current/html/XrdSecProtocolgsi_8hh_source.html

/******************************************************************************/

/*                                                                            */

/*                 X r d S e c P r o t o c o l g s i . h h                    */

/*                                                                            */

/* (c) 2005 G. Ganis / CERN                                                   */

/*                                                                            */

/* This file is part of the XRootD software suite.                            */

/*                                                                            */

/* XRootD is free software: you can redistribute it and/or modify it under    */

/* the terms of the GNU Lesser General Public License as published by the     */

/* Free Software Foundation, either version 3 of the License, or (at your     */

/* option) any later version.                                                 */

/*                                                                            */

/* XRootD is distributed in the hope that it will be useful, but WITHOUT      */

/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or      */

/* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public       */

/* License for more details.                                                  */

/*                                                                            */

/* You should have received a copy of the GNU Lesser General Public License   */

/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file  */

/* COPYING (GPL license).  If not, see <http://www.gnu.org/licenses/>.        */

/*                                                                            */

/* The copyright holder's institutional names and contributor's names may not */

/* be used to endorse or promote products derived from this software without  */

/* specific prior written permission of the institution or contributor.       */

/*                                                                            */

/******************************************************************************/

#include <ctime>

#include <memory>


#include "XrdNet/XrdNetAddrInfo.hh"


#include "XrdOuc/XrdOucErrInfo.hh"

#include "XrdOuc/XrdOucGMap.hh"

#include "XrdOuc/XrdOucHash.hh"

#include "XrdOuc/XrdOucString.hh"

#include "XrdOuc/XrdOucTokenizer.hh"


#include "XrdSys/XrdSysPthread.hh"


#include "XrdSec/XrdSecInterface.hh"

#include "XrdSecgsi/XrdSecgsiTrace.hh"


#include "XrdSut/XrdSutCache.hh"


#include "XrdSut/XrdSutPFEntry.hh"

#include "XrdSut/XrdSutPFile.hh"

#include "XrdSut/XrdSutBuffer.hh"

#include "XrdSut/XrdSutRndm.hh"


#include "XrdCrypto/XrdCryptoAux.hh"

#include "XrdCrypto/XrdCryptoCipher.hh"

#include "XrdCrypto/XrdCryptoFactory.hh"

#include "XrdCrypto/XrdCryptoX509Crl.hh"


#include "XrdCrypto/XrdCryptogsiX509Chain.hh"


/******************************************************************************/

/*                               D e f i n e s                                */

/******************************************************************************/


typedef XrdOucString String;

typedef XrdCryptogsiX509Chain X509Chain;


#define XrdSecPROTOIDENT    "gsi"

#define XrdSecPROTOIDLEN    sizeof(XrdSecPROTOIDENT)

#define XrdSecgsiVERSION    10600

#define XrdSecNOIPCHK       0x0001

#define XrdSecDEBUG         0x1000

#define XrdCryptoMax        10


#define kMAXBUFLEN          1024


#define XrdSecgsiVersDHsigned  10400  // Version at which started signing

                                      // of server DH parameters

#define XrdSecgsiVersCertKey   10600  // Version at which started supporting

                                      // authentication with cert/key only


//

// Message codes either returned by server or included in buffers


enum kgsiStatus {

   kgST_error    = -1,      // error occurred

   kgST_ok       =  0,      // ok

   kgST_more     =  1       // need more info

};


// Client steps


enum kgsiClientSteps {

   kXGC_none = 0,

   kXGC_certreq     = 1000, // 1000: request server certificate

   kXGC_cert,               // 1001: packet with (proxy) certificate

   kXGC_sigpxy,             // 1002: packet with signed proxy certificate

   kXGC_reserved            //

};


// Server steps


enum kgsiServerSteps {

   kXGS_none = 0,

   kXGS_init       = 2000,   // 2000: fake code used the first time

   kXGS_cert,                // 2001: packet with certificate

   kXGS_pxyreq,              // 2002: packet with proxy req to be signed

   kXGS_reserved             //

};


// Handshake options


enum kgsiHandshakeOpts {

   kOptsDlgPxy     = 1,      // 0x0001: Ask for a delegated proxy

   kOptsFwdPxy     = 2,      // 0x0002: Forward local proxy

   kOptsSigReq     = 4,      // 0x0004: Accept to sign delegated proxy

   kOptsSrvReq     = 8,      // 0x0008: Server request for delegated proxy

   kOptsPxFile     = 16,     // 0x0010: Save delegated proxies in file

   kOptsDelChn     = 32,     // 0x0020: Delete chain

   kOptsPxCred     = 64,     // 0x0040: Save delegated proxies as credentials

   kOptsCreatePxy  = 128,    // 0x0080: Request a client proxy

   kOptsDelPxy     = 256     // 0x0100: Delete the proxy PxyChain

};


// Error codes


enum kgsiErrors {

   kGSErrParseBuffer = 10000,       // 10000

   kGSErrDecodeBuffer,              // 10001

   kGSErrLoadCrypto,                // 10002

   kGSErrBadProtocol,               // 10003

   kGSErrCreateBucket,              // 10004

   kGSErrDuplicateBucket,           // 10005

   kGSErrCreateBuffer,              // 10006

   kGSErrSerialBuffer,              // 10007

   kGSErrGenCipher,                 // 10008

   kGSErrExportPuK,                 // 10009

   kGSErrEncRndmTag,                // 10010

   kGSErrBadRndmTag,                // 10011

   kGSErrNoRndmTag,                 // 10012

   kGSErrNoCipher,                  // 10013

   kGSErrNoCreds,                   // 10014

   kGSErrBadOpt,                    // 10015

   kGSErrMarshal,                   // 10016

   kGSErrUnmarshal,                 // 10017

   kGSErrSaveCreds,                 // 10018

   kGSErrNoBuffer,                  // 10019

   kGSErrRefCipher,                 // 10020

   kGSErrNoPublic,                  // 10021

   kGSErrAddBucket,                 // 10022

   kGSErrFinCipher,                 // 10023

   kGSErrInit,                      // 10024

   kGSErrBadCreds,                  // 10025

   kGSErrError                      // 10026

};


#define REL1(x)     { if (x) delete x; }

#define REL2(x,y)   { if (x) delete x; if (y) delete y; }

#define REL3(x,y,z) { if (x) delete x; if (y) delete y; if (z) delete z; }


#define SafeDelete(x) { if (x) {delete x ; x = 0;} }

#define SafeDelArray(x) { if (x) {delete [] x ; x = 0;} }

#define SafeFree(x) { if (x) {free(x) ; x = 0;} }


// External functions for generic mapping

typedef char *(*XrdSecgsiGMAP_t)(const char *, int);

typedef int (*XrdSecgsiAuthz_t)(XrdSecEntity &);

typedef int (*XrdSecgsiAuthzInit_t)(const char *);

typedef int (*XrdSecgsiAuthzKey_t)(XrdSecEntity &, char **);

// VOMS extraction

typedef XrdSecgsiAuthz_t XrdSecgsiVOMS_t;

typedef XrdSecgsiAuthzInit_t XrdSecgsiVOMSInit_t;

//

// This a small class to set the relevant options in one go

//

class XrdOucGMap;

class XrdOucTrace;


class gsiOptions {

public:

   short  debug;  // [cs] debug flag

   char   mode;   // [cs] 'c' or 's'

   char  *clist;  // [s] list of crypto modules ["ssl" ]

   char  *certdir;// [cs] dir with CA info [/etc/grid-security/certificates]

   char  *crldir; // [cs] dir with CRL info [/etc/grid-security/certificates]

   char  *crlext; // [cs] extension of CRL files [.r0]

   char  *cert;   // [s] server certificate [/etc/grid-security/root/rootcert.pem]

                  // [c] user certificate [$HOME/.globus/usercert.pem]

   char  *key;    // [s] server private key [/etc/grid-security/root/rootkey.pem]

                  // [c] user private key [$HOME/.globus/userkey.pem]

   char  *cipher; // [s] list of ciphers [aes-128-cbc:bf-cbc:des-ede3-cbc]

   char  *md;     // [s] list of MDs [sha256:md5]

   int    crl;    // [cs] check level of CRL's [1]

   int    ca;     // [cs] verification level of CA's [1]

   int    crlrefresh; // [cs] CRL refresh or expiration period in secs [1 day]

   char  *proxy;  // [c] user proxy  [/tmp/x509up_u<uid>]

   char  *valid;  // [c] proxy validity  [12:00]

   int    deplen; // [c] depth of signature path for proxies [0]

   int    bits;   // [c] bits in PKI for proxies [512]

   char  *gridmap;// [s] gridmap file [/etc/grid-security/gridmap]

   int    gmapto; // [s] validity in secs of grid-map cache entries [600 s]

   char  *gmapfun;// [s] file with the function to map DN to usernames [0]

   char  *gmapfunparms;// [s] parameters for the function to map DN to usernames [0]

   char  *authzfun;// [s] file with the function to fill entities [0]

   char  *authzfunparms;// [s] parameters for the function to fill entities [0]

   int    authzcall; // [s] when to call authz function [1 -> always]

   int    authzto; // [s] validity in secs of authz cache entries [-1 => unlimited]

   int    ogmap;  // [s] gridmap file checking option

   int    dlgpxy; // [c] explicitely ask the creation of a delegated proxy; default 0

                  // [s] ask client for proxies; default: do not accept delegated proxies

   int    sigpxy; // [c] accept delegated proxy requests

   int    createpxy; // [c] force client proxy authentications

   char  *srvnames;// [c] '|' separated list of allowed server names

   char  *exppxy; // [s] template for the exported file with proxies

   int    authzpxy; // [s] if 1 make proxy available in exported form in the 'endorsement'

                    //     field of the XrdSecEntity object for use in XrdAcc

   int    vomsat; // [s] 0 do not look for; 1 extract if any

   char  *vomsfun;// [s] file with the function to fill VOMS [0]

   char  *vomsfunparms;// [s] parameters for the function to fill VOMS [0]

   int    moninfo; // [s] 0 do not look for; 1 use DN as default

   int    hashcomp; // [cs] 1 send hash names with both algorithms; 0 send only the default [1]


   bool   trustdns; // [cs] 'true' if DNS is trusted [true]

   bool   showDN;   // [cs] 'true' display the dn


   gsiOptions() { debug = -1; mode = 's'; clist = 0;

                  certdir = 0; crldir = 0; crlext = 0; cert = 0; key = 0;

                  cipher = 0; md = 0; ca = 1 ; crl = 1; crlrefresh = 86400;

                  proxy = 0; valid = 0; deplen = 0; bits = 512;

                  gridmap = 0; gmapto = 600;

                  gmapfun = 0; gmapfunparms = 0; authzfun = 0; authzfunparms = 0;

                  authzto = -1; authzcall = 1;

                  ogmap = 1; dlgpxy = 0; sigpxy = 1; srvnames = 0;

                  exppxy = 0; authzpxy = 0;

                  vomsat = 1; vomsfun = 0; vomsfunparms = 0; moninfo = 0;

                  hashcomp = 1; trustdns = true; showDN = false; createpxy = 1;}


   virtual ~gsiOptions() { } // Cleanup inside XrdSecProtocolgsiInit

   void Print(XrdOucTrace *t); // Print summary of gsi option status

};


class XrdSecProtocolgsi;

class gsiHSVars;


// From a proxy query


typedef struct {

   X509Chain        *chain;

   XrdCryptoRSA     *ksig;

   XrdSutBucket     *cbck;

} ProxyOut_t;


// To query proxies


typedef struct {

   const char *cert;

   const char *key;

   const char *certdir;

   const char *out;

   const char *valid;

   int         deplen;

   int         bits;

   bool        createpxy;

} ProxyIn_t;


template<class T>


class GSIStack {

public:


   void Add(T *t) {

      char k[40]; snprintf(k, 40, "%p", t);

      mtx.Lock();

      if (!stack.Find(k)) stack.Add(k, t, 0, Hash_count); // We need an additional count

      stack.Add(k, t, 0, Hash_count);

      mtx.UnLock();

   }


   void Del(T *t) {

      char k[40]; snprintf(k, 40, "%p", t);

      mtx.Lock();

      if (stack.Find(k)) stack.Del(k, Hash_count);

      mtx.UnLock();

   }


private:

   XrdSysMutex                  mtx;

   XrdOucHash<T> stack;

};


/******************************************************************************/

/*              X r d S e c P r o t o c o l g s i   C l a s s                 */

/******************************************************************************/


class XrdSecProtocolgsi : public XrdSecProtocol

{

friend class gsiOptions;

friend class gsiHSVars;

public:

        int                Authenticate  (XrdSecCredentials *cred,

                                          XrdSecParameters **parms,

                                          XrdOucErrInfo     *einfo=0);


        XrdSecCredentials *getCredentials(XrdSecParameters  *parm=0,

                                          XrdOucErrInfo     *einfo=0);


        XrdSecProtocolgsi(int opts, const char *hname, XrdNetAddrInfo &endPoint,

                                    const char *parms = 0);

        virtual ~XrdSecProtocolgsi() {} // Delete() does it all


        // Initialization methods

        static char      *Init(gsiOptions o, XrdOucErrInfo *erp);


        void              Delete();


        // Encrypt / Decrypt methods

        int               Encrypt(const char *inbuf, int inlen,

                                  XrdSecBuffer **outbuf);

        int               Decrypt(const char *inbuf, int inlen,

                                  XrdSecBuffer **outbuf);

        // Sign / Verify methods

        int               Sign(const char *inbuf, int inlen,

                               XrdSecBuffer **outbuf);

        int               Verify(const char *inbuf, int inlen,

                                 const char *sigbuf, int siglen);


        // Export session key

        int               getKey(char *kbuf=0, int klen=0);

        // Import a key

        int               setKey(char *kbuf, int klen);


        // Enable tracing

        static XrdOucTrace *EnableTracing();


private:

          XrdNetAddrInfo   epAddr;


   // Static members initialized at startup

   static XrdSysMutex      gsiContext;

   static String           CAdir;

   static String           CRLdir;

   static String           DefCRLext;

   static String           SrvCert;

   static String           SrvKey;

   static String           UsrProxy;

   static String           UsrCert;

   static String           UsrKey;

   static String           PxyValid;

   static int              DepLength;

   static int              DefBits;

   static int              CACheck;

   static int              CRLCheck;

   static int              CRLDownload;

   static int              CRLRefresh;

   static String           DefCrypto;

   static String           DefCipher;

   static String           DefMD;

   static String           DefError;

   static String           GMAPFile;

   static int              GMAPOpt;

   static bool             GMAPuseDNname;

   static int              GMAPCacheTimeOut;

   static XrdSecgsiGMAP_t  GMAPFun;

   static XrdSecgsiAuthz_t AuthzFun;

   static XrdSecgsiAuthzKey_t AuthzKey;

   static int              AuthzCertFmt;

   static int              AuthzCacheTimeOut;

   static int              PxyReqOpts;

   static int              AuthzPxyWhat;

   static int              AuthzPxyWhere;

   static int              AuthzAlways;

   static String           SrvAllowedNames;

   static int              VOMSAttrOpt;

   static XrdSecgsiVOMS_t  VOMSFun;

   static int              VOMSCertFmt;

   static int              MonInfoOpt;

   static bool             HashCompatibility;

   static bool             TrustDNS;

   static bool             ShowDN;

