ROOT_528-00b_version: net/xrootd/src/xrootd/src/XrdAcc/XrdAccTest.cc Source File

00001 /******************************************************************************/
00002 /*                                                                            */
00003 /*                         X r d A c c T e s t . c c                          */
00004 /*                                                                            */
00005 /* (c) 2010 by the Board of Trustees of the Leland Stanford, Jr., University  */
00006 /*                            All Rights Reserved                             */
00007 /*   Produced by Andrew Hanushevsky for Stanford University under contract    */
00008 /*              DE-AC02-76-SFO0515 with the Department of Energy              */
00009 /******************************************************************************/
00010 
00011 /* Syntax: testaccess [=c cfn] [d] [-t] [user host op path]
00012 
00013    Where:  -c     sets the config file name (default is ./acc.cf)
00014          v -d     turns on debugging.
00015            -t     turns on tracing.
00016            user   is the requesting username
00017            host   is the user's host name
00018            op     is the requested operation and is one of:
00019                   cr - create    mv - rename    st - status
00020                   lk - lock      rd - read      wr - write
00021                   ls - readdir   rm - remove    ?  - display privs
00022 */
00023   
00024 #include <unistd.h>
00025 #include <ctype.h>
00026 #include <errno.h>
00027 #include <stdlib.h>
00028 #include <strings.h>
00029 #include <stdio.h>
00030 #include <grp.h>
00031 #include <arpa/inet.h>
00032 #include <sys/param.h>
00033 #include <sys/socket.h>
00034 
00035 #include "XrdAcc/XrdAccAuthorize.hh"
00036 #include "XrdAcc/XrdAccConfig.hh"
00037 #include "XrdAcc/XrdAccGroups.hh"
00038 #include "XrdAcc/XrdAccPrivs.hh"
00039 #include "XrdSys/XrdSysError.hh"
00040 #include "XrdSys/XrdSysHeaders.hh"
00041 #include "XrdSys/XrdSysLogger.hh"
00042 #include "XrdOuc/XrdOucStream.hh"
00043 
00044 /******************************************************************************/
00045 /*                        G l o b a l   O b j e c t s                         */
00046 /******************************************************************************/
00047   
00048 extern int optind;
00049 
00050 extern char *optarg;
00051 
00052 char *PrivsConvert(XrdAccPrivCaps &ctab, char *buff, int blen);
00053 
00054 XrdAccAuthorize *Authorize;
00055 
00056 int  extra;
00057 
00058 XrdSysLogger myLogger;
00059 
00060 XrdSysError  eroute(&myLogger, "acc_");
00061 
00062 /******************************************************************************/
00063 /*                       O p e r a t i o n   T a b l e                        */
00064 /******************************************************************************/
00065 typedef struct {const char *opname; Access_Operation oper;} optab_t;
00066 optab_t optab[] =
00067              {{"?",      AOP_Any},
00068               {"cm",     AOP_Chmod},
00069               {"co",     AOP_Chown},
00070               {"cr",     AOP_Create},
00071               {"rm",     AOP_Delete},
00072               {"lk",     AOP_Lock},
00073               {"mk",     AOP_Mkdir},
00074               {"mv",     AOP_Rename},
00075               {"rd",     AOP_Read},
00076               {"ls",     AOP_Readdir},
00077               {"st",     AOP_Stat},
00078               {"wr",     AOP_Update}
00079              };
00080 
00081 int opcnt = sizeof(optab)/sizeof(optab[0]);
00082   
00083 /******************************************************************************/
00084 /*                                  m a i n                                   */
00085 /******************************************************************************/
00086   
00087 int main(int argc, char **argv)
00088 {
00089 extern XrdAccAuthorize *XrdAccDefaultAuthorizeObject(XrdSysLogger *lp,
00090                                                      const char   *cfn,
00091                                                      const char   *parm);
00092 void Usage(const char *);
00093 char *p2l(XrdAccPrivs priv, char *buff, int blen);
00094 int rc = 0, argnum, DebugON = 0;
00095 char c, *argval[32];
00096 int DoIt(int argnum, int argc, char **argv);
00097 XrdOucStream Command;
00098 const int maxargs = sizeof(argval)/sizeof(argval[0]);
00099 char *ConfigFN = (char *)"./acc.cf";
00100 
00101 // Get all of the options.
00102 //
00103    while ((c=getopt(argc,argv,"c:d")) != (char)EOF)
00104      { switch(c)
00105        {
00106        case 'c': ConfigFN = optarg;                  break;
00107        case 'd': DebugON = 1;                        break;
00108        default:  Usage("Invalid option.");
00109        }
00110      }
00111 
00112 // Obtain the authorization object
00113 //
00114 if (!(Authorize = XrdAccDefaultAuthorizeObject(&myLogger, ConfigFN, 0)))
00115    {cerr << "testaccess: Initialization failed." <<endl;
00116     exit(2);
00117    }
00118 
00119 // If command line options specified, process this
00120 //
00121    if (optind < argc) {rc = DoIt(optind, argc, argv); exit(rc);}
00122 
00123 // Start accepting command from standard in until eof
00124 //
00125    Command.Attach(0);
00126    cout << "Waiting for arguments..." <<endl;
00127    while(Command.GetLine())
00128        while((argval[1] = Command.GetToken()))
00129             {for (argnum=2;
00130                   argnum < maxargs && (argval[argnum]=Command.GetToken());
00131                   argnum++) {}
00132              rc |= DoIt(1, argnum, argval);
00133             }
00134 
00135 // All done
00136 //
00137    exit(rc);
00138 }
00139 
00140 int DoIt(int argpnt, int argc, char **argv)
00141 {
00142 char *user, *host, *path, *result, buff[16];
00143 Access_Operation cmd2op(char *opname);
00144 void Usage(const char *);
00145 Access_Operation optype;
00146 XrdAccPrivCaps pargs;
00147 XrdAccPrivs auth;
00148 XrdSecEntity Entity("");
00149 
00150 // Make sure user specified
00151 //
00152    if (argpnt >= argc) Usage("user not specified.");
00153    user = argv[argpnt++];
00154 
00155 // Make sure host specified
00156 //
00157    if (argpnt >= argc) Usage("host not specified.");
00158    host = argv[argpnt++];
00159 
00160 // Make sure op   specified
00161 //
00162    if (argpnt >= argc) Usage("operation not specified.");
00163    optype = cmd2op(argv[argpnt++]);
00164 
00165 // Make sure path specified
00166 //
00167    if (argpnt >= argc) Usage("path not specified.");
00168 
00169 // Fill out entity
00170 //
00171    strcpy(Entity.prot, "krb4");
00172    Entity.name = user;
00173    Entity.host = host;
00174 
00175 // Process each path, as needed
00176 //                                                            x
00177    while(argpnt < argc)
00178         {path = argv[argpnt++];
00179          auth = Authorize->Access((const XrdSecEntity *)&Entity,
00180                                   (const char *)path,
00181                                                 optype);
00182          if (optype != AOP_Any) result=(auth?(char *)"allowed":(char *)"denied");
00183             else {pargs.pprivs = auth; pargs.nprivs = XrdAccPriv_None;
00184                   result = PrivsConvert(pargs, buff, sizeof(buff));
00185                  }
00186          cout <<result <<": " <<path <<endl;
00187         }
00188 
00189 return 0;
00190 }
00191 
00192 /******************************************************************************/
00193 /*                                c m d 2 o p                                 */
00194 /******************************************************************************/
00195   
00196 Access_Operation cmd2op(char *opname)
00197 {
00198    int i;
00199    for (i = 0; i < opcnt; i++) 
00200        if (!strcmp(opname, optab[i].opname)) return optab[i].oper;
00201    cerr << "testaccess: Invalid operation - " <<opname <<endl;
00202    exit(1);
00203    return AOP_Any;
00204 }
00205 
00206 /******************************************************************************/
00207 /*                          P r i v s C o n v e r t                           */
00208 /******************************************************************************/
00209   
00210 char *PrivsConvert(XrdAccPrivCaps &ctab, char *buff, int blen)
00211 {
00212      int i=0, j, k=2, bmax = blen-1;
00213      XrdAccPrivs privs;
00214      static struct {XrdAccPrivs pcode; char plet;} p2l[] =
00215                    {{XrdAccPriv_Delete,  'd'},
00216                     {XrdAccPriv_Insert,  'i'},
00217                     {XrdAccPriv_Lock,    'k'},
00218                     {XrdAccPriv_Lookup,  'l'},
00219                     {XrdAccPriv_Rename,  'n'},
00220                     {XrdAccPriv_Read,    'r'},
00221                     {XrdAccPriv_Write,   'w'}
00222                    };
00223      static int p2lnum = sizeof(p2l)/sizeof(p2l[0]);
00224 
00225      privs = ctab.pprivs;
00226      while(k--)
00227        {for (j = 0; j < p2lnum && i < bmax; j++)
00228             if (privs & p2l[j].pcode) buff[i++] = p2l[j].plet;
00229         if (i < bmax && ctab.nprivs != XrdAccPriv_None) buff[i++] = '-';
00230            else break;
00231         privs = ctab.nprivs;
00232        }
00233      buff[i] = '\0';
00234      return buff;
00235 }
00236 
00237 /******************************************************************************/
00238 /*                                 U s a g e                                  */
00239 /******************************************************************************/
00240   
00241 void Usage(const char *msg)
00242      {if (msg) cerr <<"testaccess: " <<msg <<endl;
00243       cerr << "testaccess [-c cfn] [-d] [user host op path [path [. . .]]]" <<endl;
00244       exit(1);
00245      }