xrootd
XrdSecsssID.hh
Go to the documentation of this file.
1 #ifndef __SecsssID__
2 #define __SecsssID__
3 /******************************************************************************/
4 /* */
5 /* X r d S e c s s s I D . h h */
6 /* */
7 /* (c) 2008 by the Board of Trustees of the Leland Stanford, Jr., University */
8 /* All Rights Reserved */
9 /* Produced by Andrew Hanushevsky for Stanford University under contract */
10 /* DE-AC02-76-SFO0515 with the Department of Energy */
11 /* */
12 /* This file is part of the XRootD software suite. */
13 /* */
14 /* XRootD is free software: you can redistribute it and/or modify it under */
15 /* the terms of the GNU Lesser General Public License as published by the */
16 /* Free Software Foundation, either version 3 of the License, or (at your */
17 /* option) any later version. */
18 /* */
19 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
20 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
21 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
22 /* License for more details. */
23 /* */
24 /* You should have received a copy of the GNU Lesser General Public License */
25 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
26 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
27 /* */
28 /* The copyright holder's institutional names and contributor's names may not */
29 /* be used to endorse or promote products derived from this software without */
30 /* specific prior written permission of the institution or contributor. */
31 /******************************************************************************/
32 
33 #include <string.h>
34 #include <time.h>
35 
36 #include "XrdOuc/XrdOucHash.hh"
37 #include "XrdSec/XrdSecEntity.hh"
38 #include "XrdSys/XrdSysPthread.hh"
39 
40 // The XrdSecsssID class allows you to establish a registery to map loginid's
41 // to arbitrary entities. By default, the sss security protocol uses the
42 // username as the authenticated username and, if possible, the corresponding
43 // primary group membership of username (i.e., static mapping). The server is
44 // will ignore the username and/or the groupname unless the key is designated
45 // as anyuser, anygroup, respectively. By creating an instance of this class
46 // you can over-ride the default and map the loginid (i.e., the id supplied
47 // at login time which is normally the first 8-characters of the username or
48 // the id specified in the url; i.e., id@host) to arbitrary entities using
49 // the Register() method. You must create one, and only one, such instance
50 // prior to making any contact with a sss security enabled server.
51 
52 // In order to include XrdSecsssID methods, you should either link with
53 // libXrdSecsss.so (preferable) or include XrdSecsssID.o and link with
54 // libXrdOuc.a and libXrdSys.a.
55 
57 {
58 public:
59 
60 // Register() creates a mapping from a loginid to an entity description. Only
61 // name, vo, role, group, and endorements pointers in XrdSecEntity
62 // are supported. To de-register a loginid, make the Ident arg zero.
63 // To replace an existing entry, specify 1 for doReplace argument.
64 // TRUE is returned if successful; FALSE otherwise (including the
65 // case where idDynamic was not specified in the constructor or
66 // doReplace is zero and the loginid has already been registered).
67 //
68 int Register(const char *loginid, XrdSecEntity *Ident, int doReplace=0);
69 
70 // Find() is an internal look-up method that returns the identification
71 // string in the provided buffer corresponding to the loginid.
72 // If loginid is registered and the data will fit into the buffer the
73 // length moved into the buffer is returned. Otherwise, the default ID
74 // is moved into the buffer and the length copied is returned. If that
75 // is not possible, 0 is returned.
76 //
77 int Find(const char *loginid, char *Buff, int Blen);
78 
79 // A single instance of this class may be instantiated. The first parameter
80 // indicates how authentication is to be handled. The second parameter provides
81 // either a fixed or default authenticated identity under control of the aType
82 // parameter, as follows:
83 //
84 enum authType {idDynamic = 0, // Mutual: Map loginid to registered identity
85  // Ident is default; if 0 nobody/nogroup
86  idStatic = 1, // 1Sided: fixed identity sent to the server
87  // Ident as specified; if 0 process uid/gid
88  // Default if XrdSecsssID not instantiated!
89  idStaticM = 2 // Mutual: fixed identity sent to the server
90  // Ident as specified; if 0 process uid/gid
91  };
92 
93 // getObj() returns the address of a previous created instance of this object or
94 // zero if no instance exists. It also returns authType and default ID
95 // to be used regardless of the return value.
96 //
97 static
98 XrdSecsssID *getObj(authType &aType, char **dID, int &dIDsz);
99 
100  XrdSecsssID(authType aType=idStatic, XrdSecEntity *Ident=0);
101 
103 
104 private:
105 
106 struct sssID {int iLen; char iData[1];}; // Sized appropriately
107 static sssID *genID(int Secure);
108 static sssID *genID(XrdSecEntity *eP);
109 
115 };
116 #endif
XrdSecsssID::genID
static sssID * genID(int Secure)
XrdSecsssID::sssID::iLen
int iLen
Definition: XrdSecsssID.hh:106
XrdSysMutex
Definition: XrdSysPthread.hh:165
XrdSysPthread.hh
XrdSecsssID::sssID::iData
char iData[1]
Definition: XrdSecsssID.hh:106
XrdSecsssID::sssID
Definition: XrdSecsssID.hh:106
XrdSecsssID::Find
int Find(const char *loginid, char *Buff, int Blen)
XrdSecsssID::myMutex
XrdSysMutex myMutex
Definition: XrdSecsssID.hh:112
XrdOucHash
Definition: XrdOucHash.hh:127
XrdSecsssID::getObj
static XrdSecsssID * getObj(authType &aType, char **dID, int &dIDsz)
XrdSecsssID::Register
int Register(const char *loginid, XrdSecEntity *Ident, int doReplace=0)
XrdOucHash.hh
XrdSecsssID::~XrdSecsssID
~XrdSecsssID()
Definition: XrdSecsssID.hh:102
XrdSecsssID::defaultID
sssID * defaultID
Definition: XrdSecsssID.hh:111
XrdSecsssID::InitMutex
static XrdSysMutex InitMutex
Definition: XrdSecsssID.hh:110
XrdSecsssID::XrdSecsssID
XrdSecsssID(authType aType=idStatic, XrdSecEntity *Ident=0)
XrdSecsssID::idStaticM
Definition: XrdSecsssID.hh:89
XrdSecsssID
Definition: XrdSecsssID.hh:56
XrdSecsssID::Registry
XrdOucHash< sssID > Registry
Definition: XrdSecsssID.hh:113
XrdSecsssID::idStatic
Definition: XrdSecsssID.hh:86
XrdSecEntity
Definition: XrdSecEntity.hh:51
XrdSecsssID::idDynamic
Definition: XrdSecsssID.hh:84
XrdSecsssID::authType
authType
Definition: XrdSecsssID.hh:84
XrdSecsssID::myAuth
authType myAuth
Definition: XrdSecsssID.hh:114
XrdSecEntity.hh