47const char *TraceID =
"Security";
56bool XrdHttpProtocol::InitSecurity() {
61 eDest.
Say(
"Error instantiating crypto factory ssl",
"");
96XrdHttpProtocol::HandleAuthentication(
XrdLink* lp)
98 EPNAME(
"HandleAuthentication");
99 int rc_ssl = SSL_get_verify_result(ssl);
102 TRACEI(
DEBUG,
" SSL_get_verify_result returned :" << rc_ssl);
106 XrdTlsPeerCerts pc(SSL_get_peer_certificate(ssl),SSL_get_peer_cert_chain(ssl));
109 if ((!pc.hasCert()) ||
110 (myCryptoFactory && !myCryptoFactory->
X509ParseStack()(&pc, &chain))) {
111 TRACEI(
DEBUG,
"No certificate found in peer chain.");
118 const char * dn = chain.
EECname();
119 const char * eechash = chain.
EEChash();
121 if (!dn || !eechash) {
124 TRACEI(
DEBUG,
"Failed to extract DN information.");
138 if (GetVOMSData(lp)) {
141 if (isRequiredXtractor) {
142 eDest.
Emsg(epname,
"Failed extracting required VOMS info for DN: ",
149 auto retval = HandleGridMap(lp, eechash);
160XrdHttpProtocol::HandleGridMap(
XrdLink* lp,
const char * eechash)
177 eDest.
Emsg(epname,
"Required gridmap mapping failed for DN:",
185 TRACEI(
DEBUG,
" Will fallback name to subject hash: " << eechash);
202 char *lnpos2 = index(lnpos,
'/');
204 int l = ( lnpos2-lnpos < (int)
sizeof(bufname) ? lnpos2-lnpos : (int)
sizeof(bufname)-1 );
205 strncpy(bufname, lnpos, l);
210 strcpy(bufname2,
"unknown-");
211 for (
int i = (
int)strlen(bufname)-1; i >= 0; i--) {
212 if (isalnum(bufname[i])) {
214 bufname2[j] = bufname[i];
221 TRACEI(
DEBUG,
" Setting link name: '" << bufname2+j <<
"'");
222 lp->
setID(bufname2+j, 0);
248int XrdHttpProtocol::GetVOMSData(
XrdLink *lp)
273 <<
" Failed. err: " << r);
XrdSysTrace XrdHttpTrace("http")
A pragmatic implementation of the HTTP/DAV protocol for the Xrd framework.
XrdOucGMap * XrdOucgetGMap(XrdOucGMapArgs)
virtual XrdCryptoX509ParseStack_t X509ParseStack()
static XrdCryptoFactory * GetCryptoFactory(const char *factoryname)
void Cleanup(bool keepCA=0)
static char * gridmap
Gridmap file location. The same used by XrdSecGsi.
static XrdOucGMap * servGMap
The instance of the DN mapper. Created only when a valid path is given.
static bool compatNameGeneration
static bool isRequiredGridmap
XrdSecEntity SecEntity
Authentication area.
virtual int Init(SSL_CTX *, int)=0
virtual int GetSecData(XrdLink *, XrdSecEntity &, SSL *)=0
void setID(const char *userid, int procid)
virtual int dn2user(const char *dn, char *user, int ulen, time_t now=0)
const char * c_str() const
bool Add(XrdSecAttr &attr)
XrdSecEntityAttr * eaAPI
non-const API to attributes
char * name
Entity's name.
char * moninfo
Information for monitoring.
int Emsg(const char *esfx, int ecode, const char *text1, const char *text2=0)
void Say(const char *text1, const char *text2=0, const char *txt3=0, const char *text4=0, const char *text5=0, const char *txt6=0)