XRootD
Loading...
Searching...
No Matches
XrdSecProtocolztn.cc File Reference
#include <cctype>
#include <cerrno>
#include <fcntl.h>
#include <cinttypes>
#include <iostream>
#include <cstdint>
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <ctime>
#include <vector>
#include <alloca.h>
#include <arpa/inet.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/uio.h>
#include <strings.h>
#include <unistd.h>
#include "XrdVersion.hh"
#include "XrdNet/XrdNetAddrInfo.hh"
#include "XrdOuc/XrdOucEnv.hh"
#include "XrdOuc/XrdOucErrInfo.hh"
#include "XrdOuc/XrdOucPinLoader.hh"
#include "XrdOuc/XrdOucString.hh"
#include "XrdOuc/XrdOucTokenizer.hh"
#include "XrdSciTokens/XrdSciTokensHelper.hh"
#include "XrdSys/XrdSysE2T.hh"
#include "XrdSys/XrdSysHeaders.hh"
#include "XrdSec/XrdSecInterface.hh"
+ Include dependency graph for XrdSecProtocolztn.cc:

Go to the source code of this file.

Classes

class  XrdSecProtocolztn
 

Namespaces

namespace  XrdSecztn
 

Macros

#define __STDC_FORMAT_MACROS   1
 
#define EAUTH   EBADE
 

Functions

bool XrdSecztn::isJWT (const char *)
 
char * XrdSecProtocolztnInit (const char mode, const char *parms, XrdOucErrInfo *erp)
 
XrdSecProtocolXrdSecProtocolztnObject (const char mode, const char *hostname, XrdNetAddrInfo &endPoint, const char *parms, XrdOucErrInfo *erp)
 
 XrdVERSIONINFO (XrdSecProtocolztnObject, secztn)
 

Macro Definition Documentation

◆ __STDC_FORMAT_MACROS

#define __STDC_FORMAT_MACROS   1

Definition at line 31 of file XrdSecProtocolztn.cc.

◆ EAUTH

#define EAUTH   EBADE

Definition at line 70 of file XrdSecProtocolztn.cc.

Function Documentation

◆ XrdSecProtocolztnInit()

char * XrdSecProtocolztnInit ( const char  mode,
const char *  parms,
XrdOucErrInfo erp 
)

Definition at line 701 of file XrdSecProtocolztn.cc.

704{
705 static char nilstr = 0;
706 XrdOucString accPlugin("libXrdAccSciTokens.so");
708
709// This only makes sense for server initialization
710//
711 if (mode == 'c') return &nilstr;
712
713// If there are no parameters, return the defaults
714//
715 if (!parms || !(*parms))
716 {char buff[256];
717 if (!getLinkage(erp, accPlugin.c_str())) return 0;
718 snprintf(buff, sizeof(buff), "TLS:%" PRIu64 ":%d:", opts, MaxTokSize);
719 return strdup(buff);
720 }
721
722// Copy the parameters as we will need modify them
723//
724 std::vector<XrdOucString> useVec;
725 XrdOucString cfgParms(parms);
726 XrdOucTokenizer cfg(const_cast<char *>(cfgParms.c_str()));
727 char *endP, *val;
728
729// Setup to parse parameters
730//
731 cfg.GetLine();
732
733// Parse the parameters: -expiry {none|optional|required} -maxsz <num>
734// -tokenlib <libpath>
735//
736 while((val = cfg.GetToken()))
737 { if (!strcmp(val, "-maxsz"))
738 {if (!(val = cfg.GetToken()))
739 {Fatal(erp, "-maxsz argument missing", EINVAL);
740 return 0;
741 }
742 MaxTokSize = strtol(val, &endP, 10);
743 if (*endP == 'k' || *endP == 'K')
744 {MaxTokSize *= 1024; endP++;}
745 if (MaxTokSize <= 0 || MaxTokSize > 524288 || *endP)
746 {Fatal(erp, "-maxsz argument is invalid", EINVAL);
747 return 0;
748 }
749 }
750 else if (!strcmp(val, "-expiry"))
751 {if (!(val = cfg.GetToken()))
752 {Fatal(erp, "-expiry argument missing", EINVAL);
753 return 0;
754 }
755 if (strcmp(val, "ignore")) expiry = 0;
756 else if (strcmp(val, "optional")) expiry = -1;
757 else if (strcmp(val, "required")) expiry = 1;
758 else {Fatal(erp, "-expiry argument invalid", EINVAL);
759 return 0;
760 }
761 }
762
763 else if (!strcmp(val, "-tokenlib"))
764 {if (!(val = cfg.GetToken()))
765 {Fatal(erp, "-acclib plugin path missing", EINVAL);
766 return 0;
767 }
768 if (strcmp(val,"none"))
769 {accPlugin = val;
770 }
771 else
772 {tokenlib = false;
773 }
774 }
775
776 else {XrdOucString eTxt("Invalid parameter - "); eTxt += val;
777 Fatal(erp, eTxt.c_str(), EINVAL);
778 return 0;
779 }
780 }
781
782// We rely on the token authorization plugin to validate tokens unless
783// it is disabled using '-tokenlib none'. If active load it to
784// get the validation object pointer. This will be filled in later but we
785// want to know that it's actually present.
786//
787 if (tokenlib && !getLinkage(erp, accPlugin.c_str())) return 0;
788
789// Assemble the parameter line and return it
790//
791 char buff[256];
792 snprintf(buff, sizeof(buff), "TLS:%" PRIu64 ":%d:", opts, MaxTokSize);
793 return strdup(buff);
794}
void Fatal(const char *op, const char *target)
Definition XrdCrc32c.cc:58
struct myOpts opts
static const int ztnVersion

References XrdOucString::c_str(), Fatal(), XrdOucTokenizer::GetLine(), XrdOucTokenizer::GetToken(), opts, and XrdSecProtocolztn::ztnVersion.

+ Here is the call graph for this function:

◆ XrdSecProtocolztnObject()

XrdSecProtocol * XrdSecProtocolztnObject ( const char  mode,
const char *  hostname,
XrdNetAddrInfo endPoint,
const char *  parms,
XrdOucErrInfo erp 
)

Definition at line 803 of file XrdSecProtocolztn.cc.

808{
809 XrdSecProtocolztn *protP;
810
811// Whether this is a client of server, the connection must be using TLS.
812//
813 if (!endPoint.isUsingTLS())
814 {Fatal(erp,"security protocol 'ztn' disallowed for non-TLS connections.",
815 ENOTSUP, false);
816 return 0;
817 }
818
819// Get a protocol object appropriate for the mode
820//
821 if (mode == 'c')
822 {bool aOK;
823 protP = new XrdSecProtocolztn(parms, erp, aOK);
824 if (aOK) return protP;
825 delete protP;
826 return 0;
827 }
828
829 XrdSciTokensHelper *sthP= nullptr;
830 if (tokenlib)
831 {
832// In server mode we need to make sure the token plugin was actually
833// loaded and initialized as we need a pointer to the helper.
834//
835 sthP= *sth_Linkage;
836 if (!sthP)
837 {char msg[1024];
838 snprintf(msg,sizeof(msg),"ztn required plugin (%s) has not been loaded!",
839 sth_piName);
840 Fatal(erp, msg, EIDRM,false);
841 return 0;
842 }
843 }
844
845// Get an authentication object and return it
846//
847 if (!(protP = new XrdSecProtocolztn(hostname, endPoint, sthP)))
848 Fatal(erp, "insufficient memory for protocol.", ENOMEM, false);
849
850// All done
851//
852 return protP;
853}

References Fatal(), and XrdNetAddrInfo::isUsingTLS().

+ Here is the call graph for this function:

◆ XrdVERSIONINFO()

XrdVERSIONINFO ( XrdSecProtocolztnObject  ,
secztn   
)