XRootD
Loading...
Searching...
No Matches
XrdSecgsiAuthzFunVO.cc File Reference
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <unistd.h>
#include "XrdVersion.hh"
#include "XrdSys/XrdSysHeaders.hh"
#include "XrdSys/XrdSysPthread.hh"
#include "XrdSec/XrdSecEntity.hh"
#include "XrdOuc/XrdOucEnv.hh"
#include "XrdOuc/XrdOucLock.hh"
+ Include dependency graph for XrdSecgsiAuthzFunVO.cc:

Go to the source code of this file.

Macros

#define PRINT(y)
 
#define PROUT(_x_)
 

Functions

int XrdSecgsiAuthzFun (XrdSecEntity &entity)
 
int XrdSecgsiAuthzInit (const char *cfg)
 
int XrdSecgsiAuthzKey (XrdSecEntity &entity, char **key)
 
 XrdVERSIONINFO (XrdSecgsiAuthzFun, secgsiauthz)
 
 XrdVERSIONINFO (XrdSecgsiAuthzInit, secgsiauthz)
 
 XrdVERSIONINFO (XrdSecgsiAuthzKey, secgsiauthz)
 

Macro Definition Documentation

◆ PRINT

#define PRINT ( y)
Value:
if (g_debug) {std::cerr << y << "\n";}

Definition at line 124 of file XrdSecgsiAuthzFunVO.cc.

Referenced by XrdSecgsiAuthzInit(), and XrdSecgsiAuthzKey().

◆ PROUT

#define PROUT ( _x_)
Value:
std::cerr <<inf_pfx <<"entity." #_x_ "='" <<(entity._x_ ? entity._x_ : "") <<"'.\n"

Definition at line 126 of file XrdSecgsiAuthzFunVO.cc.

126#define PROUT(_x_) \
127 std::cerr <<inf_pfx <<"entity." #_x_ "='" <<(entity._x_ ? entity._x_ : "") <<"'.\n"

Referenced by XrdSecgsiAuthzFun().

Function Documentation

◆ XrdSecgsiAuthzFun()

int XrdSecgsiAuthzFun ( XrdSecEntity & entity)

Definition at line 140 of file XrdSecgsiAuthzFunVO.cc.

141{
142 static const char* inf_pfx = "INFO in AuthzFun: ";
143 static XrdSysMutex Mutex;
144 const char *vtxt = "", *etxt = 0;
145 char vbuff[(g_maxvolen+1)*2];
146 int i, n;
147
148// We must have a vo, it must be shorter than 255 bytes, and it must be in our
149// vo list of we have one
150//
151 if (!entity.vorg) etxt = "missing";
152 else if ((n = strlen(entity.vorg)) > g_maxvolen) etxt = "too long";
153 else if (g_valido)
154 {*vbuff = ',';
155 strcpy(vbuff+1, entity.vorg);
156 if (!strstr(g_valido, vbuff))
157 {vtxt = entity.vorg; etxt = " not allowed";}
158 }
159
160// Check if we passed the tests
161//
162 if (etxt)
163 {std::cerr <<"AuthzVO: Invalid cert; vo " <<vtxt <<etxt <<std::endl;
164 return -1;
165 }
166
167// Format group name if so wanted
168//
169 if (g_vo2grp)
170 {snprintf(vbuff, sizeof(vbuff), g_vo2grp, entity.vorg);
171 if (entity.grps) free(entity.grps);
172 entity.grps = strdup(vbuff);
173 }
174
175// Format user name if so wanted
176//
177 if (g_vo2usr)
178 {snprintf(vbuff, sizeof(vbuff), g_vo2usr, entity.vorg);
179 if (entity.name) free(entity.name);
180 entity.name = strdup(vbuff);
181 } else if (g_cn2usr && entity.name && (vtxt=strstr(entity.name,"/CN=")))
182 {char *cP = vbuff;
183 strncpy(vbuff, vtxt+4, g_maxvolen); vbuff[n] = 0;
184 while(*cP) {if (*cP == ' ') *cP = '_'; cP++;}
185 for (i = n-1; i >= 0; i--) {if (*cP == '_') *cP = 0;}
186 if (*vbuff)
187 {if (entity.name) free(entity.name);
188 entity.name = strdup(vbuff);
189 }
190 }
191
192// If debugging then print information. However, get a global mutex to keep
193// from inter-leaving these lines with other threads, as much as possible.
194//
195 if (g_debug)
196 {XrdOucLock lock(&Mutex);
197 PROUT(name); PROUT(host); PROUT(grps); PROUT(vorg); PROUT(role);
198 }
199
200// All done
201//
202 return 0;
203}
#define PROUT(_x_)
char * vorg
Entity's virtual organization(s)
char * grps
Entity's group name(s)
char * name
Entity's name.

References XrdSecEntity::grps, XrdSecEntity::name, PROUT, and XrdSecEntity::vorg.

◆ XrdSecgsiAuthzInit()

int XrdSecgsiAuthzInit ( const char * cfg)

Definition at line 237 of file XrdSecgsiAuthzFunVO.cc.

238{
239 // Return:
240 // -1 on falure
241 // 0 to get credentials in raw form
242 // 1 to get credentials in PEM base64 encoded form
243
244 static const char* inf_pfx = "INFO in AuthzInit: ";
246 char cfgbuff[2048], *sP;
247 int i;
248
249// The configuration string may mistakingly include other parms following
250// the auzparms. So, trim the string.
251//
252 if (cfg)
253 {i = strlen(cfg);
254 if (i >= (int)sizeof(cfgbuff)) i = sizeof(cfgbuff)-1;
255 memcpy(cfgbuff, cfg, i);
256 cfgbuff[i] = 0;
257 if ((sP = index(cfgbuff, ' '))) *sP = 0;
258 }
259 if (!cfg || !(*cfg)) return g_certificate_format;
260
261// Parse the config line (it's in cgi format)
262//
263 envP = new XrdOucEnv(cfgbuff);
264
265// Set debug value
266//
267 if ((sP = envP->Get("debug")) && *sP == '1') g_debug = 1;
268
269// Get the mapping strings
270//
271 if ((g_vo2grp = envP->Get("vo2grp"))) g_vo2grp = strdup(g_vo2grp);
272 if ((g_vo2usr = envP->Get("vo2usr")))
273 {g_cn2usr = 0;
274 g_vo2usr = (!strcmp(g_vo2usr, "*") ? 0 : strdup(g_vo2usr));
275 }
276
277// Now process the valid vo's
278//
279 if ((sP = envP->Get("valido")))
280 {i = strlen(sP);
281 g_valido = (char *)malloc(i+2);
282 *g_valido = ',';
283 strcpy(g_valido+1, sP);
284 }
285
286// All done with environment
287//
288 delete envP;
289
290// All done.
291//
292 PRINT(inf_pfx <<"cfg='"<< (cfg ? cfg : "null") << "'.");
293 return g_certificate_format;
294}
#define PRINT(y)
char * Get(const char *varname)
Definition XrdOucEnv.hh:69
XrdOucEnv * envP
Definition XrdPss.cc:108

References XrdOucEnv::Get(), and PRINT.

+ Here is the call graph for this function:

◆ XrdSecgsiAuthzKey()

int XrdSecgsiAuthzKey ( XrdSecEntity & entity,
char ** key )

Definition at line 209 of file XrdSecgsiAuthzFunVO.cc.

210{
211 // Return key by which entity.creds will be hashed.
212 // For now return entity.creds itself.
213 // The plan is to use DN + VO endorsements in the future.
214
215 static const char* err_pfx = "ERR in AuthzKey: ";
216 static const char* inf_pfx = "INFO in AuthzKey: ";
217
218 // Must have got something
219 if (!key) {
220 PRINT(err_pfx << "'key' is not defined!");
221 return -1;
222 }
223
224 PRINT(inf_pfx << "Returning creds of len " << entity.credslen << " as key.");
225
226 // Set the key
227 *key = new char[entity.credslen + 1];
228 strcpy(*key, entity.creds);
229
230 return entity.credslen;
231}
int credslen
Length of the 'creds' data.
char * creds
Raw entity credentials or cert.

References XrdSecEntity::creds, XrdSecEntity::credslen, and PRINT.

◆ XrdVERSIONINFO() [1/3]

XrdVERSIONINFO ( XrdSecgsiAuthzFun ,
secgsiauthz  )

◆ XrdVERSIONINFO() [2/3]

XrdVERSIONINFO ( XrdSecgsiAuthzInit ,
secgsiauthz  )

◆ XrdVERSIONINFO() [3/3]

XrdVERSIONINFO ( XrdSecgsiAuthzKey ,
secgsiauthz  )