#include <XrdSecProtocolgsi.hh>
|
int | Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0) |
|
XrdSecCredentials * | getCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0) |
|
| XrdSecProtocolgsi (int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0) |
|
virtual | ~XrdSecProtocolgsi () |
|
void | Delete () |
| Delete the protocol object. DO NOT use C++ delete() on this object.
|
|
int | Encrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
|
int | Decrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
|
int | Sign (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
|
int | Verify (const char *inbuf, int inlen, const char *sigbuf, int siglen) |
|
int | getKey (char *kbuf=0, int klen=0) |
|
int | setKey (char *kbuf, int klen) |
|
virtual bool | needTLS () |
| Check if this protocol requires TLS to properly function.
|
|
| XrdSecProtocol (const char *pName) |
| Constructor.
|
|
|
int | ParseClientInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg) |
|
int | ClientDoInit (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
|
int | ClientDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
|
int | ClientDoPxyreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
|
int | ParseServerInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
|
int | ServerDoCertreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
|
int | ServerDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
|
int | ServerDoSigpxy (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
|
int | ParseCrypto (String cryptlist) |
|
int | ParseCAlist (String calist) |
|
bool | ServerCertNameOK (const char *subject, const char *hname, String &e) |
|
XrdSecCredentials * | ErrC (XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0) |
|
int | ErrS (String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0) |
|
bool | CheckTimeStamp (XrdSutBuffer *b, int skew, String &emsg) |
|
bool | CheckRtag (XrdSutBuffer *bm, String &emsg) |
|
int | AddSerialized (char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip) |
|
void | CopyEntity (XrdSecEntity *in, XrdSecEntity *out, int *lout=0) |
|
void | FreeEntity (XrdSecEntity *in) |
|
|
static int | GetCA (const char *cahash, XrdCryptoFactory *cryptof, gsiHSVars *hs=0) |
|
static String | GetCApath (const char *cahash) |
|
static bool | VerifyCA (int opt, X509Chain *cca, XrdCryptoFactory *cf) |
|
static int | VerifyCRL (XrdCryptoX509Crl *crl, XrdCryptoX509 *xca, XrdOucString crldir, XrdCryptoFactory *CF, int hashalg) |
|
static XrdSutCacheEntry * | GetSrvCertEnt (XrdSutCERef &gcref, XrdCryptoFactory *cf, time_t timestamp, String &cal) |
|
static XrdCryptoX509Crl * | LoadCRL (XrdCryptoX509 *xca, const char *sjhash, XrdCryptoFactory *CF, int dwld, int &err) |
|
static int | QueryProxy (bool checkcache, XrdSutCache *cache, const char *tag, XrdCryptoFactory *cf, time_t timestamp, ProxyIn_t *pi, ProxyOut_t *po) |
|
static int | InitProxy (ProxyIn_t *pi, XrdCryptoFactory *cf, X509Chain *ch=0, XrdCryptoRSA **key=0) |
|
static void | ErrF (XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0) |
|
static XrdSecgsiGMAP_t | LoadGMAPFun (const char *plugin, const char *parms) |
|
static XrdSecgsiAuthz_t | LoadAuthzFun (const char *plugin, const char *parms, int &fmt) |
|
static XrdSecgsiVOMS_t | LoadVOMSFun (const char *plugin, const char *parms, int &fmt) |
|
static void | QueryGMAP (XrdCryptoX509Chain *chain, int now, String &name) |
|
◆ XrdSecProtocolgsi()
XrdSecProtocolgsi::XrdSecProtocolgsi |
( |
int |
opts, |
|
|
const char * |
hname, |
|
|
XrdNetAddrInfo & |
endPoint, |
|
|
const char * |
parms = 0 |
|
) |
| |
◆ ~XrdSecProtocolgsi()
virtual XrdSecProtocolgsi::~XrdSecProtocolgsi |
( |
| ) |
|
|
inlinevirtual |
◆ AddSerialized()
◆ Authenticate()
Authenticate a client.
- Parameters
-
cred | Credentials supplied by the client. |
parms | Place where the address of additional authentication data is to be placed for another autrhentication handshake. |
einfo | The error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr. |
- Returns
- > 0 -> parms present (more authentication needed) = 0 -> Entity present (authentication suceeded) < 0 -> einfo present (error has occurred)
Implements XrdSecProtocol.
◆ CheckRtag()
◆ CheckTimeStamp()
◆ ClientDoCert()
◆ ClientDoInit()
◆ ClientDoPxyreq()
◆ CopyEntity()
◆ Decrypt()
int XrdSecProtocolgsi::Decrypt |
( |
const char * |
inbuff, |
|
|
int |
inlen, |
|
|
XrdSecBuffer ** |
outbuff |
|
) |
| |
|
virtual |
Decrypt data in inbuff using the session key.
- Parameters
-
inbuff | buffer holding data to be decrypted. |
inlen | length of the data. |
outbuff | place where a pointer to the decrypted data is placed. |
- Returns
- < 0 Failed,the return value is -errno (see Encrypt). = 0 Success, outbuff contains a pointer to the decrypted data. The caller is responsible for deleting the returned object.
Reimplemented from XrdSecProtocol.
◆ Delete()
void XrdSecProtocolgsi::Delete |
( |
| ) |
|
|
virtual |
Delete the protocol object. DO NOT use C++ delete() on this object.
Implements XrdSecProtocol.
◆ EnableTracing()
static XrdOucTrace * XrdSecProtocolgsi::EnableTracing |
( |
| ) |
|
|
static |
◆ Encrypt()
int XrdSecProtocolgsi::Encrypt |
( |
const char * |
inbuff, |
|
|
int |
inlen, |
|
|
XrdSecBuffer ** |
outbuff |
|
) |
| |
|
virtual |
Encrypt data in inbuff using the session key.
- Parameters
-
inbuff | buffer holding data to be encrypted. |
inlen | length of the data. |
outbuff | place where a pointer to the encrypted data is placed. |
- Returns
- < 0 Failed, the return value is -errno of the reason. Typically, -EINVAL - one or more arguments are invalid. -NOTSUP - encryption not supported by the protocol -ENOENT - Context not innitialized = 0 Success, outbuff contains a pointer to the encrypted data. The caller is responsible for deleting the returned object.
Reimplemented from XrdSecProtocol.
◆ ErrC()
◆ ErrF()
static void XrdSecProtocolgsi::ErrF |
( |
XrdOucErrInfo * |
einfo, |
|
|
kXR_int32 |
ecode, |
|
|
const char * |
msg1, |
|
|
const char * |
msg2 = 0 , |
|
|
const char * |
msg3 = 0 |
|
) |
| |
|
staticprivate |
◆ ErrS()
◆ FreeEntity()
◆ GetCA()
◆ GetCApath()
static String XrdSecProtocolgsi::GetCApath |
( |
const char * |
cahash | ) |
|
|
staticprivate |
◆ getCredentials()
Generate client credentials to be used in the authentication process.
- Parameters
-
parm | Pointer to the information returned by the server either in the initial login response or the authmore response. |
einfo | The error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr. |
- Returns
- Success: Pointer to credentials to sent to the server. The caller is responsible for deleting the object. Failure: Null pointer with einfo, if supplied, containing the reason for the failure.
Implements XrdSecProtocol.
◆ getKey()
int XrdSecProtocolgsi::getKey |
( |
char * |
buff = 0 , |
|
|
int |
size = 0 |
|
) |
| |
|
virtual |
Get the current encryption key (i.e. session key)
- Parameters
-
buff | buffer to hold the key, and may be null. |
size | size of the buffer. |
- Returns
- < 0 Failed, returned value if -errno (see Encrypt) >= 0 The size of the encyption key. The supplied buffer of length size hold the key. If the buffer address is supplied, the key is placed in the buffer.
Reimplemented from XrdSecProtocol.
◆ GetSrvCertEnt()
◆ Init()
◆ InitProxy()
◆ LoadAuthzFun()
static XrdSecgsiAuthz_t XrdSecProtocolgsi::LoadAuthzFun |
( |
const char * |
plugin, |
|
|
const char * |
parms, |
|
|
int & |
fmt |
|
) |
| |
|
staticprivate |
◆ LoadCRL()
◆ LoadGMAPFun()
static XrdSecgsiGMAP_t XrdSecProtocolgsi::LoadGMAPFun |
( |
const char * |
plugin, |
|
|
const char * |
parms |
|
) |
| |
|
staticprivate |
◆ LoadVOMSFun()
static XrdSecgsiVOMS_t XrdSecProtocolgsi::LoadVOMSFun |
( |
const char * |
plugin, |
|
|
const char * |
parms, |
|
|
int & |
fmt |
|
) |
| |
|
staticprivate |
◆ ParseCAlist()
int XrdSecProtocolgsi::ParseCAlist |
( |
String |
calist | ) |
|
|
private |
◆ ParseClientInput()
◆ ParseCrypto()
int XrdSecProtocolgsi::ParseCrypto |
( |
String |
cryptlist | ) |
|
|
private |
◆ ParseServerInput()
◆ QueryGMAP()
◆ QueryProxy()
◆ ServerCertNameOK()
bool XrdSecProtocolgsi::ServerCertNameOK |
( |
const char * |
subject, |
|
|
const char * |
hname, |
|
|
String & |
e |
|
) |
| |
|
private |
◆ ServerDoCert()
◆ ServerDoCertreq()
◆ ServerDoSigpxy()
◆ setKey()
int XrdSecProtocolgsi::setKey |
( |
char * |
buff, |
|
|
int |
size |
|
) |
| |
|
virtual |
Set the current encryption key
- Parameters
-
buff | buffer that holds the key. |
size | size of the key. |
- Returns
- : < 0 Failed, returned value if -errno (see Encrypt) = 0 The new key has been set.
Reimplemented from XrdSecProtocol.
◆ Sign()
int XrdSecProtocolgsi::Sign |
( |
const char * |
inbuff, |
|
|
int |
inlen, |
|
|
XrdSecBuffer ** |
outbuff |
|
) |
| |
|
virtual |
Sign data in inbuff using the session key.
- Parameters
-
inbuff | buffer holding data to be signed. |
inlen | length of the data. |
outbuff | place where a pointer to the signature is placed. |
- Returns
- < 0 Failed,the return value is -errno (see Encrypt). = 0 Success, outbuff contains a pointer to the signature. The caller is responsible for deleting the returned object.
Reimplemented from XrdSecProtocol.
◆ Verify()
int XrdSecProtocolgsi::Verify |
( |
const char * |
inbuff, |
|
|
int |
inlen, |
|
|
const char * |
sigbuff, |
|
|
int |
siglen |
|
) |
| |
|
virtual |
Verify a signature using the session key.
- Parameters
-
inbuff | buffer holding data to be verified. |
inlen | length of the data. |
sigbuff | pointer to the signature data. |
siglen | length of the signature data. |
- Returns
- < 0 Failed,the return value is -errno (see Encrypt). = 0 Success, signature is correct. > 0 Failed to verify, signature does not match inbuff data.
Reimplemented from XrdSecProtocol.
◆ VerifyCA()
◆ VerifyCRL()
◆ gsiHSVars
◆ gsiOptions
◆ AuthzAlways
int XrdSecProtocolgsi::AuthzAlways |
|
staticprivate |
◆ AuthzCacheTimeOut
int XrdSecProtocolgsi::AuthzCacheTimeOut |
|
staticprivate |
◆ AuthzCertFmt
int XrdSecProtocolgsi::AuthzCertFmt |
|
staticprivate |
◆ AuthzFun
◆ AuthzKey
◆ AuthzPxyWhat
int XrdSecProtocolgsi::AuthzPxyWhat |
|
staticprivate |
◆ AuthzPxyWhere
int XrdSecProtocolgsi::AuthzPxyWhere |
|
staticprivate |
◆ bucketKey
◆ cacheAuthzFun
◆ cacheCA
◆ cacheCert
◆ CACheck
int XrdSecProtocolgsi::CACheck |
|
staticprivate |
◆ cacheGMAPFun
◆ cachePxy
◆ CAdir
String XrdSecProtocolgsi::CAdir |
|
staticprivate |
◆ CRLCheck
int XrdSecProtocolgsi::CRLCheck |
|
staticprivate |
◆ CRLdir
String XrdSecProtocolgsi::CRLdir |
|
staticprivate |
◆ CRLDownload
int XrdSecProtocolgsi::CRLDownload |
|
staticprivate |
◆ CRLRefresh
int XrdSecProtocolgsi::CRLRefresh |
|
staticprivate |
◆ cryptF
◆ cryptID
◆ cryptName
◆ Debug
int XrdSecProtocolgsi::Debug |
|
staticprivate |
◆ DefBits
int XrdSecProtocolgsi::DefBits |
|
staticprivate |
◆ DefCipher
String XrdSecProtocolgsi::DefCipher |
|
staticprivate |
◆ DefCRLext
String XrdSecProtocolgsi::DefCRLext |
|
staticprivate |
◆ DefCrypto
String XrdSecProtocolgsi::DefCrypto |
|
staticprivate |
◆ DefError
String XrdSecProtocolgsi::DefError |
|
staticprivate |
◆ DefMD
String XrdSecProtocolgsi::DefMD |
|
staticprivate |
◆ DepLength
int XrdSecProtocolgsi::DepLength |
|
staticprivate |
◆ eDest
◆ epAddr
◆ expectedHost
char* XrdSecProtocolgsi::expectedHost |
|
private |
◆ GMAPCacheTimeOut
int XrdSecProtocolgsi::GMAPCacheTimeOut |
|
staticprivate |
◆ GMAPFile
String XrdSecProtocolgsi::GMAPFile |
|
staticprivate |
◆ GMAPFun
◆ GMAPOpt
int XrdSecProtocolgsi::GMAPOpt |
|
staticprivate |
◆ GMAPuseDNname
bool XrdSecProtocolgsi::GMAPuseDNname |
|
staticprivate |
◆ gsiContext
◆ GSITrace
◆ HashCompatibility
bool XrdSecProtocolgsi::HashCompatibility |
|
staticprivate |
◆ hs
◆ lastGMAPCheck
time_t XrdSecProtocolgsi::lastGMAPCheck |
|
staticprivate |
◆ Logger
◆ MonInfoOpt
int XrdSecProtocolgsi::MonInfoOpt |
|
staticprivate |
◆ mutexGMAP
◆ ncrypt
int XrdSecProtocolgsi::ncrypt |
|
staticprivate |
◆ options
int XrdSecProtocolgsi::options |
|
private |
◆ proxyChain
◆ PxyReqOpts
int XrdSecProtocolgsi::PxyReqOpts |
|
staticprivate |
◆ PxyValid
String XrdSecProtocolgsi::PxyValid |
|
staticprivate |
◆ refcip
◆ Server
bool XrdSecProtocolgsi::Server |
|
staticprivate |
◆ servGMap
◆ sessionCF
◆ sessionKey
◆ sessionKsig
◆ sessionKver
◆ sessionMD
◆ ShowDN
bool XrdSecProtocolgsi::ShowDN |
|
staticprivate |
◆ SrvAllowedNames
String XrdSecProtocolgsi::SrvAllowedNames |
|
staticprivate |
◆ SrvCert
String XrdSecProtocolgsi::SrvCert |
|
staticprivate |
◆ SrvKey
String XrdSecProtocolgsi::SrvKey |
|
staticprivate |
◆ srvMode
bool XrdSecProtocolgsi::srvMode |
|
private |
◆ stackCA
◆ stackCRL
◆ TimeSkew
int XrdSecProtocolgsi::TimeSkew |
|
staticprivate |
◆ TrustDNS
bool XrdSecProtocolgsi::TrustDNS |
|
staticprivate |
◆ useIV
bool XrdSecProtocolgsi::useIV |
|
private |
◆ UsrCert
String XrdSecProtocolgsi::UsrCert |
|
staticprivate |
◆ UsrKey
String XrdSecProtocolgsi::UsrKey |
|
staticprivate |
◆ UsrProxy
String XrdSecProtocolgsi::UsrProxy |
|
staticprivate |
◆ VOMSAttrOpt
int XrdSecProtocolgsi::VOMSAttrOpt |
|
staticprivate |
◆ VOMSCertFmt
int XrdSecProtocolgsi::VOMSCertFmt |
|
staticprivate |
◆ VOMSFun
The documentation for this class was generated from the following file: