xrootd/XrdSec/XrdSecEntity.hh

0001 #ifndef __SEC_ENTITY_H__
0002 #define __SEC_ENTITY_H__
0003 /******************************************************************************/
0004 /*                                                                            */
0005 /*                       X r d S e c E n t i t y . h h                        */
0006 /*                                                                            */
0007 /* (c) 2019 by the Board of Trustees of the Leland Stanford, Jr., University  */
0008 /*   Produced by Andrew Hanushevsky for Stanford University under contract    */
0009 /*              DE-AC02-76-SFO0515 with the Department of Energy              */
0010 /*                                                                            */
0011 /* This file is part of the XRootD software suite.                            */
0012 /*                                                                            */
0013 /* XRootD is free software: you can redistribute it and/or modify it under    */
0014 /* the terms of the GNU Lesser General Public License as published by the     */
0015 /* Free Software Foundation, either version 3 of the License, or (at your     */
0016 /* option) any later version.                                                 */
0017 /*                                                                            */
0018 /* XRootD is distributed in the hope that it will be useful, but WITHOUT      */
0019 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or      */
0020 /* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public       */
0021 /* License for more details.                                                  */
0022 /*                                                                            */
0023 /* You should have received a copy of the GNU Lesser General Public License   */
0024 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file  */
0025 /* COPYING (GPL license).  If not, see <http://www.gnu.org/licenses/>.        */
0026 /*                                                                            */
0027 /* The copyright holder's institutional names and contributor's names may not */
0028 /* be used to endorse or promote products derived from this software without  */
0029 /* specific prior written permission of the institution or contributor.       */
0030 /******************************************************************************/
0031
0032 //------------------------------------------------------------------------------
0033 //! This object is returned during authentication. This is most relevant for
0034 //! client authentication unless mutual authentication has been implemented
0035 //! in which case the client can also authenticate the server. It is embeded
0036 //! in each security protocol object to facilitate mutual authentication. Note
0037 //! that the destructor does nothing and it is the responsibility of the
0038 //! security protocol object to delete the public XrdSecEntity data members.
0039 //!
0040 //! Note: The host member contents are depdent on the dnr/nodnr setting and
0041 //!       and contain a host name or an IP address. To get the real host name
0042 //!       use addrInfo->Name(), this is required for any hostname comparisons.
0043 //------------------------------------------------------------------------------
0044
0045 #include <sys/types.h>
0046
0047 #define XrdSecPROTOIDSIZE 8
0048
0049 class XrdNetAddrInfo;
0050 class XrdSecEntityAttr;
0051 class XrdSecMonitor;
0052 class XrdSysError;
0053
0054 /******************************************************************************/
0055 /*                          X r d S e c E n t i t y                           */
0056 /******************************************************************************/
0057
0058 // The XrdSecEntity describes the client associated with a connection. One
0059 // such object is allocated for each clent connection and it persists until
0060 // the connection is closed. Note that when an entity has more than one
0061 // role or vorg, the fields <vorg, role, grps> form a columnar tuple. This
0062 // tuple must be repeated whenever any one of the values differs.
0063 //
0064 class XrdSecEntity
0065 {
0066 public:
0067          char    prot[XrdSecPROTOIDSIZE]; //!< Auth protocol  used (e.g. krb5)
0068          char    prox[XrdSecPROTOIDSIZE]; //!< Auth extractor used (e.g. xrdvoms)
0069          char   *name;                    //!< Entity's name
0070          char   *host;                    //!< Entity's host name dnr dependent
0071          char   *vorg;                    //!< Entity's virtual organization(s)
0072          char   *role;                    //!< Entity's role(s)
0073          char   *grps;                    //!< Entity's group name(s)
0074          char   *caps;                    //!< Entity's capabilities
0075          char   *endorsements;            //!< Protocol specific endorsements
0076          char   *moninfo;                 //!< Information for monitoring
0077          char   *creds;                   //!< Raw entity credentials or cert
0078          int     credslen;                //!< Length of the 'creds' data
0079 unsigned int     ueid;                    //!< Unique ID of entity instance
0080 XrdNetAddrInfo  *addrInfo;                //!< Entity's connection details
0081 const    char   *tident;                  //!< Trace identifier always preset
0082 const    char   *pident;                  //!< Trace identifier (originator)
0083          void   *sessvar;                 //!< Plugin settable storage pointer,
0084                                           //!< now deprecated. Use settable
0085                                           //!< attribute objects instead.
0086          uid_t   uid;                     //!< Unix uid or 0 if none
0087          gid_t   gid;                     //!< Unix gid or 0 if none
0088
0089 XrdSecMonitor   *secMon;                  //!< If !0 security monitoring enabled
0090          void   *future[2];               //!< Reserved for future expansion
0091
0092 XrdSecEntityAttr *eaAPI;                  //!< non-const API to attributes
0093
0094 //------------------------------------------------------------------------------
0095 //! Dislay the contents of this object for debugging purposes.
0096 //!
0097 //! @param  mDest   - Reference to the message object to use.
0098 //------------------------------------------------------------------------------
0099
0100          void    Display(XrdSysError &mDest);
0101
0102 //------------------------------------------------------------------------------
0103 //! Reset object to it's pristine self.
0104 //!
0105 //! @param  spV     - The name of the security protocol.
0106 //------------------------------------------------------------------------------
0107
0108          void    Reset(const char *spV=0);
0109
0110 //------------------------------------------------------------------------------
0111 //! Constructor.
0112 //!
0113 //! @param  spName  - The name of the security protocol.
0114 //------------------------------------------------------------------------------
0115
0116          XrdSecEntity(const char *spName=0);
0117
0118         ~XrdSecEntity();
0119
0120 private:
0121 void     Init(const char *spV);
0122 };
0123
0124 #define XrdSecClientName XrdSecEntity
0125 #define XrdSecServerName XrdSecEntity
0126
0127 #endif