No Matches
Go to the documentation of this file.
4/* */
5/* X r d S e c T L a y e r . h h */
6/* */
7/* */
8/* (c) 2008 by the Board of Trustees of the Leland Stanford, Jr., University */
9/* All Rights Reserved */
10/* Produced by Andrew Hanushevsky for Stanford University under contract */
11/* DE-AC02-76-SFO0515 with the Department of Energy */
12/* */
13/* This file is part of the XRootD software suite. */
14/* */
15/* XRootD is free software: you can redistribute it and/or modify it under */
16/* the terms of the GNU Lesser General Public License as published by the */
17/* Free Software Foundation, either version 3 of the License, or (at your */
18/* option) any later version. */
19/* */
20/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
21/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
22/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
23/* License for more details. */
24/* */
25/* You should have received a copy of the GNU Lesser General Public License */
26/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
27/* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
28/* */
29/* The copyright holder's institutional names and contributor's names may not */
30/* be used to endorse or promote products derived from this software without */
31/* specific prior written permission of the institution or contributor. */
37/* The XrdSecTLayer class is meant to be used as a wrapper for security
38 protocols that require transport-layer interactions to complete the
39 authentication exchange (e.g., native ssl). This class virtualizes a
40 transport-layer socket and provides the proper framing to allow stream
41 socket level interactions to occur across an existing client/xrootd
42 connection. To that extent, there are certain limitations in this
43 virtualization:
44 1) Interactions must complete within a window whose upper bound is set to
45 CPU 10 seconds (i.e., Network RTT and artificial delays do not apply).
46 The window has no lower bound so that an interaction may complete as fast
47 as conditions allow. An interaction is whatever bytes produce a single
48 request/response. These bytes need not be produced all at once but the
49 last required byte of an interaction must be produced within 10 CPU
50 seconds of the 1st byte. There is no limit on the number of interactions.
51 2) The use of the supplied socket must use standard and common socket
52 operations (e.g., read(), write(), send(), recv(), close()).
53 3) The protocol must not be sensitive to the fact that the socket will
54 identify itself as a local socket with an IPV4 address of
56 For more information, see pure abstract methods secClient() and secServer()
57 which must be implemented by the derived class (in addition to delete()).
58 Finally, consider the parameters you may need to pass to the constructor of
59 this class.
62class XrdOucErrInfo;
68// The object inheriting this class should call the initializer indicating
69// the true name of the protocol (no more that 7 characters). To optimize the
70// start-up, indicate who is the initiator (i.e., first one to send data). Using
71// the enum below, specify isClient (the default) or isServer. If the initiator
72// is not known, use the default and the class will dynamically determine it.
76 XrdSecTLayer(const char *pName, Initiator who1st=isClient);
78// This is a symmetric wrapper. At the start on each end, secClient() is
79// called on the client-side and secServer() is called on the server side.
80// The 1st parameter is the filedescriptor to be used for the security exchange.
81// It is the responsibility of each routine to close the file descriptor prior
82// to returning to the caller! No return value is expected as success or failure
83// is communicated via the esecond paramter, the XrdOucErrInfo object.
85// Upon success, the error code must be set to zero (the initial value) and
86// for secServer() the Entity object defined in the topmost
87// XrdSecProtocol object must contain the client's identity.
89// Upon failure, the error code must be set to a positive error number (usually
90// some errno value) as well as text explaining the problem.
92// Client: theFD - file descriptor to be used
93// einfo - the error object where ending status must be returned
95virtual void secClient(int theFD, XrdOucErrInfo *einfo)=0;
97// Server: theFD - file descriptor to be used
98// einfo - the error object where ending status must be returned
100virtual void secServer(int theFD, XrdOucErrInfo *einfo)=0;
102// You must implete the proper delete(). Normally, do a "delete this" and join
103// the secTid thread: "if (secTid) {XrdSysThread::Join(secTid,NULL);secTid=0;}".
105virtual void Delete()=0;
107// Classes that must be public are only internally used
111 XrdSecParameters **parms,
112 XrdOucErrInfo *einfo=0);
115 XrdOucErrInfo *einfo=0);
117 void secXeq();
120pthread_t secTid;
122virtual ~XrdSecTLayer() {if (eText) {free(eText);eText=0;}
123 if (myFD>0) {close(myFD);myFD=-1;}
124 }
129int Read(int FD, char *Buff, int rdLen);
131void secDrain();
132const char *secErrno(int rc, char *buff);
133void secError(const char *Msg, int rc, int iserrno=1);
140int Tmax; // Maximum timeslices per interaction
141int Tcur; // Current timeslice
143char *eText;
148 char protName[8]; // via Constructor
149 char protCode; // One of the below
150static const char endData = 0x00;
151static const char xfrData = 0x01;
152 char protRsvd[7]; // Reserved
155static const int buffSz = 8192;
156static const int hdrSz = sizeof(TLayerRR);
157static const int dataSz = buffSz - hdrSz;
#define close(a)
Definition XrdPosix.hh:43
Definition XrdOucErrInfo.hh:101
Definition XrdSecInterface.hh:131
Definition XrdSecTLayer.hh:65
Initiator Starter
Definition XrdSecTLayer.hh:136
virtual void secClient(int theFD, XrdOucErrInfo *einfo)=0
Definition XrdSecTLayer.hh:74
@ isClient
Definition XrdSecTLayer.hh:74
@ isServer
Definition XrdSecTLayer.hh:74
XrdSysSemaphore mySem
Definition XrdSecTLayer.hh:135
struct XrdSecTLayer::TLayerRR Hdr
int bootUp(Initiator Who)
virtual int Authenticate(XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)
Initiator Responder
Definition XrdSecTLayer.hh:137
static const int dataSz
Definition XrdSecTLayer.hh:157
void secDrain()
int myFD
Definition XrdSecTLayer.hh:138
virtual void Delete()=0
Delete the protocol object. DO NOT use C++ delete() on this object.
char * eText
Definition XrdSecTLayer.hh:143
static const int hdrSz
Definition XrdSecTLayer.hh:156
virtual ~XrdSecTLayer()
Definition XrdSecTLayer.hh:122
pthread_t secTid
Definition XrdSecTLayer.hh:120
void secError(const char *Msg, int rc, int iserrno=1)
XrdOucErrInfo * eDest
Definition XrdSecTLayer.hh:144
static const int buffSz
Definition XrdSecTLayer.hh:155
const char * secErrno(int rc, char *buff)
int Read(int FD, char *Buff, int rdLen)
virtual XrdSecCredentials * getCredentials(XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)
int urFD
Definition XrdSecTLayer.hh:139
int eCode
Definition XrdSecTLayer.hh:142
int Tmax
Definition XrdSecTLayer.hh:140
int Tcur
Definition XrdSecTLayer.hh:141
virtual void secServer(int theFD, XrdOucErrInfo *einfo)=0
XrdSecTLayer(const char *pName, Initiator who1st=isClient)
Definition XrdSysPthread.hh:494
Generic structure to pass security information back and forth.
Definition XrdSecInterface.hh:51
Definition XrdSecTLayer.hh:147
char protCode
Definition XrdSecTLayer.hh:149
char protName[8]
Definition XrdSecTLayer.hh:148
static const char xfrData
Definition XrdSecTLayer.hh:151
static const char endData
Definition XrdSecTLayer.hh:150
char protRsvd[7]
Definition XrdSecTLayer.hh:152