00001 #ifndef __SecsssRR__ 00002 #define __SecsssRR__ 00003 /******************************************************************************/ 00004 /* */ 00005 /* X r d S e c s s s R R . h h */ 00006 /* */ 00007 /* (c) 2008 by the Board of Trustees of the Leland Stanford, Jr., University */ 00008 /* All Rights Reserved */ 00009 /* Produced by Andrew Hanushevsky for Stanford University under contract */ 00010 /* DE-AC02-76-SFO0515 with the Department of Energy */ 00011 /* */ 00012 /* This file is part of the XRootD software suite. */ 00013 /* */ 00014 /* XRootD is free software: you can redistribute it and/or modify it under */ 00015 /* the terms of the GNU Lesser General Public License as published by the */ 00016 /* Free Software Foundation, either version 3 of the License, or (at your */ 00017 /* option) any later version. */ 00018 /* */ 00019 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */ 00020 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ 00021 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ 00022 /* License for more details. */ 00023 /* */ 00024 /* You should have received a copy of the GNU Lesser General Public License */ 00025 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ 00026 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */ 00027 /* */ 00028 /* The copyright holder's institutional names and contributor's names may not */ 00029 /* be used to endorse or promote products derived from this software without */ 00030 /* specific prior written permission of the institution or contributor. */ 00031 /******************************************************************************/ 00032 00033 #include <stdint.h> 00034 #include <string.h> 00035 #include <time.h> 00036 00037 #include "XrdSecsss/XrdSecsssKT.hh" 00038 00039 // The following is the packet header and is always unencrypted. 00040 // 00041 struct XrdSecsssRR_Hdr 00042 { 00043 char ProtID[4]; // Protocol ID ("sss") 00044 char Pad[2]; // Padding bytes 00045 uint8_t knSize; // Appended keyname size w/ null byte 00046 char EncType; // Encryption type as one of: 00047 static const char etBFish32 = '0'; // Blowfish 00048 00049 long long KeyID; // Key ID for encryption 00050 }; 00051 00052 // Following this struct extends the original V1 struct with the keyname. V2 00053 // clients send the extended header to v2 servers. It must be a multiple of 00054 // 8 bytes and end with a null byte. Keynames have a maximum size as defined 00055 // in XrdSecsssKT. The keyname qualifies the lookup of the KeyID. 00056 // 00057 struct XrdSecsssRR_Hdr2 : XrdSecsssRR_Hdr 00058 { 00059 char keyName[XrdSecsssKT::ktEnt::NameSZ]; 00060 }; 00061 00062 // The data portion of the packet is encrypted with the private shared key 00063 // It immediately follows the header and has a maximum size (defined here). 00064 // 00065 struct XrdSecsssRR_DataHdr 00066 { 00067 char Rand[32]; // 256-bit random string (avoid text attacks) 00068 int GenTime; // Time data generated (time(0) - BaseTime) 00069 char Pad[3]; // Reserved 00070 char Options; // One of the following: 00071 static const char UseData= 0x00; // Use the ID data as authenticated name 00072 static const char SndLID = 0x01; // Server to send login ID 00073 static const char Ask4Mor= 0x02; // Ask for additional data (future) 00074 // Note: A variable length data portion follows the header 00075 }; 00076 00077 static const int XrdSecsssRR_Data_HdrLen = sizeof(XrdSecsssRR_DataHdr); 00078 00079 struct XrdSecsssRR_Data : XrdSecsssRR_DataHdr 00080 { 00081 static const int MaxCSz = 2048; // Maximum size of returned credentials 00082 static const int MaxDSz =16344; // Maximum size of v2 inline data 00083 static const int MinDSz = 128; // Minimum size for the data segment 00084 static const int DataSz = 4040; // Maximum size of V1 inline data 00085 char Data[DataSz]; // Optional V1 data (only for back compat) 00086 00087 // (<Flag><packed null terminated string>)+ 00088 // 00089 static const char theName = 0x01; // V1 and V2 00090 static const char theVorg = 0x02; // V1 and V2 00091 static const char theRole = 0x03; // V1 and V2 00092 static const char theGrps = 0x04; // V1 and V2 00093 static const char theEndo = 0x05; // V1 and V2 00094 static const char theCred = 0x06; // V2: Actual credentials 00095 static const char theRand = 0x07; // V1 and V2: Random string (ignored) 00096 00097 static const char theAuth = 0x08; // V2: original authentication protocol 00098 static const char theTID = 0x09; // V2: The trace ID 00099 static const char theAKey = 0x0a; // V2: attribute key 00100 static const char theAVal = 0x0b; // V2: attribute value for preceeding key 00101 static const char theUser = 0x0c; // V2: the Unix user name (original) 00102 static const char theGrup = 0x0d; // V2: the Unix group name (original) 00103 static const char theCaps = 0x0e; // V2: the x509 capabilities 00104 00105 static const char theLgid = 0x10; // from server only 00106 static const char theHost = 0x20; // from client only (required) 00107 }; 00108 00109 // Struct used to effect a short response from the server 00110 // 00111 struct XrdSecsssRR_DataResp : XrdSecsssRR_DataHdr 00112 { 00113 char Data[XrdSecsssRR_Data::MinDSz + 16]; 00114 }; 00115 #endif