#include <XrdSecProtocolgsi.hh>
Public Member Functions | |
| int | Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0) |
| XrdSecCredentials * | getCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0) |
| XrdSecProtocolgsi (int opts, const char *hname, const struct sockaddr *ipadd, const char *parms=0) | |
| virtual | ~XrdSecProtocolgsi () |
| void | Delete () |
| int | Encrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
| int | Decrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
| int | Sign (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
| int | Verify (const char *inbuf, int inlen, const char *sigbuf, int siglen) |
| int | getKey (char *kbuf=0, int klen=0) |
| int | setKey (char *kbuf, int klen) |
Static Public Member Functions | |
| static char * | Init (gsiOptions o, XrdOucErrInfo *erp) |
| static XrdOucTrace * | EnableTracing () |
Private Member Functions | |
| int | ParseClientInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg) |
| int | ClientDoInit (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| int | ClientDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| int | ClientDoPxyreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| int | ParseServerInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| int | ServerDoCertreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| int | ServerDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| int | ServerDoSigpxy (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
| int | ParseCrypto (String cryptlist) |
| int | ParseCAlist (String calist) |
| bool | ServerCertNameOK (const char *subject, String &e) |
| XrdSecCredentials * | ErrC (XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0) |
| int | ErrS (String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0) |
| bool | CheckTimeStamp (XrdSutBuffer *b, int skew, String &emsg) |
| bool | CheckRtag (XrdSutBuffer *bm, String &emsg) |
| int | AddSerialized (char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip) |
| void | CopyEntity (XrdSecEntity *in, XrdSecEntity *out, int *lout=0) |
| void | FreeEntity (XrdSecEntity *in) |
| void | ExtractVOMS (XrdCryptoX509 *xp, XrdSecEntity &ent) |
Static Private Member Functions | |
| static int | GetCA (const char *cahash, XrdCryptoFactory *cryptof, gsiHSVars *hs=0) |
| static String | GetCApath (const char *cahash) |
| static bool | VerifyCA (int opt, X509Chain *cca, XrdCryptoFactory *cf) |
| static XrdSutPFEntry * | GetSrvCertEnt (XrdCryptoFactory *cf, int timestamp, String &cal) |
| static XrdCryptoX509Crl * | LoadCRL (XrdCryptoX509 *xca, XrdCryptoFactory *CF, int dwld) |
| static int | QueryProxy (bool checkcache, XrdSutCache *cache, const char *tag, XrdCryptoFactory *cf, int timestamp, ProxyIn_t *pi, ProxyOut_t *po) |
| static int | InitProxy (ProxyIn_t *pi, X509Chain *ch=0, XrdCryptoRSA **key=0) |
| static void | ErrF (XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0) |
| static int | LoadGMAP (int now) |
| static XrdSecgsiGMAP_t | LoadGMAPFun (const char *plugin, const char *parms) |
| static XrdSecgsiAuthz_t | LoadAuthzFun (const char *plugin, const char *parms, int &fmt) |
| static void | QueryGMAP (XrdCryptoX509Chain *chain, int now, String &name) |
Private Attributes | |
| int | options |
| struct sockaddr | hostaddr |
| XrdCryptoFactory * | sessionCF |
| XrdCryptoCipher * | sessionKey |
| XrdSutBucket * | bucketKey |
| XrdCryptoMsgDigest * | sessionMD |
| XrdCryptoRSA * | sessionKsig |
| XrdCryptoRSA * | sessionKver |
| X509Chain * | proxyChain |
| bool | srvMode |
| gsiHSVars * | hs |
Static Private Attributes | |
| static XrdSysMutex | gsiContext |
| static String | CAdir = "/etc/grid-security/certificates/" |
| static String | CRLdir = "/etc/grid-security/certificates/" |
| static String | DefCRLext = ".r0" |
| static String | SrvCert = "/etc/grid-security/xrd/xrdcert.pem" |
| static String | SrvKey = "/etc/grid-security/xrd/xrdkey.pem" |
| static String | UsrProxy |
| static String | UsrCert = "/.globus/usercert.pem" |
| static String | UsrKey = "/.globus/userkey.pem" |
| static String | PxyValid = "12:00" |
| static int | DepLength = 0 |
| static int | DefBits = 512 |
| static int | CACheck = 1 |
| static int | CRLCheck = 1 |
| static int | CRLDownload = 0 |
| static int | CRLRefresh = 86400 |
| static String | DefCrypto = "ssl" |
| static String | DefCipher = "aes-128-cbc:bf-cbc:des-ede3-cbc" |
| static String | DefMD = "sha1:md5" |
| static String | DefError = "invalid credentials " |
| static String | GMAPFile = "/etc/grid-security/grid-mapfile" |
| static int | GMAPOpt = 1 |
| static bool | GMAPuseDNname = 0 |
| static int | GMAPCacheTimeOut = -1 |
| static XrdSysPlugin * | GMAPPlugin = 0 |
| static XrdSecgsiGMAP_t | GMAPFun = 0 |
| static XrdSysPlugin * | AuthzPlugin = 0 |
| static XrdSecgsiAuthz_t | AuthzFun = 0 |
| static XrdSecgsiAuthzKey_t | AuthzKey = 0 |
| static int | AuthzCertFmt = -1 |
| static int | AuthzCacheTimeOut = 43200 |
| static int | PxyReqOpts = 0 |
| static int | AuthzPxyWhat = -1 |
| static int | AuthzPxyWhere = -1 |
| static String | SrvAllowedNames |
| static int | VOMSAttrOpt = 1 |
| static int | MonInfoOpt = 0 |
| static int | ncrypt = 0 |
| static XrdCryptoFactory * | cryptF [XrdCryptoMax] = {0} |
| static int | cryptID [XrdCryptoMax] = {0} |
| static String | cryptName [XrdCryptoMax] = {0} |
| static XrdCryptoCipher * | refcip [XrdCryptoMax] = {0} |
| static XrdSutCache | cacheCA |
| static XrdSutCache | cacheCert |
| static XrdSutCache | cachePxy |
| static XrdSutCache | cacheGMAP |
| static XrdSutCache | cacheGMAPFun |
| static XrdSutCache | cacheAuthzFun |
| static int | Debug = 0 |
| static bool | Server = 1 |
| static int | TimeSkew = 300 |
| static XrdSysLogger | Logger |
| static XrdSysError | eDest |
| static XrdOucTrace * | GSITrace = 0 |
Friends | |
| class | gsiOptions |
Constructor & Destructor Documentation
| XrdSecProtocolgsi::XrdSecProtocolgsi | ( | int | opts, |
| const char * | hname, | ||
| const struct sockaddr * | ipadd, | ||
| const char * | parms = 0 |
||
| ) |
References EPNAME, QTRACE, PRINT, hs, gsiHSVars::TimeStamp, gsiHSVars::Tty, DEBUG, XrdSecProtocol::Entity, XrdSecEntity::host, XrdSysDNS::getHostName(), hostaddr, sessionCF, sessionKey, bucketKey, sessionMD, sessionKsig, sessionKver, proxyChain, XrdSecPROTOIDENT, XrdSecPROTOIDLEN, options, opts, srvMode, Server, gsiHSVars::Parms, XrdOucString::c_str(), XrdOucString::length(), Version, and XrdOucString::insert().
| virtual XrdSecProtocolgsi::~XrdSecProtocolgsi | ( | ) | [inline, virtual] |
Member Function Documentation
| int XrdSecProtocolgsi::AddSerialized | ( | char | opt, |
| kXR_int32 | step, | ||
| String | ID, | ||
| XrdSutBuffer * | bls, | ||
| XrdSutBuffer * | buf, | ||
| kXR_int32 | type, | ||
| XrdCryptoCipher * | cip | ||
| ) | [private] |
References EPNAME, DEBUG, XrdSutBuckStr(), XrdSutBuffer::SetStep(), hs, gsiHSVars::LastStep, XrdSutBuffer::GetBucket(), kXRS_rtag, sessionKsig, XrdCryptoRSA::EncryptPrivate(), XrdSutBucket::type, kXRS_signed_rtag, XrdSutRndm::GetRndmTag(), XrdSutBuffer::AddBucket(), gsiHSVars::Cref, XrdSutPFEntry::buf1, XrdSutPFBuf::SetBuf(), XrdSutBucket::buffer, XrdSutBucket::size, XrdSutPFEntry::mtime, gsiHSVars::TimeStamp, XrdSutBuffer::Serialized(), XrdSutBucket::Update(), and XrdCryptoCipher::Encrypt().
Referenced by getCredentials(), and Authenticate().
| int XrdSecProtocolgsi::Authenticate | ( | XrdSecCredentials * | cred, |
| XrdSecParameters ** | parms, | ||
| XrdOucErrInfo * | einfo = 0 |
||
| ) | [virtual] |
Implements XrdSecProtocol.
References EPNAME, XrdSecBuffer::size, XrdSecPROTOIDLEN, XrdSecBuffer::buffer, XrdSecProtocol::Entity, XrdSecEntity::prot, hs, ErrS(), XrdSecEntity::tident, kGSErrError, gsiHSVars::TimeStamp, gsiHSVars::ID, XrdOucString::length(), DEBUG, kgST_more, CryptList, kGSErrDecodeBuffer, XrdSutBuffer::GetProtocol(), XrdSecPROTOIDENT, kGSErrBadProtocol, XrdSutBuffer::GetStep(), ClientStepStr(), QTRACE, XrdSutBuffer::Dump(), XrdOucString::c_str(), ParseServerInput(), kGSErrParseBuffer, gsiHSVars::RemVers, gsiHSVars::Options, CheckRtag(), kGSErrBadRndmTag, kXGC_certreq, gsiHSVars::Rcip, XrdCryptoCipher::Public(), kGSErrNoPublic, XrdSutBuffer::AddBucket(), kXRS_puk, kGSErrAddBucket, DefCipher, kXRS_cipher_alg, XrdSutBuckStr(), DefMD, kXRS_md_alg, gsiHSVars::Cbck, kXGS_cert, kXGC_cert, kgST_ok, kXGS_none, GMAPOpt, QueryGMAP(), gsiHSVars::Chain, kgST_error, PRINT, XrdSutBuffer::GetBucket(), kXRS_user, XrdSutBucket::ToString(), XrdSutBuffer::Deactivate(), XrdOucString::tokenize(), XrdOucString::find(), STR_NPOS, XrdOucString::erase(), XrdSecEntity::name, GMAPuseDNname, XrdCryptoX509Chain::EEChash(), XrdCryptoX509Chain::EECname(), MonInfoOpt, XrdSecEntity::moninfo, VOMSAttrOpt, ExtractVOMS(), XrdCryptoX509Chain::End(), XrdSecEntity::vorg, XrdSecEntity::grps, XrdSecEntity::role, XrdSecEntity::endorsements, AuthzFun, AuthzKey, AuthzCertFmt, XrdCryptosslX509ExportChain(), XrdSecEntity::creds, XrdSecEntity::credslen, cacheAuthzFun, XrdSutCache::Get(), AuthzCacheTimeOut, XrdSutPFEntry::mtime, XrdSutPFEntry::buf2, XrdSutPFBuf::buf, FreeEntity(), XrdSutPFEntry::buf1, SafeDelete, XrdSutCache::Remove(), XrdSutPFEntry::status, kPFE_ok, XrdSutCache::Add(), CopyEntity(), XrdSutPFBuf::len, XrdCryptoX509::NotAfter(), XrdSutPFEntry::cnt, XrdSutCache::Rehash(), SafeDelArray, AuthzPxyWhat, SafeFree, XrdCryptoX509::Export(), AuthzPxyWhere, gsiHSVars::PxyChain, kXGS_pxyreq, kXGC_sigpxy, kGSErrBadOpt, kXRS_message, AddSerialized(), kXRS_main, sessionKey, XrdSutBuffer::Remove(), kGSErrSerialBuffer, XrdSutBuffer::Serialized(), ServerStepStr(), XrdOucString::replace(), and REL2.
| bool XrdSecProtocolgsi::CheckRtag | ( | XrdSutBuffer * | bm, |
| String & | emsg | ||
| ) | [private] |
References EPNAME, hs, gsiHSVars::Cref, XrdSutPFEntry::buf1, XrdSutPFBuf::len, XrdSutBuffer::GetBucket(), kXRS_signed_rtag, sessionKver, XrdCryptoRSA::DecryptPublic(), XrdSutBucket::buffer, XrdSutPFBuf::buf, SafeDelete, XrdSutPFBuf::SetBuf(), gsiHSVars::RtagOK, XrdSutBuffer::Deactivate(), and DEBUG.
Referenced by getCredentials(), and Authenticate().
| bool XrdSecProtocolgsi::CheckTimeStamp | ( | XrdSutBuffer * | b, |
| int | skew, | ||
| String & | emsg | ||
| ) | [private] |
| int XrdSecProtocolgsi::ClientDoCert | ( | XrdSutBuffer * | br, |
| XrdSutBuffer ** | bm, | ||
| String & | cmsg | ||
| ) | [private] |
References EPNAME, hs, gsiHSVars::Cref, gsiHSVars::Chain, gsiHSVars::TimeStamp, TimeSkew, XrdSutPFEntry::mtime, SafeDelete, gsiHSVars::RemVers, XrdSutPFEntry::status, XrdSutBuffer::GetBucket(), kXRS_cipher_alg, XrdSutBucket::ToString(), XrdOucString::tokenize(), XrdOucString::length(), sessionCF, XrdCryptoFactory::SupportedCipher(), XrdOucString::c_str(), XrdSutBuffer::UpdateBucket(), DEBUG, kXRS_puk, sessionKey, XrdCryptoFactory::Cipher(), XrdSutBucket::buffer, XrdSutBucket::size, kXRS_x509, gsiHSVars::Options, kOptsDelChn, XrdCryptoFactory::X509ParseBucket(), gsiHSVars::Crl, XrdCryptosslgsiX509Chain::Verify(), XrdCryptoX509Chain::LastError(), ServerCertNameOK(), XrdCryptoX509Chain::End(), XrdCryptoX509::Subject(), emsg(), sessionKver, XrdCryptoFactory::RSA(), XrdCryptoX509::PKI(), XrdCryptoRSA::IsValid(), XrdSutBuffer::Deactivate(), kXRS_md_alg, XrdCryptoFactory::SupportedMsgDigest(), sessionMD, XrdCryptoFactory::MsgDigest(), and kXRS_main.
Referenced by ParseClientInput().
| int XrdSecProtocolgsi::ClientDoInit | ( | XrdSutBuffer * | br, |
| XrdSutBuffer ** | bm, | ||
| String & | cmsg | ||
| ) | [private] |
References EPNAME, XrdSutBuffer::GetProtocol(), XrdSutBuffer::GetOptions(), opts, XrdOucString::find(), XrdOucString::erase(), hs, gsiHSVars::RemVers, XrdOucString::c_str(), Version, gsiHSVars::Cref, XrdSutPFEntry::status, gsiHSVars::Options, PxyReqOpts, XrdOucString::assign(), DEBUG, DefCrypto, ParseCrypto(), ParseCAlist(), gsiHSVars::Chain, XrdSutResolve(), UsrCert, XrdSecProtocol::Entity, XrdSecEntity::host, XrdSecEntity::vorg, XrdSecEntity::grps, XrdSecEntity::name, UsrKey, UsrProxy, CAdir, PxyValid, DepLength, DefBits, gsiHSVars::PxyChain, sessionKsig, gsiHSVars::Cbck, QueryProxy(), cachePxy, sessionCF, gsiHSVars::TimeStamp, ProxyOut_t::chain, ProxyOut_t::cbck, XrdCryptoFactory::RSA(), and ProxyOut_t::ksig.
Referenced by ParseClientInput().
| int XrdSecProtocolgsi::ClientDoPxyreq | ( | XrdSutBuffer * | br, |
| XrdSutBuffer ** | bm, | ||
| String & | cmsg | ||
| ) | [private] |
References XrdSutBuffer::GetBucket(), kXRS_main, sessionKey, XrdCryptoCipher::Decrypt(), XrdSutBucket::buffer, XrdSutBucket::size, hs, gsiHSVars::Options, kOptsFwdPxy, gsiHSVars::PxyChain, XrdCryptoX509Chain::End(), XrdCryptoX509::PKI(), XrdCryptoRSA::ExportPrivate(), kXRS_x509, kOptsSigReq, kXRS_x509_req, sessionCF, XrdCryptoFactory::X509Req(), XrdCryptoX509Req::SetVersion(), gsiHSVars::RemVers, XrdSslgsiX509SignProxyReq(), and XrdCryptoX509::Export().
Referenced by ParseClientInput().
| void XrdSecProtocolgsi::CopyEntity | ( | XrdSecEntity * | in, |
| XrdSecEntity * | out, | ||
| int * | lout = 0 |
||
| ) | [private] |
References XrdSecEntity::name, XrdSecEntity::host, XrdSecEntity::vorg, XrdSecEntity::role, XrdSecEntity::grps, XrdSecEntity::creds, XrdSecEntity::credslen, XrdSecEntity::endorsements, and XrdSecEntity::moninfo.
Referenced by Authenticate().
| int XrdSecProtocolgsi::Decrypt | ( | const char * | inbuf, |
| int | inlen, | ||
| XrdSecBuffer ** | outbuf | ||
| ) | [virtual] |
Reimplemented from XrdSecProtocol.
References EPNAME, sessionKey, XrdCryptoCipher::DecOutLength(), XrdCryptoCipher::Decrypt(), SafeFree, and DEBUG.
| void XrdSecProtocolgsi::Delete | ( | ) | [virtual] |
Implements XrdSecProtocol.
References SafeFree, XrdSecProtocol::Entity, XrdSecEntity::name, XrdSecEntity::host, XrdSecEntity::vorg, XrdSecEntity::role, XrdSecEntity::grps, XrdSecEntity::endorsements, XrdSecEntity::creds, XrdSecEntity::credslen, XrdSecEntity::moninfo, SafeDelete, hs, sessionKey, bucketKey, sessionMD, sessionKsig, sessionKver, and proxyChain.
| XrdOucTrace * XrdSecProtocolgsi::EnableTracing | ( | ) | [static] |
References EPNAME, eDest, XrdSysError::logger(), Logger, and GSITrace.
Referenced by XrdSecProtocolgsiInit().
| int XrdSecProtocolgsi::Encrypt | ( | const char * | inbuf, |
| int | inlen, | ||
| XrdSecBuffer ** | outbuf | ||
| ) | [virtual] |
Reimplemented from XrdSecProtocol.
References EPNAME, sessionKey, XrdCryptoCipher::EncOutLength(), XrdCryptoCipher::Encrypt(), SafeFree, and DEBUG.
| XrdSecCredentials * XrdSecProtocolgsi::ErrC | ( | XrdOucErrInfo * | einfo, |
| XrdSutBuffer * | b1, | ||
| XrdSutBuffer * | b2, | ||
| XrdSutBuffer * | b3, | ||
| kXR_int32 | ecode, | ||
| const char * | msg1 = 0, |
||
| const char * | msg2 = 0, |
||
| const char * | msg3 = 0 |
||
| ) | [private] |
Referenced by getCredentials().
| void XrdSecProtocolgsi::ErrF | ( | XrdOucErrInfo * | einfo, |
| kXR_int32 | ecode, | ||
| const char * | msg1, | ||
| const char * | msg2 = 0, |
||
| const char * | msg3 = 0 |
||
| ) | [static, private] |
References EPNAME, kGSErrParseBuffer, kGSErrError, gGSErrStr, XrdOucErrInfo::setErrInfo(), QTRACE, Debug, and DEBUG.
| int XrdSecProtocolgsi::ErrS | ( | String | ID, |
| XrdOucErrInfo * | einfo, | ||
| XrdSutBuffer * | b1, | ||
| XrdSutBuffer * | b2, | ||
| XrdSutBuffer * | b3, | ||
| kXR_int32 | ecode, | ||
| const char * | msg1 = 0, |
||
| const char * | msg2 = 0, |
||
| const char * | msg3 = 0 |
||
| ) | [private] |
References ErrF(), REL3, and kgST_error.
Referenced by Authenticate().
| void XrdSecProtocolgsi::ExtractVOMS | ( | XrdCryptoX509 * | xp, |
| XrdSecEntity & | ent | ||
| ) | [private] |
References EPNAME, XrdSslgsiX509GetVOMSAttr(), DEBUG, PRINT, XrdOucString::tokenize(), XrdOucString::length(), XrdOucString::find(), STR_NPOS, XrdOucString::assign(), XrdOucString::erase(), XrdSecEntity::vorg, XrdOucString::c_str(), XrdSecEntity::grps, XrdSecEntity::role, SafeFree, and XrdSecEntity::endorsements.
Referenced by Authenticate().
| void XrdSecProtocolgsi::FreeEntity | ( | XrdSecEntity * | in | ) | [private] |
References XrdSecEntity::name, SafeFree, XrdSecEntity::host, XrdSecEntity::vorg, XrdSecEntity::role, XrdSecEntity::grps, XrdSecEntity::creds, XrdSecEntity::credslen, XrdSecEntity::endorsements, and XrdSecEntity::moninfo.
Referenced by Authenticate().
| int XrdSecProtocolgsi::GetCA | ( | const char * | cahash, |
| XrdCryptoFactory * | cryptof, | ||
| gsiHSVars * | hs = 0 |
||
| ) | [static, private] |
References EPNAME, DEBUG, hs, gsiHSVars::TimeStamp, XrdCryptoFactory::ID(), CRLRefresh, cacheCA, XrdSutCache::Get(), XrdOucString::c_str(), XrdSutPFEntry::mtime, gsiHSVars::Chain, XrdSutPFEntry::buf1, XrdSutPFBuf::buf, gsiHSVars::Crl, XrdSutPFEntry::buf2, PRINT, XrdSutCache::Remove(), GetCApath(), XrdCryptoFactory::X509ParseFile(), VerifyCA(), CACheck, CRLCheck, LoadCRL(), XrdCryptoX509Chain::Begin(), CRLDownload, XrdCryptoX509Crl::IsExpired(), XrdSutCache::Add(), XrdSutPFBuf::len, XrdSutPFEntry::status, kPFE_ok, XrdSutPFEntry::cnt, and XrdSutCache::Rehash().
Referenced by ParseCAlist(), and GetSrvCertEnt().
| String XrdSecProtocolgsi::GetCApath | ( | const char * | cahash | ) | [static, private] |
References CAdir, XrdOucString::tokenize(), XrdOucString::length(), XrdOucString::endswith(), access(), XrdOucString::c_str(), and R_OK.
Referenced by VerifyCA(), and GetCA().
| XrdSecCredentials * XrdSecProtocolgsi::getCredentials | ( | XrdSecParameters * | parm = 0, |
| XrdOucErrInfo * | einfo = 0 |
||
| ) | [virtual] |
Implements XrdSecProtocol.
References EPNAME, srvMode, proxyChain, sessionCF, XrdCryptoFactory::X509ExportChain(), XrdSutBucket::size, XrdSutBucket::buffer, hs, ErrC(), kGSErrError, gsiHSVars::Parms, XrdSecBuffer::buffer, XrdSecBuffer::size, gsiHSVars::Iter, kGSErrNoBuffer, gsiHSVars::TimeStamp, CryptList, kGSErrDecodeBuffer, XrdSutBuffer::GetProtocol(), XrdSecPROTOIDENT, kGSErrBadProtocol, XrdSutBuffer::GetStep(), kXGS_init, XrdSutBuffer::SetStep(), ServerStepStr(), QTRACE, XrdSutBuffer::Dump(), XrdOucString::c_str(), ParseClientInput(), DEBUG, kGSErrParseBuffer, gsiHSVars::RemVers, CheckRtag(), kGSErrBadRndmTag, XrdSecProtocol::Entity, XrdSecEntity::name, kXGC_none, XrdSutBuffer::AddBucket(), gsiHSVars::CryptoMod, kXRS_cryptomod, kGSErrCreateBucket, XrdSutBuckStr(), XrdSutBuffer::MarshalBucket(), kXRS_version, Version, gsiHSVars::PxyChain, XrdCryptoX509Chain::Begin(), XrdCryptoX509::type, XrdCryptoX509::kCA, XrdCryptoX509::SubjectHash(), XrdCryptoX509::IssuerHash(), XrdCryptoX509Chain::Next(), kXRS_issuer_hash, kXRS_clnt_opts, gsiHSVars::Options, kXGC_certreq, kXGS_cert, sessionKey, kGSErrNoCipher, XrdCryptoCipher::Public(), kGSErrNoPublic, XrdSutBuffer::UpdateBucket(), kXRS_puk, kGSErrAddBucket, gsiHSVars::Cbck, kXRS_user, kXGC_cert, kXGS_pxyreq, XrdOucString::length(), kXRS_message, kXGC_sigpxy, kGSErrBadOpt, AddSerialized(), gsiHSVars::ID, kXRS_main, XrdSutBuffer::Remove(), kGSErrSerialBuffer, XrdSutBuffer::Serialized(), ClientStepStr(), XrdOucString::replace(), and REL2.
| int XrdSecProtocolgsi::getKey | ( | char * | kbuf = 0, |
| int | klen = 0 |
||
| ) | [virtual] |
Reimplemented from XrdSecProtocol.
References EPNAME, bucketKey, sessionKey, XrdCryptoCipher::AsBucket(), XrdSutBucket::size, XrdSutBucket::buffer, and DEBUG.
| XrdSutPFEntry * XrdSecProtocolgsi::GetSrvCertEnt | ( | XrdCryptoFactory * | cf, |
| int | timestamp, | ||
| String & | cal | ||
| ) | [static, private] |
References EPNAME, DEBUG, cacheCert, XrdSutCache::Get(), XrdCryptoFactory::Name(), XrdSutPFEntry::mtime, PRINT, XrdSutPFEntry::status, kPFE_special, SrvCert, XrdOucString::c_str(), SrvKey, CAdir, UsrProxy, PxyValid, QueryProxy(), stat(), XrdSysPrivGuard::Valid(), XrdCryptoFactory::X509(), XrdCryptoX509::type, XrdCryptoX509::kEEC, XrdCryptoX509::Type(), XrdCryptoX509::IsValid(), XrdCryptoX509::PKI(), XrdCryptoRSA::status, XrdCryptoX509::Export(), GetCA(), XrdCryptoX509::IssuerHash(), XrdSutCache::Add(), kPFE_ok, XrdSutPFEntry::cnt, XrdCryptoX509::NotAfter(), SafeDelete, XrdSutPFEntry::buf1, XrdSutPFBuf::buf, XrdSutPFBuf::len, XrdSutPFEntry::buf2, XrdSutPFEntry::buf3, XrdOucString::find(), STR_NPOS, and XrdOucString::length().
