#include <XrdSecProtocolssl.hh>
Inheritance diagram for XrdSecProtocolssl:
Public Member Functions | |
| XrdSecProtocolssl (const char *hostname, const struct sockaddr *ipaddr) | |
| virtual void | secClient (int theFD, XrdOucErrInfo *einfo) |
| virtual void | secServer (int theFD, XrdOucErrInfo *einfo=0) |
| virtual void | Delete () |
| ~XrdSecProtocolssl () | |
Static Public Member Functions | |
| static int | dummy (const char *key, XrdSecProtocolssl *ssl, void *Arg) |
| static int | GenerateSession (const SSL *ssl, unsigned char *id, unsigned int *id_len) |
| static int | NewSession (SSL *ssl, SSL_SESSION *pNew) |
| static int | GetSession (SSL *ssl, SSL_SESSION *pNew) |
| static void | ReloadGridMapFile () |
| static void | ReloadVomsMapFile () |
| static bool | VomsMapGroups (const char *groups, XrdOucString &allgroups, XrdOucString &defaultgroup) |
| static void | GetEnvironment () |
| static int | Fatal (XrdOucErrInfo *erp, const char *msg, int rc) |
Public Attributes | |
| int | sessionfd |
| X509 * | client_cert |
| X509 * | server_cert |
| XrdOucString | host |
| char | proxyBuff [16384] |
| SSL_CTX * | clientctx |
| XrdSysMutex | SSLMutex |
| bool | terminate |
| sockaddr | hostaddr |
| char * | credBuff |
| int | Step |
| int | sd |
| int | listen_sd |
| sockaddr_in | sa_serv |
| sockaddr_in | sa_cli |
| SSL * | ssl |
Static Public Attributes | |
| static char * | SessionIdContext |
| static char * | sslcadir |
| static char * | sslvomsdir |
| static char * | sslserverkeyfile |
| static char * | sslkeyfile |
| static char * | sslcertfile |
| static char * | sslproxyexportdir |
| static bool | sslproxyexportplain |
| static char | sslserverexportpassword [EXPORTKEYSTRENGTH+1] |
| static int | threadsinuse |
| static char * | gridmapfile |
| static char * | vomsmapfile |
| static bool | mapuser |
| static bool | mapnobody |
| static bool | mapgroup |
| static bool | mapcerncertificates |
| static int | debug |
| static time_t | sslsessionlifetime |
| static int | sslselecttimeout |
| static int | sslsessioncachesize |
| static char * | procdir |
| static XrdSecProtocolsslProc * | proc |
| static int | errortimeout |
| static int | errorverify |
| static int | errorqueue |
| static int | erroraccept |
| static int | errorabort |
| static int | errorread |
| static int | forwardedproxies |
| static bool | isServer |
| static bool | forwardProxy |
| static bool | allowSessions |
| static X509_STORE * | store |
| static X509_LOOKUP * | lookup |
| static int | verifydepth |
| static int | verifyindex |
| static XrdOucHash< XrdOucString > | gridmapstore |
| static XrdOucHash< XrdOucString > | vomsmapstore |
| static XrdOucHash< XrdOucString > | stringstore |
| static XrdSysMutex | StoreMutex |
| static XrdSysMutex | VomsMapMutex |
| static XrdSysMutex | GridMapMutex |
| static XrdSysMutex * | CryptoMutexPool [PROTOCOLSSL_MAX_CRYPTO_MUTEX] |
| static XrdSysMutex | ThreadsInUseMutex |
| static XrdSysMutex | ErrorMutex |
| static XrdSysLogger | Logger |
| static XrdSysError | ssleDest |
| static time_t | storeLoadTime |
| static SSL_CTX * | ctx |
Friends | |
| class | XrdSecProtocolDummy |
Classes | |
| struct | sslverify_t |
Definition at line 123 of file XrdSecProtocolssl.hh.
| XrdSecProtocolssl::XrdSecProtocolssl | ( | const char * | hostname, | |
| const struct sockaddr * | ipaddr | |||
| ) | [inline] |
Definition at line 128 of file XrdSecProtocolssl.hh.
References client_cert, clientctx, credBuff, XrdSecEntity::endorsements, XrdSecProtocol::Entity, XrdNetDNS::getHostName(), XrdSecEntity::grps, XrdSecEntity::host, host, XrdSecEntity::name, XrdSecEntity::prot, proxyBuff, server_cert, ssl, and terminate.
| XrdSecProtocolssl::~XrdSecProtocolssl | ( | ) | [inline] |
Definition at line 262 of file XrdSecProtocolssl.hh.
| void XrdSecProtocolssl::secClient | ( | int | theFD, | |
| XrdOucErrInfo * | einfo | |||
| ) | [virtual] |
Implements XrdSecTLayer.
Definition at line 296 of file XrdSecProtocolssl.cc.
References allowSessions, buf, XrdOucString::c_str(), clientctx, close, DEBUG, EPNAME, error, erroraccept, ErrorMutex, errorread, errortimeout, ETIMEDOUT, F_GETFL, F_SETFL, Fatal(), fclose(), fcntl(), flags, fopen, forwardProxy, fp, fprintf(), free(), getenv(), GetEnvironment(), grst_cadir, GRST_callback_SSLVerify_wrapper(), grst_depth, GRST_get_voms_roles_and_free(), GRST_print_ssl_creds(), GRST_verify_cert_wrapper(), grst_vomsdir, XrdSecsslSessionLock::HardLock(), XrdSecsslSessionLock::HardUnLock(), host, i, int, l, l2n, XrdSysMutex::Lock(), NULL, O_NONBLOCK, ok, open, p, proxyBuff, read, S_IRUSR, S_IWUSR, secprotocolssl_pem_cb(), server_cert, XrdSecsslSessionLock::SoftLock(), XrdSecsslSessionLock::SoftUnLock(), sprintf(), ssl, ssl_continue(), ssl_select(), sslcadir, sslcertfile, sslkeyfile, SSLMutex, sslproxyexportplain, sslselecttimeout, sslserverexportpassword, sslvomsdir, stat, str, TRACE, XrdSysMutex::UnLock(), and verifydepth.
Referenced by main().
| void XrdSecProtocolssl::secServer | ( | int | theFD, | |
| XrdOucErrInfo * | einfo = 0 | |||
| ) | [virtual] |
Implements XrdSecTLayer.
Definition at line 720 of file XrdSecProtocolssl.cc.
References XrdOucString::assign(), XrdOucString::beginswith(), XrdOucString::c_str(), client_cert, close, ctx, debug, DEBUG, ECONNABORTED, XrdSecEntity::endorsements, XrdSecProtocol::Entity, EPNAME, XrdOucString::erase(), XrdOucString::erasefromstart(), error, errorabort, erroraccept, ROOT::ErrorInfo(), ErrorMutex, errorqueue, errorread, errortimeout, errorverify, ETIMEDOUT, EXPORTKEYSTRENGTH, F_GETFL, F_SETFL, Fatal(), fclose(), fcntl(), XrdOucHash< T >::Find(), XrdOucString::find(), flags, fopen, forwardedproxies, fprintf(), free(), gettimeofday(), group::gr_name, GridMapMutex, gridmapstore, XrdSecEntity::grps, GRST_free_chain(), GRST_get_voms_roles_and_free(), GRST_print_ssl_creds(), XrdSecProtocolsslProc::Handle(), i, int, XrdOucString::length(), XrdSysMutex::Lock(), mapcerncertificates, mapgroup, mapnobody, mapuser, XrdSecEntity::name, NULL, O_NONBLOCK, open, proc, XrdSecEntity::prot, proxyBuff, pwd(), ReloadGridMapFile(), rename, XrdOucString::replace(), XrdSecEntity::role, S_IRUSR, S_IWUSR, sprintf(), ssl, ssl_continue(), ssl_select(), SSL_X509_STORE_create(), sslcadir, SSLMutex, sslproxyexportdir, sslproxyexportplain, sslselecttimeout, sslserverexportpassword, sslsessioncachesize, store, storeLoadTime, StoreMutex, str, STR_NPOS, terminate, threadsinuse, TRACE, tz, unlink, XrdSysMutex::UnLock(), VomsMapGroups(), XrdSecProtocolsslProcFile::Write(), and write.
Referenced by main().
| static int XrdSecProtocolssl::dummy | ( | const char * | key, | |
| XrdSecProtocolssl * | ssl, | |||
| void * | Arg | |||
| ) | [inline, static] |
Definition at line 152 of file XrdSecProtocolssl.hh.
| virtual void XrdSecProtocolssl::Delete | ( | void | ) | [inline, virtual] |
Implements XrdSecTLayer.
Definition at line 155 of file XrdSecProtocolssl.hh.
References client_cert, credBuff, XrdSecProtocol::Entity, free(), XrdSecEntity::grps, XrdSecEntity::host, XrdSysThread::Join(), XrdSysMutex::Lock(), XrdSecEntity::name, NULL, XrdSecEntity::role, XrdSecTLayer::secTid, server_cert, ssl, SSLMutex, terminate, and XrdSysMutex::UnLock().
| int XrdSecProtocolssl::GenerateSession | ( | const SSL * | ssl, | |
| unsigned char * | id, | |||
| unsigned int * | id_len | |||
| ) | [static] |
Definition at line 1256 of file XrdSecProtocolssl.cc.
References EPNAME, MAX_SESSION_ID_ATTEMPTS, and TRACE.
Referenced by XrdSecProtocolsslInit().
| int XrdSecProtocolssl::NewSession | ( | SSL * | ssl, | |
| SSL_SESSION * | pNew | |||
| ) | [static] |
Definition at line 1279 of file XrdSecProtocolssl.cc.
References DEBUG, EPNAME, i, int, sprintf(), sslsessionlifetime, and TRACE.
Referenced by XrdSecProtocolsslInit().
| static int XrdSecProtocolssl::GetSession | ( | SSL * | ssl, | |
| SSL_SESSION * | pNew | |||
| ) | [static] |
| void XrdSecProtocolssl::ReloadGridMapFile | ( | ) | [static] |
Definition at line 1294 of file XrdSecProtocolssl.cc.
References XrdOucHash< T >::Add(), XrdOucString::c_str(), EPNAME, XrdOucString::erase(), fclose(), XrdOucHash< T >::Find(), XrdOucString::find(), fopen, gridmapfile, GridMapMutex, gridmapstore, XrdSysMutex::Lock(), NULL, XrdOucHash< T >::Purge(), XrdOucString::replace(), stat, TRACE, and XrdSysMutex::UnLock().
Referenced by secServer().
| void XrdSecProtocolssl::ReloadVomsMapFile | ( | ) | [static] |
Definition at line 1352 of file XrdSecProtocolssl.cc.
References XrdOucHash< T >::Add(), XrdOucString::c_str(), EPNAME, fclose(), XrdOucHash< T >::Find(), fopen, XrdSysMutex::Lock(), NULL, XrdOucHash< T >::Purge(), XrdOucString::replace(), stat, TRACE, XrdSysMutex::UnLock(), vomsmapfile, VomsMapMutex, and vomsmapstore.
Referenced by VomsMapGroups().
| bool XrdSecProtocolssl::VomsMapGroups | ( | const char * | groups, | |
| XrdOucString & | allgroups, | |||
| XrdOucString & | defaultgroup | |||
| ) | [static] |
Definition at line 1405 of file XrdSecProtocolssl.cc.
References XrdOucString::c_str(), EPNAME, XrdOucString::erase(), TMVA::kNN::Find(), ReloadVomsMapFile(), XrdOucString::replace(), XrdOucString::rfind(), STR_NPOS, TRACE, and vomsmapstore.
Referenced by secServer().
| void XrdSecProtocolssl::GetEnvironment | ( | ) | [static] |
Definition at line 104 of file XrdSecProtocolssl.cc.
References allowSessions, debug, EPNAME, forwardProxy, free(), getenv(), sprintf(), sslcadir, sslcertfile, sslkeyfile, sslproxyexportdir, sslselecttimeout, sslvomsdir, TRACE, and verifydepth.
Referenced by secClient(), and XrdSecProtocolsslInit().
| int XrdSecProtocolssl::Fatal | ( | XrdOucErrInfo * | erp, | |
| const char * | msg, | |||
| int | rc | |||
| ) | [static] |
Definition at line 219 of file XrdSecProtocolssl.cc.
References errorabort, erroraccept, ROOT::ErrorInfo(), errorqueue, errorread, errortimeout, errorverify, XrdSecProtocolsslProc::Handle(), i, k, proc, XrdOucErrInfo::setErrInfo(), sprintf(), and XrdSecProtocolsslProcFile::Write().
Referenced by secClient(), and secServer().
friend class XrdSecProtocolDummy [friend] |
Definition at line 126 of file XrdSecProtocolssl.hh.
char * XrdSecProtocolssl::SessionIdContext [static] |
char * XrdSecProtocolssl::sslcadir [static] |
Definition at line 187 of file XrdSecProtocolssl.hh.
Referenced by GetEnvironment(), secClient(), secServer(), and XrdSecProtocolsslInit().
char * XrdSecProtocolssl::sslvomsdir [static] |
Definition at line 188 of file XrdSecProtocolssl.hh.
Referenced by GetEnvironment(), secClient(), and XrdSecProtocolsslInit().
char * XrdSecProtocolssl::sslserverkeyfile [static] |
char * XrdSecProtocolssl::sslkeyfile [static] |
Definition at line 190 of file XrdSecProtocolssl.hh.
Referenced by GetEnvironment(), secClient(), and XrdSecProtocolsslInit().
char * XrdSecProtocolssl::sslcertfile [static] |
Definition at line 191 of file XrdSecProtocolssl.hh.
Referenced by GetEnvironment(), secClient(), and XrdSecProtocolsslInit().
char * XrdSecProtocolssl::sslproxyexportdir [static] |
Definition at line 192 of file XrdSecProtocolssl.hh.
Referenced by GetEnvironment(), secServer(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::sslproxyexportplain [static] |
Definition at line 193 of file XrdSecProtocolssl.hh.
Referenced by secClient(), secServer(), and XrdSecProtocolsslInit().
char XrdSecProtocolssl::sslserverexportpassword [static] |
Definition at line 194 of file XrdSecProtocolssl.hh.
Referenced by secClient(), secprotocolssl_pem_cb(), secServer(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::threadsinuse [static] |
Definition at line 195 of file XrdSecProtocolssl.hh.
Referenced by secServer(), XrdSecsslThreadInUse::XrdSecsslThreadInUse(), and XrdSecsslThreadInUse::~XrdSecsslThreadInUse().
char * XrdSecProtocolssl::gridmapfile [static] |
Definition at line 196 of file XrdSecProtocolssl.hh.
Referenced by ReloadGridMapFile(), and XrdSecProtocolsslInit().
char * XrdSecProtocolssl::vomsmapfile [static] |
Definition at line 197 of file XrdSecProtocolssl.hh.
Referenced by ReloadVomsMapFile(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::mapuser [static] |
Definition at line 198 of file XrdSecProtocolssl.hh.
Referenced by secServer(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::mapnobody [static] |
Definition at line 199 of file XrdSecProtocolssl.hh.
Referenced by secServer(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::mapgroup [static] |
Definition at line 200 of file XrdSecProtocolssl.hh.
Referenced by secServer(), and XrdSecProtocolsslInit().
bool XrdSecProtocolssl::mapcerncertificates [static] |
Definition at line 201 of file XrdSecProtocolssl.hh.
Referenced by secServer(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::debug [static] |
Definition at line 202 of file XrdSecProtocolssl.hh.
Referenced by GetEnvironment(), secServer(), and XrdSecProtocolsslInit().
time_t XrdSecProtocolssl::sslsessionlifetime [static] |
Definition at line 203 of file XrdSecProtocolssl.hh.
Referenced by NewSession(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::sslselecttimeout [static] |
Definition at line 204 of file XrdSecProtocolssl.hh.
Referenced by GetEnvironment(), secClient(), secServer(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::sslsessioncachesize [static] |
Definition at line 205 of file XrdSecProtocolssl.hh.
Referenced by secServer(), and XrdSecProtocolsslInit().
char * XrdSecProtocolssl::procdir [static] |
XrdSecProtocolsslProc * XrdSecProtocolssl::proc [static] |
Definition at line 207 of file XrdSecProtocolssl.hh.
Referenced by Fatal(), secServer(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::errortimeout [static] |
Definition at line 209 of file XrdSecProtocolssl.hh.
Referenced by Fatal(), secClient(), and secServer().
int XrdSecProtocolssl::errorverify [static] |
int XrdSecProtocolssl::errorqueue [static] |
int XrdSecProtocolssl::erroraccept [static] |
Definition at line 212 of file XrdSecProtocolssl.hh.
Referenced by Fatal(), secClient(), and secServer().
int XrdSecProtocolssl::errorabort [static] |
int XrdSecProtocolssl::errorread [static] |
Definition at line 214 of file XrdSecProtocolssl.hh.
Referenced by Fatal(), secClient(), and secServer().
int XrdSecProtocolssl::forwardedproxies [static] |
bool XrdSecProtocolssl::isServer [static] |
Reimplemented from XrdSecTLayer.
Definition at line 217 of file XrdSecProtocolssl.hh.
Referenced by XrdSecProtocolsslInit().
bool XrdSecProtocolssl::forwardProxy [static] |
Definition at line 218 of file XrdSecProtocolssl.hh.
Referenced by GetEnvironment(), and secClient().
bool XrdSecProtocolssl::allowSessions [static] |
Definition at line 219 of file XrdSecProtocolssl.hh.
Referenced by GetEnvironment(), main(), and secClient().
X509_STORE * XrdSecProtocolssl::store [static] |
Definition at line 220 of file XrdSecProtocolssl.hh.
Referenced by secServer(), and XrdSecProtocolsslInit().
X509_LOOKUP * XrdSecProtocolssl::lookup [static] |
Definition at line 221 of file XrdSecProtocolssl.hh.
int XrdSecProtocolssl::verifydepth [static] |
Definition at line 222 of file XrdSecProtocolssl.hh.
Referenced by GetEnvironment(), secClient(), and XrdSecProtocolsslInit().
int XrdSecProtocolssl::verifyindex [static] |
Definition at line 223 of file XrdSecProtocolssl.hh.
Definition at line 224 of file XrdSecProtocolssl.hh.
Definition at line 225 of file XrdSecProtocolssl.hh.
Referenced by Delete(), secServer(), and XrdSecProtocolssl().
Definition at line 226 of file XrdSecProtocolssl.hh.
Referenced by Delete(), secClient(), and XrdSecProtocolssl().
Definition at line 227 of file XrdSecProtocolssl.hh.
Referenced by secClient(), and XrdSecProtocolssl().
XrdOucHash< XrdOucString > XrdSecProtocolssl::gridmapstore [static] |
Definition at line 235 of file XrdSecProtocolssl.hh.
Referenced by ReloadGridMapFile(), and secServer().
XrdOucHash< XrdOucString > XrdSecProtocolssl::vomsmapstore [static] |
Definition at line 236 of file XrdSecProtocolssl.hh.
Referenced by ReloadVomsMapFile(), and VomsMapGroups().
XrdOucHash< XrdOucString > XrdSecProtocolssl::stringstore [static] |
XrdSysMutex XrdSecProtocolssl::StoreMutex [static] |
Definition at line 240 of file XrdSecProtocolssl.hh.
Referenced by ReloadGridMapFile(), and secServer().
XrdSysMutex * XrdSecProtocolssl::CryptoMutexPool [static] |
Definition at line 241 of file XrdSecProtocolssl.hh.
Referenced by protocolssl_lock(), and XrdSecProtocolsslInit().
Definition at line 242 of file XrdSecProtocolssl.hh.
Referenced by XrdSecsslThreadInUse::XrdSecsslThreadInUse(), and XrdSecsslThreadInUse::~XrdSecsslThreadInUse().
XrdSysMutex XrdSecProtocolssl::ErrorMutex [static] |
XrdSysLogger XrdSecProtocolssl::Logger [static] |
XrdSysError XrdSecProtocolssl::ssleDest [static] |
time_t XrdSecProtocolssl::storeLoadTime [static] |
Definition at line 248 of file XrdSecProtocolssl.hh.
Referenced by secServer(), and XrdSecProtocolsslInit().
| char XrdSecProtocolssl::proxyBuff[16384] |
Definition at line 256 of file XrdSecProtocolssl.hh.
Referenced by secClient(), secServer(), and XrdSecProtocolssl().
SSL_CTX * XrdSecProtocolssl::ctx [static] |
Definition at line 257 of file XrdSecProtocolssl.hh.
Referenced by secServer(), and XrdSecProtocolsslInit().
| SSL_CTX* XrdSecProtocolssl::clientctx |
Definition at line 258 of file XrdSecProtocolssl.hh.
Referenced by secClient(), and XrdSecProtocolssl().
Definition at line 260 of file XrdSecProtocolssl.hh.
Referenced by Delete(), secClient(), and secServer().
Definition at line 261 of file XrdSecProtocolssl.hh.
Referenced by Delete(), secServer(), and XrdSecProtocolssl().
| struct sockaddr XrdSecProtocolssl::hostaddr |
Definition at line 268 of file XrdSecProtocolssl.hh.
Definition at line 269 of file XrdSecProtocolssl.hh.
Referenced by Delete(), and XrdSecProtocolssl().
Definition at line 270 of file XrdSecProtocolssl.hh.
Definition at line 272 of file XrdSecProtocolssl.hh.
Definition at line 273 of file XrdSecProtocolssl.hh.
| struct sockaddr_in XrdSecProtocolssl::sa_serv |
Definition at line 274 of file XrdSecProtocolssl.hh.
| struct sockaddr_in XrdSecProtocolssl::sa_cli |
Definition at line 275 of file XrdSecProtocolssl.hh.
Definition at line 276 of file XrdSecProtocolssl.hh.
Referenced by Delete(), secClient(), secServer(), and XrdSecProtocolssl().
1.5.1