XRootD
XrdSecProtocolgsi.hh
Go to the documentation of this file.
1 /******************************************************************************/
2 /* */
3 /* X r d S e c P r o t o c o l g s i . h h */
4 /* */
5 /* (c) 2005 G. Ganis / CERN */
6 /* */
7 /* This file is part of the XRootD software suite. */
8 /* */
9 /* XRootD is free software: you can redistribute it and/or modify it under */
10 /* the terms of the GNU Lesser General Public License as published by the */
11 /* Free Software Foundation, either version 3 of the License, or (at your */
12 /* option) any later version. */
13 /* */
14 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
15 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
16 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
17 /* License for more details. */
18 /* */
19 /* You should have received a copy of the GNU Lesser General Public License */
20 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
21 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
22 /* */
23 /* The copyright holder's institutional names and contributor's names may not */
24 /* be used to endorse or promote products derived from this software without */
25 /* specific prior written permission of the institution or contributor. */
26 /* */
27 /******************************************************************************/
28 #include <ctime>
29 #include <memory>
30 
31 #include "XrdNet/XrdNetAddrInfo.hh"
32 
33 #include "XrdOuc/XrdOucErrInfo.hh"
34 #include "XrdOuc/XrdOucGMap.hh"
35 #include "XrdOuc/XrdOucHash.hh"
36 #include "XrdOuc/XrdOucString.hh"
38 
39 #include "XrdSys/XrdSysPthread.hh"
40 
43 
44 #include "XrdSut/XrdSutCache.hh"
45 
46 #include "XrdSut/XrdSutPFEntry.hh"
47 #include "XrdSut/XrdSutPFile.hh"
48 #include "XrdSut/XrdSutBuffer.hh"
49 #include "XrdSut/XrdSutRndm.hh"
50 
55 
57 
58 /******************************************************************************/
59 /* D e f i n e s */
60 /******************************************************************************/
61 
64 
65 #define XrdSecPROTOIDENT "gsi"
66 #define XrdSecPROTOIDLEN sizeof(XrdSecPROTOIDENT)
67 #define XrdSecgsiVERSION 10600
68 #define XrdSecNOIPCHK 0x0001
69 #define XrdSecDEBUG 0x1000
70 #define XrdCryptoMax 10
71 
72 #define kMAXBUFLEN 1024
73 
74 
75 #define XrdSecgsiVersDHsigned 10400 // Version at which started signing
76  // of server DH parameters
77 #define XrdSecgsiVersCertKey 10600 // Version at which started supporting
78  // authentication with cert/key only
79 
80 //
81 // Message codes either returned by server or included in buffers
82 enum kgsiStatus {
83  kgST_error = -1, // error occurred
84  kgST_ok = 0, // ok
85  kgST_more = 1 // need more info
86 };
87 
88 // Client steps
90  kXGC_none = 0,
91  kXGC_certreq = 1000, // 1000: request server certificate
92  kXGC_cert, // 1001: packet with (proxy) certificate
93  kXGC_sigpxy, // 1002: packet with signed proxy certificate
94  kXGC_reserved //
95 };
96 
97 // Server steps
99  kXGS_none = 0,
100  kXGS_init = 2000, // 2000: fake code used the first time
101  kXGS_cert, // 2001: packet with certificate
102  kXGS_pxyreq, // 2002: packet with proxy req to be signed
103  kXGS_reserved //
104 };
105 
106 // Handshake options
108  kOptsDlgPxy = 1, // 0x0001: Ask for a delegated proxy
109  kOptsFwdPxy = 2, // 0x0002: Forward local proxy
110  kOptsSigReq = 4, // 0x0004: Accept to sign delegated proxy
111  kOptsSrvReq = 8, // 0x0008: Server request for delegated proxy
112  kOptsPxFile = 16, // 0x0010: Save delegated proxies in file
113  kOptsDelChn = 32, // 0x0020: Delete chain
114  kOptsPxCred = 64, // 0x0040: Save delegated proxies as credentials
115  kOptsCreatePxy = 128, // 0x0080: Request a client proxy
116  kOptsDelPxy = 256 // 0x0100: Delete the proxy PxyChain
117 };
118 
119 // Error codes
121  kGSErrParseBuffer = 10000, // 10000
129  kGSErrGenCipher, // 10008
130  kGSErrExportPuK, // 10009
133  kGSErrNoRndmTag, // 10012
134  kGSErrNoCipher, // 10013
135  kGSErrNoCreds, // 10014
136  kGSErrBadOpt, // 10015
137  kGSErrMarshal, // 10016
138  kGSErrUnmarshal, // 10017
139  kGSErrSaveCreds, // 10018
140  kGSErrNoBuffer, // 10019
141  kGSErrRefCipher, // 10020
142  kGSErrNoPublic, // 10021
143  kGSErrAddBucket, // 10022
144  kGSErrFinCipher, // 10023
145  kGSErrInit, // 10024
146  kGSErrBadCreds, // 10025
147  kGSErrError // 10026
148 };
149 
150 #define REL1(x) { if (x) delete x; }
151 #define REL2(x,y) { if (x) delete x; if (y) delete y; }
152 #define REL3(x,y,z) { if (x) delete x; if (y) delete y; if (z) delete z; }
153 
154 #define SafeDelete(x) { if (x) {delete x ; x = 0;} }
155 #define SafeDelArray(x) { if (x) {delete [] x ; x = 0;} }
156 #define SafeFree(x) { if (x) {free(x) ; x = 0;} }
157 
158 // External functions for generic mapping
159 typedef char *(*XrdSecgsiGMAP_t)(const char *, int);
160 typedef int (*XrdSecgsiAuthz_t)(XrdSecEntity &);
161 typedef int (*XrdSecgsiAuthzInit_t)(const char *);
162 typedef int (*XrdSecgsiAuthzKey_t)(XrdSecEntity &, char **);
163 // VOMS extraction
166 //
167 // This a small class to set the relevant options in one go
168 //
169 class XrdOucGMap;
170 class XrdOucTrace;
171 class gsiOptions {
172 public:
173  short debug; // [cs] debug flag
174  char mode; // [cs] 'c' or 's'
175  char *clist; // [s] list of crypto modules ["ssl" ]
176  char *certdir;// [cs] dir with CA info [/etc/grid-security/certificates]
177  char *crldir; // [cs] dir with CRL info [/etc/grid-security/certificates]
178  char *crlext; // [cs] extension of CRL files [.r0]
179  char *cert; // [s] server certificate [/etc/grid-security/root/rootcert.pem]
180  // [c] user certificate [$HOME/.globus/usercert.pem]
181  char *key; // [s] server private key [/etc/grid-security/root/rootkey.pem]
182  // [c] user private key [$HOME/.globus/userkey.pem]
183  char *cipher; // [s] list of ciphers [aes-128-cbc:bf-cbc:des-ede3-cbc]
184  char *md; // [s] list of MDs [sha256:md5]
185  int crl; // [cs] check level of CRL's [1]
186  int ca; // [cs] verification level of CA's [1]
187  int crlrefresh; // [cs] CRL refresh or expiration period in secs [1 day]
188  char *proxy; // [c] user proxy [/tmp/x509up_u<uid>]
189  char *valid; // [c] proxy validity [12:00]
190  int deplen; // [c] depth of signature path for proxies [0]
191  int bits; // [c] bits in PKI for proxies [default: XrdCryptoDefRSABits]
192  char *gridmap;// [s] gridmap file [/etc/grid-security/gridmap]
193  int gmapto; // [s] validity in secs of grid-map cache entries [600 s]
194  char *gmapfun;// [s] file with the function to map DN to usernames [0]
195  char *gmapfunparms;// [s] parameters for the function to map DN to usernames [0]
196  char *authzfun;// [s] file with the function to fill entities [0]
197  char *authzfunparms;// [s] parameters for the function to fill entities [0]
198  int authzcall; // [s] when to call authz function [1 -> always]
199  int authzto; // [s] validity in secs of authz cache entries [-1 => unlimited]
200  int ogmap; // [s] gridmap file checking option
201  int dlgpxy; // [c] explicitely ask the creation of a delegated proxy; default 0
202  // [s] ask client for proxies; default: do not accept delegated proxies
203  int sigpxy; // [c] accept delegated proxy requests
204  int createpxy; // [c] force client proxy authentications
205  char *srvnames;// [c] '|' separated list of allowed server names
206  char *exppxy; // [s] template for the exported file with proxies
207  int authzpxy; // [s] if 1 make proxy available in exported form in the 'endorsement'
208  // field of the XrdSecEntity object for use in XrdAcc
209  int vomsat; // [s] 0 do not look for; 1 extract if any
210  char *vomsfun;// [s] file with the function to fill VOMS [0]
211  char *vomsfunparms;// [s] parameters for the function to fill VOMS [0]
212  int moninfo; // [s] 0 do not look for; 1 use DN as default
213  int hashcomp; // [cs] 1 send hash names with both algorithms; 0 send only the default [1]
214 
215  bool trustdns; // [cs] 'true' if DNS is trusted [true]
216  bool showDN; // [cs] 'true' display the dn
217 
218  gsiOptions() { debug = -1; mode = 's'; clist = 0;
219  certdir = 0; crldir = 0; crlext = 0; cert = 0; key = 0;
220  cipher = 0; md = 0; ca = 1 ; crl = 1; crlrefresh = 86400;
221  proxy = 0; valid = 0; deplen = 0; bits = XrdCryptoDefRSABits;
222  gridmap = 0; gmapto = 600;
223  gmapfun = 0; gmapfunparms = 0; authzfun = 0; authzfunparms = 0;
224  authzto = -1; authzcall = 1;
225  ogmap = 1; dlgpxy = 0; sigpxy = 1; srvnames = 0;
226  exppxy = 0; authzpxy = 0;
227  vomsat = 1; vomsfun = 0; vomsfunparms = 0; moninfo = 0;
228  hashcomp = 1; trustdns = true; showDN = false; createpxy = 1;}
229  virtual ~gsiOptions() { } // Cleanup inside XrdSecProtocolgsiInit
230  void Print(XrdOucTrace *t); // Print summary of gsi option status
231 };
232 
233 class XrdSecProtocolgsi;
234 class gsiHSVars;
235 
236 // From a proxy query
237 typedef struct {
241 } ProxyOut_t;
242 
243 // To query proxies
244 typedef struct {
245  const char *cert;
246  const char *key;
247  const char *certdir;
248  const char *out;
249  const char *valid;
250  int deplen;
251  int bits;
252  bool createpxy;
253 } ProxyIn_t;
254 
255 template<class T>
256 class GSIStack {
257 public:
258  void Add(T *t) {
259  char k[40]; snprintf(k, 40, "%p", static_cast<void*>(t));
260  mtx.Lock();
261  if (!stack.Find(k)) stack.Add(k, t, 0, Hash_count); // We need an additional count
262  stack.Add(k, t, 0, Hash_count);
263  mtx.UnLock();
264  }
265  void Del(T *t) {
266  char k[40]; snprintf(k, 40, "%p", static_cast<void*>(t));
267  mtx.Lock();
268  if (stack.Find(k)) stack.Del(k, Hash_count);
269  mtx.UnLock();
270  }
271 private:
272  XrdSysMutex mtx;
273  XrdOucHash<T> stack;
274 };
275 
276 /******************************************************************************/
277 /* X r d S e c P r o t o c o l g s i C l a s s */
278 /******************************************************************************/
279 
281 {
282 friend class gsiOptions;
283 friend class gsiHSVars;
284 public:
285  int Authenticate (XrdSecCredentials *cred,
286  XrdSecParameters **parms,
287  XrdOucErrInfo *einfo=0);
288 
290  XrdOucErrInfo *einfo=0);
291 
292  XrdSecProtocolgsi(int opts, const char *hname, XrdNetAddrInfo &endPoint,
293  const char *parms = 0);
294  virtual ~XrdSecProtocolgsi() {} // Delete() does it all
295 
296  // Initialization methods
297  static char *Init(gsiOptions o, XrdOucErrInfo *erp);
298 
299  void Delete();
300 
301  // Encrypt / Decrypt methods
302  int Encrypt(const char *inbuf, int inlen,
303  XrdSecBuffer **outbuf);
304  int Decrypt(const char *inbuf, int inlen,
305  XrdSecBuffer **outbuf);
306  // Sign / Verify methods
307  int Sign(const char *inbuf, int inlen,
308  XrdSecBuffer **outbuf);
309  int Verify(const char *inbuf, int inlen,
310  const char *sigbuf, int siglen);
311 
312  // Export session key
313  int getKey(char *kbuf=0, int klen=0);
314  // Import a key
315  int setKey(char *kbuf, int klen);
316 
317  // Enable tracing
318  static XrdOucTrace *EnableTracing();
319 
320 private:
321  XrdNetAddrInfo epAddr;
322 
323  // Static members initialized at startup
324  static XrdSysMutex gsiContext;
325  static String CAdir;
326  static String CRLdir;
327  static String DefCRLext;
328  static String SrvCert;
329  static String SrvKey;
330  static String UsrProxy;
331  static String UsrCert;
332  static String UsrKey;
333  static String PxyValid;
334  static int DepLength;
335  static int DefBits;
336  static int CACheck;
337  static int CRLCheck;
338  static int CRLDownload;
339  static int CRLRefresh;
340  static String DefCrypto;
341  static String DefCipher;
342  static String DefMD;
343  static String DefError;
344  static String GMAPFile;
345  static int GMAPOpt;
346  static bool GMAPuseDNname;
347  static int GMAPCacheTimeOut;
348  static XrdSecgsiGMAP_t GMAPFun;
349  static XrdSecgsiAuthz_t AuthzFun;
350  static XrdSecgsiAuthzKey_t AuthzKey;
351  static int AuthzCertFmt;
352  static int AuthzCacheTimeOut;
353  static int PxyReqOpts;
354  static int AuthzPxyWhat;
355  static int AuthzPxyWhere;
356  static int AuthzAlways;
357  static String SrvAllowedNames;
358  static int VOMSAttrOpt;
359  static XrdSecgsiVOMS_t VOMSFun;
360  static int VOMSCertFmt;
361  static int MonInfoOpt;
362  static bool HashCompatibility;
363  static bool TrustDNS;
364  static bool ShowDN;
365  //
366  // Crypto related info
367  static int ncrypt; // Number of factories
368  static XrdCryptoFactory *cryptF[XrdCryptoMax]; // their hooks
369  static int cryptID[XrdCryptoMax]; // their IDs
370  static String cryptName[XrdCryptoMax]; // their names
371  static XrdCryptoCipher *refcip[XrdCryptoMax]; // ref for session ciphers
372  //
373  // Caches
374  static XrdSutCache cacheCA; // Info about trusted CA's
375  static XrdSutCache cacheCert; // Server certificates info cache
376  static XrdSutCache cachePxy; // Client proxies cache;
377  static XrdSutCache cacheGMAPFun; // Cache for entries mapped by GMAPFun
378  static XrdSutCache cacheAuthzFun; // Cache for entities filled by AuthzFun
379  //
380  // Services
381  static XrdOucGMap *servGMap; // Grid mapping service
382  //
383  // CA and CRL stacks
384  static GSIStack<XrdCryptoX509Chain> stackCA; // Stack of CA in use
385  static std::unique_ptr<GSIStack<XrdCryptoX509Crl>> stackCRL; // Stack of CRL in use
386  //
387  // GMAP control vars
388  static time_t lastGMAPCheck; // time of last check on GMAP
389  static XrdSysMutex mutexGMAP; // mutex to control GMAP reloads
390  //
391  // Running options / settings
392  static int Debug; // [CS] Debug level
393  static bool Server; // [CS] If server mode
394  static int TimeSkew; // [CS] Allowed skew in secs for time stamps
395  //
396  // for error logging and tracing
397  static XrdSysLogger Logger;
398  static XrdSysError eDest;
399  static XrdOucTrace *GSITrace;
400 
401  // Information local to this instance
402  int options;
403  XrdCryptoFactory *sessionCF; // Chosen crypto factory
404  XrdCryptoCipher *sessionKey; // Session Key (result of the handshake)
405  XrdSutBucket *bucketKey; // Bucket with the key in export form
406  XrdCryptoMsgDigest *sessionMD; // Message Digest instance
407  XrdCryptoRSA *sessionKsig; // RSA key to sign
408  XrdCryptoRSA *sessionKver; // RSA key to verify
409  X509Chain *proxyChain; // Chain with the delegated proxy on servers
410  bool srvMode; // TRUE if server mode
411  char *expectedHost; // Expected hostname if TrustDNS is enabled.
412  bool useIV; // Use a non-zeroed unique IV in cipher enc/dec operations
413  String urlUsrProxy; // Proxy file location if given to client in url
414  String urlUsrCert; // Proxy cert location if given to client in url
415  String urlUsrKey; // Proxy key location if given to client in url
416 
417  // Temporary Handshake local info
418  gsiHSVars *hs;
419 
420  // Parsing received buffers: client
421  int ParseClientInput(XrdSutBuffer *br, XrdSutBuffer **bm,
422  String &emsg);
423  int ClientDoInit(XrdSutBuffer *br, XrdSutBuffer **bm,
424  String &cmsg);
425  int ClientDoCert(XrdSutBuffer *br, XrdSutBuffer **bm,
426  String &cmsg);
427  int ClientDoPxyreq(XrdSutBuffer *br, XrdSutBuffer **bm,
428  String &cmsg);
429 
430  // Parsing received buffers: server
431  int ParseServerInput(XrdSutBuffer *br, XrdSutBuffer **bm,
432  String &cmsg);
433  int ServerDoCertreq(XrdSutBuffer *br, XrdSutBuffer **bm,
434  String &cmsg);
435  int ServerDoCert(XrdSutBuffer *br, XrdSutBuffer **bm,
436  String &cmsg);
437  int ServerDoSigpxy(XrdSutBuffer *br, XrdSutBuffer **bm,
438  String &cmsg);
439 
440  // Auxilliary functions
441  int ParseCrypto(String cryptlist);
442  int ParseCAlist(String calist);
443 
444  // Load CA certificates
445  static int GetCA(const char *cahash,
446  XrdCryptoFactory *cryptof, gsiHSVars *hs = 0);
447  static String GetCApath(const char *cahash);
448  static bool VerifyCA(int opt, X509Chain *cca, XrdCryptoFactory *cf);
449  static int VerifyCRL(XrdCryptoX509Crl *crl, XrdCryptoX509 *xca, XrdOucString crldir,
450  XrdCryptoFactory *CF, int hashalg);
451  bool ServerCertNameOK(const char *subject, const char *hname, String &e);
452  static XrdSutCacheEntry *GetSrvCertEnt(XrdSutCERef &gcref,
453  XrdCryptoFactory *cf,
454  time_t timestamp, String &cal);
455 
456  // Load CRLs
457  static XrdCryptoX509Crl *LoadCRL(XrdCryptoX509 *xca, const char *sjhash,
458  XrdCryptoFactory *CF, int dwld, int &err);
459 
460  // Updating proxies
461  static int QueryProxy(bool checkcache, XrdSutCache *cache, const char *tag,
462  XrdCryptoFactory *cf, time_t timestamp,
463  ProxyIn_t *pi, ProxyOut_t *po);
464  static int InitProxy(ProxyIn_t *pi, XrdCryptoFactory *cf,
465  X509Chain *ch = 0, XrdCryptoRSA **key = 0);
466 
467  // Error functions
468  static void ErrF(XrdOucErrInfo *einfo, kXR_int32 ecode,
469  const char *msg1, const char *msg2 = 0,
470  const char *msg3 = 0);
471  XrdSecCredentials *ErrC(XrdOucErrInfo *einfo, XrdSutBuffer *b1,
472  XrdSutBuffer *b2,XrdSutBuffer *b3,
473  kXR_int32 ecode, const char *msg1 = 0,
474  const char *msg2 = 0, const char *msg3 = 0);
475  int ErrS(String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1,
476  XrdSutBuffer *b2, XrdSutBuffer *b3,
477  kXR_int32 ecode, const char *msg1 = 0,
478  const char *msg2 = 0, const char *msg3 = 0);
479 
480  // Check Time stamp
481  bool CheckTimeStamp(XrdSutBuffer *b, int skew, String &emsg);
482 
483  // Check random challenge
