Example 1 with LoginResponse
use of org.dcache.xrootd.protocol.messages.LoginResponse in project dcache by dCache.
the class XrootdPoolRequestHandler method doOnLogin.
@Override
protected XrootdResponse<LoginRequest> doOnLogin(ChannelHandlerContext ctx, LoginRequest msg) throws XrootdException {
XrootdSessionIdentifier sessionId = new XrootdSessionIdentifier();
/*
* It is only necessary to tell the client to observe the unix protocol
* if security is on and signed hashes are being enforced.
* We also need to swap the decoder.
*/
String sec;
/**
* If TLS is on, we don't need authentication.
*
* If login protection is set, TLS should already have been activated
* just before the kXR_protocol response
* (#super.doOnProtocolRequest).
*
* Otherwise, we should turn it on here, because authentication
* (UNIX) will not be required and #doOnAuthentication will not
* be called. Passing in kXR_login or kXR_auth should make no
* difference here.
*/
if (tlsSessionInfo.serverUsesTls()) {
boolean startedTLS = tlsSessionInfo.serverTransitionedToTLS(kXR_login, ctx);
_log.debug("kXR_login, server has now transitioned to tls? {}.", startedTLS);
sec = "";
} else if (signingPolicy.isSigningOn() && signingPolicy.isForceSigning()) {
/*
* It is only necessary to tell the client to observe
* the unix protocol if security is on and signed hashes
* are being enforced.
*
* We also need to swap the decoder.
*/
sec = "&P=unix";
ctx.pipeline().addAfter("decoder", "sigverDecoder", new XrootdSigverDecoder(signingPolicy, null));
ctx.pipeline().remove("decoder");
_log.debug("swapped decoder for sigverDecoder.");
} else {
/*
* No authentication is enforced, and no TLS either.
*/
sec = "";
_log.debug("no authentication or TLS enforced.");
}
return new LoginResponse(msg, sessionId, sec);
}
Also used :
LoginResponse(org.dcache.xrootd.protocol.messages.LoginResponse)
XrootdSigverDecoder(org.dcache.xrootd.core.XrootdSigverDecoder)
XrootdSessionIdentifier(org.dcache.xrootd.core.XrootdSessionIdentifier)
Example 2 with LoginResponse
use of org.dcache.xrootd.protocol.messages.LoginResponse in project xrootd4j by dCache.
the class XrootdAuthenticationHandler method doOnLogin.
private void doOnLogin(ChannelHandlerContext context, LoginRequest request) throws XrootdException {
try {
_authenticationHandler = _authenticationFactory.createHandler(_proxyDelegationClient);
/*
* check to see if we need TLS at login.
*/
if (_authenticationHandler instanceof RequiresTLS && !isTLSOn(context)) {
throw new XrootdException(kXR_Unsupported, "TLS is required " + "for " + _authenticationHandler.getProtocol());
}
LoginResponse response = new LoginResponse(request, _sessionId, _authenticationHandler.getProtocol());
if (_authenticationHandler.isCompleted()) {
authenticated(context, _authenticationHandler.getSubject());
} else {
_state = State.NO_AUTH;
}
context.writeAndFlush(response);
} catch (InvalidHandlerConfigurationException e) {
_log.error("Could not instantiate authentication handler: {}", e);
throw new XrootdException(kXR_ServerError, "Internal server error");
}
}
Also used :
LoginResponse(org.dcache.xrootd.protocol.messages.LoginResponse)
InvalidHandlerConfigurationException(org.dcache.xrootd.plugins.InvalidHandlerConfigurationException)
RequiresTLS(org.dcache.xrootd.security.RequiresTLS)
Example 3 with LoginResponse
use of org.dcache.xrootd.protocol.messages.LoginResponse in project dcache by dCache.
the class AccessLogHandler method write.
@Override
public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise) throws Exception {
if (msg instanceof XrootdResponse<?> && logger.isErrorEnabled()) {
XrootdResponse<?> response = (XrootdResponse<?>) msg;
XrootdRequest request = response.getRequest();
NetLoggerBuilder.Level level;
if (response instanceof ErrorResponse) {
level = ERROR;
} else if (request instanceof WriteRequest || request instanceof ReadRequest || request instanceof ReadVRequest) {
level = DEBUG;
} else {
level = INFO;
}
if (level == ERROR || level == INFO && logger.isInfoEnabled() || level == DEBUG && logger.isDebugEnabled()) {
NetLoggerBuilder log = new NetLoggerBuilder(level, "org.dcache.xrootd.request").omitNullValues();
log.add("session", CDC.getSession());
log.add("request", getRequestId(request));
if (request instanceof PathRequest) {
log.add("path", (Strings.emptyToNull(((PathRequest) request).getPath())));
log.add("opaque", (Strings.emptyToNull(((PathRequest) request).getOpaque())));
if (request instanceof OpenRequest) {
if (!((OpenRequest) request).isReadOnly()) {
int mode = ((OpenRequest) request).getUMask();
if (mode == 0) {
log.add("mode", "0");
} else {
log.add("mode", "0" + Integer.toOctalString(mode));
}
}
log.add("options", "0x" + Integer.toHexString(((OpenRequest) request).getOptions()));
} else if (request instanceof LocateRequest) {
log.add("options", "0x" + Integer.toHexString(((LocateRequest) request).getOptions()));
} else if (request instanceof MkDirRequest) {
log.add("options", "0x" + Integer.toHexString(((MkDirRequest) request).getOptions()));
} else if (request instanceof StatRequest) {
if (((StatRequest) request).getTarget() == Target.FHANDLE) {
log.add("handle", ((StatRequest) request).getFhandle());
}
log.add("vfs", ((StatRequest) request).isVfsSet());
}
} else if (request instanceof CloseRequest) {
log.add("handle", ((CloseRequest) request).getFileHandle());
} else if (request instanceof LoginRequest) {
log.add("username", ((LoginRequest) request).getUserName());
log.add("capver", ((LoginRequest) request).getClientProtocolVersion());
log.add("pid", ((LoginRequest) request).getPID());
log.add("token", emptyToNull(((LoginRequest) request).getToken()));
} else if (request instanceof MvRequest) {
log.add("source", ((MvRequest) request).getSourcePath());
log.add("target", ((MvRequest) request).getTargetPath());
} else if (request instanceof PrepareRequest) {
log.add("options", "0x" + Integer.toHexString(((PrepareRequest) request).getOptions()));
if (((PrepareRequest) request).getPathList().length == 1) {
log.add("path", ((PrepareRequest) request).getPathList()[0]);
} else {
log.add("files", ((PrepareRequest) request).getPathList().length);
}
} else if (request instanceof QueryRequest) {
log.add("reqcode", getQueryReqCode(request));
int fhandle = ((QueryRequest) request).getFhandle();
if (fhandle != 0) {
log.add("fhandle", fhandle);
}
log.add("args", Strings.emptyToNull(((QueryRequest) request).getArgs()));
} else if (request instanceof StatxRequest) {
if (((StatxRequest) request).getPaths().length == 1) {
log.add("path", ((StatxRequest) request).getPaths()[0]);
} else {
log.add("files", ((StatxRequest) request).getPaths().length);
}
} else if (request instanceof SetRequest) {
final String APPID_PREFIX = "appid ";
final int APPID_PREFIX_LENGTH = APPID_PREFIX.length();
final int APPID_MSG_LENGTH = 80;
String data = ((SetRequest) request).getData();
if (data.startsWith(APPID_PREFIX)) {
log.add("appid", data.substring(APPID_PREFIX_LENGTH, Math.min(APPID_PREFIX_LENGTH + APPID_MSG_LENGTH, data.length())));
}
} else if (request instanceof EndSessionRequest) {
log.add("sessionId", ((EndSessionRequest) request).getSessionId());
} else if (request instanceof SyncRequest) {
log.add("handle", ((SyncRequest) request).getFileHandle());
}
log.add("response", getStatusCode(response));
if (response instanceof ErrorResponse) {
log.add("error.code", getErrorCode((ErrorResponse) response));
log.add("error.msg", ((ErrorResponse) response).getErrorMessage());
} else if (response instanceof RedirectResponse) {
log.add("host", ((RedirectResponse) response).getHost());
log.add("port", ((RedirectResponse) response).getPort());
log.add("token", emptyToNull(((RedirectResponse) response).getToken()));
} else if (response instanceof StatResponse) {
log.add("flags", ((StatResponse) response).getFlags());
log.add("modtime", Instant.ofEpochSecond(((StatResponse) response).getModificationTime()));
log.add("size", ((StatResponse) response).getSize());
} else if (response instanceof LoginResponse) {
log.add("sessionId", ((LoginResponse) response).getSessionId());
log.add("sec", emptyToNull(((LoginResponse) response).getSec()));
} else if (response instanceof OpenResponse) {
log.add("handle", ((OpenResponse) response).getFileHandle());
FileStatus fs = ((OpenResponse) response).getFileStatus();
if (fs != null) {
log.add("flags", fs.getFlags());
log.add("modtime", Instant.ofEpochSecond(fs.getModificationTime()));
log.add("size", fs.getSize());
}
}
log.toLogger(logger);
}
}
ctx.write(msg, promise);
}
Also used :
FileStatus(org.dcache.xrootd.util.FileStatus)
PathRequest(org.dcache.xrootd.protocol.messages.PathRequest)
MkDirRequest(org.dcache.xrootd.protocol.messages.MkDirRequest)
LoginRequest(org.dcache.xrootd.protocol.messages.LoginRequest)
StatxRequest(org.dcache.xrootd.protocol.messages.StatxRequest)
StatRequest(org.dcache.xrootd.protocol.messages.StatRequest)
XrootdResponse(org.dcache.xrootd.protocol.messages.XrootdResponse)
ReadVRequest(org.dcache.xrootd.protocol.messages.ReadVRequest)
EndSessionRequest(org.dcache.xrootd.protocol.messages.EndSessionRequest)
OpenResponse(org.dcache.xrootd.protocol.messages.OpenResponse)
ReadRequest(org.dcache.xrootd.protocol.messages.ReadRequest)
PrepareRequest(org.dcache.xrootd.protocol.messages.PrepareRequest)
MvRequest(org.dcache.xrootd.protocol.messages.MvRequest)
XrootdRequest(org.dcache.xrootd.protocol.messages.XrootdRequest)
LoginResponse(org.dcache.xrootd.protocol.messages.LoginResponse)
QueryRequest(org.dcache.xrootd.protocol.messages.QueryRequest)
WriteRequest(org.dcache.xrootd.protocol.messages.WriteRequest)
RedirectResponse(org.dcache.xrootd.protocol.messages.RedirectResponse)
XrootdProtocol.kXR_chkpoint(org.dcache.xrootd.protocol.XrootdProtocol.kXR_chkpoint)
NetLoggerBuilder(org.dcache.util.NetLoggerBuilder)
ErrorResponse(org.dcache.xrootd.protocol.messages.ErrorResponse)
LocateRequest(org.dcache.xrootd.protocol.messages.LocateRequest)
SetRequest(org.dcache.xrootd.protocol.messages.SetRequest)
SyncRequest(org.dcache.xrootd.protocol.messages.SyncRequest)
StatResponse(org.dcache.xrootd.protocol.messages.StatResponse)
OpenRequest(org.dcache.xrootd.protocol.messages.OpenRequest)
CloseRequest(org.dcache.xrootd.protocol.messages.CloseRequest)
Aggregations
LoginResponse (org.dcache.xrootd.protocol.messages.LoginResponse)3
NetLoggerBuilder (org.dcache.util.NetLoggerBuilder)1
XrootdSessionIdentifier (org.dcache.xrootd.core.XrootdSessionIdentifier)1
XrootdSigverDecoder (org.dcache.xrootd.core.XrootdSigverDecoder)1
InvalidHandlerConfigurationException (org.dcache.xrootd.plugins.InvalidHandlerConfigurationException)1
XrootdProtocol.kXR_chkpoint (org.dcache.xrootd.protocol.XrootdProtocol.kXR_chkpoint)1
CloseRequest (org.dcache.xrootd.protocol.messages.CloseRequest)1
EndSessionRequest (org.dcache.xrootd.protocol.messages.EndSessionRequest)1
ErrorResponse (org.dcache.xrootd.protocol.messages.ErrorResponse)1
LocateRequest (org.dcache.xrootd.protocol.messages.LocateRequest)1
LoginRequest (org.dcache.xrootd.protocol.messages.LoginRequest)1
MkDirRequest (org.dcache.xrootd.protocol.messages.MkDirRequest)1
MvRequest (org.dcache.xrootd.protocol.messages.MvRequest)1
OpenRequest (org.dcache.xrootd.protocol.messages.OpenRequest)1
OpenResponse (org.dcache.xrootd.protocol.messages.OpenResponse)1
PathRequest (org.dcache.xrootd.protocol.messages.PathRequest)1
PrepareRequest (org.dcache.xrootd.protocol.messages.PrepareRequest)1
QueryRequest (org.dcache.xrootd.protocol.messages.QueryRequest)1
ReadRequest (org.dcache.xrootd.protocol.messages.ReadRequest)1
ReadVRequest (org.dcache.xrootd.protocol.messages.ReadVRequest)1
