![]() |
XRootD
|
#include <XrdSecProtocolgsi.hh>
Public Member Functions | |
XrdSecProtocolgsi (int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0) | |
virtual | ~XrdSecProtocolgsi () |
int | Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0) |
int | Decrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
void | Delete () |
Delete the protocol object. DO NOT use C++ delete() on this object. More... | |
int | Encrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
XrdSecCredentials * | getCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0) |
int | getKey (char *kbuf=0, int klen=0) |
int | setKey (char *kbuf, int klen) |
int | Sign (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
int | Verify (const char *inbuf, int inlen, const char *sigbuf, int siglen) |
![]() | |
XrdSecProtocol (const char *pName) | |
Constructor. More... | |
virtual bool | needTLS () |
Check if this protocol requires TLS to properly function. More... | |
Static Public Member Functions | |
static XrdOucTrace * | EnableTracing () |
static char * | Init (gsiOptions o, XrdOucErrInfo *erp) |
Friends | |
class | gsiHSVars |
class | gsiOptions |
Additional Inherited Members | |
![]() | |
XrdSecEntity | Entity |
![]() | |
virtual | ~XrdSecProtocol () |
Destructor (prevents use of direct delete). More... | |
Definition at line 280 of file XrdSecProtocolgsi.hh.
XrdSecProtocolgsi::XrdSecProtocolgsi | ( | int | opts, |
const char * | hname, | ||
XrdNetAddrInfo & | endPoint, | ||
const char * | parms = 0 |
||
) |
Definition at line 293 of file XrdSecProtocolgsi.cc.
References XrdSecEntity::addrInfo, XrdOucString::c_str(), DEBUG, XrdSecProtocol::Entity, EPNAME, XrdNetAddrInfo::fmtName, XrdNetAddrInfo::Format(), gsiHSVars, XrdSecEntity::host, XrdOucString::insert(), XrdNetAddrInfo::isHostName(), XrdOucString::length(), XrdNetAddrInfo::Name(), XrdNetAddrInfo::noPort, opts, gsiHSVars::Parms, PRINT, QTRACE, XrdNetAddr::Set(), gsiHSVars::TimeStamp, gsiHSVars::Tty, Version, XrdSecPROTOIDENT, and XrdSecPROTOIDLEN.
|
inlinevirtual |
Definition at line 294 of file XrdSecProtocolgsi.hh.
|
virtual |
Authenticate a client.
cred | Credentials supplied by the client. |
parms | Place where the address of additional authentication data is to be placed for another autrhentication handshake. |
einfo | The error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr. |
Implements XrdSecProtocol.
Definition at line 1748 of file XrdSecProtocolgsi.cc.
References XrdSecEntityAttr::Add(), XrdSutBuffer::AddBucket(), AuthzFunCheck(), XrdSutCacheEntryBuf::buf, XrdSutCacheEntry::buf1, XrdSutCacheEntry::buf2, XrdSecBuffer::buffer, XrdOucString::c_str(), gsiHSVars::Cbck, gsiHSVars::Chain, ClientStepStr(), XrdSutCacheEntry::cnt, XrdSecEntity::creds, XrdSecEntity::credslen, CryptList, XrdSutBuffer::Deactivate(), DEBUG, XrdSutBuffer::Dump(), XrdSecEntity::eaAPI, XrdCryptoX509Chain::EEChash(), XrdCryptoX509Chain::EECname(), XrdCryptoRSA::EncryptPrivate(), XrdCryptoX509Chain::End(), XrdSecEntity::endorsements, XrdSecProtocol::Entity, EPNAME, XrdOucString::erase(), XrdCryptoX509::Export(), XrdOucString::find(), XrdOucString::form(), XrdSutCache::Get(), XrdSutBuffer::GetBucket(), XrdSutBuffer::GetProtocol(), XrdSutBuffer::GetStep(), XrdSecEntity::grps, gsiHSVars::ID, kCE_disabled, kCE_ok, kGSErrAddBucket, kGSErrBadOpt, kGSErrBadProtocol, kGSErrBadRndmTag, kGSErrDecodeBuffer, kGSErrError, kGSErrExportPuK, kGSErrNoPublic, kGSErrParseBuffer, kGSErrSerialBuffer, kgST_error, kgST_more, kgST_ok, kXGC_cert, kXGC_certreq, kXGC_sigpxy, kXGS_cert, kXGS_none, kXGS_pxyreq, kXRS_cipher, kXRS_cipher_alg, kXRS_main, kXRS_md_alg, kXRS_message, kXRS_puk, kXRS_user, XrdSutCacheEntryBuf::len, XrdOucString::length(), XrdSecEntity::moninfo, XrdSutCacheEntry::mtime, XrdSecEntity::name, XrdCryptoX509::NotAfter(), NOTIFY, gsiHSVars::Options, PRINT, XrdSecEntity::prot, XrdCryptoCipher::Public(), gsiHSVars::PxyChain, QTRACE, gsiHSVars::Rcip, REL2, gsiHSVars::RemVers, XrdSecEntity::role, XrdSutCacheEntry::rwmtx, SafeDelArray, SafeDelete, SafeFree, XrdSutBuffer::Serialized(), ServerStepStr(), XrdSutCERef::Set(), XrdSecBuffer::size, XrdSutCacheEntry::status, STR_NPOS, XrdSecEntity::tident, gsiHSVars::TimeStamp, XrdOucString::tokenize(), XrdSutBucket::ToString(), XrdSutCERef::UnLock(), XrdSecEntity::vorg, XrdCryptoFactory::X509ExportChain(), XrdSecgsiVersDHsigned, XrdSecPROTOIDENT, XrdSecPROTOIDLEN, and XrdSutBuckStr().
|
virtual |
Decrypt data in inbuff using the session key.
inbuff | buffer holding data to be decrypted. |
inlen | length of the data. |
outbuff | place where a pointer to the decrypted data is placed. |
Reimplemented from XrdSecProtocol.
Definition at line 1151 of file XrdSecProtocolgsi.cc.
References DEBUG, XrdCryptoCipher::DecOutLength(), XrdCryptoCipher::Decrypt(), EPNAME, XrdCryptoCipher::MaxIVLength(), SafeFree, and XrdCryptoCipher::SetIV().
|
virtual |
Delete the protocol object. DO NOT use C++ delete() on this object.
Implements XrdSecProtocol.
Definition at line 1058 of file XrdSecProtocolgsi.cc.
References XrdSecEntity::caps, XrdCryptoX509Chain::Cleanup(), XrdSecEntity::creds, XrdSecEntity::credslen, XrdSecEntity::endorsements, XrdSecProtocol::Entity, XrdSecEntity::grps, XrdSecEntity::host, XrdSecEntity::moninfo, XrdSecEntity::name, XrdSecEntity::role, SafeDelete, SafeFree, and XrdSecEntity::vorg.
|
static |
Definition at line 2276 of file XrdSecProtocolgsi.cc.
References eDest, XrdGlobal::Logger, and XrdSysError::logger().
Referenced by XrdSecProtocolgsiInit().
|
virtual |
Encrypt data in inbuff using the session key.
inbuff | buffer holding data to be encrypted. |
inlen | length of the data. |
outbuff | place where a pointer to the encrypted data is placed. |
Reimplemented from XrdSecProtocol.
Definition at line 1096 of file XrdSecProtocolgsi.cc.
References DEBUG, XrdCryptoCipher::EncOutLength(), XrdCryptoCipher::Encrypt(), EPNAME, XrdCryptoCipher::RefreshIV(), and SafeFree.
|
virtual |
Generate client credentials to be used in the authentication process.
parm | Pointer to the information returned by the server either in the initial login response or the authmore response. |
einfo | The error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr. |
Implements XrdSecProtocol.
Definition at line 1411 of file XrdSecProtocolgsi.cc.
References XrdSutBuffer::AddBucket(), XrdCryptoX509Chain::Begin(), XrdSecBuffer::buffer, XrdSutBucket::buffer, XrdOucString::c_str(), gsiHSVars::Cbck, ClientStepStr(), CryptoMod, gsiHSVars::CryptoMod, DEBUG, XrdSutBuffer::Dump(), XrdCryptoRSA::EncryptPrivate(), XrdSecProtocol::Entity, EPNAME, XrdCryptoRSA::ExportPublic(), XrdOucString::form(), XrdOucEnv::Get(), XrdOucErrInfo::getEnv(), XrdSutBuffer::GetProtocol(), XrdSutBuffer::GetStep(), gNoPadTag, gsiHSVars::HasPad, gsiHSVars::ID, XrdCryptoX509::IssuerHash(), gsiHSVars::Iter, XrdCryptoX509::kCA, kGSErrAddBucket, kGSErrBadOpt, kGSErrBadProtocol, kGSErrBadRndmTag, kGSErrCreateBucket, kGSErrDecodeBuffer, kGSErrError, kGSErrExportPuK, kGSErrNoBuffer, kGSErrNoCipher, kGSErrNoPublic, kGSErrParseBuffer, kGSErrSerialBuffer, kXGC_cert, kXGC_certreq, kXGC_none, kXGC_sigpxy, kXGS_cert, kXGS_init, kXGS_pxyreq, kXRS_cipher, kXRS_clnt_opts, kXRS_cryptomod, kXRS_issuer_hash, kXRS_main, kXRS_message, kXRS_puk, kXRS_user, kXRS_version, XrdOucString::length(), XrdSutBuffer::MarshalBucket(), XrdSecEntity::name, XrdCryptoX509Chain::Next(), NOTIFY, gsiHSVars::Options, gsiHSVars::Parms, XrdCryptoCipher::Public(), gsiHSVars::PxyChain, QTRACE, REL2, gsiHSVars::RemVers, XrdSutBuffer::Serialized(), ServerStepStr(), XrdSutBuffer::SetStep(), XrdSecBuffer::size, XrdSutBucket::size, XrdCryptoX509::SubjectHash(), gsiHSVars::TimeStamp, XrdCryptoX509::type, XrdSutBuffer::UpdateBucket(), Version, XrdCryptoFactory::X509ExportChain(), XrdSecgsiVersDHsigned, XrdSecPROTOIDENT, and XrdSutBuckStr().
|
virtual |
Get the current encryption key (i.e. session key)
buff | buffer to hold the key, and may be null. |
size | size of the buffer. |
Reimplemented from XrdSecProtocol.
Definition at line 1311 of file XrdSecProtocolgsi.cc.
References XrdCryptoCipher::AsBucket(), XrdSutBucket::buffer, DEBUG, EPNAME, and XrdSutBucket::size.
|
static |
Definition at line 406 of file XrdSecProtocolgsi.cc.
References access(), gsiOptions::authzcall, gsiOptions::authzfun, gsiOptions::authzfunparms, gsiOptions::authzpxy, gsiOptions::authzto, gsiOptions::bits, XrdOucString::c_str(), gsiOptions::ca, CAdir, gsiOptions::cert, gsiOptions::certdir, XrdCryptoFactory::Cipher(), gsiOptions::cipher, gsiOptions::clist, gsiOptions::createpxy, gsiOptions::crl, CRLdir, gsiOptions::crldir, gsiOptions::crlext, gsiOptions::crlrefresh, cryptoTRACE_Debug, cryptoTRACE_Dump, cryptoTRACE_Notify, DEBUG, Macaroons::Debug, gsiOptions::debug, DefCrypto, gsiOptions::deplen, gsiOptions::dlgpxy, eDest, XrdOucString::endswith(), EPNAME, XrdOucString::erase(), gsiOptions::exppxy, XrdCryptoFactory::GetCryptoFactory(), XrdOucErrInfo::getErrText(), gsiOptions::gmapfun, gsiOptions::gmapfunparms, gsiOptions::gmapto, gNoPadTag, gsiOptions::gridmap, gsiTrace, gUsrPxyDef, gsiOptions::hashcomp, XrdCryptoFactory::HasPaddingSupport(), XrdCryptoFactory::ID(), if(), XrdOucString::insert(), gsiOptions::key, kGSErrError, kGSErrInit, kOptsCreatePxy, kOptsDlgPxy, kOptsFwdPxy, kOptsPxCred, kOptsPxFile, kOptsSigReq, kOptsSrvReq, XrdOucString::length(), gsiOptions::md, gsiOptions::mode, gsiOptions::moninfo, XrdCryptoFactory::Name(), ncrypt, XrdCryptoFactory::Notify(), NOTIFY, XrdSutCache::Num(), gsiOptions::ogmap, PRINT, gsiOptions::proxy, XrdCryptoFactory::SetTrace(), gsiOptions::showDN, gsiOptions::srvnames, stat(), sutTRACE_Debug, sutTRACE_Dump, sutTRACE_Notify, XrdOucString::tokenize(), TRACE, TRACE_ALL, TRACE_Authen, TRACE_Debug, gsiOptions::trustdns, XrdSutCERef::UnLock(), gsiOptions::valid, Version, gsiOptions::vomsat, gsiOptions::vomsfun, gsiOptions::vomsfunparms, XrdOucTrace::What, XrdCryptoMax, XrdCryptoSetTrace(), XrdOucgetGMap(), XrdSutExpand(), XrdSutHome(), and XrdSutSetTrace().
Referenced by XrdSecProtocolgsiInit().
|
virtual |
Set the current encryption key
buff | buffer that holds the key. |
size | size of the key. |
Reimplemented from XrdSecProtocol.
Definition at line 1357 of file XrdSecProtocolgsi.cc.
References XrdCryptoFactory::Cipher(), DEBUG, EPNAME, SafeDelete, and XrdSutBucket::SetBuf().
|
virtual |
Sign data in inbuff using the session key.
inbuff | buffer holding data to be signed. |
inlen | length of the data. |
outbuff | place where a pointer to the signature is placed. |
Reimplemented from XrdSecProtocol.
Definition at line 1201 of file XrdSecProtocolgsi.cc.
References XrdCryptoBasic::Buffer(), DEBUG, XrdCryptoRSA::EncryptPrivate(), EPNAME, XrdCryptoMsgDigest::Final(), XrdCryptoRSA::GetOutlen(), XrdCryptoBasic::Length(), XrdCryptoMsgDigest::Reset(), SafeFree, and XrdCryptoMsgDigest::Update().
|
virtual |
Verify a signature using the session key.
inbuff | buffer holding data to be verified. |
inlen | length of the data. |
sigbuff | pointer to the signature data. |
siglen | length of the signature data. |
Reimplemented from XrdSecProtocol.
Definition at line 1252 of file XrdSecProtocolgsi.cc.
References XrdCryptoBasic::Buffer(), DEBUG, XrdCryptoRSA::DecryptPublic(), EPNAME, XrdCryptoMsgDigest::Final(), XrdCryptoRSA::GetOutlen(), XrdCryptoBasic::Length(), XrdCryptoMsgDigest::Reset(), and XrdCryptoMsgDigest::Update().
|
friend |
Definition at line 283 of file XrdSecProtocolgsi.hh.
Referenced by XrdSecProtocolgsi().
|
friend |
Definition at line 282 of file XrdSecProtocolgsi.hh.