XRootD
XrdVomsMapfile Class Reference

#include <XrdVomsMapfile.hh>

+ Collaboration diagram for XrdVomsMapfile:

Public Member Functions

virtual ~XrdVomsMapfile ()
 
int Apply (XrdSecEntity &)
 
bool IsValid () const
 

Static Public Member Functions

static XrdVomsMapfileConfigure (XrdSysError *)
 
static XrdVomsMapfileGet ()
 

Detailed Description

Definition at line 37 of file XrdVomsMapfile.hh.

Constructor & Destructor Documentation

◆ ~XrdVomsMapfile()

XrdVomsMapfile::~XrdVomsMapfile ( )
virtual

Definition at line 95 of file XrdVomsMapfile.cc.

96 {}

Member Function Documentation

◆ Apply()

int XrdVomsMapfile::Apply ( XrdSecEntity entity)

Definition at line 257 of file XrdVomsMapfile.cc.

258 {
259  // In current use cases, the gridmap results take precedence over the voms-mapfile
260  // results. However, the grid mapfile plugins often will populate the name attribute
261  // with a reasonable default (DN or DN hash) if the mapping fails, meaning we can't
262  // simply look at entity.name; instead, we look at an extended attribute that is only
263  // set when the mapfile is used to generate the name.
264  std::string gridmap_name;
265  auto gridmap_success = entity.eaAPI->Get("gridmap.name", gridmap_name);
266  if (gridmap_success && gridmap_name == "1") {
267  return 0;
268  }
269 
270  int from_vorg = 0, from_role = 0, from_grps = 0;
271  XrdOucString vorg = entity.vorg, entry_vorg;
272  XrdOucString role = entity.role ? entity.role : "", entry_role = "NULL";
273  XrdOucString grps = entity.grps, entry_grps;
274  if (m_edest) m_edest->Log(LogMask::Debug, "VOMSMapfile", "Applying VOMS mapfile to incoming credential");
275  while (((from_vorg = vorg.tokenize(entry_vorg, from_vorg, ' ')) != -1) &&
276  ((role == "") || (from_role = role.tokenize(entry_role, from_role, ' ')) != -1) &&
277  ((from_grps = grps.tokenize(entry_grps, from_grps, ' ')) != -1))
278  {
279  auto fqan = MakePath(entry_grps);
280  if (fqan.empty()) {continue;}
281 
282  // By convention, the root group should be the same as the VO name; however,
283  // the VOMS mapfile makes this assumption. To be secure, enforce it.
284  if (strcmp(fqan[0].c_str(), entry_vorg.c_str())) {continue;}
285 
286  fqan.emplace_back(std::string("Role=") + entry_role.c_str());
287  fqan.emplace_back("Capability=NULL");
288  std::string username;
289  if (!(username = Map(fqan)).empty()) {
290  if (entity.name) {free(entity.name);}
291  entity.name = strdup(username.c_str());
292  break;
293  }
294  }
295 
296  return 0;
297 }
int tokenize(XrdOucString &tok, int from, char del=':')
XrdSecAttr * Get(const void *sigkey)
char * vorg
Entity's virtual organization(s)
Definition: XrdSecEntity.hh:71
XrdSecEntityAttr * eaAPI
non-const API to attributes
Definition: XrdSecEntity.hh:92
char * grps
Entity's group name(s)
Definition: XrdSecEntity.hh:73
char * name
Entity's name.
Definition: XrdSecEntity.hh:69
char * role
Entity's role(s)
Definition: XrdSecEntity.hh:72
void Log(int mask, const char *esfx, const char *text1, const char *text2=0, const char *text3=0)
Definition: XrdSysError.hh:133

References Macaroons::Debug, XrdSecEntity::eaAPI, XrdSecEntityAttr::Get(), XrdSecEntity::grps, XrdSysError::Log(), XrdSecEntity::name, XrdSecEntity::role, XrdOucString::tokenize(), and XrdSecEntity::vorg.

Referenced by XrdVomsFun::VOMSFun().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Configure()

XrdVomsMapfile * XrdVomsMapfile::Configure ( XrdSysError erp)
static

Definition at line 308 of file XrdVomsMapfile.cc.

309 {
310  if (tried_configure) {
311  auto result = mapper.get();
312  if (result) {
313  result->SetErrorStream(erp);
314  }
315  return result;
316  }
317 
318  tried_configure = true;
319 
320  // Set default mask for logging.
321  if (erp) erp->setMsgMask(LogMask::Error | LogMask::Warning);
322 
323  char *config_filename = nullptr;
324  if (!XrdOucEnv::Import("XRDCONFIGFN", config_filename)) {
325  return VOMS_MAP_FAILED;
326  }
327  XrdOucEnv myEnv;
328  XrdOucStream stream(erp, getenv("XRDINSTANCE"), &myEnv, "=====> ");
329 
330  int cfg_fd;
331  if ((cfg_fd = open(config_filename, O_RDONLY, 0)) < 0) {
332  if (erp) erp->Emsg("Config", errno, "open config file", config_filename);
333  return VOMS_MAP_FAILED;
334  }
335  stream.Attach(cfg_fd);
336  char *var;
337  std::string map_filename;
338  while ((var = stream.GetMyFirstWord())) {
339  if (!strcmp(var, "voms.mapfile")) {
340  auto val = stream.GetWord();
341  if (!val || !val[0]) {
342  if (erp) erp->Emsg("Config", "VOMS mapfile not specified");
343  return VOMS_MAP_FAILED;
344  }
345  map_filename = val;
346  } else if (!strcmp(var, "voms.trace")) {
347  auto val = stream.GetWord();
348  if (!val || !val[0]) {
349  if (erp) erp->Emsg("Config", "VOMS logging level not specified");
350  return VOMS_MAP_FAILED;
351  }
352  if (erp) erp->setMsgMask(0);
353  if (erp) do {
354  if (!strcmp(val, "all")) {erp->setMsgMask(erp->getMsgMask() | LogMask::All);}
355  else if (!strcmp(val, "error")) {erp->setMsgMask(erp->getMsgMask() | LogMask::Error);}
356  else if (!strcmp(val, "warning")) {erp->setMsgMask(erp->getMsgMask() | LogMask::Warning);}
357  else if (!strcmp(val, "info")) {erp->setMsgMask(erp->getMsgMask() | LogMask::Info);}
358  else if (!strcmp(val, "debug")) {erp->setMsgMask(erp->getMsgMask() | LogMask::Debug);}
359  else if (!strcmp(val, "none")) {erp->setMsgMask(0);}
360  else {erp->Emsg("Config", "voms.trace encountered an unknown directive:", val);}
361  val = stream.GetWord();
362  } while (val);
363  }
364  }
365 
366  if (!map_filename.empty()) {
367  if (erp) erp->Emsg("Config", "Will initialize VOMS mapfile", map_filename.c_str());
368  mapper.reset(new XrdVomsMapfile(erp, map_filename));
369  if (!mapper->IsValid()) {
370  mapper.reset(nullptr);
371  return VOMS_MAP_FAILED;
372  }
373  }
374 
375  return mapper.get();
376 }
@ Info
@ Warning
int open(const char *path, int oflag,...)
#define VOMS_MAP_FAILED
static bool Import(const char *var, char *&val)
Definition: XrdOucEnv.cc:222
int Emsg(const char *esfx, int ecode, const char *text1, const char *text2=0)
Definition: XrdSysError.cc:95
void setMsgMask(int mask)
Definition: XrdSysError.hh:154
int getMsgMask()
Definition: XrdSysError.hh:156

References Macaroons::All, XrdOucStream::Attach(), Macaroons::Debug, XrdSysError::Emsg(), Macaroons::Error, XrdSysError::getMsgMask(), XrdOucStream::GetMyFirstWord(), XrdOucStream::GetWord(), XrdOucEnv::Import(), Info, open(), XrdSysError::setMsgMask(), VOMS_MAP_FAILED, and Warning.

Referenced by XrdVomsFun::VOMSInit().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Get()

XrdVomsMapfile * XrdVomsMapfile::Get ( )
static

Definition at line 301 of file XrdVomsMapfile.cc.

302 {
303  return mapper.get();
304 }

◆ IsValid()

bool XrdVomsMapfile::IsValid ( ) const
inline

Definition at line 50 of file XrdVomsMapfile.hh.

50 {return m_is_valid;}

The documentation for this class was generated from the following files: