XRootD
XrdSecsssID Class Reference

#include <XrdSecsssID.hh>

+ Collaboration diagram for XrdSecsssID:

Public Types

enum  authType {
  idDynamic = 0 ,
  idMapped = 3 ,
  idMappedM = 4 ,
  idStatic = 1 ,
  idStaticM = 2
}
 

Public Member Functions

 XrdSecsssID (authType aType=idStatic, const XrdSecEntity *Ident=0, XrdSecsssCon *Tracker=0, bool *isOK=0)
 
bool Register (const char *lgnid, const XrdSecEntity *Ident, bool doReplace=false, bool defer=false)
 

Friends

class XrdSecProtocolsss
 

Detailed Description

Definition at line 53 of file XrdSecsssID.hh.

Member Enumeration Documentation

◆ authType

Create a single instance of this class. Once created it cannot be deleted.

Parameters
aType- The type of authentication to perform (see authType enum).
Ident- Pointer to the default entity to use. If nil, a generic entity is created based on the process uid and gid.
Tracker-pointer to the connection tracker objec if connection tracking is desired. If nil, connections are not tracked.
isOK- if not nil sets the variable to true if successful and false, otherwise. Strongly recommended it be supplied.
Note
Mutual authnetication requires that the server send an encrypted message proving that it holds the key before an identity is sent. For idDynamic this is the default and the message must be the login which must correspond to the key used to register the entity. This works well when keys are no more than 8 characters and consist only of letters and digits. The idMapped types provide greater freedom by using whatever userid was specified on the URL performing the login as the lookup key (i.e. the returned loginid is not used).
Enumerator
idDynamic 

Mutual: Map loginid to registered identity Ident is default; if 0 nobody/nogroup

idMapped 

1Sided: Map loginid to registered identity Ident is default; if 0 nobody/nogroup

idMappedM 

Mutual: Map loginid to registered identity Ident is default; if 0 process uid/gid

idStatic 

1Sided: fixed identity sent to the server Ident as specified; if 0 process uid/gid Default if XrdSecsssID not instantiated!

idStaticM 

Mutual: fixed identity sent to the server Ident as specified; if 0 process uid/gid

Definition at line 79 of file XrdSecsssID.hh.

80  {idDynamic = 0,
82  idMapped = 3,
84  idMappedM = 4,
86  idStatic = 1,
89  idStaticM = 2
91  };

Constructor & Destructor Documentation

◆ XrdSecsssID()

XrdSecsssID::XrdSecsssID ( authType  aType = idStatic,
const XrdSecEntity Ident = 0,
XrdSecsssCon Tracker = 0,
bool *  isOK = 0 
)

Definition at line 77 of file XrdSecsssID.cc.

79  : defaultID(0),
80  myAuth(XrdSecsssID::idStatic), isStatic(true),
81  trackOK(false)
82 {
83 
84 // Check if we have initialized already. If so, indicate warning
85 //
86  sssMutex.Lock();
87  if (IDMapper)
88  {sssMutex.UnLock();
89  if (isOK) *isOK = false;
90  else std::cerr <<"SecsssID: Already instantiated; new instance"
91  " ineffective!\n" <<std::flush;
92  return;
93  }
94 
95 // Verify the authType
96 //
97  switch(aType)
98  {case idDynamic: isStatic = false;
99  case idStatic: break;
100  case idStaticM: break;
101  case idMapped: isStatic = false;
102  break;
103  case idMappedM: isStatic = false;
104  break;
105  default: idP = 0;
106  aType = idStatic;
107  isStatic = true;
108  break;
109  }
110  myAuth = aType;
111 
112 // Generate a default identity
113 //
114  if (idP) defaultID = new XrdSecsssEnt(idP);
115  else defaultID = genID(isStatic);
116 
117 // Establish a pointer to this object.
118 //
119  IDMapper = this;
120 
121 // Decide whether or not we will track connections
122 //
123  if (Tracker && (aType == idMapped || aType == idMappedM)) conTrack = Tracker;
124 
125 // All done with initialization
126 //
127  if (isOK) *isOK = true;
128  sssMutex.UnLock();
129 }
XrdSysMutex sssMutex
Definition: XrdSecsssID.cc:62
XrdSecsssCon * conTrack
Definition: XrdSecsssID.cc:64
XrdSecsssID * IDMapper
Definition: XrdSecsssID.cc:63

References XrdSecsssMap::conTrack, idDynamic, idMapped, idMappedM, XrdSecsssMap::IDMapper, idStatic, idStaticM, XrdSysMutex::Lock(), XrdSecsssMap::sssMutex, and XrdSysMutex::UnLock().

+ Here is the call graph for this function:

Member Function Documentation

◆ Register()

bool XrdSecsssID::Register ( const char *  lgnid,
const XrdSecEntity Ident,
bool  doReplace = false,
bool  defer = false 
)

Create or delete a mapping from a loginid to an entity description.

Parameters
lgnid- Pointer to the login ID.
Ident- Pointer to the entity object to be registstered. If the pointer is NIL, then the mapping is deleted.
doReplace- When true, any existing mapping is replaced.
defer- When true, the entity object is recorded but serialization is deferred until the object is needed. The entity object must remain valid until the mapping is deleted. The entity may not be modified during this period.
Returns
true - Mapping registered.
false - Mapping not registered because this object was not created as idDynamic idMapped, or idMappedM; or the mapping exists and doRep is false.

Definition at line 224 of file XrdSecsssID.cc.

226 {
227  EntityMap::iterator it;
228  XrdSecsssEnt *idP;
229 
230 // If this is an invalid call, return failure
231 //
232  if (isStatic) return false;
233 
234 // Check if we are simply deleting an entry
235 //
236  if (!eP)
237  {sssMutex.Lock();
238  it = Registry.find(std::string(lid));
239  if (it == Registry.end()) sssMutex.UnLock();
240  else {idP = it->second;
241  Registry.erase(it);
242  sssMutex.UnLock();
243  idP->Delete();
244  }
245  return true;
246  }
247 
248 // Generate an ID entry and add it to registry (we are optimistic here)
249 // Note: We wish we could use emplace() but that isn't suported until gcc 4.8.0
250 //
251  std::pair<EntityMap::iterator, bool> ret;
252  std::pair<std::string, XrdSecsssEnt*> psp;
253  idP = new XrdSecsssEnt(eP, defer);
254  psp = {std::string(lid), idP};
255  sssMutex.Lock();
256  ret = Registry.insert(psp);
257  if (ret.second)
258  {sssMutex.UnLock();
259  return true;
260  }
261 
262 // We were not successful, replace the element if we are allowed to do so.
263 //
264  if (doRep)
265  {XrdSecsssEnt *oldP = ret.first->second;
266  ret.first->second = idP;
267  sssMutex.UnLock();
268  oldP->Delete();
269  return true;
270  }
271 
272 // Sigh, the element exists but we cannot replace it.
273 //
274  sssMutex.UnLock();
275  idP->Delete();
276  return false;
277 }
void Delete()
Delete this entity object.
Definition: XrdSecsssEnt.cc:97
EntityMap Registry
Definition: XrdSecsssID.cc:68

References XrdSecsssEnt::Delete(), XrdSysMutex::Lock(), XrdSecsssMap::Registry, XrdSecsssMap::sssMutex, and XrdSysMutex::UnLock().

Referenced by XrdPssSys::Connect(), XrdPssSys::Disc(), and XrdFfsMisc_xrd_secsss_register().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Friends And Related Function Documentation

◆ XrdSecProtocolsss

friend class XrdSecProtocolsss
friend

Definition at line 56 of file XrdSecsssID.hh.


The documentation for this class was generated from the following files: