current/html/XrdSecProtocolpwd_8hh_source.html

/******************************************************************************/

/*                                                                            */

/*                 X r d S e c P r o t o c o l p w d . h h                    */

/*                                                                            */

/* (c) 2005 by the Board of Trustees of the Leland Stanford, Jr., University  */

/*   Produced by Gerri Ganis for CERN                                         */

/*                                                                            */

/* This file is part of the XRootD software suite.                            */

/*                                                                            */

/* XRootD is free software: you can redistribute it and/or modify it under    */

/* the terms of the GNU Lesser General Public License as published by the     */

/* Free Software Foundation, either version 3 of the License, or (at your     */

/* option) any later version.                                                 */

/*                                                                            */

/* XRootD is distributed in the hope that it will be useful, but WITHOUT      */

/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or      */

/* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public       */

/* License for more details.                                                  */

/*                                                                            */

/* You should have received a copy of the GNU Lesser General Public License   */

/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file  */

/* COPYING (GPL license).  If not, see <http://www.gnu.org/licenses/>.        */

/*                                                                            */

/* The copyright holder's institutional names and contributor's names may not */

/* be used to endorse or promote products derived from this software without  */

/* specific prior written permission of the institution or contributor.       */

/******************************************************************************/


#include "XrdNet/XrdNetAddrInfo.hh"


#include "XrdOuc/XrdOucErrInfo.hh"

#include "XrdSys/XrdSysPthread.hh"

#include "XrdOuc/XrdOucString.hh"

#include "XrdOuc/XrdOucTokenizer.hh"


#include "XrdSec/XrdSecInterface.hh"

#include "XrdSecpwd/XrdSecpwdTrace.hh"


#include "XrdSut/XrdSutPFEntry.hh"

#include "XrdSut/XrdSutPFile.hh"

#include "XrdSut/XrdSutBuffer.hh"

#include "XrdSut/XrdSutRndm.hh"


#include "XrdCrypto/XrdCryptoAux.hh"

#include "XrdCrypto/XrdCryptoCipher.hh"

#include "XrdCrypto/XrdCryptoFactory.hh"


/******************************************************************************/

/*                               D e f i n e s                                */

/******************************************************************************/


typedef XrdOucString String;


#define XrdSecPROTOIDENT    "pwd"

#define XrdSecPROTOIDLEN    sizeof(XrdSecPROTOIDENT)

#define XrdSecpwdVERSION    10100

#define XrdSecNOIPCHK       0x0001

#define XrdSecDEBUG         0x1000

#define XrdCryptoMax        10


#define kMAXBUFLEN          1024

#define kMAXUSRLEN          9

#define kMAXPWDLEN          64


//

// Message codes either returned by server or included in buffers


enum kpwdStatus {

   kpST_error    = -1,      // error occurred

   kpST_ok       =  0,      // ok

   kpST_more     =  1       // need more info

};


//

// Auto-reg modes


enum kpwdAutoreg {

   kpAR_none       =  0,      // autoreg disabled

   kpAR_users      =  1,      // only for tags in password files (local, system's)

   kpAR_all        =  2       // for all tags

};


//

// Client update autologin modes


enum kpwdUpdate {

   kpUP_none       =  0,      // no update

   kpUP_remove     =  1,      // remove obsolete entries only

   kpUP_all        =  2       // remove obsolete entries and register new valid info

};


//

// Creds input type


enum kpwdCredsInput {

   kpCI_undef      = -1,      // undefined

   kpCI_prompt     =  0,      // from prompt

   kpCI_exact      =  1,      // from FileNetRc, exact tag

   kpCI_wildcard   =  2       // from FileNetRc, wildcard tag

};


//

// Creds type (for prompt)


enum kpwdCredType {

   kpCT_undef      = -1,      // undefined

   kpCT_normal     =  0,      // confirmed credentials

   kpCT_onetime    =  1,      // one-time credentials

   kpCT_old        =  2,      // old credentials to be changed

   kpCT_new        =  3,      // new credentials to be confirmed

   kpCT_newagain   =  4,      // new credentials again for confirmation

   kpCT_autoreg    =  5,      // autoreg: new creds to be confirmed

   kpCT_ar_again   =  6,      // autoreg: new creds again for confirmation

   kpCT_crypt      =  7,      // standard crypt hash

   kpCT_afs        =  8,      // AFS plain password

   kpCT_afsenc     =  9       // AFS encrypted password

};


//

// Creds actions


enum kpwdCredsActions {

   kpCA_undef      = -1,      // undefined

   kpCA_check      =  0,      // normal check of credentials

   kpCA_checkold   =  1,      // check current creds before asking for new ones

   kpCA_cache      =  2,      // cache received (new) credentials

   kpCA_checkcache =  3       // check cached credentials and save them, if ok

};


// Client steps


enum kpwdClientSteps {

   kXPC_none = 0,

   kXPC_normal     = 1000, // 1000: standard packet

   kXPC_verifysrv,         // 1001: request for server verification

   kXPC_signedrtag,        // 1002: signed rtag (after server request for verification)

   kXPC_creds,             // 1003: credentials packet

   kXPC_autoreg,           // 1004: query for autoregistration

   kXPC_failureack,        // 1005: failure acknowledgement

   kXPC_reserved           //

};


// Server steps


enum kpwdServerSteps {

   kXPS_none = 0,

   kXPS_init       = 2000,   // 2000: fake code used the first time

   kXPS_credsreq,            // 2001: request for credentials

   kXPS_rtag,                // 2002: rndm tag to be signed (strong verification)

   kXPS_signedrtag,          // 2003: signed rtag (after client request for verification)

   kXPS_newpuk,              // 2004: new public part for session ciphers

   kXPS_puk,                 // 2005: public part for session ciphers (after autoreg)

   kXPS_failure,             // 2006: signal failure to client to drop invalid cached info

   kXPS_reserved             //

};


// Error codes


enum kpwdErrors {

   kPWErrParseBuffer = 10000,       // 10000

   kPWErrDecodeBuffer,              // 10001

   kPWErrLoadCrypto,                // 10002

   kPWErrBadProtocol,               // 10003

   kPWErrNoUserHost,                // 10004

   kPWErrNoUser,                    // 10005

   kPWErrNoHost,                    // 10006

   kPWErrBadUser,                   // 10007

   kPWErrCreateBucket,              // 10008

   kPWErrDuplicateBucket,           // 10009

   kPWErrCreateBuffer,              // 10010

   kPWErrSerialBuffer,              // 10011

   kPWErrGenCipher,                 // 10012

   kPWErrExportPuK,                 // 10013

   kPWErrEncRndmTag,                // 10014

   kPWErrBadRndmTag,                // 10015

   kPWErrNoRndmTag,                 // 10016

   kPWErrNoCipher,                  // 10017

   kPWErrQueryCreds,                // 10018

   kPWErrNoCreds,                   // 10019

   kPWErrBadPasswd,                 // 10020

   kPWErrBadCache,                  // 10021

   kPWErrNoCache,                   // 10022

   kPWErrNoSessID,                  // 10023

   kPWErrBadSessID,                 // 10024

   kPWErrBadOpt,                    // 10025

   kPWErrMarshal,                   // 10026

   kPWErrUnmarshal,                 // 10027

   kPWErrSaveCreds,                 // 10028

   kPWErrNoSalt,                    // 10029

   kPWErrNoBuffer,                  // 10030

   kPWErrRefCipher,                 // 10031

   kPWErrNoPublic,                  // 10032

   kPWErrAddBucket,                 // 10033

   kPWErrFinCipher,                 // 10034

   kPWErrInit,                      // 10034

   kPWErrBadCreds,                  // 10035

   kPWErrError                      // 10036

};


// Structuring the status word


typedef struct {

   char  ctype;

   char  action;

   short options;

} pwdStatus_t;


#define REL1(x)     { if (x) delete x; }

#define REL2(x,y)   { if (x) delete x; if (y) delete y; }

#define REL3(x,y,z) { if (x) delete x; if (y) delete y; if (z) delete z; }

#if 0

#ifndef NODEBUG

#define PRINT(y) {{SecTrace->Beg(epname); std::cerr <<y; SecTrace->End();}}

#else

#define PRINT(y) { }

#endif

#endif

#define SafeDelete(x) { if (x) delete x ; x = 0; }

#define SafeDelArray(x) { if (x) delete [] x ; x = 0; }


//

// This a small class to set the relevant options in one go

//


class pwdOptions {

public:

   short  debug;        // [cs] debug flag

   short  mode;         // [cs] 'c' or 's'

   short  areg;         // [cs] auto-registration opt (s); update-autolog-info opt (c)

   short  upwd;         // [s] check / do-not-check pwd file in user's $HOME

   short  alog;         // [c] check / do-not-check user's autologin info

   short  verisrv;      // [c] verify / do-not-verify server ownership of srvpuk

   short  vericlnt;     // [s] level of verification client ownership of clntpuk

   short  syspwd;       // [s] check / do-not-check system pwd (requires privileges)

   int    lifecreds;    // [s] lifetime in seconds of credentials

   int    maxprompts;   // [c] max number of empty prompts

   int    maxfailures;  // [s] max passwd failures before blocking

   char  *clist;        // [s] list of crypto modules ["ssl"]

   char  *dir;          // [s] directory with admin pwd files [$HOME/.xrd]

   char  *udir;         // [s] users's sub-directory with pwd files [$HOME/.xrd]

   char  *cpass;        // [s] users's crypt hash pwd file [$HOME/.xrootdpass]

   char  *alogfile;     // [c] autologin file [$HOME/.xrd/pwdnetrc]

   char  *srvpuk;       // [c] file with server puks [$HOME/.xrd/pwdsrvpuk]

   short  keepcreds;    // [s] keep / do-not-keep client credentials

   char  *expcreds;     // [s] (template for) file with exported creds

   int    expfmt;       // [s] formta for exported credentials


   pwdOptions() { debug = -1; mode = 's'; areg = -1; upwd = -1; alog = -1;

                  verisrv = -1; vericlnt = -1;

                  syspwd = -1; lifecreds = -1; maxprompts = -1; maxfailures = -1;

                  clist = 0; dir = 0; udir = 0; cpass = 0;

                  alogfile = 0; srvpuk = 0; keepcreds = 0; expcreds = 0; expfmt = 0;}


   virtual ~pwdOptions() { } // Cleanup inside XrdSecProtocolpwdInit

   void Print(XrdOucTrace *t); // Print summary of pwd option status

};


class pwdHSVars {

public:

   int               Iter;          // iteration number

   int               TimeStamp;     // Time of last call

   String            CryptoMod;     // crypto module in use

   String            User;          // remote username

   String            Tag;           // tag for credentials

   int               RemVers;       // Version run by remote counterpart

   XrdCryptoFactory *CF;            // crypto factory

   XrdCryptoCipher  *Hcip;          // handshake cipher

   XrdCryptoCipher  *Rcip;          // reference cipher

   String            ID;            // Handshake ID (dummy for clients)

   XrdSutPFEntry    *Cref;          // Cache reference

   XrdSutPFEntry    *Pent;          // Pointer to relevant file entry

   bool              RtagOK;        // Rndm tag checked / not checked

   pwdStatus_t       Status;        // Some state flags

   bool              Tty;           // Terminal attached / not attached

   int               Step;          // Current step

   int               LastStep;      // Step required at previous iteration

   String            ErrMsg;        // Last error message

   int               SysPwd;        // 0 = no, 1 = Unix sys pwd, 2 = AFS pwd

   String            AFScell;       // AFS cell if it makes sense

   XrdSutBuffer     *Parms;         // Buffer with server parms on first iteration


   pwdHSVars() { Iter = 0; TimeStamp = -1; CryptoMod = ""; User = ""; Tag = "";

                 RemVers = -1; CF = 0; Hcip = 0; Rcip = 0;

                 ID = ""; Cref = 0; Pent = 0; RtagOK = 0; Tty = 0;

                 Step = 0; LastStep = 0; ErrMsg = "";

                 SysPwd = 0; AFScell = "";

                 Status.ctype = 0; Status.action = 0; Status.options = 0; Parms = 0;}


   ~pwdHSVars() { SafeDelete(Cref); SafeDelete(Hcip); SafeDelete(Parms); }

};


/******************************************************************************/

/*              X r d S e c P r o t o c o l p w d   C l a s s                 */

/******************************************************************************/


class XrdSecProtocolpwd : public XrdSecProtocol

{

public:

        int                Authenticate  (XrdSecCredentials *cred,

                                          XrdSecParameters **parms,

                                          XrdOucErrInfo     *einfo=0);


        XrdSecCredentials *getCredentials(XrdSecParameters  *parm=0,

                                          XrdOucErrInfo     *einfo=0);


        XrdSecProtocolpwd(int opts, const char *hname,

                          XrdNetAddrInfo &endPoint,

                          const char *parms = 0);

        virtual ~XrdSecProtocolpwd() {} // Delete() does it all


        // Initialization methods

        static char      *Init(pwdOptions o, XrdOucErrInfo *erp);


        void              Delete();


        static void       PrintTimeStat();


        // Enable tracing

        static XrdOucTrace *EnableTracing();


private:


   // Static members initialized at startup

   static XrdSysMutex      pwdContext;

   static String           FileAdmin;

   static String           FileExpCreds;     // (Template for) file with exported creds [S]

   static String           FileUser;

   static String           FileCrypt;

   static String           FileSrvPuk;

   static String           SrvID;

   static String           SrvEmail;

   static String           DefCrypto;

   static String           DefError;

   static XrdSutPFile      PFAdmin;          // Admin file [S]

   static XrdSutPFile      PFAlog;           // Autologin file [CS]

   static XrdSutPFile      PFSrvPuk;         // File with server public keys [CS]

   //

   // Crypto related info

   static int              ncrypt;                  // Number of factories

   static int              cryptID[XrdCryptoMax];   // their IDs

   static String           cryptName[XrdCryptoMax]; // their names

   static XrdCryptoCipher *loccip[XrdCryptoMax];    // local ciphers

   static XrdCryptoCipher *refcip[XrdCryptoMax];    // ref for session ciphers

   //

   // Caches for info files

   static XrdSutPFCache      cacheAdmin;  // Admin file

   static XrdSutPFCache      cacheSrvPuk; // SrvPuk file

   static XrdSutPFCache      cacheUser;   // User files

   static XrdSutPFCache      cacheAlog;   // Autologin file

   //

   // Running options / settings

   static int              Debug;          // [CS] Debug level

   static bool             Server;         // [CS] If server mode

   static int              UserPwd;        // [S] Check passwd file in user's <xrdsecdir>

   static bool             SysPwd;         // [S] Check system passwd file if allowed

   static int              VeriClnt;       // [S] Client verification level

   static int              VeriSrv;        // [C] Server verification level

   static int              AutoReg;        // [S] Autoreg mode

   static int              LifeCreds;      // [S] if > 0, credential lifetime in secs

   static int              MaxPrompts;     // [C] Repeating prompt

   static int              MaxFailures;    // [S] Max passwd failures before blocking

   static int              AutoLogin;      // [C] do-not-check/check/update autolog info

   static int              TimeSkew;       // [CS] Allowed skew in secs for time stamps

   static bool             KeepCreds;      // [S] Keep / Do-Not-Keep client creds

   static int              FmtExpCreds;    // [S] Format for the exported credentials

   //

   // for error logging and tracing

   static XrdSysLogger     Logger;

   static XrdSysError      eDest;

   static XrdOucTrace     *PWDTrace;


   // Information local to this instance

   XrdNetAddrInfo          epAddr;

   int                     options;

   char                    CName[256];    // Client-name

   bool                    srvMode;       // TRUE if server mode


   // Handshake local info

   pwdHSVars              *hs;


   // Acquired credentials (server side)

   XrdSecCredentials      *clientCreds;


   // Parsing received buffers

   int            ParseClientInput(XrdSutBuffer *br, XrdSutBuffer **bm,

                                   String &emsg);

   int            ParseServerInput(XrdSutBuffer *br, XrdSutBuffer **bm,

                                   String &cmsg);

   int            ParseCrypto(XrdSutBuffer *buf);


   // Error functions

   static void    ErrF(XrdOucErrInfo *einfo, kXR_int32 ecode,

                       const char *msg1, const char *msg2 = 0,

                       const char *msg3 = 0);

   XrdSecCredentials *ErrC(XrdOucErrInfo *einfo, XrdSutBuffer *b1,

                           XrdSutBuffer *b2,XrdSutBuffer *b3,

                           kXR_int32 ecode, const char *msg1 = 0,

                           const char *msg2 = 0, const char *msg3 = 0);

   int            ErrS(String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1,

                       XrdSutBuffer *b2, XrdSutBuffer *b3,

                       kXR_int32 ecode, const char *msg1 = 0,

                       const char *msg2 = 0, const char *msg3 = 0);


   // Query methods

   XrdSutBucket  *QueryCreds(XrdSutBuffer *bm, bool netrc, int &status);

   int            QueryUser(int &status, String &cmsg);

   int            QueryCrypt(String &fn, String &pwhash);

   int            QueryNetRc(String host, String &passwd, int &status);


   // Check credentials

   bool           CheckCreds(XrdSutBucket *creds, int credtype);

   bool           CheckCredsAFS(XrdSutBucket *creds, int ctype);


   // Check Time stamp

   bool           CheckTimeStamp(XrdSutBuffer *b, int skew, String &emsg);


   // Check random challenge

   bool           CheckRtag(XrdSutBuffer *bm, String &emsg);


   // Saving / Updating

   int            ExportCreds(XrdSutBucket *creds);

   int            SaveCreds(XrdSutBucket *creds);

   int            UpdateAlog();


   // Auxilliary methods

   int            GetUserHost(String &usr, String &host);

   int            AddSerialized(char opt, kXR_int32 step, String ID,

                                XrdSutBuffer *bls, XrdSutBuffer *buf,

                                kXR_int32 type, XrdCryptoCipher *cip);

   int            DoubleHash(XrdCryptoFactory *cf, XrdSutBucket *bck,

                             XrdSutBucket *s1, XrdSutBucket *s2 = 0,

                             const char *tag = 0);

};


kXR_int32
int kXR_int32
Definition XPtypes.hh:89

XrdCryptoAux.hh

XrdCryptoCipher.hh

XrdCryptoFactory.hh

XrdNetAddrInfo.hh

XrdOucErrInfo.hh

XrdOucString.hh

XrdOucTokenizer.hh

XrdSecInterface.hh

SafeDelete
#define SafeDelete(x)
Definition XrdSecProtocolpwd.hh:208

kpwdUpdate
kpwdUpdate
Definition XrdSecProtocolpwd.hh:83

kpUP_remove
@ kpUP_remove
Definition XrdSecProtocolpwd.hh:85

kpUP_all
@ kpUP_all
Definition XrdSecProtocolpwd.hh:86

kpUP_none
@ kpUP_none
Definition XrdSecProtocolpwd.hh:84

kpwdCredsInput
kpwdCredsInput
Definition XrdSecProtocolpwd.hh:91

kpCI_prompt
@ kpCI_prompt
Definition XrdSecProtocolpwd.hh:93

kpCI_exact
@ kpCI_exact
Definition XrdSecProtocolpwd.hh:94

kpCI_undef
@ kpCI_undef
Definition XrdSecProtocolpwd.hh:92

kpCI_wildcard
@ kpCI_wildcard
Definition XrdSecProtocolpwd.hh:95

kpwdAutoreg
kpwdAutoreg
Definition XrdSecProtocolpwd.hh:75

kpAR_none
@ kpAR_none
Definition XrdSecProtocolpwd.hh:76

kpAR_all
@ kpAR_all
Definition XrdSecProtocolpwd.hh:78

kpAR_users
@ kpAR_users
Definition XrdSecProtocolpwd.hh:77

kpwdErrors
kpwdErrors
Definition XrdSecProtocolpwd.hh:150

kPWErrParseBuffer
@ kPWErrParseBuffer
Definition XrdSecProtocolpwd.hh:151

kPWErrBadOpt
@ kPWErrBadOpt
Definition XrdSecProtocolpwd.hh:176

kPWErrMarshal
@ kPWErrMarshal
Definition XrdSecProtocolpwd.hh:177

kPWErrNoBuffer
@ kPWErrNoBuffer
Definition XrdSecProtocolpwd.hh:181

kPWErrBadCreds
@ kPWErrBadCreds
Definition XrdSecProtocolpwd.hh:187

kPWErrBadPasswd
@ kPWErrBadPasswd
Definition XrdSecProtocolpwd.hh:171

kPWErrSaveCreds
@ kPWErrSaveCreds
Definition XrdSecProtocolpwd.hh:179

kPWErrEncRndmTag
@ kPWErrEncRndmTag
Definition XrdSecProtocolpwd.hh:165

kPWErrNoSessID
@ kPWErrNoSessID
Definition XrdSecProtocolpwd.hh:174

kPWErrExportPuK
@ kPWErrExportPuK
Definition XrdSecProtocolpwd.hh:164

kPWErrNoCipher
@ kPWErrNoCipher
Definition XrdSecProtocolpwd.hh:168

kPWErrNoSalt
@ kPWErrNoSalt
Definition XrdSecProtocolpwd.hh:180

kPWErrBadCache
@ kPWErrBadCache
Definition XrdSecProtocolpwd.hh:172

kPWErrUnmarshal
@ kPWErrUnmarshal
Definition XrdSecProtocolpwd.hh:178

kPWErrSerialBuffer
@ kPWErrSerialBuffer
Definition XrdSecProtocolpwd.hh:162

kPWErrBadUser
@ kPWErrBadUser
Definition XrdSecProtocolpwd.hh:158

kPWErrQueryCreds
@ kPWErrQueryCreds
Definition XrdSecProtocolpwd.hh:169

kPWErrNoUserHost
@ kPWErrNoUserHost
Definition XrdSecProtocolpwd.hh:155

kPWErrInit
@ kPWErrInit
Definition XrdSecProtocolpwd.hh:186

kPWErrNoPublic
@ kPWErrNoPublic
Definition XrdSecProtocolpwd.hh:183

kPWErrBadSessID
@ kPWErrBadSessID
Definition XrdSecProtocolpwd.hh:175

kPWErrNoCreds
@ kPWErrNoCreds
Definition XrdSecProtocolpwd.hh:170

kPWErrDuplicateBucket
@ kPWErrDuplicateBucket
Definition XrdSecProtocolpwd.hh:160

kPWErrBadProtocol
@ kPWErrBadProtocol
Definition XrdSecProtocolpwd.hh:154

kPWErrNoUser
@ kPWErrNoUser
Definition XrdSecProtocolpwd.hh:156

kPWErrCreateBucket
@ kPWErrCreateBucket
Definition XrdSecProtocolpwd.hh:159

kPWErrFinCipher
@ kPWErrFinCipher
Definition XrdSecProtocolpwd.hh:185

kPWErrLoadCrypto
@ kPWErrLoadCrypto
Definition XrdSecProtocolpwd.hh:153

kPWErrRefCipher
@ kPWErrRefCipher
Definition XrdSecProtocolpwd.hh:182

kPWErrBadRndmTag
@ kPWErrBadRndmTag
Definition XrdSecProtocolpwd.hh:166

kPWErrDecodeBuffer
@ kPWErrDecodeBuffer
Definition XrdSecProtocolpwd.hh:152

kPWErrNoCache
@ kPWErrNoCache
Definition XrdSecProtocolpwd.hh:173

kPWErrGenCipher
@ kPWErrGenCipher
Definition XrdSecProtocolpwd.hh:163

kPWErrNoRndmTag
@ kPWErrNoRndmTag
Definition XrdSecProtocolpwd.hh:167

kPWErrError
@ kPWErrError
Definition XrdSecProtocolpwd.hh:188

kPWErrCreateBuffer
@ kPWErrCreateBuffer
Definition XrdSecProtocolpwd.hh:161

kPWErrAddBucket
@ kPWErrAddBucket
Definition XrdSecProtocolpwd.hh:184

kPWErrNoHost
@ kPWErrNoHost
Definition XrdSecProtocolpwd.hh:157

kpwdStatus
kpwdStatus
Definition XrdSecProtocolpwd.hh:67

kpST_ok
@ kpST_ok
Definition XrdSecProtocolpwd.hh:69

kpST_more
@ kpST_more
Definition XrdSecProtocolpwd.hh:70

kpST_error
@ kpST_error
Definition XrdSecProtocolpwd.hh:68

String
XrdOucString String
Definition XrdSecProtocolpwd.hh:52

kpwdClientSteps
kpwdClientSteps
Definition XrdSecProtocolpwd.hh:125

kXPC_failureack
@ kXPC_failureack
Definition XrdSecProtocolpwd.hh:132

kXPC_autoreg
@ kXPC_autoreg
Definition XrdSecProtocolpwd.hh:131

kXPC_reserved
@ kXPC_reserved
Definition XrdSecProtocolpwd.hh:133

kXPC_signedrtag
@ kXPC_signedrtag
Definition XrdSecProtocolpwd.hh:129

kXPC_normal
@ kXPC_normal
Definition XrdSecProtocolpwd.hh:127

kXPC_creds
@ kXPC_creds
Definition XrdSecProtocolpwd.hh:130

kXPC_verifysrv
@ kXPC_verifysrv
Definition XrdSecProtocolpwd.hh:128

kXPC_none
@ kXPC_none
Definition XrdSecProtocolpwd.hh:126

kpwdCredsActions
kpwdCredsActions
Definition XrdSecProtocolpwd.hh:116

kpCA_cache
@ kpCA_cache
Definition XrdSecProtocolpwd.hh:120

kpCA_undef
@ kpCA_undef
Definition XrdSecProtocolpwd.hh:117

kpCA_checkold
@ kpCA_checkold
Definition XrdSecProtocolpwd.hh:119

kpCA_check
@ kpCA_check
Definition XrdSecProtocolpwd.hh:118

kpCA_checkcache
@ kpCA_checkcache
Definition XrdSecProtocolpwd.hh:121

XrdCryptoMax
#define XrdCryptoMax
Definition XrdSecProtocolpwd.hh:59

kpwdCredType
kpwdCredType
Definition XrdSecProtocolpwd.hh:100

kpCT_afs
@ kpCT_afs
Definition XrdSecProtocolpwd.hh:110

kpCT_old
@ kpCT_old
Definition XrdSecProtocolpwd.hh:104

kpCT_autoreg
@ kpCT_autoreg
Definition XrdSecProtocolpwd.hh:107

kpCT_onetime
@ kpCT_onetime
Definition XrdSecProtocolpwd.hh:103

kpCT_newagain
@ kpCT_newagain
Definition XrdSecProtocolpwd.hh:106

kpCT_normal
@ kpCT_normal
Definition XrdSecProtocolpwd.hh:102

kpCT_new
@ kpCT_new
Definition XrdSecProtocolpwd.hh:105

kpCT_crypt
@ kpCT_crypt
Definition XrdSecProtocolpwd.hh:109

kpCT_undef
@ kpCT_undef
Definition XrdSecProtocolpwd.hh:101

kpCT_afsenc
@ kpCT_afsenc
Definition XrdSecProtocolpwd.hh:111

kpCT_ar_again
@ kpCT_ar_again
Definition XrdSecProtocolpwd.hh:108

kpwdServerSteps
kpwdServerSteps
Definition XrdSecProtocolpwd.hh:137

kXPS_puk
@ kXPS_puk
Definition XrdSecProtocolpwd.hh:144

kXPS_credsreq
@ kXPS_credsreq
Definition XrdSecProtocolpwd.hh:140

kXPS_failure
@ kXPS_failure
Definition XrdSecProtocolpwd.hh:145

kXPS_reserved
@ kXPS_reserved
Definition XrdSecProtocolpwd.hh:146

kXPS_none
@ kXPS_none
Definition XrdSecProtocolpwd.hh:138

kXPS_init
@ kXPS_init
Definition XrdSecProtocolpwd.hh:139

kXPS_signedrtag
@ kXPS_signedrtag
Definition XrdSecProtocolpwd.hh:142

kXPS_newpuk
@ kXPS_newpuk
Definition XrdSecProtocolpwd.hh:143

kXPS_rtag
@ kXPS_rtag
Definition XrdSecProtocolpwd.hh:141

XrdSecpwdTrace.hh

XrdSutBuffer.hh

XrdSutPFEntry.hh

XrdSutPFile.hh

XrdSutRndm.hh

XrdSysPthread.hh

XrdCryptoCipher
Definition XrdCryptoCipher.hh:48

XrdCryptoFactory
Definition XrdCryptoFactory.hh:122

XrdNetAddrInfo
Definition XrdNetAddrInfo.hh:54

XrdOucErrInfo
Definition XrdOucErrInfo.hh:101

XrdOucString
Definition XrdOucString.hh:254

XrdOucTrace
Definition XrdOucTrace.hh:36

XrdSecProtocol
Definition XrdSecInterface.hh:131

XrdSecProtocolpwd
Definition XrdSecProtocolpwd.hh:286

XrdSecProtocolpwd::cacheAlog
static XrdSutPFCache cacheAlog
Definition XrdSecProtocolpwd.hh:338

XrdSecProtocolpwd::cacheAdmin
static XrdSutPFCache cacheAdmin
Definition XrdSecProtocolpwd.hh:335

XrdSecProtocolpwd::ParseClientInput
int ParseClientInput(XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg)

XrdSecProtocolpwd::DefError
static String DefError
Definition XrdSecProtocolpwd.hh:322

XrdSecProtocolpwd::cacheSrvPuk
static XrdSutPFCache cacheSrvPuk
Definition XrdSecProtocolpwd.hh:336

XrdSecProtocolpwd::ExportCreds
int ExportCreds(XrdSutBucket *creds)

XrdSecProtocolpwd::ncrypt
static int ncrypt
Definition XrdSecProtocolpwd.hh:328

XrdSecProtocolpwd::refcip
static XrdCryptoCipher * refcip[XrdCryptoMax]
Definition XrdSecProtocolpwd.hh:332

XrdSecProtocolpwd::cacheUser
static XrdSutPFCache cacheUser
Definition XrdSecProtocolpwd.hh:337

XrdSecProtocolpwd::TimeSkew
static int TimeSkew
Definition XrdSecProtocolpwd.hh:352

XrdSecProtocolpwd::CheckCreds
bool CheckCreds(XrdSutBucket *creds, int credtype)

XrdSecProtocolpwd::PFAdmin
static XrdSutPFile PFAdmin
Definition XrdSecProtocolpwd.hh:323

XrdSecProtocolpwd::PFSrvPuk
static XrdSutPFile PFSrvPuk
Definition XrdSecProtocolpwd.hh:325

XrdSecProtocolpwd::Logger
static XrdSysLogger Logger
Definition XrdSecProtocolpwd.hh:357

XrdSecProtocolpwd::AddSerialized
int AddSerialized(char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip)

XrdSecProtocolpwd::CheckCredsAFS
bool CheckCredsAFS(XrdSutBucket *creds, int ctype)

XrdSecProtocolpwd::srvMode
bool srvMode
Definition XrdSecProtocolpwd.hh:365

XrdSecProtocolpwd::Init
static char * Init(pwdOptions o, XrdOucErrInfo *erp)

XrdSecProtocolpwd::XrdSecProtocolpwd
XrdSecProtocolpwd(int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0)

XrdSecProtocolpwd::UpdateAlog
int UpdateAlog()

XrdSecProtocolpwd::eDest
static XrdSysError eDest
Definition XrdSecProtocolpwd.hh:358

XrdSecProtocolpwd::FileExpCreds
static String FileExpCreds
Definition XrdSecProtocolpwd.hh:315

XrdSecProtocolpwd::SysPwd
static bool SysPwd
Definition XrdSecProtocolpwd.hh:344

XrdSecProtocolpwd::~XrdSecProtocolpwd
virtual ~XrdSecProtocolpwd()
Definition XrdSecProtocolpwd.hh:298

XrdSecProtocolpwd::loccip
static XrdCryptoCipher * loccip[XrdCryptoMax]
Definition XrdSecProtocolpwd.hh:331

XrdSecProtocolpwd::QueryCrypt
int QueryCrypt(String &fn, String &pwhash)

XrdSecProtocolpwd::AutoLogin
static int AutoLogin
Definition XrdSecProtocolpwd.hh:351

XrdSecProtocolpwd::Server
static bool Server
Definition XrdSecProtocolpwd.hh:342

XrdSecProtocolpwd::PrintTimeStat
static void PrintTimeStat()

XrdSecProtocolpwd::LifeCreds
static int LifeCreds
Definition XrdSecProtocolpwd.hh:348

XrdSecProtocolpwd::cryptID
static int cryptID[XrdCryptoMax]
Definition XrdSecProtocolpwd.hh:329

XrdSecProtocolpwd::SrvID
static String SrvID
Definition XrdSecProtocolpwd.hh:319

XrdSecProtocolpwd::PWDTrace
static XrdOucTrace * PWDTrace
Definition XrdSecProtocolpwd.hh:359

XrdSecProtocolpwd::FmtExpCreds
static int FmtExpCreds
Definition XrdSecProtocolpwd.hh:354

XrdSecProtocolpwd::pwdContext
static XrdSysMutex pwdContext
Definition XrdSecProtocolpwd.hh:313

XrdSecProtocolpwd::FileUser
static String FileUser
Definition XrdSecProtocolpwd.hh:316

XrdSecProtocolpwd::ErrS
int ErrS(String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)

XrdSecProtocolpwd::CheckTimeStamp
bool CheckTimeStamp(XrdSutBuffer *b, int skew, String &emsg)

XrdSecProtocolpwd::CName
char CName[256]
Definition XrdSecProtocolpwd.hh:364

XrdSecProtocolpwd::UserPwd
static int UserPwd
Definition XrdSecProtocolpwd.hh:343

XrdSecProtocolpwd::GetUserHost
int GetUserHost(String &usr, String &host)

XrdSecProtocolpwd::FileSrvPuk
static String FileSrvPuk
Definition XrdSecProtocolpwd.hh:318

XrdSecProtocolpwd::QueryUser
int QueryUser(int &status, String &cmsg)

XrdSecProtocolpwd::ErrF
static void ErrF(XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0)

XrdSecProtocolpwd::ParseServerInput
int ParseServerInput(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)

XrdSecProtocolpwd::ErrC
XrdSecCredentials * ErrC(XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)

XrdSecProtocolpwd::Delete
void Delete()
Delete the protocol object. DO NOT use C++ delete() on this object.

XrdSecProtocolpwd::epAddr
XrdNetAddrInfo epAddr
Definition XrdSecProtocolpwd.hh:362

XrdSecProtocolpwd::Authenticate
int Authenticate(XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)

XrdSecProtocolpwd::hs
pwdHSVars * hs
Definition XrdSecProtocolpwd.hh:368

XrdSecProtocolpwd::clientCreds
XrdSecCredentials * clientCreds
Definition XrdSecProtocolpwd.hh:371

XrdSecProtocolpwd::KeepCreds
static bool KeepCreds
Definition XrdSecProtocolpwd.hh:353

XrdSecProtocolpwd::CheckRtag
bool CheckRtag(XrdSutBuffer *bm, String &emsg)

XrdSecProtocolpwd::SaveCreds
int SaveCreds(XrdSutBucket *creds)

XrdSecProtocolpwd::MaxPrompts
static int MaxPrompts
Definition XrdSecProtocolpwd.hh:349

XrdSecProtocolpwd::QueryNetRc
int QueryNetRc(String host, String &passwd, int &status)

XrdSecProtocolpwd::ParseCrypto
int ParseCrypto(XrdSutBuffer *buf)

XrdSecProtocolpwd::DefCrypto
static String DefCrypto
Definition XrdSecProtocolpwd.hh:321

XrdSecProtocolpwd::VeriClnt
static int VeriClnt
Definition XrdSecProtocolpwd.hh:345

XrdSecProtocolpwd::EnableTracing
static XrdOucTrace * EnableTracing()

XrdSecProtocolpwd::Debug
static int Debug
Definition XrdSecProtocolpwd.hh:341

XrdSecProtocolpwd::getCredentials
XrdSecCredentials * getCredentials(XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)

XrdSecProtocolpwd::cryptName
static String cryptName[XrdCryptoMax]
Definition XrdSecProtocolpwd.hh:330

XrdSecProtocolpwd::VeriSrv
static int VeriSrv
Definition XrdSecProtocolpwd.hh:346

XrdSecProtocolpwd::SrvEmail
static String SrvEmail
Definition XrdSecProtocolpwd.hh:320

XrdSecProtocolpwd::AutoReg
static int AutoReg
Definition XrdSecProtocolpwd.hh:347

XrdSecProtocolpwd::DoubleHash
int DoubleHash(XrdCryptoFactory *cf, XrdSutBucket *bck, XrdSutBucket *s1, XrdSutBucket *s2=0, const char *tag=0)

XrdSecProtocolpwd::MaxFailures
static int MaxFailures
Definition XrdSecProtocolpwd.hh:350

XrdSecProtocolpwd::PFAlog
static XrdSutPFile PFAlog
Definition XrdSecProtocolpwd.hh:324

XrdSecProtocolpwd::QueryCreds
XrdSutBucket * QueryCreds(XrdSutBuffer *bm, bool netrc, int &status)

XrdSecProtocolpwd::FileCrypt
static String FileCrypt
Definition XrdSecProtocolpwd.hh:317

XrdSecProtocolpwd::options
int options
Definition XrdSecProtocolpwd.hh:363

XrdSecProtocolpwd::FileAdmin
static String FileAdmin
Definition XrdSecProtocolpwd.hh:314

XrdSutBucket
Definition XrdSutBucket.hh:44

XrdSutBuffer
Definition XrdSutBuffer.hh:43

XrdSutPFCache
Definition XrdSutPFCache.hh:72

XrdSutPFEntry
Definition XrdSutPFEntry.hh:78

XrdSutPFile
Definition XrdSutPFile.hh:121

XrdSysError
Definition XrdSysError.hh:90

XrdSysLogger
Definition XrdSysLogger.hh:53

XrdSysMutex
Definition XrdSysPthread.hh:165

pwdHSVars
Definition XrdSecProtocolpwd.hh:246

pwdHSVars::TimeStamp
int TimeStamp
Definition XrdSecProtocolpwd.hh:249

pwdHSVars::LastStep
int LastStep
Definition XrdSecProtocolpwd.hh:264

pwdHSVars::Hcip
XrdCryptoCipher * Hcip
Definition XrdSecProtocolpwd.hh:255

pwdHSVars::Rcip
XrdCryptoCipher * Rcip
Definition XrdSecProtocolpwd.hh:256

pwdHSVars::Iter
int Iter
Definition XrdSecProtocolpwd.hh:248

pwdHSVars::pwdHSVars
pwdHSVars()
Definition XrdSecProtocolpwd.hh:270

pwdHSVars::CF
XrdCryptoFactory * CF
Definition XrdSecProtocolpwd.hh:254

pwdHSVars::Step
int Step
Definition XrdSecProtocolpwd.hh:263

pwdHSVars::Status
pwdStatus_t Status
Definition XrdSecProtocolpwd.hh:261

pwdHSVars::~pwdHSVars
~pwdHSVars()
Definition XrdSecProtocolpwd.hh:277

pwdHSVars::Pent
XrdSutPFEntry * Pent
Definition XrdSecProtocolpwd.hh:259

pwdHSVars::ID
String ID
Definition XrdSecProtocolpwd.hh:257

pwdHSVars::Cref
XrdSutPFEntry * Cref
Definition XrdSecProtocolpwd.hh:258

pwdHSVars::Tty
bool Tty
Definition XrdSecProtocolpwd.hh:262

pwdHSVars::ErrMsg
String ErrMsg
Definition XrdSecProtocolpwd.hh:265

pwdHSVars::RtagOK
bool RtagOK
Definition XrdSecProtocolpwd.hh:260

pwdHSVars::RemVers
int RemVers
Definition XrdSecProtocolpwd.hh:253

pwdHSVars::SysPwd
int SysPwd
Definition XrdSecProtocolpwd.hh:266

pwdHSVars::CryptoMod
String CryptoMod
Definition XrdSecProtocolpwd.hh:250

pwdHSVars::Parms
XrdSutBuffer * Parms
Definition XrdSecProtocolpwd.hh:268

pwdHSVars::User
String User
Definition XrdSecProtocolpwd.hh:251

pwdHSVars::AFScell
String AFScell
Definition XrdSecProtocolpwd.hh:267

pwdHSVars::Tag
String Tag
Definition XrdSecProtocolpwd.hh:252

pwdOptions
Definition XrdSecProtocolpwd.hh:214

pwdOptions::mode
short mode
Definition XrdSecProtocolpwd.hh:217

pwdOptions::maxprompts
int maxprompts
Definition XrdSecProtocolpwd.hh:225

pwdOptions::srvpuk
char * srvpuk
Definition XrdSecProtocolpwd.hh:232

pwdOptions::dir
char * dir
Definition XrdSecProtocolpwd.hh:228

pwdOptions::areg
short areg
Definition XrdSecProtocolpwd.hh:218

pwdOptions::keepcreds
short keepcreds
Definition XrdSecProtocolpwd.hh:233

pwdOptions::clist
char * clist
Definition XrdSecProtocolpwd.hh:227

pwdOptions::expcreds
char * expcreds
Definition XrdSecProtocolpwd.hh:234

pwdOptions::upwd
short upwd
Definition XrdSecProtocolpwd.hh:219

pwdOptions::vericlnt
short vericlnt
Definition XrdSecProtocolpwd.hh:222

pwdOptions::lifecreds
int lifecreds
Definition XrdSecProtocolpwd.hh:224

pwdOptions::debug
short debug
Definition XrdSecProtocolpwd.hh:216

pwdOptions::maxfailures
int maxfailures
Definition XrdSecProtocolpwd.hh:226

pwdOptions::verisrv
short verisrv
Definition XrdSecProtocolpwd.hh:221

pwdOptions::udir
char * udir
Definition XrdSecProtocolpwd.hh:229

pwdOptions::pwdOptions
pwdOptions()
Definition XrdSecProtocolpwd.hh:237

pwdOptions::Print
void Print(XrdOucTrace *t)

pwdOptions::alog
short alog
Definition XrdSecProtocolpwd.hh:220

pwdOptions::~pwdOptions
virtual ~pwdOptions()
Definition XrdSecProtocolpwd.hh:242

pwdOptions::expfmt
int expfmt
Definition XrdSecProtocolpwd.hh:235

pwdOptions::syspwd
short syspwd
Definition XrdSecProtocolpwd.hh:223

pwdOptions::alogfile
char * alogfile
Definition XrdSecProtocolpwd.hh:231

pwdOptions::cpass
char * cpass
Definition XrdSecProtocolpwd.hh:230

XrdSecBuffer
Generic structure to pass security information back and forth.
Definition XrdSecInterface.hh:51

pwdStatus_t
Definition XrdSecProtocolpwd.hh:192

pwdStatus_t::ctype
char ctype
Definition XrdSecProtocolpwd.hh:193

pwdStatus_t::action
char action
Definition XrdSecProtocolpwd.hh:194

pwdStatus_t::options
short options
Definition XrdSecProtocolpwd.hh:195