xrootd
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
XrdSecProtocolpwd.hh
Go to the documentation of this file.
1 /******************************************************************************/
2 /* */
3 /* X r d S e c P r o t o c o l p w d . h h */
4 /* */
5 /* (c) 2005 by the Board of Trustees of the Leland Stanford, Jr., University */
6 /* Produced by Gerri Ganis for CERN */
7 /* */
8 /* This file is part of the XRootD software suite. */
9 /* */
10 /* XRootD is free software: you can redistribute it and/or modify it under */
11 /* the terms of the GNU Lesser General Public License as published by the */
12 /* Free Software Foundation, either version 3 of the License, or (at your */
13 /* option) any later version. */
14 /* */
15 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
16 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
17 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
18 /* License for more details. */
19 /* */
20 /* You should have received a copy of the GNU Lesser General Public License */
21 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
22 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
23 /* */
24 /* The copyright holder's institutional names and contributor's names may not */
25 /* be used to endorse or promote products derived from this software without */
26 /* specific prior written permission of the institution or contributor. */
27 /******************************************************************************/
28 
29 #include "XrdNet/XrdNetAddrInfo.hh"
30 
31 #include "XrdOuc/XrdOucErrInfo.hh"
32 #include "XrdSys/XrdSysPthread.hh"
33 #include "XrdOuc/XrdOucString.hh"
35 
38 
39 #include "XrdSut/XrdSutPFEntry.hh"
40 #include "XrdSut/XrdSutPFile.hh"
41 #include "XrdSut/XrdSutBuffer.hh"
42 #include "XrdSut/XrdSutRndm.hh"
43 
47 
48 /******************************************************************************/
49 /* D e f i n e s */
50 /******************************************************************************/
51 
53 
54 #define XrdSecPROTOIDENT "pwd"
55 #define XrdSecPROTOIDLEN sizeof(XrdSecPROTOIDENT)
56 #define XrdSecpwdVERSION 10100
57 #define XrdSecNOIPCHK 0x0001
58 #define XrdSecDEBUG 0x1000
59 #define XrdCryptoMax 10
60 
61 #define kMAXBUFLEN 1024
62 #define kMAXUSRLEN 9
63 #define kMAXPWDLEN 64
64 
65 //
66 // Message codes either returned by server or included in buffers
67 enum kpwdStatus {
68  kpST_error = -1, // error occurred
69  kpST_ok = 0, // ok
70  kpST_more = 1 // need more info
71 };
72 
73 //
74 // Auto-reg modes
76  kpAR_none = 0, // autoreg disabled
77  kpAR_users = 1, // only for tags in password files (local, system's)
78  kpAR_all = 2 // for all tags
79 };
80 
81 //
82 // Client update autologin modes
83 enum kpwdUpdate {
84  kpUP_none = 0, // no update
85  kpUP_remove = 1, // remove obsolete entries only
86  kpUP_all = 2 // remove obsolete entries and register new valid info
87 };
88 
89 //
90 // Creds input type
92  kpCI_undef = -1, // undefined
93  kpCI_prompt = 0, // from prompt
94  kpCI_exact = 1, // from FileNetRc, exact tag
95  kpCI_wildcard = 2 // from FileNetRc, wildcard tag
96 };
97 
98 //
99 // Creds type (for prompt)
101  kpCT_undef = -1, // undefined
102  kpCT_normal = 0, // confirmed credentials
103  kpCT_onetime = 1, // one-time credentials
104  kpCT_old = 2, // old credentials to be changed
105  kpCT_new = 3, // new credentials to be confirmed
106  kpCT_newagain = 4, // new credentials again for confirmation
107  kpCT_autoreg = 5, // autoreg: new creds to be confirmed
108  kpCT_ar_again = 6, // autoreg: new creds again for confirmation
109  kpCT_crypt = 7, // standard crypt hash
110  kpCT_afs = 8, // AFS plain password
111  kpCT_afsenc = 9 // AFS encrypted password
112 };
113 
114 //
115 // Creds actions
117  kpCA_undef = -1, // undefined
118  kpCA_check = 0, // normal check of credentials
119  kpCA_checkold = 1, // check current creds before asking for new ones
120  kpCA_cache = 2, // cache received (new) credentials
121  kpCA_checkcache = 3 // check cached credentials and save them, if ok
122 };
123 
124 // Client steps
127  kXPC_normal = 1000, // 1000: standard packet
128  kXPC_verifysrv, // 1001: request for server verification
129  kXPC_signedrtag, // 1002: signed rtag (after server request for verification)
130  kXPC_creds, // 1003: credentials packet
131  kXPC_autoreg, // 1004: query for autoregistration
132  kXPC_failureack, // 1005: failure acknowledgement
134 };
135 
136 // Server steps
139  kXPS_init = 2000, // 2000: fake code used the first time
140  kXPS_credsreq, // 2001: request for credentials
141  kXPS_rtag, // 2002: rndm tag to be signed (strong verification)
142  kXPS_signedrtag, // 2003: signed rtag (after client request for verification)
143  kXPS_newpuk, // 2004: new public part for session ciphers
144  kXPS_puk, // 2005: public part for session ciphers (after autoreg)
145  kXPS_failure, // 2006: signal failure to client to drop invalid cached info
147 };
148 
149 // Error codes
151  kPWErrParseBuffer = 10000, // 10000
156  kPWErrNoUser, // 10005
157  kPWErrNoHost, // 10006
158  kPWErrBadUser, // 10007
163  kPWErrGenCipher, // 10012
164  kPWErrExportPuK, // 10013
167  kPWErrNoRndmTag, // 10016
168  kPWErrNoCipher, // 10017
170  kPWErrNoCreds, // 10019
171  kPWErrBadPasswd, // 10020
172  kPWErrBadCache, // 10021
173  kPWErrNoCache, // 10022
174  kPWErrNoSessID, // 10023
175  kPWErrBadSessID, // 10024
176  kPWErrBadOpt, // 10025
177  kPWErrMarshal, // 10026
178  kPWErrUnmarshal, // 10027
179  kPWErrSaveCreds, // 10028
180  kPWErrNoSalt, // 10029
181  kPWErrNoBuffer, // 10030
182  kPWErrRefCipher, // 10031
183  kPWErrNoPublic, // 10032
184  kPWErrAddBucket, // 10033
185  kPWErrFinCipher, // 10034
186  kPWErrInit, // 10034
187  kPWErrBadCreds, // 10035
188  kPWErrError // 10036
189 };
190 
191 // Structuring the status word
192 typedef struct {
193  char ctype;
194  char action;
195  short options;
196 } pwdStatus_t;
197 
198 #define REL1(x) { if (x) delete x; }
199 #define REL2(x,y) { if (x) delete x; if (y) delete y; }
200 #define REL3(x,y,z) { if (x) delete x; if (y) delete y; if (z) delete z; }
201 #if 0
202 #ifndef NODEBUG
203 #define PRINT(y) {{SecTrace->Beg(epname); cerr <<y; SecTrace->End();}}
204 #else
205 #define PRINT(y) { }
206 #endif
207 #endif
208 #define SafeDelete(x) { if (x) delete x ; x = 0; }
209 #define SafeDelArray(x) { if (x) delete [] x ; x = 0; }
210 
211 //
212 // This a small class to set the relevant options in one go
213 //
214 class pwdOptions {
215 public:
216  short debug; // [cs] debug flag
217  short mode; // [cs] 'c' or 's'
218  short areg; // [cs] auto-registration opt (s); update-autolog-info opt (c)
219  short upwd; // [s] check / do-not-check pwd file in user's $HOME
220  short alog; // [c] check / do-not-check user's autologin info
221  short verisrv; // [c] verify / do-not-verify server ownership of srvpuk
222  short vericlnt; // [s] level of verification client ownership of clntpuk
223  short syspwd; // [s] check / do-not-check system pwd (requires privileges)
224  int lifecreds; // [s] lifetime in seconds of credentials
225  int maxprompts; // [c] max number of empty prompts
226  int maxfailures; // [s] max passwd failures before blocking
227  char *clist; // [s] list of crypto modules ["ssl"]
228  char *dir; // [s] directory with admin pwd files [$HOME/.xrd]
229  char *udir; // [s] users's sub-directory with pwd files [$HOME/.xrd]
230  char *cpass; // [s] users's crypt hash pwd file [$HOME/.xrootdpass]
231  char *alogfile; // [c] autologin file [$HOME/.xrd/pwdnetrc]
232  char *srvpuk; // [c] file with server puks [$HOME/.xrd/pwdsrvpuk]
233  short keepcreds; // [s] keep / do-not-keep client credentials
234  char *expcreds; // [s] (template for) file with exported creds
235  int expfmt; // [s] formta for exported credentials
236 
237  pwdOptions() { debug = -1; mode = 's'; areg = -1; upwd = -1; alog = -1;
238  verisrv = -1; vericlnt = -1;
239  syspwd = -1; lifecreds = -1; maxprompts = -1; maxfailures = -1;
240  clist = 0; dir = 0; udir = 0; cpass = 0;
241  alogfile = 0; srvpuk = 0; keepcreds = 0; expcreds = 0; expfmt = 0;}
242  virtual ~pwdOptions() { } // Cleanup inside XrdSecProtocolpwdInit
243  void Print(XrdOucTrace *t); // Print summary of pwd option status
244 };
245 
246 class pwdHSVars {
247 public:
248  int Iter; // iteration number
249  int TimeStamp; // Time of last call
250  String CryptoMod; // crypto module in use
251  String User; // remote username
252  String Tag; // tag for credentials
253  int RemVers; // Version run by remote counterpart
254  XrdCryptoFactory *CF; // crypto factory
255  XrdCryptoCipher *Hcip; // handshake cipher
256  XrdCryptoCipher *Rcip; // reference cipher
257  String ID; // Handshake ID (dummy for clients)
258  XrdSutPFEntry *Cref; // Cache reference
259  XrdSutPFEntry *Pent; // Pointer to relevant file entry
260  bool RtagOK; // Rndm tag checked / not checked
261  pwdStatus_t Status; // Some state flags
262  bool Tty; // Terminal attached / not attached
263  int Step; // Current step
264  int LastStep; // Step required at previous iteration
265  String ErrMsg; // Last error message
266  int SysPwd; // 0 = no, 1 = Unix sys pwd, 2 = AFS pwd
267  String AFScell; // AFS cell if it makes sense
268  XrdSutBuffer *Parms; // Buffer with server parms on first iteration
269 
270  pwdHSVars() { Iter = 0; TimeStamp = -1; CryptoMod = ""; User = ""; Tag = "";
271  RemVers = -1; CF = 0; Hcip = 0; Rcip = 0;
272  ID = ""; Cref = 0; Pent = 0; RtagOK = 0; Tty = 0;
273  Step = 0; LastStep = 0; ErrMsg = "";
274  SysPwd = 0; AFScell = "";
275  Status.ctype = 0; Status.action = 0; Status.options = 0; Parms = 0;}
276 
278 };
279 
280 
281 /******************************************************************************/
282 /* X r d S e c P r o t o c o l p w d C l a s s */
283 /******************************************************************************/
284 
286 {
287 public:
288  int Authenticate (XrdSecCredentials *cred,
289  XrdSecParameters **parms,
290  XrdOucErrInfo *einfo=0);
291 
293  XrdOucErrInfo *einfo=0);
294 
295  XrdSecProtocolpwd(int opts, const char *hname,
296  XrdNetAddrInfo &endPoint,
297  const char *parms = 0);
298  virtual ~XrdSecProtocolpwd() {} // Delete() does it all
299 
300  // Initialization methods
301  static char *Init(pwdOptions o, XrdOucErrInfo *erp);
302 
303  void Delete();
304 
305  static void PrintTimeStat();
306 
307  // Enable tracing
308  static XrdOucTrace *EnableTracing();
309 
310 private:
311 
312  // Static members initialized at startup
315  static String FileExpCreds; // (Template for) file with exported creds [S]
316  static String FileUser;
319  static String SrvID;
320  static String SrvEmail;
322  static String DefError;
323  static XrdSutPFile PFAdmin; // Admin file [S]
324  static XrdSutPFile PFAlog; // Autologin file [CS]
325  static XrdSutPFile PFSrvPuk; // File with server public keys [CS]
326  //
327  // Crypto related info
328  static int ncrypt; // Number of factories
329  static int cryptID[XrdCryptoMax]; // their IDs
330  static String cryptName[XrdCryptoMax]; // their names
331  static XrdCryptoCipher *loccip[XrdCryptoMax]; // local ciphers
332  static XrdCryptoCipher *refcip[XrdCryptoMax]; // ref for session ciphers
333  //
334  // Caches for info files
335  static XrdSutPFCache cacheAdmin; // Admin file
336  static XrdSutPFCache cacheSrvPuk; // SrvPuk file
337  static XrdSutPFCache cacheUser; // User files
338  static XrdSutPFCache cacheAlog; // Autologin file
339  //
340  // Running options / settings
341  static int Debug; // [CS] Debug level
342  static bool Server; // [CS] If server mode
343  static int UserPwd; // [S] Check passwd file in user's <xrdsecdir>
344  static bool SysPwd; // [S] Check system passwd file if allowed
345  static int VeriClnt; // [S] Client verification level
346  static int VeriSrv; // [C] Server verification level
347  static int AutoReg; // [S] Autoreg mode
348  static int LifeCreds; // [S] if > 0, credential lifetime in secs
349  static int MaxPrompts; // [C] Repeating prompt
350  static int MaxFailures; // [S] Max passwd failures before blocking
351  static int AutoLogin; // [C] do-not-check/check/update autolog info
352  static int TimeSkew; // [CS] Allowed skew in secs for time stamps
353  static bool KeepCreds; // [S] Keep / Do-Not-Keep client creds
354  static int FmtExpCreds; // [S] Format for the exported credentials
355  //
356  // for error logging and tracing
360 
361  // Information local to this instance
363  int options;
364  char CName[256]; // Client-name
365  bool srvMode; // TRUE if server mode
366 
367  // Handshake local info
369 
370  // Acquired credentials (server side)
372 
373  // Parsing received buffers
375  String &emsg);
377  String &cmsg);
378  int ParseCrypto(XrdSutBuffer *buf);
379 
380  // Error functions
381  static void ErrF(XrdOucErrInfo *einfo, kXR_int32 ecode,
382  const char *msg1, const char *msg2 = 0,
383  const char *msg3 = 0);
385  XrdSutBuffer *b2,XrdSutBuffer *b3,
386  kXR_int32 ecode, const char *msg1 = 0,
387  const char *msg2 = 0, const char *msg3 = 0);
388  int ErrS(String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1,
389  XrdSutBuffer *b2, XrdSutBuffer *b3,
390  kXR_int32 ecode, const char *msg1 = 0,
391  const char *msg2 = 0, const char *msg3 = 0);
392 
393  // Query methods
394  XrdSutBucket *QueryCreds(XrdSutBuffer *bm, bool netrc, int &status);
395  int QueryUser(int &status, String &cmsg);
396  int QueryCrypt(String &fn, String &pwhash);
397  int QueryNetRc(String host, String &passwd, int &status);
398 
399  // Check credentials
400  bool CheckCreds(XrdSutBucket *creds, int credtype);
401  bool CheckCredsAFS(XrdSutBucket *creds, int ctype);
402 
403  // Check Time stamp
404  bool CheckTimeStamp(XrdSutBuffer *b, int skew, String &emsg);
405 
406  // Check random challenge
407  bool CheckRtag(XrdSutBuffer *bm, String &emsg);
408 
409  // Saving / Updating
410  int ExportCreds(XrdSutBucket *creds);
411  int SaveCreds(XrdSutBucket *creds);
412  int UpdateAlog();
413 
414  // Auxilliary methods
415  int GetUserHost(String &usr, String &host);
416  int AddSerialized(char opt, kXR_int32 step, String ID,
417  XrdSutBuffer *bls, XrdSutBuffer *buf,
418  kXR_int32 type, XrdCryptoCipher *cip);
420  XrdSutBucket *s1, XrdSutBucket *s2 = 0,
421  const char *tag = 0);
422 };
Definition: XrdSecProtocolpwd.hh:120
Definition: XrdSecProtocolpwd.hh:171
Definition: XrdSecProtocolpwd.hh:117
static int MaxPrompts
Definition: XrdSecProtocolpwd.hh:349
static bool SysPwd
Definition: XrdSecProtocolpwd.hh:344
Definition: XrdSecProtocolpwd.hh:152
int LastStep
Definition: XrdSecProtocolpwd.hh:264
Definition: XrdSecProtocolpwd.hh:158
static XrdSutPFCache cacheAdmin
Definition: XrdSecProtocolpwd.hh:335
static int ncrypt
Definition: XrdSecProtocolpwd.hh:328
Definition: XrdSecProtocolpwd.hh:154
kpwdErrors
Definition: XrdSecProtocolpwd.hh:150
void Print(XrdOucTrace *t)
static XrdSutPFCache cacheSrvPuk
Definition: XrdSecProtocolpwd.hh:336
Definition: XrdSecProtocolpwd.hh:127
bool srvMode
Definition: XrdSecProtocolpwd.hh:365
Definition: XrdSecProtocolpwd.hh:145
Definition: XrdSecProtocolpwd.hh:192
char * expcreds
Definition: XrdSecProtocolpwd.hh:234
Definition: XrdCryptoCipher.hh:47
Definition: XrdSecProtocolpwd.hh:285
pwdOptions()
Definition: XrdSecProtocolpwd.hh:237
Definition: XrdSecProtocolpwd.hh:84
XrdSutPFEntry * Pent
Definition: XrdSecProtocolpwd.hh:259
Definition: XrdSecProtocolpwd.hh:78
static XrdCryptoCipher * loccip[XrdCryptoMax]
Definition: XrdSecProtocolpwd.hh:331
Definition: XrdSecProtocolpwd.hh:182
Definition: XrdSecProtocolpwd.hh:162
Definition: XrdSecProtocolpwd.hh:175
Definition: XrdSecProtocolpwd.hh:86
String ID
Definition: XrdSecProtocolpwd.hh:257
virtual ~pwdOptions()
Definition: XrdSecProtocolpwd.hh:242
Definition: XrdSecProtocolpwd.hh:105
int QueryUser(int &status, String &cmsg)
static XrdOucTrace * PWDTrace
Definition: XrdSecProtocolpwd.hh:359
Definition: XrdSecProtocolpwd.hh:177
Definition: XrdSecProtocolpwd.hh:128
Definition: XrdSecProtocolpwd.hh:77
static String FileUser
Definition: XrdSecProtocolpwd.hh:316
~pwdHSVars()
Definition: XrdSecProtocolpwd.hh:277
static String FileCrypt
Definition: XrdSecProtocolpwd.hh:317
static int AutoLogin
Definition: XrdSecProtocolpwd.hh:351
int ErrS(String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
static void PrintTimeStat()
Definition: XrdSecProtocolpwd.hh:94
int AddSerialized(char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip)
#define XrdCryptoMax
Definition: XrdSecProtocolpwd.hh:59
static int cryptID[XrdCryptoMax]
Definition: XrdSecProtocolpwd.hh:329
char * cpass
Definition: XrdSecProtocolpwd.hh:230
short vericlnt
Definition: XrdSecProtocolpwd.hh:222
Definition: XrdSecInterface.hh:130
Definition: XrdSecProtocolpwd.hh:142
char * dir
Definition: XrdSecProtocolpwd.hh:228
int maxfailures
Definition: XrdSecProtocolpwd.hh:226
Definition: XrdSecProtocolpwd.hh:141
XrdSecCredentials * clientCreds
Definition: XrdSecProtocolpwd.hh:371
Definition: XrdSecProtocolpwd.hh:153
int TimeStamp
Definition: XrdSecProtocolpwd.hh:249
static String cryptName[XrdCryptoMax]
Definition: XrdSecProtocolpwd.hh:330
static bool KeepCreds
Definition: XrdSecProtocolpwd.hh:353
Definition: XrdSecProtocolpwd.hh:119
XrdCryptoCipher * Rcip
Definition: XrdSecProtocolpwd.hh:256
Definition: XrdSecProtocolpwd.hh:106
static String DefCrypto
Definition: XrdSecProtocolpwd.hh:321
Definition: XrdSecProtocolpwd.hh:140
Definition: XrdSecProtocolpwd.hh:180
static XrdSysError eDest
Definition: XrdSecProtocolpwd.hh:358
char * clist
Definition: XrdSecProtocolpwd.hh:227
static XrdCryptoCipher * refcip[XrdCryptoMax]
Definition: XrdSecProtocolpwd.hh:332
kpwdAutoreg
Definition: XrdSecProtocolpwd.hh:75
pwdStatus_t Status
Definition: XrdSecProtocolpwd.hh:261
String User
Definition: XrdSecProtocolpwd.hh:251
static XrdSutPFCache cacheUser
Definition: XrdSecProtocolpwd.hh:337
short keepcreds
Definition: XrdSecProtocolpwd.hh:233
String CryptoMod
Definition: XrdSecProtocolpwd.hh:250
pwdHSVars()
Definition: XrdSecProtocolpwd.hh:270
static String DefError
Definition: XrdSecProtocolpwd.hh:322
XrdCryptoFactory * CF
Definition: XrdSecProtocolpwd.hh:254
Definition: XrdSecProtocolpwd.hh:93
Definition: XrdSecProtocolpwd.hh:176
virtual ~XrdSecProtocolpwd()
Definition: XrdSecProtocolpwd.hh:298
Definition: XrdSecProtocolpwd.hh:70
String ErrMsg
Definition: XrdSecProtocolpwd.hh:265
static String FileSrvPuk
Definition: XrdSecProtocolpwd.hh:318
int maxprompts
Definition: XrdSecProtocolpwd.hh:225
int options
Definition: XrdSecProtocolpwd.hh:363
static int Debug
Definition: XrdSecProtocolpwd.hh:341
XrdSecCredentials * getCredentials(XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)
Definition: XrdSutBuffer.hh:43
char ctype
Definition: XrdSecProtocolpwd.hh:193
bool Tty
Definition: XrdSecProtocolpwd.hh:262
Definition: XrdSecProtocolpwd.hh:132
static int FmtExpCreds
Definition: XrdSecProtocolpwd.hh:354
Definition: XrdSutPFile.hh:121
Definition: XrdSecProtocolpwd.hh:172
int QueryNetRc(String host, String &passwd, int &status)
static XrdSutPFCache cacheAlog
Definition: XrdSecProtocolpwd.hh:338
Definition: XrdOucTrace.hh:35
static String FileExpCreds
Definition: XrdSecProtocolpwd.hh:315
Definition: XrdSysError.hh:89
Definition: XrdSecProtocolpwd.hh:166
bool CheckCreds(XrdSutBucket *creds, int credtype)
Definition: XrdSutPFCache.hh:71
short syspwd
Definition: XrdSecProtocolpwd.hh:223
Definition: XrdSecProtocolpwd.hh:170
Definition: XrdSecProtocolpwd.hh:188
XrdSutBuffer * Parms
Definition: XrdSecProtocolpwd.hh:268
static String SrvEmail
Definition: XrdSecProtocolpwd.hh:320
Definition: XrdSecProtocolpwd.hh:173
Definition: XrdSysPthread.hh:164
kpwdStatus
Definition: XrdSecProtocolpwd.hh:67
Definition: XrdSecProtocolpwd.hh:110
short alog
Definition: XrdSecProtocolpwd.hh:220
XrdOucString String
Definition: XrdSecProtocolgsi.hh:62
static String FileAdmin
Definition: XrdSecProtocolpwd.hh:314
static void ErrF(XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0)
Definition: XrdSecProtocolpwd.hh:185
Definition: XrdSecProtocolpwd.hh:144
void Delete()
Delete the protocol object. DO NOT use C++ delete() on this object.
char * udir
Definition: XrdSecProtocolpwd.hh:229
Definition: XrdSecProtocolpwd.hh:129
Definition: XrdSecProtocolpwd.hh:169
kpwdCredType
Definition: XrdSecProtocolpwd.hh:100
kpwdServerSteps
Definition: XrdSecProtocolpwd.hh:137
short areg
Definition: XrdSecProtocolpwd.hh:218
int ParseClientInput(XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg)
int ExportCreds(XrdSutBucket *creds)
Definition: XrdOucErrInfo.hh:100
Definition: XrdSecProtocolpwd.hh:164
int ParseCrypto(XrdSutBuffer *buf)
XrdSutBucket * QueryCreds(XrdSutBuffer *bm, bool netrc, int &status)
Definition: XrdSecProtocolpwd.hh:143
Definition: XrdSecProtocolpwd.hh:168
kpwdUpdate
Definition: XrdSecProtocolpwd.hh:83
String AFScell
Definition: XrdSecProtocolpwd.hh:267
kpwdCredsActions
Definition: XrdSecProtocolpwd.hh:116
kpwdClientSteps
Definition: XrdSecProtocolpwd.hh:125
Definition: XrdSecProtocolpwd.hh:155
int RemVers
Definition: XrdSecProtocolpwd.hh:253
XrdCryptoCipher * Hcip
Definition: XrdSecProtocolpwd.hh:255
int expfmt
Definition: XrdSecProtocolpwd.hh:235
Definition: XrdSecProtocolpwd.hh:133
Definition: XrdSecProtocolpwd.hh:109
Definition: XrdSecProtocolpwd.hh:146
Definition: XrdSecProtocolpwd.hh:108
char action
Definition: XrdSecProtocolpwd.hh:194
Definition: XrdSecProtocolpwd.hh:159
Definition: XrdSecProtocolpwd.hh:151
Definition: XrdSecProtocolpwd.hh:104
short mode
Definition: XrdSecProtocolpwd.hh:217
int ParseServerInput(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
short debug
Definition: XrdSecProtocolpwd.hh:216
static XrdSutPFile PFAdmin
Definition: XrdSecProtocolpwd.hh:323
Definition: XrdSecProtocolpwd.hh:174
XrdSecCredentials * ErrC(XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
Definition: XrdSecProtocolpwd.hh:186
Definition: XrdSecProtocolpwd.hh:157
Definition: XrdSecProtocolpwd.hh:85
int QueryCrypt(String &fn, String &pwhash)
char CName[256]
Definition: XrdSecProtocolpwd.hh:364
int Step
Definition: XrdSecProtocolpwd.hh:263
int Authenticate(XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)
Definition: XrdNetAddrInfo.hh:53
static XrdSysLogger Logger
Definition: XrdSecProtocolpwd.hh:357
Definition: XrdSecProtocolpwd.hh:187
Definition: XrdSysLogger.hh:52
kpwdCredsInput
Definition: XrdSecProtocolpwd.hh:91
int lifecreds
Definition: XrdSecProtocolpwd.hh:224
short upwd
Definition: XrdSecProtocolpwd.hh:219
int SaveCreds(XrdSutBucket *creds)
static int VeriSrv
Definition: XrdSecProtocolpwd.hh:346
bool RtagOK
Definition: XrdSecProtocolpwd.hh:260
Definition: XrdSecProtocolpwd.hh:246
Definition: XrdSecProtocolpwd.hh:156
bool CheckTimeStamp(XrdSutBuffer *b, int skew, String &emsg)
int SysPwd
Definition: XrdSecProtocolpwd.hh:266
Definition: XrdSecProtocolpwd.hh:184
Definition: XrdSecProtocolpwd.hh:68
Definition: XrdSecProtocolpwd.hh:183
static int VeriClnt
Definition: XrdSecProtocolpwd.hh:345
short options
Definition: XrdSecProtocolpwd.hh:195
int GetUserHost(String &usr, String &host)
#define SafeDelete(x)
Definition: XrdSecProtocolpwd.hh:208
Definition: XrdSecProtocolpwd.hh:111
static XrdSysMutex pwdContext
Definition: XrdSecProtocolpwd.hh:313
Definition: XrdSecProtocolpwd.hh:92
Definition: XrdSecProtocolpwd.hh:69
Definition: XrdSecProtocolpwd.hh:107
Definition: XrdSutPFEntry.hh:78
Definition: XrdSecProtocolpwd.hh:138
Definition: XrdSecProtocolpwd.hh:165
Definition: XrdSutBucket.hh:43
static String SrvID
Definition: XrdSecProtocolpwd.hh:319
Definition: XrdSecProtocolpwd.hh:181
pwdHSVars * hs
Definition: XrdSecProtocolpwd.hh:368
int kXR_int32
Definition: XPtypes.hh:89
static int AutoReg
Definition: XrdSecProtocolpwd.hh:347
char * alogfile
Definition: XrdSecProtocolpwd.hh:231
Definition: XrdSecProtocolpwd.hh:160
Definition: XrdCryptoFactory.hh:121
Definition: XrdSecProtocolpwd.hh:214
static XrdSutPFile PFSrvPuk
Definition: XrdSecProtocolpwd.hh:325
Definition: XrdSecProtocolpwd.hh:118
int Iter
Definition: XrdSecProtocolpwd.hh:248
Definition: XrdSecProtocolpwd.hh:139
Definition: XrdSecProtocolpwd.hh:179
Definition: XrdSecProtocolpwd.hh:121
XrdSutPFEntry * Cref
Definition: XrdSecProtocolpwd.hh:258
short verisrv
Definition: XrdSecProtocolpwd.hh:221
Definition: XrdSecProtocolpwd.hh:178
Definition: XrdSecProtocolpwd.hh:102
String Tag
Definition: XrdSecProtocolpwd.hh:252
bool CheckCredsAFS(XrdSutBucket *creds, int ctype)
static XrdOucTrace * EnableTracing()
Generic structure to pass security information back and forth.
Definition: XrdSecInterface.hh:50
Definition: XrdSecProtocolpwd.hh:76
static int UserPwd
Definition: XrdSecProtocolpwd.hh:343
Definition: XrdSecProtocolpwd.hh:161
Definition: XrdSecProtocolpwd.hh:103
static int MaxFailures
Definition: XrdSecProtocolpwd.hh:350
Definition: XrdSecProtocolpwd.hh:95
Definition: XrdSecProtocolpwd.hh:101
char * srvpuk
Definition: XrdSecProtocolpwd.hh:232
bool CheckRtag(XrdSutBuffer *bm, String &emsg)
XrdSecProtocolpwd(int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0)
Definition: XrdSecProtocolpwd.hh:167
Definition: XrdSecProtocolpwd.hh:131
Definition: XrdOucString.hh:254
Definition: XrdSecProtocolpwd.hh:126
static bool Server
Definition: XrdSecProtocolpwd.hh:342
static int LifeCreds
Definition: XrdSecProtocolpwd.hh:348
static char * Init(pwdOptions o, XrdOucErrInfo *erp)
Definition: XrdSecProtocolpwd.hh:163
static int TimeSkew
Definition: XrdSecProtocolpwd.hh:352
static XrdSutPFile PFAlog
Definition: XrdSecProtocolpwd.hh:324
int DoubleHash(XrdCryptoFactory *cf, XrdSutBucket *bck, XrdSutBucket *s1, XrdSutBucket *s2=0, const char *tag=0)
Definition: XrdSecProtocolpwd.hh:130
XrdNetAddrInfo epAddr
Definition: XrdSecProtocolpwd.hh:362