   //

   // Crypto related info

   static int              ncrypt;                  // Number of factories

   static XrdCryptoFactory *cryptF[XrdCryptoMax];   // their hooks

   static int              cryptID[XrdCryptoMax];   // their IDs

   static String           cryptName[XrdCryptoMax]; // their names

   static XrdCryptoCipher *refcip[XrdCryptoMax];    // ref for session ciphers

   //

   // Caches

   static XrdSutCache   cacheCA;   // Info about trusted CA's

   static XrdSutCache   cacheCert; // Server certificates info cache

   static XrdSutCache   cachePxy;  // Client proxies cache;

   static XrdSutCache   cacheGMAPFun; // Cache for entries mapped by GMAPFun

   static XrdSutCache   cacheAuthzFun; // Cache for entities filled by AuthzFun

   //

   // Services

   static XrdOucGMap      *servGMap;  // Grid mapping service

   //

   // CA and CRL stacks

   static GSIStack<XrdCryptoX509Chain>    stackCA; // Stack of CA in use

   static std::unique_ptr<GSIStack<XrdCryptoX509Crl>> stackCRL; // Stack of CRL in use

   //

   // GMAP control vars

   static time_t           lastGMAPCheck; // time of last check on GMAP

   static XrdSysMutex      mutexGMAP;     // mutex to control GMAP reloads

   //

   // Running options / settings

   static int              Debug;          // [CS] Debug level

   static bool             Server;         // [CS] If server mode

   static int              TimeSkew;       // [CS] Allowed skew in secs for time stamps

   //

   // for error logging and tracing

   static XrdSysLogger     Logger;

   static XrdSysError      eDest;

   static XrdOucTrace     *GSITrace;


   // Information local to this instance

   int              options;

   XrdCryptoFactory *sessionCF;    // Chosen crypto factory

   XrdCryptoCipher *sessionKey;    // Session Key (result of the handshake)

   XrdSutBucket    *bucketKey;     // Bucket with the key in export form

   XrdCryptoMsgDigest *sessionMD;  // Message Digest instance

   XrdCryptoRSA    *sessionKsig;   // RSA key to sign

   XrdCryptoRSA    *sessionKver;   // RSA key to verify

   X509Chain       *proxyChain;    // Chain with the delegated proxy on servers

   bool             srvMode;       // TRUE if server mode

   char            *expectedHost;  // Expected hostname if TrustDNS is enabled.

   bool             useIV;         // Use a non-zeroed unique IV in cipher enc/dec operations


   // Temporary Handshake local info

   gsiHSVars     *hs;


   // Parsing received buffers: client

   int            ParseClientInput(XrdSutBuffer *br, XrdSutBuffer **bm,

                                   String &emsg);

   int            ClientDoInit(XrdSutBuffer *br, XrdSutBuffer **bm,

                               String &cmsg);

   int            ClientDoCert(XrdSutBuffer *br,  XrdSutBuffer **bm,

                               String &cmsg);

   int            ClientDoPxyreq(XrdSutBuffer *br,  XrdSutBuffer **bm,

                                 String &cmsg);


   // Parsing received buffers: server

   int            ParseServerInput(XrdSutBuffer *br, XrdSutBuffer **bm,

                                   String &cmsg);

   int            ServerDoCertreq(XrdSutBuffer *br, XrdSutBuffer **bm,

                                  String &cmsg);

   int            ServerDoCert(XrdSutBuffer *br,  XrdSutBuffer **bm,

                               String &cmsg);

   int            ServerDoSigpxy(XrdSutBuffer *br,  XrdSutBuffer **bm,

                                 String &cmsg);


   // Auxilliary functions

   int            ParseCrypto(String cryptlist);

   int            ParseCAlist(String calist);


   // Load CA certificates

   static int     GetCA(const char *cahash,

                        XrdCryptoFactory *cryptof, gsiHSVars *hs = 0);

   static String  GetCApath(const char *cahash);

   static bool    VerifyCA(int opt, X509Chain *cca, XrdCryptoFactory *cf);

   static int     VerifyCRL(XrdCryptoX509Crl *crl, XrdCryptoX509 *xca, XrdOucString crldir,

                           XrdCryptoFactory *CF, int hashalg);

   bool           ServerCertNameOK(const char *subject, const char *hname, String &e);

   static XrdSutCacheEntry *GetSrvCertEnt(XrdSutCERef   &gcref,

                                       XrdCryptoFactory *cf,

                                       time_t timestamp, String &cal);


   // Load CRLs

   static XrdCryptoX509Crl *LoadCRL(XrdCryptoX509 *xca, const char *sjhash,

                                    XrdCryptoFactory *CF, int dwld, int &err);


   // Updating proxies

   static int     QueryProxy(bool checkcache, XrdSutCache *cache, const char *tag,

                             XrdCryptoFactory *cf, time_t timestamp,

                             ProxyIn_t *pi, ProxyOut_t *po);

   static int     InitProxy(ProxyIn_t *pi, XrdCryptoFactory *cf,

                            X509Chain *ch = 0, XrdCryptoRSA **key = 0);


   // Error functions

   static void    ErrF(XrdOucErrInfo *einfo, kXR_int32 ecode,

                       const char *msg1, const char *msg2 = 0,

                       const char *msg3 = 0);

   XrdSecCredentials *ErrC(XrdOucErrInfo *einfo, XrdSutBuffer *b1,

                           XrdSutBuffer *b2,XrdSutBuffer *b3,

                           kXR_int32 ecode, const char *msg1 = 0,

                           const char *msg2 = 0, const char *msg3 = 0);

   int            ErrS(String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1,

                       XrdSutBuffer *b2, XrdSutBuffer *b3,

                       kXR_int32 ecode, const char *msg1 = 0,

                       const char *msg2 = 0, const char *msg3 = 0);


   // Check Time stamp

   bool           CheckTimeStamp(XrdSutBuffer *b, int skew, String &emsg);


   // Check random challenge

   bool           CheckRtag(XrdSutBuffer *bm, String &emsg);


   // Auxilliary methods

   int            AddSerialized(char opt, kXR_int32 step, String ID,

                                XrdSutBuffer *bls, XrdSutBuffer *buf,

                                kXR_int32 type, XrdCryptoCipher *cip);

   // Grid map cache handling

   static XrdSecgsiGMAP_t            // Load alternative function for mapping

                  LoadGMAPFun(const char *plugin, const char *parms);

   static XrdSecgsiAuthz_t           // Load alternative function to fill XrdSecEntity

                  LoadAuthzFun(const char *plugin, const char *parms, int &fmt);

   static XrdSecgsiVOMS_t           // Load alternative function to extract VOMS

                  LoadVOMSFun(const char *plugin, const char *parms, int &fmt);

   static void    QueryGMAP(XrdCryptoX509Chain* chain, int now, String &name); //Lookup info for DN


   // Entity handling

   void CopyEntity(XrdSecEntity *in, XrdSecEntity *out, int *lout = 0);

   void FreeEntity(XrdSecEntity *in);

};


class gsiHSVars {

public:

   int               Iter;          // Iteration number

   time_t            TimeStamp;     // Time of last call

   String            CryptoMod;     // Crypto module in use

   int               RemVers;       // Version run by remote counterpart

   XrdCryptoCipher  *Rcip;          // Reference cipher

   bool              HasPad;        // Whether padding is supported

   XrdSutBucket     *Cbck;          // Bucket with the certificate in export form

   String            ID;            // Handshake ID (dummy for clients)

   XrdSutPFEntry    *Cref;          // Cache reference

   XrdSutPFEntry    *Pent;          // Pointer to relevant file entry

   X509Chain        *Chain;         // Chain to be eventually verified

   XrdCryptoX509Crl *Crl;           // Pointer to CRL, if required

   X509Chain        *PxyChain;      // Proxy Chain on clients

   bool              RtagOK;        // Rndm tag checked / not checked

   bool              Tty;           // Terminal attached / not attached

   int               LastStep;      // Step required at previous iteration

   int               Options;       // Handshake options;

   int               HashAlg;       // Hash algorithm of peer hash name;

   XrdSutBuffer     *Parms;         // Buffer with server parms on first iteration


   gsiHSVars() { Iter = 0; TimeStamp = -1; CryptoMod = "";

                 RemVers = -1; Rcip = 0; HasPad = 0;

                 Cbck = 0;

                 ID = ""; Cref = 0; Pent = 0; Chain = 0; Crl = 0; PxyChain = 0;

                 RtagOK = 0; Tty = 0; LastStep = 0; Options = 0; HashAlg = 0; Parms = 0;}


   ~gsiHSVars() { SafeDelete(Cref);

                  if (Options & kOptsDelChn) {

                     // Do not delete the CA certificate in the cached reference

                     if (Chain) Chain->Cleanup(1);

                     SafeDelete(Chain);

                  }

                  // Make sure XrdSecProtocolgsi::stackCRL exists, it could happen

                  // that it has been deallocated due to static deinitialization

                  // order fiasco

                  if (Crl && bool( XrdSecProtocolgsi::stackCRL ) ) {

                     // This decreases the counter and actually deletes the object only

                     // when no instance is using it

                     XrdSecProtocolgsi::stackCRL->Del(Crl);

                     Crl = 0;

                  }

                  if (Options & kOptsDelPxy) {

                     if (PxyChain) PxyChain->Cleanup();

                     SafeDelete(PxyChain);

                  } else {

                     // The proxy chain is owned by the proxy cache; invalid proxies

                     // are detected (and eventually removed) by QueryProxy

                     PxyChain = 0;

                  }

                  SafeDelete(Parms); }


   void Dump(XrdSecProtocolgsi *p = 0);

};


kXR_int32
int kXR_int32
Definition XPtypes.hh:89

XrdCryptoAux.hh

XrdCryptoCipher.hh

XrdCryptoFactory.hh

XrdCryptoX509Crl.hh

XrdCryptogsiX509Chain.hh

XrdNetAddrInfo.hh

XrdOucErrInfo.hh

XrdOucGMap.hh

XrdOucHash.hh

Hash_count
@ Hash_count
Definition XrdOucHash.hh:54

XrdOucString.hh

XrdOucTokenizer.hh

XrdSecInterface.hh

kgsiHandshakeOpts
kgsiHandshakeOpts
Definition XrdSecProtocolgsi.hh:107

kOptsDelChn
@ kOptsDelChn
Definition XrdSecProtocolgsi.hh:113

kOptsDelPxy
@ kOptsDelPxy
Definition XrdSecProtocolgsi.hh:116

kOptsSigReq
@ kOptsSigReq
Definition XrdSecProtocolgsi.hh:110

kOptsFwdPxy
@ kOptsFwdPxy
Definition XrdSecProtocolgsi.hh:109

kOptsPxCred
@ kOptsPxCred
Definition XrdSecProtocolgsi.hh:114

kOptsSrvReq
@ kOptsSrvReq
Definition XrdSecProtocolgsi.hh:111

kOptsDlgPxy
@ kOptsDlgPxy
Definition XrdSecProtocolgsi.hh:108

kOptsCreatePxy
@ kOptsCreatePxy
Definition XrdSecProtocolgsi.hh:115

kOptsPxFile
@ kOptsPxFile
Definition XrdSecProtocolgsi.hh:112

SafeDelete
#define SafeDelete(x)
Definition XrdSecProtocolgsi.hh:154

XrdSecgsiAuthz_t
int(* XrdSecgsiAuthz_t)(XrdSecEntity &)
Definition XrdSecProtocolgsi.hh:160

X509Chain
XrdCryptogsiX509Chain X509Chain
Definition XrdSecProtocolgsi.hh:63

kgsiServerSteps
kgsiServerSteps
Definition XrdSecProtocolgsi.hh:98

kXGS_cert
@ kXGS_cert
Definition XrdSecProtocolgsi.hh:101

kXGS_none
@ kXGS_none
Definition XrdSecProtocolgsi.hh:99

kXGS_pxyreq
@ kXGS_pxyreq
Definition XrdSecProtocolgsi.hh:102

kXGS_init
@ kXGS_init
Definition XrdSecProtocolgsi.hh:100

kXGS_reserved
@ kXGS_reserved
Definition XrdSecProtocolgsi.hh:103

XrdSecgsiVOMS_t
XrdSecgsiAuthz_t XrdSecgsiVOMS_t
Definition XrdSecProtocolgsi.hh:164

XrdSecgsiAuthzKey_t
int(* XrdSecgsiAuthzKey_t)(XrdSecEntity &, char **)
Definition XrdSecProtocolgsi.hh:162

String
XrdOucString String
Definition XrdSecProtocolgsi.hh:62

kgsiStatus
kgsiStatus
Definition XrdSecProtocolgsi.hh:82

kgST_ok
@ kgST_ok
Definition XrdSecProtocolgsi.hh:84

kgST_error
@ kgST_error
Definition XrdSecProtocolgsi.hh:83

kgST_more
@ kgST_more
Definition XrdSecProtocolgsi.hh:85

XrdSecgsiAuthzInit_t
int(* XrdSecgsiAuthzInit_t)(const char *)
Definition XrdSecProtocolgsi.hh:161

XrdCryptoMax
#define XrdCryptoMax
Definition XrdSecProtocolgsi.hh:70

kgsiClientSteps
kgsiClientSteps
Definition XrdSecProtocolgsi.hh:89

kXGC_sigpxy
@ kXGC_sigpxy
Definition XrdSecProtocolgsi.hh:93

kXGC_cert
@ kXGC_cert
Definition XrdSecProtocolgsi.hh:92

kXGC_reserved
@ kXGC_reserved
Definition XrdSecProtocolgsi.hh:94

kXGC_none
@ kXGC_none
Definition XrdSecProtocolgsi.hh:90

kXGC_certreq
@ kXGC_certreq
Definition XrdSecProtocolgsi.hh:91

XrdSecgsiVOMSInit_t
XrdSecgsiAuthzInit_t XrdSecgsiVOMSInit_t
Definition XrdSecProtocolgsi.hh:165

kgsiErrors
kgsiErrors
Definition XrdSecProtocolgsi.hh:120

kGSErrExportPuK
@ kGSErrExportPuK
Definition XrdSecProtocolgsi.hh:130

kGSErrBadRndmTag
@ kGSErrBadRndmTag
Definition XrdSecProtocolgsi.hh:132

kGSErrCreateBuffer
@ kGSErrCreateBuffer
Definition XrdSecProtocolgsi.hh:127

kGSErrNoCipher
@ kGSErrNoCipher
Definition XrdSecProtocolgsi.hh:134

kGSErrInit
@ kGSErrInit
Definition XrdSecProtocolgsi.hh:145

kGSErrFinCipher
@ kGSErrFinCipher
Definition XrdSecProtocolgsi.hh:144

kGSErrParseBuffer
@ kGSErrParseBuffer
Definition XrdSecProtocolgsi.hh:121

kGSErrGenCipher
@ kGSErrGenCipher
Definition XrdSecProtocolgsi.hh:129

kGSErrBadCreds
@ kGSErrBadCreds
Definition XrdSecProtocolgsi.hh:146

kGSErrUnmarshal
@ kGSErrUnmarshal
Definition XrdSecProtocolgsi.hh:138

kGSErrRefCipher
@ kGSErrRefCipher
Definition XrdSecProtocolgsi.hh:141

kGSErrBadProtocol
@ kGSErrBadProtocol
Definition XrdSecProtocolgsi.hh:124

kGSErrMarshal
@ kGSErrMarshal
Definition XrdSecProtocolgsi.hh:137

kGSErrNoPublic
@ kGSErrNoPublic
Definition XrdSecProtocolgsi.hh:142

kGSErrSaveCreds
@ kGSErrSaveCreds
Definition XrdSecProtocolgsi.hh:139

kGSErrSerialBuffer
@ kGSErrSerialBuffer
Definition XrdSecProtocolgsi.hh:128

kGSErrNoCreds
@ kGSErrNoCreds
Definition XrdSecProtocolgsi.hh:135

kGSErrDecodeBuffer
@ kGSErrDecodeBuffer
Definition XrdSecProtocolgsi.hh:122

kGSErrLoadCrypto
@ kGSErrLoadCrypto
Definition XrdSecProtocolgsi.hh:123

kGSErrEncRndmTag
@ kGSErrEncRndmTag
Definition XrdSecProtocolgsi.hh:131

kGSErrDuplicateBucket
@ kGSErrDuplicateBucket
Definition XrdSecProtocolgsi.hh:126

kGSErrBadOpt
@ kGSErrBadOpt
Definition XrdSecProtocolgsi.hh:136

kGSErrNoRndmTag
@ kGSErrNoRndmTag
Definition XrdSecProtocolgsi.hh:133

kGSErrAddBucket
@ kGSErrAddBucket
Definition XrdSecProtocolgsi.hh:143

kGSErrError
@ kGSErrError
Definition XrdSecProtocolgsi.hh:147

kGSErrCreateBucket
@ kGSErrCreateBucket
Definition XrdSecProtocolgsi.hh:125

kGSErrNoBuffer
@ kGSErrNoBuffer
Definition XrdSecProtocolgsi.hh:140

XrdSecgsiGMAP_t
char *(* XrdSecgsiGMAP_t)(const char *, int)
Definition XrdSecProtocolgsi.hh:159

XrdSecgsiTrace.hh

XrdSutBuffer.hh

XrdSutCache.hh

XrdSutPFEntry.hh

XrdSutPFile.hh

XrdSutRndm.hh

XrdSysPthread.hh

GSIStack
Definition XrdSecProtocolgsi.hh:256

GSIStack::Add
void Add(T *t)
Definition XrdSecProtocolgsi.hh:258

GSIStack::mtx
XrdSysMutex mtx
Definition XrdSecProtocolgsi.hh:272

GSIStack::Del
void Del(T *t)
Definition XrdSecProtocolgsi.hh:265

GSIStack::stack
XrdOucHash< T > stack
Definition XrdSecProtocolgsi.hh:273

XrdCryptoCipher
Definition XrdCryptoCipher.hh:48

XrdCryptoFactory
Definition XrdCryptoFactory.hh:122

XrdCryptoMsgDigest
Definition XrdCryptoMsgDigest.hh:47

XrdCryptoRSA
Definition XrdCryptoRSA.hh:51

XrdCryptoX509Chain
Definition XrdCryptoX509Chain.hh:80

XrdCryptoX509Chain::Cleanup
void Cleanup(bool keepCA=0)

XrdCryptoX509Crl
Definition XrdCryptoX509Crl.hh:49

XrdCryptoX509
Definition XrdCryptoX509.hh:51

XrdCryptogsiX509Chain
Definition XrdCryptogsiX509Chain.hh:50

XrdNetAddrInfo
Definition XrdNetAddrInfo.hh:54

XrdOucErrInfo
Definition XrdOucErrInfo.hh:101

XrdOucGMap
Definition XrdOucGMap.hh:49

XrdOucHash
Definition XrdOucHash.hh:128

XrdOucString
Definition XrdOucString.hh:254

XrdOucTrace
Definition XrdOucTrace.hh:36

XrdSecEntity
Definition XrdSecEntity.hh:65

XrdSecProtocol
Definition XrdSecInterface.hh:131

XrdSecProtocolgsi
Definition XrdSecProtocolgsi.hh:281

XrdSecProtocolgsi::stackCA
static GSIStack< XrdCryptoX509Chain > stackCA
Definition XrdSecProtocolgsi.hh:384

XrdSecProtocolgsi::Authenticate
int Authenticate(XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)

XrdSecProtocolgsi::stackCRL
static std::unique_ptr< GSIStack< XrdCryptoX509Crl > > stackCRL
Definition XrdSecProtocolgsi.hh:385

XrdSecProtocolgsi::useIV
bool useIV
Definition XrdSecProtocolgsi.hh:412

XrdSecProtocolgsi::Verify
int Verify(const char *inbuf, int inlen, const char *sigbuf, int siglen)

XrdSecProtocolgsi::bucketKey
XrdSutBucket * bucketKey
Definition XrdSecProtocolgsi.hh:405

XrdSecProtocolgsi::LoadGMAPFun
static XrdSecgsiGMAP_t LoadGMAPFun(const char *plugin, const char *parms)

XrdSecProtocolgsi::~XrdSecProtocolgsi
virtual ~XrdSecProtocolgsi()
Definition XrdSecProtocolgsi.hh:294

XrdSecProtocolgsi::SrvKey
static String SrvKey
Definition XrdSecProtocolgsi.hh:329

XrdSecProtocolgsi::sessionCF
XrdCryptoFactory * sessionCF
Definition XrdSecProtocolgsi.hh:403

XrdSecProtocolgsi::UsrCert
static String UsrCert
Definition XrdSecProtocolgsi.hh:331

XrdSecProtocolgsi::LoadAuthzFun
static XrdSecgsiAuthz_t LoadAuthzFun(const char *plugin, const char *parms, int &fmt)

XrdSecProtocolgsi::XrdSecProtocolgsi
XrdSecProtocolgsi(int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0)

XrdSecProtocolgsi::proxyChain
X509Chain * proxyChain
Definition XrdSecProtocolgsi.hh:409

XrdSecProtocolgsi::AuthzCertFmt
static int AuthzCertFmt
Definition XrdSecProtocolgsi.hh:351

XrdSecProtocolgsi::VOMSFun
static XrdSecgsiVOMS_t VOMSFun
Definition XrdSecProtocolgsi.hh:359

XrdSecProtocolgsi::FreeEntity
void FreeEntity(XrdSecEntity *in)

XrdSecProtocolgsi::ErrC
XrdSecCredentials * ErrC(XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)

XrdSecProtocolgsi::CRLDownload
static int CRLDownload
Definition XrdSecProtocolgsi.hh:338

XrdSecProtocolgsi::LoadVOMSFun
static XrdSecgsiVOMS_t LoadVOMSFun(const char *plugin, const char *parms, int &fmt)

XrdSecProtocolgsi::Logger
static XrdSysLogger Logger
Definition XrdSecProtocolgsi.hh:397

XrdSecProtocolgsi::ServerDoCertreq
int ServerDoCertreq(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)

XrdSecProtocolgsi::VerifyCA
static bool VerifyCA(int opt, X509Chain *cca, XrdCryptoFactory *cf)

XrdSecProtocolgsi::ServerCertNameOK
bool ServerCertNameOK(const char *subject, const char *hname, String &e)

XrdSecProtocolgsi::AuthzKey
static XrdSecgsiAuthzKey_t AuthzKey
Definition XrdSecProtocolgsi.hh:350

XrdSecProtocolgsi::ParseServerInput
int ParseServerInput(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)

XrdSecProtocolgsi::PxyReqOpts
static int PxyReqOpts
Definition XrdSecProtocolgsi.hh:353

XrdSecProtocolgsi::DefError
static String DefError
Definition XrdSecProtocolgsi.hh:343

XrdSecProtocolgsi::cryptF
static XrdCryptoFactory * cryptF[XrdCryptoMax]
Definition XrdSecProtocolgsi.hh:368

XrdSecProtocolgsi::DefMD
static String DefMD
Definition XrdSecProtocolgsi.hh:342

XrdSecProtocolgsi::PxyValid
static String PxyValid
Definition XrdSecProtocolgsi.hh:333

XrdSecProtocolgsi::servGMap
static XrdOucGMap * servGMap
Definition XrdSecProtocolgsi.hh:381

XrdSecProtocolgsi::GetCApath
static String GetCApath(const char *cahash)

XrdSecProtocolgsi::DefCRLext
static String DefCRLext
Definition XrdSecProtocolgsi.hh:327

XrdSecProtocolgsi::GMAPCacheTimeOut
static int GMAPCacheTimeOut
Definition XrdSecProtocolgsi.hh:347

XrdSecProtocolgsi::ServerDoSigpxy
int ServerDoSigpxy(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)

XrdSecProtocolgsi::UsrProxy
static String UsrProxy
Definition XrdSecProtocolgsi.hh:330

XrdSecProtocolgsi::ncrypt
static int ncrypt
Definition XrdSecProtocolgsi.hh:367

XrdSecProtocolgsi::srvMode
bool srvMode
Definition XrdSecProtocolgsi.hh:410

XrdSecProtocolgsi::AddSerialized
int AddSerialized(char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip)

XrdSecProtocolgsi::CheckTimeStamp
bool CheckTimeStamp(XrdSutBuffer *b, int skew, String &emsg)

XrdSecProtocolgsi::LoadCRL
static XrdCryptoX509Crl * LoadCRL(XrdCryptoX509 *xca, const char *sjhash, XrdCryptoFactory *CF, int dwld, int &err)

XrdSecProtocolgsi::VOMSAttrOpt
static int VOMSAttrOpt
Definition XrdSecProtocolgsi.hh:358

XrdSecProtocolgsi::AuthzPxyWhat
static int AuthzPxyWhat
Definition XrdSecProtocolgsi.hh:354

XrdSecProtocolgsi::options
int options
Definition XrdSecProtocolgsi.hh:402

XrdSecProtocolgsi::GetCA
static int GetCA(const char *cahash, XrdCryptoFactory *cryptof, gsiHSVars *hs=0)

XrdSecProtocolgsi::QueryProxy
static int QueryProxy(bool checkcache, XrdSutCache *cache, const char *tag, XrdCryptoFactory *cf, time_t timestamp, ProxyIn_t *pi, ProxyOut_t *po)

XrdSecProtocolgsi::Decrypt
int Decrypt(const char *inbuf, int inlen, XrdSecBuffer **outbuf)

XrdSecProtocolgsi::cryptName
static String cryptName[XrdCryptoMax]
Definition XrdSecProtocolgsi.hh:370

XrdSecProtocolgsi::gsiContext
static XrdSysMutex gsiContext
Definition XrdSecProtocolgsi.hh:324

XrdSecProtocolgsi::GetSrvCertEnt
static XrdSutCacheEntry * GetSrvCertEnt(XrdSutCERef &gcref, XrdCryptoFactory *cf, time_t timestamp, String &cal)

XrdSecProtocolgsi::epAddr
XrdNetAddrInfo epAddr
Definition XrdSecProtocolgsi.hh:321

XrdSecProtocolgsi::Encrypt
int Encrypt(const char *inbuf, int inlen, XrdSecBuffer **outbuf)

XrdSecProtocolgsi::GMAPFile
static String GMAPFile
Definition XrdSecProtocolgsi.hh:344

XrdSecProtocolgsi::Debug
static int Debug
Definition XrdSecProtocolgsi.hh:392

XrdSecProtocolgsi::HashCompatibility
static bool HashCompatibility
Definition XrdSecProtocolgsi.hh:362

XrdSecProtocolgsi::AuthzCacheTimeOut
static int AuthzCacheTimeOut
Definition XrdSecProtocolgsi.hh:352

XrdSecProtocolgsi::GMAPOpt
static int GMAPOpt
Definition XrdSecProtocolgsi.hh:345

XrdSecProtocolgsi::sessionKver
XrdCryptoRSA * sessionKver
Definition XrdSecProtocolgsi.hh:408

XrdSecProtocolgsi::UsrKey
static String UsrKey
Definition XrdSecProtocolgsi.hh:332

XrdSecProtocolgsi::CRLdir
static String CRLdir
Definition XrdSecProtocolgsi.hh:326

XrdSecProtocolgsi::sessionMD
XrdCryptoMsgDigest * sessionMD
Definition XrdSecProtocolgsi.hh:406

XrdSecProtocolgsi::ClientDoCert
int ClientDoCert(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)

XrdSecProtocolgsi::ClientDoPxyreq
int ClientDoPxyreq(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)

XrdSecProtocolgsi::SrvAllowedNames
static String SrvAllowedNames
Definition XrdSecProtocolgsi.hh:357

XrdSecProtocolgsi::ClientDoInit
int ClientDoInit(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)

XrdSecProtocolgsi::Init
static char * Init(gsiOptions o, XrdOucErrInfo *erp)

XrdSecProtocolgsi::Delete
void Delete()
Delete the protocol object. DO NOT use C++ delete() on this object.

XrdSecProtocolgsi::cryptID
static int cryptID[XrdCryptoMax]
Definition XrdSecProtocolgsi.hh:369

XrdSecProtocolgsi::CopyEntity
void CopyEntity(XrdSecEntity *in, XrdSecEntity *out, int *lout=0)

XrdSecProtocolgsi::expectedHost
char * expectedHost
Definition XrdSecProtocolgsi.hh:411

XrdSecProtocolgsi::hs
gsiHSVars * hs
Definition XrdSecProtocolgsi.hh:415

XrdSecProtocolgsi::lastGMAPCheck
static time_t lastGMAPCheck
Definition XrdSecProtocolgsi.hh:388

XrdSecProtocolgsi::DepLength
static int DepLength
Definition XrdSecProtocolgsi.hh:334

XrdSecProtocolgsi::TrustDNS
static bool TrustDNS
Definition XrdSecProtocolgsi.hh:363

XrdSecProtocolgsi::CAdir
static String CAdir
Definition XrdSecProtocolgsi.hh:325

XrdSecProtocolgsi::cachePxy
static XrdSutCache cachePxy
Definition XrdSecProtocolgsi.hh:376

XrdSecProtocolgsi::cacheAuthzFun
static XrdSutCache cacheAuthzFun
Definition XrdSecProtocolgsi.hh:378

XrdSecProtocolgsi::GMAPFun
static XrdSecgsiGMAP_t GMAPFun
Definition XrdSecProtocolgsi.hh:348

XrdSecProtocolgsi::AuthzAlways
static int AuthzAlways
Definition XrdSecProtocolgsi.hh:356

XrdSecProtocolgsi::sessionKey
XrdCryptoCipher * sessionKey
Definition XrdSecProtocolgsi.hh:404

XrdSecProtocolgsi::EnableTracing
static XrdOucTrace * EnableTracing()

XrdSecProtocolgsi::GMAPuseDNname
static bool GMAPuseDNname
Definition XrdSecProtocolgsi.hh:346

XrdSecProtocolgsi::sessionKsig
XrdCryptoRSA * sessionKsig
Definition XrdSecProtocolgsi.hh:407

XrdSecProtocolgsi::VOMSCertFmt
static int VOMSCertFmt
Definition XrdSecProtocolgsi.hh:360

XrdSecProtocolgsi::getCredentials
XrdSecCredentials * getCredentials(XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)

XrdSecProtocolgsi::AuthzPxyWhere
static int AuthzPxyWhere
Definition XrdSecProtocolgsi.hh:355

XrdSecProtocolgsi::cacheCA
static XrdSutCache cacheCA
Definition XrdSecProtocolgsi.hh:374

XrdSecProtocolgsi::GSITrace
static XrdOucTrace * GSITrace
Definition XrdSecProtocolgsi.hh:399

XrdSecProtocolgsi::mutexGMAP
static XrdSysMutex mutexGMAP
Definition XrdSecProtocolgsi.hh:389

XrdSecProtocolgsi::CACheck
static int CACheck
Definition XrdSecProtocolgsi.hh:336

XrdSecProtocolgsi::getKey
int getKey(char *kbuf=0, int klen=0)

XrdSecProtocolgsi::SrvCert
static String SrvCert
Definition XrdSecProtocolgsi.hh:328

XrdSecProtocolgsi::DefCipher
static String DefCipher
Definition XrdSecProtocolgsi.hh:341

XrdSecProtocolgsi::eDest
static XrdSysError eDest
Definition XrdSecProtocolgsi.hh:398

XrdSecProtocolgsi::ServerDoCert
int ServerDoCert(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)

XrdSecProtocolgsi::Server
static bool Server
Definition XrdSecProtocolgsi.hh:393

XrdSecProtocolgsi::DefCrypto
static String DefCrypto
Definition XrdSecProtocolgsi.hh:340

XrdSecProtocolgsi::MonInfoOpt
static int MonInfoOpt
Definition XrdSecProtocolgsi.hh:361

XrdSecProtocolgsi::ErrF
static void ErrF(XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0)

XrdSecProtocolgsi::refcip
static XrdCryptoCipher * refcip[XrdCryptoMax]
Definition XrdSecProtocolgsi.hh:371

XrdSecProtocolgsi::ParseCrypto
int ParseCrypto(String cryptlist)

XrdSecProtocolgsi::DefBits
static int DefBits
Definition XrdSecProtocolgsi.hh:335

XrdSecProtocolgsi::ParseCAlist
int ParseCAlist(String calist)

XrdSecProtocolgsi::InitProxy
static int InitProxy(ProxyIn_t *pi, XrdCryptoFactory *cf, X509Chain *ch=0, XrdCryptoRSA **key=0)

XrdSecProtocolgsi::QueryGMAP
static void QueryGMAP(XrdCryptoX509Chain *chain, int now, String &name)

XrdSecProtocolgsi::Sign
int Sign(const char *inbuf, int inlen, XrdSecBuffer **outbuf)

XrdSecProtocolgsi::cacheCert
static XrdSutCache cacheCert
Definition XrdSecProtocolgsi.hh:375

XrdSecProtocolgsi::ErrS
int ErrS(String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)

XrdSecProtocolgsi::CheckRtag
bool CheckRtag(XrdSutBuffer *bm, String &emsg)

XrdSecProtocolgsi::ShowDN
static bool ShowDN
Definition XrdSecProtocolgsi.hh:364

XrdSecProtocolgsi::CRLCheck
static int CRLCheck
Definition XrdSecProtocolgsi.hh:337

XrdSecProtocolgsi::setKey
int setKey(char *kbuf, int klen)

XrdSecProtocolgsi::ParseClientInput
int ParseClientInput(XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg)

XrdSecProtocolgsi::cacheGMAPFun
static XrdSutCache cacheGMAPFun
Definition XrdSecProtocolgsi.hh:377

XrdSecProtocolgsi::AuthzFun
static XrdSecgsiAuthz_t AuthzFun
Definition XrdSecProtocolgsi.hh:349

XrdSecProtocolgsi::VerifyCRL
static int VerifyCRL(XrdCryptoX509Crl *crl, XrdCryptoX509 *xca, XrdOucString crldir, XrdCryptoFactory *CF, int hashalg)

XrdSecProtocolgsi::TimeSkew
static int TimeSkew
Definition XrdSecProtocolgsi.hh:394

XrdSecProtocolgsi::CRLRefresh
static int CRLRefresh
Definition XrdSecProtocolgsi.hh:339

XrdSutBucket
Definition XrdSutBucket.hh:44

XrdSutBuffer
Definition XrdSutBuffer.hh:43

XrdSutCERef
Definition XrdSutCacheEntry.hh:100

XrdSutCacheEntry
Definition XrdSutCacheEntry.hh:75

XrdSutCache
Definition XrdSutCache.hh:49

XrdSutPFEntry
Definition XrdSutPFEntry.hh:78

XrdSysError
Definition XrdSysError.hh:90

XrdSysLogger
Definition XrdSysLogger.hh:53

XrdSysMutex
Definition XrdSysPthread.hh:165

XrdSysMutex::Lock
void Lock()
Definition XrdSysPthread.hh:222

XrdSysMutex::UnLock
void UnLock()
Definition XrdSysPthread.hh:224

gsiHSVars
Definition XrdSecProtocolgsi.hh:501

gsiHSVars::Cref
XrdSutPFEntry * Cref
Definition XrdSecProtocolgsi.hh:511

gsiHSVars::RtagOK
bool RtagOK
Definition XrdSecProtocolgsi.hh:516

gsiHSVars::Tty
bool Tty
Definition XrdSecProtocolgsi.hh:517

gsiHSVars::CryptoMod
String CryptoMod
Definition XrdSecProtocolgsi.hh:505

gsiHSVars::HasPad
bool HasPad
Definition XrdSecProtocolgsi.hh:508

gsiHSVars::PxyChain
X509Chain * PxyChain
Definition XrdSecProtocolgsi.hh:515

gsiHSVars::Crl
XrdCryptoX509Crl * Crl
Definition XrdSecProtocolgsi.hh:514

gsiHSVars::Parms
XrdSutBuffer * Parms
Definition XrdSecProtocolgsi.hh:521

gsiHSVars::HashAlg
int HashAlg
Definition XrdSecProtocolgsi.hh:520

gsiHSVars::ID
String ID
Definition XrdSecProtocolgsi.hh:510

gsiHSVars::Cbck
XrdSutBucket * Cbck
Definition XrdSecProtocolgsi.hh:509

gsiHSVars::gsiHSVars
gsiHSVars()
Definition XrdSecProtocolgsi.hh:523

gsiHSVars::Dump
void Dump(XrdSecProtocolgsi *p=0)

gsiHSVars::Chain
X509Chain * Chain
Definition XrdSecProtocolgsi.hh:513

gsiHSVars::Options
int Options
Definition XrdSecProtocolgsi.hh:519

gsiHSVars::Pent
XrdSutPFEntry * Pent
Definition XrdSecProtocolgsi.hh:512

gsiHSVars::~gsiHSVars
~gsiHSVars()
Definition XrdSecProtocolgsi.hh:529

gsiHSVars::TimeStamp
time_t TimeStamp
Definition XrdSecProtocolgsi.hh:504

gsiHSVars::LastStep
int LastStep
Definition XrdSecProtocolgsi.hh:518

gsiHSVars::Iter
int Iter
Definition XrdSecProtocolgsi.hh:503

gsiHSVars::RemVers
int RemVers
Definition XrdSecProtocolgsi.hh:506

gsiHSVars::Rcip
XrdCryptoCipher * Rcip
Definition XrdSecProtocolgsi.hh:507

gsiOptions
Definition XrdSecProtocolgsi.hh:171

gsiOptions::authzto
int authzto
Definition XrdSecProtocolgsi.hh:199

gsiOptions::authzfun
char * authzfun
Definition XrdSecProtocolgsi.hh:196

gsiOptions::mode
char mode
Definition XrdSecProtocolgsi.hh:174

gsiOptions::cert
char * cert
Definition XrdSecProtocolgsi.hh:179

gsiOptions::moninfo
int moninfo
Definition XrdSecProtocolgsi.hh:212

gsiOptions::valid
char * valid
Definition XrdSecProtocolgsi.hh:189

gsiOptions::crldir
char * crldir
Definition XrdSecProtocolgsi.hh:177

gsiOptions::gmapfun
char * gmapfun
Definition XrdSecProtocolgsi.hh:194

gsiOptions::proxy
char * proxy
Definition XrdSecProtocolgsi.hh:188

gsiOptions::crlext
char * crlext
Definition XrdSecProtocolgsi.hh:178

gsiOptions::cipher
char * cipher
Definition XrdSecProtocolgsi.hh:183

gsiOptions::showDN
bool showDN
Definition XrdSecProtocolgsi.hh:216

gsiOptions::~gsiOptions
virtual ~gsiOptions()
Definition XrdSecProtocolgsi.hh:229

gsiOptions::vomsfunparms
char * vomsfunparms
Definition XrdSecProtocolgsi.hh:211

gsiOptions::key
char * key
Definition XrdSecProtocolgsi.hh:181

gsiOptions::deplen
int deplen
Definition XrdSecProtocolgsi.hh:190

gsiOptions::certdir
char * certdir
Definition XrdSecProtocolgsi.hh:176

gsiOptions::authzfunparms
char * authzfunparms
Definition XrdSecProtocolgsi.hh:197

gsiOptions::createpxy
int createpxy
Definition XrdSecProtocolgsi.hh:204

gsiOptions::srvnames
char * srvnames
Definition XrdSecProtocolgsi.hh:205

gsiOptions::exppxy
char * exppxy
Definition XrdSecProtocolgsi.hh:206

gsiOptions::crl
int crl
Definition XrdSecProtocolgsi.hh:185

gsiOptions::ogmap
int ogmap
Definition XrdSecProtocolgsi.hh:200

gsiOptions::vomsat
int vomsat
Definition XrdSecProtocolgsi.hh:209

gsiOptions::trustdns
bool trustdns
Definition XrdSecProtocolgsi.hh:215

gsiOptions::authzcall
int authzcall
Definition XrdSecProtocolgsi.hh:198

gsiOptions::gridmap
char * gridmap
Definition XrdSecProtocolgsi.hh:192

gsiOptions::md
char * md
Definition XrdSecProtocolgsi.hh:184

gsiOptions::hashcomp
int hashcomp
Definition XrdSecProtocolgsi.hh:213

gsiOptions::authzpxy
int authzpxy
Definition XrdSecProtocolgsi.hh:207

gsiOptions::debug
short debug
Definition XrdSecProtocolgsi.hh:173

gsiOptions::gsiOptions
gsiOptions()
Definition XrdSecProtocolgsi.hh:218

gsiOptions::bits
int bits
Definition XrdSecProtocolgsi.hh:191

gsiOptions::gmapto
int gmapto
Definition XrdSecProtocolgsi.hh:193

gsiOptions::vomsfun
char * vomsfun
Definition XrdSecProtocolgsi.hh:210

gsiOptions::Print
void Print(XrdOucTrace *t)

gsiOptions::clist
char * clist
Definition XrdSecProtocolgsi.hh:175

gsiOptions::gmapfunparms
char * gmapfunparms
Definition XrdSecProtocolgsi.hh:195

gsiOptions::sigpxy
int sigpxy
Definition XrdSecProtocolgsi.hh:203

gsiOptions::ca
int ca
Definition XrdSecProtocolgsi.hh:186

gsiOptions::crlrefresh
int crlrefresh
Definition XrdSecProtocolgsi.hh:187

gsiOptions::dlgpxy
int dlgpxy
Definition XrdSecProtocolgsi.hh:201

ProxyIn_t
Definition XrdSecProtocolgsi.hh:244

ProxyIn_t::bits
int bits
Definition XrdSecProtocolgsi.hh:251

ProxyIn_t::createpxy
bool createpxy
Definition XrdSecProtocolgsi.hh:252

ProxyIn_t::valid
const char * valid
Definition XrdSecProtocolgsi.hh:249

ProxyIn_t::out
const char * out
Definition XrdSecProtocolgsi.hh:248

ProxyIn_t::deplen
int deplen
Definition XrdSecProtocolgsi.hh:250

ProxyIn_t::key
const char * key
Definition XrdSecProtocolgsi.hh:246

ProxyIn_t::certdir
const char * certdir
Definition XrdSecProtocolgsi.hh:247

ProxyIn_t::cert
const char * cert
Definition XrdSecProtocolgsi.hh:245

ProxyOut_t
Definition XrdSecProtocolgsi.hh:237

ProxyOut_t::cbck
XrdSutBucket * cbck
Definition XrdSecProtocolgsi.hh:240

ProxyOut_t::ksig
XrdCryptoRSA * ksig
Definition XrdSecProtocolgsi.hh:239

ProxyOut_t::chain
X509Chain * chain
Definition XrdSecProtocolgsi.hh:238

XrdSecBuffer
Generic structure to pass security information back and forth.
Definition XrdSecInterface.hh:51