Logo ROOT  
Reference Guide
 
Loading...
Searching...
No Matches
TAuthenticate.h
Go to the documentation of this file.
1// @(#)root/auth:$Id$
2// Author: Fons Rademakers 26/11/2000
3
4/*************************************************************************
5 * Copyright (C) 1995-2000, Rene Brun and Fons Rademakers. *
6 * All rights reserved. *
7 * *
8 * For the licensing terms see $ROOTSYS/LICENSE. *
9 * For the list of contributors see $ROOTSYS/README/CREDITS. *
10 *************************************************************************/
11
12#ifndef ROOT_TAuthenticate
13#define ROOT_TAuthenticate
14
15
16//////////////////////////////////////////////////////////////////////////
17// //
18// TAuthenticate //
19// //
20// An authentication module for ROOT based network services, like rootd.// //
21// //
22//////////////////////////////////////////////////////////////////////////
23
24#include "TObject.h"
25#include "TString.h"
26#include "TList.h"
27#include "TDatime.h"
28#ifndef ROOT_rsafun
29//#include "rsafun.h"
30#endif
31#include "AuthConst.h"
32
33class TAuthenticate;
34class THostAuth;
35class TPluginHandler;
36class TSocket;
37class TRootSecContext;
38class TVirtualMutex;
39
40typedef Int_t (*CheckSecCtx_t)(const char *subj, TRootSecContext *ctx);
43typedef Int_t (*SecureAuth_t)(TAuthenticate *auth, const char *user, const char *passwd,
44 const char *remote, TString &det, Int_t version);
45
47
48struct R__rsa_KEY; // opaque replacement for rsa_KEY
49struct R__rsa_KEY_export; // opaque replacement for rsa_KEY_export
50struct R__rsa_NUMBER; // opaque replacement for rsa_NUMBER
51
52class TAuthenticate : public TObject {
53
54friend class TRootAuth;
55friend class TRootSecContext;
56friend class TSocket;
57
58public:
59 enum ESecurity { kClear, kUnsupported, kKrb5, kGlobus, kSSH, kRfio }; // type of authentication
60
61private:
62 TString fDetails; // logon details (method dependent ...)
63 THostAuth *fHostAuth; // pointer to relevant authentication info
64 TString fPasswd; // user's password
65 TString fProtocol; // remote service (rootd)
66 Bool_t fPwHash; // kTRUE if fPasswd is a passwd hash
67 TString fRemote; // remote host to which we want to connect
68 Int_t fRSAKey; // Type of RSA key used
69 TRootSecContext *fSecContext; // pointer to relevant sec context
70 ESecurity fSecurity; // actual logon security level
71 TSocket *fSocket; // connection to remote daemon
72 Int_t fVersion; // 0,1,2, ... accordingly to remote daemon version
73 TString fUser; // user to be authenticated
74 Int_t fTimeOut; // timeout flag
75
77 Bool_t GetPwHash() const { return fPwHash; }
78 Int_t GetRSAKey() const { return fRSAKey; }
79 ESecurity GetSecurity() const { return fSecurity; }
80 Bool_t GetSRPPwd() const { return false; }
81 const char *GetSshUser(TString user) const;
82 Int_t GetVersion() const { return fVersion; }
86 char *GetRandString(Int_t Opt,Int_t Len);
87 Int_t RfioAuth(TString &user);
88 void SetEnvironment();
89 Int_t SshAuth(TString &user);
90 Int_t SshError(const char *errfile);
91
94 static Bool_t fgAuthReUse; // kTRUE is ReUse required
95 static TString fgDefaultUser; // Default user information
96 static TDatime fgExpDate; // Expiring date for new security contexts
99 static TString fgKrb5Principal; // Principal for Krb5 ticket
100 static TDatime fgLastAuthrc; // Time of last reading of fgRootAuthrc
102 static TPluginHandler *fgPasswdDialog; // Passwd dialog GUI plugin
103 static Bool_t fgPromptUser; // kTRUE if user prompt required
104 static Bool_t fgPwHash; // kTRUE if fgPasswd is a passwd hash
105 static Bool_t fgReadHomeAuthrc; // kTRUE to look for $HOME/.rootauthrc
106 static TString fgRootAuthrc; // Path to last rootauthrc-like file read
107 static Int_t fgRSAKey; // Default type of RSA key to be tried
111 static R__rsa_KEY_export* fgRSAPubExport; // array of size [2]
114 static Bool_t fgUsrPwdCrypt; // kTRUE if encryption for UsrPwd is required
115 static Int_t fgLastError; // Last error code processed by AuthError()
116 static Int_t fgAuthTO; // if > 0, timeout in sec
117 static Int_t fgProcessID; // ID of the main thread as unique identifier
118
119 static Bool_t CheckHost(const char *Host, const char *host);
120
121 static void FileExpand(const char *fin, FILE *ftmp);
122 static void RemoveSecContext(TRootSecContext *ctx);
123
124public:
125 TAuthenticate(TSocket *sock, const char *remote, const char *proto,
126 const char *user = "");
127 virtual ~TAuthenticate() {}
128
130 Int_t AuthExists(TString User, Int_t method, const char *Options,
132 void CatchTimeOut();
136 THostAuth *GetHostAuth() const { return fHostAuth; }
137 const char *GetProtocol() const { return fProtocol; }
138 const char *GetRemoteHost() const { return fRemote; }
139 Int_t GetRSAKeyType() const { return fRSAKey; }
141 TSocket *GetSocket() const { return fSocket; }
142 const char *GetUser() const { return fUser; }
143 Int_t HasTimedOut() const { return fTimeOut; }
144 void SetRSAKeyType(Int_t key) { fRSAKey = key; }
146
147 static void AuthError(const char *where, Int_t error);
148
149 static Int_t DecodeRSAPublic(const char *rsapubexport, R__rsa_NUMBER &n,
150 R__rsa_NUMBER &d, char **rsassl = nullptr);
151
152 static TList *GetAuthInfo();
153 static const char *GetAuthMethod(Int_t idx);
154 static Int_t GetAuthMethodIdx(const char *meth);
155 static Bool_t GetAuthReUse();
156 static Int_t GetClientProtocol();
157 static char *GetDefaultDetails(Int_t method, Int_t opt, const char *user);
158 static const char *GetDefaultUser();
159 static TDatime GetGlobalExpDate();
160 static Bool_t GetGlobalPwHash();
161 static Bool_t GetGlobalSRPPwd();
162 static const char *GetGlobalUser();
164 static THostAuth *GetHostAuth(const char *host, const char *user="",
165 Option_t *opt = "R", Int_t *Exact = nullptr);
166 static const char *GetKrb5Principal();
167 static Bool_t GetPromptUser();
168 static Int_t GetRSAInit();
169 static const char *GetRSAPubExport(Int_t key = 0);
170 static THostAuth *HasHostAuth(const char *host, const char *user,
171 Option_t *opt = "R");
172 static void InitRandom();
173 static void MergeHostAuthList(TList *Std, TList *New, Option_t *Opt = "");
174 static char *PromptPasswd(const char *prompt = "Password: ");
175 static char *PromptUser(const char *remote);
176 static Int_t ReadRootAuthrc();
177 static void RemoveHostAuth(THostAuth *ha, Option_t *opt = "");
178 static Int_t SecureRecv(TSocket *Socket, Int_t dec,
179 Int_t KeyType, char **Out);
181 Int_t KeyType, const char *In);
182 static Int_t SendRSAPublicKey(TSocket *Socket, Int_t key = 0);
183 static void SetAuthReUse(Bool_t authreuse);
184 static void SetDefaultUser(const char *defaultuser);
185 static void SetGlobalExpDate(TDatime expdate);
186 static void SetGlobalPasswd(const char *passwd);
187 static void SetGlobalPwHash(Bool_t pwhash);
188 static void SetGlobalSRPPwd(Bool_t srppwd);
189 static void SetGlobalUser(const char *user);
190 static void SetGlobusAuthHook(GlobusAuth_t func);
191 static void SetKrb5AuthHook(Krb5Auth_t func);
192 static void SetPromptUser(Bool_t promptuser);
193 static void SetDefaultRSAKeyType(Int_t key);
194 static void SetRSAInit(Int_t init = 1);
195 static Int_t SetRSAPublic(const char *rsapubexport, Int_t klen);
196 static void SetSecureAuthHook(SecureAuth_t func);
197 static void SetTimeOut(Int_t to);
198 static void Show(Option_t *opt="S");
199
200 ClassDefOverride(TAuthenticate,0) // Class providing remote authentication service
201};
202
203#endif
const Int_t kMAXSEC
Definition AuthConst.h:26
#define R__EXTERN
Definition DllImport.h:26
#define d(i)
Definition RSha256.hxx:102
bool Bool_t
Boolean (0=false, 1=true) (bool)
Definition RtypesCore.h:77
int Int_t
Signed integer 4 bytes (int)
Definition RtypesCore.h:59
const char Option_t
Option string (const char)
Definition RtypesCore.h:80
#define ClassDefOverride(name, id)
Definition Rtypes.h:348
std::string Message(const std::string &msg, const std::string &location)
Definition Scanner.cxx:177
R__EXTERN TVirtualMutex * gAuthenticateMutex
Int_t(* Krb5Auth_t)(TAuthenticate *auth, TString &user, TString &det, Int_t version)
Int_t(* SecureAuth_t)(TAuthenticate *auth, const char *user, const char *passwd, const char *remote, TString &det, Int_t version)
Int_t(* GlobusAuth_t)(TAuthenticate *auth, TString &user, TString &det)
Int_t(* CheckSecCtx_t)(const char *subj, TRootSecContext *ctx)
ROOT::Detail::TRangeCast< T, true > TRangeDynCast
TRangeDynCast is an adapter class that allows the typed iteration through a TCollection.
