Log of /trunk/net/net/inc/TSecContext.h
Parent Directory
Revision
23091 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Wed Apr 9 15:04:27 2008 UTC (6 years, 9 months ago) by
rdm
File length: 5628 byte(s)
Copied from:
trunk/net/inc/TSecContext.h revision 23090
Diff to
previous 20882
moving the follwing directories to "net":
alien, auth, glite, globusauth, krb5auth, ldap, monalisa, net, netx,
rootd, rpdutils, srputils, xrootd
Revision
15134 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Tue May 23 04:47:42 2006 UTC (8 years, 8 months ago) by
brun
Original Path:
trunk/net/inc/TSecContext.h
File length: 5689 byte(s)
Diff to
previous 15057
From Federico Carminati:
"I have implemented all copy and equal operators needed to silence all
warnings in AliRoot, as requested. I have implemented shallow copies as
would do the default operators synthetized by the compiler.
Most operators are protected. If users complain, you just have to move
them into the public area, but class derivation is of course supported.
It has been a terrible job, I have modified 278 files, but the changes
are backward compabile, and this goes a long way to permitting user to
use the effc++ flag with root headers."
Revision
12337 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Mon Jul 18 16:20:53 2005 UTC (9 years, 6 months ago) by
rdm
Original Path:
trunk/net/inc/TSecContext.h
File length: 5552 byte(s)
Diff to
previous 12143
From Gerri:
Big patch restructuring the authentication code so libCore does not depend
on libssl etc. anymore. Isolate the current authentication code behind a
plugin library to be loaded on demand.
Setup of a framework able to manage both sets of authentication modules
(the current one and the one based on xrdsec, coming soon).
Cleanup all direct reference to authentication in TSlave and TProofServ,
allowing for significant simplification for the forthcoming changes
in PROOF for XPD.
New module: auth
New files: base/inc/TVirtualAuth.h
auth/Module.Mk
auth/inc/LinkDefRoot.h
auth/inc/TRootAuth.h auth/inc/TRootSecContext.h
auth/src/TRootAuth.cxx auth/src/TRootSecContext.cxx
Moved files:
net/inc -> auth/inc : TAuthenticate.h THostAuth.h DaemonUtils.h AuthConst.h
net/src -> auth/src : TAuthenticate.cxx THostAuth.cxx DaemonUtils.cxx
Revision
11147 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Fri Feb 18 14:44:40 2005 UTC (9 years, 11 months ago) by
rdm
Original Path:
trunk/net/inc/TSecContext.h
File length: 5689 byte(s)
Diff to
previous 8239
From Gerri:
We made some progres in understanding Marek's problem with AFS.
In fact the problem is not the lack of transmission of the token
between proofd and proofserv/slave, but the fact that different
proofds on the same machine cannot share a token, they must
initialize all their own token.
So, the problem is due to the fact that the master was tring to
re-use a token not actually reusable.
A solution for this (implemented in the patch attached) is to
switch-off the "reuse" option in case of AFS authentication.
A better one would be to export the token as we do for kerberos
or globus, but for the moment I could not find documentation
on the way to do this ... I'll probably need to dig into the
code.
Revision
8239 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Added
Thu Feb 19 00:11:19 2004 UTC (10 years, 11 months ago) by
rdm
Original Path:
trunk/net/inc/TSecContext.h
File length: 5619 byte(s)
Big authentication patch by Gerri:
General purpose:
Add support for 'authenticated' sockets on client side
and prepare for support of server authenticated sockets.
Main changes:
o TSocket, TPsocket:
Added support of 'authenticated' sockets: authentication
is delegated to TSocket by calling a static method
CreateAuthSocket() returning a TSocket*.
TSocket is now the only class calling TAuthenticate.
o TFTP, TNetFile, TSlave:
modified to cope with new socket authentication scheme.
o TAuthDetails replaced by TSecContext containing:
- local authentication info
- expiration time
- pointer to a security context for the method (if any)
- information for cleanup (via TSecContextCleanup)
o A list of valid TSecContext has been added to TROOT,
accessible via gROOT->GetListOfSecContexts().
o THostAuth rewritten using arrays to avoid multiple use
of 'new'; functionality extended by the addition of
several new methods.
o TAuthenticate:
- Loading of information from .rootauthrc has been optimized;
this allowed to simplify method signatures and drop several
methods. Also collection and transmission of authentication
information from TSlave to TProofServ gets simplified by the
new scheme.
- Added support for server dependent directives in .rootauthrc
- Added check for changes in .rootauthrc each time a new
TAuthenticate is instantiated, so that changes in the file
are picked-up interactively.
- Checking for an existing TSecContext (previously TAuthDetails)
has been improved
- Improved diagnostics for SshAuth
- Enlarged support for authentication method indication in protocol:
UsrPwd: rootup/proofup
SRP: roots/proofs (already supported)
Krb5: rootk/proofk (already supported)
Globus: rootg/proofg
SSH: rootsh/proofsh
UigGid: rootug/proofug
o GlobusAuth.cxx, Krb5Auth.cxx, SRPAuth.cxx
- Adapted to new class TSecContext
- Added support for improved search for reusable TSecContext
- Drop globals used to store established security contexts
(saved in TSecContext) and related methods
o Automatic creation of <RootDir>/etc/system.rootauthrc from
compilation flags; this has priority on old envs
'Rootd.Authentication' and 'Proofd.Authentication' and is
superseded by $HOME/.rootauthrc
o Automatic creation of <RootDir>/etc/system.authdaemonrc from
compilation flags; this is superseded by $HOME/.rootauthrc
o rpdutils:
- several almost identical methods moved in from rootd/proofd
- several new methods to simplify manipulation of the
authentication tab file
- moved (and improved) check for running of sshd in RpdSshAuth,
performed only in case of failure (to avoid spurious messages
printed by sshd in /var/log/messages)
o proofd.cxx, rootd.cxx
- increased protocol version
- all initialization stuff (included authentication and
login) done via RpdInitSession
- postpone opening of parallels sockets after authentication
(to solve problem of Kerberos/Globus authentication with
parallel sockets)(rootd)
- Fixed problem with kerberos and globus authentication in rootd
with parallel sockets.
This form allows you to request diffs between any two revisions of this file.
For each of the two "sides" of the diff,
enter a numeric revision.
