21#include "RConfigure.h" 
   51#if !defined(R__WIN32) && !defined(R__MACOSX) && !defined(R__FBSD) && \ 
   58#if defined(R__LINUX) || defined(R__FBSD) || defined(R__OBSD) 
   67extern "C" char *crypt(
const char *, 
const char *);
 
   72#   include <openssl/bio.h> 
   73#   include <openssl/err.h> 
   74#   include <openssl/pem.h> 
   75#   include <openssl/rand.h> 
   76#   include <openssl/rsa.h> 
   77#   include <openssl/ssl.h> 
   78#   include <openssl/blowfish.h> 
   86   static BF_KEY fgBFKey; 
 
   92                                                "Unsupported", 
"Unsupported", 
"Unsupported" };
 
  133   int frnd = 
open(
"/dev/urandom", O_RDONLY);
 
  134   if (frnd < 0) frnd = 
open(
"/dev/random", O_RDONLY);
 
  137      ssize_t rs = read(frnd, (
void *) &
r, 
sizeof(
int));
 
  140      if (rs == 
sizeof(
int)) 
return r;
 
  142   Printf(
"+++ERROR+++ : auth_rand: neither /dev/urandom nor /dev/random are available or readable!");
 
  144   if (gettimeofday(&tv,0) == 0) {
 
  146      memcpy((
void *)&
t1, (
void *)&tv.tv_sec, 
sizeof(
int));
 
  147      memcpy((
void *)&t2, (
void *)&tv.tv_usec, 
sizeof(
int));
 
  163                             const char *
proto, 
const char *user)
 
  170   if (
gROOT->IsProofServ())
 
  187      Info(
"TAuthenticate", 
"Enter: local host: %s, user is: %s (proto: %s)",
 
  196      if ((pdd = strstr(sproto, 
":")) != 0) {
 
  197         int rproto = atoi(pdd + 1);
 
  199         if (strstr(sproto, 
"root") != 0) {
 
  216         if (strstr(sproto, 
"proof") != 0) {
 
  231            Info(
"TAuthenticate",
 
  232                 "service: %s (remote protocol: %d): fVersion: %d", sproto,
 
  242   if (user && strlen(user) > 0) {
 
  248         checkUser = u->
fUser;
 
  267      Info(
"TAuthenticate",
"RSA key: default type %d", 
fgRSAKey);
 
  281   fqdnsrv.
Form(
"%s:%d",fqdn.
Data(),servtype);
 
  287      Info(
"TAuthenticate",
 
  288           "number of HostAuth Instantiations in memory: %d",
 
  315   if (!strncmp(tmp.
Data(),
"up",2))
 
  317   else if (!strncmp(tmp.
Data(),
"s",1))
 
  319   else if (!strncmp(tmp.
Data(),
"k",1))
 
  321   else if (!strncmp(tmp.
Data(),
"g",1))
 
  323   else if (!strncmp(tmp.
Data(),
"h",1))
 
  325   else if (!strncmp(tmp.
Data(),
"ug",2))
 
  327   if (sec > -1 && sec < 
kMAXSEC) {
 
  353   Info(
"CatchTimeOut", 
"%d sec timeout expired (protocol: %s)",
 
  377   char noSupport[80] = { 0 };
 
  378   char triedMeth[80] = { 0 };
 
  394      alarm->
Connect(
"Timeout()", 
"TAuthenticate", 
this, 
"CatchTimeOut()");
 
  402      Info(
"Authenticate", 
"try #: %d", ntry);
 
  413           "trying authentication: method:%d, default details:%s",
 
  417   if (triedMeth[0] != 
'\0')
 
  418      (
void) strlcat(triedMeth, 
" ", 
sizeof(triedMeth) - 1);
 
  459         Error(
"Authenticate",
 
  460               "unable to get user name for UsrPwd authentication");
 
  466   if (alarm) alarm->
Stop();
 
  478   Int_t remloc = nmet - ntry;
 
  480      Info(
"Authenticate",
"remloc: %d, ntry: %d, meth: %d, fSecurity: %d",
 
  506                 "negotiation not supported remotely: try next method, if any");
 
  507         if (meth < nmet - 1) {
 
  524              "after failed attempt: kind= %d, stat= %d", kind, stat);
 
  531            char *answer = 
new char[len];
 
  540                       "strings with accepted methods not received (%d:%d)",
 
  543               sscanf(answer, 
"%d %d %d %d %d %d", &rMth[0], &rMth[1],
 
  544                      &rMth[2], &rMth[3], &rMth[4], &rMth[5]);
 
  545            if (
gDebug > 0 && remloc > 0)
 
  547                    "remotely allowed methods not yet tried: %s",
 
  550         } 
else if (stat == 0) {
 
  552                 "no more methods accepted remotely to be tried");
 
  565         std::string available{};
 
  567         for (i = 0; i < remMeth; i++) {
 
  568            for (j = 0; j < nmet; j++) {
 
  578            if (methfound) 
break;
 
  580         if (methfound) 
break;
 
  584            Warning(
"Authenticate", 
"no match with those locally available: %s", available.c_str());
 
  601              "method not even started: insufficient or wrong info: %s",
 
  602              "try with next method, if any");
 
  619                    "status code -2 not expected from old daemons");
 
  631         Info(
"Authenticate", 
"got a timeout");
 
  633      if (meth < nmet - 1) {
 
  643         Info(
"Authenticate", 
"unknown status code: %d - assume failure",st);
 
  657      if (strlen(noSupport) > 0)
 
  658         Info(
"Authenticate", 
"attempted methods %s are not supported" 
  659              " by remote server version", noSupport);
 
  661           "failure: list of attempted methods: %s", triedMeth);
 
  685      Info(
"SetEnvironment",
 
  686           "setting environment: fSecurity:%d, fDetails:%s", 
fSecurity,
 
  697      char pt[5] = { 0 }, ru[5] = { 0 };
 
  703      if ((ptr = strstr(
fDetails, 
"pt:")) != 0) {
 
  704         sscanf(ptr + 3, 
"%4s %8191s", 
pt, usdef);
 
  706         if (!strncasecmp(
gEnv->
GetValue(usrPromptDef,
""),
"no",2) ||
 
  713      if ((ptr = strstr(
fDetails, 
"ru:")) != 0) {
 
  714         sscanf(ptr + 3, 
"%4s %8191s", ru, usdef);
 
  716         if (!strncasecmp(
gEnv->
GetValue(usrReUseDef,
""),
"no",2) ||
 
  725      if ((pd = hours.
Index(
":")) > -1) {
 
  729         hh = atoi(hours.
Data());
 
  730         mm = atoi(minutes.
Data());
 
  732         hh = atoi(hours.
Data());
 
  738         if ((ptr = strstr(
fDetails, 
"us:")) != 0)
 
  739            sscanf(ptr + 3, 
"%8191s %8191s", 
us, usdef);
 
  740         if ((ptr = strstr(
fDetails, 
"cp:")) != 0)
 
  741            sscanf(ptr + 3, 
"%8191s %8191s", cp, usdef);
 
  743            Info(
"SetEnvironment", 
"details:%s, pt:%s, ru:%s, us:%s cp:%s",
 
  746         if ((ptr = strstr(
fDetails, 
"us:")) != 0)
 
  747            sscanf(ptr + 3, 
"%8191s %8191s", 
us, usdef);
 
  749            Info(
"SetEnvironment", 
"details:%s, pt:%s, ru:%s, us:%s",
 
  754      if (!strncasecmp(
pt, 
"yes",3) || !strncmp(
pt, 
"1", 1))
 
  758      if (!
gROOT->IsProofServ()) {
 
  760         if (!strncasecmp(ru, 
"no",2) || !strncmp(ru, 
"0",1))
 
  771         if (!strncmp(cp, 
"no", 2) || !strncmp(cp, 
"0", 1))
 
  783      if (strlen(usdef) > 0) {
 
  813      Error(
"GetUserPasswd", 
"SRP no longer supported by ROOT");
 
  818      Info(
"GetUserPasswd", 
"Enter: User: '%s' Hash:%d SRP:%d",
 
  822   if (user == 
"" && 
fgUser != 
"")
 
  833      Info(
"GetUserPasswd", 
"In memory: User: '%s' Hash:%d",
 
  843         Info(
"GetUserPasswd", 
"In memory: User: '%s' Hash:%d",
 
  849   if (user == 
"" || 
passwd == 
"") {
 
  851         Info(
"GetUserPasswd", 
"Checking .netrc family ...");
 
  855      Info(
"GetUserPasswd", 
"From .netrc family: User: '%s' Hash:%d",
 
  864         Error(
"GetUserPasswd", 
"user name not set");
 
  911      Error(
"CheckNetrc", 
"SRP no longer supported by ROOT");
 
  936      bool mode0600 = 
true;
 
  941            FILE *fd = fopen(net, 
"r");
 
  943            while (fgets(
line, 
sizeof(
line), fd) != 0) {
 
  947               int nword = sscanf(
line, 
"%63s %63s %63s %63s %63s %63s",
 
  948                                        word[0], word[1], word[2], word[3], word[4], word[5]);
 
  951               if (strcmp(word[0], 
"machine"))
 
  953               if (strcmp(word[2], 
"login"))
 
  955               if (strcmp(word[4], 
"password") && strcmp(word[4], 
"password-hash"))
 
  967                     if (!strcmp(word[4], 
"password-hash"))
 
  972                     if (!strcmp(word[3], user.
Data())) {
 
  974                        if (!strcmp(word[4], 
"password-hash"))
 
  985                    "file %s exists but has not 0600 permission", net);
 
  989      if (
first && !result) {
 
 1043   ::Error(
"Krb5Auth", 
"Kerberos5 is no longer supported by ROOT");
 
 1070   if (idx < 0 || idx > 
kMAXSEC-1) {
 
 1071      ::Error(
"Authenticate::GetAuthMethod", 
"idx out of bounds (%d)", idx);
 
 1085   if (meth && meth[0]) {
 
 1114   if (isatty(0) == 0 || isatty(1) == 0) {
 
 1116                "not tty: cannot prompt for user, returning default");
 
 1123   const char *usrIn = Getline(
Form(
"Name (%s:%s): ", remote, user));
 
 1143   if (isatty(0) == 0 || isatty(1) == 0) {
 
 1144      ::Warning(
"TAuthenticate::PromptPasswd",
 
 1145                "not tty: cannot prompt for passwd, returning -1");
 
 1146      static char noint[4] = {
"-1"};
 
 1151   const char *pw = buf;
 
 1156           gROOT->GetPluginManager()->FindHandler(
"TGPasswdDialog"))) {
 
 1160                      "could not load plugin for the password dialog box");
 
 1170      while (
gROOT->IsInterrupted())
 
 1174      Gl_config(
"noecho", 1);
 
 1175      pw = Getline(prompt);
 
 1176      Gl_config(
"noecho", 0);
 
 1203   key = (key >= 0 && key <= 1) ? key : 0;
 
 1220   if (key >= 0 && key <= 1)
 
 1273      lasterr = 
"(last error only; re-run with gDebug > 0 for more details)";
 
 1277      if (
gDebug > 0 || forceprint) {
 
 1279            ::Error(
Form(
"TAuthenticate::%s", where), 
"%s %s",
 
 1283                    "unknown error code: server must be running a newer ROOT version %s",
 
 1301   if (user && user[0])
 
 1332   ::Error(
"SetGlobalSRPPwd", 
"SRP no longer supported by ROOT");
 
 1361   if (defaultuser && defaultuser[0])
 
 1403   ::Error(
"Krb5Auth", 
"Kerberos5 is no longer supported by ROOT");
 
 1412   ::Error(
"GlobusAuth", 
"Globus is no longer supported by ROOT");
 
 1420   ::Error(
"SshAuth", 
"SSH is no longer supported by ROOT");
 
 1429   ::Error(
"GetSshUser", 
"SSH is no longer supported by ROOT");
 
 1450   if (!strcmp(href,
"*"))
 
 1459   if (rename.
Index(href,&len) != -1 || strstr(href,
"-"))
 
 1464   if (strstr(href,
"*"))
 
 1476         ::Info(
"TAuthenticate::CheckHost", 
"checking host IP: %s", theHost.
Data());
 
 1487      if (pos > 0 && pos != (
Ssiz_t)(theHost.
Length()-strlen(href)))
 
 1499   ::Error(
"RfioAuth", 
"RfioAuth is no longer supported by ROOT");
 
 1513      Info(
"ClearAuth", 
"enter: user: %s (passwd hashed?: %d)",
 
 1525      Info(
"ClearAuth", 
"ru:%d pt:%d cp:%d ns:%d rk:%d",
 
 1554      options.
Form(
"%d %ld %s %ld %s", opt,
 
 1576            Info(
"ClearAuth", 
"anonymous user");
 
 1585      char ctag[11] = {0};
 
 1586      if (anon == 0 && cryptopt == 1) {
 
 1593                       "problems recvn RSA key flag: got message %d, flag: %d",
 
 1599            Info(
"ClearAuth", 
"get key request ...");
 
 1613               Warning(
"ClearAuth", 
"problems secure-receiving salt -" 
 1614                       " may result in corrupted salt");
 
 1615               Warning(
"ClearAuth", 
"switch off reuse for this session");
 
 1623                  while (ltmp && tmpsalt[ltmp-1] != 
'#') ltmp--;
 
 1625                     if (tmpsalt[ltmp-1] == 
'#' &&
 
 1626                         tmpsalt[ltmp-10] == 
'#') {
 
 1627                        strlcpy(ctag,&tmpsalt[ltmp-10],11);
 
 1646               Info(
"ClearAuth", 
"got salt: '%s' (len: %d)", salt.
Data(), slen);
 
 1649               Info(
"ClearAuth", 
"Salt not required");
 
 1652               Warning(
"ClearAuth", 
"problems secure-receiving rndmtag -" 
 1653                       " may result in corrupted rndmtag");
 
 1656               strlcpy(ctag, tmptag, 11);
 
 1682            if (localFQDN == 
"") {
 
 1690                    "automatically generated anonymous passwd: %s",
 
 1696         if (prompt == 1 || pashash.
Length() == 0) {
 
 1705                  Error(
"ClearAuth", 
"password not set");
 
 1710            if (needsalt && !pwdhash) {
 
 1736      if (anon == 0 && cryptopt == 1) {
 
 1748            Warning(
"ClearAuth", 
"problems secure-sending pass hash" 
 1749                    " - may result in authentication failure");
 
 1756            for (
int i = 0; i < 
passwd.Length(); i++) {
 
 1770         Info(
"ClearAuth", 
"after kROOTD_PASS: kind= %d, stat= %d", kind,
 
 1782                 "problems recvn (user,offset) length (%d:%d bytes:%d)",
 
 1787      int reclen = (stat+1 > 256) ? 256 : stat+1;
 
 1788      if ((nrec = 
fSocket->
Recv(answer, reclen, kind)) < 0)
 
 1792                 "username and offset not received (%d:%d)", kind,
 
 1798      sscanf(answer, 
"%127s %d", lUser, &offset);
 
 1801              "received from server: user: %s, offset: %d (%s)", lUser,
 
 1808      if (reuse == 1 && offset > -1) {
 
 1810         if (cryptopt == 1) {
 
 1813                       "problems secure-receiving token -" 
 1814                       " may result in corrupted token");
 
 1819            token = 
new char[tlen];
 
 1825               Warning(
"ClearAuth", 
"token not received (%d:%d)", kind,
 
 1828            for (
int i = 0; i < (int) strlen(token); i++) {
 
 1829               token[i] = ~token[i];
 
 1834            Info(
"ClearAuth", 
"received from server: token: '%s' ",
 
 1896                     "%s@%s does not accept connections from %s@%s",
 
 1903                     "%s@%s does not accept %s authentication from %s@%s",
 
 1920            Error(
"ClearAuth", 
"password not set");
 
 1922      if (
fUser == 
"anonymous" || 
fUser == 
"rootd") {
 
 1923         if (!
passwd.Contains(
"@")) {
 
 1925                    "please use passwd of form: user@host.do.main");
 
 1936         for (
int i = 0; i < 
passwd.Length(); i++) {
 
 1949         Info(
"ClearAuth", 
"after kROOTD_PASS: kind= %d, stat= %d", kind,
 
 1978      ::Info(
"TAuthenticate::GetHostAuth", 
"enter ... %s ... %s", host, user);
 
 1984      char *
ps = (
char *)strstr(host,
":");
 
 1986         srvtyp = atoi(
ps+1);
 
 1990   if (strncmp(host,
"default",7) && !hostFQDN.
Contains(
"*")) {
 
 2002   if (!strncasecmp(opt,
"P",1)) {
 
 2010   while ((ai = (
THostAuth *) (*next)())) {
 
 2012         ai->
Print(
"Authenticate::GetHostAuth");
 
 2015      if (!(serverOK = (ai->
GetServer() == -1) ||
 
 2020      if (!strcmp(ai->
GetHost(),
"default") && serverOK && notFound)
 
 2030      if (hostFQDN == ai->
GetHost() &&
 
 2052      ::Info(
"TAuthenticate::HasHostAuth", 
"enter ... %s ... %s", host, user);
 
 2058      char *
ps = (
char *)strstr(host,
":");
 
 2060         srvtyp = atoi(
ps+1);
 
 2063   if (strncmp(host,
"default",7) && !hostFQDN.
Contains(
"*")) {
 
 2070   if (!strncasecmp(opt,
"P",1)) {
 
 2075   while ((ai = (
THostAuth *) (*next)())) {
 
 2077      if (hostFQDN == ai->
GetHost() &&
 
 2099      ::Info(
"TAuthenticate::FileExpand", 
"enter ... '%s' ... 0x%lx", fexp, (
Long_t)ftmp);
 
 2101   fin = fopen(fexp, 
"r");
 
 2105   while (fgets(
line, 
sizeof(
line), fin) != 0) {
 
 2109      if (
line[strlen(
line) - 1] == 
'\n')
 
 2112         ::Info(
"TAuthenticate::FileExpand", 
"read line ... '%s'", 
line);
 
 2113      int nw = sscanf(
line, 
"%19s %8191s", cinc, fileinc);
 
 2116      if (strcmp(cinc, 
"include") != 0) {
 
 2118         fprintf(ftmp, 
"%s\n", 
line);
 
 2125         sscanf(ln.
Data(), 
"%19s %8191s", cinc, fileinc);
 
 2128         if (fileinc[0] == 
'$') {
 
 2145         if (fileinc[0] == 
'~') {
 
 2149            char *ffull = 
new char[flen];
 
 2159                      "file specified by 'include' cannot be open or read (%s)",
 
 2174   const char copt[2][5] = { 
"no", 
"yes" };
 
 2177      ::Info(
"TAuthenticate::GetDefaultDetails",
 
 2178             "enter ... %d ...pt:%d ... '%s'", sec, opt, usr);
 
 2180   if (opt < 0 || opt > 1)
 
 2185      if (!usr[0] || !strncmp(usr,
"*",1))
 
 2194      ::Info(
"TAuthenticate::GetDefaultDetails", 
"returning ... %s", temp);
 
 2204   if (!strncasecmp(opt,
"P",1))
 
 2233             " +--------------------------- BEGIN --------------------------------+");
 
 2238                " + List fgProofAuthInfo has %4d members                            +",
 
 2243                " +------------------------------------------------------------------+");
 
 2251                " + List fgAuthInfo has %4d members                                 +",
 
 2256                " +------------------------------------------------------------------+");
 
 2265             " +---------------------------- END ---------------------------------+");
 
 2281      Info(
"AuthExists",
"%d: enter: msg: %d options: '%s'",
 
 2282           method,*message, options);
 
 2294                (*checksecctx)(username,secctx) == 1)
 
 2307                   (*checksecctx)(username,secctx) == 1) {
 
 2324              "found valid TSecContext: offset: %d token: '%s'",
 
 2325              offset, token.
Data());
 
 2336   Int_t reuse = *rflag;
 
 2337   if (reuse == 1 && offset > -1) {
 
 2346      Int_t stat = 1, kind;
 
 2351            Warning(
"AuthExists",
"protocol error: expecting %d got %d" 
 2357            Info(
"AuthExists",
"offset OK");
 
 2361            Info(
"AuthExists", 
"key type: %d", rsaKey);
 
 2377               Warning(
"AuthExists", 
"problems secure-sending token %s",
 
 2378                       "- may trigger problems in proofing Id ");
 
 2383            for (
int i = 0; i < token.
Length(); i++) {
 
 2384               char inv = ~token(i);
 
 2392            Info(
"AuthExists",
"offset not OK - rerun authentication");
 
 2403      Info(
"AuthExists",
"%d: after msg %d: kind= %d, stat= %d",
 
 2404           method,*message, kind, stat);
 
 2417         Error(
"AuthExists",
"%s@%s does not accept connections from %s@%s",
 
 2423                 "%s@%s does not accept %s authentication from %s@%s",
 
 2441            Info(
"AuthExists", 
"valid authentication exists");
 
 2443            Info(
"AuthExists", 
"valid authentication exists: offset changed");
 
 2445            Info(
"AuthExists", 
"remote access authorized by /etc/hosts.equiv");
 
 2447            Info(
"AuthExists", 
"no authentication required remotely");
 
 2477      const char *randdev = 
"/dev/urandom";
 
 2480      if ((fd = 
open(randdev, O_RDONLY)) != -1) {
 
 2482            ::Info(
"InitRandom", 
"taking seed from %s", randdev);
 
 2483         if (read(fd, &seed, 
sizeof(seed)) != 
sizeof(seed))
 
 2484            ::Warning(
"InitRandom", 
"could not read seed from %s", randdev);
 
 2488            ::Info(
"InitRandom", 
"%s not available: using time()", randdev);
 
 2503      Info(
"GenRSAKeys", 
"enter");
 
 2507         Info(
"GenRSAKeys", 
"Keys prviously generated - return");
 
 2529         Info(
"GenRSAKeys",
"SSL: Generate Blowfish key");
 
 2538      OpenSSL_add_all_ciphers();
 
 2544      nbits = (nbits >= 128) ? nbits : 128;
 
 2547      nbits = (nbits <= 15912) ? nbits : 15912;
 
 2550      Int_t klen = nbits / 8 ;
 
 2554      RAND_seed(rbuf,strlen(rbuf));
 
 2563      BF_set_key(&fgBFKey, klen, (
const unsigned char *)rbuf);
 
 2572   Int_t l_n = 0, l_d = 0;
 
 2579   Int_t nAttempts = 0;
 
 2585      if (
gDebug > 2 && nAttempts > 1) {
 
 2586         Info(
"GenRSAKeys", 
"retry no. %d",nAttempts);
 
 2599            Info(
"GenRSAKeys", 
"equal primes: regenerate (%d times)",nPrimes);
 
 2607         Info(
"GenRSAKeys", 
"local: p1: '%s' ", buf);
 
 2609         Info(
"GenRSAKeys", 
"local: p2: '%s' ", buf);
 
 2614         if (
gDebug > 2 && nAttempts > 1)
 
 2615            Info(
"GenRSAKeys",
" genrsa: unable to generate keys (%d)",
 
 2622      l_n = strlen(buf_n);
 
 2625      l_e = strlen(buf_e);
 
 2628      l_d = strlen(buf_d);
 
 2632         Info(
"GenRSAKeys", 
"local: n: '%s' length: %d", buf_n, l_n);
 
 2633         Info(
"GenRSAKeys", 
"local: e: '%s' length: %d", buf_e, l_e);
 
 2634         Info(
"GenRSAKeys", 
"local: d: '%s' length: %d", buf_d, l_d);
 
 2646      strlcpy(
test, tdum, lTes+1);
 
 2650         Info(
"GenRSAKeys", 
"local: test string: '%s' ", 
test);
 
 2653      strlcpy(buf, 
test, lTes+1);
 
 2659              "local: length of crypted string: %d bytes", lout);
 
 2665         Info(
"GenRSAKeys", 
"local: after private/public : '%s' ", buf);
 
 2667      if (strncmp(
test, buf, lTes))
 
 2671      strlcpy(buf, 
test, lTes+1);
 
 2676         Info(
"GenRSAKeys", 
"local: length of crypted string: %d bytes ",
 
 2683         Info(
"GenRSAKeys", 
"local: after public/private : '%s' ", buf);
 
 2685      if (strncmp(
test, buf, lTes))
 
 2702      Info(
"GenRSAKeys", 
"local: generated keys are:");
 
 2703      Info(
"GenRSAKeys", 
"local: n: '%s' length: %d", buf_n, l_n);
 
 2704      Info(
"GenRSAKeys", 
"local: e: '%s' length: %d", buf_e, l_e);
 
 2705      Info(
"GenRSAKeys", 
"local: d: '%s' length: %d", buf_d, l_d);
 
 2746   unsigned int iimx[4][4] = {
 
 2747      {0x0, 0xffffff08, 0xafffffff, 0x2ffffffe}, 
 
 2748      {0x0, 0x3ff0000, 0x7fffffe, 0x7fffffe},    
 
 2749      {0x0, 0x3ff0000, 0x7e, 0x7e},              
 
 2750      {0x0, 0x3ffc000, 0x7fffffe, 0x7fffffe}     
 
 2753   const char *cOpt[4] = { 
"Any", 
"LetNum", 
"Hex", 
"Crypt" };
 
 2756   if (opt < 0 || opt > 2) {
 
 2759         Info(
"GetRandString", 
"unknown option: %d : assume 0", opt);
 
 2762      Info(
"GetRandString", 
"enter ... len: %d %s", len, cOpt[opt]);
 
 2765   char *buf = 
new char[len + 1];
 
 2775      for (
m = 7; 
m < 32; 
m += 7) {
 
 2776         i = 0x7F & (frnd >> 
m);
 
 2779         if ((iimx[opt][j] & (1 << 
l))) {
 
 2791      Info(
"GetRandString", 
"got '%s' ", buf);
 
 2803                                Int_t key, 
const char *str)
 
 2809      ::Info(
"TAuthenticate::SecureSend", 
"local: enter ... (enc: %d)", enc);
 
 2811   Int_t slen = strlen(str) + 1;
 
 2816      strlcpy(buftmp, str, slen+1);
 
 2826   } 
else if (key == 1) {
 
 2831         ttmp = ((ttmp + 8)/8) * 8;
 
 2832      unsigned char iv[8];
 
 2833      memset((
void *)&iv[0],0,8);
 
 2834      BF_cbc_encrypt((
const unsigned char *)str, (
unsigned char *)buftmp,
 
 2835                     strlen(str), &fgBFKey, iv, BF_ENCRYPT);
 
 2838         ::Info(
"TAuthenticate::SecureSend",
"not compiled with SSL support:" 
 2839                " you should not have got here!");
 
 2843         ::Info(
"TAuthenticate::SecureSend",
"unknown key type (%d)",key);
 
 2850   nsen = sock->
SendRaw(buftmp, ttmp);
 
 2852      ::Info(
"TAuthenticate::SecureSend",
 
 2853             "local: sent %d bytes (expected: %d)", nsen,ttmp);
 
 2875   if (sock->
Recv(buflen, 20, kind) < 0)
 
 2877   Int_t len = atoi(buflen);
 
 2879      ::Info(
"TAuthenticate::SecureRecv", 
"got len '%s' %d (msg kind: %d)",
 
 2884   if (!strncmp(buflen, 
"-1", 2))
 
 2888   if ((nrec = sock->
RecvRaw(buftmp, len)) < 0)
 
 2899      const size_t strSize = strlen(buftmp) + 1;
 
 2900      *str = 
new char[strSize];
 
 2901      strlcpy(*str, buftmp, strSize);
 
 2903   } 
else if (key == 1) {
 
 2905      unsigned char iv[8];
 
 2906      memset((
void *)&iv[0],0,8);
 
 2907      *str = 
new char[nrec + 1];
 
 2908      BF_cbc_encrypt((
const unsigned char *)buftmp, (
unsigned char *)(*str),
 
 2909                     nrec, &fgBFKey, iv, BF_DECRYPT);
 
 2910      (*str)[nrec] = 
'\0';
 
 2913         ::Info(
"TAuthenticate::SecureRecv",
"not compiled with SSL support:" 
 2914                " you should not have got here!");
 
 2918         ::Info(
"TAuthenticate::SecureRecv",
"unknown key type (%d)",key);
 
 2931                                     R__rsa_NUMBER &rsa_d, 
char **rsassl)
 
 2937      ::Info(
"TAuthenticate::DecodeRSAPublic",
 
 2938             "enter: string length: %ld bytes", (
Long_t)strlen(rsaPubExport));
 
 2941   Int_t klen = strlen(rsaPubExport);
 
 2943      ::Info(
"TAuthenticate::DecodeRSAPublic",
 
 2944             "key too long (%d): truncate to %d",klen,
kMAXPATHLEN);
 
 2947   memcpy(str, rsaPubExport, klen);
 
 2956      while (str[k] == 32) k++;
 
 2958      if (str[k] == 
'#') {
 
 2963         char *pd1 = strstr(str, 
"#");
 
 2964         char *pd2 = pd1 ? strstr(pd1 + 1, 
"#") : (
char *)0;
 
 2965         char *pd3 = pd2 ? strstr(pd2 + 1, 
"#") : (
char *)0;
 
 2966         if (pd1 && pd2 && pd3) {
 
 2968            int l1 = (int) (pd2 - pd1 - 1);
 
 2969            char *rsa_n_exp = 
new char[l1 + 1];
 
 2970            strlcpy(rsa_n_exp, pd1 + 1, l1+1);
 
 2972               ::Info(
"TAuthenticate::DecodeRSAPublic",
 
 2973                      "got %ld bytes for rsa_n_exp", (
Long_t)strlen(rsa_n_exp));
 
 2975            int l2 = (int) (pd3 - pd2 - 1);
 
 2976            char *rsa_d_exp = 
new char[l2 + 1];
 
 2977            strlcpy(rsa_d_exp, pd2 + 1, 13);
 
 2979               ::Info(
"TAuthenticate::DecodeRSAPublic",
 
 2980                      "got %ld bytes for rsa_d_exp", (
Long_t)strlen(rsa_d_exp));
 
 2989            ::Info(
"TAuthenticate::DecodeRSAPublic",
"bad format for input string");
 
 2998         BIO *bpub = BIO_new(BIO_s_mem());
 
 3001         BIO_write(bpub,(
void *)str,strlen(str));
 
 3004         if (!(rsatmp = PEM_read_bio_RSAPublicKey(bpub, 0, 0, 0))) {
 
 3006               ::Info(
"TAuthenticate::DecodeRSAPublic",
 
 3007                        "unable to read pub key from bio");
 
 3010               *rsassl = (
char *)rsatmp;
 
 3012               ::Info(
"TAuthenticate::DecodeRSAPublic",
 
 3013                        "no space allocated for output variable");
 
 3020            ::Info(
"TAuthenticate::DecodeRSAPublic",
"not compiled with SSL support:" 
 3021                   " you should not have got here!");
 
 3036      ::Info(
"TAuthenticate::SetRSAPublic",
 
 3037             "enter: string length %ld bytes", (
Long_t)strlen(rsaPubExport));
 
 3047      while (rsaPubExport[k0] == 32) k0++;
 
 3056      if (rsaPubExport[k0] == 
'#' && rsaPubExport[k2] == 
'#') {
 
 3057         char *p0 = (
char *)&rsaPubExport[k0];
 
 3058         char *p2 = (
char *)&rsaPubExport[k2];
 
 3059         char *p1 = strchr(p0+1,
'#');
 
 3060         if (p1 > p0 && p1 < p2) {
 
 3066               while (
c < p1 && ((*c < 58 && *c > 47) || (*c < 91 && *c > 64)))
 
 3070                  while (
c < p2 && ((*c < 58 && *c > 47) || (*c < 91 && *c > 64)))
 
 3079         ::Info(
"TAuthenticate::SetRSAPublic",
" Key type: %d",rsakey);
 
 3083         R__rsa_NUMBER rsa_n, rsa_d;
 
 3094         BF_set_key(&fgBFKey, klen, (
const unsigned char *)rsaPubExport);
 
 3097            ::Info(
"TAuthenticate::SetRSAPublic",
 
 3098                   "not compiled with SSL support:" 
 3099                   " you should not have got here!");
 
 3119      ::Info(
"TAuthenticate::SendRSAPublicKey",
 
 3120             "received key from server %ld bytes", (
Long_t)strlen(serverPubKey));
 
 3123   R__rsa_NUMBER rsa_n, rsa_d;
 
 3129         RSA_free((RSA *)tmprsa);
 
 3132   RSA *RSASSLServer = (RSA *)tmprsa;
 
 3140   char buflen[20] = {0};
 
 3147   } 
else if (key == 1) {
 
 3149      Int_t lcmax = RSA_size(RSASSLServer) - 11;
 
 3155         if ((ttmp = RSA_public_encrypt(lc,
 
 3157                                        (
unsigned char *)&buftmp[ke],
 
 3158                                        RSASSLServer,RSA_PKCS1_PADDING)) < 0) {
 
 3161            ::Info(
"TAuthenticate::SendRSAPublicKey",
"SSL: error: '%s' ",errstr);
 
 3171         ::Info(
"TAuthenticate::SendRSAPublicKey",
"not compiled with SSL support:" 
 3172                " you should not have got here!");
 
 3177         ::Info(
"TAuthenticate::SendRSAPublicKey",
"unknown key type (%d)",key);
 
 3180         RSA_free(RSASSLServer);
 
 3191      ::Info(
"TAuthenticate::SendRSAPublicKey",
 
 3192             "local: sent %d bytes (expected: %d)", nsen,ttmp);
 
 3195      RSA_free(RSASSLServer);
 
 3216   if (authrc && 
gDebug > 2)
 
 3217      ::Info(
"TAuthenticate::ReadRootAuthrc", 
"Checking file: %s", authrc);
 
 3219      if (authrc && 
gDebug > 1)
 
 3220         ::Info(
"TAuthenticate::ReadRootAuthrc",
 
 3221                "file %s cannot be read (errno: %d)", authrc, errno);
 
 3225         ::Info(
"TAuthenticate::ReadRootAuthrc", 
"Checking system file: %s", authrc);
 
 3228            ::Info(
"TAuthenticate::ReadRootAuthrc",
 
 3229                   "file %s cannot be read (errno: %d)", authrc, errno);
 
 3239      stat(tRootAuthrc, &si);
 
 3242            ::Info(
"TAuthenticate::ReadRootAuthrc",
 
 3243                   "file %s already read", authrc);
 
 3259   TString filetmp = 
"rootauthrc";
 
 3262      ::Info(
"TAuthenticate::ReadRootAuthrc", 
"got tmp file: %s open at 0x%lx",
 
 3275      fd = fopen(authrc, 
"r");
 
 3278            ::Info(
"TAuthenticate::ReadRootAuthrc",
 
 3279                   "file %s cannot be open (errno: %d)", authrc, errno);
 
 3290   while (fgets(
line, 
sizeof(
line), fd) != 0) {
 
 3297      if (
line[strlen(
line) - 1] == 
'\n')
 
 3305      const size_t tmpSize = strlen(
line) + 1;
 
 3306      char *tmp = 
new char[tmpSize];
 
 3308         ::Error(
"TAuthenticate::ReadRootAuthrc",
 
 3309                 "could not allocate temporary buffer");
 
 3313      strlcpy(tmp, 
line, tmpSize);
 
 3314      char *nxt = strtok(tmp,
" ");
 
 3316      if (!strcmp(nxt, 
"proofserv") || cont) {
 
 3326               proofserv += 
TString((
const char *)ph);
 
 3347            if (server == 
"0" || server.
BeginsWith(
"sock"))
 
 3349            else if (server == 
"1" || server.
BeginsWith(
"root"))
 
 3351            else if (server == 
"2" || server.
BeginsWith(
"proof"))
 
 3358         nxt = strtok(0,
" ");
 
 3359         if (!strncmp(nxt,
"user",4)) {
 
 3360            nxt = strtok(0,
" ");
 
 3361            if (strncmp(nxt,
"list",4) && strncmp(nxt,
"method",6)) {
 
 3363               nxt = strtok(0,
" ");
 
 3368         TIter next(&tmpAuthInfo);
 
 3378            tmpAuthInfo.
Add(ha);
 
 3381         if (!strncmp(nxt,
"list",4)) {
 
 3384            char *mth = strtok(0,
" ");
 
 3387               if (strlen(mth) > 1) {
 
 3390                  if (met == -1 && 
gDebug > 2)
 
 3391                     ::Info(
"TAuthenticate::ReadRootAuthrc",
 
 3392                            "unrecognized method (%s): ", mth);
 
 3396               if (met > -1 && met < 
kMAXSEC)
 
 3398               mth = strtok(0,
" ");
 
 3403         } 
else if (!strncmp(nxt,
"method",6)) {
 
 3406            char *mth = strtok(0,
" ");
 
 3408            if (strlen(mth) > 1) {
 
 3411               if (met == -1 && 
gDebug > 2)
 
 3412                  ::Info(
"TAuthenticate::ReadRootAuthrc",
 
 3413                         "unrecognized method (%s): ", mth);
 
 3417            if (met > -1 && met < 
kMAXSEC) {
 
 3418               const char *det = 0;
 
 3419               nxt = strtok(0,
" ");
 
 3421                  det = (
const char *)strstr(
line,nxt);
 
 3430      if (tmp) 
delete [] tmp;
 
 3448   TList tmpproofauthinfo;
 
 3449   if (proofserv.
Length() > 0) {
 
 3450      char *tmps = 
new char[proofserv.
Length()+1];
 
 3451      strlcpy(tmps,proofserv.
Data(),proofserv.
Length()+1);
 
 3452      char *nxt = strtok(tmps,
" ");
 
 3454         TString tmp((
const char *)nxt);
 
 3458         if ((pdd = tmp.
Index(
":")) == -1) {
 
 3469         if ((pdd = tmp.
Index(
":")) == -1) {
 
 3481         while (tmp.
Length() > 0) {
 
 3483            if ((pdd = tmp.
Index(
":")) > -1)
 
 3488               if (met == -1 && 
gDebug > 2)
 
 3489                  ::Info(
"TAuthenticate::ReadRootAuthrc",
 
 3490                         "unrecognized method (%s): ",meth.
Data());
 
 3491            } 
else if (meth.
Length() == 1) {
 
 3492               met = atoi(meth.
Data());
 
 3493               if (met > -1 && met < 
kMAXSEC)
 
 3516         tmpproofauthinfo.
Add(ha);
 
 3518         nxt = strtok(0,
" ");
 
 3538   const char netrc[2][20] = { 
"/.netrc", 
"/.rootnetrc" };
 
 3548             "not properly logged on (getpwuid unable to find relevant info)!");
 
 3556      for (; i < 2; i++) {
 
 3562         out.
Form(
"pt:0 ru:1 us:%s",user.
Data());
 
 3566      if (strlen(out) > 0)
 
 3568                "meth: %d ... is available: details: %s", cSec, out.
Data());
 
 3571                "meth: %d ... is NOT available", cSec);
 
 3589      if (!strcmp(user,ctx->
GetUser()) &&
 
 3590          strncmp(
"AFS", ctx->
GetID(), 3))
 
 3620   while ((hanew = (
THostAuth *)nxnew())) {
 
 3642   while ((hanew = (
THostAuth *)nxnew())) {
 
 3706         Info(
"ProofAuthSetup",
"Buffer not found: nothing to do");
 
 3720   *mess >> user >> 
passwd >> pwhash >> srppwd >> rsakey;
 
 3737         Info(
"ProofAuthSetup",
"List of THostAuth not found");
 
 3758            fromProofAI = 
kTRUE;
 
 3769            if (!master || fromProofAI) {
 
 3831   if (remoteOffSet > -1 && upwd)
 
 3834   if (upwd && pwdctx) {
 
 3843   mess << user << 
passwd << pwhash << srppwd << keytyp;
 
 3849   char *mbuf = mess.
Buffer();
 
 3854      ::Info(
"ProofAuthSetup",
"sending %d bytes", messb64.
Length());
 
 3857   if (remoteOffSet > -1) {
 
 3859         ::Error(
"ProofAuthSetup",
"problems secure-sending message buffer");
 
 3867         ::Error(
"ProofAuthSetup",
"plain: problems sending message length");
 
 3871         ::Error(
"ProofAuthSetup",
"problems sending message buffer");
 
 3907      Error(
"SendHostAuth",
"invalid input: socket undefined");
 
 3922         Info(
"SendHostAuth",
"sent %d bytes (%s)",
ns,buf.
Data());
 
 3929      Info(
"SendHostAuth",
"sent %d bytes for closing",
ns);
 
 3943      Error(
"RecvHostAuth",
"invalid input: socket undefined");
 
 3958      Error(
"RecvHostAuth", 
"received: kind: %d (%d bytes)", kind, nr);
 
 3962      Info(
"RecvHostAuth",
"received %d bytes (%s)",nr,buf);
 
 3964   while (strcmp(buf, 
"END")) {
 
 3984            fromProofAI = 
kTRUE;
 
 3995            if (!master || fromProofAI) {
 
 4034         Info(
"RecvHostAuth",
"Error: received: kind: %d (%d bytes)", kind, nr);
 
 4038         Info(
"RecvHostAuth",
"received %d bytes (%s)",nr,buf);
 
 4071   if (remoteOffSet > -1 && upwd)
 
 4074   if (upwd && pwdctx) {
 
 4078         Error(
"OldAuthSetup", 
"failed to send offset in RSA key");
 
 4089         if (remoteOffSet > -1)
 
 4090            Warning(
"OldAuthSetup",
"problems secure-sending pass hash %s",
 
 4091                    "- may result in failures");
 
 4094            for (
int i = 0; i < 
passwd.Length(); i++) {
 
 4100            if (sock->
Send(mess) < 0) {
 
 4101               Error(
"OldAuthSetup", 
"failed to send inverted password");
 
 4111         Error(
"OldAuthSetup", 
"failed to send no offset notification in RSA key");
 
 4118   mess << user << pwhash << srppwd << ord << conf;
 
 4120   if (sock->
Send(mess) < 0) {
 
 4121      Error(
"OldAuthSetup", 
"failed to send ordinal and config info");
 
 4125   if (proofdProto > 6) {
 
 4131         Error(
"OldAuthSetup", 
"failed to send HostAuth info");
 
 4150   if (sock->
Recv(retval, kind) != 2*
sizeof(
Int_t)) {
 
 4152      Info(
"OldProofServAuthSetup",
 
 4153           "socket has been closed due to protocol mismatch - Exiting");
 
 4170               if ((fKey = fopen(keyfile.
Data(), 
"r"))) {
 
 4171                  Int_t klen = fread((
void *)pubkey,1,
sizeof(pubkey),fKey);
 
 4173                     Error(
"OldProofServAuthSetup",
 
 4174                           "failed to read public key from '%s'", keyfile.
Data());
 
 4183                  Error(
"OldProofServAuthSetup", 
"failed to open '%s'", keyfile.
Data());
 
 4192            Error(
"OldProofServAuthSetup", 
"failed to receive password");
 
 4198      } 
else if (retval == -1) {
 
 4202         if ((sock->
Recv(mess) <= 0) || !mess) {
 
 4203            Error(
"OldProofServAuthSetup", 
"failed to receive inverted password");
 
 4219   if ((sock->
Recv(mess) <= 0) || !mess) {
 
 4220      Error(
"OldProofServAuthSetup", 
"failed to receive ordinal and config info");
 
 4228         (*mess) >> user >> pwhash >> srppwd >> conf;
 
 4231         (*mess) >> user >> pwhash >> srppwd >> ord >> conf;
 
 4236         (*mess) >> user >> pwhash >> srppwd >> iord;
 
 4240         (*mess) >> user >> pwhash >> srppwd >> ord >> conf;
 
 4261      Error(
"OldProofServAuthSetup", 
"failed to receive HostAuth info");
 
const Int_t kAUTH_SSALT_MSK
const Int_t kAUTH_CRYPT_MSK
const Int_t kAUTH_REUSE_MSK
const Int_t kAUTH_RSATY_MSK
R__EXTERN const char * gRootdErrStr[]
TVirtualMutex * gAuthenticateMutex
static Int_t SendHostAuth(TSocket *s)
Sends the list of the relevant THostAuth objects to the master or to the active slaves,...
Int_t OldProofServAuthSetup(TSocket *sock, Bool_t master, Int_t protocol, TString &user, TString &ord, TString &conf)
Authentication related setup in TProofServ run after successful startup.
Int_t StdCheckSecCtx(const char *, TRootSecContext *)
Standard version of CheckSecCtx to be passed to TAuthenticate::AuthExists Check if User is matches th...
Int_t OldSlaveAuthSetup(TSocket *sock, Bool_t, TString ord, TString conf)
Setup of authetication in PROOF run after successful opening of the socket.
static Int_t RecvHostAuth(TSocket *s, Option_t *opt)
Receive from client/master directives for authentications, create related THostAuth and add them to t...
R__rsa_KEY_export R__fgRSAPubExport[2]
static int auth_rand()
rand() implementation using /udev/random or /dev/random, if available
Int_t(* Krb5Auth_t)(TAuthenticate *auth, TString &user, TString &det, Int_t version)
Int_t(* SecureAuth_t)(TAuthenticate *auth, const char *user, const char *passwd, const char *remote, TString &det, Int_t version)
Int_t(* GlobusAuth_t)(TAuthenticate *auth, TString &user, TString &det)
Int_t(* CheckSecCtx_t)(const char *subj, TRootSecContext *ctx)
void Info(const char *location, const char *msgfmt,...)
void Error(const char *location, const char *msgfmt,...)
void Warning(const char *location, const char *msgfmt,...)
char * Form(const char *fmt,...)
void Printf(const char *fmt,...)
char * StrDup(const char *str)
Duplicate the string str.
typedef void((*Func_t)())
Bool_t R_ISREG(Int_t mode)
Bool_t R_ISDIR(Int_t mode)
R__EXTERN TSystem * gSystem
#define R__LOCKGUARD2(mutex)
#define SSL_load_error_strings
static void RemoveHostAuth(THostAuth *ha, Option_t *opt="")
Remove THostAuth instance from the list.
static Int_t SetRSAPublic(const char *rsapubexport, Int_t klen)
Store RSA public keys from export string rsaPubExport.
static TPluginHandler * fgPasswdDialog
static void SetGlobalSRPPwd(Bool_t srppwd)
Set global SRP passwd flag to be used for authentication to rootd or proofd.
static Bool_t fgPromptUser
TRootSecContext * fSecContext
static void FileExpand(const char *fin, FILE *ftmp)
Expands include directives found in fexp files The expanded, temporary file, is pointed to by 'ftmp' ...
static const char * GetGlobalUser()
Static method returning the global user.
static void SetGlobalUser(const char *user)
Set global user name to be used for authentication to rootd or proofd.
static void SetPromptUser(Bool_t promptuser)
Set global PromptUser flag.
Int_t RfioAuth(TString &user)
RFIO authentication (no longer supported)
static void Show(Option_t *opt="S")
Print info about the authentication sector.
const char * GetSshUser(TString user) const
Method returning the user to be used for the ssh login (no longer supported)
static const char * GetDefaultUser()
Static method returning the default user information.
static Bool_t GetPromptUser()
Static method returning the prompt user settings.
static Int_t SecureRecv(TSocket *Socket, Int_t dec, Int_t KeyType, char **Out)
Receive str from sock and decode it using key indicated by key type Return number of received bytes o...
static const char * GetKrb5Principal()
Static method returning the principal to be used to init Krb5 tickets.
THostAuth * GetHostAuth() const
static void SetAuthReUse(Bool_t authreuse)
Set global AuthReUse flag.
static R__rsa_KEY_export * fgRSAPubExport
char * GetRandString(Int_t Opt, Int_t Len)
Allocates and fills a 0 terminated buffer of length len+1 with len random characters.
static TList * GetProofAuthInfo()
Static method returning the list with authentication directives to be sent to proof.
Int_t SshAuth(TString &user)
SSH client authentication code (no longer supported)
static char * PromptPasswd(const char *prompt="Password: ")
Static method to prompt for the user's passwd to be used for authentication to rootd or proofd.
static void SetDefaultUser(const char *defaultuser)
Set default user name.
static void SetGlobalPwHash(Bool_t pwhash)
Set global passwd hash flag to be used for authentication to rootd or proofd.
static void SetGlobalExpDate(TDatime expdate)
Set default expiring date for new validity contexts.
static Int_t GetRSAInit()
Static method returning the RSA initialization flag.
static void SetSecureAuthHook(SecureAuth_t func)
Set secure authorization function.
static Int_t GetClientProtocol()
Static method returning supported client protocol.
static Int_t ReadRootAuthrc()
Read authentication directives from $ROOTAUTHRC, $HOME/.rootauthrc or <Root_etc_dir>/system....
static Bool_t fgReadHomeAuthrc
static Int_t SecureSend(TSocket *Socket, Int_t enc, Int_t KeyType, const char *In)
Encode null terminated str using the session private key indicated by enc and sends it over the netwo...
Int_t GenRSAKeys()
Generate a valid pair of private/public RSA keys to protect for authentication token exchange.
Bool_t CheckNetrc(TString &user, TString &passwd)
Try to get user name and passwd from the ~/.rootnetrc or ~/.netrc files.
static const char * GetRSAPubExport(Int_t key=0)
Static method returning the RSA public keys.
static Int_t DecodeRSAPublic(const char *rsapubexport, R__rsa_NUMBER &n, R__rsa_NUMBER &d, char **rsassl=0)
Store RSA public keys from export string rsaPubExport.
static void SetReadHomeAuthrc(Bool_t readhomeauthrc)
Set flag controlling the reading of $HOME/.rootauthrc.
static void InitRandom()
Initialize random machine using seed from /dev/urandom (or current time if /dev/urandom not available...
static TList * fgProofAuthInfo
static R__rsa_KEY fgRSAPubKey
static Bool_t fgAuthReUse
static Bool_t GetGlobalPwHash()
Static method returning the global password hash flag.
static void SetKrb5AuthHook(Krb5Auth_t func)
Set kerberos5 authorization function.
static void SetGlobusAuthHook(GlobusAuth_t func)
Set Globus authorization function.
static void SetRSAInit(Int_t init=1)
Static method setting RSA initialization flag.
static void SetGlobalPasswd(const char *passwd)
Set global passwd to be used for authentication to rootd or proofd.
void SetEnvironment()
Set default authentication environment.
static Int_t SendRSAPublicKey(TSocket *Socket, Int_t key=0)
Receives server RSA Public key Sends local RSA public key encoded.
static Bool_t CheckProofAuth(Int_t cSec, TString &det)
Check if the authentication method can be attempted for the client.
static TDatime fgLastAuthrc
static TList * fgAuthInfo
static TString fgAuthMeth[kMAXSEC]
void CatchTimeOut()
Called in connection with a timer timeout.
Bool_t GetUserPasswd(TString &user, TString &passwd, Bool_t &pwhash, Bool_t srppwd)
Try to get user name and passwd from several sources.
Bool_t Authenticate()
Authenticate to remote rootd or proofd server.
static R__rsa_KEY fgRSAPriKey
static TString fgRootAuthrc
Int_t AuthExists(TString User, Int_t method, const char *Options, Int_t *Message, Int_t *Rflag, CheckSecCtx_t funcheck)
Check if we have a valid established sec context in memory Retrieves relevant info and negotiates wit...
static TList * GetAuthInfo()
Static method returning the list with authentication details.
static GlobusAuth_t GetGlobusAuthHook()
Static method returning the globus authorization hook (no longer supported)
Int_t ProofAuthSetup()
Authentication related stuff setup in TProofServ.
Int_t ClearAuth(TString &user, TString &passwd, Bool_t &pwhash)
UsrPwd client authentication code.
static void AuthError(const char *where, Int_t error)
Print error string depending on error code.
static char * GetDefaultDetails(Int_t method, Int_t opt, const char *user)
Determine default authentication details for method 'sec' and user 'usr'.
static void MergeHostAuthList(TList *Std, TList *New, Option_t *Opt="")
Tool for updating fgAuthInfo or fgProofAuthInfo 'nin' contains list of last input information through...
static TString fgDefaultUser
static Int_t GetAuthMethodIdx(const char *meth)
Static method returning the method index (which can be used to find the method in GetAuthMethod()).
static void SetTimeOut(Int_t to)
Set timeout (active if > 0)
static Bool_t fgUsrPwdCrypt
TAuthenticate(TSocket *sock, const char *remote, const char *proto, const char *user="")
Create authentication object.
static void RemoveSecContext(TRootSecContext *ctx)
Tool for removing SecContext ctx from THostAuth listed in fgAuthInfo or fgProofAuthInfo.
static TDatime GetGlobalExpDate()
Static method returning default expiring date for new validity contexts.
static Bool_t GetGlobalSRPPwd()
Static method returning the global SRP password flag.
static SecureAuth_t fgSecAuthHook
static char * PromptUser(const char *remote)
Static method to prompt for the user name to be used for authentication to rootd or proofd.
static Bool_t CheckHost(const char *Host, const char *host)
Check if 'host' matches 'href': this means either equal or "containing" it, even with wild cards * in...
static void SetDefaultRSAKeyType(Int_t key)
Static method setting the default type of RSA key.
static const char * GetAuthMethod(Int_t idx)
Static method returning the method corresponding to idx.
static Bool_t GetAuthReUse()
Static method returning the authentication reuse settings.
static THostAuth * HasHostAuth(const char *host, const char *user, Option_t *opt="R")
Checks if a THostAuth with exact match for {host,user} exists in the fgAuthInfo list If opt = "P" use...
static TString Decode(const char *data)
Decode a base64 string date into a generic TString.
static TString Encode(const char *data)
Transform data into a null terminated base64 string.
virtual TObject * ReadObject(const TClass *cl)
Read object from I/O buffer.
virtual void WriteObject(const TObject *obj, Bool_t cacheReuse=kTRUE)
Write object to I/O buffer.
virtual Int_t GetSize() const
Return the capacity of the collection, i.e.
This class stores the date and time with a precision of one second in an unsigned 32 bit word (950130...
void Set()
Set Date/Time to current time as reported by the system.
UInt_t Convert(Bool_t toGMT=kFALSE) const
Convert fDatime from TDatime format to the standard time_t format.
virtual Int_t GetValue(const char *name, Int_t dflt) const
Returns the integer value for a resource.
const char * GetUser() const
const char * GetHost() const
TRootSecContext * CreateSecContext(const char *user, const char *host, Int_t meth, Int_t offset, const char *details, const char *token, TDatime expdate=kROOTTZERO, void *ctx=0, Int_t key=-1)
Create a Security context and add it to local list Return pointer to it to be stored in TAuthenticate...
void SetUser(const char *user)
void SetDetails(Int_t level, const char *details)
Set authentication details for specified level.
void SetHost(const char *host)
void SetFirst(Int_t level)
Set 'method' to be the first used (if in the list ...).
virtual void Print(Option_t *option="") const
Print object content.
void SetServer(Int_t server)
void ReOrder(Int_t nmet, Int_t *fmet)
Reorder nmet methods according fmet[nmet].
void RemoveMethod(Int_t level)
Remove method 'meth' from the list, if there ...
void AddMethod(Int_t level, const char *details=0)
Add method to the list.
void CountFailure(Int_t level)
Count failures for 'method'.
Int_t GetMethod(Int_t idx) const
void AsString(TString &out) const
Return a static string with all info in a serialized form.
Bool_t HasMethod(Int_t level, Int_t *pos=0)
Return kTRUE if method 'level' is in the list.
TList * Established() const
void AddFirst(Int_t level, const char *details=0)
Add new method in first position If already in the list, set as first method 'level' with authenticat...
void Update(THostAuth *ha)
Update info with the one in ha Remaining methods, if any, get lower priority.
const char * GetDetails(Int_t level)
Return authentication details for specified level or "" if the specified level does not exist for thi...
void SetLast(Int_t level)
Set 'method' to be the last used (if in the list ...).
void PrintEstablished() const
Print info about established authentication vis-a-vis of this Host.
void CountSuccess(Int_t level)
Count successes for 'method'.
This class represents an Internet Protocol (IP) address.
const char * GetHostName() const
const char * GetHostAddress() const
Returns the IP address string "%d.%d.%d.%d".
virtual void Add(TObject *obj)
virtual TObject * Remove(TObject *obj)
Remove object from the list.
virtual void Warning(const char *method, const char *msgfmt,...) const
Issue warning message.
virtual void Error(const char *method, const char *msgfmt,...) const
Issue error message.
virtual void Info(const char *method, const char *msgfmt,...) const
Issue info message.
Long_t ExecPlugin(int nargs, const T &... params)
Int_t LoadPlugin()
Load the plugin library for this handler.
const char * GetPasswd() const
Bool_t Connect(const char *signal, const char *receiver_class, void *receiver, const char *slot)
Non-static method is used to connect from the signal of this object to the receiver slot.
static const TString & GetEtcDir()
Get the sysconfig directory in the installation. Static utility function.
static RSA_encode_t RSA_encode()
static RSA_genprim_t RSA_genprim()
static RSA_assign_t RSA_assign()
static RSA_cmp_t RSA_cmp()
static RSA_decode_t RSA_decode()
static RSA_genrsa_t RSA_genrsa()
static RSA_num_sput_t RSA_num_sput()
static RSA_num_sget_t RSA_num_sget()
Regular expression class.
Ssiz_t Index(const TString &str, Ssiz_t *len, Ssiz_t start=0) const
Find the first occurrence of the regexp in string and return the position, or -1 if there is no match...
void DeActivate(Option_t *opt="CR")
Set OffSet to -1 and expiring Date to default Remove from the list If Opt contains "C" or "c",...
void Print(Option_t *option="F") const
If opt is "F" (default) print object content.
Bool_t IsActive() const
Check remote OffSet and expiring Date.
const char * GetID() const
void SetID(const char *id)
const char * GetHost() const
const char * GetToken() const
void AddForCleanup(Int_t port, Int_t proto, Int_t type)
Create a new TSecContextCleanup Internally is added to the list.
virtual void Print(Option_t *option="F") const
If opt is "F" (default) print object content.
Bool_t IsA(const char *methodname)
Checks if this security context is for method named 'methname' Case sensitive.
void * GetContext() const
const char * GetUser() const
void SetOffSet(Int_t offset)
virtual Int_t Recv(TMessage *&mess)
Receive a TMessage object.
static Int_t GetClientProtocol()
Static method returning supported client protocol.
Int_t GetRemoteProtocol() const
virtual void Close(Option_t *opt="")
Close the socket.
virtual Int_t RecvRaw(void *buffer, Int_t length, ESendRecvOptions opt=kDefault)
Receive a raw buffer of specified length bytes.
TSecContext * GetSecContext() const
virtual Int_t SendRaw(const void *buffer, Int_t length, ESendRecvOptions opt=kDefault)
Send a raw buffer of specified length.
Int_t GetServType() const
virtual Int_t Send(const TMessage &mess)
Send a TMessage object.
Bool_t EndsWith(const char *pat, ECaseCompare cmp=kExact) const
Return true if string ends with the specified string.
TString & Replace(Ssiz_t pos, Ssiz_t n, const char *s)
const char * Data() const
TString & ReplaceAll(const TString &s1, const TString &s2)
void Resize(Ssiz_t n)
Resize the string. Truncate or add blanks as necessary.
Bool_t BeginsWith(const char *s, ECaseCompare cmp=kExact) const
TString & Remove(Ssiz_t pos)
static TString Format(const char *fmt,...)
Static method which formats a string using a printf style format descriptor and return a TString.
void Form(const char *fmt,...)
Formats a string using a printf style format descriptor.
Bool_t Contains(const char *pat, ECaseCompare cmp=kExact) const
Ssiz_t Index(const char *pat, Ssiz_t i=0, ECaseCompare cmp=kExact) const
virtual int GetPid()
Get process id.
virtual const char * Getenv(const char *env)
Get environment variable.
virtual char * ConcatFileName(const char *dir, const char *name)
Concatenate a directory and a file name. User must delete returned string.
virtual const char * HomeDirectory(const char *userName=0)
Return the user's home directory.
virtual int Load(const char *module, const char *entry="", Bool_t system=kFALSE)
Load a shared library.
int GetPathInfo(const char *path, Long_t *id, Long_t *size, Long_t *flags, Long_t *modtime)
Get info about a file: id, size, flags, modification time.
virtual Bool_t AccessPathName(const char *path, EAccessMode mode=kFileExists)
Returns FALSE if one can access a file using the specified access mode.
virtual FILE * TempFileName(TString &base, const char *dir=0)
Create a secure temporary file by appending a unique 6 letter string to base.
virtual void DispatchOneEvent(Bool_t pendingOnly=kFALSE)
Dispatch a single event.
virtual const char * HostName()
Return the system's host name.
virtual Int_t GetEffectiveUid()
Returns the effective user id.
virtual TInetAddress GetHostByName(const char *server)
Get Internet Protocol (IP) address of host.
virtual int Unlink(const char *name)
Unlink, i.e.
virtual UserGroup_t * GetUserInfo(Int_t uid)
Returns all user info in the UserGroup_t structure.
char * DynamicPathName(const char *lib, Bool_t quiet=kFALSE)
Find a dynamic library called lib using the system search paths.
Handles synchronous and a-synchronous timer events.
virtual void Start(Long_t milliSec=-1, Bool_t singleShot=kFALSE)
Starts the timer with a milliSec timeout.
void SetInterruptSyscalls(Bool_t set=kTRUE)
When the argument is true the a-synchronous timer (SIGALRM) signal handler is set so that interrupted...
This class implements a mutex interface.
static constexpr double nm
static constexpr double us
static constexpr double s
static constexpr double mm
static constexpr double ns
static constexpr double ps
void inv(rsa_NUMBER *, rsa_NUMBER *, rsa_NUMBER *)