xrootd
|
#include <XrdSecProtocolgsi.hh>
Public Member Functions | |
int | Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0) |
XrdSecCredentials * | getCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0) |
XrdSecProtocolgsi (int opts, const char *hname, const struct sockaddr *ipadd, const char *parms=0) | |
virtual | ~XrdSecProtocolgsi () |
void | Delete () |
int | Encrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
int | Decrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
int | Sign (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
int | Verify (const char *inbuf, int inlen, const char *sigbuf, int siglen) |
int | getKey (char *kbuf=0, int klen=0) |
int | setKey (char *kbuf, int klen) |
Static Public Member Functions | |
static char * | Init (gsiOptions o, XrdOucErrInfo *erp) |
Private Member Functions | |
int | ParseClientInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg) |
int | ClientDoInit (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ClientDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ClientDoPxyreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ParseServerInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ServerDoCertreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ServerDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ServerDoSigpxy (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ParseCrypto (String cryptlist) |
int | ParseCAlist (String calist) |
int | GetCA (const char *cahash) |
bool | ServerCertNameOK (const char *subject, String &e) |
XrdSecCredentials * | ErrC (XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0) |
int | ErrS (String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0) |
bool | CheckTimeStamp (XrdSutBuffer *b, int skew, String &emsg) |
bool | CheckRtag (XrdSutBuffer *bm, String &emsg) |
int | AddSerialized (char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip) |
Static Private Member Functions | |
static int | LoadCADir (int timestamp) |
static String | GetCApath (const char *cahash) |
static bool | VerifyCA (int opt, X509Chain *cca, XrdCryptoFactory *cf) |
static XrdCryptoX509Crl * | LoadCRL (XrdCryptoX509 *xca, XrdCryptoFactory *CF) |
static int | QueryProxy (bool checkcache, XrdSutCache *cache, const char *tag, XrdCryptoFactory *cf, int timestamp, ProxyIn_t *pi, ProxyOut_t *po) |
static int | InitProxy (ProxyIn_t *pi, X509Chain *ch=0, XrdCryptoRSA **key=0) |
static void | ErrF (XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0) |
static int | LoadGMAP (int now) |
static XrdSecgsiGMAP_t | LoadGMAPFun (const char *plugin, const char *parms) |
static XrdSecgsiAuthz_t | LoadAuthzFun (const char *plugin, const char *parms) |
static void | QueryGMAP (XrdCryptoX509Chain *chain, int now, String &name) |
Private Attributes | |
int | options |
struct sockaddr | hostaddr |
XrdCryptoFactory * | sessionCF |
XrdCryptoCipher * | sessionKey |
XrdSutBucket * | bucketKey |
XrdCryptoMsgDigest * | sessionMD |
XrdCryptoRSA * | sessionKsig |
XrdCryptoRSA * | sessionKver |
X509Chain * | proxyChain |
bool | srvMode |
gsiHSVars * | hs |
Static Private Attributes | |
static XrdSysMutex | gsiContext |
static String | CAdir = "/etc/grid-security/certificates/" |
static String | CRLdir = "/etc/grid-security/certificates/" |
static String | DefCRLext = ".r0" |
static String | SrvCert = "/etc/grid-security/xrd/xrdcert.pem" |
static String | SrvKey = "/etc/grid-security/xrd/xrdkey.pem" |
static String | UsrProxy |
static String | UsrCert = "/.globus/usercert.pem" |
static String | UsrKey = "/.globus/userkey.pem" |
static String | PxyValid = "12:00" |
static int | DepLength = 0 |
static int | DefBits = 512 |
static int | CACheck = 1 |
static int | CRLCheck = 1 |
static String | DefCrypto = "ssl" |
static String | DefCipher = "aes-128-cbc:bf-cbc:des-ede3-cbc" |
static String | DefMD = "sha1:md5" |
static String | DefError = "invalid credentials " |
static String | GMAPFile = "/etc/grid-security/grid-mapfile" |
static int | GMAPOpt = 1 |
static int | GMAPCacheTimeOut = -1 |
static XrdSysPlugin * | GMAPPlugin = 0 |
static XrdSecgsiGMAP_t | GMAPFun = 0 |
static XrdSysPlugin * | AuthzPlugin = 0 |
static XrdSecgsiAuthz_t | AuthzFun = 0 |
static int | PxyReqOpts = 0 |
static int | AuthzPxy = 0 |
static String | SrvAllowedNames |
static int | ncrypt = 0 |
static XrdCryptoFactory * | cryptF [XrdCryptoMax] = {0} |
static int | cryptID [XrdCryptoMax] = {0} |
static String | cryptName [XrdCryptoMax] = {0} |
static XrdCryptoCipher * | refcip [XrdCryptoMax] = {0} |
static XrdSutCache | cacheCA |
static XrdSutCache | cacheCert |
static XrdSutCache | cachePxy |
static XrdSutCache | cacheGMAP |
static XrdSutCache | cacheGMAPFun |
static int | Debug = 0 |
static bool | Server = 1 |
static int | TimeSkew = 300 |
static XrdSysLogger | Logger |
static XrdSysError | eDest |
static XrdOucTrace * | GSITrace = 0 |
XrdSecProtocolgsi::XrdSecProtocolgsi | ( | int | opts, |
const char * | hname, | ||
const struct sockaddr * | ipadd, | ||
const char * | parms = 0 |
||
) |
References bucketKey, XrdOucString::c_str(), DEBUG, XrdSecProtocol::Entity, EPNAME, XrdNetDNS::getHostName(), XrdSecEntity::host, hostaddr, hs, XrdOucString::insert(), XrdOucString::length(), options, opts, gsiHSVars::Parms, PRINT, proxyChain, QTRACE, Server, sessionCF, sessionKey, sessionKsig, sessionKver, sessionMD, srvMode, gsiHSVars::TimeStamp, gsiHSVars::Tty, Version, XrdSecPROTOIDENT, and XrdSecPROTOIDLEN.
virtual XrdSecProtocolgsi::~XrdSecProtocolgsi | ( | ) | [inline, virtual] |
int XrdSecProtocolgsi::AddSerialized | ( | char | opt, |
kXR_int32 | step, | ||
String | ID, | ||
XrdSutBuffer * | bls, | ||
XrdSutBuffer * | buf, | ||
kXR_int32 | type, | ||
XrdCryptoCipher * | cip | ||
) | [private] |
References XrdSutBuffer::AddBucket(), XrdSutPFEntry::buf1, XrdSutBucket::buffer, gsiHSVars::Cref, DEBUG, XrdCryptoCipher::Encrypt(), XrdCryptoRSA::EncryptPrivate(), EPNAME, XrdSutBuffer::GetBucket(), XrdSutRndm::GetRndmTag(), hs, kXRS_rtag, kXRS_signed_rtag, gsiHSVars::LastStep, XrdSutPFEntry::mtime, XrdSutBuffer::Serialized(), sessionKsig, XrdSutPFBuf::SetBuf(), XrdSutBuffer::SetStep(), XrdSutBucket::size, gsiHSVars::TimeStamp, XrdSutBucket::type, XrdSutBucket::Update(), and XrdSutBuckStr().
Referenced by Authenticate(), and getCredentials().
int XrdSecProtocolgsi::Authenticate | ( | XrdSecCredentials * | cred, |
XrdSecParameters ** | parms, | ||
XrdOucErrInfo * | einfo = 0 |
||
) | [virtual] |
Implements XrdSecProtocol.
References XrdSutBuffer::AddBucket(), AddSerialized(), AuthzPxy, XrdSecBuffer::buffer, XrdOucString::c_str(), gsiHSVars::Cbck, gsiHSVars::Chain, CheckRtag(), ClientStepStr(), CryptList, XrdSutBuffer::Deactivate(), DEBUG, DefCipher, DefMD, XrdSutBuffer::Dump(), XrdCryptoX509Chain::EEChash(), XrdSecEntity::endorsements, XrdSecProtocol::Entity, EPNAME, XrdOucString::erase(), ErrS(), XrdOucString::find(), XrdSutBuffer::GetBucket(), XrdSutBuffer::GetProtocol(), XrdSutBuffer::GetStep(), GMAPOpt, hs, gsiHSVars::ID, kGSErrAddBucket, kGSErrBadOpt, kGSErrBadProtocol, kGSErrBadRndmTag, kGSErrDecodeBuffer, kGSErrError, kGSErrNoPublic, kGSErrParseBuffer, kGSErrSerialBuffer, kgST_error, kgST_more, kgST_ok, kXGC_cert, kXGC_certreq, kXGC_sigpxy, kXGS_cert, kXGS_none, kXGS_pxyreq, kXRS_cipher_alg, kXRS_main, kXRS_md_alg, kXRS_message, kXRS_puk, kXRS_user, XrdOucString::length(), XrdSecEntity::name, gsiHSVars::Options, ParseServerInput(), PRINT, XrdSecEntity::prot, XrdCryptoCipher::Public(), gsiHSVars::PxyChain, QTRACE, QueryGMAP(), gsiHSVars::Rcip, REL2, XrdSutBuffer::Remove(), gsiHSVars::RemVers, XrdOucString::replace(), SafeDelete, XrdSutBuffer::Serialized(), ServerStepStr(), sessionKey, XrdSecBuffer::size, STR_NPOS, XrdSecEntity::tident, gsiHSVars::TimeStamp, XrdOucString::tokenize(), XrdSutBucket::ToString(), XrdCryptosslX509ExportChain(), XrdSecPROTOIDENT, XrdSecPROTOIDLEN, and XrdSutBuckStr().
bool XrdSecProtocolgsi::CheckRtag | ( | XrdSutBuffer * | bm, |
String & | emsg | ||
) | [private] |
References XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdSutBucket::buffer, gsiHSVars::Cref, XrdSutBuffer::Deactivate(), DEBUG, XrdCryptoRSA::DecryptPublic(), EPNAME, XrdSutBuffer::GetBucket(), hs, kXRS_signed_rtag, XrdSutPFBuf::len, gsiHSVars::RtagOK, SafeDelete, sessionKver, and XrdSutPFBuf::SetBuf().
Referenced by Authenticate(), and getCredentials().
bool XrdSecProtocolgsi::CheckTimeStamp | ( | XrdSutBuffer * | b, |
int | skew, | ||
String & | emsg | ||
) | [private] |
int XrdSecProtocolgsi::ClientDoCert | ( | XrdSutBuffer * | br, |
XrdSutBuffer ** | bm, | ||
String & | cmsg | ||
) | [private] |
References XrdSutBucket::buffer, XrdOucString::c_str(), gsiHSVars::Chain, XrdCryptoFactory::Cipher(), gsiHSVars::Cref, gsiHSVars::Crl, XrdSutBuffer::Deactivate(), DEBUG, emsg(), XrdCryptoX509Chain::End(), EPNAME, XrdSutBuffer::GetBucket(), hs, XrdCryptoRSA::IsValid(), XrdCryptoX509Chain::kNone, kOptsDelChn, kXRS_cipher_alg, kXRS_main, kXRS_md_alg, kXRS_puk, kXRS_x509, XrdCryptoX509Chain::LastError(), XrdOucString::length(), XrdCryptoFactory::MsgDigest(), XrdSutPFEntry::mtime, gsiHSVars::Options, XrdCryptoX509::PKI(), gsiHSVars::RemVers, XrdCryptoFactory::RSA(), SafeDelete, ServerCertNameOK(), sessionCF, sessionKey, sessionKver, sessionMD, XrdSutBucket::size, XrdSutPFEntry::status, XrdCryptoX509::Subject(), XrdCryptoFactory::SupportedCipher(), XrdCryptoFactory::SupportedMsgDigest(), TimeSkew, gsiHSVars::TimeStamp, XrdOucString::tokenize(), XrdSutBucket::ToString(), XrdSutBuffer::UpdateBucket(), XrdCryptosslgsiX509Chain::Verify(), and XrdCryptoFactory::X509ParseBucket().
Referenced by ParseClientInput().
int XrdSecProtocolgsi::ClientDoInit | ( | XrdSutBuffer * | br, |
XrdSutBuffer ** | bm, | ||
String & | cmsg | ||
) | [private] |
References XrdOucString::assign(), XrdOucString::c_str(), cachePxy, CAdir, ProxyOut_t::cbck, gsiHSVars::Cbck, ProxyOut_t::chain, gsiHSVars::Chain, gsiHSVars::Cref, DEBUG, DefBits, DefCrypto, DepLength, XrdSecProtocol::Entity, EPNAME, XrdOucString::erase(), XrdOucString::find(), XrdSutBuffer::GetOptions(), XrdSutBuffer::GetProtocol(), XrdSecEntity::grps, XrdSecEntity::host, hs, ProxyOut_t::ksig, XrdSecEntity::name, gsiHSVars::Options, opts, ParseCAlist(), ParseCrypto(), gsiHSVars::PxyChain, PxyReqOpts, PxyValid, QueryProxy(), gsiHSVars::RemVers, XrdCryptoFactory::RSA(), sessionCF, sessionKsig, XrdSutPFEntry::status, gsiHSVars::TimeStamp, UsrCert, UsrKey, UsrProxy, Version, XrdSecEntity::vorg, and XrdSutResolve().
Referenced by ParseClientInput().
int XrdSecProtocolgsi::ClientDoPxyreq | ( | XrdSutBuffer * | br, |
XrdSutBuffer ** | bm, | ||
String & | cmsg | ||
) | [private] |
References XrdSutBucket::buffer, XrdCryptoCipher::Decrypt(), XrdCryptoX509Chain::End(), XrdCryptoX509::Export(), XrdCryptoRSA::ExportPrivate(), XrdSutBuffer::GetBucket(), hs, kOptsFwdPxy, kOptsSigReq, kXRS_main, kXRS_x509, kXRS_x509_req, gsiHSVars::Options, XrdCryptoX509::PKI(), gsiHSVars::PxyChain, gsiHSVars::RemVers, sessionCF, sessionKey, XrdCryptoX509Req::SetVersion(), XrdSutBucket::size, XrdCryptoFactory::X509Req(), and XrdSslgsiX509SignProxyReq().
Referenced by ParseClientInput().
int XrdSecProtocolgsi::Decrypt | ( | const char * | inbuf, |
int | inlen, | ||
XrdSecBuffer ** | outbuf | ||
) | [virtual] |
Reimplemented from XrdSecProtocol.
References DEBUG, XrdCryptoCipher::DecOutLength(), XrdCryptoCipher::Decrypt(), EPNAME, SafeFree, and sessionKey.
void XrdSecProtocolgsi::Delete | ( | ) | [virtual] |
Implements XrdSecProtocol.
References bucketKey, XrdSecEntity::endorsements, XrdSecProtocol::Entity, XrdSecEntity::grps, XrdSecEntity::host, hs, XrdSecEntity::name, proxyChain, XrdSecEntity::role, SafeDelete, SafeFree, sessionKey, sessionKsig, sessionKver, sessionMD, and XrdSecEntity::vorg.
int XrdSecProtocolgsi::Encrypt | ( | const char * | inbuf, |
int | inlen, | ||
XrdSecBuffer ** | outbuf | ||
) | [virtual] |
Reimplemented from XrdSecProtocol.
References DEBUG, XrdCryptoCipher::EncOutLength(), XrdCryptoCipher::Encrypt(), EPNAME, SafeFree, and sessionKey.
XrdSecCredentials * XrdSecProtocolgsi::ErrC | ( | XrdOucErrInfo * | einfo, |
XrdSutBuffer * | b1, | ||
XrdSutBuffer * | b2, | ||
XrdSutBuffer * | b3, | ||
kXR_int32 | ecode, | ||
const char * | msg1 = 0 , |
||
const char * | msg2 = 0 , |
||
const char * | msg3 = 0 |
||
) | [private] |
Referenced by getCredentials().
void XrdSecProtocolgsi::ErrF | ( | XrdOucErrInfo * | einfo, |
kXR_int32 | ecode, | ||
const char * | msg1, | ||
const char * | msg2 = 0 , |
||
const char * | msg3 = 0 |
||
) | [static, private] |
References DEBUG, Debug, EPNAME, gGSErrStr, kGSErrError, kGSErrParseBuffer, QTRACE, and XrdOucErrInfo::setErrInfo().
int XrdSecProtocolgsi::ErrS | ( | String | ID, |
XrdOucErrInfo * | einfo, | ||
XrdSutBuffer * | b1, | ||
XrdSutBuffer * | b2, | ||
XrdSutBuffer * | b3, | ||
kXR_int32 | ecode, | ||
const char * | msg1 = 0 , |
||
const char * | msg2 = 0 , |
||
const char * | msg3 = 0 |
||
) | [private] |
References ErrF(), kgST_error, and REL3.
Referenced by Authenticate().
int XrdSecProtocolgsi::GetCA | ( | const char * | cahash | ) | [private] |
References XrdSutCache::Add(), XrdCryptoX509Chain::Begin(), XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdSutPFEntry::buf2, XrdOucString::c_str(), cacheCA, CACheck, gsiHSVars::Chain, XrdSutPFEntry::cnt, gsiHSVars::Crl, CRLCheck, DEBUG, EPNAME, XrdSutCache::Get(), GetCApath(), hs, XrdCryptoFactory::ID(), XrdCryptoX509Crl::IsExpired(), kPFE_ok, XrdSutPFBuf::len, LoadCRL(), XrdSutPFEntry::mtime, XrdSutCache::Rehash(), sessionCF, XrdSutPFEntry::status, gsiHSVars::TimeStamp, VerifyCA(), and XrdCryptoFactory::X509ParseFile().
Referenced by ParseCAlist().
String XrdSecProtocolgsi::GetCApath | ( | const char * | cahash | ) | [static, private] |
References access(), XrdOucString::c_str(), CAdir, XrdOucString::endswith(), XrdOucString::length(), R_OK, and XrdOucString::tokenize().
Referenced by GetCA(), and VerifyCA().
XrdSecCredentials * XrdSecProtocolgsi::getCredentials | ( | XrdSecParameters * | parm = 0 , |
XrdOucErrInfo * | einfo = 0 |
||
) | [virtual] |
Implements XrdSecProtocol.
References XrdSutBuffer::AddBucket(), AddSerialized(), XrdCryptoX509Chain::Begin(), XrdSecBuffer::buffer, XrdSutBucket::buffer, XrdOucString::c_str(), gsiHSVars::Cbck, CheckRtag(), ClientStepStr(), CryptList, gsiHSVars::CryptoMod, DEBUG, XrdSutBuffer::Dump(), XrdSecProtocol::Entity, EPNAME, ErrC(), XrdSutBuffer::GetProtocol(), XrdSutBuffer::GetStep(), hs, gsiHSVars::ID, XrdCryptoX509::IssuerHash(), gsiHSVars::Iter, XrdCryptoX509::kCA, kGSErrAddBucket, kGSErrBadOpt, kGSErrBadProtocol, kGSErrBadRndmTag, kGSErrCreateBucket, kGSErrDecodeBuffer, kGSErrError, kGSErrNoBuffer, kGSErrNoCipher, kGSErrNoPublic, kGSErrParseBuffer, kGSErrSerialBuffer, kXGC_cert, kXGC_certreq, kXGC_none, kXGC_sigpxy, kXGS_cert, kXGS_init, kXGS_pxyreq, kXRS_clnt_opts, kXRS_cryptomod, kXRS_issuer_hash, kXRS_main, kXRS_message, kXRS_puk, kXRS_user, kXRS_version, XrdOucString::length(), XrdSutBuffer::MarshalBucket(), XrdSecEntity::name, XrdCryptoX509Chain::Next(), gsiHSVars::Options, gsiHSVars::Parms, ParseClientInput(), proxyChain, XrdCryptoCipher::Public(), gsiHSVars::PxyChain, QTRACE, REL2, XrdSutBuffer::Remove(), gsiHSVars::RemVers, XrdOucString::replace(), XrdSutBuffer::Serialized(), ServerStepStr(), sessionCF, sessionKey, XrdSutBuffer::SetStep(), XrdSecBuffer::size, XrdSutBucket::size, srvMode, XrdCryptoX509::SubjectHash(), gsiHSVars::TimeStamp, XrdCryptoX509::type, XrdSutBuffer::UpdateBucket(), Version, XrdCryptoFactory::X509ExportChain(), XrdSecPROTOIDENT, and XrdSutBuckStr().
int XrdSecProtocolgsi::getKey | ( | char * | kbuf = 0 , |
int | klen = 0 |
||
) | [virtual] |
Reimplemented from XrdSecProtocol.
References XrdCryptoCipher::AsBucket(), bucketKey, XrdSutBucket::buffer, DEBUG, EPNAME, sessionKey, and XrdSutBucket::size.
char * XrdSecProtocolgsi::Init | ( | gsiOptions | o, |
XrdOucErrInfo * | erp | ||
) | [static] |
References access(), XrdSutCache::Add(), AuthzFun, gsiOptions::authzfun, gsiOptions::authzfunparms, AuthzPxy, gsiOptions::authzpxy, gsiOptions::bits, XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdSutPFEntry::buf2, XrdSutPFEntry::buf3, XrdOucString::c_str(), gsiOptions::ca, cacheCA, cacheCert, CACheck, cacheGMAP, cacheGMAPFun, cachePxy, CAdir, gsiOptions::cert, gsiOptions::certdir, gsiOptions::cipher, XrdCryptoFactory::Cipher(), gsiOptions::clist, XrdSutPFEntry::cnt, gsiOptions::crl, CRLCheck, CRLdir, gsiOptions::crldir, gsiOptions::crlext, cryptF, cryptID, cryptName, cryptoTRACE_Debug, cryptoTRACE_Dump, DEBUG, gsiOptions::debug, Debug, DefBits, DefCipher, DefCRLext, DefCrypto, DefMD, gsiOptions::deplen, DepLength, gsiOptions::dlgpxy, XrdSutCache::Dump(), eDest, XrdSutCache::Empty(), XrdOucString::endswith(), EPNAME, XrdOucString::erase(), ErrF(), XrdCryptoX509::Export(), gsiOptions::exppxy, XrdOucString::find(), XrdCryptoFactory::GetCryptoFactory(), XrdOucErrInfo::getErrText(), GMAPCacheTimeOut, GMAPFile, GMAPFun, gsiOptions::gmapfun, gsiOptions::gmapfunparms, GMAPOpt, gsiOptions::gmapto, gsiOptions::gridmap, GSITrace, gUsrPxyDef, XrdCryptoFactory::ID(), XrdSutCache::Init(), XrdOucString::insert(), XrdCryptoX509::IssuerHash(), XrdCryptoX509::IsValid(), XrdCryptoRSA::kComplete, XrdCryptoX509::kEEC, gsiOptions::key, kGSErrError, kGSErrInit, kOptsDlgPxy, kOptsFwdPxy, kOptsPxFile, kOptsSigReq, kOptsSrvReq, kPFE_ok, XrdSutPFBuf::len, XrdOucString::length(), LoadAuthzFun(), LoadCADir(), LoadGMAP(), LoadGMAPFun(), Logger, XrdSysError::logger(), gsiOptions::md, gsiOptions::mode, XrdSutPFEntry::mtime, XrdCryptoFactory::Name(), ncrypt, XrdCryptoX509::NotAfter(), gsiOptions::ogmap, XrdCryptoX509::PKI(), PRINT, gsiOptions::proxy, PxyReqOpts, PxyValid, QTRACE, R_OK, refcip, XrdSutCache::Rehash(), XrdSutCache::Reset(), Server, XrdCryptoFactory::SetTrace(), gsiOptions::sigpxy, SrvAllowedNames, SrvCert, SrvKey, gsiOptions::srvnames, stat(), XrdSutPFEntry::status, XrdCryptoRSA::status, STR_NPOS, XrdOucString::tokenize(), TRACE_Authen, TRACE_Debug, XrdCryptoX509::Type(), XrdCryptoX509::type, UsrCert, UsrKey, UsrProxy, gsiOptions::valid, XrdSysPrivGuard::Valid(), Version, XrdOucTrace::What, XrdCryptoMax, XrdCryptoSetTrace(), XrdSutExpand(), XrdSutHome(), and XrdSutSetTrace().
Referenced by XrdSecProtocolgsiInit().
int XrdSecProtocolgsi::InitProxy | ( | ProxyIn_t * | pi, |
X509Chain * | ch = 0 , |
||
XrdCryptoRSA ** | key = 0 |
||
) | [static, private] |
References ProxyIn_t::bits, XrdOucString::c_str(), ProxyIn_t::cert, ProxyIn_t::certdir, DEBUG, ProxyIn_t::deplen, EPNAME, XrdOucString::erase(), XrdOucString::find(), ProxyIn_t::key, kMAXBUFLEN, ProxyIn_t::out, ProxyIn_t::valid, XrdSslgsiX509CreateProxy(), and XrdSutParseTime().
Referenced by QueryProxy().
XrdSecgsiAuthz_t XrdSecProtocolgsi::LoadAuthzFun | ( | const char * | plugin, |
const char * | parms | ||
) | [static, private] |
References AuthzPlugin, XrdOucString::c_str(), DEBUG, eDest, EPNAME, XrdSysPlugin::getPlugin(), XrdOucString::length(), and PRINT.
Referenced by Init().
int XrdSecProtocolgsi::LoadCADir | ( | int | timestamp | ) | [static, private] |
References XrdSutCache::Add(), XrdCryptoX509Chain::Begin(), XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdSutPFEntry::buf2, XrdOucString::c_str(), cacheCA, CACheck, CAdir, XrdCryptoX509Chain::Cleanup(), closedir(), XrdSutPFEntry::cnt, CRLCheck, cryptF, cryptID, DEBUG, EPNAME, XrdSutCache::Init(), XrdCryptoX509Crl::IsExpired(), kPFE_ok, XrdSutPFBuf::len, XrdOucString::length(), LoadCRL(), XrdSutPFEntry::mtime, ncrypt, opendir(), readdir(), XrdSutCache::Rehash(), SafeDelete, XrdSutPFEntry::status, XrdCryptoX509::SubjectHash(), XrdOucString::tokenize(), VerifyCA(), and XrdCryptoFactory::X509ParseFile().
Referenced by Init().
XrdCryptoX509Crl * XrdSecProtocolgsi::LoadCRL | ( | XrdCryptoX509 * | xca, |
XrdCryptoFactory * | CF | ||
) | [static, private] |
References XrdOucString::c_str(), CACheck, closedir(), CRLCheck, CRLdir, DEBUG, DefCRLext, EPNAME, XrdOucString::find(), fopen, XrdCryptoX509Crl::Issuer(), XrdCryptoX509::Issuer(), XrdCryptoX509::IssuerHash(), XrdOucString::length(), opendir(), readdir(), SafeDelete, XrdCryptoX509::Subject(), XrdCryptoX509::SubjectHash(), XrdOucString::tokenize(), XrdCryptoX509Crl::Verify(), XrdCryptoFactory::X509(), and XrdCryptoFactory::X509Crl().
Referenced by GetCA(), and LoadCADir().
int XrdSecProtocolgsi::LoadGMAP | ( | int | now | ) | [static, private] |
References XrdSutCache::Add(), XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdOucString::c_str(), cacheGMAP, XrdSutPFEntry::cnt, DEBUG, XrdSutCache::Empty(), EPNAME, fclose(), fopen, GMAPFile, XrdSutCache::Init(), kPFE_ok, XrdSutPFBuf::len, XrdOucString::length(), XrdSutPFEntry::mtime, PRINT, XrdSutCache::Rehash(), XrdSutCache::Reset(), SafeFree, stat(), and XrdSutPFEntry::status.
Referenced by Init(), and QueryGMAP().
XrdSecgsiGMAP_t XrdSecProtocolgsi::LoadGMAPFun | ( | const char * | plugin, |
const char * | parms | ||
) | [static, private] |
References XrdOucString::c_str(), DEBUG, eDest, EPNAME, XrdSysPlugin::getPlugin(), GMAPPlugin, XrdOucString::length(), and PRINT.
Referenced by Init().
int XrdSecProtocolgsi::ParseCAlist | ( | String | calist | ) | [private] |
References XrdOucString::c_str(), gsiHSVars::Chain, DEBUG, EPNAME, GetCA(), hs, XrdOucString::length(), and XrdOucString::tokenize().
Referenced by ClientDoInit(), and ServerDoCertreq().
int XrdSecProtocolgsi::ParseClientInput | ( | XrdSutBuffer * | br, |
XrdSutBuffer ** | bm, | ||
String & | emsg | ||
) | [private] |
References ClientDoCert(), ClientDoInit(), ClientDoPxyreq(), DEBUG, EPNAME, XrdSutBuffer::GetStep(), kXGS_cert, kXGS_init, and kXGS_pxyreq.
Referenced by getCredentials().
int XrdSecProtocolgsi::ParseCrypto | ( | String | cryptlist | ) | [private] |
References XrdOucString::c_str(), cryptF, cryptID, gsiHSVars::CryptoMod, DEBUG, EPNAME, XrdCryptoFactory::GetCryptoFactory(), GSITrace, hs, XrdCryptoFactory::ID(), XrdOucString::length(), ncrypt, gsiHSVars::Rcip, refcip, sessionCF, XrdCryptoFactory::SetTrace(), XrdOucString::tokenize(), XrdOucTrace::What, and XrdCryptoMax.
Referenced by ClientDoInit(), and ServerDoCertreq().
int XrdSecProtocolgsi::ParseServerInput | ( | XrdSutBuffer * | br, |
XrdSutBuffer ** | bm, | ||
String & | cmsg | ||
) | [private] |
References DEBUG, EPNAME, XrdSutBuffer::GetStep(), kXGC_cert, kXGC_certreq, kXGC_sigpxy, ServerDoCert(), ServerDoCertreq(), and ServerDoSigpxy().
Referenced by Authenticate().
void XrdSecProtocolgsi::QueryGMAP | ( | XrdCryptoX509Chain * | chain, |
int | now, | ||
String & | name | ||
) | [static, private] |
References XrdSutCache::Add(), AuthzFun, XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdOucString::c_str(), cacheGMAP, cacheGMAPFun, XrdSutPFEntry::cnt, DEBUG, XrdCryptoX509Chain::EECname(), EPNAME, XrdSutCache::Get(), GMAPCacheTimeOut, GMAPFun, kPFE_allowed, kPFE_ok, XrdSutPFBuf::len, XrdOucString::length(), LoadGMAP(), XrdSutPFEntry::mtime, PRINT, XrdSutCache::Rehash(), XrdSutCache::Remove(), SafeFree, XrdSutPFEntry::status, XrdSutBucket::ToString(), and XrdCryptosslX509ExportChain().
Referenced by Authenticate().
int XrdSecProtocolgsi::QueryProxy | ( | bool | checkcache, |
XrdSutCache * | cache, | ||
const char * | tag, | ||
XrdCryptoFactory * | cf, | ||
int | timestamp, | ||
ProxyIn_t * | pi, | ||
ProxyOut_t * | po | ||
) | [static, private] |
References XrdSutCache::Add(), XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdSutPFEntry::buf2, XrdSutPFEntry::buf3, CACheck, ProxyOut_t::cbck, ProxyOut_t::chain, XrdCryptoX509Chain::CheckCA(), XrdCryptoX509Chain::CheckValidity(), XrdCryptoX509Chain::Cleanup(), XrdSutPFEntry::cnt, DEBUG, XrdCryptoX509Chain::End(), EPNAME, XrdSutCache::Get(), InitProxy(), XrdCryptoRSA::kComplete, kPFE_special, ProxyOut_t::ksig, kXRS_x509, XrdSutPFBuf::len, XrdSutPFEntry::mtime, XrdCryptoX509::NotAfter(), ProxyIn_t::out, XrdCryptoX509::PKI(), XrdSutCache::Rehash(), XrdCryptoX509Chain::Reorder(), SafeDelete, XrdSutBucket::SetBuf(), XrdSutPFEntry::status, XrdCryptoRSA::status, XrdCryptoFactory::X509ExportChain(), XrdCryptoFactory::X509ParseBucket(), and XrdCryptoFactory::X509ParseFile().
Referenced by ClientDoInit(), and ServerDoCertreq().
bool XrdSecProtocolgsi::ServerCertNameOK | ( | const char * | subject, |
String & | e | ||
) | [private] |
References XrdOucString::assign(), XrdOucString::beginswith(), XrdOucString::c_str(), XrdSecProtocol::Entity, XrdOucString::erasefromstart(), XrdOucString::find(), XrdSecEntity::host, XrdOucString::length(), XrdOucString::matches(), XrdOucString::replace(), SrvAllowedNames, STR_NPOS, and XrdOucString::tokenize().
Referenced by ClientDoCert().
int XrdSecProtocolgsi::ServerDoCert | ( | XrdSutBuffer * | br, |
XrdSutBuffer ** | bm, | ||
String & | cmsg | ||
) | [private] |
References XrdSutPFBuf::buf, XrdSutPFEntry::buf4, XrdSutBucket::buffer, XrdOucString::c_str(), gsiHSVars::Chain, XrdCryptoFactory::Cipher(), gsiHSVars::Cref, gsiHSVars::Crl, XrdSutBuffer::Deactivate(), DEBUG, XrdCryptoCipher::Decrypt(), DefCipher, DefMD, XrdCryptoX509Chain::End(), EPNAME, XrdCryptoX509Req::Export(), XrdCryptoCipher::Finalize(), XrdOucString::find(), XrdSutBuffer::GetBucket(), hs, XrdCryptoRSA::IsValid(), XrdCryptoX509Chain::kNone, kOptsDelChn, kOptsDlgPxy, kOptsFwdPxy, kOptsSigReq, kOptsSrvReq, kXRS_cipher_alg, kXRS_main, kXRS_md_alg, kXRS_puk, kXRS_version, kXRS_x509, XrdCryptoX509Chain::LastError(), XrdCryptoFactory::MsgDigest(), XrdSutPFEntry::mtime, gsiHSVars::Options, XrdCryptoX509::PKI(), gsiHSVars::PxyChain, PxyReqOpts, gsiHSVars::Rcip, gsiHSVars::RemVers, XrdCryptoX509Chain::Reorder(), XrdCryptoFactory::RSA(), SafeDelete, sessionCF, sessionKey, sessionKver, sessionMD, XrdSutBucket::size, TimeSkew, gsiHSVars::TimeStamp, XrdSutBucket::ToString(), XrdCryptosslgsiX509Chain::Verify(), Version, XrdCryptoFactory::X509ParseBucket(), and XrdSslgsiX509CreateProxyReq().
Referenced by ParseServerInput().
int XrdSecProtocolgsi::ServerDoCertreq | ( | XrdSutBuffer * | br, |
XrdSutBuffer ** | bm, | ||
String & | cmsg | ||
) | [private] |
References XrdSutPFBuf::buf, XrdSutPFEntry::buf2, XrdSutPFEntry::buf3, XrdSutBucket::buffer, XrdOucString::c_str(), cacheCert, CAdir, gsiHSVars::Cbck, gsiHSVars::Cref, XrdSutBuffer::Deactivate(), XrdSutCache::Get(), XrdSutBuffer::GetBucket(), hs, gsiHSVars::ID, kPFE_special, kXRS_clnt_opts, kXRS_cryptomod, kXRS_issuer_hash, kXRS_main, kXRS_version, XrdSutPFEntry::mtime, XrdCryptoFactory::Name(), gsiHSVars::Options, ParseCAlist(), ParseCrypto(), PxyValid, QueryProxy(), gsiHSVars::RemVers, XrdCryptoFactory::RSA(), sessionCF, sessionKsig, XrdSutBucket::size, SrvCert, SrvKey, XrdSutPFEntry::status, gsiHSVars::TimeStamp, XrdSutBucket::ToString(), XrdSutBuffer::UnmarshalBucket(), UsrProxy, and Version.
Referenced by ParseServerInput().
int XrdSecProtocolgsi::ServerDoSigpxy | ( | XrdSutBuffer * | br, |
XrdSutBuffer ** | bm, | ||
String & | cmsg | ||
) | [private] |
References XrdSutPFBuf::buf, XrdSutPFEntry::buf4, XrdSutBucket::buffer, XrdOucString::c_str(), gsiHSVars::Cref, DEBUG, XrdCryptoCipher::Decrypt(), XrdCryptoX509Chain::Dump(), XrdCryptoX509Chain::EECname(), XrdCryptoX509Chain::End(), XrdSecProtocol::Entity, EPNAME, XrdOucString::find(), XrdSutBuffer::GetBucket(), XrdSecEntity::grps, XrdSecEntity::host, hs, XrdCryptoRSA::ImportPrivate(), kOptsFwdPxy, kOptsPxFile, kXRS_main, kXRS_message, kXRS_user, kXRS_x509, XrdOucString::length(), XrdSecEntity::name, XrdCryptoRSA::Opaque(), gsiHSVars::Options, XrdCryptoX509::PKI(), proxyChain, XrdCryptoX509Chain::PushBack(), gsiHSVars::PxyChain, PxyReqOpts, QTRACE, XrdOucString::replace(), XrdCryptoX509Chain::SearchBySubject(), sessionCF, sessionKey, XrdCryptoX509::SetPKI(), XrdSutBucket::size, STR_NPOS, XrdCryptoX509::SubjectHash(), XrdSutBucket::ToString(), UsrProxy, XrdSecEntity::vorg, XrdCryptoFactory::X509(), XrdCryptoFactory::X509ChainToFile(), and XrdSutResolve().
Referenced by ParseServerInput().
int XrdSecProtocolgsi::setKey | ( | char * | kbuf, |
int | klen | ||
) | [virtual] |
Reimplemented from XrdSecProtocol.
References XrdCryptoFactory::Cipher(), DEBUG, EPNAME, SafeDelete, sessionCF, sessionKey, and XrdSutBucket::SetBuf().
int XrdSecProtocolgsi::Sign | ( | const char * | inbuf, |
int | inlen, | ||
XrdSecBuffer ** | outbuf | ||
) | [virtual] |
int XrdSecProtocolgsi::Verify | ( | const char * | inbuf, |
int | inlen, | ||
const char * | sigbuf, | ||
int | siglen | ||
) | [virtual] |
bool XrdSecProtocolgsi::VerifyCA | ( | int | opt, |
X509Chain * | cca, | ||
XrdCryptoFactory * | cf | ||
) | [static, private] |
References XrdCryptoX509Chain::Begin(), XrdOucString::c_str(), CACheck, XrdCryptoX509Chain::CheckCA(), DEBUG, EPNAME, GetCApath(), XrdCryptoX509::IssuerHash(), XrdCryptoX509Chain::kUnknown, XrdCryptoX509Chain::kValid, XrdOucString::length(), XrdCryptoX509Chain::Next(), PRINT, XrdCryptoX509Chain::PutInFront(), XrdCryptoX509Chain::Remove(), SafeDelete, XrdCryptoX509Chain::SetStatusCA(), XrdCryptoX509::SubjectHash(), XrdCryptosslgsiX509Chain::Verify(), and XrdCryptoFactory::X509ParseFile().
Referenced by GetCA(), and LoadCADir().
XrdSecgsiAuthz_t XrdSecProtocolgsi::AuthzFun = 0 [static, private] |
Referenced by Init(), and QueryGMAP().
XrdSysPlugin * XrdSecProtocolgsi::AuthzPlugin = 0 [static, private] |
Referenced by LoadAuthzFun().
int XrdSecProtocolgsi::AuthzPxy = 0 [static, private] |
Referenced by Authenticate(), and Init().
XrdSutBucket* XrdSecProtocolgsi::bucketKey [private] |
Referenced by Delete(), getKey(), and XrdSecProtocolgsi().
XrdSutCache XrdSecProtocolgsi::cacheCA [static, private] |
Referenced by GetCA(), Init(), and LoadCADir().
XrdSutCache XrdSecProtocolgsi::cacheCert [static, private] |
Referenced by Init(), and ServerDoCertreq().
int XrdSecProtocolgsi::CACheck = 1 [static, private] |
Referenced by GetCA(), Init(), LoadCADir(), LoadCRL(), QueryProxy(), and VerifyCA().
XrdSutCache XrdSecProtocolgsi::cacheGMAP [static, private] |
Referenced by Init(), LoadGMAP(), and QueryGMAP().
XrdSutCache XrdSecProtocolgsi::cacheGMAPFun [static, private] |
Referenced by Init(), and QueryGMAP().
XrdSutCache XrdSecProtocolgsi::cachePxy [static, private] |
Referenced by ClientDoInit(), and Init().
String XrdSecProtocolgsi::CAdir = "/etc/grid-security/certificates/" [static, private] |
Referenced by ClientDoInit(), GetCApath(), Init(), LoadCADir(), and ServerDoCertreq().
int XrdSecProtocolgsi::CRLCheck = 1 [static, private] |
Referenced by GetCA(), Init(), LoadCADir(), and LoadCRL().
String XrdSecProtocolgsi::CRLdir = "/etc/grid-security/certificates/" [static, private] |
XrdCryptoFactory * XrdSecProtocolgsi::cryptF = {0} [static, private] |
Referenced by Init(), LoadCADir(), and ParseCrypto().
int XrdSecProtocolgsi::cryptID = {0} [static, private] |
Referenced by Init(), LoadCADir(), and ParseCrypto().
String XrdSecProtocolgsi::cryptName = {0} [static, private] |
Referenced by Init().
int XrdSecProtocolgsi::Debug = 0 [static, private] |
int XrdSecProtocolgsi::DefBits = 512 [static, private] |
Referenced by ClientDoInit(), and Init().
String XrdSecProtocolgsi::DefCipher = "aes-128-cbc:bf-cbc:des-ede3-cbc" [static, private] |
Referenced by Authenticate(), Init(), and ServerDoCert().
String XrdSecProtocolgsi::DefCRLext = ".r0" [static, private] |
String XrdSecProtocolgsi::DefCrypto = "ssl" [static, private] |
Referenced by ClientDoInit(), and Init().
String XrdSecProtocolgsi::DefError = "invalid credentials " [static, private] |
String XrdSecProtocolgsi::DefMD = "sha1:md5" [static, private] |
Referenced by Authenticate(), Init(), and ServerDoCert().
int XrdSecProtocolgsi::DepLength = 0 [static, private] |
Referenced by ClientDoInit(), and Init().
XrdSysError XrdSecProtocolgsi::eDest [static, private] |
Referenced by Init(), LoadAuthzFun(), and LoadGMAPFun().
int XrdSecProtocolgsi::GMAPCacheTimeOut = -1 [static, private] |
Referenced by Init(), and QueryGMAP().
String XrdSecProtocolgsi::GMAPFile = "/etc/grid-security/grid-mapfile" [static, private] |
Referenced by Init(), and LoadGMAP().
XrdSecgsiGMAP_t XrdSecProtocolgsi::GMAPFun = 0 [static, private] |
Referenced by Init(), and QueryGMAP().
int XrdSecProtocolgsi::GMAPOpt = 1 [static, private] |
Referenced by Authenticate(), and Init().
XrdSysPlugin * XrdSecProtocolgsi::GMAPPlugin = 0 [static, private] |
Referenced by LoadGMAPFun().
XrdSysMutex XrdSecProtocolgsi::gsiContext [static, private] |
XrdOucTrace * XrdSecProtocolgsi::GSITrace = 0 [static, private] |
Referenced by Init(), and ParseCrypto().
struct sockaddr XrdSecProtocolgsi::hostaddr [private] |
Referenced by XrdSecProtocolgsi().
gsiHSVars* XrdSecProtocolgsi::hs [private] |
XrdSysLogger XrdSecProtocolgsi::Logger [static, private] |
Referenced by Init().
int XrdSecProtocolgsi::ncrypt = 0 [static, private] |
Referenced by Init(), LoadCADir(), and ParseCrypto().
int XrdSecProtocolgsi::options [private] |
Referenced by XrdSecProtocolgsi().
X509Chain* XrdSecProtocolgsi::proxyChain [private] |
Referenced by Delete(), getCredentials(), ServerDoSigpxy(), and XrdSecProtocolgsi().
int XrdSecProtocolgsi::PxyReqOpts = 0 [static, private] |
Referenced by ClientDoInit(), Init(), ServerDoCert(), and ServerDoSigpxy().
String XrdSecProtocolgsi::PxyValid = "12:00" [static, private] |
Referenced by ClientDoInit(), Init(), and ServerDoCertreq().
XrdCryptoCipher * XrdSecProtocolgsi::refcip = {0} [static, private] |
Referenced by Init(), and ParseCrypto().
bool XrdSecProtocolgsi::Server = 1 [static, private] |
Referenced by Init(), and XrdSecProtocolgsi().
XrdCryptoFactory* XrdSecProtocolgsi::sessionCF [private] |
Referenced by ClientDoCert(), ClientDoInit(), ClientDoPxyreq(), GetCA(), getCredentials(), ParseCrypto(), ServerDoCert(), ServerDoCertreq(), ServerDoSigpxy(), setKey(), and XrdSecProtocolgsi().
XrdCryptoCipher* XrdSecProtocolgsi::sessionKey [private] |
Referenced by Authenticate(), ClientDoCert(), ClientDoPxyreq(), Decrypt(), Delete(), Encrypt(), getCredentials(), getKey(), ServerDoCert(), ServerDoSigpxy(), setKey(), and XrdSecProtocolgsi().
XrdCryptoRSA* XrdSecProtocolgsi::sessionKsig [private] |
Referenced by AddSerialized(), ClientDoInit(), Delete(), ServerDoCertreq(), Sign(), and XrdSecProtocolgsi().
XrdCryptoRSA* XrdSecProtocolgsi::sessionKver [private] |
Referenced by CheckRtag(), ClientDoCert(), Delete(), ServerDoCert(), Verify(), and XrdSecProtocolgsi().
XrdCryptoMsgDigest* XrdSecProtocolgsi::sessionMD [private] |
Referenced by ClientDoCert(), Delete(), ServerDoCert(), Sign(), Verify(), and XrdSecProtocolgsi().
String XrdSecProtocolgsi::SrvAllowedNames [static, private] |
Referenced by Init(), and ServerCertNameOK().
String XrdSecProtocolgsi::SrvCert = "/etc/grid-security/xrd/xrdcert.pem" [static, private] |
Referenced by Init(), and ServerDoCertreq().
String XrdSecProtocolgsi::SrvKey = "/etc/grid-security/xrd/xrdkey.pem" [static, private] |
Referenced by Init(), and ServerDoCertreq().
bool XrdSecProtocolgsi::srvMode [private] |
Referenced by getCredentials(), and XrdSecProtocolgsi().
int XrdSecProtocolgsi::TimeSkew = 300 [static, private] |
Referenced by ClientDoCert(), and ServerDoCert().
String XrdSecProtocolgsi::UsrCert = "/.globus/usercert.pem" [static, private] |
Referenced by ClientDoInit(), and Init().
String XrdSecProtocolgsi::UsrKey = "/.globus/userkey.pem" [static, private] |
Referenced by ClientDoInit(), and Init().
String XrdSecProtocolgsi::UsrProxy [static, private] |
Referenced by ClientDoInit(), Init(), ServerDoCertreq(), and ServerDoSigpxy().