XRootD
Loading...
Searching...
No Matches
XrdSecProtocolpwd.cc File Reference
#include <unistd.h>
#include <cctype>
#include <cerrno>
#include <cstdlib>
#include <strings.h>
#include <cstdio>
#include <sys/param.h>
#include <pwd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/times.h>
#include "XrdVersion.hh"
#include "XrdSys/XrdSysHeaders.hh"
#include "XrdSys/XrdSysLogger.hh"
#include "XrdSys/XrdSysError.hh"
#include "XrdSys/XrdSysPwd.hh"
#include "XrdOuc/XrdOucStream.hh"
#include "XrdSys/XrdSysPriv.hh"
#include "XrdSut/XrdSutPFCache.hh"
#include "XrdSecpwd/XrdSecProtocolpwd.hh"
#include "XrdSecpwd/XrdSecpwdPlatform.hh"
Include dependency graph for XrdSecProtocolpwd.cc:

Go to the source code of this file.

Macros

#define POPTS(t, y)

Functions

static const char * ClientStepStr (int kclt)
static const char * ServerStepStr (int ksrv)
char * XrdSecProtocolpwdInit (const char mode, const char *parms, XrdOucErrInfo *erp)
XrdSecProtocolXrdSecProtocolpwdObject (const char mode, const char *hostname, XrdNetAddrInfo &endPoint, const char *parms, XrdOucErrInfo *erp)
 XrdVERSIONINFO (XrdSecProtocolpwdInit, secpwd)
 XrdVERSIONINFO (XrdSecProtocolpwdObject, secpwd)

Variables

static String AdminRef = ProtoID + "admin"
static const char * gPWErrStr []
static const int kOneDay = 86400
static const short kOptsAFSPwd = 0x0800
static const short kOptsAregAll = 0x0008
static const short kOptsAutoReg = 0x0004
static const short kOptsChngPwd = 0x0400
static const short kOptsClntTty = 0x0080
static const short kOptsCrypPwd = 0x0200
static const short kOptsExpCred = 0x0100
static const short kOptsServer = 0x0001
static const short kOptsUserPwd = 0x0002
static const short kOptsVeriClt = 0x0040
static const short kOptsVeriSrv = 0x0020
static String NetRcRef = ProtoID + "netrc"
static String Prefix = "xrd"
static String ProtoID = XrdSecPROTOIDENT
static const char * pwdClientSteps []
static const char * pwdServerSteps []
XrdOucTracepwdTrace = 0
static String SrvPukRef = ProtoID + "srvpuk"
static String UserRef = ProtoID + "user"
static const kXR_int32 Version = XrdSecpwdVERSION

Macro Definition Documentation

◆ POPTS

#define POPTS ( t,
y )
Value:
{if (t) {t->Beg(epname); std::cerr <<y; t->End();}}

Definition at line 61 of file XrdSecProtocolpwd.cc.

Function Documentation

◆ ClientStepStr()

const char * ClientStepStr ( int kclt)
static

Definition at line 215 of file XrdSecProtocolpwd.cc.

216{
217 // Return string with client step
218 static const char *ukn = "Unknown";
219
220 kclt = (kclt < 0) ? 0 : kclt;
221 kclt = (kclt > kXPC_reserved) ? 0 : kclt;
222 kclt = (kclt >= kXPC_normal) ? (kclt - kXPC_normal + 1) : kclt;
223
224 if (kclt < 0 || kclt > (kXPC_reserved - kXPC_normal + 1))
225 return ukn;
226 else
227 return pwdClientSteps[kclt];
228}
static const char * pwdClientSteps[]
@ kXPC_reserved
@ kXPC_normal

References kXPC_normal, kXPC_reserved, and pwdClientSteps.

◆ ServerStepStr()

const char * ServerStepStr ( int ksrv)
static

Definition at line 231 of file XrdSecProtocolpwd.cc.

232{
233 // Return string with server step
234 static const char *ukn = "Unknown";
235
236 ksrv = (ksrv < 0) ? 0 : ksrv;
237 ksrv = (ksrv > kXPS_reserved) ? 0 : ksrv;
238 ksrv = (ksrv >= kXPS_init) ? (ksrv - kXPS_init + 1) : ksrv;
239
240 if (ksrv < 0 || ksrv > (kXPS_reserved - kXPS_init + 1))
241 return ukn;
242 else
243 return pwdServerSteps[ksrv];
244}
static const char * pwdServerSteps[]
@ kXPS_reserved
@ kXPS_init

References kXPS_init, kXPS_reserved, and pwdServerSteps.

◆ XrdSecProtocolpwdInit()

char * XrdSecProtocolpwdInit ( const char mode,
const char * parms,
XrdOucErrInfo * erp )

Definition at line 1677 of file XrdSecProtocolpwd.cc.

1679{
1680 // One-time protocol initialization, filling the static flags and options
1681 // of the protocol.
1682 // For clients (mode == 'c') we use values in envs.
1683 // For servers (mode == 's') the command line options are passed through
1684 // parms.
1685 EPNAME("ProtocolpwdInit");
1686
1688 char *rc = (char *)"";
1689 char *cenv = 0;
1690
1691 // Initiate error logging and tracing
1693
1694 //
1695 // Clients first
1696 if (mode == 'c') {
1697 //
1698 // Decode envs:
1699 // "XrdSecDEBUG" debug flag ("0","1","2","3")
1700 // "XrdSecPWDVERIFYSRV" "1" server verification ON [default]
1701 // "0" server verification OFF
1702 // "XrdSecPWDSRVPUK" full path to file with server puks
1703 // [default: $HOME/.xrd/pwdsrvpuk]
1704 // "XrdSecPWDAUTOLOG" "1" autologin ON [default]
1705 // "0" autologin OFF
1706 // "XrdSecPWDALOGFILE" full path to file with autologin
1707 // info [default: $HOME/.xrd/pwdnetrc]
1708 // "XrdSecPWDALOGUPDT" update autologin file option:
1709 // "0" never [default]
1710 // "1" remove_obsolete_info
1711 // "2" "1" + register_new_valid_info
1712 // "XrdSecPWDMAXPROMPT" max number of attemts to get valid
1713 // input info by prompting the client
1714 //
1715 opts.mode = mode;
1716 // debug
1717 cenv = getenv("XrdSecDEBUG");
1718 if (cenv)
1719 {if (cenv[0] >= 49 && cenv[0] <= 51) opts.debug = atoi(cenv);
1720 else {PRINT("unsupported debug value from env XrdSecDEBUG: "<<cenv<<" - setting to 1");
1721 opts.debug = 1;
1722 }
1723 }
1724
1725 // server verification
1726 cenv = getenv("XrdSecPWDVERIFYSRV");
1727 if (cenv)
1728 if (cenv[0] >= 48 && cenv[0] <= 49) opts.verisrv = atoi(cenv);
1729 // file with server public keys
1730 cenv = getenv("XrdSecPWDSRVPUK");
1731 if (cenv)
1732 opts.srvpuk = strdup(cenv);
1733 // autologin
1734 cenv = getenv("XrdSecPWDAUTOLOG");
1735 if (cenv)
1736 if (cenv[0] >= 48 && cenv[0] <= 50) opts.alog = atoi(cenv);
1737 // autologin file
1738 cenv = getenv("XrdSecPWDALOGFILE");
1739 if (cenv)
1740 opts.alogfile = strdup(cenv);
1741 // max re-prompts
1742 cenv = getenv("XrdSecPWDMAXPROMPT");
1743 if (cenv) {
1744 opts.maxprompts = strtol(cenv, (char **)0, 10);
1745 if (errno == ERANGE) opts.maxprompts = -1;
1746 }
1747 //
1748 // Setup the object with the chosen options
1749 rc = XrdSecProtocolpwd::Init(opts,erp);
1750
1751 // Notify init options, if required or in case of init errors
1752 if (!rc) opts.debug = 1;
1753 opts.Print(pwdTrace);
1754
1755 // Some cleanup
1756 if (opts.srvpuk) free(opts.srvpuk);
1757 if (opts.alogfile) free(opts.alogfile);
1758
1759 // We are done
1760 return rc;
1761 }
1762
1763 // Take into account xrootd debug flag
1764 cenv = getenv("XRDDEBUG");
1765 if (cenv && !strcmp(cenv,"1")) opts.debug = 1;
1766
1767 //
1768 // Server initialization
1769 if (parms) {
1770 //
1771 // Duplicate the parms
1772 char parmbuff[1024];
1773 strlcpy(parmbuff, parms, sizeof(parmbuff));
1774 //
1775 // The tokenizer
1776 XrdOucTokenizer inParms(parmbuff);
1777
1778 //
1779 // Decode parms:
1780 // for servers: [-upwd:<user_pwd_option>]
1781 // [-a:<autoreg_level>]
1782 // [-vc:<client_verification_level>]
1783 // [-dir:<dir_with_pwd_info>]
1784 // [-udir:<sub_dir_with_user_pwd_info>]
1785 // [-c:[-]ssl[:[-]<CryptoModuleName]]
1786 // [-d:<debug_level>]
1787 // [-syspwd]
1788 // [-lf:<credential_lifetime>]
1789 // [-maxfail:<max_number_of_failures>]
1790 // [-keepcreds]
1791 // [-expcreds:<creds_file_name>]
1792 // [-expfmt:<creds_exp_format>]
1793 //
1794 // <user_pwd_opt> = 0 (do-not-use), 1 (use), 2 (also-crypt-hash)
1795 // <debug_level> = 0 (none), 1 (low), 2 (medium), 3 (high) [0]
1796 // <autoreg_level> = 0 (none), 1 (local users + allowed tags), 2 (all) [0]
1797 // <credential_lifetime> = 1d, 5h:10m, ... (see XrdSutAux::ParseTime)
1798 // <client_verification_level> = 0 (none), 1 (timestamp), 2 (random tag) [2]
1799 // <creds_file_name> = can be a fully specified path or in the templated form
1800 // /path/<user>/file, with <user> expanded at the moment
1801 // of use with the login name.
1802 // <creds_exp_format> = 0 (XrdSutPFEntry in dedicated file),
1803 // 1 (hex form), 2 (plain), 3 (plain, no keywords) [0]
1804 //
1805 int debug = -1;
1806 int areg = -1;
1807 int vc = -1;
1808 int upw = -1;
1809 int syspwd = -1;
1810 int lifetime = -1;
1811 int maxfail = -1;
1812 String dir = "";
1813 String udir = "";
1814 String clist = "";
1815 String cpass = "";
1816 int keepcreds = -1;
1817 String expcreds = "";
1818 int expfmt = 0;
1819 char *op = 0;
1820 while (inParms.GetLine()) {
1821 while ((op = inParms.GetToken())) {
1822 if (!strncmp(op, "-upwd:",6)) {
1823 upw = atoi(op+6);
1824 } else if (!strncmp(op, "-dir:",5)) {
1825 dir = (const char *)(op+5);
1826 } else if (!strncmp(op, "-udir:",6)) {
1827 udir = (const char *)(op+6);
1828 } else if (!strncmp(op, "-c:",3)) {
1829 clist = (const char *)(op+3);
1830 } else if (!strncmp(op, "-d:",3)) {
1831 debug = atoi(op+3);
1832 } else if (!strncmp(op, "-a:",3)) {
1833 areg = atoi(op+3);
1834 } else if (!strncmp(op, "-vc:",4)) {
1835 vc = atoi(op+4);
1836 } else if (!strncmp(op, "-syspwd",7)) {
1837 syspwd = 1;
1838 } else if (!strncmp(op, "-lf:",4)) {
1839 lifetime = XrdSutParseTime(op+4);
1840 } else if (!strncmp(op, "-maxfail:",9)) {
1841 maxfail = atoi(op+9);
1842 } else if (!strncmp(op, "-cryptfile:",11)) {
1843 cpass = (const char *)(op+11);
1844 } else if (!strncmp(op, "-keepcreds",10)) {
1845 keepcreds = 1;
1846 } else if (!strncmp(op, "-expcreds:",10)) {
1847 expcreds = (const char *)(op+10);
1848 } else if (!strncmp(op, "-expfmt:",8)) {
1849 expfmt = atoi(op+8);
1850 }
1851 }
1852 // Check inputs
1853 areg = (areg >= 0 && areg <= 2) ? areg : 0;
1854 vc = (vc >= 0 && vc <= 2) ? vc : 2;
1855 }
1856
1857 //
1858 // Build the option object
1859 opts.debug = (debug > -1) ? debug : opts.debug;
1860 opts.mode = 's';
1861 opts.areg = areg;
1862 opts.vericlnt = vc;
1863 opts.upwd = upw;
1864 opts.syspwd = syspwd;
1865 opts.lifecreds = lifetime;
1866 opts.maxfailures = maxfail;
1867 opts.expfmt = expfmt;
1868 if (dir.length() > 0)
1869 opts.dir = (char *)dir.c_str();
1870 if (udir.length() > 0)
1871 opts.udir = (char *)udir.c_str();
1872 if (clist.length() > 0)
1873 opts.clist = (char *)clist.c_str();
1874 if (cpass.length() > 0)
1875 opts.cpass = (char *)cpass.c_str();
1876 opts.keepcreds = keepcreds;
1877 if (expcreds.length() > 0)
1878 opts.expcreds = (char *)expcreds.c_str();
1879
1880 // Notify init options, if required
1881 opts.Print(pwdTrace);
1882 //
1883 // Setup the plug-in with the chosen options
1884 return XrdSecProtocolpwd::Init(opts,erp);
1885 }
1886
1887 // Notify init options, if required
1888 opts.Print(pwdTrace);
1889 //
1890 // Setup the plug-in with the defaults
1891 return XrdSecProtocolpwd::Init(opts,erp);
1892}}
#define EPNAME(x)
#define PRINT(y)
XrdOucString String
XrdOucTrace * pwdTrace
struct myOpts opts
int XrdSutParseTime(const char *tstr, int opt)
Definition XrdSutAux.cc:540
size_t strlcpy(char *dst, const char *src, size_t sz)
int length() const
const char * c_str() const
static char * Init(pwdOptions o, XrdOucErrInfo *erp)
static XrdOucTrace * EnableTracing()

References XrdOucString::c_str(), XrdSecProtocolpwd::EnableTracing(), EPNAME, XrdOucTokenizer::GetLine(), XrdOucTokenizer::GetToken(), XrdSecProtocolpwd::Init(), XrdOucString::length(), opts, PRINT, pwdTrace, strlcpy(), and XrdSutParseTime().

Referenced by XrdVERSIONINFO().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ XrdSecProtocolpwdObject()

XrdSecProtocol * XrdSecProtocolpwdObject ( const char mode,
const char * hostname,
XrdNetAddrInfo & endPoint,
const char * parms,
XrdOucErrInfo * erp )

Definition at line 1903 of file XrdSecProtocolpwd.cc.

1908{
1909 XrdSecProtocolpwd *prot;
1910 int options = XrdSecNOIPCHK;
1911
1912 //
1913 // Get a new protocol object
1914 if (!(prot = new XrdSecProtocolpwd(options, hostname, endPoint, parms))) {
1915 const char *msg = "Secpwd: Insufficient memory for protocol.";
1916 if (erp)
1917 erp->setErrInfo(ENOMEM, msg);
1918 else
1919 std::cerr <<msg <<std::endl;
1920 return (XrdSecProtocol *)0;
1921 }
1922 //
1923 // We are done
1924 if (!erp)
1925 std::cerr << "protocol object instantiated" << std::endl;
1926 return prot;
1927}}
#define XrdSecNOIPCHK
int setErrInfo(int code, const char *emsg)

References XrdOucErrInfo::setErrInfo(), and XrdSecNOIPCHK.

Referenced by XrdVERSIONINFO().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ XrdVERSIONINFO() [1/2]

XrdVERSIONINFO ( XrdSecProtocolpwdInit ,
secpwd  )

References XrdSecProtocolpwdInit().

Here is the call graph for this function:

◆ XrdVERSIONINFO() [2/2]

XrdVERSIONINFO ( XrdSecProtocolpwdObject ,
secpwd  )

References XrdSecProtocolpwdObject().

Here is the call graph for this function:

Variable Documentation

◆ AdminRef

String AdminRef = ProtoID + "admin"
static

Definition at line 73 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Init(), and ParseArguments().

◆ gPWErrStr

const char* gPWErrStr[]
static

Definition at line 101 of file XrdSecProtocolpwd.cc.

101 {
102 "parsing buffer", // 10000
103 "decoding buffer", // 10001
104 "loading crypto factory", // 10002
105 "protocol mismatch", // 10003
106 "resolving user / host", // 10004
107 "user missing", // 10005
108 "host missing", // 10006
109 "unknown user", // 10007
110 "creating bucket", // 10008
111 "duplicating bucket", // 10009
112 "creating buffer", // 10010
113 "serializing buffer", // 10011
114 "generating cipher", // 10012
115 "exporting public key", // 10013
116 "encrypting random tag", // 10014
117 "random tag mismatch", // 10015
118 "random tag missing", // 10016
119 "cipher missing", // 10017
120 "getting credentials", // 10018
121 "credentials missing", // 10019
122 "wrong password for user", // 10020
123 "checking cache", // 10021
124 "cache entry for link missing", // 10022
125 "session handshaking ID missing", // 10023
126 "session handshaking ID mismatch", // 10024
127 "unknown step option", // 10025
128 "marshaling integer", // 10026
129 "unmarshaling integer", // 10027
130 "saving new credentials", // 10028
131 "salt missing", // 10029
132 "buffer empty", // 10030
133 "obtaining reference cipher", // 10031
134 "obtaining cipher public info", // 10032
135 "adding bucket to list", // 10033
136 "finalizing cipher from public info", // 10034
137 "error during initialization", // 10035
138 "wrong credentials", // 10035
139 "error" // 10036
140};

◆ kOneDay

const int kOneDay = 86400
static

Definition at line 155 of file XrdSecProtocolpwd.cc.

◆ kOptsAFSPwd

const short kOptsAFSPwd = 0x0800
static

Definition at line 153 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Authenticate().

◆ kOptsAregAll

const short kOptsAregAll = 0x0008
static

Definition at line 146 of file XrdSecProtocolpwd.cc.

◆ kOptsAutoReg

const short kOptsAutoReg = 0x0004
static

Definition at line 145 of file XrdSecProtocolpwd.cc.

◆ kOptsChngPwd

const short kOptsChngPwd = 0x0400
static

◆ kOptsClntTty

const short kOptsClntTty = 0x0080
static

◆ kOptsCrypPwd

const short kOptsCrypPwd = 0x0200
static

Definition at line 151 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Authenticate().

◆ kOptsExpCred

const short kOptsExpCred = 0x0100
static

Definition at line 150 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Authenticate().

◆ kOptsServer

const short kOptsServer = 0x0001
static

Definition at line 143 of file XrdSecProtocolpwd.cc.

◆ kOptsUserPwd

const short kOptsUserPwd = 0x0002
static

Definition at line 144 of file XrdSecProtocolpwd.cc.

◆ kOptsVeriClt

const short kOptsVeriClt = 0x0040
static

Definition at line 148 of file XrdSecProtocolpwd.cc.

◆ kOptsVeriSrv

const short kOptsVeriSrv = 0x0020
static

Definition at line 147 of file XrdSecProtocolpwd.cc.

◆ NetRcRef

String NetRcRef = ProtoID + "netrc"
static

Definition at line 76 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Init(), and ParseArguments().

◆ Prefix

String Prefix = "xrd"
static

Definition at line 70 of file XrdSecProtocolpwd.cc.

◆ ProtoID

String ProtoID = XrdSecPROTOIDENT
static

Definition at line 71 of file XrdSecProtocolpwd.cc.

◆ pwdClientSteps

const char* pwdClientSteps[]
static
Initial value:
= {
"kXPC_none",
"kXPC_normal",
"kXPC_verifysrv",
"kXPC_signedrtag",
"kXPC_creds",
"kXPC_autoreg",
"kXPC_failureack",
"kXPC_reserved"
}

Definition at line 78 of file XrdSecProtocolpwd.cc.

78 {
79 "kXPC_none",
80 "kXPC_normal",
81 "kXPC_verifysrv",
82 "kXPC_signedrtag",
83 "kXPC_creds",
84 "kXPC_autoreg",
85 "kXPC_failureack",
86 "kXPC_reserved"
87};

Referenced by ClientStepStr().

◆ pwdServerSteps

const char* pwdServerSteps[]
static
Initial value:
= {
"kXPS_none",
"kXPS_init",
"kXPS_credsreq",
"kXPS_rtag",
"kXPS_signedrtag",
"kXPS_newpuk",
"kXPS_puk",
"kXPS_failure",
"kXPS_reserved"
}

Definition at line 89 of file XrdSecProtocolpwd.cc.

89 {
90 "kXPS_none",
91 "kXPS_init",
92 "kXPS_credsreq",
93 "kXPS_rtag",
94 "kXPS_signedrtag",
95 "kXPS_newpuk",
96 "kXPS_puk",
97 "kXPS_failure",
98 "kXPS_reserved"
99};

Referenced by ServerStepStr().

◆ pwdTrace

XrdOucTrace* pwdTrace = 0

Definition at line 209 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Init(), and XrdSecProtocolpwdInit().

◆ SrvPukRef

String SrvPukRef = ProtoID + "srvpuk"
static

Definition at line 74 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Init(), and ParseArguments().

◆ UserRef

String UserRef = ProtoID + "user"
static

Definition at line 75 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Init(), and ParseArguments().

◆ Version

const kXR_int32 Version = XrdSecpwdVERSION
static

Definition at line 72 of file XrdSecProtocolpwd.cc.