Hi,
I would personally fix SecEntity with no mercy, as even now there are so many cases
of abuse of its fields, just to carry around information of some kind. A striking
example is that the user DN is kept in a "moninfo" field. There are others.
(and IMO the only way to clean it is to rename all of them, no mercy)
The beautiful thing of SecEntity is that it's passed (almost) everywhere. That makes
it my best reference for accessing information about the connected client, including
the protocol that it's using to communicate (which is not there by now, or, ...
yes it's there in another abused field).
I don't think I would like to see request information inside SecEntity. xrootd already has
a data structure modelling requests. It should be there.
Cheers
Fabrizio
On 07/03/2018 05:08 PM, Brian Bockelman wrote:
> I guess the ideal world would be to make the XrdSecEntity have a request-level scope for XrdOfs requests (meaning there's a
> clear way to mutate it in the authorization layer) or have a separate per-request authorization object. The latter can probably
> be done by not breaking ABIs. The latter is cleaner, but a lot of ABI breakage for minor gain.
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
|