xrootd
Main Page
Namespaces
Classes
Files
File List
File Members
src
XrdSecsss
XrdSecsssID.hh
Go to the documentation of this file.
1
#ifndef __SecsssID__
2
#define __SecsssID__
3
/******************************************************************************/
4
/* */
5
/* X r d S e c s s s I D . h h */
6
/* */
7
/* (c) 2008 by the Board of Trustees of the Leland Stanford, Jr., University */
8
/* All Rights Reserved */
9
/* Produced by Andrew Hanushevsky for Stanford University under contract */
10
/* DE-AC02-76-SFO0515 with the Department of Energy */
11
/* */
12
/* This file is part of the XRootD software suite. */
13
/* */
14
/* XRootD is free software: you can redistribute it and/or modify it under */
15
/* the terms of the GNU Lesser General Public License as published by the */
16
/* Free Software Foundation, either version 3 of the License, or (at your */
17
/* option) any later version. */
18
/* */
19
/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
20
/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
21
/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
22
/* License for more details. */
23
/* */
24
/* You should have received a copy of the GNU Lesser General Public License */
25
/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
26
/* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
27
/* */
28
/* The copyright holder's institutional names and contributor's names may not */
29
/* be used to endorse or promote products derived from this software without */
30
/* specific prior written permission of the institution or contributor. */
31
/******************************************************************************/
32
33
#include <string.h>
34
#include <time.h>
35
36
#include "
XrdOuc/XrdOucHash.hh
"
37
#include "
XrdSec/XrdSecEntity.hh
"
38
#include "
XrdSys/XrdSysPthread.hh
"
39
40
// The XrdSecsssID class allows you to establish a registery to map loginid's
41
// to arbitrary entities. By default, the sss security protocol uses the
42
// username as the authenticated username and, if possible, the corresponding
43
// primary group membership of username (i.e., static mapping). The server is
44
// will ignore the username and/or the groupname unless the key is designated
45
// as anyuser, anygroup, respectively. By creating an instance of this class
46
// you can over-ride the default and map the loginid (i.e., the id supplied
47
// at login time which is normally the first 8-characters of the username or
48
// the id specified in the url; i.e., id@host) to arbitrary entities using
49
// the Register() method. You must create one, and only one, such instance
50
// prior to making any contact with a sss security enabled server.
51
52
// In order to include XrdSecsssID methods, you should either link with
53
// libXrdSecsss.so (preferable) or include XrdSecsssID.o and link with
54
// libXrdOuc.a and libXrdSys.a.
55
56
class
XrdSecsssID
57
{
58
public
:
59
60
// Register() creates a mapping from a loginid to an entity description. Only
61
// name, vo, role, group, and endorements pointers in XrdSecEntity
62
// are supported. To de-register a loginid, make the Ident arg zero.
63
// To replace an existing entry, specify 1 for doReplace argument.
64
// TRUE is returned if successful; FALSE otherwise (including the
65
// case where idDynamic was not specified in the constructor or
66
// doReplace is zero and the loginid has already been registered).
67
//
68
int
Register
(
const
char
*loginid,
XrdSecEntity
*Ident,
int
doReplace=0);
69
70
// Find() is an internal look-up method that returns the identification
71
// string in the provided buffer corresponding to the loginid.
72
// If loginid is registered and the data will fit into the buffer the
73
// length moved into the buffer is returned. Otherwise, the default ID
74
// is moved into the buffer and the length copied is returned. If that
75
// is not possible, 0 is returned.
76
//
77
int
Find
(
const
char
*loginid,
char
*Buff,
int
Blen);
78
79
// A single instance of this class may be instantiated. The first parameter
80
// indicates how authentication is to be handled. The second parameter provides
81
// either a fixed or default authenticated identity under control of the aType
82
// parameter, as follows:
83
//
84
enum
authType
{
idDynamic
= 0,
// Mutual: Map loginid to registered identity
85
// Ident is default; if 0 nobody/nogroup
86
idStatic
= 1,
// 1Sided: fixed identity sent to the server
87
// Ident as specified; if 0 process uid/gid
88
// Default if XrdSecsssID not instantiated!
89
idStaticM
= 2
// Mutual: fixed identity sent to the server
90
// Ident as specified; if 0 process uid/gid
91
};
92
93
// getObj() returns the address of a previous created instance of this object or
94
// zero if no instance exists. It also returns authType and default ID
95
// to be used regardless of the return value.
96
//
97
static
98
XrdSecsssID
*
getObj
(
authType
&aType,
char
**dID,
int
&dIDsz);
99
100
XrdSecsssID
(
authType
aType=
idStatic
,
XrdSecEntity
*Ident=0);
101
102
~XrdSecsssID
() {
if
(
defaultID
) free(
defaultID
);}
103
104
private
:
105
106
struct
sssID
{
int
iLen
;
char
iData
[1];};
// Sized appropriately
107
static
sssID
*
genID
(
int
Secure);
108
static
sssID
*
genID
(
XrdSecEntity
*eP);
109
110
static
XrdSysMutex
InitMutex
;
111
sssID
*
defaultID
;
112
XrdSysMutex
myMutex
;
113
XrdOucHash<sssID>
Registry
;
114
authType
myAuth
;
115
};
116
#endif
Generated by
1.8.3.1
