Logo ROOT   6.10/09
Reference Guide
TRootAuth.cxx
Go to the documentation of this file.
1 // @(#)root/auth:$Id$
2 // Author: Gerardo Ganis 08/07/05
3 
4 /*************************************************************************
5  * Copyright (C) 1995-2005, Rene Brun and Fons Rademakers. *
6  * All rights reserved. *
7  * *
8  * For the licensing terms see $ROOTSYS/LICENSE. *
9  * For the list of contributors see $ROOTSYS/README/CREDITS. *
10  *************************************************************************/
11 
12 //////////////////////////////////////////////////////////////////////////
13 // //
14 // TRootAuth //
15 // //
16 // TVirtualAuth implementation based on the old client authentication //
17 // code. //
18 // //
19 //////////////////////////////////////////////////////////////////////////
20 
21 #include "TAuthenticate.h"
22 #include "TEnv.h"
23 #include "TError.h"
24 #include "THostAuth.h"
25 #include "TRootAuth.h"
26 #include "TRootSecContext.h"
27 #include "TSocket.h"
28 #include "TSystem.h"
29 #include "TUrl.h"
30 
31 ////////////////////////////////////////////////////////////////////////////////
32 /// Runs authentication on socket s.
33 /// Invoked when dynamic loading is needed.
34 /// Returns 1 on success, 0 on failure.
35 
37  const char *user, Option_t *opts)
38 {
39  TSecContext *ctx = 0;
40  Int_t rc = 0;
41 
42  Int_t rproto = s->GetRemoteProtocol() % 1000;
43  if (s->GetServType() == (Int_t)TSocket::kROOTD) {
44  if (rproto > 6 && rproto < 10) {
45  // Middle aged versions expect client protocol now
47  Int_t kind = 0;
48  if (s->Recv(rproto, kind) < 0) {
49  Error("Authenticate", "receiving remote protocol");
50  return ctx;
51  }
52  s->SetRemoteProtocol(rproto);
53  }
54  }
55 
56  // Find out if we are a PROOF master
57  Bool_t isPROOF = (s->GetServType() == (Int_t)TSocket::kPROOFD);
58  Bool_t isMASTER = kFALSE;
59  if (isPROOF) {
60  // Master by default
61  isMASTER = kTRUE;
62  // Parse option
63  TString opt(TUrl(s->GetUrl()).GetOptions());
64  if (!strncasecmp(opt.Data()+1, "C", 1)) {
65  isMASTER = kFALSE;
66  }
67  }
68 
69  // Find out whether we are a proof serv
70  Bool_t isPROOFserv = (opts[0] == 'P') ? kTRUE : kFALSE;
71 
72  // Build the protocol string for TAuthenticate
73  TString proto = TUrl(s->GetUrl()).GetProtocol();
74  if (proto == "") {
75  proto = "root";
76  } else if (proto.Contains("sockd") || proto.Contains("rootd") ||
77  proto.Contains("proofd")) {
78  proto.ReplaceAll("d",1,"",0);
79  }
80  proto += Form(":%d",rproto);
81 
82  // Init authentication
83  TAuthenticate *auth =
84  new TAuthenticate(s, host, proto, user);
85 
86  // If PROOF client and trasmission of the SRP password is
87  // requested make sure that ReUse is switched on to get and
88  // send also the Public Key
89  // Masters do this automatically upon reception of valid info
90  // (see TSlave.cxx)
91  if (isMASTER && !isPROOFserv) {
92  if (gEnv->GetValue("Proofd.SendSRPPwd",0)) {
94  TString detsSRP(auth->GetHostAuth()->GetDetails(kSRP));
95  Int_t pos = detsSRP.Index("ru:0");
96  if (pos > -1) {
97  detsSRP.ReplaceAll("ru:0",4,"ru:1",4);
98  auth->GetHostAuth()->SetDetails(kSRP,detsSRP);
99  } else {
100  TSubString ss = detsSRP.SubString("ru:no",TString::kIgnoreCase);
101  if (!ss.IsNull()) {
102  detsSRP.ReplaceAll(ss.Data(),5,"ru:1",4);
103  auth->GetHostAuth()->SetDetails(kSRP,detsSRP);
104  }
105  }
106  }
107  }
108 
109  // No control on credential forwarding in case of SSH authentication;
110  // switched it off on PROOF servers, unless the user knows what they
111  // are doing
112  if (isPROOFserv) {
113  if (!(gEnv->GetValue("ProofServ.UseSSH",0)))
115  }
116 
117  // Attempt authentication
118  if (!auth->Authenticate()) {
119  // Close the socket if unsuccessful
120  if (auth->HasTimedOut() > 0)
121  Error("Authenticate",
122  "timeout expired for %s@%s", auth->GetUser(), host);
123  else
124  Error("Authenticate",
125  "authentication failed for %s@%s", auth->GetUser(), host);
126  // This is to terminate properly remote proofd in case of failure
