XRootD
Loading...
Searching...
No Matches
XrdSecTLayer Class Referenceabstract

#include <XrdSecTLayer.hh>

+ Inheritance diagram for XrdSecTLayer:
+ Collaboration diagram for XrdSecTLayer:

Public Types

enum  Initiator {
  isClient = 0 ,
  isServer
}
 

Public Member Functions

 XrdSecTLayer (const char *pName, Initiator who1st=isClient)
 
virtual int Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)
 
virtual void Delete ()=0
 Delete the protocol object. DO NOT use C++ delete() on this object.
 
virtual XrdSecCredentialsgetCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)
 
virtual void secClient (int theFD, XrdOucErrInfo *einfo)=0
 
virtual void secServer (int theFD, XrdOucErrInfo *einfo)=0
 
void secXeq ()
 
- Public Member Functions inherited from XrdSecProtocol
 XrdSecProtocol (const char *pName)
 Constructor.
 
virtual int Decrypt (const char *inbuff, int inlen, XrdSecBuffer **outbuff)
 
virtual int Encrypt (const char *inbuff, int inlen, XrdSecBuffer **outbuff)
 
virtual int getKey (char *buff=0, int size=0)
 
virtual bool needTLS ()
 Check if this protocol requires TLS to properly function.
 
virtual int setKey (char *buff, int size)
 
virtual int Sign (const char *inbuff, int inlen, XrdSecBuffer **outbuff)
 
virtual int Verify (const char *inbuff, int inlen, const char *sigbuff, int siglen)
 

Protected Member Functions

virtual ~XrdSecTLayer ()
 
- Protected Member Functions inherited from XrdSecProtocol
virtual ~XrdSecProtocol ()
 Destructor (prevents use of direct delete).
 

Protected Attributes

pthread_t secTid
 

Additional Inherited Members

- Public Attributes inherited from XrdSecProtocol
XrdSecEntity Entity
 

Detailed Description

Definition at line 64 of file XrdSecTLayer.hh.

Member Enumeration Documentation

◆ Initiator

Enumerator
isClient 
isServer 

Definition at line 74 of file XrdSecTLayer.hh.

Constructor & Destructor Documentation

◆ XrdSecTLayer()

XrdSecTLayer::XrdSecTLayer ( const char *  pName,
Initiator  who1st = isClient 
)

Definition at line 58 of file XrdSecTLayer.cc.

59 : XrdSecProtocol(pName),
60 secTid(0), mySem(0), Starter(who1st), myFD(-1), urFD(-1),
61 Tmax(275), Tcur(0), eCode(0), eText(0)
62{
63
64// Do the standard stuff
65//
66 memset((void *)&Hdr, 0, sizeof(Hdr));
67 strncpy(Hdr.protName,pName,sizeof(Hdr.protName)-1);
68}
pthread_t secTid

◆ ~XrdSecTLayer()

virtual XrdSecTLayer::~XrdSecTLayer ( )
inlineprotectedvirtual

Definition at line 122 of file XrdSecTLayer.hh.

122 {if (eText) {free(eText);eText=0;}
123 if (myFD>0) {close(myFD);myFD=-1;}
124 }
#define close(a)
Definition XrdPosix.hh:48

References close.

Member Function Documentation

◆ Authenticate()

int XrdSecTLayer::Authenticate ( XrdSecCredentials cred,
XrdSecParameters **  parms,
XrdOucErrInfo einfo = 0 
)
virtual

Authenticate a client.

Parameters
credCredentials supplied by the client.
parmsPlace where the address of additional authentication data is to be placed for another autrhentication handshake.
einfoThe error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr.
Returns
> 0 -> parms present (more authentication needed) = 0 -> Entity present (authentication suceeded) < 0 -> einfo present (error has occurred)

Implements XrdSecProtocol.

Definition at line 145 of file XrdSecTLayer.cc.

148{
149 char Buff[dataSz];
150 int Blen = 0, wrLen;
151 char *bP, Req;
152
153// If this is the first time call, perform boot-up sequence and start the flow
154//
155 eDest = einfo;
156 if (myFD < 0 && !bootUp(isServer)) return -1;
157
158// Get the request code
159//
160 if (cred->size < hdrSz) {secError("Invalid credentials",EBADMSG); return -1;}
161 Req = ((TLayerRR *)cred->buffer)->protCode;
162 wrLen= cred->size - hdrSz;
163
164// Perform required action
165// xfrData -> xfrData | endData if socket gets closed
166// endData -> noresponse
167//
168 switch(Req)
169 {case TLayerRR::xfrData:
170 if (wrLen > 0 && write(myFD, cred->buffer+hdrSz, wrLen) < 0)
171 {secError("Socket write failed", errno); return -1;}
172 Blen = Read(myFD, Buff, dataSz);
173 if (Blen < 0 && (Blen != -EPIPE) && (Blen != -ECONNRESET))
174 {secError("Socket read failed", -Blen); return 0;}
175 break;
176 case TLayerRR::endData: return (secDone() ? 0 : -1);
177 default: secError("Unknown parms request", EINVAL); return -1;
178 }
179
180// Set correct protocol code based on value in Blen and wrLen. Note that if
181// both are zero then we decrease the pace count and bail if it reaches zero.
182// Otherwise, we reset the pace count to it initial value. On the server side,
183// we defer the socket drain until we receive a endData notification.
184//
185 if (Blen < 0) {Blen = 0; Hdr.protCode = TLayerRR::endData;}
186 else if (Blen || wrLen) {Tcur = 0; Hdr.protCode = TLayerRR::xfrData;}
187 else if (++Tcur <= Tmax) Hdr.protCode = TLayerRR::xfrData;
188 else {Tcur = 0; Hdr.protCode = TLayerRR::endData;}
189
190// Return the credentials
191//
192 bP = (char *)malloc(hdrSz+Blen);
193 memcpy(bP, (char *)&Hdr, hdrSz);
194 if (Blen) memcpy(bP+hdrSz, Buff, Blen);
195 *parms = new XrdSecParameters(bP, hdrSz+Blen);
196
197 return 1;
198}
#define write(a, b, c)
Definition XrdPosix.hh:115
XrdSecBuffer XrdSecParameters
char * buffer
Pointer to the buffer.
int size
Size of the buffer or length of data in the buffer.

References XrdSecBuffer::buffer, isServer, XrdSecBuffer::size, and write.

◆ Delete()

virtual void XrdSecTLayer::Delete ( )
pure virtual

Delete the protocol object. DO NOT use C++ delete() on this object.

Implements XrdSecProtocol.

◆ getCredentials()

XrdSecCredentials * XrdSecTLayer::getCredentials ( XrdSecParameters parm = 0,
XrdOucErrInfo einfo = 0 
)
virtual

Generate client credentials to be used in the authentication process.

Parameters
parmPointer to the information returned by the server either in the initial login response or the authmore response.
einfoThe error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr.
Returns
Success: Pointer to credentials to sent to the server. The caller is responsible for deleting the object. Failure: Null pointer with einfo, if supplied, containing the reason for the failure.

Implements XrdSecProtocol.

Definition at line 77 of file XrdSecTLayer.cc.

79{
80 char Buff[dataSz];
81 int Blen = 0, wrLen = 0;
82 char *bP, Req = TLayerRR::xfrData;
83
84// If this is the first time call, perform boot-up sequence and start the flow
85//
86 eDest = einfo;
87 if (!parm)
88 {if (!bootUp(isClient)) return 0;
89 if (Starter == isServer)
90 {Hdr.protCode = TLayerRR::xfrData;
91 bP = (char *)malloc(hdrSz);
92 memcpy(bP, (char *)&Hdr, hdrSz);
93 return new XrdSecCredentials(bP, hdrSz);
94 }
95 } else {
96 if (parm->size < hdrSz)
97 {secError("Invalid parms length", EPROTO);
98 return 0;
99 }
100 Req = ((TLayerRR *)parm->buffer)->protCode;
101 wrLen= parm->size - hdrSz;
102 }
103
104// Perform required action
105// xfrData -> xfrData | endData if socket gets closed
106// endData -> endData if socket still open else protocol error
107//
108 switch(Req)
109 {case TLayerRR::xfrData:
110 if (wrLen > 0 && write(myFD, parm->buffer+hdrSz, wrLen) < 0)
111 {secError("Socket write failed", errno); return 0;}
112 Blen = Read(myFD, Buff, dataSz);
113 if (Blen < 0 && (Blen != -EPIPE) && (Blen != -ECONNRESET))
114 {secError("Socket read failed", -Blen); return 0;}
115 break;
116 case TLayerRR::endData:
117 if (myFD < 0) {secError("Protocol violation", EPROTO); return 0;}
118 Blen = -1;
119 break;
120 default: secError("Unknown parms request", EINVAL); return 0;
121 }
122
123// Set correct protocol code based on value in Blen. On the client side we
124// check for proper completion upon socket close or when we get endData.
125// Note that we apply self-pacing here as well since either side can pace,
126//
127 if (Blen < 0) {if (!secDone()) return 0;
128 Blen = 0; Hdr.protCode = TLayerRR::endData;}
129 else if (Blen || wrLen) {Tcur = 0; Hdr.protCode = TLayerRR::xfrData;}
130 else if (++Tcur <= Tmax) Hdr.protCode = TLayerRR::xfrData;
131 else {Tcur = 0; Hdr.protCode = TLayerRR::endData;}
132
133// Return the credentials
134//
135 bP = (char *)malloc(hdrSz+Blen);
136 memcpy(bP, (char *)&Hdr, hdrSz);
137 if (Blen) memcpy(bP+hdrSz, Buff, Blen);
138 return new XrdSecCredentials(bP, hdrSz+Blen);
139}
XrdSecBuffer XrdSecCredentials

References XrdSecBuffer::buffer, isClient, isServer, XrdSecBuffer::size, and write.

◆ secClient()

virtual void XrdSecTLayer::secClient ( int  theFD,
XrdOucErrInfo einfo 
)
pure virtual

Referenced by secXeq().

+ Here is the caller graph for this function:

◆ secServer()

virtual void XrdSecTLayer::secServer ( int  theFD,
XrdOucErrInfo einfo 
)
pure virtual

Referenced by secXeq().

+ Here is the caller graph for this function:

◆ secXeq()

void XrdSecTLayer::secXeq ( )

Definition at line 341 of file XrdSecTLayer.cc.

342{
343 XrdOucErrInfo einfo;
344 const char *Msg;
345
346// Initiate the protocol
347//
348 if (Responder == XrdSecTLayer::isClient) secClient(urFD, &einfo);
349 else secServer(urFD, &einfo);
350// Extract out the completion code
351//
352 Msg = einfo.getErrText(eCode);
353 if (eText) {free(eText); eText = 0;}
354 if (eCode) eText = strdup(Msg ? Msg : "Authentication failed");
355
356// Indicate we are done
357//
358 if (urFD>0) close(urFD);
359 urFD = -1;
360 mySem.Post();
361}
const char * getErrText()
virtual void secClient(int theFD, XrdOucErrInfo *einfo)=0
virtual void secServer(int theFD, XrdOucErrInfo *einfo)=0

References close, XrdOucErrInfo::getErrText(), isClient, XrdSysSemaphore::Post(), secClient(), and secServer().

Referenced by XrdSecTLayerBootUp().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Member Data Documentation

◆ secTid

pthread_t XrdSecTLayer::secTid
protected

Definition at line 120 of file XrdSecTLayer.hh.


The documentation for this class was generated from the following files: