XRootD
Loading...
Searching...
No Matches
XrdSecProtocolgsi.cc File Reference
#include <unistd.h>
#include <cctype>
#include <cerrno>
#include <cstdlib>
#include <strings.h>
#include <cstdio>
#include <sys/param.h>
#include <pwd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <dirent.h>
#include <iostream>
#include "XrdVersion.hh"
#include "XrdNet/XrdNetAddr.hh"
#include "XrdSec/XrdSecEntityAttr.hh"
#include "XrdSys/XrdSysHeaders.hh"
#include "XrdSys/XrdSysLogger.hh"
#include "XrdSys/XrdSysError.hh"
#include "XrdOuc/XrdOucPinLoader.hh"
#include "XrdOuc/XrdOucStream.hh"
#include "XrdOuc/XrdOucEnv.hh"
#include "XrdSut/XrdSutAux.hh"
#include "XrdCrypto/XrdCryptoMsgDigest.hh"
#include "XrdCrypto/XrdCryptoX509Chain.hh"
#include "XrdCrypto/XrdCryptoX509Req.hh"
#include "XrdSecgsi/XrdSecProtocolgsi.hh"
#include "XrdSecgsi/XrdSecgsiOpts.hh"
+ Include dependency graph for XrdSecProtocolgsi.cc:

Go to the source code of this file.

Macros

#define POPTS(t, y)   {if (t) {std::cerr <<"Secgsi" <<y <<'\n' << std::flush;}}
 

Functions

static bool AuthzFunCheck (XrdSutCacheEntry *e, void *a)
 
static const char * ClientStepStr (int kclt)
 
static bool GetCACheck (XrdSutCacheEntry *e, void *a)
 
static bool GetSrvCertEntCheck (XrdSutCacheEntry *e, void *a)
 
static bool QueryGMAPCheck (XrdSutCacheEntry *e, void *a)
 
static bool QueryProxyCheck (XrdSutCacheEntry *e, void *a)
 
static const char * ServerStepStr (int ksrv)
 
char * XrdSecProtocolgsiInit (const char mode, const char *parms, XrdOucErrInfo *erp)
 
XrdSecProtocolXrdSecProtocolgsiObject (const char mode, const char *hostname, XrdNetAddrInfo &endPoint, const char *parms, XrdOucErrInfo *erp)
 
 XrdVERSIONINFO (XrdSecProtocolgsiObject, secgsi)
 

Variables

static const char * gGSErrStr []
 
static const char * gNoPadTag = "nopad"
 
static const char * gsiClientSteps []
 
static const char * gsiServerSteps []
 
XrdOucTracegsiTrace = 0
 
static const char * gUsrPxyDef = "/tmp/x509up_u"
 
static const int kOneDay = 86400
 
static String Prefix = "xrd"
 
static String ProtoID = XrdSecPROTOIDENT
 
static const kXR_int32 Version = XrdSecgsiVERSION
 

Macro Definition Documentation

◆ POPTS

#define POPTS (   t,
 
)    {if (t) {std::cerr <<"Secgsi" <<y <<'\n' << std::flush;}}

Definition at line 68 of file XrdSecProtocolgsi.cc.

Function Documentation

◆ AuthzFunCheck()

static bool AuthzFunCheck ( XrdSutCacheEntry e,
void *  a 
)
static

Definition at line 1720 of file XrdSecProtocolgsi.cc.

1720 {
1721
1722 int st_ref = (*((XrdSutCacheArg_t *)a)).arg1;
1723 time_t ts_ref = (time_t)(*((XrdSutCacheArg_t *)a)).arg2;
1724 long to_ref = (*((XrdSutCacheArg_t *)a)).arg3;
1725 int st_exp = (*((XrdSutCacheArg_t *)a)).arg4;
1726
1727 if (e && (e->status == st_ref)) {
1728 // Check expiration, if required
1729 bool expired = 0;
1730 if (to_ref > 0 && (ts_ref - e->mtime) > to_ref) expired = 1;
1731 int notafter = *((int *) e->buf2.buf);
1732 if (to_ref > notafter) expired = 1;
1733
1734 if (expired) {
1735 // Invalidate the entry, if the case
1736 e->status = st_exp;
1737 } else {
1738 return true;
1739 }
1740 }
1741 return false;
1742}
XrdSutCacheEntryBuf buf2

References XrdSutCacheEntryBuf::buf, XrdSutCacheEntry::buf2, XrdSutCacheEntry::mtime, and XrdSutCacheEntry::status.

Referenced by XrdSecProtocolgsi::Authenticate().

+ Here is the caller graph for this function:

◆ ClientStepStr()

static const char * ClientStepStr ( int  kclt)
static

Definition at line 223 of file XrdSecProtocolgsi.cc.

224{
225 // Return string with client step
226 static const char *ukn = "Unknown";
227
228 kclt = (kclt < 0) ? 0 : kclt;
229 kclt = (kclt > kXGC_reserved) ? 0 : kclt;
230 kclt = (kclt >= kXGC_certreq) ? (kclt - kXGC_certreq + 1) : kclt;
231
232 if (kclt < 0 || kclt > (kXGC_reserved - kXGC_certreq + 1))
233 return ukn;
234 else
235 return gsiClientSteps[kclt];
236}
static const char * gsiClientSteps[]
@ kXGC_reserved
@ kXGC_certreq

References gsiClientSteps, kXGC_certreq, and kXGC_reserved.

Referenced by XrdSecProtocolgsi::Authenticate(), XrdSecProtocolpwd::Authenticate(), XrdSecProtocolgsi::getCredentials(), and XrdSecProtocolpwd::getCredentials().

+ Here is the caller graph for this function:

◆ GetCACheck()

static bool GetCACheck ( XrdSutCacheEntry e,
void *  a 
)
static

Definition at line 4616 of file XrdSecProtocolgsi.cc.

4616 {
4617
4618 EPNAME("GetCACheck");
4619
4620 int crl_check = (*((XrdSutCacheArg_t *)a)).arg1;
4621 int crl_refresh = (*((XrdSutCacheArg_t *)a)).arg2;
4622 time_t ts_ref = (time_t)(*((XrdSutCacheArg_t *)a)).arg3;
4623
4624 if (!e) return false;
4625
4626 X509Chain *chain = 0;
4627 // If we had already something, check it, as we may be done
4628 bool goodca = 0;
4629 if ((chain = (X509Chain *)(e->buf1.buf))) {
4630 // Check the validity of the certificates in the chain; if a certificate became invalid,
4631 // we need to reload a valid one for the same CA.
4632 if (chain->CheckValidity() == 0) {
4633 goodca = 1;
4634 } else {
4635 PRINT("CA entry for '"<<e->name<<"' needs refreshing: clean the related entry cache first");
4636 return false;
4637 }
4638 }
4639 if (goodca) {
4641 bool goodcrl = 1;
4642 if ((crl_check == 2 && !crl) || (crl_check == 3 && crl->IsExpired())) goodcrl = 0;
4643 if (crl_refresh > 0 && ((ts_ref - e->mtime) > crl_refresh)) goodcrl = 0;
4644 if (goodcrl) {
4645 return true;
4646 } else if (crl) {
4647 PRINT("CRL entry for '"<<e->name<<"' needs refreshing: clean the related entry cache first ("<<e<<")");
4648 }
4649 }
4650 return false;
4651}
#define EPNAME(x)
#define PRINT(y)
virtual int CheckValidity(bool outatfirst=1, int when=0)
virtual bool IsExpired(int when=0)
XrdSutCacheEntryBuf buf1

References XrdSutCacheEntryBuf::buf, XrdSutCacheEntry::buf1, XrdSutCacheEntry::buf2, XrdCryptoX509Chain::CheckValidity(), EPNAME, XrdCryptoX509Crl::IsExpired(), XrdSutCacheEntry::mtime, XrdSutCacheEntry::name, and PRINT.

+ Here is the call graph for this function:

◆ GetSrvCertEntCheck()

static bool GetSrvCertEntCheck ( XrdSutCacheEntry e,
void *  a 
)
static

Definition at line 5678 of file XrdSecProtocolgsi.cc.

5678 {
5679 int st_ref = (*((XrdSutCacheArg_t *)a)).arg1;
5680 time_t ts_ref = (time_t)(*((XrdSutCacheArg_t *)a)).arg2;
5681 if (e) {
5682 if (e->status > st_ref) {
5683 if (e->mtime >= ts_ref)
5684 return true;
5685 }
5686 }
5687 return false;
5688}

References XrdSutCacheEntry::mtime, and XrdSutCacheEntry::status.

◆ QueryGMAPCheck()

static bool QueryGMAPCheck ( XrdSutCacheEntry e,
void *  a 
)
static

Definition at line 5258 of file XrdSecProtocolgsi.cc.

5258 {
5259 int st_ref = (*((XrdSutCacheArg_t *)a)).arg1;
5260 time_t ts_ref = (time_t)(*((XrdSutCacheArg_t *)a)).arg2;
5261 long to_ref = (*((XrdSutCacheArg_t *)a)).arg3;
5262 if (e) {
5263 // Check expiration, if required
5264 if ((e->status != st_ref) ||
5265 ((e->status == st_ref) &&
5266 (to_ref > 0) &&
5267 ((ts_ref - e->mtime) > to_ref))) {
5268 return false;
5269 } else {
5270 return true;
5271 }
5272 }
5273 return false;
5274}

References XrdSutCacheEntry::mtime, and XrdSutCacheEntry::status.

◆ QueryProxyCheck()

static bool QueryProxyCheck ( XrdSutCacheEntry e,
void *  a 
)
static

Definition at line 5033 of file XrdSecProtocolgsi.cc.

5033 {
5034
5035 time_t ts_ref = (time_t)(*((XrdSutCacheArg_t *)a)).arg1;
5036
5037 if (e && e->buf1.buf) {
5038 X509Chain *chain = (X509Chain *)(e->buf1.buf);
5039 if (chain->CheckValidity(1, ts_ref) == 0) return true;
5040 }
5041 return false;
5042}

References XrdSutCacheEntryBuf::buf, XrdSutCacheEntry::buf1, and XrdCryptoX509Chain::CheckValidity().

+ Here is the call graph for this function:

◆ ServerStepStr()

static const char * ServerStepStr ( int  ksrv)
static

Definition at line 239 of file XrdSecProtocolgsi.cc.

240{
241 // Return string with server step
242 static const char *ukn = "Unknown";
243
244 ksrv = (ksrv < 0) ? 0 : ksrv;
245 ksrv = (ksrv > kXGS_reserved) ? 0 : ksrv;
246 ksrv = (ksrv >= kXGS_init) ? (ksrv - kXGS_init + 1) : ksrv;
247
248 if (ksrv < 0 || ksrv > (kXGS_reserved - kXGS_init + 1))
249 return ukn;
250 else
251 return gsiServerSteps[ksrv];
252}
static const char * gsiServerSteps[]
@ kXGS_init
@ kXGS_reserved

References gsiServerSteps, kXGS_init, and kXGS_reserved.

Referenced by XrdSecProtocolgsi::Authenticate(), XrdSecProtocolpwd::Authenticate(), XrdSecProtocolgsi::getCredentials(), and XrdSecProtocolpwd::getCredentials().

+ Here is the caller graph for this function:

◆ XrdSecProtocolgsiInit()

char * XrdSecProtocolgsiInit ( const char  mode,
const char *  parms,
XrdOucErrInfo erp 
)

Definition at line 2373 of file XrdSecProtocolgsi.cc.

2375{
2376 // One-time protocol initialization, filling the static flags and options
2377 // of the protocol.
2378 // For clients (mode == 'c') we use values in envs.
2379 // For servers (mode == 's') the command line options are passed through
2380 // parms.
2381 EPNAME("ProtocolgsiInit");
2382
2384 char *rc = (char *)"";
2385 char *cenv = 0;
2386
2387 // Initiate error logging and tracing
2389
2390 //
2391 // Clients first
2392 if (mode == 'c') {
2393 //
2394 // Decode envs:
2395 // "XrdSecDEBUG" debug flag ("0","1","2","3")
2396 // "XrdSecGSICADIR" full path to an alternative path
2397 // containing the CA info
2398 // [/etc/grid-security/certificates]
2399 // "XrdSecGSICRLDIR" full path to an alternative path
2400 // containing the CRL info
2401 // [/etc/grid-security/certificates]
2402 // "XrdSecGSICRLEXT" default extension of CRL files [.r0]
2403 // "XrdSecGSIUSERCERT" full path to an alternative file
2404 // containing the user certificate
2405 // [$HOME/.globus/usercert.pem]
2406 // "XrdSecGSIUSERKEY" full path to an alternative file
2407 // containing the user key
2408 // [$HOME/.globus/userkey.pem]
2409 // "XrdSecGSIUSERPROXY" full path to an alternative file
2410 // containing the user proxy
2411 // [/tmp/x509up_u<uid>]
2412 // "XrdSecGSIPROXYVALID" validity of proxies in the
2413 // grid-proxy-init format
2414 // ["12:00", i.e. 12 hours]
2415 // "XrdSecGSIPROXYDEPLEN" depth of signature path for proxies;
2416 // use -1 for unlimited [0]
2417 // "XrdSecGSIPROXYKEYBITS" bits in PKI for proxies [default: XrdCryptoDefRSABits]
2418 // "XrdSecGSICACHECK" CA check level [1]:
2419 // 0 do not verify;
2420 // 1 verify if self-signed, warn if not;
2421 // 2 verify in all cases, fail if not possible
2422 // "XrdSecGSICRLCHECK" CRL check level [2]:
2423 // 0 don't care;
2424 // 1 use if available;
2425 // 2 require,
2426 // 3 require non-expired CRL
2427 // "XrdSecGSIDELEGPROXY" Forwarding of credentials option:
2428 // 0 deny; 1 sign request created
2429 // by server; 2 forward local proxy
2430 // (include private key) [1]
2431 // "XrdSecGSICREATEPROXY" Controls use of proxy [1]:
2432 // 1 auto-generate proxy from the cert/key pair if no one is not found
2433 // 0 a proxy is used if present; else, the cert/key pair is used if present.
2434 // "XrdSecGSISRVNAMES" Server names allowed: if the server CN
2435 // does not match any of these, or it is
2436 // explicitely denied by these, or it is
2437 // not in the form "*/<hostname>", the
2438 // handshake fails.
2439 // "XrdSecGSIUSEDEFAULTHASH" If this variable is set only the default
2440 // name hashing algorithm is used
2441
2442 //
2443 opts.mode = mode;
2444 // debug
2445 cenv = getenv("XrdSecDEBUG");
2446 if (cenv)
2447 {if (cenv[0] >= 49 && cenv[0] <= 51) opts.debug = atoi(cenv);
2448 else {PRINT("unsupported debug value from env XrdSecDEBUG: "<<cenv<<" - setting to 1");
2449 opts.debug = 1;
2450 }
2451 }
2452
2453 // directory with CA certificates
2454 cenv = (getenv("XrdSecGSICADIR") ? getenv("XrdSecGSICADIR")
2455 : getenv("X509_CERT_DIR"));
2456 if (cenv)
2457 opts.certdir = strdup(cenv);
2458
2459 // directory with CRL info
2460 cenv = (getenv("XrdSecGSICRLDIR") ? getenv("XrdSecGSICRLDIR")
2461 : getenv("X509_CERT_DIR"));
2462 if (cenv)
2463 opts.crldir = strdup(cenv);
2464
2465 // Default extension CRL files
2466 cenv = getenv("XrdSecGSICRLEXT");
2467 if (cenv)
2468 opts.crlext = strdup(cenv);
2469
2470 // CRL refresh or expiration time
2471 cenv = getenv("XrdSecGSICRLRefresh");
2472 if (cenv)
2473 opts.crlrefresh = atoi(cenv);
2474
2475 // file with user cert
2476 cenv = (getenv("XrdSecGSIUSERCERT") ? getenv("XrdSecGSIUSERCERT")
2477 : getenv("X509_USER_CERT"));
2478 if (cenv)
2479 opts.cert = strdup(cenv);
2480
2481 // file with user key
2482 cenv = (getenv("XrdSecGSIUSERKEY") ? getenv("XrdSecGSIUSERKEY")
2483 : getenv("X509_USER_KEY"));
2484 if (cenv)
2485 opts.key = strdup(cenv);
2486
2487 // file with user proxy
2488 cenv = (getenv("XrdSecGSIUSERPROXY") ? getenv("XrdSecGSIUSERPROXY")
2489 : getenv("X509_USER_PROXY"));
2490 if (cenv)
2491 opts.proxy = strdup(cenv);
2492
2493 // file with user proxy
2494 cenv = getenv("XrdSecGSIPROXYVALID");
2495 if (cenv)
2496 opts.valid = strdup(cenv);
2497
2498 // Depth of signature path for proxies
2499 cenv = getenv("XrdSecGSIPROXYDEPLEN");
2500 if (cenv)
2501 opts.deplen = atoi(cenv);
2502
2503 // Key Bit length
2504 cenv = getenv("XrdSecGSIPROXYKEYBITS");
2505 if (cenv)
2506 opts.bits = atoi(cenv);
2507
2508 // CA verification level
2509 cenv = getenv("XrdSecGSICACHECK");
2510 if (cenv)
2511 opts.ca = atoi(cenv);
2512
2513 // CRL check level
2514 cenv = getenv("XrdSecGSICRLCHECK");
2515 if (cenv)
2516 opts.crl = atoi(cenv);
2517
2518 // Delegate proxy
2519 cenv = getenv("XrdSecGSIDELEGPROXY");
2520 if (cenv)
2521 opts.dlgpxy = atoi(cenv);
2522
2523 // No proxy
2524 cenv = getenv("XrdSecGSICREATEPROXY");
2525 if (cenv)
2526 opts.createpxy = atoi(cenv);
2527
2528 // Allowed server name formats
2529 cenv = getenv("XrdSecGSISRVNAMES");
2530 if (cenv)
2531 opts.srvnames = strdup(cenv);
2532
2533 // Name hashing algorithm
2534 cenv = getenv("XrdSecGSIUSEDEFAULTHASH");
2535 if (cenv)
2536 opts.hashcomp = 0;
2537
2538 // DNS trusting control
2539 if ((cenv = getenv("XrdSecGSITRUSTDNS")))
2540 opts.trustdns = (!strcmp(cenv, "0")) ? false : true;
2541
2542 //
2543 // Setup the object with the chosen options
2544 rc = XrdSecProtocolgsi::Init(opts,erp);
2545
2546 // Notify init options, if required or in case of init errors
2547 if (!rc) opts.debug = 1;
2548 opts.Print(gsiTrace);
2549
2550 // Some cleanup
2551 SafeFree(opts.certdir);
2552 SafeFree(opts.crldir);
2553 SafeFree(opts.crlext);
2554 SafeFree(opts.cert);
2555 SafeFree(opts.key);
2556 SafeFree(opts.proxy);
2557 SafeFree(opts.valid);
2558 SafeFree(opts.srvnames);
2559
2560 // We are done
2561 return rc;
2562 }
2563
2564 // Take into account xrootd debug flag
2565 cenv = getenv("XRDDEBUG");
2566 if (cenv && !strcmp(cenv,"1")) opts.debug = 1;
2567
2568 //
2569 // Server initialization
2570 if (parms) {
2571 //
2572 // Duplicate the parms
2573 char parmbuff[1024];
2574 strlcpy(parmbuff, parms, sizeof(parmbuff));
2575 //
2576 // The tokenizer
2577 XrdOucTokenizer inParms(parmbuff);
2578 //
2579 // Decode parms:
2580 // for servers:
2581 // [-d:<debug_level>]
2582 // [-c:[-]ssl[:[-]<CryptoModuleName]]
2583 // [-certdir:<dir_with_CA_info>]
2584 // [-crldir:<dir_with_CRL_info>]
2585 // [-crlext:<default_extension_CRL_files>]
2586 // [-cert:<path_to_server_certificate>]
2587 // [-key:<path_to_server_key>]
2588 // [-cipher:<list_of_supported_ciphers>]
2589 // [-md:<list_of_supported_digests>]
2590 // [-ca:<crl_verification_level>]
2591 // [-crl:<crl_check_level>]
2592 // [-crlrefresh:<crl_refresh_time>]
2593 // [-gridmap:<grid_map_file>]
2594 // [-gmapfun:<grid_map_function>]
2595 // [-gmapfunparms:<grid_map_function_init_parameters>]
2596 // [-authzcall:<authz_callopt>]
2597 // [-authzfun:<authz_function>]
2598 // [-authzfunparms:<authz_function_init_parameters>]
2599 // [-authzto:<authz_cache_entry_validity_in_secs>]
2600 // [-gmapto:<grid_map_cache_entry_validity_in_secs>]
2601 // [-gmapopt:<grid_map_check_option>]
2602 // [-dlgpxy:<proxy_req_option>]
2603 // [-exppxy:<filetemplate>]
2604 // [-authzpxy]
2605 // [-vomsat:<voms_option>]
2606 // [-vomsfun:<voms_function>]
2607 // [-vomsfunparms:<voms_function_init_parameters>]
2608 // [-defaulthash]
2609 // [-trustdns:<0|1>]
2610 //
2611 int debug = -1;
2612 String clist = "";
2613 String certdir = "";
2614 String crldir = "";
2615 String crlext = "";
2616 String cert = "";
2617 String key = "";
2618 String cipher = "";
2619 String md = "";
2620 String gridmap = "";
2621 String gmapfun = "";
2622 String gmapfunparms = "";
2623 String authzfun = "";
2624 String authzfunparms = "";
2625 String vomsfun = "";
2626 String vomsfunparms = "";
2627 String exppxy = "";
2628 int ca = 1;
2629 int crl = 1;
2630 int crlrefresh = 86400;
2631 int ogmap = 1;
2632 int gmapto = 600;
2633 int authzto = -1;
2634 int authzcall = 1;
2635 int dlgpxy = dlgIgnore;
2636 int authzpxy = 0;
2637 int vomsat = vatIgnore; // Was 1 or extract
2638 int moninfo = 0;
2639 int hashcomp = 1;
2640 int trustdns = false;
2641 int showDN = false;
2642 char *op = 0;
2643 while (inParms.GetLine()) {
2644 while ((op = inParms.GetToken())) {
2645 if (!strncmp(op, "-d:",3)) {
2646 debug = atoi(op+3);
2647 } else if (!strncmp(op, "-c:",3)) {
2648 clist = (const char *)(op+3);
2649 } else if (!strncmp(op, "-certdir:",9)) {
2650 certdir = (const char *)(op+9);
2651 } else if (!strncmp(op, "-crldir:",8)) {
2652 crldir = (const char *)(op+8);
2653 } else if (!strncmp(op, "-crlext:",8)) {
2654 crlext = (const char *)(op+8);
2655 } else if (!strncmp(op, "-cert:",6)) {
2656 cert = (const char *)(op+6);
2657 } else if (!strncmp(op, "-key:",5)) {
2658 key = (const char *)(op+5);
2659 } else if (!strncmp(op, "-cipher:",8)) {
2660 cipher = (const char *)(op+8);
2661 } else if (!strncmp(op, "-md:",4)) {
2662 md = (const char *)(op+4);
2663 } else if (!strncmp(op, "-ca:",4)) {
2664 ca = getOptVal(caVerOpts, op+4);
2665 ca = atoi(op+4);
2666 } else if (!strncmp(op, "-crl:",5)) {
2667 crl = getOptVal(crlOpts, op+5);
2668 } else if (!strncmp(op, "-crlrefresh:",12)) {
2669 crlrefresh = atoi(op+12);
2670 } else if (!strncmp(op, "-gmapopt:",9)) {
2671 ogmap = getOptVal(gmoOpts, op+9);
2672 } else if (!strncmp(op, "-gridmap:",9)) {
2673 gridmap = (const char *)(op+9);
2674 } else if (!strncmp(op, "-gmapfun:",9)) {
2675 gmapfun = (const char *)(op+9);
2676 } else if (!strncmp(op, "-gmapfunparms:",14)) {
2677 gmapfunparms = (const char *)(op+14);
2678 } else if (!strncmp(op, "-authzcall:",11)) {
2679 authzcall = getOptVal(azCallOpts, op+11);
2680 } else if (!strncmp(op, "-authzfun:",10)) {
2681 authzfun = (const char *)(op+10);
2682 } else if (!strncmp(op, "-authzfunparms:",15)) {
2683 authzfunparms = (const char *)(op+15);
2684 } else if (!strncmp(op, "-authzto:",9)) {
2685 authzto = atoi(op+9);
2686 } else if (!strncmp(op, "-gmapto:",8)) {
2687 gmapto = atoi(op+8);
2688 } else if (!strncmp(op, "-dlgpxy:",8)) {
2689 opts.dlgpxy = getOptVal(sDlgOpts, op+8);
2690 } else if (!strncmp(op, "-exppxy:",8)) {
2691 exppxy = (const char *)(op+8);
2692 } else if (!strncmp(op, "-authzpxy:",10)) {
2693 opts.authzpxy = getOptVal(azPxyOpts, op+10);
2694 } else if (!strncmp(op, "-authzpxy",9)) {
2695 authzpxy = 11;
2696 } else if (!strncmp(op, "-vomsat:",8)) {
2697 vomsat = getOptVal(vomsatOpts, op+8);
2698 } else if (!strncmp(op, "-vomsfun:",9)) {
2699 vomsfun = (const char *)(op+9);
2700 } else if (!strncmp(op, "-vomsfunparms:",14)) {
2701 vomsfunparms = (const char *)(op+14);
2702 } else if (!strcmp(op, "-moninfo")) {
2703 moninfo = 1;
2704 } else if (!strncmp(op, "-moninfo:",9)) {
2705 moninfo = atoi(op+9);
2706 } else if (!strcmp(op, "-defaulthash")) {
2707 hashcomp = 0;
2708 } else if (!strncmp(op, "-trustdns:",10)) {
2709 trustdns = getOptVal(tdnsOpts, op+10);
2710 } else if (!strncmp(op, "-showdn:",8)) {
2711 showDN = getOptVal(tdnsOpts, op+8);
2712 } else {
2713 PRINT("ignoring unknown switch: "<<op);
2714 }
2715 }
2716 }
2717
2718 // If vomsfun is 'default' substitute the default plugin. The go on to
2719 // resolve conflicts between vomsfun and vomsat options. So, if vomsfun
2720 // was specified but vomsat is set to 'ignore' then we set vomsat to be
2721 // 'required'.
2722 //
2723 if (vomsfun.length() > 0)
2724 {if (vomsat == vatIgnore) vomsat = vatExtract;
2725 if (vomsfun == "default") vomsfun = LIB_XRDVOMS;
2726 } else authzcall = azAlways;
2727
2728 //
2729 // Build the option object
2730 opts.debug = (debug > -1) ? debug : opts.debug;
2731 opts.mode = 's';
2732 opts.ca = ca;
2733 opts.crl = crl;
2734 opts.crlrefresh = crlrefresh;
2735 opts.ogmap = ogmap;
2736 opts.gmapto = gmapto;
2737 opts.authzcall = authzcall;
2738 opts.authzto = authzto;
2739 opts.dlgpxy = (dlgpxy >= dlgIgnore && dlgpxy <= dlgReqSign) ? dlgpxy : 0;
2740 opts.authzpxy = authzpxy;
2741 opts.vomsat = vomsat;
2742 opts.moninfo = moninfo;
2743 opts.hashcomp = hashcomp;
2744 opts.trustdns = (trustdns <= 0) ? false : true;
2745 opts.showDN = (showDN > 0) ? true : false;
2746 if (clist.length() > 0)
2747 opts.clist = (char *)clist.c_str();
2748 if (certdir.length() > 0)
2749 opts.certdir = (char *)certdir.c_str();
2750 if (crldir.length() > 0)
2751 opts.crldir = (char *)crldir.c_str();
2752 if (crlext.length() > 0)
2753 opts.crlext = (char *)crlext.c_str();
2754 if (cert.length() > 0)
2755 opts.cert = (char *)cert.c_str();
2756 if (key.length() > 0)
2757 opts.key = (char *)key.c_str();
2758 if (cipher.length() > 0)
2759 opts.cipher = (char *)cipher.c_str();
2760 if (md.length() > 0)
2761 opts.md = (char *)md.c_str();
2762 if (gridmap.length() > 0)
2763 opts.gridmap = (char *)gridmap.c_str();
2764 if (gmapfun.length() > 0)
2765 opts.gmapfun = (char *)gmapfun.c_str();
2766 if (gmapfunparms.length() > 0)
2767 opts.gmapfunparms = (char *)gmapfunparms.c_str();
2768 if (authzfun.length() > 0)
2769 opts.authzfun = (char *)authzfun.c_str();
2770 if (authzfunparms.length() > 0)
2771 opts.authzfunparms = (char *)authzfunparms.c_str();
2772 if (exppxy.length() > 0)
2773 opts.exppxy = (char *)exppxy.c_str();
2774 if (vomsfun.length() > 0)
2775 opts.vomsfun = (char *)vomsfun.c_str();
2776 if (vomsfunparms.length() > 0)
2777 opts.vomsfunparms = (char *)vomsfunparms.c_str();
2778
2779 // Notify init options, if required
2780 opts.Print(gsiTrace);
2781
2782 //
2783 // Setup the plug-in with the chosen options
2784 return XrdSecProtocolgsi::Init(opts,erp);
2785 }
2786
2787 // Notify init options, if required
2788 opts.Print(gsiTrace);
2789 //
2790 // Setup the plug-in with the defaults
2791 return XrdSecProtocolgsi::Init(opts,erp);
2792}}
XrdOucTrace * gsiTrace
#define SafeFree(x)
#define LIB_XRDVOMS
struct myOpts opts
size_t strlcpy(char *dst, const char *src, size_t sz)
int length() const
const char * c_str() const
static XrdOucTrace * EnableTracing()
static char * Init(gsiOptions o, XrdOucErrInfo *erp)

References XrdOucString::c_str(), myOpts::debug, XrdSecProtocolgsi::EnableTracing(), EPNAME, XrdOucTokenizer::GetLine(), XrdOucTokenizer::GetToken(), gsiTrace, XrdSecProtocolgsi::Init(), XrdOucString::length(), LIB_XRDVOMS, opts, PRINT, SafeFree, and strlcpy().

+ Here is the call graph for this function:

◆ XrdSecProtocolgsiObject()

XrdSecProtocol * XrdSecProtocolgsiObject ( const char  mode,
const char *  hostname,
XrdNetAddrInfo endPoint,
const char *  parms,
XrdOucErrInfo erp 
)

Definition at line 2806 of file XrdSecProtocolgsi.cc.

2811{
2812 XrdSecProtocolgsi *prot;
2813 int options = XrdSecNOIPCHK;
2814
2815 //
2816 // Get a new protocol object
2817 if (!(prot = new XrdSecProtocolgsi(options, hostname, endPoint, parms))) {
2818 const char *msg = "Secgsi: Insufficient memory for protocol.";
2819 if (erp)
2820 erp->setErrInfo(ENOMEM, msg);
2821 else
2822 std::cerr <<msg <<std::endl;
2823 return (XrdSecProtocol *)0;
2824 }
2825 //
2826 // We are done
2827 if (!erp)
2828 std::cerr << "protocol object instantiated" << std::endl;
2829 return prot;
2830}}
#define XrdSecNOIPCHK
int setErrInfo(int code, const char *emsg)

References XrdOucErrInfo::setErrInfo(), and XrdSecNOIPCHK.

+ Here is the call graph for this function:

◆ XrdVERSIONINFO()

XrdVERSIONINFO ( XrdSecProtocolgsiObject  ,
secgsi   
)

Variable Documentation

◆ gGSErrStr

const char* gGSErrStr[]
static
Initial value:
= {
"ErrParseBuffer",
"ErrDecodeBuffer",
"ErrLoadCrypto",
"ErrBadProtocol",
"ErrCreateBucket",
"ErrDuplicateBucket",
"ErrCreateBuffer",
"ErrSerialBuffer",
"ErrGenCipher",
"ErrExportPuK",
"ErrEncRndmTag",
"ErrBadRndmTag",
"ErrNoRndmTag",
"ErrNoCipher",
"ErrNoCreds",
"ErrBadOpt",
"ErrMarshal",
"ErrUnmarshal",
"ErrSaveCreds",
"ErrNoBuffer",
"ErrRefCipher",
"ErrNoPublic",
"ErrAddBucket",
"ErrFinCipher",
"ErrInit",
"ErrBadCreds",
"ErrError"
}

Definition at line 97 of file XrdSecProtocolgsi.cc.

97 {
98 "ErrParseBuffer", // 10000
99 "ErrDecodeBuffer", // 10001
100 "ErrLoadCrypto", // 10002
101 "ErrBadProtocol", // 10003
102 "ErrCreateBucket", // 10004
103 "ErrDuplicateBucket", // 10005
104 "ErrCreateBuffer", // 10006
105 "ErrSerialBuffer", // 10007
106 "ErrGenCipher", // 10008
107 "ErrExportPuK", // 10009
108 "ErrEncRndmTag", // 10010
109 "ErrBadRndmTag", // 10011
110 "ErrNoRndmTag", // 10012
111 "ErrNoCipher", // 10013
112 "ErrNoCreds", // 10014
113 "ErrBadOpt", // 10015
114 "ErrMarshal", // 10016
115 "ErrUnmarshal", // 10017
116 "ErrSaveCreds", // 10018
117 "ErrNoBuffer", // 10019
118 "ErrRefCipher", // 10020
119 "ErrNoPublic", // 10021
120 "ErrAddBucket", // 10022
121 "ErrFinCipher", // 10023
122 "ErrInit", // 10024
123 "ErrBadCreds", // 10025
124 "ErrError" // 10026
125};

◆ gNoPadTag

const char* gNoPadTag = "nopad"
static

◆ gsiClientSteps

const char* gsiClientSteps[]
static
Initial value:
= {
"kXGC_none",
"kXGC_certreq",
"kXGC_cert",
"kXGC_sigpxy",
"kXGC_reserved"
}

Definition at line 81 of file XrdSecProtocolgsi.cc.

81 {
82 "kXGC_none",
83 "kXGC_certreq",
84 "kXGC_cert",
85 "kXGC_sigpxy",
86 "kXGC_reserved"
87};

Referenced by ClientStepStr().

◆ gsiServerSteps

const char* gsiServerSteps[]
static
Initial value:
= {
"kXGS_none",
"kXGS_init",
"kXGS_cert",
"kXGS_pxyreq",
"kXGS_reserved"
}

Definition at line 89 of file XrdSecProtocolgsi.cc.

89 {
90 "kXGS_none",
91 "kXGS_init",
92 "kXGS_cert",
93 "kXGS_pxyreq",
94 "kXGS_reserved"
95};

Referenced by ServerStepStr().

◆ gsiTrace

XrdOucTrace* gsiTrace = 0

Definition at line 217 of file XrdSecProtocolgsi.cc.

Referenced by XrdSecProtocolgsi::Init(), and XrdSecProtocolgsiInit().

◆ gUsrPxyDef

const char* gUsrPxyDef = "/tmp/x509up_u"
static

Definition at line 130 of file XrdSecProtocolgsi.cc.

Referenced by XrdSecProtocolgsi::Init(), and gsiOptions::Print().

◆ kOneDay

const int kOneDay = 86400
static

Definition at line 128 of file XrdSecProtocolgsi.cc.

◆ Prefix

String Prefix = "xrd"
static

Definition at line 77 of file XrdSecProtocolgsi.cc.

Referenced by XrdSecProtocolpwd::Init().

◆ ProtoID

String ProtoID = XrdSecPROTOIDENT
static

Definition at line 78 of file XrdSecProtocolgsi.cc.

◆ Version