XRootD
XrdSecProtocolztn.cc File Reference
#include <cctype>
#include <cerrno>
#include <fcntl.h>
#include <cinttypes>
#include <iostream>
#include <cstdint>
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <ctime>
#include <vector>
#include <alloca.h>
#include <arpa/inet.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/uio.h>
#include <strings.h>
#include <unistd.h>
#include "XrdVersion.hh"
#include "XrdNet/XrdNetAddrInfo.hh"
#include "XrdOuc/XrdOucEnv.hh"
#include "XrdOuc/XrdOucErrInfo.hh"
#include "XrdOuc/XrdOucPinLoader.hh"
#include "XrdOuc/XrdOucString.hh"
#include "XrdOuc/XrdOucTokenizer.hh"
#include "XrdSciTokens/XrdSciTokensHelper.hh"
#include "XrdSys/XrdSysE2T.hh"
#include "XrdSys/XrdSysHeaders.hh"
#include "XrdSec/XrdSecInterface.hh"
+ Include dependency graph for XrdSecProtocolztn.cc:

Go to the source code of this file.

Classes

class  XrdSecProtocolztn
 

Namespaces

 XrdSecztn
 

Macros

#define __STDC_FORMAT_MACROS   1
 
#define EAUTH   EBADE
 

Functions

bool XrdSecztn::isJWT (const char *)
 
char * XrdSecProtocolztnInit (const char mode, const char *parms, XrdOucErrInfo *erp)
 
XrdSecProtocolXrdSecProtocolztnObject (const char mode, const char *hostname, XrdNetAddrInfo &endPoint, const char *parms, XrdOucErrInfo *erp)
 
 XrdVERSIONINFO (XrdSecProtocolztnObject, secztn)
 

Macro Definition Documentation

◆ __STDC_FORMAT_MACROS

#define __STDC_FORMAT_MACROS   1

Definition at line 31 of file XrdSecProtocolztn.cc.

◆ EAUTH

#define EAUTH   EBADE

Definition at line 70 of file XrdSecProtocolztn.cc.

Function Documentation

◆ XrdSecProtocolztnInit()

char* XrdSecProtocolztnInit ( const char  mode,
const char *  parms,
XrdOucErrInfo erp 
)

Definition at line 704 of file XrdSecProtocolztn.cc.

707 {
708  static char nilstr = 0;
709  XrdOucString accPlugin("libXrdAccSciTokens.so");
711 
712 // This only makes sense for server initialization
713 //
714  if (mode == 'c') return &nilstr;
715 
716 // If there are no parameters, return the defaults
717 //
718  if (!parms || !(*parms))
719  {char buff[256];
720  if (!getLinkage(erp, accPlugin.c_str())) return 0;
721  snprintf(buff, sizeof(buff), "TLS:%" PRIu64 ":%d:", opts, MaxTokSize);
722  return strdup(buff);
723  }
724 
725 // Copy the parameters as we will need modify them
726 //
727  std::vector<XrdOucString> useVec;
728  XrdOucString cfgParms(parms);
729  XrdOucTokenizer cfg(const_cast<char *>(cfgParms.c_str()));
730  char *endP, *val;
731 
732 // Setup to parse parameters
733 //
734  cfg.GetLine();
735 
736 // Parse the parameters: -expiry {none|optional|required} -maxsz <num>
737 // -tokenlib <libpath>
738 //
739  while((val = cfg.GetToken()))
740  { if (!strcmp(val, "-maxsz"))
741  {if (!(val = cfg.GetToken()))
742  {Fatal(erp, "-maxsz argument missing", EINVAL);
743  return 0;
744  }
745  MaxTokSize = strtol(val, &endP, 10);
746  if (*endP == 'k' || *endP == 'K')
747  {MaxTokSize *= 1024; endP++;}
748  if (MaxTokSize <= 0 || MaxTokSize > 524288 || *endP)
749  {Fatal(erp, "-maxsz argument is invalid", EINVAL);
750  return 0;
751  }
752  }
753  else if (!strcmp(val, "-expiry"))
754  {if (!(val = cfg.GetToken()))
755  {Fatal(erp, "-expiry argument missing", EINVAL);
756  return 0;
757  }
758  if (strcmp(val, "ignore")) expiry = 0;
759  else if (strcmp(val, "optional")) expiry = -1;
760  else if (strcmp(val, "required")) expiry = 1;
761  else {Fatal(erp, "-expiry argument invalid", EINVAL);
762  return 0;
763  }
764  }
765 
766  else if (!strcmp(val, "-tokenlib"))
767  {if (!(val = cfg.GetToken()))
768  {Fatal(erp, "-acclib plugin path missing", EINVAL);
769  return 0;
770  }
771  if (strcmp(val,"none"))
772  {accPlugin = val;
773  }
774  else
775  {tokenlib = false;
776  }
777  }
778 
779  else {XrdOucString eTxt("Invalid parameter - "); eTxt += val;
780  Fatal(erp, eTxt.c_str(), EINVAL);
781  return 0;
782  }
783  }
784 
785 // We rely on the token authorization plugin to validate tokens unless
786 // it is disabled using '-tokenlib none'. If active load it to
787 // get the validation object pointer. This will be filled in later but we
788 // want to know that it's actually present.
789 //
790  if (tokenlib && !getLinkage(erp, accPlugin.c_str())) return 0;
791 
792 // Assemble the parameter line and return it
793 //
794  char buff[256];
795  snprintf(buff, sizeof(buff), "TLS:%" PRIu64 ":%d:", opts, MaxTokSize);
796  return strdup(buff);
797 }
void Fatal(const char *op, const char *target)
Definition: XrdCrc32c.cc:58
struct myOpts opts
static const int ztnVersion

References XrdOucString::c_str(), Fatal(), XrdOucTokenizer::GetLine(), XrdOucTokenizer::GetToken(), opts, and XrdSecProtocolztn::ztnVersion.

+ Here is the call graph for this function:

◆ XrdSecProtocolztnObject()

XrdSecProtocol* XrdSecProtocolztnObject ( const char  mode,
const char *  hostname,
XrdNetAddrInfo endPoint,
const char *  parms,
XrdOucErrInfo erp 
)

Definition at line 806 of file XrdSecProtocolztn.cc.

811 {
812  XrdSecProtocolztn *protP;
813 
814 // Whether this is a client of server, the connection must be using TLS.
815 //
816  if (!endPoint.isUsingTLS())
817  {Fatal(erp,"security protocol 'ztn' disallowed for non-TLS connections.",
818  ENOTSUP, false);
819  return 0;
820  }
821 
822 // Get a protocol object appropriate for the mode
823 //
824  if (mode == 'c')
825  {bool aOK;
826  protP = new XrdSecProtocolztn(parms, erp, aOK);
827  if (aOK) return protP;
828  delete protP;
829  return 0;
830  }
831 
832  XrdSciTokensHelper *sthP= nullptr;
833  if (tokenlib)
834  {
835 // In server mode we need to make sure the token plugin was actually
836 // loaded and initialized as we need a pointer to the helper.
837 //
838  sthP= *sth_Linkage;
839  if (!sthP)
840  {char msg[1024];
841  snprintf(msg,sizeof(msg),"ztn required plugin (%s) has not been loaded!",
842  sth_piName);
843  Fatal(erp, msg, EIDRM,false);
844  return 0;
845  }
846  }
847 
848 // Get an authentication object and return it
849 //
850  if (!(protP = new XrdSecProtocolztn(hostname, endPoint, sthP)))
851  Fatal(erp, "insufficient memory for protocol.", ENOMEM, false);
852 
853 // All done
854 //
855  return protP;
856 }

References Fatal(), and XrdNetAddrInfo::isUsingTLS().

+ Here is the call graph for this function:

◆ XrdVERSIONINFO()

XrdVERSIONINFO ( XrdSecProtocolztnObject  ,
secztn   
)