XRootD
XrdSecgsiAuthzFunVO.cc File Reference
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <unistd.h>
#include "XrdVersion.hh"
#include "XrdSys/XrdSysHeaders.hh"
#include "XrdSys/XrdSysPthread.hh"
#include "XrdSec/XrdSecEntity.hh"
#include "XrdOuc/XrdOucEnv.hh"
#include "XrdOuc/XrdOucLock.hh"
+ Include dependency graph for XrdSecgsiAuthzFunVO.cc:

Go to the source code of this file.

Macros

#define PRINT(y)   if (g_debug) {std::cerr << y << "\n";}
 
#define PROUT(_x_)    std::cerr <<inf_pfx <<"entity." #_x_ "='" <<(entity._x_ ? entity._x_ : "") <<"'.\n"
 

Functions

int XrdSecgsiAuthzFun (XrdSecEntity &entity)
 
int XrdSecgsiAuthzInit (const char *cfg)
 
int XrdSecgsiAuthzKey (XrdSecEntity &entity, char **key)
 
 XrdVERSIONINFO (XrdSecgsiAuthzFun, secgsiauthz)
 
 XrdVERSIONINFO (XrdSecgsiAuthzInit, secgsiauthz)
 
 XrdVERSIONINFO (XrdSecgsiAuthzKey, secgsiauthz)
 

Macro Definition Documentation

◆ PRINT

#define PRINT (   y)    if (g_debug) {std::cerr << y << "\n";}

Definition at line 124 of file XrdSecgsiAuthzFunVO.cc.

◆ PROUT

#define PROUT (   _x_)     std::cerr <<inf_pfx <<"entity." #_x_ "='" <<(entity._x_ ? entity._x_ : "") <<"'.\n"

Definition at line 126 of file XrdSecgsiAuthzFunVO.cc.

Function Documentation

◆ XrdSecgsiAuthzFun()

int XrdSecgsiAuthzFun ( XrdSecEntity entity)

Definition at line 140 of file XrdSecgsiAuthzFunVO.cc.

141 {
142  static const char* inf_pfx = "INFO in AuthzFun: ";
143  static XrdSysMutex Mutex;
144  const char *vtxt = "", *etxt = 0;
145  char vbuff[(g_maxvolen+1)*2];
146  int i, n;
147 
148 // We must have a vo, it must be shorter than 255 bytes, and it must be in our
149 // vo list of we have one
150 //
151  if (!entity.vorg) etxt = "missing";
152  else if ((n = strlen(entity.vorg)) > g_maxvolen) etxt = "too long";
153  else if (g_valido)
154  {*vbuff = ',';
155  strcpy(vbuff+1, entity.vorg);
156  if (!strstr(g_valido, vbuff))
157  {vtxt = entity.vorg; etxt = " not allowed";}
158  }
159 
160 // Check if we passed the tests
161 //
162  if (etxt)
163  {std::cerr <<"AuthzVO: Invalid cert; vo " <<vtxt <<etxt <<std::endl;
164  return -1;
165  }
166 
167 // Format group name if so wanted
168 //
169  if (g_vo2grp)
170  {snprintf(vbuff, sizeof(vbuff), g_vo2grp, entity.vorg);
171  if (entity.grps) free(entity.grps);
172  entity.grps = strdup(vbuff);
173  }
174 
175 // Format user name if so wanted
176 //
177  if (g_vo2usr)
178  {snprintf(vbuff, sizeof(vbuff), g_vo2usr, entity.vorg);
179  if (entity.name) free(entity.name);
180  entity.name = strdup(vbuff);
181  } else if (g_cn2usr && entity.name && (vtxt=strstr(entity.name,"/CN=")))
182  {char *cP = vbuff;
183  strncpy(vbuff, vtxt+4, g_maxvolen); vbuff[n] = 0;
184  while(*cP) {if (*cP == ' ') *cP = '_'; cP++;}
185  for (i = n-1; i >= 0; i--) {if (*cP == '_') *cP = 0;}
186  if (*vbuff)
187  {if (entity.name) free(entity.name);
188  entity.name = strdup(vbuff);
189  }
190  }
191 
192 // If debugging then print information. However, get a global mutex to keep
193 // from inter-leaving these lines with other threads, as much as possible.
194 //
195  if (g_debug)
196  {XrdOucLock lock(&Mutex);
197  PROUT(name); PROUT(host); PROUT(grps); PROUT(vorg); PROUT(role);
198  }
199 
200 // All done
201 //
202  return 0;
203 }
#define PROUT(_x_)
char * vorg
Entity's virtual organization(s)
Definition: XrdSecEntity.hh:71
char * grps
Entity's group name(s)
Definition: XrdSecEntity.hh:73
char * name
Entity's name.
Definition: XrdSecEntity.hh:69

References XrdSecEntity::grps, XrdSecEntity::name, PROUT, and XrdSecEntity::vorg.

◆ XrdSecgsiAuthzInit()

int XrdSecgsiAuthzInit ( const char *  cfg)

Definition at line 237 of file XrdSecgsiAuthzFunVO.cc.

238 {
239  // Return:
240  // -1 on falure
241  // 0 to get credentials in raw form
242  // 1 to get credentials in PEM base64 encoded form
243 
244  static const char* inf_pfx = "INFO in AuthzInit: ";
245  XrdOucEnv *envP;
246  char cfgbuff[2048], *sP;
247  int i;
248 
249 // The configuration string may mistakingly include other parms following
250 // the auzparms. So, trim the string.
251 //
252  if (cfg)
253  {i = strlen(cfg);
254  if (i >= (int)sizeof(cfgbuff)) i = sizeof(cfgbuff)-1;
255  memcpy(cfgbuff, cfg, i);
256  cfgbuff[i] = 0;
257  if ((sP = index(cfgbuff, ' '))) *sP = 0;
258  }
259  if (!cfg || !(*cfg)) return g_certificate_format;
260 
261 // Parse the config line (it's in cgi format)
262 //
263  envP = new XrdOucEnv(cfgbuff);
264 
265 // Set debug value
266 //
267  if ((sP = envP->Get("debug")) && *sP == '1') g_debug = 1;
268 
269 // Get the mapping strings
270 //
271  if ((g_vo2grp = envP->Get("vo2grp"))) g_vo2grp = strdup(g_vo2grp);
272  if ((g_vo2usr = envP->Get("vo2usr")))
273  {g_cn2usr = 0;
274  g_vo2usr = (!strcmp(g_vo2usr, "*") ? 0 : strdup(g_vo2usr));
275  }
276 
277 // Now process the valid vo's
278 //
279  if ((sP = envP->Get("valido")))
280  {i = strlen(sP);
281  g_valido = (char *)malloc(i+2);
282  *g_valido = ',';
283  strcpy(g_valido+1, sP);
284  }
285 
286 // All done with environment
287 //
288  delete envP;
289 
290 // All done.
291 //
292  PRINT(inf_pfx <<"cfg='"<< (cfg ? cfg : "null") << "'.");
293  return g_certificate_format;
294 }
#define PRINT(y)
char * Get(const char *varname)
Definition: XrdOucEnv.hh:69
XrdOucEnv * envP
Definition: XrdPss.cc:109

References XrdProxy::envP, XrdOucEnv::Get(), and PRINT.

+ Here is the call graph for this function:

◆ XrdSecgsiAuthzKey()

int XrdSecgsiAuthzKey ( XrdSecEntity entity,
char **  key 
)

Definition at line 209 of file XrdSecgsiAuthzFunVO.cc.

210 {
211  // Return key by which entity.creds will be hashed.
212  // For now return entity.creds itself.
213  // The plan is to use DN + VO endorsements in the future.
214 
215  static const char* err_pfx = "ERR in AuthzKey: ";
216  static const char* inf_pfx = "INFO in AuthzKey: ";
217 
218  // Must have got something
219  if (!key) {
220  PRINT(err_pfx << "'key' is not defined!");
221  return -1;
222  }
223 
224  PRINT(inf_pfx << "Returning creds of len " << entity.credslen << " as key.");
225 
226  // Set the key
227  *key = new char[entity.credslen + 1];
228  strcpy(*key, entity.creds);
229 
230  return entity.credslen;
231 }
int credslen
Length of the 'creds' data.
Definition: XrdSecEntity.hh:78
char * creds
Raw entity credentials or cert.
Definition: XrdSecEntity.hh:77

References XrdSecEntity::creds, XrdSecEntity::credslen, and PRINT.

◆ XrdVERSIONINFO() [1/3]

XrdVERSIONINFO ( XrdSecgsiAuthzFun  ,
secgsiauthz   
)

◆ XrdVERSIONINFO() [2/3]

XrdVERSIONINFO ( XrdSecgsiAuthzInit  ,
secgsiauthz   
)

◆ XrdVERSIONINFO() [3/3]

XrdVERSIONINFO ( XrdSecgsiAuthzKey  ,
secgsiauthz   
)