XrdSecProtect.hh

Go to the documentation of this file.

#ifndef __XRDSECPROTECT_H__
#define __XRDSECPROTECT_H__
/******************************************************************************/
/*                                                                            */
/*                      X r d S e c P r o t e c t . h h                       */
/*                                                                            */
/* (c) 2016 by the Board of Trustees of the Leland Stanford, Jr., University  */
/*   Produced by Andrew Hanushevsky for Stanford University under contract    */
/*              DE-AC02-76-SFO0515 with the Department of Energy              */
/*                                                                            */
/* This file is part of the XRootD software suite.                            */
/*                                                                            */
/* XRootD is free software: you can redistribute it and/or modify it under    */
/* the terms of the GNU Lesser General Public License as published by the     */
/* Free Software Foundation, either version 3 of the License, or (at your     */
/* option) any later version.                                                 */
/*                                                                            */
/* XRootD is distributed in the hope that it will be useful, but WITHOUT      */
/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or      */
/* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public       */
/* License for more details.                                                  */
/*                                                                            */
/* You should have received a copy of the GNU Lesser General Public License   */
/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file  */
/* COPYING (GPL license).  If not, see <http://www.gnu.org/licenses/>.        */
/*                                                                            */
/* The copyright holder's institutional names and contributor's names may not */
/* be used to endorse or promote products derived from this software without  */
/* specific prior written permission of the institution or contributor.       */
/******************************************************************************/
 
#include "XProtocol/XProtocol.hh"
 
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
 
#define NEED2SECURE(protP) protP && ((*protP).*(protP->Need2Secure))
 
/******************************************************************************/
/*                         X r d S e c P r o t e c t                          */
/******************************************************************************/
  
struct iovec;
class  XrdSecProtectParms;
class  XrdSecProtocol;
 
class XrdSecProtect
{
public:
friend class XrdSecProtector;
 
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
 
virtual void         Delete() {delete this;}
 
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
 
        bool        (XrdSecProtect::*Need2Secure)(ClientRequest &thereq);
 
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
 
virtual int          Secure(SecurityRequest *&newreq,
                            ClientRequest    &thereq,
                            const char       *thedata
                           );
 
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
 
virtual const char  *Verify(SecurityRequest  &secreq,
                            ClientRequest    &thereq,
                            const char       *thedata
                           );
 
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
 
virtual ~XrdSecProtect() {}
 
protected:
 
         XrdSecProtect(XrdSecProtocol *aprot=0, bool edok=true)     // Client!
                      : Need2Secure(&XrdSecProtect::Screen),
                        authProt(aprot), secVec(0), lastSeqno(1),
                        edOK(edok), secVerData(false)
                        {}
 
         XrdSecProtect(XrdSecProtocol *aprot, XrdSecProtect &pRef, // Server!
                       bool edok=true)
                      : Need2Secure(&XrdSecProtect::Screen),
                        authProt(aprot), secVec(pRef.secVec),
                        lastSeqno(0), edOK(edok),
                        secVerData(pRef.secVerData) {}
 
void     SetProtection(const ServerResponseReqs_Protocol &inReqs);
 
private:
bool            GetSHA2(unsigned char *hBuff, struct iovec *iovP, int iovN);
bool            Screen(ClientRequest &thereq);
 
XrdSecProtocol              *authProt;
const char                  *secVec;
ServerResponseReqs_Protocol  myReqs;
union {kXR_unt64             lastSeqno;  // Used by Secure()
       kXR_unt64             nextSeqno;  // Used by Verify()
      };
bool                         edOK;
bool                         secVerData;
static const unsigned int    maxRIX = kXR_REQFENCE-kXR_auth;
char                         myVec[maxRIX];
};
#endif