XRootD
Loading...
Searching...
No Matches
XrdCmsSecurity Class Reference

#include <XrdCmsSecurity.hh>

Collaboration diagram for XrdCmsSecurity:

Public Member Functions

 XrdCmsSecurity ()
 ~XrdCmsSecurity ()

Static Public Member Functions

static int Authenticate (XrdLink *Link, const char *Token, int tlen)
static int Configure (const char *Lib, const char *Cfn=0)
static const char * getToken (int &size, XrdNetAddrInfo *endPoint)
static char * getVnId (XrdSysError &eDest, const char *cfgFN, const char *nidlib, const char *nidparm, char nidType)
static int Identify (XrdLink *Link, XrdCms::CmsRRHdr &inHdr, char *authBuff, int abLen)
static void setSecFunc (void *secfP)
static char * setSystemID (XrdOucTList *tp, const char *iVNID, const char *iTag, char iType)

Detailed Description

Definition at line 41 of file XrdCmsSecurity.hh.

Constructor & Destructor Documentation

◆ XrdCmsSecurity()

XrdCmsSecurity::XrdCmsSecurity ( )
inline

Definition at line 63 of file XrdCmsSecurity.hh.

63{}

◆ ~XrdCmsSecurity()

XrdCmsSecurity::~XrdCmsSecurity ( )
inline

Definition at line 64 of file XrdCmsSecurity.hh.

64{}

Member Function Documentation

◆ Authenticate()

int XrdCmsSecurity::Authenticate ( XrdLink * Link,
const char * Token,
int tlen )
static

Definition at line 77 of file XrdCmsSecurity.cc.

78{
79 CmsRRHdr myHdr = {0, kYR_xauth, 0, 0};
81 XrdSecProtocol *AuthProt = 0;
82 XrdSecParameters *parm = 0;
83 XrdOucErrInfo eMsg;
84 const char *eText = 0;
85 char *authName, authBuff[4096];
86 int rc, myDlen, abLen = sizeof(authBuff);
87
88// Send a request for authentication
89//
90 if ((eText = XrdCmsTalk::Request(Link, myHdr, (char *)Token, Toksz+1)))
91 {Say.Emsg("Auth",Link->Host(),"authentication failed;",eText);
92 return 0;
93 }
94
95// Perform standard authentication
96//
97do {
98
99// Get the response header and verify the request code
100//
101 if ((eText = XrdCmsTalk::Attend(Link,myHdr,authBuff,abLen,myDlen))) break;
102 if (myHdr.rrCode != kYR_xauth) {eText = "invalid auth response"; break;}
103 cred.size = myDlen; cred.buffer = authBuff;
104
105// If we do not yet have a protocol, get one
106//
107 if (!AuthProt)
108 {if (!DHS || !(AuthProt=DHS->getProtocol(Link->Host(),
109 *(Link->AddrInfo()),&cred,eMsg)))
110 {eText = eMsg.getErrText(rc); break;}
111 }
112
113// Perform the authentication
114//
115 AuthProt->Entity.addrInfo = Link->AddrInfo();
116 if (!(rc = AuthProt->Authenticate(&cred, &parm, &eMsg))
117 && DHS->PostProcess(AuthProt->Entity, eMsg)) break;
118 if (rc < 0) {eText = eMsg.getErrText(rc); break;}
119 if (parm)
120 {eText = XrdCmsTalk::Request(Link, myHdr, parm->buffer, parm->size);
121 delete parm;
122 if (eText) break;
123 } else {eText = "auth interface violation"; break;}
124
125} while(1);
126
127// Check if we succeeded
128//
129 if (!eText)
130 {if (!(authName = AuthProt->Entity.name)) eText = "entity name missing";
131 else {Link->setID(authName,0);
132 Say.Emsg("Auth",Link->Host(),"authenticated as", authName);
133 }
134 }
135
136// Check if we failed
137//
138 if (eText) Say.Emsg("Auth",Link->Host(),"authentication failed;",eText);
139
140// Perform final steps here
141//
142 if (AuthProt) AuthProt->Delete();
143 return (eText == 0);
144}
XrdSecBuffer XrdSecParameters
XrdSecBuffer XrdSecCredentials
#define eMsg(x)
static const char * Attend(XrdLink *Link, XrdCms::CmsRRHdr &Hdr, char *buff, int blen, int &rlen, int tmo=5000)
Definition XrdCmsTalk.cc:46
static const char * Request(XrdLink *Link, XrdCms::CmsRRHdr &Hdr, char *buff, int blen)
XrdNetAddrInfo * addrInfo
Entity's connection details.
char * name
Entity's name.
XrdSecEntity Entity
virtual void Delete()=0
Delete the protocol object. DO NOT use C++ delete() on this object.
virtual int Authenticate(XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)=0
int Emsg(const char *esfx, int ecode, const char *text1, const char *text2=0)
XrdSysError Say
kXR_char rrCode
Definition YProtocol.hh:84
@ kYR_xauth
Definition YProtocol.hh:117
char * buffer
Pointer to the buffer.
int size
Size of the buffer or length of data in the buffer.

References XrdLink::AddrInfo(), XrdSecEntity::addrInfo, XrdCmsTalk::Attend(), XrdSecProtocol::Authenticate(), XrdSecBuffer::buffer, XrdSecProtocol::Delete(), eMsg, XrdSecProtocol::Entity, XrdLink::Host(), XrdCms::kYR_xauth, XrdSecEntity::name, XrdCmsTalk::Request(), XrdCms::CmsRRHdr::rrCode, XrdCms::Say, XrdLink::setID(), and XrdSecBuffer::size.

Referenced by XrdCmsLogin::Admit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ Configure()

int XrdCmsSecurity::Configure ( const char * Lib,
const char * Cfn = 0 )
static

Definition at line 187 of file XrdCmsSecurity.cc.

188{
189 static XrdSysMutex myMutex;
190 XrdSysMutexHelper hlpMtx(&myMutex);
191
192// If we aleady have a security interface, return (may happen in client)
193//
194 if (!Cfn && getProtocol) return 1;
195
196// Get the server object and protocol creator
197//
198 if (!(DHS = XrdSecLoadSecService(&Say, Cfn, (strcmp(Lib,"default") ? Lib:0),
199 &getProtocol)))
200 {Say.Emsg("Config","Unable to create security service object via",Lib);
201 return 0;
202 }
203
204// All done
205//
206 return 1;
207}
XrdSecService * XrdSecLoadSecService(XrdSysError *eDest, const char *cfn, const char *seclib, XrdSecGetProt_t *getP, XrdSecProtector **proP)

References XrdCms::Say, and XrdSecLoadSecService().

Referenced by Identify().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ getToken()

const char * XrdCmsSecurity::getToken ( int & size,
XrdNetAddrInfo * endPoint )
static

Definition at line 277 of file XrdCmsSecurity.cc.

278{
279
280// If not configured, return a null to indicate no authentication required
281//
282 if (!DHS) {size = 0; return 0;}
283
284// Return actual token
285//
286 return DHS->getParms(size, endPoint);
287}

Referenced by XrdCmsLogin::Admit().

Here is the caller graph for this function:

◆ getVnId()

char * XrdCmsSecurity::getVnId ( XrdSysError & eDest,
const char * cfgFN,
const char * nidlib,
const char * nidparm,
char nidType )
static

Definition at line 213 of file XrdCmsSecurity.cc.

216{
217 static XrdVERSIONINFODEF (myVer, XrdNID, XrdVNUMBER, XrdVERSION);
218 std::string (*ep)(XrdCmsgetVnIdArgs);
219 std::string nidName;
220
221// Read the vnid from a file is so directed
222//
223 if (*nidarg == '<')
224 {char buff[nidMax+8];
225 int nfd = XrdSysFD_Open(nidarg+1, O_RDONLY);
226 if (nfd < 0)
227 {eDest.Emsg("Config", errno, "open vnid file", nidarg+1);
228 return 0;
229 }
230 int n = read(nfd, buff, sizeof(buff)-1);
231 if (n < 0)
232 {eDest.Emsg("Config", errno, "read vnid file", nidarg+1);
233 close(nfd);
234 return 0;
235 }
236 close(nfd);
237 while(n && buff[n-1] == '\n') n--;
238 buff[n] = 0;
239 return chkVnId(eDest, buff, "vnid file contains");
240 }
241
242// Check if the actual vnid is being specified
243//
244 if (*nidarg == '=') return chkVnId(eDest, nidarg+1, "vnid value is");
245
246// Make sure a plugin is being passed
247//
248 if (*nidarg != '@')
249 {eDest.Emsg("Config", "vnid specification is invalid -", nidarg);
250 return 0;
251 }
252
253// Get the entry point of the node ID creator
254//
255 XrdOucPinLoader nidLib(&eDest, &myVer, "vnid", nidarg+1);
256 ep = (std::string (*)(XrdCmsgetVnIdArgs))(nidLib.Resolve("XrdCmsgetVnId"));
257 if (!ep) return 0;
258
259// Get the node ID
260//
261 nidName = ep(eDest, std::string(cfgFN), std::string(nidparm ? nidparm : ""),
262 nidType, nidMax);
263
264// Unload the plugin (we don't need it anymore)
265//
266 nidLib.Unload();
267
268// Verify that the node ID meets specs
269//
270 return chkVnId(eDest, nidName.c_str(), "vnid plugin returned");
271}
#define XrdCmsgetVnIdArgs
Definition XrdCmsVnId.hh:70
static XrdSysError eDest(0,"crypto_")
#define close(a)
Definition XrdPosix.hh:43
#define read(a, b, c)
Definition XrdPosix.hh:77
XrdVERSIONINFODEF(myVersion, cmsclient, XrdVNUMBER, XrdVERSION)

References close, eDest, read, XrdOucPinLoader::Resolve(), XrdOucPinLoader::Unload(), XrdCmsgetVnIdArgs, and XrdCms::XrdVERSIONINFODEF().

Here is the call graph for this function:

◆ Identify()

int XrdCmsSecurity::Identify ( XrdLink * Link,
XrdCms::CmsRRHdr & inHdr,
char * authBuff,
int abLen )
static

Definition at line 293 of file XrdCmsSecurity.cc.

295{
296 CmsRRHdr outHdr = {0, kYR_xauth, 0, 0};
297 const char *hName = Link->Host();
298 XrdSecCredentials *cred;
299 XrdSecProtocol *AuthProt = 0;
300 XrdSecParameters AuthParm, *AuthP = 0;
301 XrdOucErrInfo eMsg;
302 const char *eText = 0;
303 int rc, myDlen;
304
305// Verify that we are configured
306//
307 if (!getProtocol && !Configure("libXrdSec.so"))
308 {Say.Emsg("Auth", hName ,"authentication configuration failed.");
309 return 0;
310 }
311
312// Obtain the protocol
313//
314 AuthParm.buffer = (char *)authBuff; AuthParm.size = strlen(authBuff);
315 if (!(AuthProt = getProtocol(hName,*(Link->AddrInfo()),AuthParm,&eMsg)))
316 {Say.Emsg("Auth", hName, "getProtocol() failed;", eMsg.getErrText(rc));
317 return 0;
318 }
319
320// Perform standard authentication
321//
322do {
323
324// Get credentials
325//
326 if (!(cred = AuthProt->getCredentials(AuthP, &eMsg)))
327 {eText = eMsg.getErrText(rc); break;}
328
329// Send credentials to the server
330//
331 eText = XrdCmsTalk::Request(Link, outHdr, cred->buffer, cred->size);
332 delete cred;
333 if (eText) break;
334
335// Get the response header and prepare for next iteration if need be
336//
337 if ((eText = XrdCmsTalk::Attend(Link,inHdr,authBuff,abLen,myDlen))) break;
338 AuthParm.size = myDlen; AuthParm.buffer = authBuff; AuthP = &AuthParm;
339
340} while(inHdr.rrCode == kYR_xauth);
341
342// Check if we failed
343//
344 if (eText) Say.Emsg("Auth", hName, "authentication failed;", eText);
345
346// Perform final steps here
347//
348 if (AuthProt) AuthProt->Delete();
349 return (eText == 0);
350}
static int Configure(const char *Lib, const char *Cfn=0)
virtual XrdSecCredentials * getCredentials(XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)=0

References XrdLink::AddrInfo(), XrdCmsTalk::Attend(), XrdSecBuffer::buffer, Configure(), XrdSecProtocol::Delete(), eMsg, XrdSecProtocol::getCredentials(), XrdLink::Host(), XrdCms::kYR_xauth, XrdCmsTalk::Request(), XrdCms::CmsRRHdr::rrCode, XrdCms::Say, and XrdSecBuffer::size.

Referenced by XrdCmsLogin::Login().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ setSecFunc()

void XrdCmsSecurity::setSecFunc ( void * secfP)
static

Definition at line 356 of file XrdCmsSecurity.cc.

357 {getProtocol = (XrdSecGetProt_t)secfP;}
XrdSecProtocol *(* XrdSecGetProt_t)(const char *hostname, XrdNetAddrInfo &endPoint, XrdSecParameters &sectoken, XrdOucErrInfo *einfo)
Typedef to simplify the encoding of methods returning XrdSecProtocol.

Referenced by XrdCmsFinderRMT::Configure().

Here is the caller graph for this function:

◆ setSystemID()

char * XrdCmsSecurity::setSystemID ( XrdOucTList * tp,
const char * iVNID,
const char * iTag,
char iType )
static

Definition at line 363 of file XrdCmsSecurity.cc.

365{
366 XrdOucTList *tpF;
367 char sidbuff[8192], *sidend = sidbuff+sizeof(sidbuff)-32;
368 char *cP, *sp = sidbuff;
369 char *fMan, *fp, *xp;
370 int n;
371
372// Extract out the instance name (we must have one)
373//
374 const char *instP = getenv("XRDINSTANCE");
375 if (instP) instP = index(instP, ' ');
376 if (!instP) return (char *)"!envar XRDINSTANCE undefined.";
377 while(*instP && *instP == ' ') instP++;
378 if (!(*instP)) return (char *)"!envar XRDINSTANCE invalid.";
379
380// The system ID starts with the semi-unique name of this node unless it's
381// a vnetid, in which case it's unique withn this cluster. Note that vnetid's
382// always start with an asterisk. It does not otherwise.
383//
384 if (iVNID)
385 {*sp++ = '*'; *sp++ = iType; *sp++ = '-';
386 strcpy(sp, iVNID);
387 sp += strlen(iVNID);
388 } else {
389 *sp++ = iType; *sp++ = '-';
390 strcpy(sp, instP);
391 sp += strlen(instP);
392 }
393
394// Export the vnid
395//
396 *sp = 0;
397 XrdOucEnv::Export("XRDCMSVNID", sidbuff);
398 *sp++ = ' '; cP = sp;
399
400// Insert tag if we have one
401//
402 if (iTag) sp += sprintf(sp, "%s.", iTag);
403
404// Develop a unique cluster name for this cluster
405//
406 if (!tp) sp += sprintf(sp, "%s", instP);
407 else {tpF = tp;
408 fMan = tp->text + strlen(tp->text) - 1;
409 while((tp = tp->next))
410 {fp = fMan; xp = tp->text + strlen(tp->text) - 1;
411 do {if (*fp != *xp) break;
412 xp--;
413 } while(fp-- != tpF->text);
414 if ((n = xp - tp->text + 1) > 0)
415 {sp += sprintf(sp, "%d", tp->val);
416 if (sp+n >= sidend) return (char *)0;
417 strncpy(sp, tp->text, n); sp += n;
418 }
419 }
420 sp += sprintf(sp, "%d", tpF->val);
421 n = strlen(tpF->text);
422 if (sp+n >= sidend) return (char *)0;
423 strcpy(sp, tpF->text); sp += n;
424 }
425
426// Set envar to hold the cluster name
427//
428 *sp = '\0';
429 XrdOucEnv::Export("XRDCMSCLUSTERID", cP);
430
431// Export the full virtual network ID
432//
433 XrdOucEnv::Export("XRDCMSSYSID", sidbuff);
434
435// Return the system ID
436//
437 return strdup(sidbuff);
438}
static int Export(const char *Var, const char *Val)
Definition XrdOucEnv.cc:170
XrdOucTList * next

References XrdOucEnv::Export(), XrdOucTList::next, and XrdOucTList::text.

Here is the call graph for this function:

The documentation for this class was generated from the following files: