157 #include "RConfigure.h" 169 #include <sys/types.h> 171 #include <sys/stat.h> 172 #include <sys/socket.h> 173 #include <sys/param.h> 174 #include <netinet/in.h> 175 #include <arpa/inet.h> 179 #include "snprintf.h" 181 #if defined(__CYGWIN__) && defined(__GNUC__) 187 #if defined(linux) || defined(__sun) || defined(__sgi) || \ 188 defined(_AIX) || defined(__FreeBSD__) || defined(__APPLE__) || \ 189 defined(__MACH__) || defined(cygwingcc) || defined(__OpenBSD__) 191 #include <sys/types.h> 193 #define ROOT_SIGNAL_INCLUDED 196 #if defined(__sgi) && !defined(__GNUG__) && (SGI_REL<62) 198 int seteuid(
int euid);
199 int setegid(
int egid);
206 int seteuid(uid_t euid);
207 int setegid(gid_t egid);
212 #if defined(R__SUNGCC3) 213 extern "C" int gethostname(
char *,
unsigned int);
241 using namespace ROOT;
247 void Err(
int level,
const char *msg,
int size)
249 Perror((
char *)msg, size);
254 void ErrFatal(
int level,
const char *msg,
int size)
256 Perror((
char *)msg, size);
262 void ErrSys(
int level,
const char *msg,
int size)
264 Perror((
char *)msg, size);
276 ErrorInfo(
"ProofdTerm: rootd.cxx: got a SIGTERM/SIGINT");
290 ErrorInfo(
"ProofdTerm: rootd.cxx: got a SIGTERM/SIGINT");
305 std::string conffile =
"proof.conf";
308 if (getenv(
"HOME")) {
309 conffile.insert(0,
"/.");
310 conffile.insert(0,getenv(
"HOME"));
313 conffile[conffile.length()] = 0;
315 if (!(proofconf = fopen(conffile.c_str(),
"r"))) {
320 conffile[conffile.length()] = 0;
322 if (proofconf || (proofconf = fopen(conffile.c_str(),
"r")) != 0) {
325 static char user_on_node[32];
332 strncpy(user_on_node,
"any", 32);
333 user_on_node[31] = 0;
335 while (fgets(line,
sizeof(line), proofconf) != 0) {
337 if (line[0] ==
'#')
continue;
339 int nword = sscanf(line,
"%63s %63s %63s %63s",
340 word[0], word[1], word[2], word[3]);
346 if (nword >= 2 && strcmp(word[0],
"node") == 0) {
347 if (gethostbyname(word[1]) != 0) {
349 if (strlen(word[1]) < 32) {
350 strncpy(node_name[nnodes], word[1], 32);
351 node_name[nnodes][31] = 0;
363 if (nword >= 4 && strcmp(word[0],
"user") == 0 &&
364 strcmp(word[1],
gUser.c_str()) == 0 &&
365 strcmp(word[2],
"on") == 0) {
367 if (strlen(word[3]) < 32) {
368 strncpy(user_on_node, word[3], 32);
369 user_on_node[31] = 0;
377 for (i = 0; i < nnodes; i++) {
378 if (strcmp(node_name[i], user_on_node) == 0) {
387 conffile =
gConfDir +
"/etc/next.node";
388 proofconf = fopen(conffile.c_str(),
"r");
390 if (fstat(fileno(proofconf), &statbuf) == 0 &&
391 difftime(time(0), statbuf.st_mtime) < 600) {
392 if (fgets(line,
sizeof(line), proofconf) != 0) {
393 strncpy(user_on_node, line, 32);
394 user_on_node[31] = 0;
395 for (i = 0; i < nnodes; i++) {
396 if (strcmp(node_name[i], user_on_node) == 0) {
417 if (RpdGetOffSet() > -1) {
418 if ((nrec = RpdSecureRecv(abuf)) < 0) {
419 ErrorInfo(
"RpdProofGetAuthSetup: sec: problems receiving buf");
426 if (
NetRecv(buflen, 20, kind) < 0) {
427 ErrorInfo(
"RpdProofGetAuthSetup: plain: problems receiving buf length");
430 int len = atoi(buflen);
433 *abuf =
new char[len + 1];
435 ErrorInfo(
"RpdProofGetAuthSetup: plain: problems receiving buf");
443 ErrorInfo(
"RpdProofGetAuthSetup: proto: %d len: %d",
444 RpdGetAuthProtocol(), nrec);
478 const char *node_name;
483 gethostname(host_name,
sizeof(host_name));
486 if (strcmp(host_name, node_name) != 0) {
487 struct hostent *host = gethostbyname(host_name);
488 struct hostent *node;
491 struct in_addr *host_addr = (
struct in_addr*)(host->h_addr);
493 if (strlen(inet_ntoa(*host_addr)) < 32) {
494 strncpy(host_numb, inet_ntoa(*host_addr), 32);
498 if ((node = gethostbyname(node_name)) != 0) {
499 struct in_addr *node_addr = (
struct in_addr*)(node->h_addr);
501 strncpy(node_numb, inet_ntoa(*node_addr), 32);
507 if (strcmp(host_numb, node_numb) != 0) {
508 msg = std::string(
"Reroute:").append(node_numb);
524 char *rootproofauthsetup =
new char[20 + strlen(authbuff)];
525 memset(rootproofauthsetup, 0, 20 + strlen(authbuff));
526 snprintf(rootproofauthsetup, 20 + strlen(authbuff),
"ROOTPROOFAUTHSETUP=%s", authbuff);
527 putenv(rootproofauthsetup);
528 }
else if (lab < 0) {
529 ErrorInfo(
"ProofdExec: problems receiving auth buffer");
531 if (authbuff)
delete[] authbuff;
534 if(RpdGetClientProtocol() >= 16) {
539 int rc = NetRecvAllocate(vb, len, kind);
542 ErrorInfo(
"ProofdExec: error receiving kPROOF_SETENV message");
547 ErrorInfo(
"ProofdExec: expecting kPROOF_SETENV, got %d", kind);
552 char *buf = (
char *) vb;
553 char *end = buf + len;
554 const char name[] =
"PROOF_ALLVARS=";
555 int alen = strlen(name)+len;
556 char *all =
new char[alen];
557 strlcpy(all, name, alen);
560 char *p = index(buf,
'=');
562 if (buf != (
char *) vb) strlcat(all,
",", alen);
563 strlcat(all, buf, alen);
566 buf += strlen(buf) + 1;
573 ErrorInfo(
"ProofdExec: send Okay (SockFd: %d)", sockFd);
577 if (sockFd == 0 || sockFd == 1 || sockFd == 2) {
580 for (fd = 3; fd < NOFILE; fd++) {
582 if (fstat(fd, &stbuf) == -1 &&
GetErrno() == EBADF) {
583 if (dup2(sockFd, fd) < 0)
584 ErrorInfo(
"ProofdExec: problems executing 'dup2' (errno: %d)", errno);
596 NetSend(
"Cannot start proofserver -- no free filedescriptor");
604 char *rootconf =
new char[13+
gConfDir.length()];
605 memset(rootconf, 0, 13 +
gConfDir.length());
609 ErrorInfo(
"ProofdExec: setting: %s", rootconf);
611 char *roottmp =
new char[12+
gTmpDir.length()];
612 memset(roottmp, 0, 12 +
gTmpDir.length());
616 ErrorInfo(
"ProofdExec: setting: %s", roottmp);
618 char *rootentity =
new char[
gUser.length()+
gOpenHost.length()+33];
624 ErrorInfo(
"ProofdExec: setting: %s", rootentity);
626 char *rootopensock =
new char[33];
627 memset(rootopensock, 0, 33);
628 snprintf(rootopensock, 33,
"ROOTOPENSOCK=%d", sockFd);
629 putenv(rootopensock);
631 ErrorInfo(
"ProofdExec: setting: %s", rootopensock);
633 char *roothomeauthrc =
new char[20];
634 memset(roothomeauthrc, 0, 20);
636 putenv(roothomeauthrc);
638 ErrorInfo(
"ProofdExec: setting: %s", roothomeauthrc);
642 char *shmidcred =
new char[25];
643 memset(shmidcred, 0, 25);
644 snprintf(shmidcred, 25,
"ROOTSHMIDCRED=%d", RpdGetShmIdCred());
647 ErrorInfo(
"ProofdExec: setting: %s", shmidcred);
652 argvv[0] = (
char *)arg0.c_str();
653 argvv[1] = (
char *)(
gMaster ?
"proofserv" :
"proofslave");
657 char *rootsys =
new char[9+
gConfDir.length()];
658 memset(rootsys, 0, 9 +
gConfDir.length());
662 ErrorInfo(
"ProofdExec: setting: %s", rootsys);
665 char *oldpath, *ldpath;
666 # if defined(__hpux) || defined(_HIUX_SOURCE) 667 if ((oldpath = getenv(
"SHLIB_PATH")) && strlen(oldpath) > 0) {
668 ldpath =
new char[32+
gConfDir.length()+strlen(oldpath)];
669 memset(ldpath, 0, 32+
gConfDir.length()+strlen(oldpath));
671 "SHLIB_PATH=%s/lib:%s",
gConfDir.c_str(), oldpath);
673 ldpath =
new char[32+
gConfDir.length()];
674 memset(ldpath, 0, 32+
gConfDir.length());
678 if ((oldpath = getenv(
"LIBPATH")) && strlen(oldpath) > 0) {
679 ldpath =
new char[32+
gConfDir.length()+strlen(oldpath)];
680 memset(ldpath, 0, 32+
gConfDir.length()+strlen(oldpath));
682 "LIBPATH=%s/lib:%s",
gConfDir.c_str(), oldpath);
684 ldpath =
new char[32+
gConfDir.length()];
685 memset(ldpath, 0, 32+
gConfDir.length());
688 # elif defined(__APPLE__) 689 if ((oldpath = getenv(
"DYLD_LIBRARY_PATH")) && strlen(oldpath) > 0) {
690 ldpath =
new char[32+
gConfDir.length()+strlen(oldpath)];
691 memset(ldpath, 0, 32+
gConfDir.length()+strlen(oldpath));
693 "DYLD_LIBRARY_PATH=%s/lib:%s",
gConfDir.c_str(), oldpath);
695 ldpath =
new char[32+
gConfDir.length()];
696 memset(ldpath, 0, 32+
gConfDir.length());
700 if ((oldpath = getenv(
"LD_LIBRARY_PATH")) && strlen(oldpath) > 0) {
701 ldpath =
new char[32+
gConfDir.length()+strlen(oldpath)];
702 memset(ldpath, 0, 32+
gConfDir.length()+strlen(oldpath));
704 "LD_LIBRARY_PATH=%s/lib:%s",
gConfDir.c_str(), oldpath);
706 ldpath =
new char[32+
gConfDir.length()];
707 memset(ldpath, 0, 32+
gConfDir.length());
713 ErrorInfo(
"ProofdExec: setting: %s", ldpath);
723 authrc =
new char[15+
gAuthrc.length()];
724 memset(authrc, 0, 15 +
gAuthrc.length());
728 ErrorInfo(
"ProofdExec: setting: %s", authrc);
732 char *keyfile =
new char[15+strlen(RpdGetKeyRoot())];
733 memset(keyfile, 0, 15+strlen(RpdGetKeyRoot()));
734 snprintf(keyfile, 15+strlen(RpdGetKeyRoot()),
"ROOTKEYFILE=%s",RpdGetKeyRoot());
737 ErrorInfo(
"ProofdExec: setting: %s", keyfile);
740 ErrorInfo(
"ProofdExec: execv(%s, %s)", argvv[0], argvv[1]);
743 execv(arg0.c_str(), argvv);
746 msg =
"Cannot start PROOF server --- make sure " + arg0 +
" exists!";
755 fprintf(stderr,
"\nUsage: %s [options] [rootsys-dir]\n", name);
756 fprintf(stderr,
"\nOptions:\n");
757 fprintf(stderr,
"\t-A [<rootauthrc>] Use $HOME/.rootauthrc or specified file\n");
758 fprintf(stderr,
"\t (see documentation)\n");
759 fprintf(stderr,
"\t-b tcpwindowsize Specify the tcp window size in bytes\n");
761 fprintf(stderr,
"\t-C hostcertfile Specify the location of the Globus host certificate\n");
763 fprintf(stderr,
"\t-d level set debug level [0..3]\n");
764 fprintf(stderr,
"\t-D rootdaemonrc Use alternate rootdaemonrc file\n");
765 fprintf(stderr,
"\t (see documentation)\n");
766 fprintf(stderr,
"\t-E Ignored for backward compatibility\n");
767 fprintf(stderr,
"\t-f Run in foreground\n");
769 fprintf(stderr,
"\t-G gridmapfile Specify the location of th Globus gridmap\n");
771 fprintf(stderr,
"\t-i Running from inetd\n");
772 fprintf(stderr,
"\t-noauth Do not require client authentication\n");
773 fprintf(stderr,
"\t-p port# Specify a different port to listen on\n");
774 fprintf(stderr,
"\t-s sshd_port# Specify the port for the sshd daemon\n");
776 fprintf(stderr,
"\t-S keytabfile Use an alternate keytab file\n");
778 fprintf(stderr,
"\t-T <tmpdir> Use an alternate temp dir\n");
779 fprintf(stderr,
"\t-w Do not check /etc/hosts.equiv and $HOME/.rhosts\n");
786 int main(
int argc,
char **argv)
789 int checkhostsequiv = 1;
790 int tcpwindowsize = 65535;
794 int reuseallow = 0x1F;
795 int foregroundflag = 0;
796 std::string altSRPpass =
"";
797 std::string daemonrc =
"";
798 std::string rootetcdir =
"";
800 std::string gridmap =
"";
801 std::string hostcertconf =
"";
803 char *progname = argv[0];
818 for (i = 1; i < argc; i++) {
819 if (!strncmp(argv[i],
"-f",2))
821 if (!strncmp(argv[i],
"-i",2))
824 if (foregroundflag) {
825 if (isatty(0) && isatty(1)) {
827 ErrorInfo(
"main: running in foreground mode:" 828 " sending output to stderr");
838 while (--argc > 0 && (*++argv)[0] ==
'-')
839 for (s = argv[0]+1; *s != 0; s++)
846 if((*(argv+1)) && (*(argv+1))[0] !=
'-') {
847 gAuthrc = std::string(*(argv+1));
849 if (stat(
gAuthrc.c_str(),&st) == -1 || !S_ISREG(st.st_mode)) {
865 tcpwindowsize = atoi(*++argv);
871 " certificates file location");
873 hostcertconf = std::string(*++argv);
886 " for the file defining access rules");
888 daemonrc = std::string(*++argv);
893 " - ignored (see proofd/src/proofd.cxx for" 894 " additional details)");
909 gridmap = std::string(*++argv);
917 if (foregroundflag) {
924 if (!strncmp(argv[0]+1,
"noauth",6)) {
935 port1 = strtol(*++argv, &p, 10);
938 port2 = strtol(p, &p, 10);
939 }
else if (*p ==
'\0')
941 if (*p !=
'\0' || port2 < port1 || port2 < 0) {
952 altSRPpass = std::string(*++argv);
960 reuseallow = strtol(*++argv, (
char **)0, 16);
966 " number for the sshd daemon");
968 sshdport = atoi(*++argv);
975 RpdSetKeytabFile((
const char *)(*++argv));
981 " temporary files [/usr/tmp]");
983 gTmpDir = std::string(*++argv);
991 if (!foregroundflag) fprintf(stderr,
"\nUnknown command line option: %c\n", *s);
992 Error(0, -1,
"unknown command line option: %c", *s);
999 if (access(
gTmpDir.c_str(), W_OK) == -1)
1007 if (getenv(
"ROOTSYS")) {
1010 ErrorInfo(
"main: no config directory specified using ROOTSYS (%s)",
1023 rootetcdir= ROOTETCDIR;
1031 std::string arg0 = std::string(
gRootBinDir).append(
"/proofserv");
1032 if (access(arg0.c_str(), X_OK) == -1) {
1033 Error(
ErrFatal,-1,
"main: incorrect config directory specified (%s)",
1044 if (!rootetcdir.length())
1045 rootetcdir = std::string(
gConfDir).append(
"/etc");
1047 if (rootetcdir.length()) {
1048 char *tmp =
new char[15 + rootetcdir.length()];
1049 snprintf(tmp, 15 + rootetcdir.length(),
"ROOTETCDIR=%s", rootetcdir.c_str());
1054 if (daemonrc.length()) {
1055 char *tmp =
new char[15+daemonrc.length()];
1056 snprintf(tmp, 15+daemonrc.length(),
"ROOTDAEMONRC=%s", daemonrc.c_str());
1061 if (gridmap.length()) {
1062 char *tmp =
new char[15+gridmap.length()];
1063 snprintf(tmp, 15+gridmap.length(),
"GRIDMAP=%s", gridmap.c_str());
1067 if (hostcertconf.length()) {
1068 char *tmp =
new char[15+hostcertconf.length()];
1069 snprintf(tmp, 15+hostcertconf.length(),
"ROOTHOSTCERT=%s", hostcertconf.c_str());
1075 int proofdparentid = -1;
1077 proofdparentid = getpid();
1079 proofdparentid = getppid();
1082 unsigned int options = kDMN_RQAUTH | kDMN_HOSTEQ | kDMN_SYSLOG ;
1085 options &= ~kDMN_RQAUTH;
1086 if (!checkhostsequiv)
1087 options &= ~kDMN_HOSTEQ;
1089 options &= ~kDMN_SYSLOG;
1091 reuseallow, sshdport,
1092 gTmpDir.c_str(),altSRPpass.c_str(),2);
1096 Error(
Err, -1,
"proofd: unable to generate local RSA keys");
1105 if (!foregroundflag)
1108 NetInit(
gService, port1, port2, tcpwindowsize);
1125 Error(
ErrFatal, -1,
"proofd: failure initializing session");
int GetErrno()
return errno
static std::string gConfDir
void Err(int level, const char *msg, int size)
This namespace contains pre-defined functions to be used in conjuction with TExecutor::Map and TExecu...
void ErrFatal(int level, const char *msg, int size)
void Usage(const char *name, int rc)
int NetGetSockFd()
return open socket descriptor
const char * RerouteUser()
Look if user should be rerouted to another server node.
int NetRecvRaw(void *buf, int len)
Receive a buffer of maximum len bytes.
void ErrorInfo(const char *va_(fmt),...)
Formats a string in a circular formatting buffer and prints the string.
static void ProofdTerm(int)
Termination upon receipt of a SIGTERM or SIGINT.
int NetRecv(char *msg, int max)
Receive a string of maximum length max.
void RpdInit(EService serv, int pid, int sproto, unsigned int opts, int rumsk, int sshp, const char *tmpd, const char *asrpp, int login=0)
void RpdSetErrorHandler(ErrorHandler_t Err, ErrorHandler_t Sys, ErrorHandler_t Fatal)
void RpdAuthCleanup(const char *sstr, int opt)
static std::string gReadHomeAuthrc
int RpdProofGetAuthSetup(char **abuf)
Receive buffer for final setup of authentication related stuff This is base 64 string to decoded by p...
void ResetErrno()
reset errno
static std::string gRootBinDir
int NetSend(int code, EMessageTypes kind)
Send integer. Message will be of type "kind".
void ErrSys(int level, const char *msg, int size)
static std::string gTmpDir
int main(int argc, char **argv)
void NetGetRemoteHost(std::string &openhost)
Return name of connected host.
void ProofdExec()
Authenticate the user and exec the proofserv program.
static std::string gAuthrc
static std::string gRpdAuthTab
void NetClose()
Empty call, for consistency.
static std::string gOpenHost
void ErrorInit(const char *ident)
void Perror(char *buf, int size)
Return in buf the message belonging to errno.
int RpdInitSession(int, std::string &, int &, int &, int &, std::string &)
void Error(ErrorHandler_t func, int code, const char *va_(fmt),...)
Write error message and call a handler, if required.