Commit 1ed27cda authored by Tigran Mkrtchyan's avatar Tigran Mkrtchyan
Browse files

rpc: add Subject into RpcAuth class



This patch adds Subject into RpcAuth.
It based on stand-alone dcache-auth package.

Acked-By: default avatarTatjana Baranova <tatjana.baranova@desy.de>
parent 7f34973f
......@@ -256,6 +256,11 @@
<artifactId>chimera-core</artifactId>
<version>0.0.9</version>
</dependency>
<dependency>
<groupId>org.dcache.common</groupId>
<artifactId>dcache-auth</artifactId>
<version>0.0.10-SNAPSHOT</version>
</dependency>
</dependencies>
<!--
......@@ -281,6 +286,12 @@
<url>http://www.dcache.org/nexus/content/groups/public/</url>
<layout>default</layout>
</repository>
<repository>
<id>dcache-snapshots</id>
<name>dCache.ORG snapshots repository</name>
<url>http://www.dcache.org/nexus/content/repositories/snapshots</url>
<layout>default</layout>
</repository>
</repositories>
<properties>
......
......@@ -16,18 +16,16 @@
*/
package org.dcache.chimera.nfs;
import javax.security.auth.Subject;
import org.dcache.chimera.posix.UnixUser;
import org.dcache.xdr.RpcAuthType;
import org.dcache.xdr.RpcAuthTypeUnix;
import org.dcache.xdr.RpcCall;
import org.dcache.auth.Subjects;
/**
* Utility class extract user record from NFS request
*/
public class NfsUser {
private final static int[] NO_GROUPS = new int[0];
/*no instances allowed*/
private NfsUser() {
}
......@@ -35,15 +33,14 @@ public class NfsUser {
public static UnixUser remoteUser(RpcCall call, ExportFile exports) {
UnixUser user;
int uid = -1;
int gid = -1;
int[] gids = NO_GROUPS;
if (call.getCredential().type() == RpcAuthType.UNIX) {
uid = ((RpcAuthTypeUnix) call.getCredential()).uid();
gid = ((RpcAuthTypeUnix) call.getCredential()).gid();
gids = ((RpcAuthTypeUnix) call.getCredential()).gids();
}
int uid;
int gid;
int[] gids;
Subject subject = call.getCredential().getSubject();
uid = Subjects.getUid(subject);
gids = Subjects.getGids(subject);
gid = gids.length > 0 ? gids[0] : -1;
String host = call.getTransport().getRemoteSocketAddress().getAddress().getHostName();
......
......@@ -33,6 +33,7 @@ import org.dcache.chimera.nfs.v3.xdr.size3;
import org.dcache.chimera.nfs.v3.xdr.time_how;
import org.dcache.chimera.nfs.v3.xdr.wcc_attr;
import java.util.concurrent.TimeUnit;
import javax.security.auth.Subject;
import org.dcache.chimera.FsInode;
import org.dcache.chimera.ChimeraFsException;
......
......@@ -17,6 +17,8 @@
package org.dcache.xdr;
import javax.security.auth.Subject;
public interface RpcAuth extends XdrAble {
/**
......@@ -40,4 +42,10 @@ public interface RpcAuth extends XdrAble {
* @return verifier.
*/
RpcAuthVerifier getVerifier();
/**
* Get {@link Subject} associated with credentials.
* @return subject.
*/
Subject getSubject();
}
......@@ -19,12 +19,15 @@ package org.dcache.xdr;
import java.io.IOException;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import org.dcache.auth.Subjects;
public class RpcAuthTypeNone implements RpcAuth, XdrAble {
private final int _type = RpcAuthType.NONE;
private byte[] body;
private RpcAuthVerifier _verifier = new RpcAuthVerifier(RpcAuthType.NONE, new byte[0]);
private final Subject _subject = Subjects.NOBODY;
private final static Logger _log = Logger.getLogger(RpcAuthTypeNone.class.getName());
......@@ -36,6 +39,11 @@ public class RpcAuthTypeNone implements RpcAuth, XdrAble {
this.body = body;
}
@Override
public Subject getSubject() {
return _subject;
}
@Override
public int type() {
return _type;
......
......@@ -20,6 +20,8 @@ package org.dcache.xdr;
import java.io.IOException;
import java.util.logging.Logger;
import java.util.Arrays;
import javax.security.auth.Subject;
import org.dcache.auth.Subjects;
public class RpcAuthTypeUnix implements RpcAuth, XdrAble {
......@@ -32,6 +34,7 @@ public class RpcAuthTypeUnix implements RpcAuth, XdrAble {
private int _gids[];
private int _stamp;
private String _machine;
private Subject _subject;
private final static Logger _log = Logger.getLogger(RpcAuthTypeUnix.class.getName());
......@@ -47,6 +50,8 @@ public class RpcAuthTypeUnix implements RpcAuth, XdrAble {
4/*machine len place holder*/ + _machine.length() +
((4 - (_machine.length() & 3)) & 3) /*padding bytes*/+
+ 4/*stamp*/;
_subject = Subjects.of(_uid, _gid, _gids);
}
public void xdrDecode(XdrDecodingStream xdr) throws OncRpcException, IOException {
......@@ -58,6 +63,13 @@ public class RpcAuthTypeUnix implements RpcAuth, XdrAble {
_gid = xdr.xdrDecodeInt();
_gids = xdr.xdrDecodeIntVector();
_verifier.xdrDecode(xdr);
_subject = Subjects.of(_uid, _gid, _gids);
}
@Override
public Subject getSubject() {
return _subject;
}
@Override
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment