XRootD
Loading...
Searching...
No Matches
XrdSecProtocolkrb5.cc File Reference
#include <unistd.h>
#include <cctype>
#include <cerrno>
#include <cstdlib>
#include <strings.h>
#include <cstdio>
#include <sys/param.h>
#include <pwd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "krb5.h"
#include "com_err.h"
#include "XrdVersion.hh"
#include "XrdNet/XrdNetAddrInfo.hh"
#include "XrdNet/XrdNetUtils.hh"
#include "XrdOuc/XrdOucErrInfo.hh"
#include "XrdOuc/XrdOucEnv.hh"
#include "XrdSys/XrdSysHeaders.hh"
#include "XrdSys/XrdSysPthread.hh"
#include "XrdSys/XrdSysPwd.hh"
#include "XrdOuc/XrdOucTokenizer.hh"
#include "XrdSec/XrdSecInterface.hh"
+ Include dependency graph for XrdSecProtocolkrb5.cc:

Go to the source code of this file.

Classes

class  XrdSecProtocolkrb5
 

Macros

#define CLDBG(x)   if (client_options & XrdSecDEBUG) std::cerr <<"Seckrb5: " <<x <<std::endl;
 
#define CLPRT(x)   std::cerr <<"Seckrb5: " <<x <<std::endl;
 
#define krb_etxt(x)   (char *)error_message(x)
 
#define XrdSecDEBUG   0x1000
 
#define XrdSecEXPTKN   0x0002
 
#define XrdSecINITTKN   0x0004
 
#define XrdSecMAXPATHLEN   4096
 
#define XrdSecNOIPCHK   0x0001
 
#define XrdSecPROTOIDENT   "krb5"
 
#define XrdSecPROTOIDLEN   sizeof(XrdSecPROTOIDENT)
 

Typedefs

typedef krb5_error_code krb_rc
 

Functions

void __eprintf (const char *string, const char *expression, unsigned int line, const char *filename)
 
char * XrdSecProtocolkrb5Init (const char mode, const char *parms, XrdOucErrInfo *erp)
 
XrdSecProtocolXrdSecProtocolkrb5Object (const char mode, const char *hostname, XrdNetAddrInfo &endPoint, const char *parms, XrdOucErrInfo *erp)
 

Macro Definition Documentation

◆ CLDBG

#define CLDBG (   x)    if (client_options & XrdSecDEBUG) std::cerr <<"Seckrb5: " <<x <<std::endl;

Definition at line 81 of file XrdSecProtocolkrb5.cc.

◆ CLPRT

#define CLPRT (   x)    std::cerr <<"Seckrb5: " <<x <<std::endl;

Definition at line 82 of file XrdSecProtocolkrb5.cc.

◆ krb_etxt

#define krb_etxt (   x)    (char *)error_message(x)

Definition at line 70 of file XrdSecProtocolkrb5.cc.

◆ XrdSecDEBUG

#define XrdSecDEBUG   0x1000

Definition at line 77 of file XrdSecProtocolkrb5.cc.

◆ XrdSecEXPTKN

#define XrdSecEXPTKN   0x0002

Definition at line 75 of file XrdSecProtocolkrb5.cc.

◆ XrdSecINITTKN

#define XrdSecINITTKN   0x0004

Definition at line 76 of file XrdSecProtocolkrb5.cc.

◆ XrdSecMAXPATHLEN

#define XrdSecMAXPATHLEN   4096

Definition at line 79 of file XrdSecProtocolkrb5.cc.

◆ XrdSecNOIPCHK

#define XrdSecNOIPCHK   0x0001

Definition at line 74 of file XrdSecProtocolkrb5.cc.

◆ XrdSecPROTOIDENT

#define XrdSecPROTOIDENT   "krb5"

Definition at line 72 of file XrdSecProtocolkrb5.cc.

◆ XrdSecPROTOIDLEN

#define XrdSecPROTOIDLEN   sizeof(XrdSecPROTOIDENT)

Definition at line 73 of file XrdSecProtocolkrb5.cc.

Typedef Documentation

◆ krb_rc

typedef krb5_error_code krb_rc

Definition at line 84 of file XrdSecProtocolkrb5.cc.

Function Documentation

◆ __eprintf()

void __eprintf ( const char *  string,
const char *  expression,
unsigned int  line,
const char *  filename 
)

Definition at line 1044 of file XrdSecProtocolkrb5.cc.

1046 {
1047 fprintf (stderr, string, expression, line, filename);
1048 fflush (stderr);
1049 abort ();
1050 }
int fflush(FILE *stream)

References fflush().

+ Here is the call graph for this function:

◆ XrdSecProtocolkrb5Init()

char * XrdSecProtocolkrb5Init ( const char  mode,
const char *  parms,
XrdOucErrInfo erp 
)

Definition at line 877 of file XrdSecProtocolkrb5.cc.

880{
881 char *op, *KPrincipal=0, *Keytab=0, *ExpFile=0;
882 char parmbuff[1024];
883 XrdOucTokenizer inParms(parmbuff);
884 int options = XrdSecNOIPCHK;
885 static bool serverinitialized = false;
886
887// For client-side one-time initialization, we only need to set debug flag and
888// initialize the kerberos context and cache location.
889//
890 if ((mode == 'c') || (serverinitialized))
891 {
892 int opts = 0;
893 if (getenv("XrdSecDEBUG")) opts |= XrdSecDEBUG;
894 if (getenv("XrdSecKRB5INITTKN")) opts |= XrdSecINITTKN;
896 return (XrdSecProtocolkrb5::Init(erp) ? (char *)0 : (char *)"");
897 }
898
899 if (!serverinitialized) {
900 serverinitialized = true;
901 }
902
903// Duplicate the parms
904//
905 if (parms) strlcpy(parmbuff, parms, sizeof(parmbuff));
906 else {char *msg = (char *)"Seckrb5: Kerberos parameters not specified.";
907 if (erp) erp->setErrInfo(EINVAL, msg);
908 else std::cerr <<msg <<std::endl;
909 return (char *)0;
910 }
911
912// Expected parameters: [<keytab>] [-ipchk] [-exptkn[:filetemplate]] <principal>
913//
914 if (inParms.GetLine())
915 {if ((op = inParms.GetToken()) && *op == '/')
916 {Keytab = op; op = inParms.GetToken();}
917 if (op && !strcmp(op, "-ipchk"))
918 {options &= ~XrdSecNOIPCHK;
919 op = inParms.GetToken();
920 }
921 if (op && !strncmp(op, "-exptkn", 7))
922 {options |= XrdSecEXPTKN;
923 if (op[7] == ':') ExpFile = op+8;
924 op = inParms.GetToken();
925 }
926 KPrincipal = strdup(op);
927 }
928
929 if (ExpFile)
930 fprintf(stderr,"Template for exports: %s\n", ExpFile);
931 else
932 fprintf(stderr,"Template for exports not set\n");
933
934// Now make sure that we have all the right info
935//
936 if (!KPrincipal)
937 {char *msg = (char *)"Seckrb5: Kerberos principal not specified.";
938 if (erp) erp->setErrInfo(EINVAL, msg);
939 else std::cerr <<msg <<std::endl;
940 return (char *)0;
941 }
942
943// Expand possible keywords in the principal
944//
945 int plen = strlen(KPrincipal);
946 int lkey = strlen("<host>");
947 char *phost = (char *) strstr(&KPrincipal[0], "<host>");
948 if (phost)
949 {char *hn = XrdNetUtils::MyHostName();
950 if (hn)
951 {int lhn = strlen(hn);
952 if (lhn != lkey) {
953 // Allocate, if needed
954 int lnew = plen - lkey + lhn;
955 if (lnew > plen) {
956 KPrincipal = (char *) realloc(KPrincipal, lnew+1);
957 KPrincipal[lnew] = 0;
958 phost = (char *) strstr(&KPrincipal[0], "<host>");
959 }
960 // Adjust the space
961 int lm = plen - (int)(phost + lkey - &KPrincipal[0]);
962 memmove(phost + lhn, phost + lkey, lm);
963 }
964 // Copy the name
965 memcpy(phost, hn, lhn);
966 // Cleanup
967 free(hn);
968 }
969 }
970
971// Now initialize the server
972//
973 options |= XrdSecDEBUG;
976 if (!XrdSecProtocolkrb5::Init(erp, KPrincipal, Keytab))
977 {free(KPrincipal);
978 int lpars = strlen(XrdSecProtocolkrb5::getPrincipal());
979 if (options & XrdSecEXPTKN)
980 lpars += strlen(",fwd");
981 char *params = (char *)malloc(lpars+1);
982 if (params)
983 {memset(params,0,lpars+1);
984 strcpy(params,XrdSecProtocolkrb5::getPrincipal());
985 if (options & XrdSecEXPTKN)
986 strcat(params,",fwd");
988 return params;
989 }
990 return (char *)0;
991 }
992
993// Failure
994//
995 free(KPrincipal);
996 return (char *)0;
997}
#define XrdSecDEBUG
#define XrdSecEXPTKN
#define XrdSecINITTKN
#define XrdSecNOIPCHK
struct myOpts opts
size_t strlcpy(char *dst, const char *src, size_t sz)
static char * MyHostName(const char *eName="*unknown*", const char **eText=0)
int setErrInfo(int code, const char *emsg)
static char * getPrincipal()
static void setOpts(int opts)
static void setClientOpts(int opts)
static void setExpFile(char *expfile)
static void setParms(char *param)
static int Init(XrdOucErrInfo *einfo, char *KP=0, char *kfn=0)

References XrdOucTokenizer::GetLine(), XrdSecProtocolkrb5::getPrincipal(), XrdOucTokenizer::GetToken(), XrdSecProtocolkrb5::Init(), XrdNetUtils::MyHostName(), opts, XrdSecProtocolkrb5::setClientOpts(), XrdOucErrInfo::setErrInfo(), XrdSecProtocolkrb5::setExpFile(), XrdSecProtocolkrb5::setOpts(), XrdSecProtocolkrb5::setParms(), strlcpy(), XrdSecDEBUG, XrdSecEXPTKN, XrdSecINITTKN, and XrdSecNOIPCHK.

+ Here is the call graph for this function:

◆ XrdSecProtocolkrb5Object()

XrdSecProtocol * XrdSecProtocolkrb5Object ( const char  mode,
const char *  hostname,
XrdNetAddrInfo endPoint,
const char *  parms,
XrdOucErrInfo erp 
)

Definition at line 1006 of file XrdSecProtocolkrb5.cc.

1011{
1012 XrdSecProtocolkrb5 *prot;
1013 char *KPrincipal=0;
1014
1015// If this is a client call, then we need to get the target principal from the
1016// parms (which must be the first and only token). For servers, we use the
1017// context we established at initialization time.
1018//
1019 if (mode == 'c')
1020 {if ((KPrincipal = (char *)parms)) while(*KPrincipal == ' ') KPrincipal++;
1021 if (!KPrincipal || !*KPrincipal)
1022 {char *msg = (char *)"Seckrb5: Kerberos principal not specified.";
1023 if (erp) erp->setErrInfo(EINVAL, msg);
1024 else std::cerr <<msg <<std::endl;
1025 return (XrdSecProtocol *)0;
1026 }
1027 }
1028
1029// Get a new protocol object
1030//
1031 if (!(prot = new XrdSecProtocolkrb5(KPrincipal, hostname, endPoint)))
1032 {char *msg = (char *)"Seckrb5: Insufficient memory for protocol.";
1033 if (erp) erp->setErrInfo(ENOMEM, msg);
1034 else std::cerr <<msg <<std::endl;
1035 return (XrdSecProtocol *)0;
1036 }
1037
1038// All done
1039//
1040 return prot;
1041}

References XrdOucErrInfo::setErrInfo().

+ Here is the call graph for this function: