XRootD
XrdSecsssID.cc
Go to the documentation of this file.
1 /******************************************************************************/
2 /* */
3 /* X r d S e c s s s I D . c c */
4 /* */
5 /* (c) 2008 by the Board of Trustees of the Leland Stanford, Jr., University */
6 /* All Rights Reserved */
7 /* Produced by Andrew Hanushevsky for Stanford University under contract */
8 /* DE-AC02-76-SFO0515 with the Department of Energy */
9 /* */
10 /* This file is part of the XRootD software suite. */
11 /* */
12 /* XRootD is free software: you can redistribute it and/or modify it under */
13 /* the terms of the GNU Lesser General Public License as published by the */
14 /* Free Software Foundation, either version 3 of the License, or (at your */
15 /* option) any later version. */
16 /* */
17 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
18 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
19 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
20 /* License for more details. */
21 /* */
22 /* You should have received a copy of the GNU Lesser General Public License */
23 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
24 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
25 /* */
26 /* The copyright holder's institutional names and contributor's names may not */
27 /* be used to endorse or promote products derived from this software without */
28 /* specific prior written permission of the institution or contributor. */
29 /******************************************************************************/
30 
31 #include <iostream>
32 #include <map>
33 
34 #include <cstdio>
35 #include <cstdlib>
36 #include <cstring>
37 #include <pwd.h>
38 #include <sys/types.h>
39 
40 #include "XrdOuc/XrdOucPup.hh"
41 #include "XrdOuc/XrdOucUtils.hh"
42 #include "XrdSys/XrdSysPthread.hh"
43 
44 #include "XrdSec/XrdSecEntity.hh"
46 #include "XrdSecsss/XrdSecsssID.hh"
48 #include "XrdSecsss/XrdSecsssRR.hh"
49 
50 /******************************************************************************/
51 /* D e f i n e s */
52 /******************************************************************************/
53 
54 #define XRDSECSSSENDO "XrdSecsssENDORSEMENT"
55 
56 /******************************************************************************/
57 /* S t a t i c s */
58 /******************************************************************************/
59 
60 namespace XrdSecsssMap
61 {
65 
66 typedef std::map<std::string, XrdSecsssEnt*> EntityMap;
67 
69 }
70 
71 using namespace XrdSecsssMap;
72 
73 /******************************************************************************/
74 /* C o n s t r u c t o r */
75 /******************************************************************************/
76 
78  XrdSecsssCon *Tracker, bool *isOK)
79  : defaultID(0),
80  myAuth(XrdSecsssID::idStatic), isStatic(true),
81  trackOK(false)
82 {
83 
84 // Check if we have initialized already. If so, indicate warning
85 //
86  sssMutex.Lock();
87  if (IDMapper)
88  {sssMutex.UnLock();
89  if (isOK) *isOK = false;
90  else std::cerr <<"SecsssID: Already instantiated; new instance"
91  " ineffective!\n" <<std::flush;
92  return;
93  }
94 
95 // Verify the authType
96 //
97  switch(aType)
98  {case idDynamic: isStatic = false;
99  case idStatic: break;
100  case idStaticM: break;
101  case idMapped: isStatic = false;
102  break;
103  case idMappedM: isStatic = false;
104  break;
105  default: idP = 0;
106  aType = idStatic;
107  isStatic = true;
108  break;
109  }
110  myAuth = aType;
111 
112 // Generate a default identity
113 //
114  if (idP) defaultID = new XrdSecsssEnt(idP);
115  else defaultID = genID(isStatic);
116 
117 // Establish a pointer to this object.
118 //
119  IDMapper = this;
120 
121 // Decide whether or not we will track connections
122 //
123  if (Tracker && (aType == idMapped || aType == idMappedM)) conTrack = Tracker;
124 
125 // All done with initialization
126 //
127  if (isOK) *isOK = true;
128  sssMutex.UnLock();
129 }
130 
131 /******************************************************************************/
132 /* Private: D e s t r u c t o r */
133 /******************************************************************************/
134 
135 XrdSecsssID::~XrdSecsssID() {if (defaultID) defaultID->Delete();}
136 
137 /******************************************************************************/
138 /* Private: F i n d */
139 /******************************************************************************/
140 
141 int XrdSecsssID::Find(const char *lid, char *&dP,
142  const char *myIP, int dataOpts)
143 {
144  EntityMap::iterator it;
145  XrdSecsssEnt *fP;
146  int n;
147 
148 // Lock the registry and find the entry
149 //
150  sssMutex.Lock();
151  it = Registry.find(lid);
152  if (it == Registry.end())
153  {if (!(fP = defaultID))
154  {sssMutex.UnLock(); return 0;}
155  } else fP = it->second;
156 
157 // Return the data
158 //
159  n = fP->RR_Data(dP, myIP, dataOpts);
160  sssMutex.UnLock();
161  return n;
162 }
163 
164 /******************************************************************************/
165 /* Private: g e n I D */
166 /******************************************************************************/
167 
168 XrdSecsssEnt *XrdSecsssID::genID(bool Secure)
169 {
170  XrdSecEntity myID("sss");
171  static const int pgSz = 256;
172  char pBuff[pgSz], gBuff[pgSz];
173 
174 // Use either our own uid/gid or a generic
175 //
176  myID.name = (Secure || XrdOucUtils:: UserName(geteuid(), pBuff, pgSz))
177  ? (char *)"nobody" : pBuff;
178  myID.grps = (Secure || XrdOucUtils::GroupName(getegid(), gBuff, pgSz) == 0)
179  ? (char *)"nogroup" : gBuff;
180 
181  if (getenv(XRDSECSSSENDO))
182  {myID.endorsements = getenv(XRDSECSSSENDO); }
183 
184 // Just return the sssID
185 //
186  return new XrdSecsssEnt(&myID);
187 }
188 
189 /******************************************************************************/
190 /* Private: g e t O b j */
191 /******************************************************************************/
192 
193 XrdSecsssID *XrdSecsssID::getObj(authType &aType, XrdSecsssEnt *&idP)
194 {
195  bool sType = false;
196 
197 // Prevent changes
198 //
199  sssMutex.Lock();
200 
201 // Pick up the settings (we might not have any)
202 //
203  if (!IDMapper)
204  {aType = idStatic;
205  sType = true;
206  idP = 0;
207  } else {
208  aType = IDMapper->myAuth;
209  idP = IDMapper->defaultID;
210  }
211  if (!idP) idP = genID(sType);
212 
213 // Return result
214 //
215  XrdSecsssID *theMapper = IDMapper;
216  sssMutex.UnLock();
217  return theMapper;
218 }
219 
220 /******************************************************************************/
221 /* R e g i s t e r */
222 /******************************************************************************/
223 
224 bool XrdSecsssID::Register(const char *lid, const XrdSecEntity *eP,
225  bool doRep, bool defer)
226 {
227  EntityMap::iterator it;
228  XrdSecsssEnt *idP;
229 
230 // If this is an invalid call, return failure
231 //
232  if (isStatic) return false;
233 
234 // Check if we are simply deleting an entry
235 //
236  if (!eP)
237  {sssMutex.Lock();
238  it = Registry.find(std::string(lid));
239  if (it == Registry.end()) sssMutex.UnLock();
240  else {idP = it->second;
241  Registry.erase(it);
242  sssMutex.UnLock();
243  idP->Delete();
244  }
245  return true;
246  }
247 
248 // Generate an ID entry and add it to registry (we are optimistic here)
249 // Note: We wish we could use emplace() but that isn't suported until gcc 4.8.0
250 //
251  std::pair<EntityMap::iterator, bool> ret;
252  std::pair<std::string, XrdSecsssEnt*> psp;
253  idP = new XrdSecsssEnt(eP, defer);
254  psp = {std::string(lid), idP};
255  sssMutex.Lock();
256  ret = Registry.insert(psp);
257  if (ret.second)
258  {sssMutex.UnLock();
259  return true;
260  }
261 
262 // We were not successful, replace the element if we are allowed to do so.
263 //
264  if (doRep)
265  {XrdSecsssEnt *oldP = ret.first->second;
266  ret.first->second = idP;
267  sssMutex.UnLock();
268  oldP->Delete();
269  return true;
270  }
271 
272 // Sigh, the element exists but we cannot replace it.
273 //
274  sssMutex.UnLock();
275  idP->Delete();
276  return false;
277 }
#define XRDSECSSSENDO
Definition: XrdSecsssID.cc:54
static int UserName(uid_t uID, char *uName, int uNsz)
static int GroupName(gid_t gID, char *gName, int gNsz)
Definition: XrdOucUtils.cc:596
void Delete()
Delete this entity object.
Definition: XrdSecsssEnt.cc:97
int RR_Data(char *&dP, const char *hostIP, int dataOpts)
bool Register(const char *lgnid, const XrdSecEntity *Ident, bool doReplace=false, bool defer=false)
Definition: XrdSecsssID.cc:224
XrdSecsssID(authType aType=idStatic, const XrdSecEntity *Ident=0, XrdSecsssCon *Tracker=0, bool *isOK=0)
Definition: XrdSecsssID.cc:77
std::map< std::string, XrdSecsssEnt * > EntityMap
Definition: XrdSecsssID.cc:66
XrdSysMutex sssMutex
Definition: XrdSecsssID.cc:62
XrdSecsssCon * conTrack
Definition: XrdSecsssID.cc:64
XrdSecsssID * IDMapper
Definition: XrdSecsssID.cc:63
EntityMap Registry
Definition: XrdSecsssID.cc:68