XRootD
Loading...
Searching...
No Matches
XrdSecsssID.cc
Go to the documentation of this file.
1/******************************************************************************/
2/* */
3/* X r d S e c s s s I D . c c */
4/* */
5/* (c) 2008 by the Board of Trustees of the Leland Stanford, Jr., University */
6/* All Rights Reserved */
7/* Produced by Andrew Hanushevsky for Stanford University under contract */
8/* DE-AC02-76-SFO0515 with the Department of Energy */
9/* */
10/* This file is part of the XRootD software suite. */
11/* */
12/* XRootD is free software: you can redistribute it and/or modify it under */
13/* the terms of the GNU Lesser General Public License as published by the */
14/* Free Software Foundation, either version 3 of the License, or (at your */
15/* option) any later version. */
16/* */
17/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
18/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
19/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
20/* License for more details. */
21/* */
22/* You should have received a copy of the GNU Lesser General Public License */
23/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
24/* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
25/* */
26/* The copyright holder's institutional names and contributor's names may not */
27/* be used to endorse or promote products derived from this software without */
28/* specific prior written permission of the institution or contributor. */
29/******************************************************************************/
30
31#include <iostream>
32#include <map>
33
34#include <cstdio>
35#include <cstdlib>
36#include <cstring>
37#include <pwd.h>
38#include <sys/types.h>
39
40#include "XrdOuc/XrdOucPup.hh"
41#include "XrdOuc/XrdOucUtils.hh"
43
49
50/******************************************************************************/
51/* D e f i n e s */
52/******************************************************************************/
53
54#define XRDSECSSSENDO "XrdSecsssENDORSEMENT"
55
56/******************************************************************************/
57/* S t a t i c s */
58/******************************************************************************/
59
60namespace XrdSecsssMap
61{
65
66typedef std::map<std::string, XrdSecsssEnt*> EntityMap;
67
69}
70
71using namespace XrdSecsssMap;
72
73/******************************************************************************/
74/* C o n s t r u c t o r */
75/******************************************************************************/
76
78 XrdSecsssCon *Tracker, bool *isOK)
79 : defaultID(0),
80 myAuth(XrdSecsssID::idStatic), isStatic(true),
81 trackOK(false)
82{
83
84// Check if we have initialized already. If so, indicate warning
85//
86 sssMutex.Lock();
87 if (IDMapper)
89 if (isOK) *isOK = false;
90 else std::cerr <<"SecsssID: Already instantiated; new instance"
91 " ineffective!\n" <<std::flush;
92 return;
93 }
94
95// Verify the authType
96//
97 switch(aType)
98 {case idDynamic: isStatic = false;
99 case idStatic: break;
100 case idStaticM: break;
101 case idMapped: isStatic = false;
102 break;
103 case idMappedM: isStatic = false;
104 break;
105 default: idP = 0;
106 aType = idStatic;
107 isStatic = true;
108 break;
109 }
110 myAuth = aType;
111
112// Generate a default identity
113//
114 if (idP) defaultID = new XrdSecsssEnt(idP);
115 else defaultID = genID(isStatic);
116
117// Establish a pointer to this object.
118//
119 IDMapper = this;
120
121// Decide whether or not we will track connections
122//
123 if (Tracker && (aType == idMapped || aType == idMappedM)) conTrack = Tracker;
124
125// All done with initialization
126//
127 if (isOK) *isOK = true;
129}
130
131/******************************************************************************/
132/* Private: D e s t r u c t o r */
133/******************************************************************************/
134
135XrdSecsssID::~XrdSecsssID() {if (defaultID) free(defaultID);}
136
137/******************************************************************************/
138/* Private: F i n d */
139/******************************************************************************/
140
141int XrdSecsssID::Find(const char *lid, char *&dP,
142 const char *myIP, int dataOpts)
143{
144 EntityMap::iterator it;
145 XrdSecsssEnt *fP;
146 int n;
147
148// Lock the registry and find the entry
149//
150 sssMutex.Lock();
151 it = Registry.find(lid);
152 if (it == Registry.end())
153 {if (!(fP = defaultID))
154 {sssMutex.UnLock(); return 0;}
155 } else fP = it->second;
156
157// Return the data
158//
159 n = fP->RR_Data(dP, myIP, dataOpts);
161 return n;
162}
163
164/******************************************************************************/
165/* Private: g e n I D */
166/******************************************************************************/
167
168XrdSecsssEnt *XrdSecsssID::genID(bool Secure)
169{
170 XrdSecEntity myID("sss");
171 static const int pgSz = 256;
172 char pBuff[pgSz], gBuff[pgSz];
173
174// Use either our own uid/gid or a generic
175//
176 myID.name = (Secure || XrdOucUtils:: UserName(geteuid(), pBuff, pgSz))
177 ? (char *)"nobody" : pBuff;
178 myID.grps = (Secure || XrdOucUtils::GroupName(getegid(), gBuff, pgSz) == 0)
179 ? (char *)"nogroup" : gBuff;
180
181 if (getenv(XRDSECSSSENDO))
182 {myID.endorsements = getenv(XRDSECSSSENDO); }
183
184// Just return the sssID
185//
186 return new XrdSecsssEnt(&myID);
187}
188
189/******************************************************************************/
190/* Private: g e t O b j */
191/******************************************************************************/
192
193XrdSecsssID *XrdSecsssID::getObj(authType &aType, XrdSecsssEnt *&idP)
194{
195 bool sType = false;
196
197// Prevent changes
198//
199 sssMutex.Lock();
200
201// Pick up the settings (we might not have any)
202//
203 if (!IDMapper)
204 {aType = idStatic;
205 sType = true;
206 idP = 0;
207 } else {
208 aType = IDMapper->myAuth;
209 idP = IDMapper->defaultID;
210 }
211 if (!idP) idP = genID(sType);
212
213// Return result
214//
215 XrdSecsssID *theMapper = IDMapper;
217 return theMapper;
218}
219
220/******************************************************************************/
221/* R e g i s t e r */
222/******************************************************************************/
223
224bool XrdSecsssID::Register(const char *lid, const XrdSecEntity *eP,
225 bool doRep, bool defer)
226{
227 EntityMap::iterator it;
228 XrdSecsssEnt *idP;
229
230// If this is an invalid call, return failure
231//
232 if (isStatic) return false;
233
234// Check if we are simply deleting an entry
235//
236 if (!eP)
237 {sssMutex.Lock();
238 it = Registry.find(std::string(lid));
239 if (it == Registry.end()) sssMutex.UnLock();
240 else {idP = it->second;
241 Registry.erase(it);
243 idP->Delete();
244 }
245 return true;
246 }
247
248// Generate an ID entry and add it to registry (we are optimistic here)
249// Note: We wish we could use emplace() but that isn't suported until gcc 4.8.0
250//
251 std::pair<EntityMap::iterator, bool> ret;
252 std::pair<std::string, XrdSecsssEnt*> psp;
253 idP = new XrdSecsssEnt(eP, defer);
254 psp = {std::string(lid), idP};
255 sssMutex.Lock();
256 ret = Registry.insert(psp);
257 if (ret.second)
258 {sssMutex.UnLock();
259 return true;
260 }
261
262// We were not successful, replace the element if we are allowed to do so.
263//
264 if (doRep)
265 {XrdSecsssEnt *oldP = ret.first->second;
266 ret.first->second = idP;
268 oldP->Delete();
269 return true;
270 }
271
272// Sigh, the element exists but we cannot replace it.
273//
275 idP->Delete();
276 return false;
277}
#define XRDSECSSSENDO
static int UserName(uid_t uID, char *uName, int uNsz)
static int GroupName(gid_t gID, char *gName, int gNsz)
void Delete()
Delete this entity object.
int RR_Data(char *&dP, const char *hostIP, int dataOpts)
bool Register(const char *lgnid, const XrdSecEntity *Ident, bool doReplace=false, bool defer=false)
XrdSecsssID(authType aType=idStatic, const XrdSecEntity *Ident=0, XrdSecsssCon *Tracker=0, bool *isOK=0)
std::map< std::string, XrdSecsssEnt * > EntityMap
XrdSysMutex sssMutex
XrdSecsssCon * conTrack
XrdSecsssID * IDMapper
EntityMap Registry