XrdVomsMapfile Class Reference

#include <XrdVomsMapfile.hh>

Collaboration diagram for XrdVomsMapfile:

Public Member Functions
virtual	~XrdVomsMapfile ()
int	Apply (XrdSecEntity &)
bool	IsValid () const

Static Public Member Functions
static XrdVomsMapfile *	Configure (XrdSysError *)
static XrdVomsMapfile *	Get ()

Detailed Description

Definition at line 37 of file XrdVomsMapfile.hh.

Constructor & Destructor Documentation

~XrdVomsMapfile()

XrdVomsMapfile::~XrdVomsMapfile ( )

virtual

Definition at line 99 of file XrdVomsMapfile.cc.

{}

Member Function Documentation

Apply()

int XrdVomsMapfile::Apply

(

XrdSecEntity &

entity

)

Definition at line 261 of file XrdVomsMapfile.cc.

{
    // In current use cases, the gridmap results take precedence over the voms-mapfile
    // results.  However, the grid mapfile plugins often will populate the name attribute
    // with a reasonable default (DN or DN hash) if the mapping fails, meaning we can't
    // simply look at entity.name; instead, we look at an extended attribute that is only
    // set when the mapfile is used to generate the name.
    std::string gridmap_name;
    auto gridmap_success = entity.eaAPI->Get("gridmap.name", gridmap_name);
    if (gridmap_success && gridmap_name == "1") {
        return 0;
    }
 
    int from_vorg = 0, from_role = 0, from_grps = 0;
    XrdOucString vorg = entity.vorg, entry_vorg;
    XrdOucString role = entity.role ? entity.role : "", entry_role = "NULL";
    XrdOucString grps = entity.grps, entry_grps;
    if (m_edest) m_edest->Log(LogMask::Debug, "VOMSMapfile", "Applying VOMS mapfile to incoming credential");
    while (((from_vorg = vorg.tokenize(entry_vorg, from_vorg, ' ')) != -1) &&
           ((role == "") || (from_role = role.tokenize(entry_role, from_role, ' ')) != -1) &&
           ((from_grps = grps.tokenize(entry_grps, from_grps, ' ')) != -1))
    {
        auto fqan = MakePath(entry_grps);
        if (fqan.empty()) {continue;}
 
        // By convention, the root group should be the same as the VO name; however,
        // the VOMS mapfile makes this assumption.  To be secure, enforce it.
        if (strcmp(fqan[0].c_str(), entry_vorg.c_str())) {continue;}
 
        fqan.emplace_back(std::string("Role=") + entry_role.c_str());
        fqan.emplace_back("Capability=NULL");
        std::string username;
        if (!(username = Map(fqan)).empty()) {
            if (entity.name) {free(entity.name);}
            entity.name = strdup(username.c_str());
            break;
        }
    }
 
    return 0;
}

References XrdSecEntity::eaAPI, XrdSecEntityAttr::Get(), XrdSecEntity::grps, XrdSecEntity::name, XrdSecEntity::role, XrdOucString::tokenize(), and XrdSecEntity::vorg.

Here is the call graph for this function:

Configure()

XrdVomsMapfile * XrdVomsMapfile::Configure ( XrdSysError * erp )

static

Definition at line 312 of file XrdVomsMapfile.cc.

{
    if (tried_configure) {
        auto result = mapper.get();
        if (result) {
            result->SetErrorStream(erp);
        }
        return result;
    }
 
    tried_configure = true;
 
    // Set default mask for logging.
    if (erp) erp->setMsgMask(LogMask::Error | LogMask::Warning);
 
    char *config_filename = nullptr;
    if (!XrdOucEnv::Import("XRDCONFIGFN", config_filename)) {
        return VOMS_MAP_FAILED;
    }
    XrdOucEnv myEnv;
    XrdOucStream stream(erp, getenv("XRDINSTANCE"), &myEnv, "=====> ");
 
    int cfg_fd;
    if ((cfg_fd = open(config_filename, O_RDONLY, 0)) < 0) {
        if (erp) erp->Emsg("Config", errno, "open config file", config_filename);
        return VOMS_MAP_FAILED;
    }
    stream.Attach(cfg_fd);
    char *var;
    std::string map_filename;
    while ((var = stream.GetMyFirstWord())) {
        if (!strcmp(var, "voms.mapfile")) {
            auto val = stream.GetWord();
            if (!val || !val[0]) {
                if (erp) erp->Emsg("Config", "VOMS mapfile not specified");
                return VOMS_MAP_FAILED;
            }
            map_filename = val;
        } else if (!strcmp(var, "voms.trace")) {
            auto val = stream.GetWord();
            if (!val || !val[0]) {
                if (erp) erp->Emsg("Config", "VOMS logging level not specified");
                return VOMS_MAP_FAILED;
            }
            if (erp) erp->setMsgMask(0);
            if (erp) do {
                if (!strcmp(val, "all")) {erp->setMsgMask(erp->getMsgMask() | LogMask::All);}
                else if (!strcmp(val, "error")) {erp->setMsgMask(erp->getMsgMask() | LogMask::Error);}
                else if (!strcmp(val, "warning")) {erp->setMsgMask(erp->getMsgMask() | LogMask::Warning);}
                else if (!strcmp(val, "info")) {erp->setMsgMask(erp->getMsgMask() | LogMask::Info);}
                else if (!strcmp(val, "debug")) {erp->setMsgMask(erp->getMsgMask() | LogMask::Debug);}
                else if (!strcmp(val, "none")) {erp->setMsgMask(0);}
                else {erp->Emsg("Config", "voms.trace encountered an unknown directive:", val);}
                val = stream.GetWord();
            } while (val);
        }
    }
 
    if (!map_filename.empty()) {
        if (erp) erp->Emsg("Config", "Will initialize VOMS mapfile", map_filename.c_str());
        mapper.reset(new XrdVomsMapfile(erp, map_filename));
        if (!mapper->IsValid()) {
            mapper.reset(nullptr);
            return VOMS_MAP_FAILED;
        }
    }
 
    return mapper.get();
}

References XrdOucStream::Attach(), XrdSysError::Emsg(), XrdSysError::getMsgMask(), XrdOucStream::GetMyFirstWord(), XrdOucStream::GetWord(), XrdOucEnv::Import(), open, XrdSysError::setMsgMask(), and VOMS_MAP_FAILED.

Referenced by XrdVomsFun::VOMSInit().

Here is the call graph for this function:

Here is the caller graph for this function:

Get()

XrdVomsMapfile * XrdVomsMapfile::Get ( )

static

Definition at line 305 of file XrdVomsMapfile.cc.

{
    return mapper.get();
}

IsValid()

bool XrdVomsMapfile::IsValid ( ) const

inline

Definition at line 50 of file XrdVomsMapfile.hh.

{return m_is_valid;}

---

The documentation for this class was generated from the following files:

• XrdVomsMapfile.hh
• XrdVomsMapfile.cc