xrootd
Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | Static Private Attributes | Friends | List of all members
XrdSecProtocolgsi Class Reference

#include <XrdSecProtocolgsi.hh>

Inheritance diagram for XrdSecProtocolgsi:
Inheritance graph
[legend]
Collaboration diagram for XrdSecProtocolgsi:
Collaboration graph
[legend]

Public Member Functions

int Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)
 
XrdSecCredentialsgetCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)
 
 XrdSecProtocolgsi (int opts, const char *hname, const struct sockaddr *ipadd, const char *parms=0)
 
virtual ~XrdSecProtocolgsi ()
 
void Delete ()
 Delete the protocol object. DO NOT use C++ delete() on this object. More...
 
int Encrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf)
 
int Decrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf)
 
int Sign (const char *inbuf, int inlen, XrdSecBuffer **outbuf)
 
int Verify (const char *inbuf, int inlen, const char *sigbuf, int siglen)
 
int getKey (char *kbuf=0, int klen=0)
 
int setKey (char *kbuf, int klen)
 
- Public Member Functions inherited from XrdSecProtocol
 XrdSecProtocol (const char *pName)
 Constructor. More...
 

Static Public Member Functions

static char * Init (gsiOptions o, XrdOucErrInfo *erp)
 
static XrdOucTraceEnableTracing ()
 

Private Member Functions

int ParseClientInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg)
 
int ClientDoInit (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ClientDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ClientDoPxyreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ParseServerInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ServerDoCertreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ServerDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ServerDoSigpxy (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
 
int ParseCrypto (String cryptlist)
 
int ParseCAlist (String calist)
 
bool ServerCertNameOK (const char *subject, String &e)
 
XrdSecCredentialsErrC (XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
 
int ErrS (String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
 
bool CheckTimeStamp (XrdSutBuffer *b, int skew, String &emsg)
 
bool CheckRtag (XrdSutBuffer *bm, String &emsg)
 
int AddSerialized (char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip)
 
void CopyEntity (XrdSecEntity *in, XrdSecEntity *out, int *lout=0)
 
void FreeEntity (XrdSecEntity *in)
 
int ExtractVOMS (X509Chain *c, XrdSecEntity &ent)
 

Static Private Member Functions

static int GetCA (const char *cahash, XrdCryptoFactory *cryptof, gsiHSVars *hs=0)
 
static String GetCApath (const char *cahash)
 
static bool VerifyCA (int opt, X509Chain *cca, XrdCryptoFactory *cf)
 
static XrdSutPFEntryGetSrvCertEnt (XrdSutCacheRef &pfeRef, XrdCryptoFactory *cf, time_t timestamp, String &cal)
 
static XrdCryptoX509CrlLoadCRL (XrdCryptoX509 *xca, const char *sjhash, XrdCryptoFactory *CF, int dwld)
 
static int QueryProxy (bool checkcache, XrdSutCache *cache, const char *tag, XrdCryptoFactory *cf, time_t timestamp, ProxyIn_t *pi, ProxyOut_t *po)
 
static int InitProxy (ProxyIn_t *pi, X509Chain *ch=0, XrdCryptoRSA **key=0)
 
static void ErrF (XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0)
 
static int LoadGMAP (int now)
 
static XrdSecgsiGMAP_t LoadGMAPFun (const char *plugin, const char *parms)
 
static XrdSecgsiAuthz_t LoadAuthzFun (const char *plugin, const char *parms, int &fmt)
 
static XrdSecgsiVOMS_t LoadVOMSFun (const char *plugin, const char *parms, int &fmt)
 
static void QueryGMAP (XrdCryptoX509Chain *chain, int now, String &name)
 

Private Attributes

int options
 
struct sockaddr hostaddr
 
XrdCryptoFactorysessionCF
 
XrdCryptoCiphersessionKey
 
XrdSutBucketbucketKey
 
XrdCryptoMsgDigestsessionMD
 
XrdCryptoRSAsessionKsig
 
XrdCryptoRSAsessionKver
 
X509ChainproxyChain
 
bool srvMode
 
gsiHSVarshs
 

Static Private Attributes

static XrdSysMutex gsiContext
 
static String CAdir = "/etc/grid-security/certificates/"
 
static String CRLdir = "/etc/grid-security/certificates/"
 
static String DefCRLext = ".r0"
 
static String SrvCert = "/etc/grid-security/xrd/xrdcert.pem"
 
static String SrvKey = "/etc/grid-security/xrd/xrdkey.pem"
 
static String UsrProxy
 
static String UsrCert = "/.globus/usercert.pem"
 
static String UsrKey = "/.globus/userkey.pem"
 
static String PxyValid = "12:00"
 
static int DepLength = 0
 
static int DefBits = 512
 
static int CACheck = 1
 
static int CRLCheck = 1
 
static int CRLDownload = 0
 
static int CRLRefresh = 86400
 
static String DefCrypto = "ssl"
 
static String DefCipher = "aes-128-cbc:bf-cbc:des-ede3-cbc"
 
static String DefMD = "sha1:md5"
 
static String DefError = "invalid credentials "
 
static String GMAPFile = "/etc/grid-security/grid-mapfile"
 
static int GMAPOpt = 1
 
static bool GMAPuseDNname = 0
 
static int GMAPCacheTimeOut = -1
 
static XrdSysPluginGMAPPlugin = 0
 
static XrdSecgsiGMAP_t GMAPFun = 0
 
static XrdSysPluginAuthzPlugin = 0
 
static XrdSecgsiAuthz_t AuthzFun = 0
 
static XrdSecgsiAuthzKey_t AuthzKey = 0
 
static int AuthzCertFmt = -1
 
static int AuthzCacheTimeOut = 43200
 
static int PxyReqOpts = 0
 
static int AuthzPxyWhat = -1
 
static int AuthzPxyWhere = -1
 
static String SrvAllowedNames
 
static int VOMSAttrOpt = 1
 
static XrdSysPluginVOMSPlugin = 0
 
static XrdSecgsiVOMS_t VOMSFun = 0
 
static int VOMSCertFmt = -1
 
static int MonInfoOpt = 0
 
static bool HashCompatibility = 1
 
static int ncrypt = 0
 
static XrdCryptoFactorycryptF [XrdCryptoMax] = {0}
 
static int cryptID [XrdCryptoMax] = {0}
 
static String cryptName [XrdCryptoMax] = {0}
 
static XrdCryptoCipherrefcip [XrdCryptoMax] = {0}
 
static XrdSutCache cacheCA
 
static XrdSutCache cacheCert
 
static XrdSutCache cachePxy
 
static XrdSutCache cacheGMAP
 
static XrdSutCache cacheGMAPFun
 
static XrdSutCache cacheAuthzFun
 
static GSICrlStack stackCRL
 
static time_t lastGMAPCheck = -1
 
static XrdSysMutex mutexGMAP
 
static int Debug = 0
 
static bool Server = 1
 
static int TimeSkew = 300
 
static XrdSysLogger Logger
 
static XrdSysError eDest
 
static XrdOucTraceGSITrace = 0
 

Friends

class gsiOptions
 
class gsiHSVars
 

Additional Inherited Members

- Public Attributes inherited from XrdSecProtocol
XrdSecEntity Entity
 
- Protected Member Functions inherited from XrdSecProtocol
virtual ~XrdSecProtocol ()
 Destructor (prevents use of direct delete). More...
 

