XRootD
Loading...
Searching...
No Matches
XrdSecsssID Class Reference

#include <XrdSecsssID.hh>

+ Collaboration diagram for XrdSecsssID:

Public Types

enum  authType {
  idDynamic = 0 ,
  idMapped = 3 ,
  idMappedM = 4 ,
  idStatic = 1 ,
  idStaticM = 2
}
 

Public Member Functions

 XrdSecsssID (authType aType=idStatic, const XrdSecEntity *Ident=0, XrdSecsssCon *Tracker=0, bool *isOK=0)
 
bool Register (const char *lgnid, const XrdSecEntity *Ident, bool doReplace=false, bool defer=false)
 

Friends

class XrdSecProtocolsss
 

Detailed Description

Definition at line 53 of file XrdSecsssID.hh.

Member Enumeration Documentation

◆ authType

Create a single instance of this class. Once created it cannot be deleted.

Parameters
aType- The type of authentication to perform (see authType enum).
Ident- Pointer to the default entity to use. If nil, a generic entity is created based on the process uid and gid.
Tracker-pointer to the connection tracker objec if connection tracking is desired. If nil, connections are not tracked.
isOK- if not nil sets the variable to true if successful and false, otherwise. Strongly recommended it be supplied.
Note
Mutual authnetication requires that the server send an encrypted message proving that it holds the key before an identity is sent. For idDynamic this is the default and the message must be the login which must correspond to the key used to register the entity. This works well when keys are no more than 8 characters and consist only of letters and digits. The idMapped types provide greater freedom by using whatever userid was specified on the URL performing the login as the lookup key (i.e. the returned loginid is not used).
Enumerator
idDynamic 

Mutual: Map loginid to registered identity Ident is default; if 0 nobody/nogroup

idMapped 

1Sided: Map loginid to registered identity Ident is default; if 0 nobody/nogroup

idMappedM 

Mutual: Map loginid to registered identity Ident is default; if 0 process uid/gid

idStatic 

1Sided: fixed identity sent to the server Ident as specified; if 0 process uid/gid Default if XrdSecsssID not instantiated!

idStaticM 

Mutual: fixed identity sent to the server Ident as specified; if 0 process uid/gid

Definition at line 79 of file XrdSecsssID.hh.

80 {idDynamic = 0,
82 idMapped = 3,
84 idMappedM = 4,
86 idStatic = 1,
89 idStaticM = 2
91 };

Constructor & Destructor Documentation

◆ XrdSecsssID()

XrdSecsssID::XrdSecsssID ( authType  aType = idStatic,
const XrdSecEntity Ident = 0,
XrdSecsssCon Tracker = 0,
bool *  isOK = 0 
)

Definition at line 77 of file XrdSecsssID.cc.

79 : defaultID(0),
80 myAuth(XrdSecsssID::idStatic), isStatic(true),
81 trackOK(false)
82{
83
84// Check if we have initialized already. If so, indicate warning
85//
86 sssMutex.Lock();
87 if (IDMapper)
89 if (isOK) *isOK = false;
90 else std::cerr <<"SecsssID: Already instantiated; new instance"
91 " ineffective!\n" <<std::flush;
92 return;
93 }
94
95// Verify the authType
96//
97 switch(aType)
98 {case idDynamic: isStatic = false;
99 case idStatic: break;
100 case idStaticM: break;
101 case idMapped: isStatic = false;
102 break;
103 case idMappedM: isStatic = false;
104 break;
105 default: idP = 0;
106 aType = idStatic;
107 isStatic = true;
108 break;
109 }
110 myAuth = aType;
111
112// Generate a default identity
113//
114 if (idP) defaultID = new XrdSecsssEnt(idP);
115 else defaultID = genID(isStatic);
116
117// Establish a pointer to this object.
118//
119 IDMapper = this;
120
121// Decide whether or not we will track connections
122//
123 if (Tracker && (aType == idMapped || aType == idMappedM)) conTrack = Tracker;
124
125// All done with initialization
126//
127 if (isOK) *isOK = true;
129}
XrdSysMutex sssMutex
XrdSecsssCon * conTrack
XrdSecsssID * IDMapper

References XrdSecsssMap::conTrack, idDynamic, idMapped, idMappedM, XrdSecsssMap::IDMapper, idStatic, idStaticM, XrdSysMutex::Lock(), XrdSecsssMap::sssMutex, and XrdSysMutex::UnLock().

+ Here is the call graph for this function:

Member Function Documentation

◆ Register()

bool XrdSecsssID::Register ( const char *  lgnid,
const XrdSecEntity Ident,
bool  doReplace = false,
bool  defer = false 
)

Create or delete a mapping from a loginid to an entity description.

Parameters
lgnid- Pointer to the login ID.
Ident- Pointer to the entity object to be registstered. If the pointer is NIL, then the mapping is deleted.
doReplace- When true, any existing mapping is replaced.
defer- When true, the entity object is recorded but serialization is deferred until the object is needed. The entity object must remain valid until the mapping is deleted. The entity may not be modified during this period.
Returns
true - Mapping registered.
false - Mapping not registered because this object was not created as idDynamic idMapped, or idMappedM; or the mapping exists and doRep is false.

Definition at line 224 of file XrdSecsssID.cc.

226{
227 EntityMap::iterator it;
228 XrdSecsssEnt *idP;
229
230// If this is an invalid call, return failure
231//
232 if (isStatic) return false;
233
234// Check if we are simply deleting an entry
235//
236 if (!eP)
237 {sssMutex.Lock();
238 it = Registry.find(std::string(lid));
239 if (it == Registry.end()) sssMutex.UnLock();
240 else {idP = it->second;
241 Registry.erase(it);
243 idP->Delete();
244 }
245 return true;
246 }
247
248// Generate an ID entry and add it to registry (we are optimistic here)
249// Note: We wish we could use emplace() but that isn't suported until gcc 4.8.0
250//
251 std::pair<EntityMap::iterator, bool> ret;
252 std::pair<std::string, XrdSecsssEnt*> psp;
253 idP = new XrdSecsssEnt(eP, defer);
254 psp = {std::string(lid), idP};
255 sssMutex.Lock();
256 ret = Registry.insert(psp);
257 if (ret.second)
258 {sssMutex.UnLock();
259 return true;
260 }
261
262// We were not successful, replace the element if we are allowed to do so.
263//
264 if (doRep)
265 {XrdSecsssEnt *oldP = ret.first->second;
266 ret.first->second = idP;
268 oldP->Delete();
269 return true;
270 }
271
272// Sigh, the element exists but we cannot replace it.
273//
275 idP->Delete();
276 return false;
277}
void Delete()
Delete this entity object.
EntityMap Registry

References XrdSecsssEnt::Delete(), XrdSysMutex::Lock(), XrdSecsssMap::Registry, XrdSecsssMap::sssMutex, and XrdSysMutex::UnLock().

Referenced by XrdPssSys::Connect(), XrdPssSys::Disc(), and XrdFfsMisc_xrd_secsss_register().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Friends And Related Symbol Documentation

◆ XrdSecProtocolsss

friend class XrdSecProtocolsss
friend

Definition at line 56 of file XrdSecsssID.hh.


The documentation for this class was generated from the following files: