XrdSecsssID Class Reference

#include <XrdSecsssID.hh>

Collaboration diagram for XrdSecsssID:
Collaboration graph
[legend]

List of all members.

Public Types

enum  authType {
  idDynamic = 0, idMapped = 3, idMappedM = 4, idStatic = 1,
  idStaticM = 2
}

Public Member Functions

 XrdSecsssID (authType aType=idStatic, const XrdSecEntity *Ident=0, XrdSecsssCon *Tracker=0, bool *isOK=0)
bool Register (const char *lgnid, const XrdSecEntity *Ident, bool doReplace=false, bool defer=false)

Private Member Functions

 ~XrdSecsssID ()
int Find (const char *lid, char *&dP, const char *myIP, int dataOpts=0)

Static Private Member Functions

static XrdSecsssIDgetObj (authType &aType, XrdSecsssEnt *&idP)
static XrdSecsssEntgenID (bool Secure)

Private Attributes

XrdSecsssEntdefaultID
authType myAuth
bool isStatic
bool trackOK

Friends

class XrdSecProtocolsss

Member Enumeration Documentation

Create a single instance of this class. Once created it cannot be deleted.

Parameters:
aType - The type of authentication to perform (see authType enum).
Ident - Pointer to the default entity to use. If nil, a generic entity is created based on the process uid and gid.
Tracker- pointer to the connection tracker objec if connection tracking is desired. If nil, connections are not tracked.
isOK - if not nil sets the variable to true if successful and false, otherwise. Strongly recommended it be supplied.
Note:
Mutual authnetication requires that the server send an encrypted message proving that it holds the key before an identity is sent. For idDynamic this is the default and the message must be the login which must correspond to the key used to register the entity. This works well when keys are no more than 8 characters and consist only of letters and digits. The idMapped types provide greater freedom by using whatever userid was specified on the URL performing the login as the lookup key (i.e. the returned loginid is not used).
Enumerator:
idDynamic 

Mutual: Map loginid to registered identity Ident is default; if 0 nobody/nogroup

idMapped 

1Sided: Map loginid to registered identity Ident is default; if 0 nobody/nogroup

idMappedM 

Mutual: Map loginid to registered identity Ident is default; if 0 process uid/gid

idStatic 

1Sided: fixed identity sent to the server Ident as specified; if 0 process uid/gid Default if XrdSecsssID not instantiated!

idStaticM 

Mutual: fixed identity sent to the server Ident as specified; if 0 process uid/gid


Constructor & Destructor Documentation

XrdSecsssID::XrdSecsssID ( authType  aType = idStatic,
const XrdSecEntity Ident = 0,
XrdSecsssCon Tracker = 0,
bool *  isOK = 0 
)
XrdSecsssID::~XrdSecsssID (  )  [private]

Member Function Documentation

int XrdSecsssID::Find ( const char *  lid,
char *&  dP,
const char *  myIP,
int  dataOpts = 0 
) [private]

Find and return a id mapping.

Parameters:
lid - Pointer to the login ID to search for.
dP - Reference to a pointer where the serialized ID is returned. The caller is responsible for freeing the storage.
myIP - Pointer to IP address of client.
opts - Options to pass to the XrdSecsssEnt data extractor. See XrdSecsssEnt::rr_Data for details.
Returns:
The length of the structure pointed to by dP; zero if not found.
static XrdSecsssEnt* XrdSecsssID::genID ( bool  Secure  )  [static, private]
static XrdSecsssID* XrdSecsssID::getObj ( authType aType,
XrdSecsssEnt *&  idP 
) [static, private]

Get initial parameters for sss ID mapping.

Parameters:
atype - The authentication type used by this object.
idP - Reference to a pointer where the default ID is returned.
Returns:
A pointer to this object if it was instantiated, otherwise nil.
bool XrdSecsssID::Register ( const char *  lgnid,
const XrdSecEntity Ident,
bool  doReplace = false,
bool  defer = false 
)

Create or delete a mapping from a loginid to an entity description.

Parameters:
lgnid - Pointer to the login ID.
Ident - Pointer to the entity object to be registstered. If the pointer is NIL, then the mapping is deleted.
doRep - When true, any existing mapping is replaced.
defer - When true, the entity object is recorded but serialization is defered until the object is needed. The entity object must remain valid until the mapping is deleted. The entity may not be modified during this period.
Returns:
true - Mapping registered.
false - Mapping not registered because this object was not created as idDynamic idMapped, or idMappedM; or the mapping exists and doRep is false.

Friends And Related Function Documentation

friend class XrdSecProtocolsss [friend]

Member Data Documentation

bool XrdSecsssID::isStatic [private]
bool XrdSecsssID::trackOK [private]

The documentation for this class was generated from the following file:
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Defines

Generated on 7 Jul 2020 for xrootd by  doxygen 1.6.1