<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.8.3.1"/>
<title>xrootd: XrdSecService Class Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<td style="padding-left: 0.5em;">
<div id="projectname">xrootd
</div>
</td>
</tr>
</tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.8.3.1 -->
<div id="navrow1" class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main Page</span></a></li>
<li><a href="namespaces.html"><span>Namespaces</span></a></li>
<li class="current"><a href="annotated.html"><span>Classes</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
</ul>
</div>
<div id="navrow2" class="tabs2">
<ul class="tablist">
<li><a href="annotated.html"><span>Class List</span></a></li>
<li><a href="inherits.html"><span>Class Hierarchy</span></a></li>
<li><a href="functions.html"><span>Class Members</span></a></li>
</ul>
</div>
</div><!-- top -->
<div class="header">
<div class="summary">
<a href="#pub-methods">Public Member Functions</a> |
<a href="classXrdSecService-members.html">List of all members</a> </div>
<div class="headertitle">
<div class="title">XrdSecService Class Reference<span class="mlabels"><span class="mlabel">abstract</span></span></div> </div>
</div><!--header-->
<div class="contents">
<p><code>#include <<a class="el" href="XrdSecInterface_8hh_source.html">XrdSecInterface.hh</a>></code></p>
<table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="pub-methods"></a>
Public Member Functions</h2></td></tr>
<tr class="memitem:a17d92ec0050ec6c313632e6859fb1ef9"><td class="memItemLeft" align="right" valign="top">virtual const char * </td><td class="memItemRight" valign="bottom"><a class="el" href="classXrdSecService.html#a17d92ec0050ec6c313632e6859fb1ef9">getParms</a> (int &size, const char *hname=0)=0</td></tr>
<tr class="separator:a17d92ec0050ec6c313632e6859fb1ef9"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:aeb3be56a78fc1ddfbe6a0d2238bab5b3"><td class="memItemLeft" align="right" valign="top">virtual <a class="el" href="classXrdSecProtocol.html">XrdSecProtocol</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="classXrdSecService.html#aeb3be56a78fc1ddfbe6a0d2238bab5b3">getProtocol</a> (const char *host, const struct sockaddr &hadr, const <a class="el" href="XrdSecInterface_8hh.html#ac865fc555a9f4e3c220f88752cd2a1ba">XrdSecCredentials</a> *cred, <a class="el" href="classXrdOucErrInfo.html">XrdOucErrInfo</a> *einfo)=0</td></tr>
<tr class="separator:aeb3be56a78fc1ddfbe6a0d2238bab5b3"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:a9e73576ce7bebec43bc083425b562bbe"><td class="memItemLeft" align="right" valign="top"> </td><td class="memItemRight" valign="bottom"><a class="el" href="classXrdSecService.html#a9e73576ce7bebec43bc083425b562bbe">XrdSecService</a> ()</td></tr>
<tr class="memdesc:a9e73576ce7bebec43bc083425b562bbe"><td class="mdescLeft"> </td><td class="mdescRight">Constructor. <a href="#a9e73576ce7bebec43bc083425b562bbe">More...</a><br/></td></tr>
<tr class="separator:a9e73576ce7bebec43bc083425b562bbe"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:a8fa5c0b8d28e27ba1b6ec69b48f759ad"><td class="memItemLeft" align="right" valign="top">virtual </td><td class="memItemRight" valign="bottom"><a class="el" href="classXrdSecService.html#a8fa5c0b8d28e27ba1b6ec69b48f759ad">~XrdSecService</a> ()</td></tr>
<tr class="memdesc:a8fa5c0b8d28e27ba1b6ec69b48f759ad"><td class="mdescLeft"> </td><td class="mdescRight">Destructor. <a href="#a8fa5c0b8d28e27ba1b6ec69b48f759ad">More...</a><br/></td></tr>
<tr class="separator:a8fa5c0b8d28e27ba1b6ec69b48f759ad"><td class="memSeparator" colspan="2"> </td></tr>
</table>
<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
<div class="textblock"><p>Each specific protocol resides in a shared library named "libXrdSec<p>.so" where </p>
<p>is the protocol identifier (e.g., krb5, gsi, etc). The library contains a class derived from the <a class="el" href="classXrdSecProtocol.html">XrdSecProtocol</a> object. The library must also contain a three extern "C" functions: 1) <a class="el" href="classXrdSecProtocol.html">XrdSecProtocol</a></p>
<p>Init() Called for one-time protocol ininitialization. 2) <a class="el" href="classXrdSecProtocol.html">XrdSecProtocol</a></p>
<p>Object() Called for protocol object instantiation. 3) <a class="el" href="classXrdSecProtocol.html">XrdSecProtocol</a></p>
<p>ObjectVersion Inspected for the protocol object xrootd version number used in compilation. This optional but highly recommended (see later comments).Perform one-time initialization when the shared library containing the the protocol is loaded.</p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramname">who</td><td>contains 'c' when called on the client side and 's' when called on the server side. </td></tr>
<tr><td class="paramname">parms</td><td>when who == 'c' (client) the pointer is null. when who == 's' (server) argument points to any parameters specified in the config file with the seclib directive. If no parameters were specified, the pointer may be null. </td></tr>
<tr><td class="paramname">einfo</td><td>The error information object where error messages should be placed. Should einfo be null, messages should be written to stderr.</td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd>Success: The initial security token to be sent to the client during the login phase (i.e. authentication handshake). If no token need to be sent, a pointer to null string should be returned. Failure: A null pointer with einfo, if supplied, holding the reason for the failure.</dd></dl>
<p>Notes: 1) Function is called ince in single-thread mode and need not be thread-safe.</p>
<p>extern "C" char *XrdSecProtocol</p>
<p>Init (const char who, const char *parms, <a class="el" href="classXrdOucErrInfo.html">XrdOucErrInfo</a> *einfo) {. . . .}Obtain an instance of a protocol object.</p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramname">who</td><td>contains 'c' when called on the client side and 's' when called on the server side. </td></tr>
<tr><td class="paramname">hostname</td><td>client's hostname which may be an ip address. </td></tr>
<tr><td class="paramname">netaddr</td><td>client's host address. </td></tr>
<tr><td class="paramname">parms</td><td>when who == 'c' (client) points to the parms sent by the server upon the initial handshake (see Init() above). when who == 's' (server) is null. </td></tr>
<tr><td class="paramname">einfo</td><td>The error information object where error messages should be placed. Should einfo be null, messages should be written to stderr.</td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd>Success: A pointer to the protocol object. Failure: A null pointer with einfo, if supplied, holding the reason for the failure.</dd></dl>
<p>Notes 1) Warning! The protocol <em>must</em> allow both 'c' and 's' calls within the same execution context. This occurs when a server acts like a client. 2) This function must be thread-safe. 3) Additionally, you <em>should</em> declare the xrootd version you used to compile your plug-in. While not currently required, it is highly recommended to avoid execution issues should the class definition change. Declare it using XrdVERSIONINFO where <name> is the 1- to 15-character unquoted name of your plugin.</p>
<p>#include "XrdVersion.hh" XrdVERSIONINFO(XrdSecProtocol<p>Object,<name>);</p>
<p>extern "C" <a class="el" href="classXrdSecProtocol.html">XrdSecProtocol</a> *XrdSecProtocol</p>
<p>Object (const char who, const char *hostname, const struct sockaddr &netaddr, const char *parms, <a class="el" href="classXrdOucErrInfo.html">XrdOucErrInfo</a> *einfo ) {. . .}The following extern "C" functions provide protocol object management. That is, coordinating the use of the right authentication protocol between the client and server. The default implementation may be replaced via a plugin. Create a client security context and get a supported <a class="el" href="classXrdSecProtocol.html">XrdSecProtocol</a> object for one of the protocols suggested by the server and possibly based on the server's hostname or host address, as needed.</p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramname">host</td><td>The server's host name which may be an IP address. </td></tr>
<tr><td class="paramname">hadr</td><td>The server host address encoded in sockaddr. </td></tr>
<tr><td class="paramname">cred</td><td>The security token supplied by the server. The pointer may be null if the server did not supply a security token. </td></tr>
<tr><td class="paramname">einfo</td><td>The structure to record any error messages. These are normally sent to the client. If einfo is a null pointer, the messages should be sent to standard error.</td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd>Success: Address of protocol object to be used for authentication. If cred was null, a host protocol object should be returned if so allowed. The object's delete method should be called to release the storage. Failure: Null, no protocol can be returned. The einfo parameter, if supplied, has the reason.</dd></dl>
<p>Notes: 1) There should be one protocol object per physical TCP/IP connections. 2) When the connection is closed, the protocol's Delete() method should be called to properly delete the object. 3) The method and the returned object should be MT-safe. 4) When replacing the default implementation with a plug-in the extern "C" function below must exist in your shared library. 5) Additionally, you <em>should</em> declare the xrootd version you used to compile your plug-in. While not currently required, it is highly recommended to avoid execution issues should the class definition change. Declare it using XrdVERSIONINFO where <name> is the 1- to 15-character unquoted name of your plugin.</p>
<p>#include "XrdVersion.hh" XrdVERSIONINFO(XrdSecGetProtocol,<name>);</p>
<p>extern "C" <a class="el" href="classXrdSecProtocol.html">XrdSecProtocol</a> *XrdSecGetProtocol(const char *hostname, const struct sockaddr &netaddr, XrdSecParameters &parms, <a class="el" href="classXrdOucErrInfo.html">XrdOucErrInfo</a> *einfo=0) {....}</p>
<p>The <a class="el" href="classXrdSecService.html">XrdSecService</a> object is the the object that the server uses to obtain parameters to be passed to the client on initial contact and to create the appropriate protocol on the initial receipt of the client's credentials. Server-side processing is a bit more complicated because the set of valid protocols needs to be configured and that configuration needs to be supplied to the client so that both can agree on a compatible protocol. This object is created via a call to XrdSecgetService, defined later on. You may replace the default implementation by defining a plugin via the seclib directive.</p>
<p>Warning: The <a class="el" href="classXrdSecService.html">XrdSecService</a> object as well as any objects returned by it should be MT-safe. </p>
</div><h2 class="groupheader">Constructor & Destructor Documentation</h2>
<a class="anchor" id="a9e73576ce7bebec43bc083425b562bbe"></a>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<tr>
<td class="mlabels-left">
<table class="memname">
<tr>
<td class="memname">XrdSecService::XrdSecService </td>
<td>(</td>
<td class="paramname"></td><td>)</td>
<td></td>
</tr>
</table>
</td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">inline</span></span> </td>
</tr>
</table>
</div><div class="memdoc">
<p>Constructor. </p>
</div>
</div>
<a class="anchor" id="a8fa5c0b8d28e27ba1b6ec69b48f759ad"></a>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<tr>
<td class="mlabels-left">
<table class="memname">
<tr>
<td class="memname">virtual XrdSecService::~XrdSecService </td>
<td>(</td>
<td class="paramname"></td><td>)</td>
<td></td>
</tr>
</table>
</td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">inline</span><span class="mlabel">virtual</span></span> </td>
</tr>
</table>
</div><div class="memdoc">
<p>Destructor. </p>
</div>
</div>
<h2 class="groupheader">Member Function Documentation</h2>
<a class="anchor" id="a17d92ec0050ec6c313632e6859fb1ef9"></a>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<tr>
<td class="mlabels-left">
<table class="memname">
<tr>
<td class="memname">virtual const char* XrdSecService::getParms </td>
<td>(</td>
<td class="paramtype">int & </td>
<td class="paramname"><em>size</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">const char * </td>
<td class="paramname"><em>hname</em> = <code>0</code> </td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td>
</tr>
</table>
</td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">pure virtual</span></span> </td>
</tr>
</table>
</div><div class="memdoc">
<p>Obtain security parameters to be sent to the client upon initial contact.</p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramname">size</td><td>Where the length of the return parameters are to be placed. </td></tr>
<tr><td class="paramname">hname</td><td>The client's host name which may be an IP address. It may also be a null pointer if the client's host is immaterial.</td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd>EITHER The address of the parameter string (which may be host-specific if hname was supplied). The length of the string must be returned in size parameter. OR A null pointer if authentication need not occur for the client. The size parameter should be set to zero as well. </dd></dl>
</div>
</div>
<a class="anchor" id="aeb3be56a78fc1ddfbe6a0d2238bab5b3"></a>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<tr>
<td class="mlabels-left">
<table class="memname">
<tr>
<td class="memname">virtual <a class="el" href="classXrdSecProtocol.html">XrdSecProtocol</a>* XrdSecService::getProtocol </td>
<td>(</td>
<td class="paramtype">const char * </td>
<td class="paramname"><em>host</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">const struct sockaddr & </td>
<td class="paramname"><em>hadr</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">const <a class="el" href="XrdSecInterface_8hh.html#ac865fc555a9f4e3c220f88752cd2a1ba">XrdSecCredentials</a> * </td>
<td class="paramname"><em>cred</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="classXrdOucErrInfo.html">XrdOucErrInfo</a> * </td>
<td class="paramname"><em>einfo</em> </td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td>
</tr>
</table>
</td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">pure virtual</span></span> </td>
</tr>
</table>
</div><div class="memdoc">
<p>Obtain a protocol object suitable for authentication based on cred and possibly based on the hostname or host address, as needed.</p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramname">host</td><td>The client's host name which may be an IP address. </td></tr>
<tr><td class="paramname">hadr</td><td>The client host address encoded in sockaddr. </td></tr>
<tr><td class="paramname">cred</td><td>The initial credentials supplied by the client, the pointer may be null if the client did not supply credentials. </td></tr>
<tr><td class="paramname">einfo</td><td>The structure to record any error messages. These are normally sent to the client. If einfo is a null pointer, the messages should be sent to standard error via an <a class="el" href="classXrdSysError.html">XrdSysError</a> object using the supplied <a class="el" href="classXrdSysLogger.html">XrdSysLogger</a> when the the plugin was initialized.</td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd>Success: Address of protocol object to be used for authentication. If cred was null, a host protocol object shouldpo be returned if so allowed. Failure: Null, no protocol can be returned. The einfo parameter, if supplied, has the reason. </dd></dl>
</div>
</div>
<hr/>The documentation for this class was generated from the following file:<ul>
<li><a class="el" href="XrdSecInterface_8hh_source.html">XrdSecInterface.hh</a></li>
</ul>
</div><!-- contents -->
<!-- start footer part -->
<hr class="footer"/><address class="footer"><small>
Generated by  <a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/>
</a> 1.8.3.1
</small></address>
</body>
</html>
distrib
>
Fedora
>
18
>
x86_64
>
media
>
updates
>
by-pkgid
>
749e483016bbc41594aeb77eb13e3491
>
files
>
899
