Log of /trunk/net/net/src/TSecContext.cxx
Parent Directory
Revision
23091 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Wed Apr 9 15:04:27 2008 UTC (6 years, 9 months ago) by
rdm
File length: 10317 byte(s)
Copied from:
trunk/net/src/TSecContext.cxx revision 23090
Diff to
previous 20882
moving the follwing directories to "net":
alien, auth, glite, globusauth, krb5auth, ldap, monalisa, net, netx,
rootd, rpdutils, srputils, xrootd
Revision
20411 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Fri Oct 19 12:37:58 2007 UTC (7 years, 3 months ago) by
rdm
Original Path:
trunk/net/src/TSecContext.cxx
File length: 10317 byte(s)
Diff to
previous 19826
remove conditional around include of RConfigure.h:
#ifdef R__HAVE_CONFIG
#include "RConfigure.h"
#endif
Having this conditional caused RConfigure.h to be missing from the .d
files and hence these files would not be recompiled after re-configuring
using --prefix.
Revision
16796 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Thu Nov 16 17:18:32 2006 UTC (8 years, 2 months ago) by
rdm
Original Path:
trunk/net/src/TSecContext.cxx
File length: 10410 byte(s)
Diff to
previous 15168
Changes to get rid of the config.h and HAVE_CONFIG define. These were way
too trivial (just do a locate config.h to see how many there are):
- replace occurances of config.h by RConfigure.h
- add #warning in config.h that is should not be used
- change HAVE_CONFIG to R__HAVE_CONFIG
Revision
15134 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Tue May 23 04:47:42 2006 UTC (8 years, 8 months ago) by
brun
Original Path:
trunk/net/src/TSecContext.cxx
File length: 10336 byte(s)
Diff to
previous 14745
From Federico Carminati:
"I have implemented all copy and equal operators needed to silence all
warnings in AliRoot, as requested. I have implemented shallow copies as
would do the default operators synthetized by the compiler.
Most operators are protected. If users complain, you just have to move
them into the public area, but class derivation is of course supported.
It has been a terrible job, I have modified 278 files, but the changes
are backward compabile, and this goes a long way to permitting user to
use the effc++ flag with root headers."
Revision
14745 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Wed Apr 19 08:22:26 2006 UTC (8 years, 9 months ago) by
rdm
Original Path:
trunk/net/src/TSecContext.cxx
File length: 9507 byte(s)
Diff to
previous 12596
Change the TError.h macros:
Assert -> R__ASSERT
Check -> R__CHECK
Change the TCollection.h macro:
ForEach -> R__FOR_EACH
This to avoid potential problems due too trivial macro names.
The old macros will be removed in the next release. Currently
they will print out warning messages with the advice to move
to the new macro names.
Revision
12337 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Mon Jul 18 16:20:53 2005 UTC (9 years, 6 months ago) by
rdm
Original Path:
trunk/net/src/TSecContext.cxx
File length: 9492 byte(s)
Diff to
previous 12143
From Gerri:
Big patch restructuring the authentication code so libCore does not depend
on libssl etc. anymore. Isolate the current authentication code behind a
plugin library to be loaded on demand.
Setup of a framework able to manage both sets of authentication modules
(the current one and the one based on xrdsec, coming soon).
Cleanup all direct reference to authentication in TSlave and TProofServ,
allowing for significant simplification for the forthcoming changes
in PROOF for XPD.
New module: auth
New files: base/inc/TVirtualAuth.h
auth/Module.Mk
auth/inc/LinkDefRoot.h
auth/inc/TRootAuth.h auth/inc/TRootSecContext.h
auth/src/TRootAuth.cxx auth/src/TRootSecContext.cxx
Moved files:
net/inc -> auth/inc : TAuthenticate.h THostAuth.h DaemonUtils.h AuthConst.h
net/src -> auth/src : TAuthenticate.cxx THostAuth.cxx DaemonUtils.cxx
Revision
12123 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Wed Jun 22 20:18:12 2005 UTC (9 years, 7 months ago) by
brun
Original Path:
trunk/net/src/TSecContext.cxx
File length: 10233 byte(s)
Diff to
previous 11147
From Constantin Loizides
This patch implements:
- decentralized, automatic mutex initialization,
see R__LOCKGUARD2 in TVirtualMutex
- PROOF parallel startup fixes
- more thread protection (in base, cont, meta, rest to be done)
- cleanups
From Eddy Offermann:
TString::Atoi and Atof are made const.
Revision
11147 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Fri Feb 18 14:44:40 2005 UTC (9 years, 11 months ago) by
rdm
Original Path:
trunk/net/src/TSecContext.cxx
File length: 10045 byte(s)
Diff to
previous 9059
From Gerri:
We made some progres in understanding Marek's problem with AFS.
In fact the problem is not the lack of transmission of the token
between proofd and proofserv/slave, but the fact that different
proofds on the same machine cannot share a token, they must
initialize all their own token.
So, the problem is due to the fact that the master was tring to
re-use a token not actually reusable.
A solution for this (implemented in the patch attached) is to
switch-off the "reuse" option in case of AFS authentication.
A better one would be to export the token as we do for kerberos
or globus, but for the moment I could not find documentation
on the way to do this ... I'll probably need to dig into the
code.
Revision
8963 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Tue May 18 11:56:38 2004 UTC (10 years, 8 months ago) by
rdm
Original Path:
trunk/net/src/TSecContext.cxx
File length: 9719 byte(s)
Diff to
previous 8420
From Gerri:
o SSH
- authentication via scp
(ssh2rpd must be kept for backward compatibility)
- automatic retry in case of failure due to daemon busy;
this happens when many requests are sent simultaneously
such that the maximum MaxStartups specified in
/etc/ssh/sshd_config is reached
Number of retries can be set via env SSH.MaxRetry
(default 100).
o Support for 'no authentication' mode for server daemons
(option '-noauth'); also useful to judge the overhead due
to authentication.
o Support for UsrPwd authentication via /etc/hosts.equiv
and/or $HOME/.rhosts
To insure backward compatibility I had to increase the
client and server protocol numbers.
Revision
8420 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Modified
Wed Mar 17 17:52:24 2004 UTC (10 years, 10 months ago) by
rdm
Original Path:
trunk/net/src/TSecContext.cxx
File length: 9411 byte(s)
Diff to
previous 8239
From Gerri:
Improvements:
o Added support for creation of authentication tokens
exclusive to parent daemon and its childs; by default
tokens have inclusive nature, i.e. can be checked by another
server on the same machine with having access to the key files
(option -E to rootd/proofd)
o Added support for non-standard file name for daemon access rules
(option -D <rootdaemonrc> to rootd/proofd)
o Added support for non-standard file name for authentication directives
(PROOF only: option -A [<rootauthrc>] to proofd; see header of
proofd/src/proofd.cxx)
o Improved security in ssh authentications
Bug fixes:
o Fix a few inconsistencies in treating error conditions
o Fix bug with default init strings for ProxyDuration and ProxyKeyBits
o Fix problem with checking for valid globus proxies
o fixed message desynchronization problem in case of non valid offset
o Modified error call in case of failure of Krb5 initialization:
execution continues (call Err instead of ErrFatal)
o Fix (again) problem with cygwingcc definition in rpdutils.cxx
o Fix problem with fgUser not being correctly saved in case
of successful authentication in TAuthenticate.cxx
o Fix a problem with duplication in socket list (TPSocket)
o Set fContext=0 after deletion TPwdCtx (in TSecContext::Deactivate).
o Fix link problem with the globus patched function in rootd/Module.mk
and proofd/Module.mk
o Added function ProofdTerm (equivalent of RootdTerm) to terminate
correctly in case of interrupting signal SIGTERM or SIGINT (proofd.cxx)
o Fix several incorrect comments.
Revision
8239 -
(
view)
(
download)
(
as text)
(
annotate)
-
[select for diffs]
Added
Thu Feb 19 00:11:19 2004 UTC (10 years, 11 months ago) by
rdm
Original Path:
trunk/net/src/TSecContext.cxx
File length: 9378 byte(s)
Big authentication patch by Gerri:
General purpose:
Add support for 'authenticated' sockets on client side
and prepare for support of server authenticated sockets.
Main changes:
o TSocket, TPsocket:
Added support of 'authenticated' sockets: authentication
is delegated to TSocket by calling a static method
CreateAuthSocket() returning a TSocket*.
TSocket is now the only class calling TAuthenticate.
o TFTP, TNetFile, TSlave:
modified to cope with new socket authentication scheme.
o TAuthDetails replaced by TSecContext containing:
- local authentication info
- expiration time
- pointer to a security context for the method (if any)
- information for cleanup (via TSecContextCleanup)
o A list of valid TSecContext has been added to TROOT,
accessible via gROOT->GetListOfSecContexts().
o THostAuth rewritten using arrays to avoid multiple use
of 'new'; functionality extended by the addition of
several new methods.
o TAuthenticate:
- Loading of information from .rootauthrc has been optimized;
this allowed to simplify method signatures and drop several
methods. Also collection and transmission of authentication
information from TSlave to TProofServ gets simplified by the
new scheme.
- Added support for server dependent directives in .rootauthrc
- Added check for changes in .rootauthrc each time a new
TAuthenticate is instantiated, so that changes in the file
are picked-up interactively.
- Checking for an existing TSecContext (previously TAuthDetails)
has been improved
- Improved diagnostics for SshAuth
- Enlarged support for authentication method indication in protocol:
UsrPwd: rootup/proofup
SRP: roots/proofs (already supported)
Krb5: rootk/proofk (already supported)
Globus: rootg/proofg
SSH: rootsh/proofsh
UigGid: rootug/proofug
o GlobusAuth.cxx, Krb5Auth.cxx, SRPAuth.cxx
- Adapted to new class TSecContext
- Added support for improved search for reusable TSecContext
- Drop globals used to store established security contexts
(saved in TSecContext) and related methods
o Automatic creation of <RootDir>/etc/system.rootauthrc from
compilation flags; this has priority on old envs
'Rootd.Authentication' and 'Proofd.Authentication' and is
superseded by $HOME/.rootauthrc
o Automatic creation of <RootDir>/etc/system.authdaemonrc from
compilation flags; this is superseded by $HOME/.rootauthrc
o rpdutils:
- several almost identical methods moved in from rootd/proofd
- several new methods to simplify manipulation of the
authentication tab file
- moved (and improved) check for running of sshd in RpdSshAuth,
performed only in case of failure (to avoid spurious messages
printed by sshd in /var/log/messages)
o proofd.cxx, rootd.cxx
- increased protocol version
- all initialization stuff (included authentication and
login) done via RpdInitSession
- postpone opening of parallels sockets after authentication
(to solve problem of Kerberos/Globus authentication with
parallel sockets)(rootd)
- Fixed problem with kerberos and globus authentication in rootd
with parallel sockets.
This form allows you to request diffs between any two revisions of this file.
For each of the two "sides" of the diff,
enter a numeric revision.
