xrootd
XrdSecProtocolgsi.hh
Go to the documentation of this file.
1/******************************************************************************/
2/* */
3/* X r d S e c P r o t o c o l g s i . h h */
4/* */
5/* (c) 2005 G. Ganis / CERN */
6/* */
7/* This file is part of the XRootD software suite. */
8/* */
9/* XRootD is free software: you can redistribute it and/or modify it under */
10/* the terms of the GNU Lesser General Public License as published by the */
11/* Free Software Foundation, either version 3 of the License, or (at your */
12/* option) any later version. */
13/* */
14/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
15/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
16/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
17/* License for more details. */
18/* */
19/* You should have received a copy of the GNU Lesser General Public License */
20/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
21/* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
22/* */
23/* The copyright holder's institutional names and contributor's names may not */
24/* be used to endorse or promote products derived from this software without */
25/* specific prior written permission of the institution or contributor. */
26/* */
27/******************************************************************************/
28#include <time.h>
29
30#include "XrdNet/XrdNetAddrInfo.hh"
31
32#include "XrdOuc/XrdOucErrInfo.hh"
33#include "XrdOuc/XrdOucGMap.hh"
34#include "XrdOuc/XrdOucHash.hh"
35#include "XrdOuc/XrdOucString.hh"
36#include "XrdOuc/XrdOucTokenizer.hh"
37
38#include "XrdSys/XrdSysPthread.hh"
39
40#include "XrdSec/XrdSecInterface.hh"
41#include "XrdSecgsi/XrdSecgsiTrace.hh"
42
43#include "XrdSut/XrdSutCache.hh"
44
45#include "XrdSut/XrdSutPFEntry.hh"
46#include "XrdSut/XrdSutPFile.hh"
47#include "XrdSut/XrdSutBuffer.hh"
48#include "XrdSut/XrdSutRndm.hh"
49
50#include "XrdCrypto/XrdCryptoAux.hh"
51#include "XrdCrypto/XrdCryptoCipher.hh"
52#include "XrdCrypto/XrdCryptoFactory.hh"
53#include "XrdCrypto/XrdCryptoX509Crl.hh"
54
55#include "XrdCrypto/XrdCryptogsiX509Chain.hh"
56
57/******************************************************************************/
58/* D e f i n e s */
59/******************************************************************************/
60
61typedef XrdOucString String;
62typedef XrdCryptogsiX509Chain X509Chain;
63
64#define XrdSecPROTOIDENT "gsi"
65#define XrdSecPROTOIDLEN sizeof(XrdSecPROTOIDENT)
66#define XrdSecgsiVERSION 10400
67#define XrdSecNOIPCHK 0x0001
68#define XrdSecDEBUG 0x1000
69#define XrdCryptoMax 10
70
71#define kMAXBUFLEN 1024
72
73
74#define XrdSecgsiVersDHsigned 10400 // Version at which started signing
75 // of server DH parameters
76
77//
78// Message codes either returned by server or included in buffers
79enum kgsiStatus {
80 kgST_error = -1, // error occured
81 kgST_ok = 0, // ok
82 kgST_more = 1 // need more info
83};
84
85// Client steps
86enum kgsiClientSteps {
87 kXGC_none = 0,
88 kXGC_certreq = 1000, // 1000: request server certificate
89 kXGC_cert, // 1001: packet with (proxy) certificate
90 kXGC_sigpxy, // 1002: packet with signed proxy certificate
91 kXGC_reserved //
92};
93
94// Server steps
95enum kgsiServerSteps {
96 kXGS_none = 0,
97 kXGS_init = 2000, // 2000: fake code used the first time
98 kXGS_cert, // 2001: packet with certificate
99 kXGS_pxyreq, // 2002: packet with proxy req to be signed
100 kXGS_reserved //
101};
102
103// Handshake options
104enum kgsiHandshakeOpts {
105 kOptsDlgPxy = 1, // 0x0001: Ask for a delegated proxy
106 kOptsFwdPxy = 2, // 0x0002: Forward local proxy
107 kOptsSigReq = 4, // 0x0004: Accept to sign delegated proxy
108 kOptsSrvReq = 8, // 0x0008: Server request for delegated proxy
109 kOptsPxFile = 16, // 0x0010: Save delegated proxies in file
110 kOptsDelChn = 32, // 0x0020: Delete chain
111 kOptsPxCred = 64 // 0x0040: Save delegated proxies as credentials
112};
113
114// Error codes
115enum kgsiErrors {
116 kGSErrParseBuffer = 10000, // 10000
117 kGSErrDecodeBuffer, // 10001
118 kGSErrLoadCrypto, // 10002
119 kGSErrBadProtocol, // 10003
120 kGSErrCreateBucket, // 10004
121 kGSErrDuplicateBucket, // 10005
122 kGSErrCreateBuffer, // 10006
123 kGSErrSerialBuffer, // 10007
124 kGSErrGenCipher, // 10008
125 kGSErrExportPuK, // 10009
126 kGSErrEncRndmTag, // 10010
127 kGSErrBadRndmTag, // 10011
128 kGSErrNoRndmTag, // 10012
129 kGSErrNoCipher, // 10013
130 kGSErrNoCreds, // 10014
131 kGSErrBadOpt, // 10015
132 kGSErrMarshal, // 10016
133 kGSErrUnmarshal, // 10017
134 kGSErrSaveCreds, // 10018
135 kGSErrNoBuffer, // 10019
136 kGSErrRefCipher, // 10020
137 kGSErrNoPublic, // 10021
138 kGSErrAddBucket, // 10022
139 kGSErrFinCipher, // 10023
140 kGSErrInit, // 10024
141 kGSErrBadCreds, // 10025
142 kGSErrError // 10026
143};
144
145#define REL1(x) { if (x) delete x; }
146#define REL2(x,y) { if (x) delete x; if (y) delete y; }
147#define REL3(x,y,z) { if (x) delete x; if (y) delete y; if (z) delete z; }
148
149#define SafeDelete(x) { if (x) {delete x ; x = 0;} }
150#define SafeDelArray(x) { if (x) {delete [] x ; x = 0;} }
151#define SafeFree(x) { if (x) {free(x) ; x = 0;} }
152
153// External functions for generic mapping
154typedef char *(*XrdSecgsiGMAP_t)(const char *, int);
155typedef int (*XrdSecgsiAuthz_t)(XrdSecEntity &);
156typedef int (*XrdSecgsiAuthzInit_t)(const char *);
157typedef int (*XrdSecgsiAuthzKey_t)(XrdSecEntity &, char **);
158// VOMS extraction
159typedef XrdSecgsiAuthz_t XrdSecgsiVOMS_t;
160typedef XrdSecgsiAuthzInit_t XrdSecgsiVOMSInit_t;
161//
162// This a small class to set the relevant options in one go
163//
164class XrdOucGMap;
165class XrdOucTrace;
166class gsiOptions {
167public:
168 short debug; // [cs] debug flag
169 char mode; // [cs] 'c' or 's'
170 char *clist; // [s] list of crypto modules ["ssl" ]
171 char *certdir;// [cs] dir with CA info [/etc/grid-security/certificates]
172 char *crldir; // [cs] dir with CRL info [/etc/grid-security/certificates]
173 char *crlext; // [cs] extension of CRL files [.r0]
174 char *cert; // [s] server certificate [/etc/grid-security/root/rootcert.pem]
175 // [c] user certificate [$HOME/.globus/usercert.pem]
176 char *key; // [s] server private key [/etc/grid-security/root/rootkey.pem]
177 // [c] user private key [$HOME/.globus/userkey.pem]
178 char *cipher; // [s] list of ciphers [aes-128-cbc:bf-cbc:des-ede3-cbc]
179 char *md; // [s] list of MDs [sha256:md5]
180 int crl; // [cs] check level of CRL's [1]
181 int ca; // [cs] verification level of CA's [1]
182 int crlrefresh; // [cs] CRL refresh or expiration period in secs [1 day]
183 char *proxy; // [c] user proxy [/tmp/x509up_u<uid>]
184 char *valid; // [c] proxy validity [12:00]
185 int deplen; // [c] depth of signature path for proxies [0]
186 int bits; // [c] bits in PKI for proxies [512]
187 char *gridmap;// [s] gridmap file [/etc/grid-security/gridmap]
188 int gmapto; // [s] validity in secs of grid-map cache entries [600 s]
189 char *gmapfun;// [s] file with the function to map DN to usernames [0]
190 char *gmapfunparms;// [s] parameters for the function to map DN to usernames [0]
191 char *authzfun;// [s] file with the function to fill entities [0]
192 char *authzfunparms;// [s] parameters for the function to fill entities [0]
193 int authzto; // [s] validity in secs of authz cache entries [-1 => unlimited]
194 int ogmap; // [s] gridmap file checking option
195 int dlgpxy; // [c] explicitely ask the creation of a delegated proxy; default 0
196 // [s] ask client for proxies; default: do not accept delegated proxies
197 int sigpxy; // [c] accept delegated proxy requests
198 char *srvnames;// [c] '|' separated list of allowed server names
199 char *exppxy; // [s] template for the exported file with proxies
200 int authzpxy; // [s] if 1 make proxy available in exported form in the 'endorsement'
201 // field of the XrdSecEntity object for use in XrdAcc
202 int vomsat; // [s] 0 do not look for; 1 extract if any
203 char *vomsfun;// [s] file with the function to fill VOMS [0]
204 char *vomsfunparms;// [s] parameters for the function to fill VOMS [0]
205 int moninfo; // [s] 0 do not look for; 1 use DN as default
206 int hashcomp; // [cs] 1 send hash names with both algorithms; 0 send only the default [1]
207
208 bool trustdns; // [cs] 'true' if DNS is trusted [true]
209
210 gsiOptions() { debug = -1; mode = 's'; clist = 0;
211 certdir = 0; crldir = 0; crlext = 0; cert = 0; key = 0;
212 cipher = 0; md = 0; ca = 1 ; crl = 1; crlrefresh = 86400;
213 proxy = 0; valid = 0; deplen = 0; bits = 512;
214 gridmap = 0; gmapto = 600;
215 gmapfun = 0; gmapfunparms = 0; authzfun = 0; authzfunparms = 0; authzto = -1;
216 ogmap = 1; dlgpxy = 0; sigpxy = 1; srvnames = 0;
217 exppxy = 0; authzpxy = 0;
218 vomsat = 1; vomsfun = 0; vomsfunparms = 0; moninfo = 0; hashcomp = 1; trustdns = true; }
219 virtual ~gsiOptions() { } // Cleanup inside XrdSecProtocolgsiInit
220 void Print(XrdOucTrace *t); // Print summary of gsi option status
221};
222
223class XrdSecProtocolgsi;
224class gsiHSVars;
225
226// From a proxy query
227typedef struct {
228 X509Chain *chain;
229 XrdCryptoRSA *ksig;
230 XrdSutBucket *cbck;
231} ProxyOut_t;
232
233// To query proxies
234typedef struct {
235 const char *cert;
236 const char *key;
237 const char *certdir;
238 const char *out;
239 const char *valid;
240 int deplen;
241 int bits;
242} ProxyIn_t;
243
244template<class T>
245class GSIStack {
246public:
247 void Add(T *t) {
248 char k[40]; snprintf(k, 40, "%p", t);
249 mtx.Lock();
250 if (!stack.Find(k)) stack.Add(k, t, 0, Hash_count); // We need an additional count
251 stack.Add(k, t, 0, Hash_count);
252 mtx.UnLock();
253 }
254 void Del(T *t) {
255 char k[40]; snprintf(k, 40, "%p", t);
256 mtx.Lock();
257 if (stack.Find(k)) stack.Del(k, Hash_count);
258 mtx.UnLock();
259 }
260private:
261 XrdSysMutex mtx;
262 XrdOucHash<T> stack;
263};
264
265/******************************************************************************/
266/* X r d S e c P r o t o c o l g s i C l a s s */
267/******************************************************************************/
268
269class XrdSecProtocolgsi : public XrdSecProtocol
270{
271friend class gsiOptions;
272friend class gsiHSVars;
273public:
274 int Authenticate (XrdSecCredentials *cred,
275 XrdSecParameters **parms,
276 XrdOucErrInfo *einfo=0);
277
278 XrdSecCredentials *getCredentials(XrdSecParameters *parm=0,
279 XrdOucErrInfo *einfo=0);
280
281 XrdSecProtocolgsi(int opts, const char *hname, XrdNetAddrInfo &endPoint,
282 const char *parms = 0);
283 virtual ~XrdSecProtocolgsi() {} // Delete() does it all
284
285 // Initialization methods
286 static char *Init(gsiOptions o, XrdOucErrInfo *erp);
287
288 void Delete();
289
290 // Encrypt / Decrypt methods
291 int Encrypt(const char *inbuf, int inlen,
292 XrdSecBuffer **outbuf);
293 int Decrypt(const char *inbuf, int inlen,
294 XrdSecBuffer **outbuf);
295 // Sign / Verify methods
296 int Sign(const char *inbuf, int inlen,
297 XrdSecBuffer **outbuf);
298 int Verify(const char *inbuf, int inlen,
299 const char *sigbuf, int siglen);
300
301 // Export session key
302 int getKey(char *kbuf=0, int klen=0);
303 // Import a key
304 int setKey(char *kbuf, int klen);
305
306 // Enable tracing
307 static XrdOucTrace *EnableTracing();
308
309private:
310 XrdNetAddrInfo epAddr;
311
312 // Static members initialized at startup
313 static XrdSysMutex gsiContext;
314 static String CAdir;
315 static String CRLdir;
316 static String DefCRLext;
317 static String SrvCert;
318 static String SrvKey;
319 static String UsrProxy;
320 static String UsrCert;
321 static String UsrKey;
322 static String PxyValid;
323 static int DepLength;
324 static int DefBits;
325 static int CACheck;
326 static int CRLCheck;
327 static int CRLDownload;
328 static int CRLRefresh;
329 static String DefCrypto;
330 static String DefCipher;
331 static String DefMD;
332 static String DefError;
333 static String GMAPFile;
334 static int GMAPOpt;
335 static bool GMAPuseDNname;
336 static int GMAPCacheTimeOut;
337 static XrdSecgsiGMAP_t GMAPFun;
338 static XrdSecgsiAuthz_t AuthzFun;
339 static XrdSecgsiAuthzKey_t AuthzKey;
340 static int AuthzCertFmt;
341 static int AuthzCacheTimeOut;
342 static int PxyReqOpts;
343 static int AuthzPxyWhat;
344 static int AuthzPxyWhere;
345 static String SrvAllowedNames;
346 static int VOMSAttrOpt;
347 static XrdSecgsiVOMS_t VOMSFun;
348 static int VOMSCertFmt;
349 static int MonInfoOpt;
350 static bool HashCompatibility;
351 static bool TrustDNS;
352 //
353 // Crypto related info
354 static int ncrypt; // Number of factories
355 static XrdCryptoFactory *cryptF[XrdCryptoMax]; // their hooks
356 static int cryptID[XrdCryptoMax]; // their IDs
357 static String cryptName[XrdCryptoMax]; // their names
358 static XrdCryptoCipher *refcip[XrdCryptoMax]; // ref for session ciphers
359 //
360 // Caches
361 static XrdSutCache cacheCA; // Info about trusted CA's
362 static XrdSutCache cacheCert; // Server certificates info cache
363 static XrdSutCache cachePxy; // Client proxies cache;
364 static XrdSutCache cacheGMAPFun; // Cache for entries mapped by GMAPFun
365 static XrdSutCache cacheAuthzFun; // Cache for entities filled by AuthzFun
366 //
367 // Services
368 static XrdOucGMap *servGMap; // Grid mapping service
369 //
370 // CA and CRL stacks
371 static GSIStack<XrdCryptoX509Chain> stackCA; // Stack of CA in use
372 static GSIStack<XrdCryptoX509Crl> stackCRL; // Stack of CRL in use
373 //
374 // GMAP control vars
375 static time_t lastGMAPCheck; // time of last check on GMAP
376 static XrdSysMutex mutexGMAP; // mutex to control GMAP reloads
377 //
378 // Running options / settings
379 static int Debug; // [CS] Debug level
380 static bool Server; // [CS] If server mode
381 static int TimeSkew; // [CS] Allowed skew in secs for time stamps
382 //
383 // for error logging and tracing
384 static XrdSysLogger Logger;
385 static XrdSysError eDest;
386 static XrdOucTrace *GSITrace;
387
388 // Information local to this instance
389 int options;
390 XrdCryptoFactory *sessionCF; // Chosen crypto factory
391 XrdCryptoCipher *sessionKey; // Session Key (result of the handshake)
392 XrdSutBucket *bucketKey; // Bucket with the key in export form
393 XrdCryptoMsgDigest *sessionMD; // Message Digest instance
394 XrdCryptoRSA *sessionKsig; // RSA key to sign
395 XrdCryptoRSA *sessionKver; // RSA key to verify
396 X509Chain *proxyChain; // Chain with the delegated proxy on servers
397 bool srvMode; // TRUE if server mode
398 char *expectedHost; // Expected hostname if TrustDNS is enabled.
399 bool useIV; // Use a non-zeroed unique IV in cipher enc/dec operations
400
401 // Temporary Handshake local info
402 gsiHSVars *hs;
403
404 // Parsing received buffers: client
405 int ParseClientInput(XrdSutBuffer *br, XrdSutBuffer **bm,
406 String &emsg);
407 int ClientDoInit(XrdSutBuffer *br, XrdSutBuffer **bm,
408 String &cmsg);
409 int ClientDoCert(XrdSutBuffer *br, XrdSutBuffer **bm,
410 String &cmsg);
411 int ClientDoPxyreq(XrdSutBuffer *br, XrdSutBuffer **bm,
412 String &cmsg);
413
414 // Parsing received buffers: server
415 int ParseServerInput(XrdSutBuffer *br, XrdSutBuffer **bm,
416 String &cmsg);
417 int ServerDoCertreq(XrdSutBuffer *br, XrdSutBuffer **bm,
418 String &cmsg);
419 int ServerDoCert(XrdSutBuffer *br, XrdSutBuffer **bm,
420 String &cmsg);
421 int ServerDoSigpxy(XrdSutBuffer *br, XrdSutBuffer **bm,
422 String &cmsg);
423
424 // Auxilliary functions
425 int ParseCrypto(String cryptlist);
426 int ParseCAlist(String calist);
427
428 // Load CA certificates
429 static int GetCA(const char *cahash,
430 XrdCryptoFactory *cryptof, gsiHSVars *hs = 0);
431 static String GetCApath(const char *cahash);
432 static bool VerifyCA(int opt, X509Chain *cca, XrdCryptoFactory *cf);
433 static int VerifyCRL(XrdCryptoX509Crl *crl, XrdCryptoX509 *xca, XrdOucString crldir,
434 XrdCryptoFactory *CF, int hashalg);
435 bool ServerCertNameOK(const char *subject, const char *hname, String &e);
436 static XrdSutCacheEntry *GetSrvCertEnt(XrdSutCERef &gcref,
437 XrdCryptoFactory *cf,
438 time_t timestamp, String &cal);
439
440 // Load CRLs
441 static XrdCryptoX509Crl *LoadCRL(XrdCryptoX509 *xca, const char *sjhash,
442 XrdCryptoFactory *CF, int dwld, int &err);
443
444 // Updating proxies
445 static int QueryProxy(bool checkcache, XrdSutCache *cache, const char *tag,
446 XrdCryptoFactory *cf, time_t timestamp,
447 ProxyIn_t *pi, ProxyOut_t *po);
448 static int InitProxy(ProxyIn_t *pi, XrdCryptoFactory *cf,
449 X509Chain *ch = 0, XrdCryptoRSA **key = 0);
450
451 // Error functions
452 static void ErrF(XrdOucErrInfo *einfo, kXR_int32 ecode,
453 const char *msg1, const char *msg2 = 0,
454 const char *msg3 = 0);
455 XrdSecCredentials *ErrC(XrdOucErrInfo *einfo, XrdSutBuffer *b1,
456 XrdSutBuffer *b2,XrdSutBuffer *b3,
457 kXR_int32 ecode, const char *msg1 = 0,
458 const char *msg2 = 0, const char *msg3 = 0);
459 int ErrS(String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1,
460 XrdSutBuffer *b2, XrdSutBuffer *b3,
461 kXR_int32 ecode, const char *msg1 = 0,
462 const char *msg2 = 0, const char *msg3 = 0);
463
464 // Check Time stamp
465 bool CheckTimeStamp(XrdSutBuffer *b, int skew, String &emsg);
466
467 // Check random challenge
468 bool CheckRtag(XrdSutBuffer *bm, String &emsg);
469
470 // Auxilliary methods
471 int AddSerialized(char opt, kXR_int32 step, String ID,
472 XrdSutBuffer *bls, XrdSutBuffer *buf,
473 kXR_int32 type, XrdCryptoCipher *cip);
474 // Grid map cache handling
475 static XrdSecgsiGMAP_t // Load alternative function for mapping
476 LoadGMAPFun(const char *plugin, const char *parms);
477 static XrdSecgsiAuthz_t // Load alternative function to fill XrdSecEntity
478 LoadAuthzFun(const char *plugin, const char *parms, int &fmt);
479 static XrdSecgsiVOMS_t // Load alternative function to extract VOMS
480 LoadVOMSFun(const char *plugin, const char *parms, int &fmt);
481 static void QueryGMAP(XrdCryptoX509Chain* chain, int now, String &name); //Lookup info for DN
482
483 // Entity handling
484 void CopyEntity(XrdSecEntity *in, XrdSecEntity *out, int *lout = 0);
485 void FreeEntity(XrdSecEntity *in);
486
487 // VOMS parsing
488 int ExtractVOMS(X509Chain *c, XrdSecEntity &ent);
489};
490
491class gsiHSVars {
492public:
493 int Iter; // Iteration number
494 time_t TimeStamp; // Time of last call
495 String CryptoMod; // Crypto module in use
496 int RemVers; // Version run by remote counterpart
497 XrdCryptoCipher *Rcip; // Reference cipher
498 bool HasPad; // Whether padding is supported
499 XrdSutBucket *Cbck; // Bucket with the certificate in export form
500 String ID; // Handshake ID (dummy for clients)
501 XrdSutPFEntry *Cref; // Cache reference
502 XrdSutPFEntry *Pent; // Pointer to relevant file entry
503 X509Chain *Chain; // Chain to be eventually verified
504 XrdCryptoX509Crl *Crl; // Pointer to CRL, if required
505 X509Chain *PxyChain; // Proxy Chain on clients
506 bool RtagOK; // Rndm tag checked / not checked
507 bool Tty; // Terminal attached / not attached
508 int LastStep; // Step required at previous iteration
509 int Options; // Handshake options;
510 int HashAlg; // Hash algorithm of peer hash name;
511 XrdSutBuffer *Parms; // Buffer with server parms on first iteration
512
513 gsiHSVars() { Iter = 0; TimeStamp = -1; CryptoMod = "";
514 RemVers = -1; Rcip = 0; HasPad = 0;
515 Cbck = 0;
516 ID = ""; Cref = 0; Pent = 0; Chain = 0; Crl = 0; PxyChain = 0;
517 RtagOK = 0; Tty = 0; LastStep = 0; Options = 0; HashAlg = 0; Parms = 0;}
518
519 ~gsiHSVars() { SafeDelete(Cref);
520 if (Options & kOptsDelChn) {
521 // Do not delete the CA certificate in the cached reference
522 if (Chain) Chain->Cleanup(1);
523 SafeDelete(Chain);
524 }
525 if (Crl) {
526 // This decreases the counter and actually deletes the object only
527 // when no instance is using it
528 XrdSecProtocolgsi::stackCRL.Del(Crl);
529 Crl = 0;
530 }
531 // The proxy chain is owned by the proxy cache; invalid proxies are
532 // detected (and eventually removed) by QueryProxy
533 PxyChain = 0;
534 SafeDelete(Parms); }
535 void Dump(XrdSecProtocolgsi *p = 0);
536};
kXR_int32
int kXR_int32
Definition: XPtypes.hh:89
Hash_count
@ Hash_count
Definition: XrdOucHash.hh:54
kgsiHandshakeOpts
kgsiHandshakeOpts
Definition: XrdSecProtocolgsi.hh:104
kOptsDelChn
@ kOptsDelChn
Definition: XrdSecProtocolgsi.hh:110
kOptsSigReq
@ kOptsSigReq
Definition: XrdSecProtocolgsi.hh:107
kOptsFwdPxy
@ kOptsFwdPxy
Definition: XrdSecProtocolgsi.hh:106
kOptsPxCred
@ kOptsPxCred
Definition: XrdSecProtocolgsi.hh:111
kOptsSrvReq
@ kOptsSrvReq
Definition: XrdSecProtocolgsi.hh:108
kOptsDlgPxy
@ kOptsDlgPxy
Definition: XrdSecProtocolgsi.hh:105
kOptsPxFile
@ kOptsPxFile
Definition: XrdSecProtocolgsi.hh:109
SafeDelete
#define SafeDelete(x)
Definition: XrdSecProtocolgsi.hh:149
XrdSecgsiAuthz_t
int(* XrdSecgsiAuthz_t)(XrdSecEntity &)
Definition: XrdSecProtocolgsi.hh:155
X509Chain
XrdCryptogsiX509Chain X509Chain
Definition: XrdSecProtocolgsi.hh:62
kgsiServerSteps
kgsiServerSteps
Definition: XrdSecProtocolgsi.hh:95
kXGS_cert
@ kXGS_cert
Definition: XrdSecProtocolgsi.hh:98
kXGS_none
@ kXGS_none
Definition: XrdSecProtocolgsi.hh:96
kXGS_pxyreq
@ kXGS_pxyreq
Definition: XrdSecProtocolgsi.hh:99
kXGS_init
@ kXGS_init
Definition: XrdSecProtocolgsi.hh:97
kXGS_reserved
@ kXGS_reserved
Definition: XrdSecProtocolgsi.hh:100
XrdSecgsiVOMS_t
XrdSecgsiAuthz_t XrdSecgsiVOMS_t
Definition: XrdSecProtocolgsi.hh:159
XrdSecgsiAuthzKey_t
int(* XrdSecgsiAuthzKey_t)(XrdSecEntity &, char **)
Definition: XrdSecProtocolgsi.hh:157
String
XrdOucString String
Definition: XrdSecProtocolgsi.hh:61
kgsiStatus
kgsiStatus
Definition: XrdSecProtocolgsi.hh:79
kgST_ok
