ROOT  6.06/09
Reference Guide
TRootSecContext.cxx
Go to the documentation of this file.
1 // @(#)root/auth:$Id$
2 // Author: G. Ganis 08/07/2005
3 
4 /*************************************************************************
5  * Copyright (C) 1995-2005, Rene Brun and Fons Rademakers. *
6  * All rights reserved. *
7  * *
8  * For the licensing terms see $ROOTSYS/LICENSE. *
9  * For the list of contributors see $ROOTSYS/README/CREDITS. *
10  *************************************************************************/
11 
12 //////////////////////////////////////////////////////////////////////////
13 // //
14 // TRootSecContext //
15 // //
16 // Special implementation of TSecContext //
17 // //
18 //////////////////////////////////////////////////////////////////////////
19 
20 #include "RConfigure.h"
21 
22 #include <stdlib.h>
23 
24 #include "TError.h"
25 #include "TRootSecContext.h"
26 #include "TROOT.h"
27 #include "TSocket.h"
28 #include "TUrl.h"
29 #include "TVirtualMutex.h"
30 
32 
33 ////////////////////////////////////////////////////////////////////////////////
34 /// Ctor for SecContext object.
35 
36  TRootSecContext::TRootSecContext(const char *user, const char *host, Int_t meth,
37  Int_t offset, const char *id,
38  const char *token, TDatime expdate,
39  void *ctx, Int_t key)
40  : TSecContext(user, host, meth, offset, id, token, expdate, ctx)
41 {
43 
44  fRSAKey = key;
45  fMethodName = TAuthenticate::GetAuthMethod(fMethod);
46 }
47 
48 ////////////////////////////////////////////////////////////////////////////////
49 /// Ctor for SecContext object.
50 /// User and host from url = user@host .
51 
52 TRootSecContext::TRootSecContext(const char *url, Int_t meth, Int_t offset,
53  const char *id, const char *token,
54  TDatime expdate, void *ctx, Int_t key)
55  : TSecContext(url, meth, offset, id, token, expdate, ctx)
56 {
58 
59  fRSAKey = key;
61 }
62 
63 ////////////////////////////////////////////////////////////////////////////////
64 /// Dtor: delete (deActivate, local/remote cleanup, list removal)
65 /// all what is still active
66 
68 {
70 }
71 
72 ////////////////////////////////////////////////////////////////////////////////
73 /// Set OffSet to -1 and expiring Date to default
74 /// Remove from the list
75 /// If globus, cleanup local stuff
76 /// If Opt contains "C" or "c", ask for remote cleanup
77 /// If Opt contains "R" or "r", remove from the list
78 /// Default Opt="CR"
79 
81 {
82  // Ask remote cleanup of this context
83  Bool_t clean = (strstr(Opt,"C") || strstr(Opt,"c"));
84  if (clean && fOffSet > -1)
86 
87  // Cleanup TPwdCtx object fro UsrPwd and SRP
90  if (fContext) {
91  delete (TPwdCtx *)fContext;
92  fContext = 0;
93  }
94 
95  // Cleanup globus security context if needed
98  if (globusAuthHook != 0) {
99  TString det("context");
100  TString us("-1");
101  (*globusAuthHook)((TAuthenticate *)fContext,us,det);
102  fContext = 0;
103  }
104  }
105 
106  Bool_t remove = (strstr(Opt,"R") || strstr(Opt,"r"));
107  if (remove && fOffSet > -1){
109  // Remove from the global list
110  gROOT->GetListOfSecContexts()->Remove(this);
111  // Remove also from local lists in THostAuth objects
113  }
114 
115  // Set inactive
116  fOffSet = -1;
118 
119 }
120 
121 ////////////////////////////////////////////////////////////////////////////////
122 /// Ask remote client to cleanup security context 'ctx'
123 /// If 'all', all sec context with the same host as ctx
124 /// are cleaned.
125 
127 {
128  Bool_t cleaned = kFALSE;
129 
130  // Nothing to do if inactive ...
131  if (!IsActive())
132  return kTRUE;
133 
134  // Contact remote services that used this context,
135  // starting from the last ...
