XRootD
XrdOfsTPC.cc
Go to the documentation of this file.
1 /******************************************************************************/
2 /* */
3 /* X r d O f s T P C . c c */
4 /* */
5 /* (c) 2012 by the Board of Trustees of the Leland Stanford, Jr., University */
6 /* All Rights Reserved */
7 /* Produced by Andrew Hanushevsky for Stanford University under contract */
8 /* DE-AC02-76-SFO0515 with the Department of Energy */
9 /* */
10 /* This file is part of the XRootD software suite. */
11 /* */
12 /* XRootD is free software: you can redistribute it and/or modify it under */
13 /* the terms of the GNU Lesser General Public License as published by the */
14 /* Free Software Foundation, either version 3 of the License, or (at your */
15 /* option) any later version. */
16 /* */
17 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
18 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
19 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
20 /* License for more details. */
21 /* */
22 /* You should have received a copy of the GNU Lesser General Public License */
23 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
24 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
25 /* */
26 /* The copyright holder's institutional names and contributor's names may not */
27 /* be used to endorse or promote products derived from this software without */
28 /* specific prior written permission of the institution or contributor. */
29 /******************************************************************************/
30 
31 #include <atomic>
32 #include <cstdio>
33 #include <cstdlib>
34 #include <string>
35 #include <strings.h>
36 
37 #include "XrdAcc/XrdAccAccess.hh"
38 #include "XrdNet/XrdNetAddr.hh"
39 #include "XrdOuc/XrdOucPList.hh"
40 #include "XrdOfs/XrdOfsSecurity.hh"
41 #include "XrdOfs/XrdOfsStats.hh"
42 #include "XrdOfs/XrdOfsTPC.hh"
43 #include "XrdOfs/XrdOfsTPCAuth.hh"
45 #include "XrdOfs/XrdOfsTPCJob.hh"
46 #include "XrdOfs/XrdOfsTPCProg.hh"
47 #include "XrdOfs/XrdOfsTrace.hh"
48 #include "XrdOss/XrdOss.hh"
49 #include "XrdOuc/XrdOucCallBack.hh"
50 #include "XrdOuc/XrdOucEnv.hh"
51 #include "XrdOuc/XrdOucProg.hh"
52 #include "XrdOuc/XrdOucNList.hh"
53 #include "XrdOuc/XrdOucTList.hh"
54 #include "XrdOuc/XrdOucTPC.hh"
55 #include "XrdSec/XrdSecEntity.hh"
56 #include "XrdSys/XrdSysError.hh"
57 #include "XrdSys/XrdSysTimer.hh"
58 
59 /******************************************************************************/
60 /* G l o b a l O b j e c t s */
61 /******************************************************************************/
62 
63 extern XrdSysError OfsEroute;
64 extern XrdOfsStats OfsStats;
65 extern XrdSysTrace OfsTrace;
66 extern XrdOss *XrdOfsOss;
67 
68 namespace XrdOfsTPCParms
69 {
70 static const int fcMax = 8;
71 
72 struct fcTb {char *aVar;
74  bool aOpt;
75  bool aGSI;
77 
78 const char *gsiPKH = "-----BEGIN PRIVATE KEY-----\n";
79 
80 int fcNum = 0;
81 bool tpcOK = false;
82 bool encTPC = false;
83 
86 }
87 
88 using namespace XrdOfsTPCParms;
89 
90 /******************************************************************************/
91 /* L o c a l C l a s s e s */
92 /******************************************************************************/
93 /******************************************************************************/
94 /* X r d O f s T P C A l l o w */
95 /******************************************************************************/
96 
98 {
99 public:
100 
102 char *theDN;
103 char *theGN;
105 char *theVO;
106 
107 int Match(const XrdSecEntity *Who, const char *Host);
108 
109  XrdOfsTPCAllow(char *vDN, char *vGN, char *vHN, char *vVO,
110  XrdOfsTPCAllow *Prev)
111  : Next(Prev), theDN(vDN), theGN(vGN), theVO(vVO)
112  {if (vHN) theHN = new XrdOucNList(vHN);
113  else theHN = 0;
114  }
115  ~XrdOfsTPCAllow() {if (theHN) delete theHN;}
116 };
117 
118 /******************************************************************************/
119 /* X r d O f s T P C A l l o w : : M a t c h */
120 /******************************************************************************/
121 
122 int XrdOfsTPCAllow::Match(const XrdSecEntity *Who, const char *Host)
123 {
124 // Host name comparisons should be case insensitive. However, DN's and VO's
125 // do take case into account.
