General cleanup.

xrootd · Oct 15, 2016 · 3a9795c · 3a9795c
1 parent fa86c92
commit 3a9795c
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 37 deletions.
diff --git a/src/XProtocol/XProtocol.hh b/src/XProtocol/XProtocol.hh
@@ -251,16 +251,16 @@ enum XPrepRequestOption {
 // ServerResponseReqs_Protocol::secver
 #define kXR_secver_0  0
 
-// Keytype used for kXR_decrypt and kXR_sigver
+// Flags for kXR_decrypt and kXR_sigver
 enum XSecFlags {
-   kXR_sessKey  = 0, // Set in SigverRequest:: or DecryptRequest::flags
-   kXR_rsaKey   = 1, // Currently not used
-   kXR_nodata   = 2  // Request payload was not hashed or encrypted
+   kXR_nodata   = 1  // Request payload was not hashed or encrypted
 };
 
-// Hash used for kXR_sigver
-enum XSecHash {
-   kXR_SHA256 = 0    // Set in SigverRequest::hash
+// Cryptography used for kXR_sigver SigverRequest::crypto
+enum XSecCrypto {
+   kXR_SHA256   = 0x01,   // Hash used
+   kXR_HashMask = 0x0f,   // Mak to extract the hash type
+   kXR_rsaKey   = 0x80    // The rsa key was used
 };
 
 //_______________________________________________
@@ -528,7 +528,7 @@ struct ClientSigverRequest {
    kXR_char  version;   // Security version being used (see XSecVersion)
    kXR_char  flags;     // One or more flags defined in enum (see XSecFlags)
    kXR_unt64 seqno;     // Monotonically increasing number (part of hash)
-   kXR_char  hash;      // Hash used (see XSecHash)
+   kXR_char  crypto;    // Cryptography used (see XSecCrypto)
    kXR_char  rsvd2[3];
    kXR_int32 dlen;
 };
@@ -683,9 +683,8 @@ struct ServerResponseReqs_Protocol {
 
 // Options reflected in protocol response ServerResponseReqs_Protocol::secopt
 //
-#define kXR_secOEnc  0x01
-#define kXR_secOData 0x02
-#define kXR_secOFrce 0x04
+#define kXR_secOData 0x01
+#define kXR_secOFrce 0x02
 
 // Security level definitions (these are predefined but can be over-ridden)
 //

diff --git a/src/XrdSec/XrdSecProtect.cc b/src/XrdSec/XrdSecProtect.cc
@@ -58,17 +58,6 @@ struct XrdSecReq
        SecurityRequest secReq;
        unsigned char   secSig;  // The encrypted hash follows starting here
 };
-
-inline const ClientSigverRequest* InitSigVer()
-{
-  static const ClientSigverRequest initSigVer = {{0,0}, htons(kXR_sigver), 0,
-      kXR_secver_0, kXR_sessKey, 0,
-      kXR_SHA256, {0, 0, 0},
-      0
-     };
-
-  return &initSigVer;
-}
 }
 
 /******************************************************************************/
@@ -234,6 +223,10 @@ int XrdSecProtect::Secure(SecurityRequest *&newreq,
                           ClientRequest    &thereq,
                           const char       *thedata)
 {
+   static const ClientSigverRequest initSigVer = {{0,0}, htons(kXR_sigver),
+                                                  0, kXR_secver_0, 0, 0,
+                                                  kXR_SHA256, {0, 0, 0}, 0
+                                                 };
    struct buffHold {XrdSecReq    *P;
                     XrdSecBuffer *bP;
                     buffHold() : P(0), bP(0) {}
@@ -298,14 +291,14 @@ int XrdSecProtect::Secure(SecurityRequest *&newreq,
 
 // Setup the security request (we only support signing)
 //
-   memcpy(&(myReq.P->secReq), InitSigVer(), sizeof(ClientSigverRequest));
+   memcpy(&(myReq.P->secReq), &initSigVer, sizeof(ClientSigverRequest));
    memcpy(&(myReq.P->secReq.header.streamid ), thereq.header.streamid,
           sizeof(myReq.P->secReq.header.streamid));
    memcpy(&(myReq.P->secReq.sigver.expectrid),&thereq.header.requestid,
           sizeof(myReq.P->secReq.sigver.expectrid));
    myReq.P->secReq.sigver.seqno = mySeq;
    if (nodata) myReq.P->secReq.sigver.flags |= kXR_nodata;
-   myReq.P->secReq.sigver.dlen  = htonl(sigSize);
+   myReq.P->secReq.sigver.dlen   = htonl(sigSize);
 
 // Append the signature to the request
 //
@@ -330,7 +323,6 @@ void XrdSecProtect::SetProtection(const ServerResponseReqs_Protocol &inReqs)
    if (inReqs.secvsz == 0 && inReqs.seclvl == 0)
       {memset(&myReqs, 0, sizeof(myReqs));
        secVec     = 0;
-       secEncrypt = false;
        secVerData = false;
        return;
       }
@@ -350,7 +342,6 @@ void XrdSecProtect::SetProtection(const ServerResponseReqs_Protocol &inReqs)
 
 // Set options
 //
-   secEncrypt    = (inReqs.secopt & kXR_secOEnc ) != 0;
    secVerData    = (inReqs.secopt & kXR_secOData) != 0;
 
 // Create a modified vectr if there are overrides
@@ -405,9 +396,9 @@ const char *XrdSecProtect::Verify(SecurityRequest  &secreq,
       return "Signature requestid mismatch";
    if (secreq.sigver.version   != kXR_secver_0)
       return "Unsupported signature version";
-   if (secreq.sigver.hash      != kXR_SHA256)
+   if ((secreq.sigver.crypto & kXR_HashMask) != kXR_SHA256)
       return "Unsupported signature hash";
-   if (secreq.sigver.flags & kXR_rsaKey)
+   if (secreq.sigver.crypto & kXR_rsaKey)
       return "Unsupported signature key";
 
 // Now get the hash information

diff --git a/src/XrdSec/XrdSecProtect.hh b/src/XrdSec/XrdSecProtect.hh
@@ -138,15 +138,14 @@ protected:
          XrdSecProtect(XrdSecProtocol *aprot=0, bool edok=true)     // Client!
                       : Need2Secure(&XrdSecProtect::Screen),
                         authProt(aprot), secVec(0), lastSeqno(1),
-                        edOK(edok), secEncrypt(false), secVerData(false)
+                        edOK(edok), secVerData(false)
                         {}
 
          XrdSecProtect(XrdSecProtocol *aprot, XrdSecProtect &pRef, // Server!
                        bool edok=true)
                       : Need2Secure(&XrdSecProtect::Screen),
                         authProt(aprot), secVec(pRef.secVec),
                         lastSeqno(0), edOK(edok),
-                        secEncrypt(pRef.secEncrypt),
                         secVerData(pRef.secVerData) {}
 
 void     SetProtection(const ServerResponseReqs_Protocol &inReqs);
@@ -162,7 +161,6 @@ union {kXR_unt64             lastSeqno;  // Used by Secure()
        kXR_unt64             nextSeqno;  // Used by Verify()
       };
 bool                         edOK;
-bool                         secEncrypt;
 bool                         secVerData;
 static const unsigned int    maxRIX = kXR_REQFENCE-kXR_auth;
 char                         myVec[maxRIX];

diff --git a/src/XrdSec/XrdSecProtector.cc b/src/XrdSec/XrdSecProtector.cc
@@ -153,8 +153,6 @@ void XrdSecProtector::Config(const XrdSecProtectParms    &parms,
 
 // Setup options
 //
-   if ((parms.opts & XrdSecProtectParms::useEnc) != 0)
-      reqs.secopt |= kXR_secOEnc;
    if ((parms.opts & XrdSecProtectParms::doData) != 0)
       reqs.secopt |= kXR_secOData;
    if ((parms.opts & XrdSecProtectParms::force)  != 0)

diff --git a/src/XrdSec/XrdSecProtector.hh b/src/XrdSec/XrdSecProtector.hh
@@ -47,10 +47,9 @@ enum    secLevel {secNone = 0,
 secLevel   level;   //!< In:  The desired level.
 int        opts;    //!< In:  Options:
 
-static const int   useEnc = 0x0000001; //!< Use encryption
-static const int   doData = 0x0000002; //!< Secure data
-static const int   relax  = 0x0000004; //!< relax old clients
-static const int   force  = 0x0000008; //!< Allow unencryted hash
+static const int   doData = 0x0000001; //!< Secure data
+static const int   relax  = 0x0000002; //!< relax old clients
+static const int   force  = 0x0000004; //!< Allow unencryted hash
 
             XrdSecProtectParms() : level(secNone), opts(0) {}
            ~XrdSecProtectParms() {}