xrootd
|
#include <XrdSecInterface.hh>
Public Member Functions | |
virtual const char * | getParms (int &size, XrdNetAddrInfo *endPoint=0)=0 |
virtual XrdSecProtocol * | getProtocol (const char *host, XrdNetAddrInfo &endPoint, const XrdSecCredentials *cred, XrdOucErrInfo &einfo)=0 |
virtual bool | PostProcess (XrdSecEntity &entity, XrdOucErrInfo &einfo) |
virtual const char * | protTLS ()=0 |
XrdSecService () | |
Constructor. | |
virtual | ~XrdSecService () |
Destructor. | |
Example:
#include "XrdVersion.hh" XrdVERSIONINFO(XrdSecGetProtocol,<name>); extern "C" XrdSecProtocol *XrdSecGetProtocol (const char *hostname, XrdNetAddrInfo &endPoint, XrdSecParameters §oken, XrdOucErrInfo *einfo=0) {....}
The XrdSecGetProtection function returns a protection object to secure an XRootD request stream from injection attacks. An object is returned when the response to kXR_protocol request indicates that the server requires that the client secure the connection. This protection is based on the authentication method used. Therefore, authentication must occur before a protection object can be obtained. Usually, a protection object is requested right after authentication. The function description is
rc | Where an error return code is to be placed. |
aprot | Uses the authentication protocol to protect requests. It must be supplied and must be he protocol the client used for authentication. Hence, authentication must occur first. |
presp | The protocol value returned in response to kXR_protocol. The value must be host byte order. |
Simply declare the following in the place where this is called:
extern int XrdSecGetProtection(XrdSecProtect *&protP, XrdSecProtocol &aprot, kXR_int32 presp);
The XrdSecService object is the the object that the server uses to obtain parameters to be passed to the client on initial contact and to create the appropriate protocol on the initial receipt of the client's credentials. Server-side processing is a bit more complicated because the set of valid protocols needs to be configured and that configuration needs to be supplied to the client so that both can agree on a compatible protocol. This object is created via a call to XrdSecgetService, defined later on. You may replace the default implementation by defining a plugin via the seclib directive.
Warning: The XrdSecService object as well as any objects returned by it should be MT-safe.
|
inline |
Constructor.
|
inlinevirtual |
Destructor.
|
pure virtual |
Obtain security parameters to be sent to the client upon initial contact.
size | Where the length of the return parameters are to be placed. |
endPoint | The client's address information. It may also be a null pointer if the client's host is immaterial. |
Implemented in XrdSecServer.
|
pure virtual |
Obtain a protocol object suitable for authentication based on cred and possibly based on the hostname or host address, as needed.
host | The client's host name or the IP address as text. An IP may be supplied if the host address is not resolvable or resolution has been suppressed (i.e. nodnr). Use endPoint to get the hostname if it's actually needed. |
endPoint | the XrdNetAddrInfo object describing the client end-point. |
cred | The initial credentials supplied by the client, the pointer may be null if the client did not supply credentials. |
einfo | The structure to record any error messages. These are normally sent to the client. |
Implemented in XrdSecServer.
|
inlinevirtual |
Post process a fully authenticated XrdSecEntity object.
entity | The fully authenticated entity object. |
einfo | The structure to record any error messages. These are normally sent to the client. If einfo is a null pointer, the messages should be sent to standard error via an XrdSysError object using the supplied XrdSysLogger when the the plugin was initialized. |
Reimplemented in XrdSecServer.
|
pure virtual |
Get a list of authentication protocols that require TLS.
Implemented in XrdSecServer.