Referenced by Init(), and ServerDoCertreq().
| char * XrdSecProtocolgsi::Init | ( | gsiOptions | o, |
| XrdOucErrInfo * | erp | ||
| ) | [static] |
References EPNAME, Debug, gsiOptions::debug, ErrF(), kGSErrInit, cryptoTRACE_Dump, GSITrace, XrdOucTrace::What, TRACE_ALL, cryptoTRACE_Debug, TRACE_Debug, TRACE_Authen, XrdSutSetTrace(), XrdCryptoSetTrace(), Server, gsiOptions::mode, gsiOptions::ca, CACheck, DEBUG, stat(), gsiOptions::certdir, XrdOucString::tokenize(), XrdOucString::length(), XrdSutExpand(), XrdOucString::c_str(), kGSErrError, PRINT, XrdOucErrInfo::getErrText(), XrdOucString::endswith(), CAdir, gsiOptions::crl, CRLDownload, CRLCheck, gsiOptions::crldir, CRLdir, gsiOptions::crlext, DefCRLext, gsiOptions::crlrefresh, CRLRefresh, gsiOptions::clist, DefCrypto, XrdCryptoFactory::GetCryptoFactory(), cryptF, ncrypt, cryptID, XrdCryptoFactory::ID(), cryptName, XrdOucString::insert(), XrdCryptoFactory::Name(), XrdCryptoFactory::SetTrace(), refcip, XrdCryptoFactory::Cipher(), XrdOucString::erase(), XrdCryptoMax, cacheCA, XrdSutCache::Init(), gsiOptions::cipher, DefCipher, gsiOptions::md, DefMD, gsiOptions::cert, SrvCert, gsiOptions::key, SrvKey, access(), R_OK, cacheCert, GetSrvCertEnt(), XrdSutCache::Rehash(), XrdSutCache::Empty(), QTRACE, XrdSutCache::Dump(), gsiOptions::ogmap, GMAPuseDNname, GMAPOpt, gsiOptions::gridmap, GMAPFile, LoadGMAP(), cacheGMAP, gsiOptions::gmapfun, GMAPFun, LoadGMAPFun(), gsiOptions::gmapfunparms, cacheGMAPFun, XrdSutCache::Reset(), gsiOptions::authzfun, AuthzFun, LoadAuthzFun(), gsiOptions::authzfunparms, AuthzCertFmt, cacheAuthzFun, gsiOptions::authzto, AuthzCacheTimeOut, gsiOptions::gmapto, GMAPCacheTimeOut, gsiOptions::dlgpxy, PxyReqOpts, kOptsSrvReq, kOptsPxFile, gsiOptions::authzpxy, AuthzPxyWhat, AuthzPxyWhere, gUsrPxyDef, gsiOptions::exppxy, UsrProxy, VOMSAttrOpt, gsiOptions::vomsat, MonInfoOpt, gsiOptions::moninfo, Version, cachePxy, gsiOptions::proxy, UsrCert, XrdSutHome(), UsrKey, gsiOptions::valid, PxyValid, gsiOptions::deplen, DepLength, gsiOptions::bits, DefBits, kOptsDlgPxy, kOptsFwdPxy, gsiOptions::sigpxy, kOptsSigReq, gsiOptions::srvnames, SrvAllowedNames, and TRACE.
Referenced by XrdSecProtocolgsiInit().
| int XrdSecProtocolgsi::InitProxy | ( | ProxyIn_t * | pi, |
| X509Chain * | ch = 0, |
||
| XrdCryptoRSA ** | key = 0 |
||
| ) | [static, private] |
References EPNAME, DEBUG, stat(), ProxyIn_t::key, PRINT, S_ISREG, S_ISDIR, S_IWGRP, S_IWOTH, S_IRGRP, S_IROTH, ProxyIn_t::valid, XrdSutParseTime(), ProxyIn_t::bits, ProxyIn_t::deplen, XrdSslgsiX509CreateProxy(), ProxyIn_t::cert, ProxyIn_t::out, kMAXBUFLEN, ProxyIn_t::certdir, XrdOucString::erase(), XrdOucString::find(), and XrdOucString::c_str().
Referenced by QueryProxy().
| XrdSecgsiAuthz_t XrdSecProtocolgsi::LoadAuthzFun | ( | const char * | plugin, |
| const char * | parms, | ||
| int & | fmt | ||
| ) | [static, private] |
References EPNAME, PRINT, AuthzPlugin, eDest, XrdOucString::length(), DEBUG, XrdSysPlugin::getPlugin(), AuthzKey, and XrdOucString::c_str().
Referenced by Init().
| XrdCryptoX509Crl * XrdSecProtocolgsi::LoadCRL | ( | XrdCryptoX509 * | xca, |
| XrdCryptoFactory * | CF, | ||
| int | dwld | ||
| ) | [static, private] |
References EPNAME, DEBUG, XrdCryptoX509::SubjectHash(), XrdOucString::find(), DefCRLext, CRLdir, XrdOucString::tokenize(), XrdOucString::length(), XrdCryptoFactory::X509Crl(), XrdOucString::c_str(), XrdCryptoX509Crl::IssuerHash(), XrdCryptoFactory::X509(), CRLCheck, PRINT, SafeDelete, XrdCryptoX509Crl::Verify(), fopen, opendir(), readdir(), and closedir().
Referenced by GetCA().
| int XrdSecProtocolgsi::LoadGMAP | ( | int | now | ) | [static, private] |
References EPNAME, GMAPFile, XrdOucString::length(), stat(), XrdOucString::c_str(), PRINT, cacheGMAP, XrdSutCache::Empty(), XrdSutCache::Init(), XrdSutCache::Reset(), fopen, DEBUG, XrdSutCache::Add(), XrdSutPFEntry::status, kPFE_ok, XrdSutPFEntry::cnt, XrdSutPFEntry::mtime, SafeDelArray, XrdSutPFEntry::buf1, XrdSutPFBuf::buf, XrdSutPFBuf::len, fclose(), and XrdSutCache::Rehash().
Referenced by Init(), and QueryGMAP().
| XrdSecgsiGMAP_t XrdSecProtocolgsi::LoadGMAPFun | ( | const char * | plugin, |
| const char * | parms | ||
| ) | [static, private] |
References EPNAME, PRINT, GMAPPlugin, eDest, XrdOucString::length(), DEBUG, XrdSysPlugin::getPlugin(), and XrdOucString::c_str().
Referenced by Init().
| int XrdSecProtocolgsi::ParseCAlist | ( | String | calist | ) | [private] |
References EPNAME, XrdOucString::length(), DEBUG, hs, gsiHSVars::Chain, XrdOucString::tokenize(), GetCA(), XrdOucString::c_str(), and sessionCF.
Referenced by ClientDoInit(), and ServerDoCertreq().
| int XrdSecProtocolgsi::ParseClientInput | ( | XrdSutBuffer * | br, |
| XrdSutBuffer ** | bm, | ||
| String & | emsg | ||
| ) | [private] |
References EPNAME, DEBUG, XrdSutBuffer::GetStep(), kXGS_init, ClientDoInit(), kXGS_cert, ClientDoCert(), kXGS_pxyreq, and ClientDoPxyreq().
Referenced by getCredentials().
| int XrdSecProtocolgsi::ParseCrypto | ( | String | cryptlist | ) | [private] |
References EPNAME, XrdOucString::length(), DEBUG, hs, gsiHSVars::CryptoMod, XrdOucString::tokenize(), sessionCF, XrdCryptoFactory::GetCryptoFactory(), XrdOucString::c_str(), XrdCryptoFactory::SetTrace(), GSITrace, XrdOucTrace::What, XrdCryptoFactory::ID(), ncrypt, cryptID, XrdCryptoMax, cryptF, gsiHSVars::Rcip, and refcip.
Referenced by ClientDoInit(), and ServerDoCertreq().
| int XrdSecProtocolgsi::ParseServerInput | ( | XrdSutBuffer * | br, |
| XrdSutBuffer ** | bm, | ||
| String & | cmsg | ||
| ) | [private] |
References EPNAME, DEBUG, XrdSutBuffer::GetStep(), kXGC_certreq, ServerDoCertreq(), kXGC_cert, ServerDoCert(), kXGC_sigpxy, and ServerDoSigpxy().
Referenced by Authenticate().
| void XrdSecProtocolgsi::QueryGMAP | ( | XrdCryptoX509Chain * | chain, |
| int | now, | ||
| String & | name | ||
| ) | [static, private] |
References EPNAME, PRINT, XrdCryptoX509Chain::EECname(), GMAPFun, cacheGMAPFun, XrdSutCache::Get(), GMAPCacheTimeOut, XrdSutPFEntry::mtime, XrdSutCache::Remove(), XrdSutCache::Add(), XrdSutPFEntry::status, kPFE_ok, SafeDelArray, XrdSutPFEntry::buf1, XrdSutPFBuf::buf, XrdSutPFBuf::len, kPFE_allowed, XrdSutPFEntry::cnt, XrdSutCache::Rehash(), LoadGMAP(), DEBUG, cacheGMAP, and XrdOucString::length().
Referenced by Authenticate().
| int XrdSecProtocolgsi::QueryProxy | ( | bool | checkcache, |
| XrdSutCache * | cache, | ||
| const char * | tag, | ||
| XrdCryptoFactory * | cf, | ||
| int | timestamp, | ||
| ProxyIn_t * | pi, | ||
| ProxyOut_t * | po | ||
| ) | [static, private] |
References EPNAME, XrdSutCache::Get(), XrdSutPFEntry::buf1, XrdSutPFBuf::buf, ProxyOut_t::chain, XrdCryptoX509Chain::CheckValidity(), ProxyOut_t::ksig, XrdSutPFEntry::buf2, ProxyOut_t::cbck, XrdSutPFEntry::buf3, XrdCryptoX509Chain::Cleanup(), XrdSutPFBuf::len, DEBUG, InitProxy(), kXRS_x509, XrdSutBucket::SetBuf(), XrdCryptoFactory::X509ParseBucket(), XrdCryptoFactory::X509ParseFile(), ProxyIn_t::out, CACheck, XrdCryptoX509Chain::CheckCA(), XrdCryptoX509Chain::Reorder(), XrdCryptoX509Chain::End(), XrdCryptoX509::PKI(), XrdCryptoRSA::status, XrdCryptoRSA::kComplete, XrdCryptoFactory::X509ExportChain(), XrdSutCache::Add(), XrdSutPFEntry::mtime, XrdCryptoX509::NotAfter(), XrdSutPFEntry::status, kPFE_special, XrdSutPFEntry::cnt, XrdSutCache::Rehash(), and SafeDelete.
Referenced by ClientDoInit(), and GetSrvCertEnt().
| bool XrdSecProtocolgsi::ServerCertNameOK | ( | const char * | subject, |
| String & | e | ||
| ) | [private] |
References XrdOucString::find(), STR_NPOS, XrdOucString::assign(), XrdSecProtocol::Entity, XrdSecEntity::host, XrdOucString::length(), SrvAllowedNames, XrdOucString::replace(), XrdOucString::tokenize(), XrdOucString::beginswith(), XrdOucString::erasefromstart(), XrdOucString::matches(), and XrdOucString::c_str().
Referenced by ClientDoCert().
| int XrdSecProtocolgsi::ServerDoCert | ( | XrdSutBuffer * | br, |
| XrdSutBuffer ** | bm, | ||
| String & | cmsg | ||
| ) | [private] |
References EPNAME, XrdSutBuffer::GetBucket(), kXRS_main, kXRS_cipher_alg, XrdSutBucket::ToString(), DefCipher, XrdOucString::find(), hs, gsiHSVars::Chain, XrdSutBuffer::Deactivate(), DEBUG, kXRS_puk, SafeDelete, sessionKey, gsiHSVars::Rcip, sessionCF, XrdCryptoFactory::Cipher(), XrdCryptoCipher::Finalize(), XrdSutBucket::buffer, XrdSutBucket::size, XrdOucString::c_str(), XrdCryptoCipher::Decrypt(), gsiHSVars::RemVers, kXRS_version, Version, gsiHSVars::Cref, gsiHSVars::TimeStamp, TimeSkew, XrdSutPFEntry::mtime, kXRS_x509, gsiHSVars::Options, kOptsDelChn, XrdCryptoFactory::X509ParseBucket(), gsiHSVars::Crl, XrdCryptosslgsiX509Chain::Verify(), XrdCryptoX509Chain::LastError(), PxyReqOpts, kOptsSrvReq, kOptsSigReq, kOptsDlgPxy, kOptsFwdPxy, gsiHSVars::PxyChain, XrdCryptoX509Chain::Reorder(), XrdSslgsiX509CreateProxyReq(), XrdCryptoX509Chain::End(), XrdSutPFEntry::buf4, XrdSutPFBuf::buf, XrdCryptoX509Req::Export(), sessionKver, XrdCryptoFactory::RSA(), XrdCryptoX509::PKI(), XrdCryptoRSA::IsValid(), kXRS_md_alg, DefMD, sessionMD, and XrdCryptoFactory::MsgDigest().
Referenced by ParseServerInput().
| int XrdSecProtocolgsi::ServerDoCertreq | ( | XrdSutBuffer * | br, |
| XrdSutBuffer ** | bm, | ||
| String & | cmsg | ||
| ) | [private] |
References XrdSutBuffer::GetBucket(), kXRS_main, kXRS_cryptomod, XrdSutBucket::ToString(), ParseCrypto(), XrdSutBuffer::UnmarshalBucket(), kXRS_version, hs, gsiHSVars::RemVers, Version, XrdSutBuffer::Deactivate(), kXRS_issuer_hash, ParseCAlist(), GetSrvCertEnt(), sessionCF, gsiHSVars::TimeStamp, sessionKsig, XrdCryptoFactory::RSA(), XrdSutPFEntry::buf2, XrdSutPFBuf::buf, gsiHSVars::Cbck, XrdSutPFEntry::buf3, gsiHSVars::Cref, gsiHSVars::ID, XrdOucString::c_str(), XrdSutBucket::buffer, XrdSutBucket::size, kXRS_clnt_opts, and gsiHSVars::Options.
Referenced by ParseServerInput().
| int XrdSecProtocolgsi::ServerDoSigpxy | ( | XrdSutBuffer * | br, |
| XrdSutBuffer ** | bm, | ||
| String & | cmsg | ||
| ) | [private] |
References EPNAME, XrdSutBuffer::GetBucket(), kXRS_main, sessionKey, XrdCryptoCipher::Decrypt(), XrdSutBucket::buffer, XrdSutBucket::size, kXRS_x509, kXRS_message, XrdSutBucket::ToString(), DEBUG, hs, gsiHSVars::PxyChain, gsiHSVars::Options, kOptsFwdPxy, XrdCryptoX509Chain::End(), XrdCryptoX509::PKI(), XrdCryptoRSA::ImportPrivate(), gsiHSVars::Cref, sessionCF, XrdCryptoFactory::X509(), XrdSutPFEntry::buf4, XrdSutPFBuf::buf, XrdCryptoX509::SetPKI(), XrdCryptoRSA::Opaque(), XrdCryptoX509Chain::PushBack(), proxyChain, QTRACE, XrdCryptoX509Chain::Dump(), kXRS_user, XrdOucString::length(), XrdSecProtocol::Entity, XrdSecEntity::name, PxyReqOpts, kOptsPxFile, UsrProxy, XrdOucString::c_str(), XrdCryptoX509Chain::SearchBySubject(), XrdCryptoX509Chain::EECname(), XrdCryptoX509::SubjectHash(), XrdSutResolve(), XrdSecEntity::host, XrdSecEntity::vorg, XrdSecEntity::grps, XrdOucString::find(), STR_NPOS, XrdOucString::replace(), and XrdCryptoFactory::X509ChainToFile().
Referenced by ParseServerInput().
| int XrdSecProtocolgsi::setKey | ( | char * | kbuf, |
| int | klen | ||
| ) | [virtual] |
Reimplemented from XrdSecProtocol.
References EPNAME, sessionCF, XrdSutBucket::SetBuf(), XrdCryptoFactory::Cipher(), SafeDelete, sessionKey, and DEBUG.
| int XrdSecProtocolgsi::Sign | ( | const char * | inbuf, |
| int | inlen, | ||
| XrdSecBuffer ** | outbuf | ||
| ) | [virtual] |
| int XrdSecProtocolgsi::Verify | ( | const char * | inbuf, |
| int | inlen, | ||
| const char * | sigbuf, | ||
| int | siglen | ||
| ) | [virtual] |
| bool XrdSecProtocolgsi::VerifyCA | ( | int | opt, |
| X509Chain * | cca, | ||
| XrdCryptoFactory * | cf | ||
| ) | [static, private] |
References EPNAME, XrdCryptoX509Chain::SetStatusCA(), DEBUG, XrdCryptoFactory::X509ParseFile(), XrdCryptoX509Chain::Begin(), XrdCryptoX509::IssuerHash(), XrdCryptoX509::SubjectHash(), GetCApath(), XrdOucString::length(), XrdOucString::c_str(), XrdCryptoX509Chain::Next(), XrdCryptoX509Chain::Remove(), XrdCryptoX509Chain::PutInFront(), SafeDelete, XrdCryptosslgsiX509Chain::Verify(), PRINT, XrdCryptoX509Chain::CheckCA(), CACheck, and XrdCryptoX509Chain::kValid.
Referenced by GetCA().
Friends And Related Function Documentation
friend class gsiOptions [friend] |
Member Data Documentation
int XrdSecProtocolgsi::AuthzCacheTimeOut = 43200 [static, private] |
Referenced by Init(), and Authenticate().
int XrdSecProtocolgsi::AuthzCertFmt = -1 [static, private] |
Referenced by Init(), and Authenticate().
XrdSecgsiAuthz_t XrdSecProtocolgsi::AuthzFun = 0 [static, private] |
Referenced by Init(), and Authenticate().
XrdSecgsiAuthzKey_t XrdSecProtocolgsi::AuthzKey = 0 [static, private] |
Referenced by Authenticate(), and LoadAuthzFun().
XrdSysPlugin * XrdSecProtocolgsi::AuthzPlugin = 0 [static, private] |
Referenced by LoadAuthzFun().
int XrdSecProtocolgsi::AuthzPxyWhat = -1 [static, private] |
Referenced by Init(), and Authenticate().
int XrdSecProtocolgsi::AuthzPxyWhere = -1 [static, private] |
Referenced by Init(), and Authenticate().
XrdSutBucket* XrdSecProtocolgsi::bucketKey [private] |
Referenced by XrdSecProtocolgsi(), Delete(), and getKey().
XrdSutCache XrdSecProtocolgsi::cacheAuthzFun [static, private] |
Referenced by Init(), and Authenticate().
XrdSutCache XrdSecProtocolgsi::cacheCA [static, private] |
XrdSutCache XrdSecProtocolgsi::cacheCert [static, private] |
Referenced by Init(), and GetSrvCertEnt().
int XrdSecProtocolgsi::CACheck = 1 [static, private] |
Referenced by Init(), VerifyCA(), GetCA(), and QueryProxy().
XrdSutCache XrdSecProtocolgsi::cacheGMAP [static, private] |
Referenced by Init(), LoadGMAP(), and QueryGMAP().
XrdSutCache XrdSecProtocolgsi::cacheGMAPFun [static, private] |
Referenced by Init(), and QueryGMAP().
XrdSutCache XrdSecProtocolgsi::cachePxy [static, private] |
Referenced by Init(), and ClientDoInit().
String XrdSecProtocolgsi::CAdir = "/etc/grid-security/certificates/" [static, private] |
Referenced by Init(), gsiOptions::Print(), ClientDoInit(), GetCApath(), and GetSrvCertEnt().
int XrdSecProtocolgsi::CRLCheck = 1 [static, private] |
String XrdSecProtocolgsi::CRLdir = "/etc/grid-security/certificates/" [static, private] |
Referenced by Init(), gsiOptions::Print(), and LoadCRL().
int XrdSecProtocolgsi::CRLDownload = 0 [static, private] |
int XrdSecProtocolgsi::CRLRefresh = 86400 [static, private] |
XrdCryptoFactory * XrdSecProtocolgsi::cryptF = {0} [static, private] |
Referenced by Init(), and ParseCrypto().
int XrdSecProtocolgsi::cryptID = {0} [static, private] |
Referenced by Init(), and ParseCrypto().
String XrdSecProtocolgsi::cryptName = {0} [static, private] |
Referenced by Init().
int XrdSecProtocolgsi::Debug = 0 [static, private] |
int XrdSecProtocolgsi::DefBits = 512 [static, private] |
Referenced by Init(), and ClientDoInit().
String XrdSecProtocolgsi::DefCipher = "aes-128-cbc:bf-cbc:des-ede3-cbc" [static, private] |
Referenced by Init(), Authenticate(), gsiOptions::Print(), and ServerDoCert().
String XrdSecProtocolgsi::DefCRLext = ".r0" [static, private] |
Referenced by Init(), gsiOptions::Print(), and LoadCRL().
String XrdSecProtocolgsi::DefCrypto = "ssl" [static, private] |
Referenced by Init(), gsiOptions::Print(), and ClientDoInit().
String XrdSecProtocolgsi::DefError = "invalid credentials " [static, private] |
String XrdSecProtocolgsi::DefMD = "sha1:md5" [static, private] |
Referenced by Init(), Authenticate(), gsiOptions::Print(), and ServerDoCert().
int XrdSecProtocolgsi::DepLength = 0 [static, private] |
Referenced by Init(), and ClientDoInit().
XrdSysError XrdSecProtocolgsi::eDest [static, private] |
Referenced by EnableTracing(), LoadGMAPFun(), and LoadAuthzFun().
int XrdSecProtocolgsi::GMAPCacheTimeOut = -1 [static, private] |
Referenced by Init(), and QueryGMAP().
String XrdSecProtocolgsi::GMAPFile = "/etc/grid-security/grid-mapfile" [static, private] |
Referenced by Init(), gsiOptions::Print(), and LoadGMAP().
XrdSecgsiGMAP_t XrdSecProtocolgsi::GMAPFun = 0 [static, private] |
Referenced by Init(), and QueryGMAP().
int XrdSecProtocolgsi::GMAPOpt = 1 [static, private] |
Referenced by Init(), and Authenticate().
XrdSysPlugin * XrdSecProtocolgsi::GMAPPlugin = 0 [static, private] |
Referenced by LoadGMAPFun().
bool XrdSecProtocolgsi::GMAPuseDNname = 0 [static, private] |
Referenced by Init(), and Authenticate().
XrdSysMutex XrdSecProtocolgsi::gsiContext [static, private] |
XrdOucTrace * XrdSecProtocolgsi::GSITrace = 0 [static, private] |
Referenced by Init(), EnableTracing(), and ParseCrypto().
struct sockaddr XrdSecProtocolgsi::hostaddr [private] |
Referenced by XrdSecProtocolgsi().
gsiHSVars* XrdSecProtocolgsi::hs [private] |
XrdSysLogger XrdSecProtocolgsi::Logger [static, private] |
Referenced by EnableTracing().
int XrdSecProtocolgsi::MonInfoOpt = 0 [static, private] |
Referenced by Init(), and Authenticate().
int XrdSecProtocolgsi::ncrypt = 0 [static, private] |
Referenced by Init(), and ParseCrypto().
int XrdSecProtocolgsi::options [private] |
Referenced by XrdSecProtocolgsi().
X509Chain* XrdSecProtocolgsi::proxyChain [private] |
Referenced by XrdSecProtocolgsi(), Delete(), getCredentials(), and ServerDoSigpxy().
int XrdSecProtocolgsi::PxyReqOpts = 0 [static, private] |
Referenced by Init(), ClientDoInit(), ServerDoCert(), and ServerDoSigpxy().
String XrdSecProtocolgsi::PxyValid = "12:00" [static, private] |
Referenced by Init(), gsiOptions::Print(), ClientDoInit(), and GetSrvCertEnt().
XrdCryptoCipher * XrdSecProtocolgsi::refcip = {0} [static, private] |
Referenced by Init(), and ParseCrypto().
bool XrdSecProtocolgsi::Server = 1 [static, private] |
Referenced by XrdSecProtocolgsi(), and Init().
XrdCryptoFactory* XrdSecProtocolgsi::sessionCF [private] |
XrdCryptoCipher* XrdSecProtocolgsi::sessionKey [private] |
Referenced by XrdSecProtocolgsi(), Delete(), Encrypt(), Decrypt(), getKey(), setKey(), getCredentials(), Authenticate(), ClientDoCert(), ClientDoPxyreq(), ServerDoCert(), and ServerDoSigpxy().
XrdCryptoRSA* XrdSecProtocolgsi::sessionKsig [private] |
Referenced by XrdSecProtocolgsi(), Delete(), Sign(), AddSerialized(), ClientDoInit(), and ServerDoCertreq().
XrdCryptoRSA* XrdSecProtocolgsi::sessionKver [private] |
Referenced by XrdSecProtocolgsi(), Delete(), Verify(), ClientDoCert(), ServerDoCert(), and CheckRtag().
XrdCryptoMsgDigest* XrdSecProtocolgsi::sessionMD [private] |
Referenced by XrdSecProtocolgsi(), Delete(), Sign(), Verify(), ClientDoCert(), and ServerDoCert().
String XrdSecProtocolgsi::SrvAllowedNames [static, private] |
Referenced by Init(), and ServerCertNameOK().
String XrdSecProtocolgsi::SrvCert = "/etc/grid-security/xrd/xrdcert.pem" [static, private] |
Referenced by Init(), gsiOptions::Print(), and GetSrvCertEnt().
String XrdSecProtocolgsi::SrvKey = "/etc/grid-security/xrd/xrdkey.pem" [static, private] |
Referenced by Init(), gsiOptions::Print(), and GetSrvCertEnt().
bool XrdSecProtocolgsi::srvMode [private] |
Referenced by XrdSecProtocolgsi(), and getCredentials().
int XrdSecProtocolgsi::TimeSkew = 300 [static, private] |
Referenced by ClientDoCert(), and ServerDoCert().
String XrdSecProtocolgsi::UsrCert = "/.globus/usercert.pem" [static, private] |
Referenced by Init(), gsiOptions::Print(), and ClientDoInit().
String XrdSecProtocolgsi::UsrKey = "/.globus/userkey.pem" [static, private] |
Referenced by Init(), gsiOptions::Print(), and ClientDoInit().
String XrdSecProtocolgsi::UsrProxy [static, private] |
Referenced by Init(), gsiOptions::Print(), ClientDoInit(), ServerDoSigpxy(), and GetSrvCertEnt().
int XrdSecProtocolgsi::VOMSAttrOpt = 1 [static, private] |
Referenced by Init(), and Authenticate().
The documentation for this class was generated from the following files:
