irods  4.2.8
About: iRODS (the integrated Rule Oriented Data System) is a distributed data-management system for creating data grids, digital libraries, persistent archives, and real-time data systems.
  Fossies Dox: irods-4.2.8.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

irods_server_negotiation.cpp
Go to the documentation of this file.
1 // =-=-=-=-=-=-=-
6 
7 // =-=-=-=-=-=-=-
8 // irods includes
9 #include "rodsDef.h"
10 #include "rsGlobalExtern.hpp"
11 
12 #include <list>
13 
14 namespace irods {
18  const std::string _in_sid ) {
19  // =-=-=-=-=-=-=-
20  // check incoming params
21  if ( _in_sid.empty() ) {
22  return ERROR(
24  "incoming SID is empty" );
25  }
26 
27  try {
28  // =-=-=-=-=-=-=-
29  // get the agent key
30  const auto& encr_key = irods::get_server_property<const std::string>(CFG_NEGOTIATION_KEY_KW);
31 
32  // =-=-=-=-=-=-=-
33  // start with local SID
34  const auto& svr_sid = irods::get_server_property<const std::string>(CFG_ZONE_KEY_KW);
35 
36  // =-=-=-=-=-=-=-
37  // sign SID
38  std::string signed_sid;
40  svr_sid,
41  encr_key,
42  signed_sid );
43  if ( !err.ok() ) {
44  return PASS( err );
45  }
46 
47  // =-=-=-=-=-=-=-
48  // if it is a match, were good
49  if ( _in_sid == signed_sid ) {
50  return SUCCESS();
51  }
52  } catch ( const irods::exception& e ) {
53  return irods::error(e);
54  }
55 
56  // =-=-=-=-=-=-=-
57  // if not, check against all remote zone SIDs and keys
59  std::pair <
60  std::string,
61  std::string > >::iterator itr = remote_SID_key_map.begin();
62  for ( ; itr != remote_SID_key_map.end(); ++itr ) {
63  const std::pair<std::string, std::string>& entry = itr->second;
64 
65  // =-=-=-=-=-=-=-
66  // sign SID
67  std::string signed_sid;
69  entry.first,
70  entry.second,
71  signed_sid );
72  if ( !err.ok() ) {
73  return PASS( err );
74  }
75 
76  // =-=-=-=-=-=-=-
77  // basic string compare
78  if ( _in_sid == signed_sid ) {
79  return SUCCESS();
80  }
81 
82  } // for itr
83 
84  return ERROR(
86  "signed SID was not matched" );
87 
88  } // check_sent_sid
89 
90 
95  std::string& _result ) {
96  // =-=-=-=-=-=-=-
97  // manufacture an rei for the applyRule
98  ruleExecInfo_t rei;
99  memset( ( char* )&rei, 0, sizeof( ruleExecInfo_t ) );
100 
101  std::string rule_result;
102  std::list<boost::any> params;
103  params.push_back(&rule_result);
104 
105  // =-=-=-=-=-=-=-
106  // if it is, then call the pre PEP and get the result
108  "acPreConnect",
109  params,
110  &rei );
111  if ( 0 != status ) {
112  return ERROR( status, "failed in call to applyRuleUpdateParams" );
113  }
114 
115  // =-=-=-=-=-=-=-
116  // check to see if a negoation was requested
118  // =-=-=-=-=-=-=-
119  // if it was not but we require SSL then error out
120  if ( CS_NEG_REQUIRE == rule_result ) {
121  std::stringstream msg;
122  msg << "SSL is required by the server but not requested by the client";
123  return ERROR( SYS_INVALID_INPUT_PARAM, msg.str() );
124 
125  }
126  else {
127  // =-=-=-=-=-=-=-
128  // a negotiation was not requested, bail
129  return SUCCESS();
130  }
131 
132  }
133 
134  // =-=-=-=-=-=-=-
135  // pass the PEP result to the client, send CS_NEG_SVR_1_MSG
136  irods::cs_neg_t cs_neg;
138  snprintf( cs_neg.result_, sizeof( cs_neg.result_ ), "%s", rule_result.c_str() );
139  error err = send_client_server_negotiation_message( _ptr, cs_neg );
140  if ( !err.ok() ) {
141  std::stringstream msg;
142  msg << "failed with PEP value of [" << rule_result << "]";
143  return PASSMSG( msg.str(), err );
144  }
145 
146  // =-=-=-=-=-=-=-
147  // get the response from CS_NEG_CLI_1_MSG
148  boost::shared_ptr< cs_neg_t > read_cs_neg;
149  err = read_client_server_negotiation_message( _ptr, read_cs_neg );
150  if ( !err.ok() ) {
151  return PASS( err );
152  }
153 
154  // =-=-=-=-=-=-=-
155  // get the result from the key val pair
156  if ( strlen( read_cs_neg->result_ ) != 0 ) {
157  irods::kvp_map_t kvp;
159  read_cs_neg->result_,
160  kvp );
161  if ( err.ok() ) {
162 
163  // =-=-=-=-=-=-=-
164  // extract the signed SID
165  if ( kvp.find( CS_NEG_SID_KW ) != kvp.end() ) {
166  std::string svr_sid = kvp[ CS_NEG_SID_KW ];
167  if ( !svr_sid.empty() ) {
168  // =-=-=-=-=-=-=-
169  // check SID against our SIDs
170  err = check_sent_sid(
171  svr_sid );
172  if ( !err.ok() ) {
173  rodsLog(
174  LOG_DEBUG,
175  "CS_NEG\n%s",
176  PASS( err ).result().c_str() );
177  }
178  else {
179  // =-=-=-=-=-=-=-
180  // store property that states this is an
181  // Agent-Agent connection
182  try {
183  irods::set_server_property<std::string>(AGENT_CONN_KW, svr_sid);
184  } catch ( const irods::exception& e ) {
185  return irods::error(e);
186  }
187  }
188 
189  } // if sid is not empty
190  else {
191  rodsLog(
192  LOG_WARNING,
193  "CS_NEG :: %s - sent SID is empty",
194  __FUNCTION__ );
195  }
196  }
197 
198  // =-=-=-=-=-=-=-
199  // check to see if the result string has the SSL negotiation results
200  _result = kvp[ CS_NEG_RESULT_KW ];
201  if ( _result.empty() ) {
202  return ERROR(
204  "SSL result string missing from response" );
205  }
206 
207  }
208  else {
209  // =-=-=-=-=-=-=-
210  // support 4.0 client-server negotiation which did not
211  // use key-val pairs
212  _result = read_cs_neg->result_;
213 
214  }
215 
216  } // if result strlen > 0
217 
218  if ( CS_NEG_REQUIRE == rule_result &&
219  CS_NEG_USE_TCP == _result ) {
220  return ERROR(
222  "request to use TCP refused");
223  }
224  else if ( CS_NEG_STATUS_SUCCESS == read_cs_neg->status_ ) {
225  return SUCCESS();
226  }
227 
228  // =-=-=-=-=-=-=-
229  // else, return a failure
230  std::stringstream msg;
231  msg << "failure detected from client for result ["
232  << read_cs_neg->result_
233  << "]";
234  return ERROR(
236  msg.str() );
237 
238  } // client_server_negotiation_for_server
239 
240 }; // namespace irods
rodsLog
void rodsLog(int level, const char *formatStr,...)
Definition: rodsLog.cpp:86
irods::check_sent_sid
error check_sent_sid(const std::string)
Definition: irods_server_negotiation.cpp:17
irods_configuration_keywords.hpp
irods::lookup_table
Definition: irods_lookup_table.hpp:24
irods_server_properties.hpp
irods::CS_NEG_STATUS_SUCCESS
const int CS_NEG_STATUS_SUCCESS
Definition: irods_client_server_negotiation.hpp:29
UNMATCHED_KEY_OR_INDEX
@ UNMATCHED_KEY_OR_INDEX
Definition: rodsErrorTable.h:244
irods::CS_NEG_SID_KW
const std::string CS_NEG_SID_KW("cs_neg_sid_kw")
irods::CS_NEG_USE_TCP
const std::string CS_NEG_USE_TCP("CS_NEG_USE_TCP")
PASS
#define PASS(prev_error_)
Definition: irods_error.hpp:118
irods::cs_neg_t::result_
char result_[(1024+64)]
Definition: irods_client_server_negotiation.hpp:36
irods::cs_neg_t
Definition: irods_client_server_negotiation.hpp:34
irods::AGENT_CONN_KW
const std::string AGENT_CONN_KW("agent_conn")
LOG_WARNING
#define LOG_WARNING
Definition: rodsLog.h:38
irods::CFG_ZONE_KEY_KW
const std::string CFG_ZONE_KEY_KW("zone_key")
irods::do_client_server_negotiation_for_server
bool do_client_server_negotiation_for_server()
Definition: irods_client_negotiation.cpp:220
SERVER_NEGOTIATION_ERROR
@ SERVER_NEGOTIATION_ERROR
Definition: rodsErrorTable.h:774
PASSMSG
#define PASSMSG(message_, prev_error_)
Definition: irods_error.hpp:119
SYS_INVALID_INPUT_PARAM
@ SYS_INVALID_INPUT_PARAM
Definition: rodsErrorTable.h:195
irods::CFG_NEGOTIATION_KEY_KW
const std::string CFG_NEGOTIATION_KEY_KW("negotiation_key")
irods::send_client_server_negotiation_message
error send_client_server_negotiation_message(irods::network_object_ptr, cs_neg_t &)
Definition: irods_client_negotiation.cpp:411
SUCCESS
#define SUCCESS()
Definition: irods_error.hpp:121
rsGlobalExtern.hpp
irods::cs_neg_t::status_
int status_
Definition: irods_client_server_negotiation.hpp:35
irods::sign_server_sid
error sign_server_sid(const std::string, const std::string, std::string &)
Definition: irods_client_negotiation.cpp:76
irods::read_client_server_negotiation_message
error read_client_server_negotiation_message(irods::network_object_ptr, boost::shared_ptr< cs_neg_t > &)
Definition: irods_client_negotiation.cpp:445
LOG_DEBUG
#define LOG_DEBUG
Definition: rodsLog.h:23
irods
Definition: apiHandler.hpp:35
rodsDef.h
applyRuleWithInOutVars
int applyRuleWithInOutVars(const char *_action, std::list< boost::any > &_params, ruleExecInfo_t *_rei)
Definition: irods_re_structs.cpp:124
terminate_irods_processes.e
e
Definition: terminate_irods_processes.py:19
irods.pypyodbc.status
status
Definition: pypyodbc.py:467
remote_SID_key_map
irods::lookup_table< std::pair< std::string, std::string > > remote_SID_key_map
Definition: irods_server_globals.cpp:59
ERROR
#define ERROR(code_, message_)
Definition: irods_error.hpp:117
irods::error
Definition: irods_error.hpp:23
irods::CS_NEG_REQUIRE
const std::string CS_NEG_REQUIRE("CS_NEG_REQUIRE")
irods::parse_kvp_string
error parse_kvp_string(const std::string &_str, kvp_map_t &_kvp, const std::string &_association=KVP_DEF_ASSOCIATION, const std::string &_delimeter=KVP_DEF_DELIMITER)
Definition: irods_kvp_string_parser.cpp:69
entry
Definition: ruleAdmin.cpp:22
irods::network_object_ptr
boost::shared_ptr< network_object > network_object_ptr
Definition: irods_network_object.hpp:78
error
int error
Definition: filesystem.cpp:101
RuleExecInfo
Definition: irods_re_structs.hpp:18
irods_kvp_string_parser.hpp
irods::exception
Definition: irods_exception.hpp:15
irods::CS_NEG_RESULT_KW
const std::string CS_NEG_RESULT_KW("cs_neg_result_kw")
irods::kvp_map_t
std::map< std::string, std::string > kvp_map_t
Definition: irods_kvp_string_parser.hpp:30
irods::error::ok
bool ok()
Definition: irods_error.cpp:258
irods_client_server_negotiation.hpp
SYS_SIGNED_SID_NOT_MATCHED
@ SYS_SIGNED_SID_NOT_MATCHED
Definition: rodsErrorTable.h:204
irods::client_server_negotiation_for_server
error client_server_negotiation_for_server(irods::network_object_ptr, std::string &)
Definition: irods_server_negotiation.cpp:93