Logo ROOT   6.16/01
Reference Guide
TRootSecContext.cxx
Go to the documentation of this file.
1// @(#)root/auth:$Id$
2// Author: G. Ganis 08/07/2005
3
4/*************************************************************************
5 * Copyright (C) 1995-2005, Rene Brun and Fons Rademakers. *
6 * All rights reserved. *
7 * *
8 * For the licensing terms see $ROOTSYS/LICENSE. *
9 * For the list of contributors see $ROOTSYS/README/CREDITS. *
10 *************************************************************************/
11
12//////////////////////////////////////////////////////////////////////////
13// //
14// TRootSecContext //
15// //
16// Special implementation of TSecContext //
17// //
18//////////////////////////////////////////////////////////////////////////
19
20#include "RConfigure.h"
21
22#include <stdlib.h>
23
24#include "TError.h"
25#include "TRootSecContext.h"
26#include "TROOT.h"
27#include "TSocket.h"
28#include "TUrl.h"
29#include "TVirtualMutex.h"
30
31ClassImp(TRootSecContext);
32
33////////////////////////////////////////////////////////////////////////////////
34/// Ctor for SecContext object.
35
36 TRootSecContext::TRootSecContext(const char *user, const char *host, Int_t meth,
37 Int_t offset, const char *id,
38 const char *token, TDatime expdate,
39 void *ctx, Int_t key)
40 : TSecContext(user, host, meth, offset, id, token, expdate, ctx)
41{
42 R__ASSERT(gROOT);
43
44 fRSAKey = key;
45 fMethodName = TAuthenticate::GetAuthMethod(fMethod);
46}
47
48////////////////////////////////////////////////////////////////////////////////
49/// Ctor for SecContext object.
50/// User and host from url = user@host .
51
52TRootSecContext::TRootSecContext(const char *url, Int_t meth, Int_t offset,
53 const char *id, const char *token,
54 TDatime expdate, void *ctx, Int_t key)
55 : TSecContext(url, meth, offset, id, token, expdate, ctx)
56{
57 R__ASSERT(gROOT);
58
59 fRSAKey = key;
60 fMethodName = TAuthenticate::GetAuthMethod(fMethod);
61}
62
63////////////////////////////////////////////////////////////////////////////////
64/// Dtor: delete (deActivate, local/remote cleanup, list removal)
65/// all what is still active
66
67TRootSecContext::~TRootSecContext()
68{
69 TSecContext::Cleanup();
70}
71
72////////////////////////////////////////////////////////////////////////////////
73/// Set OffSet to -1 and expiring Date to default
74/// Remove from the list
75/// If globus, cleanup local stuff
76/// If Opt contains "C" or "c", ask for remote cleanup
77/// If Opt contains "R" or "r", remove from the list
78/// Default Opt="CR"
79
80void TRootSecContext::DeActivate(Option_t *Opt)
81{
82 // Ask remote cleanup of this context
83 Bool_t clean = (strstr(Opt,"C") || strstr(Opt,"c"));
84 if (clean && fOffSet > -1)
85 CleanupSecContext(kFALSE);
86
87 // Cleanup TPwdCtx object fro UsrPwd and SRP
88 if (fMethod == TAuthenticate::kClear ||
89 fMethod == TAuthenticate::kSRP)
90 if (fContext) {
91 delete (TPwdCtx *)fContext;
92 fContext = 0;
93 }
94
95 // Cleanup globus security context if needed
96 if (fMethod == TAuthenticate::kGlobus && fContext) {
97 GlobusAuth_t globusAuthHook = TAuthenticate::GetGlobusAuthHook();
98 if (globusAuthHook != 0) {
99 TString det("context");
100 TString us("-1");
101 (*globusAuthHook)((TAuthenticate *)fContext,us,det);
102 fContext = 0;
103 }
104 }
105
106 Bool_t remove = (strstr(Opt,"R") || strstr(Opt,"r"));
107 if (remove && fOffSet > -1){
108 R__LOCKGUARD(gROOTMutex);
109 // Remove from the global list
110 gROOT->GetListOfSecContexts()->Remove(this);
111 // Remove also from local lists in THostAuth objects
112 TAuthenticate::RemoveSecContext(this);
113 }
114
115 // Set inactive
116 fOffSet = -1;
117 fExpDate = kROOTTZERO;
118
119}
120
121////////////////////////////////////////////////////////////////////////////////
122/// Ask remote client to cleanup security context 'ctx'
123/// If 'all', all sec context with the same host as ctx
124/// are cleaned.
125
126Bool_t TRootSecContext::CleanupSecContext(Bool_t all)
127{
128 Bool_t cleaned = kFALSE;
129
130 // Nothing to do if inactive ...
131 if (!IsActive())
132 return kTRUE;
133
134 // Contact remote services that used this context,
135 // starting from the last ...
136 TIter last(fCleanup,kIterBackward);
137 TSecContextCleanup *nscc = 0;
138 while ((nscc = (TSecContextCleanup *)last()) && !cleaned) {
139
140 // First check if remote daemon supports cleaning
141 Int_t srvtyp = nscc->GetType();
142 Int_t rproto = nscc->GetProtocol();
143 Int_t level = 2;
144 if ((srvtyp == TSocket::kROOTD && rproto < 10) ||
145 (srvtyp == TSocket::kPROOFD && rproto < 9))
146 level = 1;
147 if ((srvtyp == TSocket::kROOTD && rproto < 8) ||
148 (srvtyp == TSocket::kPROOFD && rproto < 7))
149 level = 0;
150 if (level) {
151 Int_t port = nscc->GetPort();
152
153 TSocket *news = new TSocket(fHost.Data(),port,-1);
154
155 if (news && news->IsValid()) {
156 if (srvtyp == TSocket::kPROOFD) {
157 news->SetOption(kNoDelay, 1);
158 news->Send("cleaning request");
159 } else
160 news->SetOption(kNoDelay, 0);
161
162 // Backward compatibility: send socket size
163 if (srvtyp == TSocket::kROOTD && level == 1)
164 news->Send((Int_t)0, (Int_t)0);
165
166 if (all || level == 1) {
167 news->Send(Form("%d",TAuthenticate::fgProcessID), kROOTD_CLEANUP);
168 cleaned = kTRUE;
169 } else {
170 news->Send(Form("%d %d %d %s", TAuthenticate::fgProcessID, fMethod,
171 fOffSet, fUser.Data()), kROOTD_CLEANUP);
172 if (TAuthenticate::SecureSend(news, 1, fRSAKey,
173 (char *)(fToken.Data())) == -1) {
174 Info("CleanupSecContext", "problems secure-sending token");
175 } else {
176 cleaned = kTRUE;
177 }
178 }
179 if (cleaned && gDebug > 2) {
180 char srvname[3][10] = {"sockd", "rootd", "proofd"};
181 Info("CleanupSecContext",
182 "remote %s notified for cleanup (%s,%d)",
183 srvname[srvtyp],fHost.Data(),port);
184 }
185 }
186 SafeDelete(news);
187 }
188 }
189
190 if (!cleaned)
191 if (gDebug > 2)
192 Info("CleanupSecContext",
193 "unable to open valid socket for cleanup for %s", fHost.Data());
194
195 return cleaned;
196}
197
198////////////////////////////////////////////////////////////////////////////////
199/// If opt is "F" (default) print object content.
200/// If opt is "<number>" print in special form for calls within THostAuth
201/// with cardinality <number>
202/// If opt is "S" prints short in-line form for calls within TFTP,
203/// TSlave, TProof ...
204
205void TRootSecContext::Print(Option_t *opt) const
206{
207 // Check if option is numeric
208 Int_t ord = -1, i = 0;
209 for (; i < (Int_t)strlen(opt); i++) {
210 if (opt[i] < 48 || opt[i] > 57) {
211 ord = -2;
212 break;
213 }
214 }
215 // If numeric get the cardinality and prepare the strings
216 if (ord == -1)
217 ord = atoi(opt);
218
219 if (!strncasecmp(opt,"F",1)) {
220 Info("Print",
221 "+------------------------------------------------------+");
222 Info("Print",
223 "+ Host:%s Method:%d (%s) User:'%s'",
224 GetHost(), fMethod, GetMethodName(),
225 fUser.Data());
226 Info("Print",
227 "+ OffSet:%d Id: '%s'", fOffSet, fID.Data());
228 if (fOffSet > -1)
229 Info("Print",
230 "+ Expiration time: %s",fExpDate.AsString());
231 Info("Print",
232 "+------------------------------------------------------+");
233 } else if (!strncasecmp(opt,"S",1)) {
234 if (fOffSet > -1) {
235 if (fID.BeginsWith("AFS"))
236 Printf("Security context: Method: AFS, not reusable");
237 else
238 Printf("Security context: Method: %d (%s) expiring on %s",
239 fMethod, GetMethodName(),
240 fExpDate.AsString());
241 } else {
242 Printf("Security context: Method: %d (%s) not reusable",
243 fMethod, GetMethodName());
244 }
245 } else {
246 // special printing form for THostAuth
247 Info("PrintEstblshed","+ %d \t h:%s met:%d (%s) us:'%s'",
248 ord, GetHost(), fMethod, GetMethodName(),
249 fUser.Data());
250 Info("PrintEstblshed","+ \t offset:%d id: '%s'", fOffSet, fID.Data());
251 if (fOffSet > -1)
252 Info("PrintEstblshed","+ \t expiring: %s",fExpDate.AsString());
253 }
254}
255
256////////////////////////////////////////////////////////////////////////////////
257/// Returns short string with relevant information about this
258/// security context
259
260const char *TRootSecContext::AsString(TString &out)
261{
262 if (fOffSet > -1) {
263 if (fID.BeginsWith("AFS"))
264 out = Form("Method: AFS, not reusable");
265 else {
266 char expdate[32];
267 out = Form("Method: %d (%s) expiring on %s",
268 fMethod, GetMethodName(), fExpDate.AsString(expdate));
269 }
270 } else {
271 if (fOffSet == -1)
272 out = Form("Method: %d (%s) not reusable", fMethod, GetMethodName());
273 else if (fOffSet == -3)
274 out = Form("Method: %d (%s) authorized by /etc/hosts.equiv or $HOME/.rhosts",
275 fMethod, GetMethodName());
276 else if (fOffSet == -4)
277 out = Form("No authentication required remotely");
278 }
279 return out.Data();
280}
kROOTD_CLEANUP
@ kROOTD_CLEANUP
Definition: MessageTypes.h:136
SafeDelete
#define SafeDelete(p)
Definition: RConfig.hxx:529
Int_t
int Int_t
Definition: RtypesCore.h:41
kFALSE
const Bool_t kFALSE
Definition: RtypesCore.h:88
Bool_t
bool Bool_t
Definition: RtypesCore.h:59
kTRUE
const Bool_t kTRUE
Definition: RtypesCore.h:87
Option_t
const char Option_t
Definition: RtypesCore.h:62
ClassImp
#define ClassImp(name)
Definition: Rtypes.h:363
gDebug
R__EXTERN Int_t gDebug
Definition: Rtypes.h:90
GlobusAuth_t
Int_t(* GlobusAuth_t)(TAuthenticate *auth, TString &user, TString &det)
Definition: TAuthenticate.h:42
kIterBackward
const Bool_t kIterBackward
Definition: TCollection.h:41
R__ASSERT
#define R__ASSERT(e)
Definition: TError.h:96
Printf
#define Printf
Definition: TGeoToOCC.h:18
gROOTMutex
R__EXTERN TVirtualMutex * gROOTMutex
Definition: TROOT.h:57
gROOT
#define gROOT
Definition: TROOT.h:410
kROOTTZERO
R__EXTERN const TDatime kROOTTZERO
Definition: TSecContext.h:30
kNoDelay
@ kNoDelay
Definition: TSocket.h:43
Form
char * Form(const char *fmt,...)
R__LOCKGUARD
#define R__LOCKGUARD(mutex)
Definition: TVirtualMutex.h:106
TAuthenticate::fgProcessID
static Int_t fgProcessID
Definition: TAuthenticate.h:122
TAuthenticate::SecureSend
static Int_t SecureSend(TSocket *Socket, Int_t enc, Int_t KeyType, const char *In)
Encode null terminated str using the session private key indicated by enc and sends it over the netwo...
Definition: TAuthenticate.cxx:3649
TAuthenticate::GetGlobusAuthHook
static GlobusAuth_t GetGlobusAuthHook()
Static method returning the globus authorization hook.
Definition: TAuthenticate.cxx:1388
TAuthenticate::RemoveSecContext
static void RemoveSecContext(TRootSecContext *ctx)
Tool for removing SecContext ctx from THostAuth listed in fgAuthInfo or fgProofAuthInfo.
Definition: TAuthenticate.cxx:4572
TAuthenticate::GetAuthMethod
static const char * GetAuthMethod(Int_t idx)
Static method returning the method corresponding to idx.
Definition: TAuthenticate.cxx:1261
TDatime
This class stores the date and time with a precision of one second in an unsigned 32 bit word (950130...
Definition: TDatime.h:37
TDatime::AsString
const char * AsString() const
Return the date & time as a string (ctime() format).
Definition: TDatime.cxx:101
TObject::Info
virtual void Info(const char *method, const char *msgfmt,...) const
Issue info message.
Definition: TObject.cxx:854
TRootSecContext::CleanupSecContext
Bool_t CleanupSecContext(Bool_t all)
Ask remote client to cleanup security context 'ctx' If 'all', all sec context with the same host as c...
Definition: TRootSecContext.cxx:126
TRootSecContext::AsString
const char * AsString(TString &out)
Returns short string with relevant information about this security context.
Definition: TRootSecContext.cxx:260
TRootSecContext::DeActivate
void DeActivate(Option_t *opt="CR")
Set OffSet to -1 and expiring Date to default Remove from the list If globus, cleanup local stuff If ...
Definition: TRootSecContext.cxx:80
TRootSecContext::~TRootSecContext
virtual ~TRootSecContext()
Dtor: delete (deActivate, local/remote cleanup, list removal) all what is still active.
Definition: TRootSecContext.cxx:67
TRootSecContext::Print
void Print(Option_t *option="F") const
If opt is "F" (default) print object content.
Definition: TRootSecContext.cxx:205
TSecContextCleanup::GetType
Int_t GetType() const
Definition: TSecContext.h:123
TSecContextCleanup::GetProtocol
Int_t GetProtocol() const
Definition: TSecContext.h:122
TSecContextCleanup::GetPort
Int_t GetPort() const
Definition: TSecContext.h:121
TSecContext::IsActive
Bool_t IsActive() const
Check remote OffSet and expiring Date.
Definition: TSecContext.cxx:232
TSecContext::fMethodName
TString fMethodName
Definition: TSecContext.h:47
TSecContext::Cleanup
void Cleanup()
Cleanup what is still active.
Definition: TSecContext.cxx:158
TSecContext::GetHost
const char * GetHost() const
Definition: TSecContext.h:75
TSecContext::GetMethodName
const char * GetMethodName() const
Definition: TSecContext.h:78
TSecContext::fID
TString fID
Definition: TSecContext.h:45
TSecContext::fContext
void * fContext
Definition: TSecContext.h:41
TSecContext::fExpDate
TDatime fExpDate
Definition: TSecContext.h:43
TSecContext::fMethod
Int_t fMethod
Definition: TSecContext.h:46
TSecContext::fUser
TString fUser
Definition: TSecContext.h:50
TSecContext::TRootSecContext
friend class TRootSecContext
Definition: TSecContext.h:38
TSecContext::fOffSet
Int_t fOffSet
Definition: TSecContext.h:48
TSecContext::fToken
TString fToken
Definition: TSecContext.h:49
TSecContext::fCleanup
TList * fCleanup
Definition: TSecContext.h:42
TSecContext::fHost
TString fHost
Definition: TSecContext.h:44
TSocket::SetOption
virtual Int_t SetOption(ESockOptions opt, Int_t val)
Set socket options.
Definition: TSocket.cxx:1012
TSocket::kROOTD
@ kROOTD
Definition: TSocket.h:72
TSocket::kPROOFD
@ kPROOFD
Definition: TSocket.h:72
TSocket::IsValid
virtual Bool_t IsValid() const
Definition: TSocket.h:152
TSocket::Send
virtual Int_t Send(const TMessage &mess)
Send a TMessage object.
Definition: TSocket.cxx:522
TString
Basic string class.
Definition: TString.h:131
TString::Data
const char * Data() const
Definition: TString.h:364
TString::BeginsWith
Bool_t BeginsWith(const char *s, ECaseCompare cmp=kExact) const
Definition: TString.h:610
TGeoUnit::us
static constexpr double us
Definition: TGeoSystemOfUnits.h:164