XRootD
Loading...
Searching...
No Matches
XrdSecProtocolkrb5.cc File Reference
#include <unistd.h>
#include <cctype>
#include <cerrno>
#include <cstdlib>
#include <string>
#include <strings.h>
#include <cstdio>
#include <sys/param.h>
#include <pwd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "krb5.h"
#include "com_err.h"
#include "XrdVersion.hh"
#include "XrdNet/XrdNetAddrInfo.hh"
#include "XrdNet/XrdNetUtils.hh"
#include "XrdOuc/XrdOucErrInfo.hh"
#include "XrdOuc/XrdOucEnv.hh"
#include "XrdSys/XrdSysHeaders.hh"
#include "XrdSys/XrdSysPthread.hh"
#include "XrdSys/XrdSysPwd.hh"
#include "XrdOuc/XrdOucTokenizer.hh"
#include "XrdSec/XrdSecInterface.hh"
+ Include dependency graph for XrdSecProtocolkrb5.cc:

Go to the source code of this file.

Classes

class  XrdSecProtocolkrb5
 

Macros

#define CLDBG(x)   if (client_options & XrdSecDEBUG) std::cerr <<"Seckrb5: " <<x <<std::endl;
 
#define CLPRT(x)   std::cerr <<"Seckrb5: " <<x <<std::endl;
 
#define krb_etxt(x)   (char *)error_message(x)
 
#define XrdSecDEBUG   0x1000
 
#define XrdSecEXPTKN   0x0002
 
#define XrdSecINITTKN   0x0004
 
#define XrdSecMAXPATHLEN   4096
 
#define XrdSecNOIPCHK   0x0001
 
#define XrdSecPROTOIDENT   "krb5"
 
#define XrdSecPROTOIDLEN   sizeof(XrdSecPROTOIDENT)
 

Typedefs

typedef krb5_error_code krb_rc
 

Functions

void __eprintf (const char *string, const char *expression, unsigned int line, const char *filename)
 
char * XrdSecProtocolkrb5Init (const char mode, const char *parms, XrdOucErrInfo *erp)
 
XrdSecProtocolXrdSecProtocolkrb5Object (const char mode, const char *hostname, XrdNetAddrInfo &endPoint, const char *parms, XrdOucErrInfo *erp)
 

Macro Definition Documentation

◆ CLDBG

#define CLDBG (   x)    if (client_options & XrdSecDEBUG) std::cerr <<"Seckrb5: " <<x <<std::endl;

Definition at line 82 of file XrdSecProtocolkrb5.cc.

◆ CLPRT

#define CLPRT (   x)    std::cerr <<"Seckrb5: " <<x <<std::endl;

Definition at line 83 of file XrdSecProtocolkrb5.cc.

◆ krb_etxt

#define krb_etxt (   x)    (char *)error_message(x)

Definition at line 71 of file XrdSecProtocolkrb5.cc.

◆ XrdSecDEBUG

#define XrdSecDEBUG   0x1000

Definition at line 78 of file XrdSecProtocolkrb5.cc.

◆ XrdSecEXPTKN

#define XrdSecEXPTKN   0x0002

Definition at line 76 of file XrdSecProtocolkrb5.cc.

◆ XrdSecINITTKN

#define XrdSecINITTKN   0x0004

Definition at line 77 of file XrdSecProtocolkrb5.cc.

◆ XrdSecMAXPATHLEN

#define XrdSecMAXPATHLEN   4096

Definition at line 80 of file XrdSecProtocolkrb5.cc.

◆ XrdSecNOIPCHK

#define XrdSecNOIPCHK   0x0001

Definition at line 75 of file XrdSecProtocolkrb5.cc.

◆ XrdSecPROTOIDENT

#define XrdSecPROTOIDENT   "krb5"

Definition at line 73 of file XrdSecProtocolkrb5.cc.

◆ XrdSecPROTOIDLEN

#define XrdSecPROTOIDLEN   sizeof(XrdSecPROTOIDENT)

Definition at line 74 of file XrdSecProtocolkrb5.cc.

