47 const char *TraceID =
"Security";
56 bool XrdHttpProtocol::InitSecurity() {
61 eDest.
Say(
"Error instantiating crypto factory ssl",
"");
73 eDest.
Say(
"Error loading grid map file:", gridmap);
76 TRACE(ALL,
"using grid map file: "<< gridmap);
96 XrdHttpProtocol::HandleAuthentication(
XrdLink* lp)
98 EPNAME(
"HandleAuthentication");
99 int rc_ssl = SSL_get_verify_result(ssl);
102 TRACEI(
DEBUG,
" SSL_get_verify_result returned :" << rc_ssl);
106 XrdTlsPeerCerts pc(SSL_get_peer_certificate(ssl),SSL_get_peer_cert_chain(ssl));
109 if ((!pc.hasCert()) ||
110 (myCryptoFactory && !myCryptoFactory->X509ParseStack()(&pc, &chain))) {
111 TRACEI(
DEBUG,
"No certificate found in peer chain.");
118 const char * dn = chain.
EECname();
119 const char * eechash = chain.
EEChash();
121 if (!dn || !eechash) {
124 TRACEI(
DEBUG,
"Failed to extract DN information.");
129 if (SecEntity.moninfo) {
130 free(SecEntity.moninfo);
133 SecEntity.moninfo = strdup(dn);
134 TRACEI(
DEBUG,
" Subject name is : '" << SecEntity.moninfo <<
"'; hash is " << eechash);
138 if (GetVOMSData(lp)) {
139 TRACEI(
DEBUG,
" No VOMS information for DN: " << SecEntity.moninfo);
141 if (isRequiredXtractor) {
142 eDest.
Emsg(epname,
"Failed extracting required VOMS info for DN: ",
149 auto retval = HandleGridMap(lp, eechash);
160 XrdHttpProtocol::HandleGridMap(
XrdLink* lp,
const char * eechash)
166 int mape = servGMap->dn2user(SecEntity.moninfo, bufname,
sizeof(bufname), 0);
167 if ( !mape && SecEntity.moninfo[0] ) {
168 TRACEI(
DEBUG,
" Mapping name: '" << SecEntity.moninfo <<
"' --> " << bufname);
169 if (SecEntity.name) free(SecEntity.name);
170 SecEntity.name = strdup(bufname);
171 SecEntity.eaAPI->Add(
"gridmap.name",
"1",
true);
174 TRACEI(ALL,
" Mapping name: " << SecEntity.moninfo <<
" Failed. err: " << mape);
176 if (isRequiredGridmap) {
177 eDest.
Emsg(epname,
"Required gridmap mapping failed for DN:",
184 if (!SecEntity.name && !compatNameGeneration) {
185 TRACEI(
DEBUG,
" Will fallback name to subject hash: " << eechash);
186 SecEntity.name = strdup(eechash);
190 if (!SecEntity.name) {
192 if (SecEntity.name) free(SecEntity.name);
196 char *lnpos = strstr(SecEntity.moninfo,
"/CN=");
202 char *lnpos2 = index(lnpos,
'/');
204 int l = ( lnpos2-lnpos < (int)
sizeof(bufname) ? lnpos2-lnpos : (int)
sizeof(bufname)-1 );
205 strncpy(bufname, lnpos, l);
210 strcpy(bufname2,
"unknown-");
211 for (
int i = (
int)strlen(bufname)-1; i >= 0; i--) {
212 if (isalnum(bufname[i])) {
214 bufname2[j] = bufname[i];
220 SecEntity.name = strdup(bufname);
221 TRACEI(
DEBUG,
" Setting link name: '" << bufname2+j <<
"'");
222 lp->
setID(bufname2+j, 0);
228 if (!SecEntity.name) {
230 SecEntity.name = strdup(
"unknown-\0");
231 for (
int i = (
int)strlen(SecEntity.moninfo)-1; i >= 0; i--) {
232 if (isalnum(SecEntity.moninfo[i])) {
234 SecEntity.name[j] = SecEntity.moninfo[i];
248 int XrdHttpProtocol::GetVOMSData(
XrdLink *lp)
260 if (servGMap && SecEntity.name) {
261 savestr = strdup(SecEntity.name);
264 int r = secxtractor->GetSecData(lp, SecEntity, ssl);
266 if (servGMap && savestr) {
267 if (SecEntity.name) free(SecEntity.name);
268 SecEntity.name = savestr;
272 TRACEI(ALL,
" Certificate data extraction failed: " << SecEntity.moninfo
273 <<
" Failed. err: " << r);
static XrdSysError eDest(0,"crypto_")
XrdSysTrace XrdHttpTrace("http")
A pragmatic implementation of the HTTP/DAV protocol for the Xrd framework.
XrdOucGMap * XrdOucgetGMap(XrdOucGMapArgs)
static XrdCryptoFactory * GetCryptoFactory(const char *factoryname)
void Cleanup(bool keepCA=0)
static XrdOucGMap * servGMap
The instance of the DN mapper. Created only when a valid path is given.
void setID(const char *userid, int procid)
const char * c_str() const
int Emsg(const char *esfx, int ecode, const char *text1, const char *text2=0)
void Say(const char *text1, const char *text2=0, const char *txt3=0, const char *text4=0, const char *text5=0, const char *txt6=0)