const char * proto
Definition civetweb.c:18822
virtual ~TAuthenticate()
static void RemoveHostAuth(THostAuth *ha, Option_t *opt="")
Remove THostAuth instance from the list.
static Int_t SetRSAPublic(const char *rsapubexport, Int_t klen)
Store RSA public keys from export string rsaPubExport.
static TPluginHandler * fgPasswdDialog
void SetRSAKeyType(Int_t key)
static Int_t fgProcessID
Bool_t GetPwHash() const
static void SetGlobalSRPPwd(Bool_t srppwd)
Set global SRP passwd flag to be used for authentication to rootd.
static Bool_t fgPromptUser
TRootSecContext * fSecContext
static Bool_t fgPwHash
ESecurity fSecurity
TRootSecContext * GetSecContext() const
THostAuth * fHostAuth
static void FileExpand(const char *fin, FILE *ftmp)
Expands include directives found in fexp files The expanded, temporary file, is pointed to by 'ftmp' ...
const char * GetProtocol() const
static TString fgUser
TSocket * fSocket
static const char * GetGlobalUser()
Static method returning the global user.
static void SetGlobalUser(const char *user)
Set global user name to be used for authentication to rootd.
static void SetPromptUser(Bool_t promptuser)
Set global PromptUser flag.
Int_t RfioAuth(TString &user)
RFIO authentication (no longer supported)
Int_t HasTimedOut() const
static void Show(Option_t *opt="S")
Print info about the authentication sector.
const char * GetSshUser(TString user) const
Method returning the user to be used for the ssh login (no longer supported)
void SetSecContext(TRootSecContext *ctx)
static const char * GetDefaultUser()
Static method returning the default user information.
static Bool_t GetPromptUser()
Static method returning the prompt user settings.
const char * GetRemoteHost() const
static Int_t SecureRecv(TSocket *Socket, Int_t dec, Int_t KeyType, char **Out)
Receive str from sock and decode it using key indicated by key type Return number of received bytes o...
static const char * GetKrb5Principal()
Static method returning the principal to be used to init Krb5 tickets.
TSocket * GetSocket() const
THostAuth * GetHostAuth() const
static GlobusAuth_t fgGlobusAuthHook
static void SetAuthReUse(Bool_t authreuse)
Set global AuthReUse flag.
static R__rsa_KEY_export * fgRSAPubExport
static Int_t fgRSAInit
char * GetRandString(Int_t Opt, Int_t Len)
Allocates and fills a 0 terminated buffer of length len+1 with len random characters.
Int_t SshAuth(TString &user)
SSH client authentication code (no longer supported)
ESecurity GetSecurity() const
static char * PromptPasswd(const char *prompt="Password: ")
Static method to prompt for the user's passwd to be used for authentication to rootd.
static void SetDefaultUser(const char *defaultuser)
Set default user name.
Int_t GetVersion() const
static void SetGlobalPwHash(Bool_t pwhash)
Set global passwd hash flag to be used for authentication to rootd.
static void SetGlobalExpDate(TDatime expdate)
Set default expiring date for new validity contexts.
static Int_t GetRSAInit()
Static method returning the RSA initialization flag.
static void SetSecureAuthHook(SecureAuth_t func)
Set secure authorization function.
static Int_t GetClientProtocol()
Static method returning supported client protocol.
static Int_t ReadRootAuthrc()
Read authentication directives from $ROOTAUTHRC, $HOME/.rootauthrc or <Root_etc_dir>/system....
static Bool_t fgReadHomeAuthrc
static Int_t fgAuthTO
static Int_t fgLastError
static Int_t SecureSend(TSocket *Socket, Int_t enc, Int_t KeyType, const char *In)
Encode null terminated str using the session private key indicated by enc and sends it over the netwo...
Int_t GenRSAKeys()
Generate a valid pair of private/public RSA keys to protect for authentication token exchange.
Bool_t CheckNetrc(TString &user, TString &passwd)
Try to get user name and passwd from the ~/.rootnetrc or ~/.netrc files.
static TString fgKrb5Principal
static const char * GetRSAPubExport(Int_t key=0)
Static method returning the RSA public keys.
static void InitRandom()
Initialize random machine using seed from /dev/urandom (or current time if /dev/urandom not available...
static R__rsa_KEY fgRSAPubKey
static Bool_t fgAuthReUse
static Bool_t GetGlobalPwHash()
Static method returning the global password hash flag.
static void SetKrb5AuthHook(Krb5Auth_t func)
Set kerberos5 authorization function.
static void SetGlobusAuthHook(GlobusAuth_t func)
Set Globus authorization function.
static void SetRSAInit(Int_t init=1)
Static method setting RSA initialization flag.
static void SetGlobalPasswd(const char *passwd)
Set global passwd to be used for authentication to rootd.
static TDatime fgExpDate
TString fProtocol
void SetEnvironment()
Set default authentication environment.
const char * GetUser() const
static Int_t SendRSAPublicKey(TSocket *Socket, Int_t key=0)
Receives server RSA Public key Sends local RSA public key encoded.
static TDatime fgLastAuthrc
static TList * fgAuthInfo
static TString fgPasswd
static TString fgAuthMeth[kMAXSEC]
void CatchTimeOut()
Called in connection with a timer timeout.
Int_t GetRSAKeyType() const
Bool_t GetUserPasswd(TString &user, TString &passwd, Bool_t &pwhash, Bool_t srppwd)
Try to get user name and passwd from several sources.
Bool_t Authenticate()
Authenticate to remote rootd server.
static R__rsa_KEY fgRSAPriKey
static TString fgRootAuthrc
Int_t AuthExists(TString User, Int_t method, const char *Options, Int_t *Message, Int_t *Rflag, CheckSecCtx_t funcheck)
Check if we have a valid established sec context in memory Retrieves relevant info and negotiates wit...
static TList * GetAuthInfo()
Static method returning the list with authentication details.
static GlobusAuth_t GetGlobusAuthHook()
Static method returning the globus authorization hook (no longer supported)
Int_t ClearAuth(TString &user, TString &passwd, Bool_t &pwhash)
UsrPwd client authentication code.
static void AuthError(const char *where, Int_t error)
Print error string depending on error code.
static Krb5Auth_t fgKrb5AuthHook
static char * GetDefaultDetails(Int_t method, Int_t opt, const char *user)
Determine default authentication details for method 'sec' and user 'usr'.
static void MergeHostAuthList(TList *Std, TList *New, Option_t *Opt="")
Tool for updating fgAuthInfo 'nin' contains list of last input information through (re)reading of a r...
static TString fgDefaultUser
static Int_t GetAuthMethodIdx(const char *meth)
Static method returning the method index (which can be used to find the method in GetAuthMethod()).
static Int_t fgRSAKey
static Int_t DecodeRSAPublic(const char *rsapubexport, R__rsa_NUMBER &n, R__rsa_NUMBER &d, char **rsassl=nullptr)
Store RSA public keys from export string rsaPubExport.
static void SetTimeOut(Int_t to)
Set timeout (active if > 0)
static Bool_t fgUsrPwdCrypt
TAuthenticate(TSocket *sock, const char *remote, const char *proto, const char *user="")
Create authentication object.
static void RemoveSecContext(TRootSecContext *ctx)
Tool for removing SecContext ctx from THostAuth listed in fgAuthInfo.
static TDatime GetGlobalExpDate()
Static method returning default expiring date for new validity contexts.
static Bool_t GetGlobalSRPPwd()
Static method returning the global SRP password flag.
static SecureAuth_t fgSecAuthHook
static char * PromptUser(const char *remote)
Static method to prompt for the user name to be used for authentication to rootd.
static Bool_t CheckHost(const char *Host, const char *host)
Check if 'host' matches 'href': this means either equal or "containing" it, even with wild cards * in...
Int_t GetRSAKey() const
Int_t SshError(const char *errfile)
static void SetDefaultRSAKeyType(Int_t key)
Static method setting the default type of RSA key.
static const char * GetAuthMethod(Int_t idx)
Static method returning the method corresponding to idx.
static Bool_t GetAuthReUse()
Static method returning the authentication reuse settings.
static THostAuth * HasHostAuth(const char *host, const char *user, Option_t *opt="R")
Checks if a THostAuth with exact match for {host,user} exists in the fgAuthInfo list Returns pointer ...
Bool_t GetSRPPwd() const
This class stores the date and time with a precision of one second in an unsigned 32 bit word (950130...
Definition TDatime.h:37
A doubly linked list.
Definition TList.h:38
Mother of all ROOT objects.
Definition TObject.h:41
Basic string class.
Definition TString.h:138
This class implements a mutex interface.
const Int_t n
Definition legend1.C:16