Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Private Attributes
Arc::MCC_GSI_Context Class Reference
Inheritance diagram for Arc::MCC_GSI_Context:
Inheritance graph
[legend]
Collaboration diagram for Arc::MCC_GSI_Context:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 MCC_GSI_Context (const std::string &proxyPath, const std::string &certificatePath, const std::string &keyPath, Logger &logger)
 ~MCC_GSI_Context ()
MCC_Status process (MCCInterface *next, Message &inmsg, Message &outmsg)
 operator bool ()

Private Attributes

gss_ctx_id_t ctx
GSSCredential cred
gss_name_t client
OM_uint32 ret_flags
gss_OID oid
OM_uint32 time_req
gss_cred_id_t delegated_cred
bool completed
Loggerlogger

Detailed Description

Definition at line 86 of file MCCGSI.cpp.


Constructor & Destructor Documentation

Arc::MCC_GSI_Context::MCC_GSI_Context ( const std::string &  proxyPath,
const std::string &  certificatePath,
const std::string &  keyPath,
Logger logger 
)

Definition at line 110 of file MCCGSI.cpp.

    : ctx(GSS_C_NO_CONTEXT),
      cred(proxyPath, certificatePath, keyPath),
      client(GSS_C_NO_NAME),
      oid(GSS_C_NO_OID),
      delegated_cred(GSS_C_NO_CREDENTIAL),
      completed(false),
      logger(logger) {}

Definition at line 122 of file MCCGSI.cpp.

                                    {
    if (ctx != GSS_C_NO_CONTEXT) {
      OM_uint32 majstat, minstat;
      majstat = gss_delete_sec_context(&minstat, &ctx, GSS_C_NO_BUFFER);
      ctx = GSS_C_NO_CONTEXT;
    }
  }

Member Function Documentation

Arc::MCC_GSI_Context::operator bool ( void  ) [inline]

Definition at line 95 of file MCCGSI.cpp.

                    {
      return (ctx != GSS_C_NO_CONTEXT);
    }
MCC_Status Arc::MCC_GSI_Context::process ( MCCInterface next,
Message inmsg,
Message outmsg 
)

Definition at line 130 of file MCCGSI.cpp.

                                                                       {

    if (!inmsg.Payload())
      return MCC_Status();

    PayloadStreamInterface *inpayload =
      dynamic_cast<PayloadStreamInterface*>(inmsg.Payload());

    int pos = 0;
    char readbuf[5];
    while (5 > pos) {
      int len = 5 - pos;
      inpayload->Get(&readbuf[pos], len);
      pos += len;
    }
    //TODO: for different types (GSI, Globus SSL, TLS/SSL3, SSL2) of communication
    //request from client side, differently process the header of received data
    //and the sent data correspondingly.

    gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
    gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;

    recv_tok.length = (unsigned char)readbuf[3] * 256 +
                      (unsigned char)readbuf[4] + 5;
    // While allocating buffer with malloc it will be freed using
    // gssapi's gss_release_buffer()
    recv_tok.value = malloc(recv_tok.length);
    memcpy(recv_tok.value, readbuf, 5);

    logger.msg(VERBOSE, "Recieved token length: %i", recv_tok.length);

    while (recv_tok.length > pos) {
      int len = recv_tok.length - pos;
      inpayload->Get(&((char*)recv_tok.value)[pos], len);
      pos += len;
    }

    OM_uint32 majstat, minstat;

    if (!completed) {

      majstat = gss_accept_sec_context(&minstat,
                                       &ctx,
                                       cred,
                                       &recv_tok,
                                       GSS_C_NO_CHANNEL_BINDINGS,
                                       &client,
                                       &oid,
                                       &send_tok,
                                       &ret_flags,
                                       &time_req,
                                       &delegated_cred);
      if (GSS_ERROR(majstat)) {
        logger.msg(ERROR, "GSS accept security context failed: %i/%i%s", majstat, minstat, GSSCredential::ErrorStr(majstat, minstat));
        majstat = gss_release_buffer(&minstat, &send_tok);
        majstat = gss_release_buffer(&minstat, &recv_tok);
        return MCC_Status();
      }

      logger.msg(INFO, "GSS accept security context: %i/%i", majstat, minstat);

      logger.msg(VERBOSE, "Returned token length: %i", send_tok.length);

      PayloadRaw *outpayload = new PayloadRaw;
      if (send_tok.length > 0)
        outpayload->Insert((const char*)send_tok.value, 0, send_tok.length);
      outmsg.Payload(outpayload);

      if ((majstat & GSS_C_SUPPLEMENTARY_MASK) != GSS_S_CONTINUE_NEEDED)
        completed = true;
    }
    else {

      majstat = gss_unwrap(&minstat,
                           ctx,
                           &recv_tok,
                           &send_tok,
                           NULL,
                           GSS_C_QOP_DEFAULT);
      if (GSS_ERROR(majstat)) {
        logger.msg(ERROR, "GSS unwrap failed: %i/%i%s", majstat, minstat, GSSCredential::ErrorStr(majstat, minstat));
        majstat = gss_release_buffer(&minstat, &send_tok);
        majstat = gss_release_buffer(&minstat, &recv_tok);
        return MCC_Status();
      }

      logger.msg(INFO, "GSS unwrap: %i/%i", majstat, minstat);

      logger.msg(VERBOSE, "Sent token length: %i", send_tok.length);

      PayloadRaw payload;
      payload.Insert((const char*)send_tok.value, 0, send_tok.length);

      Message nextinmsg = inmsg;
      nextinmsg.Payload(&payload);
      Message nextoutmsg = outmsg;
      nextoutmsg.Payload(NULL);

      MCC_Status ret = next->process(nextinmsg, nextoutmsg);
      // TODO: Handle error and incompatible payloads

      outmsg = nextoutmsg;

      PayloadStreamInterface *outpayload =
        dynamic_cast<PayloadStreamInterface*>(nextoutmsg.Payload());

      outmsg.Payload(new PayloadGSIStream(outpayload, ctx, logger, false));
    }

    majstat = gss_release_buffer(&minstat, &send_tok);
    majstat = gss_release_buffer(&minstat, &recv_tok);

    return MCC_Status(STATUS_OK);
  }

Here is the call graph for this function:

Here is the caller graph for this function:


Member Data Documentation

gss_name_t Arc::MCC_GSI_Context::client [private]

Definition at line 101 of file MCCGSI.cpp.

Definition at line 106 of file MCCGSI.cpp.

Definition at line 100 of file MCCGSI.cpp.

gss_ctx_id_t Arc::MCC_GSI_Context::ctx [private]

Definition at line 99 of file MCCGSI.cpp.

gss_cred_id_t Arc::MCC_GSI_Context::delegated_cred [private]

Definition at line 105 of file MCCGSI.cpp.

Definition at line 107 of file MCCGSI.cpp.

gss_OID Arc::MCC_GSI_Context::oid [private]

Definition at line 103 of file MCCGSI.cpp.

OM_uint32 Arc::MCC_GSI_Context::ret_flags [private]

Definition at line 102 of file MCCGSI.cpp.

OM_uint32 Arc::MCC_GSI_Context::time_req [private]

Definition at line 104 of file MCCGSI.cpp.


The documentation for this class was generated from the following file: