#include <XrdSecProtocolssl.hh>
Classes | |
| struct | sslverify_t |
Public Member Functions | |
| XrdSecProtocolssl (const char *hostname, const struct sockaddr *ipaddr) | |
| virtual void | secClient (int theFD, XrdOucErrInfo *einfo) |
| virtual void | secServer (int theFD, XrdOucErrInfo *einfo=0) |
| virtual void | Delete () |
Static Public Member Functions | |
| static int | GenerateSession (const SSL *ssl, unsigned char *id, unsigned int *id_len) |
| static int | NewSession (SSL *ssl, SSL_SESSION *pNew) |
| static int | GetSession (SSL *ssl, SSL_SESSION *pNew) |
| static void | ReloadGridMapFile () |
| static void | ReloadVomsMapFile () |
| static bool | VomsMapGroups (const char *groups, XrdOucString &allgroups, XrdOucString &defaultgroup) |
| static void | GetEnvironment () |
Public Attributes | |
| int | sessionfd |
| X509 * | client_cert |
| X509 * | server_cert |
| XrdOucString | host |
| char | proxyBuff [16384] |
| SSL_CTX * | clientctx |
| XrdSysMutex | SSLMutex |
Static Public Attributes | |
| static char * | SessionIdContext = "xrootdssl" |
| static char * | sslcadir = 0 |
| static char * | sslvomsdir = 0 |
| static char * | sslserverkeyfile = 0 |
| static char * | sslkeyfile = 0 |
| static char * | sslcertfile = 0 |
| static char * | sslproxyexportdir = (char*)0 |
| static bool | sslproxyexportplain = 1 |
| static char | sslserverexportpassword [EXPORTKEYSTRENGTH+1] |
| static char * | gridmapfile = "/etc/grid-security/grid-mapfile" |
| static char * | vomsmapfile = "/etc/grid-security/voms-mapfile" |
| static bool | mapuser = false |
| static bool | mapnobody = false |
| static bool | mapgroup = false |
| static bool | mapcerncertificates = false |
| static int | debug = 0 |
| static time_t | sslsessionlifetime = 86400 |
| static bool | isServer = 0 |
| static bool | forwardProxy = 0 |
| static bool | allowSessions = 1 |
| static X509_STORE * | store = 0 |
| static X509_LOOKUP * | lookup = 0 |
| static int | verifydepth = 10 |
| static int | verifyindex = 0 |
| static XrdOucHash< XrdOucString > | gridmapstore |
| static XrdOucHash< XrdOucString > | vomsmapstore |
| static XrdOucHash< XrdOucString > | stringstore |
| static XrdSysMutex | StoreMutex |
| static XrdSysMutex | VomsMapMutex |
| static XrdSysMutex | GridMapMutex |
| static XrdSysMutex * | CryptoMutexPool [PROTOCOLSSL_MAX_CRYPTO_MUTEX] |
| static XrdSysLogger | Logger |
| static XrdSysError | ssleDest |
| static time_t | storeLoadTime |
| static SSL_CTX * | ctx = 0 |
Private Member Functions | |
| ~XrdSecProtocolssl () | |
Static Private Member Functions | |
| static int | Fatal (XrdOucErrInfo *erp, const char *msg, int rc) |
Private Attributes | |
| struct sockaddr | hostaddr |
| char * | credBuff |
| int | Step |
| int | sd |
| int | listen_sd |
| struct sockaddr_in | sa_serv |
| struct sockaddr_in | sa_cli |
| SSL * | ssl |
Friends | |
| class | XrdSecProtocolDummy |
Constructor & Destructor Documentation
| XrdSecProtocolssl::XrdSecProtocolssl | ( | const char * | hostname, | |
| const struct sockaddr * | ipaddr | |||
| ) | [inline] |
| XrdSecProtocolssl::~XrdSecProtocolssl | ( | ) | [inline, private] |
Member Function Documentation
| virtual void XrdSecProtocolssl::Delete | ( | ) | [inline, virtual] |
Implements XrdSecTLayer.
| int XrdSecProtocolssl::Fatal | ( | XrdOucErrInfo * | erp, | |
| const char * | msg, | |||
| int | rc | |||
| ) | [static, private] |
References XrdOucErrInfo::setErrInfo().
Referenced by secClient(), and secServer().
| int XrdSecProtocolssl::GenerateSession | ( | const SSL * | ssl, | |
| unsigned char * | id, | |||
| unsigned int * | id_len | |||
| ) | [static] |
References EPNAME, MAX_SESSION_ID_ATTEMPTS, and TRACE.
Referenced by XrdSecProtocolsslInit().
| void XrdSecProtocolssl::GetEnvironment | ( | ) | [static] |
References allowSessions, debug, EPNAME, forwardProxy, sslcadir, sslcertfile, sslkeyfile, sslproxyexportdir, sslvomsdir, TRACE, and verifydepth.
Referenced by secClient(), and XrdSecProtocolsslInit().
| static int XrdSecProtocolssl::GetSession | ( | SSL * | ssl, | |
| SSL_SESSION * | pNew | |||
| ) | [static] |
| int XrdSecProtocolssl::NewSession | ( | SSL * | ssl, | |
| SSL_SESSION * | pNew | |||
| ) | [static] |
References DEBUG, EPNAME, sslsessionlifetime, and TRACE.
Referenced by XrdSecProtocolsslInit().
| void XrdSecProtocolssl::ReloadGridMapFile | ( | ) | [static] |
References XrdOucHash< T >::Add(), XrdOucString::c_str(), EPNAME, XrdOucString::erase(), fclose(), XrdOucHash< T >::Find(), XrdOucString::find(), fopen, gridmapfile, GridMapMutex, gridmapstore, XrdSysMutex::Lock(), XrdOucHash< T >::Purge(), XrdOucString::replace(), stat(), TRACE, and XrdSysMutex::UnLock().
Referenced by secServer().
| void XrdSecProtocolssl::ReloadVomsMapFile | ( | ) | [static] |
| void XrdSecProtocolssl::secClient | ( | int | theFD, | |
| XrdOucErrInfo * | einfo | |||
| ) | [virtual] |
Implements XrdSecTLayer.
References allowSessions, XrdOucString::c_str(), clientctx, close, DEBUG, EPNAME, Fatal(), fclose(), fopen, forwardProxy, GetEnvironment(), XrdSecsslSessionLock::HardLock(), XrdSecsslSessionLock::HardUnLock(), host, l2n, XrdSysMutex::Lock(), open(), proxyBuff, read(), secprotocolssl_pem_cb(), server_cert, XrdOucErrInfo::setErrInfo(), XrdSecsslSessionLock::SoftLock(), XrdSecsslSessionLock::SoftUnLock(), ssl, sslcadir, sslcertfile, sslkeyfile, SSLMutex, sslproxyexportplain, sslserverexportpassword, sslvomsdir, stat(), TRACE, XrdSysMutex::UnLock(), and verifydepth.
Referenced by main().
| void XrdSecProtocolssl::secServer | ( | int | theFD, | |
| XrdOucErrInfo * | einfo = 0 | |||
| ) | [virtual] |
Implements XrdSecTLayer.
References XrdOucString::beginswith(), XrdOucString::c_str(), client_cert, close, ctx, DEBUG, XrdSecEntity::endorsements, XrdSecProtocol::Entity, EPNAME, XrdOucString::erase(), XrdOucString::erasefromstart(), EXPORTKEYSTRENGTH, Fatal(), fclose(), XrdOucHash< T >::Find(), XrdOucString::find(), fopen, GridMapMutex, gridmapstore, XrdSecEntity::grps, XrdOucString::length(), XrdSysMutex::Lock(), mapcerncertificates, mapgroup, mapnobody, mapuser, XrdSecEntity::name, open(), XrdSecEntity::prot, proxyBuff, ReloadGridMapFile(), rename(), XrdOucString::replace(), XrdSecEntity::role, S_IRUSR, ssl, sslcadir, SSLMutex, sslproxyexportdir, sslproxyexportplain, sslserverexportpassword, store, storeLoadTime, StoreMutex, STR_NPOS, TRACE, unlink(), XrdSysMutex::UnLock(), VomsMapGroups(), and write().
Referenced by main().
| bool XrdSecProtocolssl::VomsMapGroups | ( | const char * | groups, | |
| XrdOucString & | allgroups, | |||
| XrdOucString & | defaultgroup | |||
| ) | [static] |
References XrdOucString::c_str(), EPNAME, XrdOucString::erase(), XrdOucString::length(), XrdOucString::replace(), XrdOucString::rfind(), STR_NPOS, and TRACE.
Referenced by secServer().
Friends And Related Function Documentation
friend class XrdSecProtocolDummy [friend] |
Member Data Documentation
bool XrdSecProtocolssl::allowSessions = 1 [static] |
Referenced by GetEnvironment(), main(), and secClient().
Referenced by secServer(), XrdSecProtocolssl(), and ~XrdSecProtocolssl().
| SSL_CTX* XrdSecProtocolssl::clientctx |
Referenced by secClient(), and XrdSecProtocolssl().
char* XrdSecProtocolssl::credBuff [private] |
Referenced by XrdSecProtocolssl(), and ~XrdSecProtocolssl().
XrdSysMutex * XrdSecProtocolssl::CryptoMutexPool [static] |
SSL_CTX * XrdSecProtocolssl::ctx = 0 [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::debug = 0 [static] |
Referenced by GetEnvironment(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::forwardProxy = 0 [static] |
Referenced by GetEnvironment(), and secClient().
char * XrdSecProtocolssl::gridmapfile = "/etc/grid-security/grid-mapfile" [static] |
Referenced by ReloadGridMapFile(), and XrdSecProtocolsslInit().
Referenced by ReloadGridMapFile(), and secServer().
XrdOucHash< XrdOucString > XrdSecProtocolssl::gridmapstore [static] |
Referenced by ReloadGridMapFile(), and secServer().
Referenced by secClient(), and XrdSecProtocolssl().
struct sockaddr XrdSecProtocolssl::hostaddr [private] |
bool XrdSecProtocolssl::isServer = 0 [static] |
Reimplemented from XrdSecTLayer.
Referenced by XrdSecProtocolsslInit().
int XrdSecProtocolssl::listen_sd [private] |
XrdSysLogger XrdSecProtocolssl::Logger [static] |
X509_LOOKUP * XrdSecProtocolssl::lookup = 0 [static] |
bool XrdSecProtocolssl::mapcerncertificates = false [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::mapgroup = false [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::mapnobody = false [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::mapuser = false [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
| char XrdSecProtocolssl::proxyBuff[16384] |
Referenced by secClient(), secServer(), and XrdSecProtocolssl().
struct sockaddr_in XrdSecProtocolssl::sa_cli [private] |
struct sockaddr_in XrdSecProtocolssl::sa_serv [private] |
int XrdSecProtocolssl::sd [private] |
Referenced by secClient(), XrdSecProtocolssl(), and ~XrdSecProtocolssl().
char * XrdSecProtocolssl::SessionIdContext = "xrootdssl" [static] |
Referenced by XrdSecProtocolsslInit().
SSL* XrdSecProtocolssl::ssl [private] |
Referenced by secClient(), secServer(), XrdSecProtocolssl(), and ~XrdSecProtocolssl().
char * XrdSecProtocolssl::sslcadir = 0 [static] |
Referenced by GetEnvironment(), secClient(), secServer(), and XrdSecProtocolsslInit().
char * XrdSecProtocolssl::sslcertfile = 0 [static] |
Referenced by GetEnvironment(), secClient(), and XrdSecProtocolsslInit().
XrdSysError XrdSecProtocolssl::ssleDest [static] |
Referenced by XrdSecProtocolsslInit().
char * XrdSecProtocolssl::sslkeyfile = 0 [static] |
Referenced by GetEnvironment(), secClient(), and XrdSecProtocolsslInit().
Referenced by secClient(), secServer(), and ~XrdSecProtocolssl().
char * XrdSecProtocolssl::sslproxyexportdir = (char*)0 [static] |
Referenced by GetEnvironment(), secServer(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::sslproxyexportplain = 1 [static] |
Referenced by secClient(), secServer(), and XrdSecProtocolsslInit().
char XrdSecProtocolssl::sslserverexportpassword [static] |
Referenced by secClient(), secprotocolssl_pem_cb(), secServer(), and XrdSecProtocolsslInit().
char * XrdSecProtocolssl::sslserverkeyfile = 0 [static] |
Referenced by XrdSecProtocolsslInit().
time_t XrdSecProtocolssl::sslsessionlifetime = 86400 [static] |
Referenced by NewSession(), and XrdSecProtocolsslInit().
char * XrdSecProtocolssl::sslvomsdir = 0 [static] |
Referenced by GetEnvironment(), secClient(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::Step [private] |
X509_STORE * XrdSecProtocolssl::store = 0 [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
time_t XrdSecProtocolssl::storeLoadTime [static] |
Referenced by secServer(), and XrdSecProtocolsslInit().
XrdSysMutex XrdSecProtocolssl::StoreMutex [static] |
Referenced by secServer().
XrdOucHash< XrdOucString > XrdSecProtocolssl::stringstore [static] |
int XrdSecProtocolssl::verifydepth = 10 [static] |
Referenced by GetEnvironment(), secClient(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::verifyindex = 0 [static] |
char * XrdSecProtocolssl::vomsmapfile = "/etc/grid-security/voms-mapfile" [static] |
Referenced by ReloadVomsMapFile(), and XrdSecProtocolsslInit().
Referenced by ReloadVomsMapFile().
XrdOucHash< XrdOucString > XrdSecProtocolssl::vomsmapstore [static] |
Referenced by ReloadVomsMapFile().
The documentation for this class was generated from the following files:
