XRootD
Loading...
Searching...
No Matches
XrdDigConfig Class Reference

#include <XrdDigConfig.hh>

+ Collaboration diagram for XrdDigConfig:

Public Types

enum  pType {
  isAny = 0 ,
  isDir ,
  isFile
}
 

Public Member Functions

 XrdDigConfig ()
 
 ~XrdDigConfig ()
 
bool Configure (const char *cFN, const char *parms)
 
int GenAccess (const XrdSecEntity *client, const char *aList[], int aMax)
 
char * GenPath (int &rc, const XrdSecEntity *client, const char *opname, const char *lfn, pType lfnType=isAny)
 
void GetLocResp (XrdOucErrInfo &eInfo, bool nameok)
 

Static Public Member Functions

static void StatRoot (struct stat *sP)
 

Detailed Description

Definition at line 38 of file XrdDigConfig.hh.

Member Enumeration Documentation

◆ pType

Enumerator
isAny 
isDir 
isFile 

Definition at line 45 of file XrdDigConfig.hh.

Constructor & Destructor Documentation

◆ XrdDigConfig()

XrdDigConfig::XrdDigConfig ( )
inline

Definition at line 59 of file XrdDigConfig.hh.

59: fnTmplt(0), logAcc(true), logRej(true) {}

◆ ~XrdDigConfig()

XrdDigConfig::~XrdDigConfig ( )
inline

Definition at line 60 of file XrdDigConfig.hh.

60{}

Member Function Documentation

◆ Configure()

bool XrdDigConfig::Configure ( const char *  cFN,
const char *  parms 
)

Definition at line 97 of file XrdDigConfig.cc.

98{
99/*
100 Function: Establish default values using configuration parameters.
101
102 Input: None.
103
104 Output: true upon success or false otherwise.
105*/
106 char buff[4096], *afile, *var;
107 XrdOucTokenizer cParms(buff);
108 struct stat Stat;
109 int n;
110 bool isOK = true;
111
112// Get the adminpath (this better succeed).
113//
114 if (!(var = getenv("XRDADMINPATH")) || (n = strlen(var)) >= MAXPATHLEN)
115 {eDest->Emsg("Config", "Unable to deterine adminpath!");
116 return false;
117 }
118
119// Create a template for file remapping
120//
121 strcpy(buff, var);
122 if (buff[n-1] != '/') {buff[n] = '/'; n++;}
123 strcpy(buff+n, ".xrd/=/%s");
124 fnTmplt = strdup(buff);
125
126// Make sure that conf/etc no longer exists as a previous start may have
127// exported something that we no longer wish to export.
128//
129 if (snprintf(buff, sizeof(buff), fnTmplt, "conf/etc") < (int)sizeof(buff))
130 Empty(buff);
131
132// Pake sure there are parameters here
133//
134 if(!parms || !*parms)
135 {eDest->Emsg("Config", "DigFS parameters not specified.");
136 return false;
137 }
138
139// Copy the parms as they will be altered and attach it to the tokenizer
140//
141 n = strlen(parms);
142 if (n >= (int)sizeof(buff))
143 {eDest->Emsg("Config", "DigFS parm string is too long.");
144 return false;
145 }
146 strcpy(buff, parms);
147
148// First token is the authfile
149//
150 cParms.GetLine();
151 if (!(afile = cParms.GetToken()) || !afile[0])
152 {eDest->Emsg("Config", "DigFS authfile not specified.");
153 return false;
154 }
155
156// If we have a config file, process it now
157//
158 if (cFN && *cFN) isOK = ConfigProc(cFN);
159
160// Config authorization. The config may have failed but we want to generate
161// all of the rror messages in one go.
162//
163 if (!Auth.Configure(afile)) isOK = false;
164
165// Setup locate response
166//
167 SetLocResp();
168
169// Get a valid stat structure for the root directory
170//
171 stat("/", &rootStat);
172
173// Validate base entries
174//
175 for (n = 0; n < pNum; n++)
176 {sprintf(buff, fnTmplt, pTab[n].pfx);
177 pTab[n].isOK = stat(buff, &Stat) == 0;
178 }
179
180// All done
181//
182 return isOK;
183}
struct stat Stat
Definition XrdCks.cc:49
static XrdSysError eDest(0,"crypto_")
#define stat(a, b)
Definition XrdPosix.hh:101
bool Configure(const char *aFN)
int Emsg(const char *esfx, int ecode, const char *text1, const char *text2=0)
XrdDigAuth Auth
Definition XrdDigAuth.cc:63

References XrdDig::Auth, XrdDigAuth::Configure(), eDest, XrdSysError::Emsg(), XrdOucTokenizer::GetLine(), XrdOucTokenizer::GetToken(), Stat, and stat.

Referenced by XrdDigGetFS().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GenAccess()

int XrdDigConfig::GenAccess ( const XrdSecEntity client,
const char *  aList[],
int  aMax 
)

Definition at line 189 of file XrdDigConfig.cc.

193{
194 bool aOK[XrdDigAuthEnt::aNum], hasAcc = false;
195 int i, n = 0;
196
197// Validate aMax
198//
199 if (aMax < 1) return -1;
200
201// Get access right for this client
202//
203 Auth.Authorize(client, XrdDigAuthEnt::aNum, aOK);
204
205// Return entries that are allowed
206//
207 for (i = (int)sizeof(aOK)-1; i >= 0 && n < aMax; i--)
208 {hasAcc |= aOK[i];
209 if (aOK[i] && pTab[i].isOK) aList[n++] = pTab[i].pfx;
210 }
211
212// Return permission denied if no access allowed
213//
214 if (!hasAcc) return -1;
215
216// Return something if we had an error setting up as empty dirs cause problems.
217//
218 if (!n) {aList[0] = "."; n = 1;}
219 return n;
220}
bool Authorize(const XrdSecEntity *client, XrdDigAuthEnt::aType aType, bool aVec[XrdDigAuthEnt::aNum]=0)
Definition XrdDigAuth.cc:89

References XrdDigAuthEnt::aNum, XrdDig::Auth, and XrdDigAuth::Authorize().

Referenced by XrdDigDirectory::open(), and XrdDigFS::stat().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GenPath()

char * XrdDigConfig::GenPath ( int &  rc,
const XrdSecEntity client,
const char *  opname,
const char *  lfn,
XrdDigConfig::pType  lfnType = isAny 
)

Definition at line 226 of file XrdDigConfig.cc.

231{
232 char path[2048];
233 int i, n;
234
235// First we better have a client object
236//
237 if (!client) {rc = EPERM; return 0;}
238
239// Translate the fname to the right file type
240//
241 for (i = 0; i < pNum; i++)
242 {if (!strncmp(pTab[i].pfx, fname, pTab[i].pfxlen)
243 && (*(fname+pTab[i].pfxlen) == '/' || !*(fname+pTab[i].pfxlen))) break;
244 }
245
246// Make sure we found a valid entry
247//
248 if (i >= pNum || !pTab[i].isOK) {rc = ENOENT; return 0;}
249
250// Authorize this access
251//
252 if (!Auth.Authorize(client, pTab[i].aType))
253 {if (lfnType == isFile && logRej) Audit(client, "denied", opname, fname);
254 rc = EACCES;
255 return 0;
256 }
257
258// If the entry is being suffixed and it's proc, make sure we are not trying
259// to gain access to something outside of the proc directory tree
260//
261 if (pTab[i].aType == XrdDigAuthEnt::aProc && (rc = ValProc(fname)))
262 {if (logRej && rc == EPERM) Audit(client, "denied", opname, fname);
263 return 0;
264 }
265
266// Log this access if so wanted
267//
268 if (lfnType == isFile && logAcc) Audit(client, "allowed", opname, fname);
269
270// Construct the name to be returned
271//
272 i = (lfnType == isDir ? 1 : 0);
273 n = snprintf(path, sizeof(path), fnTmplt, fname);
274 if (n >= (int)sizeof(path)-1) {rc = ENAMETOOLONG; return 0;}
275
276// Attach a trailing slash if there is none if this is a directory
277//
278 if (lfnType == isDir && path[n-1] != '/') {path[n] = '/'; path[n+1] = 0;}
279
280// Return the composite name
281//
282 rc = 0;
283 return strdup(path);
284}

References XrdDigAuthEnt::aProc, XrdDig::Auth, XrdDigAuth::Authorize(), isDir, and isFile.

Referenced by XrdDigDirectory::open(), XrdDigFile::open(), and XrdDigFS::stat().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ GetLocResp()

void XrdDigConfig::GetLocResp ( XrdOucErrInfo eInfo,
bool  nameok 
)

Definition at line 290 of file XrdDigConfig.cc.

291{
292
293// Return desired value
294//
295 if (nameok)
296 eInfo.setErrInfo(locRlenHP, locRespHP);
297 else if (eInfo.getUCap() & XrdOucEI::uIPv4)
298 eInfo.setErrInfo(locRlenV4, locRespV4);
299 else eInfo.setErrInfo(locRlenV6, locRespV6);
300}
int setErrInfo(int code, const char *emsg)
static const int uIPv4
ucap: Supports read redirects

References XrdOucErrInfo::getUCap(), XrdOucErrInfo::setErrInfo(), and XrdOucEI::uIPv4.

Referenced by XrdDigFS::fsctl().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ StatRoot()

void XrdDigConfig::StatRoot ( struct stat sP)
static

Definition at line 306 of file XrdDigConfig.cc.

307{
308 memcpy(sP, &rootStat, sizeof(struct stat));
309}

References stat.

Referenced by XrdDigFS::stat().

+ Here is the caller graph for this function:

The documentation for this class was generated from the following files: