Fixed client RPMs and added support for sss

9ceb3133 · Daniele Kruse · 74192124 · 9ceb3133 · 9ceb3133 · 9ceb3133
Commit 9ceb3133 authored Jul 13, 2016 by Daniele Kruse
--- a/cta.spec.in
+++ b/cta.spec.in
@@ -29,13 +29,13 @@ BuildRoot: %{_builddir}/%{name}-%{version}-root
 BuildRequires: cmake >= 2.6 redhat-rpm-config
 BuildRequires: xrootd-client-devel >= 4.2.3 xrootd-devel >= 4.2
 BuildRequires: xrootd-server-devel >= 4.2 xrootd-private-devel >= 4.2
-BuildRequires: ceph-devel >= 0.87
+BuildRequires: librados2-devel >= 0.80
 BuildRequires: protobuf-compiler >= 2.3.0 protobuf-devel >= 2.3.0
 BuildRequires: gmock-devel >= 1.5.0 gtest-devel >= 1.5.0
 BuildRequires: sqlite-devel >= 3.6
 BuildRequires: libcap-devel >= 2.16
 BuildRequires: binutils-devel >= 2.20
-BuildRequires: zeromq3-devel >= 3.2.5
+BuildRequires: zeromq-devel >= 4.0
 BuildRequires: openssl-devel >= 1.0.1e
 BuildRequires: cryptopp-devel >= 5.6.2
 BuildRequires: libuuid-devel >= 2.17
@@ -134,6 +134,16 @@ The shared libraries
 %attr(0755,root,root) %{_libdir}/libctatapeserverdaemonutils.so
 %attr(0644,root,root) %{_sysconfdir}/cta/cta_catalogue_db.conf.example

+%package -n cta-client-lib
+Summary: CERN Tape Archive
+Group: Application/CTA
+%description -n cta-client-lib
+CERN Tape Archive:
+The client libraries
+%files -n cta-client-lib
+%defattr(-,root,root)
+%attr(0755,root,root) %{_libdir}/libctacommon.so
+
 %package -n cta-doc
 Summary: CERN Tape Archive: Documents and supporting SQL scripts
 Group: Application/CTA

--- a/xroot_plugins/XrdCtaFile.cpp
+++ b/xroot_plugins/XrdCtaFile.cpp
@@ -44,12 +44,13 @@ namespace cta { namespace xrootPlugins {
 // checkClient
 //------------------------------------------------------------------------------
 void XrdCtaFile::checkClient(const XrdSecEntity *client) {
-  if(client==NULL || client->name==NULL || client->host==NULL) {
+  if(client==NULL || client->name==NULL || client->host==NULL || client->prot==NULL) {
    throw cta::exception::Exception(std::string(__FUNCTION__)+": [ERROR] XrdSecEntity from xroot contains invalid information (NULL pointer detected!)");
  }
-  std::cout << "FILE Request received from client. Username: " << client->name << " Host: " << client->host << std::endl;
+  std::cerr << "Client request-> Username: " << client->name << " Host: " << client->host << " Prot: " << client->prot << std::endl;
  m_cliIdentity.username=client->name;
  m_cliIdentity.host=client->host;
+  m_protocol=client->prot;
 }

 //------------------------------------------------------------------------------
@@ -183,6 +184,7 @@ std::string XrdCtaFile::decode(const std::string msg) const {
 int XrdCtaFile::open(const char *fileName, XrdSfsFileOpenMode openMode, mode_t createMode, const XrdSecEntity *client, const char *opaque) {
  try {
    checkClient(client);
+    authorizeUser();
    if(!strlen(fileName)) { //this should never happen
      throw cta::exception::UserError(getGenericHelp(""));
    }

--- a/xroot_plugins/XrdCtaFile.hpp
+++ b/xroot_plugins/XrdCtaFile.hpp
@@ -97,6 +97,11 @@ protected:
   */
  cta::common::dataStructures::SecurityIdentity m_cliIdentity;  
  
+  /**
+   * The protocol used by the xroot client
+   */
+  std::string m_protocol;  
+  
  /**
   * Vector containing required options which are missing from the user command
   */

--- a/xroot_plugins/xrd.cf.cta
+++ b/xroot_plugins/xrd.cf.cta
 # Load the plugin XrdCtaOfs
 xrootd.fslib libXrdCtaOfs.so

-# Use the Kerberos 5 security module
+# Use the security module
 xrootd.seclib libXrdSec.so

 # Protocol specification
@@ -10,7 +10,8 @@ sec.protocol krb5 /etc/krb5.keytab.cta host/<host>@CERN.CH
 sec.protocol sss 

 # Only Kerberos 5 and sss are allowed
-sec.protbind * only krb5 sss
+sec.protbind tpsrv* only sss
+sec.protbind * only krb5

 # Allow copying from absolute paths
 all.export /