21#include "RConfigure.h"
53#if !defined(R__WIN32) && !defined(R__MACOSX) && !defined(R__FBSD) && \
60#if defined(R__LINUX) || defined(R__FBSD) || defined(R__OBSD)
69extern "C" char *crypt(
const char *,
const char *);
74# include <openssl/bio.h>
75# include <openssl/err.h>
76# include <openssl/pem.h>
77# include <openssl/rand.h>
78# include <openssl/rsa.h>
79# include <openssl/ssl.h>
80# include <openssl/blowfish.h>
88 static BF_KEY fgBFKey;
94 "Unsupported",
"Unsupported",
"Unsupported" };
135 int frnd = open(
"/dev/urandom", O_RDONLY);
136 if (frnd < 0) frnd = open(
"/dev/random", O_RDONLY);
139 ssize_t rs = read(frnd, (
void *) &
r,
sizeof(
int));
142 if (rs ==
sizeof(
int))
return r;
144 Printf(
"+++ERROR+++ : auth_rand: neither /dev/urandom nor /dev/random are available or readable!");
146 if (gettimeofday(&tv,0) == 0) {
148 memcpy((
void *)&
t1, (
void *)&tv.tv_sec,
sizeof(
int));
149 memcpy((
void *)&t2, (
void *)&tv.tv_usec,
sizeof(
int));
165 const char *
proto,
const char *user)
172 if (
gROOT->IsProofServ())
189 Info(
"TAuthenticate",
"Enter: local host: %s, user is: %s (proto: %s)",
198 if ((pdd = strstr(sproto,
":")) != 0) {
199 int rproto = atoi(pdd + 1);
201 if (strstr(sproto,
"root") != 0) {
218 if (strstr(sproto,
"proof") != 0) {
233 Info(
"TAuthenticate",
234 "service: %s (remote protocol: %d): fVersion: %d", sproto,
244 if (user && strlen(user) > 0) {
250 checkUser = u->
fUser;
269 Info(
"TAuthenticate",
"RSA key: default type %d",
fgRSAKey);
283 fqdnsrv.
Form(
"%s:%d",fqdn.
Data(),servtype);
289 Info(
"TAuthenticate",
290 "number of HostAuth Instantiations in memory: %d",
317 if (!strncmp(tmp.
Data(),
"up",2))
319 else if (!strncmp(tmp.
Data(),
"s",1))
321 else if (!strncmp(tmp.
Data(),
"k",1))
323 else if (!strncmp(tmp.
Data(),
"g",1))
325 else if (!strncmp(tmp.
Data(),
"h",1))
327 else if (!strncmp(tmp.
Data(),
"ug",2))
329 if (sec > -1 && sec <
kMAXSEC) {
355 Info(
"CatchTimeOut",
"%d sec timeout expired (protocol: %s)",
379 char noSupport[80] = { 0 };
380 char triedMeth[80] = { 0 };
396 alarm->
Connect(
"Timeout()",
"TAuthenticate",
this,
"CatchTimeOut()");
404 Info(
"Authenticate",
"try #: %d", ntry);
415 "trying authentication: method:%d, default details:%s",
419 if (triedMeth[0] !=
'\0')
420 (void) strlcat(triedMeth,
" ",
sizeof(triedMeth) - 1);
459 Error(
"Authenticate",
460 "unable to get user name for UsrPwd authentication");
466 if (alarm) alarm->
Stop();
478 Int_t remloc = nmet - ntry;
480 Info(
"Authenticate",
"remloc: %d, ntry: %d, meth: %d, fSecurity: %d",
506 "negotiation not supported remotely: try next method, if any");
507 if (meth < nmet - 1) {
524 "after failed attempt: kind= %d, stat= %d", kind, stat);
531 char *answer =
new char[
len];
541 "strings with accepted methods not received (%d:%d)",
544 sscanf(answer,
"%d %d %d %d %d %d", &rMth[0], &rMth[1],
545 &rMth[2], &rMth[3], &rMth[4], &rMth[5]);
546 if (
gDebug > 0 && remloc > 0)
548 "remotely allowed methods not yet tried: %s",
551 }
else if (stat == 0) {
553 "no more methods accepted remotely to be tried");
566 std::string available{};
568 for (i = 0; i < remMeth; i++) {
569 for (j = 0; j < nmet; j++) {
579 if (methfound)
break;
581 if (methfound)
break;
585 Warning(
"Authenticate",
"no match with those locally available: %s", available.c_str());
602 "method not even started: insufficient or wrong info: %s",
603 "try with next method, if any");
620 "status code -2 not expected from old daemons");
632 Info(
"Authenticate",
"got a timeout");
634 if (meth < nmet - 1) {
644 Info(
"Authenticate",
"unknown status code: %d - assume failure",st);
658 if (strlen(noSupport) > 0)
659 Info(
"Authenticate",
"attempted methods %s are not supported"
660 " by remote server version", noSupport);
662 "failure: list of attempted methods: %s", triedMeth);
686 Info(
"SetEnvironment",
687 "setting environment: fSecurity:%d, fDetails:%s",
fSecurity,
698 char pt[5] = { 0 }, ru[5] = { 0 };
699 Int_t hh = 0, mm = 0;
704 if ((ptr = strstr(
fDetails,
"pt:")) != 0) {
705 sscanf(ptr + 3,
"%4s %8191s",
pt, usdef);
707 if (!strncasecmp(
gEnv->
GetValue(usrPromptDef,
""),
"no",2) ||
714 if ((ptr = strstr(
fDetails,
"ru:")) != 0) {
715 sscanf(ptr + 3,
"%4s %8191s", ru, usdef);
717 if (!strncasecmp(
gEnv->
GetValue(usrReUseDef,
""),
"no",2) ||
726 if ((pd = hours.
Index(
":")) > -1) {
730 hh = atoi(hours.
Data());
731 mm = atoi(minutes.
Data());
733 hh = atoi(hours.
Data());
739 if ((ptr = strstr(
fDetails,
"us:")) != 0)
740 sscanf(ptr + 3,
"%8191s %8191s", us, usdef);
741 if ((ptr = strstr(
fDetails,
"cp:")) != 0)
742 sscanf(ptr + 3,
"%8191s %8191s", cp, usdef);
744 Info(
"SetEnvironment",
"details:%s, pt:%s, ru:%s, us:%s cp:%s",
747 if ((ptr = strstr(
fDetails,
"us:")) != 0)
748 sscanf(ptr + 3,
"%8191s %8191s", us, usdef);
750 Info(
"SetEnvironment",
"details:%s, pt:%s, ru:%s, us:%s",
755 if (!strncasecmp(
pt,
"yes",3) || !strncmp(
pt,
"1", 1))
759 if (!
gROOT->IsProofServ()) {
761 if (!strncasecmp(ru,
"no",2) || !strncmp(ru,
"0",1))
772 if (!strncmp(cp,
"no", 2) || !strncmp(cp,
"0", 1))
784 if (strlen(usdef) > 0) {
814 Error(
"GetUserPasswd",
"SRP no longer supported by ROOT");
819 Info(
"GetUserPasswd",
"Enter: User: '%s' Hash:%d SRP:%d",
823 if (user ==
"" &&
fgUser !=
"")
834 Info(
"GetUserPasswd",
"In memory: User: '%s' Hash:%d",
844 Info(
"GetUserPasswd",
"In memory: User: '%s' Hash:%d",
850 if (user ==
"" ||
passwd ==
"") {
852 Info(
"GetUserPasswd",
"Checking .netrc family ...");
856 Info(
"GetUserPasswd",
"From .netrc family: User: '%s' Hash:%d",
865 Error(
"GetUserPasswd",
"user name not set");
912 Error(
"CheckNetrc",
"SRP no longer supported by ROOT");
937 bool mode0600 =
true;
942 FILE *fd = fopen(net,
"r");
944 while (fgets(
line,
sizeof(
line), fd) != 0) {
948 int nword = sscanf(
line,
"%63s %63s %63s %63s %63s %63s",
949 word[0], word[1], word[2], word[3], word[4], word[5]);
952 if (strcmp(word[0],
"machine"))
954 if (strcmp(word[2],
"login"))
956 if (strcmp(word[4],
"password") && strcmp(word[4],
"password-hash"))
968 if (!strcmp(word[4],
"password-hash"))
973 if (!strcmp(word[3], user.
Data())) {
975 if (!strcmp(word[4],
"password-hash"))
986 "file %s exists but has not 0600 permission", net);
1044 ::Error(
"Krb5Auth",
"Kerberos5 is no longer supported by ROOT");
1071 if (idx < 0 || idx >
kMAXSEC-1) {
1072 ::Error(
"Authenticate::GetAuthMethod",
"idx out of bounds (%d)", idx);
1086 if (meth && meth[0]) {
1115 if (isatty(0) == 0 || isatty(1) == 0) {
1117 "not tty: cannot prompt for user, returning default");
1124 const char *usrIn = Getline(
Form(
"Name (%s:%s): ", remote, user));
1144 if (isatty(0) == 0 || isatty(1) == 0) {
1145 ::Warning(
"TAuthenticate::PromptPasswd",
1146 "not tty: cannot prompt for passwd, returning -1");
1147 static char noint[4] = {
"-1"};
1152 const char *pw = buf;
1157 gROOT->GetPluginManager()->FindHandler(
"TGPasswdDialog"))) {
1161 "could not load plugin for the password dialog box");
1171 while (
gROOT->IsInterrupted())
1175 Gl_config(
"noecho", 1);
1176 pw = Getline(prompt);
1177 Gl_config(
"noecho", 0);
1204 key = (key >= 0 && key <= 1) ? key : 0;
1221 if (key >= 0 && key <= 1)
1274 lasterr =
"(last error only; re-run with gDebug > 0 for more details)";
1278 if (
gDebug > 0 || forceprint) {
1280 ::Error(
Form(
"TAuthenticate::%s", where),
"%s %s",
1283 ::Error(
Form(
"TAuthenticate::%s", where),
1284 "unknown error code: server must be running a newer ROOT version %s",
1302 if (user && user[0])
1333 ::Error(
"SetGlobalSRPPwd",
"SRP no longer supported by ROOT");
1362 if (defaultuser && defaultuser[0])
1404 ::Error(
"Krb5Auth",
"Kerberos5 is no longer supported by ROOT");
1413 ::Error(
"GlobusAuth",
"Globus is no longer supported by ROOT");
1421 ::Error(
"SshAuth",
"SSH is no longer supported by ROOT");
1430 ::Error(
"GetSshUser",
"SSH is no longer supported by ROOT");
1451 if (!strcmp(href,
"*"))
1460 if (rename.
Index(href,&
len) != -1 || strstr(href,
"-"))
1465 if (strstr(href,
"*"))
1477 ::Info(
"TAuthenticate::CheckHost",
"checking host IP: %s", theHost.
Data());
1488 if (pos > 0 && pos != (
Ssiz_t)(theHost.
Length()-strlen(href)))
1500 ::Error(
"RfioAuth",
"RfioAuth is no longer supported by ROOT");
1514 Info(
"ClearAuth",
"enter: user: %s (passwd hashed?: %d)",
1526 Info(
"ClearAuth",
"ru:%d pt:%d cp:%d ns:%d rk:%d",
1555 options.
Form(
"%d %ld %s %ld %s", opt,
1577 Info(
"ClearAuth",
"anonymous user");
1586 char ctag[11] = {0};
1587 if (anon == 0 && cryptopt == 1) {
1594 "problems recvn RSA key flag: got message %d, flag: %d",
1600 Info(
"ClearAuth",
"get key request ...");
1614 Warning(
"ClearAuth",
"problems secure-receiving salt -"
1615 " may result in corrupted salt");
1616 Warning(
"ClearAuth",
"switch off reuse for this session");
1624 while (ltmp && tmpsalt[ltmp-1] !=
'#') ltmp--;
1626 if (tmpsalt[ltmp-1] ==
'#' &&
1627 tmpsalt[ltmp-10] ==
'#') {
1628 strlcpy(ctag,&tmpsalt[ltmp-10],11);
1647 Info(
"ClearAuth",
"got salt: '%s' (len: %d)", salt.
Data(), slen);
1650 Info(
"ClearAuth",
"Salt not required");
1653 Warning(
"ClearAuth",
"problems secure-receiving rndmtag -"
1654 " may result in corrupted rndmtag");
1657 strlcpy(ctag, tmptag, 11);
1683 if (localFQDN ==
"") {
1691 "automatically generated anonymous passwd: %s",
1697 if (prompt == 1 || pashash.
Length() == 0) {
1706 Error(
"ClearAuth",
"password not set");
1711 if (needsalt && !pwdhash) {
1737 if (anon == 0 && cryptopt == 1) {
1749 Warning(
"ClearAuth",
"problems secure-sending pass hash"
1750 " - may result in authentication failure");
1757 for (
int i = 0; i <
passwd.Length(); i++) {
1771 Info(
"ClearAuth",
"after kROOTD_PASS: kind= %d, stat= %d", kind,
1783 "problems recvn (user,offset) length (%d:%d bytes:%d)",
1788 int reclen = (stat+1 > 256) ? 256 : stat+1;
1789 if ((nrec =
fSocket->
Recv(answer, reclen, kind)) < 0)
1793 "username and offset not received (%d:%d)", kind,
1799 sscanf(answer,
"%127s %d", lUser, &
offset);
1802 "received from server: user: %s, offset: %d (%s)", lUser,
1809 if (reuse == 1 &&
offset > -1) {
1811 if (cryptopt == 1) {
1814 "problems secure-receiving token -"
1815 " may result in corrupted token");
1820 token =
new char[tlen];
1826 Warning(
"ClearAuth",
"token not received (%d:%d)", kind,
1829 for (
int i = 0; i < (
int) strlen(token); i++) {
1830 token[i] = ~token[i];
1835 Info(
"ClearAuth",
"received from server: token: '%s' ",
1897 "%s@%s does not accept connections from %s@%s",
1904 "%s@%s does not accept %s authentication from %s@%s",
1921 Error(
"ClearAuth",
"password not set");
1923 if (
fUser ==
"anonymous" ||
fUser ==
"rootd") {
1924 if (!
passwd.Contains(
"@")) {
1926 "please use passwd of form: user@host.do.main");
1937 for (
int i = 0; i <
passwd.Length(); i++) {
1950 Info(
"ClearAuth",
"after kROOTD_PASS: kind= %d, stat= %d", kind,
1979 ::Info(
"TAuthenticate::GetHostAuth",
"enter ... %s ... %s", host, user);
1985 char *ps = (
char *)strstr(host,
":");
1987 srvtyp = atoi(ps+1);
1991 if (strncmp(host,
"default",7) && !hostFQDN.
Contains(
"*")) {
2003 if (!strncasecmp(opt,
"P",1)) {
2011 while ((ai = (
THostAuth *) (*next)())) {
2013 ai->
Print(
"Authenticate::GetHostAuth");
2016 if (!(serverOK = (ai->
GetServer() == -1) ||
2021 if (!strcmp(ai->
GetHost(),
"default") && serverOK && notFound)
2031 if (hostFQDN == ai->
GetHost() &&
2053 ::Info(
"TAuthenticate::HasHostAuth",
"enter ... %s ... %s", host, user);
2059 char *ps = (
char *)strstr(host,
":");
2061 srvtyp = atoi(ps+1);
2064 if (strncmp(host,
"default",7) && !hostFQDN.
Contains(
"*")) {
2071 if (!strncasecmp(opt,
"P",1)) {
2076 while ((ai = (
THostAuth *) (*next)())) {
2078 if (hostFQDN == ai->
GetHost() &&
2100 ::Info(
"TAuthenticate::FileExpand",
"enter ... '%s' ... 0x%zx", fexp, (
size_t)ftmp);
2102 fin = fopen(fexp,
"r");
2106 while (fgets(
line,
sizeof(
line), fin) != 0) {
2110 if (
line[strlen(
line) - 1] ==
'\n')
2113 ::Info(
"TAuthenticate::FileExpand",
"read line ... '%s'",
line);
2114 int nw = sscanf(
line,
"%19s %8191s", cinc, fileinc);
2117 if (strcmp(cinc,
"include") != 0) {
2119 fprintf(ftmp,
"%s\n",
line);
2126 sscanf(ln.
Data(),
"%19s %8191s", cinc, fileinc);
2129 if (fileinc[0] ==
'$') {
2146 if (fileinc[0] ==
'~') {
2150 char *ffull =
new char[flen];
2160 "file specified by 'include' cannot be open or read (%s)",
2175 const char copt[2][5] = {
"no",
"yes" };
2178 ::Info(
"TAuthenticate::GetDefaultDetails",
2179 "enter ... %d ...pt:%d ... '%s'", sec, opt, usr);
2181 if (opt < 0 || opt > 1)
2186 if (!usr[0] || !strncmp(usr,
"*",1))
2195 ::Info(
"TAuthenticate::GetDefaultDetails",
"returning ... %s", temp);
2205 if (!strncasecmp(opt,
"P",1))
2234 " +--------------------------- BEGIN --------------------------------+");
2239 " + List fgProofAuthInfo has %4d members +",
2244 " +------------------------------------------------------------------+");
2252 " + List fgAuthInfo has %4d members +",
2257 " +------------------------------------------------------------------+");
2266 " +---------------------------- END ---------------------------------+");
2282 Info(
"AuthExists",
"%d: enter: msg: %d options: '%s'",
2283 method,*message, options);
2295 (*checksecctx)(username,secctx) == 1)
2308 (*checksecctx)(username,secctx) == 1) {
2325 "found valid TSecContext: offset: %d token: '%s'",
2337 Int_t reuse = *rflag;
2338 if (reuse == 1 &&
offset > -1) {
2347 Int_t stat = 1, kind;
2352 Warning(
"AuthExists",
"protocol error: expecting %d got %d"
2358 Info(
"AuthExists",
"offset OK");
2362 Info(
"AuthExists",
"key type: %d", rsaKey);
2378 Warning(
"AuthExists",
"problems secure-sending token %s",
2379 "- may trigger problems in proofing Id ");
2384 for (
int i = 0; i < token.
Length(); i++) {
2385 char inv = ~token(i);
2393 Info(
"AuthExists",
"offset not OK - rerun authentication");
2404 Info(
"AuthExists",
"%d: after msg %d: kind= %d, stat= %d",
2405 method,*message, kind, stat);
2418 Error(
"AuthExists",
"%s@%s does not accept connections from %s@%s",
2424 "%s@%s does not accept %s authentication from %s@%s",
2442 Info(
"AuthExists",
"valid authentication exists");
2444 Info(
"AuthExists",
"valid authentication exists: offset changed");
2446 Info(
"AuthExists",
"remote access authorized by /etc/hosts.equiv");
2448 Info(
"AuthExists",
"no authentication required remotely");
2478 const char *randdev =
"/dev/urandom";
2481 if ((fd = open(randdev, O_RDONLY)) != -1) {
2483 ::Info(
"InitRandom",
"taking seed from %s", randdev);
2484 if (read(fd, &seed,
sizeof(seed)) !=
sizeof(seed))
2485 ::Warning(
"InitRandom",
"could not read seed from %s", randdev);
2489 ::Info(
"InitRandom",
"%s not available: using time()", randdev);
2504 Info(
"GenRSAKeys",
"enter");
2508 Info(
"GenRSAKeys",
"Keys prviously generated - return");
2530 Info(
"GenRSAKeys",
"SSL: Generate Blowfish key");
2536 SSL_load_error_strings();
2539 OpenSSL_add_all_ciphers();
2545 nbits = (nbits >= 128) ? nbits : 128;
2548 nbits = (nbits <= 15912) ? nbits : 15912;
2551 Int_t klen = nbits / 8 ;
2555 RAND_seed(rbuf,strlen(rbuf));
2564 BF_set_key(&fgBFKey, klen, (
const unsigned char *)rbuf);
2573 Int_t l_n = 0, l_d = 0;
2580 Int_t nAttempts = 0;
2586 if (
gDebug > 2 && nAttempts > 1) {
2587 Info(
"GenRSAKeys",
"retry no. %d",nAttempts);
2600 Info(
"GenRSAKeys",
"equal primes: regenerate (%d times)",nPrimes);
2608 Info(
"GenRSAKeys",
"local: p1: '%s' ", buf);
2610 Info(
"GenRSAKeys",
"local: p2: '%s' ", buf);
2615 if (
gDebug > 2 && nAttempts > 1)
2616 Info(
"GenRSAKeys",
" genrsa: unable to generate keys (%d)",
2623 l_n = strlen(buf_n);
2626 l_e = strlen(buf_e);
2629 l_d = strlen(buf_d);
2633 Info(
"GenRSAKeys",
"local: n: '%s' length: %d", buf_n, l_n);
2634 Info(
"GenRSAKeys",
"local: e: '%s' length: %d", buf_e, l_e);
2635 Info(
"GenRSAKeys",
"local: d: '%s' length: %d", buf_d, l_d);
2647 strlcpy(
test, tdum, lTes+1);
2651 Info(
"GenRSAKeys",
"local: test string: '%s' ",
test);
2654 strlcpy(buf,
test, lTes+1);
2660 "local: length of crypted string: %d bytes", lout);
2666 Info(
"GenRSAKeys",
"local: after private/public : '%s' ", buf);
2668 if (strncmp(
test, buf, lTes))
2672 strlcpy(buf,
test, lTes+1);
2677 Info(
"GenRSAKeys",
"local: length of crypted string: %d bytes ",
2684 Info(
"GenRSAKeys",
"local: after public/private : '%s' ", buf);
2686 if (strncmp(
test, buf, lTes))
2703 Info(
"GenRSAKeys",
"local: generated keys are:");
2704 Info(
"GenRSAKeys",
"local: n: '%s' length: %d", buf_n, l_n);
2705 Info(
"GenRSAKeys",
"local: e: '%s' length: %d", buf_e, l_e);
2706 Info(
"GenRSAKeys",
"local: d: '%s' length: %d", buf_d, l_d);
2747 unsigned int iimx[4][4] = {
2748 {0x0, 0xffffff08, 0xafffffff, 0x2ffffffe},
2749 {0x0, 0x3ff0000, 0x7fffffe, 0x7fffffe},
2750 {0x0, 0x3ff0000, 0x7e, 0x7e},
2751 {0x0, 0x3ffc000, 0x7fffffe, 0x7fffffe}
2754 const char *cOpt[4] = {
"Any",
"LetNum",
"Hex",
"Crypt" };
2757 if (opt < 0 || opt > 2) {
2760 Info(
"GetRandString",
"unknown option: %d : assume 0", opt);
2763 Info(
"GetRandString",
"enter ... len: %d %s",
len, cOpt[opt]);
2766 char *buf =
new char[
len + 1];
2776 for (
m = 7;
m < 32;
m += 7) {
2777 i = 0x7F & (frnd >>
m);
2780 if ((iimx[opt][j] & (1 <<
l))) {
2792 Info(
"GetRandString",
"got '%s' ", buf);
2804 Int_t key,
const char *str)
2810 ::Info(
"TAuthenticate::SecureSend",
"local: enter ... (enc: %d)", enc);
2812 Int_t slen = strlen(str) + 1;
2817 strlcpy(buftmp, str, slen+1);
2827 }
else if (key == 1) {
2832 ttmp = ((ttmp + 8)/8) * 8;
2833 unsigned char iv[8];
2834 memset((
void *)&iv[0],0,8);
2835 BF_cbc_encrypt((
const unsigned char *)str, (
unsigned char *)buftmp,
2836 strlen(str), &fgBFKey, iv, BF_ENCRYPT);
2839 ::Info(
"TAuthenticate::SecureSend",
"not compiled with SSL support:"
2840 " you should not have got here!");
2844 ::Info(
"TAuthenticate::SecureSend",
"unknown key type (%d)",key);
2851 nsen = sock->
SendRaw(buftmp, ttmp);
2853 ::Info(
"TAuthenticate::SecureSend",
2854 "local: sent %d bytes (expected: %d)", nsen,ttmp);
2876 if (sock->
Recv(buflen, 20, kind) < 0)
2880 ::Info(
"TAuthenticate::SecureRecv",
"got len '%s' %d (msg kind: %d)",
2885 if (!strncmp(buflen,
"-1", 2))
2900 const size_t strSize = strlen(buftmp) + 1;
2901 *str =
new char[strSize];
2902 if (*str ==
nullptr) {
2904 ::Info(
"TAuthenticate::SecureRecv",
"Memory allocation error size (%ld)", (
long) strSize);
2907 strlcpy(*str, buftmp, strSize);
2909 }
else if (key == 1) {
2911 unsigned char iv[8];
2912 memset((
void *)&iv[0],0,8);
2913 *str =
new char[nrec + 1];
2914 BF_cbc_encrypt((
const unsigned char *)buftmp, (
unsigned char *)(*str),
2915 nrec, &fgBFKey, iv, BF_DECRYPT);
2916 (*str)[nrec] =
'\0';
2919 ::Info(
"TAuthenticate::SecureRecv",
"not compiled with SSL support:"
2920 " you should not have got here!");
2924 ::Info(
"TAuthenticate::SecureRecv",
"unknown key type (%d)",key);
2943 ::Info(
"TAuthenticate::DecodeRSAPublic",
2944 "enter: string length: %ld bytes", (
Long_t)strlen(rsaPubExport));
2947 Int_t klen = strlen(rsaPubExport);
2949 ::Info(
"TAuthenticate::DecodeRSAPublic",
2950 "key too long (%d): truncate to %d",klen,
kMAXPATHLEN);
2953 memcpy(str, rsaPubExport, klen);
2962 while (str[k] == 32) k++;
2964 if (str[k] ==
'#') {
2969 char *pd1 = strstr(str,
"#");
2970 char *pd2 = pd1 ? strstr(pd1 + 1,
"#") : (
char *)0;
2971 char *pd3 = pd2 ? strstr(pd2 + 1,
"#") : (
char *)0;
2972 if (pd1 && pd2 && pd3) {
2974 int l1 = (
int) (pd2 - pd1 - 1);
2975 char *rsa_n_exp =
new char[l1 + 1];
2976 strlcpy(rsa_n_exp, pd1 + 1, l1+1);
2978 ::Info(
"TAuthenticate::DecodeRSAPublic",
2979 "got %ld bytes for rsa_n_exp", (
Long_t)strlen(rsa_n_exp));
2981 int l2 = (
int) (pd3 - pd2 - 1);
2982 char *rsa_d_exp =
new char[l2 + 1];
2983 strlcpy(rsa_d_exp, pd2 + 1, 13);
2985 ::Info(
"TAuthenticate::DecodeRSAPublic",
2986 "got %ld bytes for rsa_d_exp", (
Long_t)strlen(rsa_d_exp));
2995 ::Info(
"TAuthenticate::DecodeRSAPublic",
"bad format for input string");
3004 BIO *bpub = BIO_new(BIO_s_mem());
3007 BIO_write(bpub,(
void *)str,strlen(str));
3010 if (!(rsatmp = PEM_read_bio_RSAPublicKey(bpub, 0, 0, 0))) {
3012 ::Info(
"TAuthenticate::DecodeRSAPublic",
3013 "unable to read pub key from bio");
3016 *rsassl = (
char *)rsatmp;
3018 ::Info(
"TAuthenticate::DecodeRSAPublic",
3019 "no space allocated for output variable");
3026 ::Info(
"TAuthenticate::DecodeRSAPublic",
"not compiled with SSL support:"
3027 " you should not have got here!");
3042 ::Info(
"TAuthenticate::SetRSAPublic",
3043 "enter: string length %ld bytes", (
Long_t)strlen(rsaPubExport));
3053 while (rsaPubExport[k0] == 32) k0++;
3062 if (rsaPubExport[k0] ==
'#' && rsaPubExport[k2] ==
'#') {
3063 char *p0 = (
char *)&rsaPubExport[k0];
3064 char *p2 = (
char *)&rsaPubExport[k2];
3065 char *p1 = strchr(p0+1,
'#');
3066 if (p1 > p0 && p1 < p2) {
3072 while (
c < p1 && ((*c < 58 && *c > 47) || (*c < 91 && *c > 64)))
3076 while (
c < p2 && ((*c < 58 && *c > 47) || (*c < 91 && *c > 64)))
3085 ::Info(
"TAuthenticate::SetRSAPublic",
" Key type: %d",rsakey);
3100 BF_set_key(&fgBFKey, klen, (
const unsigned char *)rsaPubExport);
3103 ::Info(
"TAuthenticate::SetRSAPublic",
3104 "not compiled with SSL support:"
3105 " you should not have got here!");
3125 ::Info(
"TAuthenticate::SendRSAPublicKey",
3126 "received key from server %ld bytes", (
Long_t)strlen(serverPubKey));
3131 char *tmprsa =
nullptr;
3135 RSA_free((RSA *)tmprsa);
3138 RSA *RSASSLServer = (RSA *)tmprsa;
3146 char buflen[20] = {0};
3152 snprintf(buflen,
sizeof(buflen),
"%d", ttmp);
3153 }
else if (key == 1) {
3155 Int_t lcmax = RSA_size(RSASSLServer) - 11;
3160 Int_t lc = (ns > lcmax) ? lcmax : ns ;
3161 if ((ttmp = RSA_public_encrypt(lc,
3163 (
unsigned char *)&buftmp[ke],
3164 RSASSLServer,RSA_PKCS1_PADDING)) < 0) {
3166 ERR_error_string(ERR_get_error(), errstr);
3167 ::Info(
"TAuthenticate::SendRSAPublicKey",
"SSL: error: '%s' ",errstr);
3177 ::Info(
"TAuthenticate::SendRSAPublicKey",
"not compiled with SSL support:"
3178 " you should not have got here!");
3183 ::Info(
"TAuthenticate::SendRSAPublicKey",
"unknown key type (%d)",key);
3186 RSA_free(RSASSLServer);
3197 ::Info(
"TAuthenticate::SendRSAPublicKey",
3198 "local: sent %d bytes (expected: %d)", nsen,ttmp);
3201 RSA_free(RSASSLServer);
3222 if (authrc &&
gDebug > 2)
3223 ::Info(
"TAuthenticate::ReadRootAuthrc",
"Checking file: %s", authrc);
3225 if (authrc &&
gDebug > 1)
3226 ::Info(
"TAuthenticate::ReadRootAuthrc",
3227 "file %s cannot be read (errno: %d)", authrc, errno);
3231 ::Info(
"TAuthenticate::ReadRootAuthrc",
"Checking system file: %s", authrc);
3234 ::Info(
"TAuthenticate::ReadRootAuthrc",
3235 "file %s cannot be read (errno: %d)", authrc, errno);
3245 stat(tRootAuthrc, &si);
3248 ::Info(
"TAuthenticate::ReadRootAuthrc",
3249 "file %s already read", authrc);
3265 TString filetmp =
"rootauthrc";
3268 ::Info(
"TAuthenticate::ReadRootAuthrc",
"got tmp file: %s open at 0x%zx",
3269 filetmp.
Data(), (
size_t)ftmp);
3281 fd = fopen(authrc,
"r");
3284 ::Info(
"TAuthenticate::ReadRootAuthrc",
3285 "file %s cannot be open (errno: %d)", authrc, errno);
3296 while (fgets(
line,
sizeof(
line), fd) != 0) {
3303 if (
line[strlen(
line) - 1] ==
'\n')
3311 const size_t tmpSize = strlen(
line) + 1;
3312 char *tmp =
new char[tmpSize];
3314 ::Error(
"TAuthenticate::ReadRootAuthrc",
3315 "could not allocate temporary buffer");
3319 strlcpy(tmp,
line, tmpSize);
3320 char *nxt = strtok(tmp,
" ");
3322 if (!strcmp(nxt,
"proofserv") || cont) {
3332 proofserv +=
TString((
const char *)ph);
3353 if (server ==
"0" || server.
BeginsWith(
"sock"))
3355 else if (server ==
"1" || server.
BeginsWith(
"root"))
3357 else if (server ==
"2" || server.
BeginsWith(
"proof"))
3364 nxt = strtok(0,
" ");
3365 if (!strncmp(nxt,
"user",4)) {
3366 nxt = strtok(0,
" ");
3367 if (strncmp(nxt,
"list",4) && strncmp(nxt,
"method",6)) {
3369 nxt = strtok(0,
" ");
3374 TIter next(&tmpAuthInfo);
3384 tmpAuthInfo.
Add(ha);
3387 if (!strncmp(nxt,
"list",4)) {
3390 char *mth = strtok(0,
" ");
3393 if (strlen(mth) > 1) {
3396 if (met == -1 &&
gDebug > 2)
3397 ::Info(
"TAuthenticate::ReadRootAuthrc",
3398 "unrecognized method (%s): ", mth);
3402 if (met > -1 && met <
kMAXSEC)
3404 mth = strtok(0,
" ");
3409 }
else if (!strncmp(nxt,
"method",6)) {
3412 char *mth = strtok(0,
" ");
3414 if (strlen(mth) > 1) {
3417 if (met == -1 &&
gDebug > 2)
3418 ::Info(
"TAuthenticate::ReadRootAuthrc",
3419 "unrecognized method (%s): ", mth);
3423 if (met > -1 && met <
kMAXSEC) {
3424 const char *det = 0;
3425 nxt = strtok(0,
" ");
3427 det = (
const char *)strstr(
line,nxt);
3436 if (tmp)
delete [] tmp;
3454 TList tmpproofauthinfo;
3455 if (proofserv.
Length() > 0) {
3456 char *tmps =
new char[proofserv.
Length()+1];
3457 strlcpy(tmps,proofserv.
Data(),proofserv.
Length()+1);
3458 char *nxt = strtok(tmps,
" ");
3460 TString tmp((
const char *)nxt);
3464 if ((pdd = tmp.
Index(
":")) == -1) {
3475 if ((pdd = tmp.
Index(
":")) == -1) {
3487 while (tmp.
Length() > 0) {
3489 if ((pdd = tmp.
Index(
":")) > -1)
3494 if (met == -1 &&
gDebug > 2)
3495 ::Info(
"TAuthenticate::ReadRootAuthrc",
3496 "unrecognized method (%s): ",meth.
Data());
3497 }
else if (meth.
Length() == 1) {
3498 met = atoi(meth.
Data());
3499 if (met > -1 && met <
kMAXSEC)
3522 tmpproofauthinfo.
Add(ha);
3524 nxt = strtok(0,
" ");
3544 const char netrc[2][20] = {
"/.netrc",
"/.rootnetrc" };
3554 "not properly logged on (getpwuid unable to find relevant info)!");
3562 for (; i < 2; i++) {
3568 out.Form(
"pt:0 ru:1 us:%s",user.
Data());
3572 if (strlen(out) > 0)
3574 "meth: %d ... is available: details: %s", cSec, out.Data());
3576 ::Info(
"CheckProofAuth",
3577 "meth: %d ... is NOT available", cSec);
3595 if (!strcmp(user,ctx->
GetUser()) &&
3596 strncmp(
"AFS", ctx->
GetID(), 3))
3626 while ((hanew = (
THostAuth *)nxnew())) {
3648 while ((hanew = (
THostAuth *)nxnew())) {
3712 Info(
"ProofAuthSetup",
"Buffer not found: nothing to do");
3726 *mess >> user >>
passwd >> pwhash >> srppwd >> rsakey;
3743 Info(
"ProofAuthSetup",
"List of THostAuth not found");
3764 fromProofAI =
kTRUE;
3775 if (!master || fromProofAI) {
3837 if (remoteOffSet > -1 && upwd)
3840 if (upwd && pwdctx) {
3849 mess << user <<
passwd << pwhash << srppwd << keytyp;
3855 char *mbuf = mess.
Buffer();
3860 ::Info(
"ProofAuthSetup",
"sending %d bytes", messb64.
Length());
3863 if (remoteOffSet > -1) {
3865 ::Error(
"ProofAuthSetup",
"problems secure-sending message buffer");
3873 ::Error(
"ProofAuthSetup",
"plain: problems sending message length");
3877 ::Error(
"ProofAuthSetup",
"problems sending message buffer");
3910 Int_t retval = 0, ns = 0;
3913 Error(
"SendHostAuth",
"invalid input: socket undefined");
3928 Info(
"SendHostAuth",
"sent %d bytes (%s)",ns,buf.
Data());
3935 Info(
"SendHostAuth",
"sent %d bytes for closing",ns);
3949 Error(
"RecvHostAuth",
"invalid input: socket undefined");
3964 Error(
"RecvHostAuth",
"received: kind: %d (%d bytes)", kind, nr);
3968 Info(
"RecvHostAuth",
"received %d bytes (%s)",nr,buf);
3970 while (strcmp(buf,
"END")) {
3990 fromProofAI =
kTRUE;
4001 if (!master || fromProofAI) {
4040 Info(
"RecvHostAuth",
"Error: received: kind: %d (%d bytes)", kind, nr);
4044 Info(
"RecvHostAuth",
"received %d bytes (%s)",nr,buf);
4077 if (remoteOffSet > -1 && upwd)
4080 if (upwd && pwdctx) {
4084 Error(
"OldAuthSetup",
"failed to send offset in RSA key");
4095 if (remoteOffSet > -1)
4096 Warning(
"OldAuthSetup",
"problems secure-sending pass hash %s",
4097 "- may result in failures");
4100 for (
int i = 0; i <
passwd.Length(); i++) {
4106 if (sock->
Send(mess) < 0) {
4107 Error(
"OldAuthSetup",
"failed to send inverted password");
4117 Error(
"OldAuthSetup",
"failed to send no offset notification in RSA key");
4124 mess << user << pwhash << srppwd << ord << conf;
4126 if (sock->
Send(mess) < 0) {
4127 Error(
"OldAuthSetup",
"failed to send ordinal and config info");
4131 if (proofdProto > 6) {
4137 Error(
"OldAuthSetup",
"failed to send HostAuth info");
4156 if (sock->
Recv(retval, kind) != 2*
sizeof(
Int_t)) {
4158 Info(
"OldProofServAuthSetup",
4159 "socket has been closed due to protocol mismatch - Exiting");
4176 if ((fKey = fopen(keyfile.
Data(),
"r"))) {
4177 Int_t klen = fread((
void *)pubkey,1,
sizeof(pubkey),fKey);
4179 Error(
"OldProofServAuthSetup",
4180 "failed to read public key from '%s'", keyfile.
Data());
4189 Error(
"OldProofServAuthSetup",
"failed to open '%s'", keyfile.
Data());
4198 Error(
"OldProofServAuthSetup",
"failed to receive password");
4204 }
else if (retval == -1) {
4208 if ((sock->
Recv(mess) <= 0) || !mess) {
4209 Error(
"OldProofServAuthSetup",
"failed to receive inverted password");
4225 if ((sock->
Recv(mess) <= 0) || !mess) {
4226 Error(
"OldProofServAuthSetup",
"failed to receive ordinal and config info");
4234 (*mess) >> user >> pwhash >> srppwd >> conf;
4237 (*mess) >> user >> pwhash >> srppwd >> ord >> conf;
4242 (*mess) >> user >> pwhash >> srppwd >> iord;
4246 (*mess) >> user >> pwhash >> srppwd >> ord >> conf;
4267 Error(
"OldProofServAuthSetup",
"failed to receive HostAuth info");
const Int_t kAUTH_SSALT_MSK
const Int_t kAUTH_CRYPT_MSK
const Int_t kAUTH_REUSE_MSK
const Int_t kAUTH_RSATY_MSK
R__EXTERN const char * gRootdErrStr[]
TVirtualMutex * gAuthenticateMutex
static Int_t SendHostAuth(TSocket *s)
Sends the list of the relevant THostAuth objects to the master or to the active slaves,...
Int_t OldProofServAuthSetup(TSocket *sock, Bool_t master, Int_t protocol, TString &user, TString &ord, TString &conf)
Authentication related setup in TProofServ run after successful startup.
Int_t StdCheckSecCtx(const char *, TRootSecContext *)
Standard version of CheckSecCtx to be passed to TAuthenticate::AuthExists Check if User is matches th...
Int_t OldSlaveAuthSetup(TSocket *sock, Bool_t, TString ord, TString conf)
Setup of authetication in PROOF run after successful opening of the socket.
static Int_t RecvHostAuth(TSocket *s, Option_t *opt)
Receive from client/master directives for authentications, create related THostAuth and add them to t...
R__rsa_KEY_export R__fgRSAPubExport[2]
static int auth_rand()
rand() implementation using /udev/random or /dev/random, if available
R__EXTERN TVirtualMutex * gAuthenticateMutex
Int_t(* Krb5Auth_t)(TAuthenticate *auth, TString &user, TString &det, Int_t version)
Int_t(* SecureAuth_t)(TAuthenticate *auth, const char *user, const char *passwd, const char *remote, TString &det, Int_t version)
Int_t(* GlobusAuth_t)(TAuthenticate *auth, TString &user, TString &det)
Int_t(* CheckSecCtx_t)(const char *subj, TRootSecContext *ctx)
void Info(const char *location, const char *msgfmt,...)
Use this function for informational messages.
void Error(const char *location, const char *msgfmt,...)
Use this function in case an error occurred.
void Warning(const char *location, const char *msgfmt,...)
Use this function in warning situations.
winID h TVirtualViewer3D TVirtualGLPainter p
Option_t Option_t TPoint TPoint const char GetTextMagnitude GetFillStyle GetLineColor GetLineWidth GetMarkerStyle GetTextAlign GetTextColor GetTextSize void char Point_t Rectangle_t WindowAttributes_t Float_t Float_t Float_t Int_t Int_t UInt_t UInt_t Rectangle_t Int_t Int_t Window_t TString Int_t GCValues_t GetPrimarySelectionOwner GetDisplay GetScreen GetColormap GetNativeEvent const char const char dpyName wid window const char font_name cursor keysym reg const char only_if_exist regb h Point_t winding char text const char depth char const char Int_t count const char ColorStruct_t color const char Pixmap_t Pixmap_t PictureAttributes_t attr const char char ret_data h unsigned char height h offset
Option_t Option_t TPoint TPoint const char GetTextMagnitude GetFillStyle GetLineColor GetLineWidth GetMarkerStyle GetTextAlign GetTextColor GetTextSize void char Point_t Rectangle_t WindowAttributes_t Float_t r
Option_t Option_t TPoint TPoint const char GetTextMagnitude GetFillStyle GetLineColor GetLineWidth GetMarkerStyle GetTextAlign GetTextColor GetTextSize void char Point_t Rectangle_t WindowAttributes_t Float_t Float_t Float_t Int_t Int_t UInt_t UInt_t Rectangle_t result
Option_t Option_t TPoint TPoint const char GetTextMagnitude GetFillStyle GetLineColor GetLineWidth GetMarkerStyle GetTextAlign GetTextColor GetTextSize void char Point_t Rectangle_t WindowAttributes_t Float_t Float_t Float_t Int_t Int_t UInt_t UInt_t Rectangle_t Int_t Int_t Window_t TString Int_t GCValues_t GetPrimarySelectionOwner GetDisplay GetScreen GetColormap GetNativeEvent const char const char dpyName wid window const char font_name cursor keysym reg const char only_if_exist regb h Point_t winding char text const char depth char const char Int_t count const char ColorStruct_t color const char Pixmap_t Pixmap_t PictureAttributes_t attr const char char ret_data h unsigned char height h Atom_t Int_t ULong_t ULong_t unsigned char prop_list Atom_t Atom_t Atom_t Time_t UChar_t len
char * Form(const char *fmt,...)
Formats a string in a circular formatting buffer.
void Printf(const char *fmt,...)
Formats a string in a circular formatting buffer and prints the string.
char * StrDup(const char *str)
Duplicate the string str.
Bool_t R_ISREG(Int_t mode)
Bool_t R_ISDIR(Int_t mode)
R__EXTERN TSystem * gSystem
#define R__LOCKGUARD2(mutex)
static void RemoveHostAuth(THostAuth *ha, Option_t *opt="")
Remove THostAuth instance from the list.
static Int_t SetRSAPublic(const char *rsapubexport, Int_t klen)
Store RSA public keys from export string rsaPubExport.
static TPluginHandler * fgPasswdDialog
static void SetGlobalSRPPwd(Bool_t srppwd)
Set global SRP passwd flag to be used for authentication to rootd or proofd.
static Bool_t fgPromptUser
TRootSecContext * fSecContext
static void FileExpand(const char *fin, FILE *ftmp)
Expands include directives found in fexp files The expanded, temporary file, is pointed to by 'ftmp' ...
static const char * GetGlobalUser()
Static method returning the global user.
static void SetGlobalUser(const char *user)
Set global user name to be used for authentication to rootd or proofd.
static void SetPromptUser(Bool_t promptuser)
Set global PromptUser flag.
Int_t RfioAuth(TString &user)
RFIO authentication (no longer supported)
static void Show(Option_t *opt="S")
Print info about the authentication sector.
const char * GetSshUser(TString user) const
Method returning the user to be used for the ssh login (no longer supported)
static const char * GetDefaultUser()
Static method returning the default user information.
static Bool_t GetPromptUser()
Static method returning the prompt user settings.
static Int_t SecureRecv(TSocket *Socket, Int_t dec, Int_t KeyType, char **Out)
Receive str from sock and decode it using key indicated by key type Return number of received bytes o...
static const char * GetKrb5Principal()
Static method returning the principal to be used to init Krb5 tickets.
THostAuth * GetHostAuth() const
static void SetAuthReUse(Bool_t authreuse)
Set global AuthReUse flag.
static R__rsa_KEY_export * fgRSAPubExport
char * GetRandString(Int_t Opt, Int_t Len)
Allocates and fills a 0 terminated buffer of length len+1 with len random characters.
static TList * GetProofAuthInfo()
Static method returning the list with authentication directives to be sent to proof.
Int_t SshAuth(TString &user)
SSH client authentication code (no longer supported)
static char * PromptPasswd(const char *prompt="Password: ")
Static method to prompt for the user's passwd to be used for authentication to rootd or proofd.
static void SetDefaultUser(const char *defaultuser)
Set default user name.
static void SetGlobalPwHash(Bool_t pwhash)
Set global passwd hash flag to be used for authentication to rootd or proofd.
static void SetGlobalExpDate(TDatime expdate)
Set default expiring date for new validity contexts.
static Int_t GetRSAInit()
Static method returning the RSA initialization flag.
static void SetSecureAuthHook(SecureAuth_t func)
Set secure authorization function.
static Int_t GetClientProtocol()
Static method returning supported client protocol.
static Int_t ReadRootAuthrc()
Read authentication directives from $ROOTAUTHRC, $HOME/.rootauthrc or <Root_etc_dir>/system....
static Bool_t fgReadHomeAuthrc
static Int_t SecureSend(TSocket *Socket, Int_t enc, Int_t KeyType, const char *In)
Encode null terminated str using the session private key indicated by enc and sends it over the netwo...
Int_t GenRSAKeys()
Generate a valid pair of private/public RSA keys to protect for authentication token exchange.
Bool_t CheckNetrc(TString &user, TString &passwd)
Try to get user name and passwd from the ~/.rootnetrc or ~/.netrc files.
static const char * GetRSAPubExport(Int_t key=0)
Static method returning the RSA public keys.
static void SetReadHomeAuthrc(Bool_t readhomeauthrc)
Set flag controlling the reading of $HOME/.rootauthrc.
static void InitRandom()
Initialize random machine using seed from /dev/urandom (or current time if /dev/urandom not available...
static TList * fgProofAuthInfo
static R__rsa_KEY fgRSAPubKey
static Bool_t fgAuthReUse
static Bool_t GetGlobalPwHash()
Static method returning the global password hash flag.
static void SetKrb5AuthHook(Krb5Auth_t func)
Set kerberos5 authorization function.
static void SetGlobusAuthHook(GlobusAuth_t func)
Set Globus authorization function.
static void SetRSAInit(Int_t init=1)
Static method setting RSA initialization flag.
static void SetGlobalPasswd(const char *passwd)
Set global passwd to be used for authentication to rootd or proofd.
void SetEnvironment()
Set default authentication environment.
static Int_t SendRSAPublicKey(TSocket *Socket, Int_t key=0)
Receives server RSA Public key Sends local RSA public key encoded.
static Bool_t CheckProofAuth(Int_t cSec, TString &det)
Check if the authentication method can be attempted for the client.
static TDatime fgLastAuthrc
static TList * fgAuthInfo
static TString fgAuthMeth[kMAXSEC]
void CatchTimeOut()
Called in connection with a timer timeout.
Bool_t GetUserPasswd(TString &user, TString &passwd, Bool_t &pwhash, Bool_t srppwd)
Try to get user name and passwd from several sources.
Bool_t Authenticate()
Authenticate to remote rootd or proofd server.
static R__rsa_KEY fgRSAPriKey
static TString fgRootAuthrc
Int_t AuthExists(TString User, Int_t method, const char *Options, Int_t *Message, Int_t *Rflag, CheckSecCtx_t funcheck)
Check if we have a valid established sec context in memory Retrieves relevant info and negotiates wit...
static TList * GetAuthInfo()
Static method returning the list with authentication details.
static GlobusAuth_t GetGlobusAuthHook()
Static method returning the globus authorization hook (no longer supported)
Int_t ProofAuthSetup()
Authentication related stuff setup in TProofServ.
Int_t ClearAuth(TString &user, TString &passwd, Bool_t &pwhash)
UsrPwd client authentication code.
static void AuthError(const char *where, Int_t error)
Print error string depending on error code.
static char * GetDefaultDetails(Int_t method, Int_t opt, const char *user)
Determine default authentication details for method 'sec' and user 'usr'.
static void MergeHostAuthList(TList *Std, TList *New, Option_t *Opt="")
Tool for updating fgAuthInfo or fgProofAuthInfo 'nin' contains list of last input information through...
static TString fgDefaultUser
static Int_t GetAuthMethodIdx(const char *meth)
Static method returning the method index (which can be used to find the method in GetAuthMethod()).
static Int_t DecodeRSAPublic(const char *rsapubexport, R__rsa_NUMBER &n, R__rsa_NUMBER &d, char **rsassl=nullptr)
Store RSA public keys from export string rsaPubExport.
static void SetTimeOut(Int_t to)
Set timeout (active if > 0)
static Bool_t fgUsrPwdCrypt
TAuthenticate(TSocket *sock, const char *remote, const char *proto, const char *user="")
Create authentication object.
static void RemoveSecContext(TRootSecContext *ctx)
Tool for removing SecContext ctx from THostAuth listed in fgAuthInfo or fgProofAuthInfo.
static TDatime GetGlobalExpDate()
Static method returning default expiring date for new validity contexts.
static Bool_t GetGlobalSRPPwd()
Static method returning the global SRP password flag.
static SecureAuth_t fgSecAuthHook
static char * PromptUser(const char *remote)
Static method to prompt for the user name to be used for authentication to rootd or proofd.
static Bool_t CheckHost(const char *Host, const char *host)
Check if 'host' matches 'href': this means either equal or "containing" it, even with wild cards * in...
static void SetDefaultRSAKeyType(Int_t key)
Static method setting the default type of RSA key.
static const char * GetAuthMethod(Int_t idx)
Static method returning the method corresponding to idx.
static Bool_t GetAuthReUse()
Static method returning the authentication reuse settings.
static THostAuth * HasHostAuth(const char *host, const char *user, Option_t *opt="R")
Checks if a THostAuth with exact match for {host,user} exists in the fgAuthInfo list If opt = "P" use...
static TString Decode(const char *data)
Decode a base64 string date into a generic TString.
static TString Encode(const char *data)
Transform data into a null terminated base64 string.
TObject * ReadObject(const TClass *cl) override
Read object from I/O buffer.
void WriteObject(const TObject *obj, Bool_t cacheReuse=kTRUE) override
Write object to I/O buffer.
virtual Int_t GetSize() const
Return the capacity of the collection, i.e.
This class stores the date and time with a precision of one second in an unsigned 32 bit word (950130...
void Set()
Set Date/Time to current time as reported by the system.
UInt_t Convert(Bool_t toGMT=kFALSE) const
Convert fDatime from TDatime format to the standard time_t format.
virtual Int_t GetValue(const char *name, Int_t dflt) const
Returns the integer value for a resource.
const char * GetUser() const
TRootSecContext * CreateSecContext(const char *user, const char *host, Int_t meth, Int_t offset, const char *details, const char *token, TDatime expdate=kROOTTZERO, void *ctx=nullptr, Int_t key=-1)
Create a Security context and add it to local list Return pointer to it to be stored in TAuthenticate...
const char * GetHost() const
void AddMethod(Int_t level, const char *details=nullptr)
Add method to the list.
void SetUser(const char *user)
void SetDetails(Int_t level, const char *details)
Set authentication details for specified level.
void SetHost(const char *host)
void SetFirst(Int_t level)
Set 'method' to be the first used (if in the list ...).
void Print(Option_t *option="") const override
Print object content.
void SetServer(Int_t server)
void ReOrder(Int_t nmet, Int_t *fmet)
Reorder nmet methods according fmet[nmet].
void RemoveMethod(Int_t level)
Remove method 'meth' from the list, if there ...
void CountFailure(Int_t level)
Count failures for 'method'.
void AddFirst(Int_t level, const char *details=nullptr)
Add new method in first position If already in the list, set as first method 'level' with authenticat...
Int_t GetMethod(Int_t idx) const
Bool_t HasMethod(Int_t level, Int_t *pos=nullptr)
Return kTRUE if method 'level' is in the list.
void AsString(TString &out) const
Return a static string with all info in a serialized form.
TList * Established() const
void Update(THostAuth *ha)
Update info with the one in ha Remaining methods, if any, get lower priority.
const char * GetDetails(Int_t level)
Return authentication details for specified level or "" if the specified level does not exist for thi...
void SetLast(Int_t level)
Set 'method' to be the last used (if in the list ...).
void PrintEstablished() const
Print info about established authentication vis-a-vis of this Host.
void CountSuccess(Int_t level)
Count successes for 'method'.
This class represents an Internet Protocol (IP) address.
const char * GetHostName() const
const char * GetHostAddress() const
Returns the IP address string "%d.%d.%d.%d".
void Add(TObject *obj) override
TObject * Remove(TObject *obj) override
Remove object from the list.
virtual void Warning(const char *method, const char *msgfmt,...) const
Issue warning message.
virtual void Error(const char *method, const char *msgfmt,...) const
Issue error message.
virtual void Info(const char *method, const char *msgfmt,...) const
Issue info message.
Longptr_t ExecPlugin(int nargs)
Int_t LoadPlugin()
Load the plugin library for this handler.
const char * GetPasswd() const
Bool_t Connect(const char *signal, const char *receiver_class, void *receiver, const char *slot)
Non-static method is used to connect from the signal of this object to the receiver slot.
static const TString & GetEtcDir()
Get the sysconfig directory in the installation. Static utility function.
static RSA_encode_t RSA_encode()
static RSA_genprim_t RSA_genprim()
static RSA_assign_t RSA_assign()
static RSA_cmp_t RSA_cmp()
static RSA_decode_t RSA_decode()
static RSA_genrsa_t RSA_genrsa()
static RSA_num_sput_t RSA_num_sput()
static RSA_num_sget_t RSA_num_sget()
Regular expression class.
Ssiz_t Index(const TString &str, Ssiz_t *len, Ssiz_t start=0) const
Find the first occurrence of the regexp in string and return the position, or -1 if there is no match...
void DeActivate(Option_t *opt="CR") override
Set OffSet to -1 and expiring Date to default Remove from the list If Opt contains "C" or "c",...
void Print(Option_t *option="F") const override
If opt is "F" (default) print object content.
Bool_t IsActive() const
Check remote OffSet and expiring Date.
const char * GetID() const
void SetID(const char *id)
const char * GetHost() const
const char * GetToken() const
void AddForCleanup(Int_t port, Int_t proto, Int_t type)
Create a new TSecContextCleanup Internally is added to the list.
Bool_t IsA(const char *methodname)
Checks if this security context is for method named 'methname' Case sensitive.
void * GetContext() const
const char * GetUser() const
void SetOffSet(Int_t offset)
void Print(Option_t *option="F") const override
If opt is "F" (default) print object content.
virtual Int_t Recv(TMessage *&mess)
Receive a TMessage object.
static Int_t GetClientProtocol()
Static method returning supported client protocol.
Int_t GetRemoteProtocol() const
virtual void Close(Option_t *opt="")
Close the socket.
virtual Int_t RecvRaw(void *buffer, Int_t length, ESendRecvOptions opt=kDefault)
Receive a raw buffer of specified length bytes.
TSecContext * GetSecContext() const
virtual Int_t SendRaw(const void *buffer, Int_t length, ESendRecvOptions opt=kDefault)
Send a raw buffer of specified length.
Int_t GetServType() const
virtual Int_t Send(const TMessage &mess)
Send a TMessage object.
Bool_t EndsWith(const char *pat, ECaseCompare cmp=kExact) const
Return true if string ends with the specified string.
TString & Replace(Ssiz_t pos, Ssiz_t n, const char *s)
const char * Data() const
TString & ReplaceAll(const TString &s1, const TString &s2)
void Resize(Ssiz_t n)
Resize the string. Truncate or add blanks as necessary.
Bool_t BeginsWith(const char *s, ECaseCompare cmp=kExact) const
TString & Remove(Ssiz_t pos)
static TString Format(const char *fmt,...)
Static method which formats a string using a printf style format descriptor and return a TString.
void Form(const char *fmt,...)
Formats a string using a printf style format descriptor.
Bool_t Contains(const char *pat, ECaseCompare cmp=kExact) const
Ssiz_t Index(const char *pat, Ssiz_t i=0, ECaseCompare cmp=kExact) const
virtual int GetPid()
Get process id.
virtual const char * Getenv(const char *env)
Get environment variable.
virtual char * ConcatFileName(const char *dir, const char *name)
Concatenate a directory and a file name. User must delete returned string.
virtual int Load(const char *module, const char *entry="", Bool_t system=kFALSE)
Load a shared library.
int GetPathInfo(const char *path, Long_t *id, Long_t *size, Long_t *flags, Long_t *modtime)
Get info about a file: id, size, flags, modification time.
virtual Bool_t AccessPathName(const char *path, EAccessMode mode=kFileExists)
Returns FALSE if one can access a file using the specified access mode.
virtual FILE * TempFileName(TString &base, const char *dir=nullptr)
Create a secure temporary file by appending a unique 6 letter string to base.
virtual void DispatchOneEvent(Bool_t pendingOnly=kFALSE)
Dispatch a single event.
virtual const char * HostName()
Return the system's host name.
virtual Int_t GetEffectiveUid()
Returns the effective user id.
virtual TInetAddress GetHostByName(const char *server)
Get Internet Protocol (IP) address of host.
virtual const char * HomeDirectory(const char *userName=nullptr)
Return the user's home directory.
virtual int Unlink(const char *name)
Unlink, i.e.
virtual UserGroup_t * GetUserInfo(Int_t uid)
Returns all user info in the UserGroup_t structure.
char * DynamicPathName(const char *lib, Bool_t quiet=kFALSE)
Find a dynamic library called lib using the system search paths.
Handles synchronous and a-synchronous timer events.
virtual void Start(Long_t milliSec=-1, Bool_t singleShot=kFALSE)
Starts the timer with a milliSec timeout.
void SetInterruptSyscalls(Bool_t set=kTRUE)
When the argument is true the a-synchronous timer (SIGALRM) signal handler is set so that interrupted...
This class implements a mutex interface.
void inv(rsa_NUMBER *, rsa_NUMBER *, rsa_NUMBER *)