XRootD
Loading...
Searching...
No Matches
XrdVomsFun.cc
Go to the documentation of this file.
1/******************************************************************************/
2/* */
3/* X r d V o m s F u n . c c */
4/* */
5/* (C) 2013 G. Ganis, CERN */
6/* */
7/* All rights reserved. The copyright holder's institutional names may not */
8/* be used to endorse or promote products derived from this software without */
9/* specific prior written permission. */
10/* */
11/* This file is part of the VOMS extraction XRootD plug-in software suite, */
12/* here after called VOMS-XRootD (see https://github.com/gganis/voms). */
13/* */
14/* VOMS-XRootD is free software: you can redistribute it and/or modify it */
15/* under the terms of the GNU Lesser General Public License as published by */
16/* the Free Software Foundation, either version 3 of the License, or (at */
17/* your option) any later version. */
18/* */
19/* VOMS-XRootD is distributed in the hope that it will be useful, but */
20/* WITHOUT ANY WARRANTY, not even the implied warranty of MERCHANTABILITY or */
21/* FITNESS FOR A PARTICULAR PURPOSE. */
22/* See the GNU Lesser General Public License for more details. */
23/* */
24/* You should have received a copy of the GNU Lesser General Public License */
25/* along with VOMS-XRootD in a file called COPYING.LGPL (LGPL license) and */
26/* file COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
27/* */
28/******************************************************************************/
29
30/******************************************************************************/
31/* */
32/* See README.md for hints about usage of this library */
33/* */
34/******************************************************************************/
35
36#include <cstdio>
37#include <cstdlib>
38#include <cstring>
39#include <cerrno>
40
41#include "XrdVoms.hh"
42#include "XrdVomsFun.hh"
43#include "XrdVomsTrace.hh"
44#include "XrdVomsMapfile.hh"
45
46#include "XrdCrypto/XrdCryptoX509.hh"
47#include "XrdCrypto/XrdCryptoX509Chain.hh"
48#include "XrdSec/XrdSecEntity.hh"
49#include "XrdSys/XrdSysLogger.hh"
50
51/******************************************************************************/
52/* L o c a l D e f i n e s */
53/******************************************************************************/
54
55#ifndef SafeFree
56#define SafeFree(x) { if (x) free(x) ; x = 0; }
57#endif
58
59#define VOMSDBG(m) \
60 if (gDebug) { \
61 PRINT(m); \
62 }
63
64#define VOMSDBGSUBJ(m, c) \
65 if (gDebug) { \
66 XrdOucString subject; \
67 NameOneLine(X509_get_subject_name(c), subject); \
68 PRINT(m << subject); \
69 }
70
71#define VOMSREPLACE(a, f, e) \
72 if (a.length() > 0) { \
73 f.replace("<g>", e.grps); \
74 f.replace("<r>", e.role); \
75 f.replace("<vo>", e.vorg); \
76 f.replace("<an>", e.endorsements); \
77 }
78
79#define VOMSSPTTAB(a) \
80 if (a.length() > 0) { \
81 int sp = -1; \
82 while ((sp = a.find(' ', sp+1)) != STR_NPOS) { a[sp] = '\t'; } \
83 }
84
85#define FATAL(x) {std::cerr <<"VomsFun: "<<x<<std::endl; aOK = false;}
86
87namespace
88{
89static const int gSelAll = 0;
90static const int gSelGrps = 1;
91static const short gUseFirst = 0;
92static const short gUseLast = 1;
93static const short gUseAll = 2;
94}
95
96/******************************************************************************/
97/* C o n s t r u c t o r */
98/******************************************************************************/
99
100XrdVomsFun::XrdVomsFun(XrdSysError &erp)
101 : gGrpWhich(gUseAll), gDebug(0), gDest(erp),
102 gLogger(erp.logger())
103{
104 gCertFmt = gCertRaw; // certfmt:raw|pem|x509 [raw]
105};
106
107/******************************************************************************/
108/* N a m e O n e L i n e */
109/******************************************************************************/
110
111// Function to convert X509_NAME into a one-line human readable string
112//
113void XrdVomsFun::NameOneLine(X509_NAME *nm, XrdOucString &s)
114{
115 BIO *mbio = BIO_new(BIO_s_mem());
116 X509_NAME_print_ex(mbio, nm, 0, XN_FLAG_COMPAT);
117 char *data = 0;
118 long len = BIO_get_mem_data(mbio, &data);
119 s = "/";
120 s.insert(data, 1, len);
121 BIO_free(mbio);
122 s.replace(", ", "/");
123
124 // Done
125 return;
126}
127
128/******************************************************************************/
129/* F m t R e p l a c e */
130/******************************************************************************/
131
132// Method to convert X509_NAME into a one-line human readable string
133//
134void XrdVomsFun::FmtReplace(XrdSecEntity &ent)
135{
136 XrdOucString gf(gGrpFmt), rf(gRoleFmt), vf(gVoFmt);
137
138 VOMSREPLACE(gGrpFmt, gf, ent);
139 VOMSREPLACE(gRoleFmt, rf, ent);
140 VOMSREPLACE(gVoFmt, vf, ent);
141
142 if (gf.length() > 0) {
143 SafeFree(ent.grps);
144 ent.grps = strdup(gf.c_str());
145 }
146 if (rf.length() > 0) {
147 SafeFree(ent.role);
148 ent.role = strdup(rf.c_str());
149 }
150 if (vf.length() > 0) {
151 SafeFree(ent.vorg);
152 ent.vorg = strdup(vf.c_str());
153 }
154}
155
156/******************************************************************************/
157/* F m t E x t r a c t */
158/******************************************************************************/
159
160// Method to extract out a tag
161//
162void XrdVomsFun::FmtExtract(XrdOucString &out,
163 XrdOucString in, const char *tag)
164{
165 // Output group format string
166 int igf = in.find(tag);
167 if (igf != STR_NPOS) {
168 int from = igf + strlen(tag);
169 if (in[from] == '"') {
170 out.assign(in, from + 1);
171 out.erase(out.find('"'));
172 } else {
173 out.assign(in, from);
174 while(out.endswith(' ')) out.erasefromend(1);
175 }
176 }
177}
178
179/******************************************************************************/
180/* V O M S F u n */
181/******************************************************************************/
182
183// The Main Method
184//
185int XrdVomsFun::VOMSFun(XrdSecEntity &ent)
186{
187 // Implementation of XrdSecgsiAuthzFun extracting the information from the
188 // proxy chain in entity.creds
189 EPNAME("Fun");
190
191 vomsdata v;
192 X509 *pxy = 0;
193 STACK_OF(X509) *stk = 0;
194 int freestk = 1;
195
196// Set extractor name in the XrdSecEntity object
197//
198 strcpy(ent.prox, "xrdvoms");
199
200 if (gCertFmt == gCertRaw) {
201 //
202 // RAW format
203 //
204 XrdCryptoX509Chain *c = (XrdCryptoX509Chain *) ent.creds;
205 if (!c) {
206 PRINT("ERROR: no proxy chain found!");
207 return -1;
208 }
209
210 XrdCryptoX509 *xp = c->End();
211 if (!xp) {
212 PRINT("ERROR: no proxy certificate in chain!");
213 return -1;
214 }
215 pxy = (X509 *) xp->Opaque();
216 VOMSDBGSUBJ("proxy: ", pxy)
217 freestk = 2;
218
219 stk =sk_X509_new_null();
220 XrdCryptoX509 *xxp = c->Begin();
221 while (xxp) {
222 if (xxp == c->End()) break;
223 if (xxp->type != XrdCryptoX509::kCA) {
224 VOMSDBGSUBJ("adding cert: ", (X509 *) xxp->Opaque())
225 sk_X509_push(stk, (X509 *) xxp->Opaque());
226 }
227 xxp = c->Next();
228 }
229 } else if (gCertFmt == gCertPEM) {
230 //
231 // PEM format
232 //
233 // Create a bio_mem to store the certificates
234 BIO *bmem = BIO_new(BIO_s_mem());
235 if (!bmem) {
236 PRINT("unable to create BIO for memory operations");
237 return -1;
238 }
239
240 // Write data to BIO
241 int nw = BIO_write(bmem, (const void *)(ent.creds), ent.credslen);
242 if (nw != ent.credslen) {
243 PRINT("problems writing data to memory BIO (nw: "<<nw<<")");
244 BIO_free(bmem);
245 return -1;
246 }
247
248 // Get certificate from BIO
249 if (!(pxy = PEM_read_bio_X509(bmem,0,0,0))) {
250 PRINT("unable to read certificate to memory BIO");
251 BIO_free(bmem);
252 return -1;
253 }
254 VOMSDBGSUBJ("proxy: ", pxy)
255 //
256 // The chain now
257 X509 *xc = 0;
258 stk =sk_X509_new_null();
259 while ((xc = PEM_read_bio_X509(bmem,0,0,0))) {
260 VOMSDBGSUBJ("adding cert: ", xc)
261 sk_X509_push(stk, xc);
262 }
263 //
264 // Free BIO
265 BIO_free(bmem);
266
267 } else {
268 //
269 // STACK_OF(X509) format
270 //
271 Voms_x509_in_t *voms_in = (Voms_x509_in_t *) ent.creds;
272 pxy = voms_in->cert;
273 stk = voms_in->chain;
274 freestk = 0;
275 }
276
277 bool extfound = 0;
278 XrdOucString endor, grps, role, vo, xendor, xgrps, xrole, xvo;
279 if (v.Retrieve(pxy, stk, RECURSE_CHAIN)) {
280 VOMSDBG("retrieval successful");
281 extfound = 1;
282 std::vector<voms>::iterator i = v.data.begin();
283 for ( ; i != v.data.end(); i++) {
284 VOMSDBG("found VO: " << (*i).voname);
285 xvo = (*i).voname.c_str(); VOMSSPTTAB(xvo);
286 // Filter the VO? (*i) is voms
287 if (gVOs.Num() > 0 && !gVOs.Find((*i).voname.c_str())) continue;
288 // Save VO name (in tuple mode this is done later, in the loop over groups)
289 if (gGrpWhich < gUseAll) vo = xvo;
290 std::vector<data> dat = (*i).std;
291 std::vector<data>::iterator idat = dat.begin();
292 // Same size as std::vector<data> by construction (same information in compact form)
293 std::vector<std::string> fqa = (*i).fqan;
294 std::vector<std::string>::iterator ifqa = fqa.begin();
295 for (; idat != dat.end(); idat++, ifqa++) {
296 VOMSDBG(" ---> group: '"<<(*idat).group<<"', role: '"<<(*idat).role<<"', cap: '" <<(*idat).cap<<"'");
297 VOMSDBG(" ---> fqan: '"<<(*ifqa)<<"'");
298 xgrps = (*idat).group.c_str(); VOMSSPTTAB(xgrps);
299 xrole = (*idat).role.c_str(); VOMSSPTTAB(xrole);
300 xendor = (*ifqa).c_str(); VOMSSPTTAB(xendor);
301 bool fillgrp = true;
302 if (gGrps.Num() && !gGrps.Find((*idat).group.c_str()))
303 fillgrp = false;
304 if (fillgrp) {
305 if (gGrpWhich == gUseAll) {
306 if (vo.length() > 0) vo += " ";
307 vo += (*i).voname.c_str();
308 if (grps.length() > 0) grps += " ";
309 grps += (*idat).group.c_str();
310 if (role.length() > 0) role += " ";
311 role += (*idat).role.c_str();
312 if (endor.length() > 0) endor += ",";
313 endor += (*ifqa).c_str();
314 } else {
315 grps = (*idat).group.c_str();
316 role = (*idat).role.c_str();
317 endor = (*ifqa).c_str();
318 }
319 }
320 // If we are asked to take the first we break
321 if (gGrpWhich == gUseFirst && grps.length() > 0) break;
322 }
323 if (grps.length() <= 0) {
324 // Reset all the fields
325 role = "";
326 vo = "";
327 endor = "";
328 }
329 }
330 // Save the information found
331 SafeFree(ent.vorg);
332 SafeFree(ent.grps);
333 SafeFree(ent.role);
334 SafeFree(ent.endorsements);
335 if (vo.length() > 0) {
336 ent.vorg = strdup(vo.c_str());
337 // Save the groups
338 if (grps.length() > 0) ent.grps = strdup(grps.c_str());
339 if (role.length() > 0) ent.role = strdup(role.c_str());
340 // Save the whole string in endorsements
341 if (endor.length() > 0) ent.endorsements = strdup(endor.c_str());
342 } else if (extfound) {
343 VOMSDBG("VOMS extensions do not match required criteria ("<<gRequire<<")");
344 }
345 } else {
346 PRINT("retrieval FAILED: "<< v.ErrorMessage());
347 }
348
349 // Fix spaces in XrdSecEntity::name
350// char *sp = 0;
351// while ((sp = strchr(ent.name, ' '))) { *sp = '\t'; }
352
353 // Adjust the output format, if required
354 FmtReplace(ent);
355
356 // Free memory taken by the chain, if required
357 if (stk && freestk > 0) {
358 if (freestk == 1) {
359 sk_X509_pop_free(stk, X509_free);
360 X509_free(pxy);
361 } else if (freestk == 2) {
362 while (sk_X509_pop(stk)) { }
363 sk_X509_free(stk);
364 }
365 }
366
367 // Success or failure?
368 int rc = !ent.vorg ? -1 : 0;
369 if (rc == 0 && gGrps.Num() && !ent.grps) rc = -1;
370
371 // If we have a mapfile object, apply the mapping now.
372 if (m_mapfile) {
373 auto mapfile_rc = m_mapfile->Apply(ent);
374 rc = rc ? rc : mapfile_rc;
375 }
376
377 // Done
378 return rc;
379}
380
381/******************************************************************************/
382/* V O M S I n i t */
383/******************************************************************************/
384
385// Method to initialize this object
386//
387int XrdVomsFun::VOMSInit(const char *cfg)
388{
389 // Initialize the relevant parameters from the 'cfg' string.
390 // Return -1 on failure.
391 // Otherwise, the return code indicates the format required by the main function
392 // defined by 'certfmt' below.
393 //
394 // Supported options:
395 // certfmt=raw|pem|x509 Certificate format: [raw]
396 // raw to be used with XrdCrypto tools
397 // pem PEM base64 format (i.e. cert files)
398 // x509 As a STACK_OF(X509)
399 // grpopt=opt What to do with the group names: [1]
400 // opt = sel * 10 + which
401 // with 'sel'
402 // 0 consider all those present
403 // 1 select among those specified by
404 // 'grps' (see below)
405 // and 'which'
406 // 0 take the first one
407 // 1 take the last
408 // 2 take all
409 //
410 // grpopt=useall|usefirst|uselast
411 // useall: all applicable groups
412 // usefirst: only the first applicable on
413 // uselast: only the last applicable on
414 //
415 // grps=grp1[,grp2,...] Group(s) for which the information is
416 // extracted; if specified the gropt
417 // 'sel' is set to 1 regardless of
418 // the setting.
419 // vos=vo1[,vo2,...] VOs to be considered; the first match is taken
420 // grpfmt=<string> Format to use for XrdSecEntity::grps
421 // rolefmt=<string> Format to use for XrdSecEntity::role
422 // vofmt=<string> Format to use for XrdSecEntity::vorg
423 // Recognized place holders in the above
424 // format strings:
425 // <r> role, from the parsing procedure
426 // <g> group
427 // <vo> VO
428 // <an> Full Qualified Attribute Name
429 // For example, rolefmt=<g>,grpfmt=<r> will
430 // inverse the group and role in XrdSecEntity
431 // dbg To force verbose mode
432 //
433 EPNAME("Init");
434 vomsdata vomsInit; // This forces libssl initialization at load time
435
436 XrdOucString oos(cfg);
437
438 XrdOucString fmt, go, grps, voss, gfmt, rfmt, vfmt, sdbg, sdbg2;
439 XrdOucString gr, vo, ss;
440 bool aOK = true;
441
442 if (oos.length() > 0) {
443
444#define NTAG 9
445 XrdOucString *var[NTAG] = { &fmt, &go, &grps, &voss, &gfmt, &rfmt, &vfmt,
446 &sdbg, &sdbg2};
447 const char *tag[] = {"certfmt=", "grpopt=", "grps=", "vos=",
448 "grpfmt=", "rolefmt=", "vofmt=", "dbg", "dbg2"};
449 int jb[NTAG], je[NTAG];
450
451 // Begin of ranges
452 int i = 0, j = -1;
453 for(; i < NTAG; i++) {
454 jb[i] = -1;
455 int j = oos.find(tag[i]);
456 if (j != STR_NPOS) jb[i] = j;
457// DEBUG("["<<i<<"] "<<tag[i]<<" is "<<(j == STR_NPOS?"no":"")<<"spec");
458 }
459 // End of ranges
460 for(i = 0; i < NTAG; i++) {
461 je[i] = -1;
462// DEBUG("-------------");
463 if (jb[i] > -1) {
464 int k = -1;
465 for(j = 0; j < NTAG; j++) {
466 if (j != i) {
467 if (jb[j] > jb[i] && (k < 0 || jb[j] < jb[k])) k = j;
468// DEBUG("jb[" << j << "] = " << jb[j] <<" jb[ "<< i<<"] = "<<jb[i] << " -> k:" << k);
469 }
470 }
471 if (k >= 0) {
472 je[i] = jb[k] - 2;
473 } else {
474 je[i] = oos.length() - 1;
475 }
476 if (i < NTAG-2) {
477 ss.assign(oos, jb[i], je[i]);
478 FmtExtract(*var[i], ss, tag[i]);
479 } else {
480 *var[i] = tag[i];
481 }
482 DEBUG(tag[i] <<"\"" << *var[i] << "\"");
483 }
484// DEBUG("jb["<<i<<"] = "<<jb[i] <<" ---> "<< "je["<<i<<"] = "<<je[i]);
485 }
486
487
488 // Certificate format
489 if (fmt.length() > 0) {
490 if (fmt == "raw") {
491 gCertFmt = gCertRaw;
492 } else if (fmt == "pem") {
493 gCertFmt = gCertPEM;
494 } else if (fmt == "x509") {
495 gCertFmt = gCertX509;
496 }
497 else FATAL("Unsupported cert format - '"<<fmt.c_str()<<"'.")
498 }
499
500 // Group option
501 if (go.length() > 0) {
502 if (go.isdigit()) {
503 int grpopt = go.atoi();
504 int n = grpopt / 10;
505 if (n != gSelAll && n != gSelGrps) {
506 FATAL("grpopt 'select' must be in [0,1] not '"<<n<<"'");
507 }
508 gGrpWhich = grpopt % 10;
509 if (gGrpWhich != gUseFirst && gGrpWhich != gUseLast
510 && gGrpWhich != gUseAll) {
511 FATAL("grpopt 'which' must be in [0,2] not '"<<gGrpWhich<<"'");
512 }
513 } else {
514 if (go == "useall") gGrpWhich = gUseAll;
515 else if (go == "usefirst") gGrpWhich = gUseFirst;
516 else if (go == "uselast") gGrpWhich = gUseLast;
517 else FATAL("Invalid grpopt '"<<go<<"'");
518 }
519 gRequire = "grpopt="; gRequire += go;
520 }
521
522 // Groups selection
523 if (grps.length() > 0) {
524 int from = 0, flag = 1;
525 while ((from = grps.tokenize(gr, from, ',')) != -1) {
526 // Analyse tok
527 VOMSSPTTAB(gr);
528 gGrps.Add(gr.c_str(), &flag);
529 }
530 if (gRequire.length() > 0) gRequire += ";";
531 gRequire += "grps="; gRequire += grps;
532 }
533
534 // VO selection
535 if (voss.length() > 0) {
536 int from = 0, flag = 1;
537 while ((from = voss.tokenize(vo, from, ',')) != -1) {
538 // Analyse tok
539 VOMSSPTTAB(vo);
540 gVOs.Add(vo.c_str(), &flag);
541 }
542 if (gRequire.length() > 0) gRequire += ";";
543 gRequire += "vos="; gRequire += voss;
544 }
545
546 // Output group format string
547 FmtExtract(gGrpFmt, gfmt, "grpfmt=");
548 // Output role format string
549 FmtExtract(gRoleFmt, rfmt, "rolefmt=");
550 // Output vo format string
551 FmtExtract(gVoFmt, vfmt, "vofmt=");
552
553 // Verbose mode
554 if (sdbg == "dbg" && !gDebug) gDebug = 1;
555 if (sdbg2 == "dbg2") gDebug = 2;
556 }
557
558 // Notify
559 const char *cfmt[3] = { "raw", "pem base64", "STACK_OF(X509)" };
560 const char *cgrs[2] = { "all groups", "specified group(s)"};
561 const char *cgrw[3] = { "first", "last", "all" };
562 int n = (gGrps.Num() ? 1 : 0);
563 PRINT("++++++++++++++++++ VOMS plug-in +++++++++++++++++++++++++++++++");
564 PRINT("+++ proxy fmt: "<< cfmt[gCertFmt]);
565 PRINT("+++ group option: "<<cgrw[gGrpWhich]<<" of "<<cgrs[n]);
566 if (grps.length() > 0) {
567 PRINT("+++ group(s): "<< grps);
568 } else {
569 PRINT("+++ group(s): <not specified>");
570 }
571 if (gGrpFmt.length() > 0)
572 PRINT("+++ grps fmt: "<< gGrpFmt);
573 if (gRoleFmt.length() > 0)
574 PRINT("+++ role fmt: "<< gRoleFmt);
575 if (gVoFmt.length() > 0)
576 PRINT("+++ vorg fmt: "<< gVoFmt);
577 if (gVOs.Num() > 0) {PRINT("+++ VO(s): "<< voss);}
578 else {PRINT("+++ VO(s): all");}
579 PRINT("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
580
581 m_mapfile = XrdVomsMapfile::Configure(&gDest);
582 if (m_mapfile == VOMS_MAP_FAILED) {
583 aOK = false;
584 PRINT("VOMS mapfile requested but initialization failed; failing VOMS plugin config.");
585 }
586
587 // Done
588 return (aOK ? gCertFmt : -1);
589}
DEBUG
#define DEBUG(x)
Definition XrdBwmTrace.hh:54
EPNAME
#define EPNAME(x)
Definition XrdBwmTrace.hh:56
PRINT
#define PRINT(y)
Definition XrdCryptosslTrace.hh:39
STR_NPOS
#define STR_NPOS
Definition XrdOucString.hh:250
SafeFree
#define SafeFree(x)
Definition XrdSecProtocolgsi.hh:156
FATAL
#define FATAL(msg)
Definition XrdTlsContext.cc:554
VOMSSPTTAB
#define VOMSSPTTAB(a)
Definition XrdVomsFun.cc:79
NTAG
#define NTAG
VOMSREPLACE
#define VOMSREPLACE(a, f, e)
Definition XrdVomsFun.cc:71
VOMSDBG
#define VOMSDBG(m)
Definition XrdVomsFun.cc:59
VOMSDBGSUBJ
#define VOMSDBGSUBJ(m, c)
Definition XrdVomsFun.cc:64
VOMS_MAP_FAILED
#define VOMS_MAP_FAILED
Definition XrdVomsMapfile.hh:35
XrdCryptoX509Chain::Next
XrdCryptoX509 * Next()
Definition XrdCryptoX509Chain.cc:392
XrdCryptoX509Chain::Begin
XrdCryptoX509 * Begin()
Definition XrdCryptoX509Chain.cc:380
XrdCryptoX509Chain::End
XrdCryptoX509 * End() const
Definition XrdCryptoX509Chain.hh:108
XrdCryptoX509::Opaque
virtual XrdCryptoX509data Opaque()
Definition XrdCryptoX509.cc:181
XrdOucString::insert
void insert(const int i, int start=-1)
Definition XrdOucString.cc:691
XrdOucString::assign
void assign(const char *s, int j, int k=-1)
Definition XrdOucString.cc:511
XrdOucString::erasefromend
int erasefromend(int sz=0)
Definition XrdOucString.hh:329
XrdOucString::endswith
bool endswith(char c)
Definition XrdOucString.cc:406
XrdOucString::erase
int erase(int start=0, int size=0)
Definition XrdOucString.cc:827
XrdOucString::replace
int replace(const char *s1, const char *s2, int from=0, int to=-1)
Definition XrdOucString.cc:733
XrdOucString::find
int find(const char c, int start=0, bool forward=1)
Definition XrdOucString.cc:260
XrdOucString::length
int length() const
Definition XrdOucString.hh:279
XrdOucString::isdigit
bool isdigit(int from=0, int to=-1)
Definition XrdOucString.cc:1270
XrdOucString::atoi
long atoi(int from=0, int to=-1)
Definition XrdOucString.cc:1295
XrdOucString::tokenize
int tokenize(XrdOucString &tok, int from, char del=':')
Definition XrdOucString.cc:1220
XrdOucString::c_str
const char * c_str() const
Definition XrdOucString.hh:278
XrdSecEntity::vorg
char * vorg
Entity's virtual organization(s).
Definition XrdSecEntity.hh:71
XrdSecEntity::credslen
int credslen
Length of the 'creds' data.
Definition XrdSecEntity.hh:78
XrdSecEntity::prox
char prox[XrdSecPROTOIDSIZE]
Auth extractor used (e.g. xrdvoms).
Definition XrdSecEntity.hh:68
XrdSecEntity::creds
char * creds
Raw entity credentials or cert.
Definition XrdSecEntity.hh:77
XrdSecEntity::grps
char * grps
Entity's group name(s).
Definition XrdSecEntity.hh:73
XrdSecEntity::role
char * role
Entity's role(s).
Definition XrdSecEntity.hh:72
XrdSecEntity::endorsements
char * endorsements
Protocol specific endorsements.
Definition XrdSecEntity.hh:75
XrdVomsFun::XrdVomsFun
XrdVomsFun(XrdSysError &erp)
Definition XrdVomsFun.cc:100
XrdVomsFun::VOMSInit
int VOMSInit(const char *cfg)
Definition XrdVomsFun.cc:387
XrdVomsFun::VOMSFun
int VOMSFun(XrdSecEntity &ent)
Definition XrdVomsFun.cc:185
XrdVomsMapfile::Configure
static XrdVomsMapfile * Configure(XrdSysError *)
Definition XrdVomsMapfile.cc:312
Voms_x509_in_t
Definition XrdVoms.hh:39
Voms_x509_in_t::cert
X509 * cert
Definition XrdVoms.hh:40