12 #ifndef ROOT_TAuthenticate 13 #define ROOT_TAuthenticate 35 #include <openssl/blowfish.h> 54 struct R__rsa_KEY_export;
121 static BF_KEY fgBFKey;
133 static void FileExpand(
const char *fin, FILE *ftmp);
139 const char *user =
"");
164 R__rsa_NUMBER &d,
char **rsassl = 0);
189 static char *
PromptPasswd(
const char *prompt =
"Password: ");
194 Int_t KeyType,
char **Out);
196 Int_t KeyType,
const char *In);
THostAuth * GetHostAuth() const
static Bool_t GetGlobalSRPPwd()
Static method returning the global SRP password flag.
static void SetKrb5AuthHook(Krb5Auth_t func)
Set kerberos5 authorization function.
static void SetDefaultUser(const char *defaultuser)
Set default user name.
static Int_t GetRSAInit()
Static method returning the RSA initialization flag.
static Int_t GetClientProtocol()
Static method returning supported client protocol.
void SetRSAKeyType(Int_t key)
static void InitRandom()
Initialize random machine using seed from /dev/urandom (or current time if /dev/urandom not available...
static Bool_t GetAuthReUse()
Static method returning the authentication reuse settings.
static Bool_t fgUsrPwdCrypt
static void RemoveSecContext(TRootSecContext *ctx)
Tool for removing SecContext ctx from THostAuth listed in fgAuthInfo or fgProofAuthInfo.
TSocket * GetSocket() const
Int_t AuthExists(TString User, Int_t method, const char *Options, Int_t *Message, Int_t *Rflag, CheckSecCtx_t funcheck)
Check if we have a valid established sec context in memory Retrieves relevant info and negotiates wit...
static Bool_t fgPromptUser
Int_t(* GlobusAuth_t)(TAuthenticate *auth, TString &user, TString &det)
static void SetGlobalUser(const char *user)
Set global user name to be used for authentication to rootd or proofd.
Int_t(* Krb5Auth_t)(TAuthenticate *auth, TString &user, TString &det, Int_t version)
Int_t SshAuth(TString &user)
SSH client authentication code.
static void RemoveHostAuth(THostAuth *ha, Option_t *opt="")
Remove THostAuth instance from the list.
const char * GetSshUser(TString user) const
Method returning the user to be used for the ssh login.
This class implements a mutex interface.
static GlobusAuth_t GetGlobusAuthHook()
Static method returning the globus authorization hook.
Int_t GetRSAKeyType() const
const char * GetProtocol() const
static TList * fgProofAuthInfo
static char * GetDefaultDetails(Int_t method, Int_t opt, const char *user)
Determine default authentication details for method 'sec' and user 'usr'.
const char * GetRemoteHost() const
static const char * GetKrb5Principal()
Static method returning the principal to be used to init Krb5 tickets.
R__EXTERN TVirtualMutex * gAuthenticateMutex
Bool_t Authenticate()
Authenticate to remote rootd or proofd server.
static SecureAuth_t fgSecAuthHook
static void SetReadHomeAuthrc(Bool_t readhomeauthrc)
Set flag controlling the reading of $HOME/.rootauthrc.
Int_t ClearAuth(TString &user, TString &passwd, Bool_t &pwhash)
UsrPwd client authentication code.
static TPluginHandler * fgPasswdDialog
static Int_t ReadRootAuthrc()
Read authentication directives from $ROOTAUTHRC, $HOME/.rootauthrc or <Root_etc_dir>/system.rootauthrc and create related THostAuth objects.
static TList * fgAuthInfo
static void SetPromptUser(Bool_t promptuser)
Set global PromptUser flag.
static char * PromptPasswd(const char *prompt="Password: ")
Static method to prompt for the user's passwd to be used for authentication to rootd or proofd...
static GlobusAuth_t fgGlobusAuthHook
#define ClassDef(name, id)
Int_t HasTimedOut() const
Int_t ProofAuthSetup()
Authentication related stuff setup in TProofServ.
Int_t RfioAuth(TString &user)
UidGid client authentication code.
static void SetTimeOut(Int_t to)
Set timeout (active if > 0)
static void SetGlobalSRPPwd(Bool_t srppwd)
Set global SRP passwd flag to be used for authentication to rootd or proofd.
static Bool_t GetPromptUser()
Static method returning the prompt user settings.
TRootSecContext * GetSecContext() const
TAuthenticate(TSocket *sock, const char *remote, const char *proto, const char *user="")
Create authentication object.
Int_t(* CheckSecCtx_t)(const char *subj, TRootSecContext *ctx)
static Int_t SecureSend(TSocket *Socket, Int_t enc, Int_t KeyType, const char *In)
Encode null terminated str using the session private key indicated by enc and sends it over the netwo...
static R__rsa_KEY_export * fgRSAPubExport
void SetSecContext(TRootSecContext *ctx)
Int_t SshError(const char *errfile)
SSH error parsing: returns 0 : no error or fatal 1 : should retry (eg 'connection closed by remote ho...
static void AuthError(const char *where, Int_t error)
Print error string depending on error code.
static Krb5Auth_t fgKrb5AuthHook
static void SetRSAInit(Int_t init=1)
Static method setting RSA initialization flag.
static R__rsa_KEY fgRSAPubKey
static TDatime GetGlobalExpDate()
Static method returning default expiring date for new validity contexts.
Int_t(* SecureAuth_t)(TAuthenticate *auth, const char *user, const char *passwd, const char *remote, TString &det, Int_t version)
static void SetSecureAuthHook(SecureAuth_t func)
Set secure authorization function.
static R__rsa_KEY fgRSAPriKey
Int_t GenRSAKeys()
Generate a valid pair of private/public RSA keys to protect for authentication token exchange...
static char * PromptUser(const char *remote)
Static method to prompt for the user name to be used for authentication to rootd or proofd...
static TList * GetProofAuthInfo()
Static method returning the list with authentication directives to be sent to proof.
static Int_t SetRSAPublic(const char *rsapubexport, Int_t klen)
Store RSA public keys from export string rsaPubExport.
static Bool_t CheckProofAuth(Int_t cSec, TString &det)
Check if the authentication method can be attempted for the client.
TRootSecContext * fSecContext
static const char * GetDefaultUser()
Static method returning the default user information.
static TDatime fgLastAuthrc
static void Show(Option_t *opt="S")
Print info about the authentication sector.
ESecurity GetSecurity() const
static TList * GetAuthInfo()
Static method returning the list with authentication details.
static void SetAuthReUse(Bool_t authreuse)
Set global AuthReUse flag.
static TString fgKrb5Principal
void CatchTimeOut()
Called in connection with a timer timeout.
Bool_t GetUserPasswd(TString &user, TString &passwd, Bool_t &pwhash, Bool_t srppwd)
Try to get user name and passwd from several sources.
void SetEnvironment()
Set default authentication environment.
static void FileExpand(const char *fin, FILE *ftmp)
Expands include directives found in fexp files The expanded, temporary file, is pointed to by 'ftmp' ...
static Int_t SecureRecv(TSocket *Socket, Int_t dec, Int_t KeyType, char **Out)
Receive str from sock and decode it using key indicated by key type Return number of received bytes o...
static Bool_t CheckHost(const char *Host, const char *host)
Check if 'host' matches 'href': this means either equal or "containing" it, even with wild cards * in...
static void SetGlobalExpDate(TDatime expdate)
Set default expiring date for new validity contexts.
static TString fgDefaultUser
static void SetGlobusAuthHook(GlobusAuth_t func)
Set Globus authorization function.
static void SetGlobalPwHash(Bool_t pwhash)
Set global passwd hash flag to be used for authentication to rootd or proofd.
static void MergeHostAuthList(TList *Std, TList *New, Option_t *Opt="")
Tool for updating fgAuthInfo or fgProofAuthInfo 'nin' contains list of last input information through...
static const char * GetRSAPubExport(Int_t key=0)
Static method returning the RSA public keys.
Mother of all ROOT objects.
static TString fgRootAuthrc
static const char * GetGlobalUser()
Static method returning the global user.
static TString fgAuthMeth[kMAXSEC]
static Bool_t fgReadHomeAuthrc
Bool_t CheckNetrc(TString &user, TString &passwd)
Try to get user name and passwd from the ~/.rootnetrc or ~/.netrc files.
char * GetRandString(Int_t Opt, Int_t Len)
Allocates and fills a 0 terminated buffer of length len+1 with len random characters.
static void SetDefaultRSAKeyType(Int_t key)
Static method setting the default type of RSA key.
static Bool_t GetGlobalPwHash()
Static method returning the global password hash flag.
const char * GetUser() const
static Bool_t fgAuthReUse
static Int_t GetAuthMethodIdx(const char *meth)
Static method returning the method index (which can be used to find the method in GetAuthMethod())...
static THostAuth * HasHostAuth(const char *host, const char *user, Option_t *opt="R")
Checks if a THostAuth with exact match for {host,user} exists in the fgAuthInfo list If opt = "P" use...
static void SetGlobalPasswd(const char *passwd)
Set global passwd to be used for authentication to rootd or proofd.
static Int_t DecodeRSAPublic(const char *rsapubexport, R__rsa_NUMBER &n, R__rsa_NUMBER &d, char **rsassl=0)
Store RSA public keys from export string rsaPubExport.
static Int_t SendRSAPublicKey(TSocket *Socket, Int_t key=0)
Receives server RSA Public key Sends local RSA public key encoded.
This class stores the date and time with a precision of one second in an unsigned 32 bit word (950130...
static const char * GetAuthMethod(Int_t idx)
Static method returning the method corresponding to idx.