37 #include <sys/param.h>
53 #define TS_Xeq(x,m) if (!strcmp(x,var)) return m(Config);
74 const char eVec[] =
"nhorg";
95 time_t tNow = time(0);
103 if ((rc =
stat(authFN, &
Stat)) && errno != ENOENT)
104 {
eDest->
Emsg(
"Config",errno,
"stat dig auth file", authFN);
107 if (rc) {
if (authList) {
if (!
Refresh()) authCHK = tNow + 30;}
108 else authCHK = tNow + 60;
110 else if (authTOD ==
Stat.st_mtime) authCHK = tNow + 5;
111 else if (!
Refresh()) authCHK = tNow + 30;
121 if (!authList)
return false;
131 {
do {
if (strcmp(client->
prot, aP->
prot))
break;
176 {
eDest->
Emsg(
"Config",
"Dig authorization file not specified.");
182 authFN = strdup(aFN);
191 bool XrdDigAuth::Failure(
int lNum,
const char *txt1,
const char *txt2)
195 sprintf(buff,
"Error in dig authfile line %d:", lNum);
204 bool XrdDigAuth::OkGrp(
const char *glist,
const char *gname)
207 int glen = strlen(gname);
211 do {
if (!(ghit = strstr(glist, gname)))
return false;
213 if (!(*ghit) || *ghit ==
' ')
return true;
228 ~aEntHelper() {
if (eP)
delete eP;}
230 static const char *eCode;
232 char *var, *rec, *bP = buff;
233 int k, n, bLeft =
sizeof(buff);
234 bool aOK =
false, tfVal;
238 while((var = aFile.
GetToken()) && *var)
239 {
if (!strcmp(var,
"all"))
241 aEnt.eP->
accOK[k] =
true;
242 aOK =
true;
continue;
244 else if (!strcmp(var,
"allow"))
break;
245 else{
if (*var ==
'-') {tfVal =
false; var++;}
249 if (!strcmp(var, aTab[n].aTok))
250 {aEnt.eP->accOK[aTab[n].aRef] = tfVal; aOK =
true;
break;}
253 return Failure(lNum,
"Invalid token -", var);
260 if (!aOK)
return Failure(lNum,
"Information type not specified.");
264 if (!(var = aFile.
GetToken()) || !(*var))
265 return Failure(lNum,
"Auth protocol not specified.");
269 if (strlen(var) >=
sizeof(aEnt.eP->prot))
270 return Failure(lNum,
"Invalid auth protocol -", var);
271 strcpy(aEnt.eP->prot, var);
276 while((var = aFile.
GetToken()) && *var)
277 {
if (!(eCode = index(eVec, *var)))
278 return Failure(lNum,
"Invalid entity type -", var);
279 if (*(var+1) !=
'=' || !*(var+2))
280 return Failure(lNum,
"Badly formed entity value in", var);
281 n = snprintf(bP, bLeft,
"%s", var+2);
282 if (n < 0 || n >= bLeft)
break;
285 if ((var = index(bP,
'\\'))) Squash(var);
286 aEnt.eP->eChk[eCode-eVec] = bP; bP += n;
292 if (bLeft <= 0)
return Failure(lNum,
"Too many auth values.");
296 if (!aOK)
return Failure(lNum,
"No entity values specified.");
302 if (aEnt.eP->accOK[n]) accOK[n] = aOK =
true;
303 if(!aOK)
return Failure(lNum,
"Entity has no effective access.");
307 if (!(rec = (
char *)malloc(bP-buff)))
308 return Failure(lNum,
"Insufficient memory.");
309 memcpy(rec, buff, bP-buff);
315 {
if (aEnt.eP->eChk[k])
316 aEnt.eP->eChk[k] = rec + (aEnt.eP->eChk[k] - buff);
321 aEnt.eP->next = authList;
331 bool XrdDigAuth::Refresh()
337 while((aP = nP)) {nP = aP->
next;
delete aP;}
342 return SetupAuth(
true);
349 bool XrdDigAuth::SetupAuth(
bool isRefresh)
354 int authFD, retc, lNum = 1;
359 memset(accOK, 0,
sizeof(accOK));
363 eDest->
Say(
"++++++ Dig ", (isRefresh ?
"refreshing" :
"initializing"),
368 if ( (authFD =
open(authFN, O_RDONLY, 0)) < 0)
369 {NoGo = errno != ENOENT;
371 return SetupAuth(isRefresh, !NoGo);
373 aFile.
Attach(authFD, 4096);
380 return SetupAuth(isRefresh,
false);
382 authTOD =
Stat.st_mtime;
386 while((line = aFile.
GetLine()))
387 {
if (*line && *line !=
'#') NoGo |= !Parse(aFile, lNum);
401 return SetupAuth(isRefresh, !NoGo);
406 bool XrdDigAuth::SetupAuth(
bool isRefresh,
bool aOK)
411 if (!authList)
eDest->
Say(
"Config ",
"No users authorized to access digFS; "
412 "access suspended.");
416 eDest->
Say(
"------ Dig auth ", (isRefresh ?
"refresh" :
"initialization"),
417 (aOK ?
" succeeded." :
" encountered errors."));
426 void XrdDigAuth::Squash(
char *bP)
431 do {
if (*(bP+1) ==
's') {*bP =
' '; strcpy(bP+1, bP+2);}
432 }
while((bP = index(bP+1,
'\\')));
int stat(const char *path, struct stat *buf)
int open(const char *path, int oflag,...)
int fstat(int fildes, struct stat *buf)
const char * XrdSysE2T(int errcode)
char prot[XrdSecPROTOIDSIZE]
bool Authorize(const XrdSecEntity *client, XrdDigAuthEnt::aType aType, bool aVec[XrdDigAuthEnt::aNum]=0)
bool Configure(const char *aFN)
const char * Name(const char *eName=0, const char **eText=0)
int Attach(int FileDescriptor, int bsz=2047)
char * GetToken(int lowcase=0)
char * vorg
Entity's virtual organization(s)
XrdNetAddrInfo * addrInfo
Entity's connection details.
char prot[XrdSecPROTOIDSIZE]
Auth protocol used (e.g. krb5)
char * grps
Entity's group name(s)
char * name
Entity's name.
char * role
Entity's role(s)
int Emsg(const char *esfx, int ecode, const char *text1, const char *text2=0)
void Say(const char *text1, const char *text2=0, const char *txt3=0, const char *text4=0, const char *text5=0, const char *txt6=0)
void * Refresh(void *parg)