XRootD
XrdSecgsiAuthzFunDN.cc File Reference
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <cerrno>
#include "XrdVersion.hh"
#include "XrdCrypto/XrdCryptosslAux.hh"
#include "XrdCrypto/XrdCryptoX509.hh"
#include "XrdCrypto/XrdCryptoX509Chain.hh"
#include "XrdOuc/XrdOucString.hh"
#include "XrdSec/XrdSecEntity.hh"
#include "XrdSecgsi/XrdSecgsiTrace.hh"
#include "XrdSut/XrdSutBucket.hh"
+ Include dependency graph for XrdSecgsiAuthzFunDN.cc:

Go to the source code of this file.

Functions

int XrdSecgsiAuthzFun (XrdSecEntity &entity)
 
int XrdSecgsiAuthzInit (const char *cfg)
 
int XrdSecgsiAuthzKey (XrdSecEntity &entity, char **key)
 
 XrdVERSIONINFO (XrdSecgsiAuthzFun, secgsiauthz)
 
 XrdVERSIONINFO (XrdSecgsiAuthzInit, secgsiauthz)
 
 XrdVERSIONINFO (XrdSecgsiAuthzKey, secgsiauthz)
 

Variables

static int gCertfmt = 1
 
XrdOucTracegsiTrace
 

Function Documentation

◆ XrdSecgsiAuthzFun()

int XrdSecgsiAuthzFun ( XrdSecEntity entity)

Definition at line 77 of file XrdSecgsiAuthzFunDN.cc.

78 {
79  // Implementation of XrdSecgsiAuthzFun extracting the information from the
80  // proxy chain in entity.creds
81  EPNAME("AuthzFunDN");
82 
83  // Notify
84  DEBUG("dummy call for '"<<entity.name<<"'");
85 
86  // Add something for test
87  entity.vorg = strdup("VO.dummy.test");
88  DEBUG("setting vorg: '"<<entity.vorg<<"'");
89 
90  // Done
91  return 0;
92 }}
#define DEBUG(x)
Definition: XrdBwmTrace.hh:54
#define EPNAME(x)
Definition: XrdBwmTrace.hh:56
char * vorg
Entity's virtual organization(s)
Definition: XrdSecEntity.hh:71
char * name
Entity's name.
Definition: XrdSecEntity.hh:69

References DEBUG, EPNAME, XrdSecEntity::name, and XrdSecEntity::vorg.

◆ XrdSecgsiAuthzInit()

int XrdSecgsiAuthzInit ( const char *  cfg)

Definition at line 164 of file XrdSecgsiAuthzFunDN.cc.

165 {
166  // Initialize the relevant parameters from the 'cfg' string.
167  // Return -1 on failure.
168  // Otherwise, the return code indicates the format required by the mai function for
169  // the proxy chain:
170  // 0 proxy chain in 'raw' (opaque) format, to be processed
171  // using the XrdCrypto tools
172  // 1 proxy chain in 'PEM base64'
173  EPNAME("AuthzInitDN");
174 
175  gCertfmt = 1;
176 
177  // Parse the config string
178  XrdOucString cs(cfg), tkn;
179  int from = 0;
180  while ((from = cs.tokenize(tkn, from, ' ')) != -1) {
181  if (tkn == "certfmt=raw") {
182  gCertfmt = 0;
183  }
184  }
185  // Notify
186  PRINT("initialized! (certfmt:"<<gCertfmt<<")");
187 
188  // Done
189  return gCertfmt;
190 }}
#define PRINT(y)
static int gCertfmt

References EPNAME, gCertfmt, and PRINT.

◆ XrdSecgsiAuthzKey()

int XrdSecgsiAuthzKey ( XrdSecEntity entity,
char **  key 
)

Definition at line 99 of file XrdSecgsiAuthzFunDN.cc.

100 {
101  // Implementation of XrdSecgsiAuthzKey extracting the information from the
102  // proxy chain in entity.creds
103  EPNAME("AuthzKeyDN");
104 
105  // Must have got something
106  if (!key) {
107  PRINT("ERROR: 'key' must be defined");
108  return -1;
109  }
110 
111  // We will key on the end proxy DN
112  XrdCryptoX509Chain *chain = 0;
113  if (!entity.creds) {
114  PRINT("ERROR: 'entity.creds' must be defined");
115  return -1;
116  }
117  if (gCertfmt == 0) {
118  chain = (XrdCryptoX509Chain *) entity.creds;
119  } else {
120  XrdOucString s((const char *) entity.creds);
121  XrdSutBucket *b = new XrdSutBucket(s);
122  chain = new XrdCryptoX509Chain();
123  if (XrdCryptosslX509ParseBucket(b, chain) <= 0) {
124  PRINT("ERROR: no certificates in chain");
125  delete b;
126  delete chain; chain = 0;
127  return -1;
128  }
129  if (chain->Reorder() < 0) {
130  PRINT("ERROR: problems re-ordering proxy chain");
131  delete b;
132  delete chain; chain = 0;
133  return -1;
134  }
135  }
136  // Point to the last certificate
137  XrdCryptoX509 *proxy = chain->End();
138  if (!proxy) {
139  PRINT("ERROR: chain is empty!");
140  return -1;
141  }
142  // Get the DN
143  const char *dn = proxy->Subject();
144  int ldn = 0;
145  if (!dn || (ldn = strlen(dn)) <= 0) {
146  PRINT("ERROR: proxy dn undefined!");
147  return -1;
148  }
149 
150  // Set the key
151  *key = new char[ldn+1];
152  strcpy(*key, dn);
153 
154  // Done
155  DEBUG("key is: '"<<*key<<"'");
156  return 0;
157 }}
int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *chain)
XrdCryptoX509 * End() const
virtual const char * Subject()
char * creds
Raw entity credentials or cert.
Definition: XrdSecEntity.hh:77

References XrdSecEntity::creds, DEBUG, XrdCryptoX509Chain::End(), EPNAME, gCertfmt, PRINT, XrdCryptoX509Chain::Reorder(), XrdCryptoX509::Subject(), and XrdCryptosslX509ParseBucket().

+ Here is the call graph for this function:

◆ XrdVERSIONINFO() [1/3]

XrdVERSIONINFO ( XrdSecgsiAuthzFun  ,
secgsiauthz   
)

◆ XrdVERSIONINFO() [2/3]

XrdVERSIONINFO ( XrdSecgsiAuthzInit  ,
secgsiauthz   
)

◆ XrdVERSIONINFO() [3/3]

XrdVERSIONINFO ( XrdSecgsiAuthzKey  ,
secgsiauthz   
)

Variable Documentation

◆ gCertfmt

int gCertfmt = 1
static

Definition at line 66 of file XrdSecgsiAuthzFunDN.cc.

Referenced by XrdSecgsiAuthzInit(), and XrdSecgsiAuthzKey().

◆ gsiTrace

XrdOucTrace* gsiTrace
extern

Definition at line 119 of file XrdSecgsiProxy.cc.