XRootD
Loading...
Searching...
No Matches
XrdSecgsiProxy.cc File Reference
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <unistd.h>
#include <pwd.h>
#include <ctime>
#include "XrdOuc/XrdOucString.hh"
#include "XrdSys/XrdSysLogger.hh"
#include "XrdSys/XrdSysError.hh"
#include "XrdSys/XrdSysPwd.hh"
#include "XrdSut/XrdSutAux.hh"
#include "XrdCrypto/XrdCryptoAux.hh"
#include "XrdCrypto/XrdCryptoFactory.hh"
#include "XrdCrypto/XrdCryptoX509.hh"
#include "XrdCrypto/XrdCryptoX509Req.hh"
#include "XrdCrypto/XrdCryptoX509Chain.hh"
#include "XrdCrypto/XrdCryptoX509Crl.hh"
#include "XrdCrypto/XrdCryptogsiX509Chain.hh"
#include "XrdSecgsi/XrdSecgsiTrace.hh"
+ Include dependency graph for XrdSecgsiProxy.cc:

Go to the source code of this file.

Macros

#define PRT(x)   {std::cerr <<x <<std::endl;}
 

Enumerations

enum  kModes {
  kM_undef = 0 ,
  kM_init = 1 ,
  kM_info ,
  kM_destroy ,
  kM_help
}
 

Functions

bool CheckOption (XrdOucString opt, const char *ref, int &ival)
 
void Display (XrdCryptoX509 *xp)
 
int main (int argc, char **argv)
 
void Menu ()
 
int ParseArguments (int argc, char **argv)
 

Variables

int Bits = 2048
 
XrdOucString CAdir = "/etc/grid-security/certificates/"
 
int ClockSkew = 30
 
XrdCryptoX509CreateProxy_t CreateProxy = 0
 
XrdOucString CRLdir = "/etc/grid-security/certificates/"
 
XrdOucString CryptoMod = "ssl"
 
bool Debug = 0
 
XrdOucString DefEEcert = "/.globus/usercert.pem"
 
XrdOucString DefEEkey = "/.globus/userkey.pem"
 
XrdOucString DefPXcert = "/tmp/x509up_u"
 
bool DumpExtensions = 0
 
static XrdSysError eDest (0,"proxy_")
 
XrdOucString EEcert = ""
 
XrdOucString EEkey = ""
 
bool Exists = 0
 
XrdCryptoFactorygCryptoFactory = 0
 
XrdCryptoX509GetVOMSAttr_t GetVOMSAttr = 0
 
const char * gModesStr []
 
XrdOucTracegsiTrace = 0
 
static XrdSysLogger Logger
 
int Mode = kM_undef
 
XrdCryptoX509ParseFile_t ParseFile = 0
 
int PathLength = 0
 
XrdCryptoProxyCertInfo_t ProxyCertInfo = 0
 
XrdOucString PXcert = ""
 
XrdOucString Valid = "12:00"
 

Macro Definition Documentation

◆ PRT

#define PRT (   x)    {std::cerr <<x <<std::endl;}

Definition at line 64 of file XrdSecgsiProxy.cc.

Enumeration Type Documentation

◆ kModes

enum kModes
Enumerator
kM_undef 
kM_init 
kM_info 
kM_destroy 
kM_help 

Definition at line 68 of file XrdSecgsiProxy.cc.

68 {
69 kM_undef = 0,
70 kM_init = 1,
71 kM_info,
74};
@ kM_destroy
@ kM_undef
@ kM_info
@ kM_help
@ kM_init

Function Documentation

◆ CheckOption()

bool CheckOption ( XrdOucString  opt,
const char *  ref,
int &  ival 
)

Definition at line 677 of file XrdSecgsiProxy.cc.

