Commit 9ceb3133 authored by Daniele Kruse's avatar Daniele Kruse
Browse files

Fixed client RPMs and added support for sss

parent 74192124
......@@ -29,13 +29,13 @@ BuildRoot: %{_builddir}/%{name}-%{version}-root
BuildRequires: cmake >= 2.6 redhat-rpm-config
BuildRequires: xrootd-client-devel >= 4.2.3 xrootd-devel >= 4.2
BuildRequires: xrootd-server-devel >= 4.2 xrootd-private-devel >= 4.2
BuildRequires: ceph-devel >= 0.87
BuildRequires: librados2-devel >= 0.80
BuildRequires: protobuf-compiler >= 2.3.0 protobuf-devel >= 2.3.0
BuildRequires: gmock-devel >= 1.5.0 gtest-devel >= 1.5.0
BuildRequires: sqlite-devel >= 3.6
BuildRequires: libcap-devel >= 2.16
BuildRequires: binutils-devel >= 2.20
BuildRequires: zeromq3-devel >= 3.2.5
BuildRequires: zeromq-devel >= 4.0
BuildRequires: openssl-devel >= 1.0.1e
BuildRequires: cryptopp-devel >= 5.6.2
BuildRequires: libuuid-devel >= 2.17
......@@ -134,6 +134,16 @@ The shared libraries
%attr(0755,root,root) %{_libdir}/libctatapeserverdaemonutils.so
%attr(0644,root,root) %{_sysconfdir}/cta/cta_catalogue_db.conf.example
%package -n cta-client-lib
Summary: CERN Tape Archive
Group: Application/CTA
%description -n cta-client-lib
CERN Tape Archive:
The client libraries
%files -n cta-client-lib
%defattr(-,root,root)
%attr(0755,root,root) %{_libdir}/libctacommon.so
%package -n cta-doc
Summary: CERN Tape Archive: Documents and supporting SQL scripts
Group: Application/CTA
......
......@@ -44,12 +44,13 @@ namespace cta { namespace xrootPlugins {
// checkClient
//------------------------------------------------------------------------------
void XrdCtaFile::checkClient(const XrdSecEntity *client) {
if(client==NULL || client->name==NULL || client->host==NULL) {
if(client==NULL || client->name==NULL || client->host==NULL || client->prot==NULL) {
throw cta::exception::Exception(std::string(__FUNCTION__)+": [ERROR] XrdSecEntity from xroot contains invalid information (NULL pointer detected!)");
}
std::cout << "FILE Request received from client. Username: " << client->name << " Host: " << client->host << std::endl;
std::cerr << "Client request-> Username: " << client->name << " Host: " << client->host << " Prot: " << client->prot << std::endl;
m_cliIdentity.username=client->name;
m_cliIdentity.host=client->host;
m_protocol=client->prot;
}
//------------------------------------------------------------------------------
......@@ -183,6 +184,7 @@ std::string XrdCtaFile::decode(const std::string msg) const {
int XrdCtaFile::open(const char *fileName, XrdSfsFileOpenMode openMode, mode_t createMode, const XrdSecEntity *client, const char *opaque) {
try {
checkClient(client);
authorizeUser();
if(!strlen(fileName)) { //this should never happen
throw cta::exception::UserError(getGenericHelp(""));
}
......
......@@ -97,6 +97,11 @@ protected:
*/
cta::common::dataStructures::SecurityIdentity m_cliIdentity;
/**
* The protocol used by the xroot client
*/
std::string m_protocol;
/**
* Vector containing required options which are missing from the user command
*/
......
# Load the plugin XrdCtaOfs
xrootd.fslib libXrdCtaOfs.so
# Use the Kerberos 5 security module
# Use the security module
xrootd.seclib libXrdSec.so
# Protocol specification
......@@ -10,7 +10,8 @@ sec.protocol krb5 /etc/krb5.keytab.cta host/<host>@CERN.CH
sec.protocol sss
# Only Kerberos 5 and sss are allowed
sec.protbind * only krb5 sss
sec.protbind tpsrv* only sss
sec.protbind * only krb5
# Allow copying from absolute paths
all.export /
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment