Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gfal_common: add feature to read tokens from files #21

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

gfal_common: add feature to read tokens from files #21

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 43 additions & 3 deletions src/core/common/gfal_common.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,12 +67,26 @@ static void gfal_setCredentialLocation(const char *where, gfal2_context_t handle
gfal2_log(G_LOG_LEVEL_DEBUG, "Private key: %s", key);
}

static void gfal_setBearerToken(gfal2_context_t handle, const char *token)
static void gfal_setBearerToken(gfal2_context_t handle, const char *token, const char *token_src_type, const char *token_src)
{
GError *error = NULL;
gfal2_set_opt_string(handle, "BEARER", "TOKEN", token, &error);
g_clear_error(&error);
gfal2_log(G_LOG_LEVEL_DEBUG, "Using BEARER token credentials from the env");
gfal2_log(G_LOG_LEVEL_DEBUG, "Using BEARER token credentials from %s (%s)", token_src_type, token_src);
}

static gboolean gfal_setBearerTokenFile(gfal2_context_t handle, const char *token_filename, gboolean warn_if_unreadable)
{
gchar *token_data = NULL;
gboolean token_read = g_file_get_contents(token_filename, &token_data, NULL, NULL);
if (token_read) {
gfal_setBearerToken(handle, g_strchomp(token_data), "file", token_filename);
g_free(token_data);
return TRUE;
} else {
gfal2_log(warn_if_unreadable ? G_LOG_LEVEL_WARNING : G_LOG_LEVEL_DEBUG, "Unable to read bearer token file %s", token_filename);
}
return FALSE;
}

// Setup default credentials depending on the environment
Expand All @@ -81,9 +95,35 @@ static void gfal_initCredentialLocation(gfal2_context_t handle)
//check first if BEARER is on the env
const char *token = getenv("BEARER_TOKEN");
if (token != NULL) {
gfal_setBearerToken(handle, token);
gfal_setBearerToken(handle, token, "environment", "BEARER_TOKEN");
return;
}
//then, check whether BEARER_TOKEN_FILE is set
const char *token_filename = getenv("BEARER_TOKEN_FILE");
if (token_filename != NULL) {
if (gfal_setBearerTokenFile(handle, token_filename, TRUE)) {
return;
}
}
//check well-known XDG location
const char *xdg_runtime_dir = getenv("XDG_RUNTIME_DIR");
if (xdg_runtime_dir != NULL) {
GString *xdg_token_filename = g_string_new(xdg_runtime_dir);
g_string_append_printf(xdg_token_filename, "/bt_u%d", geteuid());
if (gfal_setBearerTokenFile(handle, xdg_token_filename->str, FALSE)) {
g_string_free(xdg_token_filename, TRUE);
return;
}
g_string_free(xdg_token_filename, TRUE);
}
//check /tmp location
GString *tmp_token_filename = g_string_new("/tmp");
g_string_append_printf(tmp_token_filename, "/bt_u%d", geteuid());
if (gfal_setBearerTokenFile(handle, tmp_token_filename->str, FALSE)) {
g_string_free(tmp_token_filename, TRUE);
return;
}
g_string_free(tmp_token_filename, TRUE);
// X509_USER_PROXY
const char *proxy = getenv("X509_USER_PROXY");
if (proxy != NULL) {
Expand Down