doc/master/TRootSecContext_8cxx_source.html

// @(#)root/auth:$Id$

// Author: G. Ganis   08/07/2005


/*************************************************************************

 * Copyright (C) 1995-2005, Rene Brun and Fons Rademakers.               *

 * All rights reserved.                                                  *

 *                                                                       *

 * For the licensing terms see $ROOTSYS/LICENSE.                         *

 * For the list of contributors see $ROOTSYS/README/CREDITS.             *

 *************************************************************************/


//////////////////////////////////////////////////////////////////////////

//                                                                      //

// TRootSecContext                                                      //

//                                                                      //

// Special implementation of TSecContext                                //

//                                                                      //

//////////////////////////////////////////////////////////////////////////


#include "RConfigure.h"


#include <cstdlib>


#include "TError.h"

#include "TRootSecContext.h"

#include "TROOT.h"

#include "TSocket.h"

#include "TUrl.h"

#include "TVirtualMutex.h"


////////////////////////////////////////////////////////////////////////////////

/// Ctor for SecContext object.


   TRootSecContext::TRootSecContext(const char *user, const char *host, Int_t meth,

                                    Int_t offset, const char *id,

                                    const char *token, TDatime expdate,

                                    void *ctx, Int_t key)

      : TSecContext(user, host, meth, offset, id, token, expdate, ctx)

{

   R__ASSERT(gROOT);


   fRSAKey  = key;

   fMethodName = TAuthenticate::GetAuthMethod(fMethod);

}


////////////////////////////////////////////////////////////////////////////////

/// Ctor for SecContext object.

/// User and host from url = `user@host` .


TRootSecContext::TRootSecContext(const char *url, Int_t meth, Int_t offset,

                                 const char *id, const char *token,

                                 TDatime expdate, void *ctx, Int_t key)

   : TSecContext(url, meth, offset, id, token, expdate, ctx)

{

   R__ASSERT(gROOT);


   fRSAKey  = key;

   fMethodName = TAuthenticate::GetAuthMethod(fMethod);

}


////////////////////////////////////////////////////////////////////////////////

/// Dtor: delete (deActivate, local/remote cleanup, list removal)

/// all what is still active


TRootSecContext::~TRootSecContext()

{

   TSecContext::Cleanup();

}


////////////////////////////////////////////////////////////////////////////////

/// Set OffSet to -1 and expiring Date to default

/// Remove from the list

/// If Opt contains "C" or "c", ask for remote cleanup

/// If Opt contains "R" or "r", remove from the list

/// Default Opt="CR"


void TRootSecContext::DeActivate(Option_t *Opt)

{

   // Ask remote cleanup of this context

   Bool_t clean = (strstr(Opt,"C") || strstr(Opt,"c"));

   if (clean && fOffSet > -1)

      CleanupSecContext(kFALSE);


   // Cleanup TPwdCtx object fro UsrPwd

   if (fMethod == TAuthenticate::kClear)

      if (fContext) {

         delete (TPwdCtx *)fContext;

         fContext = 0;

      }


   Bool_t remove = (strstr(Opt,"R") || strstr(Opt,"r"));

   if (remove && fOffSet > -1){

      R__LOCKGUARD(gROOTMutex);

      // Remove from the global list

      gROOT->GetListOfSecContexts()->Remove(this);

      // Remove also from local lists in THostAuth objects

      TAuthenticate::RemoveSecContext(this);

   }


   // Set inactive

   fOffSet  = -1;

   fExpDate = kROOTTZERO;


}


////////////////////////////////////////////////////////////////////////////////

/// Ask remote client to cleanup security context 'ctx'

/// If 'all', all sec context with the same host as ctx

/// are cleaned.


Bool_t TRootSecContext::CleanupSecContext(Bool_t all)

{

   Bool_t cleaned = kFALSE;


   // Nothing to do if inactive ...

   if (!IsActive())

      return kTRUE;


   // Contact remote services that used this context,

   // starting from the last ...

   TIter last(fCleanup,kIterBackward);

   TSecContextCleanup *nscc = 0;

   while ((nscc = (TSecContextCleanup *)last()) && !cleaned) {


      // First check if remote daemon supports cleaning

      Int_t srvtyp = nscc->GetType();

      Int_t rproto = nscc->GetProtocol();

      Int_t level = 2;

      if ((srvtyp == TSocket::kROOTD && rproto < 10))

         level = 1;

      if ((srvtyp == TSocket::kROOTD && rproto < 8))

         level = 0;

      if (level) {

         Int_t port = nscc->GetPort();


         TSocket *news = new TSocket(fHost.Data(),port,-1);


         if (news && news->IsValid()) {

            news->SetOption(kNoDelay, 0);


            // Backward compatibility: send socket size

            if (srvtyp == TSocket::kROOTD && level == 1)

               news->Send((Int_t)0, (Int_t)0);


            if (all || level == 1) {

               news->Send(Form("%d",TAuthenticate::fgProcessID), kROOTD_CLEANUP);

               cleaned = kTRUE;

            } else {

               news->Send(Form("%d %d %d %s", TAuthenticate::fgProcessID, fMethod,

                               fOffSet, fUser.Data()), kROOTD_CLEANUP);

               if (TAuthenticate::SecureSend(news, 1, fRSAKey,

                                             (char *)(fToken.Data())) == -1) {

                  Info("CleanupSecContext", "problems secure-sending token");

               } else {

                  cleaned = kTRUE;

               }

            }

            if (cleaned && gDebug > 2) {

               char srvname[3][10] = {"sockd", "rootd"};

               Info("CleanupSecContext",

                    "remote %s notified for cleanup (%s,%d)",

                    srvname[srvtyp],fHost.Data(),port);

            }

         }

         SafeDelete(news);

      }

   }


   if (!cleaned)

      if (gDebug > 2)

         Info("CleanupSecContext",

              "unable to open valid socket for cleanup for %s", fHost.Data());


   return cleaned;

}


////////////////////////////////////////////////////////////////////////////////

/// If opt is "F" (default) print object content.

/// If opt is "<number>" print in special form for calls within THostAuth

/// with cardinality "<number>"

/// If opt is "S" prints short in-line form for calls within TFTP,

/// TSlave ...


void TRootSecContext::Print(Option_t *opt) const

{

   // Check if option is numeric

   Int_t ord = -1, i = 0;

   for (; i < (Int_t)strlen(opt); i++) {

      if (opt[i] < 48 || opt[i] > 57) {

         ord = -2;

         break;

      }

   }

   // If numeric get the cardinality and prepare the strings

   if (ord == -1)

      ord = atoi(opt);


   if (!strncasecmp(opt,"F",1)) {

      Info("Print",

           "+------------------------------------------------------+");

      Info("Print",

           "+ Host:%s Method:%d (%s) User:'%s'",

           GetHost(), fMethod, GetMethodName(),

           fUser.Data());

      Info("Print",

           "+         OffSet:%d Id: '%s'", fOffSet, fID.Data());

      if (fOffSet > -1)

         Info("Print",

              "+         Expiration time: %s",fExpDate.AsString());

      Info("Print",

           "+------------------------------------------------------+");

   } else if (!strncasecmp(opt,"S",1)) {

      if (fOffSet > -1) {

         if (fID.BeginsWith("AFS"))

            Printf("Security context:     Method: AFS, not reusable");

         else

            Printf("Security context:     Method: %d (%s) expiring on %s",

                   fMethod, GetMethodName(),

                   fExpDate.AsString());

      } else {

         Printf("Security context:     Method: %d (%s) not reusable",

                fMethod, GetMethodName());

      }

   } else {

      // special printing form for THostAuth

      Info("PrintEstblshed","+ %d \t h:%s met:%d (%s) us:'%s'",

                               ord, GetHost(), fMethod, GetMethodName(),

                               fUser.Data());

      Info("PrintEstblshed","+ \t offset:%d id: '%s'", fOffSet, fID.Data());

      if (fOffSet > -1)

         Info("PrintEstblshed","+ \t expiring: %s",fExpDate.AsString());

   }

}


////////////////////////////////////////////////////////////////////////////////

/// Returns short string with relevant information about this

/// security context


const char *TRootSecContext::AsString(TString &out)

{

   if (fOffSet > -1) {

      if (fID.BeginsWith("AFS"))

         out = Form("Method: AFS, not reusable");

      else {

         char expdate[32];

         out = Form("Method: %d (%s) expiring on %s",

                    fMethod, GetMethodName(), fExpDate.AsString(expdate));

      }

   } else {

      if (fOffSet == -1)

         out = Form("Method: %d (%s) not reusable", fMethod, GetMethodName());

      else if (fOffSet == -3)

         out = Form("Method: %d (%s) authorized by /etc/hosts.equiv or $HOME/.rhosts",

                    fMethod, GetMethodName());

      else if (fOffSet == -4)

         out = Form("No authentication required remotely");

   }

   return out.Data();

}


kROOTD_CLEANUP
@ kROOTD_CLEANUP
Definition MessageTypes.h:66

SafeDelete
#define SafeDelete(p)
Definition RConfig.hxx:533

Int_t
int Int_t
Signed integer 4 bytes (int)
Definition RtypesCore.h:59

kFALSE
constexpr Bool_t kFALSE
Definition RtypesCore.h:108

kTRUE
constexpr Bool_t kTRUE
Definition RtypesCore.h:107

Option_t
const char Option_t
Option string (const char)
Definition RtypesCore.h:80

kIterBackward
const Bool_t kIterBackward
Definition TCollection.h:43

TRangeDynCast
ROOT::Detail::TRangeCast< T, true > TRangeDynCast
TRangeDynCast is an adapter class that allows the typed iteration through a TCollection.
Definition TCollection.h:358

TError.h

R__ASSERT
#define R__ASSERT(e)
Checks condition e and reports a fatal error if it's false.
Definition TError.h:125

offset
Option_t Option_t TPoint TPoint const char GetTextMagnitude GetFillStyle GetLineColor GetLineWidth GetMarkerStyle GetTextAlign GetTextColor GetTextSize void char Point_t Rectangle_t WindowAttributes_t Float_t Float_t Float_t Int_t Int_t UInt_t UInt_t Rectangle_t Int_t Int_t Window_t TString Int_t GCValues_t GetPrimarySelectionOwner GetDisplay GetScreen GetColormap GetNativeEvent const char const char dpyName wid window const char font_name cursor keysym reg const char only_if_exist regb h Point_t winding char text const char depth char const char Int_t count const char ColorStruct_t color const char Pixmap_t Pixmap_t PictureAttributes_t attr const char char ret_data h unsigned char height h offset
Definition TGWin32VirtualXProxy.cxx:245

gDebug
Int_t gDebug
Global variable setting the debug level. Set to 0 to disable, increase it in steps of 1 to increase t...
Definition TROOT.cxx:627

TROOT.h

gROOTMutex
R__EXTERN TVirtualMutex * gROOTMutex
Definition TROOT.h:63

gROOT
#define gROOT
Definition TROOT.h:411

TRootSecContext.h

kROOTTZERO
R__EXTERN const TDatime kROOTTZERO
Definition TSecContext.h:30

TSocket.h

Form
char * Form(const char *fmt,...)
Formats a string in a circular formatting buffer.
Definition TString.cxx:2495

Printf
void Printf(const char *fmt,...)
Formats a string in a circular formatting buffer and prints the string.
Definition TString.cxx:2509

kNoDelay
@ kNoDelay
Definition TSystem.h:235

TUrl.h

TVirtualMutex.h

R__LOCKGUARD
#define R__LOCKGUARD(mutex)
Definition TVirtualMutex.h:95

ROOT::Detail::TRangeCast
Definition TCollection.h:311

TAuthenticate::kClear
@ kClear
Definition TAuthenticate.h:59

TAuthenticate::fgProcessID
static Int_t fgProcessID
Definition TAuthenticate.h:117

TAuthenticate::SecureSend
static Int_t SecureSend(TSocket *Socket, Int_t enc, Int_t KeyType, const char *In)
Encode null terminated str using the session private key indicated by enc and sends it over the netwo...
Definition TAuthenticate.cxx:2703

TAuthenticate::RemoveSecContext
static void RemoveSecContext(TRootSecContext *ctx)
Tool for removing SecContext ctx from THostAuth listed in fgAuthInfo.
Definition TAuthenticate.cxx:3404

TAuthenticate::GetAuthMethod
static const char * GetAuthMethod(Int_t idx)
Static method returning the method corresponding to idx.
Definition TAuthenticate.cxx:1038

TDatime
This class stores the date and time with a precision of one second in an unsigned 32 bit word (950130...
Definition TDatime.h:37

TDatime::AsString
const char * AsString() const
Return the date & time as a string (ctime() format).
Definition TDatime.cxx:101

TIter
Definition TCollection.h:235

TObject::Info
virtual void Info(const char *method, const char *msgfmt,...) const
Issue info message.
Definition TObject.cxx:1045

TPwdCtx
Definition TSecContext.h:132

TRootSecContext::CleanupSecContext
Bool_t CleanupSecContext(Bool_t all) override
Ask remote client to cleanup security context 'ctx' If 'all', all sec context with the same host as c...
Definition TRootSecContext.cxx:112

TRootSecContext::DeActivate
void DeActivate(Option_t *opt="CR") override
Set OffSet to -1 and expiring Date to default Remove from the list If Opt contains "C" or "c",...
Definition TRootSecContext.cxx:78

TRootSecContext::fRSAKey
Int_t fRSAKey
Definition TRootSecContext.h:30

TRootSecContext::Print
void Print(Option_t *option="F") const override
If opt is "F" (default) print object content.
Definition TRootSecContext.cxx:185

TRootSecContext::AsString
const char * AsString(TString &out) override
Returns short string with relevant information about this security context.
Definition TRootSecContext.cxx:240

TRootSecContext::~TRootSecContext
virtual ~TRootSecContext()
Dtor: delete (deActivate, local/remote cleanup, list removal) all what is still active.
Definition TRootSecContext.cxx:66

TSecContextCleanup
Definition TSecContext.h:108

TSecContext
Definition TSecContext.h:36

TSecContext::IsActive
Bool_t IsActive() const
Check remote OffSet and expiring Date.
Definition TSecContext.cxx:232

TSecContext::fMethodName
TString fMethodName
Definition TSecContext.h:47

TSecContext::Cleanup
void Cleanup()
Cleanup what is still active.
Definition TSecContext.cxx:158

TSecContext::GetHost
const char * GetHost() const
Definition TSecContext.h:75

TSecContext::GetMethodName
const char * GetMethodName() const
Definition TSecContext.h:78

TSecContext::fID
TString fID
Definition TSecContext.h:45

TSecContext::fContext
void * fContext
Definition TSecContext.h:41

TSecContext::fExpDate
TDatime fExpDate
Definition TSecContext.h:43

TSecContext::fMethod
Int_t fMethod
Definition TSecContext.h:46

TSecContext::fUser
TString fUser
Definition TSecContext.h:50

TSecContext::TRootSecContext
friend class TRootSecContext
Definition TSecContext.h:38

TSecContext::fOffSet
Int_t fOffSet
Definition TSecContext.h:48

TSecContext::fToken
TString fToken
Definition TSecContext.h:49

TSecContext::fCleanup
TList * fCleanup
Definition TSecContext.h:42

TSecContext::fHost
TString fHost
Definition TSecContext.h:44

TSocket
Definition TSocket.h:41

TSocket::kROOTD
@ kROOTD
Definition TSocket.h:50

TString
Basic string class.
Definition TString.h:138

TString::Data
const char * Data() const
Definition TString.h:384

TString::BeginsWith
Bool_t BeginsWith(const char *s, ECaseCompare cmp=kExact) const
Definition TString.h:631

bool

int