GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  OPENXPKI::SERVICE::DEFAULT (3)

.ds Aq ’

Name

OpenXPKI::Service::Default - basic service implementation

CONTENTS

Description

This is the common Service implementation to be used by most interactive clients. It supports PKI realm selection, user authentication and session handling.

Protocol Definition

    Connection startup

You can send two messages at the beginning of a connection. You can ask to continue an old session or you start a new session. The answer is always the same - the session ID or an error message.

Session init

--> {SERVICE_MSG => NEW_SESSION,
LANGUAGE
=> $lang}

<-- {SESSION_ID => $ID}

--> {SERVICE_MSG => SESSION_ID_ACCEPTED}

<-- {SERVICE_MSG => GET_PKI_REALM,
PARAMS
=> {
PKI_REALM => {
0 => {
NAME => Root Realm,
DESCRIPTION => This is an example root realm.
}
}
}
}
}

--> {SERVICE_MSG => GET_PKI_REALM,
PARAMS
=> {
PKI_REALM => $realm,
}
}

<-- {SERVICE_MSG => GET_AUTHENTICATION_STACK,
PARAMS
=> {
AUTHENTICATION_STACKS => {
0 => {
NAME => Basic Root Auth Stack,
DESCRIPTION => This is the basic root authentication stack.
}
}
}
}

--> {SERVICE_MSG => GET_AUTHENTICATION_STACK,
PARAMS
=> {
AUTHENTICATION_STACK => 0
}
} Example 1: Anonymous Login

<-- {SERVICE_MSG => SERVICE_READY}

Answer is the first command.

Example 2: Password Login

<-- {SERVICE_MSG => GET_PASSWD_LOGIN,
PARAMS
=> {
NAME => XYZ,
DESCRIPTION
=> bla bla ...
}
}

--> {LOGIN => John Doe,
PASSWD => 12345678}

on success ... <-- {SERVICE_MSG => SERVICE_READY}

on failure ... <-- {ERROR => some already translated message}

Session continue

--> {SERVICE_MSG => CONTINUE_SESSION,
SESSION_ID
=> $ID}

<-- {SESSION_ID => $ID}

--> {SERVICE_MSG => "SESSION_ID_ACCEPTED}

<-- {SERVICE_MSG => SERVICE_READY}

Functions

The functions does nothing else than to support the test stuff with a working user interface dummy.
o START
o init

Receives messages, checks them for validity in the given state and passes them of to __handle_message if they are valid. Runs until it reaches the state ’MAIN_LOOP’, which means that session initialization, PKI realm selection and login are done.

o run

Receives messages, checks them for validity in the given state (MAIN_LOOP) and passes them to __handle_message if they are valid. Runs until a LOGOUT command is received.

o __is_valid_message

Checks whether a given message is a valid message in the current state. Currently, this checks the message name (’SERVICE_MSG’) only, could be used to validate the input as well later.

o __handle_message

Handles a message by passing it off to a handler named using the service message name.

o __handle_NEW_SESSION

Handles the NEW_SESSION message by creating a new session, saving it in the context and sending back the session ID. Changes the state to ’SESSION_ID_ACCEPTED

o __handle_CONTINUE_SESSION

Handles the CONTINUE_SESSION message.

o __handle_PING

Handles the PING message by sending back an empty response.

o __handle_SESSION_ID_ACCEPTED

Handles the ’SESSION_ID_ACCEPTED’ message. It looks whether there are multiple PKI realms defined. If so, it sends back the list and changes to state ’WAITING_FOR_PKI_REALM’. If not, it looks whether an authentication stack is present. If not, it sends the list of possible stacks and changes the state to ’WAITING_FOR_AUTHENTICATION_STACK’.

o __handle_GET_PKI_REALM

Handles the GET_PKI_REALM message by checking whether the received realm is valid and setting it in the context if so.

o __handle_GET_AUTHENTICATION_STACK

Handles the GET_AUTHENTICATION_STACK message by checking whether the received stack is valid and setting the corresponding attribute if it is

o __handle_GET_PASSWD_LOGIN

Handles the GET_PASSWD_LOGIN message by passing on the credentials to the Authentication modules ’login_step’ method.

o __handle_DETACH

Removes the current session from this worker but does not delete the session. The worker is now free to handle requests for other sessions.

o __handle_LOGOUT

Handles the LOGOUT message by deleting the session from the backend.

o __handle_STATUS

Handles the STATUS message by sending back role and user information.

o __handle_COMMAND

Handles the COMMAND message by calling the corresponding command if the user is authorized.

o __pki_realm_choice_available

Checks whether more than one PKI realm is configured.

o __list_authentication_stacks

Returns a list of configured authentication stacks.

o __is_valid_auth_stack

Checks whether a given stack is a valid one.

o __is_valid_pki_realm

Checks whether a given realm is a valid one.

o __change_state

Changes the internal state.

o __send_error

Sends an error message to the user.

Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 OPENXPKI::SERVICE::DEFAULT (3) 2016-04-03

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.