678{
679 // Check opt against ref
680 // Return 1 if ok, 0 if not
681 // Fills ival = 1 if match is exact
682 // ival = 0 if match is exact with no<ref>
683 // ival = -1 in the other cases
684 bool rc = 0;
685
686 int lref = (ref) ? strlen(ref) : 0;
687 if (!lref)
688 return rc;
689 XrdOucString noref = ref;
690 noref.insert("no",0);
691
692 ival = -1;
693 if (opt == ref) {
694 ival = 1;
695 rc = 1;
696 } else if (opt == noref) {
697 ival = 0;
698 rc = 1;
699 }
700
701 return rc;
702}
void insert(const int i, int start=-1)

References XrdOucString::insert().

Referenced by ParseArguments().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Display()

void Display ( XrdCryptoX509 xp)

Definition at line 704 of file XrdSecgsiProxy.cc.

705{
706 // display content of proxy certificate
707
708 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
709 if (!xp) {
710 PRT(" Empty certificate! ");
711 return;
712 }
713
714 // File
715 PRT("file : "<<PXcert);
716 // Type
717 if (xp->type != XrdCryptoX509::kProxy) {
718 PRT("type : "<<xp->Type());
719 } else {
720 PRT("type : "<<xp->Type()<<" ("<<xp->ProxyType()<<")");
721 }
722
723 // Issuer
724 PRT("issuer : "<<xp->Issuer());
725 // Subject
726 PRT("subject : "<<xp->Subject());
727 // Path length field
728 int pathlen = 0; bool b;
730 (*ProxyCertInfo)(xp->GetExtension(gsiProxyCertInfo_OID), pathlen, &b);
731 else
733 PRT("path length : "<<pathlen);
734 // Key strength
735 PRT("bits : "<<xp->BitStrength());
736 // Time left
737 int now = int(time(0)) - XrdCryptoTZCorr();
738 int tl = xp->NotAfter() - now;
739 int hh = (tl >= 3600) ? (tl/3600) : 0; tl -= (hh*3600);
740 int mm = (tl >= 60) ? (tl/60) : 0; tl -= (mm*60);
741 int ss = (tl >= 0) ? tl : 0;
742 PRT("time left : "<<hh<<"h:"<<mm<<"m:"<<ss<<"s");
743 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
744 // Show VOMS attributes, if any
745 XrdOucString vatts, vat;
746 if ((*GetVOMSAttr)(xp, vatts) == 0) {
747 int from = 0;
748 while ((from = vatts.tokenize(vat, from, ',')) != -1) {
749 if (vat.length() > 0) PRT("VOMS attributes: "<<vat);
750 }
751 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
752 }
753 // Dump extensions if requested
754 if (DumpExtensions) {
756 xp->DumpExtensions(0);
757 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
758 }
759}
time_t XrdCryptoTZCorr()
#define cryptoTRACE_Debug
#define gsiProxyCertInfo_OID
#define gsiProxyCertInfo_OLD_OID
XrdCryptoProxyCertInfo_t ProxyCertInfo
bool DumpExtensions
XrdCryptoX509GetVOMSAttr_t GetVOMSAttr
XrdOucString PXcert
#define PRT(x)
XrdCryptoFactory * gCryptoFactory
virtual void SetTrace(kXR_int32 trace)
virtual XrdCryptoX509data GetExtension(const char *oid)
virtual int BitStrength()
virtual const char * Subject()
virtual int DumpExtensions(bool=0)
const char * Type(EX509Type t=kUnknown) const
virtual const char * ProxyType() const
virtual const char * Issuer()
virtual time_t NotAfter()
int length() const
int tokenize(XrdOucString &tok, int from, char del=':')

References XrdCryptoX509::BitStrength(), cryptoTRACE_Debug, XrdCryptoX509::DumpExtensions(), DumpExtensions, gCryptoFactory, XrdCryptoX509::GetExtension(), GetVOMSAttr, gsiProxyCertInfo_OID, gsiProxyCertInfo_OLD_OID, XrdCryptoX509::Issuer(), XrdCryptoX509::kProxy, XrdOucString::length(), XrdCryptoX509::NotAfter(), ProxyCertInfo, XrdCryptoX509::ProxyType(), PRT, PXcert, XrdCryptoFactory::SetTrace(), XrdCryptoX509::Subject(), XrdOucString::tokenize(), XrdCryptoX509::type, XrdCryptoX509::Type(), and XrdCryptoTZCorr().

+ Here is the call graph for this function:

◆ main()

int main ( int  argc,
char **  argv 
)

Definition at line 121 of file XrdSecgsiProxy.cc.

122{
123 // Test implemented functionality
124 int secValid = 0;
125 XrdProxyOpt_t pxopt;
126 XrdCryptogsiX509Chain *cPXp = 0;
127 XrdCryptoX509 *xPXp = 0, *xPXPp = 0;
128 XrdCryptoRSA *kPXp = 0;
129 int prc = 0;
130 int nci = 0;
131 int exitrc = 0;
132
133 // Parse arguments
134 if (ParseArguments(argc,argv)) {
135 exit(1);
136 }
137
138 //
139 // Initiate error logging and tracing
141 if (!gsiTrace)
142 gsiTrace = new XrdOucTrace(&eDest);
143 if (gsiTrace) {
144 if (Debug)
145 // Medium level
147 }
148 //
149 // Set debug flags in other modules
150 if (Debug) {
153 }
154
155 //
156 // Load the crypto factory
158 PRT(": cannot instantiate factory "<<CryptoMod);
159 exit(1);
160 }
161 if (Debug)
163
164 // Hooks for specific functionality
166 PRT("cannot attach to X509ParseFile function!");
167 exit(1);
168 }
170 PRT("cannot attach to X509CreateProxy function!");
171 exit(1);
172 }
174 PRT("cannot attach to ProxyCertInfo function!");
175 exit(1);
176 }
178 PRT("cannot attach to X509GetVOMSAttr function!");
179 exit(1);
180 }
181
182 //
183 // Depending on the mode
184 switch (Mode) {
185 case kM_help:
186 //
187 // We should not get here ... print the menu and go
188 Menu();
189 break;
190 case kM_init:
191 //
192 // Init proxies
193 secValid = XrdSutParseTime(Valid.c_str(), 1);
194 pxopt.bits = Bits;
195 pxopt.valid = secValid;
196 pxopt.depthlen = PathLength;
197 cPXp = new XrdCryptogsiX509Chain();
198 //
199 // Display info about existing proxies
200 prc = (*CreateProxy)(EEcert.c_str(), EEkey.c_str(), &pxopt,
201 cPXp, &kPXp, PXcert.c_str());
202 if (prc == 0) {
203 // The proxy is the first certificate
204 xPXp = cPXp->Begin();
205 if (xPXp) {
206 Display(xPXp);
207 } else {
208 PRT( ": proxy certificate not found");
209 }
210 } else {
211 PRT( ": problems creating proxy");
212 }
213 break;
214 case kM_destroy:
215 //
216 // Destroy existing proxies
217 if (unlink(PXcert.c_str()) == -1) {
218 perror("xrdgsiproxy");
219 }
220
221 break;
222 case kM_info:
223 //
224 // Display info about existing proxies
225 // Parse the proxy file
226 cPXp = new XrdCryptogsiX509Chain();
227 nci = (*ParseFile)(PXcert.c_str(), cPXp, 0);
228 if (nci < 2) {
229 if (Exists) {
230 exitrc = 1;
231 } else {
232 PRT("proxy files must have at least two certificates"
233 " (found only: "<<nci<<")");
234 }
235 break;
236 }
237 // The proxy is the first certificate
238 xPXp = cPXp->Begin();
239 if (xPXp) {
240 if (!Exists) {
241 Display(xPXp);
242 if (strstr(xPXp->Subject(), "CN=limited proxy")) {
243 xPXPp = cPXp->SearchBySubject(xPXp->Issuer());
244 if (xPXPp) {
245 Display(xPXPp);
246 } else {
247 PRT("WARNING: found 'limited proxy' but not the associated proxy!");
248 }
249 }
250 } else {
251 // Check time validity
252 secValid = XrdSutParseTime(Valid.c_str(), 1);
253 int tl = xPXp->NotAfter() -(int)time(0);
254 if (Debug)
255 PRT("secValid: " << secValid<< ", tl: "<<tl<<", ClockSkew:"<<ClockSkew);
256 if (secValid > tl + ClockSkew) {
257 exitrc = 1;
258 break;
259 }
260 // Check bit strenght
261 if (Debug)
262 PRT("BitStrength: " << xPXp->BitStrength()<< ", Bits: "<<Bits);
263 if (xPXp->BitStrength() < Bits) {
264 exitrc = 1;
265 break;
266 }
267 }
268 } else {
269 if (Exists) {
270 exitrc = 1;
271 } else {
272 PRT( ": proxy certificate not found");
273 }
274 }
275 break;
276 default:
277 //
278 // Print menu
279 Menu();
280 }
281
282 exit(exitrc);
283}
void Display()
Definition XrdCks.cc:56
#define TRACE_Debug
void XrdCryptoSetTrace(kXR_int32 trace)
#define unlink(a)
Definition XrdPosix.hh:113
#define TRACE_Authen
int Bits
XrdCryptoX509ParseFile_t ParseFile
int Mode
static XrdSysError eDest(0,"proxy_")
int PathLength
XrdOucString Valid
static XrdSysLogger Logger
XrdCryptoX509CreateProxy_t CreateProxy
int ClockSkew
bool Debug
int ParseArguments(int argc, char **argv)
XrdOucTrace * gsiTrace
bool Exists
XrdOucString CryptoMod
XrdOucString EEcert
XrdOucString EEkey
void Menu()
int XrdSutParseTime(const char *tstr, int opt)
Definition XrdSutAux.cc:540
void XrdSutSetTrace(kXR_int32 trace)
Definition XrdSutAux.cc:93
#define sutTRACE_Debug
Definition XrdSutAux.hh:99
virtual XrdCryptoX509ParseFile_t X509ParseFile()
virtual XrdCryptoX509CreateProxy_t X509CreateProxy()
virtual XrdCryptoX509GetVOMSAttr_t X509GetVOMSAttr()
virtual XrdCryptoProxyCertInfo_t ProxyCertInfo()
static XrdCryptoFactory * GetCryptoFactory(const char *factoryname)
const char * c_str() const
XrdSysLogger * logger(XrdSysLogger *lp=0)

References XrdProxyOpt_t::bits, Bits, XrdCryptoX509::BitStrength(), XrdOucString::c_str(), ClockSkew, CreateProxy, CryptoMod, cryptoTRACE_Debug, Debug, XrdProxyOpt_t::depthlen, Display(), eDest, EEcert, EEkey, Exists, gCryptoFactory, XrdCryptoFactory::GetCryptoFactory(), GetVOMSAttr, gsiTrace, XrdCryptoX509::Issuer(), kM_destroy, kM_help, kM_info, kM_init, Logger, XrdSysError::logger(), Menu(), Mode, XrdCryptoX509::NotAfter(), ParseArguments(), ParseFile, PathLength, XrdCryptoFactory::ProxyCertInfo(), ProxyCertInfo, PRT, PXcert, XrdCryptoFactory::SetTrace(), XrdCryptoX509::Subject(), sutTRACE_Debug, TRACE_Authen, TRACE_Debug, unlink, XrdProxyOpt_t::valid, Valid, XrdOucTrace::What, XrdCryptoFactory::X509CreateProxy(), XrdCryptoFactory::X509GetVOMSAttr(), XrdCryptoFactory::X509ParseFile(), XrdCryptoSetTrace(), XrdSutParseTime(), and XrdSutSetTrace().

+ Here is the call graph for this function:

◆ Menu()

void Menu ( )

Definition at line 629 of file XrdSecgsiProxy.cc.