127  if (isPROOF)
128  s->Send(Form("%d %s", gSystem->GetPid(), host), kROOTD_CLEANUP);
129  } else {
130  // Set return flag;
131  rc = 1;
132  // Search pointer to relevant TSecContext
133  ctx = auth->GetSecContext();
134  s->SetSecContext(ctx);
135  }
136  // Cleanup
137  delete auth;
138 
139  // If we are talking to a recent proofd send over a buffer with the
140  // remaining authentication related stuff
141  if (rc && isPROOF && rproto > 11) {
142  Bool_t client = !isPROOFserv;
143  if (TAuthenticate::ProofAuthSetup(s, client) !=0 ) {
144  Error("Authenticate", "PROOF: failed to finalize setup");
145  }
146  }
147 
148  // We are done
149  return ctx;
150 }
151 
152 ////////////////////////////////////////////////////////////////////////////////
153 /// Return client version;
154 
156 {
158 }
159 
160 ////////////////////////////////////////////////////////////////////////////////
161 /// Print error string corresponding to ecode, prepending location
162 
163 void TRootAuth::ErrorMsg(const char *where, Int_t ecode)
164 {
165  TAuthenticate::AuthError(where, ecode);
166 }
A zero length substring is legal.
Definition: TString.h:75
THostAuth * GetHostAuth() const
void SetDetails(Int_t level, const char *details)
Set authentication details for specified level.
Definition: THostAuth.cxx:405
Int_t GetServType() const
Definition: TSocket.h:131
void SetRemoteProtocol(Int_t rproto)
Definition: TSocket.h:165
virtual int GetPid()
Get process id.
Definition: TSystem.cxx:714
const char Option_t
Definition: RtypesCore.h:62
virtual Int_t Send(const TMessage &mess)
Send a TMessage object.
Definition: TSocket.cxx:520
This class represents a WWW compatible URL.
Definition: TUrl.h:35
TString & ReplaceAll(const TString &s1, const TString &s2)
Definition: TString.h:640
virtual Int_t Recv(TMessage *&mess)
Receive a TMessage object.
Definition: TSocket.cxx:818
TSecContext * Authenticate(TSocket *, const char *host, const char *user, Option_t *options="")
Runs authentication on socket s.
Definition: TRootAuth.cxx:36
Ssiz_t Index(const char *pat, Ssiz_t i=0, ECaseCompare cmp=kExact) const
Definition: TString.h:587
const char * GetDetails(Int_t level)
Return authentication details for specified level or "" if the specified level does not exist for thi...
Definition: THostAuth.cxx:373
Basic string class.
Definition: TString.h:129
int Int_t
Definition: RtypesCore.h:41
bool Bool_t
Definition: RtypesCore.h:59
void SetSecContext(TSecContext *ctx)
Definition: TSocket.h:166
const char * Data() const
Definition: TString.h:674
Bool_t Authenticate()
Authenticate to remote rootd or proofd server.
const char * GetUrl() const
Definition: TSocket.h:144
Int_t HasTimedOut() const
Bool_t IsNull() const
Definition: TString.h:119
Int_t ProofAuthSetup()
Authentication related stuff setup in TProofServ.
TRootSecContext * GetSecContext() const
Int_t GetRemoteProtocol() const
Definition: TSocket.h:140
void Error(const char *location, const char *msgfmt,...)
void RemoveMethod(Int_t level)
Remove method &#39;meth&#39; from the list, if there ...
Definition: THostAuth.cxx:312
static void AuthError(const char *where, Int_t error)
Print error string depending on error code.
R__EXTERN TSystem * gSystem
Definition: TSystem.h:539
virtual Int_t GetValue(const char *name, Int_t dflt)
Returns the integer value for a resource.
Definition: TEnv.cxx:482
char * Form(const char *fmt,...)
const Bool_t kFALSE
Definition: RtypesCore.h:92
void ErrorMsg(const char *where, Int_t ecode=-1)
Print error string corresponding to ecode, prepending location.
Definition: TRootAuth.cxx:163
R__EXTERN TEnv * gEnv
Definition: TEnv.h:170
Bool_t Contains(const char *pat, ECaseCompare cmp=kExact) const
Definition: TString.h:572
Int_t ClientVersion()
Return client version;.
Definition: TRootAuth.cxx:155
const char * proto
Definition: civetweb.c:11652
static Int_t GetClientProtocol()
Static method returning supported client protocol.
Definition: TSocket.cxx:1494
const char * GetUser() const
const Bool_t kTRUE
Definition: RtypesCore.h:91