Typedef Documentation

◆ krb_rc

typedef krb5_error_code krb_rc

Definition at line 85 of file XrdSecProtocolkrb5.cc.

Function Documentation

◆ __eprintf()

void __eprintf ( const char *  string,
const char *  expression,
unsigned int  line,
const char *  filename 
)

Definition at line 1067 of file XrdSecProtocolkrb5.cc.

1069 {
1070 fprintf (stderr, string, expression, line, filename);
1071 fflush (stderr);
1072 abort ();
1073 }
int fflush(FILE *stream)

References fflush().

+ Here is the call graph for this function:

◆ XrdSecProtocolkrb5Init()

char * XrdSecProtocolkrb5Init ( const char  mode,
const char *  parms,
XrdOucErrInfo erp 
)

Definition at line 900 of file XrdSecProtocolkrb5.cc.

903{
904 char *op, *KPrincipal=0, *Keytab=0, *ExpFile=0;
905 char parmbuff[1024];
906 XrdOucTokenizer inParms(parmbuff);
907 int options = XrdSecNOIPCHK;
908 static bool serverinitialized = false;
909
910// For client-side one-time initialization, we only need to set debug flag and
911// initialize the kerberos context and cache location.
912//
913 if ((mode == 'c') || (serverinitialized))
914 {
915 int opts = 0;
916 if (getenv("XrdSecDEBUG")) opts |= XrdSecDEBUG;
917 if (getenv("XrdSecKRB5INITTKN")) opts |= XrdSecINITTKN;
919 return (XrdSecProtocolkrb5::Init(erp) ? (char *)0 : (char *)"");
920 }
921
922 if (!serverinitialized) {
923 serverinitialized = true;
924 }
925
926// Duplicate the parms
927//
928 if (parms) strlcpy(parmbuff, parms, sizeof(parmbuff));
929 else {char *msg = (char *)"Seckrb5: Kerberos parameters not specified.";
930 if (erp) erp->setErrInfo(EINVAL, msg);
931 else std::cerr <<msg <<std::endl;
932 return (char *)0;
933 }
934
935// Expected parameters: [<keytab>] [-ipchk] [-exptkn[:filetemplate]] <principal>
936//
937 if (inParms.GetLine())
938 {if ((op = inParms.GetToken()) && *op == '/')
939 {Keytab = op; op = inParms.GetToken();}
940 if (op && !strcmp(op, "-ipchk"))
941 {options &= ~XrdSecNOIPCHK;
942 op = inParms.GetToken();
943 }
944 if (op && !strncmp(op, "-exptkn", 7))
945 {options |= XrdSecEXPTKN;
946 if (op[7] == ':') ExpFile = op+8;
947 op = inParms.GetToken();
948 }
949 KPrincipal = strdup(op);
950 }
951
952 if (ExpFile)
953 fprintf(stderr,"Template for exports: %s\n", ExpFile);
954 else
955 fprintf(stderr,"Template for exports not set\n");
956
957// Now make sure that we have all the right info
958//
959 if (!KPrincipal)
960 {char *msg = (char *)"Seckrb5: Kerberos principal not specified.";
961 if (erp) erp->setErrInfo(EINVAL, msg);
962 else std::cerr <<msg <<std::endl;
963 return (char *)0;
964 }
965
966// Expand possible keywords in the principal
967//
968 int plen = strlen(KPrincipal);
969 int lkey = strlen("<host>");
970 char *phost = (char *) strstr(&KPrincipal[0], "<host>");
971 if (phost)
972 {char *hn = XrdNetUtils::MyHostName();
973 if (hn)
974 {int lhn = strlen(hn);
975 if (lhn != lkey) {
976 // Allocate, if needed
977 int lnew = plen - lkey + lhn;
978 if (lnew > plen) {
979 KPrincipal = (char *) realloc(KPrincipal, lnew+1);
980 KPrincipal[lnew] = 0;
981 phost = (char *) strstr(&KPrincipal[0], "<host>");
982 }
983 // Adjust the space
984 int lm = plen - (int)(phost + lkey - &KPrincipal[0]);
985 memmove(phost + lhn, phost + lkey, lm);
986 }
987 // Copy the name
988 memcpy(phost, hn, lhn);
989 // Cleanup
990 free(hn);
991 }
992 }
993
994// Now initialize the server
995//
996 options |= XrdSecDEBUG;
999 if (!XrdSecProtocolkrb5::Init(erp, KPrincipal, Keytab))
1000 {free(KPrincipal);
1001 int lpars = strlen(XrdSecProtocolkrb5::getPrincipal());
1002 if (options & XrdSecEXPTKN)
1003 lpars += strlen(",fwd");
1004 char *params = (char *)malloc(lpars+1);
1005 if (params)
1006 {memset(params,0,lpars+1);
1007 strcpy(params,XrdSecProtocolkrb5::getPrincipal());
1008 if (options & XrdSecEXPTKN)
1009 strcat(params,",fwd");
1011 return params;
1012 }
1013 return (char *)0;
1014 }
1015
1016// Failure
1017//
1018 free(KPrincipal);
1019 return (char *)0;
1020}
#define XrdSecDEBUG
#define XrdSecEXPTKN
#define XrdSecINITTKN
#define XrdSecNOIPCHK
struct myOpts opts
size_t strlcpy(char *dst, const char *src, size_t sz)
static char * MyHostName(const char *eName="*unknown*", const char **eText=0)
int setErrInfo(int code, const char *emsg)
static char * getPrincipal()
static void setOpts(int opts)
static void setClientOpts(int opts)
static void setExpFile(char *expfile)
static void setParms(char *param)
static int Init(XrdOucErrInfo *einfo, char *KP=0, char *kfn=0)

References XrdOucTokenizer::GetLine(), XrdSecProtocolkrb5::getPrincipal(), XrdOucTokenizer::GetToken(), XrdSecProtocolkrb5::Init(), XrdNetUtils::MyHostName(), opts, XrdSecProtocolkrb5::setClientOpts(), XrdOucErrInfo::setErrInfo(), XrdSecProtocolkrb5::setExpFile(), XrdSecProtocolkrb5::setOpts(), XrdSecProtocolkrb5::setParms(), strlcpy(), XrdSecDEBUG, XrdSecEXPTKN, XrdSecINITTKN, and XrdSecNOIPCHK.

+ Here is the call graph for this function:

◆ XrdSecProtocolkrb5Object()

XrdSecProtocol * XrdSecProtocolkrb5Object ( const char  mode,
const char *  hostname,
XrdNetAddrInfo endPoint,
const char *  parms,
XrdOucErrInfo erp 
)

Definition at line 1029 of file XrdSecProtocolkrb5.cc.

1034{
1035 XrdSecProtocolkrb5 *prot;
1036 char *KPrincipal=0;
1037
1038// If this is a client call, then we need to get the target principal from the
1039// parms (which must be the first and only token). For servers, we use the
1040// context we established at initialization time.
1041//
1042 if (mode == 'c')
1043 {if ((KPrincipal = (char *)parms)) while(*KPrincipal == ' ') KPrincipal++;
1044 if (!KPrincipal || !*KPrincipal)
1045 {char *msg = (char *)"Seckrb5: Kerberos principal not specified.";
1046 if (erp) erp->setErrInfo(EINVAL, msg);
1047 else std::cerr <<msg <<std::endl;
1048 return (XrdSecProtocol *)0;
1049 }
1050 }
1051
1052// Get a new protocol object
1053//
1054 if (!(prot = new XrdSecProtocolkrb5(KPrincipal, hostname, endPoint)))
1055 {char *msg = (char *)"Seckrb5: Insufficient memory for protocol.";
1056 if (erp) erp->setErrInfo(ENOMEM, msg);
1057 else std::cerr <<msg <<std::endl;
1058 return (XrdSecProtocol *)0;
1059 }
1060
1061// All done
1062//
1063 return prot;
1064}

References XrdOucErrInfo::setErrInfo().

+ Here is the call graph for this function: