From bf50b551f5d8b2fefe7ad50715417113b5476747 Mon Sep 17 00:00:00 2001
From: Daniele Kruse <dkruse@cern.ch>
Date: Wed, 13 Jul 2016 17:26:27 +0200
Subject: [PATCH] Fixed client RPMs and added support for sss

---
 cta.spec.in                  | 14 ++++++++++++--
 xroot_plugins/XrdCtaFile.cpp |  6 ++++--
 xroot_plugins/XrdCtaFile.hpp |  5 +++++
 xroot_plugins/xrd.cf.cta     |  5 +++--
 4 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/cta.spec.in b/cta.spec.in
index 3f25a99084..54f93b85a1 100644
--- a/cta.spec.in
+++ b/cta.spec.in
@@ -29,13 +29,13 @@ BuildRoot: %{_builddir}/%{name}-%{version}-root
 BuildRequires: cmake >= 2.6 redhat-rpm-config
 BuildRequires: xrootd-client-devel >= 4.2.3 xrootd-devel >= 4.2
 BuildRequires: xrootd-server-devel >= 4.2 xrootd-private-devel >= 4.2
-BuildRequires: ceph-devel >= 0.87
+BuildRequires: librados2-devel >= 0.80
 BuildRequires: protobuf-compiler >= 2.3.0 protobuf-devel >= 2.3.0
 BuildRequires: gmock-devel >= 1.5.0 gtest-devel >= 1.5.0
 BuildRequires: sqlite-devel >= 3.6
 BuildRequires: libcap-devel >= 2.16
 BuildRequires: binutils-devel >= 2.20
-BuildRequires: zeromq3-devel >= 3.2.5
+BuildRequires: zeromq-devel >= 4.0
 BuildRequires: openssl-devel >= 1.0.1e
 BuildRequires: cryptopp-devel >= 5.6.2
 BuildRequires: libuuid-devel >= 2.17
@@ -134,6 +134,16 @@ The shared libraries
 %attr(0755,root,root) %{_libdir}/libctatapeserverdaemonutils.so
 %attr(0644,root,root) %{_sysconfdir}/cta/cta_catalogue_db.conf.example
 
+%package -n cta-client-lib
+Summary: CERN Tape Archive
+Group: Application/CTA
+%description -n cta-client-lib
+CERN Tape Archive:
+The client libraries
+%files -n cta-client-lib
+%defattr(-,root,root)
+%attr(0755,root,root) %{_libdir}/libctacommon.so
+
 %package -n cta-doc
 Summary: CERN Tape Archive: Documents and supporting SQL scripts
 Group: Application/CTA
diff --git a/xroot_plugins/XrdCtaFile.cpp b/xroot_plugins/XrdCtaFile.cpp
index c77fa3589b..b57fcb4798 100644
--- a/xroot_plugins/XrdCtaFile.cpp
+++ b/xroot_plugins/XrdCtaFile.cpp
@@ -44,12 +44,13 @@ namespace cta { namespace xrootPlugins {
 // checkClient
 //------------------------------------------------------------------------------
 void XrdCtaFile::checkClient(const XrdSecEntity *client) {
-  if(client==NULL || client->name==NULL || client->host==NULL) {
+  if(client==NULL || client->name==NULL || client->host==NULL || client->prot==NULL) {
     throw cta::exception::Exception(std::string(__FUNCTION__)+": [ERROR] XrdSecEntity from xroot contains invalid information (NULL pointer detected!)");
   }
-  std::cout << "FILE Request received from client. Username: " << client->name << " Host: " << client->host << std::endl;
+  std::cerr << "Client request-> Username: " << client->name << " Host: " << client->host << " Prot: " << client->prot << std::endl;
   m_cliIdentity.username=client->name;
   m_cliIdentity.host=client->host;
+  m_protocol=client->prot;
 }
 
 //------------------------------------------------------------------------------
@@ -183,6 +184,7 @@ std::string XrdCtaFile::decode(const std::string msg) const {
 int XrdCtaFile::open(const char *fileName, XrdSfsFileOpenMode openMode, mode_t createMode, const XrdSecEntity *client, const char *opaque) {
   try {
     checkClient(client);
+    authorizeUser();
     if(!strlen(fileName)) { //this should never happen
       throw cta::exception::UserError(getGenericHelp(""));
     }
diff --git a/xroot_plugins/XrdCtaFile.hpp b/xroot_plugins/XrdCtaFile.hpp
index c2a1f9adc9..6503361921 100644
--- a/xroot_plugins/XrdCtaFile.hpp
+++ b/xroot_plugins/XrdCtaFile.hpp
@@ -97,6 +97,11 @@ protected:
    */
   cta::common::dataStructures::SecurityIdentity m_cliIdentity;  
   
+  /**
+   * The protocol used by the xroot client
+   */
+  std::string m_protocol;  
+  
   /**
    * Vector containing required options which are missing from the user command
    */
diff --git a/xroot_plugins/xrd.cf.cta b/xroot_plugins/xrd.cf.cta
index e402f5fc30..700720f865 100644
--- a/xroot_plugins/xrd.cf.cta
+++ b/xroot_plugins/xrd.cf.cta
@@ -1,7 +1,7 @@
 # Load the plugin XrdCtaOfs
 xrootd.fslib libXrdCtaOfs.so
 
-# Use the Kerberos 5 security module
+# Use the security module
 xrootd.seclib libXrdSec.so
 
 # Protocol specification
@@ -10,7 +10,8 @@ sec.protocol krb5 /etc/krb5.keytab.cta host/<host>@CERN.CH
 sec.protocol sss 
 
 # Only Kerberos 5 and sss are allowed
-sec.protbind * only krb5 sss
+sec.protbind tpsrv* only sss
+sec.protbind * only krb5
 
 # Allow copying from absolute paths
 all.export /
-- 
GitLab