XRootD
XrdNetSecurity Class Reference

#include <XrdNetSecurity.hh>

+ Collaboration diagram for XrdNetSecurity:

Public Member Functions

 XrdNetSecurity ()
 
 ~XrdNetSecurity ()
 
void AddHost (char *hname)
 
void AddNetGroup (char *hname)
 
bool Authorize (const char *hSpec)
 
bool Authorize (XrdNetAddr &addr)
 
void Merge (XrdNetSecurity *srcp)
 
void Trace (XrdSysTrace *et=0)
 

Detailed Description

Definition at line 43 of file XrdNetSecurity.hh.

Constructor & Destructor Documentation

◆ XrdNetSecurity()

XrdNetSecurity::XrdNetSecurity ( )
inline

Definition at line 59 of file XrdNetSecurity.hh.

59  : NetGroups(0), eTrace(0),
60  chkNetLst(false), chkNetGrp(false) {}

◆ ~XrdNetSecurity()

XrdNetSecurity::~XrdNetSecurity ( )
inline

Definition at line 61 of file XrdNetSecurity.hh.

61 {}

Member Function Documentation

◆ AddHost()

void XrdNetSecurity::AddHost ( char *  hname)

Definition at line 90 of file XrdNetSecurity.cc.

91 {
92 
93 // If this has no asterisks, then we can add it as is. Otherwise, add it to
94 // the name pattern list.
95 //
96  if (!index(hname, '*') && addHIP(hname)) return;
97 
98 // Add it to the pattern list
99 //
100  XrdOucNList *nlp = new XrdOucNList(hname);
101  HostList.Insert(nlp);
102  chkNetLst = true;
103 
104 // Echo this back if debugging
105 //
106  DEBUG(hname <<" (" <<hname <<") added to authorized hosts.");
107 }
#define DEBUG(x)
void Insert(XrdOucNList *newitem)
Definition: XrdOucNList.hh:102

References DEBUG, and XrdOucNList_Anchor::Insert().

+ Here is the call graph for this function:

◆ AddNetGroup()

void XrdNetSecurity::AddNetGroup ( char *  hname)

Definition at line 113 of file XrdNetSecurity.cc.

114 {
115  XrdNetTextList *tlp = new XrdNetTextList(gname);
116 
117 // Add netgroup to list of valid ones
118 //
119  tlp->next = NetGroups;
120  NetGroups = tlp;
121  chkNetGrp = true;
122 
123 // All done
124 //
125  DEBUG(gname <<" added to authorized netgroups.");
126 }
XrdNetTextList * next

References DEBUG, and XrdNetTextList::next.

◆ Authorize() [1/2]

bool XrdNetSecurity::Authorize ( const char *  hSpec)

Definition at line 132 of file XrdNetSecurity.cc.

133 {
134  XrdNetAddr theAddr;
135 
136 // Convert the specification to a host address and validate it
137 //
138  if (theAddr.Set(hSpec, -1094)) return false;
139 
140 // Now authorize what we have
141 //
142  return Authorize(theAddr);
143 }
const char * Set(const char *hSpec, int pNum=PortInSpec)
Definition: XrdNetAddr.cc:216
bool Authorize(const char *hSpec)

References XrdNetAddr::Set().

Referenced by XrdInet::Accept().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Authorize() [2/2]

bool XrdNetSecurity::Authorize ( XrdNetAddr addr)

Definition at line 147 of file XrdNetSecurity.cc.

148 {
149  static const int fmtOpts = XrdNetAddr::old6Map4 | XrdNetAddr::noPort;
150  const char *hName;
151  char ipAddr[64];
152  XrdNetTextList *tlp;
153 
154 // Convert IP address to characters
155 //
156  if (!addr.Format(ipAddr, sizeof(ipAddr), XrdNetAddr::fmtAdv6, fmtOpts))
157  return false;
158 
159 // Check if we have seen this host before
160 //
161  okHMutex.Lock();
162  if (OKHosts.Find(ipAddr)) {okHMutex.UnLock(); return true;}
163 
164 // Get the hostname for this IP address
165 //
166  if (!chkNetLst && !chkNetGrp) {okHMutex.UnLock(); return false;}
167  if (!(hName = addr.Name())) hName = ipAddr;
168 
169 // Check if this host is in the the appropriate netgroup, if any
170 //
171  if ((tlp = NetGroups))
172  do {if (innetgr(tlp->text, hName, 0, 0))
173  return hostOK(hName, ipAddr, "netgroup");
174  } while ((tlp = tlp->next));
175 
176 // Plow through the specific host list to see if the host
177 //
178  if (chkNetLst && HostList.Find(hName))
179  return hostOK(hName, ipAddr, "host");
180 
181 // Host is not authorized
182 //
183  okHMutex.UnLock();
184  DEBUG(hName <<" not authorized");
185  return false;
186 }
static const int noPort
Do not add port number.
static const int old6Map4
Use deprecated IPV6 mapped format.
int Format(char *bAddr, int bLen, fmtUse fmtType=fmtAuto, int fmtOpts=0)
const char * Name(const char *eName=0, const char **eText=0)
T * Find(const char *KeyVal, time_t *KeyTime=0)
Definition: XrdOucHash.icc:160
XrdOucNList * Find(const char *name)
Definition: XrdOucNList.hh:89

References DEBUG, XrdOucHash< T >::Find(), XrdOucNList_Anchor::Find(), XrdNetAddrInfo::fmtAdv6, XrdNetAddrInfo::Format(), XrdSysMutex::Lock(), XrdNetAddrInfo::Name(), XrdNetTextList::next, XrdNetAddrInfo::noPort, XrdNetAddrInfo::old6Map4, XrdNetTextList::text, and XrdSysMutex::UnLock().

+ Here is the call graph for this function:

◆ Merge()

void XrdNetSecurity::Merge ( XrdNetSecurity srcp)

Definition at line 192 of file XrdNetSecurity.cc.

193 {
194  XrdOucNList *np;
195  XrdNetTextList *sp, *tp;
196 
197 // First merge in all of the host entries
198 //
199  while((np = srcp->HostList.Pop())) HostList.Replace(np);
200 
201 // Next merge the netgroup list
202 //
203  while((sp = srcp->NetGroups))
204  {tp = NetGroups; srcp->NetGroups = sp->next;
205  while(tp) if (!strcmp(tp->text, sp->text)) break;
206  else tp = tp->next;
207  if (tp) delete sp;
208  else {sp->next = NetGroups;
209  NetGroups = sp;
210  }
211  }
212 
213 // Delete the remnants of the source object
214 //
215  delete srcp;
216 }
XrdOucNList * Pop()
Definition: XrdOucNList.hh:110
void Replace(const char *name, int nval)
Definition: XrdOucNList.cc:110

References XrdNetTextList::next, XrdOucNList_Anchor::Pop(), XrdOucNList_Anchor::Replace(), and XrdNetTextList::text.

Referenced by XrdInet::Secure(), and XrdNet::Secure().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Trace()

void XrdNetSecurity::Trace ( XrdSysTrace et = 0)
inline

Definition at line 57 of file XrdNetSecurity.hh.

57 {eTrace = et;}

The documentation for this class was generated from the following files: