TAuthenticate
class description - source file - inheritance tree
private:
static Bool_t CheckHost(const char* Host, const char* host)
static Bool_t CheckHostWild(const char* Host, const char* host)
static Int_t CheckRootAuthrc(const char* Host, char*** user, Int_t** nmeth, Int_t** authmeth, char*** det)
Int_t ClearAuth(TString& user, TString& passwd, Bool_t& pwhash)
static void DecodeDetails(char* details, char* pt, char* ru, char** us)
static void DecodeDetailsGlobus(char* details, char* pt, char* ru, char** cd, char** cf, char** kf, char** ad)
static void FileExpand(const char* fin, FILE* ftmp)
char* GetRandString(Int_t Opt, Int_t Len)
Bool_t GetUserPasswd(TString& user, TString& passwd, Bool_t& pwhash, Bool_t& srppwd)
Int_t RfioAuth(TString& user)
void SetEnvironment()
Int_t SshAuth(TString& user)
public:
TAuthenticate(TSocket* sock, const char* remote, const char* proto, const char* user)
TAuthenticate(const TAuthenticate&)
virtual ~TAuthenticate()
Bool_t Authenticate()
static void AuthError(const char* where, Int_t error)
static Int_t AuthExists(TAuthenticate* auth, Int_t method, TString& details, const char* Options, Int_t* Message, Int_t* Rflag)
Bool_t CheckNetrc(TString& user, TString& passwd)
Bool_t CheckNetrc(TString& user, TString& passwd, Bool_t& pwhash, Bool_t& srppwd)
static TClass* Class()
static void DecodeRSAPublic(const char* rsapubexport, rsa_NUMBER& n, rsa_NUMBER& d)
Int_t GenRSAKeys()
static TList* GetAuthInfo()
static Int_t GetAuthMeth(const char* Host, const char* protocol, char*** user, Int_t** nmeth, Int_t** authmeth, char*** det)
static const char* GetAuthMethod(Int_t idx) const
static Int_t GetAuthMethodIdx(const char* meth)
static Bool_t GetAuthReUse()
static char* GetDefaultDetails(Int_t method, Int_t opt, const char* user)
static const char* GetDefaultUser() const
const char* GetDetails() const
static const char* GetGlobalPasswd() const
static Bool_t GetGlobalPwHash()
static Bool_t GetGlobalSRPPwd()
static const char* GetGlobalUser() const
static GlobusAuth_t GetGlobusAuthHook()
THostAuth* GetHostAuth() const
static THostAuth* GetHostAuth(const char* host, const char* user)
static Int_t GetOffSet(TAuthenticate* auth, Int_t method, TString& details, char** token)
const char* GetPasswd() const
static Bool_t GetPromptUser()
const char* GetProtocol() const
Bool_t GetPwHash() const
const char* GetRemoteHost() const
static char* GetRemoteLogin(THostAuth* hostauth, Int_t method, const char* details)
static Int_t GetRSAInit()
Int_t GetRSAKey() const
static const char* GetRSAPubExport() const
TAuthenticate::ESecurity GetSecurity() const
TSocket* GetSocket() const
Bool_t GetSRPPwd() const
const char* GetSshUser() const
const char* GetUser() const
Int_t GetVersion() const
virtual TClass* IsA() const
static void PrintHostAuth()
static char* PromptPasswd(const char* prompt = "Password: ")
static char* PromptUser(const char* remote)
static void ReadAuthRc(const char* host, const char* user)
static void RemoveHostAuth(THostAuth* ha)
static void SaveAuthDetails(TAuthenticate* auth, Int_t method, Int_t offset, Int_t reuse, TString& details, const char* rlogin, Int_t keytype, const char* token)
static Int_t SecureRecv(TSocket* Socket, Int_t KeyType, char** Out)
static Int_t SecureSend(TSocket* Socket, Int_t KeyType, const char* In)
static void SendRSAPublicKey(TSocket* Socket)
static void SetAuthReUse(Bool_t authreuse)
static void SetDefaultUser(const char* defaultuser)
static void SetGlobalPasswd(const char* passwd)
static void SetGlobalPwHash(Bool_t pwhash)
static void SetGlobalSRPPwd(Bool_t srppwd)
static void SetGlobalUser(const char* user)
static void SetGlobusAuthHook(GlobusAuth_t func)
void SetHostAuth(const char* host, const char* user)
static void SetKrb5AuthHook(Krb5Auth_t func)
static void SetOffSet(THostAuth* hostauth, Int_t method, TString& details, Int_t offset)
static void SetPromptUser(Bool_t promptuser)
void SetPwHash(Bool_t pwhash)
static void SetRSAInit()
void SetRSAKey(Int_t fKey)
static void SetRSAPublic(const char* rsapubexport)
static void SetSecureAuthHook(SecureAuth_t func)
void SetSecurity(Int_t fSec)
void SetUser(const char* user)
void SetVersion(Int_t fVer)
virtual void ShowMembers(TMemberInspector& insp, char* parent)
virtual void Streamer(TBuffer& b)
void StreamerNVirtual(TBuffer& b)
private:
TString fUser user to be authenticated
TString fPasswd user's password
Bool_t fPwHash kTRUE if fPasswd is a passwd hash
Bool_t fSRPPwd kTRUE if fPasswd is a SRP passwd
TString fProtocol remote service (rootd, proofd)
TString fRemote remote host to which we want to connect
TSocket* fSocket connection to remote daemon
TAuthenticate::ESecurity fSecurity actual logon security level
TString fDetails logon details (method dependent ...)
THostAuth* fHostAuth pointer to relevant authentication info
Int_t fVersion 0,1,2, ... accordingly to remote daemon version
Int_t fRSAKey Type of RSA key used
static TString fgUser
static TString fgPasswd
static Bool_t fgPwHash kTRUE if fgPasswd is a passwd hash
static Bool_t fgSRPPwd kTRUE if fgPasswd is a SRP passwd
static TString fgAuthMeth[6]
static SecureAuth_t fgSecAuthHook
static Krb5Auth_t fgKrb5AuthHook
static GlobusAuth_t fgGlobusAuthHook
static TString fgDefaultUser Default user information
static Bool_t fgAuthReUse kTRUE is ReUse required
static Bool_t fgPromptUser kTRUE if user prompt required
static Bool_t fgUsrPwdCrypt kTRUE if encryption for UsrPwd is required
static TList* fgAuthInfo
static Int_t fgRSAInit
static rsa_KEY fgRSAPriKey
static rsa_KEY fgRSAPubKey
static rsa_KEY_export fgRSAPubExport
public:
static const TAuthenticate::ESecurity kClear
static const TAuthenticate::ESecurity kSRP
static const TAuthenticate::ESecurity kKrb5
static const TAuthenticate::ESecurity kGlobus
static const TAuthenticate::ESecurity kSSH
static const TAuthenticate::ESecurity kRfio
TAuthenticate
An authentication module for ROOT based network services, like rootd
and proofd.
TAuthenticate(TSocket *sock, const char *remote,
const char *proto, const char *user)
Create authentication object.
Bool_t Authenticate()
Authenticate to remote rootd or proofd server. Return kTRUE if
authentication succeeded.
void SetEnvironment()
Set default authentication environment. The values are inferred
from fSecurity and fDetails.
Bool_t GetUserPasswd(TString &user, TString &passwd,
Bool_t &pwhash, Bool_t &srppwd)
Try to get user name and passwd from several sources.
Bool_t CheckNetrc(TString &user, TString &passwd)
Try to get user name and passwd from the ~/.rootnetrc or
~/.netrc files. For more info see the version with 4 arguments.
This version is maintained for backward compatability reasons.
Bool_t CheckNetrc(TString &user, TString &passwd,
Bool_t &pwhash, Bool_t &srppwd)
Try to get user name and passwd from the ~/.rootnetrc or
~/.netrc files. First ~/.rootnetrc is tried, after that ~/.netrc.
These files will only be used when their access masks are 0600.
Returns kTRUE if user and passwd were found for the machine
specified in the URL. If kFALSE, user and passwd are "".
If srppwd == kTRUE then a SRP ('secure') pwd is searched for in
the files.
The boolean pwhash is set to kTRUE if the returned passwd is to
be understood as password hash, i.e. if the 'password-hash' keyword
is found in the 'machine' lines; not implemented for 'secure'
and the .netrc file.
The format of these files are:
# this is a comment line
machine <machine fqdn> login <user> password <passwd>
machine <machine fqdn> login <user> password-hash <passwd>
and in addition ~/.rootnetrc also supports:
secure <machine fqdn> login <user> password <passwd>
for the secure protocols. All lines must start in the first column.
const char* GetGlobalUser()
Static method returning the global user.
const char* GetGlobalPasswd()
Static method returning the global global password.
Bool_t GetGlobalPwHash()
Static method returning the global password hash flag.
Bool_t GetGlobalSRPPwd()
Static method returning the global SRP password flag.
const char* GetDefaultUser()
Static method returning the default user information.
Bool_t GetAuthReUse()
Static method returning the authentication reuse settings.
Bool_t GetPromptUser()
Static method returning the prompt user settings.
const char* GetAuthMethod(Int_t idx)
Static method returning the method corresponding to idx.
Int_t GetAuthMethodIdx(const char *meth)
Static method returning the method index (which can be used to find
the method in GetAuthMethod()). Returns -1 in case meth is not found.
char* PromptUser(const char *remote)
Static method to prompt for the user name to be used for authentication
to rootd or proofd. User is asked to type user name.
Returns user name (which must be deleted by caller) or 0.
If non-interactive run (eg ProofServ) returns default user.
char* PromptPasswd(const char *prompt)
Static method to prompt for the user's passwd to be used for
authentication to rootd or proofd. Uses non-echoing command line
to get passwd. Returns passwd (which must de deleted by caller) or 0.
If non-interactive run (eg ProofServ) returns -1
GlobusAuth_t GetGlobusAuthHook()
Static method returning the globus authorization hook.
const char* GetRSAPubExport()
Static method returning the RSA public keys.
Int_t GetRSAInit()
Static method returning the RSA initialization flag.
void SetRSAInit()
Static method setting RSA initialization flag.
TList* GetAuthInfo()
Static method returning the list with authentication details.
void AuthError(const char *where, Int_t err)
Print error string depending on error code.
void SetGlobalUser(const char *user)
Set global user name to be used for authentication to rootd or proofd.
void SetGlobalPasswd(const char *passwd)
Set global passwd to be used for authentication to rootd or proofd.
void SetGlobalPwHash(Bool_t pwhash)
Set global passwd hash flag to be used for authentication to rootd or proofd.
void SetGlobalSRPPwd(Bool_t srppwd)
Set global SRP passwd flag to be used for authentication to rootd or proofd.
void SetDefaultUser(const char *defaultuser)
Set default user name.
void SetAuthReUse(Bool_t authreuse)
Set global AuthReUse flag
void SetPromptUser(Bool_t promptuser)
Set global PromptUser flag
void SetSecureAuthHook(SecureAuth_t func)
Set secure authorization function. Automatically called when libSRPAuth
is loaded.
void SetKrb5AuthHook(Krb5Auth_t func)
Set kerberos5 authorization function. Automatically called when
libKrb5Auth is loaded.
void SetGlobusAuthHook(GlobusAuth_t func)
Set Globus authorization function. Automatically called when
libGlobusAuth is loaded.
Int_t SshAuth(TString &User)
SSH client authentication code.
const char* GetSshUser() const
Method returning the User to be used for the ssh login.
Looks first at SSH.Login and finally at env USER.
If SSH.LoginPrompt is set to 'yes' it prompts for the 'login name'
Int_t GetAuthMeth(const char *Host, const char *Proto,
char ***User, Int_t **NumMeth,
Int_t **AuthMeth, char ***Details)
This method looks for the available methods (as chosen by the user)
for authentication vis-a-vis of host 'Host' and depending on protocol
Proto (either root - rootd, roots, rootk - or proof - proofd, proofs,
proofk - families).
Information is looked for in ~/.rootauthrc and in the .rootrc family
of files via Rootd.Authentication and Proofd.Authentication variables.
Return number of methods, their codes in AuthMeth and strings with
auth details in Details (login name, principals, etc ...).
Space for AuthMeth and Details must be allocated outside
Default method is SSH.
Int_t CheckRootAuthrc(const char *Host, char ***user,
Int_t **nh, Int_t **am, char ***det)
Try to get info about authetication policies for Host
Bool_t CheckHost(const char *Host, const char *host)
Check if 'Host' matches 'host':
this means either equal or "containing" it, even with wild cards *
in the first field (in the case 'host' is a name, ie not IP address)
Returns kTRUE if the two matches.
Int_t RfioAuth(TString &User)
UidGid client authentication code.
Returns 0 in case authentication failed
1 in case of success
<0 in case of system error
Int_t ClearAuth(TString &User, TString &Passwd, Bool_t &PwHash)
UsrPwd client authentication code.
Returns 0 in case authentication failed
1 in case of success
Int_t GetOffSet(TAuthenticate *Auth, Int_t Method,
TString &Details, char **Token)
Check if already authenticated for Method with Details
Return OffSet in the affirmative case or -1.
void SetOffSet(THostAuth *HostAuth, Int_t Method,
TString &Details, Int_t OffSet)
Save new offset
char* GetRemoteLogin(THostAuth *HostAuth, Int_t Method,
const char *Details)
Check if already authenticated for Method with Details
Return remote user login name in the affirmative case or 0
The string should be freed by the caller with 'delete'.
void SaveAuthDetails(TAuthenticate *Auth, Int_t Method,
Int_t OffSet, Int_t ReUse,
TString &Details, const char *rlogin,
Int_t key, const char *token)
void DecodeDetails(char *details, char *Pt, char *Ru, char **Us)
Parse details looking for user info
void DecodeDetailsGlobus(char *details, char *Pt, char *Ru,
char **Cd, char **Cf, char **Kf,
char **Ad)
Parse details looking for globus authentication info
void SetHostAuth(const char *host, const char *user)
Sets fUser=user and search fgAuthInfo for the entry pertaining to
(host,user), setting fHostAuth accordingly.
If no entry is found fHostAuth is not changed
THostAuth* GetHostAuth(const char *host, const char *user)
Sets fUser=user and search fgAuthInfo for the entry pertaining to
(host,user), setting fHostAuth accordingly.
If no entry is found fHostAuth is not changed
void FileExpand(const char *fexp, FILE *ftmp)
Expands include directives found in fexp files
The expanded, temporary file, is pointed to by 'ftmp'
and should be already open. To be called recursively.
char* GetDefaultDetails(int sec, int opt, const char *usr)
Determine default authentication details for method 'sec' and user 'usr'.
Checks .rootrc family files. Returned string must be deleted by the user.
void RemoveHostAuth(THostAuth *ha)
Remove THostAuth instance from the list
void ReadAuthRc(const char *host, const char *user)
Read methods for a given host (and user) from .rootauthrc
void PrintHostAuth()
Print info abour existing HostAuth instantiations
Int_t AuthExists(TAuthenticate *Auth, Int_t Sec,
TString &Details, const char *Options,
Int_t *Message, Int_t *Rflag)
Check if we have a valid established sec context in memory
Retrieves relevant info and negotiates with server.
Options = "Opt,strlen(User),User.Data()"
Message = kROOTD_USER, ...
Int_t GenRSAKeys()
Generate a valid pair of private/public RSA keys to protect for authentication
token exchange
char* GetRandString(Int_t Opt, Int_t Len)
Allocates and fills a 0 terminated buffer of length Len+1 with
Len random characters.
Returns pointer to the buffer (to be deleted by the caller)
Opt = 0 any non dangerous char
1 letters and numbers (upper and lower case)
2 hex characters (upper and lower case)
Int_t SecureSend(TSocket *Socket, Int_t Key, const char *Str)
Encode null terminated Str using the session private key indcated by Key
and sends it over the network
Returns number of bytes sent, or -1 in case of error.
Key = 1 for private encoding, Key = 2 for public encoding
Int_t SecureRecv(TSocket *Socket, Int_t Key, char **Str)
Receive Len bytes from Socket and decode them in Str using key indicated by Key type
Return number of received bytes or -1 in case of error.
Key = 1 for private decoding, Key = 2 for public decoding
void DecodeRSAPublic(const char *RSAPubExport, rsa_NUMBER &RSA_n,
rsa_NUMBER &RSA_d)
Store RSA public keys from export string RSAPubExport.
void SetRSAPublic(const char *RSAPubExport)
Store RSA public keys from export string RSAPubExport.
void SendRSAPublicKey(TSocket *Socket)
Receives Server RSA Public key
Sends local RSA public key encodded
Inline Functions
Bool_t CheckHostWild(const char* Host, const char* host)
const char* GetUser() const
const char* GetPasswd() const
Bool_t GetPwHash() const
Bool_t GetSRPPwd() const
const char* GetProtocol() const
const char* GetRemoteHost() const
void SetUser(const char* user)
void SetPwHash(Bool_t pwhash)
void SetSecurity(Int_t fSec)
TAuthenticate::ESecurity GetSecurity() const
const char* GetDetails() const
TSocket* GetSocket() const
void SetVersion(Int_t fVer)
Int_t GetVersion() const
void SetRSAKey(Int_t fKey)
Int_t GetRSAKey() const
THostAuth* GetHostAuth(const char* host, const char* user)
TClass* Class()
TClass* IsA() const
void ShowMembers(TMemberInspector& insp, char* parent)
void Streamer(TBuffer& b)
void StreamerNVirtual(TBuffer& b)
TAuthenticate TAuthenticate(const TAuthenticate&)
void ~TAuthenticate()
Author: Fons Rademakers 26/11/2000
Last update: root/net:$Name: $:$Id: TAuthenticate.cxx,v 1.34 2003/12/01 07:18:07 rdm Exp $
Copyright (C) 1995-2000, Rene Brun and Fons Rademakers. *
ROOT page - Class index - Top of the page
This page has been automatically generated. If you have any comments or suggestions about the page layout send a mail to ROOT support, or contact the developers with any questions or problems regarding ROOT.