![]() |
XRootD
|
#include <XrdSecProtect.hh>
Public Member Functions | |
virtual | ~XrdSecProtect () |
Destructor. More... | |
virtual void | Delete () |
Delete this object. Use this method as opposed to operator delete. More... | |
virtual int | Secure (SecurityRequest *&newreq, ClientRequest &thereq, const char *thedata) |
virtual const char * | Verify (SecurityRequest &secreq, ClientRequest &thereq, const char *thedata) |
Public Attributes | |
bool(XrdSecProtect::* | Need2Secure )(ClientRequest &thereq) |
Protected Member Functions | |
XrdSecProtect (XrdSecProtocol *aprot, XrdSecProtect &pRef, bool edok=true) | |
XrdSecProtect (XrdSecProtocol *aprot=0, bool edok=true) | |
void | SetProtection (const ServerResponseReqs_Protocol &inReqs) |
Friends | |
class | XrdSecProtector |
Definition at line 55 of file XrdSecProtect.hh.
|
inlinevirtual |
|
inlineprotected |
Definition at line 136 of file XrdSecProtect.hh.
|
inlineprotected |
Definition at line 142 of file XrdSecProtect.hh.
|
inlinevirtual |
Delete this object. Use this method as opposed to operator delete.
Definition at line 64 of file XrdSecProtect.hh.
|
virtual |
Secure a request.
Request securement is optional and this call should be gaurded by an if statement to avoid securing requests that need not be secured as follows:
if (NEED2SECURE(<protP>)(thereq)) result = <protP>->Secure(....); else result = 0;
Modify the above to your particuar needs but gaurd the call!
newreq | A reference to a pointer where the new request, if needed, will be placed. The new request will consist of a kXR_sigver request followed by hash. The request buffer must be freed using free() when it is no longer needed. |
thereq | Reference to the client request header/body that needs to be secured. The request must be in network byte order. |
thedata | The request data whose length resides in theReq.dlen. If thedata is nil but thereq.dlen is not zero then the request data must follow the request header in the thereq buffer. |
Definition at line 254 of file XrdSecProtect.cc.
References ClientRequestHdr::dlen, ClientRequest::header, kXR_nodata, kXR_pgwrite, kXR_secver_0, kXR_SHA256, kXR_sigver, kXR_write, ClientRequestHdr::requestid, XrdOucIOVec::size, and ClientRequestHdr::streamid.
Referenced by XrdCl::XRootDTransport::GetSignature().
|
protected |
Definition at line 349 of file XrdSecProtect.cc.
References kXR_secOData, kXR_secPedantic, kXR_secver_0, kXR_signNeeded, ServerResponseSVec_Protocol::reqindx, ServerResponseSVec_Protocol::reqsreq, ServerResponseReqs_Protocol::seclvl, ServerResponseReqs_Protocol::secopt, ServerResponseReqs_Protocol::secvec, and ServerResponseReqs_Protocol::secvsz.
Referenced by XrdSecProtector::Config(), and XrdSecProtector::New4Client().
|
virtual |
Verify that a request was properly secured.
secreq | A reference to the kXR_sigver request followed by whatever data was sent (normally an encrypted verification hash). All but the request code must be in network byte order. |
thereq | Reference to the client request header/body that needs to be verified. The request must be in network byte order. |
thedata | The request data whose length resides in theReq.dlen. |
Definition at line 400 of file XrdSecProtect.cc.
References ClientSigverRequest::crypto, ClientRequestHdr::dlen, ClientSigverRequest::expectrid, ClientSigverRequest::flags, SecurityRequest::header, ClientRequest::header, kXR_HashMask, kXR_nodata, kXR_rsaKey, kXR_secver_0, kXR_SHA256, ClientRequestHdr::requestid, ClientSigverRequest::seqno, SecurityRequest::sigver, ClientRequestHdr::streamid, ClientSigverRequest::version, and XrdSysE2T().
Referenced by XrdXrootdProtocol::Process2().
|
friend |
Definition at line 58 of file XrdSecProtect.hh.
bool(XrdSecProtect::* XrdSecProtect::Need2Secure) (ClientRequest &thereq) |
Test whether or not a request needs to be secured. This method pointer should only be invoked via the NEED2SECURE macro (see above).
thereq | Reference to the request header/body in network byte order. |
Definition at line 76 of file XrdSecProtect.hh.