net » xrootd » src » xrootd » src » XrdSecsss

XrdSecsssID.hh

Go to the documentation of this file.
00001 #ifndef __SecsssID__
00002 #define __SecsssID__
00003 /******************************************************************************/
00004 /*                                                                            */
00005 /*                        X r d S e c s s s I D . h h                         */
00006 /*                                                                            */
00007 /* (c) 2008 by the Board of Trustees of the Leland Stanford, Jr., University  */
00008 /*                            All Rights Reserved                             */
00009 /*   Produced by Andrew Hanushevsky for Stanford University under contract    */
00010 /*              DE-AC02-76-SFO0515 with the Department of Energy              */
00011 /******************************************************************************/
00012   
00013 //       $Id: XrdSecsssID.hh 28902 2009-06-11 12:36:21Z ganis $
00014 
00015 #include <string.h>
00016 #include <time.h>
00017 
00018 #include "XrdOuc/XrdOucHash.hh"
00019 #include "XrdSec/XrdSecEntity.hh"
00020 #include "XrdSys/XrdSysPthread.hh"
00021 
00022 // The XrdSecsssID class allows you to establish a registery to map loginid's
00023 // to arbitrary entities. By default, the sss security protocol uses the
00024 // username as the authenticated username and, if possible, the corresponding
00025 // primary group membership of username (i.e., static mapping). The server is
00026 // will ignore the username and/or the groupname unless the key is designated
00027 // as anyuser, anygroup, respectively. By creating an instance of this class
00028 // you can over-ride the default and map the loginid (i.e., the id supplied
00029 // at login time which is normally the first 8-characters of the username or
00030 // the id specified in the url; i.e., id@host) to arbitrary entities using
00031 // the Register() method. You must create one, and only one, such instance
00032 // prior to making any contact with a sss security enabled server.
00033 
00034 // In order to include XrdSecsssID methods, you should either link with
00035 // libXrdSecsss.so (preferable) or include XrdSecsssID.o and link with
00036 // libXrdOuc.a and libXrdSys.a.
00037 
00038 class XrdSecsssID
00039 {
00040 public:
00041 
00042 // Register() creates a mapping from a loginid to an entity description. Only
00043 //            name, vo, role, group, and endorements pointers in XrdSecEntity
00044 //            are supported. To de-register a loginid, make the Ident arg zero.
00045 //            To replace an existing entry, specify 1 for doReplace argument.
00046 //            TRUE is returned if successful; FALSE otherwise (including the
00047 //            case where idDynamic was not specified in the constructor or
00048 //            doReplace is zero and the loginid has already been registered).
00049 //
00050 int      Register(const char *loginid, XrdSecEntity *Ident, int doReplace=0);
00051 
00052 // Find() is an internal look-up method that returns the identification
00053 //        string in the provided buffer corresponding to the loginid.
00054 //        If loginid is registered and the data will fit into the buffer the
00055 //        length moved into the buffer is returned. Otherwise, the default ID
00056 //        is moved into the buffer and the length copied is returned. If that
00057 //        is not possible, 0 is returned.
00058 //
00059 int      Find(const char *loginid, char *Buff, int Blen);
00060 
00061 // A single instance of this class may be instantiated. The first parameter
00062 // indicates how authentication is to be handled. The second parameter provides
00063 // either a fixed or default authenticated identity under control of the aType
00064 // parameter, as follows:
00065 //
00066 enum authType {idDynamic = 0, // Mutual: Map loginid to registered identity
00067                               //         Ident is default; if 0 nobody/nogroup
00068                idStatic  = 1, // 1Sided: fixed identity sent to the server
00069                               //         Ident as specified; if 0 process uid/gid
00070                               //         Default if XrdSecsssID not instantiated!
00071                idStaticM = 2  // Mutual: fixed identity sent to the server
00072                               //         Ident as specified; if 0 process uid/gid
00073               };
00074 
00075 // getObj() returns the address of a previous created instance of this object or
00076 //          zero if no instance exists. It also returns authType and default ID
00077 //          to be used regardless of the return value.
00078 //
00079 static
00080 XrdSecsssID *getObj(authType &aType, char **dID, int &dIDsz);
00081 
00082        XrdSecsssID(authType aType=idStatic, XrdSecEntity *Ident=0);
00083 
00084       ~XrdSecsssID() {if (defaultID) free(defaultID);}
00085 
00086 private:
00087 
00088 struct sssID {int iLen; char iData[1];}; // Sized appropriately
00089 static sssID *genID(int Secure);
00090 static sssID *genID(XrdSecEntity *eP);
00091 
00092 static XrdSysMutex InitMutex;
00093        sssID      *defaultID;
00094 XrdSysMutex        myMutex;
00095 XrdOucHash<sssID>  Registry;
00096 authType           myAuth;
00097 };
00098 #endif
Generated on Tue Jul 5 14:47:02 2011 for ROOT_528-00b_version by  doxygen 1.5.1