From f07732e70006e8d719f1d36cdd2cc689d35a5f27 Mon Sep 17 00:00:00 2001 From: Derek Weitzel Date: Tue, 13 Dec 2022 09:43:46 -0600 Subject: [PATCH 1/2] Adding the OverrideINIReader for SciTokens The default INI reader will concat duplicate section+name settings with a '\n' separator. The new OverrideINIReader will simply take the last value in the INI configuration file. --- src/XrdSciTokens/XrdSciTokensAccess.cc | 48 +++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/src/XrdSciTokens/XrdSciTokensAccess.cc b/src/XrdSciTokens/XrdSciTokensAccess.cc index 93a72fe2460..3c1b883c44b 100644 --- a/src/XrdSciTokens/XrdSciTokensAccess.cc +++ b/src/XrdSciTokens/XrdSciTokensAccess.cc @@ -286,6 +286,52 @@ struct IssuerConfig } +class OverrideINIReader: public INIReader { +public: + OverrideINIReader(XrdSysError log) + : m_log(log) {}; + OverrideINIReader(std::string filename, XrdSysError log) + : INIReader(filename), + m_log(log) { + + } + OverrideINIReader(FILE *file, XrdSysError log) + : INIReader(file), + m_log(log) { + + } +protected: + /** + * Override the ValueHandler function in order override previous values + * For example: + * [Issuer https://chtc.cs.wisc.edu/icecube] + * issuer = https://chtc.cs.wisc.edu/icecube + * base_path = /icecube/path1 + + * [Issuer https://chtc.cs.wisc.edu/icecube] + * issuer = https://chtc.cs.wisc.edu/icecube + * base_path = /icecube/path2 + * + * Will result in a configuration with base_path set to /icecube/path2 + */ + inline int ValueHandler(void* user, const char* section, const char* name, + const char* value) { + OverrideINIReader* reader = (OverrideINIReader*)user; + std::string key = MakeKey(section, name); + if (reader->_values[key].size() > 0) { + std::ostringstream os; + os << "Duplicate section and value, overriding previous value: section=" << section << ", name=" << name; + m_log.Log(LogMask::Debug, "INIConfig", os.str().c_str()); + } + + reader->_values[key] = value; + reader->_sections.insert(section); + return 1; + } + + XrdSysError m_log; + +}; class XrdAccRules { @@ -1009,7 +1055,7 @@ class XrdAccSciTokens : public XrdAccAuthorize, public XrdSciTokensHelper } m_log.Log(LogMask::Info, "Reconfig", "Parsing configuration file:", m_cfg_file.c_str()); - INIReader reader(m_cfg_file); + OverrideINIReader reader(m_cfg_file, m_log); if (reader.ParseError() < 0) { std::stringstream ss; ss << "Error opening config file (" << m_cfg_file << "): " << strerror(errno); From 05e6a268cbb0b3268cb2e4ed0803f16046877083 Mon Sep 17 00:00:00 2001 From: Derek Weitzel Date: Tue, 13 Dec 2022 13:31:07 -0600 Subject: [PATCH 2/2] Adding duplicate section docs to scitokens readme --- src/XrdSciTokens/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/XrdSciTokens/README.md b/src/XrdSciTokens/README.md index baca00d2c95..87d4948ac51 100644 --- a/src/XrdSciTokens/README.md +++ b/src/XrdSciTokens/README.md @@ -55,6 +55,20 @@ default_user = osg name_mapfile = /path/to/mapfile ``` +Duplicate section and settings names (not values) will take the value of the last entry in the file. For example: + +``` +[Issuer https://chtc.cs.wisc.edu/icecube] +issuer = https://chtc.cs.wisc.edu/icecube +base_path = /icecube/path1 + +[Issuer https://chtc.cs.wisc.edu/icecube] +issuer = https://chtc.cs.wisc.edu/icecube +base_path = /icecube/path2 +``` + +Will result in a configuration with `issuer = https://chtc.cs.wisc.edu/icecube` and `base_path = /icecube/path2`. + Within the `Global` section, the available attributes are: - `audience` (optional): A comma separated list of acceptable audiences. The tokens must have an `aud` attribute