36 #ifndef HEADER_GRIDSITE_H
37 #define HEADER_GRIDSITE_H
40 #define GRST_VERSION 010500
47 #ifndef GRST_NO_OPENSSL
50 #include <openssl/ssl.h>
53 #ifndef HEADER_CRYPTO_H
54 #include <openssl/crypto.h>
82 #define GRST_RET_FAILED 1000
85 #define GRST_RET_CERT_NOT_FOUND 1001
88 #define GRST_RET_BAD_SIGNATURE 1002
91 #define GRST_RET_NO_SUCH_FILE 1003
95 #define GRSTerrorLog(GRSTerrorLevel, ...) ((GRSTerrorLogFunc != NULL) && ((GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, __VA_ARGS__)))
101 #define GRST_LOG_EMERG 0
102 #define GRST_LOG_ALERT 1
103 #define GRST_LOG_CRIT 2
104 #define GRST_LOG_ERR 3
105 #define GRST_LOG_WARNING 4
106 #define GRST_LOG_NOTICE 5
107 #define GRST_LOG_INFO 6
108 #define GRST_LOG_DEBUG 7
110 #define GRST_MAX_TIME_T INT32_MAX
121 typedef struct {
char *name;
137 #define GRST_PERM_NONE 0
138 #define GRST_PERM_READ 1
139 #define GRST_PERM_EXEC 2
140 #define GRST_PERM_LIST 4
141 #define GRST_PERM_WRITE 8
142 #define GRST_PERM_ADMIN 16
143 #define GRST_PERM_ALL 31
146 #define GRSTgaclPermIsNone(perm) ((perm) == 0)
148 #define GRSTgaclPermHasNone(perm) ((perm) == 0)
149 #define GRSTgaclPermHasRead(perm) (((perm) & GRST_PERM_READ ) != 0)
150 #define GRSTgaclPermHasExec(perm) (((perm) & GRST_PERM_EXEC ) != 0)
151 #define GRSTgaclPermHasList(perm) (((perm) & GRST_PERM_LIST ) != 0)
152 #define GRSTgaclPermHasWrite(perm) (((perm) & GRST_PERM_WRITE) != 0)
153 #define GRSTgaclPermHasAdmin(perm) (((perm) & GRST_PERM_ADMIN) != 0)
155 #define GRST_ACTION_ALLOW 0
156 #define GRST_ACTION_DENY 1
158 #define GRST_HIST_PREFIX ".grsthist"
159 #define GRST_ACL_FILE ".gacl"
160 #define GRST_DN_LISTS "/etc/grid-security/dn-lists"
161 #define GRST_RECURS_LIMIT 9
163 #define GRST_PROXYCERTINFO_OLD_OID "1.3.6.1.4.1.3536.1.222"
164 #define GRST_PROXYCERTINFO_OID "1.3.6.1.5.5.7.1.14"
165 #define GRST_VOMS_OID "1.3.6.1.4.1.8005.100.100.5"
166 #define GRST_VOMS_PK_CERT_LIST_OID "1.3.6.1.4.1.8005.100.100.10"
167 #define GRST_VOMS_DIR "/etc/grid-security/vomsdir"
168 #define GRST_KEYUSAGE_OID "2.5.29.15"
170 #define GRST_ASN1_MAXCOORDLEN 50
171 #define GRST_ASN1_MAXTAGS 500
179 #define GRST_X509_SERIAL_DIGITS 49
189 char serial[GRST_X509_SERIAL_DIGITS+1];
194 #define GRST_CERT_BAD_FORMAT 1
195 #define GRST_CERT_BAD_CHAIN 2
196 #define GRST_CERT_BAD_SIG 4
197 #define GRST_CERT_BAD_TIME 8
198 #define GRST_CERT_BAD_OCSP 16
200 #define GRST_CERT_TYPE_CA 1
201 #define GRST_CERT_TYPE_EEC 2
202 #define GRST_CERT_TYPE_PROXY 3
203 #define GRST_CERT_TYPE_VOMS 4
208 #ifndef GRST_NO_OPENSSL
214 #define GRST_HTTP_PORT 777
215 #define GRST_HTTPS_PORT 488
216 #define GRST_HTCP_PORT 777
217 #define GRST_GSIFTP_PORT 2811
219 #define GRSThtcpNOPop 0
220 #define GRSThtcpTSTop 1
226 #define GRSThtcpCountstrLen(string) (256*((string)->length_msb) + (string)->length_lsb)
234 unsigned int response : 4;
235 unsigned int opcode : 4;
238 unsigned int reserved : 6;
258 #define GRSTgaclCredGetAuri(cred) ((cred)->auri)
260 #define GRSTgaclCredSetNotBefore(cred, time) ((cred)->notbefore = (time))
261 #define GRSTgaclCredGetNotBefore(cred) ((cred)->notbefore)
263 #define GRSTgaclCredSetNotAfter(cred, time) ((cred)->notafter = (time))
264 #define GRSTgaclCredGetNotAfter(cred) ((cred)->notafter)
266 #define GRSTgaclCredSetDelegation(cred, level) ((cred)->delegation = (level))
267 #define GRSTgaclCredGetDelegation(cred) ((cred)->delegation)
269 #define GRSTgaclCredSetNistLoa(cred, level) ((cred)->nist_loa = (level))
270 #define GRSTgaclCredGetNistLoa(cred) ((cred)->nist_loa)
386 #ifndef GRST_NO_OPENSSL
414 #ifndef GRST_NO_OPENSSL
421 #define GRST_HEADFILE "gridsitehead.txt"
422 #define GRST_FOOTFILE "gridsitefoot.txt"
423 #define GRST_ADMIN_FILE "gridsite-admin.cgi"
443 #ifndef GRST_NO_OPENSSL
456 #ifndef GRST_PASSCODE_JS
458 #define GRST_PASSCODE_JS "<script type=\"text/javascript\" language=\"Javascript\"><!--\nfunction changeValue(formName){ if( document.forms[formName].passcode.value==\"\" ) document.forms[formName].passcode.value=getCookie(\"GRIDHTTP_PASSCODE\"); return true; } \nfunction getCookie(c_name){ if (document.cookie.length>0) { c_start=document.cookie.indexOf(c_name + \"=\"); if (c_start!=-1) { c_start=c_start + c_name.length+1; c_end=document.cookie.indexOf(\";\",c_start); if (c_end==-1) c_end=document.cookie.length; return unescape(document.cookie.substring(c_start,c_end)); }} return \"\"; } \n -->\n</script>"
465 #endif // HEADER_GRIDSITE_H
void * next
Definition: gridsite.h:192
time_t notbefore
Definition: gridsite.h:186
int GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[], int, char *)
Definition: grst_asn1.c:119
int GRSTgaclUserAddCred(GRSTgaclUser *, GRSTgaclCred *)
Definition: grst_gacl.c:959
int headerlength
Definition: gridsite.h:175
int GRSTx509MakeProxyRequest(char **, char *, char *, char *)
Make and store a X.509 request for a GSI proxy.
Definition: grst_canl_x509.c:1997
int delegation
Definition: gridsite.h:113
GRSTgaclCred * GRSTgaclCredNew(char *type)
Definition: grst_gacl.c:137
char * GRSThttpUrlEncode(char *)
Definition: grst_http.c:368
GRSTgaclCred * GRSTgaclCredCreate(char *, char *)
Definition: grst_gacl.c:97
void * next
Definition: gridsite.h:131
int GRSTx509CompactCreds(int *lastcred, int maxcreds, size_t credlen, char *creds, STACK_OF(X509)*certstack, char *vomsdir, X509 *peercert)
Get the credentials in an X509 cert/GSI proxy, including any VOMS.
Definition: grst_canl_x509.c:1461
GRSTgaclCred * GRSTgaclUserFindCredtype(GRSTgaclUser *, char *)
Definition: grst_gacl.c:1046
int type
Definition: gridsite.h:181
int GRSTgaclEntryDenyPerm(GRSTgaclEntry *, GRSTgaclPerm)
Definition: grst_gacl.c:517
int GRSThttpCopy(GRSThttpBody *, char *)
Definition: grst_http.c:94
char * GRSTx509MakeProxyFileName(char *, STACK_OF(X509)*)
Return the short file name for the given delegation_id and user_dn.
Definition: grst_canl_x509.c:2300
void GRSThttpWriteOut(GRSThttpBody *)
Definition: grst_http.c:149
void GRSThttpPrintf(GRSThttpBody *, char *,...)
Definition: grst_http.c:57
GRSTgaclPerm denied
Definition: gridsite.h:130
int GRSTgaclInit(void)
Definition: grst_gacl.c:77
unsigned char total_length_msb
Definition: gridsite.h:228
GRSThtcpCountstr * req_hdrs
Definition: gridsite.h:243
char *int GRSTgaclUserLoadDNlists(GRSTgaclUser *, char *)
Definition: grst_gacl.c:1185
int GRSThtcpMessageParse(GRSThtcpMessage *, char *, int)
Definition: grst_htcp.c:226
unsigned char total_length_lsb
Definition: gridsite.h:229
int GRSTgaclDNlistHasUser(char *listurl, GRSTgaclUser *user)
Definition: grst_gacl.c:1279
GRSTgaclEntry * GRSTgaclEntryNew(void)
Definition: grst_gacl.c:367
int GRSTx509IsCA(X509 *)
Check if certificate can be used as a CA to sign standard X509 certs.
Definition: grst_canl_x509.c:161
int GRSTgaclUserFree(GRSTgaclUser *)
Definition: grst_gacl.c:946
int GRSTx509CreateProxyRequest(char **, char **, char *)
Create a X.509 request for a GSI proxy and its private key.
Definition: grst_canl_x509.c:1912
int GRSThtcpTSTrequestMake(char **, int *, unsigned int, char *, char *, char *)
Definition: grst_htcp.c:116
unsigned int GRSTgaclPerm
Definition: gridsite.h:126
int GRSTgaclAclSave(GRSTgaclAcl *, char *)
Definition: grst_gacl.c:605
unsigned int trans_id
Definition: gridsite.h:239
int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int)
Make a GSI Proxy chain from a request, certificate and private key.
Definition: grst_canl_x509.c:1572
unsigned char data_length_msb
Definition: gridsite.h:232
GRSTgaclNamevalue
Definition: gridsite.h:123
GRSTgaclEntry * firstentry
Definition: gridsite.h:133
int GRSTgaclEntryUndenyPerm(GRSTgaclEntry *, GRSTgaclPerm)
Definition: grst_gacl.c:524
int
Definition: gridsite.h:394
char * text
Definition: gridsite.h:425
GRSTgaclCred * GRSTx509CompactToCred(char *grst_cred)
Turn a Compact Cred line into a GRSTgaclCred object.
Definition: grst_canl_x509.c:1400
int start
Definition: gridsite.h:174
int(* GRSTerrorLogFunc)(char *, int, int, char *,...)
Definition: grst_err.c:40
char * ocsp
Definition: gridsite.h:190
GRSTgaclPerm GRSTgaclPermFromChar(char *)
Definition: grst_gacl.c:546
GRSTgaclAcl * GRSTgaclAclLoadforFile(char *)
Definition: grst_gacl.c:906
unsigned char version_msb
Definition: gridsite.h:230
int GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *)
Definition: grst_gacl.c:296
char * value
Definition: gridsite.h:185
int GRSTasn1ParseDump(BIO *, unsigned char *, long, struct GRSTasn1TagList taglist[], int, int *)
Definition: grst_asn1.c:458
char * GRSTx509FindProxyFileName(void)
Find proxy file name of the current user.
Definition: grst_canl_x509.c:1544
Definition: gridsite.h:133
int GRSTx509GetVomsCreds(int *lastcred, int maxcreds, size_t credlen, char *creds, X509 *usercert, STACK_OF(X509)*certstack, char *vomsdir)
Get the VOMS attributes in the extensions to the given cert stack.
Definition: grst_canl_x509.c:1345
void GRSThttpBodyInit(GRSThttpBody *)
Definition: grst_http.c:52
int GRSTgaclEntryUnallowPerm(GRSTgaclEntry *, GRSTgaclPerm)
Definition: grst_gacl.c:510
GRSTgaclPerm allowed
Definition: gridsite.h:129
GRSTgaclUser * GRSTgaclUserNew(GRSTgaclCred *)
Definition: grst_gacl.c:929
char * GRSTx509MakeDelegationID(void)
Returns a Delegation ID based on hash of GRST_CRED_0, ...
Definition: grst_canl_x509.c:2260
int GRSTgaclUserHasCred(GRSTgaclUser *, GRSTgaclCred *)
Definition: grst_gacl.c:982
Definition: gridsite.h:173
GRSThtcpCountstr * version
Definition: gridsite.h:242
Definition: gridsite.h:112
char * GRSThttpUrlMildencode(char *)
Definition: grst_http.c:401
time_t notafter
Definition: gridsite.h:187
time_t GRSTasn1TimeToTimeT(char *, size_t)
ASN1 time string (in a char *) to time_t.
Definition: grst_asn1.c:24
time_t notbefore
Definition: gridsite.h:115
int GRSTx509VerifyCallback(int, X509_STORE_CTX *)
Example VerifyCallback routine.
Definition: grst_canl_x509.c:1190
int GRSTx509ChainLoadCheck(GRSTx509Chain **, STACK_OF(X509)*, X509 *, char *, char *)
Check certificate chain for GSI proxy acceptability.
Definition: grst_canl_x509.c:1132
int tag
Definition: gridsite.h:177
char X509 STACK_OF(X509)*
size_t size
Definition: gridsite.h:428
GRSThtcpCountstr * entity_hdrs
Definition: gridsite.h:245
int GRSTx509ProxyGetTimes(char *, char *, char *, time_t *, time_t *)
Get start and finish validity times of stored GSI proxy file.
Definition: grst_canl_x509.c:2171
char * GRSThttpUrlDecode(char *)
Definition: grst_http.c:329
GRSTgaclUser *int GRSTgaclUserHasAURI(GRSTgaclUser *, char *)
Definition: grst_gacl.c:1284
char * dn
Definition: gridsite.h:184
int GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *)
int GRSTgaclAclPrint(GRSTgaclAcl *, FILE *)
Definition: grst_gacl.c:591
int GRSTgaclEntryFree(GRSTgaclEntry *)
Definition: grst_gacl.c:386
char * auri
Definition: gridsite.h:112
int length
Definition: gridsite.h:176
int GRSTx509KnownCriticalExts(X509 *)
Check critical extensions.
Definition: grst_canl_x509.c:124
GRSThttpCharsList * last
Definition: gridsite.h:430
int GRSTx509CacheProxy(char *, char *, char *, char *)
Store a GSI proxy chain in the proxy cache, along with the private key.
Definition: grst_canl_x509.c:2387
int GRSTgaclCredAddValue(GRSTgaclCred *cred, char *name, char *rawvalue)
Definition: grst_gacl.c:160
int GRSTgaclAclAddEntry(GRSTgaclAcl *, GRSTgaclEntry *)
Definition: grst_gacl.c:433
Definition: gridsite.h:135
int delegation
Definition: gridsite.h:188
unsigned char data_length_lsb
Definition: gridsite.h:233
int GRSTx509CertLoad(GRSTx509Cert *, X509 *)
Definition: gridsite.h:428
int GRSTx509ChainFree(GRSTx509Chain *)
Definition: grst_canl_x509.c:176
GRSThttpCharsList * first
Definition: gridsite.h:429
int nist_loa
Definition: gridsite.h:114
unsigned char version_lsb
Definition: gridsite.h:231
int GRSThtcpNOPrequestMake(char **, int *, unsigned int)
Definition: grst_htcp.c:47
Definition: gridsite.h:206
char * GRSThttpGetCGI(char *)
Definition: grst_http.c:236
GRSTgaclAcl * GRSTgaclAclNew(void)
Definition: grst_gacl.c:563
GRSTgaclPerm GRSTgaclAclTestexclUser(GRSTgaclAcl *, GRSTgaclUser *)
Definition: grst_gacl.c:1343
GRSTx509Cert * firstcert
Definition: gridsite.h:206
void * raw
Definition: gridsite.h:191
__attribute__((deprecated)) typedef struct
Definition: gridsite.h:120
GRSThtcpCountstr * resp_hdrs
Definition: gridsite.h:244
char * GRSTgaclPermToChar(GRSTgaclPerm)
Definition: grst_gacl.c:531
GRSTgaclAcl * GRSTgaclAclLoadFile(char *)
Definition: grst_gacl.c:758
GRSThtcpCountstr * method
Definition: gridsite.h:240
int GRSTx509StringToChain(STACK_OF(X509)**, char *)
Create a stack of X509 certificate from a PEM-encoded string.
Definition: grst_canl_x509.c:2210
unsigned char length_lsb
Definition: gridsite.h:223
int GRSTx509CheckChain(int *, X509_STORE_CTX *)
Check certificate chain for GSI proxy acceptability.
Definition: grst_canl_x509.c:1164
void * next
Definition: gridsite.h:426
void * next
Definition: gridsite.h:117
int GRSTgaclEntryAllowPerm(GRSTgaclEntry *, GRSTgaclPerm)
Definition: grst_gacl.c:503
Definition: gridsite.h:128
int GRSTgaclUserSetDNlists(GRSTgaclUser *user, char *dnlists)
Definition: grst_gacl.c:1076
Definition: gridsite.h:425
int GRSTx509NameCmp(char *, char *)
Compare X509 Distinguished Name strings.
Definition: grst_canl_x509.c:85
int errors
Definition: gridsite.h:182
GRSThtcpCountstr * uri
Definition: gridsite.h:241
int GRSTgaclPermPrint(GRSTgaclPerm, FILE *)
Definition: grst_gacl.c:489
GRSThtcpCountstr * cache_hdrs
Definition: gridsite.h:246
int GRSThttpPrintHeader(GRSThttpBody *, char *)
Definition: grst_http.c:204
GRSTgaclPerm GRSTgaclAclTestUser(GRSTgaclAcl *, GRSTgaclUser *)
Definition: grst_gacl.c:1298
time_t notafter
Definition: gridsite.h:116
char treecoords[GRST_ASN1_MAXCOORDLEN+1]
Definition: gridsite.h:173
char char X509 *char * GRSTx509CachedProxyFind(char *, char *, char *)
Find a proxy file in the proxy cache.
Definition: grst_canl_x509.c:1837
int GRSTx509ProxyDestroy(char *, char *, char *)
Destroy stored GSI proxy files.
Definition: grst_canl_x509.c:2126
char * issuer
Definition: gridsite.h:183
int GRSThtcpTSTresponseMake(char **, int *, unsigned int, char *, char *, char *)
Definition: grst_htcp.c:162
Definition: gridsite.h:228
char * GRSTx509CachedProxyKeyFind(char *, char *, char *)
Find a temporary proxy private key file in the proxy cache.
Definition: grst_canl_x509.c:1867
int GRSTgaclCredFree(GRSTgaclCred *)
Definition: grst_gacl.c:223
int GRSTgaclCredCmpAuri(GRSTgaclCred *, GRSTgaclCred *)
Definition: grst_gacl.c:342
Definition: gridsite.h:222
unsigned char length_msb
Definition: gridsite.h:222
int GRSTgaclAclFree(GRSTgaclAcl *)
Definition: grst_gacl.c:579
int GRSThttpPrintHeaderFooter(GRSThttpBody *, char *, char *)
Definition: grst_http.c:167
int GRSThttpPrintFooter(GRSThttpBody *, char *)
Definition: grst_http.c:220
int GRSTgaclEntryPrint(GRSTgaclEntry *, FILE *)
Definition: grst_gacl.c:449
GRSTgaclCred * firstcred
Definition: gridsite.h:128
char * GRSTgaclFileFindAclname(char *)
Definition: grst_gacl.c:848
int GRSTgaclAction
Definition: gridsite.h:125
int GRSThtcpNOPresponseMake(char **, int *, unsigned int)
Definition: grst_htcp.c:81
GRSTgaclCred * firstcred
Definition: gridsite.h:135
int GRSTgaclEntryAddCred(GRSTgaclEntry *, GRSTgaclCred *)
Definition: grst_gacl.c:267
Definition: gridsite.h:181
int GRSTasn1GetX509Name(char *, int, char *, char *, struct GRSTasn1TagList taglist[], int)
Definition: grst_asn1.c:498
int GRSTgaclFileIsAcl(char *)
Definition: grst_gacl.c:835