34 #include <sys/param.h>
36 #include "XrdVersion.hh"
52 extern unsigned long XrdOucHashVal2(
const char *KeyVal,
int KeyLen);
67 XrdVersionInfo &urVer)
115 int plen = strlen(path);
122 if (!aeP)
return Access(caps, Entity, path, oper);
126 std::string username;
127 auto got_token = Entity->
eaAPI->
Get(
"request.name", username);
128 if (got_token && !username.empty())
129 {eInfo.
name = username.c_str();
132 else if (Entity->
name)
134 isuser = (*eInfo.
name != 0);
153 while(aeP->
Next(aSeq, eInfo))
155 {xlP->
caps->
Privs(caps, path, plen, phash);
157 return Access(caps, Entity, path, oper);
167 if (!hostRefX && hostRefY) eInfo.
host =
Resolve(Entity);
176 cp->
Privs(caps, path, plen, phash);
181 cp->
Privs(caps, path, plen, phash);
188 while((gname = (
char *)glp->
Next()))
189 if ((cp = Atab.
N_Hash->
Find((
const char *)gname)))
190 cp->
Privs(caps, path, plen, phash);
196 if (isuser && Atab.
X_List)
202 cp->
Privs(caps, path, plen, phash);
207 const char *vorgPrev = 0, *rolePrev = 0;
210 while(aeP->
Next(aSeq, eInfo))
215 cp->
Privs(caps, path, plen, phash);
220 {vorgPrev = eInfo.
vorg;
222 cp->
Privs(caps, path, plen, phash);
228 {rolePrev = eInfo.
role;
230 cp->
Privs(caps, path, plen, phash);
238 ylP->
caps->
Privs(caps, path, plen, phash);
249 return Access(caps, Entity, path, oper);
292 static const char *Opername[] = {
"any",
308 const char *opname = (oper >
AOP_LastOp ?
"???" : Opername[oper]);
309 std::string username;
310 const char *
id =
"*";
311 auto got_token = Entity->
eaAPI->
Get(
"request.name", username);
312 if (got_token && !username.empty()) {
313 id = username.c_str();
314 }
else if (Entity->
name)
id = Entity->
name;
315 const char *host = (Entity->
host ? (
const char *)Entity->
host :
"?");
325 if (accok) Auditor->
Grant(opname, Entity->
tident, atype,
id, host, path);
326 else Auditor->
Deny( opname, Entity->
tident, atype,
id, host, path);
342 if (Entity->
host == 0 || *(Entity->
host) ==
'[' || isdigit(*(Entity->
host)))
351 #define XrdAccSWAP(x) oldtab.x = Atab.x; Atab.x = newtab.x; \
352 newtab.x = oldtab.x; oldtab.x = 0;
357 bool hRefX =
false, hRefY =
false;
363 {
if (xlP->
host) {hRefX =
true;
break;}
373 {
if (ylP->
host) {hRefY =
true;
break;}
439 return (
int)(need[oper] & priv) == need[oper];
451 if (
org && (!Entity.
vorg || strcmp(
org, Entity.
vorg)))
return false;
453 if (
grp && (!Entity.
grup || strcmp(
grp, Entity.
grup)))
return false;
461 {
int eLen = strlen(Entity.
host);
462 if (eLen <=
hlen)
return false;
464 }
else hName = Entity.
host;
465 if (strcmp(
host, hName))
return false;
unsigned long XrdOucHashVal2(const char *KeyVal, int KeyLen)
XrdAccConfig XrdAccConfiguration
XrdAccAuthorize * XrdAccDefaultAuthorizeObject(XrdSysLogger *lp, const char *cfn, const char *parm, XrdVersionInfo &urVer)
XrdAccAudit * XrdAccAuditObject(XrdSysError *erp)
Access_Operation
The following are supported operations.
#define XrdSecPROTOIDSIZE
int Test(const XrdAccPrivs priv, const Access_Operation oper)
int Audit(const int accok, const XrdSecEntity *Entity, const char *path, const Access_Operation oper, XrdOucEnv *Env=0)
static const char * Resolve(const XrdSecEntity *Entity)
XrdAccPrivs Access(const XrdSecEntity *Entity, const char *path, const Access_Operation oper, XrdOucEnv *Env=0)
XrdAccAccess(XrdSysError *erp)
void SwapTabs(struct XrdAccAccess_Tables &newtab)
int Auditing(const XrdAccAudit_Options ops=audit_all)
virtual void Deny(const char *opname, const char *tident, const char *atype, const char *id, const char *host, const char *path)
virtual void Grant(const char *opname, const char *tident, const char *atype, const char *id, const char *host, const char *path)
XrdAccCapability * Find(const char *name)
int Privs(XrdAccPrivCaps &pathpriv, const char *pathname, const int pathlen, const unsigned long pathhash, const char *pathsub=0)
int Configure(XrdSysError &Eroute, const char *cfn)
XrdAccAccess * Authorization
static void setError(XrdSysError *errP)
bool Next(int &seq, XrdAccEntityInfo &info)
XrdAccGroupList * NetGroups(const char *user, const char *host)
const char * Name(const char *eName=0, const char **eText=0)
T * Find(const char *KeyVal, time_t *KeyTime=0)
XrdSecAttr * Get(const void *sigkey)
XrdNetAddrInfo * addrInfo
Entity's connection details.
XrdSecEntityAttr * eaAPI
non-const API to attributes
const char * tident
Trace identifier always preset.
char prot[XrdSecPROTOIDSIZE]
Auth protocol used (e.g. krb5)
char * name
Entity's name.
char * host
Entity's host name dnr dependent.
static bool VerCmp(XrdVersionInfo &vInf1, XrdVersionInfo &vInf2, bool noMsg=false)
void Lock(const XrdSysXS_Type usage)
void UnLock(const XrdSysXS_Type usage=xs_None)
XrdVERSIONINFODEF(myVersion, cmsclient, XrdVNUMBER, XrdVERSION)
bool Applies(const XrdAccEntityInfo &Entity)
XrdOucHash< XrdAccCapability > * U_Hash
XrdOucHash< XrdAccCapability > * G_Hash
XrdOucHash< XrdAccCapability > * N_Hash
XrdAccCapability * X_List
XrdAccCapability * Z_List
XrdOucHash< XrdAccCapability > * T_Hash
XrdOucHash< XrdAccCapability > * O_Hash
XrdOucHash< XrdAccCapability > * H_Hash
XrdOucHash< XrdAccAccess_ID > * S_Hash
XrdOucHash< XrdAccCapability > * R_Hash