gridsite.h
Go to the documentation of this file.00001 /* 00002 Copyright (c) 2002-6, Andrew McNab, University of Manchester 00003 All rights reserved. 00004 00005 Redistribution and use in source and binary forms, with or 00006 without modification, are permitted provided that the following 00007 conditions are met: 00008 00009 o Redistributions of source code must retain the above 00010 copyright notice, this list of conditions and the following 00011 disclaimer. 00012 o Redistributions in binary form must reproduce the above 00013 copyright notice, this list of conditions and the following 00014 disclaimer in the documentation and/or other materials 00015 provided with the distribution. 00016 00017 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 00018 CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 00019 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 00020 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 00021 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS 00022 BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 00023 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 00024 TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00025 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 00026 ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 00027 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 00028 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 00029 POSSIBILITY OF SUCH DAMAGE. 00030 */ 00031 00032 /*---------------------------------------------------------------* 00033 * For more about GridSite: http://www.gridsite.org/ * 00034 *---------------------------------------------------------------*/ 00035 00036 #ifndef HEADER_SSL_H 00037 #include <openssl/ssl.h> 00038 #endif 00039 00040 #ifndef HEADER_CRYPTO_H 00041 #include <openssl/crypto.h> 00042 #endif 00043 00044 #ifndef FALSE 00045 #define FALSE (0) 00046 #endif 00047 #ifndef TRUE 00048 #define TRUE (!FALSE) 00049 #endif 00050 00052 #define GRST_RET_OK 0 00053 00055 #define GRST_RET_FAILED 1000 00056 00058 #define GRST_RET_CERT_NOT_FOUND 1001 00059 00061 #define GRST_RET_BAD_SIGNATURE 1002 00062 00064 #define GRST_RET_NO_SUCH_FILE 1003 00065 00066 00067 // #define GRSTerrorLog(GRSTerrorLevel, GRSTerrorFmt, ...) if (GRSTerrorLogFunc != NULL) (GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, GRSTerrorFmt, __VA_ARGS__) 00068 00069 #define GRSTerrorLog(GRSTerrorLevel, ...) if (GRSTerrorLogFunc != NULL) (GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, __VA_ARGS__) 00070 00071 void (*GRSTerrorLogFunc)(char *, int, int, char *, ...); 00072 00073 /* these levels are the same as Unix syslog() and Apache ap_log_error() */ 00074 00075 #define GRST_LOG_EMERG 0 00076 #define GRST_LOG_ALERT 1 00077 #define GRST_LOG_CRIT 2 00078 #define GRST_LOG_ERR 3 00079 #define GRST_LOG_WARNING 4 00080 #define GRST_LOG_NOTICE 5 00081 #define GRST_LOG_INFO 6 00082 #define GRST_LOG_DEBUG 7 00083 00084 typedef struct { char *name; 00085 char *value; 00086 void *next; } GRSTgaclNamevalue; 00087 00088 typedef struct { char *type; 00089 int delegation; 00090 GRSTgaclNamevalue *firstname; 00091 void *next; } GRSTgaclCred; 00092 00093 typedef int GRSTgaclAction; 00094 typedef unsigned int GRSTgaclPerm; 00095 00096 typedef struct { GRSTgaclCred *firstcred; 00097 GRSTgaclPerm allowed; 00098 GRSTgaclPerm denied; 00099 void *next; } GRSTgaclEntry; 00100 00101 typedef struct { GRSTgaclEntry *firstentry; } GRSTgaclAcl; 00102 00103 typedef struct { GRSTgaclCred *firstcred; 00104 char *dnlists; } GRSTgaclUser; 00105 00106 #define GRST_PERM_NONE 0 00107 #define GRST_PERM_READ 1 00108 #define GRST_PERM_EXEC 2 00109 #define GRST_PERM_LIST 4 00110 #define GRST_PERM_WRITE 8 00111 #define GRST_PERM_ADMIN 16 00112 #define GRST_PERM_ALL 31 00113 00114 /* DO NOT USE PermIsNone!! */ 00115 #define GRSTgaclPermIsNone(perm) ((perm) == 0) 00116 00117 #define GRSTgaclPermHasNone(perm) ((perm) == 0) 00118 #define GRSTgaclPermHasRead(perm) (((perm) & GRST_PERM_READ ) != 0) 00119 #define GRSTgaclPermHasExec(perm) (((perm) & GRST_PERM_EXEC ) != 0) 00120 #define GRSTgaclPermHasList(perm) (((perm) & GRST_PERM_LIST ) != 0) 00121 #define GRSTgaclPermHasWrite(perm) (((perm) & GRST_PERM_WRITE) != 0) 00122 #define GRSTgaclPermHasAdmin(perm) (((perm) & GRST_PERM_ADMIN) != 0) 00123 00124 #define GRST_ACTION_ALLOW 0 00125 #define GRST_ACTION_DENY 1 00126 00127 #define GRST_HIST_PREFIX ".grsthist" 00128 #define GRST_ACL_FILE ".gacl" 00129 #define GRST_DN_LISTS "/etc/grid-security/dn-lists" 00130 #define GRST_RECURS_LIMIT 9 00131 00132 #define GRST_PROXYCERTINFO_OID "1.3.6.1.4.1.3536.1.222" 00133 #define GRST_VOMS_OID "1.3.6.1.4.1.8005.100.100.5" 00134 #define GRST_VOMS_DIR "/etc/grid-security/vomsdir" 00135 00136 #define GRST_ASN1_MAXCOORDLEN 50 00137 #define GRST_ASN1_MAXTAGS 500 00138 00139 struct GRSTasn1TagList { char treecoords[GRST_ASN1_MAXCOORDLEN+1]; 00140 int start; 00141 int headerlength; 00142 int length; 00143 int tag; } ; 00144 00145 typedef struct { int type; /* CA, user, proxy, VOMS, ... */ 00146 int errors; /* unchecked, bad sig, bad time */ 00147 char *issuer; /* Cert CA DN, EEC of PC, or VOMS DN */ 00148 char *dn; /* Cert DN, or VOMS AC holder DN */ 00149 char *value; /* VOMS FQAN or NULL */ 00150 time_t start; 00151 time_t finish; 00152 int serial; 00153 char *ocsp; /* accessLocation field */ 00154 void *raw; /* X509 or VOMS Extension object */ 00155 void *next; } GRSTx509Cert; 00156 00157 #define GRST_CERT_BAD_FORMAT 1 00158 #define GRST_CERT_BAD_CHAIN 2 00159 #define GRST_CERT_BAD_SIG 4 00160 #define GRST_CERT_BAD_TIME 8 00161 #define GRST_CERT_BAD_OCSP 16 00162 00163 #define GRST_CERT_TYPE_CA 1 00164 #define GRST_CERT_TYPE_EEC 2 00165 #define GRST_CERT_TYPE_PROXY 3 00166 #define GRST_CERT_TYPE_VOMS 4 00167 00168 /* a chain of certs, starting from the first CA */ 00169 typedef struct { GRSTx509Cert *firstcert; } GRSTx509Chain; 