XRootD
XrdSecLoadSecurity.cc File Reference
#include <iostream>
#include "XrdVersion.hh"
#include "XProtocol/XProtocol.hh"
#include "XrdOuc/XrdOucPinLoader.hh"
#include "XrdSec/XrdSecLoadSecurity.hh"
#include "XrdSec/XrdSecProtector.hh"
#include "XrdSys/XrdSysError.hh"
#include "XrdSys/XrdSysPlatform.hh"
#include "XrdSys/XrdSysPthread.hh"
+ Include dependency graph for XrdSecLoadSecurity.cc:

Go to the source code of this file.

Namespaces

 XrdSecProtection
 

Functions

int XrdSecGetProtection (XrdSecProtect *&protP, XrdSecProtocol &aprot, ServerResponseBody_Protocol &resp, unsigned int resplen)
 
XrdSecProtectorXrdSecLoadProtection (XrdSysError &erP)
 
XrdSecGetProt_t XrdSecLoadSecFactory (char *eBuff, int eBlen, const char *seclib)
 
XrdSecServiceXrdSecLoadSecService (XrdSysError *eDest, const char *cfn, const char *seclib, XrdSecGetProt_t *getP, XrdSecProtector **proP)
 

Variables

int XrdSecProtection::protRC = 0
 
XrdSecProtectorXrdSecProtection::theProtector = 0
 

Function Documentation

◆ XrdSecGetProtection()

int XrdSecGetProtection ( XrdSecProtect *&  protP,
XrdSecProtocol aprot,
ServerResponseBody_Protocol resp,
unsigned int  resplen 
)

Obtain an instance of a security protection object based on the kXR_protocol response. This is only used client-side.

Parameters
protPPlace where the protection object point is placed.
aprotUses the authentication protocol to protect requests. It must be supplied and must be he protocol the client used for authentication. Hence, authentication must occur first.
respReference to the response body returned by kXR_protocol.
resplenLength of the response body.
Returns
>0 pointer to the protect object placed in protP.
=0 No protection is needed, protP set to zero.
<0 An error occurred getting the protection object the return value is -errno and protP has been set to zero.

Definition at line 206 of file XrdSecLoadSecurity.cc.

210 {
211  static const unsigned int hdrLen = sizeof(ServerResponseReqs_Protocol) - 2;
212  static const unsigned int minLen = kXR_ShortProtRespLen + hdrLen;
213  XrdSecProtector *pObj;
214  unsigned int vLen;
215  int rc;
216 
217 // First validate the response before passing it to anyone
218 //
219  protP = 0;
220  if (resplen <= kXR_ShortProtRespLen) return 0;
221  if (resplen < minLen) return -EINVAL;
222  vLen = static_cast<unsigned int>(resp.secreq.secvsz)
223  * sizeof(ServerResponseSVec_Protocol);
224  if (vLen + minLen > resplen) return -EINVAL;
225 
226 // Our first step is to see if any protection is required
227 //
228  if (vLen == 0 && resp.secreq.seclvl == kXR_secNone) return 0;
229 
230 // The next step is to see if we have a protector object. If we do not then
231 // we need to load the library that provides such objects. This needs to be
232 // MT-safe as it may be called at any time by any thread.
233 //
234  protMutex.Lock();
235  if (!(pObj = XrdSecProtection::theProtector))
237  {char eBuff[2048];
238  if ((XrdSecProtection::protRC = Load(eBuff, sizeof(eBuff), 0)))
239  std::cerr <<"SecLoad: " <<eBuff <<'\n' <<std::flush;
240  else
242  }
243  if ((rc = XrdSecProtection::protRC))
244  {protMutex.UnLock();
245  return -rc;
246  }
247  }
248  protMutex.UnLock();
249 
250 // Return new protection object
251 //
252  protP = pObj->New4Client(aprot, resp.secreq, resplen-kXR_ShortProtRespLen);
253  return (protP ? 1 : 0);
254 }
#define kXR_ShortProtRespLen
Definition: XProtocol.hh:1200
#define kXR_secNone
Definition: XProtocol.hh:1131
ServerResponseReqs_Protocol secreq
Definition: XProtocol.hh:1194
virtual XrdSecProtect * New4Client(XrdSecProtocol &aprot, const ServerResponseReqs_Protocol &inReqs, unsigned int reqLen)
XrdSecProtector * theProtector

References kXR_secNone, kXR_ShortProtRespLen, XrdSecProtector::New4Client(), XrdSecProtection::protRC, ServerResponseReqs_Protocol::seclvl, ServerResponseBody_Protocol::secreq, ServerResponseReqs_Protocol::secvsz, and XrdSecProtection::theProtector.

+ Here is the call graph for this function:

◆ XrdSecLoadProtection()

XrdSecProtector* XrdSecLoadProtection ( XrdSysError erP)

Definition at line 262 of file XrdSecLoadSecurity.cc.

263 {
264 
265 // Load the protection object. This is done in the main thread do no mutex
266 //
267  XrdSecProtection::protRC = Load(0, 0, 0, &erP);
268 
269 // All done, return result
270 //
272 }

References XrdSecProtection::protRC, and XrdSecProtection::theProtector.

Referenced by XrdSecServer::Configure().

+ Here is the caller graph for this function:

◆ XrdSecLoadSecFactory()

XrdSecGetProt_t XrdSecLoadSecFactory ( char *  eBuff,
int  eBlen,
const char *  seclib = 0 
)

This include file defines utility functions that load the security framework plugin specialized for server-side or client-side use. These functions are public and remain ABI stable! Load the Security Protocol Factory (used client-side)

Parameters
eBuffPointer to a buffer tat is to receive any messages. Upon failure it will contain an eror message. Upon success it will contain an informational message that describes the version that was loaded.
eBlenThe length of the eBuff, it should be at least 1K to avoid message truncation as the message may have a path.
seclibPointer to the shared library path that contains the framework implementation. If a nill pointer is passed, then the default library is used.
Returns
!0 Pointer to the to XrdSegGetProtocol() function is returned. returned in getP if it is not nil.
=0 The security frmaework could not be loaded. The error message describing the problem is in eBuff.

Definition at line 176 of file XrdSecLoadSecurity.cc.

177 {
178  XrdSecGetProt_t getP;
179  int rc;
180 
181 // Load required plugin nd obtain pointers
182 //
183  rc = Load(eBuff, eBlen, 0, seclib, &getP);
184  if (!rc) return getP;
185 
186 // Issue correct error message, if any
187 //
188  if (!seclib) seclib = "default";
189 
190  if (rc < 0)
191  snprintf(eBuff, eBlen,
192  "Unable to create security framework via %s; invalid path.",
193  seclib);
194  else if (!(*eBuff))
195  snprintf(eBuff, eBlen,
196  "Unable to create security framework via %s", seclib);
197  return 0;
198 }
XrdSecProtocol *(* XrdSecGetProt_t)(const char *hostname, XrdNetAddrInfo &endPoint, XrdSecParameters &sectoken, XrdOucErrInfo *einfo)
Typedef to simplify the encoding of methods returning XrdSecProtocol.

◆ XrdSecLoadSecService()

XrdSecService* XrdSecLoadSecService ( XrdSysError eDest,
const char *  cfn,
const char *  seclib,
XrdSecGetProt_t getP,
XrdSecProtector **  proP 
)

Definition at line 278 of file XrdSecLoadSecurity.cc.

283 {
284  XrdSecService *CIA;
285 
286 // Load required plugin nd obtain pointers
287 //
288  if (Load(0, 0, cfn, seclib, getP, &CIA, eDest)) return 0;
289 
290 // Set the protectorobject. Note that the securityservice will load it if
291 // is needed and we will havecaptured its pointer. This sort of a hack but
292 // we can't change the SecService object as it is a public interface.
293 //
294  if (proP) *proP = XrdSecProtection::theProtector;
295  return CIA;
296 }
static XrdSysError eDest(0,"crypto_")

References eDest, and XrdSecProtection::theProtector.

Referenced by XrdCmsSecurity::Configure().

+ Here is the caller graph for this function: