XRootD
XrdOucGMap Class Reference

#include <XrdOucGMap.hh>

+ Collaboration diagram for XrdOucGMap:

Public Member Functions

 XrdOucGMap (XrdOucGMapArgs)
 
virtual ~XrdOucGMap ()
 Destructor. More...
 
virtual int dn2user (const char *dn, char *user, int ulen, time_t now=0)
 
bool isValid () const
 Validity checker. More...
 

Detailed Description

Definition at line 48 of file XrdOucGMap.hh.

Constructor & Destructor Documentation

◆ XrdOucGMap()

XrdOucGMap::XrdOucGMap ( XrdOucGMapArgs  )

Definition at line 103 of file XrdOucGMap.cc.

104  : valid(0), mf_mtime(-1), notafter(-1), timeout(600), elogger(eDest), tracer(0), dbg(0)
105 {
106  // Set tracer
107  //
108  tracer = new XrdOucTrace(eDest);
109 
110  // Parse parameters, if any
111  //
112  XrdOucString pp(parms), p;
113  if (pp.length() > 0) {
114  int from = 0;
115  while ((from = pp.tokenize(p, from, '|')) != -1) {
116  // Debug
117  if (p == "debug" || p == "dbg") {
118  dbg = 1;
119  } else if (p.beginswith("to=")) {
120  p.erasefromstart(3);
121  if (p.isdigit()) {
122  timeout = p.atoi();
123  } else {
124  PRINT(tracer, "OucGMap", "timeout value badly formatted ("<<p<<"); ignoring");
125  }
126  }
127  }
128  }
129 
130  // Set notafter is timeout is active
131  //
132  if (timeout > 0) notafter = time(0) + (time_t) timeout;
133 
134  // Set the file name
135  //
136  mf_name = mapfn;
137  if (mf_name.length() <= 0) {
138  mf_name = getenv("GRIDMAP");
139  if (mf_name.length() <= 0)
140  mf_name = "/etc/grid-security/grid-mapfile";
141  }
142  // Check if it can be read
143  //
144  if (access(mf_name.c_str(), R_OK) != 0) {
145  PRINT(tracer, "OucGMap", "cannot access grid map file '"<< mf_name
146  <<"' in read mode; " <<XrdSysE2T(errno));
147  return;
148  }
149 
150  // Load the file
151  //
152  if (load(mf_name.c_str()) != 0) {
153  PRINT(tracer, "OucGMap", "unable to load file "<<mf_name<<" - aborting");
154  return;
155  }
156 
157  // Done
158  valid = 1;
159 }
static XrdSysError eDest(0,"crypto_")
#define PRINT(t, n, y)
Definition: XrdOucGMap.cc:60
int access(const char *path, int amode)
const char * XrdSysE2T(int errcode)
Definition: XrdSysE2T.cc:104
const char * c_str() const
int erasefromstart(int sz=0)
bool beginswith(char c)
int length() const
bool isdigit(int from=0, int to=-1)
long atoi(int from=0, int to=-1)

References access(), XrdOucString::atoi(), XrdOucString::beginswith(), XrdOucString::c_str(), eDest, XrdOucString::erasefromstart(), XrdOucString::isdigit(), XrdOucString::length(), PRINT, and XrdSysE2T().

+ Here is the call graph for this function:

◆ ~XrdOucGMap()

virtual XrdOucGMap::~XrdOucGMap ( )
inlinevirtual

Destructor.

Definition at line 98 of file XrdOucGMap.hh.

98 {}

Member Function Documentation

◆ dn2user()

int XrdOucGMap::dn2user ( const char *  dn,
char *  user,
int  ulen,
time_t  now = 0 
)
virtual

Map a distinguished name (dn) to a user name.

Parameters
dn-> Distinguished name.
user-> Buffer where the user name is to be placed. It must end with a null byte.
ulen-> The length of the 'user' buffer.
now-> Current time (result of time(0)) or 0 if not available.
Returns
Success: Zero. Failure: An errno number describing the failure; typically -EFAULT - No valid matching found. -errno - If problems reloading the file

Definition at line 292 of file XrdOucGMap.cc.

293 {
294 
295  int rc = -1;
296  // Reset output
297  //
298  if (user && ulen > 0) {
299  memset(user, '\0', ulen);
300  } else {
301  PRINT(tracer, "OucGMap::dn2user",
302  "buffer for the user name is undefined or has undefined length");
303  return -(int)EINVAL;
304  }
305 
306  // Check if we need to reload the information
307  //
308  if (notafter > 0) {
309  if (now <= 0) now = time(0);
310  if (notafter < now) {
311  // Reload the file
312  if (load(mf_name.c_str()) != 0) {
313  PRINT(tracer, "OucGMap::dn2user",
314  "problems loading file "<<mf_name);
315  return -(int)errno;
316  }
317  if (timeout > 0) notafter = now + (time_t) timeout;
318  }
319  }
320 
321  // A shared lock is enough
322  xsl.Lock(xs_Shared);
323 
324  // Search
325  //
326  XrdSecGMapEntry_t *mc = 0;
327  // Try the full match first
328  //
329  if ((mc = mappings.Find(dn))) {
330  // Save the associated user
331  int ul = mc->user.length();
332  strncpy(user, mc->user.c_str(), ul);
333  user[ul] = 0;
334  rc = 0;
335  } else {
336  // Else scan the available mappings
337  //
338  mc = new XrdSecGMapEntry_t(dn, "", kFull);
339  mappings.Apply(FindMatchingCondition, (void *)mc);
340  if (mc->user.length() > 0) {
341  int ul = mc->user.length();
342  strncpy(user, mc->user.c_str(), ul);
343  user[ul] = 0;
344  rc = 0;
345  }
346  if (mc) delete mc;
347  }
348  if (rc == 0) {
349  DEBUG(dbg, tracer, "XrdOucGMap::dn2user", "mapping DN '"<<dn<<"' to '"<<user<<"'");
350  } else {
351  DEBUG(dbg, tracer, "XrdOucGMap::dn2user", "no valid match found for DN '"<<dn<<"'");
352  rc = -(int)EFAULT;
353  }
354 
355  // Done
356  xsl.UnLock();
357  return rc;
358 }
#define DEBUG(d, t, n, y)
Definition: XrdOucGMap.cc:61
@ kFull
Definition: XrdOucGMap.cc:54
static int FindMatchingCondition(const char *, XrdSecGMapEntry_t *mc, void *xmp)
Definition: XrdOucGMap.cc:64
@ xs_Shared
Definition: XrdSysXSLock.hh:38
T * Apply(int(*func)(const char *, T *, void *), void *Arg)
Definition: XrdOucHash.icc:102
T * Find(const char *KeyVal, time_t *KeyTime=0)
Definition: XrdOucHash.icc:160
XrdOucString user
Definition: XrdOucGMap.hh:44
void Lock(const XrdSysXS_Type usage)
Definition: XrdSysXSLock.cc:55
void UnLock(const XrdSysXS_Type usage=xs_None)
Definition: XrdSysXSLock.cc:95

References XrdOucHash< T >::Apply(), XrdOucString::c_str(), DEBUG, XrdOucHash< T >::Find(), FindMatchingCondition(), kFull, XrdOucString::length(), XrdSysXSLock::Lock(), PRINT, XrdSysXSLock::UnLock(), XrdSecGMapEntry_t::user, and xs_Shared.

+ Here is the call graph for this function:

◆ isValid()

bool XrdOucGMap::isValid ( ) const
inline

Validity checker.

Definition at line 104 of file XrdOucGMap.hh.

104 { return valid; }

Referenced by XrdOucgetGMap().

+ Here is the caller graph for this function:

The documentation for this class was generated from the following files: