diff --git a/src/XrdAcc/XrdAccEntity.cc b/src/XrdAcc/XrdAccEntity.cc index 2369dcb35cf..ce563e774b1 100644 --- a/src/XrdAcc/XrdAccEntity.cc +++ b/src/XrdAcc/XrdAccEntity.cc @@ -33,6 +33,7 @@ #include "XrdAcc/XrdAccEntity.hh" #include "XrdOuc/XrdOucTokenizer.hh" #include "XrdSec/XrdSecEntity.hh" +#include "XrdSec/XrdSecEntityAttr.hh" #include "XrdSys/XrdSysError.hh" /******************************************************************************/ @@ -128,7 +129,7 @@ XrdAccEntity *XrdAccEntity::GetEntity(const XrdSecEntity *secP, bool &isNew) // If we already compiled the identity informaion, reuse it. // - if ((seP = secP->Get(&accSig))) + if ((seP = secP->eaAPI->Get(&accSig))) {isNew = false; return static_cast(seP); } @@ -193,7 +194,7 @@ void XrdAccEntity::PutEntity(const XrdSecEntity *secP) // already if some other thread beat us to the punch (unlike). If there is // we simply delete ourselves to avoid a memory leak. // - if (!(const_cast(secP)->Add(*this))) delete this; + if (!secP->eaAPI->Add(*this)) delete this; } /******************************************************************************/ diff --git a/src/XrdHeaders.cmake b/src/XrdHeaders.cmake index d892c55c648..d0a93830bcd 100644 --- a/src/XrdHeaders.cmake +++ b/src/XrdHeaders.cmake @@ -53,7 +53,9 @@ set( XROOTD_PUBLIC_HEADERS XrdOuc/XrdOuca2x.hh XrdOuc/XrdOucEnum.hh XrdOuc/XrdOucCompiler.hh + XrdSec/XrdSecAttr.hh XrdSec/XrdSecEntity.hh + XrdSec/XrdSecEntityAttr.hh XrdSec/XrdSecEntityPin.hh XrdSec/XrdSecInterface.hh XrdSys/XrdSysAtomics.hh diff --git a/src/XrdSec/XrdSecAttr.hh b/src/XrdSec/XrdSecAttr.hh index e4f10dc7b0b..ceba3fd2c72 100644 --- a/src/XrdSec/XrdSecAttr.hh +++ b/src/XrdSec/XrdSecAttr.hh @@ -60,10 +60,10 @@ class XrdSecEntity; class XrdSecAttr { public: -friend class XrdSecEntity; +friend class XrdSecEntityAttr; //------------------------------------------------------------------------------ -//! Delete this object (may be over-ridden for cusom action). +//! Delete this object (may be over-ridden for custom action). //------------------------------------------------------------------------------ virtual void Delete() {delete this;} diff --git a/src/XrdSec/XrdSecEntity.cc b/src/XrdSec/XrdSecEntity.cc index 90478c5ed5d..c5a7eeef04f 100644 --- a/src/XrdSec/XrdSecEntity.cc +++ b/src/XrdSec/XrdSecEntity.cc @@ -27,76 +27,28 @@ /* specific prior written permission of the institution or contributor. */ /******************************************************************************/ -#include -#include #include -#include -#include "XrdSec/XrdSecAttr.hh" #include "XrdSec/XrdSecEntity.hh" +#include "XrdSec/XrdSecEntityXtra.hh" #include "XrdSys/XrdSysError.hh" -#include "XrdSys/XrdSysPthread.hh" /******************************************************************************/ -/* L o c a l C l a s s e s */ +/* C o n s t r u c t o r */ /******************************************************************************/ - -class XrdSecEntityXtra -{ -public: - -XrdSysMutex xMutex; - -std::vector attrVec; - -std::map attrMap; - XrdSecEntityXtra() {} - ~XrdSecEntityXtra() {} -}; - -/******************************************************************************/ -/* A d d */ -/******************************************************************************/ - -bool XrdSecEntity::Add(XrdSecAttr &attr) +XrdSecEntity::XrdSecEntity(const char *spName) : eaAPI(new XrdSecEntityXtra) { - XrdSysMutexHelper mHelp(entXtra->xMutex); - std::vector::iterator it; - -// Check if this attribute already exists -// - for (it = entXtra->attrVec.begin(); it != entXtra->attrVec.end(); it++) - if ((*it)->Signature == attr.Signature) return false; - -// Add the attribute object to our list of objects -// - entXtra->attrVec.push_back(&attr); - return true; + Init(spName); } - + +/******************************************************************************/ +/* D e s t r u c t o r */ /******************************************************************************/ -bool XrdSecEntity::Add(const std::string &key, - const std::string &val, bool replace) +XrdSecEntity::~XrdSecEntity() { - XrdSysMutexHelper mHelp(entXtra->xMutex); - std::map::iterator it; - bool found = false; - -// Check if this attribute already exists -// - it = entXtra->attrMap.find(key); - if (it != entXtra->attrMap.end()) - {if (!replace) return false; - found = true; - } - -// Add or replace the value -// - if (found) it->second = val; - else entXtra->attrMap.insert(std::make_pair(key, val)); - return true; + delete eaAPI->entXtra; } /******************************************************************************/ @@ -148,95 +100,14 @@ void XrdSecEntity::Display(XrdSysError &mDest) // Display it's attributes, if any // - List(displayAttr); + eaAPI->List(displayAttr); } /******************************************************************************/ -/* G e t */ -/******************************************************************************/ - -XrdSecAttr *XrdSecEntity::Get(const void *sigkey) const -{ - XrdSysMutexHelper mHelp(entXtra->xMutex); - std::vector::iterator it; - -// Return pointer to the attribute if it exists -// - for (it = entXtra->attrVec.begin(); it != entXtra->attrVec.end(); it++) - if ((*it)->Signature == sigkey) return *it; - -// Attribute not found -// - return (XrdSecAttr *)0; -} - +/* I n i t */ /******************************************************************************/ - -bool XrdSecEntity::Get(const std::string &key, std::string &val) const -{ - XrdSysMutexHelper mHelp(entXtra->xMutex); - std::map::iterator it; - -// Return pointer to the attribute if it exists -// - it = entXtra->attrMap.find(key); - if (it != entXtra->attrMap.end()) - {val = it->second; - return true; - } - -// The key does not exists -// - return false; -} - -/******************************************************************************/ -/* K e y s */ -/******************************************************************************/ - -std::vector XrdSecEntity::Keys() const -{ - XrdSysMutexHelper mHelp(entXtra->xMutex); - std::map::iterator itM; - std::vector keyVec; - - for (itM = entXtra->attrMap.begin(); - itM != entXtra->attrMap.end(); itM++) keyVec.push_back(itM->first); - - return keyVec; -} -/******************************************************************************/ -/* L i s t */ -/******************************************************************************/ - -void XrdSecEntity::List(XrdSecEntityAttrCB &attrCB) const -{ - XrdSysMutexHelper mHelp(entXtra->xMutex); - std::map::iterator itM; - std::vector attrDel; - std::vector::iterator itV; - XrdSecEntityAttrCB::Action rc = XrdSecEntityAttrCB::Action::Stop; - - for (itM = entXtra->attrMap.begin(); - itM != entXtra->attrMap.end(); itM++) - {rc = attrCB.Attr(itM->first.c_str(), itM->second.c_str()); - if (rc == XrdSecEntityAttrCB::Stop) break; - else if (rc == XrdSecEntityAttrCB::Delete) - attrDel.push_back(itM->first.c_str()); - } - - if (rc != XrdSecEntityAttrCB::Stop) attrCB.Attr(0, 0); - - for (itV = attrDel.begin(); itV != attrDel.end(); itV++) - entXtra->attrMap.erase(std::string(*itV)); -} - -/******************************************************************************/ -/* R e s e t */ -/******************************************************************************/ - -void XrdSecEntity::Reset(bool isnew, const char *spV) +void XrdSecEntity::Init(const char *spV) { memset( prot, 0, sizeof(prot) ); memset( prox, 0, sizeof(prox) ); @@ -260,38 +131,14 @@ void XrdSecEntity::Reset(bool isnew, const char *spV) uid = 0; gid = 0; memset(future, 0, sizeof(future)); - - if (isnew) entXtra = new XrdSecEntityXtra; - else ResetXtra(); } - + /******************************************************************************/ -/* R e s e t X t r a */ +/* R e s e t */ /******************************************************************************/ - -void XrdSecEntity::ResetXtra(bool dodel) -{ - XrdSysMutexHelper mHelp(entXtra->xMutex); -// Cleanup the key-value map -// - entXtra->attrMap.clear(); - -// Run through attribute objects, deleting each one -// - std::vector::iterator it; - for (it = entXtra->attrVec.begin(); it != entXtra->attrVec.end(); it++) - {(*it)->Delete();} - -// Now clear the whole vector -// - entXtra->attrVec.clear(); - -// Delete the extension if so wanted -// - if (dodel) - { - mHelp.UnLock(); // we have to unlock the mutex bofere it's destroyed - delete entXtra; entXtra = 0; - } +void XrdSecEntity::Reset(const char *spV) +{ + Init(spV); + eaAPI->entXtra->Reset(); } diff --git a/src/XrdSec/XrdSecEntity.hh b/src/XrdSec/XrdSecEntity.hh index 35dbd8a6863..138db32b4c0 100644 --- a/src/XrdSec/XrdSecEntity.hh +++ b/src/XrdSec/XrdSecEntity.hh @@ -35,7 +35,7 @@ //! in which case the client can also authenticate the server. It is embeded //! in each security protocol object to facilitate mutual authentication. Note //! that the destructor does nothing and it is the responsibility of the -//! seurity protocol object to delete the public XrdSecEntity data members. +//! security protocol object to delete the public XrdSecEntity data members. //! //! Note: The host member contents are depdent on the dnr/nodnr setting and //! and contain a host name or an IP address. To get the real host name @@ -44,15 +44,10 @@ #include -#include -#include - #define XrdSecPROTOIDSIZE 8 class XrdNetAddrInfo; -class XrdSecAttr; -class XrdSecEntityAttrCB; -class XrdSecEntityXtra; +class XrdSecEntityAttr; class XrdSysError; /******************************************************************************/ @@ -89,33 +84,10 @@ const char *pident; //!< Trace identifier (originator) //!< attribute objects instead. uid_t uid; //!< Unix uid or 0 if none gid_t gid; //!< Unix gid or 0 if none - void *future[3]; //!< Reserved for future expansion - -//------------------------------------------------------------------------------ -//! Add an attribute object to this entity. -//! -//! @param attr - Reference to the attribute object. -//! -//! @return True, the object was added. -//! @return False, the object was not added because such an object exists. -//------------------------------------------------------------------------------ - - bool Add(XrdSecAttr &attr); -//------------------------------------------------------------------------------ -//! Add a key-value attribute to this entity. If one exists it is replaced. -//! -//! @param key - Reference to the key. -//! @param val - Reference to the value. -//! @param replace - When true, any existing key-value is replaced. Otherwise, -//! the add is not performed. -//! -//! @return True, the key-value was added or replaced. -//! @return False, the key already exists so he value was not added. -//------------------------------------------------------------------------------ + void *future[3]; //!< Reserved for future expansion - bool Add(const std::string &key, - const std::string &val, bool replace=false); +XrdSecEntityAttr *eaAPI; //!< non-const API to attributes //------------------------------------------------------------------------------ //! Dislay the contents of this object for debugging purposes. @@ -125,60 +97,13 @@ const char *pident; //!< Trace identifier (originator) void Display(XrdSysError &mDest); -//------------------------------------------------------------------------------ -//! Get an attribute object associated with this entity. -//! -//! @param sigkey - A unique attribute object signature key. -//! -//! @return Upon success a pointer to the attribute object is returned. -//! Otherwise, a nil pointer is returned. -//------------------------------------------------------------------------------ - -XrdSecAttr *Get(const void *sigkey) const; - -//------------------------------------------------------------------------------ -//! Get an attribute key value associated with this entity. -//! -//! @param key - The reference to the key. -//! @param val - The reference to the string object to receive the value. -//! -//! @return Upon success true is returned. If the key does not exist, false -//! is returned and the val object remains unchanged. -//------------------------------------------------------------------------------ - - bool Get(const std::string &key, std::string &val) const; - -//------------------------------------------------------------------------------ -//! Get all the keys for associated attribytes. -//! -//! @return A vector containing all of the keys. -//------------------------------------------------------------------------------ - -std::vector Keys() const; - -//------------------------------------------------------------------------------ -//! List key-value pairs via iterative callback on passed ovject. -//! -//! @param attrCB - Reference to the callback object to receive list entries. -//------------------------------------------------------------------------------ - - void List(XrdSecEntityAttrCB &attrCB) const; - //------------------------------------------------------------------------------ //! Reset object to it's pristine self. //! //! @param spV - The name of the security protocol. //------------------------------------------------------------------------------ - void Reset(const char *spV=0) {Reset(false, spV);} - -//------------------------------------------------------------------------------ -//! Reset object attributes. -//! -//! @param doDel - When true, the attribute extension is deleted as well. -//------------------------------------------------------------------------------ - - void ResetXtra(bool doDel=false); + void Reset(const char *spV=0); //------------------------------------------------------------------------------ //! Constructor. @@ -186,57 +111,15 @@ std::vector Keys() const; //! @param spName - The name of the security protocol. //------------------------------------------------------------------------------ - XrdSecEntity(const char *spName=0) {Reset(true, spName);} + XrdSecEntity(const char *spName=0); - ~XrdSecEntity() {ResetXtra(true);} + ~XrdSecEntity(); private: -void Reset(bool isnew, const char *spV); -XrdSecEntityXtra *entXtra; +void Init(const char *spV); }; #define XrdSecClientName XrdSecEntity #define XrdSecServerName XrdSecEntity - -/******************************************************************************/ -/* X r d S e c E n t i t y A t t r C B */ -/******************************************************************************/ - -// The XrdSecEntityAttrCB class defines the callback object passed to the -// XrdSecEntity::List() method to iteratively obtain the key-value attribute -// pairs associated with the entity. The XrdSecEntityAttrCB::Attr() method is -// called for each key-value pair. The end of the list is indicated by calling -// Attr() with nil key-value pointers. The Attr() method should not call -// the XrdSecEntity::Add() or XrdSecEntity::Get() methods; otherwise, a -// deadlock will occur. -// -class XrdSecEntityAttrCB -{ -public: - -//------------------------------------------------------------------------------ -//! Acceppt a key-value attribute pair from the XrdSecEntity::List() method. -//! -//! @param key - The key, if nil this is the end of the list. -//! @param val - The associated value, if nil this is the end of the list. -//! -//! @return One of the Action enum values. The return value is ignored when -//! the end of the list indicator is returned. -//------------------------------------------------------------------------------ - -enum Action {Delete = -1, //!< Delete the key-value and proceed to next one - Stop = 0, //!< Stop the iteration - Next = 1 //!< Proceed to the next key-value pair - }; - -virtual Action Attr(const char *key, const char *val) = 0; - -//------------------------------------------------------------------------------ -//! Constructor and Destructor. -//------------------------------------------------------------------------------ - - XrdSecEntityAttrCB() {} -virtual ~XrdSecEntityAttrCB() {} -}; #endif diff --git a/src/XrdSec/XrdSecEntityAttr.cc b/src/XrdSec/XrdSecEntityAttr.cc new file mode 100644 index 00000000000..017138f625e --- /dev/null +++ b/src/XrdSec/XrdSecEntityAttr.cc @@ -0,0 +1,160 @@ +/******************************************************************************/ +/* */ +/* X r d S e c E n t i t y A t t r . c c */ +/* */ +/* (c) 2019 by the Board of Trustees of the Leland Stanford, Jr., University */ +/* Produced by Andrew Hanushevsky for Stanford University under contract */ +/* DE-AC02-76-SFO0515 with the Department of Energy */ +/* */ +/* This file is part of the XRootD software suite. */ +/* */ +/* XRootD is free software: you can redistribute it and/or modify it under */ +/* the terms of the GNU Lesser General Public License as published by the */ +/* Free Software Foundation, either version 3 of the License, or (at your */ +/* option) any later version. */ +/* */ +/* XRootD is distributed in the hope that it will be useful, but WITHOUT */ +/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ +/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ +/* License for more details. */ +/* */ +/* You should have received a copy of the GNU Lesser General Public License */ +/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ +/* COPYING (GPL license). If not, see . */ +/* */ +/* The copyright holder's institutional names and contributor's names may not */ +/* be used to endorse or promote products derived from this software without */ +/* specific prior written permission of the institution or contributor. */ +/******************************************************************************/ + +#include +#include + +#include "XrdSec/XrdSecAttr.hh" +#include "XrdSec/XrdSecEntityXtra.hh" +#include "XrdSys/XrdSysPthread.hh" + +/******************************************************************************/ +/* A d d */ +/******************************************************************************/ + +bool XrdSecEntityAttr::Add(XrdSecAttr &attr) +{ + XrdSysMutexHelper mHelp(entXtra->xMutex); + std::vector::iterator it; + +// Check if this attribute already exists +// + for (it = entXtra->attrVec.begin(); it != entXtra->attrVec.end(); it++) + if ((*it)->Signature == attr.Signature) return false; + +// Add the attribute object to our list of objects +// + entXtra->attrVec.push_back(&attr); + return true; +} + +/******************************************************************************/ + +bool XrdSecEntityAttr::Add(const std::string &key, + const std::string &val, bool replace) +{ + XrdSysMutexHelper mHelp(entXtra->xMutex); + std::map::iterator it; + bool found = false; + +// Check if this attribute already exists +// + it = entXtra->attrMap.find(key); + if (it != entXtra->attrMap.end()) + {if (!replace) return false; + found = true; + } + +// Add or replace the value +// + if (found) it->second = val; + else entXtra->attrMap.insert(std::make_pair(key, val)); + return true; +} + +/******************************************************************************/ +/* G e t */ +/******************************************************************************/ + +XrdSecAttr *XrdSecEntityAttr::Get(const void *sigkey) +{ + XrdSysMutexHelper mHelp(entXtra->xMutex); + std::vector::iterator it; + +// Return pointer to the attribute if it exists +// + for (it = entXtra->attrVec.begin(); it != entXtra->attrVec.end(); it++) + if ((*it)->Signature == sigkey) return *it; + +// Attribute not found +// + return (XrdSecAttr *)0; +} + +/******************************************************************************/ + +bool XrdSecEntityAttr::Get(const std::string &key, std::string &val) +{ + XrdSysMutexHelper mHelp(entXtra->xMutex); + std::map::iterator it; + +// Return pointer to the attribute if it exists +// + it = entXtra->attrMap.find(key); + if (it != entXtra->attrMap.end()) + {val = it->second; + return true; + } + +// The key does not exists +// + return false; +} + +/******************************************************************************/ +/* K e y s */ +/******************************************************************************/ + +std::vector XrdSecEntityAttr::Keys() +{ + XrdSysMutexHelper mHelp(entXtra->xMutex); + std::map::iterator itM; + std::vector keyVec; + + for (itM = entXtra->attrMap.begin(); + itM != entXtra->attrMap.end(); itM++) keyVec.push_back(itM->first); + + return keyVec; +} + +/******************************************************************************/ +/* L i s t */ +/******************************************************************************/ + +void XrdSecEntityAttr::List(XrdSecEntityAttrCB &attrCB) +{ + XrdSysMutexHelper mHelp(entXtra->xMutex); + std::map::iterator itM; + std::vector attrDel; + std::vector::iterator itV; + XrdSecEntityAttrCB::Action rc = XrdSecEntityAttrCB::Action::Stop; + + for (itM = entXtra->attrMap.begin(); + itM != entXtra->attrMap.end(); itM++) + {rc = attrCB.Attr(itM->first.c_str(), itM->second.c_str()); + if (rc == XrdSecEntityAttrCB::Stop) break; + else if (rc == XrdSecEntityAttrCB::Delete) + attrDel.push_back(itM->first.c_str()); + } + + if (rc != XrdSecEntityAttrCB::Stop) attrCB.Attr(0, 0); + + for (itV = attrDel.begin(); itV != attrDel.end(); itV++) + entXtra->attrMap.erase(std::string(*itV)); +} diff --git a/src/XrdSec/XrdSecEntityAttr.hh b/src/XrdSec/XrdSecEntityAttr.hh new file mode 100644 index 00000000000..e787ea55bef --- /dev/null +++ b/src/XrdSec/XrdSecEntityAttr.hh @@ -0,0 +1,179 @@ +#ifndef __SEC_ENTITYATTR_H__ +#define __SEC_ENTITYATTR_H__ +/******************************************************************************/ +/* */ +/* X r d S e c E n t i t y A t t r . h h */ +/* */ +/* (c) 2019 by the Board of Trustees of the Leland Stanford, Jr., University */ +/* Produced by Andrew Hanushevsky for Stanford University under contract */ +/* DE-AC02-76-SFO0515 with the Department of Energy */ +/* */ +/* This file is part of the XRootD software suite. */ +/* */ +/* XRootD is free software: you can redistribute it and/or modify it under */ +/* the terms of the GNU Lesser General Public License as published by the */ +/* Free Software Foundation, either version 3 of the License, or (at your */ +/* option) any later version. */ +/* */ +/* XRootD is distributed in the hope that it will be useful, but WITHOUT */ +/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ +/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ +/* License for more details. */ +/* */ +/* You should have received a copy of the GNU Lesser General Public License */ +/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ +/* COPYING (GPL license). If not, see . */ +/* */ +/* The copyright holder's institutional names and contributor's names may not */ +/* be used to endorse or promote products derived from this software without */ +/* specific prior written permission of the institution or contributor. */ +/******************************************************************************/ + +//------------------------------------------------------------------------------ +//! This object is a non-const extension of the XrdSecEntity object. It is +//! used as the interface to XrdSecEntity attributes. Normally, a const +//! pointer is used for the XrdSecEntity object as nothing changes in the +//! entity. However, attributes may be added and deleted from the entity +//! changing the logical view of the entity. This provides a non-const +//! mechanism to this without the need to recast the XrdSecEntity pointer. +//------------------------------------------------------------------------------ + +#include + +#include +#include + +class XrdSecAttr; +class XrdSecEntityAttrCB; +class XrdSecEntityXtra; + +/******************************************************************************/ +/* X r d S e c E n t i t y A t t r */ +/******************************************************************************/ + +class XrdSecEntityAttr +{ +public: +friend class XrdSecEntity; + +//------------------------------------------------------------------------------ +//! Add an attribute object to this entity. +//! +//! @param attr - Reference to the attribute object. +//! +//! @return True, the object was added. +//! @return False, the object was not added because such an object exists. +//------------------------------------------------------------------------------ + + bool Add(XrdSecAttr &attr); + +//------------------------------------------------------------------------------ +//! Add a key-value attribute to this entity. If one exists it is replaced. +//! +//! @param key - Reference to the key. +//! @param val - Reference to the value. +//! @param replace - When true, any existing key-value is replaced. Otherwise, +//! the add is not performed. +//! +//! @return True, the key-value was added or replaced. +//! @return False, the key already exists so he value was not added. +//------------------------------------------------------------------------------ + + bool Add(const std::string &key, + const std::string &val, bool replace=false); + +//------------------------------------------------------------------------------ +//! Get an attribute object associated with this entity. +//! +//! @param sigkey - A unique attribute object signature key. +//! +//! @return Upon success a pointer to the attribute object is returned. +//! Otherwise, a nil pointer is returned. +//------------------------------------------------------------------------------ + +XrdSecAttr *Get(const void *sigkey); + +//------------------------------------------------------------------------------ +//! Get an attribute key value associated with this entity. +//! +//! @param key - The reference to the key. +//! @param val - The reference to the string object to receive the value. +//! +//! @return Upon success true is returned. If the key does not exist, false +//! is returned and the val object remains unchanged. +//------------------------------------------------------------------------------ + + bool Get(const std::string &key, std::string &val); + +//------------------------------------------------------------------------------ +//! Get all the keys for associated attribytes. +//! +//! @return A vector containing all of the keys. +//------------------------------------------------------------------------------ + +std::vector Keys(); + +//------------------------------------------------------------------------------ +//! List key-value pairs via iterative callback on passed ovject. +//! +//! @param attrCB - Reference to the callback object to receive list entries. +//------------------------------------------------------------------------------ + + void List(XrdSecEntityAttrCB &attrCB); + +//------------------------------------------------------------------------------ +//! Constructor and Destructor. +//! +//! @param xtra - Pointer to the data for the implementation. +//------------------------------------------------------------------------------ + + XrdSecEntityAttr(XrdSecEntityXtra *xtra) : entXtra(xtra) {} + + ~XrdSecEntityAttr() {} + +private: + +XrdSecEntityXtra *entXtra; +}; + +/******************************************************************************/ +/* X r d S e c E n t i t y A t t r C B */ +/******************************************************************************/ + +// The XrdSecEntityAttrCB class defines the callback object passed to the +// XrdSecEntity::List() method to iteratively obtain the key-value attribute +// pairs associated with the entity. The XrdSecEntityAttrCB::Attr() method is +// called for each key-value pair. The end of the list is indicated by calling +// Attr() with nil key-value pointers. The Attr() method should not call +// the XrdSecEntity::Add() or XrdSecEntity::Get() methods; otherwise, a +// deadlock will occur. +// +class XrdSecEntityAttrCB +{ +public: + +//------------------------------------------------------------------------------ +//! Acceppt a key-value attribute pair from the XrdSecEntity::List() method. +//! +//! @param key - The key, if nil this is the end of the list. +//! @param val - The associated value, if nil this is the end of the list. +//! +//! @return One of the Action enum values. The return value is ignored when +//! the end of the list indicator is returned. +//------------------------------------------------------------------------------ + +enum Action {Delete = -1, //!< Delete the key-value and proceed to next one + Stop = 0, //!< Stop the iteration + Next = 1 //!< Proceed to the next key-value pair + }; + +virtual Action Attr(const char *key, const char *val) = 0; + +//------------------------------------------------------------------------------ +//! Constructor and Destructor. +//------------------------------------------------------------------------------ + + XrdSecEntityAttrCB() {} +virtual ~XrdSecEntityAttrCB() {} +}; +#endif diff --git a/src/XrdSec/XrdSecEntityXtra.cc b/src/XrdSec/XrdSecEntityXtra.cc new file mode 100644 index 00000000000..d2f15c2c5ad --- /dev/null +++ b/src/XrdSec/XrdSecEntityXtra.cc @@ -0,0 +1,54 @@ +/******************************************************************************/ +/* */ +/* X r d S e c E n t i t y X t r a . h h */ +/* */ +/* (c) 2020 by the Board of Trustees of the Leland Stanford, Jr., University */ +/* Produced by Andrew Hanushevsky for Stanford University under contract */ +/* DE-AC02-76-SFO0515 with the Department of Energy */ +/* */ +/* This file is part of the XRootD software suite. */ +/* */ +/* XRootD is free software: you can redistribute it and/or modify it under */ +/* the terms of the GNU Lesser General Public License as published by the */ +/* Free Software Foundation, either version 3 of the License, or (at your */ +/* option) any later version. */ +/* */ +/* XRootD is distributed in the hope that it will be useful, but WITHOUT */ +/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ +/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ +/* License for more details. */ +/* */ +/* You should have received a copy of the GNU Lesser General Public License */ +/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ +/* COPYING (GPL license). If not, see . */ +/* */ +/* The copyright holder's institutional names and contributor's names may not */ +/* be used to endorse or promote products derived from this software without */ +/* specific prior written permission of the institution or contributor. */ +/******************************************************************************/ + +#include "XrdSec/XrdSecAttr.hh" +#include "XrdSec/XrdSecEntityXtra.hh" + +/******************************************************************************/ +/* R e s e t X t r a */ +/******************************************************************************/ + +void XrdSecEntityXtra::Reset() +{ + XrdSysMutexHelper mHelp(xMutex); + +// Cleanup the key-value map +// + attrMap.clear(); + +// Run through attribute objects, deleting each one +// + std::vector::iterator it; + for (it = attrVec.begin(); it != attrVec.end(); it++) + {(*it)->Delete();} + +// Now clear the whole vector +// + attrVec.clear(); +} diff --git a/src/XrdSec/XrdSecEntityXtra.hh b/src/XrdSec/XrdSecEntityXtra.hh new file mode 100644 index 00000000000..2c5ebbd201c --- /dev/null +++ b/src/XrdSec/XrdSecEntityXtra.hh @@ -0,0 +1,54 @@ +#ifndef __SEC_ENTITYXTRA_H__ +#define __SEC_ENTITYXTRA_H__ +/******************************************************************************/ +/* */ +/* X r d S e c E n t i t y X t r a . h h */ +/* */ +/* (c) 2019 by the Board of Trustees of the Leland Stanford, Jr., University */ +/* Produced by Andrew Hanushevsky for Stanford University under contract */ +/* DE-AC02-76-SFO0515 with the Department of Energy */ +/* */ +/* This file is part of the XRootD software suite. */ +/* */ +/* XRootD is free software: you can redistribute it and/or modify it under */ +/* the terms of the GNU Lesser General Public License as published by the */ +/* Free Software Foundation, either version 3 of the License, or (at your */ +/* option) any later version. */ +/* */ +/* XRootD is distributed in the hope that it will be useful, but WITHOUT */ +/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ +/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ +/* License for more details. */ +/* */ +/* You should have received a copy of the GNU Lesser General Public License */ +/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ +/* COPYING (GPL license). If not, see . */ +/* */ +/* The copyright holder's institutional names and contributor's names may not */ +/* be used to endorse or promote products derived from this software without */ +/* specific prior written permission of the institution or contributor. */ +/******************************************************************************/ + +#include +#include +#include + +#include "XrdSec/XrdSecEntityAttr.hh" +#include "XrdSys/XrdSysPthread.hh" + +class XrdSecEntityXtra : public XrdSecEntityAttr +{ +public: + +XrdSysMutex xMutex; + +std::vector attrVec; + +std::map attrMap; + +void Reset(); + + XrdSecEntityXtra() : XrdSecEntityAttr(this) {} + ~XrdSecEntityXtra() {Reset();} +}; +#endif diff --git a/src/XrdSecsss/XrdSecProtocolsss.cc b/src/XrdSecsss/XrdSecProtocolsss.cc index b35ea5421b0..4deaaaa423d 100644 --- a/src/XrdSecsss/XrdSecProtocolsss.cc +++ b/src/XrdSecsss/XrdSecProtocolsss.cc @@ -47,6 +47,7 @@ #include "XrdOuc/XrdOucPup.hh" #include "XrdOuc/XrdOucTokenizer.hh" #include "XrdOuc/XrdOucUtils.hh" +#include "XrdSec/XrdSecEntityAttr.hh" #include "XrdSecsss/XrdSecsssEnt.hh" #include "XrdSecsss/XrdSecProtocolsss.hh" #include "XrdSys/XrdSysE2T.hh" @@ -233,7 +234,7 @@ int XrdSecProtocolsss::Authenticate(XrdSecCredentials *cred, atKey = idP; break; case XrdSecsssRR_Data::theAVal: if (!atKey) badAttr = true; - else {Entity.Add(std::string(atKey), + else {Entity.eaAPI->Add(std::string(atKey), std::string(idP), true); atKey = 0; } diff --git a/src/XrdSecsss/XrdSecsssEnt.cc b/src/XrdSecsss/XrdSecsssEnt.cc index 0d852b7820a..fdfa8657bc4 100644 --- a/src/XrdSecsss/XrdSecsssEnt.cc +++ b/src/XrdSecsss/XrdSecsssEnt.cc @@ -31,6 +31,7 @@ #include "XrdOuc/XrdOucPup.hh" #include "XrdOuc/XrdOucUtils.hh" #include "XrdSec/XrdSecEntity.hh" +#include "XrdSec/XrdSecEntityAttr.hh" #include "XrdSecsss/XrdSecsssCon.hh" #include "XrdSecsss/XrdSecsssEnt.hh" #include "XrdSecsss/XrdSecsssKT.hh" @@ -204,7 +205,7 @@ bool XrdSecsssEnt::Serialize() // tLen = iLen; theAttr.calcSz = true; - eP->List(theAttr); + eP->eaAPI->List(theAttr); theAttr.calcSz = false; tLen += theAttr.bL; @@ -285,7 +286,7 @@ bool XrdSecsssEnt::Serialize() // if (theAttr.bL > 0) {theAttr.bP = bP; - eP->List(theAttr); + eP->eaAPI->List(theAttr); bP = theAttr.bP; } diff --git a/src/XrdUtils.cmake b/src/XrdUtils.cmake index 82d191d367e..6992cb98a1d 100644 --- a/src/XrdUtils.cmake +++ b/src/XrdUtils.cmake @@ -213,6 +213,8 @@ add_library( # XrdSec #----------------------------------------------------------------------------- XrdSec/XrdSecEntity.cc XrdSec/XrdSecEntity.hh + XrdSec/XrdSecEntityAttr.cc XrdSec/XrdSecEntityAttr.hh + XrdSec/XrdSecEntityXtra.cc XrdSec/XrdSecEntityXtra.hh XrdSec/XrdSecLoadSecurity.cc XrdSec/XrdSecLoadSecurity.hh XrdSecsss/XrdSecsssCon.cc XrdSecsss/XrdSecsssCon.hh XrdSecsss/XrdSecsssEnt.cc XrdSecsss/XrdSecsssEnt.hh diff --git a/src/XrdXrootd/XrdXrootdXeq.cc b/src/XrdXrootd/XrdXrootdXeq.cc index b43709dcfd2..b40b99afa4e 100644 --- a/src/XrdXrootd/XrdXrootdXeq.cc +++ b/src/XrdXrootd/XrdXrootdXeq.cc @@ -43,6 +43,7 @@ #include "XrdOuc/XrdOucString.hh" #include "XrdOuc/XrdOucTokenizer.hh" #include "XrdOuc/XrdOucUtils.hh" +#include "XrdSec/XrdSecEntityAttr.hh" #include "XrdSec/XrdSecInterface.hh" #include "XrdSec/XrdSecProtector.hh" #include "XrdSys/XrdSysE2T.hh" @@ -823,6 +824,7 @@ int XrdXrootdProtocol::do_Locate() if (opts & kXR_force ) {fsctl_cmd |= SFS_O_FORCE; *op++ = 'f';} if (opts & kXR_prefname){fsctl_cmd |= SFS_O_HNAME; *op++ = 'n';} if (opts & kXR_compress){fsctl_cmd |= SFS_O_RAWIO; *op++ = 'u';} + if (opts & kXR_4dirlist){fsctl_cmd |= SFS_O_DIRLIST;*op++ = 'D';} *op = '\0'; TRACEP(FS, "locate " <Add("xrd.appname", (std::string)AppName); + if (AppName) Client->eaAPI->Add("xrd.appname", (std::string)AppName); // Assign unique identifier to the final SecEntity object //