484  bool CheckRtag(XrdSutBuffer *bm, String &emsg);
485 
486  // Auxilliary methods
487  int AddSerialized(char opt, kXR_int32 step, String ID,
488  XrdSutBuffer *bls, XrdSutBuffer *buf,
489  kXR_int32 type, XrdCryptoCipher *cip);
490  // Grid map cache handling
491  static XrdSecgsiGMAP_t // Load alternative function for mapping
492  LoadGMAPFun(const char *plugin, const char *parms);
493  static XrdSecgsiAuthz_t // Load alternative function to fill XrdSecEntity
494  LoadAuthzFun(const char *plugin, const char *parms, int &fmt);
495  static XrdSecgsiVOMS_t // Load alternative function to extract VOMS
496  LoadVOMSFun(const char *plugin, const char *parms, int &fmt);
497  static void QueryGMAP(XrdCryptoX509Chain* chain, int now, String &name); //Lookup info for DN
498 
499  // Entity handling
500  void CopyEntity(XrdSecEntity *in, XrdSecEntity *out, int *lout = 0);
501  void FreeEntity(XrdSecEntity *in);
502 };
503 
504 class gsiHSVars {
505 public:
506  int Iter; // Iteration number
507  time_t TimeStamp; // Time of last call
508  String CryptoMod; // Crypto module in use
509  int RemVers; // Version run by remote counterpart
510  XrdCryptoCipher *Rcip; // Reference cipher
511  bool HasPad; // Whether padding is supported
512  XrdSutBucket *Cbck; // Bucket with the certificate in export form
513  String ID; // Handshake ID (dummy for clients)
514  XrdSutPFEntry *Cref; // Cache reference
515  XrdSutPFEntry *Pent; // Pointer to relevant file entry
516  X509Chain *Chain; // Chain to be eventually verified
517  XrdCryptoX509Crl *Crl; // Pointer to CRL, if required
518  X509Chain *PxyChain; // Proxy Chain on clients
519  bool RtagOK; // Rndm tag checked / not checked
520  bool Tty; // Terminal attached / not attached
521  int LastStep; // Step required at previous iteration
522  int Options; // Handshake options;
523  int HashAlg; // Hash algorithm of peer hash name;
524  XrdSutBuffer *Parms; // Buffer with server parms on first iteration
525 
526  gsiHSVars() { Iter = 0; TimeStamp = -1; CryptoMod = "";
527  RemVers = -1; Rcip = 0; HasPad = 0;
528  Cbck = 0;
529  ID = ""; Cref = 0; Pent = 0; Chain = 0; Crl = 0; PxyChain = 0;
530  RtagOK = 0; Tty = 0; LastStep = 0; Options = 0; HashAlg = 0; Parms = 0;}
531 
533  if (Options & kOptsDelChn) {
534  // Do not delete the CA certificate in the cached reference
535  if (Chain) Chain->Cleanup(1);
536  SafeDelete(Chain);
537  }
538  // Make sure XrdSecProtocolgsi::stackCRL exists, it could happen
539  // that it has been deallocated due to static deinitialization
540  // order fiasco
541  if (Crl && bool( XrdSecProtocolgsi::stackCRL ) ) {
542  // This decreases the counter and actually deletes the object only
543  // when no instance is using it
544  XrdSecProtocolgsi::stackCRL->Del(Crl);
545  Crl = 0;
546  }
547  if (Options & kOptsDelPxy) {
548  if (PxyChain) PxyChain->Cleanup();
550  } else {
551  // The proxy chain is owned by the proxy cache; invalid proxies
552  // are detected (and eventually removed) by QueryProxy
553  PxyChain = 0;
554  }
555  SafeDelete(Parms); }
556  void Dump(XrdSecProtocolgsi *p = 0);
557 };
int kXR_int32
Definition: XPtypes.hh:89
static XrdSysError eDest(0,"crypto_")
#define XrdCryptoDefRSABits
Definition: XrdCryptoAux.hh:53
@ Hash_count
Definition: XrdOucHash.hh:54
kgsiHandshakeOpts
@ kOptsDelChn
@ kOptsDelPxy
@ kOptsSigReq
@ kOptsFwdPxy
@ kOptsPxCred
@ kOptsSrvReq
@ kOptsDlgPxy
@ kOptsCreatePxy
@ kOptsPxFile
#define SafeDelete(x)
const char * valid
int(* XrdSecgsiAuthz_t)(XrdSecEntity &)
XrdSutBucket * cbck
const char * out
XrdCryptoRSA * ksig
XrdCryptogsiX509Chain X509Chain
const char * key
kgsiServerSteps
@ kXGS_cert
@ kXGS_none
@ kXGS_pxyreq
@ kXGS_init
@ kXGS_reserved
XrdSecgsiAuthz_t XrdSecgsiVOMS_t
int(* XrdSecgsiAuthzKey_t)(XrdSecEntity &, char **)
XrdOucString String
kgsiStatus
@ kgST_ok
@ kgST_error
@ kgST_more
int(* XrdSecgsiAuthzInit_t)(const char *)
const char * certdir
char *(* XrdSecgsiGMAP_t)(const char *, int)
const char * cert
#define XrdCryptoMax
kgsiClientSteps
@ kXGC_sigpxy
@ kXGC_cert
@ kXGC_reserved
@ kXGC_none
@ kXGC_certreq
XrdSecgsiAuthzInit_t XrdSecgsiVOMSInit_t
@ kGSErrExportPuK
@ kGSErrBadRndmTag
@ kGSErrCreateBuffer
@ kGSErrNoCipher
@ kGSErrInit
@ kGSErrFinCipher
@ kGSErrParseBuffer
@ kGSErrGenCipher
@ kGSErrBadCreds
@ kGSErrUnmarshal
@ kGSErrRefCipher
@ kGSErrBadProtocol
@ kGSErrMarshal
@ kGSErrNoPublic
@ kGSErrSaveCreds
@ kGSErrSerialBuffer
@ kGSErrNoCreds
@ kGSErrDecodeBuffer
@ kGSErrLoadCrypto
@ kGSErrEncRndmTag
@ kGSErrDuplicateBucket
@ kGSErrBadOpt
@ kGSErrNoRndmTag
@ kGSErrAddBucket
@ kGSErrError
@ kGSErrCreateBucket
@ kGSErrNoBuffer
X509Chain * chain
XrdOucString CAdir
XrdOucString CRLdir
int ncrypt
XrdOucString DefCrypto
XrdCryptoFactory ** CF
void ParseCrypto()
struct myOpts opts
int emsg(int rc, char *msg)
#define ID
void Add(T *t)
void Del(T *t)
void Cleanup(bool keepCA=0)
static XrdOucTrace * EnableTracing()
int Authenticate(XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)
int Verify(const char *inbuf, int inlen, const char *sigbuf, int siglen)
XrdSecProtocolgsi(int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0)
int Decrypt(const char *inbuf, int inlen, XrdSecBuffer **outbuf)
int Encrypt(const char *inbuf, int inlen, XrdSecBuffer **outbuf)
void Delete()
Delete the protocol object. DO NOT use C++ delete() on this object.
static char * Init(gsiOptions o, XrdOucErrInfo *erp)
XrdSecCredentials * getCredentials(XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)
int getKey(char *kbuf=0, int klen=0)
int Sign(const char *inbuf, int inlen, XrdSecBuffer **outbuf)
int setKey(char *kbuf, int klen)
XrdSutPFEntry * Cref
X509Chain * PxyChain
XrdCryptoX509Crl * Crl
XrdSutBuffer * Parms
XrdSutBucket * Cbck
void Dump(XrdSecProtocolgsi *p=0)
X509Chain * Chain
XrdSutPFEntry * Pent
XrdCryptoCipher * Rcip
virtual ~gsiOptions()
void Print(XrdOucTrace *t)
XrdSysLogger Logger
Definition: XrdGlobals.cc:47
Generic structure to pass security information back and forth.