irods  4.2.8
About: iRODS (the integrated Rule Oriented Data System) is a distributed data-management system for creating data grids, digital libraries, persistent archives, and real-time data systems.
  Fossies Dox: irods-4.2.8.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

rsAuthCheck.cpp
Go to the documentation of this file.
1 
4 /* See authCheck.h for a description of this API call.*/
5 
6 #include "authRequest.h"
7 #include "authCheck.h"
9 #include "miscServerFunct.hpp"
11 #include "rsAuthCheck.hpp"
12 
13 // =-=-=-=-=-=-=-
14 // stl includes
15 #include <string>
16 
17 // =-=-=-=-=-=-=-
19 #include "irods_auth_constants.hpp"
20 
22  rsComm_t *rsComm,
23  authCheckInp_t *authCheckInp,
24  authCheckOut_t **authCheckOut ) {
25  std::string svc_role;
26  irods::error ret = get_catalog_service_role(svc_role);
27  if(!ret.ok()) {
28  irods::log(PASS(ret));
29  return ret.code();
30  }
31 
32  if( irods::CFG_SERVICE_ROLE_PROVIDER == svc_role ) {
33  int status;
34  int privLevel;
35  int clientPrivLevel;
36  authCheckOut_t *result;
37  unsigned char *digest;
38  char md5Buf[CHALLENGE_LEN + MAX_PASSWORD_LEN + 2];
39  char ServerID[MAX_PASSWORD_LEN + 2];
40 
41  *authCheckOut = ( authCheckOut_t* )malloc( sizeof( authCheckOut_t ) );
42  memset( ( char * )*authCheckOut, 0, sizeof( authCheckOut_t ) );
43 
44  // =-=-=-=-=-=-=-
45  // the incoming response string might be a kvp string
46  // holding the auth scheme as well as the response
47  // try to parse it
48  // NOTE :: incoming response string is longer than RESPONSE_LEN so we
49  // cannot directly assign it, it will need to be properly terminated
50  // and not contain any magic characters
51  std::string scheme;
52  std::string orig_resp = authCheckInp->response;
53  std::string response = authCheckInp->response;
54 
55  // due to backward compatibility reasons, an unsanitized binary string is sent
56  // as the 'response' portion of the KVP which may cause the parser to fail. we
57  // evade the error and manually extract the reponse as necessary
58  std::string::size_type schem_key_pos = response.find( irods::AUTH_SCHEME_KEY );
59  bool have_auth_scheme_key = schem_key_pos != std::string::npos;
60  if ( have_auth_scheme_key ) {
61  irods::kvp_map_t kvp;
62  irods::error ret = irods::parse_kvp_string( orig_resp, kvp );
63  if ( kvp.end() != kvp.find( irods::AUTH_SCHEME_KEY ) ) {
64  scheme = kvp[ irods::AUTH_SCHEME_KEY ];
65 
66  // =-=-=-=-=-=-=-
67  // subset the 'response' string from the incoming kvp set
68  size_t response_key_pos = response.find( irods::AUTH_RESPONSE_KEY );
69  if ( response_key_pos != std::string::npos ) {
70  char *response_ptr = authCheckInp->response +
71  ( response_key_pos +
72  irods::AUTH_RESPONSE_KEY.length() +
73  irods::KVP_DEF_ASSOCIATION.length() );
74  response.assign( response_ptr, RESPONSE_LEN + 2 );
75  }
76 
77  }
78  }
79  else {
80  response.assign( authCheckInp->response, RESPONSE_LEN );
81 
82  }
83 
85  rsComm,
86  scheme.c_str(),
87  authCheckInp->challenge,
88  const_cast< char* >( response.c_str() ),
89  authCheckInp->username,
90  &privLevel,
91  &clientPrivLevel );
92  if ( status < 0 ) {
94  "rsAuthCheck: chlCheckAuth status = %d", status );
95  }
96 
97  if ( status == 0 ) {
98  int len, i;
99  result = *authCheckOut;
100  result->privLevel = privLevel;
101  result->clientPrivLevel = clientPrivLevel;
102 
103  /* Add a hash to authenticate this server to the other server */
104  memset( md5Buf, 0, sizeof( md5Buf ) );
105  strncpy( md5Buf, authCheckInp->challenge, CHALLENGE_LEN );
106 
107  getZoneServerId( "", ServerID ); /* get our local zone SID */
108  len = strlen( ServerID );
109  digest = ( unsigned char* )malloc( RESPONSE_LEN + 2 );
110  memset( digest, 0, RESPONSE_LEN + 2 );
111  if ( len <= 0 ) {
113  "rsAuthCheck: Warning, cannot authenticate this server to remote server, no LocalZoneSID defined in server_config.json", status );
114  }
115  else {
116  strncpy( md5Buf + CHALLENGE_LEN, ServerID, len );
117 
120  ( unsigned char* )md5Buf,
122  ( unsigned char* )digest );
123 
124  for ( i = 0; i < RESPONSE_LEN; i++ ) {
125  if ( digest[i] == '\0' ) {
126  digest[i]++;
127  } /* make sure 'string' doesn't
128  end early */
129  }
130  }
131  result->serverResponse = ( char* )digest;
132  }
133 
134  return status;
135  } else if( irods::CFG_SERVICE_ROLE_CONSUMER == svc_role ) {
136  /* this may be a gateway to the rcat host */
138  int status;
139 
141  rsComm->proxyUser.rodsZone, &rodsServerHost );
142 
143  if ( status < 0 ) {
145  "rsAuthCheck:getAndConnRcatHostNoLogin() failed. erro=%d", status );
146  return status;
147  }
148 
149  if ( rodsServerHost->localFlag == LOCAL_HOST ) {
150  return SYS_NO_ICAT_SERVER_ERR;
151  }
152  else {
153  status = rcAuthCheck( rodsServerHost->conn, authCheckInp, authCheckOut );
154  }
155  return status;
156  } else {
157  rodsLog(
158  LOG_ERROR,
159  "role not supported [%s]",
160  svc_role.c_str() );
162  }
163 }
rodsLog
void rodsLog(int level, const char *formatStr,...)
Definition: rodsLog.cpp:86
rsComm_t
Definition: rcConnect.h:145
irods::CFG_SERVICE_ROLE_CONSUMER
const std::string CFG_SERVICE_ROLE_CONSUMER("consumer")
irods_configuration_keywords.hpp
rodsServerHost::localFlag
int localFlag
Definition: rodsConnect.h:68
SYS_SERVICE_ROLE_NOT_SUPPORTED
@ SYS_SERVICE_ROLE_NOT_SUPPORTED
Definition: rodsErrorTable.h:217
authCheckInp_t::challenge
char * challenge
Definition: authCheck.h:7
rodsServerHost::conn
rcComm_t * conn
Definition: rodsConnect.h:64
PASS
#define PASS(prev_error_)
Definition: irods_error.hpp:118
getAndConnRcatHostNoLogin
int getAndConnRcatHostNoLogin(rsComm_t *rsComm, int rcatType, char *rcatZoneHint, rodsServerHost_t **rodsServerHost)
Definition: rodsConnect.cpp:62
SYS_NO_ICAT_SERVER_ERR
@ SYS_NO_ICAT_SERVER_ERR
Definition: rodsErrorTable.h:104
authCheckOut_t::serverResponse
char * serverResponse
Definition: authCheck.h:15
LOCAL_HOST
#define LOCAL_HOST
Definition: rodsConnect.h:44
irods::AUTH_RESPONSE_KEY
const std::string AUTH_RESPONSE_KEY("a_resp")
LOG_ERROR
#define LOG_ERROR
Definition: rodsLog.h:43
authCheckOut_t::clientPrivLevel
int clientPrivLevel
Definition: authCheck.h:14
authCheckOut_t
Definition: authCheck.h:12
authRequest.h
MAX_PASSWORD_LEN
#define MAX_PASSWORD_LEN
Definition: authenticate.h:9
irods_auth_constants.hpp
irods::error::code
long long code() const
Definition: irods_error.cpp:194
LOG_DEBUG
#define LOG_DEBUG
Definition: rodsLog.h:23
authCheckOut_t::privLevel
int privLevel
Definition: authCheck.h:13
rsComm_t::proxyUser
userInfo_t proxyUser
Definition: rcConnect.h:152
irods::CFG_SERVICE_ROLE_PROVIDER
const std::string CFG_SERVICE_ROLE_PROVIDER("provider")
obfMakeOneWayHash
void obfMakeOneWayHash(int hashType, unsigned const char *inBuf, int inBufSize, unsigned char *outHash)
Definition: obf.cpp:970
authCheck.h
chlCheckAuth
int chlCheckAuth(rsComm_t *rsComm, const char *scheme, const char *challenge, const char *response, const char *username, int *userPrivLevel, int *clientPrivLevel)
Definition: icatHighLevelRoutines.cpp:1884
rcAuthCheck
int rcAuthCheck(rcComm_t *conn, authCheckInp_t *authCheckInp, authCheckOut_t **authCheckOut)
Definition: rcAuthCheck.cpp:37
rsAuthCheck.hpp
authCheckInp_t::username
char * username
Definition: authCheck.h:9
irods.pypyodbc.status
status
Definition: pypyodbc.py:467
userInfo_t::rodsZone
char rodsZone[64]
Definition: rodsUser.h:67
irods::log
void log(const error &)
Definition: irods_log.cpp:13
LOG_NOTICE
#define LOG_NOTICE
Definition: rodsLog.h:33
rsAuthCheck
int rsAuthCheck(rsComm_t *rsComm, authCheckInp_t *authCheckInp, authCheckOut_t **authCheckOut)
Definition: rsAuthCheck.cpp:21
irods::error
Definition: irods_error.hpp:23
miscServerFunct.hpp
authCheckInp_t::response
char * response
Definition: authCheck.h:8
irods::parse_kvp_string
error parse_kvp_string(const std::string &_str, kvp_map_t &_kvp, const std::string &_association=KVP_DEF_ASSOCIATION, const std::string &_delimeter=KVP_DEF_DELIMITER)
Definition: irods_kvp_string_parser.cpp:69
MASTER_RCAT
#define MASTER_RCAT
Definition: rodsDef.h:85
irods::AUTH_SCHEME_KEY
const std::string AUTH_SCHEME_KEY("a_scheme")
get_catalog_service_role
irods::error get_catalog_service_role(std::string &_role)
Definition: miscServerFunct.cpp:3153
rodsServerHost
Definition: rodsConnect.h:62
RESPONSE_LEN
#define RESPONSE_LEN
Definition: authenticate.h:11
HASH_TYPE_DEFAULT
#define HASH_TYPE_DEFAULT
Definition: obf.h:9
irods_kvp_string_parser.hpp
getZoneServerId
void getZoneServerId(char *zoneName, char *zoneSID)
Definition: miscServerFunct.cpp:1945
icatHighLevelRoutines.hpp
CHALLENGE_LEN
#define CHALLENGE_LEN
Definition: authenticate.h:10
authCheckInp_t
Definition: authCheck.h:6
irods::kvp_map_t
std::map< std::string, std::string > kvp_map_t
Definition: irods_kvp_string_parser.hpp:30
irods::error::ok
bool ok()
Definition: irods_error.cpp:258
irods::KVP_DEF_ASSOCIATION
static const std::string KVP_DEF_ASSOCIATION("=")