#include <XrdSecServer.hh>
Definition at line 45 of file XrdSecServer.hh.
◆ XrdSecServer()
◆ ~XrdSecServer()
XrdSecServer::~XrdSecServer |
( |
| ) |
|
|
inline |
◆ Configure()
int XrdSecServer::Configure |
( |
const char * |
cfn | ) |
|
Definition at line 441 of file XrdSecServer.cc.
454 const char *lName =
"none", *rName =
"none";
460 eDest.
Say(
"++++++ Authentication system initialization started.");
464 NoGo = ConfigFile(cfn);
468 if (pinInfo && !NoGo)
471 secEntityPin = secPin;
472 if (!secPin)
return 1;
481 var = (NoGo > 0 ? (
char *)
"failed." : (
char *)
"completed.");
482 eDest.
Say(
"------ Authentication system initialization ", var);
490 eDest.
Say(
"++++++ Protection system initialization started.");
494 if (lclParms.level > rmtParms.level)
495 eDest.
Say(
"Config warning: local protection level greater than "
496 "remote level; are you sure?");
502 {eDest.
Say(
"Config warning: Security level is set to none; "
503 "request protection disabled!");
506 || !(protObj->
Config(lclParms, rmtParms, *eDest.
logger()))) NoGo = 1;
507 else {lName = protObj->
LName(lclParms.level);
508 rName = protObj->
LName(rmtParms.level);
515 {eDest.
Say(
"Config ",
"Local protection level: ",
516 (lclParms.opts & isRlx ?
"relaxed " : 0), lName,
517 (lclParms.opts & isFrc ?
" force" : 0));
518 eDest.
Say(
"Config ",
"Remote protection level: ",
519 (rmtParms.opts & isRlx ?
"relaxed " : 0), rName,
520 (rmtParms.opts & isFrc ?
" force" : 0));
525 var = (NoGo > 0 ? (
char *)
"failed." : (
char *)
"completed.");
526 eDest.
Say(
"------ Protection system initialization ", var);
XrdSecProtector * XrdSecLoadProtection(XrdSysError &erP)
static int Export(const char *Var, const char *Val)
static const int relax
relax old clients
static const int force
Allow unencryted hash.
virtual bool Config(const XrdSecProtectParms &lclParms, const XrdSecProtectParms &rmtParms, XrdSysLogger &logr)
virtual const char * LName(XrdSecProtectParms::secLevel level)
void Say(const char *text1, const char *text2=0, const char *txt3=0, const char *text4=0, const char *text5=0, const char *txt6=0)
XrdSysLogger * logger(XrdSysLogger *lp=0)
References XrdSecProtector::Config(), XrdOucEnv::Export(), XrdSecProtectParms::force, XrdSecProtector::LName(), XrdSysError::logger(), XrdSecProtectParms::relax, XrdSysError::Say(), XrdSecProtectParms::secNone, and XrdSecLoadProtection().
Referenced by XrdSecgetService().
◆ getParms()
const char * XrdSecServer::getParms |
( |
int & |
size, |
|
|
XrdNetAddrInfo * |
endPoint = 0 |
|
) |
| |
|
virtual |
Obtain security parameters to be sent to the client upon initial contact.
- Parameters
-
size | Where the length of the return parameters are to be placed. |
endPoint | The client's address information. It may also be a null pointer if the client's host is immaterial. |
- Returns
- EITHER The address of the parameter string (which may be host-specific if hname was supplied). The length of the string must be returned in size parameter. OR A null pointer if authentication need not occur for the client. The size parameter should be set to zero as well.
Implements XrdSecService.
Definition at line 317 of file XrdSecServer.cc.
325 if (!endPoint || !bpFirst) bp = 0;
326 else {
const char *hname = endPoint->
Name(
"*unknown*");
328 do {
if (bp->
Match(hname))
break;}
while((bp = bp->
next));
340 if (!bp) bp = bpDefault;
347 DEBUG(buff <<
" sectoken=''");
349 return (
const char *)0;
static const int noPort
Do not add port number.
int Format(char *bAddr, int bLen, fmtUse fmtType=fmtAuto, int fmtOpts=0)
@ fmtAuto
Hostname if already resolved o/w use fmtAddr.
const char * Name(const char *eName=0, const char **eText=0)
int Match(const char *hname)
XrdSecParameters SecToken
char * buffer
Pointer to the buffer.
int size
Size of the buffer or length of data in the buffer.
References XrdSecBuffer::buffer, DEBUG, Macaroons::Debug, EPNAME, XrdNetAddrInfo::fmtAuto, XrdNetAddrInfo::Format(), XrdSecProtBind::Match(), XrdNetAddrInfo::Name(), XrdSecProtBind::next, XrdNetAddrInfo::noPort, QTRACE, XrdSecProtBind::SecToken, and XrdSecBuffer::size.
◆ getProtocol()
Obtain a protocol object suitable for authentication based on cred and possibly based on the hostname or host address, as needed.
- Parameters
-
host | The client's host name or the IP address as text. An IP may be supplied if the host address is not resolvable or resolution has been suppressed (i.e. nodnr). Use endPoint to get the hostname if it's actually needed. |
endPoint | the XrdNetAddrInfo object describing the client end-point. |
cred | The initial credentials supplied by the client, the pointer may be null if the client did not supply credentials. |
einfo | The structure to record any error messages. These are normally sent to the client. |
- Returns
- Success: Address of protocol object to be used for authentication. If cred was null, a host protocol object shouldpo be returned if so allowed. Failure: Null, no protocol can be returned. The einfo parameter, if supplied, has the reason.
Implements XrdSecService.
Definition at line 356 of file XrdSecServer.cc.
369 if (!cred) {myCreds.
buffer=(
char *)
"host"; myCreds.
size = 4; cred=&myCreds;}
371 {einfo.
setErrInfo(EACCES,
"No authentication credentials supplied.");
380 {
if (bpFirst && (bp = bpFirst->
Find(host))
383 msgv[1] =
" not allowed to authenticate using ";
385 msgv[3] =
" protocol.";
390 else {msgv[0] = cred->
buffer;
391 msgv[1] =
" security protocol is not supported.";
400 return PManager.
Get(host, endPoint, cred->
buffer, &einfo);
int setErrInfo(int code, const char *emsg)
XrdSecPMask_t Find(const char *pid, char **parg=0)
XrdSecProtocol * Get(const char *hname, XrdNetAddrInfo &endPoint, const char *pname, XrdOucErrInfo *erp)
XrdSecProtBind * Find(const char *hname)
Generic structure to pass security information back and forth.
References XrdSecBuffer::buffer, XrdSecProtBind::Find(), XrdSecPManager::Find(), XrdSecPManager::Get(), XrdOucErrInfo::setErrInfo(), XrdSecBuffer::size, and XrdSecProtBind::ValidProts.
◆ PostProcess()
Post process a fully authenticated XrdSecEntity object.
- Parameters
-
entity | The fully authenticated entity object. |
einfo | The structure to record any error messages. These are normally sent to the client. If einfo is a null pointer, the messages should be sent to standard error via an XrdSysError object using the supplied XrdSysLogger when the the plugin was initialized. |
- Returns
- Success: True should be returned. Failure: False should be returned and the einfo object should hold the reason. In this case the authentication fails.
Reimplemented from XrdSecService.
Definition at line 407 of file XrdSecServer.cc.
411 if (secEntityPin && !secEntityPin->Process(entity, einfo))
const char * getErrText()
References EAUTH, XrdOucErrInfo::getErrText(), and XrdOucErrInfo::setErrInfo().
◆ protTLS()
const char* XrdSecServer::protTLS |
( |
| ) |
|
|
inlinevirtual |
The documentation for this class was generated from the following files: