5 #include <openssl/bio.h>
6 #include <openssl/evp.h>
19 char *val = config_obj.
GetWord();
22 log->
Emsg(
"Config",
"macaroons.onmissing requires a value (valid values: passthrough [default], allow, deny)");
25 if (!strcasecmp(val,
"passthrough")) {
26 behavior = Handler::AuthzBehavior::PASSTHROUGH;
27 }
else if (!strcasecmp(val,
"allow")) {
28 behavior = Handler::AuthzBehavior::ALLOW;
29 }
else if (!strcasecmp(val,
"deny")) {
30 behavior = Handler::AuthzBehavior::DENY;
33 log->
Emsg(
"Config",
"macaroons.onmissing is invalid (valid values: passthrough [default], allow, deny)! Provided value:", val);
40 std::string &location, std::string &secret, ssize_t &max_duration,
43 XrdOucStream config_obj(log, getenv(
"XRDINSTANCE"), env,
"=====> ");
48 if ((cfg_fd =
open(config, O_RDONLY, 0)) < 0) {
49 return log->
Emsg(
"Config", errno,
"open config file", config);
52 static const char *cvec[] = {
"*** macaroons plugin config:", 0 };
59 max_duration = 24*3600;
64 bool success =
true, ismine;
67 if ((ismine = !strncmp(
"all.sitename", var, 12))) var += 4;
68 else if ((ismine = !strncmp(
"macaroons.", var, 10)) && var[10]) var += 10;
72 if (!ismine) {
continue;}
74 if (!strcmp(
"secretkey", var)) {success = xsecretkey(config_obj, log, secret);}
75 else if (!strcmp(
"sitename", var)) {success = xsitename(config_obj, log, location);}
76 else if (!strcmp(
"trace", var)) {success = xtrace(config_obj, log);}
77 else if (!strcmp(
"maxduration", var)) {success = xmaxduration(config_obj, log, max_duration);}
78 else if (!strcmp(
"onmissing", var)) {success =
xonmissing(config_obj, log, behavior);}
80 log->
Say(
"Config warning: ignoring unknown directive '", orig_var,
"'.");
90 if (success && !location.size())
92 log->
Emsg(
"Config",
"all.sitename must be specified to use macaroons.");
102 static struct traceopts {
const char *opname;
enum LogMask opval; } tropts[] = {
110 int i, neg, trval = 0, numopts =
sizeof(tropts)/
sizeof(
struct traceopts);
112 char *val =
Config.GetWord();
115 log->
Emsg(
"Config",
"macaroons.trace requires at least one directive"
116 " [ all | error | warning | info | debug | none | off ]");
120 while (val && *val) {
121 if (strcmp(val,
"off") == 0 || strcmp(val,
"none") == 0) {
124 if ((neg = (val[0] ==
'-' && val[1])))
126 for (i = 0; i < numopts; i++) {
127 if (!strcmp(val, tropts[i].opname)) {
129 trval &= ~tropts[i].opval;
131 trval |= tropts[i].opval;
137 log->
Emsg(
"Config",
"macaroons.trace: ignoring invalid trace option:", val);
149 char *val = config_obj.
GetWord();
152 log->
Emsg(
"Config",
"macaroons.maxduration requires a value");
156 long int max_duration_parsed = strtoll(val, &endptr, 10);
159 log->
Emsg(
"Config",
"Unable to parse macaroons.maxduration as an integer", val);
164 log->
Emsg(
"Config", errno,
"parse macaroons.maxduration as an integer.");
166 max_duration = max_duration_parsed;
173 char *val = config_obj.
GetWord();
176 log->
Emsg(
"Config",
"all.sitename requires a name");
186 char *val = config_obj.
GetWord();
189 log->
Emsg(
"Config",
"Shared secret key not specified");
193 FILE *fp =
fopen(val,
"rb");
196 log->
Emsg(
"Config", errno,
"open shared secret key file", val);
200 BIO *bio, *b64, *bio_out;
204 b64 = BIO_new(BIO_f_base64());
207 log->
Emsg(
"Config",
"Failed to allocate base64 filter");
210 bio = BIO_new_fp(fp, 0);
214 log->
Emsg(
"Config",
"Failed to allocate BIO filter");
217 bio_out = BIO_new(BIO_s_mem());
222 log->
Emsg(
"Config",
"Failed to allocate BIO output");
227 while ((inlen = BIO_read(b64, inbuf, 512)) > 0)
230 if (errno == EINTR)
continue;
233 BIO_write(bio_out, inbuf, inlen);
238 BIO_free_all(bio_out);
239 log->
Emsg(
"Config", errno,
"read secret key.");
242 if (!BIO_flush(bio_out)) {
244 BIO_free_all(bio_out);
245 log->
Emsg(
"Config", errno,
"flush secret key.");
250 long data_len = BIO_get_mem_data(bio_out, &decoded);
253 secret = std::string(decoded, data_len);
255 BIO_free_all(bio_out);
257 if (secret.size() < 32) {
258 log->
Emsg(
"Config",
"Secret key is too short; must be 32 bytes long. Try running 'openssl rand -base64 -out", val,
"64' to generate a new key");
int open(const char *path, int oflag,...)
static bool Config(const char *config, XrdOucEnv *env, XrdSysError *log, std::string &location, std::string &secret, ssize_t &max_duration, AuthzBehavior &behavior)
char * GetMyFirstWord(int lowcase=0)
char * GetWord(int lowcase=0)
int Attach(int FileDescriptor, int bsz=2047)
static void Capture(const char **cVec=0, bool linefeed=true)
int Emsg(const char *esfx, int ecode, const char *text1, const char *text2=0)
void Say(const char *text1, const char *text2=0, const char *txt3=0, const char *text4=0, const char *text5=0, const char *txt6=0)
void setMsgMask(int mask)