![]() |
XRootD
|
Public Member Functions | |
XrdAccSciTokens (XrdSysLogger *lp, const char *parms, XrdAccAuthorize *chain, XrdOucEnv *envP) | |
virtual | ~XrdAccSciTokens () |
virtual XrdAccPrivs | Access (const XrdSecEntity *Entity, const char *path, const Access_Operation oper, XrdOucEnv *env) override |
virtual int | Audit (const int accok, const XrdSecEntity *Entity, const char *path, const Access_Operation oper, XrdOucEnv *Env=0) override |
std::string | GetConfigFile () |
virtual Issuers | IssuerList () override |
virtual int | Test (const XrdAccPrivs priv, const Access_Operation oper) override |
virtual bool | Validate (const char *token, std::string &emsg, long long *expT, XrdSecEntity *Entity) override |
![]() | |
XrdAccAuthorize () | |
Constructor. More... | |
virtual | ~XrdAccAuthorize () |
Destructor. More... | |
![]() | |
XrdSciTokensHelper () | |
Constructor and Destructor. More... | |
virtual | ~XrdSciTokensHelper () |
![]() | |
XrdSciTokensMon () | |
~XrdSciTokensMon () | |
bool | Mon_isIO (const Access_Operation oper) |
void | Mon_Report (const XrdSecEntity &Entity, const std::string &subject, const std::string &username) |
Additional Inherited Members | |
![]() | |
typedef std::vector< ValidIssuer > | Issuers |
Definition at line 436 of file XrdSciTokensAccess.cc.
|
inline |
Definition at line 447 of file XrdSciTokensAccess.cc.
References XrdProxy::envP, and XrdSysError::Say().
|
inlinevirtual |
Definition at line 461 of file XrdSciTokensAccess.cc.
|
inlineoverridevirtual |
Check whether or not the client is permitted specified access to a path.
Entity | -> Authentication information |
path | -> The logical path which is the target of oper |
oper | -> The operation being attempted (see the enum above). If the oper is AOP_Any, then the actual privileges are returned and the caller may make subsequent tests using Test(). |
Env | -> Environmental information at the time of the operation as supplied by the path CGI string. This is optional and the pointer may be zero. |
Implements XrdAccAuthorize.
Definition at line 467 of file XrdSciTokensAccess.cc.
References XrdSecEntityAttr::Add(), XrdSecEntity::addrInfo, AuthorizesRequiredIssuers(), Capability, XrdSecEntity::creds, XrdSecEntity::credslen, Macaroons::Debug, XrdSecEntity::eaAPI, XrdSysError::getMsgMask(), Group, XrdSecEntity::grps, XrdSysError::Log(), Mapping, XrdSciTokensMon::Mon_isIO(), XrdSciTokensMon::Mon_Report(), XrdSecEntity::prot, XrdSecEntity::role, XrdSecEntity::secMon, XrdSecEntity::vorg, Warning, and XrdAccPriv_None.
|
inlineoverridevirtual |
Route an audit message to the appropriate audit exit routine. See XrdAccAudit.h for more information on how the default implementation works. Currently, this method is not called by the ofs but should be used by the implementation to record denials or grants, as warranted.
accok | -> True is access was grated; false otherwise. |
Entity | -> Authentication information |
path | -> The logical path which is the target of oper |
oper | -> The operation being attempted (see above) |
Env | -> Environmental information at the time of the operation as supplied by the path CGI string. This is optional and the pointer may be zero. |
Implements XrdAccAuthorize.
Definition at line 732 of file XrdSciTokensAccess.cc.
|
inline |
Definition at line 747 of file XrdSciTokensAccess.cc.
|
inlineoverridevirtual |
Implements XrdSciTokensHelper.
Definition at line 665 of file XrdSciTokensAccess.cc.
References XrdSciTokensHelper::ValidIssuer::issuer_name, and XrdSciTokensHelper::ValidIssuer::issuer_url.
|
inlineoverridevirtual |
Check whether the specified operation is permitted.
priv | -> the privileges as returned by Access(). |
oper | -> The operation being attempted (see above) |
Implements XrdAccAuthorize.
Definition at line 741 of file XrdSciTokensAccess.cc.
References XrdAccAuthorize::Test().
|
inlineoverridevirtual |
Validate a scitoken.
token | - Pointer to the token to validate. |
emsg | - Reference to a string to hold the reason for rejection |
expT | - Pointer to where the expiry value is to be placed. If nill, the value is not returned. |
entP | - Pointer to the SecEntity object and when not nil requests that it be filled with any identifying information in the token. The caller assumes that all supplied fields may be released by calling free(). |
Implements XrdSciTokensHelper.
Definition at line 686 of file XrdSciTokensAccess.cc.
References emsg(), XrdSysError::Log(), XrdSecEntity::name, and Warning.