xrootd
Loading...
Searching...
No Matches
Public Member Functions | Public Attributes | Protected Member Functions | Private Member Functions | Private Attributes | Static Private Attributes | Friends | List of all members
XrdSecProtect Class Reference

#include <XrdSecProtect.hh>

Collaboration diagram for XrdSecProtect:
Collaboration graph
[legend]

Public Member Functions

virtual void Delete ()
 Delete this object. Use this method as opposed to operator delete.
 
virtual int Secure (SecurityRequest *&newreq, ClientRequest &thereq, const char *thedata)
 
virtual const char * Verify (SecurityRequest &secreq, ClientRequest &thereq, const char *thedata)
 
virtual ~XrdSecProtect ()
 Destructor.
 

Public Attributes

bool(XrdSecProtect::* Need2Secure )(ClientRequest &thereq)
 

Protected Member Functions

 XrdSecProtect (XrdSecProtocol *aprot=0, bool edok=true)
 
 XrdSecProtect (XrdSecProtocol *aprot, XrdSecProtect &pRef, bool edok=true)
 
void SetProtection (const ServerResponseReqs_Protocol &inReqs)
 

Private Member Functions

bool GetSHA2 (unsigned char *hBuff, struct iovec *iovP, int iovN)
 
bool Screen (ClientRequest &thereq)
 

Private Attributes

XrdSecProtocolauthProt
 
const char * secVec
 
ServerResponseReqs_Protocol myReqs
 
union { 
 
   kXR_unt64   lastSeqno 
 
   kXR_unt64   nextSeqno 
 
};  
 
bool edOK
 
bool secVerData
 
char myVec [maxRIX]
 

Static Private Attributes

static const unsigned int maxRIX = kXR_REQFENCE-kXR_auth
 

Friends

class XrdSecProtector
 

Constructor & Destructor Documentation

◆ ~XrdSecProtect()

virtual XrdSecProtect::~XrdSecProtect ( )
inlinevirtual

Destructor.

◆ XrdSecProtect() [1/2]

XrdSecProtect::XrdSecProtect ( XrdSecProtocol aprot = 0,
bool  edok = true 
)
inlineprotected

◆ XrdSecProtect() [2/2]

XrdSecProtect::XrdSecProtect ( XrdSecProtocol aprot,
XrdSecProtect pRef,
bool  edok = true 
)
inlineprotected

Member Function Documentation

◆ Delete()

virtual void XrdSecProtect::Delete ( )
inlinevirtual

Delete this object. Use this method as opposed to operator delete.

◆ GetSHA2()

bool XrdSecProtect::GetSHA2 ( unsigned char *  hBuff,
struct iovec *  iovP,
int  iovN 
)
private

◆ Screen()

bool XrdSecProtect::Screen ( ClientRequest thereq)
private

◆ Secure()

virtual int XrdSecProtect::Secure ( SecurityRequest *&  newreq,
ClientRequest thereq,
const char *  thedata 
)
virtual

Secure a request.

Request securement is optional and this call should be gaurded by an if statement to avoid securing requests that need not be secured as follows:

if (NEED2SECURE(<protP>)(thereq)) result = <protP>->Secure(....); else result = 0;

Modify the above to your particuar needs but gaurd the call!

Parameters
newreqA reference to a pointer where the new request, if needed, will be placed. The new request will consist of a kXR_sigver request followed by hash. The request buffer must be freed using free() when it is no longer needed.
thereqReference to the client request header/body that needs to be secured. The request must be in network byte order.
thedataThe request data whose length resides in theReq.dlen. If thedata is nil but thereq.dlen is not zero then the request data must follow the request header in the thereq buffer.
Returns
<0 An error occurred and the return value is -errno.
>0 The length of the new request whose pointer is in newreq. This is the nuber of bytes that must be sent.

◆ SetProtection()

void XrdSecProtect::SetProtection ( const ServerResponseReqs_Protocol inReqs)
protected

◆ Verify()

virtual const char * XrdSecProtect::Verify ( SecurityRequest secreq,
ClientRequest thereq,
const char *  thedata 
)
virtual

Verify that a request was properly secured.

Parameters
secreqA reference to the kXR_sigver request followed by whatever data was sent (normally an encrypted verification hash). All but the request code must be in network byte order.
thereqReference to the client request header/body that needs to be verified. The request must be in network byte order.
thedataThe request data whose length resides in theReq.dlen.
Returns
Upon success zero is returned. Otherwise a pointer to a null delimited string describing the problem is returned.

Friends And Related Symbol Documentation

◆ XrdSecProtector

friend class XrdSecProtector
friend

Member Data Documentation

◆ [union]

union { ... } XrdSecProtect

◆ authProt

XrdSecProtocol* XrdSecProtect::authProt
private

◆ edOK

bool XrdSecProtect::edOK
private

◆ lastSeqno

kXR_unt64 XrdSecProtect::lastSeqno

◆ maxRIX

const unsigned int XrdSecProtect::maxRIX = kXR_REQFENCE-kXR_auth
staticprivate

◆ myReqs

ServerResponseReqs_Protocol XrdSecProtect::myReqs
private

◆ myVec

char XrdSecProtect::myVec[maxRIX]
private

◆ Need2Secure

bool(XrdSecProtect::* XrdSecProtect::Need2Secure) (ClientRequest &thereq)

Test whether or not a request needs to be secured. This method pointer should only be invoked via the NEED2SECURE macro (see above).

Parameters
thereqReference to the request header/body in network byte order.
Returns
false - request need not be secured (equals false).
true - request needs to be secured.

◆ nextSeqno

kXR_unt64 XrdSecProtect::nextSeqno

◆ secVec

const char* XrdSecProtect::secVec
private

◆ secVerData

bool XrdSecProtect::secVerData
private
The documentation for this class was generated from the following file:
Generated by doxygen 1.9.8