#include <XrdSecInterface.hh>
|
| virtual int | Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)=0 |
| |
| virtual XrdSecCredentials * | getCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)=0 |
| |
| virtual int | Encrypt (const char *inbuff, int inlen, XrdSecBuffer **outbuff) |
| |
| virtual int | Decrypt (const char *inbuff, int inlen, XrdSecBuffer **outbuff) |
| |
| virtual int | Sign (const char *inbuff, int inlen, XrdSecBuffer **outbuff) |
| |
| virtual int | Verify (const char *inbuff, int inlen, const char *sigbuff, int siglen) |
| |
| virtual int | getKey (char *buff=0, int size=0) |
| |
| virtual int | setKey (char *buff, int size) |
| |
| virtual bool | needTLS () |
| | Check if this protocol requires TLS to properly function.
|
| |
| virtual void | Delete ()=0 |
| | Delete the protocol object. DO NOT use C++ delete() on this object.
|
| |
| | XrdSecProtocol (const char *pName) |
| | Constructor.
|
| |
◆ XrdSecProtocol()
| XrdSecProtocol::XrdSecProtocol |
( |
const char * |
pName | ) |
|
|
inline |
◆ ~XrdSecProtocol()
| virtual XrdSecProtocol::~XrdSecProtocol |
( |
| ) |
|
|
inlineprotectedvirtual |
Destructor (prevents use of direct delete).
◆ Authenticate()
Authenticate a client.
- Parameters
-
| cred | Credentials supplied by the client. |
| parms | Place where the address of additional authentication data is to be placed for another autrhentication handshake. |
| einfo | The error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr. |
- Returns
- > 0 -> parms present (more authentication needed) = 0 -> Entity present (authentication suceeded) < 0 -> einfo present (error has occurred)
Implemented in XrdSecProtocolhost, XrdSecTLayer, XrdSecProtocolgsi, XrdSecProtocolpwd, and XrdSecProtocolsss.
◆ Decrypt()
| virtual int XrdSecProtocol::Decrypt |
( |
const char * |
inbuff, |
|
|
int |
inlen, |
|
|
XrdSecBuffer ** |
outbuff |
|
) |
| |
|
inlinevirtual |
Decrypt data in inbuff using the session key.
- Parameters
-
| inbuff | buffer holding data to be decrypted. |
| inlen | length of the data. |
| outbuff | place where a pointer to the decrypted data is placed. |
- Returns
- < 0 Failed,the return value is -errno (see Encrypt). = 0 Success, outbuff contains a pointer to the decrypted data. The caller is responsible for deleting the returned object.
Reimplemented in XrdSecProtocolgsi.
◆ Delete()
| virtual void XrdSecProtocol::Delete |
( |
| ) |
|
|
pure virtual |
◆ Encrypt()
| virtual int XrdSecProtocol::Encrypt |
( |
const char * |
inbuff, |
|
|
int |
inlen, |
|
|
XrdSecBuffer ** |
outbuff |
|
) |
| |
|
inlinevirtual |
Encrypt data in inbuff using the session key.
- Parameters
-
| inbuff | buffer holding data to be encrypted. |
| inlen | length of the data. |
| outbuff | place where a pointer to the encrypted data is placed. |
- Returns
- < 0 Failed, the return value is -errno of the reason. Typically, -EINVAL - one or more arguments are invalid. -NOTSUP - encryption not supported by the protocol -ENOENT - Context not innitialized = 0 Success, outbuff contains a pointer to the encrypted data. The caller is responsible for deleting the returned object.
Reimplemented in XrdSecProtocolgsi.
◆ getCredentials()
Generate client credentials to be used in the authentication process.
- Parameters
-
| parm | Pointer to the information returned by the server either in the initial login response or the authmore response. |
| einfo | The error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr. |
- Returns
- Success: Pointer to credentials to sent to the server. The caller is responsible for deleting the object. Failure: Null pointer with einfo, if supplied, containing the reason for the failure.
Implemented in XrdSecProtocolhost, XrdSecTLayer, XrdSecProtocolgsi, XrdSecProtocolpwd, and XrdSecProtocolsss.
◆ getKey()
| virtual int XrdSecProtocol::getKey |
( |
char * |
buff = 0, |
|
|
int |
size = 0 |
|
) |
| |
|
inlinevirtual |
Get the current encryption key (i.e. session key)
- Parameters
-
| buff | buffer to hold the key, and may be null. |
| size | size of the buffer. |
- Returns
- < 0 Failed, returned value if -errno (see Encrypt) >= 0 The size of the encyption key. The supplied buffer of length size hold the key. If the buffer address is supplied, the key is placed in the buffer.
Reimplemented in XrdSecProtocolgsi.
◆ needTLS()
| virtual bool XrdSecProtocol::needTLS |
( |
| ) |
|
|
inlinevirtual |
Check if this protocol requires TLS to properly function.
◆ setKey()
| virtual int XrdSecProtocol::setKey |
( |
char * |
buff, |
|
|
int |
size |
|
) |
| |
|
inlinevirtual |
Set the current encryption key
- Parameters
-
| buff | buffer that holds the key. |
| size | size of the key. |
- Returns
- : < 0 Failed, returned value if -errno (see Encrypt) = 0 The new key has been set.
Reimplemented in XrdSecProtocolgsi.
◆ Sign()
| virtual int XrdSecProtocol::Sign |
( |
const char * |
inbuff, |
|
|
int |
inlen, |
|
|
XrdSecBuffer ** |
outbuff |
|
) |
| |
|
inlinevirtual |
Sign data in inbuff using the session key.
- Parameters
-
| inbuff | buffer holding data to be signed. |
| inlen | length of the data. |
| outbuff | place where a pointer to the signature is placed. |
- Returns
- < 0 Failed,the return value is -errno (see Encrypt). = 0 Success, outbuff contains a pointer to the signature. The caller is responsible for deleting the returned object.
Reimplemented in XrdSecProtocolgsi.
◆ Verify()
| virtual int XrdSecProtocol::Verify |
( |
const char * |
inbuff, |
|
|
int |
inlen, |
|
|
const char * |
sigbuff, |
|
|
int |
siglen |
|
) |
| |
|
inlinevirtual |
Verify a signature using the session key.
- Parameters
-
| inbuff | buffer holding data to be verified. |
| inlen | length of the data. |
| sigbuff | pointer to the signature data. |
| siglen | length of the signature data. |
- Returns
- < 0 Failed,the return value is -errno (see Encrypt). = 0 Success, signature is correct. > 0 Failed to verify, signature does not match inbuff data.
Reimplemented in XrdSecProtocolgsi.
◆ Entity
Structure holding the entity's identification. It is filled in by a successful call to Authenticate() (i.e. it returns 0).
The documentation for this class was generated from the following file:
