65 #define XrdSecPROTOIDENT "gsi"
66 #define XrdSecPROTOIDLEN sizeof(XrdSecPROTOIDENT)
67 #define XrdSecgsiVERSION 10600
68 #define XrdSecNOIPCHK 0x0001
69 #define XrdSecDEBUG 0x1000
70 #define XrdCryptoMax 10
72 #define kMAXBUFLEN 1024
75 #define XrdSecgsiVersDHsigned 10400
77 #define XrdSecgsiVersCertKey 10600
150 #define REL1(x) { if (x) delete x; }
151 #define REL2(x,y) { if (x) delete x; if (y) delete y; }
152 #define REL3(x,y,z) { if (x) delete x; if (y) delete y; if (z) delete z; }
154 #define SafeDelete(x) { if (x) {delete x ; x = 0;} }
155 #define SafeDelArray(x) { if (x) {delete [] x ; x = 0;} }
156 #define SafeFree(x) { if (x) {free(x) ; x = 0;} }
159 typedef char *(*XrdSecgsiGMAP_t)(
const char *, int);
259 char k[40]; snprintf(k, 40,
"%p",
static_cast<void*
>(t));
261 if (!stack.Find(k)) stack.Add(k, t, 0,
Hash_count);
266 char k[40]; snprintf(k, 40,
"%p",
static_cast<void*
>(t));
293 const char *parms = 0);
302 int Encrypt(
const char *inbuf,
int inlen,
304 int Decrypt(
const char *inbuf,
int inlen,
307 int Sign(
const char *inbuf,
int inlen,
309 int Verify(
const char *inbuf,
int inlen,
310 const char *sigbuf,
int siglen);
313 int getKey(
char *kbuf=0,
int klen=0);
315 int setKey(
char *kbuf,
int klen);
334 static int DepLength;
338 static int CRLDownload;
339 static int CRLRefresh;
346 static bool GMAPuseDNname;
347 static int GMAPCacheTimeOut;
351 static int AuthzCertFmt;
352 static int AuthzCacheTimeOut;
353 static int PxyReqOpts;
354 static int AuthzPxyWhat;
355 static int AuthzPxyWhere;
356 static int AuthzAlways;
357 static String SrvAllowedNames;
358 static int VOMSAttrOpt;
360 static int VOMSCertFmt;
361 static int MonInfoOpt;
362 static bool HashCompatibility;
363 static bool TrustDNS;
385 static std::unique_ptr<GSIStack<XrdCryptoX509Crl>> stackCRL;
388 static time_t lastGMAPCheck;
442 int ParseCAlist(
String calist);
445 static int GetCA(
const char *cahash,
447 static String GetCApath(
const char *cahash);
451 bool ServerCertNameOK(
const char *subject,
const char *hname,
String &e);
454 time_t timestamp,
String &cal);
461 static int QueryProxy(
bool checkcache,
XrdSutCache *cache,
const char *tag,
469 const char *msg1,
const char *msg2 = 0,
470 const char *msg3 = 0);
474 const char *msg2 = 0,
const char *msg3 = 0);
478 const char *msg2 = 0,
const char *msg3 = 0);
492 LoadGMAPFun(
const char *plugin,
const char *parms);
494 LoadAuthzFun(
const char *plugin,
const char *parms,
int &fmt);
496 LoadVOMSFun(
const char *plugin,
const char *parms,
int &fmt);
541 if (
Crl &&
bool( XrdSecProtocolgsi::stackCRL ) ) {
544 XrdSecProtocolgsi::stackCRL->Del(
Crl);
static XrdSysError eDest(0,"crypto_")
#define XrdCryptoDefRSABits
int(* XrdSecgsiAuthz_t)(XrdSecEntity &)
XrdCryptogsiX509Chain X509Chain
XrdSecgsiAuthz_t XrdSecgsiVOMS_t
int(* XrdSecgsiAuthzKey_t)(XrdSecEntity &, char **)
int(* XrdSecgsiAuthzInit_t)(const char *)
char *(* XrdSecgsiGMAP_t)(const char *, int)
XrdSecgsiAuthzInit_t XrdSecgsiVOMSInit_t
int emsg(int rc, char *msg)
void Cleanup(bool keepCA=0)
static XrdOucTrace * EnableTracing()
int Authenticate(XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)
int Verify(const char *inbuf, int inlen, const char *sigbuf, int siglen)
virtual ~XrdSecProtocolgsi()
XrdSecProtocolgsi(int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0)
int Decrypt(const char *inbuf, int inlen, XrdSecBuffer **outbuf)
int Encrypt(const char *inbuf, int inlen, XrdSecBuffer **outbuf)
void Delete()
Delete the protocol object. DO NOT use C++ delete() on this object.
static char * Init(gsiOptions o, XrdOucErrInfo *erp)
XrdSecCredentials * getCredentials(XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)
int getKey(char *kbuf=0, int klen=0)
int Sign(const char *inbuf, int inlen, XrdSecBuffer **outbuf)
int setKey(char *kbuf, int klen)
void Dump(XrdSecProtocolgsi *p=0)
void Print(XrdOucTrace *t)
Generic structure to pass security information back and forth.