126 //
127  if (theHN && (!Host || !(theHN->NameKO(Host )))) return 0;
128  if (theDN && (!(Who->name) || strcmp(theDN, Who->name))) return 0;
129  if (theVO && (!(Who->vorg) || strcmp(theDN, Who->vorg))) return 0;
130  if (!theGN) return 1;
131  if (Who->grps)
132  {char gBuff[1028], Group[64];
133  strlcpy(gBuff+1, Who->grps, sizeof(gBuff)-1); *gBuff = ' ';
134  strlcpy(Group+1, theGN, sizeof(Group)-1); *Group = ' ';
135  return strstr(gBuff, Group) != 0;
136  } else return 0;
137  return 1;
138 }
139 
140 /******************************************************************************/
141 /* S t a t i c V a r i a b l e s */
142 /******************************************************************************/
143 
146 
148 
150 
152 
153 char *XrdOfsTPC::cPath = 0;
154 
155 namespace
156 {
157 std::atomic<int> rpInst = {0};
158 }
159 
160 /******************************************************************************/
161 /* A d d A u t h */
162 /******************************************************************************/
163 
164 const char *XrdOfsTPC::AddAuth(const char *auth, const char *avar)
165 {
166  bool aOpt, aGSI;
167 
168 // Check if credentials are optional
169 //
170  if (*auth != '?') aOpt = false;
171  else {aOpt = true;
172  auth++;
173  }
174  aGSI = strcmp("gsi", auth) == 0;
175 
176 // Verify that the authname is not too long
177 //
178  if (strlen(auth) >= XrdSecPROTOIDSIZE) return "Invalid auth";
179 
180 // Check if auth is already in the table
181 //
182  for (int i = 0; i < fcNum; i++)
183  if (!strcmp(auth, fcAuth[i].aProt))
184  {if (fcAuth[i].aVar) free(fcAuth[i].aVar);
185  fcAuth[i].aVar = strdup(avar);
186  fcAuth[i].aOpt = aOpt;
187  fcAuth[i].aGSI = aGSI;
188  return 0;
189  }
190 
191 // Check if we have room to add an auth
192 //
193  if (fcNum >= fcMax) return "Too many fcred auths";
194 
195 // Add an auth
196 //
197  strcpy(fcAuth[fcNum].aProt, auth);
198  fcAuth[fcNum].aVar = strdup(avar);
199  fcAuth[fcNum].aOpt = aOpt;
200  fcAuth[fcNum].aGSI = aGSI;
201  fcNum++;
202  return 0;
203 }
204 
205 /******************************************************************************/
206 /* A l l o w */
207 /******************************************************************************/
208 
209 void XrdOfsTPC::Allow(char *vDN, char *vGN, char *vHN, char *vVO)
210 {
211 
212 // Add the entry
213 //
214  ALList = new XrdOfsTPCAllow(vDN, vGN, vHN, vVO, ALList);
215 }
216 
217 /******************************************************************************/
218 /* A u t h o r i z e */
219 /******************************************************************************/
220 
222  XrdOfsTPC::Facts &Args,
223  int isPLE)
224 {
225  XrdOfsTPCAuth *myTPC;
226  const char *dstHost;
227  int rc, NoGo = 0;
228 
229 // Determine if we can handle any TPC requests
230 //
231  if (!tpcOK || !Args.Usr)
232  return Fatal(Args, "tpc not supported", ENOTSUP);
233 
234 // If we are restricting paths, make sure this meets the restriction
235 //
236  if (RPList && !(RPList->Find(Args.Lfn)))
237  return Fatal(Args, "tpc not allowed for path", EACCES);
238 
239 // The origin and the destination in the arguments
240 //
241  Args.Org = Args.Env->Get(XrdOucTPC::tpcOrg);
242  Args.Dst = Args.Env->Get(XrdOucTPC::tpcDst);
243 
244 // Determine if this is the origin or the destination.
245 // Origin: dst and key required but org may not be specified
246 // Dest: org and key required but dst may not be specified
247 //
248  if (Args.Dst && !Args.Org)
249  {if (fsAuth && !fsAuth->Access(Args.Usr, Args.Lfn, AOP_Read, Args.Env))
250  return Fatal(Args, "permission denied", EACCES);
251  if (AuthOrg && !Screen(Args, AuthOrg, isPLE)) return SFS_ERROR;
252  if (!(myTPC = new XrdOfsTPCAuth(getTTL(Args.Env))))
253  return Fatal(Args, "insufficient memory", ENOMEM);
254  if (!(myTPC->Add(Args))) {delete myTPC; return SFS_ERROR;}
255  *pTPC = (XrdOfsTPC *)myTPC;
256  return SFS_OK;
257  }
258  else if (!Args.Org || Args.Dst)
259  return Fatal(Args, "conflicting tpc cgi", EINVAL);
260 
261 // If we need to enforce authentication, do so now
262 //
263  if (AuthDst && !Screen(Args, AuthDst, isPLE)) return SFS_ERROR;
264 
265 // Avoid nodnr manglement of the host name, we always will need one. If we have
266 // see if we should restrict the destinations and if so, do it.
267 //
268  if (!(dstHost = Args.Usr->addrInfo->Name())) NoGo = 1;
269  else if (ALList)
270  {XrdOfsTPCAllow *aP = ALList;
271  while(aP && !aP->Match(Args.Usr, dstHost)) aP = aP->Next;
272  if (!aP) NoGo = 1;
273  }
274 
275 // Check if this destination is actually authorized
276 //
277  if (NoGo)
278  {OfsEroute.Emsg("TPC", Args.eRR->getErrUser(),
279  "denied tpc access to", Args.Lfn);
281  return Fatal(Args, "dest not authorized for tpc" ,EACCES, 1);
282  }
283 
284 // This is the destination trying to open a source file. We must make sure
285 // that the origin has authorized this action for this destination.
286 //
287  Args.Dst = dstHost;
288  if ((rc = XrdOfsTPCAuth::Get(Args, &myTPC))) return rc;
289 
290 // Check if entry already expired
291 //
292  if (myTPC->Expired())
293  {myTPC->Expired(Args.Usr->tident);
294  myTPC->Del();
295  return Fatal(Args, "authorization expired", EACCES, 1);
296  }
297 
298 // Log the grant if so wanted
299 //
300  if (Cfg.LogOK)
301  {char Buff[1024];
302  snprintf(Buff, sizeof(Buff), "%s granted tpc access by %s to",
303  Args.Usr->tident, Args.Org);
304  Buff[sizeof(Buff)-1] = 0;
305  OfsEroute.Emsg("TPC", Buff, Args.Lfn);
306  }
307 
308 // All done
309 //
311  *pTPC = (XrdOfsTPC *)myTPC;
312  return SFS_OK;
313 }
314 
315 /******************************************************************************/
316 /* Private: D e a t h */
317 /******************************************************************************/
318 
319 int XrdOfsTPC::Death(XrdOfsTPC::Facts &Args, const char *eMsg, int eCode, int nomsg)
320 {
321 // If automatc removal is wanted, remove the file.
322 //
323  if (Cfg.autoRM && Args.Pfn) XrdOfsOss->Unlink(Args.Lfn);
324 
325 // Return error information
326 //
327  return Fatal(Args, eMsg, eCode, nomsg);
328 }
329 
330 /******************************************************************************/
331 /* Private: F a t a l */
332 /******************************************************************************/
333 
334 int XrdOfsTPC::Fatal(XrdOfsTPC::Facts &Args, const char *eMsg, int eCode, int nomsg)
335 {
336  char Buff[2048];
337 
338 // Format the error message
339 //
340  snprintf(Buff, sizeof(Buff), "Unable to open %s; %s", Args.Lfn, eMsg);
341 
342 // Print it out if debugging is enabled
343 //
344 #ifndef NODEBUG
345  if (!nomsg) OfsEroute.Emsg("TPC", Args.eRR->getErrUser(), Buff);
346 #endif
347 
348 // Place the error message in the error object and return
349 //
350  Args.eRR->setErrInfo(eCode, Buff);
352  return SFS_ERROR;
353 }
354 
355 /******************************************************************************/
356 /* g e n O r g */
357 /******************************************************************************/
358 
359 int XrdOfsTPC::genOrg(const XrdSecEntity *client, char *Buff, int Blen)
360 {
361  const char *Colon, *cOrg = client->tident;
362  char *Name;
363  int n;
364 
365 // Extract out the login name and pid
366 //
367  if (!(Colon = index(cOrg, ':'))) return 0;
368  n = (Colon - cOrg);
369 
370 // Expand out client's full name
371 //
372  if (!(Name = Verify("origin", client->host, Buff, Blen))) return 0;
373 
374 // Make sure this all fits
375 //
376  if (((n + 1) + int(strlen(Name))) >= Blen)
377  {strncpy(Buff, "origin ID too long", Blen);
378  Buff[Blen-1] = 0;
379  free(Name);
380  return 0;
381  }
382 
383 // Construct the origin information
384 //
385  strncpy(Buff, cOrg, n);
386  Buff += n; *Buff++ = '@';
387  strcpy(Buff, Name);
388  free(Name);
389  return 1;
390 }
391 
392 /******************************************************************************/
393 /* Private: g e t T T L */
394 /******************************************************************************/
395 
397 {
398  const char *vTTL = Env->Get(XrdOucTPC::tpcTtl);
399 
400  if (vTTL)
401  {char *ePtr;
402  int n;
403  n = strtol(vTTL, &ePtr, 10);
404  if (n < 0 || *ePtr) return Cfg.dflTTL;
405  return (n > Cfg.maxTTL ? Cfg.maxTTL : n);
406  }
407  return Cfg.dflTTL;
408 }
409 
410 /******************************************************************************/
411 /* I n i t */
412 /******************************************************************************/
413 
415 {
416  std::string aStr;
417 
418 // Create credential forwarding template, if cred path specified. It is
419 // gauranteed to end with a slash (it better be).
420 //
421  if (Cfg.cPath && Cfg.fCreds) cPath = Cfg.cPath;
422  else cPath = 0;
423 
424 // Check for streams option
425 //
426  if (Cfg.tcpSTRM > 15) Cfg.tcpSTRM = 15;
427  if (Cfg.tcpSMax > 15) Cfg.tcpSMax = 15;
428 
429 
430 // Record all delegated auths
431 //
432  for (int i = 0; i < fcNum; i++)
433  {aStr += ' '; aStr += fcAuth[i].aProt;}
434 
435 // Export the delegated auths
436 //
437  if (aStr.length())
438  XrdOucEnv::Export("XRDTPCDLG", strdup(aStr.c_str()+1));
439 }
440 
441 /******************************************************************************/
442 /* R e q u i r e */
443 /******************************************************************************/
444 
445 void XrdOfsTPC::Require(const char *Auth, int rType)
446 {
447  int n = strlen(Auth), doEnc = (Auth[n-1] == '+');
448 
449  if (!rType || rType == reqDST)
450  {AuthDst = new XrdOucTList(Auth, doEnc, AuthDst);
451  if (doEnc) AuthDst->text[n-1] = 0;
452  }
453 
454  if (!rType || rType == reqORG)
455  {AuthOrg = new XrdOucTList(Auth, doEnc, AuthOrg);
456  if (doEnc) AuthOrg->text[n-1] = 0;
457  }
458  encTPC |= doEnc;
459 }
460 
461 /******************************************************************************/
462 /* R e s t r i c t */
463 /******************************************************************************/
464 
465 int XrdOfsTPC::Restrict(const char *Path)
466 {
467  XrdOucPList *plp;
468 
469  char pBuff[MAXPATHLEN];
470  int n = strlen(Path);
471 
472  if (n >= MAXPATHLEN)
473  {OfsEroute.Emsg("Config", "tpc restrict path too long");
474  return 0;
475  }
476 
477  if (Path[n-1] != '/')
478  {strcpy(pBuff, Path);
479  pBuff[n++] = '/'; pBuff[n] = 0;
480  Path = pBuff;
481  }
482 
483  if (!RPList) RPList = new XrdOucPListAnchor;
484 
485  if (!(plp = RPList->Match(pBuff)))
486  {plp = new XrdOucPList(pBuff);
487  RPList->Insert(plp);
488  }
489 
490  return 1;
491 }
492 
493 /******************************************************************************/
494 /* Private: S c r e e n */
495 /******************************************************************************/
496 
497 int XrdOfsTPC::Screen(XrdOfsTPC::Facts &Args, XrdOucTList *tP, int wasEnc)
498 {
499  const char *aProt = Args.Usr->prot;
500 
501  while(tP)
502  {if (!strcmp(tP->text, aProt))
503  {if (tP->val && wasEnc) return 1;
504  Fatal(Args, "unencrypted tpc disallowed", EACCES);
505  break;
506  }
507  tP = tP->next;
508  }
509 
510  if (!tP) Fatal(Args, "improper tpc authentication", EACCES);
511 
513  return 0;
514 }
515 
516 /******************************************************************************/
517 /* S t a r t */
518 /******************************************************************************/
519 
521 {
522 
523 // If there is a path restriction list then setup it up
524 //
525  if (RPList) RPList->Default(1);
526 
527 // If there is no copy program then we use the default one
528 //
529  if (!Cfg.XfrProg) Cfg.XfrProg = strdup("xrdcp --server");
530 
531 // Allocate copy program objects
532 //
533  if (!XrdOfsTPCProg::Init()) return 0;
534 
535 // Start the expiration thread
536 //
537  if (!XrdOfsTPCAuth::RunTTL(1)) return 0;
538 
539 // All done
540 //
541  XrdOucEnv::Export("XRDTPC", (encTPC ? "+1" : "1"));
542  tpcOK = true;
543  return 1;
544 }
545 
546 /******************************************************************************/
547 /* V a l i d a t e */
548 /******************************************************************************/
549 
551 {
552  XrdOfsTPCJob *myTPC;
553  const char *tpcLfn = Args.Env->Get(XrdOucTPC::tpcLfn);
554  const char *tpcSrc = Args.Env->Get(XrdOucTPC::tpcSrc);
555  const char *tpcCks = Args.Env->Get(XrdOucTPC::tpcCks);
556  const char *tpcSgi = Args.Env->Get(XrdOucTPC::tpcSgi);
557  const char *tpcStr = Args.Env->Get(XrdOucTPC::tpcStr);
558  const char *tpcSpr = Args.Env->Get(XrdOucTPC::tpcSpr);
559  const char *tpcTpr = Args.Env->Get(XrdOucTPC::tpcTpr);
560  const char *theCGI, *enVar = 0;
561  char Buff[512], myURL[4096], sVal = 0;
562  int n, doRN = 0, myURLen = sizeof(myURL);
563  short lfnLoc[2];
564 
565 // Determine if we can handle any TPC requests
566 //
567  if (!tpcOK || !Args.Usr) return Death(Args, "tpc not supported", ENOTSUP);
568 
569 // If we will be forwarding credentials, then verify that we have some
570 //
571  for (int i = 0; i < fcNum; i++)
572  {if (!strcmp(Args.Usr->prot, fcAuth[i].aProt))
573  {if (Args.Usr->creds == 0 || Args.Usr->credslen < 1
574  || (fcAuth[i].aGSI && !strstr(Args.Usr->creds, gsiPKH)))
575  {if (!fcAuth[i].aOpt)
576  return Death(Args,"no delegated credentials for tpc",EACCES);
577  } else enVar = fcAuth[i].aVar;
578  const char *tpcDlg = Args.Env->Get(XrdOucTPC::tpcDlg);
579  if (tpcDlg) tpcSrc = tpcDlg;
580  break;
581  }
582  }
583 
584 // This is a request by a writer to get data from another party. Make sure
585 // the source has been specified.
586 //
587  if (!tpcSrc) return Death(Args, "tpc source not specified", EINVAL);
588  if (!Args.Pfn) return Death(Args, "tpc pfn not specified", EINVAL);
589 
590 // If the lfn, if present, it must be absolute.
591 //
592  if (!tpcLfn) tpcLfn = Args.Lfn;
593  else if (Cfg.noids && *tpcLfn != '/')
594  return Death(Args,"source lfn not absolute",EINVAL);
595  else doRN = (strcmp(Args.Lfn, tpcLfn) != 0);
596 
597 // Validate number of streams and adjust accordingly
598 //
599  if (tpcStr)
600  {char *eP;
601  long nStrm = strtol(tpcStr, &eP, 10);
602  if (nStrm < 0 || *eP)
603  return Death(Args, "tpc streams value is invalid", EINVAL);
604  if (nStrm > Cfg.tcpSMax) nStrm = Cfg.tcpSMax;
605  sVal = static_cast<char>(nStrm);
606  } else sVal = static_cast<char>(Cfg.tcpSTRM);
607 
608 // Generate the origin id
609 //
610  if (!enVar && !genOrg(Args.Usr, Buff, sizeof(Buff)))
611  return Death(Args, Buff, EINVAL);
612 
613 // Construct the source url (it may be very big)
614 //
615  const char *xProt = (!tpcSpr || strcmp("xroots",tpcSpr) ? "xroot" : tpcSpr);
616  n = snprintf(myURL, myURLen, "%s://%s/%s?", xProt, tpcSrc, tpcLfn);
617  char *cgiP = myURL+n;
618  int cgiL = myURLen-n;
619  if (cgiL < 3) return Death(Args, "url too long", EINVAL);
620 
621 // Set lfn location in the URL but only if we need to do a rename
622 //
623  if (doRN) {lfnLoc[1] = strlen(tpcLfn); lfnLoc[0] = n - lfnLoc[1];}
624  else lfnLoc[1] = lfnLoc[0] = 0;
625 
626 // Copy user specified CGI into the source URL (omit tpc tokens)
627 //
628  if (tpcSgi)
629  {if ((int)strlen(tpcSgi) >= cgiL)
630  return Death(Args, "url too long", EINVAL);
631  n = XrdOucTPC::copyCGI(tpcSgi, cgiP, cgiL);
632  cgiP += n;
633  cgiL -= n;
634  }
635 
636 // Insert tpc tokens unless this is a delegated tpc which needs no tokens
637 //
638  if (!enVar)
639  {if (cgiL < 3) return Death(Args, "url too long", EINVAL);
640  *cgiP++ = '&'; cgiL--; *cgiP = 0;
641  theCGI = XrdOucTPC::cgiD2Src(Args.Key, Buff, cgiP, cgiL);
642  if (*theCGI == '!') return Death(Args, theCGI+1, EINVAL);
643  }
644 
645 // Create a pseudo tpc object that will contain the information we need to
646 // actually peform this copy.
647 //
648  if (!(myTPC = new XrdOfsTPCJob(myURL, Args.Usr->tident,
649  Args.Lfn, Args.Pfn, tpcCks, lfnLoc,
650  tpcSpr, tpcTpr)))
651  return Death(Args, "insufficient memory", ENOMEM);
652 
653 // Set credentials for the job if we need to
654 //
655  if (enVar && Args.Usr->credslen > 0)
656  myTPC->Info.SetCreds(enVar, Args.Usr->creds, Args.Usr->credslen);
657 
658 // Setup reproxing if this is required
659 //
660  if (Cfg.rPath)
661  {int inst = rpInst++;
662  char rpBuff[1024];
663  snprintf(rpBuff, sizeof(rpBuff), Cfg.rPath, inst);
664  myTPC->Info.SetRPath(rpBuff);
665  Args.Env->Put("tpc.reproxy", rpBuff);
666  }
667 
668 // Set number of streams to use
669 //
670  if (sVal > 0) myTPC->Info.SetStreams(sVal);
671 
672 // All done
673 //
674  myTPC->Info.isDest();
675  *theTPC = (XrdOfsTPC *)myTPC;
676  return SFS_OK;
677 }
678 
679 /******************************************************************************/
680 /* Private: V e r i f y */
681 /******************************************************************************/
682 
683 char *XrdOfsTPC::Verify(const char *Who, const char *Name,
684  char *Buf, int Blen)
685 {
686  XrdNetAddr vAddr;
687  const char *etext, *Host;
688 
689 // Obtain full host name and return it if successful
690 //
691  if (!(etext = vAddr.Set(Name,0)) && (Host = vAddr.Name(0, &etext)))
692  return strdup(Host);
693 
694 // Generate error
695 //
696  snprintf(Buf, Blen, "unable to verify %s %s (%s)", Who, Name, etext);
697  Buf[Blen-1] = 0;
698  return 0;
699 }
@ AOP_Read
open() r/o, prepare()
void Fatal(const char *op, const char *target)
Definition: XrdCrc32c.cc:58
XrdOss * XrdOfsOss
Definition: XrdOfs.cc:163
XrdSysTrace OfsTrace
XrdOfsStats OfsStats
Definition: XrdOfs.cc:113
XrdSysError OfsEroute
#define XrdSecPROTOIDSIZE
Definition: XrdSecEntity.hh:47
XrdOucString Path
#define eMsg(x)
#define SFS_ERROR
#define SFS_OK
size_t strlcpy(char *dst, const char *src, size_t sz)
const char * Name(const char *eName=0, const char **eText=0)
const char * Set(const char *hSpec, int pNum=PortInSpec)
Definition: XrdNetAddr.cc:216
struct XrdOfsStats::StatsData Data
void Add(int &Cntr)
Definition: XrdOfsStats.hh:62
XrdOucNList * theHN
Definition: XrdOfsTPC.cc:104
XrdOfsTPCAllow * Next
Definition: XrdOfsTPC.cc:101
XrdOfsTPCAllow(char *vDN, char *vGN, char *vHN, char *vVO, XrdOfsTPCAllow *Prev)
Definition: XrdOfsTPC.cc:109
int Match(const XrdSecEntity *Who, const char *Host)
Definition: XrdOfsTPC.cc:122
static int Get(Facts &Args, XrdOfsTPCAuth **theTPC)
int Add(Facts &Args)
static int RunTTL(int Init)
void SetRPath(const char *rpath)
void SetStreams(char sval)
void SetCreds(const char *evar, const char *creds, int crdsz)
static int Init()
static int Authorize(XrdOfsTPC **theTPC, Facts &Args, int isPLE=0)
Definition: XrdOfsTPC.cc:221
static int Restrict(const char *Path)
Definition: XrdOfsTPC.cc:465
static XrdOucTList * AuthOrg
Definition: XrdOfsTPC.hh:123
static const char * AddAuth(const char *auth, const char *avar)
Definition: XrdOfsTPC.cc:164
static char * Verify(const char *Who, const char *Name, char *Buf, int Blen)
Definition: XrdOfsTPC.cc:683
static int getTTL(XrdOucEnv *Env)
Definition: XrdOfsTPC.cc:396
static XrdAccAuthorize * fsAuth
Definition: XrdOfsTPC.hh:120
static void Init()
Definition: XrdOfsTPC.cc:414
static int Fatal(Facts &Args, const char *eMsg, int eCode, int nomsg=0)
Definition: XrdOfsTPC.cc:334
static int Start()
Definition: XrdOfsTPC.cc:520
static int Death(Facts &Args, const char *eMsg, int eCode, int nomsg=0)
Definition: XrdOfsTPC.cc:319
static void Require(const char *Auth, int RType)
Definition: XrdOfsTPC.cc:445
XrdOfsTPCInfo Info
Definition: XrdOfsTPC.hh:109
static void Allow(char *vDN, char *vGN, char *vHN, char *vVO)
Definition: XrdOfsTPC.cc:209
static XrdOfsTPCAllow * ALList
Definition: XrdOfsTPC.hh:126
static int Validate(XrdOfsTPC **theTPC, Facts &Args)
Definition: XrdOfsTPC.cc:550
static char * cPath
Definition: XrdOfsTPC.hh:124
static XrdOucTList * AuthDst
Definition: XrdOfsTPC.hh:122
static int Screen(Facts &Args, XrdOucTList *tP, int wasEnc=0)
Definition: XrdOfsTPC.cc:497
static XrdOucPListAnchor * RPList
Definition: XrdOfsTPC.hh:127
static int genOrg(const XrdSecEntity *client, char *Buff, int Blen)
Definition: XrdOfsTPC.cc:359
virtual int Unlink(const char *path, int Opts=0, XrdOucEnv *envP=0)=0
static int Export(const char *Var, const char *Val)
Definition: XrdOucEnv.cc:188
char * Get(const char *varname)
Definition: XrdOucEnv.hh:69
void Put(const char *varname, const char *value)
Definition: XrdOucEnv.hh:85
int setErrInfo(int code, const char *emsg)
const char * getErrUser()
XrdOucTList * next
Definition: XrdOucTList.hh:45
char * text
Definition: XrdOucTList.hh:46
static const char * tpcSpr
Definition: XrdOucTPC.hh:63
static const char * tpcDst
Definition: XrdOucTPC.hh:57
static const char * tpcTpr
Definition: XrdOucTPC.hh:66
static const char * tpcLfn
Definition: XrdOucTPC.hh:59
static int copyCGI(const char *cgi, char *Buff, int Blen)
Definition: XrdOucTPC.cc:233
static const char * tpcDlg
Definition: XrdOucTPC.hh:56
static const char * tpcSrc
Definition: XrdOucTPC.hh:64
static const char * tpcOrg
Definition: XrdOucTPC.hh:60
static const char * cgiD2Src(const char *cKey, const char *cOrg, char *Buff, int Blen)
Definition: XrdOucTPC.cc:168
static const char * tpcSgi
Definition: XrdOucTPC.hh:62
static const char * tpcTtl
Definition: XrdOucTPC.hh:67
static const char * tpcCks
Definition: XrdOucTPC.hh:55
static const char * tpcStr
Definition: XrdOucTPC.hh:65
char * vorg
Entity's virtual organization(s)
Definition: XrdSecEntity.hh:71
int credslen
Length of the 'creds' data.
Definition: XrdSecEntity.hh:78
XrdNetAddrInfo * addrInfo
Entity's connection details.
Definition: XrdSecEntity.hh:80
const char * tident
Trace identifier always preset.
Definition: XrdSecEntity.hh:81
char prot[XrdSecPROTOIDSIZE]
Auth protocol used (e.g. krb5)
Definition: XrdSecEntity.hh:67
char * creds
Raw entity credentials or cert.
Definition: XrdSecEntity.hh:77
char * grps
Entity's group name(s)
Definition: XrdSecEntity.hh:73
char * name
Entity's name.
Definition: XrdSecEntity.hh:69
char * host
Entity's host name dnr dependent.
Definition: XrdSecEntity.hh:70
int Emsg(const char *esfx, int ecode, const char *text1, const char *text2=0)
Definition: XrdSysError.cc:95
XrdDigAuth Auth
Definition: XrdDigAuth.cc:63
static const int fcMax
Definition: XrdOfsTPC.cc:70
const char * gsiPKH
Definition: XrdOfsTPC.cc:78
struct XrdOfsTPCParms::fcTb fcAuth[fcMax]
XrdXrootdTpcMon * tpcMon
Definition: XrdOfsTPC.cc:84
char aProt[XrdSecPROTOIDSIZE]
Definition: XrdOfsTPC.cc:73
XrdOfsTPCConfig Cfg
Definition: XrdOfsTPC.cc:85
const XrdSecEntity * Usr
Definition: XrdOfsTPC.hh:57
const char * Key
Definition: XrdOfsTPC.hh:52
XrdOucEnv * Env
Definition: XrdOfsTPC.hh:59
const char * Pfn
Definition: XrdOfsTPC.hh:54
const char * Org
Definition: XrdOfsTPC.hh:55
const char * Lfn
Definition: XrdOfsTPC.hh:53
XrdOucErrInfo * eRR
Definition: XrdOfsTPC.hh:58
const char * Dst
Definition: XrdOfsTPC.hh:56