EIC code displayed by LXR |
|
|
|
|||
File indexing completed on 2025-01-18 10:15:38
0001 #ifndef __SecsssID__ 0002 #define __SecsssID__ 0003 /******************************************************************************/ 0004 /* */ 0005 /* X r d S e c s s s I D . h h */ 0006 /* */ 0007 /* (c) 2020 by the Board of Trustees of the Leland Stanford, Jr., University */ 0008 /* All Rights Reserved */ 0009 /* Produced by Andrew Hanushevsky for Stanford University under contract */ 0010 /* DE-AC02-76-SFO0515 with the Department of Energy */ 0011 /* */ 0012 /* This file is part of the XRootD software suite. */ 0013 /* */ 0014 /* XRootD is free software: you can redistribute it and/or modify it under */ 0015 /* the terms of the GNU Lesser General Public License as published by the */ 0016 /* Free Software Foundation, either version 3 of the License, or (at your */ 0017 /* option) any later version. */ 0018 /* */ 0019 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */ 0020 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ 0021 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ 0022 /* License for more details. */ 0023 /* */ 0024 /* You should have received a copy of the GNU Lesser General Public License */ 0025 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ 0026 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */ 0027 /* */ 0028 /* The copyright holder's institutional names and contributor's names may not */ 0029 /* be used to endorse or promote products derived from this software without */ 0030 /* specific prior written permission of the institution or contributor. */ 0031 /******************************************************************************/ 0032 0033 //----------------------------------------------------------------------------- 0034 /*! The XrdSecsssID class allows you to establish a registery to map loginid's 0035 to arbitrary entities. By default, the sss security protocol uses the 0036 username as the authenticated username and, if possible, the corresponding 0037 primary group membership of username (i.e., static mapping). The server 0038 will ignore the username and/or the groupname unless the key is designated 0039 as anyuser, anygroup, respectively. By creating an instance of this class 0040 you can over-ride the default and map the loginid (i.e., the id supplied 0041 at login time which is normally the first 8-characters of the username or 0042 the id specified in the url; i.e., id@host) to arbitrary entities using 0043 the Register() method. You must create one, and only one, such instance 0044 prior to connecting to an sss security enabled server. 0045 0046 In order to use XrdSecsssID methods, you should link with libXrdUtils.so 0047 */ 0048 0049 class XrdSecEntity; 0050 class XrdSecsssCon; 0051 class XrdSecsssEnt; 0052 0053 class XrdSecsssID 0054 { 0055 public: 0056 friend class XrdSecProtocolsss; 0057 0058 //----------------------------------------------------------------------------- 0059 //! Create a single instance of this class. Once created it cannot be deleted. 0060 //! 0061 //! @param aType - The type of authentication to perform (see authType enum). 0062 //! @param Ident - Pointer to the default entity to use. If nil, a generic 0063 //! entity is created based on the process uid and gid. 0064 //! @param Tracker- pointer to the connection tracker objec if connection 0065 //! tracking is desired. If nil, connections are not tracked. 0066 //! @param isOK - if not nil sets the variable to true if successful and 0067 //! false, otherwise. Strongly recommended it be supplied. 0068 //! 0069 //! @note Mutual authnetication requires that the server send an encrypted 0070 //! message proving that it holds the key before an identity is sent. 0071 //! For idDynamic this is the default and the message must be the 0072 //! login which must correspond to the key used to register the entity. 0073 //! This works well when keys are no more than 8 characters and consist 0074 //! only of letters and digits. The idMapped types provide greater 0075 //! freedom by using whatever userid was specified on the URL performing 0076 //! the login as the lookup key (i.e. the returned loginid is not used). 0077 //----------------------------------------------------------------------------- 0078 0079 enum authType 0080 {idDynamic = 0, //!< Mutual: Map loginid to registered identity 0081 //!< Ident is default; if 0 nobody/nogroup 0082 idMapped = 3, //!< 1Sided: Map loginid to registered identity 0083 //!< Ident is default; if 0 nobody/nogroup 0084 idMappedM = 4, //!< Mutual: Map loginid to registered identity 0085 //!< Ident is default; if 0 process uid/gid 0086 idStatic = 1, //!< 1Sided: fixed identity sent to the server 0087 //!< Ident as specified; if 0 process uid/gid 0088 //!< Default if XrdSecsssID not instantiated! 0089 idStaticM = 2 //!< Mutual: fixed identity sent to the server 0090 //!< Ident as specified; if 0 process uid/gid 0091 }; 0092 0093 XrdSecsssID(authType aType=idStatic, const XrdSecEntity *Ident=0, 0094 XrdSecsssCon *Tracker=0, bool *isOK=0); 0095 0096 //----------------------------------------------------------------------------- 0097 //! Create or delete a mapping from a loginid to an entity description. 0098 //! 0099 //! @param lgnid - Pointer to the login ID. 0100 //! @param Ident - Pointer to the entity object to be registstered. If the 0101 //! pointer is NIL, then the mapping is deleted. 0102 //! @param doReplace - When true, any existing mapping is replaced. 0103 //! @param defer - When true, the entity object is recorded but serialization 0104 //! is deferred until the object is needed. The entity object 0105 //! must remain valid until the mapping is deleted. The entity 0106 //! may not be modified during this period. 0107 //! 0108 //! @return true - Mapping registered. 0109 //! @return false - Mapping not registered because this object was not created 0110 //! as idDynamic idMapped, or idMappedM; or the mapping exists 0111 //! and doRep is false. 0112 //----------------------------------------------------------------------------- 0113 0114 bool Register(const char *lgnid, const XrdSecEntity *Ident, 0115 bool doReplace=false, bool defer=false); 0116 0117 private: 0118 0119 ~XrdSecsssID(); 0120 0121 //----------------------------------------------------------------------------- 0122 //! Find and return a id mapping. 0123 //! 0124 //! @param lid - Pointer to the login ID to search for. 0125 //! @param dP - Reference to a pointer where the serialized ID is returned. 0126 //! The caller is responsible for freeing the storage. 0127 //! @param myIP - Pointer to IP address of client. 0128 //! @param dataOpts - Options to pass to the XrdSecsssEnt data extractor. 0129 //! See XrdSecsssEnt::rr_Data for details. 0130 //! 0131 //! @return The length of the structure pointed to by dP; zero if not found. 0132 //----------------------------------------------------------------------------- 0133 0134 int Find(const char *lid, char *&dP, const char *myIP, int dataOpts=0); 0135 0136 //----------------------------------------------------------------------------- 0137 //! Get initial parameters for sss ID mapping. 0138 //! 0139 //! @param aType - The authentication type used by this object. 0140 //! @param idP - Reference to a pointer where the default ID is returned. 0141 //! 0142 //! @return A pointer to this object if it was instantiated, otherwise nil. 0143 //----------------------------------------------------------------------------- 0144 static 0145 XrdSecsssID *getObj(authType &aType, XrdSecsssEnt *&idP); 0146 0147 static 0148 XrdSecsssEnt *genID(bool Secure); 0149 0150 XrdSecsssEnt *defaultID; 0151 authType myAuth; 0152 bool isStatic; 0153 bool trackOK; 0154 }; 0155 #endif
| [ Source navigation ] | [ Diff markup ] | [ Identifier search ] | [ general search ] |
|
This page was automatically generated by the 2.3.7 LXR engine. The LXR team |
|