137  TSecContextCleanup *nscc = 0;
138  while ((nscc = (TSecContextCleanup *)last()) && !cleaned) {
139 
140  // First check if remote daemon supports cleaning
141  Int_t srvtyp = nscc->GetType();
142  Int_t rproto = nscc->GetProtocol();
143  Int_t level = 2;
144  if ((srvtyp == TSocket::kROOTD && rproto < 10) ||
145  (srvtyp == TSocket::kPROOFD && rproto < 9))
146  level = 1;
147  if ((srvtyp == TSocket::kROOTD && rproto < 8) ||
148  (srvtyp == TSocket::kPROOFD && rproto < 7))
149  level = 0;
150  if (level) {
151  Int_t port = nscc->GetPort();
152 
153  TSocket *news = new TSocket(fHost.Data(),port,-1);
154 
155  if (news && news->IsValid()) {
156  if (srvtyp == TSocket::kPROOFD) {
157  news->SetOption(kNoDelay, 1);
158  news->Send("cleaning request");
159  } else
160  news->SetOption(kNoDelay, 0);
161 
162  // Backward compatibility: send socket size
163  if (srvtyp == TSocket::kROOTD && level == 1)
164  news->Send((Int_t)0, (Int_t)0);
165 
166  if (all || level == 1) {
168  cleaned = kTRUE;
169  } else {
170  news->Send(Form("%d %d %d %s", TAuthenticate::fgProcessID, fMethod,
172  if (TAuthenticate::SecureSend(news, 1, fRSAKey,
173  (char *)(fToken.Data())) == -1) {
174  Info("CleanupSecContext", "problems secure-sending token");
175  } else {
176  cleaned = kTRUE;
177  }
178  }
179  if (cleaned && gDebug > 2) {
180  char srvname[3][10] = {"sockd", "rootd", "proofd"};
181  Info("CleanupSecContext",
182  "remote %s notified for cleanup (%s,%d)",
183  srvname[srvtyp],fHost.Data(),port);
184  }
185  }
186  SafeDelete(news);
187  }
188  }
189 
190  if (!cleaned)
191  if (gDebug > 2)
192  Info("CleanupSecContext",
193  "unable to open valid socket for cleanup for %s", fHost.Data());
194 
195  return cleaned;
196 }
197 
198 ////////////////////////////////////////////////////////////////////////////////
199 /// If opt is "F" (default) print object content.
200 /// If opt is "<number>" print in special form for calls within THostAuth
201 /// with cardinality <number>
202 /// If opt is "S" prints short in-line form for calls within TFTP,
203 /// TSlave, TProof ...
204 
206 {
207  // Check if option is numeric
208  Int_t ord = -1, i = 0;
209  for (; i < (Int_t)strlen(opt); i++) {
210  if (opt[i] < 48 || opt[i] > 57) {
211  ord = -2;
212  break;
213  }
214  }
215  // If numeric get the cardinality and prepare the strings
216  if (ord == -1)
217  ord = atoi(opt);
218 
219  if (!strncasecmp(opt,"F",1)) {
220  Info("Print",
221  "+------------------------------------------------------+");
222  Info("Print",
223  "+ Host:%s Method:%d (%s) User:'%s'",
225  fUser.Data());
226  Info("Print",
227  "+ OffSet:%d Id: '%s'", fOffSet, fID.Data());
228  if (fOffSet > -1)
229  Info("Print",
230  "+ Expiration time: %s",fExpDate.AsString());
231  Info("Print",
232  "+------------------------------------------------------+");
233  } else if (!strncasecmp(opt,"S",1)) {
234  if (fOffSet > -1) {
235  if (fID.BeginsWith("AFS"))
236  Printf("Security context: Method: AFS, not reusable");
237  else
238  Printf("Security context: Method: %d (%s) expiring on %s",
240  fExpDate.AsString());
241  } else {
242  Printf("Security context: Method: %d (%s) not reusable",
244  }
245  } else {
246  // special printing form for THostAuth
247  Info("PrintEstblshed","+ %d \t h:%s met:%d (%s) us:'%s'",
248  ord, GetHost(), fMethod, GetMethodName(),
249  fUser.Data());
250  Info("PrintEstblshed","+ \t offset:%d id: '%s'", fOffSet, fID.Data());
251  if (fOffSet > -1)
252  Info("PrintEstblshed","+ \t expiring: %s",fExpDate.AsString());
253  }
254 }
255 
256 ////////////////////////////////////////////////////////////////////////////////
257 /// Returns short string with relevant information about this
258 /// security context
259 
261 {
262  if (fOffSet > -1) {
263  if (fID.BeginsWith("AFS"))
264  out = Form("Method: AFS, not reusable");
265  else {
266  char expdate[32];
267  out = Form("Method: %d (%s) expiring on %s",
268  fMethod, GetMethodName(), fExpDate.AsString(expdate));
269  }
270  } else {
271  if (fOffSet == -1)
272  out = Form("Method: %d (%s) not reusable", fMethod, GetMethodName());
273  else if (fOffSet == -3)
274  out = Form("Method: %d (%s) authorized by /etc/hosts.equiv or $HOME/.rhosts",
276  else if (fOffSet == -4)
277  out = Form("No authentication required remotely");
278  }
279  return out.Data();
280 }
void DeActivate(Option_t *opt="CR")
Set OffSet to -1 and expiring Date to default Remove from the list If globus, cleanup local stuff If ...
static void RemoveSecContext(TRootSecContext *ctx)
Tool for removing SecContext ctx from THostAuth listed in fgAuthInfo or fgProofAuthInfo.
Int_t(* GlobusAuth_t)(TAuthenticate *auth, TString &user, TString &det)
Definition: TAuthenticate.h:56
const char Option_t
Definition: RtypesCore.h:62
virtual Bool_t IsValid() const
Definition: TSocket.h:162
virtual Int_t Send(const TMessage &mess)
Send a TMessage object.
Definition: TSocket.cxx:520
virtual Int_t SetOption(ESockOptions opt, Int_t val)
Set socket options.
Definition: TSocket.cxx:1017
virtual void Info(const char *method, const char *msgfmt,...) const
Issue info message.
Definition: TObject.cxx:892
static GlobusAuth_t GetGlobusAuthHook()
Static method returning the globus authorization hook.
const char * GetHost() const
Definition: TSecContext.h:81
const char * GetMethodName() const
Definition: TSecContext.h:84
#define R__ASSERT(e)
Definition: TError.h:98
#define gROOT
Definition: TROOT.h:340
Basic string class.
Definition: TString.h:137
Bool_t IsActive() const
Check remote OffSet and expiring Date.
int Int_t
Definition: RtypesCore.h:41
bool Bool_t
Definition: RtypesCore.h:59
TString fUser
Definition: TSecContext.h:56
R__EXTERN TVirtualMutex * gROOTMutex
Definition: TROOT.h:63
const Bool_t kFALSE
Definition: Rtypes.h:92
TString fMethodName
Definition: TSecContext.h:53
Bool_t BeginsWith(const char *s, ECaseCompare cmp=kExact) const
Definition: TString.h:558
TRootSecContext(const char *url, Int_t meth, Int_t offset, const char *id, const char *token, TDatime expdate=kROOTTZERO, void *ctx=0, Int_t key=1)
Ctor for SecContext object.
TString fToken
Definition: TSecContext.h:55
ClassImp(TRootSecContext) TRootSecContext
Ctor for SecContext object.
const char * Data() const
Definition: TString.h:349
#define SafeDelete(p)
Definition: RConfig.h:436
Int_t GetPort() const
Definition: TSecContext.h:127
Int_t GetType() const
Definition: TSecContext.h:129
static Int_t fgProcessID
const char * ord
Definition: TXSlave.cxx:46
UChar_t mod R__LOCKGUARD2(gSrvAuthenticateMutex)
void Cleanup()
Cleanup what is still active.
char * out
Definition: TBase64.cxx:29
Int_t fMethod
Definition: TSecContext.h:52
static Int_t SecureSend(TSocket *Socket, Int_t enc, Int_t KeyType, const char *In)
Encode null terminated str using the session private key indicated by enc and sends it over the netwo...
TString fID
Definition: TSecContext.h:51
TList * fCleanup
Definition: TSecContext.h:48
TString fHost
Definition: TSecContext.h:50
virtual ~TRootSecContext()
Dtor: delete (deActivate, local/remote cleanup, list removal) all what is still active.
char * Form(const char *fmt,...)
#define Printf
Definition: TGeoToOCC.h:18
void Print(Option_t *option="F") const
If opt is "F" (default) print object content.
const TDatime kROOTTZERO
Definition: TSecContext.h:36
Int_t GetProtocol() const
Definition: TSecContext.h:128
R__EXTERN Int_t gDebug
Definition: Rtypes.h:128
const char * AsString(TString &out)
Returns short string with relevant information about this security context.
const Bool_t kIterBackward
Definition: TCollection.h:44
const char * AsString() const
Return the date & time as a string (ctime() format).
Definition: TDatime.cxx:99
const Bool_t kTRUE
Definition: Rtypes.h:91
Int_t fOffSet
Definition: TSecContext.h:54
Bool_t CleanupSecContext(Bool_t all)
Ask remote client to cleanup security context 'ctx' If 'all', all sec context with the same host as c...
void * fContext
Definition: TSecContext.h:47
TDatime fExpDate
Definition: TSecContext.h:49
This class stores the date and time with a precision of one second in an unsigned 32 bit word (950130...
Definition: TDatime.h:39
static const char * GetAuthMethod(Int_t idx)
Static method returning the method corresponding to idx.