Constructor & Destructor Documentation

XrdSecProtocolgsi::XrdSecProtocolgsi ( int  opts,
const char *  hname,
const struct sockaddr *  ipadd,
const char *  parms = 0 
)

References bucketKey, XrdOucString::c_str(), DEBUG, XrdSecProtocol::Entity, EPNAME, XrdSysDNS::getHostName(), gsiHSVars, XrdSecEntity::host, hostaddr, hs, XrdOucString::insert(), XrdOucString::length(), options, opts, gsiHSVars::Parms, PRINT, proxyChain, QTRACE, Server, sessionCF, sessionKey, sessionKsig, sessionKver, sessionMD, srvMode, gsiHSVars::TimeStamp, gsiHSVars::Tty, Version, XrdSecPROTOIDENT, and XrdSecPROTOIDLEN.

virtual XrdSecProtocolgsi::~XrdSecProtocolgsi ( )
inlinevirtual

Member Function Documentation

int XrdSecProtocolgsi::AddSerialized ( char  opt,
kXR_int32  step,
String  ID,
XrdSutBuffer bls,
XrdSutBuffer buf,
kXR_int32  type,
XrdCryptoCipher cip 
)
private

References XrdSutBuffer::AddBucket(), XrdSutPFEntry::buf1, XrdSutBucket::buffer, gsiHSVars::Cref, XrdCryptoCipher::Encrypt(), XrdCryptoRSA::EncryptPrivate(), EPNAME, XrdSutBuffer::GetBucket(), XrdSutRndm::GetRndmTag(), hs, kXRS_rtag, kXRS_signed_rtag, gsiHSVars::LastStep, XrdSutPFEntry::mtime, PRINT, XrdSutBuffer::Serialized(), sessionKsig, XrdSutPFBuf::SetBuf(), XrdSutBuffer::SetStep(), XrdSutBucket::size, gsiHSVars::TimeStamp, XrdSutBucket::type, XrdSutBucket::Update(), and XrdSutBuckStr().

Referenced by Authenticate(), and getCredentials().

int XrdSecProtocolgsi::Authenticate ( XrdSecCredentials cred,
XrdSecParameters **  parms,
XrdOucErrInfo einfo = 0 
)
virtual

Authenticate a client.

Parameters
credCredentials supplied by the client.
parmsPlace where the address of additional authentication data is to be placed for another autrhentication handshake.
einfoThe error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr.
Returns
> 0 -> parms present (more authentication needed) = 0 -> Entity present (authentication suceeded) < 0 -> einfo present (error has occured)

Implements XrdSecProtocol.

References XrdSutCache::Add(), XrdSutBuffer::AddBucket(), AddSerialized(), AuthzCacheTimeOut, AuthzCertFmt, AuthzFun, AuthzKey, AuthzPxyWhat, AuthzPxyWhere, XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdSutPFEntry::buf2, XrdSecBuffer::buffer, XrdOucString::c_str(), cacheAuthzFun, gsiHSVars::Cbck, gsiHSVars::Chain, CheckRtag(), ClientStepStr(), XrdSutPFEntry::cnt, CopyEntity(), XrdSecEntity::creds, XrdSecEntity::credslen, CryptList, XrdSutBuffer::Deactivate(), DEBUG, DefCipher, DefMD, XrdSutBuffer::Dump(), XrdCryptoX509Chain::EEChash(), XrdCryptoX509Chain::EECname(), XrdCryptoX509Chain::End(), XrdSecEntity::endorsements, XrdSecProtocol::Entity, EPNAME, XrdOucString::erase(), ErrS(), XrdCryptoX509::Export(), ExtractVOMS(), XrdOucString::find(), FreeEntity(), XrdSutCache::Get(), XrdSutBuffer::GetBucket(), XrdSutBuffer::GetProtocol(), XrdSutBuffer::GetStep(), GMAPOpt, GMAPuseDNname, XrdSecEntity::grps, hs, gsiHSVars::ID, kGSErrAddBucket, kGSErrBadOpt, kGSErrBadProtocol, kGSErrBadRndmTag, kGSErrDecodeBuffer, kGSErrError, kGSErrNoPublic, kGSErrParseBuffer, kGSErrSerialBuffer, kgST_error, kgST_more, kgST_ok, kPFE_disabled, kPFE_ok, kXGC_cert, kXGC_certreq, kXGC_sigpxy, kXGS_cert, kXGS_none, kXGS_pxyreq, kXRS_cipher_alg, kXRS_main, kXRS_md_alg, kXRS_message, kXRS_puk, kXRS_user, XrdSutPFBuf::len, XrdOucString::length(), XrdSecEntity::moninfo, MonInfoOpt, XrdSutPFEntry::mtime, XrdSecEntity::name, XrdCryptoX509::NotAfter(), NOTIFY, gsiHSVars::Options, ParseServerInput(), PRINT, XrdSecEntity::prot, XrdCryptoCipher::Public(), gsiHSVars::PxyChain, QTRACE, QueryGMAP(), gsiHSVars::Rcip, XrdSutCache::Rehash(), REL2, XrdSutCache::Remove(), gsiHSVars::RemVers, XrdOucString::replace(), XrdSecEntity::role, SafeDelArray, SafeDelete, SafeFree, XrdSutBuffer::Serialized(), ServerStepStr(), sessionKey, XrdSecBuffer::size, XrdSutPFEntry::status, STR_NPOS, XrdSecEntity::tident, gsiHSVars::TimeStamp, XrdOucString::tokenize(), XrdSutBucket::ToString(), XrdSutCacheRef::UnLock(), VOMSAttrOpt, VOMSCertFmt, VOMSFun, XrdSecEntity::vorg, XrdCryptosslX509ExportChain(), XrdSecPROTOIDENT, XrdSecPROTOIDLEN, and XrdSutBuckStr().

bool XrdSecProtocolgsi::CheckRtag ( XrdSutBuffer bm,
String emsg 
)
private

References XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdSutBucket::buffer, gsiHSVars::Cref, XrdSutBuffer::Deactivate(), DEBUG, XrdCryptoRSA::DecryptPublic(), EPNAME, XrdSutBuffer::GetBucket(), hs, kXRS_signed_rtag, XrdSutPFBuf::len, gsiHSVars::RtagOK, SafeDelete, sessionKver, and XrdSutPFBuf::SetBuf().

Referenced by Authenticate(), and getCredentials().

bool XrdSecProtocolgsi::CheckTimeStamp ( XrdSutBuffer b,
int  skew,
String emsg 
)
private
int XrdSecProtocolgsi::ClientDoCert ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private

References XrdSutBucket::buffer, XrdOucString::c_str(), gsiHSVars::Chain, XrdCryptoFactory::Cipher(), gsiHSVars::Cref, gsiHSVars::Crl, XrdSutBuffer::Deactivate(), emsg(), XrdCryptoX509Chain::End(), EPNAME, XrdSutBuffer::GetBucket(), hs, XrdCryptoRSA::IsValid(), XrdCryptoX509Chain::kNone, kOptsDelChn, kXRS_cipher_alg, kXRS_main, kXRS_md_alg, kXRS_puk, kXRS_x509, XrdCryptoX509Chain::LastError(), XrdOucString::length(), XrdCryptoFactory::MsgDigest(), XrdSutPFEntry::mtime, NOTIFY, gsiHSVars::Options, XrdCryptoX509::PKI(), PRINT, gsiHSVars::RemVers, XrdCryptoFactory::RSA(), SafeDelete, ServerCertNameOK(), sessionCF, sessionKey, sessionKver, sessionMD, XrdSutBucket::size, XrdSutPFEntry::status, XrdCryptoX509::Subject(), XrdCryptoFactory::SupportedCipher(), XrdCryptoFactory::SupportedMsgDigest(), TimeSkew, gsiHSVars::TimeStamp, XrdOucString::tokenize(), XrdSutBucket::ToString(), XrdSutBuffer::UpdateBucket(), XrdCryptosslgsiX509Chain::Verify(), and XrdCryptoFactory::X509ParseBucket().

Referenced by ParseClientInput().

int XrdSecProtocolgsi::ClientDoInit ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private

References XrdOucString::assign(), XrdOucString::c_str(), cachePxy, CAdir, ProxyOut_t::cbck, gsiHSVars::Cbck, ProxyOut_t::chain, gsiHSVars::Chain, gsiHSVars::Cref, DefBits, DefCrypto, DepLength, XrdSecProtocol::Entity, EPNAME, XrdOucString::erase(), XrdOucString::find(), XrdSutBuffer::GetOptions(), XrdSutBuffer::GetProtocol(), XrdSecEntity::grps, XrdSecEntity::host, hs, ProxyOut_t::ksig, XrdSecEntity::name, NOTIFY, gsiHSVars::Options, opts, ParseCAlist(), ParseCrypto(), PRINT, gsiHSVars::PxyChain, PxyReqOpts, PxyValid, QueryProxy(), gsiHSVars::RemVers, XrdCryptoFactory::RSA(), sessionCF, sessionKsig, XrdSutPFEntry::status, gsiHSVars::TimeStamp, UsrCert, UsrKey, UsrProxy, Version, XrdSecEntity::vorg, and XrdSutResolve().

Referenced by ParseClientInput().

int XrdSecProtocolgsi::ClientDoPxyreq ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private

References XrdSutBucket::buffer, XrdCryptoCipher::Decrypt(), XrdCryptoX509Chain::End(), XrdCryptoX509::Export(), XrdCryptoRSA::ExportPrivate(), XrdSutBuffer::GetBucket(), hs, kOptsFwdPxy, kOptsSigReq, kXRS_main, kXRS_x509, kXRS_x509_req, gsiHSVars::Options, XrdCryptoX509::PKI(), gsiHSVars::PxyChain, gsiHSVars::RemVers, sessionCF, sessionKey, XrdCryptoX509Req::SetVersion(), XrdSutBucket::size, XrdCryptoFactory::X509Req(), and XrdSslgsiX509SignProxyReq().

Referenced by ParseClientInput().

void XrdSecProtocolgsi::CopyEntity ( XrdSecEntity in,
XrdSecEntity out,
int *  lout = 0 
)
private

References XrdSecEntity::creds, XrdSecEntity::credslen, XrdSecEntity::endorsements, XrdSecEntity::grps, XrdSecEntity::host, XrdSecEntity::moninfo, XrdSecEntity::name, XrdSecEntity::role, and XrdSecEntity::vorg.

Referenced by Authenticate().

int XrdSecProtocolgsi::Decrypt ( const char *  ,
int  ,
XrdSecBuffer **   
)
virtual

Decrypt data in inbuff using the session key.

Parameters
inbuffbuffer holding data to be decrypted.
inlenlength of the data.
outbuffplace where a pointer to the decrypted data is placed.
Returns
< 0 Failed,the return value is -errno (see Encrypt). = 0 Success, outbuff contains a pointer to the decrypted data. The caller is responsible for deleting the returned object.

Reimplemented from XrdSecProtocol.

References DEBUG, XrdCryptoCipher::DecOutLength(), XrdCryptoCipher::Decrypt(), EPNAME, SafeFree, and sessionKey.

void XrdSecProtocolgsi::Delete ( )
virtual

Delete the protocol object. DO NOT use C++ delete() on this object.

Implements XrdSecProtocol.

References bucketKey, XrdSecEntity::creds, XrdSecEntity::credslen, XrdSecEntity::endorsements, XrdSecProtocol::Entity, XrdSecEntity::grps, XrdSecEntity::host, hs, XrdSecEntity::moninfo, XrdSecEntity::name, proxyChain, XrdSecEntity::role, SafeDelete, SafeFree, sessionKey, sessionKsig, sessionKver, sessionMD, and XrdSecEntity::vorg.

XrdOucTrace * XrdSecProtocolgsi::EnableTracing ( )
static

References eDest, EPNAME, GSITrace, XrdSysError::logger(), and Logger.

Referenced by XrdSecProtocolgsiInit().

int XrdSecProtocolgsi::Encrypt ( const char *  ,
int  ,
XrdSecBuffer **   
)
virtual

Encrypt data in inbuff using the session key.

Parameters
inbuffbuffer holding data to be encrypted.
inlenlength of the data.
outbuffplace where a pointer to the encrypted data is placed.
Returns
< 0 Failed, the return value is -errno of the reason. Typically, -EINVAL - one or more arguments are invalid. -NOTSUP - encryption not supported by the protocol -ENOENT - Context not innitialized = 0 Success, outbuff contains a pointer to the encrypted data. The caller is responsible for deleting the returned object.

Reimplemented from XrdSecProtocol.

References DEBUG, XrdCryptoCipher::EncOutLength(), XrdCryptoCipher::Encrypt(), EPNAME, SafeFree, and sessionKey.

XrdSecCredentials * XrdSecProtocolgsi::ErrC ( XrdOucErrInfo einfo,
XrdSutBuffer b1,
XrdSutBuffer b2,
XrdSutBuffer b3,
kXR_int32  ecode,
const char *  msg1 = 0,
const char *  msg2 = 0,
const char *  msg3 = 0 
)
private

References ErrF(), and REL3.

Referenced by getCredentials().

void XrdSecProtocolgsi::ErrF ( XrdOucErrInfo einfo,
kXR_int32  ecode,
const char *  msg1,
const char *  msg2 = 0,
const char *  msg3 = 0 
)
staticprivate

References DEBUG, Debug, EPNAME, gGSErrStr, kGSErrError, kGSErrParseBuffer, QTRACE, and XrdOucErrInfo::setErrInfo().

Referenced by ErrC(), ErrS(), and Init().

int XrdSecProtocolgsi::ErrS ( String  ID,
XrdOucErrInfo einfo,
XrdSutBuffer b1,
XrdSutBuffer b2,
XrdSutBuffer b3,
kXR_int32  ecode,
const char *  msg1 = 0,
const char *  msg2 = 0,
const char *  msg3 = 0 
)
private

References ErrF(), kgST_error, and REL3.

Referenced by Authenticate().

int XrdSecProtocolgsi::ExtractVOMS ( X509Chain c,
XrdSecEntity ent 
)
private

References XrdOucString::assign(), XrdOucString::c_str(), DEBUG, XrdCryptoX509Chain::End(), XrdSecEntity::endorsements, EPNAME, XrdOucString::erase(), XrdOucString::find(), XrdSecEntity::grps, XrdCryptoX509::Issuer(), XrdOucString::length(), NOTIFY, PRINT, XrdSecEntity::role, SafeFree, XrdCryptoX509Chain::SearchBySubject(), STR_NPOS, XrdCryptoX509::Subject(), XrdOucString::tokenize(), XrdSecEntity::vorg, and XrdSslgsiX509GetVOMSAttr().

Referenced by Authenticate().

void XrdSecProtocolgsi::FreeEntity ( XrdSecEntity in)
private

References XrdSecEntity::creds, XrdSecEntity::credslen, XrdSecEntity::endorsements, XrdSecEntity::grps, XrdSecEntity::host, XrdSecEntity::moninfo, XrdSecEntity::name, XrdSecEntity::role, SafeFree, and XrdSecEntity::vorg.

Referenced by Authenticate().

int XrdSecProtocolgsi::GetCA ( const char *  cahash,
XrdCryptoFactory cryptof,
gsiHSVars hs = 0 
)
staticprivate

References XrdSutCache::Add(), GSICrlStack::Add(), XrdCryptoX509Chain::Begin(), XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdSutPFEntry::buf2, XrdOucString::c_str(), cacheCA, CACheck, gsiHSVars::Chain, XrdSutPFEntry::cnt, gsiHSVars::Crl, CRLCheck, CRLDownload, CRLRefresh, DEBUG, GSICrlStack::Del(), EPNAME, XrdSutCache::Get(), GetCApath(), gsiHSVars::HashAlg, hs, XrdCryptoFactory::ID(), XrdCryptoX509Crl::IsExpired(), kPFE_ok, XrdSutPFBuf::len, LoadCRL(), XrdSutPFEntry::mtime, NOTIFY, PRINT, XrdSutCache::Rehash(), XrdSutCache::Remove(), SafeDelete, stackCRL, XrdSutPFEntry::status, XrdCryptoX509::SubjectHash(), gsiHSVars::TimeStamp, XrdSutCacheRef::UnLock(), VerifyCA(), and XrdCryptoFactory::X509ParseFile().

Referenced by GetSrvCertEnt(), and ParseCAlist().

String XrdSecProtocolgsi::GetCApath ( const char *  cahash)
staticprivate

References access(), XrdOucString::c_str(), CAdir, XrdOucString::endswith(), XrdOucString::length(), and XrdOucString::tokenize().

Referenced by GetCA(), and VerifyCA().

XrdSecCredentials * XrdSecProtocolgsi::getCredentials ( XrdSecParameters parm = 0,
XrdOucErrInfo einfo = 0 
)
virtual

Generate client credentials to be used in the authentication process.

Parameters
parmPointer to the information returned by the server either in the initial login response or the authmore response.
einfoThe error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr.
Returns
Success: Pointer to credentials to sent to the server. The caller is responsible for deleting the object. Failure: Null pointer with einfo, if supplied, containing the reason for the failure.

Implements XrdSecProtocol.

References XrdSutBuffer::AddBucket(), AddSerialized(), XrdCryptoX509Chain::Begin(), XrdSutBucket::buffer, XrdSecBuffer::buffer, XrdOucString::c_str(), gsiHSVars::Cbck, CheckRtag(), ClientStepStr(), CryptList, gsiHSVars::CryptoMod, DEBUG, XrdSutBuffer::Dump(), XrdSecProtocol::Entity, EPNAME, ErrC(), XrdSutBuffer::GetProtocol(), XrdSutBuffer::GetStep(), HashCompatibility, hs, gsiHSVars::ID, XrdCryptoX509::IssuerHash(), gsiHSVars::Iter, XrdCryptoX509::kCA, kGSErrAddBucket, kGSErrBadOpt, kGSErrBadProtocol, kGSErrBadRndmTag, kGSErrCreateBucket, kGSErrDecodeBuffer, kGSErrError, kGSErrNoBuffer, kGSErrNoCipher, kGSErrNoPublic, kGSErrParseBuffer, kGSErrSerialBuffer, kXGC_cert, kXGC_certreq, kXGC_none, kXGC_sigpxy, kXGS_cert, kXGS_init, kXGS_pxyreq, kXRS_clnt_opts, kXRS_cryptomod, kXRS_issuer_hash, kXRS_main, kXRS_message, kXRS_puk, kXRS_user, kXRS_version, XrdOucString::length(), XrdSutBuffer::MarshalBucket(), XrdSecEntity::name, XrdCryptoX509Chain::Next(), NOTIFY, gsiHSVars::Options, gsiHSVars::Parms, ParseClientInput(), proxyChain, XrdCryptoCipher::Public(), gsiHSVars::PxyChain, QTRACE, REL2, gsiHSVars::RemVers, XrdOucString::replace(), XrdSutBuffer::Serialized(), ServerStepStr(), sessionCF, sessionKey, XrdSutBuffer::SetStep(), XrdSutBucket::size, XrdSecBuffer::size, srvMode, XrdCryptoX509::SubjectHash(), gsiHSVars::TimeStamp, XrdCryptoX509::type, XrdSutBuffer::UpdateBucket(), Version, XrdCryptoFactory::X509ExportChain(), XrdSecPROTOIDENT, and XrdSutBuckStr().

int XrdSecProtocolgsi::getKey ( char *  = 0,
int  = 0 
)
virtual

Get the current encryption key (i.e. session key)

Parameters
buffbuffer to hold the key, and may be null.
sizesize of the buffer.
Returns
< 0 Failed, returned value if -errno (see Encrypt) >= 0 The size of the encyption key. The supplied buffer of length size hold the key. If the buffer address is supplied, the key is placed in the buffer.

Reimplemented from XrdSecProtocol.

References XrdCryptoCipher::AsBucket(), bucketKey, XrdSutBucket::buffer, DEBUG, EPNAME, sessionKey, and XrdSutBucket::size.

XrdSutPFEntry * XrdSecProtocolgsi::GetSrvCertEnt ( XrdSutCacheRef pfeRef,
XrdCryptoFactory cf,
time_t  timestamp,
String cal 
)
staticprivate

References XrdSutCache::Add(), XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdSutPFEntry::buf2, XrdSutPFEntry::buf3, XrdOucString::c_str(), cacheCert, CAdir, XrdSutPFEntry::cnt, emsg(), EPNAME, XrdCryptoX509::Export(), XrdOucString::find(), XrdSutCache::Get(), GetCA(), HashCompatibility, XrdCryptoX509::IssuerHash(), XrdCryptoX509::IsValid(), XrdCryptoRSA::kComplete, XrdCryptoX509::kEEC, kPFE_ok, kPFE_special, XrdSutPFBuf::len, XrdOucString::length(), XrdSutPFEntry::mtime, XrdCryptoFactory::Name(), XrdCryptoX509::NotAfter(), XrdCryptoX509::PKI(), PRINT, PxyValid, QueryProxy(), XrdSutPFEntry::Reset(), SafeDelete, SrvCert, SrvKey, stat(), XrdCryptoRSA::status, XrdSutPFEntry::status, STR_NPOS, XrdCryptoX509::type, XrdCryptoX509::Type(), XrdSutCacheRef::UnLock(), UsrProxy, XrdSysPrivGuard::Valid(), and XrdCryptoFactory::X509().

Referenced by Init(), and ServerDoCertreq().

char * XrdSecProtocolgsi::Init ( gsiOptions  o,
XrdOucErrInfo erp 
)
static

References access(), AuthzCacheTimeOut, AuthzCertFmt, gsiOptions::authzfun, AuthzFun, gsiOptions::authzfunparms, gsiOptions::authzpxy, AuthzPxyWhat, AuthzPxyWhere, gsiOptions::authzto, gsiOptions::bits, XrdOucString::c_str(), gsiOptions::ca, cacheAuthzFun, cacheCA, cacheCert, CACheck, cacheGMAP, cacheGMAPFun, cachePxy, CAdir, gsiOptions::cert, gsiOptions::certdir, XrdCryptoFactory::Cipher(), gsiOptions::cipher, gsiOptions::clist, gsiOptions::crl, CRLCheck, gsiOptions::crldir, CRLdir, CRLDownload, gsiOptions::crlext, gsiOptions::crlrefresh, CRLRefresh, cryptF, cryptID, cryptName, cryptoTRACE_Debug, cryptoTRACE_Dump, cryptoTRACE_Notify, DEBUG, gsiOptions::debug, Debug, DefBits, DefCipher, DefCRLext, DefCrypto, DefMD, gsiOptions::deplen, DepLength, gsiOptions::dlgpxy, XrdSutCache::Dump(), XrdSutCache::Empty(), XrdOucString::endswith(), EPNAME, XrdOucString::erase(), ErrF(), gsiOptions::exppxy, XrdCryptoFactory::GetCryptoFactory(), XrdOucErrInfo::getErrText(), GetSrvCertEnt(), GMAPCacheTimeOut, GMAPFile, gsiOptions::gmapfun, GMAPFun, gsiOptions::gmapfunparms, GMAPOpt, gsiOptions::gmapto, GMAPuseDNname, gsiOptions::gridmap, GSITrace, gUsrPxyDef, gsiOptions::hashcomp, HashCompatibility, XrdCryptoFactory::ID(), XrdSutCache::Init(), XrdOucString::insert(), gsiOptions::key, kGSErrError, kGSErrInit, kOptsDlgPxy, kOptsFwdPxy, kOptsPxFile, kOptsSigReq, kOptsSrvReq, XrdOucString::length(), LoadAuthzFun(), LoadGMAP(), LoadGMAPFun(), LoadVOMSFun(), gsiOptions::md, gsiOptions::mode, gsiOptions::moninfo, MonInfoOpt, XrdCryptoFactory::Name(), ncrypt, NOTIFY, XrdCryptoFactory::Notify(), gsiOptions::ogmap, PRINT, gsiOptions::proxy, PxyReqOpts, PxyValid, QTRACE, refcip, XrdSutCache::Rehash(), XrdSutCache::Reset(), Server, XrdCryptoFactory::SetTrace(), gsiOptions::sigpxy, SrvAllowedNames, SrvCert, SrvKey, gsiOptions::srvnames, stat(), sutTRACE_Debug, sutTRACE_Dump, sutTRACE_Notify, XrdOucString::tokenize(), TRACE, TRACE_ALL, TRACE_Authen, TRACE_Debug, XrdSutCacheRef::UnLock(), UsrCert, UsrKey, UsrProxy, gsiOptions::valid, Version, gsiOptions::vomsat, VOMSAttrOpt, VOMSCertFmt, gsiOptions::vomsfun, VOMSFun, gsiOptions::vomsfunparms, XrdOucTrace::What, XrdCryptoMax, XrdCryptoSetTrace(), XrdSutExpand(), XrdSutHome(), and XrdSutSetTrace().

Referenced by XrdSecProtocolgsiInit().

int XrdSecProtocolgsi::InitProxy ( ProxyIn_t pi,
X509Chain ch = 0,
XrdCryptoRSA **  key = 0 
)
staticprivate

References ProxyIn_t::bits, XrdOucString::c_str(), ProxyIn_t::cert, ProxyIn_t::certdir, DEBUG, ProxyIn_t::deplen, EPNAME, XrdOucString::erase(), XrdOucString::find(), ProxyIn_t::key, kMAXBUFLEN, NOTIFY, ProxyIn_t::out, PRINT, stat(), ProxyIn_t::valid, XrdSslgsiX509CreateProxy(), and XrdSutParseTime().

Referenced by QueryProxy().

XrdSecgsiAuthz_t XrdSecProtocolgsi::LoadAuthzFun ( const char *  plugin,
const char *  parms,
int &  fmt 
)
staticprivate

References AuthzKey, AuthzPlugin, XrdOucString::c_str(), DEBUG, eDest, EPNAME, XrdSysPlugin::getPlugin(), XrdOucString::length(), and PRINT.

Referenced by Init().

XrdCryptoX509Crl * XrdSecProtocolgsi::LoadCRL ( XrdCryptoX509 xca,
const char *  sjhash,
XrdCryptoFactory CF,
int  dwld 
)
staticprivate

References XrdOucString::c_str(), closedir(), CRLCheck, CRLdir, DEBUG, DefCRLext, EPNAME, XrdOucString::find(), fopen, XrdCryptoX509Crl::IssuerHash(), XrdOucString::length(), opendir(), PRINT, readdir(), SafeDelete, XrdCryptoX509::SubjectHash(), XrdOucString::tokenize(), XrdCryptoX509Crl::Verify(), XrdCryptoFactory::X509(), and XrdCryptoFactory::X509Crl().

Referenced by GetCA().

int XrdSecProtocolgsi::LoadGMAP ( int  now)
staticprivate

References XrdSutCache::Add(), XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdOucString::c_str(), cacheGMAP, XrdSutPFEntry::cnt, DEBUG, XrdSutCache::Empty(), EPNAME, fclose(), fopen, GMAPFile, XrdSutCache::Init(), kPFE_ok, lastGMAPCheck, XrdSutPFBuf::len, XrdOucString::length(), XrdSutPFEntry::mtime, mutexGMAP, PRINT, XrdSutCache::Rehash(), XrdSutCache::Reset(), SafeDelArray, stat(), XrdSutPFEntry::status, and XrdSutCacheRef::UnLock().

Referenced by Init(), and QueryGMAP().

XrdSecgsiGMAP_t XrdSecProtocolgsi::LoadGMAPFun ( const char *  plugin,
const char *  parms 
)
staticprivate

References XrdOucString::c_str(), DEBUG, eDest, EPNAME, XrdSysPlugin::getPlugin(), GMAPPlugin, XrdOucString::length(), and PRINT.

Referenced by Init().

XrdSecgsiVOMS_t XrdSecProtocolgsi::LoadVOMSFun ( const char *  plugin,
const char *  parms,
int &  fmt 
)
staticprivate

References XrdOucString::c_str(), DEBUG, eDest, EPNAME, XrdSysPlugin::getPlugin(), XrdOucString::length(), PRINT, and VOMSPlugin.

Referenced by Init().

int XrdSecProtocolgsi::ParseCAlist ( String  calist)
private

References XrdOucString::c_str(), gsiHSVars::Chain, DEBUG, EPNAME, GetCA(), hs, XrdOucString::length(), PRINT, sessionCF, and XrdOucString::tokenize().

Referenced by ClientDoInit(), and ServerDoCertreq().

int XrdSecProtocolgsi::ParseClientInput ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String emsg 
)
private

References ClientDoCert(), ClientDoInit(), ClientDoPxyreq(), EPNAME, XrdSutBuffer::GetStep(), kXGS_cert, kXGS_init, kXGS_pxyreq, and PRINT.

Referenced by getCredentials().

int XrdSecProtocolgsi::ParseCrypto ( String  cryptlist)
private

References XrdOucString::c_str(), cryptF, cryptID, gsiHSVars::CryptoMod, DEBUG, Debug, EPNAME, XrdCryptoFactory::GetCryptoFactory(), GSITrace, hs, XrdCryptoFactory::ID(), XrdOucString::length(), ncrypt, NOTIFY, XrdCryptoFactory::Notify(), QTRACE, gsiHSVars::Rcip, refcip, sessionCF, XrdCryptoFactory::SetTrace(), XrdOucString::tokenize(), XrdOucTrace::What, and XrdCryptoMax.

Referenced by ClientDoInit(), and ServerDoCertreq().

int XrdSecProtocolgsi::ParseServerInput ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private

References EPNAME, XrdSutBuffer::GetStep(), kXGC_cert, kXGC_certreq, kXGC_sigpxy, PRINT, ServerDoCert(), ServerDoCertreq(), and ServerDoSigpxy().

Referenced by Authenticate().

void XrdSecProtocolgsi::QueryGMAP ( XrdCryptoX509Chain chain,
int  now,
String name 
)
staticprivate

References XrdSutCache::Add(), XrdSutPFBuf::buf, XrdSutPFEntry::buf1, cacheGMAP, cacheGMAPFun, XrdSutPFEntry::cnt, XrdCryptoX509Chain::EECname(), EPNAME, XrdSutCache::Get(), GMAPCacheTimeOut, GMAPFun, kPFE_allowed, kPFE_ok, XrdSutPFBuf::len, XrdOucString::length(), LoadGMAP(), XrdSutPFEntry::mtime, NOTIFY, PRINT, XrdSutCache::Rehash(), XrdSutCache::Remove(), SafeDelArray, XrdSutPFEntry::status, and XrdSutCacheRef::UnLock().

Referenced by Authenticate().

int XrdSecProtocolgsi::QueryProxy ( bool  checkcache,
XrdSutCache cache,
const char *  tag,
XrdCryptoFactory cf,
time_t  timestamp,
ProxyIn_t pi,
ProxyOut_t po 
)
staticprivate

References XrdSutCache::Add(), XrdSutPFBuf::buf, XrdSutPFEntry::buf1, XrdSutPFEntry::buf2, XrdSutPFEntry::buf3, CACheck, ProxyOut_t::cbck, ProxyOut_t::chain, XrdCryptoX509Chain::CheckCA(), XrdCryptoX509Chain::CheckValidity(), XrdCryptoX509Chain::Cleanup(), XrdSutPFEntry::cnt, DEBUG, XrdCryptoX509Chain::End(), EPNAME, XrdSutCache::Get(), InitProxy(), XrdCryptoRSA::kComplete, kPFE_special, ProxyOut_t::ksig, kXRS_x509, XrdSutPFBuf::len, XrdSutPFEntry::mtime, XrdCryptoX509::NotAfter(), NOTIFY, ProxyIn_t::out, XrdCryptoX509::PKI(), PRINT, XrdSutCache::Rehash(), XrdCryptoX509Chain::Reorder(), SafeDelete, XrdSutBucket::SetBuf(), XrdCryptoRSA::status, XrdSutPFEntry::status, XrdSutCacheRef::UnLock(), XrdCryptoFactory::X509ExportChain(), XrdCryptoFactory::X509ParseBucket(), and XrdCryptoFactory::X509ParseFile().

Referenced by ClientDoInit(), and GetSrvCertEnt().

bool XrdSecProtocolgsi::ServerCertNameOK ( const char *  subject,
String e 
)
private

References XrdOucString::assign(), XrdOucString::beginswith(), XrdOucString::c_str(), XrdSecProtocol::Entity, XrdOucString::erasefromstart(), XrdOucString::find(), XrdSecEntity::host, XrdOucString::length(), XrdOucString::matches(), XrdOucString::replace(), SrvAllowedNames, STR_NPOS, and XrdOucString::tokenize().

Referenced by ClientDoCert().

int XrdSecProtocolgsi::ServerDoCert ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private

References XrdSutPFBuf::buf, XrdSutPFEntry::buf4, XrdSutBucket::buffer, XrdOucString::c_str(), gsiHSVars::Chain, XrdCryptoFactory::Cipher(), gsiHSVars::Cref, gsiHSVars::Crl, XrdSutBuffer::Deactivate(), XrdCryptoCipher::Decrypt(), DefCipher, DefMD, XrdCryptoX509Chain::End(), EPNAME, XrdCryptoX509Req::Export(), XrdCryptoCipher::Finalize(), XrdOucString::find(), XrdSutBuffer::GetBucket(), hs, XrdCryptoRSA::IsValid(), XrdCryptoX509Chain::kNone, kOptsDelChn, kOptsDlgPxy, kOptsFwdPxy, kOptsSigReq, kOptsSrvReq, kXRS_cipher_alg, kXRS_main, kXRS_md_alg, kXRS_puk, kXRS_version, kXRS_x509, XrdCryptoX509Chain::LastError(), XrdCryptoFactory::MsgDigest(), XrdSutPFEntry::mtime, NOTIFY, gsiHSVars::Options, XrdCryptoX509::PKI(), gsiHSVars::PxyChain, PxyReqOpts, gsiHSVars::Rcip, gsiHSVars::RemVers, XrdCryptoX509Chain::Reorder(), XrdCryptoFactory::RSA(), SafeDelete, sessionCF, sessionKey, sessionKver, sessionMD, XrdSutBucket::size, TimeSkew, gsiHSVars::TimeStamp, XrdSutBucket::ToString(), XrdCryptosslgsiX509Chain::Verify(), Version, XrdCryptoFactory::X509ParseBucket(), and XrdSslgsiX509CreateProxyReq().

Referenced by ParseServerInput().

int XrdSecProtocolgsi::ServerDoCertreq ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private

References XrdSutPFBuf::buf, XrdSutPFEntry::buf2, XrdSutPFEntry::buf3, XrdSutBucket::buffer, XrdOucString::c_str(), gsiHSVars::Cbck, gsiHSVars::Cref, XrdSutBuffer::Deactivate(), XrdSutBuffer::GetBucket(), GetSrvCertEnt(), hs, gsiHSVars::ID, kXRS_clnt_opts, kXRS_cryptomod, kXRS_issuer_hash, kXRS_main, kXRS_version, gsiHSVars::Options, ParseCAlist(), ParseCrypto(), gsiHSVars::RemVers, XrdCryptoFactory::RSA(), sessionCF, sessionKsig, XrdSutBucket::size, gsiHSVars::TimeStamp, XrdSutBucket::ToString(), XrdSutBuffer::UnmarshalBucket(), and Version.

Referenced by ParseServerInput().

int XrdSecProtocolgsi::ServerDoSigpxy ( XrdSutBuffer br,
XrdSutBuffer **  bm,
String cmsg 
)
private

References XrdSutPFBuf::buf, XrdSutPFEntry::buf4, XrdSutBucket::buffer, XrdOucString::c_str(), gsiHSVars::Cref, DEBUG, XrdCryptoCipher::Decrypt(), XrdCryptoX509Chain::Dump(), XrdCryptoX509Chain::EECname(), XrdCryptoX509Chain::End(), XrdSecProtocol::Entity, EPNAME, XrdOucString::find(), XrdSutBuffer::GetBucket(), XrdSecEntity::grps, XrdSecEntity::host, hs, XrdCryptoRSA::ImportPrivate(), kOptsFwdPxy, kOptsPxFile, kXRS_main, kXRS_message, kXRS_user, kXRS_x509, XrdOucString::length(), XrdSecEntity::name, XrdCryptoRSA::Opaque(), gsiHSVars::Options, XrdCryptoX509::PKI(), PRINT, proxyChain, XrdCryptoX509Chain::PushBack(), gsiHSVars::PxyChain, PxyReqOpts, QTRACE, XrdOucString::replace(), XrdCryptoX509Chain::SearchBySubject(), sessionCF, sessionKey, XrdCryptoX509::SetPKI(), XrdSutBucket::size, STR_NPOS, XrdCryptoX509::SubjectHash(), XrdSutBucket::ToString(), UsrProxy, XrdSecEntity::vorg, XrdCryptoFactory::X509(), XrdCryptoFactory::X509ChainToFile(), and XrdSutResolve().

Referenced by ParseServerInput().

int XrdSecProtocolgsi::setKey ( char *  ,
int   
)
virtual

Set the current encryption key

Parameters
buffbuffer that holds the key.
sizesize of the key.
Returns
: < 0 Failed, returned value if -errno (see Encrypt) = 0 The new key has been set.

Reimplemented from XrdSecProtocol.

References XrdCryptoFactory::Cipher(), DEBUG, EPNAME, SafeDelete, sessionCF, sessionKey, and XrdSutBucket::SetBuf().

int XrdSecProtocolgsi::Sign ( const char *  ,
int  ,
XrdSecBuffer **   
)
virtual

Sign data in inbuff using the session key.

Parameters
inbuffbuffer holding data to be signed.
inlenlength of the data.
outbuffplace where a pointer to the signature is placed.
Returns
< 0 Failed,the return value is -errno (see Encrypt). = 0 Success, outbuff contains a pointer to the signature. The caller is responsible for deleting the returned object.

Reimplemented from XrdSecProtocol.

References XrdCryptoBasic::Buffer(), DEBUG, XrdCryptoRSA::EncryptPrivate(), EPNAME, XrdCryptoMsgDigest::Final(), XrdCryptoRSA::GetOutlen(), XrdCryptoBasic::Length(), XrdCryptoMsgDigest::Reset(), SafeFree, sessionKsig, sessionMD, and XrdCryptoMsgDigest::Update().

int XrdSecProtocolgsi::Verify ( const char *  ,
int  ,
const char *  ,
int   
)
virtual

Verify a signature using the session key.

Parameters
inbuffbuffer holding data to be verified.
inlenlength of the data.
sigbuffpointer to the signature data.
siglenlength of the signature data.
Returns
< 0 Failed,the return value is -errno (see Encrypt). = 0 Success, signature is correct. > 0 Failed to verify, signature does not match inbuff data.

Reimplemented from XrdSecProtocol.

References XrdCryptoBasic::Buffer(), DEBUG, XrdCryptoRSA::DecryptPublic(), EPNAME, XrdCryptoMsgDigest::Final(), XrdCryptoRSA::GetOutlen(), XrdCryptoBasic::Length(), XrdCryptoMsgDigest::Reset(), sessionKver, sessionMD, and XrdCryptoMsgDigest::Update().

bool XrdSecProtocolgsi::VerifyCA ( int  opt,
X509Chain cca,
XrdCryptoFactory cf 
)
staticprivate

References XrdCryptoX509Chain::Begin(), XrdOucString::c_str(), CACheck, XrdCryptoX509Chain::CheckCA(), EPNAME, GetCApath(), XrdCryptoX509::IssuerHash(), XrdCryptoX509Chain::kUnknown, XrdCryptoX509Chain::kValid, XrdOucString::length(), XrdCryptoX509Chain::Next(), NOTIFY, PRINT, XrdCryptoX509Chain::PutInFront(), XrdCryptoX509Chain::Remove(), SafeDelete, XrdCryptoX509Chain::SetStatusCA(), XrdCryptoX509::SubjectHash(), XrdCryptosslgsiX509Chain::Verify(), and XrdCryptoFactory::X509ParseFile().

Referenced by GetCA().

Friends And Related Function Documentation

friend class gsiHSVars
friend

Referenced by XrdSecProtocolgsi().

friend class gsiOptions
friend

Member Data Documentation

int XrdSecProtocolgsi::AuthzCacheTimeOut = 43200
staticprivate

Referenced by Authenticate(), and Init().

int XrdSecProtocolgsi::AuthzCertFmt = -1
staticprivate

Referenced by Authenticate(), and Init().

XrdSecgsiAuthz_t XrdSecProtocolgsi::AuthzFun = 0
staticprivate

Referenced by Authenticate(), and Init().

XrdSecgsiAuthzKey_t XrdSecProtocolgsi::AuthzKey = 0
staticprivate

Referenced by Authenticate(), and LoadAuthzFun().

XrdSysPlugin * XrdSecProtocolgsi::AuthzPlugin = 0
staticprivate

Referenced by LoadAuthzFun().

int XrdSecProtocolgsi::AuthzPxyWhat = -1
staticprivate

Referenced by Authenticate(), and Init().

int XrdSecProtocolgsi::AuthzPxyWhere = -1
staticprivate

Referenced by Authenticate(), and Init().

XrdSutBucket* XrdSecProtocolgsi::bucketKey
private

Referenced by Delete(), getKey(), and XrdSecProtocolgsi().

XrdSutCache XrdSecProtocolgsi::cacheAuthzFun
staticprivate

Referenced by Authenticate(), and Init().

XrdSutCache XrdSecProtocolgsi::cacheCA
staticprivate

Referenced by GetCA(), and Init().

XrdSutCache XrdSecProtocolgsi::cacheCert
staticprivate

Referenced by GetSrvCertEnt(), and Init().

int XrdSecProtocolgsi::CACheck = 1
staticprivate

Referenced by GetCA(), Init(), QueryProxy(), and VerifyCA().

XrdSutCache XrdSecProtocolgsi::cacheGMAP
staticprivate

Referenced by Init(), LoadGMAP(), and QueryGMAP().

XrdSutCache XrdSecProtocolgsi::cacheGMAPFun
staticprivate

Referenced by Init(), and QueryGMAP().

XrdSutCache XrdSecProtocolgsi::cachePxy
staticprivate

Referenced by ClientDoInit(), and Init().

String XrdSecProtocolgsi::CAdir = "/etc/grid-security/certificates/"
staticprivate

Referenced by ClientDoInit(), GetCApath(), GetSrvCertEnt(), and Init().

int XrdSecProtocolgsi::CRLCheck = 1
staticprivate

Referenced by GetCA(), Init(), and LoadCRL().

String XrdSecProtocolgsi::CRLdir = "/etc/grid-security/certificates/"
staticprivate

Referenced by Init(), and LoadCRL().

int XrdSecProtocolgsi::CRLDownload = 0
staticprivate

Referenced by GetCA(), and Init().

int XrdSecProtocolgsi::CRLRefresh = 86400
staticprivate

Referenced by GetCA(), and Init().

XrdCryptoFactory * XrdSecProtocolgsi::cryptF = {0}
staticprivate

Referenced by Init(), and ParseCrypto().

int XrdSecProtocolgsi::cryptID = {0}
staticprivate

Referenced by Init(), and ParseCrypto().

String XrdSecProtocolgsi::cryptName = {0}
staticprivate

Referenced by Init().

int XrdSecProtocolgsi::Debug = 0
staticprivate

Referenced by ErrF(), Init(), and ParseCrypto().

int XrdSecProtocolgsi::DefBits = 512
staticprivate

Referenced by ClientDoInit(), and Init().

String XrdSecProtocolgsi::DefCipher = "aes-128-cbc:bf-cbc:des-ede3-cbc"
staticprivate

Referenced by Authenticate(), Init(), and ServerDoCert().

String XrdSecProtocolgsi::DefCRLext = ".r0"
staticprivate

Referenced by Init(), and LoadCRL().

String XrdSecProtocolgsi::DefCrypto = "ssl"
staticprivate

Referenced by ClientDoInit(), and Init().

String XrdSecProtocolgsi::DefError = "invalid credentials "
staticprivate
String XrdSecProtocolgsi::DefMD = "sha1:md5"
staticprivate

Referenced by Authenticate(), Init(), and ServerDoCert().

int XrdSecProtocolgsi::DepLength = 0
staticprivate

Referenced by ClientDoInit(), and Init().

XrdSysError XrdSecProtocolgsi::eDest
staticprivate

Referenced by EnableTracing(), LoadAuthzFun(), LoadGMAPFun(), and LoadVOMSFun().

int XrdSecProtocolgsi::GMAPCacheTimeOut = -1
staticprivate

Referenced by Init(), and QueryGMAP().

String XrdSecProtocolgsi::GMAPFile = "/etc/grid-security/grid-mapfile"
staticprivate

Referenced by Init(), and LoadGMAP().

XrdSecgsiGMAP_t XrdSecProtocolgsi::GMAPFun = 0
staticprivate

Referenced by Init(), and QueryGMAP().

int XrdSecProtocolgsi::GMAPOpt = 1
staticprivate

Referenced by Authenticate(), and Init().

XrdSysPlugin * XrdSecProtocolgsi::GMAPPlugin = 0
staticprivate

Referenced by LoadGMAPFun().

bool XrdSecProtocolgsi::GMAPuseDNname = 0
staticprivate

Referenced by Authenticate(), and Init().

XrdSysMutex XrdSecProtocolgsi::gsiContext
staticprivate
XrdOucTrace * XrdSecProtocolgsi::GSITrace = 0
staticprivate

Referenced by EnableTracing(), Init(), and ParseCrypto().

bool XrdSecProtocolgsi::HashCompatibility = 1
staticprivate

Referenced by getCredentials(), GetSrvCertEnt(), and Init().

struct sockaddr XrdSecProtocolgsi::hostaddr
private

Referenced by XrdSecProtocolgsi().

gsiHSVars* XrdSecProtocolgsi::hs
private

Referenced by AddSerialized(), Authenticate(), CheckRtag(), ClientDoCert(), ClientDoInit(), ClientDoPxyreq(), Delete(), GetCA(), getCredentials(), ParseCAlist(), ParseCrypto(), ServerDoCert(), ServerDoCertreq(), ServerDoSigpxy(), and XrdSecProtocolgsi().

time_t XrdSecProtocolgsi::lastGMAPCheck = -1
staticprivate

Referenced by LoadGMAP().

XrdSysLogger XrdSecProtocolgsi::Logger
staticprivate

Referenced by EnableTracing().

int XrdSecProtocolgsi::MonInfoOpt = 0
staticprivate

Referenced by Authenticate(), and Init().

XrdSysMutex XrdSecProtocolgsi::mutexGMAP
staticprivate

Referenced by LoadGMAP().

int XrdSecProtocolgsi::ncrypt = 0
staticprivate

Referenced by Init(), and ParseCrypto().

int XrdSecProtocolgsi::options
private

Referenced by XrdSecProtocolgsi().

X509Chain* XrdSecProtocolgsi::proxyChain
private

Referenced by Delete(), getCredentials(), ServerDoSigpxy(), and XrdSecProtocolgsi().

int XrdSecProtocolgsi::PxyReqOpts = 0
staticprivate

Referenced by ClientDoInit(), Init(), ServerDoCert(), and ServerDoSigpxy().

String XrdSecProtocolgsi::PxyValid = "12:00"
staticprivate

Referenced by ClientDoInit(), GetSrvCertEnt(), and Init().

XrdCryptoCipher * XrdSecProtocolgsi::refcip = {0}
staticprivate

Referenced by Init(), and ParseCrypto().

bool XrdSecProtocolgsi::Server = 1
staticprivate

Referenced by Init(), and XrdSecProtocolgsi().

XrdCryptoFactory* XrdSecProtocolgsi::sessionCF
private

Referenced by ClientDoCert(), ClientDoInit(), ClientDoPxyreq(), getCredentials(), ParseCAlist(), ParseCrypto(), ServerDoCert(), ServerDoCertreq(), ServerDoSigpxy(), setKey(), and XrdSecProtocolgsi().

XrdCryptoCipher* XrdSecProtocolgsi::sessionKey
private

Referenced by Authenticate(), ClientDoCert(), ClientDoPxyreq(), Decrypt(), Delete(), Encrypt(), getCredentials(), getKey(), ServerDoCert(), ServerDoSigpxy(), setKey(), and XrdSecProtocolgsi().

XrdCryptoRSA* XrdSecProtocolgsi::sessionKsig
private

Referenced by AddSerialized(), ClientDoInit(), Delete(), ServerDoCertreq(), Sign(), and XrdSecProtocolgsi().

XrdCryptoRSA* XrdSecProtocolgsi::sessionKver
private

Referenced by CheckRtag(), ClientDoCert(), Delete(), ServerDoCert(), Verify(), and XrdSecProtocolgsi().

XrdCryptoMsgDigest* XrdSecProtocolgsi::sessionMD
private

Referenced by ClientDoCert(), Delete(), ServerDoCert(), Sign(), Verify(), and XrdSecProtocolgsi().

String XrdSecProtocolgsi::SrvAllowedNames
staticprivate

Referenced by Init(), and ServerCertNameOK().

String XrdSecProtocolgsi::SrvCert = "/etc/grid-security/xrd/xrdcert.pem"
staticprivate

Referenced by GetSrvCertEnt(), and Init().

String XrdSecProtocolgsi::SrvKey = "/etc/grid-security/xrd/xrdkey.pem"
staticprivate

Referenced by GetSrvCertEnt(), and Init().

bool XrdSecProtocolgsi::srvMode
private

Referenced by getCredentials(), and XrdSecProtocolgsi().

GSICrlStack XrdSecProtocolgsi::stackCRL
staticprivate

Referenced by GetCA(), and gsiHSVars::~gsiHSVars().

int XrdSecProtocolgsi::TimeSkew = 300
staticprivate

Referenced by ClientDoCert(), and ServerDoCert().

String XrdSecProtocolgsi::UsrCert = "/.globus/usercert.pem"
staticprivate

Referenced by ClientDoInit(), and Init().

String XrdSecProtocolgsi::UsrKey = "/.globus/userkey.pem"
staticprivate

Referenced by ClientDoInit(), and Init().

String XrdSecProtocolgsi::UsrProxy
staticprivate

Referenced by ClientDoInit(), GetSrvCertEnt(), Init(), and ServerDoSigpxy().

int XrdSecProtocolgsi::VOMSAttrOpt = 1
staticprivate

Referenced by Authenticate(), and Init().

int XrdSecProtocolgsi::VOMSCertFmt = -1
staticprivate

Referenced by Authenticate(), and Init().

XrdSecgsiAuthz_t XrdSecProtocolgsi::VOMSFun = 0
staticprivate

Referenced by Authenticate(), and Init().

XrdSysPlugin * XrdSecProtocolgsi::VOMSPlugin = 0
staticprivate

Referenced by LoadVOMSFun().

The documentation for this class was generated from the following files:
Generated by   doxygen 1.8.3.1