XRootD
Classes | Public Member Functions | Static Public Member Functions | Public Attributes | Static Public Attributes | Protected Attributes | Static Protected Attributes | Friends | List of all members
XrdHttpProtocol Class Reference

#include <XrdHttpProtocol.hh>

+ Inheritance diagram for XrdHttpProtocol:
+ Collaboration diagram for XrdHttpProtocol:

Classes

struct  StaticPreloadInfo
 

Public Member Functions

 XrdHttpProtocol (bool imhttps)
 
 XrdHttpProtocol (const XrdHttpProtocol &)=default
 Ctor, dtors and copy ctor. More...
 
 ~XrdHttpProtocol ()
 
int doChksum (const XrdOucString &fname)
 Perform a checksum request. More...
 
void DoIt ()
 Override from the base class. More...
 
int doStat (char *fname)
 Perform a Stat request. More...
 
bool isHTTPS ()
 called via https More...
 
XrdProtocolMatch (XrdLink *lp)
 Tells if the oustanding bytes on the socket match this protocol implementation. More...
 
XrdHttpProtocol operator= (const XrdHttpProtocol &rhs)
 
int Process (XrdLink *lp)
 Process data incoming from the socket. More...
 
void Recycle (XrdLink *lp, int consec, const char *reason)
 Recycle this instance. More...
 
int Stats (char *buff, int blen, int do_sync=0)
 Get activity stats. More...
 
- Public Member Functions inherited from XrdProtocol
 XrdProtocol (const char *jname)
 
virtual ~XrdProtocol ()
 
- Public Member Functions inherited from XrdJob
 XrdJob (const char *desc="")
 
virtual ~XrdJob ()
 

Static Public Member Functions

static int Configure (char *parms, XrdProtocol_Config *pi)
 Read and apply the configuration. More...
 
static int parseHeader2CGI (XrdOucStream &Config, XrdSysError &err, std::map< std::string, std::string > &header2cgi)
 Use this function to parse header2cgi configurations. More...
 

Public Attributes

XrdObject< XrdHttpProtocolProtLink
 
XrdSecEntity SecEntity
 Authentication area. More...
 
- Public Attributes inherited from XrdJob
const char * Comment
 
XrdJobNextJob
 

Static Public Attributes

static XrdHttpChecksumHandler cksumHandler = XrdHttpChecksumHandler()
 
static XrdObjectQ< XrdHttpProtocolProtStack
 
static XrdHttpReadRangeHandler::Configuration ReadRangeConfig
 configuration for the read range handler More...
 

Protected Attributes

char * Addr_str
 
XrdXrootd::BridgeBridge
 The Bridge that we use to exercise the xrootd internals. More...
 
XrdHttpReq CurrentReq
 
XrdLinkLink
 The link we are bound to. More...
 

Static Protected Attributes

static XrdBuffManagerBPool = 0
 
static XrdSecServiceCIA = 0
 
static bool compatNameGeneration = false
 
static int crlRefIntervalSec = XrdTlsContext::DEFAULT_CRL_REF_INT_SEC
 CRL thread refresh interval. More...
 
static XrdSysError eDest = 0
 
static bool embeddedstatic = true
 If true, use the embedded css and icons. More...
 
static char * gridmap = 0
 Gridmap file location. The same used by XrdSecGsi. More...
 
static int hailWait = 60000
 Timeout for reading the handshake. More...
 
static std::map< std::string, std::string > hdr2cgimap
 Rules that turn HTTP headers to cgi tokens in the URL, for internal comsumption. More...
 
static bool isdesthttps = false
 True if the redirections must be towards https targets. More...
 
static bool isRequiredGridmap = false
 
static bool listdeny = false
 If true, any form of listing is denied. More...
 
static char * listredir = 0
 Url to redirect to in the case a listing is requested. More...
 
static BIO_METHOD * m_bio_method = NULL
 C-style vptr table for our custom BIO objects. More...
 
static int m_bio_type = 0
 Type identifier for our custom BIO objects. More...
 
static int m_maxdelay = -1
 
static std::unordered_map< std::string, std::vector< std::pair< std::string, std::string > > > m_staticheader_map
 The static headers to always return; map is from verb to a list of (header, val) pairs. More...
 
static std::unordered_map< std::string, std::string > m_staticheaders
 
static kXR_int32 myRole = kXR_isManager
 Our role. More...
 
static XrdNetPMarkpmarkHandle = nullptr
 Packet marking handler pointer (assigned from the environment during the Config() call) More...
 
static int Port = 1094
 Our port. More...
 
static char * Port_str = 0
 Our port, as a string. More...
 
static int readWait = 300000
 Timeout for reading data. More...
 
static XrdSchedulerSched = 0
 
static char * secretkey = 0
 The key used to calculate the url hashes. More...
 
static bool selfhttps2http = false
 If client is HTTPS, self-redirect with HTTP+token. More...
 
static XrdOucGMapservGMap = 0
 The instance of the DN mapper. Created only when a valid path is given. More...
 
static char * sslcadir = 0
 
static char * sslcafile = 0
 
static char * sslcert = 0
 OpenSSL stuff. More...
 
static char * sslcipherfilter = 0
 
static char * sslkey = 0
 
static int sslverifydepth = 9
 Depth of verification of a certificate chain. More...
 
static XrdOucHash< StaticPreloadInfo > * staticpreload = 0
 
static char * staticredir = 0
 
static bool tpcForwardCreds = false
 If set to true, the HTTP TPC transfers will forward the credentials to redirected hosts. More...
 
static char * xrd_cslist = nullptr
 The list of checksums that were configured via the xrd.cksum parameter on the server config file. More...
 

Friends

class XrdHttpExtReq
 
class XrdHttpReq
 

Detailed Description

Definition at line 80 of file XrdHttpProtocol.hh.

Class Documentation

◆ XrdHttpProtocol::StaticPreloadInfo

struct XrdHttpProtocol::StaticPreloadInfo

Definition at line 436 of file XrdHttpProtocol.hh.

+ Collaboration diagram for XrdHttpProtocol::StaticPreloadInfo:
Class Members
char * data
int len

Constructor & Destructor Documentation

◆ XrdHttpProtocol() [1/2]

XrdHttpProtocol::XrdHttpProtocol ( const XrdHttpProtocol )
default

Ctor, dtors and copy ctor.

Referenced by Match().

+ Here is the caller graph for this function:

◆ XrdHttpProtocol() [2/2]

XrdHttpProtocol::XrdHttpProtocol ( bool  imhttps)

Definition at line 200 of file XrdHttpProtocol.cc.

201 : XrdProtocol("HTTP protocol handler"), ProtLink(this),
202 SecEntity(""), CurrentReq(this, ReadRangeConfig) {
203  myBuff = 0;
204  Addr_str = 0;
205  Reset();
206  ishttps = imhttps;
207 
208 }
XrdHttpProtocol::ProtLink
XrdObject< XrdHttpProtocol > ProtLink
Definition: XrdHttpProtocol.hh:129
XrdHttpProtocol::CurrentReq
XrdHttpReq CurrentReq
Definition: XrdHttpProtocol.hh:377
XrdHttpProtocol::ReadRangeConfig
static XrdHttpReadRangeHandler::Configuration ReadRangeConfig
configuration for the read range handler
Definition: XrdHttpProtocol.hh:139
XrdHttpProtocol::SecEntity
XrdSecEntity SecEntity
Authentication area.
Definition: XrdHttpProtocol.hh:133
XrdProtocol::XrdProtocol
XrdProtocol(const char *jname)
Definition: XrdProtocol.hh:156

References Addr_str.

◆ ~XrdHttpProtocol()

XrdHttpProtocol::~XrdHttpProtocol ( )
inline

Definition at line 124 of file XrdHttpProtocol.hh.

124  {
125  Cleanup();
126  }

Member Function Documentation

◆ Configure()

int XrdHttpProtocol::Configure ( char *  parms,
XrdProtocol_Config pi 
)
static

Read and apply the configuration.

Definition at line 1760 of file XrdHttpProtocol.cc.

1760  {
1761  /*
1762  Function: Establish configuration at load time.
1763 
1764  Input: None.
1765 
1766  Output: 0 upon success or !0 otherwise.
1767  */
1768 
1769  char *rdf;
1770 
1771  // Copy out the special info we want to use at top level
1772  //
1773  eDest.logger(pi->eDest->logger());
1774  XrdHttpTrace.SetLogger(pi->eDest->logger());
1775  // SI = new XrdXrootdStats(pi->Stats);
1776  Sched = pi->Sched;
1777  BPool = pi->BPool;
1778  xrd_cslist = getenv("XRD_CSLIST");
1779 
1780  Port = pi->Port;
1781 
1782  // Copy out the current TLS context
1783  //
1784  xrdctx = pi->tlsCtx;
1785 
1786  {
1787  char buf[16];
1788  sprintf(buf, "%d", Port);
1789  Port_str = strdup(buf);
1790  }
1791 
1792  // Now process and configuration parameters
1793  //
1794  rdf = (parms && *parms ? parms : pi->ConfigFN);
1795  if (rdf && Config(rdf, pi->theEnv)) return 0;
1796  if (pi->DebugON) XrdHttpTrace.What = TRACE_ALL;
1797 
1798  // Set the redirect flag if we are a pure redirector
1799  myRole = kXR_isServer;
1800  if ((rdf = getenv("XRDROLE"))) {
1801  eDest.Emsg("Config", "XRDROLE: ", rdf);
1802 
1803  if (!strcasecmp(rdf, "manager") || !strcasecmp(rdf, "supervisor")) {
1804  myRole = kXR_isManager;
1805  eDest.Emsg("Config", "Configured as HTTP(s) redirector.");
1806  } else {
1807 
1808  eDest.Emsg("Config", "Configured as HTTP(s) data server.");
1809  }
1810 
1811  } else {
1812  eDest.Emsg("Config", "No XRDROLE specified.");
1813  }
1814 
1815  // Schedule protocol object cleanup
1816  //
1817  ProtStack.Set(pi->Sched, &XrdHttpTrace,
1818  (XrdHttpTrace.What & TRACE_MEM ? TRACE_MEM : 0));
1819  ProtStack.Set((pi->ConnMax / 3 ? pi->ConnMax / 3 : 30), 60 * 60);
1820 
1821  // Return success
1822  //
1823 
1824  return 1;
1825 }
kXR_isManager
#define kXR_isManager
Definition: XProtocol.hh:1156
kXR_isServer
#define kXR_isServer
Definition: XProtocol.hh:1157
XrdHttpTrace
XrdSysTrace XrdHttpTrace("http")
TRACE_MEM
#define TRACE_MEM
Definition: XrdTrace.hh:38
TRACE_ALL
#define TRACE_ALL
Definition: XrdTrace.hh:35
XrdHttpProtocol::Sched
static XrdScheduler * Sched
Definition: XrdHttpProtocol.hh:356
XrdHttpProtocol::myRole
static kXR_int32 myRole
Our role.
Definition: XrdHttpProtocol.hh:443
XrdHttpProtocol::Port_str
static char * Port_str
Our port, as a string.
Definition: XrdHttpProtocol.hh:394
XrdHttpProtocol::eDest
static XrdSysError eDest
Definition: XrdHttpProtocol.hh:358
XrdHttpProtocol::xrd_cslist
static char * xrd_cslist
The list of checksums that were configured via the xrd.cksum parameter on the server config file.
Definition: XrdHttpProtocol.hh:455
XrdHttpProtocol::ProtStack
static XrdObjectQ< XrdHttpProtocol > ProtStack
Definition: XrdHttpProtocol.hh:128
XrdHttpProtocol::Port
static int Port
Our port.
Definition: XrdHttpProtocol.hh:391
XrdHttpProtocol::BPool
static XrdBuffManager * BPool
Definition: XrdHttpProtocol.hh:357
XrdObjectQ::Set
void Set(int inQMax, time_t agemax=1800)
Definition: XrdObject.icc:90
XrdProtocol_Config::BPool
XrdBuffManager * BPool
Definition: XrdProtocol.hh:63
XrdProtocol_Config::Sched
XrdScheduler * Sched
Definition: XrdProtocol.hh:64
XrdProtocol_Config::Port
int Port
Definition: XrdProtocol.hh:73
XrdProtocol_Config::tlsCtx
XrdTlsContext * tlsCtx
Definition: XrdProtocol.hh:99
XrdProtocol_Config::ConnMax
int ConnMax
Definition: XrdProtocol.hh:90
XrdProtocol_Config::eDest
XrdSysError * eDest
Definition: XrdProtocol.hh:61
XrdProtocol_Config::theEnv
XrdOucEnv * theEnv
Definition: XrdProtocol.hh:66
XrdProtocol_Config::ConfigFN
char * ConfigFN
Definition: XrdProtocol.hh:71
XrdProtocol_Config::DebugON
char DebugON
Definition: XrdProtocol.hh:95
XrdSysError::Emsg
int Emsg(const char *esfx, int ecode, const char *text1, const char *text2=0)
Definition: XrdSysError.cc:95
XrdSysError::logger
XrdSysLogger * logger(XrdSysLogger *lp=0)
Definition: XrdSysError.hh:141
XrdSysTrace::SetLogger
void SetLogger(XrdSysLogger *logp)
Definition: XrdSysTrace.cc:65
XrdHttpProtoInfo::xrdctx
XrdTlsContext * xrdctx
Definition: XrdHttpProtocol.cc:136

References XrdProtocol_Config::BPool, BPool, XrdCms::Config, XrdProtocol_Config::ConfigFN, XrdProtocol_Config::ConnMax, XrdProtocol_Config::DebugON, XrdProtocol_Config::eDest, eDest, XrdSysError::Emsg(), kXR_isManager, kXR_isServer, XrdSysError::logger(), myRole, XrdProtocol_Config::Port, Port, Port_str, ProtStack, XrdProtocol_Config::Sched, Sched, XrdObjectQ< T >::Set(), XrdSysTrace::SetLogger(), XrdProtocol_Config::theEnv, XrdProtocol_Config::tlsCtx, TRACE_ALL, TRACE_MEM, XrdSysTrace::What, xrd_cslist, XrdHttpProtoInfo::xrdctx, and XrdHttpTrace.

Referenced by XrdgetProtocol().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doChksum()

int XrdHttpProtocol::doChksum ( const XrdOucString fname)

Perform a checksum request.

Definition at line 3117 of file XrdHttpProtocol.cc.

3117  {
3118  size_t length;
3119  memset(&CurrentReq.xrdreq, 0, sizeof (ClientRequest));
3120  CurrentReq.xrdreq.query.requestid = htons(kXR_query);
3121  CurrentReq.xrdreq.query.infotype = htons(kXR_Qcksum);
3122  memset(CurrentReq.xrdreq.query.reserved1, '\0', sizeof(CurrentReq.xrdreq.query.reserved1));
3123  memset(CurrentReq.xrdreq.query.fhandle, '\0', sizeof(CurrentReq.xrdreq.query.fhandle));
3124  memset(CurrentReq.xrdreq.query.reserved2, '\0', sizeof(CurrentReq.xrdreq.query.reserved2));
3125  length = fname.length() + 1;
3126  CurrentReq.xrdreq.query.dlen = htonl(length);
3127 
3128  if (!Bridge) return -1;
3129 
3130  return Bridge->Run(reinterpret_cast<char *>(&CurrentReq.xrdreq), const_cast<char *>(fname.c_str()), length) ? 0 : -1;
3131 }
ClientQueryRequest::requestid
kXR_unt16 requestid
Definition: XProtocol.hh:630
ClientQueryRequest::reserved1
kXR_char reserved1[2]
Definition: XProtocol.hh:632
ClientQueryRequest::infotype
kXR_unt16 infotype
Definition: XProtocol.hh:631
ClientQueryRequest::reserved2
kXR_char reserved2[8]
Definition: XProtocol.hh:634
ClientQueryRequest::fhandle
kXR_char fhandle[4]
Definition: XProtocol.hh:633
kXR_query
@ kXR_query
Definition: XProtocol.hh:113
ClientRequest::query
struct ClientQueryRequest query
Definition: XProtocol.hh:866
kXR_Qcksum
@ kXR_Qcksum
Definition: XProtocol.hh:617
XrdHttpProtocol::Bridge
XrdXrootd::Bridge * Bridge
The Bridge that we use to exercise the xrootd internals.
Definition: XrdHttpProtocol.hh:372
XrdHttpReq::xrdreq
ClientRequest xrdreq
The last issued xrd request, often pending.
Definition: XrdHttpReq.hh:327
XrdOucString::c_str
const char * c_str() const
Definition: XrdOucString.hh:278
XrdOucString::length
int length() const
Definition: XrdOucString.hh:279
XrdXrootd::Bridge::Run
virtual bool Run(const char *xreqP, char *xdataP=0, int xdataL=0)=0

References Bridge, XrdOucString::c_str(), CurrentReq, ClientQueryRequest::dlen, ClientQueryRequest::fhandle, ClientQueryRequest::infotype, kXR_Qcksum, kXR_query, XrdOucString::length(), ClientRequest::query, ClientQueryRequest::requestid, ClientQueryRequest::reserved1, ClientQueryRequest::reserved2, XrdXrootd::Bridge::Run(), and XrdHttpReq::xrdreq.

Referenced by XrdHttpReq::ProcessHTTPReq().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ DoIt()

void XrdHttpProtocol::DoIt ( )
inlinevirtual

Override from the base class.

Implements XrdJob.

Definition at line 91 of file XrdHttpProtocol.hh.

91  {
92  if (Resume) (*this.*Resume)();
93  }

◆ doStat()

int XrdHttpProtocol::doStat ( char *  fname)

Perform a Stat request.

Definition at line 3089 of file XrdHttpProtocol.cc.

3089  {
3090  int l;
3091  bool b;
3092  CurrentReq.filesize = 0;
3093  CurrentReq.fileflags = 0;
3094  CurrentReq.filemodtime = 0;
3095 
3096  memset(&CurrentReq.xrdreq, 0, sizeof (ClientRequest));
3097  CurrentReq.xrdreq.stat.requestid = htons(kXR_stat);
3098  memset(CurrentReq.xrdreq.stat.reserved, 0,
3099  sizeof (CurrentReq.xrdreq.stat.reserved));
3100  l = strlen(fname) + 1;
3101  CurrentReq.xrdreq.stat.dlen = htonl(l);
3102 
3103  if (!Bridge) return -1;
3104  b = Bridge->Run((char *) &CurrentReq.xrdreq, fname, l);
3105  if (!b) {
3106  return -1;
3107  }
3108 
3109 
3110  return 0;
3111 }
ClientStatRequest::reserved
kXR_char reserved[11]
Definition: XProtocol.hh:770
kXR_stat
@ kXR_stat
Definition: XProtocol.hh:129
ClientStatRequest::requestid
kXR_unt16 requestid
Definition: XProtocol.hh:768
ClientRequest::stat
struct ClientStatRequest stat
Definition: XProtocol.hh:873
ClientStatRequest::dlen
kXR_int32 dlen
Definition: XProtocol.hh:772
XrdHttpReq::fileflags
long fileflags
Definition: XrdHttpReq.hh:343
XrdHttpReq::filemodtime
long filemodtime
Definition: XrdHttpReq.hh:344
XrdHttpReq::filesize
long long filesize
Definition: XrdHttpReq.hh:342

References Bridge, CurrentReq, ClientStatRequest::dlen, XrdHttpReq::fileflags, XrdHttpReq::filemodtime, XrdHttpReq::filesize, kXR_stat, ClientStatRequest::requestid, ClientStatRequest::reserved, XrdXrootd::Bridge::Run(), ClientRequest::stat, and XrdHttpReq::xrdreq.

Referenced by XrdHttpReq::ProcessHTTPReq().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isHTTPS()

bool XrdHttpProtocol::isHTTPS ( )
inline

called via https

Definition at line 142 of file XrdHttpProtocol.hh.

142 { return ishttps; }

Referenced by XrdHttpExtReq::XrdHttpExtReq().

+ Here is the caller graph for this function:

◆ Match()

XrdProtocol * XrdHttpProtocol::Match ( XrdLink lp)
virtual

Tells if the oustanding bytes on the socket match this protocol implementation.

Implements XrdProtocol.

Definition at line 226 of file XrdHttpProtocol.cc.

226  {
227  char mybuf[16], mybuf2[1024];
228  XrdHttpProtocol *hp;
229  int dlen;
230  bool myishttps = false;
231 
232  // Peek at the first 20 bytes of data
233  //
234  if ((dlen = lp->Peek(mybuf, (int) sizeof (mybuf), hailWait)) < (int) sizeof (mybuf)) {
235  if (dlen <= 0) lp->setEtext("handshake not received");
236  return (XrdProtocol *) 0;
237  }
238  mybuf[dlen - 1] = '\0';
239 
240  // Trace the data
241  //
242 
243  TRACEI(DEBUG, "received dlen: " << dlen);
244  //TRACEI(REQ, "received buf: " << mybuf);
245  mybuf2[0] = '\0';
246  for (int i = 0; i < dlen; i++) {
247  char mybuf3[16];
248  sprintf(mybuf3, "%.02d ", mybuf[i]);
249  strcat(mybuf2, mybuf3);
250 
251  }
252  TRACEI(DEBUG, "received dump: " << mybuf2);
253 
254  // Decide if it looks http or not. For now we are happy if all the received characters are alphanumeric
255  bool ismine = true;
256  for (int i = 0; i < dlen - 1; i++)
257  if (!isprint(mybuf[i]) && (mybuf[i] != '\r') && (mybuf[i] != '\n')) {
258  ismine = false;
259  TRACEI(DEBUG, "This does not look like http at pos " << i);
260  break;
261  }
262 
263  // If it does not look http then look if it looks like https
264  if ((!ismine) && (dlen >= 4)) {
265  char check[4] = {00, 00, 00, 00};
266  if (memcmp(mybuf, check, 4)) {
267 
268  if (httpsmode) {
269  ismine = true;
270  myishttps = true;
271  TRACEI(DEBUG, "This may look like https");
272  } else {
273  TRACEI(ALL, "This may look like https, but https is not configured");
274  }
275 
276  }
277  }
278 
279  if (!ismine) {
280  TRACEI(DEBUG, "This does not look like https. Protocol not matched.");
281  return (XrdProtocol *) 0;
282  }
283 
284  // It does look http or https...
285  // Get a protocol object off the stack (if none, allocate a new one)
286  //
287 
288  TRACEI(REQ, "Protocol matched. https: " << myishttps);
289  if (!(hp = ProtStack.Pop())) hp = new XrdHttpProtocol(myishttps);
290  else
291  hp->ishttps = myishttps;
292 
293  // We now have to do some work arounds to tell the underlying framework
294  // that is is https without invoking TLS on the actual link. Eventually,
295  // we should just use the link's TLS native implementation.
296  //
297  hp->SecEntity.addrInfo = lp->AddrInfo();
298  XrdNetAddr *netP = const_cast<XrdNetAddr*>(lp->NetAddr());
299  netP->SetDialect("https");
300  netP->SetTLS(true);
301 
302  // Allocate 1MB buffer from pool
303  if (!hp->myBuff) {
304  hp->myBuff = BPool->Obtain(1024 * 1024);
305  }
306  hp->myBuffStart = hp->myBuffEnd = hp->myBuff->buff;
307 
308  // Bind the protocol to the link and return the protocol
309  //
310  hp->Link = lp;
311  return (XrdProtocol *) hp;
312 }
DEBUG
#define DEBUG(x)
Definition: XrdBwmTrace.hh:54
TRACEI
#define TRACEI(act, x)
Definition: XrdTrace.hh:66
XrdBuffManager::Obtain
XrdBuffer * Obtain(int bsz)
Definition: XrdBuffer.cc:140
XrdBuffer::buff
char * buff
Definition: XrdBuffer.hh:45
XrdHttpProtocol::hailWait
static int hailWait
Timeout for reading the handshake.
Definition: XrdHttpProtocol.hh:385
XrdHttpProtocol::Link
XrdLink * Link
The link we are bound to.
Definition: XrdHttpProtocol.hh:362
XrdHttpProtocol::XrdHttpProtocol
XrdHttpProtocol(const XrdHttpProtocol &)=default
Ctor, dtors and copy ctor.
XrdNetAddr::SetDialect
void SetDialect(const char *dP)
Definition: XrdNetAddr.hh:205
XrdNetAddr::SetTLS
void SetTLS(bool val)
Definition: XrdNetAddr.cc:590
XrdObjectQ::Pop
T * Pop()
Definition: XrdObject.hh:93
XrdSecEntity::addrInfo
XrdNetAddrInfo * addrInfo
Entity's connection details.
Definition: XrdSecEntity.hh:80

References XrdHttpProtocol(), XrdLink::AddrInfo(), XrdSecEntity::addrInfo, BPool, XrdBuffer::buff, DEBUG, hailWait, XrdHttpProtoInfo::httpsmode, Link, XrdLink::NetAddr(), XrdBuffManager::Obtain(), XrdLink::Peek(), XrdObjectQ< T >::Pop(), ProtStack, SecEntity, XrdNetAddr::SetDialect(), XrdLink::setEtext(), XrdNetAddr::SetTLS(), and TRACEI.

+ Here is the call graph for this function:

◆ operator=()

XrdHttpProtocol XrdHttpProtocol::operator= ( const XrdHttpProtocol rhs)

Definition at line 215 of file XrdHttpProtocol.cc.

215  {
216 
217  return *this;
218 }

◆ parseHeader2CGI()

int XrdHttpProtocol::parseHeader2CGI ( XrdOucStream Config,
XrdSysError err,
std::map< std::string, std::string > &  header2cgi 
)
static

Use this function to parse header2cgi configurations.

Definition at line 1830 of file XrdHttpProtocol.cc.

1830  {
1831  char *val, keybuf[1024], parmbuf[1024];
1832  char *parm;
1833 
1834  // Get the header key
1835  val = Config.GetWord();
1836  if (!val || !val[0]) {
1837  err.Emsg("Config", "No headerkey specified.");
1838  return 1;
1839  } else {
1840 
1841  // Trim the beginning, in place
1842  while ( *val && !isalnum(*val) ) val++;
1843  strcpy(keybuf, val);
1844 
1845  // Trim the end, in place
1846  char *pp;
1847  pp = keybuf + strlen(keybuf) - 1;
1848  while ( (pp >= keybuf) && (!isalnum(*pp)) ) {
1849  *pp = '\0';
1850  pp--;
1851  }
1852 
1853  parm = Config.GetWord();
1854 
1855  // Avoids segfault in case a key is given without value
1856  if(!parm || !parm[0]) {
1857  err.Emsg("Config", "No header2cgi value specified. key: '", keybuf, "'");
1858  return 1;
1859  }
1860 
1861  // Trim the beginning, in place
1862  while ( *parm && !isalnum(*parm) ) parm++;
1863  strcpy(parmbuf, parm);
1864 
1865  // Trim the end, in place
1866  pp = parmbuf + strlen(parmbuf) - 1;
1867  while ( (pp >= parmbuf) && (!isalnum(*pp)) ) {
1868  *pp = '\0';
1869  pp--;
1870  }
1871 
1872  // Add this mapping to the map that will be used
1873  try {
1874  header2cgi[keybuf] = parmbuf;
1875  } catch ( ... ) {
1876  err.Emsg("Config", "Can't insert new header2cgi rule. key: '", keybuf, "'");
1877  return 1;
1878  }
1879 
1880  }
1881  return 0;
1882 }
XrdCms::Config
XrdCmsConfig Config
Definition: XrdCmsConfig.cc:108

References XrdCms::Config, and XrdSysError::Emsg().

+ Here is the call graph for this function:

◆ Process()

int XrdHttpProtocol::Process ( XrdLink lp)
virtual

Process data incoming from the socket.

Implements XrdProtocol.

Definition at line 488 of file XrdHttpProtocol.cc.

489 {
490  int rc = 0;
491 
492  TRACEI(DEBUG, " Process. lp:"<<(void *)lp<<" reqstate: "<<CurrentReq.reqstate);
493 
494  if (!myBuff || !myBuff->buff || !myBuff->bsize) {
495  TRACE(ALL, " Process. No buffer available. Internal error.");
496  return -1;
497  }
498 
499 
500  if (!SecEntity.host) {
501  char *nfo = GetClientIPStr();
502  if (nfo) {
503  TRACEI(REQ, " Setting host: " << nfo);
504  SecEntity.host = nfo;
505  strcpy(SecEntity.prot, "http");
506  }
507  }
508 
509 
510 
511  // If https then check independently for the ssl handshake
512  if (ishttps && !ssldone) {
513 
514  if (!ssl) {
515  sbio = CreateBIO(Link);
516  BIO_set_nbio(sbio, 1);
517  if (!xrdctx->SetTlsClientAuth(tlsClientAuth)) {
518  TRACE(ALL, "Failed to configure the TLS client authentication; invalid configuration");
519  return -1;
520  }
521  ssl = (SSL*)xrdctx->Session();
522  }
523 
524  if (!ssl) {
525  TRACEI(DEBUG, " SSL_new returned NULL");
526  ERR_print_errors(sslbio_err);
527  return -1;
528  }
529 
530  // If a secxtractor has been loaded
531  // maybe it wants to add its own initialization bits
532  if (secxtractor)
533  secxtractor->InitSSL(ssl, sslcadir);
534 
535  SSL_set_bio(ssl, sbio, sbio);
536  //SSL_set_connect_state(ssl);
537 
538  //SSL_set_fd(ssl, Link->FDnum());
539  struct timeval tv;
540  tv.tv_sec = 10;
541  tv.tv_usec = 0;
542  setsockopt(Link->FDnum(), SOL_SOCKET, SO_RCVTIMEO, (struct timeval *)&tv, sizeof(struct timeval));
543  setsockopt(Link->FDnum(), SOL_SOCKET, SO_SNDTIMEO, (struct timeval *)&tv, sizeof(struct timeval));
544 
545  TRACEI(DEBUG, " Entering SSL_accept...");
546  int res = SSL_accept(ssl);
547  TRACEI(DEBUG, " SSL_accept returned :" << res);
548  if ((res == -1) && (SSL_get_error(ssl, res) == SSL_ERROR_WANT_READ)) {
549  TRACEI(DEBUG, " SSL_accept wants to read more bytes... err:" << SSL_get_error(ssl, res));
550  return 1;
551  }
552 
553  if(res <= 0) {
554  ERR_print_errors(sslbio_err);
555  if (res < 0) {
556 
557  SSL_free(ssl);
558  ssl = 0;
559  return -1;
560  }
561  }
562 
563  BIO_set_nbio(sbio, 0);
564 
565  strcpy(SecEntity.prot, "https");
566 
567  // Get the voms string and auth information
568  if (tlsClientAuth == XrdTlsContext::ClientAuthSetting::kOn && HandleAuthentication(Link)) {
569  SSL_free(ssl);
570  ssl = 0;
571  return -1;
572  }
573 
574  ssldone = true;
575  if (TRACING(TRACE_AUTH)) {
576  SecEntity.Display(eDest);
577  }
578  }
579 
580 
581 
582  if (!DoingLogin) {
583  // Re-invocations triggered by the bridge have lp==0
584  // In this case we keep track of a different request state
585  if (lp) {
586 
587  // This is an invocation that was triggered by a socket event
588  // Read all the data that is available, throw it into the buffer
589  if ((rc = getDataOneShot(BuffAvailable())) < 0) {
590  // Error -> exit
591  return -1;
592  }
593 
594  // If we need more bytes, let's wait for another invokation
595  if (BuffUsed() < ResumeBytes) return 1;
596 
597 
598  } else
599  CurrentReq.reqstate++;
600  } else if (!DoneSetInfo && !CurrentReq.userAgent().empty()) { // DoingLogin is true, meaning the login finished.
601  std::string mon_info = "monitor info " + CurrentReq.userAgent();
602  DoneSetInfo = true;
603  if (mon_info.size() >= 1024) {
604  TRACEI(ALL, "User agent string too long");
605  } else if (!Bridge) {
606  TRACEI(ALL, "Internal logic error: Bridge is null after login");
607  } else {
608  TRACEI(DEBUG, "Setting " << mon_info);
609  memset(&CurrentReq.xrdreq, 0, sizeof (ClientRequest));
610  CurrentReq.xrdreq.set.requestid = htons(kXR_set);
611  CurrentReq.xrdreq.set.modifier = '\0';
612  memset(CurrentReq.xrdreq.set.reserved, '\0', sizeof(CurrentReq.xrdreq.set.reserved));
613  CurrentReq.xrdreq.set.dlen = htonl(mon_info.size());
614  if (!Bridge->Run((char *) &CurrentReq.xrdreq, (char *) mon_info.c_str(), mon_info.size())) {
615  SendSimpleResp(500, nullptr, nullptr, "Could not set user agent.", 0, false);
616  return -1;
617  }
618  return 0;
619  }
620  } else {
621  DoingLogin = false;
622  }
623 
624  // Read the next request header, that is, read until a double CRLF is found
625 
626 
627  if (!CurrentReq.headerok) {
628 
629  // Read as many lines as possible into the buffer. An empty line breaks
630  while ((rc = BuffgetLine(tmpline)) > 0) {
631  std::string traceLine = tmpline.c_str();
632  if (TRACING(TRACE_DEBUG)) {
633  traceLine = obfuscateAuth(traceLine);
634  }
635  TRACE(DEBUG, " rc:" << rc << " got hdr line: " << traceLine);
636  if ((rc == 2) && (tmpline.length() > 1) && (tmpline[rc - 1] == '\n')) {
637  CurrentReq.headerok = true;
638  TRACE(DEBUG, " rc:" << rc << " detected header end.");
639  break;
640  }
641 
642 
643  if (CurrentReq.request == CurrentReq.rtUnset) {
644  TRACE(DEBUG, " Parsing first line: " << traceLine.c_str());
645  int result = CurrentReq.parseFirstLine((char *)tmpline.c_str(), rc);
646  if (result < 0) {
647  TRACE(DEBUG, " Parsing of first line failed with " << result);
648  return -1;
649  }
650  } else {
651  int result = CurrentReq.parseLine((char *) tmpline.c_str(), rc);
652  if(result < 0) {
653  TRACE(DEBUG, " Parsing of header line failed with " << result)
654  SendSimpleResp(400,NULL,NULL,"Malformed header line. Hint: ensure the line finishes with \"\\r\\n\"", 0, false);
655  return -1;
656  }
657  }
658 
659 
660  }
661 
662  // Here we have CurrentReq loaded with the header, or its relevant fields
663 
664  if (!CurrentReq.headerok) {
665  TRACEI(REQ, " rc:" << rc << "Header not yet complete.");
666 
667  // Here a subtle error condition. IF we failed reading a line AND the buffer
668  // has a reasonable amount of data available THEN we consider the header
669  // as corrupted and shutdown the client
670  if ((rc <= 0) && (BuffUsed() >= 16384)) {
671  TRACEI(ALL, "Corrupted header detected, or line too long. Disconnecting client.");
672  return -1;
673  }
674 
675 
676  if (CurrentReq.reqstate > 0)
677  CurrentReq.reqstate--;
678  // Waiting for more data
679  return 1;
680  }
681 
682  }
683 
684  // If we are in self-redirect mode, then let's do it
685  // Do selfredirect only with 'simple' requests, otherwise poor clients may misbehave
686  if (ishttps && ssldone && selfhttps2http &&
687  ( (CurrentReq.request == XrdHttpReq::rtGET) || (CurrentReq.request == XrdHttpReq::rtPUT) ||
688  (CurrentReq.request == XrdHttpReq::rtPROPFIND)) ) {
689  char hash[512];
690  time_t timenow = time(0);
691 
692 
693  calcHashes(hash, CurrentReq.resource.c_str(), (kXR_int16) CurrentReq.request,
694  &SecEntity,
695  timenow,
696  secretkey);
697 
698 
699 
700  if (hash[0]) {
701 
702  // Workaround... delete the previous opaque information
703  if (CurrentReq.opaque) {
704  delete CurrentReq.opaque;
705  CurrentReq.opaque = 0;
706  }
707 
708  TRACEI(REQ, " rc:" << rc << " self-redirecting to http with security token.");
709 
710  XrdOucString dest = "Location: http://";
711  // Here I should put the IP addr of the server
712 
713  // We have to recompute it here because we don't know to which
714  // interface the client had connected to
715  struct sockaddr_storage sa;
716  socklen_t sl = sizeof(sa);
717  getsockname(this->Link->AddrInfo()->SockFD(), (struct sockaddr*)&sa, &sl);
718 
719  // now get it back and print it
720  char buf[256];
721  bool ok = false;
722 
723  switch (sa.ss_family) {
724  case AF_INET:
725  if (inet_ntop(AF_INET, &(((sockaddr_in*)&sa)->sin_addr), buf, INET_ADDRSTRLEN)) {
726  if (Addr_str) free(Addr_str);
727  Addr_str = strdup(buf);
728  ok = true;
729  }
730  break;
731  case AF_INET6:
732  if (inet_ntop(AF_INET6, &(((sockaddr_in6*)&sa)->sin6_addr), buf, INET6_ADDRSTRLEN)) {
733  if (Addr_str) free(Addr_str);
734  Addr_str = (char *)malloc(strlen(buf)+3);
735  strcpy(Addr_str, "[");
736  strcat(Addr_str, buf);
737  strcat(Addr_str, "]");
738  ok = true;
739  }
740  break;
741  default:
742  TRACEI(REQ, " Can't recognize the address family of the local host.");
743  }
744 
745  if (ok) {
746  dest += Addr_str;
747  dest += ":";
748  dest += Port_str;
749  dest += CurrentReq.resource.c_str();
750  TRACEI(REQ," rc:"<<rc<<" self-redirecting to http with security token: '"
751  << dest.c_str() << "'");
752 
753 
754  CurrentReq.appendOpaque(dest, &SecEntity, hash, timenow);
755  SendSimpleResp(302, NULL, (char *) dest.c_str(), 0, 0, true);
756  CurrentReq.reset();
757  return -1;
758  }
759 
760  TRACEI(REQ, " rc:" << rc << " Can't perform self-redirection.");
761 
762  }
763  else {
764  TRACEI(ALL, " Could not calculate self-redirection hash");
765  }
766  }
767 
768  // If this is not https, then extract the signed information from the url
769  // and fill the SecEntity structure as if we were using https
770  if (!ishttps && !ssldone) {
771 
772 
773  if (CurrentReq.opaque) {
774  char * tk = CurrentReq.opaque->Get("xrdhttptk");
775  // If there is a hash then we use it as authn info
776  if (tk) {
777 
778  time_t tim = 0;
779  char * t = CurrentReq.opaque->Get("xrdhttptime");
780  if (t) tim = atoi(t);
781  if (!t) {
782  TRACEI(REQ, " xrdhttptime not specified. Authentication failed.");
783  return -1;
784  }
785  if (abs(time(0) - tim) > XRHTTP_TK_GRACETIME) {
786  TRACEI(REQ, " Token expired. Authentication failed.");
787  return -1;
788  }
789 
790  // Fill the Secentity from the fields in the URL:name, vo, host
791  char *nfo;
792 
793  nfo = CurrentReq.opaque->Get("xrdhttpvorg");
794  if (nfo) {
795  TRACEI(DEBUG, " Setting vorg: " << nfo);
796  SecEntity.vorg = strdup(nfo);
797  TRACEI(REQ, " Setting vorg: " << SecEntity.vorg);
798  }
799 
800  nfo = CurrentReq.opaque->Get("xrdhttpname");
801  if (nfo) {
802  TRACEI(DEBUG, " Setting name: " << nfo);
803  SecEntity.name = strdup(decode_str(nfo).c_str());
804  TRACEI(REQ, " Setting name: " << SecEntity.name);
805  }
806 
807  nfo = CurrentReq.opaque->Get("xrdhttphost");
808  if (nfo) {
809  TRACEI(DEBUG, " Setting host: " << nfo);
810  if (SecEntity.host) free(SecEntity.host);
811  SecEntity.host = strdup(decode_str(nfo).c_str());
812  TRACEI(REQ, " Setting host: " << SecEntity.host);
813  }
814 
815  nfo = CurrentReq.opaque->Get("xrdhttpdn");
816  if (nfo) {
817  TRACEI(DEBUG, " Setting dn: " << nfo);
818  SecEntity.moninfo = strdup(decode_str(nfo).c_str());
819  TRACEI(REQ, " Setting dn: " << SecEntity.moninfo);
820  }
821 
822  nfo = CurrentReq.opaque->Get("xrdhttprole");
823  if (nfo) {
824  TRACEI(DEBUG, " Setting role: " << nfo);
825  SecEntity.role = strdup(decode_str(nfo).c_str());
826  TRACEI(REQ, " Setting role: " << SecEntity.role);
827  }
828 
829  nfo = CurrentReq.opaque->Get("xrdhttpgrps");
830  if (nfo) {
831  TRACEI(DEBUG, " Setting grps: " << nfo);
832  SecEntity.grps = strdup(decode_str(nfo).c_str());
833  TRACEI(REQ, " Setting grps: " << SecEntity.grps);
834  }
835 
836  nfo = CurrentReq.opaque->Get("xrdhttpendorsements");
837  if (nfo) {
838  TRACEI(DEBUG, " Setting endorsements: " << nfo);
839  SecEntity.endorsements = strdup(decode_str(nfo).c_str());
840  TRACEI(REQ, " Setting endorsements: " << SecEntity.endorsements);
841  }
842 
843  nfo = CurrentReq.opaque->Get("xrdhttpcredslen");
844  if (nfo) {
845  TRACEI(DEBUG, " Setting credslen: " << nfo);
846  char *s1 = strdup(decode_str(nfo).c_str());
847  if (s1 && s1[0]) {
848  SecEntity.credslen = atoi(s1);
849  TRACEI(REQ, " Setting credslen: " << SecEntity.credslen);
850  }
851  if (s1) free(s1);
852  }
853 
854  if (SecEntity.credslen) {
855  nfo = CurrentReq.opaque->Get("xrdhttpcreds");
856  if (nfo) {
857  TRACEI(DEBUG, " Setting creds: " << nfo);
858  SecEntity.creds = strdup(decode_str(nfo).c_str());
859  TRACEI(REQ, " Setting creds: " << SecEntity.creds);
860  }
861  }
862 
863  char hash[512];
864 
865  calcHashes(hash, CurrentReq.resource.c_str(), (kXR_int16) CurrentReq.request,
866  &SecEntity,
867  tim,
868  secretkey);
869 
870  if (compareHash(hash, tk)) {
871  TRACEI(REQ, " Invalid tk '" << tk << "' != '" << hash << "'(calculated). Authentication failed.");
872  return -1;
873  }
874 
875  } else {
876  // Client is plain http. If we have a secret key then we reject it
877  if (secretkey) {
878  TRACEI(ALL, " Rejecting plain http with no valid token as we have a secretkey.");
879  return -1;
880  }
881  }
882 
883  } else {
884  // Client is plain http. If we have a secret key then we reject it
885  if (secretkey) {
886  TRACEI(ALL, " Rejecting plain http with no valid token as we have a secretkey.");
887  return -1;
888  }
889  }
890 
891  ssldone = true;
892  }
893 
894 
895 
896  // Now we have everything that is needed to try the login
897  // Remember that if there is an exthandler then it has the responsibility
898  // for authorization in the paths that it manages
899  if (!Bridge && !FindMatchingExtHandler(CurrentReq)) {
900  if (SecEntity.name)
901  Bridge = XrdXrootd::Bridge::Login(&CurrentReq, Link, &SecEntity, SecEntity.name, ishttps ? "https" : "http");
902  else
903  Bridge = XrdXrootd::Bridge::Login(&CurrentReq, Link, &SecEntity, "unknown", ishttps ? "https" : "http");
904 
905  if (!Bridge) {
906  TRACEI(REQ, " Authorization failed.");
907  return -1;
908  }
909  if (m_maxdelay > 0) Bridge->SetWait(m_maxdelay, false);
910 
911  // Let the bridge process the login, and then reinvoke us
912  DoingLogin = true;
913  return 0;
914  }
915 
916  // Compute and send the response. This may involve further reading from the socket
917  rc = CurrentReq.ProcessHTTPReq();
918  if (rc < 0)
919  CurrentReq.reset();
920 
921 
922 
923  TRACEI(REQ, "Process is exiting rc:" << rc);
924  return rc;
925 }
ClientRequest::set
struct ClientSetRequest set
Definition: XProtocol.hh:871
kXR_set
@ kXR_set
Definition: XProtocol.hh:130
ClientSetRequest::requestid
kXR_unt16 requestid
Definition: XProtocol.hh:719
ClientSetRequest::dlen
kXR_int32 dlen
Definition: XProtocol.hh:722
ClientSetRequest::modifier
kXR_char modifier
Definition: XProtocol.hh:721
ClientSetRequest::reserved
kXR_char reserved[15]
Definition: XProtocol.hh:720
kXR_int16
short kXR_int16
Definition: XPtypes.hh:66
XRHTTP_TK_GRACETIME
#define XRHTTP_TK_GRACETIME
Definition: XrdHttpProtocol.cc:60
TRACE_AUTH
#define TRACE_AUTH
Definition: XrdHttpTrace.hh:48
compareHash
int compareHash(const char *h1, const char *h2)
Definition: XrdHttpUtils.cc:355
calcHashes
void calcHashes(char *hash, const char *fn, kXR_int16 request, XrdSecEntity *secent, time_t tim, const char *key)
Definition: XrdHttpUtils.cc:219
decode_str
std::string decode_str(const std::string &str)
Definition: XrdHttpUtils.hh:137
obfuscateAuth
std::string obfuscateAuth(const std::string &input)
Definition: XrdOucUtils.cc:1479
TRACE_DEBUG
#define TRACE_DEBUG
Definition: XrdTrace.hh:36
TRACE
#define TRACE(act, x)
Definition: XrdTrace.hh:63
TRACING
#define TRACING(x)
Definition: XrdTrace.hh:70
XrdBuffer::bsize
int bsize
Definition: XrdBuffer.hh:46
XrdHttpProtocol::secretkey
static char * secretkey
The key used to calculate the url hashes.
Definition: XrdHttpProtocol.hh:408
XrdHttpProtocol::selfhttps2http
static bool selfhttps2http
If client is HTTPS, self-redirect with HTTP+token.
Definition: XrdHttpProtocol.hh:423
XrdHttpProtocol::m_maxdelay
static int m_maxdelay
Definition: XrdHttpProtocol.hh:433
XrdHttpProtocol::sslcadir
static char * sslcadir
Definition: XrdHttpProtocol.hh:397
XrdHttpReq::reqstate
int reqstate
State machine to talk to the bridge.
Definition: XrdHttpReq.hh:353
XrdHttpReq::resource
XrdOucString resource
The resource specified by the request, stripped of opaque data.
Definition: XrdHttpReq.hh:271
XrdHttpReq::headerok
bool headerok
Tells if we have finished reading the header.
Definition: XrdHttpReq.hh:279
XrdHttpReq::request
ReqType request
The request we got.
Definition: XrdHttpReq.hh:263
XrdHttpReq::ProcessHTTPReq
int ProcessHTTPReq()
Definition: XrdHttpReq.cc:936
XrdHttpReq::opaque
XrdOucEnv * opaque
The opaque data, after parsing.
Definition: XrdHttpReq.hh:273
XrdHttpReq::parseFirstLine
int parseFirstLine(char *line, int len)
Parse the first line of the header.
Definition: XrdHttpReq.cc:261
XrdHttpReq::parseLine
int parseLine(char *line, int len)
Parse the header.
Definition: XrdHttpReq.cc:116
XrdHttpReq::appendOpaque
void appendOpaque(XrdOucString &s, XrdSecEntity *secent, char *hash, time_t tnow)
Definition: XrdHttpReq.cc:635
XrdHttpReq::userAgent
const std::string & userAgent() const
Definition: XrdHttpReq.hh:259
XrdHttpReq::reset
virtual void reset()
Definition: XrdHttpReq.cc:2813
XrdHttpSecXtractor::InitSSL
virtual int InitSSL(SSL *, char *)
Definition: XrdHttpSecXtractor.hh:52
XrdOucEnv::Get
char * Get(const char *varname)
Definition: XrdOucEnv.hh:69
XrdSecEntity::vorg
char * vorg
Entity's virtual organization(s)
Definition: XrdSecEntity.hh:71
XrdSecEntity::credslen
int credslen
Length of the 'creds' data.
Definition: XrdSecEntity.hh:78
XrdSecEntity::prot
char prot[XrdSecPROTOIDSIZE]
Auth protocol used (e.g. krb5)
Definition: XrdSecEntity.hh:67
XrdSecEntity::creds
char * creds
Raw entity credentials or cert.
Definition: XrdSecEntity.hh:77
XrdSecEntity::grps
char * grps
Entity's group name(s)
Definition: XrdSecEntity.hh:73
XrdSecEntity::name
char * name
Entity's name.
Definition: XrdSecEntity.hh:69
XrdSecEntity::role
char * role
Entity's role(s)
Definition: XrdSecEntity.hh:72
XrdSecEntity::endorsements
char * endorsements
Protocol specific endorsements.
Definition: XrdSecEntity.hh:75
XrdSecEntity::Display
void Display(XrdSysError &mDest)
Definition: XrdSecEntity.cc:58
XrdSecEntity::moninfo
char * moninfo
Information for monitoring.
Definition: XrdSecEntity.hh:76
XrdSecEntity::host
char * host
Entity's host name dnr dependent.
Definition: XrdSecEntity.hh:70
XrdTlsContext::SetTlsClientAuth
bool SetTlsClientAuth(ClientAuthSetting setting)
Definition: XrdTlsContext.cc:1147
XrdTlsContext::Session
void * Session()
Definition: XrdTlsContext.cc:899
XrdXrootd::Bridge::Login
static Bridge * Login(Result *rsltP, XrdLink *linkP, XrdSecEntity *seceP, const char *nameP, const char *protP)
Definition: XrdXrootdBridge.cc:38
XrdXrootd::Bridge::SetWait
virtual void SetWait(int wtime, bool notify=false)=0
XrdHttpProtoInfo::tlsClientAuth
XrdTlsContext::ClientAuthSetting tlsClientAuth
Definition: XrdHttpProtocol.cc:145

References Addr_str, XrdLink::AddrInfo(), XrdHttpReq::appendOpaque(), Bridge, XrdBuffer::bsize, XrdBuffer::buff, XrdOucString::c_str(), calcHashes(), compareHash(), XrdSecEntity::creds, XrdSecEntity::credslen, CurrentReq, DEBUG, decode_str(), XrdSecEntity::Display(), ClientSetRequest::dlen, eDest, XrdSecEntity::endorsements, XrdLink::FDnum(), XrdOucEnv::Get(), XrdSecEntity::grps, XrdHttpReq::headerok, XrdSecEntity::host, XrdHttpSecXtractor::InitSSL(), kXR_set, XrdOucString::length(), Link, XrdXrootd::Bridge::Login(), m_maxdelay, ClientSetRequest::modifier, XrdSecEntity::moninfo, XrdSecEntity::name, obfuscateAuth(), XrdHttpReq::opaque, XrdHttpReq::parseFirstLine(), XrdHttpReq::parseLine(), Port_str, XrdHttpReq::ProcessHTTPReq(), XrdSecEntity::prot, XrdHttpReq::reqstate, XrdHttpReq::request, ClientSetRequest::requestid, ClientSetRequest::reserved, XrdHttpReq::reset(), XrdHttpReq::resource, XrdSecEntity::role, XrdHttpReq::rtGET, XrdHttpReq::rtPROPFIND, XrdHttpReq::rtPUT, XrdHttpReq::rtUnset, XrdXrootd::Bridge::Run(), SecEntity, secretkey, selfhttps2http, XrdTlsContext::Session(), ClientRequest::set, XrdTlsContext::SetTlsClientAuth(), XrdXrootd::Bridge::SetWait(), XrdNetAddrInfo::SockFD(), sslcadir, XrdHttpProtoInfo::tlsClientAuth, TRACE, TRACE_AUTH, TRACE_DEBUG, TRACEI, TRACING, XrdHttpReq::userAgent(), XrdSecEntity::vorg, XrdHttpProtoInfo::xrdctx, XrdHttpReq::xrdreq, and XRHTTP_TK_GRACETIME.

