XRootD
XrdDigAuth Class Reference

#include <XrdDigAuth.hh>

+ Collaboration diagram for XrdDigAuth:

Public Member Functions

 XrdDigAuth ()
 
 ~XrdDigAuth ()
 
bool Authorize (const XrdSecEntity *client, XrdDigAuthEnt::aType aType, bool aVec[XrdDigAuthEnt::aNum]=0)
 
bool Configure (const char *aFN)
 

Detailed Description

Definition at line 68 of file XrdDigAuth.hh.

Constructor & Destructor Documentation

◆ XrdDigAuth()

XrdDigAuth::XrdDigAuth ( )
inline

Definition at line 79 of file XrdDigAuth.hh.

79 : authFN(0), authTOD(0), authCHK(0), authList(0) {}

◆ ~XrdDigAuth()

XrdDigAuth::~XrdDigAuth ( )
inline

Definition at line 80 of file XrdDigAuth.hh.

80 {}

Member Function Documentation

◆ Authorize()

bool XrdDigAuth::Authorize ( const XrdSecEntity client,
XrdDigAuthEnt::aType  aType,
bool  aVec[XrdDigAuthEnt::aNum] = 0 
)

Definition at line 89 of file XrdDigAuth.cc.

93 {
94  XrdSysMutexHelper mHelp(&authMutex);
95  time_t tNow = time(0);
96  XrdDigAuthEnt *aP;
97  int rc;
98 
99 // Check if we need to refresh the auth list
100 //
101  if (tNow >= authCHK)
102  {struct stat Stat;
103  if ((rc = stat(authFN, &Stat)) && errno != ENOENT)
104  {eDest->Emsg("Config",errno,"stat dig auth file", authFN);
105  authCHK = tNow + 30;
106  } else {
107  if (rc) {if (authList) {if (!Refresh()) authCHK = tNow + 30;}
108  else authCHK = tNow + 60;
109  }
110  else if (authTOD == Stat.st_mtime) authCHK = tNow + 5;
111  else if (!Refresh()) authCHK = tNow + 30;
112  }
113  }
114 
115 // Clear aVec if so supplied (client's auth mask)
116 //
117  if (aVec) memset(aVec, false, XrdDigAuthEnt::aNum);
118 
119 // Check if we have anything to authorize with
120 //
121  if (!authList) return false;
122 
123 // Check if we are granting access to this resouce at all
124 //
125  if (aType != XrdDigAuthEnt::aNum && !accOK[aType]) return false;
126 
127 // Go through the access list and try to match the client
128 //
129  aP = authList;
130  while(aP)
131  {do {if (strcmp(client->prot, aP->prot)) break;
132  if (aP->eChk[XrdDigAuthEnt::eName] && (!client->name ||
133  strcmp(client->name, aP->eChk[XrdDigAuthEnt::eName]))) break;
134 
135  if (aP->eChk[XrdDigAuthEnt::eHost]
136  && strcmp(client->addrInfo->Name(""),
137  aP->eChk[XrdDigAuthEnt::eHost])) break;
138 
139  if (aP->eChk[XrdDigAuthEnt::eVorg] && (!client->vorg ||
140  strcmp(client->vorg, aP->eChk[XrdDigAuthEnt::eVorg]))) break;
141 
142  if (aP->eChk[XrdDigAuthEnt::eRole] && (!client->role ||
143  strcmp(client->role, aP->eChk[XrdDigAuthEnt::eRole]))) break;
144 
145  if (aP->eChk[XrdDigAuthEnt::eGrp ] && (!client->grps ||
146  !OkGrp(client->grps, aP->eChk[XrdDigAuthEnt::eGrp ]))) break;
147 
148  if (aVec) memcpy(aVec, aP->accOK, XrdDigAuthEnt::aNum);
149  return (aType == XrdDigAuthEnt::aNum ? false : aP->accOK[aType]);
150  } while(1);
151  aP = aP->next;
152  }
153 
154 // Client failed the test
155 //
156  return false;
157 }
struct stat Stat
Definition: XrdCks.cc:49
int stat(const char *path, struct stat *buf)
char prot[XrdSecPROTOIDSIZE]
Definition: XrdDigAuth.hh:48
char * eChk[eNum]
Definition: XrdDigAuth.hh:51
XrdDigAuthEnt * next
Definition: XrdDigAuth.hh:46
bool accOK[aNum]
Definition: XrdDigAuth.hh:54
const char * Name(const char *eName=0, const char **eText=0)
char * vorg
Entity's virtual organization(s)
Definition: XrdSecEntity.hh:71
XrdNetAddrInfo * addrInfo
Entity's connection details.
Definition: XrdSecEntity.hh:80
char prot[XrdSecPROTOIDSIZE]
Auth protocol used (e.g. krb5)
Definition: XrdSecEntity.hh:67
char * grps
Entity's group name(s)
Definition: XrdSecEntity.hh:73
char * name
Entity's name.
Definition: XrdSecEntity.hh:69
char * role
Entity's role(s)
Definition: XrdSecEntity.hh:72
int Emsg(const char *esfx, int ecode, const char *text1, const char *text2=0)
Definition: XrdSysError.cc:95
XrdSysError * eDest
Definition: XrdDigConfig.cc:68
void * Refresh(void *parg)

References XrdDigAuthEnt::accOK, XrdSecEntity::addrInfo, XrdDigAuthEnt::aNum, XrdDigAuthEnt::eChk, XrdDig::eDest, XrdDigAuthEnt::eGrp, XrdDigAuthEnt::eHost, XrdSysError::Emsg(), XrdDigAuthEnt::eName, XrdDigAuthEnt::eRole, XrdDigAuthEnt::eVorg, XrdSecEntity::grps, XrdNetAddrInfo::Name(), XrdSecEntity::name, XrdDigAuthEnt::next, XrdDigAuthEnt::prot, XrdSecEntity::prot, XrdTlsCrl::Refresh(), XrdSecEntity::role, Stat, stat(), and XrdSecEntity::vorg.

Referenced by XrdDigConfig::GenAccess(), and XrdDigConfig::GenPath().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Configure()

bool XrdDigAuth::Configure ( const char *  aFN)

Definition at line 163 of file XrdDigAuth.cc.

164 {
165 /*
166  Function: Configure authorization (one time call).
167 
168  Input: None.
169 
170  Output: true upon success or false otherwise.
171 */
172 
173 // Establish the location of the auth file (stable string do not copy)
174 //
175  if (!aFN || !(*aFN))
176  {eDest->Emsg("Config", "Dig authorization file not specified.");
177  return false;
178  }
179 
180 // Initialize authorization
181 //
182  authFN = strdup(aFN);
183  SetupAuth(false);
184  return true;
185 }

References XrdDig::eDest, and XrdSysError::Emsg().

Referenced by XrdDigConfig::Configure().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

The documentation for this class was generated from the following files: