24 #if ROOTXRDVERS < ROOT_OldXrdOuc 25 # define XPD_LOG_01 OUC_LOG_01 27 # define XPD_LOG_01 SYS_LOG_01 32 #include "Xrd/XrdBuffer.hh" 34 #include "XrdNet/XrdNetAddrInfo.hh" 36 #include "XrdOuc/XrdOucErrInfo.hh" 37 #include "XrdOuc/XrdOucStream.hh" 38 #include "XrdSec/XrdSecInterface.hh" 39 #include "XrdSys/XrdSysPlugin.hh" 56 typedef XrdSecService *(*XrdSecServLoader_t)(
XrdSysLogger *,
const char *cfn);
75 TRACE(REQ,
"undefined client manager: cannot start");
80 TRACE(REQ,
"undefined session manager: cannot start");
85 int lastcheck = time(0), ckfreq = mgr->
CheckFrequency(), deltat = 0;
88 if ((deltat = ckfreq - (time(0) - lastcheck)) <= 0)
90 int pollRet = mgr->
Pipe()->
Poll(deltat);
96 if ((rc = mgr->
Pipe()->
Recv(msg)) != 0) {
97 XPDERR(
"problems receiving message; errno: "<<-rc);
104 TRACE(XERR,
"obsolete type: XrdProofdClientMgr::kClientDisconnect");
106 TRACE(XERR,
"unknown type: "<<msg.
Type());
128 XPDLOC(CMGR,
"XrdProofdClientMgr")
141 TRACE(XERR,
"unable to generate the pipe");
165 char *val, XrdOucStream *cfg,
bool rcf)
167 XPDLOC(SMGR,
"ClientMgr::DoDirective")
173 if (d->
fName ==
"clientmgr") {
186 XPDLOC(SMGR,
"ClientMgr::DoDirectiveClientMgr")
196 XrdOucString tok(val);
197 if (tok.beginswith(
"checkfq:")) {
198 tok.replace(
"checkfq:",
"");
199 checkfq = strtol(tok.c_str(), 0, 10);
200 }
else if (tok.beginswith(
"activityto:")) {
201 tok.replace(
"activityto:",
"");
202 activityto = strtol(tok.c_str(), 0, 10);
205 val = cfg->GetWord();
230 XPDLOC(CMGR,
"ClientMgr::Config")
234 XPDERR(
"problems parsing file ");
239 msg = (rcf) ?
"re-configuring" :
"configuring";
240 TRACE(ALL, msg.c_str());
244 fClntAdminPath +=
"/clients";
250 XPDERR(
"unable to assert the clients admin path: "<<fClntAdminPath);
254 TRACE(ALL,
"clients admin path set to: "<<fClntAdminPath);
258 XPDERR(
"problems parsing previous active clients: "<<msg);
264 TRACE(ALL,
"XRD seclib not specified; strong authentication disabled");
267 XPDERR(
"unable to load security system.");
270 TRACE(ALL,
"security library loaded");
277 std::list<XrdProofdClient *>::iterator pci;
290 (
void *)&fManagerCron, 0,
"ClientMgr cron thread") != 0) {
291 XPDERR(
"could not start cron thread");
294 TRACE(ALL,
"cron thread started");
306 XPDLOC(CMGR,
"ClientMgr::Login")
318 TRACEP(p, XERR,
"master not allowed to connect - " 319 "ignoring request ("<<p->
Link()->Host()<<
")");
320 response->Send(kXR_InvalidRequest,
321 "master not allowed to connect - request ignored");
328 XrdOucString uname, gname, emsg;
341 XErrorCode rcode = (rccc == -2) ? (XErrorCode) kXR_NotAuthorized
342 : (XErrorCode) kXR_InvalidRequest;
343 response->Send(rcode, emsg.c_str());
344 response->Send(kXR_InvalidRequest, emsg.c_str());
356 response->Send(kXR_InvalidRequest,
"duplicate login; already logged in");
360 TRACE(ALL,
" hostname: '"<<p->
Link()->Host()<<
"'");
364 !strcmp(p->
Link()->Host(),
"localhost") ||
365 !strcmp(p->
Link()->Host(),
"127.0.0.0")) ? 1 : 0;
373 response->SetTag(
"adm");
377 response->SetTag(
"int");
380 if (anyserver || ismaster) {
383 response->SetTag(
"m2c");
385 TRACEP(p, XERR,
"top master mode not allowed - ignoring request");
386 response->Send(kXR_InvalidRequest,
387 "Server not allowed to be top master - ignoring request");
392 if (anyserver || ismaster) {
395 response->SetTag(
"m2m");
397 TRACEP(p, XERR,
"submaster mode not allowed - ignoring request");
398 response->Send(kXR_InvalidRequest,
399 "Server not allowed to be submaster - ignoring request");
407 response->SetTag(
"m2l");
410 TRACEP(p, XERR,
"PLite submaster mode not allowed - ignoring request");
411 response->Send(kXR_InvalidRequest,
412 "Server not allowed to be PLite submaster - ignoring request");
420 response->SetTag(
"w2m");
422 TRACEP(p, XERR,
"worker mode not allowed - ignoring request");
423 response->Send(kXR_InvalidRequest,
424 "Server not allowed to be worker - ignoring request");
430 response->Send(kXR_InvalidRequest,
"Server type: invalide mode");
433 response->SetTraceID();
441 for (i = 0; i < (int)
sizeof(un)-1; i++) {
450 if (uname ==
"?>buf") {
452 char *buf = p->
Argp()->buff;
455 uname.assign(buf,0,len-1);
456 int iusr = uname.find(
"|usr:");
458 TRACEP(p, XERR,
"long user name not found");
459 response->Send(kXR_InvalidRequest,
"long user name not found");
462 uname.erase(0,iusr+5);
463 uname.erase(uname.find(
"|"));
467 int ig = uname.find(
":");
469 gname.assign(uname, ig+1);
471 TRACEP(p, DBG,
"requested group: "<<gname);
480 p->
Link()->setID(uname.c_str(), pid);
482 response->SetTraceID();
488 if (needauth &&
fCIA) {
490 const char *pp =
fCIA->getParms(i, (XrdNetAddrInfo *) p->
Link()->NetAddr());
492 const char *pp =
fCIA->getParms(i, p->
Link()->Name());
507 XErrorCode rcode = (rccc == -2) ? (XErrorCode) kXR_NotAuthorized
508 : (XErrorCode) kXR_InvalidRequest;
509 response->Send(rcode, emsg.c_str());
525 const char *user, XrdOucString &emsg)
527 XPDLOC(CMGR,
"ClientMgr::CheckClient")
530 emsg =
"protocol object undefined!";
534 XrdOucString uname(user), gname(p->
GroupIn());
539 emsg =
"username not passed and not available in the protocol security entity - failing";
547 if (gname.length() > 0) {
550 XPDFORM(emsg,
"group unknown: %s", gname.c_str());
552 }
else if (strncmp(g->
Name(),
"default",7) &&
554 XPDFORM(emsg,
"user %s is not member of group %s", uname.c_str(), gname.c_str());
558 TRACEP(p, DBG,
"group: "<<gname<<
" found");
564 gname = g ? g->
Name() :
"default";
572 if (
fMgr->
CheckUser(uname.c_str(), gname.c_str(), ui, emsg, su) != 0) {
573 if (emsg.length() <= 0)
574 XPDFORM(emsg,
"Controlled access: user '%s', group '%s' not allowed to connect",
575 uname.c_str(), gname.c_str());
581 TRACEP(p, DBG,
"request from entity: "<<uname<<
":"<<gname<<
" (privileged)");
583 TRACEP(p, DBG,
"request from entity: "<<uname<<
":"<<gname);
597 emsg =
"unable to instantiate object for client ";
613 XPDLOC(CMGR,
"ClientMgr::MapClient")
620 TRACEP(p, HDBG,
"all: "<< all);
635 TRACEP(p, DBG,
"cannot find valid instance of XrdProofdClient");
637 "MapClient: cannot find valid instance of XrdProofdClient");
647 short int clientvers = -1;
651 TRACEP(p, XERR,
"proofsrv callback: sent invalid session id");
652 response->Send(kXR_InvalidRequest,
653 "MapClient: proofsrv callback: sent invalid session id");
657 TRACEP(p, DBG,
"proofsrv callback for session: " <<psid);
661 TRACEP(p, DBG,
"PROOF version run by client: " <<clientvers);
668 TRACEP(p, XERR,
"proofsrv callback: wrong target session: "<<psid<<
" : protocol error");
669 response->Send(
kXP_nosession,
"MapClient: proofsrv callback:" 670 " wrong target session: protocol error");
678 TRACEP(p, XERR,
"proofsrv callback: could not get XrdProofdResponse object");
679 response->Send(
kXP_nosession,
"MapClient: proofsrv callback: memory issue?");
687 resp->
SetTag(tid.c_str());
689 TRACEI(resp->
TraceID(), DBG,
"proofsrv callback: link assigned to target session "<<psid);
709 XrdOucString discpath(cpath, 0, cpath.rfind(
"/cid"));
710 discpath +=
"/disconnected";
711 if (unlink(discpath.c_str()) != 0) {
712 XPDFORM(msg,
"warning: could not remove %s (errno: %d)", discpath.c_str(), errno);
713 TRACEP(p, XERR, msg.c_str());
723 TRACEP(p, XERR, msg.c_str());
732 XPDFORM(msg,
"client ID and admin paths created: %s", cpath.c_str());
733 TRACEP(p, DBG, msg.c_str());
740 const char *srvtype[6] = {
"ANY",
"MasterWorker",
"MasterMaster",
741 "ClientMaster",
"Internal",
"Admin"};
742 XPDFORM(msg,
"user %s logged-in%s; type: %s", pc->
User(),
755 XrdOucString &cpath, XrdOucString &emsg)
757 if (!p || !p->
Link()) {
758 XPDFORM(emsg,
"invalid inputs (p: %p)", p);
771 XPDFORM(emsg,
"error creating client admin path: %s", cpath.c_str());
776 FILE *fcid = fopen(cpath.c_str(),
"w");
778 fprintf(fcid,
"%d", p->
CID());
781 XPDFORM(emsg,
"error creating file for client id: %s", cpath.c_str());
793 XrdOucString &cidpath, XrdOucString &emsg)
797 XPDFORM(emsg,
"CheckAdminPath: invalid inputs (p: %p)", p);
809 XrdOucString discpath;
813 bool expired =
false;
815 int rc = stat(discpath.c_str(), &st);
816 if (rc != 0) rc = stat(cidpath.c_str(), &st);
818 if (expired || (rc != 0 && errno != ENOENT)) {
820 cidpath.replace(
"/cid",
"");
822 XPDFORM(emsg,
"CheckAdminPath: reconnection timeout expired: remove %s ",
825 XPDFORM(emsg,
"CheckAdminPath: problems stat'ing %s (errno: %d): remove ",
826 cidpath.c_str(), errno);
828 emsg +=
": failure!";
830 XPDFORM(emsg,
"CheckAdminPath: no such file %s", cidpath.c_str());
844 XPDLOC(CMGR,
"ClientMgr::ParsePreviousClients")
854 TRACE(DBG,
"creating holders for active clients ...");
857 XrdOucString usrpath, cidpath, discpath, usr, grp;
858 struct dirent *ent = 0;
859 while ((ent = (
struct dirent *)readdir(dir))) {
861 if (!strcmp(ent->d_name,
".") || !strcmp(ent->d_name,
".."))
continue;
865 if (stat(usrpath.c_str(), &st) == 0) {
868 usr.erase(usr.find(
'.'));
869 grp.erase(0, grp.find(
'.')+1);
870 TRACE(DBG,
"found usr: "<<usr<<
", grp: "<<grp);
874 XPDFORM(emsg,
"ParsePreviousClients: could not get client instance" 875 " for {%s, %s}", usr.c_str(), grp.c_str());
880 if (!rm && !(subdir = opendir(usrpath.c_str()))) {
881 TRACE(XERR,
"cannot open dir "<<usrpath<<
" ; error: "<<errno);
886 struct dirent *sent = 0;
887 while ((sent = (
struct dirent *)readdir(subdir))) {
889 if (!strcmp(sent->d_name,
".") || !strcmp(sent->d_name,
".."))
continue;
890 if (!strcmp(sent->d_name,
"xpdsock"))
continue;
891 XPDFORM(cidpath,
"%s/%s/cid", usrpath.c_str(), sent->d_name);
893 if (stat(cidpath.c_str(), &st) != 0 ||
906 XPDFORM(discpath,
"%s/%s/disconnected", usrpath.c_str(), sent->d_name);
907 FILE *fd = fopen(discpath.c_str(),
"w");
909 TRACE(XERR,
"unable to create path: " <<discpath);
919 TRACE(DBG,
"removing path: " <<cidpath);
920 cidpath.replace(
"/cid",
"");
921 XPDFORM(emsg,
"ParsePreviousClients: failure: remove %s ", cidpath.c_str());
923 emsg +=
": failure!";
934 TRACE(DBG,
"removing path: " <<usrpath);
935 XPDFORM(emsg,
"ParsePreviousClients: failure: remove %s ", usrpath.c_str());
937 emsg +=
": failure!";
955 XPDLOC(CMGR,
"ClientMgr::CheckClients")
963 TRACE(REQ,
"checking active clients ...");
967 XrdOucString usrpath, cidpath, discpath;
968 struct dirent *ent = 0;
969 while ((ent = (
struct dirent *)readdir(dir))) {
971 if (!strcmp(ent->d_name,
".") || !strcmp(ent->d_name,
".."))
continue;
976 if (stat(usrpath.c_str(), &xst) == 0) {
978 XrdOucString usr, grp;
980 if (!(c =
GetClient(usr.c_str(), grp.c_str(), 0))) {
981 TRACE(XERR,
"instance for client "<<ent->d_name<<
" not found!");
986 if (!rm && !(subdir = opendir(usrpath.c_str()))) {
987 TRACE(XERR,
"cannot open dir "<<usrpath<<
" ; error: "<<errno);
991 bool xrm = 0, xclose = 0;
992 struct dirent *sent = 0;
993 while ((sent = (
struct dirent *)readdir(subdir))) {
995 if (!strcmp(sent->d_name,
".") || !strcmp(sent->d_name,
".."))
continue;
996 if (!strcmp(sent->d_name,
"xpdsock"))
continue;
997 XPDFORM(discpath,
"%s/%s/disconnected", usrpath.c_str(), sent->d_name);
999 XPDFORM(cidpath,
"%s/%s/cid", usrpath.c_str(), sent->d_name);
1001 if (stat(cidpath.c_str(), &st) == 0) {
1003 if (stat(discpath.c_str(), &xst) == 0) {
1013 if (c->
Touch() == 1) {
1033 if (p && p->
Link()) {
1040 TRACE(XERR,
"protocol or link associated with ID "<<cid<<
" are invalid");
1044 TRACE(XERR,
"could not resolve client id from "<<cidpath);
1050 discpath.replace(
"/disconnected",
"");
1051 TRACE(DBG,
"removing path "<<discpath);
1053 TRACE(XERR,
"problems removing "<<discpath<<
"; error: "<<-rc);
1065 TRACE(DBG,
"removing path: " <<usrpath);
1067 TRACE(XERR,
"problems removing "<<usrpath<<
"; error: "<<-rc);
1083 XPDLOC(CMGR,
"ClientMgr::Auth")
1085 XrdSecCredentials cred;
1086 XrdSecParameters *parm = 0;
1096 return response->Send();
1098 cred.buffer = p->
Argp()->buff;
1102 XrdSecProtocol *ap = 0;
1104 XrdNetAddr netaddr(p->
Link()->NetAddr());
1106 struct sockaddr netaddr;
1107 p->
Link()->Name(&netaddr);
1109 if (!(ap =
fCIA->getProtocol(p->
Link()->Host(), netaddr, &cred, &eMsg))) {
1110 eText = eMsg.getErrText(rc);
1111 TRACEP(p, XERR,
"user authentication failed; "<<eText);
1112 response->Send(kXR_NotAuthorized, eText);
1119 size_t len = strlen(
"XrdSecLOGINUSER=")+strlen(p->
UserIn())+2;
1120 char *u =
new char[len];
1126 if (!(rc = p->
AuthProt()->Authenticate(&cred, &parm, &eMsg))) {
1129 if (p->
AuthProt()->Entity.name && strlen(p->
AuthProt()->Entity.name) > 0) {
1131 XrdOucString usrs(p->
AuthProt()->Entity.name);
1134 int from = 0, rcmtc = -1;
1135 while ((from = usrs.tokenize(usr, from,
',')) != STR_NPOS) {
1138 p->
AuthProt()->Entity.name = strdup(usr.c_str());
1139 if ((usr == p->
UserIn())) {
1141 p->
AuthProt()->Entity.name = strdup(usr.c_str());
1147 namsg =
"logging as '";
1148 namsg += p->
AuthProt()->Entity.name;
1149 namsg +=
"' instead of '";
1151 namsg +=
"' following admin settings";
1152 TRACEP(p, LOGIN, namsg.c_str());
1153 namsg.insert(
"Warning: ", 0);
1154 response->Send(kXR_attn,
kXPD_srvmsg, 2, (
char *) namsg.c_str(), namsg.length());
1157 TRACEP(p, XERR,
"user name is empty: protocol error?");
1160 TRACEP(p, XERR,
"name of the authenticated entity is empty: protocol error?");
1166 rc = response->Send();
1167 char status = p->
Status();
1174 TRACEP(p, LOGIN, p->
Link()->ID << msg <<
" nobody");
1182 TRACEP(p, DBG,
"more auth requested; sz: " <<(parm ? parm->size : 0));
1184 rc = response->Send(kXR_authmore, parm->buffer, parm->size);
1192 TRACEP(p, XERR,
"security requested additional auth w/o parms!");
1202 eText = (namsg.length() > 0) ? namsg.c_str() : eMsg.getErrText(rc);
1203 TRACEP(p, XERR,
"user authentication failed; "<<eText);
1204 response->Send(kXR_NotAuthorized, eText);
1213 XPDLOC(CMGR,
"ClientMgr::LoadSecurity")
1215 TRACE(REQ,
"LoadSecurity");
1218 const char *seclib =
fSecLib.c_str();
1222 TRACE(XERR,
"config file not specified");
1228 TRACE(XERR,
"could not create plugin instance for "<<seclib);
1229 return (XrdSecService *)0;
1235 TRACE(XERR,
"could not find 'XrdSecgetService()' in "<<seclib);
1236 return (XrdSecService *)0;
1247 TRACE(XERR,
"no security directives: strong authentication disabled");
1251 TRACE(XERR,
"creating temporary config file");
1256 XrdSecService *cia = 0;
1258 TRACE(XERR,
"Unable to create security service object via " << seclib);
1265 TRACE(ALL,
"strong authentication enabled");
1287 XPDLOC(CMGR,
"ClientMgr::FilterSecConfig")
1289 static const char *pfx[] = {
"xpd.sec.",
"sec.protparm",
"sec.protocol",
"set" };
1292 TRACE(REQ,
"enter");
1299 if (!cfn || !(fin = fopen(cfn,
"r"))) {
1300 nd = (errno > 0) ? -errno : -1;
1308 while (fgets(lin,
sizeof(lin),fin)) {
1309 if (!strncmp(lin, pfx[0], strlen(pfx[0])) ||
1310 !strncmp(lin, pfx[1], strlen(pfx[1])) ||
1311 !strncmp(lin, pfx[2], strlen(pfx[2])) ||
1312 !strncmp(lin, pfx[3], strlen(pfx[3]))) {
1317 size_t len = strlen(
fMgr->
TMPdir()) + strlen(
"/xpdcfn_XXXXXX") + 2;
1318 rcfn =
new char[len];
1320 mode_t oldum = umask(022);
1321 if ((fd = mkstemp(rcfn)) < 0) {
1323 nd = (errno > 0) ? -errno : -1;
1326 oldum = umask(oldum);
1329 oldum = umask(oldum);
1331 XrdOucString slin = lin;
1333 if (slin.beginswith(
"xpd.")) slin.replace(
"xpd.",
"");
1343 if (fd >= 0)
close(fd);
1356 XPDLOC(CMGR,
"ClientMgr::GetClient")
1358 TRACE(DBG,
"usr: "<< (usr ? usr :
"undef")<<
", grp:"<<(grp ? grp :
"undef"));
1360 XrdOucString dmsg, emsg;
1363 std::list<XrdProofdClient *>::iterator i;
1367 if ((c = *i) && c->
Match(usr,grp))
break;
1384 bool freeclient = 1;
1392 emsg =
"group = "; emsg += grp; emsg +=
" nor found";
1398 if ((nc = *i) && nc->
Match(usr,grp))
break;
1411 XPDFORM(dmsg,
"instance for {client, group} = {%s, %s} created" 1412 " and added to the list (%p)", usr, grp, c);
1416 XPDFORM(dmsg,
"instance for {client, group} = {%s, %s} is invalid", usr, grp);
1422 XPDFORM(dmsg,
"client '%s' unknown or unauthorized: %s", usr, emsg.c_str());
1428 if (c && !newclient) {
1431 XPDFORM(dmsg,
"problems trimming client '%s' sandbox", usr);
1436 if (dmsg.length() > 0) {
1440 if (emsg.length() > 0)
TRACE(XERR, emsg);
1456 std::list<XrdProofdClient *> *clnts;
1461 clnts =
new std::list<XrdProofdClient *>;
1462 clnts->push_back(clnt);
1467 std::list<XrdProofdClient *>::iterator i;
1469 for (i = clnts->begin(); i != clnts->end(); ++i) {
1475 if (clnt)
delete clnts;
1485 XPDLOC(CMGR,
"ClientMgr::TerminateSessions")
1489 std::list<XrdProofdClient *> *clnts;
1495 clnts =
new std::list<XrdProofdClient *>;
1496 clnts->push_back(clnt);
1502 std::list<XrdProofdClient *>::iterator i;
1504 for (i = clnts->begin(); i != clnts->end(); ++i) {
1511 TRACE(DBG,
"cleaning "<<all);
1516 XPDFORM(buf,
"%s %d", (all ?
"all" : clnt->
User()), srvtype);
1517 TRACE(DBG,
"posting: "<<buf);
1519 buf.c_str())) != 0) {
1520 TRACE(XERR,
"problem posting the pipe; errno: "<<-rc);
1525 for (i = clnts->begin(); i != clnts->end(); ++i) {
1531 if (clnt)
delete clnts;
int Auth(XrdProofdProtocol *xp)
Analyse client authentication info.
const char * Name() const
XrdSysRecMutex * Mutex() const
int GetClientID(XrdProofdProtocol *p)
Get next free client ID.
static int Write(int fd, const void *buf, size_t nb)
Write nb bytes at buf to descriptor 'fd' ignoring interrupts Return the number of bytes written or -1...
int Poll(int to=-1)
Poll over the read pipe for to secs; return whatever poll returns.
static constexpr double pi
int ReserveClientID(int cid)
Reserve a client ID.
XrdProofdProofServMgr * SessionMgr() const
static int GetUserInfo(const char *usr, XrdProofUI &ui)
Get information about user 'usr' in a thread safe way.
XrdROOT * DefaultVersion() const
int DoDirectiveClass(XrdProofdDirective *, char *val, XrdOucStream *cfg, bool rcf)
Generic class directive processor.
static int RmDir(const char *path)
Remove directory at path and its content.
void RegisterDirectives()
Register directives for configuration.
void SetGroup(const char *g)
static XpdManagerCron_t fManagerCron
#define TRACE(Flag, Args)
void * XrdProofdClientCron(void *p)
This is an endless loop to check the system periodically or when triggered via a message in a dedicat...
int CheckAdminPath(XrdProofdProtocol *p, XrdOucString &cidpath, XrdOucString &emsg)
Check the old-clients admin for an existing entry for this client and read the client ID;...
void SetAuthProt(XrdSecProtocol *p)
void Broadcast(XrdProofdClient *c, const char *msg)
Broadcast message 'msg' to the connected instances of client 'clnt' or to all connected instances if ...
int DoDirectiveInt(XrdProofdDirective *, char *val, XrdOucStream *cfg, bool rcf)
Process directive for an integer.
#define kXPD_MasterMaster
void SetAdminPath(const char *p)
#define kXPD_ClientMaster
XrdProofGroup * GetGroup(const char *grp)
Returns the instance of for group 'grp.
XrdSecProtocol * AuthProt() const
const char * AdminPath() const
struct ClientRequestHdr header
int Recv(XpdMsg &msg)
Recv message from the pipe.
void SetCID(kXR_int32 cid)
void Print()
Dump group content.
XrdProofGroupMgr * GroupsMgr() const
const char * User() const
void SetUserIn(const char *uin)
#define TRACEI(id, act, x)
int MapClient(XrdProofdProtocol *xp, bool all=1)
Process a login request.
XrdSysPlugin * fSecPlugin
XrdProofdClientMgr * fClientMgr
const char * Ordinal() const
char * FilterSecConfig(int &nd)
Grep directives of the form "xpd.sec...", "sec.protparm" and "sec.protocol" from file 'cfn' and save ...
bool HasMember(const char *usr)
Check if 'usr' is member of this group.
int Login(XrdProofdProtocol *xp)
Process a login request.
void TerminateSessions(XrdProofdClient *c, const char *msg, int srvtype)
Terminate sessions of client 'clnt' or to of all clients if clnt == 0.
XrdSecService * LoadSecurity()
Load security framework and plugins, if not already done.
bool Match(const char *usr, const char *grp=0)
return TRUE if this instance matches 'id' (and 'grp', if defined)
void Broadcast(const char *msg)
Broadcast message 'msg' to the connected clients.
bool CheckMaster(const char *m)
Check if master 'm' is allowed to connect to this host.
int DoDirectiveClientMgr(char *, XrdOucStream *, bool)
Process 'clientmgr' directive eg: xpd.clientmgr checkfq:120 activityto:600.
int ParsePreviousClients(XrdOucString &emsg)
Client entries for the clients still connected when the daemon terminated.
#define kXPD_MasterWorker
XrdProofdResponse * Response(kXR_unt16 rid)
Get response instance corresponding to stream ID 'sid'.
static int GetIDFromPath(const char *path, XrdOucString &emsg)
Extract an integer from a file.
#define XrdSysMutexHelper
const char * Host() const
int CheckUser(const char *usr, const char *grp, XrdProofUI &ui, XrdOucString &e, bool &su)
Check if the user is allowed to use the system Return 0 if OK, -1 if not.
#define TRACEP(p, act, x)
void SetProofProtocol(short int pp)
int Config(bool rcf=0)
Run configuration and parse the entered config directives.
void SetTraceID()
Auxilliary set method.
void SetClntCapVer(unsigned char c)
void SetAuthEntity(XrdSecEntity *se=0)
int CheckClient(XrdProofdProtocol *p, const char *user, XrdOucString &emsg)
Perform checks on the client username.
XrdProofGroup * GetUserGroup(const char *usr, const char *grp=0)
Returns the instance of the first group to which this user belongs; if grp != 0, return the instance ...
std::list< XrdProofdClient * > fProofdClients
XrdSecService *(* XrdSecServLoader_t)(XrdSysLogger *, const char *cfn)
const char * TraceID() const
const char * TMPdir() const
const char * UserIn() const
void SetConnection(XrdProofdResponse *r)
int Touch(bool reset=0)
Send a touch the connected clients: this will remotely touch the associated TSocket instance and sche...
static int AssertDir(const char *path, XrdProofUI ui, bool changeown)
Make sure that 'path' exists and is owned by the entity described by 'ui'.
XrdROOTMgr * ROOTMgr() const
XrdProofdProofServMgr * fSessionMgr
static int CheckIf(XrdOucStream *s, const char *h)
Check existence and match condition of an 'if' directive If none (valid) is found, return -1.
int ResolveKeywords(XrdOucString &s, XrdProofdClient *pcl)
Resolve special keywords in 's' for client 'pcl'.
void SetClient(XrdProofdClient *c)
int DoDirective(XrdProofdDirective *d, char *val, XrdOucStream *cfg, bool rcf)
Update the priorities of the active sessions.
int DoDirectiveString(XrdProofdDirective *, char *val, XrdOucStream *cfg, bool rcf)
Process directive for a string.
static int ParseUsrGrp(const char *path, XrdOucString &usr, XrdOucString &grp)
Parse a path in the form of "<usr>[.<grp>][.<pid>]", filling 'usr' and 'grp'.
void SetSuperUser(bool su=1)
void SetValid(bool valid=1)
you should not use this method at all Int_t Int_t Double_t Double_t Double_t e
const char * AdminPath() const
const char * EffectiveUser() const
#define XPD_SETRESP(p, x)
struct XPClientLoginRequest login
XrdProofdProtocol * GetProtocol(int ic)
Return protocol attached to client slot at 'ic'.
const char * GroupIn() const
int CreateAdminPath(XrdProofdProtocol *p, XrdOucString &path, XrdOucString &e)
Create the client directory in the admin path.
int CheckFrequency() const
const char * CfgFile() const
XrdProofdClientMgr(XrdProofdManager *mgr, XrdProtocol_Config *pi, XrdSysError *e)
Constructor.
void SkipSessionsCheck(std::list< XrdProofdProofServ *> *active, XrdOucString &emsg, XrdProofdResponse *r=0)
Skip the next sessions status check.
static constexpr double pc
XrdProofdClient * GetClient(const char *usr, const char *grp=0, bool create=1)
Handle request for localizing a client instance for {usr, grp} from the list.
XrdProofdClient * Client() const
int Post(int type, const char *msg)
Post message on the pipe.
XrdProofdProofServ * GetServer(int psid)
Get from the vector server instance with ID psid.
virtual int Config(bool rcf=0)
void SetTag(const char *tag)
XrdOucString fClntAdminPath
void Register(const char *dname, XrdProofdDirective *d)
XPClientRequest * Request() const
int CheckClients()
Regular checks of the client admin path; run by the cron job.
void ResetSessions()
Reset this instance.
void SetGroupIn(const char *gin)
int SetClientID(int cid, XrdProofdProtocol *p)
Set slot cid to instance 'p'.
static constexpr double g