164 #include "RConfigure.h" 176 #include <sys/types.h> 178 #include <sys/stat.h> 179 #include <sys/socket.h> 180 #include <sys/param.h> 181 #include <netinet/in.h> 182 #include <arpa/inet.h> 186 #include "snprintf.h" 188 #if defined(__CYGWIN__) && defined(__GNUC__) 194 #if defined(linux) || defined(__sun) || defined(__sgi) || \ 195 defined(_AIX) || defined(__FreeBSD__) || defined(__APPLE__) || \ 196 defined(__MACH__) || defined(cygwingcc) || defined(__OpenBSD__) 198 #include <sys/types.h> 200 #define ROOT_SIGNAL_INCLUDED 203 #if defined(__sgi) && !defined(__GNUG__) && (SGI_REL<62) 205 int seteuid(
int euid);
206 int setegid(
int egid);
213 int seteuid(uid_t euid);
214 int setegid(gid_t egid);
219 #if defined(R__SUNGCC3) 220 extern "C" int gethostname(
char *,
unsigned int);
248 using namespace ROOT;
254 void Err(
int level,
const char *msg,
int size)
256 Perror((
char *)msg, size);
261 void ErrFatal(
int level,
const char *msg,
int size)
263 Perror((
char *)msg, size);
269 void ErrSys(
int level,
const char *msg,
int size)
271 Perror((
char *)msg, size);
283 ErrorInfo(
"ProofdTerm: rootd.cxx: got a SIGTERM/SIGINT");
297 ErrorInfo(
"ProofdTerm: rootd.cxx: got a SIGTERM/SIGINT");
312 std::string conffile =
"proof.conf";
315 if (getenv(
"HOME")) {
316 conffile.insert(0,
"/.");
317 conffile.insert(0,getenv(
"HOME"));
320 conffile[conffile.length()] = 0;
322 if (!(proofconf = fopen(conffile.c_str(),
"r"))) {
327 conffile[conffile.length()] = 0;
329 if (proofconf || (proofconf = fopen(conffile.c_str(),
"r")) != 0) {
332 static char user_on_node[32];
339 strncpy(user_on_node,
"any", 32);
340 user_on_node[31] = 0;
342 while (fgets(line,
sizeof(line), proofconf) != 0) {
344 if (line[0] ==
'#')
continue;
346 int nword = sscanf(line,
"%63s %63s %63s %63s",
347 word[0], word[1], word[2], word[3]);
353 if (nword >= 2 && strcmp(word[0],
"node") == 0) {
354 if (gethostbyname(word[1]) != 0) {
356 if (strlen(word[1]) < 32) {
357 strncpy(node_name[nnodes], word[1], 32);
358 node_name[nnodes][31] = 0;
370 if (nword >= 4 && strcmp(word[0],
"user") == 0 &&
371 strcmp(word[1],
gUser.c_str()) == 0 &&
372 strcmp(word[2],
"on") == 0) {
374 if (strlen(word[3]) < 32) {
375 strncpy(user_on_node, word[3], 32);
376 user_on_node[31] = 0;
384 for (i = 0; i < nnodes; i++) {
385 if (strcmp(node_name[i], user_on_node) == 0) {
394 conffile =
gConfDir +
"/etc/next.node";
395 proofconf = fopen(conffile.c_str(),
"r");
397 if (fstat(fileno(proofconf), &statbuf) == 0 &&
398 difftime(time(0), statbuf.st_mtime) < 600) {
399 if (fgets(line,
sizeof(line), proofconf) != 0) {
400 strncpy(user_on_node, line, 32);
401 user_on_node[31] = 0;
402 for (i = 0; i < nnodes; i++) {
403 if (strcmp(node_name[i], user_on_node) == 0) {
424 if (RpdGetOffSet() > -1) {
425 if ((nrec = RpdSecureRecv(abuf)) < 0) {
426 ErrorInfo(
"RpdProofGetAuthSetup: sec: problems receiving buf");
433 if (
NetRecv(buflen, 20, kind) < 0) {
434 ErrorInfo(
"RpdProofGetAuthSetup: plain: problems receiving buf length");
437 int len = atoi(buflen);
440 *abuf =
new char[len + 1];
442 ErrorInfo(
"RpdProofGetAuthSetup: plain: problems receiving buf");
450 ErrorInfo(
"RpdProofGetAuthSetup: proto: %d len: %d",
451 RpdGetAuthProtocol(), nrec);
485 const char *node_name;
490 gethostname(host_name,
sizeof(host_name));
493 if (strcmp(host_name, node_name) != 0) {
494 struct hostent *host = gethostbyname(host_name);
495 struct hostent *node;
498 struct in_addr *host_addr = (
struct in_addr*)(host->h_addr);
500 if (strlen(inet_ntoa(*host_addr)) < 32) {
501 strncpy(host_numb, inet_ntoa(*host_addr), 32);
505 if ((node = gethostbyname(node_name)) != 0) {
506 struct in_addr *node_addr = (
struct in_addr*)(node->h_addr);
508 strncpy(node_numb, inet_ntoa(*node_addr), 32);
514 if (strcmp(host_numb, node_numb) != 0) {
515 msg = std::string(
"Reroute:").append(node_numb);
531 char *rootproofauthsetup =
new char[20 + strlen(authbuff)];
532 memset(rootproofauthsetup, 0, 20 + strlen(authbuff));
533 snprintf(rootproofauthsetup, 20 + strlen(authbuff),
"ROOTPROOFAUTHSETUP=%s", authbuff);
534 putenv(rootproofauthsetup);
535 }
else if (lab < 0) {
536 ErrorInfo(
"ProofdExec: problems receiving auth buffer");
538 if (authbuff)
delete[] authbuff;
541 if(RpdGetClientProtocol() >= 16) {
546 int rc = NetRecvAllocate(vb, len, kind);
549 ErrorInfo(
"ProofdExec: error receiving kPROOF_SETENV message");
554 ErrorInfo(
"ProofdExec: expecting kPROOF_SETENV, got %d", kind);
559 char *buf = (
char *) vb;
560 char *end = buf + len;
561 const char name[] =
"PROOF_ALLVARS=";
562 int alen = strlen(name)+len;
563 char *all =
new char[alen];
564 strlcpy(all, name, alen);
567 char *p = index(buf,
'=');
569 if (buf != (
char *) vb) strlcat(all,
",", alen);
570 strlcat(all, buf, alen);
573 buf += strlen(buf) + 1;
580 ErrorInfo(
"ProofdExec: send Okay (SockFd: %d)", sockFd);
584 if (sockFd == 0 || sockFd == 1 || sockFd == 2) {
587 for (fd = 3; fd < NOFILE; fd++) {
589 if (fstat(fd, &stbuf) == -1 &&
GetErrno() == EBADF) {
590 if (dup2(sockFd, fd) < 0)
591 ErrorInfo(
"ProofdExec: problems executing 'dup2' (errno: %d)", errno);
603 NetSend(
"Cannot start proofserver -- no free filedescriptor");
611 char *rootconf =
new char[13+
gConfDir.length()];
612 memset(rootconf, 0, 13 +
gConfDir.length());
616 ErrorInfo(
"ProofdExec: setting: %s", rootconf);
618 char *roottmp =
new char[12+
gTmpDir.length()];
619 memset(roottmp, 0, 12 +
gTmpDir.length());
623 ErrorInfo(
"ProofdExec: setting: %s", roottmp);
625 char *rootentity =
new char[
gUser.length()+
gOpenHost.length()+33];
631 ErrorInfo(
"ProofdExec: setting: %s", rootentity);
633 char *rootopensock =
new char[33];
634 memset(rootopensock, 0, 33);
635 snprintf(rootopensock, 33,
"ROOTOPENSOCK=%d", sockFd);
636 putenv(rootopensock);
638 ErrorInfo(
"ProofdExec: setting: %s", rootopensock);
640 char *roothomeauthrc =
new char[20];
641 memset(roothomeauthrc, 0, 20);
643 putenv(roothomeauthrc);
645 ErrorInfo(
"ProofdExec: setting: %s", roothomeauthrc);
649 char *shmidcred =
new char[25];
650 memset(shmidcred, 0, 25);
651 snprintf(shmidcred, 25,
"ROOTSHMIDCRED=%d", RpdGetShmIdCred());
654 ErrorInfo(
"ProofdExec: setting: %s", shmidcred);
659 argvv[0] = (
char *)arg0.c_str();
660 argvv[1] = (
char *)(
gMaster ?
"proofserv" :
"proofslave");
664 char *rootsys =
new char[9+
gConfDir.length()];
665 memset(rootsys, 0, 9 +
gConfDir.length());
669 ErrorInfo(
"ProofdExec: setting: %s", rootsys);
672 char *oldpath, *ldpath;
673 # if defined(__hpux) || defined(_HIUX_SOURCE) 674 if ((oldpath = getenv(
"SHLIB_PATH")) && strlen(oldpath) > 0) {
675 ldpath =
new char[32+
gConfDir.length()+strlen(oldpath)];
676 memset(ldpath, 0, 32+
gConfDir.length()+strlen(oldpath));
678 "SHLIB_PATH=%s/lib:%s",
gConfDir.c_str(), oldpath);
680 ldpath =
new char[32+
gConfDir.length()];
681 memset(ldpath, 0, 32+
gConfDir.length());
685 if ((oldpath = getenv(
"LIBPATH")) && strlen(oldpath) > 0) {
686 ldpath =
new char[32+
gConfDir.length()+strlen(oldpath)];
687 memset(ldpath, 0, 32+
gConfDir.length()+strlen(oldpath));
689 "LIBPATH=%s/lib:%s",
gConfDir.c_str(), oldpath);
691 ldpath =
new char[32+
gConfDir.length()];
692 memset(ldpath, 0, 32+
gConfDir.length());
695 # elif defined(__APPLE__) 696 if ((oldpath = getenv(
"DYLD_LIBRARY_PATH")) && strlen(oldpath) > 0) {
697 ldpath =
new char[32+
gConfDir.length()+strlen(oldpath)];
698 memset(ldpath, 0, 32+
gConfDir.length()+strlen(oldpath));
700 "DYLD_LIBRARY_PATH=%s/lib:%s",
gConfDir.c_str(), oldpath);
702 ldpath =
new char[32+
gConfDir.length()];
703 memset(ldpath, 0, 32+
gConfDir.length());
707 if ((oldpath = getenv(
"LD_LIBRARY_PATH")) && strlen(oldpath) > 0) {
708 ldpath =
new char[32+
gConfDir.length()+strlen(oldpath)];
709 memset(ldpath, 0, 32+
gConfDir.length()+strlen(oldpath));
711 "LD_LIBRARY_PATH=%s/lib:%s",
gConfDir.c_str(), oldpath);
713 ldpath =
new char[32+
gConfDir.length()];
714 memset(ldpath, 0, 32+
gConfDir.length());
720 ErrorInfo(
"ProofdExec: setting: %s", ldpath);
730 authrc =
new char[15+
gAuthrc.length()];
731 memset(authrc, 0, 15 +
gAuthrc.length());
735 ErrorInfo(
"ProofdExec: setting: %s", authrc);
739 char *keyfile =
new char[15+strlen(RpdGetKeyRoot())];
740 memset(keyfile, 0, 15+strlen(RpdGetKeyRoot()));
741 snprintf(keyfile, 15+strlen(RpdGetKeyRoot()),
"ROOTKEYFILE=%s",RpdGetKeyRoot());
744 ErrorInfo(
"ProofdExec: setting: %s", keyfile);
747 ErrorInfo(
"ProofdExec: execv(%s, %s)", argvv[0], argvv[1]);
750 execv(arg0.c_str(), argvv);
753 msg =
"Cannot start PROOF server --- make sure " + arg0 +
" exists!";
762 fprintf(stderr,
"\nUsage: %s [options] [rootsys-dir]\n", name);
763 fprintf(stderr,
"\nOptions:\n");
764 fprintf(stderr,
"\t-A [<rootauthrc>] Use $HOME/.rootauthrc or specified file\n");
765 fprintf(stderr,
"\t (see documentation)\n");
766 fprintf(stderr,
"\t-b tcpwindowsize Specify the tcp window size in bytes\n");
768 fprintf(stderr,
"\t-C hostcertfile Specify the location of the Globus host certificate\n");
770 fprintf(stderr,
"\t-d level set debug level [0..3]\n");
771 fprintf(stderr,
"\t-D rootdaemonrc Use alternate rootdaemonrc file\n");
772 fprintf(stderr,
"\t (see documentation)\n");
773 fprintf(stderr,
"\t-E Ignored for backward compatibility\n");
774 fprintf(stderr,
"\t-f Run in foreground\n");
776 fprintf(stderr,
"\t-G gridmapfile Specify the location of th Globus gridmap\n");
778 fprintf(stderr,
"\t-i Running from inetd\n");
779 fprintf(stderr,
"\t-noauth Do not require client authentication\n");
780 fprintf(stderr,
"\t-p port# Specify a different port to listen on\n");
781 fprintf(stderr,
"\t-s sshd_port# Specify the port for the sshd daemon\n");
783 fprintf(stderr,
"\t-S keytabfile Use an alternate keytab file\n");
785 fprintf(stderr,
"\t-T <tmpdir> Use an alternate temp dir\n");
786 fprintf(stderr,
"\t-w Do not check /etc/hosts.equiv and $HOME/.rhosts\n");
793 if (withctx) printf(
" \n");
794 printf(
" NB: The proofd daemon is deprecated and not maintained any longer and will be removed in ROOT v6.16/00\n");
795 printf(
" Please contact the ROOT team in the unlikely event this change is disruptive for your workflow.\n");
796 if (withctx) printf(
" \n");
801 int main(
int argc,
char **argv)
804 int checkhostsequiv = 1;
805 int tcpwindowsize = 65535;
809 int reuseallow = 0x1F;
810 int foregroundflag = 0;
811 std::string altSRPpass =
"";
812 std::string daemonrc =
"";
813 std::string rootetcdir =
"";
815 std::string gridmap =
"";
816 std::string hostcertconf =
"";
818 char *progname = argv[0];
835 for (i = 1; i < argc; i++) {
836 if (!strncmp(argv[i],
"-f",2))
838 if (!strncmp(argv[i],
"-i",2))
841 if (foregroundflag) {
842 if (isatty(0) && isatty(1)) {
844 ErrorInfo(
"main: running in foreground mode:" 845 " sending output to stderr");
855 while (--argc > 0 && (*++argv)[0] ==
'-')
856 for (s = argv[0]+1; *s != 0; s++)
863 if((*(argv+1)) && (*(argv+1))[0] !=
'-') {
864 gAuthrc = std::string(*(argv+1));
866 if (stat(
gAuthrc.c_str(),&st) == -1 || !S_ISREG(st.st_mode)) {
882 tcpwindowsize = atoi(*++argv);
888 " certificates file location");
890 hostcertconf = std::string(*++argv);
903 " for the file defining access rules");
905 daemonrc = std::string(*++argv);
910 " - ignored (see proofd/src/proofd.cxx for" 911 " additional details)");
926 gridmap = std::string(*++argv);
934 if (foregroundflag) {
941 if (!strncmp(argv[0]+1,
"noauth",6)) {
952 port1 = strtol(*++argv, &p, 10);
955 port2 = strtol(p, &p, 10);
956 }
else if (*p ==
'\0')
958 if (*p !=
'\0' || port2 < port1 || port2 < 0) {
969 altSRPpass = std::string(*++argv);
977 reuseallow = strtol(*++argv, (
char **)0, 16);
983 " number for the sshd daemon");
985 sshdport = atoi(*++argv);
992 RpdSetKeytabFile((
const char *)(*++argv));
998 " temporary files [/usr/tmp]");
1000 gTmpDir = std::string(*++argv);
1004 checkhostsequiv = 0;
1008 if (!foregroundflag) fprintf(stderr,
"\nUnknown command line option: %c\n", *s);
1009 Error(0, -1,
"unknown command line option: %c", *s);
1016 if (access(
gTmpDir.c_str(), W_OK) == -1)
1024 if (getenv(
"IGNOREROOTPREFIX")) {
1028 if (getenv(
"ROOTSYS")) {
1031 ErrorInfo(
"main: no config directory specified using" 1032 " ROOTSYS (%s)",
gConfDir.c_str());
1038 rootetcdir = std::string(
gConfDir).append(
"/etc");
1045 rootetcdir = ROOTETCDIR;
1050 std::string arg0 = std::string(
gRootBinDir).append(
"/proofserv");
1051 if (access(arg0.c_str(), X_OK) == -1) {
1052 Error(
ErrFatal,-1,
"main: incorrect config directory specified (%s)",
1063 if (rootetcdir.length()) {
1064 char *tmp =
new char[15 + rootetcdir.length()];
1065 snprintf(tmp, 15 + rootetcdir.length(),
"ROOTETCDIR=%s", rootetcdir.c_str());
1070 if (daemonrc.length()) {
1071 char *tmp =
new char[15+daemonrc.length()];
1072 snprintf(tmp, 15+daemonrc.length(),
"ROOTDAEMONRC=%s", daemonrc.c_str());
1077 if (gridmap.length()) {
1078 char *tmp =
new char[15+gridmap.length()];
1079 snprintf(tmp, 15+gridmap.length(),
"GRIDMAP=%s", gridmap.c_str());
1083 if (hostcertconf.length()) {
1084 char *tmp =
new char[15+hostcertconf.length()];
1085 snprintf(tmp, 15+hostcertconf.length(),
"ROOTHOSTCERT=%s", hostcertconf.c_str());
1091 int proofdparentid = -1;
1093 proofdparentid = getpid();
1095 proofdparentid = getppid();
1098 unsigned int options = kDMN_RQAUTH | kDMN_HOSTEQ | kDMN_SYSLOG ;
1101 options &= ~kDMN_RQAUTH;
1102 if (!checkhostsequiv)
1103 options &= ~kDMN_HOSTEQ;
1105 options &= ~kDMN_SYSLOG;
1107 reuseallow, sshdport,
1108 gTmpDir.c_str(),altSRPpass.c_str(),2);
1111 if (RpdGenRSAKeys(0)) {
1112 Error(
Err, -1,
"proofd: unable to generate local RSA keys");
1121 if (!foregroundflag)
1124 NetInit(
gService, port1, port2, tcpwindowsize);
1141 Error(
ErrFatal, -1,
"proofd: failure initializing session");
int GetErrno()
return errno
static std::string gConfDir
void Err(int level, const char *msg, int size)
Namespace for new ROOT classes and functions.
void ErrFatal(int level, const char *msg, int size)
void Usage(const char *name, int rc)
int NetGetSockFd()
return open socket descriptor
const char * RerouteUser()
Look if user should be rerouted to another server node.
int NetRecvRaw(void *buf, int len)
Receive a buffer of maximum len bytes.
void ErrorInfo(const char *va_(fmt),...)
Formats a string in a circular formatting buffer and prints the string.
static void ProofdTerm(int)
Termination upon receipt of a SIGTERM or SIGINT.
int NetRecv(char *msg, int max)
Receive a string of maximum length max.
static std::string gReadHomeAuthrc
int RpdProofGetAuthSetup(char **abuf)
Receive buffer for final setup of authentication related stuff This is base 64 string to decoded by p...
void ResetErrno()
reset errno
static std::string gRootBinDir
int NetSend(int code, EMessageTypes kind)
Send integer. Message will be of type "kind".
void ErrSys(int level, const char *msg, int size)
static std::string gTmpDir
int main(int argc, char **argv)
void NetGetRemoteHost(std::string &openhost)
Return name of connected host.
void PrintDeprecation(bool withctx=true)
void ProofdExec()
Authenticate the user and exec the proofserv program.
static std::string gAuthrc
static constexpr double s
static std::string gRpdAuthTab
void NetClose()
Empty call, for consistency.
static std::string gOpenHost
void Perror(char *buf, int size)
Return in buf the message belonging to errno.
void Error(ErrorHandler_t func, int code, const char *va_(fmt),...)
Write error message and call a handler, if required.