Logo ROOT   6.16/01
Reference Guide
TRootSecContext.cxx
Go to the documentation of this file.
1// @(#)root/auth:$Id$
2// Author: G. Ganis 08/07/2005
3
4/*************************************************************************
5 * Copyright (C) 1995-2005, Rene Brun and Fons Rademakers. *
6 * All rights reserved. *
7 * *
8 * For the licensing terms see $ROOTSYS/LICENSE. *
9 * For the list of contributors see $ROOTSYS/README/CREDITS. *
10 *************************************************************************/
11
12//////////////////////////////////////////////////////////////////////////
13// //
14// TRootSecContext //
15// //
16// Special implementation of TSecContext //
17// //
18//////////////////////////////////////////////////////////////////////////
19
20#include "RConfigure.h"
21
22#include <stdlib.h>
23
24#include "TError.h"
25#include "TRootSecContext.h"
26#include "TROOT.h"
27#include "TSocket.h"
28#include "TUrl.h"
29#include "TVirtualMutex.h"
30
32
33////////////////////////////////////////////////////////////////////////////////
34/// Ctor for SecContext object.
35
36 TRootSecContext::TRootSecContext(const char *user, const char *host, Int_t meth,
37 Int_t offset, const char *id,
38 const char *token, TDatime expdate,
39 void *ctx, Int_t key)
40 : TSecContext(user, host, meth, offset, id, token, expdate, ctx)
41{
43
44 fRSAKey = key;
46}
47
48////////////////////////////////////////////////////////////////////////////////
49/// Ctor for SecContext object.
50/// User and host from url = user@host .
51
52TRootSecContext::TRootSecContext(const char *url, Int_t meth, Int_t offset,
53 const char *id, const char *token,
54 TDatime expdate, void *ctx, Int_t key)
55 : TSecContext(url, meth, offset, id, token, expdate, ctx)
56{
58
59 fRSAKey = key;
61}
62
63////////////////////////////////////////////////////////////////////////////////
64/// Dtor: delete (deActivate, local/remote cleanup, list removal)
65/// all what is still active
66
68{
70}
71
72////////////////////////////////////////////////////////////////////////////////
73/// Set OffSet to -1 and expiring Date to default
74/// Remove from the list
75/// If globus, cleanup local stuff
76/// If Opt contains "C" or "c", ask for remote cleanup
77/// If Opt contains "R" or "r", remove from the list
78/// Default Opt="CR"
79
81{
82 // Ask remote cleanup of this context
83 Bool_t clean = (strstr(Opt,"C") || strstr(Opt,"c"));
84 if (clean && fOffSet > -1)
86
87 // Cleanup TPwdCtx object fro UsrPwd and SRP
90 if (fContext) {
91 delete (TPwdCtx *)fContext;
92 fContext = 0;
93 }
94
95 // Cleanup globus security context if needed
98 if (globusAuthHook != 0) {
99 TString det("context");
100 TString us("-1");
101 (*globusAuthHook)((TAuthenticate *)fContext,us,det);
102 fContext = 0;
103 }
104 }
105
106 Bool_t remove = (strstr(Opt,"R") || strstr(Opt,"r"));
107 if (remove && fOffSet > -1){
109 // Remove from the global list
110 gROOT->GetListOfSecContexts()->Remove(this);
111 // Remove also from local lists in THostAuth objects
113 }
114
115 // Set inactive
116 fOffSet = -1;
118
119}
120
121////////////////////////////////////////////////////////////////////////////////
122/// Ask remote client to cleanup security context 'ctx'
123/// If 'all', all sec context with the same host as ctx
124/// are cleaned.
125
127{
128 Bool_t cleaned = kFALSE;
129
130 // Nothing to do if inactive ...
131 if (!IsActive())
132 return kTRUE;
133
134 // Contact remote services that used this context,
135 // starting from the last ...
137 TSecContextCleanup *nscc = 0;
138 while ((nscc = (TSecContextCleanup *)last()) && !cleaned) {
139
140 // First check if remote daemon supports cleaning
141 Int_t srvtyp = nscc->GetType();
142 Int_t rproto = nscc->GetProtocol();
143 Int_t level = 2;
144 if ((srvtyp == TSocket::kROOTD && rproto < 10) ||
145 (srvtyp == TSocket::kPROOFD && rproto < 9))
146 level = 1;
147 if ((srvtyp == TSocket::kROOTD && rproto < 8) ||
148 (srvtyp == TSocket::kPROOFD && rproto < 7))
149 level = 0;
150 if (level) {
151 Int_t port = nscc->GetPort();
152
153 TSocket *news = new TSocket(fHost.Data(),port,-1);
154
155 if (news && news->IsValid()) {
156 if (srvtyp == TSocket::kPROOFD) {
157 news->SetOption(kNoDelay, 1);
158 news->Send("cleaning request");
159 } else
160 news->SetOption(kNoDelay, 0);
161
162 // Backward compatibility: send socket size
163 if (srvtyp == TSocket::kROOTD && level == 1)
164 news->Send((Int_t)0, (Int_t)0);
165
166 if (all || level == 1) {
168 cleaned = kTRUE;
169 } else {
170 news->Send(Form("%d %d %d %s", TAuthenticate::fgProcessID, fMethod,
173 (char *)(fToken.Data())) == -1) {
174 Info("CleanupSecContext", "problems secure-sending token");
175 } else {
176 cleaned = kTRUE;
177 }
178 }
179 if (cleaned && gDebug > 2) {
180 char srvname[3][10] = {"sockd", "rootd", "proofd"};
181 Info("CleanupSecContext",
182 "remote %s notified for cleanup (%s,%d)",
183 srvname[srvtyp],fHost.Data(),port);
184 }
185 }
186 SafeDelete(news);
187 }
188 }
189
190 if (!cleaned)
191 if (gDebug > 2)
192 Info("CleanupSecContext",
193 "unable to open valid socket for cleanup for %s", fHost.Data());
194
195 return cleaned;
196}
197
198////////////////////////////////////////////////////////////////////////////////
199/// If opt is "F" (default) print object content.
200/// If opt is "<number>" print in special form for calls within THostAuth
201/// with cardinality <number>
202/// If opt is "S" prints short in-line form for calls within TFTP,
203/// TSlave, TProof ...
204
206{
207 // Check if option is numeric
208 Int_t ord = -1, i = 0;
209 for (; i < (Int_t)strlen(opt); i++) {
210 if (opt[i] < 48 || opt[i] > 57) {
211 ord = -2;
212 break;
213 }
214 }
215 // If numeric get the cardinality and prepare the strings
216 if (ord == -1)
217 ord = atoi(opt);
218
219 if (!strncasecmp(opt,"F",1)) {
220 Info("Print",
221 "+------------------------------------------------------+");
222 Info("Print",
223 "+ Host:%s Method:%d (%s) User:'%s'",
225 fUser.Data());
226 Info("Print",
227 "+ OffSet:%d Id: '%s'", fOffSet, fID.Data());
228 if (fOffSet > -1)
229 Info("Print",
230 "+ Expiration time: %s",fExpDate.AsString());
231 Info("Print",
232 "+------------------------------------------------------+");
233 } else if (!strncasecmp(opt,"S",1)) {
234 if (fOffSet > -1) {
235 if (fID.BeginsWith("AFS"))
236 Printf("Security context: Method: AFS, not reusable");
237 else
238 Printf("Security context: Method: %d (%s) expiring on %s",
241 } else {
242 Printf("Security context: Method: %d (%s) not reusable",
244 }
245 } else {
246 // special printing form for THostAuth
247 Info("PrintEstblshed","+ %d \t h:%s met:%d (%s) us:'%s'",
248 ord, GetHost(), fMethod, GetMethodName(),
249 fUser.Data());
250 Info("PrintEstblshed","+ \t offset:%d id: '%s'", fOffSet, fID.Data());
251 if (fOffSet > -1)
252 Info("PrintEstblshed","+ \t expiring: %s",fExpDate.AsString());
253 }
254}
255
256////////////////////////////////////////////////////////////////////////////////
257/// Returns short string with relevant information about this
258/// security context
259
261{
262 if (fOffSet > -1) {
263 if (fID.BeginsWith("AFS"))
264 out = Form("Method: AFS, not reusable");
265 else {
266 char expdate[32];
267 out = Form("Method: %d (%s) expiring on %s",
269 }
270 } else {
271 if (fOffSet == -1)
272 out = Form("Method: %d (%s) not reusable", fMethod, GetMethodName());
273 else if (fOffSet == -3)
274 out = Form("Method: %d (%s) authorized by /etc/hosts.equiv or $HOME/.rhosts",
276 else if (fOffSet == -4)
277 out = Form("No authentication required remotely");
278 }
279 return out.Data();
280}
@ kROOTD_CLEANUP
Definition: MessageTypes.h:136
#define SafeDelete(p)
Definition: RConfig.hxx:529
int Int_t
Definition: RtypesCore.h:41
const Bool_t kFALSE
Definition: RtypesCore.h:88
bool Bool_t
Definition: RtypesCore.h:59
const Bool_t kTRUE
Definition: RtypesCore.h:87
const char Option_t
Definition: RtypesCore.h:62
#define ClassImp(name)
Definition: Rtypes.h:363
R__EXTERN Int_t gDebug
Definition: Rtypes.h:90
Int_t(* GlobusAuth_t)(TAuthenticate *auth, TString &user, TString &det)
Definition: TAuthenticate.h:42
const Bool_t kIterBackward
Definition: TCollection.h:41
#define R__ASSERT(e)
Definition: TError.h:96
#define Printf
Definition: TGeoToOCC.h:18
R__EXTERN TVirtualMutex * gROOTMutex
Definition: TROOT.h:57
#define gROOT
Definition: TROOT.h:410
R__EXTERN const TDatime kROOTTZERO
Definition: TSecContext.h:30
@ kNoDelay
Definition: TSocket.h:43
char * Form(const char *fmt,...)
#define R__LOCKGUARD(mutex)
static Int_t fgProcessID
static Int_t SecureSend(TSocket *Socket, Int_t enc, Int_t KeyType, const char *In)
Encode null terminated str using the session private key indicated by enc and sends it over the netwo...
static GlobusAuth_t GetGlobusAuthHook()
Static method returning the globus authorization hook.
static void RemoveSecContext(TRootSecContext *ctx)
Tool for removing SecContext ctx from THostAuth listed in fgAuthInfo or fgProofAuthInfo.
static const char * GetAuthMethod(Int_t idx)
Static method returning the method corresponding to idx.
This class stores the date and time with a precision of one second in an unsigned 32 bit word (950130...
Definition: TDatime.h:37
const char * AsString() const
Return the date & time as a string (ctime() format).
Definition: TDatime.cxx:101
virtual void Info(const char *method, const char *msgfmt,...) const
Issue info message.
Definition: TObject.cxx:854
Bool_t CleanupSecContext(Bool_t all)
Ask remote client to cleanup security context 'ctx' If 'all', all sec context with the same host as c...
const char * AsString(TString &out)
Returns short string with relevant information about this security context.
void DeActivate(Option_t *opt="CR")
Set OffSet to -1 and expiring Date to default Remove from the list If globus, cleanup local stuff If ...
virtual ~TRootSecContext()
Dtor: delete (deActivate, local/remote cleanup, list removal) all what is still active.
void Print(Option_t *option="F") const
If opt is "F" (default) print object content.
Int_t GetType() const
Definition: TSecContext.h:123
Int_t GetProtocol() const
Definition: TSecContext.h:122
Int_t GetPort() const
Definition: TSecContext.h:121
Bool_t IsActive() const
Check remote OffSet and expiring Date.
TString fMethodName
Definition: TSecContext.h:47
void Cleanup()
Cleanup what is still active.
const char * GetHost() const
Definition: TSecContext.h:75
const char * GetMethodName() const
Definition: TSecContext.h:78
TString fID
Definition: TSecContext.h:45
void * fContext
Definition: TSecContext.h:41
TDatime fExpDate
Definition: TSecContext.h:43
Int_t fMethod
Definition: TSecContext.h:46
TString fUser
Definition: TSecContext.h:50
friend class TRootSecContext
Definition: TSecContext.h:38
Int_t fOffSet
Definition: TSecContext.h:48
TString fToken
Definition: TSecContext.h:49
TList * fCleanup
Definition: TSecContext.h:42
TString fHost
Definition: TSecContext.h:44
virtual Int_t SetOption(ESockOptions opt, Int_t val)
Set socket options.
Definition: TSocket.cxx:1012
@ kROOTD
Definition: TSocket.h:72
@ kPROOFD
Definition: TSocket.h:72
virtual Bool_t IsValid() const
Definition: TSocket.h:152
virtual Int_t Send(const TMessage &mess)
Send a TMessage object.
Definition: TSocket.cxx:522
Basic string class.
Definition: TString.h:131
const char * Data() const
Definition: TString.h:364
Bool_t BeginsWith(const char *s, ECaseCompare cmp=kExact) const
Definition: TString.h:610
static constexpr double us