630{
631 // Print the menu
632
633 PRT(" ");
634 PRT(" xrdgsiproxy: application to manage GSI proxies ");
635 PRT(" ");
636 PRT(" Syntax:");
637 PRT(" ");
638 PRT(" xrdgsiproxy [-h] [<mode>] [options] ");
639 PRT(" ");
640 PRT(" ");
641 PRT(" -h display this menu");
642 PRT(" ");
643 PRT(" mode (info, init, destroy) [info]");
644 PRT(" ");
645 PRT(" info: display content of existing proxy file");
646 PRT(" ");
647 PRT(" init: create proxy certificate and related proxy file");
648 PRT(" ");
649 PRT(" destroy: delete existing proxy file");
650 PRT(" ");
651 PRT(" options:");
652 PRT(" ");
653 PRT(" -debug Print more information while running this"
654 " query (use if something goes wrong) ");
655 PRT(" ");
656 PRT(" -f,-file,-out <file> Non-standard location of proxy file");
657 PRT(" ");
658 PRT(" init mode only:");
659 PRT(" ");
660 PRT(" -certdir <dir> Non-standard location of directory"
661 " with information about known CAs");
662 PRT(" -cert <file> Non-standard location of certificate"
663 " for which proxies are wanted");
664 PRT(" -key <file> Non-standard location of the private"
665 " key to be used to sign the proxy");
666 PRT(" -bits <bits> strength in bits of the key [2048]");
667 PRT(" -valid <hh:mm> Time validity of the proxy certificate [12:00]");
668 PRT(" -path-length <len> max number of descendent levels below"
669 " this proxy [0] ");
670 PRT(" -e,-exists [options] returns 0 if valid proxy exists, 1 otherwise;");
671 PRT(" valid options: '-valid <hh:mm>', -bits <bits>");
672 PRT(" -clockskew <secs> max clock-skewness allowed when checking time validity [30 secs]");
673 PRT(" -extensions low-level dump of certificate extensions");
674 PRT(" ");
675}

References PRT.

Referenced by main(), and ParseArguments().

+ Here is the caller graph for this function:

◆ ParseArguments()

int ParseArguments ( int  argc,
char **  argv 
)

Definition at line 285 of file XrdSecgsiProxy.cc.

286{
287 // Parse application arguments filling relevant global variables
288
289 // Number of arguments
290 if (argc < 0 || !argv[0]) {
291 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
292 PRT("+ Insufficient number or arguments! +");
293 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
294 // Print main menu
295 Menu();
296 return 1;
297 }
298 --argc;
299 ++argv;
300
301 //
302 // Loop over arguments
303 while ((argc >= 0) && (*argv)) {
304
305 XrdOucString opt = "";
306 int ival = -1;
307 if(*(argv)[0] == '-') {
308
309 opt = *argv;
310 opt.erase(0,1);
311 if (CheckOption(opt,"h",ival) || CheckOption(opt,"help",ival) ||
312 CheckOption(opt,"menu",ival)) {
313 Mode = kM_help;
314 } else if (CheckOption(opt,"debug",ival)) {
315 Debug = ival;
316 } else if (CheckOption(opt,"e",ival)) {
317 Exists = 1;
318 } else if (CheckOption(opt,"exists",ival)) {
319 Exists = 1;
320 } else if (CheckOption(opt,"f",ival)) {
321 --argc;
322 ++argv;
323 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
324 PXcert = *argv;
325 } else {
326 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
327 PRT("+ Option '-f' requires a proxy file name: ignoring +");
328 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
329 argc++;
330 argv--;
331 }
332 } else if (CheckOption(opt,"file",ival)) {
333 --argc;
334 ++argv;
335 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
336 PXcert = *argv;
337 } else {
338 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
339 PRT("+ Option '-file' requires a proxy file name: ignoring +");
340 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
341 argc++;
342 argv--;
343 }
344 } else if (CheckOption(opt,"out",ival)) {
345 --argc;
346 ++argv;
347 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
348 PXcert = *argv;
349 } else {
350 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
351 PRT("+ Option '-out' requires a proxy file name: ignoring +");
352 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
353 argc++;
354 argv--;
355 }
356 } else if (CheckOption(opt,"cert",ival)) {
357 --argc;
358 ++argv;
359 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
360 EEcert = *argv;
361 } else {
362 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
363 PRT("+ Option '-cert' requires a cert file name: ignoring +");
364 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
365 argc++;
366 argv--;
367 }
368 } else if (CheckOption(opt,"key",ival)) {
369 --argc;
370 ++argv;
371 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
372 EEkey = *argv;
373 } else {
374 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
375 PRT("+ Option '-key' requires a key file name: ignoring +");
376 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
377 argc++;
378 argv--;
379 }
380 } else if (CheckOption(opt,"certdir",ival)) {
381 --argc;
382 ++argv;
383 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
384 CAdir = *argv;
385 } else {
386 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
387 PRT("+ Option '-certdir' requires a dir path: ignoring +");
388 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
389 argc++;
390 argv--;
391 }
392 } else if (CheckOption(opt,"valid",ival)) {
393 --argc;
394 ++argv;
395 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
396 Valid = *argv;
397 } else {
398 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
399 PRT("+ Option '-valid' requires a time string: ignoring +");
400 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
401 argc++;
402 argv--;
403 }
404 } else if (CheckOption(opt,"path-length",ival)) {
405 --argc;
406 ++argv;
407 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
408 PathLength = strtol(*argv,0,10);
409 if (PathLength < -1 || errno == ERANGE) {
410 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
411 PRT("+ Option '-path-length' requires a number >= -1: ignoring +");
412 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
413 argc++;
414 argv--;
415 }
416 } else {
417 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
418 PRT("+ Option '-path-length' requires a number >= -1: ignoring +");
419 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
420 argc++;
421 argv--;
422 }
423 } else if (CheckOption(opt,"bits",ival)) {
424 --argc;
425 ++argv;
426 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
427 Bits = strtol(*argv, 0, 10);
428 Bits = (Bits > 2048) ? Bits : 2048;
429 if (errno == ERANGE) {
430 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
431 PRT("+ Option '-bits' requires a number: ignoring +");
432 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
433 argc++;
434 argv--;
435 }
436 } else {
437 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
438 PRT("+ Option '-bits' requires a number: ignoring +");
439 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
440 argc++;
441 argv--;
442 }
443 } else if (CheckOption(opt,"clockskew",ival)) {
444 --argc;
445 ++argv;
446 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
447 ClockSkew = strtol(*argv, 0, 10);
448 if (ClockSkew < -1 || errno == ERANGE) {
449 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
450 PRT("+ Option '-clockskew' requires a number >= -1: ignoring +");
451 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
452 argc++;
453 argv--;
454 }
455 } else {
456 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
457 PRT("+ Option '-clockskew' requires a number >= -1: ignoring +");
458 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
459 argc++;
460 argv--;
461 }
462 } else if (CheckOption(opt,"extensions",ival)) {
463 DumpExtensions = 1;
464 } else {
465 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
466 PRT("+ Ignoring unrecognized option: "<<*argv);
467 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
468 }
469
470 } else {
471 //
472 // Mode keyword
473 opt = *argv;
474 if (CheckOption(opt,"init",ival)) {
475 Mode = kM_init;
476 } else if (CheckOption(opt,"info",ival)) {
477 Mode = kM_info;
478 } else if (CheckOption(opt,"destroy",ival)) {
480 } else if (CheckOption(opt,"help",ival)) {
481 Mode = kM_help;
482 } else {
483 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
484 PRT("+ Ignoring unrecognized keyword mode: "<<opt.c_str());
485 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
486 }
487 }
488 --argc;
489 ++argv;
490 }
491
492 //
493 // Default mode 'info'
494 Mode = (Mode == 0) ? kM_info : Mode;
495
496 //
497 // If help mode, print menu and exit
498 if (Mode == kM_help) {
499 // Print main menu
500 Menu();
501 return 1;
502 }
503
504 //
505 // we may need later
506 struct passwd *pw = 0;
507 XrdSysPwd thePwd;
508
509 //
510 // Check proxy file
511 if (PXcert.length() <= 0) {
512 // Use defaults
513 if (!pw && !(pw = thePwd.Get(getuid()))) {
514 // Cannot get info about current user
515 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
516 PRT("+ Cannot get info about current user - exit ");
517 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
518 return 1;
519 }
520 // Build proxy file name
521 PXcert = DefPXcert + (int)(pw->pw_uid);
522 }
523 //
524 // Expand Path
526 // Get info
527 struct stat st;
528 if (stat(PXcert.c_str(),&st) != 0) {
529 if (errno != ENOENT) {
530 // Path exists but we cannot access it - exit
531 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
532 PRT("+ Cannot access requested proxy file: "<<PXcert.c_str());
533 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
534 return 1;
535 } else {
536 if (Mode != kM_init) {
537 // Path exists but we cannot access it - exit
538 if (!Exists) {
539 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
540 PRT("+ proxy file: "<<PXcert.c_str()<<" not found");
541 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
542 }
543 return 1;
544 }
545 }
546 }
547
548 //
549 // The following applies in 'init' mode only
550 if (Mode == kM_init) {
551 //
552 // Check certificate file
553 if (EEcert.length()) {
554 //
555 // Expand Path
557 // Get info
558 if (stat(EEcert.c_str(),&st) != 0) {
559 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
560 PRT("+ Cannot access certificate file: "<<EEcert.c_str());
561 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
562 return 1;
563 }
564 } else {
565 // Use defaults
566 if (!pw && !(pw = thePwd.Get(getuid()))) {
567 // Cannot get info about current user
568 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
569 PRT("+ Cannot get info about current user - exit ");
570 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
571 return 1;
572 }
575 if (stat(EEcert.c_str(),&st) != 0) {
576 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
577 PRT("+ Cannot access certificate file: "<<EEcert.c_str());
578 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
579 return 1;
580 }
581 }
582 //
583 // Check key file
584 if (EEkey.length()) {
585 //
586 // Expand Path
588 // Get info
589 if (stat(EEkey.c_str(),&st) != 0) {
590 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
591 PRT("+ Cannot access private key file: "<<EEkey.c_str());
592 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
593 return 1;
594 }
595 } else {
596 // Use defaults
597 if (!pw && !(pw = thePwd.Get(getuid()))) {
598 // Cannot get info about current user
599 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
600 PRT("+ Cannot get info about current user - exit ");
601 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
602 return 1;
603 }
604 EEkey = DefEEkey;
605 EEkey.insert(XrdSutHome(), 0);
606 if (stat(EEkey.c_str(),&st) != 0) {
607 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
608 PRT("+ Cannot access private key file: "<<EEkey.c_str());
609 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
610 return 1;
611 }
612 }
613 // Check permissions
614 if (!S_ISREG(st.st_mode) || S_ISDIR(st.st_mode) ||
615 (st.st_mode & (S_IWGRP | S_IWOTH)) != 0 ||
616 (st.st_mode & (S_IRGRP | S_IROTH)) != 0) {
617 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
618 PRT("+ Wrong permissions for file: "<<EEkey.c_str()<< " (should be 0600)");
619 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
620 return 1;
621 }
622 }
623
624 return 0;
625}
#define stat(a, b)
Definition XrdPosix.hh:101
bool CheckOption(XrdOucString opt, const char *ref, int &ival)
XrdOucString CAdir
XrdOucString DefPXcert
XrdOucString DefEEcert
XrdOucString DefEEkey
int XrdSutExpand(XrdOucString &path)
Definition XrdSutAux.cc:366
const char * XrdSutHome()
Definition XrdSutAux.cc:465
int erase(int start=0, int size=0)
struct passwd * Get(const char *Usr)
Definition XrdSysPwd.hh:42

References Bits, XrdOucString::c_str(), CAdir, CheckOption(), ClockSkew, Debug, DefEEcert, DefEEkey, DefPXcert, DumpExtensions, EEcert, EEkey, XrdOucString::erase(), Exists, XrdSysPwd::Get(), XrdOucString::insert(), kM_destroy, kM_help, kM_info, kM_init, XrdOucString::length(), Menu(), Mode, PathLength, PRT, PXcert, stat, Valid, XrdSutExpand(), and XrdSutHome().

Referenced by main().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Variable Documentation

◆ Bits

int Bits = 2048

Definition at line 113 of file XrdSecgsiProxy.cc.

Referenced by main(), and ParseArguments().

◆ CAdir

XrdOucString CAdir = "/etc/grid-security/certificates/"

Definition at line 104 of file XrdSecgsiProxy.cc.

Referenced by XrdSecProtocolgsi::Init(), and ParseArguments().

◆ ClockSkew

int ClockSkew = 30

Definition at line 115 of file XrdSecgsiProxy.cc.

Referenced by main(), and ParseArguments().

◆ CreateProxy

XrdCryptoX509CreateProxy_t CreateProxy = 0

Definition at line 101 of file XrdSecgsiProxy.cc.

Referenced by main().

◆ CRLdir

XrdOucString CRLdir = "/etc/grid-security/certificates/"

Definition at line 105 of file XrdSecgsiProxy.cc.

Referenced by XrdSecProtocolgsi::Init().

◆ CryptoMod

XrdOucString CryptoMod = "ssl"

Definition at line 99 of file XrdSecgsiProxy.cc.

Referenced by XrdSecProtocolgsi::getCredentials(), and main().

◆ Debug

◆ DefEEcert

XrdOucString DefEEcert = "/.globus/usercert.pem"

Definition at line 106 of file XrdSecgsiProxy.cc.

Referenced by ParseArguments().

◆ DefEEkey

XrdOucString DefEEkey = "/.globus/userkey.pem"

Definition at line 107 of file XrdSecgsiProxy.cc.

Referenced by ParseArguments().

◆ DefPXcert

XrdOucString DefPXcert = "/tmp/x509up_u"

Definition at line 108 of file XrdSecgsiProxy.cc.

Referenced by ParseArguments().

◆ DumpExtensions

bool DumpExtensions = 0

Definition at line 96 of file XrdSecgsiProxy.cc.

Referenced by Display(), and ParseArguments().

◆ eDest

XrdSysError eDest(0,"proxy_") ( ,
"proxy_"   
)
static

Referenced by main().

◆ EEcert

XrdOucString EEcert = ""

Definition at line 109 of file XrdSecgsiProxy.cc.

Referenced by main(), and ParseArguments().

◆ EEkey

XrdOucString EEkey = ""

Definition at line 110 of file XrdSecgsiProxy.cc.

Referenced by main(), and ParseArguments().

◆ Exists

bool Exists = 0

◆ gCryptoFactory

XrdCryptoFactory* gCryptoFactory = 0

Definition at line 98 of file XrdSecgsiProxy.cc.

Referenced by Display(), and main().

◆ GetVOMSAttr

XrdCryptoX509GetVOMSAttr_t GetVOMSAttr = 0

Definition at line 102 of file XrdSecgsiProxy.cc.

Referenced by Display(), and main().

◆ gModesStr

const char* gModesStr[]
Initial value:
= {
"kM_undef",
"kM_init",
"kM_info",
"kM_destroy",
"kM_help"
}

Definition at line 75 of file XrdSecgsiProxy.cc.

75 {
76 "kM_undef",
77 "kM_init",
78 "kM_info",
79 "kM_destroy",
80 "kM_help"
81};

◆ gsiTrace

XrdOucTrace* gsiTrace = 0

Definition at line 119 of file XrdSecgsiProxy.cc.

Referenced by main().

◆ Logger

XrdSysLogger Logger
static

Definition at line 117 of file XrdSecgsiProxy.cc.

Referenced by main().

◆ Mode

◆ ParseFile

XrdCryptoX509ParseFile_t ParseFile = 0

Definition at line 100 of file XrdSecgsiProxy.cc.

Referenced by main().

◆ PathLength

int PathLength = 0

Definition at line 114 of file XrdSecgsiProxy.cc.

Referenced by main(), and ParseArguments().

◆ ProxyCertInfo

XrdCryptoProxyCertInfo_t ProxyCertInfo = 0

Definition at line 103 of file XrdSecgsiProxy.cc.

Referenced by Display(), and main().

◆ PXcert

XrdOucString PXcert = ""

Definition at line 111 of file XrdSecgsiProxy.cc.

Referenced by Display(), main(), and ParseArguments().

◆ Valid