36 extern XrdTlsContext *
xrdctx;
47const char *TraceID =
"Security";
56bool XrdHttpProtocol::InitSecurity() {
61 eDest.Say(
"Error instantiating crypto factory ssl",
"");
96XrdHttpProtocol::HandleAuthentication(
XrdLink* lp)
98 EPNAME(
"HandleAuthentication");
99 int rc_ssl = SSL_get_verify_result(ssl);
102 TRACEI(
DEBUG,
" SSL_get_verify_result returned :" << rc_ssl);
106 XrdTlsPeerCerts pc(SSL_get_peer_certificate(ssl),SSL_get_peer_cert_chain(ssl));
107 XrdCryptoX509Chain chain;
109 if ((!pc.hasCert()) ||
110 (myCryptoFactory && !myCryptoFactory->X509ParseStack()(&pc, &chain))) {
111 TRACEI(
DEBUG,
"No certificate found in peer chain.");
118 const char * dn = chain.
EECname();
119 const char * eechash = chain.
EEChash();
121 if (!dn || !eechash) {
124 TRACEI(
DEBUG,
"Failed to extract DN information.");
138 if (GetVOMSData(lp)) {
141 if (isRequiredXtractor) {
142 eDest.Emsg(epname,
"Failed extracting required VOMS info for DN: ",
149 auto retval = HandleGridMap(lp, eechash);
160XrdHttpProtocol::HandleGridMap(
XrdLink* lp,
const char * eechash)
171 SecEntity.eaAPI->Add(
"gridmap.name",
"1",
true);
174 TRACEI(ALL,
" Mapping name: " <<
SecEntity.moninfo <<
" Failed. err: " << mape);
177 eDest.Emsg(epname,
"Required gridmap mapping failed for DN:",
185 TRACEI(
DEBUG,
" Will fallback name to subject hash: " << eechash);
196 char *lnpos = strstr(
SecEntity.moninfo,
"/CN=");
202 char *lnpos2 = index(lnpos,
'/');
204 int l = ( lnpos2-lnpos < (int)
sizeof(bufname) ? lnpos2-lnpos : (int)
sizeof(bufname)-1 );
205 strncpy(bufname, lnpos, l);
210 strcpy(bufname2,
"unknown-");
211 for (
int i = (
int)strlen(bufname)-1; i >= 0; i--) {
212 if (isalnum(bufname[i])) {
214 bufname2[j] = bufname[i];
221 TRACEI(
DEBUG,
" Setting link name: '" << bufname2+j <<
"'");
222 lp->
setID(bufname2+j, 0);
231 for (
int i = (
int)strlen(
SecEntity.moninfo)-1; i >= 0; i--) {
248int XrdHttpProtocol::GetVOMSData(
XrdLink *lp)
264 int r = secxtractor->GetSecData(lp,
SecEntity, ssl);
272 TRACEI(ALL,
" Certificate data extraction failed: " <<
SecEntity.moninfo
273 <<
" Failed. err: " << r);
XrdSysTrace XrdHttpTrace("http")
A pragmatic implementation of the HTTP/DAV protocol for the Xrd framework.
XrdOucGMap * XrdOucgetGMap(XrdOucGMapArgs)
static XrdCryptoFactory * GetCryptoFactory(const char *factoryname)
void Cleanup(bool keepCA=0)
static char * gridmap
Gridmap file location. The same used by XrdSecGsi.
static XrdOucGMap * servGMap
The instance of the DN mapper. Created only when a valid path is given.
static bool compatNameGeneration
static bool isRequiredGridmap
XrdSecEntity SecEntity
Authentication area.
void setID(const char *userid, int procid)
const char * c_str() const