XRootD
Loading...
Searching...
No Matches
XrdSecgsiAuthzFunDN.cc File Reference
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <cerrno>
#include "XrdVersion.hh"
#include "XrdCrypto/XrdCryptosslAux.hh"
#include "XrdCrypto/XrdCryptoX509.hh"
#include "XrdCrypto/XrdCryptoX509Chain.hh"
#include "XrdOuc/XrdOucString.hh"
#include "XrdSec/XrdSecEntity.hh"
#include "XrdSecgsi/XrdSecgsiTrace.hh"
#include "XrdSut/XrdSutBucket.hh"
Include dependency graph for XrdSecgsiAuthzFunDN.cc:

Go to the source code of this file.

Functions

int XrdSecgsiAuthzFun (XrdSecEntity &entity)
int XrdSecgsiAuthzInit (const char *cfg)
int XrdSecgsiAuthzKey (XrdSecEntity &entity, char **key)
 XrdVERSIONINFO (XrdSecgsiAuthzFun, secgsiauthz)
 XrdVERSIONINFO (XrdSecgsiAuthzInit, secgsiauthz)
 XrdVERSIONINFO (XrdSecgsiAuthzKey, secgsiauthz)

Variables

static int gCertfmt = 1
XrdOucTracegsiTrace

Function Documentation

◆ XrdSecgsiAuthzFun()

int XrdSecgsiAuthzFun ( XrdSecEntity & entity)

Definition at line 77 of file XrdSecgsiAuthzFunDN.cc.

78{
79 // Implementation of XrdSecgsiAuthzFun extracting the information from the
80 // proxy chain in entity.creds
81 EPNAME("AuthzFunDN");
82
83 // Notify
84 DEBUG("dummy call for '"<<entity.name<<"'");
85
86 // Add something for test
87 entity.vorg = strdup("VO.dummy.test");
88 DEBUG("setting vorg: '"<<entity.vorg<<"'");
89
90 // Done
91 return 0;
92}}
#define DEBUG(x)
#define EPNAME(x)
char * vorg
Entity's virtual organization(s)
char * name
Entity's name.

References DEBUG, EPNAME, XrdSecEntity::name, and XrdSecEntity::vorg.

Referenced by XrdVERSIONINFO().

Here is the caller graph for this function:

◆ XrdSecgsiAuthzInit()

int XrdSecgsiAuthzInit ( const char * cfg)

Definition at line 164 of file XrdSecgsiAuthzFunDN.cc.

165{
166 // Initialize the relevant parameters from the 'cfg' string.
167 // Return -1 on failure.
168 // Otherwise, the return code indicates the format required by the mai function for
169 // the proxy chain:
170 // 0 proxy chain in 'raw' (opaque) format, to be processed
171 // using the XrdCrypto tools
172 // 1 proxy chain in 'PEM base64'
173 EPNAME("AuthzInitDN");
174
175 gCertfmt = 1;
176
177 // Parse the config string
178 XrdOucString cs(cfg), tkn;
179 int from = 0;
180 while ((from = cs.tokenize(tkn, from, ' ')) != -1) {
181 if (tkn == "certfmt=raw") {
182 gCertfmt = 0;
183 }
184 }
185 // Notify
186 PRINT("initialized! (certfmt:"<<gCertfmt<<")");
187
188 // Done
189 return gCertfmt;
190}}
#define PRINT(y)
static int gCertfmt

References EPNAME, gCertfmt, and PRINT.

Referenced by XrdVERSIONINFO().

Here is the caller graph for this function:

◆ XrdSecgsiAuthzKey()

int XrdSecgsiAuthzKey ( XrdSecEntity & entity,
char ** key )

Definition at line 99 of file XrdSecgsiAuthzFunDN.cc.

100{
101 // Implementation of XrdSecgsiAuthzKey extracting the information from the
102 // proxy chain in entity.creds
103 EPNAME("AuthzKeyDN");
104
105 // Must have got something
106 if (!key) {
107 PRINT("ERROR: 'key' must be defined");
108 return -1;
109 }
110
111 // We will key on the end proxy DN
112 XrdCryptoX509Chain *chain = 0;
113 if (!entity.creds) {
114 PRINT("ERROR: 'entity.creds' must be defined");
115 return -1;
116 }
117 if (gCertfmt == 0) {
118 chain = (XrdCryptoX509Chain *) entity.creds;
119 } else {
120 XrdOucString s((const char *) entity.creds);
121 XrdSutBucket *b = new XrdSutBucket(s);
122 chain = new XrdCryptoX509Chain();
123 if (XrdCryptosslX509ParseBucket(b, chain) <= 0) {
124 PRINT("ERROR: no certificates in chain");
125 delete b;
126 delete chain; chain = 0;
127 return -1;
128 }
129 if (chain->Reorder() < 0) {
130 PRINT("ERROR: problems re-ordering proxy chain");
131 delete b;
132 delete chain; chain = 0;
133 return -1;
134 }
135 }
136 // Point to the last certificate
137 XrdCryptoX509 *proxy = chain->End();
138 if (!proxy) {
139 PRINT("ERROR: chain is empty!");
140 return -1;
141 }
142 // Get the DN
143 const char *dn = proxy->Subject();
144 int ldn = 0;
145 if (!dn || (ldn = strlen(dn)) <= 0) {
146 PRINT("ERROR: proxy dn undefined!");
147 return -1;
148 }
149
150 // Set the key
151 *key = new char[ldn+1];
152 strcpy(*key, dn);
153
154 // Done
155 DEBUG("key is: '"<<*key<<"'");
156 return 0;
157}}
int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *chain)
XrdCryptoX509 * End() const
virtual const char * Subject()
char * creds
Raw entity credentials or cert.

References XrdSecEntity::creds, DEBUG, XrdCryptoX509Chain::End(), EPNAME, gCertfmt, PRINT, XrdCryptoX509Chain::Reorder(), XrdCryptoX509::Subject(), and XrdCryptosslX509ParseBucket().

Referenced by XrdVERSIONINFO().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ XrdVERSIONINFO() [1/3]

XrdVERSIONINFO ( XrdSecgsiAuthzFun ,
secgsiauthz  )

References XrdSecgsiAuthzFun().

Here is the call graph for this function:

◆ XrdVERSIONINFO() [2/3]

XrdVERSIONINFO ( XrdSecgsiAuthzInit ,
secgsiauthz  )

References gsiTrace, and XrdSecgsiAuthzInit().

Here is the call graph for this function:

◆ XrdVERSIONINFO() [3/3]

XrdVERSIONINFO ( XrdSecgsiAuthzKey ,
secgsiauthz  )

References XrdSecgsiAuthzKey().

Here is the call graph for this function:

Variable Documentation

◆ gCertfmt

int gCertfmt = 1
static

Definition at line 66 of file XrdSecgsiAuthzFunDN.cc.

Referenced by XrdSecgsiAuthzInit(), and XrdSecgsiAuthzKey().

◆ gsiTrace

XrdOucTrace* gsiTrace
extern