xrootd
Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | Static Private Attributes

XrdSecProtocolgsi Class Reference

#include <XrdSecProtocolgsi.hh>

Inheritance diagram for XrdSecProtocolgsi:
Inheritance graph
[legend]
Collaboration diagram for XrdSecProtocolgsi:
Collaboration graph
[legend]

List of all members.

Public Member Functions

int Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)
XrdSecCredentialsgetCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)
 XrdSecProtocolgsi (int opts, const char *hname, const struct sockaddr *ipadd, const char *parms=0)
virtual ~XrdSecProtocolgsi ()
void Delete ()
int Encrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf)
int Decrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf)
int Sign (const char *inbuf, int inlen, XrdSecBuffer **outbuf)
int Verify (const char *inbuf, int inlen, const char *sigbuf, int siglen)
int getKey (char *kbuf=0, int klen=0)
int setKey (char *kbuf, int klen)

Static Public Member Functions

static char * Init (gsiOptions o, XrdOucErrInfo *erp)

Private Member Functions

int ParseClientInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg)
int ClientDoInit (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int ClientDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int ClientDoPxyreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int ParseServerInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int ServerDoCertreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int ServerDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int ServerDoSigpxy (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int ParseCrypto (String cryptlist)
int ParseCAlist (String calist)
int GetCA (const char *cahash)
bool ServerCertNameOK (const char *subject, String &e)
XrdSecCredentialsErrC (XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
int ErrS (String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
bool CheckTimeStamp (XrdSutBuffer *b, int skew, String &emsg)
bool CheckRtag (XrdSutBuffer *bm, String &emsg)
int AddSerialized (char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip)

Static Private Member Functions

static int LoadCADir (int timestamp)
static String GetCApath (const char *cahash)
static bool VerifyCA (int opt, X509Chain *cca, XrdCryptoFactory *cf)
static XrdCryptoX509CrlLoadCRL (XrdCryptoX509 *xca, XrdCryptoFactory *CF)
static int QueryProxy (bool checkcache, XrdSutCache *cache, const char *tag, XrdCryptoFactory *cf, int timestamp, ProxyIn_t *pi, ProxyOut_t *po)
static int InitProxy (ProxyIn_t *pi, X509Chain *ch=0, XrdCryptoRSA **key=0)
static void ErrF (XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0)
static int LoadGMAP (int now)
static XrdSecgsiGMAP_t LoadGMAPFun (const char *plugin, const char *parms)
static XrdSecgsiAuthz_t LoadAuthzFun (const char *plugin, const char *parms)
static void QueryGMAP (XrdCryptoX509Chain *chain, int now, String &name)

Private Attributes

int options
struct sockaddr hostaddr
XrdCryptoFactorysessionCF
XrdCryptoCiphersessionKey
XrdSutBucketbucketKey
XrdCryptoMsgDigestsessionMD
XrdCryptoRSAsessionKsig
XrdCryptoRSAsessionKver
X509ChainproxyChain
bool srvMode
gsiHSVarshs

Static Private Attributes

static XrdSysMutex gsiContext
static String CAdir = "/etc/grid-security/certificates/"
static String CRLdir = "/etc/grid-security/certificates/"
static String DefCRLext = ".r0"
static String SrvCert = "/etc/grid-security/xrd/xrdcert.pem"
static String SrvKey = "/etc/grid-security/xrd/xrdkey.pem"
static String UsrProxy
static String UsrCert = "/.globus/usercert.pem"
static String UsrKey = "/.globus/userkey.pem"
static String PxyValid = "12:00"
static int DepLength = 0
static int DefBits = 512
static int CACheck = 1
static int CRLCheck = 1
static String DefCrypto = "ssl"
static String DefCipher = "aes-128-cbc:bf-cbc:des-ede3-cbc"
static String DefMD = "sha1:md5"
static String DefError = "invalid credentials "
static String GMAPFile = "/etc/grid-security/grid-mapfile"
static int GMAPOpt = 1
static int GMAPCacheTimeOut = -1
static XrdSysPluginGMAPPlugin = 0
static XrdSecgsiGMAP_t GMAPFun = 0
static XrdSysPluginAuthzPlugin = 0
static XrdSecgsiAuthz_t AuthzFun = 0
static int PxyReqOpts = 0
static int AuthzPxy = 0
static String SrvAllowedNames
static int ncrypt = 0
static XrdCryptoFactorycryptF [XrdCryptoMax] = {0}
static int cryptID [XrdCryptoMax] = {0}
static String cryptName [XrdCryptoMax] = {0}
static XrdCryptoCipherrefcip [XrdCryptoMax] = {0}
static XrdSutCache cacheCA
static XrdSutCache cacheCert
static XrdSutCache cachePxy
static XrdSutCache cacheGMAP
static XrdSutCache cacheGMAPFun
static int Debug = 0
static bool Server = 1
static int TimeSkew = 300
static XrdSysLogger Logger
static XrdSysError eDest
static XrdOucTraceGSITrace = 0

Constructor & Destructor Documentation

XrdSecProtocolgsi::XrdSecProtocolgsi ( int  opts,
const char *  hname,
const struct sockaddr *  ipadd,
const char *  parms = 0 
)
virtual XrdSecProtocolgsi::~XrdSecProtocolgsi ( ) [inline, virtual]

Member Function Documentation

int XrdSecProtocolgsi::AddSerialized ( char  opt,
kXR_int32  step,
String  ID,
XrdSutBuffer bls,
XrdSutBuffer buf,
kXR_int32  type,
XrdCryptoCipher cip 
) [private]
int XrdSecProtocolgsi::Authenticate ( XrdSecCredentials cred,
XrdSecParameters **  parms,
XrdOucErrInfo einfo = 0 
) [virtual]
bool XrdSecProtocolgsi::CheckRtag ( XrdSutBuffer bm,
String emsg 
) [private]
bool XrdSecProtocolgsi::CheckTimeStamp ( XrdSutBuffer b,
int  skew,
String emsg 
) [private]
int XrdSecProtocolgsi::ClientDoCert ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
) [private]
int XrdSecProtocolgsi::ClientDoInit ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
) [private]
int XrdSecProtocolgsi::ClientDoPxyreq ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
) [private]
int XrdSecProtocolgsi::Decrypt ( const char *  inbuf,
int  inlen,
XrdSecBuffer **  outbuf 
) [virtual]
void XrdSecProtocolgsi::Delete ( ) [virtual]
int XrdSecProtocolgsi::Encrypt ( const char *  inbuf,
int  inlen,
XrdSecBuffer **  outbuf 
) [virtual]
XrdSecCredentials * XrdSecProtocolgsi::ErrC ( XrdOucErrInfo einfo,
XrdSutBuffer b1,
XrdSutBuffer b2,
XrdSutBuffer b3,
kXR_int32  ecode,
const char *  msg1 = 0,
const char *  msg2 = 0,
const char *  msg3 = 0 
) [private]

References ErrF(), and REL3.

Referenced by getCredentials().

void XrdSecProtocolgsi::ErrF ( XrdOucErrInfo einfo,
kXR_int32  ecode,
const char *  msg1,
const char *  msg2 = 0,
const char *  msg3 = 0 
) [static, private]
int XrdSecProtocolgsi::ErrS ( String  ID,
XrdOucErrInfo einfo,
XrdSutBuffer b1,
XrdSutBuffer b2,
XrdSutBuffer b3,
kXR_int32  ecode,
const char *  msg1 = 0,
const char *  msg2 = 0,
const char *  msg3 = 0 
) [private]

References ErrF(), kgST_error, and REL3.

Referenced by Authenticate().

int XrdSecProtocolgsi::GetCA ( const char *  cahash) [private]
String XrdSecProtocolgsi::GetCApath ( const char *  cahash) [static, private]
XrdSecCredentials * XrdSecProtocolgsi::getCredentials ( XrdSecParameters parm = 0,
XrdOucErrInfo einfo = 0 
) [virtual]

Implements XrdSecProtocol.

References XrdSutBuffer::AddBucket(), AddSerialized(), XrdCryptoX509Chain::Begin(), XrdSecBuffer::buffer, XrdSutBucket::buffer, XrdOucString::c_str(), gsiHSVars::Cbck, CheckRtag(), ClientStepStr(), CryptList, gsiHSVars::CryptoMod, DEBUG, XrdSutBuffer::Dump(), XrdSecProtocol::Entity, EPNAME, ErrC(), XrdSutBuffer::GetProtocol(), XrdSutBuffer::GetStep(), hs, gsiHSVars::ID, XrdCryptoX509::IssuerHash(), gsiHSVars::Iter, XrdCryptoX509::kCA, kGSErrAddBucket, kGSErrBadOpt, kGSErrBadProtocol, kGSErrBadRndmTag, kGSErrCreateBucket, kGSErrDecodeBuffer, kGSErrError, kGSErrNoBuffer, kGSErrNoCipher, kGSErrNoPublic, kGSErrParseBuffer, kGSErrSerialBuffer, kXGC_cert, kXGC_certreq, kXGC_none, kXGC_sigpxy, kXGS_cert, kXGS_init, kXGS_pxyreq, kXRS_clnt_opts, kXRS_cryptomod, kXRS_issuer_hash, kXRS_main, kXRS_message, kXRS_puk, kXRS_user, kXRS_version, XrdOucString::length(), XrdSutBuffer::MarshalBucket(), XrdSecEntity::name, XrdCryptoX509Chain::Next(), gsiHSVars::Options, gsiHSVars::Parms, ParseClientInput(), proxyChain, XrdCryptoCipher::Public(), gsiHSVars::PxyChain, QTRACE, REL2, XrdSutBuffer::Remove(), gsiHSVars::RemVers, XrdOucString::replace(), XrdSutBuffer::Serialized(), ServerStepStr(), sessionCF, sessionKey, XrdSutBuffer::SetStep(), XrdSecBuffer::size, XrdSutBucket::size, srvMode, XrdCryptoX509::SubjectHash(), gsiHSVars::TimeStamp, XrdCryptoX509::type, XrdSutBuffer::UpdateBucket(), Version, XrdCryptoFactory::X509ExportChain(), XrdSecPROTOIDENT, and XrdSutBuckStr().

int XrdSecProtocolgsi::getKey ( char *  kbuf = 0,
int  klen = 0 
) [virtual]
char * XrdSecProtocolgsi::Init ( gsiOptions  o,
XrdOucErrInfo erp 
) [static]

References access(), XrdSutCache::Add(), AuthzFun, gsiOptions::authzfun, gsiOptions::authzfunparms, AuthzPxy, gsiOptions::authzpxy, gsiOptions::bits, XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdSutPFEntry::buf2, XrdSutPFEntry::buf3, XrdOucString::c_str(), gsiOptions::ca, cacheCA, cacheCert, CACheck, cacheGMAP, cacheGMAPFun, cachePxy, CAdir, gsiOptions::cert, gsiOptions::certdir, gsiOptions::cipher, XrdCryptoFactory::Cipher(), gsiOptions::clist, XrdSutPFEntry::cnt, gsiOptions::crl, CRLCheck, CRLdir, gsiOptions::crldir, gsiOptions::crlext, cryptF, cryptID, cryptName, cryptoTRACE_Debug, cryptoTRACE_Dump, DEBUG, gsiOptions::debug, Debug, DefBits, DefCipher, DefCRLext, DefCrypto, DefMD, gsiOptions::deplen, DepLength, gsiOptions::dlgpxy, XrdSutCache::Dump(), eDest, XrdSutCache::Empty(), XrdOucString::endswith(), EPNAME, XrdOucString::erase(), ErrF(), XrdCryptoX509::Export(), gsiOptions::exppxy, XrdOucString::find(), XrdCryptoFactory::GetCryptoFactory(), XrdOucErrInfo::getErrText(), GMAPCacheTimeOut, GMAPFile, GMAPFun, gsiOptions::gmapfun, gsiOptions::gmapfunparms, GMAPOpt, gsiOptions::gmapto, gsiOptions::gridmap, GSITrace, gUsrPxyDef, XrdCryptoFactory::ID(), XrdSutCache::Init(), XrdOucString::insert(), XrdCryptoX509::IssuerHash(), XrdCryptoX509::IsValid(), XrdCryptoRSA::kComplete, XrdCryptoX509::kEEC, gsiOptions::key, kGSErrError, kGSErrInit, kOptsDlgPxy, kOptsFwdPxy, kOptsPxFile, kOptsSigReq, kOptsSrvReq, kPFE_ok, XrdSutPFBuf::len, XrdOucString::length(), LoadAuthzFun(), LoadCADir(), LoadGMAP(), LoadGMAPFun(), Logger, XrdSysError::logger(), gsiOptions::md, gsiOptions::mode, XrdSutPFEntry::mtime, XrdCryptoFactory::Name(), ncrypt, XrdCryptoX509::NotAfter(), gsiOptions::ogmap, XrdCryptoX509::PKI(), PRINT, gsiOptions::proxy, PxyReqOpts, PxyValid, QTRACE, R_OK, refcip, XrdSutCache::Rehash(), XrdSutCache::Reset(), Server, XrdCryptoFactory::SetTrace(), gsiOptions::sigpxy, SrvAllowedNames, SrvCert, SrvKey, gsiOptions::srvnames, stat(), XrdSutPFEntry::status, XrdCryptoRSA::status, STR_NPOS, XrdOucString::tokenize(), TRACE_Authen, TRACE_Debug, XrdCryptoX509::Type(), XrdCryptoX509::type, UsrCert, UsrKey, UsrProxy, gsiOptions::valid, XrdSysPrivGuard::Valid(), Version, XrdOucTrace::What, XrdCryptoMax, XrdCryptoSetTrace(), XrdSutExpand(), XrdSutHome(), and XrdSutSetTrace().

Referenced by XrdSecProtocolgsiInit().

int XrdSecProtocolgsi::InitProxy ( ProxyIn_t pi,
X509Chain ch = 0,
XrdCryptoRSA **  key = 0 
) [static, private]
XrdSecgsiAuthz_t XrdSecProtocolgsi::LoadAuthzFun ( const char *  plugin,
const char *  parms 
) [static, private]
int XrdSecProtocolgsi::LoadCADir ( int  timestamp) [static, private]
XrdCryptoX509Crl * XrdSecProtocolgsi::LoadCRL ( XrdCryptoX509 xca,
XrdCryptoFactory CF 
) [static, private]
int XrdSecProtocolgsi::LoadGMAP ( int  now) [static, private]
XrdSecgsiGMAP_t XrdSecProtocolgsi::LoadGMAPFun ( const char *  plugin,
const char *  parms 
) [static, private]
int XrdSecProtocolgsi::ParseCAlist ( String  calist) [private]
int XrdSecProtocolgsi::ParseClientInput ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String emsg 
) [private]
int XrdSecProtocolgsi::ParseCrypto ( String  cryptlist) [private]
int XrdSecProtocolgsi::ParseServerInput ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
) [private]
void XrdSecProtocolgsi::QueryGMAP ( XrdCryptoX509Chain chain,
int  now,
String name 
) [static, private]
int XrdSecProtocolgsi::QueryProxy ( bool  checkcache,
XrdSutCache cache,
const char *  tag,
XrdCryptoFactory cf,
int  timestamp,
ProxyIn_t pi,
ProxyOut_t po 
) [static, private]
bool XrdSecProtocolgsi::ServerCertNameOK ( const char *  subject,
String e 
) [private]
int XrdSecProtocolgsi::ServerDoCert ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
) [private]
int XrdSecProtocolgsi::ServerDoCertreq ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
) [private]
int XrdSecProtocolgsi::ServerDoSigpxy ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
) [private]
int XrdSecProtocolgsi::setKey ( char *  kbuf,
int  klen 
) [virtual]
int XrdSecProtocolgsi::Sign ( const char *  inbuf,
int  inlen,
XrdSecBuffer **  outbuf 
) [virtual]
int XrdSecProtocolgsi::Verify ( const char *  inbuf,
int  inlen,
const char *  sigbuf,
int  siglen 
) [virtual]
bool XrdSecProtocolgsi::VerifyCA ( int  opt,
X509Chain cca,
XrdCryptoFactory cf 
) [static, private]

Member Data Documentation

Referenced by Init(), and QueryGMAP().

Referenced by LoadAuthzFun().

int XrdSecProtocolgsi::AuthzPxy = 0 [static, private]

Referenced by Authenticate(), and Init().

Referenced by Delete(), getKey(), and XrdSecProtocolgsi().

Referenced by GetCA(), Init(), and LoadCADir().

Referenced by Init(), and ServerDoCertreq().

int XrdSecProtocolgsi::CACheck = 1 [static, private]

Referenced by Init(), LoadGMAP(), and QueryGMAP().

Referenced by Init(), and QueryGMAP().

Referenced by ClientDoInit(), and Init().

String XrdSecProtocolgsi::CAdir = "/etc/grid-security/certificates/" [static, private]
int XrdSecProtocolgsi::CRLCheck = 1 [static, private]

Referenced by GetCA(), Init(), LoadCADir(), and LoadCRL().

String XrdSecProtocolgsi::CRLdir = "/etc/grid-security/certificates/" [static, private]

Referenced by Init(), and LoadCRL().

XrdCryptoFactory * XrdSecProtocolgsi::cryptF = {0} [static, private]

Referenced by Init(), LoadCADir(), and ParseCrypto().

int XrdSecProtocolgsi::cryptID = {0} [static, private]

Referenced by Init(), LoadCADir(), and ParseCrypto().

String XrdSecProtocolgsi::cryptName = {0} [static, private]

Referenced by Init().

int XrdSecProtocolgsi::Debug = 0 [static, private]

Referenced by ErrF(), and Init().

int XrdSecProtocolgsi::DefBits = 512 [static, private]

Referenced by ClientDoInit(), and Init().

String XrdSecProtocolgsi::DefCipher = "aes-128-cbc:bf-cbc:des-ede3-cbc" [static, private]

Referenced by Authenticate(), Init(), and ServerDoCert().

String XrdSecProtocolgsi::DefCRLext = ".r0" [static, private]

Referenced by Init(), and LoadCRL().

String XrdSecProtocolgsi::DefCrypto = "ssl" [static, private]

Referenced by ClientDoInit(), and Init().

String XrdSecProtocolgsi::DefError = "invalid credentials " [static, private]
String XrdSecProtocolgsi::DefMD = "sha1:md5" [static, private]

Referenced by Authenticate(), Init(), and ServerDoCert().

int XrdSecProtocolgsi::DepLength = 0 [static, private]

Referenced by ClientDoInit(), and Init().

Referenced by Init(), LoadAuthzFun(), and LoadGMAPFun().

int XrdSecProtocolgsi::GMAPCacheTimeOut = -1 [static, private]

Referenced by Init(), and QueryGMAP().

String XrdSecProtocolgsi::GMAPFile = "/etc/grid-security/grid-mapfile" [static, private]

Referenced by Init(), and LoadGMAP().

Referenced by Init(), and QueryGMAP().

int XrdSecProtocolgsi::GMAPOpt = 1 [static, private]

Referenced by Authenticate(), and Init().

Referenced by LoadGMAPFun().

XrdOucTrace * XrdSecProtocolgsi::GSITrace = 0 [static, private]

Referenced by Init(), and ParseCrypto().

struct sockaddr XrdSecProtocolgsi::hostaddr [private]

Referenced by XrdSecProtocolgsi().

Referenced by Init().

int XrdSecProtocolgsi::ncrypt = 0 [static, private]

Referenced by Init(), LoadCADir(), and ParseCrypto().

Referenced by XrdSecProtocolgsi().

int XrdSecProtocolgsi::PxyReqOpts = 0 [static, private]
String XrdSecProtocolgsi::PxyValid = "12:00" [static, private]

Referenced by ClientDoInit(), Init(), and ServerDoCertreq().

XrdCryptoCipher * XrdSecProtocolgsi::refcip = {0} [static, private]

Referenced by Init(), and ParseCrypto().

bool XrdSecProtocolgsi::Server = 1 [static, private]

Referenced by Init(), and XrdSecProtocolgsi().

Referenced by Init(), and ServerCertNameOK().

String XrdSecProtocolgsi::SrvCert = "/etc/grid-security/xrd/xrdcert.pem" [static, private]

Referenced by Init(), and ServerDoCertreq().

String XrdSecProtocolgsi::SrvKey = "/etc/grid-security/xrd/xrdkey.pem" [static, private]

Referenced by Init(), and ServerDoCertreq().

int XrdSecProtocolgsi::TimeSkew = 300 [static, private]

Referenced by ClientDoCert(), and ServerDoCert().

String XrdSecProtocolgsi::UsrCert = "/.globus/usercert.pem" [static, private]

Referenced by ClientDoInit(), and Init().

String XrdSecProtocolgsi::UsrKey = "/.globus/userkey.pem" [static, private]

Referenced by ClientDoInit(), and Init().


The documentation for this class was generated from the following files: