XRootD
Loading...
Searching...
No Matches
XrdDigAuth Class Reference

#include <XrdDigAuth.hh>

+ Collaboration diagram for XrdDigAuth:

Public Member Functions

 XrdDigAuth ()
 
 ~XrdDigAuth ()
 
bool Authorize (const XrdSecEntity *client, XrdDigAuthEnt::aType aType, bool aVec[XrdDigAuthEnt::aNum]=0)
 
bool Configure (const char *aFN)
 

Detailed Description

Definition at line 68 of file XrdDigAuth.hh.

Constructor & Destructor Documentation

◆ XrdDigAuth()

XrdDigAuth::XrdDigAuth ( )
inline

Definition at line 79 of file XrdDigAuth.hh.

79: authFN(0), authTOD(0), authCHK(0), authList(0) {}

◆ ~XrdDigAuth()

XrdDigAuth::~XrdDigAuth ( )
inline

Definition at line 80 of file XrdDigAuth.hh.

80{}

Member Function Documentation

◆ Authorize()

bool XrdDigAuth::Authorize ( const XrdSecEntity * client,
XrdDigAuthEnt::aType aType,
bool aVec[XrdDigAuthEnt::aNum] = 0 )

Definition at line 89 of file XrdDigAuth.cc.

93{
94 XrdSysMutexHelper mHelp(&authMutex);
95 time_t tNow = time(0);
96 XrdDigAuthEnt *aP;
97 int rc;
98
99// Check if we need to refresh the auth list
100//
101 if (tNow >= authCHK)
102 {struct stat Stat;
103 if ((rc = stat(authFN, &Stat)) && errno != ENOENT)
104 {eDest->Emsg("Config",errno,"stat dig auth file", authFN);
105 authCHK = tNow + 30;
106 } else {
107 if (rc) {if (authList) {if (!Refresh()) authCHK = tNow + 30;}
108 else authCHK = tNow + 60;
109 }
110 else if (authTOD == Stat.st_mtime) authCHK = tNow + 5;
111 else if (!Refresh()) authCHK = tNow + 30;
112 }
113 }
114
115// Clear aVec if so supplied (client's auth mask)
116//
117 if (aVec) memset(aVec, false, XrdDigAuthEnt::aNum);
118
119// Check if we have anything to authorize with
120//
121 if (!authList) return false;
122
123// Check if we are granting access to this resouce at all
124//
125 if (aType != XrdDigAuthEnt::aNum && !accOK[aType]) return false;
126
127// Go through the access list and try to match the client
128//
129 aP = authList;
130 while(aP)
131 {do {if (strcmp(client->prot, aP->prot)) break;
132 if (aP->eChk[XrdDigAuthEnt::eName] && (!client->name ||
133 strcmp(client->name, aP->eChk[XrdDigAuthEnt::eName]))) break;
134
136 && strcmp(client->addrInfo->Name(""),
137 aP->eChk[XrdDigAuthEnt::eHost])) break;
138
139 if (aP->eChk[XrdDigAuthEnt::eVorg] && (!client->vorg ||
140 strcmp(client->vorg, aP->eChk[XrdDigAuthEnt::eVorg]))) break;
141
142 if (aP->eChk[XrdDigAuthEnt::eRole] && (!client->role ||
143 strcmp(client->role, aP->eChk[XrdDigAuthEnt::eRole]))) break;
144
145 if (aP->eChk[XrdDigAuthEnt::eGrp ] && (!client->grps ||
146 !OkGrp(client->grps, aP->eChk[XrdDigAuthEnt::eGrp ]))) break;
147
148 if (aVec) memcpy(aVec, aP->accOK, XrdDigAuthEnt::aNum);
149 return (aType == XrdDigAuthEnt::aNum ? false : aP->accOK[aType]);
150 } while(1);
151 aP = aP->next;
152 }
153
154// Client failed the test
155//
156 return false;
157}
struct stat Stat
Definition XrdCks.cc:49
static XrdSysError eDest(0,"crypto_")
#define stat(a, b)
Definition XrdPosix.hh:101
char prot[XrdSecPROTOIDSIZE]
Definition XrdDigAuth.hh:48
char * eChk[eNum]
Definition XrdDigAuth.hh:51
XrdDigAuthEnt * next
Definition XrdDigAuth.hh:46
bool accOK[aNum]
Definition XrdDigAuth.hh:54
const char * Name(const char *eName=0, const char **eText=0)
char * vorg
Entity's virtual organization(s)
XrdNetAddrInfo * addrInfo
Entity's connection details.
char prot[XrdSecPROTOIDSIZE]
Auth protocol used (e.g. krb5)
char * grps
Entity's group name(s)
char * name
Entity's name.
char * role
Entity's role(s)
int Emsg(const char *esfx, int ecode, const char *text1, const char *text2=0)

References XrdDigAuthEnt::accOK, XrdSecEntity::addrInfo, XrdDigAuthEnt::aNum, XrdDigAuthEnt::eChk, eDest, XrdDigAuthEnt::eGrp, XrdDigAuthEnt::eHost, XrdSysError::Emsg(), XrdDigAuthEnt::eName, XrdDigAuthEnt::eRole, XrdDigAuthEnt::eVorg, XrdSecEntity::grps, XrdNetAddrInfo::Name(), XrdSecEntity::name, XrdDigAuthEnt::next, XrdDigAuthEnt::prot, XrdSecEntity::prot, XrdSecEntity::role, Stat, stat, and XrdSecEntity::vorg.

Referenced by XrdDigConfig::GenAccess(), and XrdDigConfig::GenPath().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Configure()

bool XrdDigAuth::Configure ( const char * aFN)

Definition at line 163 of file XrdDigAuth.cc.

164{
165/*
166 Function: Configure authorization (one time call).
167
168 Input: None.
169
170 Output: true upon success or false otherwise.
171*/
172
173// Establish the location of the auth file (stable string do not copy)
174//
175 if (!aFN || !(*aFN))
176 {eDest->Emsg("Config", "Dig authorization file not specified.");
177 return false;
178 }
179
180// Initialize authorization
181//
182 authFN = strdup(aFN);
183 SetupAuth(false);
184 return true;
185}

References eDest, and XrdSysError::Emsg().

Referenced by XrdDigConfig::Configure().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

The documentation for this class was generated from the following files: