65 #define XrdSecPROTOIDENT "gsi"
66 #define XrdSecPROTOIDLEN sizeof(XrdSecPROTOIDENT)
67 #define XrdSecgsiVERSION 10600
68 #define XrdSecNOIPCHK 0x0001
69 #define XrdSecDEBUG 0x1000
70 #define XrdCryptoMax 10
72 #define kMAXBUFLEN 1024
75 #define XrdSecgsiVersDHsigned 10400 // Version at which started signing
77 #define XrdSecgsiVersCertKey 10600 // Version at which started supporting
150 #define REL1(x) { if (x) delete x; }
151 #define REL2(x,y) { if (x) delete x; if (y) delete y; }
152 #define REL3(x,y,z) { if (x) delete x; if (y) delete y; if (z) delete z; }
154 #define SafeDelete(x) { if (x) {delete x ; x = 0;} }
155 #define SafeDelArray(x) { if (x) {delete [] x ; x = 0;} }
156 #define SafeFree(x) { if (x) {free(x) ; x = 0;} }
159 typedef char *(*XrdSecgsiGMAP_t)(
const char *, int);
259 char k[40]; snprintf(k, 40,
"%p", t);
266 char k[40]; snprintf(k, 40,
"%p", t);
293 const char *parms = 0);
302 int Encrypt(
const char *inbuf,
int inlen,
304 int Decrypt(
const char *inbuf,
int inlen,
307 int Sign(
const char *inbuf,
int inlen,
309 int Verify(
const char *inbuf,
int inlen,
310 const char *sigbuf,
int siglen);
313 int getKey(
char *kbuf=0,
int klen=0);
315 int setKey(
char *kbuf,
int klen);
385 static std::unique_ptr<GSIStack<XrdCryptoX509Crl>>
stackCRL;
442 static int GetCA(
const char *cahash,
451 time_t timestamp,
String &cal);
466 const char *msg1,
const char *msg2 = 0,
467 const char *msg3 = 0);
471 const char *msg2 = 0,
const char *msg3 = 0);
475 const char *msg2 = 0,
const char *msg3 = 0);
489 LoadGMAPFun(
const char *plugin,
const char *parms);
491 LoadAuthzFun(
const char *plugin,
const char *parms,
int &fmt);
493 LoadVOMSFun(
const char *plugin,
const char *parms,
int &fmt);
short debug
Definition: XrdSecProtocolgsi.hh:173
int ParseClientInput(XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg)
int ParseCrypto(String cryptlist)
Definition: XrdSecProtocolgsi.hh:144
char * proxy
Definition: XrdSecProtocolgsi.hh:188
int authzpxy
Definition: XrdSecProtocolgsi.hh:207
XrdSutBucket * bucketKey
Definition: XrdSecProtocolgsi.hh:405
static std::unique_ptr< GSIStack< XrdCryptoX509Crl > > stackCRL
Definition: XrdSecProtocolgsi.hh:385
Definition: XrdCryptoRSA.hh:50
static XrdOucTrace * GSITrace
Definition: XrdSecProtocolgsi.hh:399
int Decrypt(const char *inbuf, int inlen, XrdSecBuffer **outbuf)
Definition: XrdSecProtocolgsi.hh:103
static int DepLength
Definition: XrdSecProtocolgsi.hh:334
Definition: XrdSutCache.hh:49
static XrdSecgsiVOMS_t LoadVOMSFun(const char *plugin, const char *parms, int &fmt)
Definition: XrdCryptoMsgDigest.hh:46
int Authenticate(XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)
XrdSutBuffer * Parms
Definition: XrdSecProtocolgsi.hh:521
Definition: XrdCryptoCipher.hh:47
Definition: XrdSecProtocolgsi.hh:126
int ClientDoPxyreq(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
static String DefCipher
Definition: XrdSecProtocolgsi.hh:341
Definition: XrdSecProtocolgsi.hh:94
bool HasPad
Definition: XrdSecProtocolgsi.hh:508
int Encrypt(const char *inbuf, int inlen, XrdSecBuffer **outbuf)
Definition: XrdSecProtocolgsi.hh:138
char * authzfun
Definition: XrdSecProtocolgsi.hh:196
XrdSecgsiAuthz_t XrdSecgsiVOMS_t
Definition: XrdSecProtocolgsi.hh:164
int Sign(const char *inbuf, int inlen, XrdSecBuffer **outbuf)
static XrdSysLogger Logger
Definition: XrdSecProtocolgsi.hh:397
virtual ~XrdSecProtocolgsi()
Definition: XrdSecProtocolgsi.hh:294
static String CAdir
Definition: XrdSecProtocolgsi.hh:325
Definition: XrdSecProtocolgsi.hh:139
static String UsrProxy
Definition: XrdSecProtocolgsi.hh:330
char * valid
Definition: XrdSecProtocolgsi.hh:189
static int TimeSkew
Definition: XrdSecProtocolgsi.hh:394
Definition: XrdSutCacheEntry.hh:99
Definition: XrdSecProtocolgsi.hh:132
static bool TrustDNS
Definition: XrdSecProtocolgsi.hh:363
char mode
Definition: XrdSecProtocolgsi.hh:174
kgsiHandshakeOpts
Definition: XrdSecProtocolgsi.hh:107
Definition: XrdSecProtocolgsi.hh:130
Definition: XrdSecProtocolgsi.hh:133
int(* XrdSecgsiAuthz_t)(XrdSecEntity &)
Definition: XrdSecProtocolgsi.hh:160
int bits
Definition: XrdSecProtocolgsi.hh:251
int hashcomp
Definition: XrdSecProtocolgsi.hh:213
Definition: XrdSecProtocolgsi.hh:131
void FreeEntity(XrdSecEntity *in)
static bool VerifyCA(int opt, X509Chain *cca, XrdCryptoFactory *cf)
Definition: XrdSecProtocolgsi.hh:135
Definition: XrdSecProtocolgsi.hh:93
Definition: XrdSecProtocolgsi.hh:100
static int GetCA(const char *cahash, XrdCryptoFactory *cryptof, gsiHSVars *hs=0)
static String UsrKey
Definition: XrdSecProtocolgsi.hh:332
static String SrvKey
Definition: XrdSecProtocolgsi.hh:329
XrdSecgsiAuthzInit_t XrdSecgsiVOMSInit_t
Definition: XrdSecProtocolgsi.hh:165
bool CheckTimeStamp(XrdSutBuffer *b, int skew, String &emsg)
char * authzfunparms
Definition: XrdSecProtocolgsi.hh:197
static String DefMD
Definition: XrdSecProtocolgsi.hh:342
Definition: XrdSecInterface.hh:130
Definition: XrdSecProtocolgsi.hh:143
#define SafeDelete(x)
Definition: XrdSecProtocolgsi.hh:154
XrdCryptoCipher * sessionKey
Definition: XrdSecProtocolgsi.hh:404
static bool GMAPuseDNname
Definition: XrdSecProtocolgsi.hh:346
X509Chain * proxyChain
Definition: XrdSecProtocolgsi.hh:409
Definition: XrdSecProtocolgsi.hh:146
Definition: XrdSecProtocolgsi.hh:142
const char * cert
Definition: XrdSecProtocolgsi.hh:245
int Options
Definition: XrdSecProtocolgsi.hh:519
Definition: XrdSecProtocolgsi.hh:85
static int cryptID[XrdCryptoMax]
Definition: XrdSecProtocolgsi.hh:369
static XrdOucGMap * servGMap
Definition: XrdSecProtocolgsi.hh:381
Definition: XrdSecProtocolgsi.hh:112
static XrdSecgsiAuthzKey_t AuthzKey
Definition: XrdSecProtocolgsi.hh:350
int(* XrdSecgsiAuthzInit_t)(const char *)
Definition: XrdSecProtocolgsi.hh:161
String ID
Definition: XrdSecProtocolgsi.hh:510
XrdCryptoCipher * Rcip
Definition: XrdSecProtocolgsi.hh:507
static XrdSecgsiGMAP_t GMAPFun
Definition: XrdSecProtocolgsi.hh:348
char * md
Definition: XrdSecProtocolgsi.hh:184
static XrdSutCache cachePxy
Definition: XrdSecProtocolgsi.hh:376
static int Debug
Definition: XrdSecProtocolgsi.hh:392
void Print(XrdOucTrace *t)
Definition: XrdSecProtocolgsi.hh:136
Definition: XrdSecProtocolgsi.hh:125
Definition: XrdSecProtocolgsi.hh:101
X509Chain * Chain
Definition: XrdSecProtocolgsi.hh:513
Definition: XrdSecProtocolgsi.hh:123
XrdSecCredentials * ErrC(XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
Definition: XrdSutBuffer.hh:43
int HashAlg
Definition: XrdSecProtocolgsi.hh:520
static String cryptName[XrdCryptoMax]
Definition: XrdSecProtocolgsi.hh:370
static String DefCrypto
Definition: XrdSecProtocolgsi.hh:340
XrdCryptoRSA * sessionKver
Definition: XrdSecProtocolgsi.hh:408
int AddSerialized(char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip)
static XrdSysMutex mutexGMAP
Definition: XrdSecProtocolgsi.hh:389
int crlrefresh
Definition: XrdSecProtocolgsi.hh:187
static int AuthzPxyWhat
Definition: XrdSecProtocolgsi.hh:354
Definition: XrdSecProtocolgsi.hh:90
Definition: XrdOucTrace.hh:35
Definition: XrdSysError.hh:89
static void QueryGMAP(XrdCryptoX509Chain *chain, int now, String &name)
char * key
Definition: XrdSecProtocolgsi.hh:181
static XrdSysMutex gsiContext
Definition: XrdSecProtocolgsi.hh:324
static XrdCryptoX509Crl * LoadCRL(XrdCryptoX509 *xca, const char *sjhash, XrdCryptoFactory *CF, int dwld, int &err)
const char * out
Definition: XrdSecProtocolgsi.hh:248
int ca
Definition: XrdSecProtocolgsi.hh:186
static XrdSecgsiAuthz_t LoadAuthzFun(const char *plugin, const char *parms, int &fmt)
static XrdSutCache cacheCA
Definition: XrdSecProtocolgsi.hh:374
Definition: XrdSecProtocolgsi.hh:116
Definition: XrdSysPthread.hh:164
kgsiClientSteps
Definition: XrdSecProtocolgsi.hh:89
char * crlext
Definition: XrdSecProtocolgsi.hh:178
static int CRLCheck
Definition: XrdSecProtocolgsi.hh:337
static bool HashCompatibility
Definition: XrdSecProtocolgsi.hh:362
static String GMAPFile
Definition: XrdSecProtocolgsi.hh:344
static XrdOucTrace * EnableTracing()
String CryptoMod
Definition: XrdSecProtocolgsi.hh:505
XrdOucString String
Definition: XrdSecProtocolgsi.hh:62
int Verify(const char *inbuf, int inlen, const char *sigbuf, int siglen)
gsiHSVars * hs
Definition: XrdSecProtocolgsi.hh:415
int ErrS(String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
static XrdSecgsiVOMS_t VOMSFun
Definition: XrdSecProtocolgsi.hh:359
bool CheckRtag(XrdSutBuffer *bm, String &emsg)
XrdCryptoX509Crl * Crl
Definition: XrdSecProtocolgsi.hh:514
static int ncrypt
Definition: XrdSecProtocolgsi.hh:367
int createpxy
Definition: XrdSecProtocolgsi.hh:204
int authzto
Definition: XrdSecProtocolgsi.hh:199
int ParseCAlist(String calist)
static String GetCApath(const char *cahash)
void CopyEntity(XrdSecEntity *in, XrdSecEntity *out, int *lout=0)
void Delete()
Delete the protocol object. DO NOT use C++ delete() on this object.
Definition: XrdSecProtocolgsi.hh:121
XrdSecCredentials * getCredentials(XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)
int ClientDoInit(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
static XrdSecgsiAuthz_t AuthzFun
Definition: XrdSecProtocolgsi.hh:349
Definition: XrdSecProtocolgsi.hh:244
Definition: XrdSecProtocolgsi.hh:501
int deplen
Definition: XrdSecProtocolgsi.hh:190
char * crldir
Definition: XrdSecProtocolgsi.hh:177
static XrdCryptoFactory * cryptF[XrdCryptoMax]
Definition: XrdSecProtocolgsi.hh:368
int setKey(char *kbuf, int klen)
Definition: XrdOucErrInfo.hh:100
Definition: XrdOucGMap.hh:48
int dlgpxy
Definition: XrdSecProtocolgsi.hh:201
static bool ShowDN
Definition: XrdSecProtocolgsi.hh:364
Definition: XrdSutCacheEntry.hh:75
int gmapto
Definition: XrdSecProtocolgsi.hh:193
bool Tty
Definition: XrdSecProtocolgsi.hh:517
bool RtagOK
Definition: XrdSecProtocolgsi.hh:516
XrdSysMutex mtx
Definition: XrdSecProtocolgsi.hh:272
Definition: XrdSecProtocolgsi.hh:84
static String DefCRLext
Definition: XrdSecProtocolgsi.hh:327
XrdSutBucket * Cbck
Definition: XrdSecProtocolgsi.hh:509
char *(* XrdSecgsiGMAP_t)(const char *, int)
Definition: XrdSecProtocolgsi.hh:159
char * vomsfun
Definition: XrdSecProtocolgsi.hh:210
XrdSutPFEntry * Pent
Definition: XrdSecProtocolgsi.hh:512
static String UsrCert
Definition: XrdSecProtocolgsi.hh:331
static time_t lastGMAPCheck
Definition: XrdSecProtocolgsi.hh:388
int RemVers
Definition: XrdSecProtocolgsi.hh:506
int(* XrdSecgsiAuthzKey_t)(XrdSecEntity &, char **)
Definition: XrdSecProtocolgsi.hh:162
char * cipher
Definition: XrdSecProtocolgsi.hh:183
Definition: XrdSecProtocolgsi.hh:108
static int InitProxy(ProxyIn_t *pi, XrdCryptoFactory *cf, X509Chain *ch=0, XrdCryptoRSA **key=0)
static int AuthzPxyWhere
Definition: XrdSecProtocolgsi.hh:355
Definition: XrdSecProtocolgsi.hh:171
Definition: XrdSecProtocolgsi.hh:83
XrdCryptogsiX509Chain X509Chain
Definition: XrdSecProtocolgsi.hh:63
static int VOMSAttrOpt
Definition: XrdSecProtocolgsi.hh:358
const char * key
Definition: XrdSecProtocolgsi.hh:246
void Add(T *t)
Definition: XrdSecProtocolgsi.hh:258
bool ServerCertNameOK(const char *subject, const char *hname, String &e)
Definition: XrdSecProtocolgsi.hh:124
int ogmap
Definition: XrdSecProtocolgsi.hh:200
int Iter
Definition: XrdSecProtocolgsi.hh:503
char * gridmap
Definition: XrdSecProtocolgsi.hh:192
Definition: XrdSecProtocolgsi.hh:99
XrdOucHash< T > stack
Definition: XrdSecProtocolgsi.hh:273
virtual ~gsiOptions()
Definition: XrdSecProtocolgsi.hh:229
void Del(T *t)
Definition: XrdSecProtocolgsi.hh:265
static int GMAPCacheTimeOut
Definition: XrdSecProtocolgsi.hh:347
static bool Server
Definition: XrdSecProtocolgsi.hh:393
char * gmapfun
Definition: XrdSecProtocolgsi.hh:194
Definition: XrdNetAddrInfo.hh:53
static XrdSecgsiGMAP_t LoadGMAPFun(const char *plugin, const char *parms)
Definition: XrdSysLogger.hh:52
int LastStep
Definition: XrdSecProtocolgsi.hh:518
Definition: XrdSecProtocolgsi.hh:237
~gsiHSVars()
Definition: XrdSecProtocolgsi.hh:529
Definition: XrdSecProtocolgsi.hh:140
char * cert
Definition: XrdSecProtocolgsi.hh:179
Definition: XrdSecProtocolgsi.hh:113
void Lock()
Definition: XrdSysPthread.hh:222
int vomsat
Definition: XrdSecProtocolgsi.hh:209
int crl
Definition: XrdSecProtocolgsi.hh:185
Definition: XrdSecProtocolgsi.hh:256
static String CRLdir
Definition: XrdSecProtocolgsi.hh:326
gsiOptions()
Definition: XrdSecProtocolgsi.hh:218
Definition: XrdCryptoX509Crl.hh:49
static XrdSutCacheEntry * GetSrvCertEnt(XrdSutCERef &gcref, XrdCryptoFactory *cf, time_t timestamp, String &cal)
const char * certdir
Definition: XrdSecProtocolgsi.hh:247
kgsiErrors
Definition: XrdSecProtocolgsi.hh:120
static String SrvAllowedNames
Definition: XrdSecProtocolgsi.hh:357
Definition: XrdSecProtocolgsi.hh:127
Definition: XrdSecProtocolgsi.hh:110
int sigpxy
Definition: XrdSecProtocolgsi.hh:203
XrdCryptoFactory * sessionCF
Definition: XrdSecProtocolgsi.hh:403
char * gmapfunparms
Definition: XrdSecProtocolgsi.hh:195
Definition: XrdSecProtocolgsi.hh:111
char * certdir
Definition: XrdSecProtocolgsi.hh:176
bool showDN
Definition: XrdSecProtocolgsi.hh:216
XrdSecProtocolgsi(int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0)
static GSIStack< XrdCryptoX509Chain > stackCA
Definition: XrdSecProtocolgsi.hh:384
static int QueryProxy(bool checkcache, XrdSutCache *cache, const char *tag, XrdCryptoFactory *cf, time_t timestamp, ProxyIn_t *pi, ProxyOut_t *po)
XrdCryptoRSA * ksig
Definition: XrdSecProtocolgsi.hh:239
Definition: XrdSutPFEntry.hh:78
Definition: XrdSecProtocolgsi.hh:141
X509Chain * chain
Definition: XrdSecProtocolgsi.hh:238
static int PxyReqOpts
Definition: XrdSecProtocolgsi.hh:353
XrdNetAddrInfo epAddr
Definition: XrdSecProtocolgsi.hh:321
int getKey(char *kbuf=0, int klen=0)
Definition: XrdCryptogsiX509Chain.hh:50
Definition: XrdSutBucket.hh:43
static int AuthzAlways
Definition: XrdSecProtocolgsi.hh:356
char * expectedHost
Definition: XrdSecProtocolgsi.hh:411
Definition: XrdSecProtocolgsi.hh:115
bool useIV
Definition: XrdSecProtocolgsi.hh:412
static XrdSutCache cacheGMAPFun
Definition: XrdSecProtocolgsi.hh:377
gsiHSVars()
Definition: XrdSecProtocolgsi.hh:523
Definition: XrdOucHash.hh:127
int ClientDoCert(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
static int VerifyCRL(XrdCryptoX509Crl *crl, XrdCryptoX509 *xca, XrdOucString crldir, XrdCryptoFactory *CF, int hashalg)
int kXR_int32
Definition: XPtypes.hh:89
Definition: XrdSecProtocolgsi.hh:145
int options
Definition: XrdSecProtocolgsi.hh:402
static XrdSutCache cacheAuthzFun
Definition: XrdSecProtocolgsi.hh:378
bool trustdns
Definition: XrdSecProtocolgsi.hh:215
Definition: XrdCryptoFactory.hh:121
static XrdSutCache cacheCert
Definition: XrdSecProtocolgsi.hh:375
char * vomsfunparms
Definition: XrdSecProtocolgsi.hh:211
XrdSutBucket * cbck
Definition: XrdSecProtocolgsi.hh:240
int moninfo
Definition: XrdSecProtocolgsi.hh:212
Definition: XrdSecEntity.hh:64
const char * valid
Definition: XrdSecProtocolgsi.hh:249
XrdCryptoMsgDigest * sessionMD
Definition: XrdSecProtocolgsi.hh:406
static int AuthzCacheTimeOut
Definition: XrdSecProtocolgsi.hh:352
int bits
Definition: XrdSecProtocolgsi.hh:191
int deplen
Definition: XrdSecProtocolgsi.hh:250
X509Chain * PxyChain
Definition: XrdSecProtocolgsi.hh:515
char * exppxy
Definition: XrdSecProtocolgsi.hh:206
int ServerDoCertreq(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
Definition: XrdOucHash.hh:54
static int VOMSCertFmt
Definition: XrdSecProtocolgsi.hh:360
bool srvMode
Definition: XrdSecProtocolgsi.hh:410
Definition: XrdSecProtocolgsi.hh:147
static void ErrF(XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0)
void UnLock()
Definition: XrdSysPthread.hh:224
static int CACheck
Definition: XrdSecProtocolgsi.hh:336
Generic structure to pass security information back and forth.
Definition: XrdSecInterface.hh:50
static int DefBits
Definition: XrdSecProtocolgsi.hh:335
Definition: XrdSecProtocolgsi.hh:91
static int CRLRefresh
Definition: XrdSecProtocolgsi.hh:339
int ParseServerInput(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
Definition: XrdSecProtocolgsi.hh:102
static String DefError
Definition: XrdSecProtocolgsi.hh:343
XrdCryptoRSA * sessionKsig
Definition: XrdSecProtocolgsi.hh:407
char * clist
Definition: XrdSecProtocolgsi.hh:175
Definition: XrdSecProtocolgsi.hh:122
static int GMAPOpt
Definition: XrdSecProtocolgsi.hh:345
Definition: XrdSecProtocolgsi.hh:114
Definition: XrdSecProtocolgsi.hh:92
kgsiStatus
Definition: XrdSecProtocolgsi.hh:82
static int MonInfoOpt
Definition: XrdSecProtocolgsi.hh:361
Definition: XrdSecProtocolgsi.hh:280
static char * Init(gsiOptions o, XrdOucErrInfo *erp)
Definition: XrdSecProtocolgsi.hh:134
Definition: XrdCryptoX509.hh:51
Definition: XrdSecProtocolgsi.hh:129
static XrdSysError eDest
Definition: XrdSecProtocolgsi.hh:398
Definition: XrdSecProtocolgsi.hh:137
XrdSutPFEntry * Cref
Definition: XrdSecProtocolgsi.hh:511
static int AuthzCertFmt
Definition: XrdSecProtocolgsi.hh:351
Definition: XrdOucString.hh:254
int ServerDoSigpxy(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
static String PxyValid
Definition: XrdSecProtocolgsi.hh:333
void Cleanup(bool keepCA=0)
char * srvnames
Definition: XrdSecProtocolgsi.hh:205
Definition: XrdSecProtocolgsi.hh:109
kgsiServerSteps
Definition: XrdSecProtocolgsi.hh:98
static String SrvCert
Definition: XrdSecProtocolgsi.hh:328
#define XrdCryptoMax
Definition: XrdSecProtocolgsi.hh:70
bool createpxy
Definition: XrdSecProtocolgsi.hh:252
void Dump(XrdSecProtocolgsi *p=0)
Definition: XrdCryptoX509Chain.hh:80
int authzcall
Definition: XrdSecProtocolgsi.hh:198
Definition: XrdSecProtocolgsi.hh:128
time_t TimeStamp
Definition: XrdSecProtocolgsi.hh:504
static XrdCryptoCipher * refcip[XrdCryptoMax]
Definition: XrdSecProtocolgsi.hh:371
static int CRLDownload
Definition: XrdSecProtocolgsi.hh:338
int ServerDoCert(XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)