XRootD
XrdSecProtocolpwd.cc File Reference
#include <unistd.h>
#include <cctype>
#include <cerrno>
#include <cstdlib>
#include <strings.h>
#include <cstdio>
#include <sys/param.h>
#include <pwd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/times.h>
#include "XrdVersion.hh"
#include "XrdSys/XrdSysHeaders.hh"
#include "XrdSys/XrdSysLogger.hh"
#include "XrdSys/XrdSysError.hh"
#include "XrdSys/XrdSysPwd.hh"
#include "XrdOuc/XrdOucStream.hh"
#include "XrdSys/XrdSysPriv.hh"
#include "XrdSut/XrdSutPFCache.hh"
#include "XrdSecpwd/XrdSecProtocolpwd.hh"
#include "XrdSecpwd/XrdSecpwdPlatform.hh"
+ Include dependency graph for XrdSecProtocolpwd.cc:

Go to the source code of this file.

Macros

#define POPTS(t, y)   {if (t) {t->Beg(epname); std::cerr <<y; t->End();}}
 

Functions

static const char * ClientStepStr (int kclt)
 
static const char * ServerStepStr (int ksrv)
 
char * XrdSecProtocolpwdInit (const char mode, const char *parms, XrdOucErrInfo *erp)
 
XrdSecProtocolXrdSecProtocolpwdObject (const char mode, const char *hostname, XrdNetAddrInfo &endPoint, const char *parms, XrdOucErrInfo *erp)
 
 XrdVERSIONINFO (XrdSecProtocolpwdInit, secpwd)
 
 XrdVERSIONINFO (XrdSecProtocolpwdObject, secpwd)
 

Variables

static String AdminRef = ProtoID + "admin"
 
static const char * gPWErrStr []
 
static const int kOneDay = 86400
 
static const short kOptsAFSPwd = 0x0800
 
static const short kOptsAregAll = 0x0008
 
static const short kOptsAutoReg = 0x0004
 
static const short kOptsChngPwd = 0x0400
 
static const short kOptsClntTty = 0x0080
 
static const short kOptsCrypPwd = 0x0200
 
static const short kOptsExpCred = 0x0100
 
static const short kOptsServer = 0x0001
 
static const short kOptsUserPwd = 0x0002
 
static const short kOptsVeriClt = 0x0040
 
static const short kOptsVeriSrv = 0x0020
 
static String NetRcRef = ProtoID + "netrc"
 
static String Prefix = "xrd"
 
static String ProtoID = XrdSecPROTOIDENT
 
static const char * pwdClientSteps []
 
static const char * pwdServerSteps []
 
XrdOucTracepwdTrace = 0
 
static String SrvPukRef = ProtoID + "srvpuk"
 
static String UserRef = ProtoID + "user"
 
static const kXR_int32 Version = XrdSecpwdVERSION
 

Macro Definition Documentation

◆ POPTS

#define POPTS (   t,
 
)    {if (t) {t->Beg(epname); std::cerr <<y; t->End();}}

Definition at line 61 of file XrdSecProtocolpwd.cc.

Function Documentation

◆ ClientStepStr()

static const char* ClientStepStr ( int  kclt)
static

Definition at line 215 of file XrdSecProtocolpwd.cc.

216 {
217  // Return string with client step
218  static const char *ukn = "Unknown";
219 
220  kclt = (kclt < 0) ? 0 : kclt;
221  kclt = (kclt > kXPC_reserved) ? 0 : kclt;
222  kclt = (kclt >= kXPC_normal) ? (kclt - kXPC_normal + 1) : kclt;
223 
224  if (kclt < 0 || kclt > (kXPC_reserved - kXPC_normal + 1))
225  return ukn;
226  else
227  return pwdClientSteps[kclt];
228 }
static const char * pwdClientSteps[]
@ kXPC_reserved
@ kXPC_normal

References kXPC_normal, kXPC_reserved, and pwdClientSteps.

Referenced by XrdSecProtocolpwd::Authenticate(), and XrdSecProtocolpwd::getCredentials().

+ Here is the caller graph for this function:

◆ ServerStepStr()

static const char* ServerStepStr ( int  ksrv)
static

Definition at line 231 of file XrdSecProtocolpwd.cc.

232 {
233  // Return string with server step
234  static const char *ukn = "Unknown";
235 
236  ksrv = (ksrv < 0) ? 0 : ksrv;
237  ksrv = (ksrv > kXPS_reserved) ? 0 : ksrv;
238  ksrv = (ksrv >= kXPS_init) ? (ksrv - kXPS_init + 1) : ksrv;
239 
240  if (ksrv < 0 || ksrv > (kXPS_reserved - kXPS_init + 1))
241  return ukn;
242  else
243  return pwdServerSteps[ksrv];
244 }
static const char * pwdServerSteps[]
@ kXPS_reserved
@ kXPS_init

References kXPS_init, kXPS_reserved, and pwdServerSteps.

Referenced by XrdSecProtocolpwd::Authenticate(), and XrdSecProtocolpwd::getCredentials().

+ Here is the caller graph for this function:

◆ XrdSecProtocolpwdInit()

char* XrdSecProtocolpwdInit ( const char  mode,
const char *  parms,
XrdOucErrInfo erp 
)

Definition at line 1677 of file XrdSecProtocolpwd.cc.

1679 {
1680  // One-time protocol initialization, filling the static flags and options
1681  // of the protocol.
1682  // For clients (mode == 'c') we use values in envs.
1683  // For servers (mode == 's') the command line options are passed through
1684  // parms.
1685  EPNAME("ProtocolpwdInit");
1686 
1687  pwdOptions opts;
1688  char *rc = (char *)"";
1689  char *cenv = 0;
1690 
1691  // Initiate error logging and tracing
1693 
1694  //
1695  // Clients first
1696  if (mode == 'c') {
1697  //
1698  // Decode envs:
1699  // "XrdSecDEBUG" debug flag ("0","1","2","3")
1700  // "XrdSecPWDVERIFYSRV" "1" server verification ON [default]
1701  // "0" server verification OFF
1702  // "XrdSecPWDSRVPUK" full path to file with server puks
1703  // [default: $HOME/.xrd/pwdsrvpuk]
1704  // "XrdSecPWDAUTOLOG" "1" autologin ON [default]
1705  // "0" autologin OFF
1706  // "XrdSecPWDALOGFILE" full path to file with autologin
1707  // info [default: $HOME/.xrd/pwdnetrc]
1708  // "XrdSecPWDALOGUPDT" update autologin file option:
1709  // "0" never [default]
1710  // "1" remove_obsolete_info
1711  // "2" "1" + register_new_valid_info
1712  // "XrdSecPWDMAXPROMPT" max number of attemts to get valid
1713  // input info by prompting the client
1714  //
1715  opts.mode = mode;
1716  // debug
1717  cenv = getenv("XrdSecDEBUG");
1718  if (cenv)
1719  {if (cenv[0] >= 49 && cenv[0] <= 51) opts.debug = atoi(cenv);
1720  else {PRINT("unsupported debug value from env XrdSecDEBUG: "<<cenv<<" - setting to 1");
1721  opts.debug = 1;
1722  }
1723  }
1724 
1725  // server verification
1726  cenv = getenv("XrdSecPWDVERIFYSRV");
1727  if (cenv)
1728  if (cenv[0] >= 48 && cenv[0] <= 49) opts.verisrv = atoi(cenv);
1729  // file with server public keys
1730  cenv = getenv("XrdSecPWDSRVPUK");
1731  if (cenv)
1732  opts.srvpuk = strdup(cenv);
1733  // autologin
1734  cenv = getenv("XrdSecPWDAUTOLOG");
1735  if (cenv)
1736  if (cenv[0] >= 48 && cenv[0] <= 50) opts.alog = atoi(cenv);
1737  // autologin file
1738  cenv = getenv("XrdSecPWDALOGFILE");
1739  if (cenv)
1740  opts.alogfile = strdup(cenv);
1741  // max re-prompts
1742  cenv = getenv("XrdSecPWDMAXPROMPT");
1743  if (cenv) {
1744  opts.maxprompts = strtol(cenv, (char **)0, 10);
1745  if (errno == ERANGE) opts.maxprompts = -1;
1746  }
1747  //
1748  // Setup the object with the chosen options
1749  rc = XrdSecProtocolpwd::Init(opts,erp);
1750 
1751  // Notify init options, if required or in case of init errors
1752  if (!rc) opts.debug = 1;
1753  opts.Print(pwdTrace);
1754 
1755  // Some cleanup
1756  if (opts.srvpuk) free(opts.srvpuk);
1757  if (opts.alogfile) free(opts.alogfile);
1758 
1759  // We are done
1760  return rc;
1761  }
1762 
1763  // Take into account xrootd debug flag
1764  cenv = getenv("XRDDEBUG");
1765  if (cenv && !strcmp(cenv,"1")) opts.debug = 1;
1766 
1767  //
1768  // Server initialization
1769  if (parms) {
1770  //
1771  // Duplicate the parms
1772  char parmbuff[1024];
1773  strlcpy(parmbuff, parms, sizeof(parmbuff));
1774  //
1775  // The tokenizer
1776  XrdOucTokenizer inParms(parmbuff);
1777 
1778  //
1779  // Decode parms:
1780  // for servers: [-upwd:<user_pwd_option>]
1781  // [-a:<autoreg_level>]
1782  // [-vc:<client_verification_level>]
1783  // [-dir:<dir_with_pwd_info>]
1784  // [-udir:<sub_dir_with_user_pwd_info>]
1785  // [-c:[-]ssl[:[-]<CryptoModuleName]]
1786  // [-d:<debug_level>]
1787  // [-syspwd]
1788  // [-lf:<credential_lifetime>]
1789  // [-maxfail:<max_number_of_failures>]
1790  // [-keepcreds]
1791  // [-expcreds:<creds_file_name>]
1792  // [-expfmt:<creds_exp_format>]
1793  //
1794  // <user_pwd_opt> = 0 (do-not-use), 1 (use), 2 (also-crypt-hash)
1795  // <debug_level> = 0 (none), 1 (low), 2 (medium), 3 (high) [0]
1796  // <autoreg_level> = 0 (none), 1 (local users + allowed tags), 2 (all) [0]
1797  // <credential_lifetime> = 1d, 5h:10m, ... (see XrdSutAux::ParseTime)
1798  // <client_verification_level> = 0 (none), 1 (timestamp), 2 (random tag) [2]
1799  // <creds_file_name> = can be a fully specified path or in the templated form
1800  // /path/<user>/file, with <user> expanded at the moment
1801  // of use with the login name.
1802  // <creds_exp_format> = 0 (XrdSutPFEntry in dedicated file),
1803  // 1 (hex form), 2 (plain), 3 (plain, no keywords) [0]
1804  //
1805  int debug = -1;
1806  int areg = -1;
1807  int vc = -1;
1808  int upw = -1;
1809  int syspwd = -1;
1810  int lifetime = -1;
1811  int maxfail = -1;
1812  String dir = "";
1813  String udir = "";
1814  String clist = "";
1815  String cpass = "";
1816  int keepcreds = -1;
1817  String expcreds = "";
1818  int expfmt = 0;
1819  char *op = 0;
1820  while (inParms.GetLine()) {
1821  while ((op = inParms.GetToken())) {
1822  if (!strncmp(op, "-upwd:",6)) {
1823  upw = atoi(op+6);
1824  } else if (!strncmp(op, "-dir:",5)) {
1825  dir = (const char *)(op+5);
1826  } else if (!strncmp(op, "-udir:",6)) {
1827  udir = (const char *)(op+6);
1828  } else if (!strncmp(op, "-c:",3)) {
1829  clist = (const char *)(op+3);
1830  } else if (!strncmp(op, "-d:",3)) {
1831  debug = atoi(op+3);
1832  } else if (!strncmp(op, "-a:",3)) {
1833  areg = atoi(op+3);
1834  } else if (!strncmp(op, "-vc:",4)) {
1835  vc = atoi(op+4);
1836  } else if (!strncmp(op, "-syspwd",7)) {
1837  syspwd = 1;
1838  } else if (!strncmp(op, "-lf:",4)) {
1839  lifetime = XrdSutParseTime(op+4);
1840  } else if (!strncmp(op, "-maxfail:",9)) {
1841  maxfail = atoi(op+9);
1842  } else if (!strncmp(op, "-cryptfile:",11)) {
1843  cpass = (const char *)(op+11);
1844  } else if (!strncmp(op, "-keepcreds",10)) {
1845  keepcreds = 1;
1846  } else if (!strncmp(op, "-expcreds:",10)) {
1847  expcreds = (const char *)(op+10);
1848  } else if (!strncmp(op, "-expfmt:",8)) {
1849  expfmt = atoi(op+8);
1850  }
1851  }
1852  // Check inputs
1853  areg = (areg >= 0 && areg <= 2) ? areg : 0;
1854  vc = (vc >= 0 && vc <= 2) ? vc : 2;
1855  }
1856 
1857  //
1858  // Build the option object
1859  opts.debug = (debug > -1) ? debug : opts.debug;
1860  opts.mode = 's';
1861  opts.areg = areg;
1862  opts.vericlnt = vc;
1863  opts.upwd = upw;
1864  opts.syspwd = syspwd;
1865  opts.lifecreds = lifetime;
1866  opts.maxfailures = maxfail;
1867  opts.expfmt = expfmt;
1868  if (dir.length() > 0)
1869  opts.dir = (char *)dir.c_str();
1870  if (udir.length() > 0)
1871  opts.udir = (char *)udir.c_str();
1872  if (clist.length() > 0)
1873  opts.clist = (char *)clist.c_str();
1874  if (cpass.length() > 0)
1875  opts.cpass = (char *)cpass.c_str();
1876  opts.keepcreds = keepcreds;
1877  if (expcreds.length() > 0)
1878  opts.expcreds = (char *)expcreds.c_str();
1879 
1880  // Notify init options, if required
1881  opts.Print(pwdTrace);
1882  //
1883  // Setup the plug-in with the chosen options
1884  return XrdSecProtocolpwd::Init(opts,erp);
1885  }
1886 
1887  // Notify init options, if required
1888  opts.Print(pwdTrace);
1889  //
1890  // Setup the plug-in with the defaults
1891  return XrdSecProtocolpwd::Init(opts,erp);
1892 }}
#define EPNAME(x)
Definition: XrdBwmTrace.hh:56
#define PRINT(y)
XrdOucTrace * pwdTrace
struct myOpts opts
int XrdSutParseTime(const char *tstr, int opt)
Definition: XrdSutAux.cc:540
if(Avsz)
size_t strlcpy(char *dst, const char *src, size_t sz)
const char * c_str() const
int length() const
static char * Init(pwdOptions o, XrdOucErrInfo *erp)
static XrdOucTrace * EnableTracing()

References XrdOucString::c_str(), myOpts::debug, XrdSecProtocolpwd::EnableTracing(), EPNAME, XrdOucTokenizer::GetLine(), XrdOucTokenizer::GetToken(), if(), XrdSecProtocolpwd::Init(), XrdOucString::length(), opts, PRINT, pwdTrace, strlcpy(), and XrdSutParseTime().

+ Here is the call graph for this function:

◆ XrdSecProtocolpwdObject()

XrdSecProtocol* XrdSecProtocolpwdObject ( const char  mode,
const char *  hostname,
XrdNetAddrInfo endPoint,
const char *  parms,
XrdOucErrInfo erp 
)

Definition at line 1903 of file XrdSecProtocolpwd.cc.

1908 {
1909  XrdSecProtocolpwd *prot;
1910  int options = XrdSecNOIPCHK;
1911 
1912  //
1913  // Get a new protocol object
1914  if (!(prot = new XrdSecProtocolpwd(options, hostname, endPoint, parms))) {
1915  const char *msg = "Secpwd: Insufficient memory for protocol.";
1916  if (erp)
1917  erp->setErrInfo(ENOMEM, msg);
1918  else
1919  std::cerr <<msg <<std::endl;
1920  return (XrdSecProtocol *)0;
1921  }
1922  //
1923  // We are done
1924  if (!erp)
1925  std::cerr << "protocol object instantiated" << std::endl;
1926  return prot;
1927 }}
#define XrdSecNOIPCHK
int setErrInfo(int code, const char *emsg)

References XrdOucErrInfo::setErrInfo(), and XrdSecNOIPCHK.

+ Here is the call graph for this function:

◆ XrdVERSIONINFO() [1/2]

XrdVERSIONINFO ( XrdSecProtocolpwdInit  ,
secpwd   
)

◆ XrdVERSIONINFO() [2/2]

XrdVERSIONINFO ( XrdSecProtocolpwdObject  ,
secpwd   
)

Variable Documentation

◆ AdminRef

String AdminRef = ProtoID + "admin"
static

Definition at line 73 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Init().

◆ gPWErrStr

const char* gPWErrStr[]
static

Definition at line 101 of file XrdSecProtocolpwd.cc.

◆ kOneDay

const int kOneDay = 86400
static

Definition at line 155 of file XrdSecProtocolpwd.cc.

◆ kOptsAFSPwd

const short kOptsAFSPwd = 0x0800
static

Definition at line 153 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Authenticate().

◆ kOptsAregAll

const short kOptsAregAll = 0x0008
static

Definition at line 146 of file XrdSecProtocolpwd.cc.

◆ kOptsAutoReg

const short kOptsAutoReg = 0x0004
static

Definition at line 145 of file XrdSecProtocolpwd.cc.

◆ kOptsChngPwd

const short kOptsChngPwd = 0x0400
static

◆ kOptsClntTty

const short kOptsClntTty = 0x0080
static

◆ kOptsCrypPwd

const short kOptsCrypPwd = 0x0200
static

Definition at line 151 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Authenticate().

◆ kOptsExpCred

const short kOptsExpCred = 0x0100
static

Definition at line 150 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Authenticate().

◆ kOptsServer

const short kOptsServer = 0x0001
static

Definition at line 143 of file XrdSecProtocolpwd.cc.

◆ kOptsUserPwd

const short kOptsUserPwd = 0x0002
static

Definition at line 144 of file XrdSecProtocolpwd.cc.

◆ kOptsVeriClt

const short kOptsVeriClt = 0x0040
static

Definition at line 148 of file XrdSecProtocolpwd.cc.

◆ kOptsVeriSrv

const short kOptsVeriSrv = 0x0020
static

Definition at line 147 of file XrdSecProtocolpwd.cc.

◆ NetRcRef

String NetRcRef = ProtoID + "netrc"
static

Definition at line 76 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Init().

◆ Prefix

String Prefix = "xrd"
static

Definition at line 70 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Init().

◆ ProtoID

String ProtoID = XrdSecPROTOIDENT
static

Definition at line 71 of file XrdSecProtocolpwd.cc.

◆ pwdClientSteps

const char* pwdClientSteps[]
static
Initial value:
= {
"kXPC_none",
"kXPC_normal",
"kXPC_verifysrv",
"kXPC_signedrtag",
"kXPC_creds",
"kXPC_autoreg",
"kXPC_failureack",
"kXPC_reserved"
}

Definition at line 78 of file XrdSecProtocolpwd.cc.

Referenced by ClientStepStr().

◆ pwdServerSteps

const char* pwdServerSteps[]
static
Initial value:
= {
"kXPS_none",
"kXPS_init",
"kXPS_credsreq",
"kXPS_rtag",
"kXPS_signedrtag",
"kXPS_newpuk",
"kXPS_puk",
"kXPS_failure",
"kXPS_reserved"
}

Definition at line 89 of file XrdSecProtocolpwd.cc.

Referenced by ServerStepStr().

◆ pwdTrace

XrdOucTrace* pwdTrace = 0

Definition at line 209 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Init(), and XrdSecProtocolpwdInit().

◆ SrvPukRef

String SrvPukRef = ProtoID + "srvpuk"
static

Definition at line 74 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Init().

◆ UserRef

String UserRef = ProtoID + "user"
static

Definition at line 75 of file XrdSecProtocolpwd.cc.

Referenced by XrdSecProtocolpwd::Init().

◆ Version