xrootd
|
#include <XrdSecProtocolssl.hh>
Classes | |
struct | sslverify_t |
Public Member Functions | |
XrdSecProtocolssl (const char *hostname, const struct sockaddr *ipaddr) | |
virtual void | secClient (int theFD, XrdOucErrInfo *einfo) |
virtual void | secServer (int theFD, XrdOucErrInfo *einfo=0) |
virtual void | Delete () |
~XrdSecProtocolssl () | |
Static Public Member Functions | |
static int | dummy (const char *key, XrdSecProtocolssl *ssl, void *Arg) |
static int | GenerateSession (const SSL *ssl, unsigned char *id, unsigned int *id_len) |
static int | NewSession (SSL *ssl, SSL_SESSION *pNew) |
static int | GetSession (SSL *ssl, SSL_SESSION *pNew) |
static void | ReloadGridMapFile () |
static void | ReloadVomsMapFile () |
static bool | VomsMapGroups (const char *groups, XrdOucString &allgroups, XrdOucString &defaultgroup) |
static void | GetEnvironment () |
static int | Fatal (XrdOucErrInfo *erp, const char *msg, int rc) |
Public Attributes | |
int | sessionfd |
X509 * | client_cert |
X509 * | server_cert |
XrdOucString | host |
char | proxyBuff [16384] |
SSL_CTX * | clientctx |
XrdSysMutex | SSLMutex |
bool | terminate |
struct sockaddr | hostaddr |
char * | credBuff |
int | Step |
int | sd |
int | listen_sd |
struct sockaddr_in | sa_serv |
struct sockaddr_in | sa_cli |
SSL * | ssl |
Static Public Attributes | |
static char * | SessionIdContext = "xrootdssl" |
static char * | sslcadir = 0 |
static char * | sslvomsdir = 0 |
static char * | sslserverkeyfile = 0 |
static char * | sslkeyfile = 0 |
static char * | sslcertfile = 0 |
static char * | sslproxyexportdir = (char*)0 |
static bool | sslproxyexportplain = 1 |
static char | sslserverexportpassword [EXPORTKEYSTRENGTH+1] |
static int | threadsinuse = 0 |
static char * | gridmapfile = "/etc/grid-security/grid-mapfile" |
static char * | vomsmapfile = "/etc/grid-security/voms-mapfile" |
static bool | mapuser = false |
static bool | mapnobody = false |
static bool | mapgroup = false |
static bool | mapcerncertificates = false |
static int | debug = 0 |
static time_t | sslsessionlifetime = 86400 |
static int | sslselecttimeout = 10 |
static int | sslsessioncachesize = 2000 |
static char * | procdir = "" |
static XrdSecProtocolsslProc * | proc = (XrdSecProtocolsslProc*)0 |
static int | errortimeout = 0 |
static int | errorverify = 0 |
static int | errorqueue = 0 |
static int | erroraccept = 0 |
static int | errorabort = 0 |
static int | errorread = 0 |
static int | forwardedproxies = 0 |
static bool | isServer = 0 |
static bool | forwardProxy = 0 |
static bool | allowSessions = 0 |
static X509_STORE * | store = 0 |
static X509_LOOKUP * | lookup = 0 |
static int | verifydepth = 10 |
static int | verifyindex = 0 |
static XrdOucHash< XrdOucString > | gridmapstore |
static XrdOucHash< XrdOucString > | vomsmapstore |
static XrdOucHash< XrdOucString > | stringstore |
static XrdSysMutex | StoreMutex |
static XrdSysMutex | VomsMapMutex |
static XrdSysMutex | GridMapMutex |
static XrdSysMutex * | CryptoMutexPool [PROTOCOLSSL_MAX_CRYPTO_MUTEX] |
static XrdSysMutex | ThreadsInUseMutex |
static XrdSysMutex | ErrorMutex |
static XrdSysLogger | Logger |
static XrdSysError | ssleDest |
static time_t | storeLoadTime |
static SSL_CTX * | ctx = 0 |
Friends | |
class | XrdSecProtocolDummy |
XrdSecProtocolssl::XrdSecProtocolssl | ( | const char * | hostname, |
const struct sockaddr * | ipaddr | ||
) | [inline] |
XrdSecProtocolssl::~XrdSecProtocolssl | ( | ) | [inline] |
virtual void XrdSecProtocolssl::Delete | ( | ) | [inline, virtual] |
static int XrdSecProtocolssl::dummy | ( | const char * | key, |
XrdSecProtocolssl * | ssl, | ||
void * | Arg | ||
) | [inline, static] |
int XrdSecProtocolssl::Fatal | ( | XrdOucErrInfo * | erp, |
const char * | msg, | ||
int | rc | ||
) | [static] |
References errorabort, erroraccept, errorqueue, errorread, errortimeout, errorverify, XrdSecProtocolsslProc::Handle(), XrdOucErrInfo::setErrInfo(), and XrdSecProtocolsslProcFile::Write().
Referenced by secClient(), and secServer().
int XrdSecProtocolssl::GenerateSession | ( | const SSL * | ssl, |
unsigned char * | id, | ||
unsigned int * | id_len | ||
) | [static] |
References EPNAME, MAX_SESSION_ID_ATTEMPTS, and TRACE.
Referenced by XrdSecProtocolsslInit().
void XrdSecProtocolssl::GetEnvironment | ( | ) | [static] |
References allowSessions, debug, EPNAME, forwardProxy, sslcadir, sslcertfile, sslkeyfile, sslproxyexportdir, sslselecttimeout, sslvomsdir, TRACE, and verifydepth.
Referenced by secClient(), and XrdSecProtocolsslInit().
static int XrdSecProtocolssl::GetSession | ( | SSL * | ssl, |
SSL_SESSION * | pNew | ||
) | [static] |
int XrdSecProtocolssl::NewSession | ( | SSL * | ssl, |
SSL_SESSION * | pNew | ||
) | [static] |
References DEBUG, EPNAME, sslsessionlifetime, and TRACE.
Referenced by XrdSecProtocolsslInit().
void XrdSecProtocolssl::ReloadGridMapFile | ( | ) | [static] |
References XrdOucHash< T >::Add(), XrdOucString::c_str(), EPNAME, XrdOucString::erase(), fclose(), XrdOucHash< T >::Find(), XrdOucString::find(), fopen, gridmapfile, GridMapMutex, gridmapstore, XrdSysMutex::Lock(), XrdOucHash< T >::Purge(), XrdOucString::replace(), stat(), TRACE, and XrdSysMutex::UnLock().
Referenced by secServer().
void XrdSecProtocolssl::ReloadVomsMapFile | ( | ) | [static] |
References XrdOucHash< T >::Add(), XrdOucString::c_str(), EPNAME, fclose(), XrdOucHash< T >::Find(), fopen, XrdSysMutex::Lock(), XrdOucHash< T >::Purge(), XrdOucString::replace(), stat(), TRACE, XrdSysMutex::UnLock(), vomsmapfile, VomsMapMutex, and vomsmapstore.
Referenced by VomsMapGroups().
void XrdSecProtocolssl::secClient | ( | int | theFD, |
XrdOucErrInfo * | einfo | ||
) | [virtual] |
Implements XrdSecTLayer.
References allowSessions, XrdOucString::c_str(), clientctx, close, DEBUG, EPNAME, erroraccept, ErrorMutex, errorread, errortimeout, ETIMEDOUT, F_GETFL, F_SETFL, Fatal(), fclose(), fcntl(), fopen, forwardProxy, GetEnvironment(), XrdSecsslSessionLock::HardLock(), XrdSecsslSessionLock::HardUnLock(), host, l2n, XrdSysMutex::Lock(), O_NONBLOCK, open(), proxyBuff, read(), S_IRUSR, S_IWUSR, secprotocolssl_pem_cb(), server_cert, XrdOucErrInfo::setErrInfo(), XrdSecsslSessionLock::SoftLock(), XrdSecsslSessionLock::SoftUnLock(), ssl, ssl_continue(), ssl_select(), sslcadir, sslcertfile, sslkeyfile, SSLMutex, sslproxyexportplain, sslselecttimeout, sslserverexportpassword, sslvomsdir, stat(), TRACE, XrdSysMutex::UnLock(), and verifydepth.
Referenced by main().
void XrdSecProtocolssl::secServer | ( | int | theFD, |
XrdOucErrInfo * | einfo = 0 |
||
) | [virtual] |
Implements XrdSecTLayer.
References XrdOucString::beginswith(), XrdOucString::c_str(), client_cert, close, ctx, DEBUG, debug, ECONNABORTED, XrdSecEntity::endorsements, XrdSecProtocol::Entity, EPNAME, XrdOucString::erase(), XrdOucString::erasefromstart(), errorabort, erroraccept, ErrorMutex, errorqueue, errorread, errortimeout, errorverify, ETIMEDOUT, EXPORTKEYSTRENGTH, F_GETFL, F_SETFL, Fatal(), fclose(), fcntl(), XrdOucHash< T >::Find(), XrdOucString::find(), fopen, forwardedproxies, gettimeofday(), GridMapMutex, gridmapstore, XrdSecEntity::grps, XrdSecProtocolsslProc::Handle(), XrdOucString::length(), XrdSysMutex::Lock(), mapcerncertificates, mapgroup, mapnobody, mapuser, XrdSecEntity::name, O_NONBLOCK, open(), XrdSecEntity::prot, proxyBuff, ReloadGridMapFile(), rename(), XrdOucString::replace(), XrdSecEntity::role, S_IRUSR, S_IWUSR, ssl, ssl_continue(), ssl_select(), sslcadir, SSLMutex, sslproxyexportdir, sslproxyexportplain, sslselecttimeout, sslserverexportpassword, sslsessioncachesize, store, storeLoadTime, StoreMutex, STR_NPOS, terminate, threadsinuse, TRACE, unlink(), XrdSysMutex::UnLock(), VomsMapGroups(), write(), and XrdSecProtocolsslProcFile::Write().
Referenced by main().
bool XrdSecProtocolssl::VomsMapGroups | ( | const char * | groups, |
XrdOucString & | allgroups, | ||
XrdOucString & | defaultgroup | ||
) | [static] |
References XrdOucString::c_str(), EPNAME, XrdOucString::erase(), ReloadVomsMapFile(), XrdOucString::replace(), XrdOucString::rfind(), STR_NPOS, and TRACE.
Referenced by secServer().
friend class XrdSecProtocolDummy [friend] |
bool XrdSecProtocolssl::allowSessions = 0 [static] |
Referenced by GetEnvironment(), main(), and secClient().
Referenced by Delete(), secServer(), and XrdSecProtocolssl().
SSL_CTX* XrdSecProtocolssl::clientctx |
Referenced by secClient(), and XrdSecProtocolssl().
Referenced by Delete(), and XrdSecProtocolssl().
XrdSysMutex * XrdSecProtocolssl::CryptoMutexPool [static] |
SSL_CTX * XrdSecProtocolssl::ctx = 0 [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::debug = 0 [static] |
Referenced by GetEnvironment(), secServer(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::errorabort = 0 [static] |
Referenced by Fatal(), and secServer().
int XrdSecProtocolssl::erroraccept = 0 [static] |
Referenced by Fatal(), secClient(), and secServer().
XrdSysMutex XrdSecProtocolssl::ErrorMutex [static] |
Referenced by secClient(), and secServer().
int XrdSecProtocolssl::errorqueue = 0 [static] |
Referenced by Fatal(), and secServer().
int XrdSecProtocolssl::errorread = 0 [static] |
Referenced by Fatal(), secClient(), and secServer().
int XrdSecProtocolssl::errortimeout = 0 [static] |
Referenced by Fatal(), secClient(), and secServer().
int XrdSecProtocolssl::errorverify = 0 [static] |
Referenced by Fatal(), and secServer().
int XrdSecProtocolssl::forwardedproxies = 0 [static] |
Referenced by secServer().
bool XrdSecProtocolssl::forwardProxy = 0 [static] |
Referenced by GetEnvironment(), and secClient().
char * XrdSecProtocolssl::gridmapfile = "/etc/grid-security/grid-mapfile" [static] |
Referenced by ReloadGridMapFile(), and XrdSecProtocolsslInit().
Referenced by ReloadGridMapFile(), and secServer().
XrdOucHash< XrdOucString > XrdSecProtocolssl::gridmapstore [static] |
Referenced by ReloadGridMapFile(), and secServer().
Referenced by secClient(), and XrdSecProtocolssl().
struct sockaddr XrdSecProtocolssl::hostaddr |
bool XrdSecProtocolssl::isServer = 0 [static] |
Reimplemented from XrdSecTLayer.
Referenced by XrdSecProtocolsslInit().
XrdSysLogger XrdSecProtocolssl::Logger [static] |
X509_LOOKUP * XrdSecProtocolssl::lookup = 0 [static] |
bool XrdSecProtocolssl::mapcerncertificates = false [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::mapgroup = false [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::mapnobody = false [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::mapuser = false [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
XrdSecProtocolsslProc * XrdSecProtocolssl::proc = (XrdSecProtocolsslProc*)0 [static] |
Referenced by XrdSecProtocolsslInit().
char * XrdSecProtocolssl::procdir = "" [static] |
Referenced by XrdSecProtocolsslInit().
char XrdSecProtocolssl::proxyBuff[16384] |
Referenced by secClient(), secServer(), and XrdSecProtocolssl().
struct sockaddr_in XrdSecProtocolssl::sa_cli |
struct sockaddr_in XrdSecProtocolssl::sa_serv |
Referenced by Delete(), secClient(), and XrdSecProtocolssl().
char * XrdSecProtocolssl::SessionIdContext = "xrootdssl" [static] |
Referenced by XrdSecProtocolsslInit().
Referenced by Delete(), secClient(), secServer(), and XrdSecProtocolssl().
char * XrdSecProtocolssl::sslcadir = 0 [static] |
Referenced by GetEnvironment(), secClient(), secServer(), and XrdSecProtocolsslInit().
char * XrdSecProtocolssl::sslcertfile = 0 [static] |
Referenced by GetEnvironment(), secClient(), and XrdSecProtocolsslInit().
XrdSysError XrdSecProtocolssl::ssleDest [static] |
Referenced by XrdSecProtocolsslInit().
char * XrdSecProtocolssl::sslkeyfile = 0 [static] |
Referenced by GetEnvironment(), secClient(), and XrdSecProtocolsslInit().
Referenced by Delete(), secClient(), and secServer().
char * XrdSecProtocolssl::sslproxyexportdir = (char*)0 [static] |
Referenced by GetEnvironment(), secServer(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::sslproxyexportplain = 1 [static] |
Referenced by secClient(), secServer(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::sslselecttimeout = 10 [static] |
Referenced by GetEnvironment(), secClient(), secServer(), and XrdSecProtocolsslInit().
char XrdSecProtocolssl::sslserverexportpassword [static] |
Referenced by secClient(), secprotocolssl_pem_cb(), secServer(), and XrdSecProtocolsslInit().
char * XrdSecProtocolssl::sslserverkeyfile = 0 [static] |
Referenced by XrdSecProtocolsslInit().
int XrdSecProtocolssl::sslsessioncachesize = 2000 [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
time_t XrdSecProtocolssl::sslsessionlifetime = 86400 [static] |
Referenced by NewSession(), and XrdSecProtocolsslInit().
char * XrdSecProtocolssl::sslvomsdir = 0 [static] |
Referenced by GetEnvironment(), secClient(), and XrdSecProtocolsslInit().
X509_STORE * XrdSecProtocolssl::store = 0 [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
time_t XrdSecProtocolssl::storeLoadTime [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
XrdSysMutex XrdSecProtocolssl::StoreMutex [static] |
Referenced by secServer().
XrdOucHash< XrdOucString > XrdSecProtocolssl::stringstore [static] |
Referenced by Delete(), secServer(), and XrdSecProtocolssl().
int XrdSecProtocolssl::threadsinuse = 0 [static] |
int XrdSecProtocolssl::verifydepth = 10 [static] |
Referenced by GetEnvironment(), secClient(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::verifyindex = 0 [static] |
char * XrdSecProtocolssl::vomsmapfile = "/etc/grid-security/voms-mapfile" [static] |
Referenced by ReloadVomsMapFile(), and XrdSecProtocolsslInit().
Referenced by ReloadVomsMapFile().
XrdOucHash< XrdOucString > XrdSecProtocolssl::vomsmapstore [static] |
Referenced by ReloadVomsMapFile().