GridSite Grid Security for the Web
Web platforms for Grids

Welcome page : Documentation : Download : License

gridsite.h File Reference

Go to the source code of this file.

Data Structures

struct  GRSTgaclAcl
struct  GRSTgaclCred
struct  GRSTgaclEntry
struct  GRSTgaclNamevalue
struct  GRSTgaclUser
struct  GRSThttpBody
struct  GRSThttpCharsList

Typedefs

typedef int GRSTgaclAction
typedef unsigned int GRSTgaclPerm

Functions

int GRSTgaclInit (void)
GRSTgaclCredGRSTgaclCredNew (char *)
int GRSTgaclCredAddValue (GRSTgaclCred *, char *, char *)
int GRSTgaclCredFree (GRSTgaclCred *)
int GRSTgaclEntryAddCred (GRSTgaclEntry *, GRSTgaclCred *)
int GRSTgaclEntryDelCred (GRSTgaclEntry *, GRSTgaclCred *)
int GRSTgaclCredCredPrint (GRSTgaclCred *, FILE *)
GRSTgaclEntryGRSTgaclEntryNew (void)
int GRSTgaclEntryFree (GRSTgaclEntry *)
int GRSTgaclAclAddEntry (GRSTgaclAcl *, GRSTgaclEntry *)
int GRSTgaclEntryPrint (GRSTgaclEntry *, FILE *)
int GRSTgaclPermPrint (GRSTgaclPerm, FILE *)
int GRSTgaclEntryAllowPerm (GRSTgaclEntry *, GRSTgaclPerm)
int GRSTgaclEntryUnallowPerm (GRSTgaclEntry *, GRSTgaclPerm)
int GRSTgaclEntryDenyPerm (GRSTgaclEntry *, GRSTgaclPerm)
int GRSTgaclUndenyPerm (GRSTgaclEntry *, GRSTgaclPerm)
char * GRSTgaclPermToChar (GRSTgaclPerm)
GRSTgaclPerm GRSTgaclPermFromChar (char *)
GRSTgaclAclGRSTgaclAclNew (void)
int GRSTgaclAclFree (GRSTgaclAcl *)
int GRSTgaclAclPrint (GRSTgaclAcl *, FILE *)
int GRSTgaclAclSave (GRSTgaclAcl *, char *)
GRSTgaclAclGRSTgaclAclLoadFile (char *)
char * GRSTgaclFileFindAclname (char *)
GRSTgaclAclGRSTgaclAclLoadforFile (char *)
int GRSTgaclFileIsAcl (char *)
GRSTgaclUserGRSTgaclUserNew (GRSTgaclCred *)
int GRSTgaclUserFree (GRSTgaclUser *)
int GRSTgaclUserAddCred (GRSTgaclUser *, GRSTgaclCred *)
int GRSTgaclUserHasCred (GRSTgaclUser *, GRSTgaclCred *)
int GRSTgaclUserSetDNlists (GRSTgaclUser *, char *)
GRSTgaclCredGRSTgaclUserFindCredtype (GRSTgaclUser *, char *)
int GRSTgaclDNlistHasUser (char *, GRSTgaclUser *)
GRSTgaclPerm GRSTgaclAclTestUser (GRSTgaclAcl *, GRSTgaclUser *)
GRSTgaclPerm GRSTgaclAclTestexclUser (GRSTgaclAcl *, GRSTgaclUser *)
char * GRSThttpUrlDecode (char *)
char * GRSThttpUrlEncode (char *)
char * GRSThttpUrlMildencode (char *)
int GRSTx509NameCmp (char *, char *)
 Compare X509 Distinguished Name strings.

int GRSTx509KnownCriticalExts (X509 *)
 Check critical extensions.

time_t GRSTasn1TimeToTimeT (char *)
 ASN1 time string (in a char *) to time_t.

int GRSTx509IsCA (X509 *)
 Check if certificate can be used as a CA to sign standard X509 certs.

int GRSTx509CheckChain (int *, X509_STORE_CTX *)
 Check certificate chain for GSI proxy acceptability.

int GRSTx509VerifyCallback (int, X509_STORE_CTX *)
 Example VerifyCallback routine.

int GRSTx509CheckVomsSig (unsigned char *, unsigned int, unsigned char *, unsigned int, char *, char *, char *)
 Check VOMS signature.

int GRSTx509GetVomsCreds (int *, int, size_t, char *, X509 *, X509 *, char *)
 Get the VOMS attributes in the extensions to the given cert.

GRSTgaclCredGRSTx509CompactToCred (char *)
 Turn a Compact Cred line into a GRSTgaclCred object.

int GRSTx509CompactCreds (int *, int, size_t, char *, STACK_OF(X509)*, char *)
 Get the credentials in an X509 cert/GSI proxy, including any VOMS.

void GRSThttpBodyInit (GRSThttpBody *)
void GRSThttpPrintf (GRSThttpBody *, char *,...)
int GRSThttpCopy (GRSThttpBody *, char *)
void GRSThttpWriteOut (GRSThttpBody *)
int GRSThttpPrintHeaderFooter (GRSThttpBody *, char *, char *)
char * GRSThttpGetCGI (char *)


Typedef Documentation

typedef int GRSTgaclAction
 

typedef unsigned int GRSTgaclPerm
 


Function Documentation

time_t GRSTasn1TimeToTimeT char *    asn1time
 

ASN1 time string (in a char *) to time_t.

(Use ASN1_STRING_data() to convert ASN1_GENERALIZEDTIME to char * if necessary)

int GRSTgaclAclAddEntry GRSTgaclAcl  ,
GRSTgaclEntry  
 

int GRSTgaclAclFree GRSTgaclAcl  
 

GRSTgaclAcl* GRSTgaclAclLoadFile char *   
 

GRSTgaclAcl* GRSTgaclAclLoadforFile char *   
 

GRSTgaclAcl* GRSTgaclAclNew void   
 

int GRSTgaclAclPrint GRSTgaclAcl  ,
FILE *   
 

int GRSTgaclAclSave GRSTgaclAcl  ,
char *   
 

GRSTgaclPerm GRSTgaclAclTestexclUser GRSTgaclAcl  ,
GRSTgaclUser  
 

GRSTgaclPerm GRSTgaclAclTestUser GRSTgaclAcl  ,
GRSTgaclUser  
 

int GRSTgaclCredAddValue GRSTgaclCred  ,
char *   ,
char *   
 

int GRSTgaclCredCredPrint GRSTgaclCred  ,
FILE *   
 

int GRSTgaclCredFree GRSTgaclCred  
 

GRSTgaclCred* GRSTgaclCredNew char *   
 

int GRSTgaclDNlistHasUser char *   ,
GRSTgaclUser  
 

int GRSTgaclEntryAddCred GRSTgaclEntry  ,
GRSTgaclCred  
 

int GRSTgaclEntryAllowPerm GRSTgaclEntry  ,
GRSTgaclPerm   
 

int GRSTgaclEntryDelCred GRSTgaclEntry  ,
GRSTgaclCred  
 

int GRSTgaclEntryDenyPerm GRSTgaclEntry  ,
GRSTgaclPerm   
 

int GRSTgaclEntryFree GRSTgaclEntry  
 

GRSTgaclEntry* GRSTgaclEntryNew void   
 

int GRSTgaclEntryPrint GRSTgaclEntry  ,
FILE *   
 

int GRSTgaclEntryUnallowPerm GRSTgaclEntry  ,
GRSTgaclPerm   
 

char* GRSTgaclFileFindAclname char *   
 

int GRSTgaclFileIsAcl char *   
 

int GRSTgaclInit void   
 

GRSTgaclPerm GRSTgaclPermFromChar char *   
 

int GRSTgaclPermPrint GRSTgaclPerm   ,
FILE *   
 

char* GRSTgaclPermToChar GRSTgaclPerm   
 

int GRSTgaclUndenyPerm GRSTgaclEntry  ,
GRSTgaclPerm   
 

int GRSTgaclUserAddCred GRSTgaclUser  ,
GRSTgaclCred  
 

GRSTgaclCred* GRSTgaclUserFindCredtype GRSTgaclUser  ,
char *   
 

int GRSTgaclUserFree GRSTgaclUser  
 

int GRSTgaclUserHasCred GRSTgaclUser  ,
GRSTgaclCred  
 

GRSTgaclUser* GRSTgaclUserNew GRSTgaclCred  
 

int GRSTgaclUserSetDNlists GRSTgaclUser  ,
char *   
 

void GRSThttpBodyInit GRSThttpBody  
 

int GRSThttpCopy GRSThttpBody  ,
char *   
 

char* GRSThttpGetCGI char *   
 

void GRSThttpPrintf GRSThttpBody  ,
char *   ,
...   
 

int GRSThttpPrintHeaderFooter GRSThttpBody  ,
char *   ,
char *   
 

char* GRSThttpUrlDecode char *   
 

char* GRSThttpUrlEncode char *   
 

char* GRSThttpUrlMildencode char *   
 

void GRSThttpWriteOut GRSThttpBody  
 

int GRSTx509CheckChain int *    first_non_ca,
X509_STORE_CTX *    ctx
 

Check certificate chain for GSI proxy acceptability.

Returns X509_V_OK/GRST_RET_OK if valid; OpenSSL X509 errors otherwise.

Inspired by GSIcheck written by Mike Jones, SVE, Manchester Computing, The University of Manchester.

The GridSite version handles old and new style Globus proxies, and proxies derived from user certificates issued with "X509v3 Basic Constraints: CA:FALSE" (eg UK e-Science CA)

We do not check chain links between certs here: this is done by GRST_check_issued/X509_check_issued in mod_ssl's ssl_engine_init.c

TODO: we do not yet check ProxyCertInfo and ProxyCertPolicy extensions (although via GRSTx509KnownCriticalExts() we can accept them.)

int GRSTx509CheckVomsSig unsigned char *    sig,
unsigned int    siglen,
unsigned char *    data,
unsigned int    datalen,
char *    vomsdir,
char *    vo,
char *    vomsdn
 

Check VOMS signature.

Return GRST_RET_OK if signature starting at *sig matches *data and is from VOMS *vo; return GRST_RET_FAILED otherwise.

int GRSTx509CompactCreds int *    lastcred,
int    maxcreds,
size_t    credlen,
char *    creds,
STACK_OF(X509)*    certstack,
char *    vomsdir
 

Get the credentials in an X509 cert/GSI proxy, including any VOMS.

Credentials are placed in Compact Creds string array at *creds.

Function returns GRST_RET_OK on success, or GRST_RET_FAILED if some inconsistency found in certificate.

GRSTgaclCred* GRSTx509CompactToCred char *    grst_cred
 

Turn a Compact Cred line into a GRSTgaclCred object.

Returns pointer to created GRSTgaclCred or NULL or failure.

int GRSTx509GetVomsCreds int *   ,
int   ,
size_t   ,
char *   ,
X509 *   ,
X509 *   ,
char *   
 

Get the VOMS attributes in the extensions to the given cert.

int GRSTx509IsCA X509 *   
 

Check if certificate can be used as a CA to sign standard X509 certs.

int GRSTx509KnownCriticalExts X509 *    cert
 

Check critical extensions.

Returning GRST_RET_OK if all of extensions are known to us or OpenSSL; GRST_REF_FAILED otherwise.

Since this function relies on functionality (X509_supported_extension) introduced in 0.9.7, then we do nothing and report an error (GRST_RET_FAILED) if one of the associated defines (X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) is absent.

int GRSTx509NameCmp char *    a,
char *    b
 

Compare X509 Distinguished Name strings.

This function attempts to do with string representations what would ideally be done with OIDs/values. In particular, we equate "/Email=" == "/emailAddress=" to deal with this important change between OpenSSL 0.9.6 and 0.9.7. Other than that, it is currently the same as ordinary strcmp(3).

int GRSTx509VerifyCallback int    ok,
X509_STORE_CTX *    ctx
 

Example VerifyCallback routine.


Generated on Sun Dec 14 12:45:04 2003 by doxygen1.2.18


Last modified Sun 14 December 2003 . View page history
Switch to HTTPS . Print View . Built with GridSite 1.4.3
Funded by:   GridPP   STFC   JISC   University of Manchester