XRootD
XrdSecTLayer Class Referenceabstract

#include <XrdSecTLayer.hh>

+ Inheritance diagram for XrdSecTLayer:
+ Collaboration diagram for XrdSecTLayer:

Public Types

enum  Initiator {
  isClient = 0 ,
  isServer
}
 

Public Member Functions

 XrdSecTLayer (const char *pName, Initiator who1st=isClient)
 
virtual int Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)
 
virtual void Delete ()=0
 Delete the protocol object. DO NOT use C++ delete() on this object. More...
 
virtual XrdSecCredentialsgetCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)
 
virtual void secClient (int theFD, XrdOucErrInfo *einfo)=0
 
virtual void secServer (int theFD, XrdOucErrInfo *einfo)=0
 
void secXeq ()
 
- Public Member Functions inherited from XrdSecProtocol
 XrdSecProtocol (const char *pName)
 Constructor. More...
 
virtual int Decrypt (const char *inbuff, int inlen, XrdSecBuffer **outbuff)
 
virtual int Encrypt (const char *inbuff, int inlen, XrdSecBuffer **outbuff)
 
virtual int getKey (char *buff=0, int size=0)
 
virtual bool needTLS ()
 Check if this protocol requires TLS to properly function. More...
 
virtual int setKey (char *buff, int size)
 
virtual int Sign (const char *inbuff, int inlen, XrdSecBuffer **outbuff)
 
virtual int Verify (const char *inbuff, int inlen, const char *sigbuff, int siglen)
 

Protected Member Functions

virtual ~XrdSecTLayer ()
 
- Protected Member Functions inherited from XrdSecProtocol
virtual ~XrdSecProtocol ()
 Destructor (prevents use of direct delete). More...
 

Protected Attributes

pthread_t secTid
 

Additional Inherited Members

- Public Attributes inherited from XrdSecProtocol
XrdSecEntity Entity
 

Detailed Description

Definition at line 64 of file XrdSecTLayer.hh.

Member Enumeration Documentation

◆ Initiator

Enumerator
isClient 
isServer 

Definition at line 74 of file XrdSecTLayer.hh.

Constructor & Destructor Documentation

◆ XrdSecTLayer()

XrdSecTLayer::XrdSecTLayer ( const char *  pName,
Initiator  who1st = isClient 
)

Definition at line 58 of file XrdSecTLayer.cc.

59  : XrdSecProtocol(pName),
60  secTid(0), mySem(0), Starter(who1st), myFD(-1), urFD(-1),
61  Tmax(275), Tcur(0), eCode(0), eText(0)
62 {
63 
64 // Do the standard stuff
65 //
66  memset((void *)&Hdr, 0, sizeof(Hdr));
67  strncpy(Hdr.protName,pName,sizeof(Hdr.protName)-1);
68 }
XrdSecProtocol(const char *pName)
Constructor.
pthread_t secTid

◆ ~XrdSecTLayer()

virtual XrdSecTLayer::~XrdSecTLayer ( )
inlineprotectedvirtual

Definition at line 122 of file XrdSecTLayer.hh.

122  {if (eText) {free(eText);eText=0;}
123  if (myFD>0) {close(myFD);myFD=-1;}
124  }
#define close(a)
Definition: XrdPosix.hh:43

References close.

Member Function Documentation

◆ Authenticate()

int XrdSecTLayer::Authenticate ( XrdSecCredentials cred,
XrdSecParameters **  parms,
XrdOucErrInfo einfo = 0 
)
virtual

Authenticate a client.

Parameters
credCredentials supplied by the client.
parmsPlace where the address of additional authentication data is to be placed for another autrhentication handshake.
einfoThe error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr.
Returns
> 0 -> parms present (more authentication needed) = 0 -> Entity present (authentication suceeded) < 0 -> einfo present (error has occurred)

Implements XrdSecProtocol.

Definition at line 145 of file XrdSecTLayer.cc.

148 {
149  char Buff[dataSz];
150  int Blen = 0, wrLen;
151  char *bP, Req;
152 
153 // If this is the first time call, perform boot-up sequence and start the flow
154 //
155  eDest = einfo;
156  if (myFD < 0 && !bootUp(isServer)) return -1;
157 
158 // Get the request code
159 //
160  if (cred->size < hdrSz) {secError("Invalid credentials",EBADMSG); return -1;}
161  Req = ((TLayerRR *)cred->buffer)->protCode;
162  wrLen= cred->size - hdrSz;
163 
164 // Perform required action
165 // xfrData -> xfrData | endData if socket gets closed
166 // endData -> noresponse
167 //
168  switch(Req)
169  {case TLayerRR::xfrData:
170  if (wrLen > 0 && write(myFD, cred->buffer+hdrSz, wrLen) < 0)
171  {secError("Socket write failed", errno); return -1;}
172  Blen = Read(myFD, Buff, dataSz);
173  if (Blen < 0 && (Blen != -EPIPE) && (Blen != -ECONNRESET))
174  {secError("Socket read failed", -Blen); return 0;}
175  break;
176  case TLayerRR::endData: return (secDone() ? 0 : -1);
177  default: secError("Unknown parms request", EINVAL); return -1;
178  }
179 
180 // Set correct protocol code based on value in Blen and wrLen. Note that if
181 // both are zero then we decrease the pace count and bail if it reaches zero.
182 // Otherwise, we reset the pace count to it initial value. On the server side,
183 // we defer the socket drain until we receive a endData notification.
184 //
185  if (Blen < 0) {Blen = 0; Hdr.protCode = TLayerRR::endData;}
186  else if (Blen || wrLen) {Tcur = 0; Hdr.protCode = TLayerRR::xfrData;}
187  else if (++Tcur <= Tmax) Hdr.protCode = TLayerRR::xfrData;
188  else {Tcur = 0; Hdr.protCode = TLayerRR::endData;}
189 
190 // Return the credentials
191 //
192  bP = (char *)malloc(hdrSz+Blen);
193  memcpy(bP, (char *)&Hdr, hdrSz);
194  if (Blen) memcpy(bP+hdrSz, Buff, Blen);
195  *parms = new XrdSecParameters(bP, hdrSz+Blen);
196 
197  return 1;
198 }
ssize_t write(int fildes, const void *buf, size_t nbyte)
XrdSecBuffer XrdSecParameters
char * buffer
Pointer to the buffer.
int size
Size of the buffer or length of data in the buffer.

References XrdSecBuffer::buffer, isServer, XrdSecBuffer::size, and write().

+ Here is the call graph for this function:

◆ Delete()

virtual void XrdSecTLayer::Delete ( )
pure virtual

Delete the protocol object. DO NOT use C++ delete() on this object.

Implements XrdSecProtocol.

◆ getCredentials()

XrdSecCredentials * XrdSecTLayer::getCredentials ( XrdSecParameters parm = 0,
XrdOucErrInfo einfo = 0 
)
virtual

Generate client credentials to be used in the authentication process.

Parameters
parmPointer to the information returned by the server either in the initial login response or the authmore response.
einfoThe error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr.
Returns
Success: Pointer to credentials to sent to the server. The caller is responsible for deleting the object. Failure: Null pointer with einfo, if supplied, containing the reason for the failure.

Implements XrdSecProtocol.

Definition at line 77 of file XrdSecTLayer.cc.

79 {
80  char Buff[dataSz];
81  int Blen = 0, wrLen = 0;
82  char *bP, Req = TLayerRR::xfrData;
83 
84 // If this is the first time call, perform boot-up sequence and start the flow
85 //
86  eDest = einfo;
87  if (!parm)
88  {if (!bootUp(isClient)) return 0;
89  if (Starter == isServer)
90  {Hdr.protCode = TLayerRR::xfrData;
91  bP = (char *)malloc(hdrSz);
92  memcpy(bP, (char *)&Hdr, hdrSz);
93  return new XrdSecCredentials(bP, hdrSz);
94  }
95  } else {
96  if (parm->size < hdrSz)
97  {secError("Invalid parms length", EPROTO);
98  return 0;
99  }
100  Req = ((TLayerRR *)parm->buffer)->protCode;
101  wrLen= parm->size - hdrSz;
102  }
103 
104 // Perform required action
105 // xfrData -> xfrData | endData if socket gets closed
106 // endData -> endData if socket still open else protocol error
107 //
108  switch(Req)
109  {case TLayerRR::xfrData:
110  if (wrLen > 0 && write(myFD, parm->buffer+hdrSz, wrLen) < 0)
111  {secError("Socket write failed", errno); return 0;}
112  Blen = Read(myFD, Buff, dataSz);
113  if (Blen < 0 && (Blen != -EPIPE) && (Blen != -ECONNRESET))
114  {secError("Socket read failed", -Blen); return 0;}
115  break;
116  case TLayerRR::endData:
117  if (myFD < 0) {secError("Protocol violation", EPROTO); return 0;}
118  Blen = -1;
119  break;
120  default: secError("Unknown parms request", EINVAL); return 0;
121  }
122 
123 // Set correct protocol code based on value in Blen. On the client side we
124 // check for proper completion upon socket close or when we get endData.
125 // Note that we apply self-pacing here as well since either side can pace,
126 //
127  if (Blen < 0) {if (!secDone()) return 0;
128  Blen = 0; Hdr.protCode = TLayerRR::endData;}
129  else if (Blen || wrLen) {Tcur = 0; Hdr.protCode = TLayerRR::xfrData;}
130  else if (++Tcur <= Tmax) Hdr.protCode = TLayerRR::xfrData;
131  else {Tcur = 0; Hdr.protCode = TLayerRR::endData;}
132 
133 // Return the credentials
134 //
135  bP = (char *)malloc(hdrSz+Blen);
136  memcpy(bP, (char *)&Hdr, hdrSz);
137  if (Blen) memcpy(bP+hdrSz, Buff, Blen);
138  return new XrdSecCredentials(bP, hdrSz+Blen);
139 }
XrdSecBuffer XrdSecCredentials

References XrdSecBuffer::buffer, isClient, isServer, XrdSecBuffer::size, and write().

+ Here is the call graph for this function:

◆ secClient()

virtual void XrdSecTLayer::secClient ( int  theFD,
XrdOucErrInfo einfo 
)
pure virtual

Referenced by secXeq().

+ Here is the caller graph for this function:

◆ secServer()

virtual void XrdSecTLayer::secServer ( int  theFD,
XrdOucErrInfo einfo 
)
pure virtual

Referenced by secXeq().

+ Here is the caller graph for this function:

◆ secXeq()

void XrdSecTLayer::secXeq ( )

Definition at line 341 of file XrdSecTLayer.cc.

342 {
343  XrdOucErrInfo einfo;
344  const char *Msg;
345 
346 // Initiate the protocol
347 //
348  if (Responder == XrdSecTLayer::isClient) secClient(urFD, &einfo);
349  else secServer(urFD, &einfo);
350 // Extract out the completion code
351 //
352  Msg = einfo.getErrText(eCode);
353  if (eText) {free(eText); eText = 0;}
354  if (eCode) eText = strdup(Msg ? Msg : "Authentication failed");
355 
356 // Indicate we are done
357 //
358  if (urFD>0) close(urFD);
359  urFD = -1;
360  mySem.Post();
361 }
const char * getErrText()
virtual void secClient(int theFD, XrdOucErrInfo *einfo)=0
virtual void secServer(int theFD, XrdOucErrInfo *einfo)=0

References close, XrdOucErrInfo::getErrText(), isClient, XrdSysSemaphore::Post(), secClient(), and secServer().

Referenced by XrdSecTLayerBootUp().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Member Data Documentation

◆ secTid

pthread_t XrdSecTLayer::secTid
protected

Definition at line 120 of file XrdSecTLayer.hh.


The documentation for this class was generated from the following files: