Skip to content

Redirtoken #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Jo-stfc wants to merge 20 commits into
base: v5.7.3patched
Choose a base branch
from
Open

Redirtoken #29

Jo-stfc wants to merge 20 commits into from

Conversation

@Jo-stfc
Copy link
Collaborator

@Jo-stfc Jo-stfc commented Apr 24, 2025

token to macaroon conversion for redirection

bbockelm and others added 20 commits September 3, 2024 16:37
@bbockelm @amadio
Add support for "Bad Gateway" HTTP status code
ce2fad6 
Map various connection-related errors in XrdCl in XCache all the
way through to the HTTP layer.

This allows a failure to connect to the origin to be represented
with the correct status code ("Bad Gateway"); currently, a down
origin results in a 500 ("Internal Server Error") which is misleading
for users.
@amadio
[XrdCl, Python] Use uint32_t for job ids and number of copy jobs
7a00ed0 
Fixes: xrootd#2235
@amadio
[XrdApps, XrdCl, XrdEc, Python] Use time_t for times and timeouts
43536c4 
Fixes: xrootd#2236
@abh3 @amadio
[Server] Implement extended error messages for proxy servers.
fcd2190
@abh3 @amadio
[Utils] Add method to convert bytes to human readable notation.
4feed8b
@abh3 @amadio
[Utils] Fix missing class annotation.
6ea9a30
@amadio
[XrdPss] Fix Clang -Winconsistent-missing-override warnings
51faab0
@abh3 @amadio
[Server] Add generic interface to report summary values for monitoring.
ecbc4ec
@abh3 @amadio
[Server] Send Firefly packets from the client's perspective. Fixes xr…
9933e04 
…ootd#2322
@ellert @abh3
[Server] Correct spelling (permision → permission)
1470338
@ellert @abh3
Protect against array index out of bounds
7836a0f 
Seen on hppa Linux where EBADE is 160.

In function ‘int {anonymous}::initErrTable()’,
    inlined from ‘void __static_initialization_and_destruction_0()’ at /<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc:92:28,
    inlined from ‘(static initializers for /<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc)’ at /<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc:128:1:
/<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc:70:26: warning: array subscript 160 is above array bounds of ‘const char* [144]’ [-Warray-bounds=]
   70 |    if (Errno2String[EBADE]) {
      |        ~~~~~~~~~~~~~~~~~~^
/<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc: In function ‘(static initializers for /<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc)’:
/<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc:48:28: note: while referencing ‘{anonymous}::Errno2String’
   48 |        const char*         Errno2String[errSlots] = {0};
      |                            ^~~~~~~~~~~~
In function ‘int {anonymous}::initErrTable()’,
    inlined from ‘void __static_initialization_and_destruction_0()’ at /<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc:92:28,
    inlined from ‘(static initializers for /<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc)’ at /<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc:128:1:
/<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc:74:22: warning: array subscript 160 is above array bounds of ‘const char* [144]’ [-Warray-bounds=]
   74 |    Errno2String[EBADE] = "authentication failed - possible invalid exchange";
      |    ~~~~~~~~~~~~~~~~~~^
/<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc: In function ‘(static initializers for /<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc)’:
/<<PKGBUILDDIR>>/src/XrdSys/XrdSysE2T.cc:48:28: note: while referencing ‘{anonymous}::Errno2String’
   48 |        const char*         Errno2String[errSlots] = {0};
      |                            ^~~~~~~~~~~~
@ellert @abh3
Add error string to e2sMap if EBADE is out of range
f633e0f
@ellert @amadio
Change type in XrdSutCacheArg_t to long long
ca9c703 
The XrdSutCacheArg_t type is used to pass arguments of different
types. The type used must be wide enough to fit the widest of the
types passed. One of the types passed is time_t, which can be 64 bits
wide also on 32-bit systems. So a long, which is 32 bits wide on a
32-bit system is not sufficient.

This commit changes the type to long long.

Fixes: xrootd#2272
@bbockelm
Adjust CMake so macaroons can build with json-c
c828132 
Without the patch, Mac OS X is missing the macros for the json-c
library.
@bbockelm
Add new http.redirtoken functionality
1349803 
When `http.redirtoken` is enabled, a valid SciToken in the URL as
an `authz` argument will be replaced with a sufficient Macaroon.

The redirected Macaroon will have a few-second lifetime and be specific
to the path being accessed.
@bbockelm
Extract out common generator code for macaroons
b69e55e 
Given the handler and the SciTokens plugin will want to invoke the
macaroon generation code, extract it out into a standalone class in
the XrdMacaroons directory.

The intent of this code is to keep the libmacaroons code inside the
XrdMacaroons directory.  The cmake changes to build this code will
eventually be replaced with a plugin interface.

A subsequent commit will switch XrdMacaroons library to utilize
this generator code.
@bbockelm
Migrate XrdMacaroons to utilize the new generator class
439badd 
This migrates the handler class to use the new XrdMacaroonsGenerator
class for its HTTP plugin.
@bbockelm
Merge XrdMacaroon users to utilize the same configuration logic
ef99485 
This commit consolidates all the invocations of the Macaroons
configuration to a single implementation, ensuring that the logic
is only invoked once per process.
@bbockelm
Bugfixes from hand-testing new common Macaroon generation code
3a2be48
@bbockelm
Fixup minor build issues on non-Mac OS X platforms
a4248b4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Jo-stfc @bbockelm @amadio @abh3 @ellert