Commit 993cfcfa authored by Elvin Sindrilaru's avatar Elvin Sindrilaru

MGM: Put back option to enable external authorization library

parent 2f6e8cc2
Pipeline #414613 canceled with stages
in 1 minute and 17 seconds
......@@ -163,7 +163,7 @@ XrdMgmOfs::XrdMgmOfs(XrdSysError* ep):
StartTime(0), HostName(0), HostPref(0), Initialized(kDown),
InitializationTime(0), Shutdown(false), RemoveStallRuleAfterBoot(false),
BootFileId(0), BootContainerId(0), IsRedirect(true), IsStall(true),
authorize(false), IssueCapability(false), MgmRedirector(false),
mAuthorize(false), mAuthLib(""), IssueCapability(false), MgmRedirector(false),
ErrorLog(true), eosDirectoryService(0), eosFileService(0), eosView(0),
eosFsView(0), eosContainerAccounting(0), eosSyncTimeAccounting(0),
deletion_tid(0), stats_tid(0), fsconfiglistener_tid(0), auth_tid(0),
......@@ -493,7 +493,6 @@ XrdMgmOfs::prepare(XrdSfsPrep& pargs, XrdOucErrInfo& error,
args.Arg1Len = prep_path.length();
args.Arg2 = prep_info.c_str();
args.Arg2Len = prep_info.length();
auto ret_wfe = XrdMgmOfs::FSctl(SFS_FSCTL_PLUGIN, args,
error, &lClient);
......@@ -792,17 +791,15 @@ XrdMgmOfs::IsNsBooted() const
}
std::string
XrdMgmOfs::MacroStringError(int errcode) {
XrdMgmOfs::MacroStringError(int errcode)
{
if (errcode == ENOTCONN) {
return "ENOTCONN";
}
else if (errcode == EPROTO) {
} else if (errcode == EPROTO) {
return "EPROTO";
}
else if (errcode == EAGAIN) {
} else if (errcode == EAGAIN) {
return "EAGAIN";
}
else {
} else {
return "EINVAL";
}
}
......@@ -1342,7 +1342,8 @@ public:
eos::common::FileId::fileid_t BootContainerId;
bool IsRedirect; ///< true if the Redirect function should be called to redirect
bool IsStall; ///< true if the Stall function should be called to send a wait
bool authorize; ///< determins if the autorization should be applied or not
bool mAuthorize; ///< Determine if the autorization should be applied or not
std::string mAuthLib; ///< Path to authorization library
bool IssueCapability; ///< defines if the Mgm issues capabilities
//! Acts only as a redirector, disables many components in the MGM
bool MgmRedirector;
......
......@@ -728,6 +728,37 @@ XrdMgmOfs::Configure(XrdSysError& Eroute)
Eroute.Say("=====> mgmofs.qdbcluster : ", mQdbCluster.c_str());
}
if (!strcmp("authlib", var)) {
if ((!(val = Config.GetWord())) || (::access(val, R_OK))) {
Eroute.Emsg("Config", "I cannot acccess you authorization library!");
NoGo = 1;
} else {
mAuthLib = val;
}
Eroute.Say("=====> mgmofs.authlib : ", mAuthLib.c_str());
}
if (!strcmp("authorize", var)) {
if ((!(val = Config.GetWord())) ||
(strcmp("true", val) && strcmp("false", val) &&
strcmp("1", val) && strcmp("0", val))) {
Eroute.Emsg("Config", "argument 2 for authorize illegal or missing. "
"Must be <true>, <false>, <1> or <0>!");
NoGo = 1;
} else {
if ((!strcmp("true", val) || (!strcmp("1", val)))) {
mAuthorize = true;
}
}
if (mAuthorize) {
Eroute.Say("=====> mgmofs.authorize : true");
} else {
Eroute.Say("=====> mgmofs.authorize : false");
}
}
if (!strcmp("errorlog", var)) {
if ((!(val = Config.GetWord())) ||
(strcmp("true", val) && strcmp("false", val) &&
......@@ -1280,6 +1311,29 @@ XrdMgmOfs::Configure(XrdSysError& Eroute)
Eroute.Say("=====> mgmofs.errorlog : disabled");
}
// Load the authorization plugin if requested
if (!mAuthLib.empty() && mAuthorize) {
XrdSysPlugin* myLib;
XrdAccAuthorize * (*ep)(XrdSysLogger*, const char*, const char*);
// Authorization comes from the library or we use the default
Authorization = XrdAccAuthorizeObject(Eroute.logger(), ConfigFN, 0);
if (!(myLib = new XrdSysPlugin(&Eroute, mAuthLib.c_str()))) {
Eroute.Emsg("Config", "Failed to load authorization library!");
NoGo = 1;
} else {
ep = (XrdAccAuthorize * (*)(XrdSysLogger*, const char*, const char*))
(myLib->getPlugin("XrdAccAuthorizeObject"));
if (!ep) {
Eroute.Emsg("Config", "Failed to get authorization library plugin!");
NoGo = 1;
} else {
Authorization = ep(Eroute.logger(), ConfigFN, 0);
}
}
}
// We need to specify this if the server was not started with the explicit
// manager option ... e.g. see XrdOfs
Eroute.Say("=====> all.role: ", role.c_str(), "");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment