XRootD
Classes | Public Member Functions | Static Public Member Functions | List of all members
XrdVomsMapfile Class Reference

#include <XrdVomsMapfile.hh>

+ Collaboration diagram for XrdVomsMapfile:

Public Member Functions

virtual ~XrdVomsMapfile ()
 
int Apply (XrdSecEntity &)
 
bool IsValid () const
 

Static Public Member Functions

static XrdVomsMapfileConfigure (XrdSysError *)
 
static XrdVomsMapfileGet ()
 

Detailed Description

Definition at line 37 of file XrdVomsMapfile.hh.

Constructor & Destructor Documentation

◆ ~XrdVomsMapfile()

XrdVomsMapfile::~XrdVomsMapfile ( )
virtual

Definition at line 99 of file XrdVomsMapfile.cc.

100 {}

Member Function Documentation

◆ Apply()

int XrdVomsMapfile::Apply ( XrdSecEntity entity)

Definition at line 261 of file XrdVomsMapfile.cc.

262 {
263  // In current use cases, the gridmap results take precedence over the voms-mapfile
264  // results. However, the grid mapfile plugins often will populate the name attribute
265  // with a reasonable default (DN or DN hash) if the mapping fails, meaning we can't
266  // simply look at entity.name; instead, we look at an extended attribute that is only
267  // set when the mapfile is used to generate the name.
268  std::string gridmap_name;
269  auto gridmap_success = entity.eaAPI->Get("gridmap.name", gridmap_name);
270  if (gridmap_success && gridmap_name == "1") {
271  return 0;
272  }
273 
274  int from_vorg = 0, from_role = 0, from_grps = 0;
275  XrdOucString vorg = entity.vorg, entry_vorg;
276  XrdOucString role = entity.role ? entity.role : "", entry_role = "NULL";
277  XrdOucString grps = entity.grps, entry_grps;
278  if (m_edest) m_edest->Log(LogMask::Debug, "VOMSMapfile", "Applying VOMS mapfile to incoming credential");
279  while (((from_vorg = vorg.tokenize(entry_vorg, from_vorg, ' ')) != -1) &&
280  ((role == "") || (from_role = role.tokenize(entry_role, from_role, ' ')) != -1) &&
281  ((from_grps = grps.tokenize(entry_grps, from_grps, ' ')) != -1))
282  {
283  auto fqan = MakePath(entry_grps);
284  if (fqan.empty()) {continue;}
285 
286  // By convention, the root group should be the same as the VO name; however,
287  // the VOMS mapfile makes this assumption. To be secure, enforce it.
288  if (strcmp(fqan[0].c_str(), entry_vorg.c_str())) {continue;}
289 
290  fqan.emplace_back(std::string("Role=") + entry_role.c_str());
291  fqan.emplace_back("Capability=NULL");
292  std::string username;
293  if (!(username = Map(fqan)).empty()) {
294  if (entity.name) {free(entity.name);}
295  entity.name = strdup(username.c_str());
296  break;
297  }
298  }
299 
300  return 0;
301 }
Debug
bool Debug
Definition: XrdSecgsiProxy.cc:95
XrdOucString::tokenize
int tokenize(XrdOucString &tok, int from, char del=':')
Definition: XrdOucString.cc:1220
XrdSecEntityAttr::Get
XrdSecAttr * Get(const void *sigkey)
Definition: XrdSecEntityAttr.cc:85
XrdSecEntity::vorg
char * vorg
Entity's virtual organization(s)
Definition: XrdSecEntity.hh:71
XrdSecEntity::eaAPI
XrdSecEntityAttr * eaAPI
non-const API to attributes
Definition: XrdSecEntity.hh:92
XrdSecEntity::grps
char * grps
Entity's group name(s)
Definition: XrdSecEntity.hh:73
XrdSecEntity::name
char * name
Entity's name.
Definition: XrdSecEntity.hh:69
XrdSecEntity::role
char * role
Entity's role(s)
Definition: XrdSecEntity.hh:72
XrdSysError::Log
void Log(int mask, const char *esfx, const char *text1, const char *text2=0, const char *text3=0)
Definition: XrdSysError.hh:133

References Debug, XrdSecEntity::eaAPI, XrdSecEntityAttr::Get(), XrdSecEntity::grps, XrdSysError::Log(), XrdSecEntity::name, XrdSecEntity::role, XrdOucString::tokenize(), and XrdSecEntity::vorg.

Referenced by XrdVomsFun::VOMSFun().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Configure()

XrdVomsMapfile * XrdVomsMapfile::Configure ( XrdSysError erp)
static

Definition at line 312 of file XrdVomsMapfile.cc.

313 {
314  if (tried_configure) {
315  auto result = mapper.get();
316  if (result) {
317  result->SetErrorStream(erp);
318  }
319  return result;
320  }
321 
322  tried_configure = true;
323 
324  // Set default mask for logging.
325  if (erp) erp->setMsgMask(LogMask::Error | LogMask::Warning);
326 
327  char *config_filename = nullptr;
328  if (!XrdOucEnv::Import("XRDCONFIGFN", config_filename)) {
329  return VOMS_MAP_FAILED;
330  }
331  XrdOucEnv myEnv;
332  XrdOucStream stream(erp, getenv("XRDINSTANCE"), &myEnv, "=====> ");
333 
334  int cfg_fd;
335  if ((cfg_fd = open(config_filename, O_RDONLY, 0)) < 0) {
336  if (erp) erp->Emsg("Config", errno, "open config file", config_filename);
337  return VOMS_MAP_FAILED;
338  }
339  stream.Attach(cfg_fd);
340  char *var;
341  std::string map_filename;
342  while ((var = stream.GetMyFirstWord())) {
343  if (!strcmp(var, "voms.mapfile")) {
344  auto val = stream.GetWord();
345  if (!val || !val[0]) {
346  if (erp) erp->Emsg("Config", "VOMS mapfile not specified");
347  return VOMS_MAP_FAILED;
348  }
349  map_filename = val;
350  } else if (!strcmp(var, "voms.trace")) {
351  auto val = stream.GetWord();
352  if (!val || !val[0]) {
353  if (erp) erp->Emsg("Config", "VOMS logging level not specified");
354  return VOMS_MAP_FAILED;
355  }
356  if (erp) erp->setMsgMask(0);
357  if (erp) do {
358  if (!strcmp(val, "all")) {erp->setMsgMask(erp->getMsgMask() | LogMask::All);}
359  else if (!strcmp(val, "error")) {erp->setMsgMask(erp->getMsgMask() | LogMask::Error);}
360  else if (!strcmp(val, "warning")) {erp->setMsgMask(erp->getMsgMask() | LogMask::Warning);}
361  else if (!strcmp(val, "info")) {erp->setMsgMask(erp->getMsgMask() | LogMask::Info);}
362  else if (!strcmp(val, "debug")) {erp->setMsgMask(erp->getMsgMask() | LogMask::Debug);}
363  else if (!strcmp(val, "none")) {erp->setMsgMask(0);}
364  else {erp->Emsg("Config", "voms.trace encountered an unknown directive:", val);}
365  val = stream.GetWord();
366  } while (val);
367  }
368  }
369 
370  if (!map_filename.empty()) {
371  if (erp) erp->Emsg("Config", "Will initialize VOMS mapfile", map_filename.c_str());
372  mapper.reset(new XrdVomsMapfile(erp, map_filename));
373  if (!mapper->IsValid()) {
374  mapper.reset(nullptr);
375  return VOMS_MAP_FAILED;
376  }
377  }
378 
379  return mapper.get();
380 }
open
#define open
Definition: XrdPosix.hh:76
Error
@ Error
Definition: XrdTlsNotaryUtils.hh:42
VOMS_MAP_FAILED
#define VOMS_MAP_FAILED
Definition: XrdVomsMapfile.hh:35
XrdOucEnv::Import
static bool Import(const char *var, char *&val)
Definition: XrdOucEnv.cc:204
XrdSysError::Emsg
int Emsg(const char *esfx, int ecode, const char *text1, const char *text2=0)
Definition: XrdSysError.cc:95
XrdSysError::setMsgMask
void setMsgMask(int mask)
Definition: XrdSysError.hh:154
XrdSysError::getMsgMask
int getMsgMask()
Definition: XrdSysError.hh:156
TPC::Warning
@ Warning
Definition: XrdHttpTpcTPC.hh:30

References TPC::All, XrdOucStream::Attach(), Debug, XrdSysError::Emsg(), Error, XrdSysError::getMsgMask(), XrdOucStream::GetMyFirstWord(), XrdOucStream::GetWord(), XrdOucEnv::Import(), TPC::Info, open, XrdSysError::setMsgMask(), VOMS_MAP_FAILED, and TPC::Warning.

Referenced by XrdVomsFun::VOMSInit().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Get()

XrdVomsMapfile * XrdVomsMapfile::Get ( )
static

Definition at line 305 of file XrdVomsMapfile.cc.

306 {
307  return mapper.get();
308 }

◆ IsValid()

bool XrdVomsMapfile::IsValid ( ) const
inline

Definition at line 50 of file XrdVomsMapfile.hh.

50 {return m_is_valid;}
The documentation for this class was generated from the following files: