|
gridsite.h File Reference
Go to the source code of this file.
|
Data Structures |
struct | GRSTgaclAcl |
struct | GRSTgaclCred |
struct | GRSTgaclEntry |
struct | GRSTgaclNamevalue |
struct | GRSTgaclUser |
struct | GRSThttpBody |
struct | GRSThttpCharsList |
Typedefs |
typedef int | GRSTgaclAction |
typedef unsigned int | GRSTgaclPerm |
Functions |
int | GRSTgaclInit (void) |
GRSTgaclCred * | GRSTgaclCredNew (char *) |
int | GRSTgaclCredAddValue (GRSTgaclCred *, char *, char *) |
int | GRSTgaclCredFree (GRSTgaclCred *) |
int | GRSTgaclEntryAddCred (GRSTgaclEntry *, GRSTgaclCred *) |
int | GRSTgaclEntryDelCred (GRSTgaclEntry *, GRSTgaclCred *) |
int | GRSTgaclCredCredPrint (GRSTgaclCred *, FILE *) |
GRSTgaclEntry * | GRSTgaclEntryNew (void) |
int | GRSTgaclEntryFree (GRSTgaclEntry *) |
int | GRSTgaclAclAddEntry (GRSTgaclAcl *, GRSTgaclEntry *) |
int | GRSTgaclEntryPrint (GRSTgaclEntry *, FILE *) |
int | GRSTgaclPermPrint (GRSTgaclPerm, FILE *) |
int | GRSTgaclEntryAllowPerm (GRSTgaclEntry *, GRSTgaclPerm) |
int | GRSTgaclEntryUnallowPerm (GRSTgaclEntry *, GRSTgaclPerm) |
int | GRSTgaclEntryDenyPerm (GRSTgaclEntry *, GRSTgaclPerm) |
int | GRSTgaclUndenyPerm (GRSTgaclEntry *, GRSTgaclPerm) |
char * | GRSTgaclPermToChar (GRSTgaclPerm) |
GRSTgaclPerm | GRSTgaclPermFromChar (char *) |
GRSTgaclAcl * | GRSTgaclAclNew (void) |
int | GRSTgaclAclFree (GRSTgaclAcl *) |
int | GRSTgaclAclPrint (GRSTgaclAcl *, FILE *) |
int | GRSTgaclAclSave (GRSTgaclAcl *, char *) |
GRSTgaclAcl * | GRSTgaclAclLoadFile (char *) |
char * | GRSTgaclFileFindAclname (char *) |
GRSTgaclAcl * | GRSTgaclAclLoadforFile (char *) |
int | GRSTgaclFileIsAcl (char *) |
GRSTgaclUser * | GRSTgaclUserNew (GRSTgaclCred *) |
int | GRSTgaclUserFree (GRSTgaclUser *) |
int | GRSTgaclUserAddCred (GRSTgaclUser *, GRSTgaclCred *) |
int | GRSTgaclUserHasCred (GRSTgaclUser *, GRSTgaclCred *) |
int | GRSTgaclUserSetDNlists (GRSTgaclUser *, char *) |
GRSTgaclCred * | GRSTgaclUserFindCredtype (GRSTgaclUser *, char *) |
int | GRSTgaclDNlistHasUser (char *, GRSTgaclUser *) |
GRSTgaclPerm | GRSTgaclAclTestUser (GRSTgaclAcl *, GRSTgaclUser *) |
GRSTgaclPerm | GRSTgaclAclTestexclUser (GRSTgaclAcl *, GRSTgaclUser *) |
char * | GRSThttpUrlDecode (char *) |
char * | GRSThttpUrlEncode (char *) |
char * | GRSThttpUrlMildencode (char *) |
int | GRSTx509NameCmp (char *, char *) |
| Compare X509 Distinguished Name strings.
|
int | GRSTx509KnownCriticalExts (X509 *) |
| Check critical extensions.
|
time_t | GRSTasn1TimeToTimeT (char *) |
| ASN1 time string (in a char *) to time_t.
|
int | GRSTx509IsCA (X509 *) |
| Check if certificate can be used as a CA to sign standard X509 certs.
|
int | GRSTx509CheckChain (int *, X509_STORE_CTX *) |
| Check certificate chain for GSI proxy acceptability.
|
int | GRSTx509VerifyCallback (int, X509_STORE_CTX *) |
| Example VerifyCallback routine.
|
int | GRSTx509CheckVomsSig (unsigned char *, unsigned int, unsigned char *, unsigned int, char *, char *, char *) |
| Check VOMS signature.
|
int | GRSTx509GetVomsCreds (int *, int, size_t, char *, X509 *, X509 *, char *) |
| Get the VOMS attributes in the extensions to the given cert.
|
GRSTgaclCred * | GRSTx509CompactToCred (char *) |
| Turn a Compact Cred line into a GRSTgaclCred object.
|
int | GRSTx509CompactCreds (int *, int, size_t, char *, STACK_OF(X509)*, char *) |
| Get the credentials in an X509 cert/GSI proxy, including any VOMS.
|
void | GRSThttpBodyInit (GRSThttpBody *) |
void | GRSThttpPrintf (GRSThttpBody *, char *,...) |
int | GRSThttpCopy (GRSThttpBody *, char *) |
void | GRSThttpWriteOut (GRSThttpBody *) |
int | GRSThttpPrintHeaderFooter (GRSThttpBody *, char *, char *) |
char * | GRSThttpGetCGI (char *) |
Typedef Documentation
typedef int GRSTgaclAction
|
|
typedef unsigned int GRSTgaclPerm
|
|
Function Documentation
time_t GRSTasn1TimeToTimeT |
( |
char * |
asn1time |
) |
|
|
|
ASN1 time string (in a char *) to time_t.
(Use ASN1_STRING_data() to convert ASN1_GENERALIZEDTIME to char * if necessary) |
int GRSTgaclCredAddValue |
( |
GRSTgaclCred * |
, |
|
|
char * |
, |
|
|
char * |
|
|
) |
|
|
char* GRSTgaclFileFindAclname |
( |
char * |
|
) |
|
|
int GRSTgaclFileIsAcl |
( |
char * |
|
) |
|
|
int GRSTgaclInit |
( |
void |
|
) |
|
|
char* GRSThttpGetCGI |
( |
char * |
|
) |
|
|
int GRSThttpPrintHeaderFooter |
( |
GRSThttpBody * |
, |
|
|
char * |
, |
|
|
char * |
|
|
) |
|
|
char* GRSThttpUrlDecode |
( |
char * |
|
) |
|
|
char* GRSThttpUrlEncode |
( |
char * |
|
) |
|
|
char* GRSThttpUrlMildencode |
( |
char * |
|
) |
|
|
int GRSTx509CheckChain |
( |
int * |
first_non_ca, |
|
|
X509_STORE_CTX * |
ctx |
|
) |
|
|
|
Check certificate chain for GSI proxy acceptability.
Returns X509_V_OK/GRST_RET_OK if valid; OpenSSL X509 errors otherwise.
Inspired by GSIcheck written by Mike Jones, SVE, Manchester Computing, The University of Manchester.
The GridSite version handles old and new style Globus proxies, and proxies derived from user certificates issued with "X509v3 Basic Constraints: CA:FALSE" (eg UK e-Science CA)
We do not check chain links between certs here: this is done by GRST_check_issued/X509_check_issued in mod_ssl's ssl_engine_init.c
TODO: we do not yet check ProxyCertInfo and ProxyCertPolicy extensions (although via GRSTx509KnownCriticalExts() we can accept them.) |
int GRSTx509CheckVomsSig |
( |
unsigned char * |
sig, |
|
|
unsigned int |
siglen, |
|
|
unsigned char * |
data, |
|
|
unsigned int |
datalen, |
|
|
char * |
vomsdir, |
|
|
char * |
vo, |
|
|
char * |
vomsdn |
|
) |
|
|
|
Check VOMS signature.
Return GRST_RET_OK if signature starting at *sig matches *data and is from VOMS *vo; return GRST_RET_FAILED otherwise. |
int GRSTx509CompactCreds |
( |
int * |
lastcred, |
|
|
int |
maxcreds, |
|
|
size_t |
credlen, |
|
|
char * |
creds, |
|
|
STACK_OF(X509)* |
certstack, |
|
|
char * |
vomsdir |
|
) |
|
|
|
Get the credentials in an X509 cert/GSI proxy, including any VOMS.
Credentials are placed in Compact Creds string array at *creds.
Function returns GRST_RET_OK on success, or GRST_RET_FAILED if some inconsistency found in certificate. |
int GRSTx509GetVomsCreds |
( |
int * |
, |
|
|
int |
, |
|
|
size_t |
, |
|
|
char * |
, |
|
|
X509 * |
, |
|
|
X509 * |
, |
|
|
char * |
|
|
) |
|
|
|
Get the VOMS attributes in the extensions to the given cert.
|
int GRSTx509IsCA |
( |
X509 * |
|
) |
|
|
|
Check if certificate can be used as a CA to sign standard X509 certs.
|
int GRSTx509KnownCriticalExts |
( |
X509 * |
cert |
) |
|
|
|
Check critical extensions.
Returning GRST_RET_OK if all of extensions are known to us or OpenSSL; GRST_REF_FAILED otherwise.
Since this function relies on functionality (X509_supported_extension) introduced in 0.9.7, then we do nothing and report an error (GRST_RET_FAILED) if one of the associated defines (X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) is absent. |
int GRSTx509NameCmp |
( |
char * |
a, |
|
|
char * |
b |
|
) |
|
|
|
Compare X509 Distinguished Name strings.
This function attempts to do with string representations what would ideally be done with OIDs/values. In particular, we equate "/Email=" == "/emailAddress=" to deal with this important change between OpenSSL 0.9.6 and 0.9.7. Other than that, it is currently the same as ordinary strcmp(3). |
int GRSTx509VerifyCallback |
( |
int |
ok, |
|
|
X509_STORE_CTX * |
ctx |
|
) |
|
|
|
Example VerifyCallback routine.
|
Generated on Sun Dec 14 12:45:04 2003 by
1.2.18
Last modified Sun 14 December 2003
. View page history
Switch to HTTPS
. Print View
. Built with GridSite 1.4.3
|