00170 00171 int GRSTx509CertLoad(GRSTx509Cert *, X509 *); 00172 int GRSTx509ChainLoadCheck(GRSTx509Chain **, STACK_OF(X509) *, X509 *, char *, char *); 00173 int GRSTx509ChainFree(GRSTx509Chain *); 00174 00175 #define GRST_HTTP_PORT 777 00176 #define GRST_HTTPS_PORT 488 00177 #define GRST_HTCP_PORT 777 00178 #define GRST_GSIFTP_PORT 2811 00179 00180 #define GRSThtcpNOPop 0 00181 #define GRSThtcpTSTop 1 00182 00183 typedef struct { unsigned char length_msb; 00184 unsigned char length_lsb; 00185 char text[1]; } GRSThtcpCountstr; 00186 00187 #define GRSThtcpCountstrLen(string) (256*((string)->length_msb) + (string)->length_lsb) 00188 00189 typedef struct { unsigned char total_length_msb; 00190 unsigned char total_length_lsb; 00191 unsigned char version_msb; 00192 unsigned char version_lsb; 00193 unsigned char data_length_msb; 00194 unsigned char data_length_lsb; 00195 unsigned int response : 4; 00196 unsigned int opcode : 4; 00197 unsigned int rr : 1; 00198 unsigned int f1 : 1; 00199 unsigned int reserved : 6; 00200 unsigned int trans_id; /* must be 4 bytes */ 00201 GRSThtcpCountstr *method; 00202 GRSThtcpCountstr *uri; 00203 GRSThtcpCountstr *version; 00204 GRSThtcpCountstr *req_hdrs; 00205 GRSThtcpCountstr *resp_hdrs; 00206 GRSThtcpCountstr *entity_hdrs; 00207 GRSThtcpCountstr *cache_hdrs; } GRSThtcpMessage; 00208 00209 int GRSTgaclInit(void); 00210 00211 /* #define GACLnewCred(x) GRSTgaclCredNew((x)) */ 00212 GRSTgaclCred *GRSTgaclCredNew(char *); 00213 00214 /* #define GACLaddToCred(x,y,z) GRSTgaclCredAddValue((x),(y),(z)) */ 00215 int GRSTgaclCredAddValue(GRSTgaclCred *, char *, char *); 00216 00217 #define GRSTgaclCredSetDelegation(cred, level) ((cred)->delegation = (level)) 00218 #define GRSTgaclCredGetDelegation(cred) ((cred)->delegation) 00219 00220 /* #define GACLfreeCred(x) GRSTgaclCredFree((x)) */ 00221 int GRSTgaclCredFree(GRSTgaclCred *); 00222 00223 /* #define GACLaddCred(x,y) GRSTgaclEntryAddCred((x),(y)) */ 00224 int GRSTgaclEntryAddCred(GRSTgaclEntry *, GRSTgaclCred *); 00225 00226 /* #define GACLdelCred(x,y) GRSTgaclEntryDelCred((x),(y)) */ 00227 int GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *); 00228 00229 /* #define GACLprintCred(x,y) GRSTgaclCredPrint((x),(y)) */ 00230 int GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *); 00231 00232 00233 /* #define GACLnewEntry(x) GRSTgaclEntryNew((x)) */ 00234 GRSTgaclEntry *GRSTgaclEntryNew(void); 00235 00236 /* #define GACLfreeEntry(x) GRSTgaclEntryFree((x)) */ 00237 int GRSTgaclEntryFree(GRSTgaclEntry *); 00238 00239 /* #define GACLaddEntry(x,y) GRSTgaclAclAddEntry((x),(y)) */ 00240 int GRSTgaclAclAddEntry(GRSTgaclAcl *, GRSTgaclEntry *); 00241 00242 /* #define GACLprintEntry(x,y) GRSTgaclEntryPrint((x),(y)) */ 00243 int GRSTgaclEntryPrint(GRSTgaclEntry *, FILE *); 00244 00245 00246 /* #define GACLprintPerm(x,y) GRSTgaclPermPrint((x),(y)) */ 00247 int GRSTgaclPermPrint(GRSTgaclPerm, FILE *); 00248 00249 /* #define GACLallowPerm(x,y) GRSTgaclEntryAllowPerm((x),(y)) */ 00250 int GRSTgaclEntryAllowPerm(GRSTgaclEntry *, GRSTgaclPerm); 00251 00252 /* #define GACLunallowPerm(x,y) GRSTgaclEntryUnallowPerm((x),(y)) */ 00253 int GRSTgaclEntryUnallowPerm(GRSTgaclEntry *, GRSTgaclPerm); 00254 00255 /* #define GACLdenyPerm(x,y) GRSTgaclEntryDenyPerm((x),(y)) */ 00256 int GRSTgaclEntryDenyPerm(GRSTgaclEntry *, GRSTgaclPerm); 00257 00258 /* #define GACLundenyPerm(x,y) GRSTgaclEntryUndenyPerm((x),(y)) */ 00259 int GRSTgaclEntryUndenyPerm(GRSTgaclEntry *, GRSTgaclPerm); 00260 00261 /* #define GACLpermToChar(x) GRSTgaclPermToChar((x)) */ 00262 char *GRSTgaclPermToChar(GRSTgaclPerm); 00263 00264 /* #define GACLcharToPerm(x) GRSTgaclPermFromChar((x)) */ 00265 GRSTgaclPerm GRSTgaclPermFromChar(char *); 00266 00267 /* #define GACLnewAcl(x) GRSTgaclAclNew((x)) */ 00268 GRSTgaclAcl *GRSTgaclAclNew(void); 00269 00270 /* #define GACLfreeAcl(x) GRSTgaclAclFree((x)) */ 00271 int GRSTgaclAclFree(GRSTgaclAcl *); 00272 00273 /* #define GACLprintAcl(x,y) GRSTgaclAclPrint((x),(y)) */ 00274 int GRSTgaclAclPrint(GRSTgaclAcl *, FILE *); 00275 00276 /* #define GACLsaveAcl(x,y) GRSTgaclAclSave((y),(x)) */ 00277 int GRSTgaclAclSave(GRSTgaclAcl *, char *); 00278 00279 /* #define GACLloadAcl(x) GRSTgaclFileLoadAcl((x)) */ 00280 GRSTgaclAcl *GRSTgaclAclLoadFile(char *); 00281 00282 /* #define GACLfindAclForFile(x) GRSTgaclFileFindAclname((x)) */ 00283 char *GRSTgaclFileFindAclname(char *); 00284 00285 /* #define GACLloadAclForFile(x) GRSTgaclFileLoadAcl((x)) */ 00286 GRSTgaclAcl *GRSTgaclAclLoadforFile(char *); 00287 00288 /* #define GACLisAclFile(x) GRSTgaclFileIsAcl((x)) */ 00289 int GRSTgaclFileIsAcl(char *); 00290 00291 00292 /* #define GACLnewUser(x) GRSTgaclUserNew((x)) */ 00293 GRSTgaclUser *GRSTgaclUserNew(GRSTgaclCred *); 00294 00295 /* #define GACLfreeUser(x) GRSTgaclUserFree((x)) */ 00296 int GRSTgaclUserFree(GRSTgaclUser *); 00297 00298 /* #define GACLuserAddCred(x,y) GRSTgaclUserAddCred((x),(y)) */ 00299 int GRSTgaclUserAddCred(GRSTgaclUser *, GRSTgaclCred *); 00300 00301 /* #define GACLuserHasCred(x,y) GRSTgaclUserHasCred((x),(y)) */ 00302 int GRSTgaclUserHasCred(GRSTgaclUser *, GRSTgaclCred *); 00303 00304 int GRSTgaclUserSetDNlists(GRSTgaclUser *, char *); 00305 00306 /* #define GACLuserFindCredType(x,y) GRSTgaclUserFindCredtype((x),(y)) */ 00307 GRSTgaclCred *GRSTgaclUserFindCredtype(GRSTgaclUser *, char *); 00308 00309 /* #define GACLtestDnList(x,y) GRSTgaclDNlistHasUser((x),(y)) */ 00310 int GRSTgaclDNlistHasUser(char *, GRSTgaclUser *); 00311 00312 /* #define GACLtestUserAcl(x,y) GRSTgaclAclTestUser((x),(y)) */ 00313 GRSTgaclPerm GRSTgaclAclTestUser(GRSTgaclAcl *, GRSTgaclUser *); 00314 00315 /* #define GACLtestExclAcl(x,y) GRSTgaclAclTestexclUser((x),(y)) */ 00316 GRSTgaclPerm GRSTgaclAclTestexclUser(GRSTgaclAcl *, GRSTgaclUser *); 00317 00318 char *GRSThttpUrlDecode(char *); 00319 00320 /* #define GACLurlEncode(x) GRSThttpUrlEncode((x)) */ 00321 char *GRSThttpUrlEncode(char *); 00322 00323 /* #define GACLmildUrlEncode(x) GRSThttpMildUrlEncode((x)) */ 00324 char *GRSThttpUrlMildencode(char *); 00325 00326 int GRSTx509NameCmp(char *, char *); 00327 00328 int GRSTx509KnownCriticalExts(X509 *); 00329 00330 int GRSTx509IsCA(X509 *); 00331 int GRSTx509CheckChain(int *, X509_STORE_CTX *); 00332 int GRSTx509VerifyCallback(int, X509_STORE_CTX *); 00333 00334 int GRSTx509GetVomsCreds(int *, int, size_t, char *, X509 *, STACK_OF(X509) *, char *); 00335 GRSTgaclCred *GRSTx509CompactToCred(char *); 00336 int GRSTx509CompactCreds(int *, int, size_t, char *, STACK_OF(X509) *, char *, X509 *); 00337 char *GRSTx509CachedProxyFind(char *, char *, char *); 00338 char *GRSTx509FindProxyFileName(void); 00339 int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int); 00340 char *GRSTx509CachedProxyKeyFind(char *, char *, char *); 00341 int GRSTx509ProxyDestroy(char *, char *, char *); 00342 int GRSTx509ProxyGetTimes(char *, char *, char *, time_t *, time_t *); 00343 int GRSTx509CreateProxyRequest(char **, char **, char *); 00344 int GRSTx509MakeProxyRequest(char **, char *, char *, char *); 00345 int GRSTx509StringToChain(STACK_OF(X509) **, char *); 00346 char *GRSTx509MakeDelegationID(void); 00347 char *GRSTx509MakeProxyFileName(char *, STACK_OF(X509) *); 00348 int GRSTx509CacheProxy(char *, char *, char *, char *); 00349 00350 #define GRST_HEADFILE "gridsitehead.txt" 00351 #define GRST_FOOTFILE "gridsitefoot.txt" 00352 #define GRST_ADMIN_FILE "gridsite-admin.cgi" 00353 00354 typedef struct { char *text; 00355 void *next; } GRSThttpCharsList; 00356 00357 typedef struct { size_t size; 00358 GRSThttpCharsList *first; 00359 GRSThttpCharsList *last; } GRSThttpBody; 00360 00361 void GRSThttpBodyInit(GRSThttpBody *); 00362 void GRSThttpPrintf(GRSThttpBody *, char *, ...); 00363 int GRSThttpCopy(GRSThttpBody *, char *); 00364 void GRSThttpWriteOut(GRSThttpBody *); 00365 int GRSThttpPrintHeaderFooter(GRSThttpBody *, char *, char *); 00366 char *GRSThttpGetCGI(char *); 00367 00368 time_t GRSTasn1TimeToTimeT(char *, size_t); 00369 int GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[], int, char *); 00370 int GRSTasn1ParseDump(BIO *, unsigned char *, long, 00371 struct GRSTasn1TagList taglist[], int, int *); 00372 int GRSTasn1GetX509Name(char *, int, char *, char *, 00373 struct GRSTasn1TagList taglist[], int); 00374 00375 int GRSThtcpNOPrequestMake(char **, int *, unsigned int); 00376 int GRSThtcpNOPresponseMake(char **, int *, unsigned int); 00377 int GRSThtcpTSTrequestMake(char **, int *, unsigned int, char *, char *, char *); 00378 int GRSThtcpTSTresponseMake(char **, int *, unsigned int, char *, char *, char *); 00379 int GRSThtcpMessageParse(GRSThtcpMessage *, char *, int);
Generated on Fri May 18 04:07:13 2012 by
1.3.9.1
Last modified Fri 18 May 2012 . View page history
Switch to HTTPS . Print View . Built with GridSite 1.4.3