00001 #ifndef __XRDSECPROTECT_H__ 00002 #define __XRDSECPROTECT_H__ 00003 /******************************************************************************/ 00004 /* */ 00005 /* X r d S e c P r o t e c t . h h */ 00006 /* */ 00007 /* (c) 2016 by the Board of Trustees of the Leland Stanford, Jr., University */ 00008 /* Produced by Andrew Hanushevsky for Stanford University under contract */ 00009 /* DE-AC02-76-SFO0515 with the Department of Energy */ 00010 /* */ 00011 /* This file is part of the XRootD software suite. */ 00012 /* */ 00013 /* XRootD is free software: you can redistribute it and/or modify it under */ 00014 /* the terms of the GNU Lesser General Public License as published by the */ 00015 /* Free Software Foundation, either version 3 of the License, or (at your */ 00016 /* option) any later version. */ 00017 /* */ 00018 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */ 00019 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ 00020 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ 00021 /* License for more details. */ 00022 /* */ 00023 /* You should have received a copy of the GNU Lesser General Public License */ 00024 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ 00025 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */ 00026 /* */ 00027 /* The copyright holder's institutional names and contributor's names may not */ 00028 /* be used to endorse or promote products derived from this software without */ 00029 /* specific prior written permission of the institution or contributor. */ 00030 /******************************************************************************/ 00031 00032 #include "XProtocol/XProtocol.hh" 00033 00034 //------------------------------------------------------------------------------ 00036 //------------------------------------------------------------------------------ 00037 //------------------------------------------------------------------------------ 00043 //------------------------------------------------------------------------------ 00044 00045 #define NEED2SECURE(protP) protP && ((*protP).*(protP->Need2Secure)) 00046 00047 /******************************************************************************/ 00048 /* X r d S e c P r o t e c t */ 00049 /******************************************************************************/ 00050 00051 struct iovec; 00052 class XrdSecProtectParms; 00053 class XrdSecProtocol; 00054 00055 class XrdSecProtect 00056 { 00057 public: 00058 friend class XrdSecProtector; 00059 00060 //------------------------------------------------------------------------------ 00062 //------------------------------------------------------------------------------ 00063 00064 virtual void Delete() {delete this;} 00065 00066 //------------------------------------------------------------------------------ 00074 //------------------------------------------------------------------------------ 00075 00076 bool (XrdSecProtect::*Need2Secure)(ClientRequest &thereq); 00077 00078 //------------------------------------------------------------------------------ 00102 //------------------------------------------------------------------------------ 00103 00104 virtual int Secure(SecurityRequest *&newreq, 00105 ClientRequest &thereq, 00106 const char *thedata 00107 ); 00108 00109 //------------------------------------------------------------------------------ 00121 //------------------------------------------------------------------------------ 00122 00123 virtual const char *Verify(SecurityRequest &secreq, 00124 ClientRequest &thereq, 00125 const char *thedata 00126 ); 00127 00128 //------------------------------------------------------------------------------ 00130 //------------------------------------------------------------------------------ 00131 00132 virtual ~XrdSecProtect() {} 00133 00134 protected: 00135 00136 XrdSecProtect(XrdSecProtocol *aprot=0, bool edok=true) // Client! 00137 : Need2Secure(&XrdSecProtect::Screen), 00138 authProt(aprot), secVec(0), lastSeqno(1), 00139 edOK(edok), secVerData(false) 00140 {} 00141 00142 XrdSecProtect(XrdSecProtocol *aprot, XrdSecProtect &pRef, // Server! 00143 bool edok=true) 00144 : Need2Secure(&XrdSecProtect::Screen), 00145 authProt(aprot), secVec(pRef.secVec), 00146 lastSeqno(0), edOK(edok), 00147 secVerData(pRef.secVerData) {} 00148 00149 void SetProtection(const ServerResponseReqs_Protocol &inReqs); 00150 00151 private: 00152 bool GetSHA2(unsigned char *hBuff, struct iovec *iovP, int iovN); 00153 bool Screen(ClientRequest &thereq); 00154 00155 XrdSecProtocol *authProt; 00156 const char *secVec; 00157 ServerResponseReqs_Protocol myReqs; 00158 union {kXR_unt64 lastSeqno; // Used by Secure() 00159 kXR_unt64 nextSeqno; // Used by Verify() 00160 }; 00161 bool edOK; 00162 bool secVerData; 00163 static const unsigned int maxRIX = kXR_REQFENCE-kXR_auth; 00164 char myVec[maxRIX]; 00165 }; 00166 #endif