irods  4.2.8
About: iRODS (the integrated Rule Oriented Data System) is a distributed data-management system for creating data grids, digital libraries, persistent archives, and real-time data systems.
  Fossies Dox: irods-4.2.8.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  
libnative.cpp
Go to the documentation of this file.
1 // =-=-=-=-=-=-=-
2 // irods includes
3 #include "rodsDef.h"
4 #include "msParam.h"
5 #include "rcConnect.h"
6 #include "authRequest.h"
7 #include "authResponse.h"
8 #include "authCheck.h"
9 #include "miscServerFunct.hpp"
10 #include "authPluginRequest.h"
11 #include "authenticate.h"
12 #include "rsAuthCheck.hpp"
13 #include "rsAuthRequest.hpp"
14 
15 // =-=-=-=-=-=-=-
16 #include "irods_auth_plugin.hpp"
17 #include "irods_auth_constants.hpp"
18 #include "irods_native_auth_object.hpp"
19 #include "irods_stacktrace.hpp"
20 #include "irods_kvp_string_parser.hpp"
21 
22 // =-=-=-=-=-=-=-
23 // stl includes
24 #include <sstream>
25 #include <string>
26 #include <iostream>
27 #include <termios.h>
28 #include <unistd.h>
29 
30 #include <openssl/md5.h>
31 
32 int get64RandomBytes( char *buf );
33 void setSessionSignatureClientside( char* _sig );
34 void _rsSetAuthRequestGetChallenge( const char* _c );
35 
36 static irods::error check_proxy_user_privileges(
37  rsComm_t *rsComm,
38  int proxyUserPriv ) {
39  irods::error result = SUCCESS();
40 
41  if ( strcmp( rsComm->proxyUser.userName, rsComm->clientUser.userName ) != 0 ) {
42 
43  /* remote privileged user can only do things on behalf of users from
44  * the same zone */
45  result = ASSERT_ERROR( proxyUserPriv >= LOCAL_PRIV_USER_AUTH ||
46  ( proxyUserPriv >= REMOTE_PRIV_USER_AUTH &&
47  strcmp( rsComm->proxyUser.rodsZone, rsComm->clientUser.rodsZone ) == 0 ),
48  SYS_PROXYUSER_NO_PRIV,
49  "Proxyuser: \"%s\" with %d no priv to auth clientUser: \"%s\".",
50  rsComm->proxyUser.userName, proxyUserPriv, rsComm->clientUser.userName );
51  }
52 
53  return result;
54 }
55 
56 // =-=-=-=-=-=-=-
57 // NOTE:: this needs to become a property
58 // Set requireServerAuth to 1 to fail authentications from
59 // un-authenticated Servers (for example, if the LocalZoneSID
60 // is not set)
61 #ifdef RODS_SERVER
62 const int requireServerAuth = 1;
63 #endif
64 
65 // =-=-=-=-=-=-=-
66 // NOTE:: this needs to become a property
67 // If set, then SIDs are always required, errors will be return if a SID
68 // is not locally set for a remote server
69 #ifdef RODS_SERVER
70 const int requireSIDs = 0;
71 #endif
72 
73 // =-=-=-=-=-=-=-
74 // given the client connection and context string, set up the
75 // native auth object with relevant informaiton: user, zone, etc
76 irods::error native_auth_client_start(
77  irods::plugin_context& _ctx,
78  rcComm_t* _comm,
79  const char* ) {
80  irods::error result = SUCCESS();
81  irods::error ret;
82 
83  // =-=-=-=-=-=-=-
84  // validate incoming parameters
85  ret = _ctx.valid< irods::native_auth_object >();
86  if ( ( result = ASSERT_PASS( ret, "Invalid plugin context." ) ).ok() ) {
87 
88  if ( ( result = ASSERT_ERROR( _comm, SYS_INVALID_INPUT_PARAM, "Null rcConn_t pointer." ) ).ok() ) {
89 
90  // =-=-=-=-=-=-=-
91  // get the native auth object
92  irods::native_auth_object_ptr ptr = boost::dynamic_pointer_cast<irods::native_auth_object >( _ctx.fco() );
93 
94  // =-=-=-=-=-=-=-
95  // set the user name from the conn
96  ptr->user_name( _comm->proxyUser.userName );
97 
98  // =-=-=-=-=-=-=-
99  // set the zone name from the conn
100  ptr->zone_name( _comm->proxyUser.rodsZone );
101  }
102  }
103 
104  return result;
105 
106 } // native_auth_client_start
107 
108 // =-=-=-=-=-=-=-
109 // establish context - take the auth request results and massage them
110 // for the auth response call
111 irods::error native_auth_establish_context(
112  irods::plugin_context& _ctx ) {
113  irods::error result = SUCCESS();
114  irods::error ret;
115 
116  // =-=-=-=-=-=-=-
117  // validate incoming parameters
118  ret = _ctx.valid< irods::native_auth_object >();
119  if ( ( result = ASSERT_PASS( ret, "Invalid plugin context." ) ).ok() ) {
120 
121  // =-=-=-=-=-=-=-
122  // build a buffer for the challenge hash
123  char md5_buf[ CHALLENGE_LEN + MAX_PASSWORD_LEN + 2 ];
124  memset( md5_buf, 0, sizeof( md5_buf ) );
125 
126  // =-=-=-=-=-=-=-
127  // get the native auth object
128  irods::native_auth_object_ptr ptr = boost::dynamic_pointer_cast<irods::native_auth_object >( _ctx.fco() );
129 
130  // =-=-=-=-=-=-=-
131  // copy the challenge into the md5 buffer
132  strncpy( md5_buf, ptr->request_result().c_str(), CHALLENGE_LEN );
133 
134  // =-=-=-=-=-=-=-
135  // Save a representation of some of the challenge string for use
136  // as a session signiture
137  setSessionSignatureClientside( md5_buf );
138 
139  // =-=-=-=-=-=-=-
140  // determine if a password challenge is needed,
141  // are we anonymous or not?
142  int need_password = 0;
143  if ( strncmp( ANONYMOUS_USER, ptr->user_name().c_str(), NAME_LEN ) == 0 ) {
144 
145  // =-=-=-=-=-=-=-
146  // its an anonymous user - set the flag
147  md5_buf[CHALLENGE_LEN + 1] = '\0';
148  need_password = 0;
149 
150  }
151  else {
152  // =-=-=-=-=-=-=-
153  // determine if a password is already in place
154  need_password = obfGetPw( md5_buf + CHALLENGE_LEN );
155  }
156 
157  // =-=-=-=-=-=-=-
158  // prompt for a password if necessary
159  if ( 0 != need_password ) {
160 #ifdef WIN32
161  HANDLE hStdin = GetStdHandle( STD_INPUT_HANDLE );
162  DWORD mode;
163  GetConsoleMode( hStdin, &mode );
164  DWORD lastMode = mode;
165  mode &= ~ENABLE_ECHO_INPUT;
166  BOOL error = !SetConsoleMode( hStdin, mode );
167  int errsv = -1;
168 #else
169  struct termios tty;
170  memset( &tty, 0, sizeof( tty ) );
171  tcgetattr( STDIN_FILENO, &tty );
172  tcflag_t oldflag = tty.c_lflag;
173  tty.c_lflag &= ~ECHO;
174  int error = tcsetattr( STDIN_FILENO, TCSANOW, &tty );
175  int errsv = errno;
176 #endif
177  if ( error ) {
178  printf( "WARNING: Error %d disabling echo mode. Password will be displayed in plaintext.", errsv );
179  }
180  printf( "Enter your current iRODS password:" );
181  std::string password = "";
182  getline( std::cin, password );
183  strncpy( md5_buf + CHALLENGE_LEN, password.c_str(), MAX_PASSWORD_LEN );
184 #ifdef WIN32
185  if ( !SetConsoleMode( hStdin, lastMode ) ) {
186  printf( "Error reinstating echo mode." );
187  }
188 #else
189  tty.c_lflag = oldflag;
190  if ( tcsetattr( STDIN_FILENO, TCSANOW, &tty ) ) {
191  printf( "Error reinstating echo mode." );
192  }
193 #endif
194  } // if need_password
195 
196  // =-=-=-=-=-=-=-
197  // create a md5 hash of the challenge
198  MD5_CTX context;
199  MD5_Init( &context );
200  MD5_Update( &context, ( unsigned char* )md5_buf, CHALLENGE_LEN + MAX_PASSWORD_LEN );
201 
202  char digest[ RESPONSE_LEN + 2 ];
203  MD5_Final( ( unsigned char* )digest, &context );
204 
205  // =-=-=-=-=-=-=-
206  // make sure 'string' doesn't end early -
207  // scrub out any errant terminating chars
208  // by incrementing their value by one
209  for ( int i = 0; i < RESPONSE_LEN; ++i ) {
210  if ( digest[ i ] == '\0' ) {
211  digest[ i ]++;
212  }
213  }
214 
215  // =-=-=-=-=-=-=-
216  // cache the digest for the response
217  ptr->digest( std::string( digest, RESPONSE_LEN ) );
218  }
219 
220  return result;
221 
222 } // native_auth_establish_context
223 
224 // =-=-=-=-=-=-=-
225 // handle a client-side auth request call
226 irods::error native_auth_client_request(
227  irods::plugin_context& _ctx,
228  rcComm_t* _comm ) {
229 
230  if ( !_ctx.valid< irods::native_auth_object >().ok() ) {
231  return ERROR( SYS_INVALID_INPUT_PARAM, "Invalid plugin context." );
232  }
233 
234  authRequestOut_t* auth_request = NULL;
235  int status = rcAuthRequest( _comm, &auth_request );
236  if ( status < 0 ) {
237  if ( auth_request ) {
238  free( auth_request->challenge );
239  free( auth_request );
240  }
241  return ERROR( status, "Call to rcAuthRequest failed." );
242  }
243  else if ( !auth_request ) {
244  return ERROR( SYS_NULL_INPUT, "Call to rcAuthRequest resulted in a null authRequest." );
245  }
246  else if ( !auth_request->challenge ) {
247  free( auth_request );
248  return ERROR( 0, "Challenge attribute is blank." );
249  }
250 
251  irods::native_auth_object_ptr ptr = boost::dynamic_pointer_cast<irods::native_auth_object >( _ctx.fco() );
252  ptr->request_result( std::string( auth_request->challenge, CHALLENGE_LEN ) );
253 
254  free( auth_request->challenge );
255  free( auth_request );
256 
257  return SUCCESS();
258 
259 } // native_auth_client_request
260 
261 
262 #ifdef RODS_SERVER
263 // =-=-=-=-=-=-=-
264 // handle an agent-side auth request call
265 irods::error native_auth_agent_request(
266  irods::plugin_context& _ctx ) {
267  irods::error result = SUCCESS();
268  irods::error ret;
269 
270  // =-=-=-=-=-=-=-
271  // validate incoming parameters
272  ret = _ctx.valid< irods::native_auth_object >();
273  if ( ( result = ASSERT_PASS( ret, "Invalid plugin context." ) ).ok() ) {
274 
275  if ( ( result = ASSERT_ERROR( _ctx.comm(), SYS_INVALID_INPUT_PARAM, "Null comm pointer." ) ).ok() ) {
276 
277  // =-=-=-=-=-=-=-
278  // generate a random buffer and copy it to the challenge
279  char buf[ CHALLENGE_LEN + 2 ];
280  get64RandomBytes( buf );
281 
282  // =-=-=-=-=-=-=-
283  // get the auth object
284  irods::native_auth_object_ptr ptr = boost::dynamic_pointer_cast<irods::native_auth_object >( _ctx.fco() );
285 
286  // =-=-=-=-=-=-=-
287  // cache the challenge
288  ptr->request_result( buf );
289 
290  // =-=-=-=-=-=-=-
291  // cache the challenge in the server for later usage
292  _rsSetAuthRequestGetChallenge( buf );
293 
294  if ( _ctx.comm()->auth_scheme != NULL ) {
295  free( _ctx.comm()->auth_scheme );
296  }
297  _ctx.comm()->auth_scheme = strdup( irods::AUTH_NATIVE_SCHEME.c_str() );
298  }
299  }
300 
301  // =-=-=-=-=-=-=-
302  // win!
303  return SUCCESS();
304 
305 } // native_auth_agent_request
306 #endif
307 
308 
309 // =-=-=-=-=-=-=-
310 // handle a client-side auth request call
311 irods::error native_auth_client_response(
312  irods::plugin_context& _ctx,
313  rcComm_t* _comm ) {
314  irods::error result = SUCCESS();
315  irods::error ret;
316 
317  // =-=-=-=-=-=-=-
318  // validate incoming parameters
319  ret = _ctx.valid< irods::native_auth_object >();
320  if ( ( result = ASSERT_PASS( ret, "Invalid plugin context." ) ).ok() ) {
321  if ( ( result = ASSERT_ERROR( _comm, SYS_INVALID_INPUT_PARAM, "Null rcComm_t pointer." ) ).ok() ) {
322 
323  // =-=-=-=-=-=-=-
324  // get the auth object
325  irods::native_auth_object_ptr ptr = boost::dynamic_pointer_cast<irods::native_auth_object >( _ctx.fco() );
326 
327  // =-=-=-=-=-=-=-
328  // build the response string
329  char response[ RESPONSE_LEN + 2 ];
330  snprintf( response, RESPONSE_LEN + 2, "%s", ptr->digest().c_str() );
331 
332  // =-=-=-=-=-=-=-
333  // build the username#zonename string
334  std::string user_name = ptr->user_name() + "#" + ptr->zone_name();
335  char username[ MAX_NAME_LEN ];
336  snprintf( username, MAX_NAME_LEN, "%s", user_name.c_str() );
337 
338  authResponseInp_t auth_response;
339  auth_response.response = response;
340  auth_response.username = username;
341  int status = rcAuthResponse( _comm, &auth_response );
342  result = ASSERT_ERROR( status >= 0, status, "Call to rcAuthResponseFailed." );
343  }
344  }
345  return result;
346 } // native_auth_client_response
347 
348 
349 // TODO -This function really needs breaking into bite sized bits - harry
350 
351 #ifdef RODS_SERVER
352 // =-=-=-=-=-=-=-
353 // handle an agent-side auth request call
354 irods::error native_auth_agent_response(
355  irods::plugin_context& _ctx,
356  authResponseInp_t* _resp ) {
357  irods::error ret = SUCCESS();
358 
359  // =-=-=-=-=-=-=-
360  // validate incoming parameters
361  ret = _ctx.valid();
362  if ( !ret.ok() ) {
363  return PASSMSG( "Invalid plugin context.", ret );
364  }
365 
366  if ( NULL == _resp ) {
367  return ERROR( SYS_INVALID_INPUT_PARAM, "Invalid response or comm pointers." );
368  }
369 
370  int status;
371  char *bufp;
372  authCheckInp_t authCheckInp;
373  authCheckOut_t *authCheckOut = NULL;
374  rodsServerHost_t *rodsServerHost;
375 
376  char digest[RESPONSE_LEN + 2];
377  char md5Buf[CHALLENGE_LEN + MAX_PASSWORD_LEN + 2];
378  char serverId[MAX_PASSWORD_LEN + 2];
379 
380  bufp = _rsAuthRequestGetChallenge();
381 
382  /* need to do NoLogin because it could get into inf loop for cross
383  * zone auth */
384 
385  status = getAndConnRcatHostNoLogin( _ctx.comm(), MASTER_RCAT,
386  _ctx.comm()->proxyUser.rodsZone, &rodsServerHost );
387  if ( status < 0 ) {
388  return ERROR( status, "Connecting to rcat host failed." );
389  }
390  memset( &authCheckInp, 0, sizeof( authCheckInp ) );
391  authCheckInp.challenge = bufp;
392  //null-terminate the response for rsAuthCheck
393  _resp->response = ( char * )realloc( _resp->response, RESPONSE_LEN + 1 );
394  _resp->response[ RESPONSE_LEN ] = 0;
395  authCheckInp.response = _resp->response;
396  authCheckInp.username = _resp->username;
397 
398  if ( LOCAL_HOST == rodsServerHost->localFlag ) {
399  status = rsAuthCheck( _ctx.comm(), &authCheckInp, &authCheckOut );
400  }
401  else {
402  status = rcAuthCheck( rodsServerHost->conn, &authCheckInp, &authCheckOut );
403  /* not likely we need this connection again */
404  rcDisconnect( rodsServerHost->conn );
405  rodsServerHost->conn = NULL;
406  }
407 
408  if ( status >= 0 && NULL != authCheckOut ) {
409  if ( rodsServerHost->localFlag != LOCAL_HOST ) {
410  if ( authCheckOut->serverResponse == NULL ) {
411  rodsLog( LOG_NOTICE, "Warning, cannot authenticate remote server, no serverResponse field" );
412  if ( requireServerAuth ) {
413  ret = ERROR( REMOTE_SERVER_AUTH_NOT_PROVIDED, "Authentication disallowed. no serverResponse field." );
414  }
415  }
416  else {
417  char *cp;
418  int OK, len, i;
419  if ( *authCheckOut->serverResponse == '\0' ) {
420  rodsLog( LOG_NOTICE, "Warning, cannot authenticate remote server, serverResponse field is empty" );
421  if ( requireServerAuth ) {
422  ret = ERROR( REMOTE_SERVER_AUTH_EMPTY, "Authentication disallowed, empty serverResponse." );
423  }
424  }
425  else {
426  char username2[NAME_LEN + 2];
427  char userZone[NAME_LEN + 2];
428  memset( md5Buf, 0, sizeof( md5Buf ) );
429  strncpy( md5Buf, authCheckInp.challenge, CHALLENGE_LEN );
430  parseUserName( _resp->username, username2, userZone );
431  getZoneServerId( userZone, serverId );
432  len = strlen( serverId );
433  if ( len <= 0 ) {
434  rodsLog( LOG_NOTICE, "rsAuthResponse: Warning, cannot authenticate the remote server, no RemoteZoneSID defined in server_config.json", status );
435  if ( requireServerAuth ) {
436  ret = ERROR( REMOTE_SERVER_SID_NOT_DEFINED, "Authentication disallowed, no RemoteZoneSID defined" );
437  }
438  if ( requireSIDs ) {
439  ret = ERROR( REMOTE_SERVER_SID_NOT_DEFINED, "Authentication disallowed, no RemoteZoneSID defined" );
440  }
441  }
442  else {
443  strncpy( md5Buf + CHALLENGE_LEN, serverId, len );
444  obfMakeOneWayHash(
445  HASH_TYPE_DEFAULT,
446  ( unsigned char* )md5Buf,
447  CHALLENGE_LEN + MAX_PASSWORD_LEN,
448  ( unsigned char* )digest );
449 
450  for ( i = 0; i < RESPONSE_LEN; i++ ) {
451  if ( digest[i] == '\0' ) {
452  digest[i]++;
453  } /* make sure 'string' doesn't end early*/
454  }
455  cp = authCheckOut->serverResponse;
456  OK = 1;
457  for ( i = 0; i < RESPONSE_LEN; i++ ) {
458  if ( *cp++ != digest[i] ) {
459  OK = 0;
460  }
461  }
462  rodsLog( LOG_DEBUG, "serverResponse is OK/Not: %d", OK );
463  if ( 0 == OK ) {
464  ret = ERROR( REMOTE_SERVER_AUTHENTICATION_FAILURE, "Authentication disallowed, server response incorrect." );
465  }
466  }
467  }
468  }
469  }
470 
471  /* Set the clientUser zone if it is null. */
472  if ( ret.ok() && 0 == strlen( _ctx.comm()->clientUser.rodsZone ) ) {
473  zoneInfo_t *tmpZoneInfo;
474  status = getLocalZoneInfo( &tmpZoneInfo );
475  if ( status < 0 ) {
476  ret = ERROR( status, "getLocalZoneInfo failed." );
477  }
478  else {
479  strncpy( _ctx.comm()->clientUser.rodsZone, tmpZoneInfo->zoneName, NAME_LEN );
480  }
481  }
482 
483  /* have to modify privLevel if the icat is a foreign icat because
484  * a local user in a foreign zone is not a local user in this zone
485  * and vice versa for a remote user
486  */
487  if ( ret.ok() && rodsServerHost->rcatEnabled == REMOTE_ICAT ) {
488  /* proxy is easy because rodsServerHost is based on proxy user */
489  if ( authCheckOut->privLevel == LOCAL_PRIV_USER_AUTH ) {
490  authCheckOut->privLevel = REMOTE_PRIV_USER_AUTH;
491  }
492  else if ( authCheckOut->privLevel == LOCAL_USER_AUTH ) {
493  authCheckOut->privLevel = REMOTE_USER_AUTH;
494  }
495 
496  /* adjust client user */
497  if ( 0 == strcmp( _ctx.comm()->proxyUser.userName, _ctx.comm()->clientUser.userName ) ) {
498  authCheckOut->clientPrivLevel = authCheckOut->privLevel;
499  }
500  else {
501  zoneInfo_t *tmpZoneInfo;
502  status = getLocalZoneInfo( &tmpZoneInfo );
503  if ( status < 0 ) {
504  ret = ERROR( status, "getLocalZoneInfo failed." );
505  }
506  else {
507  if ( 0 == strcmp( tmpZoneInfo->zoneName, _ctx.comm()->clientUser.rodsZone ) ) {
508  /* client is from local zone */
509  if ( REMOTE_PRIV_USER_AUTH == authCheckOut->clientPrivLevel ) {
510  authCheckOut->clientPrivLevel = LOCAL_PRIV_USER_AUTH;
511  }
512  else if ( REMOTE_USER_AUTH == authCheckOut->clientPrivLevel ) {
513  authCheckOut->clientPrivLevel = LOCAL_USER_AUTH;
514  }
515  }
516  else {
517  /* client is from remote zone */
518  if ( LOCAL_PRIV_USER_AUTH == authCheckOut->clientPrivLevel ) {
519  authCheckOut->clientPrivLevel = REMOTE_USER_AUTH;
520  }
521  else if ( LOCAL_USER_AUTH == authCheckOut->clientPrivLevel ) {
522  authCheckOut->clientPrivLevel = REMOTE_USER_AUTH;
523  }
524  }
525  }
526  }
527  }
528  else if ( 0 == strcmp( _ctx.comm()->proxyUser.userName, _ctx.comm()->clientUser.userName ) ) {
529  authCheckOut->clientPrivLevel = authCheckOut->privLevel;
530  }
531 
532  if ( ret.ok() ) {
533  ret = check_proxy_user_privileges( _ctx.comm(), authCheckOut->privLevel );
534  if ( !ret.ok() ) {
535  ret = PASSMSG( "Check proxy user priviledges failed.", ret );
536  }
537  else {
538  rodsLog( LOG_DEBUG,
539  "rsAuthResponse set proxy authFlag to %d, client authFlag to %d, user:%s proxy:%s client:%s",
540  authCheckOut->privLevel,
541  authCheckOut->clientPrivLevel,
542  authCheckInp.username,
543  _ctx.comm()->proxyUser.userName,
544  _ctx.comm()->clientUser.userName );
545 
546  if ( strcmp( _ctx.comm()->proxyUser.userName, _ctx.comm()->clientUser.userName ) != 0 ) {
547  _ctx.comm()->proxyUser.authInfo.authFlag = authCheckOut->privLevel;
548  _ctx.comm()->clientUser.authInfo.authFlag = authCheckOut->clientPrivLevel;
549  }
550  else { /* proxyUser and clientUser are the same */
551  _ctx.comm()->proxyUser.authInfo.authFlag =
552  _ctx.comm()->clientUser.authInfo.authFlag = authCheckOut->privLevel;
553  }
554  }
555  }
556  }
557  else {
558  ret = ERROR( status, "rcAuthCheck failed." );
559  }
560 
561  if ( authCheckOut != NULL ) {
562  if ( authCheckOut->serverResponse != NULL ) {
563  free( authCheckOut->serverResponse );
564  }
565  free( authCheckOut );
566  }
567  return ret;
568 } // native_auth_agent_response
569 
570 // =-=-=-=-=-=-=-
571 // stub for ops that the native plug does
572 // not need to support
573 irods::error native_auth_agent_verify(
574  irods::plugin_context& ,
575  const char* ,
576  const char* ,
577  const char* ) {
578  return SUCCESS();
579 
580 } // native_auth_agent_verify
581 
582 
583 // =-=-=-=-=-=-=-
584 // stub for ops that the native plug does
585 // not need to support
586 irods::error native_auth_agent_start(
587  irods::plugin_context&,
588  const char*) {
589  return SUCCESS();
590 
591 } // native_auth_success_stub
592 #endif
593 
594 // =-=-=-=-=-=-=-
595 // derive a new native_auth auth plugin from
596 // the auth plugin base class for handling
597 // native authentication
598 class native_auth_plugin : public irods::auth {
599  public:
600  native_auth_plugin(
601  const std::string& _nm,
602  const std::string& _ctx ) :
603  irods::auth(
604  _nm,
605  _ctx ) {
606  } // ctor
607 
608  ~native_auth_plugin() {
609  }
610 
611 }; // class native_auth_plugin
612 
613 // =-=-=-=-=-=-=-
614 // factory function to provide instance of the plugin
615 extern "C"
616 irods::auth* plugin_factory(
617  const std::string& _inst_name,
618  const std::string& _context ) {
619  // =-=-=-=-=-=-=-
620  // create an auth object
621  native_auth_plugin* nat = new native_auth_plugin(
622  _inst_name,
623  _context );
624 
625  // =-=-=-=-=-=-=-
626  // fill in the operation table mapping call
627  // names to function names
628  using namespace irods;
629  using namespace std;
630  nat->add_operation(
631  AUTH_ESTABLISH_CONTEXT,
632  function<error(plugin_context&)>(
633  native_auth_establish_context ) );
634  nat->add_operation<rcComm_t*,const char*>(
635  AUTH_CLIENT_START,
636  function<error(plugin_context&,rcComm_t*,const char*)>(
637  native_auth_client_start ) );
638  nat->add_operation<rcComm_t*>(
639  AUTH_CLIENT_AUTH_REQUEST,
640  function<error(plugin_context&,rcComm_t*)>(
641  native_auth_client_request ) );
642  nat->add_operation<rcComm_t*>(
643  AUTH_CLIENT_AUTH_RESPONSE,
644  function<error(plugin_context&,rcComm_t*)>(
645  native_auth_client_response ) );
646 #ifdef RODS_SERVER
647  nat->add_operation<const char*>(
648  AUTH_AGENT_START,
649  function<error(plugin_context&,const char*)>(
650  native_auth_agent_start ) );
651  nat->add_operation(
652  AUTH_AGENT_AUTH_REQUEST,
653  function<error(plugin_context&)>(
654  native_auth_agent_request ) );
655  nat->add_operation<authResponseInp_t*>(
656  AUTH_AGENT_AUTH_RESPONSE,
657  function<error(plugin_context&,authResponseInp_t*)>(
658  native_auth_agent_response ) );
659  nat->add_operation<const char*,const char*,const char*>(
660  AUTH_AGENT_AUTH_VERIFY,
661  function<error(plugin_context&,const char*,const char*,const char*)>(
662  native_auth_agent_verify ) );
663 #endif
664  irods::auth* auth = dynamic_cast< irods::auth* >( nat );
665 
666  return auth;
667 
668 } // plugin_factory
rodsLog
void rodsLog(int level, const char *formatStr,...)
Definition: rodsLog.cpp:86
rcComm_t
Definition: rcConnect.h:95
NULL
#define NULL
Definition: rodsDef.h:70
rsComm_t
Definition: rcConnect.h:145
rodsServerHost::localFlag
int localFlag
Definition: rodsConnect.h:68
authCheckInp_t::challenge
char * challenge
Definition: authCheck.h:7
irods::AUTH_ESTABLISH_CONTEXT
const std::string AUTH_ESTABLISH_CONTEXT("auth_establish_context")
irods::AUTH_CLIENT_START
const std::string AUTH_CLIENT_START("auth_client_start")
authPluginRequest.h
msParam.h
irods::plugin_context::valid
virtual error valid()
Definition: irods_plugin_context.hpp:77
rodsServerHost::conn
rcComm_t * conn
Definition: rodsConnect.h:64
irods::native_auth_object_ptr
boost::shared_ptr< native_auth_object > native_auth_object_ptr
Definition: irods_native_auth_object.hpp:67
irods_native_auth_object.hpp
userInfo_t::userName
char userName[64]
Definition: rodsUser.h:66
rcComm_t::proxyUser
userInfo_t proxyUser
Definition: rcConnect.h:103
rodsServerHost::rcatEnabled
int rcatEnabled
Definition: rodsConnect.h:65
irods_stacktrace.hpp
rsComm_t::auth_scheme
char * auth_scheme
Definition: rcConnect.h:177
getAndConnRcatHostNoLogin
int getAndConnRcatHostNoLogin(rsComm_t *rsComm, int rcatType, char *rcatZoneHint, rodsServerHost_t **rodsServerHost)
Definition: rodsConnect.cpp:62
authenticate.h
irods::native_auth_object
Definition: irods_native_auth_object.hpp:21
irods::auth::auth
auth(const std::string &_inst, const std::string &_ctx)
Definition: irods_auth_plugin.hpp:19
rcConnect.h
authCheckOut_t::serverResponse
char * serverResponse
Definition: authCheck.h:15
native_auth_establish_context
irods::error native_auth_establish_context(irods::plugin_context &_ctx)
Definition: libnative.cpp:111
irods::AUTH_AGENT_AUTH_RESPONSE
const std::string AUTH_AGENT_AUTH_RESPONSE("auth_agent_auth_response")
LOCAL_HOST
#define LOCAL_HOST
Definition: rodsConnect.h:44
zoneInfo::zoneName
char zoneName[64]
Definition: rodsConnect.h:75
irods::AUTH_NATIVE_SCHEME
const std::string AUTH_NATIVE_SCHEME("native")
setSessionSignatureClientside
void setSessionSignatureClientside(char *_sig)
Definition: clientLogin.cpp:48
PASSMSG
#define PASSMSG(message_, prev_error_)
Definition: irods_error.hpp:119
REMOTE_USER_AUTH
#define REMOTE_USER_AUTH
Definition: rodsUser.h:33
plugin_factory
irods::auth * plugin_factory(const std::string &_inst_name, const std::string &_context)
Definition: libnative.cpp:616
irods::plugin_context
Definition: irods_plugin_context.hpp:18
_rsSetAuthRequestGetChallenge
void _rsSetAuthRequestGetChallenge(const char *_c)
Definition: rsAuthRequest.cpp:31
authCheckOut_t::clientPrivLevel
int clientPrivLevel
Definition: authCheck.h:14
irods::AUTH_CLIENT_AUTH_REQUEST
const std::string AUTH_CLIENT_AUTH_REQUEST("auth_agent_client_request")
SYS_INVALID_INPUT_PARAM
@ SYS_INVALID_INPUT_PARAM
Definition: rodsErrorTable.h:195
authCheckOut_t
Definition: authCheck.h:12
REMOTE_ICAT
#define REMOTE_ICAT
Definition: rodsConnect.h:54
authRequest.h
MAX_PASSWORD_LEN
#define MAX_PASSWORD_LEN
Definition: authenticate.h:9
REMOTE_SERVER_AUTH_NOT_PROVIDED
@ REMOTE_SERVER_AUTH_NOT_PROVIDED
Definition: rodsErrorTable.h:505
irods::AUTH_AGENT_AUTH_REQUEST
const std::string AUTH_AGENT_AUTH_REQUEST("auth_agent_auth_request")
irods_auth_constants.hpp
irods::auth
Definition: irods_auth_plugin.hpp:17
ASSERT_ERROR
#define ASSERT_ERROR(expr_, code_, format_,...)
Definition: irods_error.hpp:123
OK
#define OK
Definition: base64.cpp:7
SUCCESS
#define SUCCESS()
Definition: irods_error.hpp:121
irods::plugin_context::comm
virtual rsComm_t * comm()
Definition: irods_plugin_context.hpp:95
LOCAL_USER_AUTH
#define LOCAL_USER_AUTH
Definition: rodsUser.h:34
REMOTE_SERVER_AUTH_EMPTY
@ REMOTE_SERVER_AUTH_EMPTY
Definition: rodsErrorTable.h:506
native_auth_client_request
irods::error native_auth_client_request(irods::plugin_context &_ctx, rcComm_t *_comm)
Definition: libnative.cpp:226
LOG_DEBUG
#define LOG_DEBUG
Definition: rodsLog.h:23
authCheckOut_t::privLevel
int privLevel
Definition: authCheck.h:13
rsComm_t::proxyUser
userInfo_t proxyUser
Definition: rcConnect.h:152
ANONYMOUS_USER
#define ANONYMOUS_USER
Definition: rodsDef.h:133
irods
Definition: apiHandler.hpp:35
obfGetPw
int obfGetPw(char *pw)
Definition: obf.cpp:159
getline
int getline(char *s, int n, FILE *f)
Definition: ruleAdmin.cpp:317
authResponseInp_t
Definition: authResponse.h:6
rodsDef.h
obfMakeOneWayHash
void obfMakeOneWayHash(int hashType, unsigned const char *inBuf, int inBufSize, unsigned char *outHash)
Definition: obf.cpp:970
authCheck.h
REMOTE_PRIV_USER_AUTH
#define REMOTE_PRIV_USER_AUTH
Definition: rodsUser.h:35
MAX_NAME_LEN
#define MAX_NAME_LEN
Definition: rodsDef.h:61
rcAuthCheck
int rcAuthCheck(rcComm_t *conn, authCheckInp_t *authCheckInp, authCheckOut_t **authCheckOut)
Definition: rcAuthCheck.cpp:37
rsAuthCheck.hpp
authCheckInp_t::username
char * username
Definition: authCheck.h:9
ASSERT_PASS
#define ASSERT_PASS(prev_error_, format_,...)
Definition: irods_error.hpp:124
getLocalZoneInfo
int getLocalZoneInfo(zoneInfo_t **outZoneInfo)
Definition: rodsConnect.cpp:666
authResponseInp_t::username
char * username
Definition: authResponse.h:8
LOCAL_PRIV_USER_AUTH
#define LOCAL_PRIV_USER_AUTH
Definition: rodsUser.h:36
native_auth_client_start
irods::error native_auth_client_start(irods::plugin_context &_ctx, rcComm_t *_comm, const char *)
Definition: libnative.cpp:76
authRequestOut_t
Definition: authRequest.h:11
irods.pypyodbc.status
status
Definition: pypyodbc.py:467
userInfo_t::rodsZone
char rodsZone[64]
Definition: rodsUser.h:67
SYS_NULL_INPUT
@ SYS_NULL_INPUT
Definition: rodsErrorTable.h:876
LOG_NOTICE
#define LOG_NOTICE
Definition: rodsLog.h:33
irods::AUTH_AGENT_START
const std::string AUTH_AGENT_START("auth_agent_start")
rsComm_t::clientUser
userInfo_t clientUser
Definition: rcConnect.h:153
ERROR
#define ERROR(code_, message_)
Definition: irods_error.hpp:117
native_auth_plugin::native_auth_plugin
native_auth_plugin(const std::string &_nm, const std::string &_ctx)
Definition: libnative.cpp:600
irods::error
Definition: irods_error.hpp:23
check_proxy_user_privileges
static irods::error check_proxy_user_privileges(rsComm_t *rsComm, int proxyUserPriv)
Definition: libnative.cpp:36
rsAuthRequest.hpp
miscServerFunct.hpp
get64RandomBytes
int get64RandomBytes(char *buf)
Definition: rcMisc.cpp:1371
rcAuthResponse
int rcAuthResponse(rcComm_t *conn, authResponseInp_t *authResponseInp)
Definition: rcAuthResponse.cpp:35
native_auth_client_response
irods::error native_auth_client_response(irods::plugin_context &_ctx, rcComm_t *_comm)
Definition: libnative.cpp:311
authCheckInp_t::response
char * response
Definition: authCheck.h:8
irods_auth_plugin.hpp
MASTER_RCAT
#define MASTER_RCAT
Definition: rodsDef.h:85
authResponse.h
rsAuthCheck
int rsAuthCheck(rsComm_t *rsComm, authCheckInp_t *authCheckInp, authCheckOut_t **authCheckOut)
Definition: rsAuthCheck.cpp:21
authRequestOut_t::challenge
char * challenge
Definition: authRequest.h:12
authResponseInp_t::response
char * response
Definition: authResponse.h:7
rodsServerHost
Definition: rodsConnect.h:62
RESPONSE_LEN
#define RESPONSE_LEN
Definition: authenticate.h:11
native_auth_plugin
Definition: libnative.cpp:598
rcDisconnect
int rcDisconnect(rcComm_t *conn)
Definition: rcConnect.cpp:246
error
int error
Definition: filesystem.cpp:101
HASH_TYPE_DEFAULT
#define HASH_TYPE_DEFAULT
Definition: obf.h:9
irods::plugin_base::add_operation
error add_operation(const std::string &_op, std::function< error(plugin_context &)> _f)
Definition: irods_plugin_base.hpp:122
irods::plugin_context::fco
virtual first_class_object_ptr fco()
Definition: irods_plugin_context.hpp:102
irods_kvp_string_parser.hpp
getZoneServerId
void getZoneServerId(char *zoneName, char *zoneSID)
Definition: miscServerFunct.cpp:1945
irods::AUTH_AGENT_AUTH_VERIFY
const std::string AUTH_AGENT_AUTH_VERIFY("auth_agent_auth_verify")
REMOTE_SERVER_AUTHENTICATION_FAILURE
@ REMOTE_SERVER_AUTHENTICATION_FAILURE
Definition: rodsErrorTable.h:504
native_auth_plugin::~native_auth_plugin
~native_auth_plugin()
Definition: libnative.cpp:608
CHALLENGE_LEN
#define CHALLENGE_LEN
Definition: authenticate.h:10
authCheckInp_t
Definition: authCheck.h:6
userInfo_t::authInfo
authInfo_t authInfo
Definition: rodsUser.h:70
_rsAuthRequestGetChallenge
char * _rsAuthRequestGetChallenge()
Definition: rsAuthRequest.cpp:25
mode
int mode
Definition: filesystem.cpp:104
zoneInfo
Definition: rodsConnect.h:74
NAME_LEN
#define NAME_LEN
Definition: rodsDef.h:55
authInfo_t::authFlag
int authFlag
Definition: rodsUser.h:42
irods::AUTH_CLIENT_AUTH_RESPONSE
const std::string AUTH_CLIENT_AUTH_RESPONSE("auth_agent_client_response")
irods::error::ok
bool ok()
Definition: irods_error.cpp:258
buf
static char buf[64+50+1]
Definition: rsAuthRequest.cpp:21
parseUserName
int parseUserName(const char *fullUserNameIn, char *userName, char *userZone)
Definition: rcMisc.cpp:204
REMOTE_SERVER_SID_NOT_DEFINED
@ REMOTE_SERVER_SID_NOT_DEFINED
Definition: rodsErrorTable.h:507
rcAuthRequest
int rcAuthRequest(rcComm_t *conn, authRequestOut_t **authRequestOut)
Definition: rcAuthRequest.cpp:33
SYS_PROXYUSER_NO_PRIV
@ SYS_PROXYUSER_NO_PRIV
Definition: rodsErrorTable.h:106