use of org.dcache.xrootd.protocol.messages.LoginResponse in project dcache by dCache.
the class XrootdPoolRequestHandler method doOnLogin.
@Override
protected XrootdResponse<LoginRequest> doOnLogin(ChannelHandlerContext ctx, LoginRequest msg) throws XrootdException {
XrootdSessionIdentifier sessionId = new XrootdSessionIdentifier();
/*
* It is only necessary to tell the client to observe the unix protocol
* if security is on and signed hashes are being enforced.
* We also need to swap the decoder.
*/
String sec;
/**
* If TLS is on, we don't need authentication.
*
* If login protection is set, TLS should already have been activated
* just before the kXR_protocol response
* (#super.doOnProtocolRequest).
*
* Otherwise, we should turn it on here, because authentication
* (UNIX) will not be required and #doOnAuthentication will not
* be called. Passing in kXR_login or kXR_auth should make no
* difference here.
*/
if (tlsSessionInfo.serverUsesTls()) {
boolean startedTLS = tlsSessionInfo.serverTransitionedToTLS(kXR_login, ctx);
_log.debug("kXR_login, server has now transitioned to tls? {}.", startedTLS);
sec = "";
} else if (signingPolicy.isSigningOn() && signingPolicy.isForceSigning()) {
/*
* It is only necessary to tell the client to observe
* the unix protocol if security is on and signed hashes
* are being enforced.
*
* We also need to swap the decoder.
*/
sec = "&P=unix";
ctx.pipeline().addAfter("decoder", "sigverDecoder", new XrootdSigverDecoder(signingPolicy, null));
ctx.pipeline().remove("decoder");
_log.debug("swapped decoder for sigverDecoder.");
} else {
/*
* No authentication is enforced, and no TLS either.
*/
sec = "";
_log.debug("no authentication or TLS enforced.");
}
return new LoginResponse(msg, sessionId, sec);
}
use of org.dcache.xrootd.protocol.messages.LoginResponse in project xrootd4j by dCache.
the class XrootdAuthenticationHandler method doOnLogin.
private void doOnLogin(ChannelHandlerContext context, LoginRequest request) throws XrootdException {
try {
_authenticationHandler = _authenticationFactory.createHandler(_proxyDelegationClient);
/*
* check to see if we need TLS at login.
*/
if (_authenticationHandler instanceof RequiresTLS && !isTLSOn(context)) {
throw new XrootdException(kXR_Unsupported, "TLS is required " + "for " + _authenticationHandler.getProtocol());
}
LoginResponse response = new LoginResponse(request, _sessionId, _authenticationHandler.getProtocol());
if (_authenticationHandler.isCompleted()) {
authenticated(context, _authenticationHandler.getSubject());
} else {
_state = State.NO_AUTH;
}
context.writeAndFlush(response);
} catch (InvalidHandlerConfigurationException e) {
_log.error("Could not instantiate authentication handler: {}", e);
throw new XrootdException(kXR_ServerError, "Internal server error");
}
}
use of org.dcache.xrootd.protocol.messages.LoginResponse in project dcache by dCache.
the class AccessLogHandler method write.
@Override
public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise) throws Exception {
if (msg instanceof XrootdResponse<?> && logger.isErrorEnabled()) {
XrootdResponse<?> response = (XrootdResponse<?>) msg;
XrootdRequest request = response.getRequest();
NetLoggerBuilder.Level level;
if (response instanceof ErrorResponse) {
level = ERROR;
} else if (request instanceof WriteRequest || request instanceof ReadRequest || request instanceof ReadVRequest) {
level = DEBUG;
} else {
level = INFO;
}
if (level == ERROR || level == INFO && logger.isInfoEnabled() || level == DEBUG && logger.isDebugEnabled()) {
NetLoggerBuilder log = new NetLoggerBuilder(level, "org.dcache.xrootd.request").omitNullValues();
log.add("session", CDC.getSession());
log.add("request", getRequestId(request));
if (request instanceof PathRequest) {
log.add("path", (Strings.emptyToNull(((PathRequest) request).getPath())));
log.add("opaque", (Strings.emptyToNull(((PathRequest) request).getOpaque())));
if (request instanceof OpenRequest) {
if (!((OpenRequest) request).isReadOnly()) {
int mode = ((OpenRequest) request).getUMask();
if (mode == 0) {
log.add("mode", "0");
} else {
log.add("mode", "0" + Integer.toOctalString(mode));
}
}
log.add("options", "0x" + Integer.toHexString(((OpenRequest) request).getOptions()));
} else if (request instanceof LocateRequest) {
log.add("options", "0x" + Integer.toHexString(((LocateRequest) request).getOptions()));
} else if (request instanceof MkDirRequest) {
log.add("options", "0x" + Integer.toHexString(((MkDirRequest) request).getOptions()));
} else if (request instanceof StatRequest) {
if (((StatRequest) request).getTarget() == Target.FHANDLE) {
log.add("handle", ((StatRequest) request).getFhandle());
}
log.add("vfs", ((StatRequest) request).isVfsSet());
}
} else if (request instanceof CloseRequest) {
log.add("handle", ((CloseRequest) request).getFileHandle());
} else if (request instanceof LoginRequest) {
log.add("username", ((LoginRequest) request).getUserName());
log.add("capver", ((LoginRequest) request).getClientProtocolVersion());
log.add("pid", ((LoginRequest) request).getPID());
log.add("token", emptyToNull(((LoginRequest) request).getToken()));
} else if (request instanceof MvRequest) {
log.add("source", ((MvRequest) request).getSourcePath());
log.add("target", ((MvRequest) request).getTargetPath());
} else if (request instanceof PrepareRequest) {
log.add("options", "0x" + Integer.toHexString(((PrepareRequest) request).getOptions()));
if (((PrepareRequest) request).getPathList().length == 1) {
log.add("path", ((PrepareRequest) request).getPathList()[0]);
} else {
log.add("files", ((PrepareRequest) request).getPathList().length);
}
} else if (request instanceof QueryRequest) {
log.add("reqcode", getQueryReqCode(request));
int fhandle = ((QueryRequest) request).getFhandle();
if (fhandle != 0) {
log.add("fhandle", fhandle);
}
log.add("args", Strings.emptyToNull(((QueryRequest) request).getArgs()));
} else if (request instanceof StatxRequest) {
if (((StatxRequest) request).getPaths().length == 1) {
log.add("path", ((StatxRequest) request).getPaths()[0]);
} else {
log.add("files", ((StatxRequest) request).getPaths().length);
}
} else if (request instanceof SetRequest) {
final String APPID_PREFIX = "appid ";
final int APPID_PREFIX_LENGTH = APPID_PREFIX.length();
final int APPID_MSG_LENGTH = 80;
String data = ((SetRequest) request).getData();
if (data.startsWith(APPID_PREFIX)) {
log.add("appid", data.substring(APPID_PREFIX_LENGTH, Math.min(APPID_PREFIX_LENGTH + APPID_MSG_LENGTH, data.length())));
}
} else if (request instanceof EndSessionRequest) {
log.add("sessionId", ((EndSessionRequest) request).getSessionId());
} else if (request instanceof SyncRequest) {
log.add("handle", ((SyncRequest) request).getFileHandle());
}
log.add("response", getStatusCode(response));
if (response instanceof ErrorResponse) {
log.add("error.code", getErrorCode((ErrorResponse) response));
log.add("error.msg", ((ErrorResponse) response).getErrorMessage());
} else if (response instanceof RedirectResponse) {
log.add("host", ((RedirectResponse) response).getHost());
log.add("port", ((RedirectResponse) response).getPort());
log.add("token", emptyToNull(((RedirectResponse) response).getToken()));
} else if (response instanceof StatResponse) {
log.add("flags", ((StatResponse) response).getFlags());
log.add("modtime", Instant.ofEpochSecond(((StatResponse) response).getModificationTime()));
log.add("size", ((StatResponse) response).getSize());
} else if (response instanceof LoginResponse) {
log.add("sessionId", ((LoginResponse) response).getSessionId());
log.add("sec", emptyToNull(((LoginResponse) response).getSec()));
} else if (response instanceof OpenResponse) {
log.add("handle", ((OpenResponse) response).getFileHandle());
FileStatus fs = ((OpenResponse) response).getFileStatus();
if (fs != null) {
log.add("flags", fs.getFlags());
log.add("modtime", Instant.ofEpochSecond(fs.getModificationTime()));
log.add("size", fs.getSize());
}
}
log.toLogger(logger);
}
}
ctx.write(msg, promise);
}
Aggregations