xrootd
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | Static Private Attributes | Friends | List of all members
XrdSecProtocolgsi Class Reference

#include <XrdSecProtocolgsi.hh>

Inheritance diagram for XrdSecProtocolgsi:
Inheritance graph
[legend]
Collaboration diagram for XrdSecProtocolgsi:
Collaboration graph
[legend]

Public Member Functions

int Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)
 
XrdSecCredentialsgetCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)
 
 XrdSecProtocolgsi (int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0)
 
virtual ~XrdSecProtocolgsi ()
 
void Delete ()
 Delete the protocol object. DO NOT use C++ delete() on this object. More...
 
int Encrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf)
 
int Decrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf)
 
int Sign (const char *inbuf, int inlen, XrdSecBuffer **outbuf)
 
int Verify (const char *inbuf, int inlen, const char *sigbuf, int siglen)
 
int getKey (char *kbuf=0, int klen=0)
 
int setKey (char *kbuf, int klen)
 
- Public Member Functions inherited from XrdSecProtocol
virtual bool needTLS ()
 Check if this protocol requires TLS to properly function. More...
 
 XrdSecProtocol (const char *pName)
 Constructor. More...
 

Static Public Member Functions

static char * Init (gsiOptions o, XrdOucErrInfo *erp)
 
static XrdOucTraceEnableTracing ()
 

Private Member Functions

int ParseClientInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg)
 
int ClientDoInit (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ClientDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ClientDoPxyreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ParseServerInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ServerDoCertreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ServerDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ServerDoSigpxy (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ParseCrypto (String cryptlist)
 
int ParseCAlist (String calist)
 
bool ServerCertNameOK (const char *subject, const char *hname, String &e)
 
XrdSecCredentialsErrC (XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
 
int ErrS (String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
 
bool CheckTimeStamp (XrdSutBuffer *b, int skew, String &emsg)
 
bool CheckRtag (XrdSutBuffer *bm, String &emsg)
 
int AddSerialized (char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip)
 
void CopyEntity (XrdSecEntity *in, XrdSecEntity *out, int *lout=0)
 
void FreeEntity (XrdSecEntity *in)
 

Static Private Member Functions

static int GetCA (const char *cahash, XrdCryptoFactory *cryptof, gsiHSVars *hs=0)
 
static String GetCApath (const char *cahash)
 
static bool VerifyCA (int opt, X509Chain *cca, XrdCryptoFactory *cf)
 
static int VerifyCRL (XrdCryptoX509Crl *crl, XrdCryptoX509 *xca, XrdOucString crldir, XrdCryptoFactory *CF, int hashalg)
 
static XrdSutCacheEntryGetSrvCertEnt (XrdSutCERef &gcref, XrdCryptoFactory *cf, time_t timestamp, String &cal)
 
static XrdCryptoX509CrlLoadCRL (XrdCryptoX509 *xca, const char *sjhash, XrdCryptoFactory *CF, int dwld, int &err)
 
static int QueryProxy (bool checkcache, XrdSutCache *cache, const char *tag, XrdCryptoFactory *cf, time_t timestamp, ProxyIn_t *pi, ProxyOut_t *po)
 
static int InitProxy (ProxyIn_t *pi, XrdCryptoFactory *cf, X509Chain *ch=0, XrdCryptoRSA **key=0)
 
static void ErrF (XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0)
 
static XrdSecgsiGMAP_t LoadGMAPFun (const char *plugin, const char *parms)
 
static XrdSecgsiAuthz_t LoadAuthzFun (const char *plugin, const char *parms, int &fmt)
 
static XrdSecgsiVOMS_t LoadVOMSFun (const char *plugin, const char *parms, int &fmt)
 
static void QueryGMAP (XrdCryptoX509Chain *chain, int now, String &name)
 

Private Attributes

XrdNetAddrInfo epAddr
 
int options
 
XrdCryptoFactorysessionCF
 
XrdCryptoCiphersessionKey
 
XrdSutBucketbucketKey
 
XrdCryptoMsgDigestsessionMD
 
XrdCryptoRSAsessionKsig
 
XrdCryptoRSAsessionKver
 
X509ChainproxyChain
 
bool srvMode
 
char * expectedHost
 
bool useIV
 
gsiHSVarshs
 

Static Private Attributes

static XrdSysMutex gsiContext
 
static String CAdir
 
static String CRLdir
 
static String DefCRLext
 
static String SrvCert
 
static String SrvKey
 
static String UsrProxy
 
static String UsrCert
 
static String UsrKey
 
static String PxyValid
 
static int DepLength
 
static int DefBits
 
static int CACheck
 
static int CRLCheck
 
static int CRLDownload
 
static int CRLRefresh
 
static String DefCrypto
 
static String DefCipher
 
static String DefMD
 
static String DefError
 
static String GMAPFile
 
static int GMAPOpt
 
static bool GMAPuseDNname
 
static int GMAPCacheTimeOut
 
static XrdSecgsiGMAP_t GMAPFun
 
static XrdSecgsiAuthz_t AuthzFun
 
static XrdSecgsiAuthzKey_t AuthzKey
 
static int AuthzCertFmt
 
static int AuthzCacheTimeOut
 
static int PxyReqOpts
 
static int AuthzPxyWhat
 
static int AuthzPxyWhere
 
static int AuthzAlways
 
static String SrvAllowedNames
 
static int VOMSAttrOpt
 
static XrdSecgsiVOMS_t VOMSFun
 
static int VOMSCertFmt
 
static int MonInfoOpt
 
static bool HashCompatibility
 
static bool TrustDNS
 
static int ncrypt
 
static XrdCryptoFactorycryptF [XrdCryptoMax]
 
static int cryptID [XrdCryptoMax]
 
static String cryptName [XrdCryptoMax]
 
static XrdCryptoCipherrefcip [XrdCryptoMax]
 
static XrdSutCache cacheCA
 
static XrdSutCache cacheCert
 
static XrdSutCache cachePxy
 
static XrdSutCache cacheGMAPFun
 
static XrdSutCache cacheAuthzFun
 
static XrdOucGMapservGMap
 
static GSIStack
< XrdCryptoX509Chain
stackCA
 
static std::unique_ptr
< GSIStack< XrdCryptoX509Crl > > 
stackCRL
 
static time_t lastGMAPCheck
 
static XrdSysMutex mutexGMAP
 
static int Debug
 
static bool Server
 
static int TimeSkew
 
static XrdSysLogger Logger
 
static XrdSysError eDest
 
static XrdOucTraceGSITrace
 

Friends

class gsiOptions
 
class gsiHSVars
 

Additional Inherited Members

- Public Attributes inherited from XrdSecProtocol
XrdSecEntity Entity
 
- Protected Member Functions inherited from XrdSecProtocol
virtual ~XrdSecProtocol ()
 Destructor (prevents use of direct delete). More...
 

Constructor & Destructor Documentation

XrdSecProtocolgsi::XrdSecProtocolgsi ( int  opts,
const char *  hname,
XrdNetAddrInfo endPoint,
const char *  parms = 0 
)
virtual XrdSecProtocolgsi::~XrdSecProtocolgsi ( )
inlinevirtual

Member Function Documentation

int XrdSecProtocolgsi::AddSerialized ( char  opt,
kXR_int32  step,
String  ID,
XrdSutBuffer bls,
XrdSutBuffer buf,
kXR_int32  type,
XrdCryptoCipher cip 
)
private
int XrdSecProtocolgsi::Authenticate ( XrdSecCredentials cred,
XrdSecParameters **  parms,
XrdOucErrInfo einfo = 0 
)
virtual

Authenticate a client.

Parameters
credCredentials supplied by the client.
parmsPlace where the address of additional authentication data is to be placed for another autrhentication handshake.
einfoThe error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr.
Returns
> 0 -> parms present (more authentication needed) = 0 -> Entity present (authentication suceeded) < 0 -> einfo present (error has occurred)

Implements XrdSecProtocol.

bool XrdSecProtocolgsi::CheckRtag ( XrdSutBuffer bm,
String emsg 
)
private
bool XrdSecProtocolgsi::CheckTimeStamp ( XrdSutBuffer b,
int  skew,
String emsg 
)
private
int XrdSecProtocolgsi::ClientDoCert ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private
int XrdSecProtocolgsi::ClientDoInit ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private
int XrdSecProtocolgsi::ClientDoPxyreq ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private
void XrdSecProtocolgsi::CopyEntity ( XrdSecEntity in,
XrdSecEntity out,
int *  lout = 0 
)
private
int XrdSecProtocolgsi::Decrypt ( const char *  inbuff,
int  inlen,
XrdSecBuffer **  outbuff 
)
virtual

Decrypt data in inbuff using the session key.

Parameters
inbuffbuffer holding data to be decrypted.
inlenlength of the data.
outbuffplace where a pointer to the decrypted data is placed.
Returns
< 0 Failed,the return value is -errno (see Encrypt). = 0 Success, outbuff contains a pointer to the decrypted data. The caller is responsible for deleting the returned object.

Reimplemented from XrdSecProtocol.

void XrdSecProtocolgsi::Delete ( )
virtual

Delete the protocol object. DO NOT use C++ delete() on this object.

Implements XrdSecProtocol.

static XrdOucTrace* XrdSecProtocolgsi::EnableTracing ( )
static
int XrdSecProtocolgsi::Encrypt ( const char *  inbuff,
int  inlen,
XrdSecBuffer **  outbuff 
)
virtual

Encrypt data in inbuff using the session key.

Parameters
inbuffbuffer holding data to be encrypted.
inlenlength of the data.
outbuffplace where a pointer to the encrypted data is placed.
Returns
< 0 Failed, the return value is -errno of the reason. Typically, -EINVAL - one or more arguments are invalid. -NOTSUP - encryption not supported by the protocol -ENOENT - Context not innitialized = 0 Success, outbuff contains a pointer to the encrypted data. The caller is responsible for deleting the returned object.

Reimplemented from XrdSecProtocol.

XrdSecCredentials* XrdSecProtocolgsi::ErrC ( XrdOucErrInfo einfo,
XrdSutBuffer b1,
XrdSutBuffer b2,
XrdSutBuffer b3,
kXR_int32  ecode,
const char *  msg1 = 0,
const char *  msg2 = 0,
const char *  msg3 = 0 
)
private
static void XrdSecProtocolgsi::ErrF ( XrdOucErrInfo einfo,
kXR_int32  ecode,
const char *  msg1,
const char *  msg2 = 0,
const char *  msg3 = 0 
)
staticprivate
int XrdSecProtocolgsi::ErrS ( String  ID,
XrdOucErrInfo einfo,
XrdSutBuffer b1,
XrdSutBuffer b2,
XrdSutBuffer b3,
kXR_int32  ecode,
const char *  msg1 = 0,
const char *  msg2 = 0,
const char *  msg3 = 0 
)
private
void XrdSecProtocolgsi::FreeEntity ( XrdSecEntity in)
private
static int XrdSecProtocolgsi::GetCA ( const char *  cahash,
XrdCryptoFactory cryptof,
gsiHSVars hs = 0 
)
staticprivate
static String XrdSecProtocolgsi::GetCApath ( const char *  cahash)
staticprivate
XrdSecCredentials* XrdSecProtocolgsi::getCredentials ( XrdSecParameters parm = 0,
XrdOucErrInfo einfo = 0 
)
virtual

Generate client credentials to be used in the authentication process.

Parameters
parmPointer to the information returned by the server either in the initial login response or the authmore response.
einfoThe error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr.
Returns
Success: Pointer to credentials to sent to the server. The caller is responsible for deleting the object. Failure: Null pointer with einfo, if supplied, containing the reason for the failure.

Implements XrdSecProtocol.

int XrdSecProtocolgsi::getKey ( char *  buff = 0,
int  size = 0 
)
virtual

Get the current encryption key (i.e. session key)

Parameters
buffbuffer to hold the key, and may be null.
sizesize of the buffer.
Returns
< 0 Failed, returned value if -errno (see Encrypt) >= 0 The size of the encyption key. The supplied buffer of length size hold the key. If the buffer address is supplied, the key is placed in the buffer.

Reimplemented from XrdSecProtocol.

static XrdSutCacheEntry* XrdSecProtocolgsi::GetSrvCertEnt ( XrdSutCERef gcref,
XrdCryptoFactory cf,
time_t  timestamp,
String cal 
)
staticprivate
static char* XrdSecProtocolgsi::Init ( gsiOptions  o,
XrdOucErrInfo erp 
)
static
static int XrdSecProtocolgsi::InitProxy ( ProxyIn_t pi,
XrdCryptoFactory cf,
X509Chain ch = 0,
XrdCryptoRSA **  key = 0 
)
staticprivate
static XrdSecgsiAuthz_t XrdSecProtocolgsi::LoadAuthzFun ( const char *  plugin,
const char *  parms,
int &  fmt 
)
staticprivate
static XrdCryptoX509Crl* XrdSecProtocolgsi::LoadCRL ( XrdCryptoX509 xca,
const char *  sjhash,
XrdCryptoFactory CF,
int  dwld,
int &  err 
)
staticprivate
static XrdSecgsiGMAP_t XrdSecProtocolgsi::LoadGMAPFun ( const char *  plugin,
const char *  parms 
)
staticprivate
static XrdSecgsiVOMS_t XrdSecProtocolgsi::LoadVOMSFun ( const char *  plugin,
const char *  parms,
int &  fmt 
)
staticprivate
int XrdSecProtocolgsi::ParseCAlist ( String  calist)
private
int XrdSecProtocolgsi::ParseClientInput ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String emsg 
)
private
int XrdSecProtocolgsi::ParseCrypto ( String  cryptlist)
private
int XrdSecProtocolgsi::ParseServerInput ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private
static void XrdSecProtocolgsi::QueryGMAP ( XrdCryptoX509Chain chain,
int  now,
String name 
)
staticprivate
static int XrdSecProtocolgsi::QueryProxy ( bool  checkcache,
XrdSutCache cache,
const char *  tag,
XrdCryptoFactory cf,
time_t  timestamp,
ProxyIn_t pi,
ProxyOut_t po 
)
staticprivate
bool XrdSecProtocolgsi::ServerCertNameOK ( const char *  subject,
const char *  hname,
String e 
)
private
int XrdSecProtocolgsi::ServerDoCert ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private
int XrdSecProtocolgsi::ServerDoCertreq ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private
int XrdSecProtocolgsi::ServerDoSigpxy ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private
int XrdSecProtocolgsi::setKey ( char *  buff,
int  size 
)
virtual

Set the current encryption key

Parameters
buffbuffer that holds the key.
sizesize of the key.
Returns
: < 0 Failed, returned value if -errno (see Encrypt) = 0 The new key has been set.

Reimplemented from XrdSecProtocol.

int XrdSecProtocolgsi::Sign ( const char *  inbuff,
int  inlen,
XrdSecBuffer **  outbuff 
)
virtual

Sign data in inbuff using the session key.

Parameters
inbuffbuffer holding data to be signed.
inlenlength of the data.
outbuffplace where a pointer to the signature is placed.
Returns
< 0 Failed,the return value is -errno (see Encrypt). = 0 Success, outbuff contains a pointer to the signature. The caller is responsible for deleting the returned object.

Reimplemented from XrdSecProtocol.

int XrdSecProtocolgsi::Verify ( const char *  inbuff,
int  inlen,
const char *  sigbuff,
int  siglen 
)
virtual

Verify a signature using the session key.

Parameters
inbuffbuffer holding data to be verified.
inlenlength of the data.
sigbuffpointer to the signature data.
siglenlength of the signature data.
Returns
< 0 Failed,the return value is -errno (see Encrypt). = 0 Success, signature is correct. > 0 Failed to verify, signature does not match inbuff data.

Reimplemented from XrdSecProtocol.

static bool XrdSecProtocolgsi::VerifyCA ( int  opt,
X509Chain cca,
XrdCryptoFactory cf 
)
staticprivate
static int XrdSecProtocolgsi::VerifyCRL ( XrdCryptoX509Crl crl,
XrdCryptoX509 xca,
XrdOucString  crldir,
XrdCryptoFactory CF,
int  hashalg 
)
staticprivate

Friends And Related Function Documentation

friend class gsiHSVars
friend
friend class gsiOptions
friend

Member Data Documentation

int XrdSecProtocolgsi::AuthzAlways
staticprivate
int XrdSecProtocolgsi::AuthzCacheTimeOut
staticprivate
int XrdSecProtocolgsi::AuthzCertFmt
staticprivate
XrdSecgsiAuthz_t XrdSecProtocolgsi::AuthzFun
staticprivate
XrdSecgsiAuthzKey_t XrdSecProtocolgsi::AuthzKey
staticprivate
int XrdSecProtocolgsi::AuthzPxyWhat
staticprivate
int XrdSecProtocolgsi::AuthzPxyWhere
staticprivate
XrdSutBucket* XrdSecProtocolgsi::bucketKey
private
XrdSutCache XrdSecProtocolgsi::cacheAuthzFun
staticprivate
XrdSutCache XrdSecProtocolgsi::cacheCA
staticprivate
XrdSutCache XrdSecProtocolgsi::cacheCert
staticprivate
int XrdSecProtocolgsi::CACheck
staticprivate
XrdSutCache XrdSecProtocolgsi::cacheGMAPFun
staticprivate
XrdSutCache XrdSecProtocolgsi::cachePxy
staticprivate
String XrdSecProtocolgsi::CAdir
staticprivate
int XrdSecProtocolgsi::CRLCheck
staticprivate
String XrdSecProtocolgsi::CRLdir
staticprivate
int XrdSecProtocolgsi::CRLDownload
staticprivate
int XrdSecProtocolgsi::CRLRefresh
staticprivate
XrdCryptoFactory* XrdSecProtocolgsi::cryptF[XrdCryptoMax]
staticprivate
int XrdSecProtocolgsi::cryptID[XrdCryptoMax]
staticprivate
String XrdSecProtocolgsi::cryptName[XrdCryptoMax]
staticprivate
int XrdSecProtocolgsi::Debug
staticprivate
int XrdSecProtocolgsi::DefBits
staticprivate
String XrdSecProtocolgsi::DefCipher
staticprivate
String XrdSecProtocolgsi::DefCRLext
staticprivate
String XrdSecProtocolgsi::DefCrypto
staticprivate
String XrdSecProtocolgsi::DefError
staticprivate
String XrdSecProtocolgsi::DefMD
staticprivate
int XrdSecProtocolgsi::DepLength
staticprivate
XrdSysError XrdSecProtocolgsi::eDest
staticprivate
XrdNetAddrInfo XrdSecProtocolgsi::epAddr
private
char* XrdSecProtocolgsi::expectedHost
private
int XrdSecProtocolgsi::GMAPCacheTimeOut
staticprivate
String XrdSecProtocolgsi::GMAPFile
staticprivate
XrdSecgsiGMAP_t XrdSecProtocolgsi::GMAPFun
staticprivate
int XrdSecProtocolgsi::GMAPOpt
staticprivate
bool XrdSecProtocolgsi::GMAPuseDNname
staticprivate
XrdSysMutex XrdSecProtocolgsi::gsiContext
staticprivate
XrdOucTrace* XrdSecProtocolgsi::GSITrace
staticprivate
bool XrdSecProtocolgsi::HashCompatibility
staticprivate
gsiHSVars* XrdSecProtocolgsi::hs
private
time_t XrdSecProtocolgsi::lastGMAPCheck
staticprivate
XrdSysLogger XrdSecProtocolgsi::Logger
staticprivate
int XrdSecProtocolgsi::MonInfoOpt
staticprivate
XrdSysMutex XrdSecProtocolgsi::mutexGMAP
staticprivate
int XrdSecProtocolgsi::ncrypt
staticprivate
int XrdSecProtocolgsi::options
private
X509Chain* XrdSecProtocolgsi::proxyChain
private
int XrdSecProtocolgsi::PxyReqOpts
staticprivate
String XrdSecProtocolgsi::PxyValid
staticprivate
XrdCryptoCipher* XrdSecProtocolgsi::refcip[XrdCryptoMax]
staticprivate
bool XrdSecProtocolgsi::Server
staticprivate
XrdOucGMap* XrdSecProtocolgsi::servGMap
staticprivate
XrdCryptoFactory* XrdSecProtocolgsi::sessionCF
private
XrdCryptoCipher* XrdSecProtocolgsi::sessionKey
private
XrdCryptoRSA* XrdSecProtocolgsi::sessionKsig
private
XrdCryptoRSA* XrdSecProtocolgsi::sessionKver
private
XrdCryptoMsgDigest* XrdSecProtocolgsi::sessionMD
private
String XrdSecProtocolgsi::SrvAllowedNames
staticprivate
String XrdSecProtocolgsi::SrvCert
staticprivate
String XrdSecProtocolgsi::SrvKey
staticprivate
bool XrdSecProtocolgsi::srvMode
private
GSIStack<XrdCryptoX509Chain> XrdSecProtocolgsi::stackCA
staticprivate
std::unique_ptr<GSIStack<XrdCryptoX509Crl> > XrdSecProtocolgsi::stackCRL
staticprivate

Referenced by gsiHSVars::~gsiHSVars().

int XrdSecProtocolgsi::TimeSkew
staticprivate
bool XrdSecProtocolgsi::TrustDNS
staticprivate
bool XrdSecProtocolgsi::useIV
private
String XrdSecProtocolgsi::UsrCert
staticprivate
String XrdSecProtocolgsi::UsrKey
staticprivate
String XrdSecProtocolgsi::UsrProxy
staticprivate
int XrdSecProtocolgsi::VOMSAttrOpt
staticprivate
int XrdSecProtocolgsi::VOMSCertFmt
staticprivate
XrdSecgsiVOMS_t XrdSecProtocolgsi::VOMSFun
staticprivate

The documentation for this class was generated from the following file: