#include <XrdSecProtocolgsi.hh>
|
| int | Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0) |
| |
| XrdSecCredentials * | getCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0) |
| |
| | XrdSecProtocolgsi (int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0) |
| |
| virtual | ~XrdSecProtocolgsi () |
| |
| void | Delete () |
| | Delete the protocol object. DO NOT use C++ delete() on this object.
|
| |
| int | Encrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
| |
| int | Decrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
| |
| int | Sign (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
| |
| int | Verify (const char *inbuf, int inlen, const char *sigbuf, int siglen) |
| |
| int | getKey (char *kbuf=0, int klen=0) |
| |
| int | setKey (char *kbuf, int klen) |
| |
| virtual bool | needTLS () |
| | Check if this protocol requires TLS to properly function.
|
| |
| | XrdSecProtocol (const char *pName) |
| | Constructor.
|
| |
|
| int | ParseClientInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg) |
| |
| int | ClientDoInit (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| |
| int | ClientDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| |
| int | ClientDoPxyreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| |
| int | ParseServerInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| |
| int | ServerDoCertreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| |
| int | ServerDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| |
| int | ServerDoSigpxy (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| |
| int | ParseCrypto (String cryptlist) |
| |
| int | ParseCAlist (String calist) |
| |
| bool | ServerCertNameOK (const char *subject, const char *hname, String &e) |
| |
| XrdSecCredentials * | ErrC (XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0) |
| |
| int | ErrS (String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0) |
| |
| bool | CheckTimeStamp (XrdSutBuffer *b, int skew, String &emsg) |
| |
| bool | CheckRtag (XrdSutBuffer *bm, String &emsg) |
| |
| int | AddSerialized (char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip) |
| |
| void | CopyEntity (XrdSecEntity *in, XrdSecEntity *out, int *lout=0) |
| |
| void | FreeEntity (XrdSecEntity *in) |
| |
|
| static int | GetCA (const char *cahash, XrdCryptoFactory *cryptof, gsiHSVars *hs=0) |
| |
| static String | GetCApath (const char *cahash) |
| |
| static bool | VerifyCA (int opt, X509Chain *cca, XrdCryptoFactory *cf) |
| |
| static int | VerifyCRL (XrdCryptoX509Crl *crl, XrdCryptoX509 *xca, XrdOucString crldir, XrdCryptoFactory *CF, int hashalg) |
| |
| static XrdSutCacheEntry * | GetSrvCertEnt (XrdSutCERef &gcref, XrdCryptoFactory *cf, time_t timestamp, String &cal) |
| |
| static XrdCryptoX509Crl * | LoadCRL (XrdCryptoX509 *xca, const char *sjhash, XrdCryptoFactory *CF, int dwld, int &err) |
| |
| static int | QueryProxy (bool checkcache, XrdSutCache *cache, const char *tag, XrdCryptoFactory *cf, time_t timestamp, ProxyIn_t *pi, ProxyOut_t *po) |
| |
| static int | InitProxy (ProxyIn_t *pi, XrdCryptoFactory *cf, X509Chain *ch=0, XrdCryptoRSA **key=0) |
| |
| static void | ErrF (XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0) |
| |
| static XrdSecgsiGMAP_t | LoadGMAPFun (const char *plugin, const char *parms) |
| |
| static XrdSecgsiAuthz_t | LoadAuthzFun (const char *plugin, const char *parms, int &fmt) |
| |
| static XrdSecgsiVOMS_t | LoadVOMSFun (const char *plugin, const char *parms, int &fmt) |
| |
| static void | QueryGMAP (XrdCryptoX509Chain *chain, int now, String &name) |
| |
◆ XrdSecProtocolgsi()
| XrdSecProtocolgsi::XrdSecProtocolgsi |
( |
int |
opts, |
|
|
const char * |
hname, |
|
|
XrdNetAddrInfo & |
endPoint, |
|
|
const char * |
parms = 0 |
|
) |
| |
◆ ~XrdSecProtocolgsi()
| virtual XrdSecProtocolgsi::~XrdSecProtocolgsi |
( |
| ) |
|
|
inlinevirtual |
◆ AddSerialized()
◆ Authenticate()
Authenticate a client.
- Parameters
-
| cred | Credentials supplied by the client. |
| parms | Place where the address of additional authentication data is to be placed for another autrhentication handshake. |
| einfo | The error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr. |
- Returns
- > 0 -> parms present (more authentication needed) = 0 -> Entity present (authentication suceeded) < 0 -> einfo present (error has occurred)
Implements XrdSecProtocol.
◆ CheckRtag()
◆ CheckTimeStamp()
◆ ClientDoCert()
◆ ClientDoInit()
◆ ClientDoPxyreq()
◆ CopyEntity()
◆ Decrypt()
| int XrdSecProtocolgsi::Decrypt |
( |
const char * |
inbuff, |
|
|
int |
inlen, |
|
|
XrdSecBuffer ** |
outbuff |
|
) |
| |
|
virtual |
Decrypt data in inbuff using the session key.
- Parameters
-
| inbuff | buffer holding data to be decrypted. |
| inlen | length of the data. |
| outbuff | place where a pointer to the decrypted data is placed. |
- Returns
- < 0 Failed,the return value is -errno (see Encrypt). = 0 Success, outbuff contains a pointer to the decrypted data. The caller is responsible for deleting the returned object.
Reimplemented from XrdSecProtocol.
◆ Delete()
| void XrdSecProtocolgsi::Delete |
( |
| ) |
|
|
virtual |
Delete the protocol object. DO NOT use C++ delete() on this object.
Implements XrdSecProtocol.
◆ EnableTracing()
| static XrdOucTrace * XrdSecProtocolgsi::EnableTracing |
( |
| ) |
|
|
static |
◆ Encrypt()
| int XrdSecProtocolgsi::Encrypt |
( |
const char * |
inbuff, |
|
|
int |
inlen, |
|
|
XrdSecBuffer ** |
outbuff |
|
) |
| |
|
virtual |
Encrypt data in inbuff using the session key.
- Parameters
-
| inbuff | buffer holding data to be encrypted. |
| inlen | length of the data. |
| outbuff | place where a pointer to the encrypted data is placed. |
- Returns
- < 0 Failed, the return value is -errno of the reason. Typically, -EINVAL - one or more arguments are invalid. -NOTSUP - encryption not supported by the protocol -ENOENT - Context not innitialized = 0 Success, outbuff contains a pointer to the encrypted data. The caller is responsible for deleting the returned object.
Reimplemented from XrdSecProtocol.
◆ ErrC()
◆ ErrF()
| static void XrdSecProtocolgsi::ErrF |
( |
XrdOucErrInfo * |
einfo, |
|
|
kXR_int32 |
ecode, |
|
|
const char * |
msg1, |
|
|
const char * |
msg2 = 0, |
|
|
const char * |
msg3 = 0 |
|
) |
| |
|
staticprivate |
◆ ErrS()
◆ FreeEntity()
◆ GetCA()
◆ GetCApath()
| static String XrdSecProtocolgsi::GetCApath |
( |
const char * |
cahash | ) |
|
|
staticprivate |
◆ getCredentials()
Generate client credentials to be used in the authentication process.
- Parameters
-
| parm | Pointer to the information returned by the server either in the initial login response or the authmore response. |
| einfo | The error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr. |
- Returns
- Success: Pointer to credentials to sent to the server. The caller is responsible for deleting the object. Failure: Null pointer with einfo, if supplied, containing the reason for the failure.
Implements XrdSecProtocol.
◆ getKey()
| int XrdSecProtocolgsi::getKey |
( |
char * |
buff = 0, |
|
|
int |
size = 0 |
|
) |
| |
|
virtual |
Get the current encryption key (i.e. session key)
- Parameters
-
| buff | buffer to hold the key, and may be null. |
| size | size of the buffer. |
- Returns
- < 0 Failed, returned value if -errno (see Encrypt) >= 0 The size of the encyption key. The supplied buffer of length size hold the key. If the buffer address is supplied, the key is placed in the buffer.
Reimplemented from XrdSecProtocol.
◆ GetSrvCertEnt()
◆ Init()
◆ InitProxy()
◆ LoadAuthzFun()
| static XrdSecgsiAuthz_t XrdSecProtocolgsi::LoadAuthzFun |
( |
const char * |
plugin, |
|
|
const char * |
parms, |
|
|
int & |
fmt |
|
) |
| |
|
staticprivate |
◆ LoadCRL()
◆ LoadGMAPFun()
| static XrdSecgsiGMAP_t XrdSecProtocolgsi::LoadGMAPFun |
( |
const char * |
plugin, |
|
|
const char * |
parms |
|
) |
| |
|
staticprivate |
◆ LoadVOMSFun()
| static XrdSecgsiVOMS_t XrdSecProtocolgsi::LoadVOMSFun |
( |
const char * |
plugin, |
|
|
const char * |
parms, |
|
|
int & |
fmt |
|
) |
| |
|
staticprivate |
◆ ParseCAlist()
| int XrdSecProtocolgsi::ParseCAlist |
( |
String |
calist | ) |
|
|
private |
◆ ParseClientInput()
◆ ParseCrypto()
| int XrdSecProtocolgsi::ParseCrypto |
( |
String |
cryptlist | ) |
|
|
private |
◆ ParseServerInput()
◆ QueryGMAP()
◆ QueryProxy()
◆ ServerCertNameOK()
| bool XrdSecProtocolgsi::ServerCertNameOK |
( |
const char * |
subject, |
|
|
const char * |
hname, |
|
|
String & |
e |
|
) |
| |
|
private |
◆ ServerDoCert()
◆ ServerDoCertreq()
◆ ServerDoSigpxy()
◆ setKey()
| int XrdSecProtocolgsi::setKey |
( |
char * |
buff, |
|
|
int |
size |
|
) |
| |
|
virtual |
Set the current encryption key
- Parameters
-
| buff | buffer that holds the key. |
| size | size of the key. |
- Returns
- : < 0 Failed, returned value if -errno (see Encrypt) = 0 The new key has been set.
Reimplemented from XrdSecProtocol.
◆ Sign()
| int XrdSecProtocolgsi::Sign |
( |
const char * |
inbuff, |
|
|
int |
inlen, |
|
|
XrdSecBuffer ** |
outbuff |
|
) |
| |
|
virtual |
Sign data in inbuff using the session key.
- Parameters
-
| inbuff | buffer holding data to be signed. |
| inlen | length of the data. |
| outbuff | place where a pointer to the signature is placed. |
- Returns
- < 0 Failed,the return value is -errno (see Encrypt). = 0 Success, outbuff contains a pointer to the signature. The caller is responsible for deleting the returned object.
Reimplemented from XrdSecProtocol.
◆ Verify()
| int XrdSecProtocolgsi::Verify |
( |
const char * |
inbuff, |
|
|
int |
inlen, |
|
|
const char * |
sigbuff, |
|
|
int |
siglen |
|
) |
| |
|
virtual |
Verify a signature using the session key.
- Parameters
-
| inbuff | buffer holding data to be verified. |
| inlen | length of the data. |
| sigbuff | pointer to the signature data. |
| siglen | length of the signature data. |
- Returns
- < 0 Failed,the return value is -errno (see Encrypt). = 0 Success, signature is correct. > 0 Failed to verify, signature does not match inbuff data.
Reimplemented from XrdSecProtocol.
◆ VerifyCA()
◆ VerifyCRL()
◆ gsiHSVars
◆ gsiOptions
◆ AuthzAlways
| int XrdSecProtocolgsi::AuthzAlways |
|
staticprivate |
◆ AuthzCacheTimeOut
| int XrdSecProtocolgsi::AuthzCacheTimeOut |
|
staticprivate |
◆ AuthzCertFmt
| int XrdSecProtocolgsi::AuthzCertFmt |
|
staticprivate |
◆ AuthzFun
◆ AuthzKey
◆ AuthzPxyWhat
| int XrdSecProtocolgsi::AuthzPxyWhat |
|
staticprivate |
◆ AuthzPxyWhere
| int XrdSecProtocolgsi::AuthzPxyWhere |
|
staticprivate |
◆ bucketKey
◆ cacheAuthzFun
◆ cacheCA
◆ cacheCert
◆ CACheck
| int XrdSecProtocolgsi::CACheck |
|
staticprivate |
◆ cacheGMAPFun
◆ cachePxy
◆ CAdir
| String XrdSecProtocolgsi::CAdir |
|
staticprivate |
◆ CRLCheck
| int XrdSecProtocolgsi::CRLCheck |
|
staticprivate |
◆ CRLdir
| String XrdSecProtocolgsi::CRLdir |
|
staticprivate |
◆ CRLDownload
| int XrdSecProtocolgsi::CRLDownload |
|
staticprivate |
◆ CRLRefresh
| int XrdSecProtocolgsi::CRLRefresh |
|
staticprivate |
◆ cryptF
◆ cryptID
◆ cryptName
◆ Debug
| int XrdSecProtocolgsi::Debug |
|
staticprivate |
◆ DefBits
| int XrdSecProtocolgsi::DefBits |
|
staticprivate |
◆ DefCipher
| String XrdSecProtocolgsi::DefCipher |
|
staticprivate |
◆ DefCRLext
| String XrdSecProtocolgsi::DefCRLext |
|
staticprivate |
◆ DefCrypto
| String XrdSecProtocolgsi::DefCrypto |
|
staticprivate |
◆ DefError
| String XrdSecProtocolgsi::DefError |
|
staticprivate |
◆ DefMD
| String XrdSecProtocolgsi::DefMD |
|
staticprivate |
◆ DepLength
| int XrdSecProtocolgsi::DepLength |
|
staticprivate |
◆ eDest
◆ epAddr
◆ expectedHost
| char* XrdSecProtocolgsi::expectedHost |
|
private |
◆ GMAPCacheTimeOut
| int XrdSecProtocolgsi::GMAPCacheTimeOut |
|
staticprivate |
◆ GMAPFile
| String XrdSecProtocolgsi::GMAPFile |
|
staticprivate |
◆ GMAPFun
◆ GMAPOpt
| int XrdSecProtocolgsi::GMAPOpt |
|
staticprivate |
◆ GMAPuseDNname
| bool XrdSecProtocolgsi::GMAPuseDNname |
|
staticprivate |
◆ gsiContext
◆ GSITrace
◆ HashCompatibility
| bool XrdSecProtocolgsi::HashCompatibility |
|
staticprivate |
◆ hs
◆ lastGMAPCheck
| time_t XrdSecProtocolgsi::lastGMAPCheck |
|
staticprivate |
◆ Logger
◆ MonInfoOpt
| int XrdSecProtocolgsi::MonInfoOpt |
|
staticprivate |
◆ mutexGMAP
◆ ncrypt
| int XrdSecProtocolgsi::ncrypt |
|
staticprivate |
◆ options
| int XrdSecProtocolgsi::options |
|
private |
◆ proxyChain
◆ PxyReqOpts
| int XrdSecProtocolgsi::PxyReqOpts |
|
staticprivate |
◆ PxyValid
| String XrdSecProtocolgsi::PxyValid |
|
staticprivate |
◆ refcip
◆ Server
| bool XrdSecProtocolgsi::Server |
|
staticprivate |
◆ servGMap
◆ sessionCF
◆ sessionKey
◆ sessionKsig
◆ sessionKver
◆ sessionMD
◆ ShowDN
| bool XrdSecProtocolgsi::ShowDN |
|
staticprivate |
◆ SrvAllowedNames
| String XrdSecProtocolgsi::SrvAllowedNames |
|
staticprivate |
◆ SrvCert
| String XrdSecProtocolgsi::SrvCert |
|
staticprivate |
◆ SrvKey
| String XrdSecProtocolgsi::SrvKey |
|
staticprivate |
◆ srvMode
| bool XrdSecProtocolgsi::srvMode |
|
private |
◆ stackCA
◆ stackCRL
◆ TimeSkew
| int XrdSecProtocolgsi::TimeSkew |
|
staticprivate |
◆ TrustDNS
| bool XrdSecProtocolgsi::TrustDNS |
|
staticprivate |
◆ useIV
| bool XrdSecProtocolgsi::useIV |
|
private |
◆ UsrCert
| String XrdSecProtocolgsi::UsrCert |
|
staticprivate |
◆ UsrKey
| String XrdSecProtocolgsi::UsrKey |
|
staticprivate |
◆ UsrProxy
| String XrdSecProtocolgsi::UsrProxy |
|
staticprivate |
◆ VOMSAttrOpt
| int XrdSecProtocolgsi::VOMSAttrOpt |
|
staticprivate |
◆ VOMSCertFmt
| int XrdSecProtocolgsi::VOMSCertFmt |
|
staticprivate |
◆ VOMSFun
The documentation for this class was generated from the following file:
Public Member Functions inherited from XrdSecProtocol