#ifndef __SEC_ENTITY_H__
#define __SEC_ENTITY_H__
/******************************************************************************/
/* */
/* X r d S e c E n t i t y . h h */
/* */
/* (c) 2019 by the Board of Trustees of the Leland Stanford, Jr., University */
/* Produced by Andrew Hanushevsky for Stanford University under contract */
/* DE-AC02-76-SFO0515 with the Department of Energy */
/* */
/* This file is part of the XRootD software suite. */
/* */
/* XRootD is free software: you can redistribute it and/or modify it under */
/* the terms of the GNU Lesser General Public License as published by the */
/* Free Software Foundation, either version 3 of the License, or (at your */
/* option) any later version. */
/* */
/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
/* License for more details. */
/* */
/* You should have received a copy of the GNU Lesser General Public License */
/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
/* COPYING (GPL license). If not, see . */
/* */
/* The copyright holder's institutional names and contributor's names may not */
/* be used to endorse or promote products derived from this software without */
/* specific prior written permission of the institution or contributor. */
/******************************************************************************/
//------------------------------------------------------------------------------
//! This object is returned during authentication. This is most relevant for
//! client authentication unless mutual authentication has been implemented
//! in which case the client can also authenticate the server. It is embeded
//! in each security protocol object to facilitate mutual authentication. Note
//! that the destructor does nothing and it is the responsibility of the
//! security protocol object to delete the public XrdSecEntity data members.
//!
//! Note: The host member contents are depdent on the dnr/nodnr setting and
//! and contain a host name or an IP address. To get the real host name
//! use addrInfo->Name(), this is required for any hostname comparisons.
//------------------------------------------------------------------------------
#include
#define XrdSecPROTOIDSIZE 8
class XrdNetAddrInfo;
class XrdSecEntityAttr;
class XrdSecMonitor;
class XrdSysError;
/******************************************************************************/
/* X r d S e c E n t i t y */
/******************************************************************************/
// The XrdSecEntity describes the client associated with a connection. One
// such object is allocated for each clent connection and it persists until
// the connection is closed. Note that when an entity has more than one
// role or vorg, the fields form a columnar tuple. This
// tuple must be repeated whenever any one of the values differs.
//
class XrdSecEntity
{
public:
char prot[XrdSecPROTOIDSIZE]; //!< Auth protocol used (e.g. krb5)
char prox[XrdSecPROTOIDSIZE]; //!< Auth extractor used (e.g. xrdvoms)
char *name; //!< Entity's name
char *host; //!< Entity's host name dnr dependent
char *vorg; //!< Entity's virtual organization(s)
char *role; //!< Entity's role(s)
char *grps; //!< Entity's group name(s)
char *caps; //!< Entity's capabilities
char *endorsements; //!< Protocol specific endorsements
char *moninfo; //!< Information for monitoring
char *creds; //!< Raw entity credentials or cert
int credslen; //!< Length of the 'creds' data
unsigned int ueid; //!< Unique ID of entity instance
XrdNetAddrInfo *addrInfo; //!< Entity's connection details
const char *tident; //!< Trace identifier always preset
const char *pident; //!< Trace identifier (originator)
void *sessvar; //!< Plugin settable storage pointer,
//!< now deprecated. Use settable
//!< attribute objects instead.
uid_t uid; //!< Unix uid or 0 if none
gid_t gid; //!< Unix gid or 0 if none
XrdSecMonitor *secMon; //!< If !0 security monitoring enabled
void *future[2]; //!< Reserved for future expansion
XrdSecEntityAttr *eaAPI; //!< non-const API to attributes
//------------------------------------------------------------------------------
//! Dislay the contents of this object for debugging purposes.
//!
//! @param mDest - Reference to the message object to use.
//------------------------------------------------------------------------------
void Display(XrdSysError &mDest);
//------------------------------------------------------------------------------
//! Reset object to it's pristine self.
//!
//! @param spV - The name of the security protocol.
//------------------------------------------------------------------------------
void Reset(const char *spV=0);
//------------------------------------------------------------------------------
//! Constructor.
//!
//! @param spName - The name of the security protocol.
//------------------------------------------------------------------------------
XrdSecEntity(const char *spName=0);
~XrdSecEntity();
private:
void Init(const char *spV);
};
#define XrdSecClientName XrdSecEntity
#define XrdSecServerName XrdSecEntity
#endif