00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049
00050
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066
00067
00068
00069
00070
00071
00072
00073
00074
00075
00076
00077
00078
00079
00080
00081
00082
00083
00084
00085
00086
00087
00088
00089
00090
00091
00092
00093
00094
00095
00096
00097
00098
00099
00100
00101
00102
00103
00104
00105
00106 int TestAuth(int port = 1094, char *user = "", char *krb5 = "", char *globus = "")
00107 {
00108
00109
00110
00111 gROOT->Reset();
00112
00113
00114 Int_t lDebug = gEnv->GetValue("Root.Debug",0);
00115
00116
00117 Bool_t HaveMeth[6] = {1,0,0,0,0,1};
00118 Int_t TestMeth[6] = {0,0,0,0,0,0};
00119 Int_t TestReUse[6] = {3,3,3,3,3,3};
00120
00121
00122
00123 printf("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
00124 printf("+ +\n");
00125 printf("+ TestAuth.C +\n");
00126 printf("+ +\n");
00127 printf("+ Test of authentication methods +\n");
00128 printf("+ +\n");
00129 printf("+ Syntax: +\n");
00130 printf("+ +\n");
00131 printf("+ .x TestAuth.C(<port>,\"<user>\",\"<krb5_princ>\",\"<globus_det>\") +\n");
00132 printf("+ +\n");
00133 printf("+ <port> = rootd port (default 1094) +\n");
00134 printf("+ <user> = login user name for the test +\n");
00135 printf("+ (default from getpwuid) +\n");
00136 printf("+ <krb5_princ> = Principal to be used for Krb5 authentication +\n");
00137 printf("+ in the form user@THE.REA.LM +\n");
00138 printf("+ ( default: <running_user@Default_Realm with +\n");
00139 printf("+ Default_realm taken from /etc/krb5.conf +\n");
00140 printf("+ or the $KRB5_CONFIG file ) +\n");
00141 printf("+ <globus_det> = details for the globus authentication +\n");
00142 printf("+ ( default ad:certificates cd:$HOME/.globus +\n");
00143 printf("+ cf:usercert.pem kf:userkey.pem ) +\n");
00144 printf("+ +\n");
00145 printf("+ >>> MAKE SURE that rootd is running <<< +\n");
00146 printf("+ +\n");
00147 printf("+ See $ROOTSYS/README/README.AUTH for additional details +\n");
00148 printf("+ +\n");
00149 printf("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n\n");
00150
00151
00152
00153
00154 TString User = user;
00155 if (User == "") {
00156
00157 UserGroup_t *u = gSystem->GetUserInfo();
00158 if (!u) {
00159 printf("\n >>>> 'user' not defined: please enter a valid username:\n");
00160 char utmp[256] = {0};
00161 scanf("%s",utmp);
00162 if (strlen(utmp)) {
00163 User = utmp;
00164 } else {
00165 printf(">>>> no 'user' defined: return!\n");
00166 return 1;
00167 }
00168 } else {
00169 User = u->fUser;
00170 }
00171
00172 }
00173
00174
00175 TString Host = "localhost";
00176 TString HostName = gSystem->HostName();
00177
00178
00179
00180 TString TFTPPath = TString("root://")+User+TString("@localhost:")+ port ;
00181
00182 TString TFTPPathKrb5 = TString("root://") + User+ TString("@") +
00183 HostName + TString(":")+ port ;
00184
00185
00186 TString Details = TString("pt:0 ru:1 us:") + User;
00187
00188
00189 char *p;
00190
00191
00192 if ((p = gSystem->DynamicPathName("libSRPAuth", kTRUE))) {
00193 HaveMeth[1] = 1;
00194 }
00195 delete[] p;
00196
00197
00198 TString Krb5Details;
00199 TString Krb5Open;
00200 if ((p = gSystem->DynamicPathName("libKrb5Auth", kTRUE))) {
00201 HaveMeth[2] = 1;
00202
00203 if (strlen(krb5) > 0) {
00204 Krb5Details = TString("pt:0 ru:1 us:") + TString(krb5);
00205 } else {
00206
00207 TString Krb5Conf, Realm;
00208 if (gSystem->Getenv("KRB5_CONFIG")) {
00209 if (!gSystem->AccessPathName(gSystem->Getenv("KRB5_CONFIG"), kReadPermission)) {
00210 Krb5Conf = gSystem->Getenv("KRB5_CONFIG");
00211 }
00212 } else if (!gSystem->AccessPathName("/etc/krb5.conf", kReadPermission)) {
00213 Krb5Conf = "/etc/krb5.conf";
00214 } else {
00215 printf("\n >>>> Kerberos Principal undefined\n");
00216 printf("\n >>>> unable to localize Kerberos config file to build a default\n");
00217 printf("\n >>>> Switching off Kerberos\n");
00218 printf("\n >>>> Run again with giving the principal as 3rd argument\n");
00219 printf("\n >>>> or define the variable KRB5_CONFIG with the full path \n");
00220 printf("\n >>>> to the config file (usually /etc/krb5.conf)\n");
00221 HaveMeth[2] = 0;
00222 }
00223 if (HaveMeth[2] == 1) {
00224 FILE *fc = fopen(Krb5Conf.Data(),"r");
00225 if (fc) {
00226 char line[1024], fs1[1024], fs2[1024], fs3[1024];
00227 while (fgets(line, sizeof(line), fc) != 0) {
00228 int nf = sscanf(line,"%s %s %s",fs1,fs2,fs3);
00229 if (nf == 3 && !strcmp(fs1,"default_realm")) {
00230 Realm = fs3;
00231 break;
00232 }
00233 }
00234 Krb5Details = TString("pt:0 ru:1 us:") + User + TString("@") + Realm;
00235
00236 fclose(fc);
00237 } else {
00238 HaveMeth[2] = 0;
00239 }
00240 }
00241 }
00242 }
00243 delete[] p;
00244
00245
00246 TString GlobusDetails;
00247 if ((p = gSystem->DynamicPathName("libGlobusAuth", kTRUE))) {
00248 HaveMeth[3] = 1;
00249
00250 GlobusDetails = TString("pt:0 ru:1 ") + TString(globus);
00251 }
00252 delete[] p;
00253
00254
00255 if (gSystem->Which(gSystem->Getenv("PATH"), "ssh", kExecutePermission)) {
00256 HaveMeth[4] = 1;
00257 }
00258
00259
00260 printf("\n+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
00261 printf("+ +\n");
00262 printf("+ Basic test parameters: +\n");
00263 printf("+ +\n");
00264 printf("+ Local User is : %s \n",User.Data());
00265 printf("+ Authentication Details : %s \n",Details.Data());
00266 printf("+ Current directory is : %s \n",gSystem->WorkingDirectory());
00267 printf("+ TFTP string : %s \n",TFTPPath.Data());
00268 if (HaveMeth[2]) {
00269 printf("+ Krb5 Details : %s \n",Krb5Details.Data());
00270 }
00271 printf("+ +\n");
00272 printf("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
00273
00274
00275 TAuthenticate::ReadRootAuthrc();
00276 if (lDebug > 0)
00277 TAuthenticate::Show();
00278
00279 TFTP *t1 = 0;
00280
00281 printf("+ +\n");
00282 printf("+ Testing UsrPwd ... +\n");
00283
00284
00285
00286 THostAuth *hasv1 = 0;
00287 THostAuth *ha = TAuthenticate::HasHostAuth(Host.Data(),User.Data());
00288 if (ha) {
00289
00290 hasv1 = new THostAuth(*ha);
00291
00292 ha->Reset();
00293
00294 ha->AddMethod(0,Details.Data());
00295 } else {
00296
00297 ha = new THostAuth(Host.Data(),User.Data(),0,Details.Data());
00298
00299
00300 TAuthenticate::GetAuthInfo()->Add(ha);
00301 }
00302
00303
00304 if (lDebug > 0)
00305 ha->Print();
00306
00307 {
00308
00309 t1 = new TFTP(TFTPPath.Data(),2);
00310 if (t1->IsOpen()) {
00311 TestMeth[0] = 1;
00312 } else {
00313 printf(" >>>>>>>>>>>>>>>> Test of UsrPwd authentication failed \n");
00314 }}
00315
00316
00317 if (TestMeth[0] == 1) {
00318 TIter next(ha->Established());
00319 TSecContext *ai;
00320 while ((ai = (TSecContext *) next())) {
00321 if (ai->GetMethod() == 0) {
00322 Int_t OffSet = ai->GetOffSet();
00323 TestReUse[0] = 0;
00324 if (OffSet > -1) {
00325 TestReUse[0] = 1;
00326 }
00327 }
00328 }
00329 }
00330
00331 if (t1) delete t1;
00332
00333 ha->RemoveMethod(0);
00334
00335
00336 if ( HaveMeth[1] ) {
00337 printf("+ +\n");
00338 printf("+ Testing SRP ... +\n");
00339
00340
00341 ha->AddFirst(1,Details.Data());
00342 if (lDebug > 0)
00343 ha->Print();
00344
00345
00346 t1 = new TFTP(TFTPPath.Data(),2);
00347 if (t1->IsOpen()) {
00348 TestMeth[1] = 1;
00349 } else {
00350 printf(" >>>>>>>>>>>>>>>> Test of SRP authentication failed \n");
00351 }
00352
00353
00354 if (TestMeth[1] == 1) {
00355 TIter next(ha->Established());
00356 TSecContext *ai;
00357 while ((ai = (TSecContext *) next())) {
00358 if (ai->GetMethod() == 1) {
00359 Int_t OffSet = ai->GetOffSet();
00360 TestReUse[1] = 0;
00361 if (OffSet > -1) {
00362 TestReUse[1] = 1;
00363 }
00364 }
00365 }
00366 }
00367
00368 if (t1) delete t1;
00369
00370 ha->RemoveMethod(1);
00371
00372 }
00373
00374
00375 THostAuth *hak = 0;
00376 THostAuth *hasv2 = 0;
00377 if ( HaveMeth[2] ) {
00378 printf("+ +\n");
00379 printf("+ Testing Krb5 ... +\n");
00380
00381
00382
00383
00384 hak = TAuthenticate::HasHostAuth(HostName.Data(),User.Data());
00385 if (hak) {
00386 if (lDebug > 0)
00387 printf(" >>>>>>>>>>>>>>>> Krb5: existing THostAuth found \n");
00388
00389 hasv2 = new THostAuth(*hak);
00390
00391 hak->Reset();
00392
00393 hak->AddMethod(2,Krb5Details.Data());
00394 } else {
00395
00396 hak = new THostAuth(HostName.Data(),User.Data(),2,Krb5Details.Data());
00397
00398
00399 TAuthenticate::GetAuthInfo()->Add(hak);
00400 }
00401 if (lDebug > 0)
00402 hak->Print();
00403
00404
00405 t1 = new TFTP(TFTPPathKrb5.Data(),2);
00406 if (t1->IsOpen()) {
00407 TestMeth[2] = 1;
00408 } else {
00409 printf(" >>>>>>>>>>>>>>>> Test of Kerberos authentication failed \n");
00410 if (strlen(krb5) > 0) {
00411 printf(" >>>>>>>>>>>>>>>> details used: '%s' \n",krb5);
00412 }
00413 }
00414
00415
00416 if (TestMeth[2] == 1) {
00417 TIter next(hak->Established());
00418 TSecContext *ai;
00419 while ((ai = (TSecContext *) next())) {
00420 if (ai->GetMethod() == 2) {
00421 Int_t OffSet = ai->GetOffSet();
00422 TestReUse[2] = 0;
00423 if (OffSet > -1) {
00424 TestReUse[2] = 1;
00425 }
00426 }
00427 }
00428 }
00429
00430 if (t1) delete t1;
00431
00432 hak->RemoveMethod(2);
00433 }
00434
00435
00436 if ( HaveMeth[3] ) {
00437 printf("+ +\n");
00438 printf("+ Testing Globus ... +\n");
00439
00440
00441 ha->AddFirst(3,GlobusDetails.Data());
00442 if (lDebug > 0)
00443 ha->Print();
00444
00445
00446 t1 = new TFTP(TFTPPath.Data(),2);
00447 if (t1->IsOpen()) {
00448 TestMeth[3] = 1;
00449 } else {
00450 printf(" >>>>>>>>>>>>>>>> Test of Globus authentication failed \n");
00451 if (strlen(globus) > 0) {
00452 printf(" >>>>>>>>>>>>>>>> details used: '%s' \n",globus);
00453 } else {
00454 printf(" >>>>>>>>>>>>>>>> using default details: \n");
00455 printf(" >>>>>>>>>>>>>>>> ad:/etc/grid-security/certificates");
00456 printf(" cd:$HOME/.globus cf:usercert.pem kf:userkey.pem\n");
00457 }
00458 UserGroup_t *u = gSystem->GetUserInfo();
00459 if (u) {
00460 if (u->fUid > 0) {
00461 printf(" >>>>>>>>>>>>>>>> You are not root,");
00462 printf(" you may not have the right privileges\n");
00463 printf(" >>>>>>>>>>>>>>>> Make sure that the used details are correct! \n");
00464 }
00465 }
00466 }
00467
00468
00469 if (TestMeth[3] == 1) {
00470 TIter next(ha->Established());
00471 TSecContext *ai;
00472 while ((ai = (TSecContext *) next())) {
00473 if (ai->GetMethod() == 3) {
00474 Int_t OffSet = ai->GetOffSet();
00475 TestReUse[3] = 0;
00476 if (OffSet > -1) {
00477 TestReUse[3] = 1;
00478 }
00479 }
00480 }
00481 }
00482
00483 if (t1) delete t1;
00484
00485 ha->RemoveMethod(3);
00486 }
00487
00488
00489
00490 if ( HaveMeth[4] ) {
00491 printf("+ +\n");
00492 printf("+ Testing SSH ... +\n");
00493
00494
00495 ha->AddFirst(4,Details.Data());
00496 if (lDebug > 0)
00497 ha->Print();
00498
00499
00500 t1 = new TFTP(TFTPPath.Data(),2);
00501 if (t1->IsOpen()) {
00502 TestMeth[4] = 1;
00503 } else {
00504 printf(" >>>>>>>>>>>>>>>> Test of SSH authentication failed \n");
00505 }
00506
00507
00508 if (TestMeth[4] == 1) {
00509 TIter next(ha->Established());
00510 TSecContext *ai;
00511 while ((ai = (TSecContext *) next())) {
00512 if (ai->GetMethod() == 4) {
00513 Int_t OffSet = ai->GetOffSet();
00514 TestReUse[4] = 0;
00515 if (OffSet > -1) {
00516 TestReUse[4] = 1;
00517 }
00518 }
00519 }
00520 }
00521
00522 if (t1) delete t1;
00523
00524 ha->RemoveMethod(4);
00525 }
00526
00527
00528
00529 printf("+ +\n");
00530 printf("+ Testing UidGid ... +\n");
00531
00532
00533 ha->AddFirst(5,Details.Data());
00534 if (lDebug > 0)
00535 ha->Print();
00536
00537
00538 {
00539 t1 = new TFTP(TFTPPath.Data(),2);
00540 if (t1->IsOpen()) {
00541 TestMeth[5] = 1;
00542 } else {
00543 printf(" >>>>>>>>>>>>>>>> Test of UidGid authentication failed \n");
00544 }}
00545
00546
00547 if (t1) delete t1;
00548
00549
00550 ha->RemoveMethod(5);
00551
00552 printf("+ +\n");
00553 printf("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
00554
00555
00556 if (lDebug > 0)
00557 TAuthenticate::Show();
00558
00559
00560 if (hasv1) {
00561 ha->Reset();
00562 ha->Update(hasv1);
00563 } else {
00564 TAuthenticate::GetAuthInfo()->Remove(ha);
00565 }
00566 if (hasv2) {
00567 hak->Reset();
00568 hak->Update(hasv2);
00569 } else {
00570 TAuthenticate::GetAuthInfo()->Remove(hak);
00571 }
00572
00573
00574 printf("\n+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
00575 printf("+ +\n");
00576 printf("+ Result of the tests: +\n");
00577 printf("+ +\n");
00578 char status[4][20] = {"failed!","successful!","not testable","not tested"};
00579 int i = 0;
00580 for( i=0; i<6; i++ ) {
00581 if (HaveMeth[i] && TestMeth[i] < 2) {
00582 if (i < 5) {
00583 printf("+ Method: %d %8s: %11s (reuse: %11s) +\n",i,
00584 Form("(%s)",TAuthenticate::GetAuthMethod(i)),
00585 status[TestMeth[i]],status[TestReUse[i]]);
00586 } else
00587 printf("+ Method: %d %8s: %11s +\n",i,
00588 Form("(%s)",TAuthenticate::GetAuthMethod(i)),
00589 status[TestMeth[i]]);
00590 }
00591 }
00592 Bool_t NotPrinted = kTRUE;
00593 for( i=0; i<6; i++ ) {
00594 if (HaveMeth[i] && TestMeth[i] > 1) {
00595 if (NotPrinted) {
00596 printf("+ +\n");
00597 printf("+ Could not be tested: +\n");
00598 printf("+ +\n");
00599 NotPrinted = kFALSE;
00600 }
00601 printf("+ Method: %d %8s: %11s +\n",i,
00602 Form("(%s)",TAuthenticate::GetAuthMethod(i)),
00603 status[TestMeth[i]]);
00604 }
00605 }
00606 printf("+ +\n");
00607 printf("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
00608
00609 }