ROOT_528-00b_version: net/xrootd/src/xrootd/src/XrdNet/XrdNetSecurity.cc Source File

00001 /******************************************************************************/
00002 /*                                                                            */
00003 /*                     X r d N e t S e c u r i t y . c c                      */
00004 /*                                                                            */
00005 /* (c) 2004 by the Board of Trustees of the Leland Stanford, Jr., University  */
00006 /*       All Rights Reserved. See XrdInfo.cc for complete License Terms       */
00007 /*   Produced by Andrew Hanushevsky for Stanford University under contract    */
00008 /*              DE-AC03-76-SFO0515 with the Department of Energy              */
00009 /******************************************************************************/
00010   
00011 //      $Id: XrdNetSecurity.cc 25932 2008-10-23 10:58:11Z ganis $
00012 
00013 const char *XrdNetSecurityCVSID = "$Id: XrdNetSecurity.cc 25932 2008-10-23 10:58:11Z ganis $";
00014 
00015 #ifndef WIN32
00016 #include <netdb.h>
00017 #include <stdlib.h>
00018 #include <strings.h>
00019 #include <sys/types.h>
00020 #include <sys/socket.h>
00021 #include <netinet/in.h>
00022 #include <arpa/inet.h>
00023 #else
00024 #include <stdlib.h>
00025 #include <sys/types.h>
00026 #include <Winsock2.h>
00027 #include <io.h>
00028 int innetgr(const char *netgroup, const char *host, const char *user,
00029              const char *domain)
00030 {
00031    return 0;
00032 }
00033 #include "XrdSys/XrdWin32.hh"
00034 #endif
00035 
00036 #include "XrdNet/XrdNetDNS.hh"
00037 #include "XrdNet/XrdNetSecurity.hh"
00038 #include "XrdOuc/XrdOucTrace.hh"
00039 
00040 /******************************************************************************/
00041 /*                         L o c a l   C l a s s e s                          */
00042 /******************************************************************************/
00043 
00044 class XrdNetTextList 
00045 {
00046 public:
00047 
00048 XrdNetTextList *next; 
00049 char           *text;
00050 
00051      XrdNetTextList(char *newtext) {next = 0; text = strdup(newtext);}
00052     ~XrdNetTextList() {if (text) free(text);}
00053 };
00054 
00055 /******************************************************************************/
00056 /*                               D e f i n e s                                */
00057 /******************************************************************************/
00058   
00059 #define DEBUG(x) if (eTrace) {eTrace->Beg(TraceID); cerr <<x; eTrace->End();}
00060 
00061 /******************************************************************************/
00062 /*                               G l o b a l s                                */
00063 /******************************************************************************/
00064   
00065 const char *XrdNetSecurity::TraceID = "NetSecurity";
00066 
00067 /******************************************************************************/
00068 /*                               A d d H o s t                                */
00069 /******************************************************************************/
00070   
00071 void XrdNetSecurity::AddHost(char *hname)
00072 {
00073    char *Hname = 0;
00074 
00075 // If host is an ip address then do short circuit add otherwise do a full add
00076 //
00077    if (isdigit(*hname) && (Hname = XrdNetDNS::getHostName(hname)))
00078       OKHosts.Add(hname, Hname, 0, Hash_dofree);
00079       else {XrdOucNList *nlp = new XrdOucNList(hname);
00080             HostList.Insert(nlp);
00081            }
00082    if (Hname) {DEBUG(hname <<" (" <<Hname <<") added to authorized hosts.");}
00083       else    {DEBUG(hname <<" added to authorized hosts.");}
00084 }
00085 
00086 /******************************************************************************/
00087 /*                           A d d N e t G r o u p                            */
00088 /******************************************************************************/
00089 
00090 void XrdNetSecurity::AddNetGroup(char *gname)
00091 {
00092   XrdNetTextList *tlp = new XrdNetTextList(gname);
00093 
00094 // Add netgroup to list of valid ones
00095 //
00096    tlp->next = NetGroups;
00097    NetGroups = tlp;
00098 
00099 // All done
00100 //
00101    DEBUG(gname <<" added to authorized netgroups.");
00102 }
00103 
00104 /******************************************************************************/
00105 /*                             A u t h o r i z e                              */
00106 /******************************************************************************/
00107 
00108 char *XrdNetSecurity::Authorize(struct sockaddr *addr)
00109 {
00110    struct sockaddr_in *ip = (struct sockaddr_in *)addr;
00111    char ipbuff[64], *hname;
00112    const char *ipname;
00113    XrdNetTextList *tlp;
00114 
00115 // Convert IP address to characters (eventually,
00116 //
00117    if (!(ipname = (char *)inet_ntop(ip->sin_family, (void *)&(ip->sin_addr),
00118        ipbuff, sizeof(ipbuff)))) return (char *)0;
00119 
00120 // Check if we have seen this host before
00121 //
00122    okHMutex.Lock();
00123    if ((hname = OKHosts.Find(ipname)))
00124       {okHMutex.UnLock(); return strdup(hname);}
00125 
00126 // Get the hostname for this IP address
00127 //
00128    if (!(hname = XrdNetDNS::getHostName(*addr))) hname = strdup(ipname);
00129 
00130 // Check if this host is in the the appropriate netgroup, if any
00131 //
00132    if ((tlp = NetGroups))
00133       do {if (innetgr(tlp->text, hname, 0, 0))
00134           return hostOK(hname, ipname, "netgroup");
00135          } while ((tlp = tlp->next));
00136 
00137 // Plow through the specific host list to see if the host
00138 //
00139    if (HostList.Find(hname)) return hostOK(hname, ipname, "host");
00140 
00141 // Host is not authorized
00142 //
00143    okHMutex.UnLock();
00144    DEBUG(hname <<" not authorized");
00145    free(hname);
00146    return 0;
00147 }
00148 
00149 /******************************************************************************/
00150 /*                                 M e r g e                                  */
00151 /******************************************************************************/
00152   
00153 void XrdNetSecurity::Merge(XrdNetSecurity *srcp)
00154 {
00155    XrdOucNList    *np;
00156    XrdNetTextList *sp, *tp;
00157 
00158 // First merge in all of the host entries
00159 //
00160    while((np = srcp->HostList.Pop())) HostList.Replace(np);
00161 
00162 // Next merge the netgroup list
00163 //
00164    while((sp = srcp->NetGroups))
00165         {tp = NetGroups; srcp->NetGroups = sp->next;
00166          while(tp) if (!strcmp(tp->text, sp->text)) break;
00167                       else tp = tp->next;
00168          if (tp) delete sp;
00169             else {sp->next  = NetGroups;
00170                   NetGroups = sp;
00171                  }
00172         }
00173 
00174 // Delete the remnants of the source object
00175 //
00176    delete srcp;
00177 }
00178 
00179 /******************************************************************************/
00180 /*                       P r i v a t e   M e t h o d s                        */
00181 /******************************************************************************/
00182 /******************************************************************************/
00183 /*                                h o s t O K                                 */
00184 /******************************************************************************/
00185   
00186 char *XrdNetSecurity::hostOK(char *hname, const char *ipname, const char *why)
00187 {
00188 
00189 // Add host to valid host table and return true. Note that the okHMutex must
00190 // be locked upon entry and it will be unlocked upon exit.
00191 //
00192    OKHosts.Add(ipname, strdup(hname), lifetime, Hash_dofree);
00193    okHMutex.UnLock();
00194    DEBUG(hname <<" authorized via " <<why);
00195    return hname;
00196 }