+ Here is the call graph for this function:

◆ Recycle()

void XrdHttpProtocol::Recycle ( XrdLink lp,
int  consec,
const char *  reason 
)
virtual

Recycle this instance.

Implements XrdProtocol.

Definition at line 933 of file XrdHttpProtocol.cc.

933  {
934 
935  // Release all appendages
936  //
937 
938  Cleanup();
939 
940 
941  // Set fields to starting point (debugging mostly)
942  //
943  Reset();
944 
945  // Push ourselves on the stack
946  //
947  ProtStack.Push(&ProtLink);
948 }
XrdObjectQ::Push
void Push(XrdObject< T > *Node)
Definition: XrdObject.hh:101

References ProtLink, ProtStack, and XrdObjectQ< T >::Push().

+ Here is the call graph for this function:

◆ Stats()

int XrdHttpProtocol::Stats ( char *  buff,
int  blen,
int  do_sync = 0 
)
virtual

Get activity stats.

Implements XrdProtocol.

Definition at line 950 of file XrdHttpProtocol.cc.

950  {
951  // Synchronize statistics if need be
952  //
953  // if (do_sync) {
954  //
955  // SI->statsMutex.Lock();
956  // SI->readCnt += numReads;
957  // cumReads += numReads;
958  // numReads = 0;
959  // SI->prerCnt += numReadP;
960  // cumReadP += numReadP;
961  // numReadP = 0;
962  // SI->rvecCnt += numReadV;
963  // cumReadV += numReadV;
964  // numReadV = 0;
965  // SI->rsegCnt += numSegsV;
966  // cumSegsV += numSegsV;
967  // numSegsV = 0;
968  // SI->writeCnt += numWrites;
969  // cumWrites += numWrites;
970  // numWrites = 0;
971  // SI->statsMutex.UnLock();
972  // }
973  //
974  // // Now return the statistics
975  // //
976  // return SI->Stats(buff, blen, do_sync);
977 
978  return 0;
979 }

Friends And Related Function Documentation

◆ XrdHttpExtReq

friend class XrdHttpExtReq
friend

Definition at line 83 of file XrdHttpProtocol.hh.

◆ XrdHttpReq

friend class XrdHttpReq
friend

Definition at line 82 of file XrdHttpProtocol.hh.

Member Data Documentation

◆ Addr_str

char* XrdHttpProtocol::Addr_str
protected

Our IP address, as a string. Please remember that this may not be unique for a given machine, hence we need to keep it here and recompute ad every new connection.

Definition at line 366 of file XrdHttpProtocol.hh.

Referenced by XrdHttpProtocol(), and Process().

◆ BPool

XrdBuffManager * XrdHttpProtocol::BPool = 0
staticprotected

Definition at line 357 of file XrdHttpProtocol.hh.

Referenced by Configure(), and Match().

◆ Bridge

XrdXrootd::Bridge* XrdHttpProtocol::Bridge
protected

The Bridge that we use to exercise the xrootd internals.

Definition at line 372 of file XrdHttpProtocol.hh.

Referenced by doChksum(), doStat(), Process(), and XrdHttpReq::ProcessHTTPReq().

◆ CIA

XrdSecService * XrdHttpProtocol::CIA = 0
staticprotected

Definition at line 359 of file XrdHttpProtocol.hh.

◆ cksumHandler

XrdHttpChecksumHandler XrdHttpProtocol::cksumHandler = XrdHttpChecksumHandler()
static

Definition at line 136 of file XrdHttpProtocol.hh.

Referenced by XrdHttpReq::ProcessHTTPReq().

◆ compatNameGeneration

bool XrdHttpProtocol::compatNameGeneration = false
staticprotected

Definition at line 405 of file XrdHttpProtocol.hh.

◆ crlRefIntervalSec

int XrdHttpProtocol::crlRefIntervalSec = XrdTlsContext::DEFAULT_CRL_REF_INT_SEC
staticprotected

CRL thread refresh interval.

Definition at line 400 of file XrdHttpProtocol.hh.

◆ CurrentReq

XrdHttpReq XrdHttpProtocol::CurrentReq
protected

Area for coordinating request and responses to/from the bridge This also can process HTTP/DAV stuff

Definition at line 377 of file XrdHttpProtocol.hh.

Referenced by doChksum(), doStat(), and Process().

◆ eDest

XrdSysError XrdHttpProtocol::eDest = 0
staticprotected

Definition at line 358 of file XrdHttpProtocol.hh.

Referenced by Configure(), and Process().

◆ embeddedstatic

bool XrdHttpProtocol::embeddedstatic = true
staticprotected

If true, use the embedded css and icons.

Definition at line 426 of file XrdHttpProtocol.hh.

Referenced by XrdHttpReq::ProcessHTTPReq().

◆ gridmap

char * XrdHttpProtocol::gridmap = 0
staticprotected

Gridmap file location. The same used by XrdSecGsi.

Definition at line 403 of file XrdHttpProtocol.hh.

◆ hailWait

int XrdHttpProtocol::hailWait = 60000
staticprotected

Timeout for reading the handshake.

Definition at line 385 of file XrdHttpProtocol.hh.

Referenced by Match().

◆ hdr2cgimap

std::map< std::string, std::string > XrdHttpProtocol::hdr2cgimap
staticprotected

Rules that turn HTTP headers to cgi tokens in the URL, for internal comsumption.

Definition at line 446 of file XrdHttpProtocol.hh.

Referenced by XrdHttpReq::parseLine().

◆ isdesthttps

bool XrdHttpProtocol::isdesthttps = false
staticprotected

True if the redirections must be towards https targets.

Definition at line 414 of file XrdHttpProtocol.hh.

Referenced by XrdHttpReq::Redir().

◆ isRequiredGridmap

bool XrdHttpProtocol::isRequiredGridmap = false
staticprotected

Definition at line 404 of file XrdHttpProtocol.hh.

◆ Link

XrdLink* XrdHttpProtocol::Link
protected

The link we are bound to.

Definition at line 362 of file XrdHttpProtocol.hh.

Referenced by XrdHttpExtReq::GetClientID(), Match(), and Process().

◆ listdeny

bool XrdHttpProtocol::listdeny = false
staticprotected

If true, any form of listing is denied.

Definition at line 420 of file XrdHttpProtocol.hh.

Referenced by XrdHttpReq::ProcessHTTPReq().

◆ listredir

char * XrdHttpProtocol::listredir = 0
staticprotected

Url to redirect to in the case a listing is requested.

Definition at line 417 of file XrdHttpProtocol.hh.

Referenced by XrdHttpReq::ProcessHTTPReq().

◆ m_bio_method

BIO_METHOD * XrdHttpProtocol::m_bio_method = NULL
staticprotected

C-style vptr table for our custom BIO objects.

Definition at line 452 of file XrdHttpProtocol.hh.

◆ m_bio_type

int XrdHttpProtocol::m_bio_type = 0
staticprotected

Type identifier for our custom BIO objects.

Definition at line 449 of file XrdHttpProtocol.hh.

◆ m_maxdelay

int XrdHttpProtocol::m_maxdelay = -1
staticprotected

Definition at line 433 of file XrdHttpProtocol.hh.

Referenced by Process().

◆ m_staticheader_map

std::unordered_map<std::string, std::vector<std::pair<std::string, std::string> > > XrdHttpProtocol::m_staticheader_map
staticprotected

The static headers to always return; map is from verb to a list of (header, val) pairs.

Definition at line 464 of file XrdHttpProtocol.hh.

◆ m_staticheaders

std::unordered_map<std::string, std::string> XrdHttpProtocol::m_staticheaders
staticprotected

The static string version of m_staticheader_map. After config parsing is done, this is computed and we won't need to reference m_staticheader_map in the response path.

Definition at line 468 of file XrdHttpProtocol.hh.

◆ myRole

kXR_int32 XrdHttpProtocol::myRole = kXR_isManager
staticprotected

Our role.

Definition at line 443 of file XrdHttpProtocol.hh.

Referenced by Configure(), and XrdHttpReq::ProcessHTTPReq().

◆ pmarkHandle

XrdNetPMark * XrdHttpProtocol::pmarkHandle = nullptr
staticprotected

Packet marking handler pointer (assigned from the environment during the Config() call)

Definition at line 458 of file XrdHttpProtocol.hh.

Referenced by XrdHttpExtReq::XrdHttpExtReq(), and XrdHttpReq::parseLine().

◆ Port

int XrdHttpProtocol::Port = 1094
staticprotected

Our port.

Definition at line 391 of file XrdHttpProtocol.hh.

Referenced by Configure().

◆ Port_str

char * XrdHttpProtocol::Port_str = 0
staticprotected

Our port, as a string.

Definition at line 394 of file XrdHttpProtocol.hh.

Referenced by Configure(), and Process().

◆ ProtLink

XrdObject<XrdHttpProtocol> XrdHttpProtocol::ProtLink

Definition at line 129 of file XrdHttpProtocol.hh.

Referenced by Recycle().

◆ ProtStack

XrdObjectQ< XrdHttpProtocol > XrdHttpProtocol::ProtStack
static

Definition at line 128 of file XrdHttpProtocol.hh.

Referenced by Configure(), Match(), and Recycle().

◆ ReadRangeConfig

XrdHttpReadRangeHandler::Configuration XrdHttpProtocol::ReadRangeConfig
static

configuration for the read range handler

Definition at line 139 of file XrdHttpProtocol.hh.

◆ readWait

int XrdHttpProtocol::readWait = 300000
staticprotected

Timeout for reading data.

Definition at line 388 of file XrdHttpProtocol.hh.

◆ Sched

XrdScheduler * XrdHttpProtocol::Sched = 0
staticprotected

Definition at line 356 of file XrdHttpProtocol.hh.

Referenced by Configure().

◆ SecEntity

XrdSecEntity XrdHttpProtocol::SecEntity

Authentication area.

Definition at line 133 of file XrdHttpProtocol.hh.

Referenced by XrdHttpExtReq::XrdHttpExtReq(), XrdHttpExtReq::GetSecEntity(), Match(), Process(), and XrdHttpReq::Redir().

◆ secretkey

char * XrdHttpProtocol::secretkey = 0
staticprotected

The key used to calculate the url hashes.

Definition at line 408 of file XrdHttpProtocol.hh.

Referenced by Process(), and XrdHttpReq::Redir().

◆ selfhttps2http

bool XrdHttpProtocol::selfhttps2http = false
staticprotected

If client is HTTPS, self-redirect with HTTP+token.

Definition at line 423 of file XrdHttpProtocol.hh.

Referenced by Process().

◆ servGMap

XrdOucGMap * XrdHttpProtocol::servGMap = 0
staticprotected

The instance of the DN mapper. Created only when a valid path is given.

Definition at line 369 of file XrdHttpProtocol.hh.

◆ sslcadir

char * XrdHttpProtocol::sslcadir = 0
staticprotected

Definition at line 397 of file XrdHttpProtocol.hh.

Referenced by Process().

◆ sslcafile

char * XrdHttpProtocol::sslcafile = 0
staticprotected

Definition at line 397 of file XrdHttpProtocol.hh.

◆ sslcert

char * XrdHttpProtocol::sslcert = 0
staticprotected

OpenSSL stuff.

Definition at line 397 of file XrdHttpProtocol.hh.

◆ sslcipherfilter

char * XrdHttpProtocol::sslcipherfilter = 0
staticprotected

Definition at line 397 of file XrdHttpProtocol.hh.

◆ sslkey

char * XrdHttpProtocol::sslkey = 0
staticprotected

Definition at line 397 of file XrdHttpProtocol.hh.

◆ sslverifydepth

int XrdHttpProtocol::sslverifydepth = 9
staticprotected

Depth of verification of a certificate chain.

Definition at line 411 of file XrdHttpProtocol.hh.

◆ staticpreload

XrdOucHash< XrdHttpProtocol::StaticPreloadInfo > * XrdHttpProtocol::staticpreload = 0
staticprotected

Definition at line 440 of file XrdHttpProtocol.hh.

Referenced by XrdHttpReq::ProcessHTTPReq().

◆ staticredir

char * XrdHttpProtocol::staticredir = 0
staticprotected

Definition at line 429 of file XrdHttpProtocol.hh.

Referenced by XrdHttpReq::ProcessHTTPReq().

◆ tpcForwardCreds

bool XrdHttpProtocol::tpcForwardCreds = false
staticprotected

If set to true, the HTTP TPC transfers will forward the credentials to redirected hosts.

Definition at line 461 of file XrdHttpProtocol.hh.

Referenced by XrdHttpExtReq::XrdHttpExtReq().

◆ xrd_cslist

char * XrdHttpProtocol::xrd_cslist = nullptr
staticprotected

The list of checksums that were configured via the xrd.cksum parameter on the server config file.

Definition at line 455 of file XrdHttpProtocol.hh.

Referenced by Configure().

The documentation for this class was generated from the following files: