XRootD
XrdVomsHttp.cc
Go to the documentation of this file.
1 /******************************************************************************/
2 /* */
3 /* X r d V o m s H t t p . c c */
4 /* */
5 /* (c) 2020 by the Board of Trustees of the Leland Stanford, Jr., University */
6 /* Produced by Andrew Hanushevsky for Stanford University under contract */
7 /* DE-AC02-76-SFO0515 with the Deprtment of Energy */
8 /* */
9 /* This file is part of the XRootD software suite. */
10 /* */
11 /* XRootD is free software: you can redistribute it and/or modify it under */
12 /* the terms of the GNU Lesser General Public License as published by the */
13 /* Free Software Foundation, either version 3 of the License, or (at your */
14 /* option) any later version. */
15 /* */
16 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19 /* License for more details. */
20 /* */
21 /* You should have received a copy of the GNU Lesser General Public License */
22 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24 /* */
25 /* The copyright holder's institutional names and contributor's names may not */
26 /* be used to endorse or promote products derived from this software without */
27 /* specific prior written permission of the institution or contributor. */
28 /******************************************************************************/
29 
30 // This code is based on
31 
32 #include "XrdVomsFun.hh"
33 
41 /******************************************************************************/
42 /* I n c l u d e s */
43 /******************************************************************************/
44 
45 #include "XrdVersion.hh"
48 
49 #include "XrdVoms.hh"
50 
51 /******************************************************************************/
52 /* C l a s s X r d X r o o t d V o m s H t t p */
53 /******************************************************************************/
54 
56 {
57 public:
58 
59  // Extract security info from the link instance, and use it to populate
60  // the given XrdSec instance
61  //
62  virtual int GetSecData(XrdLink *, XrdSecEntity &, SSL *);
63 
64  // Initializes an ssl ctx
65  //
66  virtual int Init(SSL_CTX *, int) {return 0;}
67 
68 
69  virtual int InitSSL(SSL *ssl, char *cadir) {return 0;}
70  virtual int FreeSSL(SSL *) {return 0;}
71 
73  : vomsFun(vFun), eDest(erp) {};
74 
75 private:
76 
77  XrdVomsFun &vomsFun;
78  XrdSysError *eDest;
79 };
80 
81 /******************************************************************************/
82 /* G e t S e c D a t a */
83 /******************************************************************************/
84 
86 {
87  Voms_x509_in_t xCerts;
88  int rc;
89 
90 // Make sure the certs have been verified. Note that HTTP doesn't do well if
91 // we return failure. So, we always return success as there will be no entity.
92 //
93 //
94  if (SSL_get_verify_result(ssl) != X509_V_OK) return 0;
95 
96 // Get the certs
97 //
98  xCerts.cert = SSL_get_peer_certificate(ssl);
99  if (!xCerts.cert) return 0;
100  xCerts.chain = SSL_get_peer_cert_chain(ssl);
101 
102 // The API calls for the cert member in the SecEntity point to the certs
103 //
104  sec.creds = (char *)&xCerts;
105 
106 // Do the voms tango now and upon success pretend we are "gsi" authentication
107 //
108  if (!(rc = vomsFun.VOMSFun(sec))) strcpy(sec.prot, "gsi");
109 
110 // Free the x509 cert the chain will stick arround until the session is freed
111 //
112  X509_free(xCerts.cert);
113 
114 // All done
115 //
116  sec.creds = 0;
117  return rc;
118 }
119 
120 /******************************************************************************/
121 /* X r d H t t p G e t S e c X t r a c t o r */
122 /******************************************************************************/
123 
125 {
126 
127 // First step it get a new VomsFun object
128 //
129  XrdVomsFun *vomsFun = new XrdVomsFun(*eDest);
130 
131 // Initialize it using the parameters supplied
132 //
133  if (vomsFun->VOMSInit(parms) < 0)
134  {delete vomsFun;
135  return 0;
136  }
137 
138 // We will always use a stack of x509 certs, make sure that is what the
139 // voms fund will actually think it wants.
140 //
142 
143 // Now return the interface object
144 //
145  return (XrdHttpSecXtractor *)new XrdVomsHttp(eDest, *vomsFun);
146 }
147 
148 /******************************************************************************/
149 /* V e r s i o n I n f o r m a t i o n */
150 /******************************************************************************/
151 
152 // This is the macro that declares the xrootd version this plugin uses.
153 // We only need to pass the name of the hook function and a name for logging.
154 // The version numbers actually are taken automatically at compile time.
155 //
157 
XrdVERSIONINFO(XrdClGetPlugIn, XrdClGetPlugIn) extern "C"
static XrdSysError eDest(0,"crypto_")
#define XrdHttpSecXtractorArgs
XrdHttpSecXtractor * XrdHttpGetSecXtractor(XrdHttpSecXtractorArgs)
Definition: XrdVomsHttp.cc:124
char prot[XrdSecPROTOIDSIZE]
Auth protocol used (e.g. krb5)
Definition: XrdSecEntity.hh:67
char * creds
Raw entity credentials or cert.
Definition: XrdSecEntity.hh:77
void SetCertFmt(CertFormat n)
Definition: XrdVomsFun.hh:55
int VOMSInit(const char *cfg)
Definition: XrdVomsFun.cc:401
int VOMSFun(XrdSecEntity &ent)
Definition: XrdVomsFun.cc:191
virtual int InitSSL(SSL *ssl, char *cadir)
Definition: XrdVomsHttp.cc:69
XrdVomsHttp(XrdSysError *erp, XrdVomsFun &vFun)
Definition: XrdVomsHttp.cc:72
virtual int Init(SSL_CTX *, int)
Definition: XrdVomsHttp.cc:66
virtual int FreeSSL(SSL *)
Definition: XrdVomsHttp.cc:70
virtual int GetSecData(XrdLink *, XrdSecEntity &, SSL *)
Definition: XrdVomsHttp.cc:85
X509 * cert
Definition: XrdVoms.hh:40