[Server] Additional TLS support items.

xrootd · Jun 21, 2019 · fae8e8e · fae8e8e
1 parent fc6ab51
commit fae8e8e
Show file tree

Hide file tree

Showing 12 changed files with 241 additions and 456 deletions.
diff --git a/src/XProtocol/XProtocol.cc b/src/XProtocol/XProtocol.cc
@@ -92,10 +92,11 @@ const char *errNames[kXR_ERRFENCE-kXR_ArgInvalid] =
                     "Quota exceeded",             // kXR_overQuota
                     "Invalid signature",          // kXR_SigVerErr
                     "Decryption failed",          // kXR_DecryptErr
-                    "Overloaded",                 // kXR_Overloaded
+                    "Server is overloaded",       // kXR_Overloaded
                     "Filesystem is read only",    // kXR_fsReadOnly
                     "Invalid payload format",     // kXR_BadPayload
                     "File attrbute not found"     // kXR_AttrNotFound
+                    "Operation requires TLS"      // kXR_TLSRequired
                    };
 
 const char *reqNames[kXR_REQFENCE-kXR_auth] =

diff --git a/src/XProtocol/XProtocol.hh b/src/XProtocol/XProtocol.hh
@@ -93,13 +93,8 @@
 #define kXR_supgetf   0x00400000
 #define kXR_supputf   0x00200000
 
-#define kXR_Expect    0x000f0000
-#define kXR_ExpNone   0x00000000
-#define kXR_ExpBind   0x00010000
-#define kXR_ExpLogin  0x00020000
-#define kXR_ExpTPC    0x00030000
-
-#define kXR_haveTls   0x80000000
+#define kXR_haveTLS   0x80000000
+#define kXR_gotoTLS   0x40000000
 #define kXR_tlsAny    0x0f000000
 #define kXR_tlsData   0x01000000
 #define kXR_tlsLogin  0x02000000
@@ -248,11 +243,6 @@ enum XOpenRequestOption {
    kXR_open_wrto=32768
 };
 
-enum XProtocolRequestFlags {
-   kXR_secreqs  = 1,     // Options: Return security requirements
-   kXR_wantTls  = 2      // Options: Change connection to use TLS
-};
-
 enum XQueryType {
    kXR_QStats = 1,
    kXR_QPrep  = 2,
@@ -390,7 +380,8 @@ enum XErrorCode {
    kXR_fsReadOnly,      // 3025
    kXR_BadPayload,      // 3026
    kXR_AttrNotFound,    // 3027
-   kXR_ERRFENCE,    // Always last valid errcode + 1
+   kXR_TLSRequired,     // 3028
+   kXR_ERRFENCE,        // Always last valid errcode + 1
    kXR_noErrorYet = 10000
 };
 
@@ -565,8 +556,24 @@ struct ClientProtocolRequest {
    kXR_unt16 requestid;
    kXR_int32 clientpv;      // 2.9.7 or higher
    kXR_char  flags;         // 3.1.0 or higher
-   kXR_char  reserved[11];
+   kXR_char  expect;        // 4.0.0 or higher
+   kXR_char  reserved[10];
    kXR_int32 dlen;
+
+enum RequestFlags {
+   kXR_secreqs  = 0x01,  // Options: Return security requirements
+   kXR_ableTLS  = 0x02,  // Options: Client is TLS capable
+   kXR_wantTLS  = 0x04   // Options: Change connection to use TLS
+};
+
+enum ExpectFlags {
+   kXR_ExpMask   = 0x0f, // Isolate the relevant expect birs (encoded)
+   kXR_ExpNone   = 0x00,
+   kXR_ExpBind   = 0x01,
+   kXR_ExpLogin  = 0x02,
+   kXR_ExpTPC    = 0x03
+};
+
 };
 struct ClientPrepareRequest {
    kXR_char  streamid[2];
@@ -1012,6 +1019,7 @@ static int mapError(int rc)
            case EUSERS:       return kXR_Overloaded;
            case EROFS:        return kXR_fsReadOnly;
            case ENOATTR:      return kXR_AttrNotFound;
+           case EPROTOTYPE:   return kXR_TLSRequired;
            default:           return kXR_FSError;
           }
       }
@@ -1047,6 +1055,7 @@ static int toErrno( int xerr )
         case kXR_fsReadOnly:    return EROFS;
         case kXR_BadPayload:    return EINVAL;
         case kXR_AttrNotFound:  return ENOATTR;
+        case kXR_TLSRequired:   return EPROTOTYPE;
         default:                return ENOMSG;
        }
 }

diff --git a/src/Xrd/LinkTLS.cc b/src/Xrd/LinkTLS.cc
diff --git a/src/Xrd/XrdLink.hh b/src/Xrd/XrdLink.hh
@@ -521,6 +521,15 @@ void            armBridge();
 
 inline bool     hasBridge() const {return isBridged;}
 
+//-----------------------------------------------------------------------------
+//! Determine if this link is using TLS.
+//!
+//! @return true    this link is  using TLS.
+//! @return false   this link not using TLS.
+//-----------------------------------------------------------------------------
+
+inline bool     hasTLS() const {return isTLS;}
+
 //-----------------------------------------------------------------------------
 //! Constructor
 //!

diff --git a/src/Xrd/XrdLinkXeq.cc b/src/Xrd/XrdLinkXeq.cc
@@ -807,7 +807,7 @@ bool XrdLinkXeq::setTLS(bool enable)
 
 int XrdLinkXeq::SFError(int rc)
 {
-   Log.Emsg("TLS_Link", rc, "send file to", ID);
+   Log.Emsg("TLS", rc, "send file to", ID);
    return -1;
 }
 
@@ -947,7 +947,7 @@ int XrdLinkXeq::TLS_Error(const char *act, int rc)
    char msg[512];
 
    snprintf(msg, sizeof(msg), "Unable to %s %s;", act, ID);
-   Log.Emsg("TLS_Link", msg, reason.c_str());
+   Log.Emsg("TLS", msg, reason.c_str());
    return -1;
 }