Commit fbd060dc authored by Volodymyr Yurchenko's avatar Volodymyr Yurchenko Committed by Nikola Hardi
Browse files

Create a lock file to block other TJAlien-ROOT instances from writing to tokencert file

parent 8abe45ea
......@@ -233,9 +233,6 @@ void TJAlien::MakeWebsocketConnection(std::string certpath, std::string keypath)
}
}
// Make a request to initialize metadata and get token cert
//RequestTokenCert();
return;
}
......@@ -685,41 +682,47 @@ void TJAlien::Token(Option_t* options, bool force_restart)
std::string tokencert = tmpdir + "/tokencert.pem";
std::string tokenkey = tmpdir + "/tokenkey.pem";
std::string tokenlock = tmpdir + "/jalien_token.lock";
std::string tokencertpath = std::getenv("JALIEN_TOKEN_CERT") ? : tokencert;
std::string tokenkeypath = std::getenv("JALIEN_TOKEN_KEY") ? : tokenkey;
FILE *tokencertfile = NULL;
FILE *tokenkeyfile = NULL;
// First modify permissions if files already exist
if ((tokencertfile = fopen(tokencertpath.c_str(), "r")) &&
(tokenkeyfile = fopen(tokenkeypath.c_str(), "r")) )
{
if (system(("chmod 755 " + tokencertpath).c_str()))
Error("Token", "Error while accessing token files");
if (system(("chmod 755 " + tokenkeypath).c_str()))
Error("Token", "Error while accessing token files");
// Create a lock file to block other TJAlien-ROOT instances from writing to tokencert file
// If a lock exists that is older than 300 seconds, the file is removed and created again.
TLockFile lock(tokenlock.c_str(), 300);
fclose(tokencertfile);
fclose(tokenkeyfile);
}
FILE *tokencertfile = NULL;
FILE *tokenkeyfile = NULL;
// Write files and restrict permissions back
if ((tokencertfile = fopen(tokencertpath.c_str(), "w")) &&
(tokenkeyfile = fopen(tokenkeypath.c_str(), "w")) )
{
fprintf(tokencertfile, "%s", result->GetKey(0, "tokencert"));
fprintf(tokenkeyfile, "%s", result->GetKey(0, "tokenkey"));
if (system(("chmod 440 " + tokencertpath).c_str()))
Error("Token", "Error while accessing token files");
if (system(("chmod 400 " + tokenkeypath).c_str()))
Error("Token", "Error while accessing token files");
// First modify permissions if files already exist
if ((tokencertfile = fopen(tokencertpath.c_str(), "r")) &&
(tokenkeyfile = fopen(tokenkeypath.c_str(), "r")) )
{
// TODO: add a validity check here
fclose(tokencertfile);
fclose(tokenkeyfile);
}
else
{
return;
if (system(("chmod 755 " + tokencertpath).c_str()))
Error("Token", "Error while accessing token files");
if (system(("chmod 755 " + tokenkeypath).c_str()))
Error("Token", "Error while accessing token files");
fclose(tokencertfile);
fclose(tokenkeyfile);
}
// Write files and restrict permissions back
if ((tokencertfile = fopen(tokencertpath.c_str(), "w")) &&
(tokenkeyfile = fopen(tokenkeypath.c_str(), "w")) )
{
fprintf(tokencertfile, "%s", result->GetKey(0, "tokencert"));
fprintf(tokenkeyfile, "%s", result->GetKey(0, "tokenkey"));
if (system(("chmod 440 " + tokencertpath).c_str()))
Error("Token", "Error while accessing token files");
if (system(("chmod 400 " + tokenkeypath).c_str()))
Error("Token", "Error while accessing token files");
fclose(tokencertfile);
fclose(tokenkeyfile);
}
}
}
else
......@@ -1670,6 +1673,8 @@ int TJAlien::ws_service_callback(struct lws *wsi, enum lws_callback_reasons reas
std::string capath = std::getenv("JALIEN_CA_PATH") ? : location;
size_t pos = 0;
std::string token;
// If capath contans two paths separated by ":"
while ((pos = capath.find(":")) != std::string::npos) {
token = capath.substr(0, pos);
if (!SSL_CTX_load_verify_locations((SSL_CTX*)user, NULL, token.c_str()))
......@@ -1680,6 +1685,7 @@ int TJAlien::ws_service_callback(struct lws *wsi, enum lws_callback_reasons reas
capath.erase(0, pos + 1);
}
// If capath is a single path
if (capath.length() != 0)
if (!SSL_CTX_load_verify_locations((SSL_CTX*)user, NULL, capath.c_str()))
{
......@@ -1714,9 +1720,9 @@ int TJAlien::ws_service_callback(struct lws *wsi, enum lws_callback_reasons reas
//______________________________________________________________________________
void TJAlien::NotImplemented(const char *func, const char *file, int line)
{
Error("TJAlienSystem", "You are trying to call:");
Error("TJAlienSystem", " %s", func);
Error("TJAlienSystem", " in %s:%d", file, line);
Error("TJAlienSystem", "that is NOT IMPLEMENTED.");
Error("TJAlienSystem", "If you need this method please contact JAliEn support <jalien-support@cern.ch>");
Error("TJAlien", "You are trying to call:");
Error("TJAlien", " %s", func);
Error("TJAlien", " in %s:%d", file, line);
Error("TJAlien", "that is NOT IMPLEMENTED.");
Error("TJAlien", "If you need this method please contact JAliEn support <jalien-support@cern.ch>");
}
......@@ -36,6 +36,7 @@
#include "THashList.h"
#include "TJAlienSAXHandler.h"
#include "TJAlienResult.h"
#include <TLockFile.h>
#ifndef __CINT__
#include <curl/curl.h>
......@@ -57,8 +58,6 @@ typedef char int8_t;
//#include <jsoncons/json.hpp>
//#include <tao/json.hpp>
// For convenience
#include <stdlib.h>
#include <string>
#include <signal.h>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment