Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[XrdCrypto][XrdHttp] Extract DN from user (proxy, multi-proxy) certif… #1239

Merged
merged 2 commits into from
Jul 10, 2020
Merged

[XrdCrypto][XrdHttp] Extract DN from user (proxy, multi-proxy) certif… #1239

merged 2 commits into from
Jul 10, 2020

Conversation

esindril
Copy link
Contributor

@esindril esindril commented Jul 2, 2020

…icate and properly

handle the gridmap-file functionality when accessing through HTTP

Conflicts:
src/XrdHttp/XrdHttpProtocol.cc
src/XrdHttp/XrdHttpProtocol.hh

This PR provides the same functionality as #1238 but is done against stable-4.12.x and doesn't use any Tls object since they don't exist in the R4 version.

@bbockelm @esindril
[XrdCrypto][XrdHttp] Extract DN from user (proxy, multi-proxy) certif…
e003bba 
…icate and properly

  handle the gridmap-file functionality when accessing through HTTP

Conflicts:
	src/XrdHttp/XrdHttpProtocol.cc
	src/XrdHttp/XrdHttpProtocol.hh
@esindril esindril requested a review from abh3 July 2, 2020 15:52
@abh3 abh3 closed this in e6a7b0b Jul 2, 2020
@bbockelm
Copy link
Contributor

bbockelm commented Jul 6, 2020

Did this get closed by accident? The commit message in e6a7b0b closed this PR but clearly is unrelated.

@abh3 abh3 reopened this Jul 7, 2020
@abh3
Copy link
Member

abh3 commented Jul 7, 2020

Inadvertent close.

@xrootd-dev
Copy link

xrootd-dev commented Jul 7, 2020 via email

abh3
abh3 requested changes Jul 7, 2020
View reviewed changes
Copy link
Member

@abh3 abh3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. So, the only strong suggestion I have to allow a site to choose the policy for the voms extractor and gridmap file mapping. As I said in a previous mail file, that short circuits any dispute whether or not failure in either plugin should fail the whole authentication. Likely the easiest and most understandable addition is:

http.gridmap [require]
http.secxtrator [require]

So, simply, if "require" is specified then authentication should fail if the respective plugin returns failure. Now, I hate punching the button "request changes" because it makes it sound like something is wrong with your most recent changes. That is not so. However, the addition of the "require" policy would finally bring closure all the loose authentication ends in http. So, please understand.

(BTW the reason it took me so long is that I finally got away from a computer this long holiday weekend - yay).

This was referenced Jul 8, 2020
Closed
Merged
@esindril
[XrdHttp] Add "required" parameter to the http.secxtractor and http.g…
2a3911b 
…ridmap configuration directives

Conflicts:
	src/XrdHttp/XrdHttpProtocol.cc
@esindril
Copy link
Contributor Author

esindril commented Jul 8, 2020

This is also ready now.

@abh3
Copy link
Member

abh3 commented Jul 9, 2020 via email

@abh3 abh3 merged commit e7dd50a into xrootd:stable-4.12.x Jul 10, 2020
@esindril esindril deleted the xrdhttp_proxy_handling_v4 branch February 7, 2023 15:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abh3 abh3 abh3 requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@esindril @bbockelm @abh3 @xrootd-dev