Commit 1ed27cda authored by Tigran Mkrtchyan's avatar Tigran Mkrtchyan
Browse files

rpc: add Subject into RpcAuth class



This patch adds Subject into RpcAuth.
It based on stand-alone dcache-auth package.

Acked-By: default avatarTatjana Baranova <tatjana.baranova@desy.de>
parent 7f34973f
...@@ -256,6 +256,11 @@ ...@@ -256,6 +256,11 @@
<artifactId>chimera-core</artifactId> <artifactId>chimera-core</artifactId>
<version>0.0.9</version> <version>0.0.9</version>
</dependency> </dependency>
<dependency>
<groupId>org.dcache.common</groupId>
<artifactId>dcache-auth</artifactId>
<version>0.0.10-SNAPSHOT</version>
</dependency>
</dependencies> </dependencies>
<!-- <!--
...@@ -281,6 +286,12 @@ ...@@ -281,6 +286,12 @@
<url>http://www.dcache.org/nexus/content/groups/public/</url> <url>http://www.dcache.org/nexus/content/groups/public/</url>
<layout>default</layout> <layout>default</layout>
</repository> </repository>
<repository>
<id>dcache-snapshots</id>
<name>dCache.ORG snapshots repository</name>
<url>http://www.dcache.org/nexus/content/repositories/snapshots</url>
<layout>default</layout>
</repository>
</repositories> </repositories>
<properties> <properties>
......
...@@ -16,18 +16,16 @@ ...@@ -16,18 +16,16 @@
*/ */
package org.dcache.chimera.nfs; package org.dcache.chimera.nfs;
import javax.security.auth.Subject;
import org.dcache.chimera.posix.UnixUser; import org.dcache.chimera.posix.UnixUser;
import org.dcache.xdr.RpcAuthType;
import org.dcache.xdr.RpcAuthTypeUnix;
import org.dcache.xdr.RpcCall; import org.dcache.xdr.RpcCall;
import org.dcache.auth.Subjects;
/** /**
* Utility class extract user record from NFS request * Utility class extract user record from NFS request
*/ */
public class NfsUser { public class NfsUser {
private final static int[] NO_GROUPS = new int[0];
/*no instances allowed*/ /*no instances allowed*/
private NfsUser() { private NfsUser() {
} }
...@@ -35,15 +33,14 @@ public class NfsUser { ...@@ -35,15 +33,14 @@ public class NfsUser {
public static UnixUser remoteUser(RpcCall call, ExportFile exports) { public static UnixUser remoteUser(RpcCall call, ExportFile exports) {
UnixUser user; UnixUser user;
int uid = -1; int uid;
int gid = -1; int gid;
int[] gids = NO_GROUPS; int[] gids;
if (call.getCredential().type() == RpcAuthType.UNIX) { Subject subject = call.getCredential().getSubject();
uid = ((RpcAuthTypeUnix) call.getCredential()).uid(); uid = Subjects.getUid(subject);
gid = ((RpcAuthTypeUnix) call.getCredential()).gid(); gids = Subjects.getGids(subject);
gids = ((RpcAuthTypeUnix) call.getCredential()).gids(); gid = gids.length > 0 ? gids[0] : -1;
}
String host = call.getTransport().getRemoteSocketAddress().getAddress().getHostName(); String host = call.getTransport().getRemoteSocketAddress().getAddress().getHostName();
......
...@@ -33,6 +33,7 @@ import org.dcache.chimera.nfs.v3.xdr.size3; ...@@ -33,6 +33,7 @@ import org.dcache.chimera.nfs.v3.xdr.size3;
import org.dcache.chimera.nfs.v3.xdr.time_how; import org.dcache.chimera.nfs.v3.xdr.time_how;
import org.dcache.chimera.nfs.v3.xdr.wcc_attr; import org.dcache.chimera.nfs.v3.xdr.wcc_attr;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import javax.security.auth.Subject;
import org.dcache.chimera.FsInode; import org.dcache.chimera.FsInode;
import org.dcache.chimera.ChimeraFsException; import org.dcache.chimera.ChimeraFsException;
......
...@@ -17,6 +17,8 @@ ...@@ -17,6 +17,8 @@
package org.dcache.xdr; package org.dcache.xdr;
import javax.security.auth.Subject;
public interface RpcAuth extends XdrAble { public interface RpcAuth extends XdrAble {
/** /**
...@@ -40,4 +42,10 @@ public interface RpcAuth extends XdrAble { ...@@ -40,4 +42,10 @@ public interface RpcAuth extends XdrAble {
* @return verifier. * @return verifier.
*/ */
RpcAuthVerifier getVerifier(); RpcAuthVerifier getVerifier();
/**
* Get {@link Subject} associated with credentials.
* @return subject.
*/
Subject getSubject();
} }
...@@ -19,12 +19,15 @@ package org.dcache.xdr; ...@@ -19,12 +19,15 @@ package org.dcache.xdr;
import java.io.IOException; import java.io.IOException;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.security.auth.Subject;
import org.dcache.auth.Subjects;
public class RpcAuthTypeNone implements RpcAuth, XdrAble { public class RpcAuthTypeNone implements RpcAuth, XdrAble {
private final int _type = RpcAuthType.NONE; private final int _type = RpcAuthType.NONE;
private byte[] body; private byte[] body;
private RpcAuthVerifier _verifier = new RpcAuthVerifier(RpcAuthType.NONE, new byte[0]); private RpcAuthVerifier _verifier = new RpcAuthVerifier(RpcAuthType.NONE, new byte[0]);
private final Subject _subject = Subjects.NOBODY;
private final static Logger _log = Logger.getLogger(RpcAuthTypeNone.class.getName()); private final static Logger _log = Logger.getLogger(RpcAuthTypeNone.class.getName());
...@@ -36,6 +39,11 @@ public class RpcAuthTypeNone implements RpcAuth, XdrAble { ...@@ -36,6 +39,11 @@ public class RpcAuthTypeNone implements RpcAuth, XdrAble {
this.body = body; this.body = body;
} }
@Override
public Subject getSubject() {
return _subject;
}
@Override @Override
public int type() { public int type() {
return _type; return _type;
......
...@@ -20,6 +20,8 @@ package org.dcache.xdr; ...@@ -20,6 +20,8 @@ package org.dcache.xdr;
import java.io.IOException; import java.io.IOException;
import java.util.logging.Logger; import java.util.logging.Logger;
import java.util.Arrays; import java.util.Arrays;
import javax.security.auth.Subject;
import org.dcache.auth.Subjects;
public class RpcAuthTypeUnix implements RpcAuth, XdrAble { public class RpcAuthTypeUnix implements RpcAuth, XdrAble {
...@@ -32,6 +34,7 @@ public class RpcAuthTypeUnix implements RpcAuth, XdrAble { ...@@ -32,6 +34,7 @@ public class RpcAuthTypeUnix implements RpcAuth, XdrAble {
private int _gids[]; private int _gids[];
private int _stamp; private int _stamp;
private String _machine; private String _machine;
private Subject _subject;
private final static Logger _log = Logger.getLogger(RpcAuthTypeUnix.class.getName()); private final static Logger _log = Logger.getLogger(RpcAuthTypeUnix.class.getName());
...@@ -47,6 +50,8 @@ public class RpcAuthTypeUnix implements RpcAuth, XdrAble { ...@@ -47,6 +50,8 @@ public class RpcAuthTypeUnix implements RpcAuth, XdrAble {
4/*machine len place holder*/ + _machine.length() + 4/*machine len place holder*/ + _machine.length() +
((4 - (_machine.length() & 3)) & 3) /*padding bytes*/+ ((4 - (_machine.length() & 3)) & 3) /*padding bytes*/+
+ 4/*stamp*/; + 4/*stamp*/;
_subject = Subjects.of(_uid, _gid, _gids);
} }
public void xdrDecode(XdrDecodingStream xdr) throws OncRpcException, IOException { public void xdrDecode(XdrDecodingStream xdr) throws OncRpcException, IOException {
...@@ -58,6 +63,13 @@ public class RpcAuthTypeUnix implements RpcAuth, XdrAble { ...@@ -58,6 +63,13 @@ public class RpcAuthTypeUnix implements RpcAuth, XdrAble {
_gid = xdr.xdrDecodeInt(); _gid = xdr.xdrDecodeInt();
_gids = xdr.xdrDecodeIntVector(); _gids = xdr.xdrDecodeIntVector();
_verifier.xdrDecode(xdr); _verifier.xdrDecode(xdr);
_subject = Subjects.of(_uid, _gid, _gids);
}
@Override
public Subject getSubject() {
return _subject;
} }
@Override @Override
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment