Logo ROOT   6.30.04
Reference Guide
 All Namespaces Files Pages
TAuthenticate.h
Go to the documentation of this file.
1 // @(#)root/auth:$Id$
2 // Author: Fons Rademakers 26/11/2000
3 
4 /*************************************************************************
5  * Copyright (C) 1995-2000, Rene Brun and Fons Rademakers. *
6  * All rights reserved. *
7  * *
8  * For the licensing terms see $ROOTSYS/LICENSE. *
9  * For the list of contributors see $ROOTSYS/README/CREDITS. *
10  *************************************************************************/
11 
12 #ifndef ROOT_TAuthenticate
13 #define ROOT_TAuthenticate
14 
15 
16 //////////////////////////////////////////////////////////////////////////
17 // //
18 // TAuthenticate //
19 // //
20 // An authentication module for ROOT based network services, like rootd //
21 // and proofd. //
22 // //
23 //////////////////////////////////////////////////////////////////////////
24 
25 #include "TObject.h"
26 #include "TString.h"
27 #include "TList.h"
28 #include "TDatime.h"
29 #ifndef ROOT_rsafun
30 //#include "rsafun.h"
31 #endif
32 #include "AuthConst.h"
33 
34 class TAuthenticate;
35 class THostAuth;
36 class TPluginHandler;
37 class TSocket;
38 class TRootSecContext;
39 class TVirtualMutex;
40 
41 typedef Int_t (*CheckSecCtx_t)(const char *subj, TRootSecContext *ctx);
42 typedef Int_t (*GlobusAuth_t)(TAuthenticate *auth, TString &user, TString &det);
43 typedef Int_t (*Krb5Auth_t)(TAuthenticate *auth, TString &user, TString &det, Int_t version);
44 typedef Int_t (*SecureAuth_t)(TAuthenticate *auth, const char *user, const char *passwd,
45  const char *remote, TString &det, Int_t version);
46 
47 R__EXTERN TVirtualMutex *gAuthenticateMutex;
48 
49 struct R__rsa_KEY; // opaque replacement for rsa_KEY
50 struct R__rsa_KEY_export; // opaque replacement for rsa_KEY_export
51 struct R__rsa_NUMBER; // opaque replacement for rsa_NUMBER
52 
53 class TAuthenticate : public TObject {
54 
55 friend class TRootAuth;
56 friend class TRootSecContext;
57 friend class TSocket;
58 
59 public:
60  enum ESecurity { kClear, kUnsupported, kKrb5, kGlobus, kSSH, kRfio }; // type of authentication
61 
62 private:
63  TString fDetails; // logon details (method dependent ...)
64  THostAuth *fHostAuth; // pointer to relevant authentication info
65  TString fPasswd; // user's password
66  TString fProtocol; // remote service (rootd, proofd)
67  Bool_t fPwHash; // kTRUE if fPasswd is a passwd hash
68  TString fRemote; // remote host to which we want to connect
69  Int_t fRSAKey; // Type of RSA key used
70  TRootSecContext *fSecContext; // pointer to relevant sec context
71  ESecurity fSecurity; // actual logon security level
72  TSocket *fSocket; // connection to remote daemon
73  Int_t fVersion; // 0,1,2, ... accordingly to remote daemon version
74  TString fUser; // user to be authenticated
75  Int_t fTimeOut; // timeout flag
76 
77  Int_t GenRSAKeys();
78  Bool_t GetPwHash() const { return fPwHash; }
79  Int_t GetRSAKey() const { return fRSAKey; }
80  ESecurity GetSecurity() const { return fSecurity; }
81  Bool_t GetSRPPwd() const { return false; }
82  const char *GetSshUser(TString user) const;
83  Int_t GetVersion() const { return fVersion; }
84  Int_t ClearAuth(TString &user, TString &passwd, Bool_t &pwhash);
85  Bool_t GetUserPasswd(TString &user, TString &passwd,
86  Bool_t &pwhash, Bool_t srppwd);
87  char *GetRandString(Int_t Opt,Int_t Len);
88  Int_t ProofAuthSetup();
89  Int_t RfioAuth(TString &user);
90  void SetEnvironment();
91  Int_t SshAuth(TString &user);
92  Int_t SshError(const char *errfile);
93 
94  static TList *fgAuthInfo;
95  static TString fgAuthMeth[kMAXSEC];
96  static Bool_t fgAuthReUse; // kTRUE is ReUse required
97  static TString fgDefaultUser; // Default user information
98  static TDatime fgExpDate; // Expiring date for new security contexts
99  static GlobusAuth_t fgGlobusAuthHook;
100  static Krb5Auth_t fgKrb5AuthHook;
101  static TString fgKrb5Principal; // Principal for Krb5 ticket
102  static TDatime fgLastAuthrc; // Time of last reading of fgRootAuthrc
103  static TString fgPasswd;
104  static TPluginHandler *fgPasswdDialog; // Passwd dialog GUI plugin
105  static Bool_t fgPromptUser; // kTRUE if user prompt required
106  static TList *fgProofAuthInfo; // Specific lists of THostAuth fro proof
107  static Bool_t fgPwHash; // kTRUE if fgPasswd is a passwd hash
108  static Bool_t fgReadHomeAuthrc; // kTRUE to look for $HOME/.rootauthrc
109  static TString fgRootAuthrc; // Path to last rootauthrc-like file read
110  static Int_t fgRSAKey; // Default type of RSA key to be tried
111  static Int_t fgRSAInit;
112  static R__rsa_KEY fgRSAPriKey;
113  static R__rsa_KEY fgRSAPubKey;
114  static R__rsa_KEY_export* fgRSAPubExport; // array of size [2]
115  static SecureAuth_t fgSecAuthHook;
116  static TString fgUser;
117  static Bool_t fgUsrPwdCrypt; // kTRUE if encryption for UsrPwd is required
118  static Int_t fgLastError; // Last error code processed by AuthError()
119  static Int_t fgAuthTO; // if > 0, timeout in sec
120  static Int_t fgProcessID; // ID of the main thread as unique identifier
121 
122  static Bool_t CheckHost(const char *Host, const char *host);
123 
124  static void FileExpand(const char *fin, FILE *ftmp);
125  static Int_t ProofAuthSetup(TSocket *sock, Bool_t client);
126  static void RemoveSecContext(TRootSecContext *ctx);
127 
128 public:
129  TAuthenticate(TSocket *sock, const char *remote, const char *proto,
130  const char *user = "");
131  virtual ~TAuthenticate() { }
132 
133  Bool_t Authenticate();
134  Int_t AuthExists(TString User, Int_t method, const char *Options,
135  Int_t *Message, Int_t *Rflag, CheckSecCtx_t funcheck);
136  void CatchTimeOut();
137  Bool_t CheckNetrc(TString &user, TString &passwd);
138  Bool_t CheckNetrc(TString &user, TString &passwd,
139  Bool_t &pwhash, Bool_t srppwd);
140  THostAuth *GetHostAuth() const { return fHostAuth; }
141  const char *GetProtocol() const { return fProtocol; }
142  const char *GetRemoteHost() const { return fRemote; }
143  Int_t GetRSAKeyType() const { return fRSAKey; }
144  TRootSecContext *GetSecContext() const { return fSecContext; }
145  TSocket *GetSocket() const { return fSocket; }
146  const char *GetUser() const { return fUser; }
147  Int_t HasTimedOut() const { return fTimeOut; }
148  void SetRSAKeyType(Int_t key) { fRSAKey = key; }
149  void SetSecContext(TRootSecContext *ctx) { fSecContext = ctx; }
150 
151  static void AuthError(const char *where, Int_t error);
152  static Bool_t CheckProofAuth(Int_t cSec, TString &det);
153 
154  static Int_t DecodeRSAPublic(const char *rsapubexport, R__rsa_NUMBER &n,
155  R__rsa_NUMBER &d, char **rsassl = 0);
156 
157  static TList *GetAuthInfo();
158  static const char *GetAuthMethod(Int_t idx);
159  static Int_t GetAuthMethodIdx(const char *meth);
160  static Bool_t GetAuthReUse();
161  static Int_t GetClientProtocol();
162  static char *GetDefaultDetails(Int_t method, Int_t opt, const char *user);
163  static const char *GetDefaultUser();
164  static TDatime GetGlobalExpDate();
165  static Bool_t GetGlobalPwHash();
166  static Bool_t GetGlobalSRPPwd();
167  static const char *GetGlobalUser();
168  static GlobusAuth_t GetGlobusAuthHook();
169  static THostAuth *GetHostAuth(const char *host, const char *user="",
170  Option_t *opt = "R", Int_t *Exact = 0);
171  static const char *GetKrb5Principal();
172  static Bool_t GetPromptUser();
173  static TList *GetProofAuthInfo();
174  static Int_t GetRSAInit();
175  static const char *GetRSAPubExport(Int_t key = 0);
176  static THostAuth *HasHostAuth(const char *host, const char *user,
177  Option_t *opt = "R");
178  static void InitRandom();
179  static void MergeHostAuthList(TList *Std, TList *New, Option_t *Opt = "");
180  static char *PromptPasswd(const char *prompt = "Password: ");
181  static char *PromptUser(const char *remote);
182  static Int_t ReadRootAuthrc();
183  static void RemoveHostAuth(THostAuth *ha, Option_t *opt = "");
184  static Int_t SecureRecv(TSocket *Socket, Int_t dec,
185  Int_t KeyType, char **Out);
186  static Int_t SecureSend(TSocket *Socket, Int_t enc,
187  Int_t KeyType, const char *In);
188  static Int_t SendRSAPublicKey(TSocket *Socket, Int_t key = 0);
189  static void SetAuthReUse(Bool_t authreuse);
190  static void SetDefaultUser(const char *defaultuser);
191  static void SetGlobalExpDate(TDatime expdate);
192  static void SetGlobalPasswd(const char *passwd);
193  static void SetGlobalPwHash(Bool_t pwhash);
194  static void SetGlobalSRPPwd(Bool_t srppwd);
195  static void SetGlobalUser(const char *user);
196  static void SetGlobusAuthHook(GlobusAuth_t func);
197  static void SetKrb5AuthHook(Krb5Auth_t func);
198  static void SetPromptUser(Bool_t promptuser);
199  static void SetDefaultRSAKeyType(Int_t key);
200  static void SetReadHomeAuthrc(Bool_t readhomeauthrc); // for PROOF
201  static void SetRSAInit(Int_t init = 1);
202  static Int_t SetRSAPublic(const char *rsapubexport, Int_t klen);
203  static void SetSecureAuthHook(SecureAuth_t func);
204  static void SetTimeOut(Int_t to);
205  static void Show(Option_t *opt="S");
206 
207  ClassDef(TAuthenticate,0) // Class providing remote authentication service
208 };
209 
210 #endif