|
gridsite.h File Reference
Go to the source code of this file.
|
Data Structures |
struct | GRSTgaclNamevalue |
struct | GRSTgaclCred |
struct | GRSTgaclEntry |
struct | GRSTgaclAcl |
struct | GRSTgaclUser |
struct | GRSTasn1TagList |
struct | GRSThtcpCountstr |
struct | GRSThtcpMessage |
struct | GRSThttpCharsList |
struct | GRSThttpBody |
Typedefs |
typedef int | GRSTgaclAction |
typedef unsigned int | GRSTgaclPerm |
Functions |
int | GRSTgaclInit (void) |
GRSTgaclCred * | GRSTgaclCredNew (char *) |
int | GRSTgaclCredAddValue (GRSTgaclCred *, char *, char *) |
int | GRSTgaclCredFree (GRSTgaclCred *) |
int | GRSTgaclEntryAddCred (GRSTgaclEntry *, GRSTgaclCred *) |
int | GRSTgaclEntryDelCred (GRSTgaclEntry *, GRSTgaclCred *) |
int | GRSTgaclCredCredPrint (GRSTgaclCred *, FILE *) |
GRSTgaclEntry * | GRSTgaclEntryNew (void) |
int | GRSTgaclEntryFree (GRSTgaclEntry *) |
int | GRSTgaclAclAddEntry (GRSTgaclAcl *, GRSTgaclEntry *) |
int | GRSTgaclEntryPrint (GRSTgaclEntry *, FILE *) |
int | GRSTgaclPermPrint (GRSTgaclPerm, FILE *) |
int | GRSTgaclEntryAllowPerm (GRSTgaclEntry *, GRSTgaclPerm) |
int | GRSTgaclEntryUnallowPerm (GRSTgaclEntry *, GRSTgaclPerm) |
int | GRSTgaclEntryDenyPerm (GRSTgaclEntry *, GRSTgaclPerm) |
int | GRSTgaclEntryUndenyPerm (GRSTgaclEntry *, GRSTgaclPerm) |
char * | GRSTgaclPermToChar (GRSTgaclPerm) |
GRSTgaclPerm | GRSTgaclPermFromChar (char *) |
GRSTgaclAcl * | GRSTgaclAclNew (void) |
int | GRSTgaclAclFree (GRSTgaclAcl *) |
int | GRSTgaclAclPrint (GRSTgaclAcl *, FILE *) |
int | GRSTgaclAclSave (GRSTgaclAcl *, char *) |
GRSTgaclAcl * | GRSTgaclAclLoadFile (char *) |
char * | GRSTgaclFileFindAclname (char *) |
GRSTgaclAcl * | GRSTgaclAclLoadforFile (char *) |
int | GRSTgaclFileIsAcl (char *) |
GRSTgaclUser * | GRSTgaclUserNew (GRSTgaclCred *) |
int | GRSTgaclUserFree (GRSTgaclUser *) |
int | GRSTgaclUserAddCred (GRSTgaclUser *, GRSTgaclCred *) |
int | GRSTgaclUserHasCred (GRSTgaclUser *, GRSTgaclCred *) |
int | GRSTgaclUserSetDNlists (GRSTgaclUser *, char *) |
GRSTgaclCred * | GRSTgaclUserFindCredtype (GRSTgaclUser *, char *) |
int | GRSTgaclDNlistHasUser (char *, GRSTgaclUser *) |
GRSTgaclPerm | GRSTgaclAclTestUser (GRSTgaclAcl *, GRSTgaclUser *) |
GRSTgaclPerm | GRSTgaclAclTestexclUser (GRSTgaclAcl *, GRSTgaclUser *) |
char * | GRSThttpUrlDecode (char *) |
char * | GRSThttpUrlEncode (char *) |
char * | GRSThttpUrlMildencode (char *) |
int | GRSTx509NameCmp (char *, char *) |
| Compare X509 Distinguished Name strings.
|
int | GRSTx509KnownCriticalExts (X509 *) |
| Check critical extensions.
|
int | GRSTx509IsCA (X509 *) |
| Check if certificate can be used as a CA to sign standard X509 certs.
|
int | GRSTx509CheckChain (int *, X509_STORE_CTX *) |
| Check certificate chain for GSI proxy acceptability.
|
int | GRSTx509VerifyCallback (int, X509_STORE_CTX *) |
| Example VerifyCallback routine.
|
int | GRSTx509GetVomsCreds (int *, int, size_t, char *, X509 *, STACK_OF(X509)*, char *) |
| Get the VOMS attributes in the extensions to the given cert stack.
|
GRSTgaclCred * | GRSTx509CompactToCred (char *) |
| Turn a Compact Cred line into a GRSTgaclCred object.
|
int | GRSTx509CompactCreds (int *, int, size_t, char *, STACK_OF(X509)*, char *, X509 *) |
| Get the credentials in an X509 cert/GSI proxy, including any VOMS.
|
char * | GRSTx509CachedProxyFind (char *, char *, char *) |
| Find a proxy file in the proxy cache.
|
char * | GRSTx509FindProxyFileName (void) |
| Find proxy file name of the current user.
|
int | GRSTx509MakeProxyCert (char **, FILE *, char *, char *, char *, int) |
| Make a GSI Proxy chain from a request, certificate and private key.
|
char * | GRSTx509CachedProxyKeyFind (char *, char *, char *) |
| Find a temporary proxy private key file in the proxy cache.
|
int | GRSTx509ProxyDestroy (char *, char *, char *) |
| Destroy stored GSI proxy files.
|
int | GRSTx509ProxyGetTimes (char *, char *, char *, time_t *, time_t *) |
| Get start and finish validity times of stored GSI proxy file.
|
int | GRSTx509MakeProxyRequest (char **, char *, char *, char *) |
| Make and store a X.509 request for a GSI proxy.
|
int | GRSTx509StringToChain (STACK_OF(X509)**, char *) |
| Create a stack of X509 certificate from a PEM-encoded string.
|
char * | GRSTx509MakeDelegationID (void) |
| Returns a Delegation ID based on hash of GRST_CRED_0, ...
|
char * | GRSTx509MakeProxyFileName (char *, STACK_OF(X509)*) |
| Return the short file name for the given delegation_id and user_dn.
|
int | GRSTx509CacheProxy (char *, char *, char *, char *) |
| Store a GSI proxy chain in the proxy cache, along with the private key.
|
void | GRSThttpBodyInit (GRSThttpBody *) |
void | GRSThttpPrintf (GRSThttpBody *, char *,...) |
int | GRSThttpCopy (GRSThttpBody *, char *) |
void | GRSThttpWriteOut (GRSThttpBody *) |
int | GRSThttpPrintHeaderFooter (GRSThttpBody *, char *, char *) |
char * | GRSThttpGetCGI (char *) |
time_t | GRSTasn1TimeToTimeT (char *, size_t) |
| ASN1 time string (in a char *) to time_t.
|
int | GRSTasn1SearchTaglist (struct GRSTasn1TagList taglist[], int, char *) |
int | GRSTasn1ParseDump (BIO *, unsigned char *, long, struct GRSTasn1TagList taglist[], int, int *) |
int | GRSTasn1GetX509Name (char *, int, char *, char *, struct GRSTasn1TagList taglist[], int) |
int | GRSThtcpNOPrequestMake (char **, int *, unsigned int) |
int | GRSThtcpNOPresponseMake (char **, int *, unsigned int) |
int | GRSThtcpTSTrequestMake (char **, int *, unsigned int, char *, char *, char *) |
int | GRSThtcpTSTresponseMake (char **, int *, unsigned int, char *, char *, char *) |
int | GRSThtcpMessageParse (GRSThtcpMessage *, char *, int) |
Typedef Documentation
Function Documentation
int GRSTasn1GetX509Name |
( |
char * |
, |
|
|
int |
, |
|
|
char * |
, |
|
|
char * |
, |
|
|
struct GRSTasn1TagList |
taglist[], |
|
|
int |
|
|
) |
|
|
int GRSTasn1ParseDump |
( |
BIO * |
, |
|
|
unsigned char * |
, |
|
|
long |
, |
|
|
struct GRSTasn1TagList |
taglist[], |
|
|
int |
, |
|
|
int * |
|
|
) |
|
|
int GRSTasn1SearchTaglist |
( |
struct GRSTasn1TagList |
taglist[], |
|
|
int |
, |
|
|
char * |
|
|
) |
|
|
time_t GRSTasn1TimeToTimeT |
( |
char * |
asn1time, |
|
|
size_t |
len |
|
) |
|
|
|
ASN1 time string (in a char *) to time_t.
(Use ASN1_STRING_data() to convert ASN1_GENERALIZEDTIME to char * if necessary) |
int GRSTgaclCredAddValue |
( |
GRSTgaclCred * |
, |
|
|
char * |
, |
|
|
char * |
|
|
) |
|
|
char* GRSTgaclFileFindAclname |
( |
char * |
|
) |
|
|
int GRSTgaclFileIsAcl |
( |
char * |
|
) |
|
|
int GRSTgaclInit |
( |
void |
|
) |
|
|
int GRSThtcpNOPrequestMake |
( |
char ** |
, |
|
|
int * |
, |
|
|
unsigned |
int |
|
) |
|
|
int GRSThtcpNOPresponseMake |
( |
char ** |
, |
|
|
int * |
, |
|
|
unsigned |
int |
|
) |
|
|
int GRSThtcpTSTrequestMake |
( |
char ** |
, |
|
|
int * |
, |
|
|
unsigned |
int, |
|
|
char * |
, |
|
|
char * |
, |
|
|
char * |
|
|
) |
|
|
int GRSThtcpTSTresponseMake |
( |
char ** |
, |
|
|
int * |
, |
|
|
unsigned |
int, |
|
|
char * |
, |
|
|
char * |
, |
|
|
char * |
|
|
) |
|
|
char* GRSThttpGetCGI |
( |
char * |
|
) |
|
|
int GRSThttpPrintHeaderFooter |
( |
GRSThttpBody * |
, |
|
|
char * |
, |
|
|
char * |
|
|
) |
|
|
char* GRSThttpUrlDecode |
( |
char * |
|
) |
|
|
char* GRSThttpUrlEncode |
( |
char * |
|
) |
|
|
char* GRSThttpUrlMildencode |
( |
char * |
|
) |
|
|
char* GRSTx509CachedProxyFind |
( |
char * |
proxydir, |
|
|
char * |
delegation_id, |
|
|
char * |
user_dn |
|
) |
|
|
|
Find a proxy file in the proxy cache.
Returns the full path and file name of proxy file associated with given delegation ID and user DN. |
char* GRSTx509CachedProxyKeyFind |
( |
char * |
proxydir, |
|
|
char * |
delegation_id, |
|
|
char * |
user_dn |
|
) |
|
|
|
Find a temporary proxy private key file in the proxy cache.
Returns the full path and file name of the private key file associated with given delegation ID and user DN. |
int GRSTx509CacheProxy |
( |
char * |
proxydir, |
|
|
char * |
delegation_id, |
|
|
char * |
user_dn, |
|
|
char * |
proxychain |
|
) |
|
|
|
Store a GSI proxy chain in the proxy cache, along with the private key.
Returns GRST_RET_OK on success, non-zero otherwise. The existing private key with the same delegation ID and user DN is moved out of the temporary cache. |
int GRSTx509CheckChain |
( |
int * |
first_non_ca, |
|
|
X509_STORE_CTX * |
ctx |
|
) |
|
|
|
Check certificate chain for GSI proxy acceptability.
Returns X509_V_OK/GRST_RET_OK if valid; OpenSSL X509 errors otherwise.
Inspired by GSIcheck written by Mike Jones, SVE, Manchester Computing, The University of Manchester.
The GridSite version handles old and new style Globus proxies, and proxies derived from user certificates issued with "X509v3 Basic Constraints: CA:FALSE" (eg UK e-Science CA)
We do not check chain links between certs here: this is done by GRST_check_issued/X509_check_issued in mod_ssl's ssl_engine_init.c
TODO: we do not yet check ProxyCertInfo and ProxyCertPolicy extensions (although via GRSTx509KnownCriticalExts() we can accept them.) |
int GRSTx509CompactCreds |
( |
int * |
lastcred, |
|
|
int |
maxcreds, |
|
|
size_t |
credlen, |
|
|
char * |
creds, |
|
|
STACK_OF(X509)* |
certstack, |
|
|
char * |
vomsdir, |
|
|
X509 * |
peercert |
|
) |
|
|
|
Get the credentials in an X509 cert/GSI proxy, including any VOMS.
Credentials are placed in Compact Creds string array at *creds.
Function returns GRST_RET_OK on success, or GRST_RET_FAILED if some inconsistency found in certificate. |
char* GRSTx509FindProxyFileName |
( |
void |
|
) |
|
|
|
Find proxy file name of the current user.
Return a string with the proxy file name or NULL if not present. This function does not check if the proxy has expired. |
int GRSTx509GetVomsCreds |
( |
int * |
, |
|
|
int |
, |
|
|
size_t |
, |
|
|
char * |
, |
|
|
X509 * |
, |
|
|
STACK_OF(X509)* |
, |
|
|
char * |
|
|
) |
|
|
|
Get the VOMS attributes in the extensions to the given cert stack.
|
int GRSTx509IsCA |
( |
X509 * |
|
) |
|
|
|
Check if certificate can be used as a CA to sign standard X509 certs.
|
int GRSTx509KnownCriticalExts |
( |
X509 * |
cert |
) |
|
|
|
Check critical extensions.
Returning GRST_RET_OK if all of extensions are known to us or OpenSSL; GRST_REF_FAILED otherwise.
Since this function relies on functionality (X509_supported_extension) introduced in 0.9.7, then we do nothing and report an error (GRST_RET_FAILED) if one of the associated defines (X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) is absent. |
char* GRSTx509MakeDelegationID |
( |
void |
|
) |
|
|
|
Returns a Delegation ID based on hash of GRST_CRED_0, ...
Returns a malloc'd string with Delegation ID made by SHA1-hashing the values of the compact credentials exported by mod_gridsite |
int GRSTx509MakeProxyCert |
( |
char ** |
proxychain, |
|
|
FILE * |
debugfp, |
|
|
char * |
reqtxt, |
|
|
char * |
cert, |
|
|
char * |
key, |
|
|
int |
minutes |
|
) |
|
|
|
Make a GSI Proxy chain from a request, certificate and private key.
The proxy chain is returned in *proxychain. If debugfp is non-NULL, errors are output to that file pointer. The proxy will expired in the given number of minutes starting from the current time. |
char* GRSTx509MakeProxyFileName |
( |
char * |
delegation_id, |
|
|
STACK_OF(X509)* |
certstack |
|
) |
|
|
|
Return the short file name for the given delegation_id and user_dn.
Returns a malloc'd string with the short file name (no paths) that derived from the hashed delegation_id and user_dn
File name is SHA1_HASH(DelegationID)+"-"+SHA1_HASH(DN) where DN is DER encoded version of user_dn with any trailing CN=proxy removed Hashes are the most significant 8 bytes, in lowercase hexadecimal. |
int GRSTx509MakeProxyRequest |
( |
char ** |
reqtxt, |
|
|
char * |
proxydir, |
|
|
char * |
delegation_id, |
|
|
char * |
user_dn |
|
) |
|
|
|
Make and store a X.509 request for a GSI proxy.
Returns GRST_RET_OK on success, non-zero otherwise. Request string is PEM encoded, and the key is stored in the temporary cache under proxydir |
int GRSTx509NameCmp |
( |
char * |
a, |
|
|
char * |
b |
|
) |
|
|
|
Compare X509 Distinguished Name strings.
This function attempts to do with string representations what would ideally be done with OIDs/values. In particular, we equate "/Email=" == "/emailAddress=" to deal with this important change between OpenSSL 0.9.6 and 0.9.7. Other than that, it is currently the same as ordinary strcmp(3). |
int GRSTx509ProxyDestroy |
( |
char * |
proxydir, |
|
|
char * |
delegation_id, |
|
|
char * |
user_dn |
|
) |
|
|
|
Destroy stored GSI proxy files.
Returns GRST_RET_OK on success, non-zero otherwise. (Including GRST_RET_NO_SUCH_FILE if the private key or cert chain were not found.) |
int GRSTx509ProxyGetTimes |
( |
char * |
proxydir, |
|
|
char * |
delegation_id, |
|
|
char * |
user_dn, |
|
|
time_t * |
start, |
|
|
time_t * |
finish |
|
) |
|
|
|
Get start and finish validity times of stored GSI proxy file.
Returns GRST_RET_OK on success, non-zero otherwise. (Including GRST_RET_NO_SUCH_FILE if the cert chain was not found.) |
int GRSTx509StringToChain |
( |
STACK_OF(X509)** |
certstack, |
|
|
char * |
certstring |
|
) |
|
|
|
Create a stack of X509 certificate from a PEM-encoded string.
Creates a dynamically allocated stack of X509 certificate objects by walking through the PEM-encoded X509 certificates.
Returns GRST_RET_OK on success, non-zero otherwise. |
int GRSTx509VerifyCallback |
( |
int |
, |
|
|
X509_STORE_CTX * |
|
|
) |
|
|
|
Example VerifyCallback routine.
|
Generated on Sun May 28 04:02:22 2006 by
1.3.9.1
Last modified Sun 28 May 2006
. View page history
Switch to HTTPS
. Print View
. Built with GridSite 1.4.3
|