XrdOucUtils.cc File Reference

#include <cctype>
#include <grp.h>
#include <cstdio>
#include <list>
#include <vector>
#include <unordered_set>
#include <algorithm>
#include <charconv>
#include <random>
#include <regex.h>
#include <fcntl.h>
#include <math.h>
#include <pwd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <map>
#include <iomanip>
#include "XrdNet/XrdNetUtils.hh"
#include "XrdOuc/XrdOucCRC.hh"
#include "XrdOuc/XrdOucEnv.hh"
#include "XrdOuc/XrdOucSHA3.hh"
#include "XrdOuc/XrdOucStream.hh"
#include "XrdOuc/XrdOucString.hh"
#include "XrdOuc/XrdOucUtils.hh"
#include "XrdOuc/XrdOucPrivateUtils.hh"
#include "XrdSys/XrdSysE2T.hh"
#include "XrdSys/XrdSysError.hh"
#include "XrdSys/XrdSysPlatform.hh"
#include "XrdSys/XrdSysPthread.hh"

Include dependency graph for XrdOucUtils.cc:

Go to the source code of this file.

Macros
#define	ENODATA   ENOATTR
#define	SHFT(k)
#define	SHFT(k, m)

Functions
static int	from_hex (char c)
static bool	is_rfc3986_unreserved (unsigned char c)
static bool	is_token_character (int c)
std::string	obfuscateAuth (const std::string &input)
void	splitHostCgi (std::string_view target, std::string &host, std::string &cgi)
void	stripCgi (std::string &url, const std::unordered_set< std::string > &cgiKeys)
void	stripCgi (XrdOucString &url, const std::unordered_set< std::string > &cgiKeys)

Macro Definition Documentation

ENODATA

#define ENODATA   ENOATTR

Definition at line 69 of file XrdOucUtils.cc.

SHFT [1/2]

#define SHFT

(

k

)

Value:

if (n >= (1ULL << k)) { i += k; n >>= k; }

Referenced by XrdOucUtils::Log10(), and XrdOucUtils::Log2().

SHFT [2/2]

#define SHFT	(		k,
			m )

Value:

if (n >= m) { i += k; n /= m; }

Function Documentation

from_hex()

int from_hex ( char c )

static

Definition at line 1673 of file XrdOucUtils.cc.

{
  if (c >= '0' && c <= '9') return c - '0';
  if (c >= 'A' && c <= 'F') return c - 'A' + 10;
  if (c >= 'a' && c <= 'f') return c - 'a' + 10;
  return -1;
}

Referenced by XrdOucUtils::UrlDecode().

Here is the caller graph for this function:

is_rfc3986_unreserved()

bool is_rfc3986_unreserved ( unsigned char c )

static

Definition at line 1642 of file XrdOucUtils.cc.

{
  return std::isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~';
}

Referenced by XrdOucUtils::UrlEncode().

Here is the caller graph for this function:

is_token_character()

bool is_token_character ( int c )

static

Returns a boolean indicating whether 'c' is a valid token character or not. See https://datatracker.ietf.org/doc/html/rfc6750#section-2.1 for details.

Definition at line 1588 of file XrdOucUtils.cc.

{
  if (isalnum(c))
    return true;
 
  static constexpr char token_chars[] = "-._~+/=:%";
 
  for (char ch : token_chars)
    if (c == ch)
      return true;
 
  return false;
}

Referenced by obfuscateAuth(), and stripCgi().

Here is the caller graph for this function:

obfuscateAuth()

std::string obfuscateAuth

(

const std::string &

input

)

This function obfuscates away authz= cgi elements and/or HTTP authorization headers from URL or other log line strings which might contain them.

Parameters

input

the string to obfuscate

Returns

the string with token values obfuscated

Obfuscates strings containing "authz=value", "Authorization: value", "TransferHeaderAuthorization: value", "WhateverAuthorization: value" in a case insensitive way.

Parameters

input

the string to obfuscate

Definition at line 1610 of file XrdOucUtils.cc.

{
  static const regex_t auth_regex = []() {
    constexpr char re[] =
      "(authz=|(transferheader)?(www-|proxy-)?auth(orization|enticate)[[:space:]]*:[[:space:]]*)"
      "(Bearer([[:space:]]|%20)?(token([[:space:]]|%20)?)?)?";
 
    regex_t regex;
 
    if (regcomp(&regex, re, REG_EXTENDED | REG_ICASE) != 0)
      throw std::runtime_error("Failed to compile regular expression");
 
    return regex;
  }();
 
  regmatch_t match;
  size_t offset = 0;
  std::string redacted;
  const char *const text = input.c_str();
 
  while (regexec(&auth_regex, text + offset, 1, &match, 0) == 0) {
    redacted.append(text + offset, match.rm_eo).append("REDACTED");
 
    offset += match.rm_eo;
 
    while (offset < input.size() && is_token_character(input[offset]))
      ++offset;
  }
 
  return redacted.append(text + offset);
}

References is_token_character().

Referenced by XrdPfc::Cache::Attach(), XrdPosixXrootd::Close(), XrdPosixFile::DelayedDestroy(), XrdPosixFile::DelayedDestroy(), XrdPosixPrepIO::Disable(), XrdCl::URL::FromString(), XrdPssSys::FSctl(), XrdPssCks::Get(), XrdCl::URL::GetObfuscatedURL(), XrdCl::Utils::LogPropertyList(), main(), XrdPssSys::Mkdir(), XrdPssFile::Open(), XrdPssDir::Opendir(), XrdHttpProtocol::Process(), XrdHttpReq::ProcessHTTPReq(), XrdPssSys::Remdir(), XrdPssSys::Rename(), XrdCl::Message::SetDescription(), XrdPssSys::Stat(), XrdPssSys::Truncate(), and XrdPssSys::Unlink().

Here is the call graph for this function:

Here is the caller graph for this function:

splitHostCgi()

void splitHostCgi	(	std::string_view	target,
		std::string &	host,
		std::string &	cgi )

Split a "host[?cgi]" string at its first '?'.

Parameters

target	the "host[?cgi]" string to split
host	output: the portion before the first '?', or the whole string when target contains no '?'
cgi	output: the first '?' and everything after it (so it begins with '?'), or empty when target contains no '?'

Definition at line 1751 of file XrdOucUtils.cc.

{
  const size_t q = target.find('?');
  if (q == std::string::npos) {host.assign(target); cgi.clear();}
     else {host.assign(target.data(), q);
           cgi.assign(target.data() + q, target.size() - q);
          }
}

Referenced by XrdXrootdRedirHelper::Redirect().

Here is the caller graph for this function:

stripCgi() [1/2]

void stripCgi	(	std::string &	url,
		const std::unordered_set< std::string > &	cgiKeys )

Strip selected CGI elements (e.g. "authz=...") from a string/URL.

Parameters

url	the string/URL to sanitize
cgiKeys	CGI parameter names to remove (without the trailing '=')

Strip selected CGI elements (e.g. "authz=...") from a string/URL. The function removes occurrences of "<key>=<token>" for each key in cgiKeys

Parameters

url	the string/URL to sanitize (modified in-place)
cgiKeys	CGI parameter names to remove (without the trailing '=')

Definition at line 1717 of file XrdOucUtils.cc.

{
  for (const auto &key : cgiKeys) {
    if (key.empty())
      continue;
 
    const std::string needle = key + "=";
    size_t spos = 0, epos = 0;
 
    while ((spos = url.find(needle, spos)) != std::string::npos) {
      epos = spos;
      while (epos < url.size() && is_token_character(url[epos]))
        ++epos;
      url.erase(spos, epos - spos);
    }
  }
 
  // If a stripped CGI was the first element, remove the extra &
  size_t spos = 0;
  if ((spos = url.find("?&")) != std::string::npos)
    url.erase(spos + 1, 1);
 
  // If stripping removed the only query parameter, remove the dangling ?
  if (!url.empty() && url.back() == '?')
    url.pop_back();
}

References is_token_character().

Referenced by XrdHttpReq::Redir(), and stripCgi().

Here is the call graph for this function:

Here is the caller graph for this function:

stripCgi() [2/2]

void stripCgi	(	XrdOucString &	url,
		const std::unordered_set< std::string > &	cgiKeys )

Definition at line 1744 of file XrdOucUtils.cc.

{
  std::string tmp = url.c_str();
  stripCgi(tmp, cgiKeys);
  url = tmp.c_str();
}

References XrdOucString::c_str(), and stripCgi().

Here is the call graph for this function: