#include <ctime>
#include <memory>
#include "XrdNet/XrdNetAddrInfo.hh"
#include "XrdOuc/XrdOucErrInfo.hh"
#include "XrdOuc/XrdOucGMap.hh"
#include "XrdOuc/XrdOucHash.hh"
#include "XrdOuc/XrdOucString.hh"
#include "XrdOuc/XrdOucTokenizer.hh"
#include "XrdSys/XrdSysPthread.hh"
#include "XrdSec/XrdSecInterface.hh"
#include "XrdSecgsi/XrdSecgsiTrace.hh"
#include "XrdSut/XrdSutCache.hh"
#include "XrdSut/XrdSutPFEntry.hh"
#include "XrdSut/XrdSutPFile.hh"
#include "XrdSut/XrdSutBuffer.hh"
#include "XrdSut/XrdSutRndm.hh"
#include "XrdCrypto/XrdCryptoAux.hh"
#include "XrdCrypto/XrdCryptoCipher.hh"
#include "XrdCrypto/XrdCryptoFactory.hh"
#include "XrdCrypto/XrdCryptoX509Crl.hh"
#include "XrdCrypto/XrdCryptogsiX509Chain.hh"

Include dependency graph for XrdSecProtocolgsi.hh:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes
class	gsiHSVars

class	gsiOptions

class	GSIStack< T >

struct	ProxyIn_t

struct	ProxyOut_t

class	XrdSecProtocolgsi

Macros
#define	kMAXBUFLEN 1024

#define	REL1(x)

#define	REL2(x, y)

#define	REL3(x, y, z)

#define	SafeDelArray(x)

#define	SafeDelete(x)

#define	SafeFree(x)

#define	XrdCryptoMax 10

#define	XrdSecDEBUG 0x1000

#define	XrdSecgsiVersCertKey 10600

#define	XrdSecgsiVersDHsigned 10400

#define	XrdSecgsiVERSION 10600

#define	XrdSecNOIPCHK 0x0001

#define	XrdSecPROTOIDENT "gsi"

#define	XrdSecPROTOIDLEN sizeof(XrdSecPROTOIDENT)

Typedefs
typedef XrdOucString	String

typedef XrdCryptogsiX509Chain	X509Chain

typedef int(*	XrdSecgsiAuthz_t) (XrdSecEntity &)

typedef int(*	XrdSecgsiAuthzInit_t) (const char *)

typedef int(*	XrdSecgsiAuthzKey_t) (XrdSecEntity &, char **)

typedef char (	XrdSecgsiGMAP_t) (const char *, int)

typedef XrdSecgsiAuthz_t	XrdSecgsiVOMS_t

typedef XrdSecgsiAuthzInit_t	XrdSecgsiVOMSInit_t

Enumerations
enum	kgsiClientSteps { kXGC_none = 0 , kXGC_certreq = 1000 , kXGC_cert , kXGC_sigpxy , kXGC_reserved }

enum	kgsiErrors { kGSErrParseBuffer = 10000 , kGSErrDecodeBuffer , kGSErrLoadCrypto , kGSErrBadProtocol , kGSErrCreateBucket , kGSErrDuplicateBucket , kGSErrCreateBuffer , kGSErrSerialBuffer , kGSErrGenCipher , kGSErrExportPuK , kGSErrEncRndmTag , kGSErrBadRndmTag , kGSErrNoRndmTag , kGSErrNoCipher , kGSErrNoCreds , kGSErrBadOpt , kGSErrMarshal , kGSErrUnmarshal , kGSErrSaveCreds , kGSErrNoBuffer , kGSErrRefCipher , kGSErrNoPublic , kGSErrAddBucket , kGSErrFinCipher , kGSErrInit , kGSErrBadCreds , kGSErrError }

enum	kgsiHandshakeOpts { kOptsDlgPxy = 1 , kOptsFwdPxy = 2 , kOptsSigReq = 4 , kOptsSrvReq = 8 , kOptsPxFile = 16 , kOptsDelChn = 32 , kOptsPxCred = 64 , kOptsCreatePxy = 128 , kOptsDelPxy = 256 }

enum	kgsiServerSteps { kXGS_none = 0 , kXGS_init = 2000 , kXGS_cert , kXGS_pxyreq , kXGS_reserved }

enum	kgsiStatus { kgST_error = -1 , kgST_ok = 0 , kgST_more = 1 }

Class Documentation

◆ ProxyIn_t

struct ProxyIn_t

Definition at line 244 of file XrdSecProtocolgsi.hh.

Collaboration diagram for ProxyIn_t:

Class Members
int	bits
const char *	cert
const char *	certdir
bool	createpxy
int	deplen
const char *	key
const char *	out
const char *	valid

◆ ProxyOut_t

struct ProxyOut_t

Definition at line 237 of file XrdSecProtocolgsi.hh.

Collaboration diagram for ProxyOut_t:

Class Members
XrdSutBucket *	cbck
X509Chain *	chain
XrdCryptoRSA *	ksig

Macro Definition Documentation

◆ kMAXBUFLEN

#define kMAXBUFLEN 1024

Definition at line 72 of file XrdSecProtocolgsi.hh.

◆ REL1

#define REL1 ( x )

Value:

{ if (x) delete x; }

Definition at line 150 of file XrdSecProtocolgsi.hh.

◆ REL2

#define REL2	(		x,
			y )

Value:

{ if (x) delete x; if (y) delete y; }

Definition at line 151 of file XrdSecProtocolgsi.hh.

Referenced by XrdSecProtocolgsi::Authenticate(), and XrdSecProtocolgsi::getCredentials().

◆ REL3

#define REL3	(	x,
		y,
		z )

Value:

{ if (x) delete x; if (y) delete y; if (z) delete z; }

Definition at line 152 of file XrdSecProtocolgsi.hh.

◆ SafeDelArray

#define SafeDelArray ( x )

Value:

{ if (x) {delete [] x ; x = 0;} }

Definition at line 155 of file XrdSecProtocolgsi.hh.

Referenced by XrdSecProtocolgsi::Authenticate().

◆ SafeDelete

#define SafeDelete ( x )

Value:

{ if (x) {delete x ; x = 0;} }

Definition at line 154 of file XrdSecProtocolgsi.hh.

Referenced by gsiHSVars::~gsiHSVars(), XrdSecProtocolgsi::Authenticate(), XrdSecProtocolgsi::Delete(), and XrdSecProtocolgsi::setKey().

◆ SafeFree

#define SafeFree ( x )

Value:

{ if (x) {free(x) ; x = 0;} }

Definition at line 156 of file XrdSecProtocolgsi.hh.

Referenced by XrdSecProtocolgsi::Authenticate(), XrdSecProtocolgsi::Decrypt(), XrdSecProtocolgsi::Delete(), XrdSecProtocolgsi::Encrypt(), XrdSecProtocolgsi::Sign(), XrdVomsFun::VOMSFun(), and XrdSecProtocolgsiInit().

◆ XrdCryptoMax

#define XrdCryptoMax 10

Definition at line 70 of file XrdSecProtocolgsi.hh.

Referenced by XrdSecProtocolgsi::Init().

◆ XrdSecDEBUG

#define XrdSecDEBUG 0x1000

Definition at line 69 of file XrdSecProtocolgsi.hh.

Referenced by XrdSecProtocolkrb5Init().

◆ XrdSecgsiVersCertKey

#define XrdSecgsiVersCertKey 10600

Definition at line 77 of file XrdSecProtocolgsi.hh.

◆ XrdSecgsiVersDHsigned

#define XrdSecgsiVersDHsigned 10400

Definition at line 75 of file XrdSecProtocolgsi.hh.

Referenced by XrdSecProtocolgsi::Authenticate(), and XrdSecProtocolgsi::getCredentials().

◆ XrdSecgsiVERSION

#define XrdSecgsiVERSION 10600

Definition at line 67 of file XrdSecProtocolgsi.hh.

◆ XrdSecNOIPCHK

#define XrdSecNOIPCHK 0x0001

Definition at line 68 of file XrdSecProtocolgsi.hh.

Referenced by XrdSecProtocolgsiObject(), XrdSecProtocolkrb5Init(), and XrdSecProtocolpwdObject().

◆ XrdSecPROTOIDENT

#define XrdSecPROTOIDENT "gsi"

Definition at line 65 of file XrdSecProtocolgsi.hh.

Referenced by XrdSecProtocolgsi::XrdSecProtocolgsi(), XrdSecProtocolgsi::Authenticate(), and XrdSecProtocolgsi::getCredentials().

◆ XrdSecPROTOIDLEN

#define XrdSecPROTOIDLEN sizeof(XrdSecPROTOIDENT)

Definition at line 66 of file XrdSecProtocolgsi.hh.

Referenced by XrdSecProtocolgsi::XrdSecProtocolgsi(), and XrdSecProtocolgsi::Authenticate().

Typedef Documentation

◆ String

typedef XrdOucString String

Definition at line 62 of file XrdSecProtocolgsi.hh.

◆ X509Chain

typedef XrdCryptogsiX509Chain X509Chain

Definition at line 63 of file XrdSecProtocolgsi.hh.

◆ XrdSecgsiAuthz_t

typedef int(* XrdSecgsiAuthz_t) (XrdSecEntity &)

Definition at line 160 of file XrdSecProtocolgsi.hh.

◆ XrdSecgsiAuthzInit_t

typedef int(* XrdSecgsiAuthzInit_t) (const char *)

Definition at line 161 of file XrdSecProtocolgsi.hh.

◆ XrdSecgsiAuthzKey_t

typedef int(* XrdSecgsiAuthzKey_t) (XrdSecEntity &, char **)

Definition at line 162 of file XrdSecProtocolgsi.hh.

◆ XrdSecgsiGMAP_t

typedef char *(* XrdSecgsiGMAP_t) (const char *, int)

Definition at line 159 of file XrdSecProtocolgsi.hh.

◆ XrdSecgsiVOMS_t

typedef XrdSecgsiAuthz_t XrdSecgsiVOMS_t

Definition at line 164 of file XrdSecProtocolgsi.hh.

◆ XrdSecgsiVOMSInit_t

typedef XrdSecgsiAuthzInit_t XrdSecgsiVOMSInit_t

Definition at line 165 of file XrdSecProtocolgsi.hh.

Enumeration Type Documentation

◆ kgsiClientSteps

enum kgsiClientSteps

Enumerator
kXGC_none
kXGC_certreq
kXGC_cert
kXGC_sigpxy
kXGC_reserved

Definition at line 89 of file XrdSecProtocolgsi.hh.

                     {
   kXGC_none = 0,
   kXGC_certreq     = 1000, // 1000: request server certificate
   kXGC_cert,               // 1001: packet with (proxy) certificate
   kXGC_sigpxy,             // 1002: packet with signed proxy certificate
   kXGC_reserved            // 
};

◆ kgsiErrors

enum kgsiErrors

Enumerator
kGSErrParseBuffer
kGSErrDecodeBuffer
kGSErrLoadCrypto
kGSErrBadProtocol
kGSErrCreateBucket
kGSErrDuplicateBucket
kGSErrCreateBuffer
kGSErrSerialBuffer
kGSErrGenCipher
kGSErrExportPuK
kGSErrEncRndmTag
kGSErrBadRndmTag
kGSErrNoRndmTag
kGSErrNoCipher
kGSErrNoCreds
kGSErrBadOpt
kGSErrMarshal
kGSErrUnmarshal
kGSErrSaveCreds
kGSErrNoBuffer
kGSErrRefCipher
kGSErrNoPublic
kGSErrAddBucket
kGSErrFinCipher
kGSErrInit
kGSErrBadCreds
kGSErrError

Definition at line 120 of file XrdSecProtocolgsi.hh.

                {
   kGSErrParseBuffer = 10000,       // 10000
   kGSErrDecodeBuffer,              // 10001
   kGSErrLoadCrypto,                // 10002
   kGSErrBadProtocol,               // 10003
   kGSErrCreateBucket,              // 10004
   kGSErrDuplicateBucket,           // 10005
   kGSErrCreateBuffer,              // 10006
   kGSErrSerialBuffer,              // 10007
   kGSErrGenCipher,                 // 10008
   kGSErrExportPuK,                 // 10009
   kGSErrEncRndmTag,                // 10010
   kGSErrBadRndmTag,                // 10011
   kGSErrNoRndmTag,                 // 10012
   kGSErrNoCipher,                  // 10013
   kGSErrNoCreds,                   // 10014
   kGSErrBadOpt,                    // 10015
   kGSErrMarshal,                   // 10016
   kGSErrUnmarshal,                 // 10017
   kGSErrSaveCreds,                 // 10018
   kGSErrNoBuffer,                  // 10019
   kGSErrRefCipher,                 // 10020
   kGSErrNoPublic,                  // 10021
   kGSErrAddBucket,                 // 10022
   kGSErrFinCipher,                 // 10023
   kGSErrInit,                      // 10024
   kGSErrBadCreds,                  // 10025
   kGSErrError                      // 10026  
};

◆ kgsiHandshakeOpts

enum kgsiHandshakeOpts

Enumerator
kOptsDlgPxy
kOptsFwdPxy
kOptsSigReq
kOptsSrvReq
kOptsPxFile
kOptsDelChn
kOptsPxCred
kOptsCreatePxy
kOptsDelPxy

Definition at line 107 of file XrdSecProtocolgsi.hh.

                       {
   kOptsDlgPxy     = 1,      // 0x0001: Ask for a delegated proxy
   kOptsFwdPxy     = 2,      // 0x0002: Forward local proxy
   kOptsSigReq     = 4,      // 0x0004: Accept to sign delegated proxy
   kOptsSrvReq     = 8,      // 0x0008: Server request for delegated proxy
   kOptsPxFile     = 16,     // 0x0010: Save delegated proxies in file
   kOptsDelChn     = 32,     // 0x0020: Delete chain
   kOptsPxCred     = 64,     // 0x0040: Save delegated proxies as credentials
   kOptsCreatePxy  = 128,    // 0x0080: Request a client proxy
   kOptsDelPxy     = 256     // 0x0100: Delete the proxy PxyChain
};

◆ kgsiServerSteps

enum kgsiServerSteps

Enumerator
kXGS_none
kXGS_init
kXGS_cert
kXGS_pxyreq
kXGS_reserved

Definition at line 98 of file XrdSecProtocolgsi.hh.

                     {
   kXGS_none = 0,
   kXGS_init       = 2000,   // 2000: fake code used the first time 
   kXGS_cert,                // 2001: packet with certificate 
   kXGS_pxyreq,              // 2002: packet with proxy req to be signed 
   kXGS_reserved             //
};

◆ kgsiStatus

enum kgsiStatus

Enumerator
kgST_error
kgST_ok
kgST_more

Definition at line 82 of file XrdSecProtocolgsi.hh.

                {
   kgST_error    = -1,      // error occurred
   kgST_ok       =  0,      // ok
   kgST_more     =  1       // need more info
};

Classes

Macros

Typedefs

Enumerations

Class Documentation

◆ ProxyIn_t

◆ ProxyOut_t

Macro Definition Documentation

◆ kMAXBUFLEN

◆ REL1

◆ REL2

◆ REL3

◆ SafeDelArray

◆ SafeDelete

◆ SafeFree

◆ XrdCryptoMax

◆ XrdSecDEBUG

◆ XrdSecgsiVersCertKey

◆ XrdSecgsiVersDHsigned

◆ XrdSecgsiVERSION

◆ XrdSecNOIPCHK

◆ XrdSecPROTOIDENT

◆ XrdSecPROTOIDLEN

Typedef Documentation

◆ String

◆ X509Chain

◆ XrdSecgsiAuthz_t

◆ XrdSecgsiAuthzInit_t

◆ XrdSecgsiAuthzKey_t

◆ XrdSecgsiGMAP_t

◆ XrdSecgsiVOMS_t

◆ XrdSecgsiVOMSInit_t

Enumeration Type Documentation

◆ kgsiClientSteps

◆ kgsiErrors

◆ kgsiHandshakeOpts

◆ kgsiServerSteps

◆ kgsiStatus