@ kgST_ok
Definition: XrdSecProtocolgsi.hh:81
kgST_error
@ kgST_error
Definition: XrdSecProtocolgsi.hh:80
kgST_more
@ kgST_more
Definition: XrdSecProtocolgsi.hh:82
XrdSecgsiAuthzInit_t
int(* XrdSecgsiAuthzInit_t)(const char *)
Definition: XrdSecProtocolgsi.hh:156
XrdCryptoMax
#define XrdCryptoMax
Definition: XrdSecProtocolgsi.hh:69
kgsiClientSteps
kgsiClientSteps
Definition: XrdSecProtocolgsi.hh:86
kXGC_sigpxy
@ kXGC_sigpxy
Definition: XrdSecProtocolgsi.hh:90
kXGC_cert
@ kXGC_cert
Definition: XrdSecProtocolgsi.hh:89
kXGC_reserved
@ kXGC_reserved
Definition: XrdSecProtocolgsi.hh:91
kXGC_none
@ kXGC_none
Definition: XrdSecProtocolgsi.hh:87
kXGC_certreq
@ kXGC_certreq
Definition: XrdSecProtocolgsi.hh:88
XrdSecgsiVOMSInit_t
XrdSecgsiAuthzInit_t XrdSecgsiVOMSInit_t
Definition: XrdSecProtocolgsi.hh:160
kgsiErrors
kgsiErrors
Definition: XrdSecProtocolgsi.hh:115
kGSErrExportPuK
@ kGSErrExportPuK
Definition: XrdSecProtocolgsi.hh:125
kGSErrBadRndmTag
@ kGSErrBadRndmTag
Definition: XrdSecProtocolgsi.hh:127
kGSErrCreateBuffer
@ kGSErrCreateBuffer
Definition: XrdSecProtocolgsi.hh:122
kGSErrNoCipher
@ kGSErrNoCipher
Definition: XrdSecProtocolgsi.hh:129
kGSErrInit
@ kGSErrInit
Definition: XrdSecProtocolgsi.hh:140
kGSErrFinCipher
@ kGSErrFinCipher
Definition: XrdSecProtocolgsi.hh:139
kGSErrParseBuffer
@ kGSErrParseBuffer
Definition: XrdSecProtocolgsi.hh:116
kGSErrGenCipher
@ kGSErrGenCipher
Definition: XrdSecProtocolgsi.hh:124
kGSErrBadCreds
@ kGSErrBadCreds
Definition: XrdSecProtocolgsi.hh:141
kGSErrUnmarshal
@ kGSErrUnmarshal
Definition: XrdSecProtocolgsi.hh:133
kGSErrRefCipher
@ kGSErrRefCipher
Definition: XrdSecProtocolgsi.hh:136
kGSErrBadProtocol
@ kGSErrBadProtocol
Definition: XrdSecProtocolgsi.hh:119
kGSErrMarshal
@ kGSErrMarshal
Definition: XrdSecProtocolgsi.hh:132
kGSErrNoPublic
@ kGSErrNoPublic
Definition: XrdSecProtocolgsi.hh:137
kGSErrSaveCreds
@ kGSErrSaveCreds
Definition: XrdSecProtocolgsi.hh:134
kGSErrSerialBuffer
@ kGSErrSerialBuffer
Definition: XrdSecProtocolgsi.hh:123
kGSErrNoCreds
@ kGSErrNoCreds
Definition: XrdSecProtocolgsi.hh:130
kGSErrDecodeBuffer
@ kGSErrDecodeBuffer
Definition: XrdSecProtocolgsi.hh:117
kGSErrLoadCrypto
@ kGSErrLoadCrypto
Definition: XrdSecProtocolgsi.hh:118
kGSErrEncRndmTag
@ kGSErrEncRndmTag
Definition: XrdSecProtocolgsi.hh:126
kGSErrDuplicateBucket
@ kGSErrDuplicateBucket
Definition: XrdSecProtocolgsi.hh:121
kGSErrBadOpt
@ kGSErrBadOpt
Definition: XrdSecProtocolgsi.hh:131
kGSErrNoRndmTag
@ kGSErrNoRndmTag
Definition: XrdSecProtocolgsi.hh:128
kGSErrAddBucket
@ kGSErrAddBucket
Definition: XrdSecProtocolgsi.hh:138
kGSErrError
@ kGSErrError
Definition: XrdSecProtocolgsi.hh:142
kGSErrCreateBucket
@ kGSErrCreateBucket
Definition: XrdSecProtocolgsi.hh:120
kGSErrNoBuffer
@ kGSErrNoBuffer
Definition: XrdSecProtocolgsi.hh:135
XrdSecgsiGMAP_t
char *(* XrdSecgsiGMAP_t)(const char *, int)
Definition: XrdSecProtocolgsi.hh:154
GSIStack
Definition: XrdSecProtocolgsi.hh:245
GSIStack::Add
void Add(T *t)
Definition: XrdSecProtocolgsi.hh:247
GSIStack::mtx
XrdSysMutex mtx
Definition: XrdSecProtocolgsi.hh:261
GSIStack::Del
void Del(T *t)
Definition: XrdSecProtocolgsi.hh:254
GSIStack::stack
XrdOucHash< T > stack
Definition: XrdSecProtocolgsi.hh:262
XrdCryptoCipher
Definition: XrdCryptoCipher.hh:48
XrdCryptoFactory
Definition: XrdCryptoFactory.hh:122
XrdCryptoMsgDigest
Definition: XrdCryptoMsgDigest.hh:47
XrdCryptoRSA
Definition: XrdCryptoRSA.hh:51
XrdCryptoX509Chain
Definition: XrdCryptoX509Chain.hh:80
XrdCryptoX509Chain::Cleanup
void Cleanup(bool keepCA=0)
XrdCryptoX509Crl
Definition: XrdCryptoX509Crl.hh:49
XrdCryptoX509
Definition: XrdCryptoX509.hh:51
XrdCryptogsiX509Chain
Definition: XrdCryptogsiX509Chain.hh:50
XrdNetAddrInfo
Definition: XrdNetAddrInfo.hh:54
XrdOucErrInfo
Definition: XrdOucErrInfo.hh:100
XrdOucGMap
Definition: XrdOucGMap.hh:49
XrdOucHash
Definition: XrdOucHash.hh:128
XrdOucString
Definition: XrdOucString.hh:254
XrdOucTrace
Definition: XrdOucTrace.hh:36
XrdSecEntity
Definition: XrdSecEntity.hh:52
XrdSecProtocol
Definition: XrdSecInterface.hh:131
XrdSecProtocolgsi
Definition: XrdSecProtocolgsi.hh:270
XrdSecProtocolgsi::stackCA
static GSIStack< XrdCryptoX509Chain > stackCA
Definition: XrdSecProtocolgsi.hh:371
XrdSecProtocolgsi::Authenticate
int Authenticate(XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)
XrdSecProtocolgsi::useIV
bool useIV
Definition: XrdSecProtocolgsi.hh:399
XrdSecProtocolgsi::Verify
int Verify(const char *inbuf, int inlen, const char *sigbuf, int siglen)
XrdSecProtocolgsi::bucketKey
XrdSutBucket * bucketKey
Definition: XrdSecProtocolgsi.hh:392
XrdSecProtocolgsi::LoadGMAPFun
static XrdSecgsiGMAP_t LoadGMAPFun(const char *plugin, const char *parms)
XrdSecProtocolgsi::~XrdSecProtocolgsi
virtual ~XrdSecProtocolgsi()
Definition: XrdSecProtocolgsi.hh:283
XrdSecProtocolgsi::SrvKey
static String SrvKey
Definition: XrdSecProtocolgsi.hh:318
XrdSecProtocolgsi::sessionCF
XrdCryptoFactory * sessionCF
Definition: XrdSecProtocolgsi.hh:390
XrdSecProtocolgsi::UsrCert
static String UsrCert
Definition: XrdSecProtocolgsi.hh:320
XrdSecProtocolgsi::LoadAuthzFun
static XrdSecgsiAuthz_t LoadAuthzFun(const char *plugin, const char *parms, int &fmt)
XrdSecProtocolgsi::XrdSecProtocolgsi
XrdSecProtocolgsi(int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0)
XrdSecProtocolgsi::proxyChain
X509Chain * proxyChain
Definition: XrdSecProtocolgsi.hh:396
XrdSecProtocolgsi::AuthzCertFmt
static int AuthzCertFmt
Definition: XrdSecProtocolgsi.hh:340
XrdSecProtocolgsi::VOMSFun
static XrdSecgsiVOMS_t VOMSFun
Definition: XrdSecProtocolgsi.hh:347
XrdSecProtocolgsi::FreeEntity
void FreeEntity(XrdSecEntity *in)
XrdSecProtocolgsi::ErrC
XrdSecCredentials * ErrC(XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
XrdSecProtocolgsi::CRLDownload
static int CRLDownload
Definition: XrdSecProtocolgsi.hh:327
XrdSecProtocolgsi::LoadVOMSFun
static XrdSecgsiVOMS_t LoadVOMSFun(const char *plugin, const char *parms, int &fmt)
XrdSecProtocolgsi::Logger
static XrdSysLogger Logger
Definition: XrdSecProtocolgsi.hh:384
XrdSecProtocolgsi::ServerDoCertreq
int ServerDoCertreq(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
XrdSecProtocolgsi::VerifyCA
static bool VerifyCA(int opt, X509Chain *cca, XrdCryptoFactory *cf)
XrdSecProtocolgsi::ServerCertNameOK
bool ServerCertNameOK(const char *subject, const char *hname, String &e)
XrdSecProtocolgsi::AuthzKey
static XrdSecgsiAuthzKey_t AuthzKey
Definition: XrdSecProtocolgsi.hh:339
XrdSecProtocolgsi::ParseServerInput
int ParseServerInput(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
XrdSecProtocolgsi::PxyReqOpts
static int PxyReqOpts
Definition: XrdSecProtocolgsi.hh:342
XrdSecProtocolgsi::DefError
static String DefError
Definition: XrdSecProtocolgsi.hh:332
XrdSecProtocolgsi::cryptF
static XrdCryptoFactory * cryptF[XrdCryptoMax]
Definition: XrdSecProtocolgsi.hh:355
XrdSecProtocolgsi::DefMD
static String DefMD
Definition: XrdSecProtocolgsi.hh:331
XrdSecProtocolgsi::ExtractVOMS
int ExtractVOMS(X509Chain *c, XrdSecEntity &ent)
XrdSecProtocolgsi::PxyValid
static String PxyValid
Definition: XrdSecProtocolgsi.hh:322
XrdSecProtocolgsi::servGMap
static XrdOucGMap * servGMap
Definition: XrdSecProtocolgsi.hh:368
XrdSecProtocolgsi::GetCApath
static String GetCApath(const char *cahash)
XrdSecProtocolgsi::DefCRLext
static String DefCRLext
Definition: XrdSecProtocolgsi.hh:316
XrdSecProtocolgsi::GMAPCacheTimeOut
static int GMAPCacheTimeOut
Definition: XrdSecProtocolgsi.hh:336
XrdSecProtocolgsi::ServerDoSigpxy
int ServerDoSigpxy(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
XrdSecProtocolgsi::UsrProxy
static String UsrProxy
Definition: XrdSecProtocolgsi.hh:319
XrdSecProtocolgsi::ncrypt
static int ncrypt
Definition: XrdSecProtocolgsi.hh:354
XrdSecProtocolgsi::srvMode
bool srvMode
Definition: XrdSecProtocolgsi.hh:397
XrdSecProtocolgsi::AddSerialized
int AddSerialized(char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip)
XrdSecProtocolgsi::CheckTimeStamp
bool CheckTimeStamp(XrdSutBuffer *b, int skew, String &emsg)
XrdSecProtocolgsi::LoadCRL
static XrdCryptoX509Crl * LoadCRL(XrdCryptoX509 *xca, const char *sjhash, XrdCryptoFactory *CF, int dwld, int &err)
XrdSecProtocolgsi::VOMSAttrOpt
static int VOMSAttrOpt
Definition: XrdSecProtocolgsi.hh:346
XrdSecProtocolgsi::AuthzPxyWhat
static int AuthzPxyWhat
Definition: XrdSecProtocolgsi.hh:343
XrdSecProtocolgsi::options
int options
Definition: XrdSecProtocolgsi.hh:389
XrdSecProtocolgsi::GetCA
static int GetCA(const char *cahash, XrdCryptoFactory *cryptof, gsiHSVars *hs=0)
XrdSecProtocolgsi::QueryProxy
static int QueryProxy(bool checkcache, XrdSutCache *cache, const char *tag, XrdCryptoFactory *cf, time_t timestamp, ProxyIn_t *pi, ProxyOut_t *po)
XrdSecProtocolgsi::Decrypt
int Decrypt(const char *inbuf, int inlen, XrdSecBuffer **outbuf)
XrdSecProtocolgsi::cryptName
static String cryptName[XrdCryptoMax]
Definition: XrdSecProtocolgsi.hh:357
XrdSecProtocolgsi::gsiContext
static XrdSysMutex gsiContext
Definition: XrdSecProtocolgsi.hh:313
XrdSecProtocolgsi::GetSrvCertEnt
static XrdSutCacheEntry * GetSrvCertEnt(XrdSutCERef &gcref, XrdCryptoFactory *cf, time_t timestamp, String &cal)
XrdSecProtocolgsi::epAddr
XrdNetAddrInfo epAddr
Definition: XrdSecProtocolgsi.hh:310
XrdSecProtocolgsi::Encrypt
int Encrypt(const char *inbuf, int inlen, XrdSecBuffer **outbuf)
XrdSecProtocolgsi::GMAPFile
static String GMAPFile
Definition: XrdSecProtocolgsi.hh:333
XrdSecProtocolgsi::Debug
static int Debug
Definition: XrdSecProtocolgsi.hh:379
XrdSecProtocolgsi::HashCompatibility
static bool HashCompatibility
Definition: XrdSecProtocolgsi.hh:350
XrdSecProtocolgsi::AuthzCacheTimeOut
static int AuthzCacheTimeOut
Definition: XrdSecProtocolgsi.hh:341
XrdSecProtocolgsi::GMAPOpt
static int GMAPOpt
Definition: XrdSecProtocolgsi.hh:334
XrdSecProtocolgsi::sessionKver
XrdCryptoRSA * sessionKver
Definition: XrdSecProtocolgsi.hh:395
XrdSecProtocolgsi::UsrKey
static String UsrKey
Definition: XrdSecProtocolgsi.hh:321
XrdSecProtocolgsi::CRLdir
static String CRLdir
Definition: XrdSecProtocolgsi.hh:315
XrdSecProtocolgsi::sessionMD
XrdCryptoMsgDigest * sessionMD
Definition: XrdSecProtocolgsi.hh:393
XrdSecProtocolgsi::ClientDoCert
int ClientDoCert(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
XrdSecProtocolgsi::ClientDoPxyreq
int ClientDoPxyreq(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
XrdSecProtocolgsi::SrvAllowedNames
static String SrvAllowedNames
Definition: XrdSecProtocolgsi.hh:345
XrdSecProtocolgsi::stackCRL
static GSIStack< XrdCryptoX509Crl > stackCRL
Definition: XrdSecProtocolgsi.hh:372
XrdSecProtocolgsi::ClientDoInit
int ClientDoInit(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
XrdSecProtocolgsi::Init
static char * Init(gsiOptions o, XrdOucErrInfo *erp)
XrdSecProtocolgsi::Delete
void Delete()
Delete the protocol object. DO NOT use C++ delete() on this object.
XrdSecProtocolgsi::cryptID
static int cryptID[XrdCryptoMax]
Definition: XrdSecProtocolgsi.hh:356
XrdSecProtocolgsi::CopyEntity
void CopyEntity(XrdSecEntity *in, XrdSecEntity *out, int *lout=0)
XrdSecProtocolgsi::expectedHost
char * expectedHost
Definition: XrdSecProtocolgsi.hh:398
XrdSecProtocolgsi::hs
gsiHSVars * hs
Definition: XrdSecProtocolgsi.hh:402
XrdSecProtocolgsi::lastGMAPCheck
static time_t lastGMAPCheck
Definition: XrdSecProtocolgsi.hh:375
XrdSecProtocolgsi::DepLength
static int DepLength
Definition: XrdSecProtocolgsi.hh:323
XrdSecProtocolgsi::TrustDNS
static bool TrustDNS
Definition: XrdSecProtocolgsi.hh:351
XrdSecProtocolgsi::CAdir
static String CAdir
Definition: XrdSecProtocolgsi.hh:314
XrdSecProtocolgsi::cachePxy
static XrdSutCache cachePxy
Definition: XrdSecProtocolgsi.hh:363
XrdSecProtocolgsi::cacheAuthzFun
static XrdSutCache cacheAuthzFun
Definition: XrdSecProtocolgsi.hh:365
XrdSecProtocolgsi::GMAPFun
static XrdSecgsiGMAP_t GMAPFun
Definition: XrdSecProtocolgsi.hh:337
XrdSecProtocolgsi::sessionKey
XrdCryptoCipher * sessionKey
Definition: XrdSecProtocolgsi.hh:391
XrdSecProtocolgsi::EnableTracing
static XrdOucTrace * EnableTracing()
XrdSecProtocolgsi::GMAPuseDNname
static bool GMAPuseDNname
Definition: XrdSecProtocolgsi.hh:335
XrdSecProtocolgsi::sessionKsig
XrdCryptoRSA * sessionKsig
Definition: XrdSecProtocolgsi.hh:394
XrdSecProtocolgsi::VOMSCertFmt
static int VOMSCertFmt
Definition: XrdSecProtocolgsi.hh:348
XrdSecProtocolgsi::getCredentials
XrdSecCredentials * getCredentials(XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)
XrdSecProtocolgsi::AuthzPxyWhere
static int AuthzPxyWhere
Definition: XrdSecProtocolgsi.hh:344
XrdSecProtocolgsi::cacheCA
static XrdSutCache cacheCA
Definition: XrdSecProtocolgsi.hh:361
XrdSecProtocolgsi::GSITrace
static XrdOucTrace * GSITrace
Definition: XrdSecProtocolgsi.hh:386
XrdSecProtocolgsi::mutexGMAP
static XrdSysMutex mutexGMAP
Definition: XrdSecProtocolgsi.hh:376
XrdSecProtocolgsi::CACheck
static int CACheck
Definition: XrdSecProtocolgsi.hh:325
XrdSecProtocolgsi::getKey
int getKey(char *kbuf=0, int klen=0)
XrdSecProtocolgsi::SrvCert
static String SrvCert
Definition: XrdSecProtocolgsi.hh:317
XrdSecProtocolgsi::DefCipher
static String DefCipher
Definition: XrdSecProtocolgsi.hh:330
XrdSecProtocolgsi::eDest
static XrdSysError eDest
Definition: XrdSecProtocolgsi.hh:385
XrdSecProtocolgsi::ServerDoCert
int ServerDoCert(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
XrdSecProtocolgsi::Server
static bool Server
Definition: XrdSecProtocolgsi.hh:380
XrdSecProtocolgsi::DefCrypto
static String DefCrypto
Definition: XrdSecProtocolgsi.hh:329
XrdSecProtocolgsi::MonInfoOpt
static int MonInfoOpt
Definition: XrdSecProtocolgsi.hh:349
XrdSecProtocolgsi::ErrF
static void ErrF(XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0)
XrdSecProtocolgsi::refcip
static XrdCryptoCipher * refcip[XrdCryptoMax]
Definition: XrdSecProtocolgsi.hh:358
XrdSecProtocolgsi::ParseCrypto
int ParseCrypto(String cryptlist)
XrdSecProtocolgsi::DefBits
static int DefBits
Definition: XrdSecProtocolgsi.hh:324
XrdSecProtocolgsi::ParseCAlist
int ParseCAlist(String calist)
XrdSecProtocolgsi::InitProxy
static int InitProxy(ProxyIn_t *pi, XrdCryptoFactory *cf, X509Chain *ch=0, XrdCryptoRSA **key=0)
XrdSecProtocolgsi::QueryGMAP
static void QueryGMAP(XrdCryptoX509Chain *chain, int now, String &name)
XrdSecProtocolgsi::Sign
int Sign(const char *inbuf, int inlen, XrdSecBuffer **outbuf)
XrdSecProtocolgsi::cacheCert
static XrdSutCache cacheCert
Definition: XrdSecProtocolgsi.hh:362
XrdSecProtocolgsi::ErrS
int ErrS(String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
XrdSecProtocolgsi::CheckRtag
bool CheckRtag(XrdSutBuffer *bm, String &emsg)
XrdSecProtocolgsi::CRLCheck
static int CRLCheck
Definition: XrdSecProtocolgsi.hh:326
XrdSecProtocolgsi::setKey
int setKey(char *kbuf, int klen)
XrdSecProtocolgsi::ParseClientInput
int ParseClientInput(XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg)
XrdSecProtocolgsi::cacheGMAPFun
static XrdSutCache cacheGMAPFun
Definition: XrdSecProtocolgsi.hh:364
XrdSecProtocolgsi::AuthzFun
static XrdSecgsiAuthz_t AuthzFun
Definition: XrdSecProtocolgsi.hh:338
XrdSecProtocolgsi::VerifyCRL
static int VerifyCRL(XrdCryptoX509Crl *crl, XrdCryptoX509 *xca, XrdOucString crldir, XrdCryptoFactory *CF, int hashalg)
XrdSecProtocolgsi::TimeSkew
static int TimeSkew
Definition: XrdSecProtocolgsi.hh:381
XrdSecProtocolgsi::CRLRefresh
static int CRLRefresh
Definition: XrdSecProtocolgsi.hh:328
XrdSutBucket
Definition: XrdSutBucket.hh:44
XrdSutBuffer
Definition: XrdSutBuffer.hh:43
XrdSutCERef
Definition: XrdSutCacheEntry.hh:100
XrdSutCacheEntry
Definition: XrdSutCacheEntry.hh:75
XrdSutCache
Definition: XrdSutCache.hh:49
XrdSutPFEntry
Definition: XrdSutPFEntry.hh:78
XrdSysError
Definition: XrdSysError.hh:90
XrdSysLogger
Definition: XrdSysLogger.hh:53
XrdSysMutex
Definition: XrdSysPthread.hh:166
XrdSysMutex::Lock
void Lock()
Definition: XrdSysPthread.hh:220
XrdSysMutex::UnLock
void UnLock()
Definition: XrdSysPthread.hh:222
gsiHSVars
Definition: XrdSecProtocolgsi.hh:491
gsiHSVars::Cref
XrdSutPFEntry * Cref
Definition: XrdSecProtocolgsi.hh:501
gsiHSVars::RtagOK
bool RtagOK
Definition: XrdSecProtocolgsi.hh:506
gsiHSVars::Tty
bool Tty
Definition: XrdSecProtocolgsi.hh:507
gsiHSVars::CryptoMod
String CryptoMod
Definition: XrdSecProtocolgsi.hh:495
gsiHSVars::HasPad
bool HasPad
Definition: XrdSecProtocolgsi.hh:498
gsiHSVars::PxyChain
X509Chain * PxyChain
Definition: XrdSecProtocolgsi.hh:505
gsiHSVars::Crl
XrdCryptoX509Crl * Crl
Definition: XrdSecProtocolgsi.hh:504
gsiHSVars::Parms
XrdSutBuffer * Parms
Definition: XrdSecProtocolgsi.hh:511
gsiHSVars::HashAlg
int HashAlg
Definition: XrdSecProtocolgsi.hh:510
gsiHSVars::ID
String ID
Definition: XrdSecProtocolgsi.hh:500
gsiHSVars::Cbck
XrdSutBucket * Cbck
Definition: XrdSecProtocolgsi.hh:499
gsiHSVars::gsiHSVars
gsiHSVars()
Definition: XrdSecProtocolgsi.hh:513
gsiHSVars::Dump
void Dump(XrdSecProtocolgsi *p=0)
gsiHSVars::Chain
X509Chain * Chain
Definition: XrdSecProtocolgsi.hh:503
gsiHSVars::Options
int Options
Definition: XrdSecProtocolgsi.hh:509
gsiHSVars::Pent
XrdSutPFEntry * Pent
Definition: XrdSecProtocolgsi.hh:502
gsiHSVars::~gsiHSVars
~gsiHSVars()
Definition: XrdSecProtocolgsi.hh:519
gsiHSVars::TimeStamp
time_t TimeStamp
Definition: XrdSecProtocolgsi.hh:494
gsiHSVars::LastStep
int LastStep
Definition: XrdSecProtocolgsi.hh:508
gsiHSVars::Iter
int Iter
Definition: XrdSecProtocolgsi.hh:493
gsiHSVars::RemVers
int RemVers
Definition: XrdSecProtocolgsi.hh:496
gsiHSVars::Rcip
XrdCryptoCipher * Rcip
Definition: XrdSecProtocolgsi.hh:497
gsiOptions
Definition: XrdSecProtocolgsi.hh:166
gsiOptions::authzto
int authzto
Definition: XrdSecProtocolgsi.hh:193
gsiOptions::authzfun
char * authzfun
Definition: XrdSecProtocolgsi.hh:191
gsiOptions::mode
char mode
Definition: XrdSecProtocolgsi.hh:169
gsiOptions::cert
char * cert
Definition: XrdSecProtocolgsi.hh:174
gsiOptions::moninfo
int moninfo
Definition: XrdSecProtocolgsi.hh:205
gsiOptions::valid
char * valid
Definition: XrdSecProtocolgsi.hh:184
gsiOptions::crldir
char * crldir
Definition: XrdSecProtocolgsi.hh:172
gsiOptions::gmapfun
char * gmapfun
Definition: XrdSecProtocolgsi.hh:189
gsiOptions::proxy
char * proxy
Definition: XrdSecProtocolgsi.hh:183
gsiOptions::crlext
char * crlext
Definition: XrdSecProtocolgsi.hh:173
gsiOptions::cipher
char * cipher
Definition: XrdSecProtocolgsi.hh:178
gsiOptions::~gsiOptions
virtual ~gsiOptions()
Definition: XrdSecProtocolgsi.hh:219
gsiOptions::vomsfunparms
char * vomsfunparms
Definition: XrdSecProtocolgsi.hh:204
gsiOptions::key
char * key
Definition: XrdSecProtocolgsi.hh:176
gsiOptions::deplen
int deplen
Definition: XrdSecProtocolgsi.hh:185
gsiOptions::certdir
char * certdir
Definition: XrdSecProtocolgsi.hh:171
gsiOptions::authzfunparms
char * authzfunparms
Definition: XrdSecProtocolgsi.hh:192
gsiOptions::srvnames
char * srvnames
Definition: XrdSecProtocolgsi.hh:198
gsiOptions::exppxy
char * exppxy
Definition: XrdSecProtocolgsi.hh:199
gsiOptions::crl
int crl
Definition: XrdSecProtocolgsi.hh:180
gsiOptions::ogmap
int ogmap
Definition: XrdSecProtocolgsi.hh:194
gsiOptions::vomsat
int vomsat
Definition: XrdSecProtocolgsi.hh:202
gsiOptions::trustdns
bool trustdns
Definition: XrdSecProtocolgsi.hh:208
gsiOptions::gridmap
char * gridmap
Definition: XrdSecProtocolgsi.hh:187
gsiOptions::md
char * md
Definition: XrdSecProtocolgsi.hh:179
gsiOptions::hashcomp
int hashcomp
Definition: XrdSecProtocolgsi.hh:206
gsiOptions::authzpxy
int authzpxy
Definition: XrdSecProtocolgsi.hh:200
gsiOptions::debug
short debug
Definition: XrdSecProtocolgsi.hh:168
gsiOptions::gsiOptions
gsiOptions()
Definition: XrdSecProtocolgsi.hh:210
gsiOptions::bits
int bits
Definition: XrdSecProtocolgsi.hh:186
gsiOptions::gmapto
int gmapto
Definition: XrdSecProtocolgsi.hh:188
gsiOptions::vomsfun
char * vomsfun
Definition: XrdSecProtocolgsi.hh:203
gsiOptions::Print
void Print(XrdOucTrace *t)
gsiOptions::clist
char * clist
Definition: XrdSecProtocolgsi.hh:170
gsiOptions::gmapfunparms
char * gmapfunparms
Definition: XrdSecProtocolgsi.hh:190
gsiOptions::sigpxy
int sigpxy
Definition: XrdSecProtocolgsi.hh:197
gsiOptions::ca
int ca
Definition: XrdSecProtocolgsi.hh:181
gsiOptions::crlrefresh
int crlrefresh
Definition: XrdSecProtocolgsi.hh:182
gsiOptions::dlgpxy
int dlgpxy
Definition: XrdSecProtocolgsi.hh:195
ProxyIn_t
Definition: XrdSecProtocolgsi.hh:234
ProxyIn_t::bits
int bits
Definition: XrdSecProtocolgsi.hh:241
ProxyIn_t::valid
const char * valid
Definition: XrdSecProtocolgsi.hh:239
ProxyIn_t::out
const char * out
Definition: XrdSecProtocolgsi.hh:238
ProxyIn_t::deplen
int deplen
Definition: XrdSecProtocolgsi.hh:240
ProxyIn_t::key
const char * key
Definition: XrdSecProtocolgsi.hh:236
ProxyIn_t::certdir
const char * certdir
Definition: XrdSecProtocolgsi.hh:237
ProxyIn_t::cert
const char * cert
Definition: XrdSecProtocolgsi.hh:235
ProxyOut_t
Definition: XrdSecProtocolgsi.hh:227
ProxyOut_t::cbck
XrdSutBucket * cbck
Definition: XrdSecProtocolgsi.hh:230
ProxyOut_t::ksig
XrdCryptoRSA * ksig
Definition: XrdSecProtocolgsi.hh:229
ProxyOut_t::chain
X509Chain * chain
Definition: XrdSecProtocolgsi.hh:228
XrdSecBuffer
Generic structure to pass security information back and forth.
Definition: XrdSecInterface.hh:51
Generated by doxygen 1.9.3