Compile MyProxyCmd and ImportKey
javac -d ./build -classpath "$CCP" *.java
javac -d ./build ImportKey.java
# Compile MyProxyCmd and ImportKey
javac -d ./build -classpath "$CCP" *.java
javac -d ./build ImportKey.java
# Execute MyProxyCmd
java -cp "$CP myproxy.MyProxyCmd
# Execute MyProxyCmd
java -cp "$CP myproxy.MyProxyCmd
# Build the keystore
openssl pkcs8 -topk8 -nocrypt -in $CERTFILE -inform PEM -out key.der -outform DER
openssl x509 -in $CERTFILE -inform PEM -out cert.der -outform DER
java -Dkeypassword=$PWD -Dkeystore=./${KEYSTORE} -cp ./build ImportKey key.der cert.der
# Build the keystore
openssl pkcs8 -topk8 -nocrypt -in $CERTFILE -inform PEM -out key.der -outform DER
openssl x509 -in $CERTFILE -inform PEM -out cert.der -outform DER
java -Dkeypassword=$PWD -Dkeystore=./${KEYSTORE} -cp ./build ImportKey key.der cert.der
# Clean up the certificates in the globus directory
for c in ${TRUSTROOTPATH}/*.0 ; do
alias=`basename $c .0`
sed -e '0,/---/d' <$c >/tmp/${alias}
echo "-----BEGIN CERTIFICATE-----" >$c
cat /tmp/${alias} >>$c
done
# Build the truststore
for c in ${TRUSTROOTPATH}/*.0 ; do
alias=`basename $c .0`
echo "adding: $TRUSTROOTPATH/${c}"
echo "alias: $alias"
yes | keytool -trustcacerts -storepass "$PWD" -v -keystore ./$TRUSTSTORE -alias $alias -importcert -file "${c}"
done
exit
</pre>
# Clean up the certificates in the globus directory
for c in ${TRUSTROOTPATH}/*.0 ; do
alias=`basename $c .0`
sed -e '0,/---/d' <$c >/tmp/${alias}
echo "-----BEGIN CERTIFICATE-----" >$c
cat /tmp/${alias} >>$c
done
# Build the truststore
for c in ${TRUSTROOTPATH}/*.0 ; do
alias=`basename $c .0`
echo "adding: $TRUSTROOTPATH/${c}"
echo "alias: $alias"
yes | keytool -trustcacerts -storepass "$PWD" -v -keystore ./$TRUSTSTORE -alias $alias -importcert -file "${c}"
done
exit
</body>
</html>

339
libsrc/attr.c
View File

@ -1,4 +1,6 @@
#line 5 "attr.m4"
/* Do not edit this file. It is produced from the corresponding .m4 source */
#line 7
/*
* Copyright 1996, University Corporation for Atmospheric Research
* See netcdf/COPYRIGHT file for copying and redistribution conditions.
@ -611,367 +613,704 @@ NC3_del_att(int ncid, int varid, const char *uname)
return NC_NOERR;
}
#line 674
static int
#line 675
ncx_pad_putn_Iuchar(void **xpp, size_t nelems, const uchar *tp, nc_type type)
#line 675
{
#line 675
switch(type) {
#line 675
case NC_CHAR:
#line 675
return NC_ECHAR;
#line 675
case NC_BYTE:
#line 675
return ncx_pad_putn_schar_uchar(xpp, nelems, tp);
#line 675
case NC_SHORT:
#line 675
return ncx_pad_putn_short_uchar(xpp, nelems, tp);
#line 675
case NC_INT:
#line 675
return ncx_putn_int_uchar(xpp, nelems, tp);
#line 675
case NC_FLOAT:
#line 675
return ncx_putn_float_uchar(xpp, nelems, tp);
#line 675
case NC_DOUBLE:
#line 675
return ncx_putn_double_uchar(xpp, nelems, tp);
#line 675
default:
#line 675
assert("ncx_pad_putn_Iuchar invalid type" == 0);
#line 675
}
#line 675
return NC_EBADTYPE;
#line 675
}
#line 675
static int
#line 676
ncx_pad_getn_Iuchar(const void **xpp, size_t nelems, uchar *tp, nc_type type)
#line 676
{
#line 676
switch(type) {
#line 676
case NC_CHAR:
#line 676
return NC_ECHAR;
#line 676
case NC_BYTE:
#line 676
return ncx_pad_getn_schar_uchar(xpp, nelems, tp);
#line 676
case NC_SHORT:
#line 676
return ncx_pad_getn_short_uchar(xpp, nelems, tp);
#line 676
case NC_INT:
#line 676
return ncx_getn_int_uchar(xpp, nelems, tp);
#line 676
case NC_FLOAT:
#line 676
return ncx_getn_float_uchar(xpp, nelems, tp);
#line 676
case NC_DOUBLE:
#line 676
return ncx_getn_double_uchar(xpp, nelems, tp);
#line 676
default:
#line 676
assert("ncx_pad_getn_Iuchar invalid type" == 0);
#line 676
}
#line 676
return NC_EBADTYPE;
#line 676
}
#line 676
static int
#line 678
ncx_pad_putn_Ischar(void **xpp, size_t nelems, const schar *tp, nc_type type)
#line 678
{
#line 678
switch(type) {
#line 678
case NC_CHAR:
#line 678
return NC_ECHAR;
#line 678
case NC_BYTE:
#line 678
return ncx_pad_putn_schar_schar(xpp, nelems, tp);
#line 678
case NC_SHORT:
#line 678
return ncx_pad_putn_short_schar(xpp, nelems, tp);
#line 678
case NC_INT:
#line 678
return ncx_putn_int_schar(xpp, nelems, tp);
#line 678
case NC_FLOAT:
#line 678
return ncx_putn_float_schar(xpp, nelems, tp);
#line 678
case NC_DOUBLE:
#line 678
return ncx_putn_double_schar(xpp, nelems, tp);
#line 678
default:
#line 678
assert("ncx_pad_putn_Ischar invalid type" == 0);
#line 678
}
#line 678
return NC_EBADTYPE;
#line 678
}
#line 678
static int
#line 679
ncx_pad_getn_Ischar(const void **xpp, size_t nelems, schar *tp, nc_type type)
#line 679
{
#line 679
switch(type) {
#line 679
case NC_CHAR:
#line 679
return NC_ECHAR;
#line 679
case NC_BYTE:
#line 679
return ncx_pad_getn_schar_schar(xpp, nelems, tp);
#line 679
case NC_SHORT:
#line 679
return ncx_pad_getn_short_schar(xpp, nelems, tp);
#line 679
case NC_INT:
#line 679
return ncx_getn_int_schar(xpp, nelems, tp);
#line 679
case NC_FLOAT:
#line 679
return ncx_getn_float_schar(xpp, nelems, tp);
#line 679
case NC_DOUBLE:
#line 679
return ncx_getn_double_schar(xpp, nelems, tp);
#line 679
default:
#line 679
assert("ncx_pad_getn_Ischar invalid type" == 0);
#line 679
}
#line 679
return NC_EBADTYPE;
#line 679
}
#line 679
static int
#line 681
ncx_pad_putn_Ishort(void **xpp, size_t nelems, const short *tp, nc_type type)
#line 681
{
#line 681
switch(type) {
#line 681
case NC_CHAR:
#line 681
return NC_ECHAR;
#line 681
case NC_BYTE:
#line 681
return ncx_pad_putn_schar_short(xpp, nelems, tp);
#line 681
case NC_SHORT:
#line 681
return ncx_pad_putn_short_short(xpp, nelems, tp);
#line 681
case NC_INT:
#line 681
return ncx_putn_int_short(xpp, nelems, tp);
#line 681
case NC_FLOAT:
#line 681
return ncx_putn_float_short(xpp, nelems, tp);
#line 681
case NC_DOUBLE:
#line 681
return ncx_putn_double_short(xpp, nelems, tp);
#line 681
default:
#line 681
assert("ncx_pad_putn_Ishort invalid type" == 0);
#line 681
}
#line 681
return NC_EBADTYPE;
#line 681
}
#line 681
static int
#line 682
ncx_pad_getn_Ishort(const void **xpp, size_t nelems, short *tp, nc_type type)
#line 682
{
#line 682
switch(type) {
#line 682
case NC_CHAR:
#line 682
return NC_ECHAR;
#line 682
case NC_BYTE:
#line 682
return ncx_pad_getn_schar_short(xpp, nelems, tp);
#line 682
case NC_SHORT:
#line 682
return ncx_pad_getn_short_short(xpp, nelems, tp);
#line 682
case NC_INT:
#line 682
return ncx_getn_int_short(xpp, nelems, tp);
#line 682
case NC_FLOAT:
#line 682
return ncx_getn_float_short(xpp, nelems, tp);
#line 682
case NC_DOUBLE:
#line 682
return ncx_getn_double_short(xpp, nelems, tp);
#line 682
default:
#line 682
assert("ncx_pad_getn_Ishort invalid type" == 0);
#line 682
}
#line 682
return NC_EBADTYPE;
#line 682
}
#line 682
static int
#line 684
ncx_pad_putn_Iint(void **xpp, size_t nelems, const int *tp, nc_type type)
#line 684
{
#line 684
switch(type) {
#line 684
case NC_CHAR:
#line 684
return NC_ECHAR;
#line 684
case NC_BYTE:
#line 684
return ncx_pad_putn_schar_int(xpp, nelems, tp);
#line 684
case NC_SHORT:
#line 684
return ncx_pad_putn_short_int(xpp, nelems, tp);
#line 684
case NC_INT:
#line 684
return ncx_putn_int_int(xpp, nelems, tp);
#line 684
case NC_FLOAT:
#line 684
return ncx_putn_float_int(xpp, nelems, tp);
#line 684
case NC_DOUBLE:
#line 684
return ncx_putn_double_int(xpp, nelems, tp);
#line 684
default:
#line 684
assert("ncx_pad_putn_Iint invalid type" == 0);
#line 684
}
#line 684
return NC_EBADTYPE;
#line 684
}
#line 684
static int
#line 685
ncx_pad_getn_Iint(const void **xpp, size_t nelems, int *tp, nc_type type)
#line 685
{
#line 685
switch(type) {
#line 685
case NC_CHAR:
#line 685
return NC_ECHAR;
#line 685
case NC_BYTE:
#line 685
return ncx_pad_getn_schar_int(xpp, nelems, tp);
#line 685
case NC_SHORT:
#line 685
return ncx_pad_getn_short_int(xpp, nelems, tp);
#line 685
case NC_INT:
#line 685
return ncx_getn_int_int(xpp, nelems, tp);
#line 685
case NC_FLOAT:
#line 685
return ncx_getn_float_int(xpp, nelems, tp);
#line 685
case NC_DOUBLE:
#line 685
return ncx_getn_double_int(xpp, nelems, tp);
#line 685
default:
#line 685
assert("ncx_pad_getn_Iint invalid type" == 0);
#line 685
}
#line 685
return NC_EBADTYPE;
#line 685
}
#line 685
static int
#line 687
ncx_pad_putn_Ifloat(void **xpp, size_t nelems, const float *tp, nc_type type)
#line 687
{
#line 687
switch(type) {
#line 687
case NC_CHAR:
#line 687
return NC_ECHAR;
#line 687
case NC_BYTE:
#line 687
return ncx_pad_putn_schar_float(xpp, nelems, tp);
#line 687
case NC_SHORT:
#line 687
return ncx_pad_putn_short_float(xpp, nelems, tp);
#line 687
case NC_INT:
#line 687
return ncx_putn_int_float(xpp, nelems, tp);
#line 687
case NC_FLOAT:
#line 687
return ncx_putn_float_float(xpp, nelems, tp);
#line 687
case NC_DOUBLE:
#line 687
return ncx_putn_double_float(xpp, nelems, tp);
#line 687
default:
#line 687
assert("ncx_pad_putn_Ifloat invalid type" == 0);
#line 687
}
#line 687
return NC_EBADTYPE;
#line 687
}
#line 687
static int
#line 688
ncx_pad_getn_Ifloat(const void **xpp, size_t nelems, float *tp, nc_type type)
#line 688
{
#line 688
switch(type) {
#line 688
case NC_CHAR:
#line 688
return NC_ECHAR;
#line 688
case NC_BYTE:
#line 688
return ncx_pad_getn_schar_float(xpp, nelems, tp);
#line 688
case NC_SHORT:
#line 688
return ncx_pad_getn_short_float(xpp, nelems, tp);
#line 688
case NC_INT:
#line 688
return ncx_getn_int_float(xpp, nelems, tp);
#line 688
case NC_FLOAT:
#line 688
return ncx_getn_float_float(xpp, nelems, tp);
#line 688
case NC_DOUBLE:
#line 688
return ncx_getn_double_float(xpp, nelems, tp);
#line 688
default:
#line 688
assert("ncx_pad_getn_Ifloat invalid type" == 0);
#line 688
}
#line 688
return NC_EBADTYPE;
#line 688
}
#line 688
static int
#line 690
ncx_pad_putn_Idouble(void **xpp, size_t nelems, const double *tp, nc_type type)
#line 690
{
#line 690
switch(type) {
#line 690
case NC_CHAR:
#line 690
return NC_ECHAR;
#line 690
case NC_BYTE:
#line 690
return ncx_pad_putn_schar_double(xpp, nelems, tp);
#line 690
case NC_SHORT:
#line 690
return ncx_pad_putn_short_double(xpp, nelems, tp);
#line 690
case NC_INT:
#line 690
return ncx_putn_int_double(xpp, nelems, tp);
#line 690
case NC_FLOAT:
#line 690
return ncx_putn_float_double(xpp, nelems, tp);
#line 690
case NC_DOUBLE:
#line 690
return ncx_putn_double_double(xpp, nelems, tp);
#line 690
default:
#line 690
assert("ncx_pad_putn_Idouble invalid type" == 0);
#line 690
}
#line 690
return NC_EBADTYPE;
#line 690
}
#line 690
static int
#line 691
ncx_pad_getn_Idouble(const void **xpp, size_t nelems, double *tp, nc_type type)
#line 691
{
#line 691
switch(type) {
#line 691
case NC_CHAR:
#line 691
return NC_ECHAR;
#line 691
case NC_BYTE:
#line 691
return ncx_pad_getn_schar_double(xpp, nelems, tp);
#line 691
case NC_SHORT:
#line 691
return ncx_pad_getn_short_double(xpp, nelems, tp);
#line 691
case NC_INT:
#line 691
return ncx_getn_int_double(xpp, nelems, tp);
#line 691
case NC_FLOAT:
#line 691
return ncx_getn_float_double(xpp, nelems, tp);
#line 691
case NC_DOUBLE:
#line 691
return ncx_getn_double_double(xpp, nelems, tp);
#line 691
default:
#line 691
assert("ncx_pad_getn_Idouble invalid type" == 0);
#line 691
}
#line 691
return NC_EBADTYPE;
#line 691
}
#line 691
#ifdef IGNORE
static int
#line 694
ncx_pad_putn_Ilong(void **xpp, size_t nelems, const long *tp, nc_type type)
#line 694
{
#line 694
switch(type) {
#line 694
case NC_CHAR:
#line 694
return NC_ECHAR;
#line 694
case NC_BYTE:
#line 694
return ncx_pad_putn_schar_long(xpp, nelems, tp);
#line 694
case NC_SHORT:
#line 694
return ncx_pad_putn_short_long(xpp, nelems, tp);
#line 694
case NC_INT:
#line 694
return ncx_putn_int_long(xpp, nelems, tp);
#line 694
case NC_FLOAT:
#line 694
return ncx_putn_float_long(xpp, nelems, tp);
#line 694
case NC_DOUBLE:
#line 694
return ncx_putn_double_long(xpp, nelems, tp);
#line 694
default:
#line 694
assert("ncx_pad_putn_Ilong invalid type" == 0);
#line 694
}
#line 694
return NC_EBADTYPE;
#line 694
}
#line 694
static int
#line 695
ncx_pad_getn_Ilong(const void **xpp, size_t nelems, long *tp, nc_type type)
#line 695
{
#line 695
switch(type) {
#line 695
case NC_CHAR:
#line 695
return NC_ECHAR;
#line 695
case NC_BYTE:
#line 695
return ncx_pad_getn_schar_long(xpp, nelems, tp);
#line 695
case NC_SHORT:
#line 695
return ncx_pad_getn_short_long(xpp, nelems, tp);
#line 695
case NC_INT:
#line 695
return ncx_getn_int_long(xpp, nelems, tp);
#line 695
case NC_FLOAT:
#line 695
return ncx_getn_float_long(xpp, nelems, tp);
#line 695
case NC_DOUBLE:
#line 695
return ncx_getn_double_long(xpp, nelems, tp);
#line 695
default:
#line 695
assert("ncx_pad_getn_Ilong invalid type" == 0);
#line 695
}
#line 695
return NC_EBADTYPE;
#line 695
}
#line 695
#endif
static int
#line 698
ncx_pad_putn_Ilonglong(void **xpp, size_t nelems, const longlong *tp, nc_type type)
#line 698
{
#line 698
switch(type) {
#line 698
case NC_CHAR:
#line 698
return NC_ECHAR;
#line 698
case NC_BYTE:
#line 698
return ncx_pad_putn_schar_longlong(xpp, nelems, tp);
#line 698
case NC_SHORT:
#line 698
return ncx_pad_putn_short_longlong(xpp, nelems, tp);
#line 698
case NC_INT:
#line 698
return ncx_putn_int_longlong(xpp, nelems, tp);
#line 698
case NC_FLOAT:
#line 698
return ncx_putn_float_longlong(xpp, nelems, tp);
#line 698
case NC_DOUBLE:
#line 698
return ncx_putn_double_longlong(xpp, nelems, tp);
#line 698
default:
#line 698
assert("ncx_pad_putn_Ilonglong invalid type" == 0);
#line 698
}
#line 698
return NC_EBADTYPE;
#line 698
}
#line 698
static int
#line 699
ncx_pad_getn_Ilonglong(const void **xpp, size_t nelems, longlong *tp, nc_type type)
#line 699
{
#line 699
switch(type) {
#line 699
case NC_CHAR:
#line 699
return NC_ECHAR;
#line 699
case NC_BYTE:
#line 699
return ncx_pad_getn_schar_longlong(xpp, nelems, tp);
#line 699
case NC_SHORT:
#line 699
return ncx_pad_getn_short_longlong(xpp, nelems, tp);
#line 699
case NC_INT:
#line 699
return ncx_getn_int_longlong(xpp, nelems, tp);
#line 699
case NC_FLOAT:
#line 699
return ncx_getn_float_longlong(xpp, nelems, tp);
#line 699
case NC_DOUBLE:
#line 699
return ncx_getn_double_longlong(xpp, nelems, tp);
#line 699
default:
#line 699
assert("ncx_pad_getn_Ilonglong invalid type" == 0);
#line 699
}
#line 699
return NC_EBADTYPE;
#line 699
}
#line 699

213
ncdap_test/testauth.old Executable file
View File

@ -0,0 +1,213 @@
#!/bin/sh
#NOEMBED=1
#NOLOCAL=1
#NOHOME=1
#NOENV=1
#DBG=1
#SHOW=1
# Choose at most 1
#GDB=1
#VG=1
NFL=1
WD=`pwd`
NETRCFILE=$WD/test_auth_netrc
# This is the control variable
NETRC=$NETRCFILE
COOKIES="${WD}/test_auth_cookies"
RC=.daprc
NCLOGFILE=stderr
if test "x$DBG" = x1 ; then
SHOW=1
fi
# Major parameters
BASICCOMBO="tiggeUser:tigge"
URLSERVER="remotetest.unidata.ucar.edu"
URLPATH="thredds/dodsC/restrict/testData.nc"
# See if we need to override
if test "x$URS" != "x" ; then
#https://54.86.135.31/opendap/data/nc/fnoc1.nc.dds
URLSERVER="54.86.135.31"
URLPATH="opendap/data/nc/fnoc1.nc"
BASICCOMBO="$URS"
NOEMBED=1
NETRC=$NETRCFILE
else
NETRC=
fi
if test "x$DBG" = x1 ; then
URLPATH="${URLPATH}#log&show=fetch"
fi
# Split the combo
BASICUSER=`echo $BASICCOMBO | cut -d: -f1`
BASICPWD=`echo $BASICCOMBO | cut -d: -f2`
NCDUMP=
for o in ./.libs/ncdump.exe ./.libs/ncdump ./ncdump.exe ./ncdump ; do
if test -f $o ; then
NCDUMP=$o
break;
fi
done
if test "x$NCDUMP" = x ; then
echo "no ncdump"
exit 1
fi
if test "x$SHOW" = x ; then
OUTPUT="> /dev/null"
else
OUTPUT=
fi
if test "x$TEMP" = x ; then
TEMP="/tmp"
fi
TEMP=`echo "$TEMP" | sed -e "s|/$||"`
LOCALRC=./$RC
HOMERC=${HOME}/$RC
HOMERC=`echo "$HOMERC" | sed -e "s|//|/|g"`
ENVRC="$TEMP/$RC"
cd `pwd`
builddir=`pwd`
# Hack for CYGWIN
cd $srcdir
srcdir=`pwd`
cd ${builddir}
function createrc {
if test "x$1" != x ; then
RCP=$1
rm -f $RCP
echo "Creating rc file $RCP"
if test "x${DBG}" != x ; then
echo "HTTP.VERBOSE=1" >>$RCP
fi
echo "HTTP.COOKIEJAR=${COOKIES}" >>$RCP
if test "x${URS}" = x ; then
echo "HTTP.CREDENTIALS.USERPASSWORD=${BASICCOMBO}" >>$RCP
fi
if test "x${NETRC}" != x && test "x$NFL" = x ; then
echo "HTTP.NETRC=${NETRC}" >>$RCP
fi
fi
}
function createnetrc {
if test "x$1" != x ; then
rm -f $1
echo "Creating netrc file $1"
echo "machine uat.urs.earthdata.nasa.gov login $BASICUSER password $BASICPWD" >>$1
#echo "machine 54.86.135.31 login $BASICUSER password $BASICPWD" >>$1
fi
}
# Forcibly remove all and do not restore with save
function reset {
for f in ./$RC $HOMERC $ENVRC $COOKIES $NETRC ; do
rm -f ${f}
done
}
# Restore from .save files
function restore {
for f in ./$RC $HOMERC $ENVRC $COOKIES $NETRC ; do
rm -f ${f}
if test -f ${f}.save ; then
echo "restoring old ${f}"
cp ${f}.save ${f}
fi
done
}
function save {
for f in ./$RC $HOMERC $ENVRC $COOKIES $NETRC ; do
if test -f $f ; then
if test -f ${f}.save ; then
ignore=1
else
echo "saving $f"
cp ${f} ${f}.save
fi
fi
done
}
export LD_LIBRARY_PATH="../liblib/.libs:/usr/local/lib:/usr/lib64:$LD_LIBRARY_PATH"
if test "x$GDB" = x1 ; then
NCDUMP="gdb --args $NCDUMP"
fi
if test "x$VG" = x1 ; then
NCDUMP="valgrind --leak-check=full $NCDUMP"
fi
# Initialize
save
reset
if test "x$NOEMBED" != x1 ; then
echo "***Testing rc file with embedded user:pwd"
URL="https://${BASICCOMBO}@${URLSERVER}/$URLPATH"
# Invoke ncdump to extract a file from the URL
echo "command: ${NCDUMP} -h $URL ${OUTPUT}"
${NCDUMP} -h "$URL" ${OUTPUT}
fi
URL="https://${URLSERVER}/$URLPATH"
if test "x$NOLOCAL" != x1 ; then
echo "***Testing rc file in local directory"
# Create the rc file and (optional) netrc file in ./
reset
createnetrc $NETRC
createrc $LOCALRC
# Invoke ncdump to extract a file the URL
echo "command: ${NCDUMP} -h $URL ${OUTPUT}"
${NCDUMP} -h "$URL" ${OUTPUT}
fi
if test "x$NOHOME" != x1 ; then
echo "***Testing rc file in home directory"
# Create the rc file and (optional) netrc fil in ./
reset
createnetrc $NETRC
createrc $HOMERC
# Invoke ncdump to extract a file the URL
echo "command: ${NCDUMP} -h $URL ${OUTPUT}"
${NCDUMP} -h "$URL" ${OUTPUT}
fi
if test "x$NOENV" != x1 ; then
echo "*** Testing rc file from env variable"
# Create the rc file and (optional) netrc file
reset
createnetrc $NETRC
export NCRCFILE=$ENVRC
createrc $NCRCFILE
# Invoke ncdump to extract a file the URL
echo "command: ${NCDUMP} -h $URL ${OUTPUT}"
${NCDUMP} -h "$URL" ${OUTPUT}
fi
set +x
#restore

310
ncdap_test/testauth.sh
View File

@ -1,12 +1,16 @@
#!/bin/sh
#NOEMBED=1
#NOLOCAL=1
#NOHOME=1
#NOENV=1
RCEMBED=1
RCLOCAL=1
RCHOME=1
RCENV=1
RCPREC=1
# Not currently testable in netcdf
#RCSPEC=1
#DBG=1
#SHOW=1
#DBG=1
# Choose at most 1
#GDB=1
@ -17,14 +21,14 @@ NFL=1
WD=`pwd`
NETRCFILE=$WD/test_auth_netrc
# This is the control variable
NETRC=$NETRCFILE
# This is the control variable; set when needed
unset NETRC
COOKIES="${WD}/test_auth_cookies"
RC=.daprc
NCLOGFILE=stderr
OCLOGFILE=stderr
if test "x$DBG" = x1 ; then
SHOW=1
fi
@ -32,8 +36,11 @@ fi
# Major parameters
BASICCOMBO="tiggeUser:tigge"
BADCOMBO="tiggeUser:xxxxx"
URLSERVER="remotetest.unidata.ucar.edu"
#http://remotetest.unidata.ucar.edu/thredds/dodsC/restrict/testData.nc.html
URLPATH="thredds/dodsC/restrict/testData.nc"
PROTO=http
# See if we need to override
if test "x$URS" != "x" ; then
@ -41,10 +48,9 @@ if test "x$URS" != "x" ; then
URLSERVER="54.86.135.31"
URLPATH="opendap/data/nc/fnoc1.nc"
BASICCOMBO="$URS"
NOEMBED=1
RCEMBED=0
NETRC=$NETRCFILE
else
NETRC=
PROTO=https
fi
if test "x$DBG" = x1 ; then
@ -55,23 +61,30 @@ fi
BASICUSER=`echo $BASICCOMBO | cut -d: -f1`
BASICPWD=`echo $BASICCOMBO | cut -d: -f2`
xf() { case $- in *[x]*) set +x; XP=1;; *) XP=0;; esac }
xo() { case $XP in 1) set -x;; *) set +x;; esac }
xf
NCDUMP=
for o in ./.libs/ncdump.exe ./.libs/ncdump ./ncdump.exe ./ncdump ; do
if test -f $o ; then
NCDUMP=$o
break;
fi
for d in "$WD/../ncdump" "$WD" ; do
for o in $d/.libs/ncdump.exe $d/.libs/ncdump $d/ncdump.exe $d/ncdump ; do
if test -f $o ; then
NCDUMP=$o
break;
fi
done
if test "x$NCDUMP" != x; then break; fi
done
xo
if test "x$NCDUMP" = x ; then
echo "no ncdump"
exit 1
else
echo "NCDUMP=$NCDUMP"
fi
if test "x$SHOW" = x ; then
OUTPUT="> /dev/null"
else
OUTPUT=
fi
OUTPUT="./.output"
if test "x$TEMP" = x ; then
TEMP="/tmp"
@ -81,7 +94,8 @@ TEMP=`echo "$TEMP" | sed -e "s|/$||"`
LOCALRC=./$RC
HOMERC=${HOME}/$RC
HOMERC=`echo "$HOMERC" | sed -e "s|//|/|g"`
ENVRC="$TEMP/$RC"
SPECRC="$TEMP/temprc"
ENVRC="$WD/envrc"
cd `pwd`
builddir=`pwd`
@ -91,44 +105,91 @@ srcdir=`pwd`
cd ${builddir}
function createrc {
if test "x$1" != x ; then
RCP=$1
rm -f $RCP
echo "Creating rc file $RCP"
if test "x${DBG}" != x ; then
echo "HTTP.VERBOSE=1" >>$RCP
fi
echo "HTTP.COOKIEJAR=${COOKIES}" >>$RCP
if test "x${URS}" = x ; then
echo "HTTP.CREDENTIALS.USERPASSWORD=${BASICCOMBO}" >>$RCP
fi
if test "x${NETRC}" != x && test "x$NFL" = x ; then
echo "HTTP.NETRC=${NETRC}" >>$RCP
fi
fi
xf
RCP="$1" ; shift
unset NOPWD
unset BADPWD
while [[ $# > 0 ]] ; do
case "$1" in
nopwd) NOPWD=1 ;;
badpwd) BADPWD=1 ;;
*) ;;
esac
shift
done
xo
if test "x$RCP" != x ; then
rm -f $RCP
echo "Creating rc file $RCP"
else
echo "createrc: no rc specified"
exit 1
fi
if test "x${DBG}" != x ; then
echo "HTTP.VERBOSE=1" >>$RCP
fi
echo "HTTP.COOKIEJAR=${COOKIES}" >>$RCP
if test "x${URS}" = x ; then
if test "x${NOPWD}" = x ; then
if test "x${BADPWD}" = x ; then
echo "HTTP.CREDENTIALS.USERPASSWORD=${BASICCOMBO}" >>$RCP
else
echo "HTTP.CREDENTIALS.USERPASSWORD=${BADCOMBO}" >>$RCP
fi
fi
fi
if test "x${NETRC}" != x && test "x$NFL" = x ; then
echo "HTTP.NETRC=${NETRC}" >>$RCP
fi
}
function createnetrc {
if test "x$1" != x ; then
rm -f $1
echo "Creating netrc file $1"
echo "machine uat.urs.earthdata.nasa.gov login $BASICUSER password $BASICPWD" >>$1
#echo "machine 54.86.135.31 login $BASICUSER password $BASICPWD" >>$1
fi
xf
NCP="$1" ; shift
unset NOPWD
unset BADPWD
while [[ $# > 0 ]] ; do
case "$1" in
nopwd) NOPWD=1 ;;
badpwd) BADPWD=1 ;;
*) ;;
esac
shift
done
xo
if test "x$NCP" != x ; then
rm -f $NCP
echo "Creating netrc file $NCP"
else
echo "createnetrc: no rc specified"
exit 1
fi
if test "x$URS" != x ; then
echo "machine uat.urs.earthdata.nasa.gov login $BASICUSER password $BASICPWD" >>$NCP
#echo "machine 54.86.135.31 login $BASICUSER password $BASICPWD" >>$1
else
echo -n "${PROTO}://$URLSERVER/$URLPATH" >>$NCP
if test "x$NOPWD" = x ; then
if test "x$BADPWD" = x ; then
echo -n " login $BASICUSER password $BASICPWD" >>$NCP
else
echo -n " login $BASICUSER password xxxxxx" >>$NCP
fi
fi
echo "" >>$NCP
fi
}
# Forcibly remove all and do not restore with save
function reset {
for f in ./$RC $HOMERC $ENVRC $COOKIES $NETRC ; do
rm -f ${f}
done
for f in ./$RC $HOME/$RC $SPECRC $ENVRC $COOKIES $NETRC $OUTPUT ; do
rm -f ${f}
done
unset DAPRCFILE
}
# Restore from .save files
function restore {
for f in ./$RC $HOMERC $ENVRC $COOKIES $NETRC ; do
rm -f ${f}
reset
for f in ./$RC $HOME/$RC $SPECRC $ENVRC $COOKIES $NETRC ; do
if test -f ${f}.save ; then
echo "restoring old ${f}"
cp ${f}.save ${f}
@ -137,7 +198,7 @@ function restore {
}
function save {
for f in ./$RC $HOMERC $ENVRC $COOKIES $NETRC ; do
for f in ./$RC $HOME/$RC $SPECRC $ENVRC $COOKIES $NETRC ; do
if test -f $f ; then
if test -f ${f}.save ; then
ignore=1
@ -149,65 +210,118 @@ function save {
done
}
export LD_LIBRARY_PATH="../liblib/.libs:/usr/local/lib:/usr/lib64:$LD_LIBRARY_PATH"
function show {
if test "x$SHOW" = x1 ; then cat $OUTPUT; fi
if test "x$OUTPUT" != "x"; then rm -f $OUTPUT; fi
}
# Assemble the ncdump command
if test "x$DBG" = x1; then
NCDUMP="$NCDUMP -D1"
fi
if test "x$GDB" = x1 ; then
NCDUMP="gdb --args $NCDUMP"
NCDUMP="gdb --args $NCDUMP"
fi
if test "x$VG" = x1 ; then
NCDUMP="valgrind --leak-check=full $NCDUMP"
fi
# Initialize
xf
save
reset
xo
if test "x$NOEMBED" != x1 ; then
echo "***Testing rc file with embedded user:pwd"
URL="https://${BASICCOMBO}@${URLSERVER}/$URLPATH"
# Invoke ncdump to extract a file from the URL
echo "command: ${NCDUMP} -h $URL ${OUTPUT}"
${NCDUMP} -h "$URL" ${OUTPUT}
if test "x$RCEMBED" = x1 ; then
echo "***Testing rc file with embedded user:pwd"
URL="${PROTO}://${BASICCOMBO}@${URLSERVER}/$URLPATH"
unset NETRC
# Invoke ncdump to extract a file the URL
echo "command: ${NCDUMP} -h $URL > $OUTPUT"
${NCDUMP} -h "$URL" > $OUTPUT
show
fi
URL="https://${URLSERVER}/$URLPATH"
if test "x$NOLOCAL" != x1 ; then
echo "***Testing rc file in local directory"
# Create the rc file and (optional) netrc file in ./
# Rest of tests assume these defaults
URL="${PROTO}://${URLSERVER}/$URLPATH"
NETRC=$NETRCFILE
if test "x$RCLOCAL" = x1 ; then
echo "***Testing rc file in local directory"
# Create the rc file and (optional) netrc fil in ./
xf; reset; xo
createnetrc $NETRC
createrc $LOCALRC
# Invoke ncdump to extract a file using the URL
echo "command: ${NCDUMP} -h $URL > $OUTPUT"
${NCDUMP} -h "$URL" > $OUTPUT
show
fi
if test "x$RCHOME" = x1 ; then
echo "***Testing rc file in home directory"
# Create the rc file and (optional) netrc file in ./
xf; reset; xo
createnetrc $NETRC
createrc $HOMERC
# Invoke ncdump to extract a file the URL
echo "command: ${NCDUMP} -h $URL > $OUTPUT"
${NCDUMP} -h "$URL" > $OUTPUT
show
fi
if test "x$RCSPEC" == x1 ; then
echo "*** Testing rc file in specified directory"
# Create the rc file and (optional) netrc file
xf; reset; xo
createnetrc $NETRC
createrc $SPECRC
# Invoke ncdump to extract a file the URL
echo "command: ${NCDUMP} -h $URL > $OUTPUT"
${NCDUMP} -h "$URL" > $OUTPUT
show
fi
if test "x$RCENV" = x1 ; then
echo "*** Testing rc file using env variable"
# Create the rc file and (optional) netrc file
xf; reset; xo
createnetrc $NETRC
echo "ENV: export DAPRCFILE=$ENVRC"
export DAPRCFILE=$ENVRC
createrc $DAPRCFILE
# Invoke ncdump to extract a file the URL
echo "command: ${NCDUMP} -h $URL > $OUTPUT"
${NCDUMP} -h "$URL" > $OUTPUT
show
export DAPRCFILE=
fi
# Test that .daprc overrides netcrc for password
URL="${PROTO}://${URLSERVER}/$URLPATH"
NETRC=$NETRCFILE
if test "x$RCPREC" = x1 ; then
echo "***Testing rc vs netrc file precedence"
# Create the rc file and (optional) netrc file in ./
xf; reset; xo
createnetrc $NETRC badpwd
createrc $LOCALRC
# Invoke ncdump to extract a file using the URL
echo "command: ${NCDUMP} -h $URL > $OUTPUT"
${NCDUMP} -h "$URL" > $OUTPUT
show
fi
xf
reset
createnetrc $NETRC
createrc $LOCALRC
restore
xo
# Invoke ncdump to extract a file the URL
echo "command: ${NCDUMP} -h $URL ${OUTPUT}"
${NCDUMP} -h "$URL" ${OUTPUT}
fi
if test "x$NOHOME" != x1 ; then
echo "***Testing rc file in home directory"
# Create the rc file and (optional) netrc fil in ./
reset
createnetrc $NETRC
createrc $HOMERC
# Invoke ncdump to extract a file the URL
echo "command: ${NCDUMP} -h $URL ${OUTPUT}"
${NCDUMP} -h "$URL" ${OUTPUT}
fi
if test "x$NOENV" != x1 ; then
echo "*** Testing rc file from env variable"
# Create the rc file and (optional) netrc file
reset
createnetrc $NETRC
export NCRCFILE=$ENVRC
createrc $NCRCFILE
# Invoke ncdump to extract a file the URL
echo "command: ${NCDUMP} -h $URL ${OUTPUT}"
${NCDUMP} -h "$URL" ${OUTPUT}
fi
set +x
#restore
exit

1630
oc2/daptab.c
View File

File diff suppressed because it is too large Load Diff

88
oc2/daptab.h
View File

@ -1,19 +1,19 @@
/* A Bison parser, made by GNU Bison 3.0. */
/* A Bison parser, made by GNU Bison 2.5. */
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
Copyright (C) 1984, 1989-1990, 2000-2011 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
@ -26,62 +26,54 @@
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
#ifndef YY_DAP_DAP_TAB_H_INCLUDED
# define YY_DAP_DAP_TAB_H_INCLUDED
/* Debug traces. */
#ifndef YYDEBUG
# define YYDEBUG 1
#endif
#if YYDEBUG
extern int dapdebug;
#endif
/* Token type. */
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
enum yytokentype
{
SCAN_ALIAS = 258,
SCAN_ARRAY = 259,
SCAN_ATTR = 260,
SCAN_BYTE = 261,
SCAN_CODE = 262,
SCAN_DATASET = 263,
SCAN_DATA = 264,
SCAN_ERROR = 265,
SCAN_FLOAT32 = 266,
SCAN_FLOAT64 = 267,
SCAN_GRID = 268,
SCAN_INT16 = 269,
SCAN_INT32 = 270,
SCAN_MAPS = 271,
SCAN_MESSAGE = 272,
SCAN_SEQUENCE = 273,
SCAN_STRING = 274,
SCAN_STRUCTURE = 275,
SCAN_UINT16 = 276,
SCAN_UINT32 = 277,
SCAN_URL = 278,
SCAN_PTYPE = 279,
SCAN_PROG = 280,
WORD_WORD = 281,
WORD_STRING = 282
};
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
SCAN_ALIAS = 258,
SCAN_ARRAY = 259,
SCAN_ATTR = 260,
SCAN_BYTE = 261,
SCAN_CODE = 262,
SCAN_DATASET = 263,
SCAN_DATA = 264,
SCAN_ERROR = 265,
SCAN_FLOAT32 = 266,
SCAN_FLOAT64 = 267,
SCAN_GRID = 268,
SCAN_INT16 = 269,
SCAN_INT32 = 270,
SCAN_MAPS = 271,
SCAN_MESSAGE = 272,
SCAN_SEQUENCE = 273,
SCAN_STRING = 274,
SCAN_STRUCTURE = 275,
SCAN_UINT16 = 276,
SCAN_UINT32 = 277,
SCAN_URL = 278,
SCAN_PTYPE = 279,
SCAN_PROG = 280,
WORD_WORD = 281,
WORD_STRING = 282
};
#endif
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef int YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#endif
int dapparse (DAPparsestate* parsestate);
#endif /* !YY_DAP_DAP_TAB_H_INCLUDED */

2
oc2/occurlfunctions.c
View File

@ -170,7 +170,7 @@ ocset_curlflag(OCstate* state, int flag)
{
struct OCSSL* ssl = &state->ssl;
CHECK(state, CURLOPT_SSL_VERIFYPEER, (OPTARG)(ssl->verifypeer?1L:0L));
CHECK(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(ssl->verifyhost?2L:0L));
CHECK(state, CURLOPT_SSL_VERIFYHOST, (OPTARG)(ssl->verifyhost?1L:0L));
if(ssl->certificate)
CHECK(state, CURLOPT_SSLCERT, ssl->certificate);
if(ssl->key)

5
oc2/ocdata.c
View File

@ -238,7 +238,7 @@ ocdata_read(OCstate* state, OCdata* data, size_t start, size_t count,
{
int stat = OC_NOERR;
XXDR* xdrs;
OCtype etype, octype;
OCtype etype;
int isscalar;
size_t elemsize, totalsize, countsize;
OCnode* pattern;
@ -251,8 +251,7 @@ ocdata_read(OCstate* state, OCdata* data, size_t start, size_t count,
assert(memsize > 0);
pattern = data->pattern;
octype = pattern->octype;
assert(octype == OC_Atomic);
assert(pattern->octype == OC_Atomic);
etype = pattern->etype;
isscalar = (pattern->array.rank == 0 ? 1 : 0);

3
oc2/ocinternal.c
View File

@ -611,7 +611,8 @@ ocset_curlproperties(OCstate* state)
/* If no cookie file was defined, define a default */
char tmp[OCPATHMAX+1];
int stat;
snprintf(tmp,sizeof(tmp)-1,"%s/%s/",ocglobalstate.tempdir,OCDIR);
pid_t pid = getpid();
snprintf(tmp,sizeof(tmp)-1,"%s/%s.%ld/",ocglobalstate.tempdir,OCDIR,(long)pid);
#ifdef _MSC_VER
stat = mkdir(tmp);
#else

6
oc2/ocrc.c
View File

@ -13,6 +13,8 @@
#include "ocdebug.h"
#include "oclog.h"
#define OCRCFILEENV "DAPRCFILE"
#define RTAG ']'
#define LTAG '['
@ -366,12 +368,14 @@ ocrc_load(void)
/* locate the configuration files in the following order:
1. specified by set_rcfile
2. set by OCRCFILE env variable
2. set by DAPRCFILE env variable
3. '.'
4. $HOME
*/
if(ocglobalstate.rc.rcfile != NULL) { /* always use this */
path = strdup(ocglobalstate.rc.rcfile);
} else if(getenv(OCRCFILEENV) != NULL && strlen(getenv(OCRCFILEENV)) > 0) {
path = strdup(getenv(OCRCFILEENV));
} else {
char** rcname;
int found = 0;

2
oc2/ocuri.c
View File

@ -593,12 +593,10 @@ ocuridecodeparams(OCURI* ocuri)
int nparams;
char* params = NULL;
char** plist;
size_t len;
if(ocuri == NULL) return 0;
if(ocuri->params == NULL) return 1;
len = strlen(ocuri->params);
params = strdup(ocuri->params);
if(params == NULL)
return 0; /* no memory */