xrootd
XrdSecTLayer.hh
Go to the documentation of this file.
1 #ifndef XRDSECTLAYER_HH
2 #define XRDSECTLAYER_HH
3 /******************************************************************************/
4 /* */
5 /* X r d S e c T L a y e r . h h */
6 /* */
7 /* */
8 /* (c) 2008 by the Board of Trustees of the Leland Stanford, Jr., University */
9 /* All Rights Reserved */
10 /* Produced by Andrew Hanushevsky for Stanford University under contract */
11 /* DE-AC02-76-SFO0515 with the Department of Energy */
12 /******************************************************************************/
13 
14 // $Id$
15 
16 #include "XrdSec/XrdSecInterface.hh"
17 #include "XrdSys/XrdSysPthread.hh"
18 
19 /* The XrdSecTLayer class is meant to be used as a wrapper for security
20  protocols that require transport-layer interactions to complete the
21  authentication exchange (e.g., native ssl). This class virtualizes a
22  transport-layer socket and provides the proper framing to allow stream
23  socket level interactions to occur across an existing client/xrootd
24  connection. To that extent, there are certain limitations in this
25  virtualization:
26  1) Interactions must complete within a window whose upper bound is set to
27  CPU 10 seconds (i.e., Network RTT and artificial delays do not apply).
28  The window has no lower bound so that an interaction may complete as fast
29  as conditions allow. An interaction is whatever bytes produce a single
30  request/response. These bytes need not be produced all at once but the
31  last required byte of an interaction must be produced within 10 CPU
32  seconds of the 1st byte. There is no limit on the number of interactions.
33  2) The use of the supplied socket must use standard and common socket
34  operations (e.g., read(), write(), send(), recv(), close()).
35  3) The protocol must not be sensitive to the fact that the socket will
36  identify itself as a local socket with an IPV4 address of 127.0.0.1.
37 
38  For more information, see pure abstract methods secClient() and secServer()
39  which must be implemented by the derived class (in addition to delete()).
40  Finally, consider the parameters you may need to pass to the constructor of
41  this class.
42 */
43 
44 class XrdOucErrInfo;
45 
46 class XrdSecTLayer : public XrdSecProtocol
47 {
48 public:
49 
50 // The object inheriting this class should call the initializer indicating
51 // the true name of the protocol (no more that 7 characters). To optimize the
52 // start-up, indicate who is the initiator (i.e., first one to send data). Using
53 // the enum below, specify isClient (the default) or isServer. If the initiator
54 // is not known, use the default and the class will dynamically determine it.
55 //
56 enum Initiator {isClient = 0, isServer};
57 
58  XrdSecTLayer(const char *pName, Initiator who1st=isClient);
59 
60 // This is a symmetric wrapper. At the start on each end, secClient() is
61 // called on the client-side and secServer() is called on the server side.
62 // The 1st parameter is the filedescriptor to be used for the security exchange.
63 // It is the responsibility of each routine to close the file descriptor prior
64 // to returning to the caller! No return value is expected as success or failure
65 // is communicated via the esecond paramter, the XrdOucErrInfo object.
66 
67 // Upon success, the error code must be set to zero (the initial value) and
68 // for secServer() the Entity object defined in the topmost
69 // XrdSecProtocol object must contain the client's identity.
70 
71 // Upon failure, the error code must be set to a positive error number (usually
72 // some errno value) as well as text explaining the problem.
73 
74 // Client: theFD - file descriptor to be used
75 // einfo - the error object where ending status must be returned
76 //
77 virtual void secClient(int theFD, XrdOucErrInfo *einfo)=0;
78 
79 // Server: theFD - file descriptor to be used
80 // einfo - the error object where ending status must be returned
81 //
82 virtual void secServer(int theFD, XrdOucErrInfo *einfo)=0;
83 
84 // You must implete the proper delete(). Normally, do a "delete this" and join
85 // the secTid thread: "if (secTid) {XrdSysThread::Join(secTid,NULL);secTid=0;}".
86 //
87 virtual void Delete()=0;
88 
89 // Classes that must be public are only internally used
90 //
91 
92 virtual int Authenticate (XrdSecCredentials *cred,
93  XrdSecParameters **parms,
94  XrdOucErrInfo *einfo=0);
95 
96 virtual XrdSecCredentials *getCredentials(XrdSecParameters *parm=0,
97  XrdOucErrInfo *einfo=0);
98 
99  void secXeq();
100 
101 protected:
102 pthread_t secTid;
103 
104 virtual ~XrdSecTLayer() {if (eText) {free(eText);eText=0;}
105  if (myFD>0) {close(myFD);myFD=-1;}
106  }
107 
108 private:
109 
110 int bootUp(Initiator Who);
111 int Read(int FD, char *Buff, int rdLen);
112 int secDone();
113 void secDrain();
114 const char *secErrno(int rc, char *buff);
115 void secError(const char *Msg, int rc, int iserrno=1);
116 
117 XrdSysSemaphore mySem;
118 Initiator Starter;
119 Initiator Responder;
120 int myFD;
121 int urFD;
122 int Tmax; // Maximum timeslices per interaction
123 int Tcur; // Current timeslice
124 int eCode;
125 char *eText;
126 XrdOucErrInfo *eDest;
127 
128 struct TLayerRR
129 {
130  char protName[8]; // via Constructor
131  char protCode; // One of the below
132 static const char endData = 0x00;
133 static const char xfrData = 0x01;
134  char protRsvd[7]; // Reserved
135 } Hdr;
136 
137 static const int buffSz = 8192;
138 static const int hdrSz = sizeof(TLayerRR);
139 static const int dataSz = buffSz - hdrSz;
140 };
141 #endif
Generated by   doxygen 1.8.1.2