gridsite.h
Go to the documentation of this file.
1 /*
2  Copyright (c) 2002-10, Andrew McNab, University of Manchester
3  All rights reserved.
4 
5  Redistribution and use in source and binary forms, with or
6  without modification, are permitted provided that the following
7  conditions are met:
8 
9  o Redistributions of source code must retain the above
10  copyright notice, this list of conditions and the following
11  disclaimer.
12  o Redistributions in binary form must reproduce the above
13  copyright notice, this list of conditions and the following
14  disclaimer in the documentation and/or other materials
15  provided with the distribution.
16 
17  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
18  CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
19  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
22  BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
24  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
26  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
27  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  POSSIBILITY OF SUCH DAMAGE.
30 */
31 
32 /*---------------------------------------------------------------*
33  * For more about GridSite: http://www.gridsite.org/ *
34  *---------------------------------------------------------------*/
35 
36 #ifndef HEADER_GRIDSITE_H
37 #define HEADER_GRIDSITE_H
38 
39 #ifndef GRST_VERSION
40 #define GRST_VERSION 010500
41 #endif
42 
43 #ifdef __cplusplus
44 extern "C" {
45 #endif
46 
47 #ifndef GRST_NO_OPENSSL
48 
49 #ifndef HEADER_SSL_H
50 #include <openssl/ssl.h>
51 #endif
52 
53 #ifndef HEADER_CRYPTO_H
54 #include <openssl/crypto.h>
55 #endif
56 
57 #endif
58 
59 #ifndef _TIME_H
60 #include <time.h>
61 #endif
62 
63 #ifndef _STDIO_H
64 #include <stdio.h>
65 #endif
66 
67 #ifndef _STDINT_H
68 #include <stdint.h>
69 #endif
70 
71 #ifndef FALSE
72 #define FALSE (0)
73 #endif
74 #ifndef TRUE
75 #define TRUE (!FALSE)
76 #endif
77 
78 // Everything ok (= OpenSSL X509_V_OK)
79 #define GRST_RET_OK 0
80 
81 // Failed for unspecified reason
82 #define GRST_RET_FAILED 1000
83 
84 // Failed to find certificate in some cert store / directory
85 #define GRST_RET_CERT_NOT_FOUND 1001
86 
87 // Bad signature
88 #define GRST_RET_BAD_SIGNATURE 1002
89 
90 // No such file or directory
91 #define GRST_RET_NO_SUCH_FILE 1003
92 
93 /* We use && now rather than if so this macro can be used inside if...else
94  but that means the function must return an int rather than be void */
95 #define GRSTerrorLog(GRSTerrorLevel, ...) ((GRSTerrorLogFunc != NULL) && ((GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, __VA_ARGS__)))
96 
97 extern int (*GRSTerrorLogFunc)(char *, int, int, char *, ...);
98 
99 /* these levels are the same as Unix syslog() and Apache ap_log_error() */
100 
101 #define GRST_LOG_EMERG 0
102 #define GRST_LOG_ALERT 1
103 #define GRST_LOG_CRIT 2
104 #define GRST_LOG_ERR 3
105 #define GRST_LOG_WARNING 4
106 #define GRST_LOG_NOTICE 5
107 #define GRST_LOG_INFO 6
108 #define GRST_LOG_DEBUG 7
109 
110 #define GRST_MAX_TIME_T INT32_MAX
111 
112 typedef struct { char *auri;
114  int nist_loa;
115  time_t notbefore;
116  time_t notafter;
117  void *next; } GRSTgaclCred;
118 
119 /* used by pre-AURI GRSTgaclCred structs */
120 __attribute__ ((deprecated))
121 typedef struct { char *name;
122  char *value;
123  void *next; } GRSTgaclNamevalue;
124 
125 typedef int GRSTgaclAction;
126 typedef unsigned int GRSTgaclPerm;
127 
128 typedef struct { GRSTgaclCred *firstcred;
129  GRSTgaclPerm allowed;
130  GRSTgaclPerm denied;
131  void *next; } GRSTgaclEntry;
132 
133 typedef struct { GRSTgaclEntry *firstentry; } GRSTgaclAcl;
134 
135 typedef struct { GRSTgaclCred *firstcred; char *dnlists; } GRSTgaclUser;
136 
137 #define GRST_PERM_NONE 0
138 #define GRST_PERM_READ 1
139 #define GRST_PERM_EXEC 2
140 #define GRST_PERM_LIST 4
141 #define GRST_PERM_WRITE 8
142 #define GRST_PERM_ADMIN 16
143 #define GRST_PERM_ALL 31
144 
145 /* DO NOT USE PermIsNone!! */
146 #define GRSTgaclPermIsNone(perm) ((perm) == 0)
147 
148 #define GRSTgaclPermHasNone(perm) ((perm) == 0)
149 #define GRSTgaclPermHasRead(perm) (((perm) & GRST_PERM_READ ) != 0)
150 #define GRSTgaclPermHasExec(perm) (((perm) & GRST_PERM_EXEC ) != 0)
151 #define GRSTgaclPermHasList(perm) (((perm) & GRST_PERM_LIST ) != 0)
152 #define GRSTgaclPermHasWrite(perm) (((perm) & GRST_PERM_WRITE) != 0)
153 #define GRSTgaclPermHasAdmin(perm) (((perm) & GRST_PERM_ADMIN) != 0)
154 
155 #define GRST_ACTION_ALLOW 0
156 #define GRST_ACTION_DENY 1
157 
158 #define GRST_HIST_PREFIX ".grsthist"
159 #define GRST_ACL_FILE ".gacl"
160 #define GRST_DN_LISTS "/etc/grid-security/dn-lists"
161 #define GRST_RECURS_LIMIT 9
162 
163 #define GRST_PROXYCERTINFO_OLD_OID "1.3.6.1.4.1.3536.1.222"
164 #define GRST_PROXYCERTINFO_OID "1.3.6.1.5.5.7.1.14"
165 #define GRST_VOMS_OID "1.3.6.1.4.1.8005.100.100.5"
166 #define GRST_VOMS_PK_CERT_LIST_OID "1.3.6.1.4.1.8005.100.100.10"
167 #define GRST_VOMS_DIR "/etc/grid-security/vomsdir"
168 #define GRST_KEYUSAGE_OID "2.5.29.15"
169 
170 #define GRST_ASN1_MAXCOORDLEN 50
171 #define GRST_ASN1_MAXTAGS 500
172 
173 struct GRSTasn1TagList { char treecoords[GRST_ASN1_MAXCOORDLEN+1];
174  int start;
176  int length;
177  int tag; } ;
178 
179 #define GRST_X509_SERIAL_DIGITS 49
180 
181 typedef struct { int type; /* CA, user, proxy, VOMS, ... */
182  int errors; /* unchecked, bad sig, bad time */
183  char *issuer; /* Cert CA DN, EEC of PC, or VOMS DN */
184  char *dn; /* Cert DN, or VOMS AC holder DN */
185  char *value; /* VOMS FQAN or NULL */
186  time_t notbefore;
187  time_t notafter;
188  int delegation; /* relative to END of any chain */
189  char serial[GRST_X509_SERIAL_DIGITS+1];
190  char *ocsp; /* accessLocation field */
191  void *raw; /* X509 or VOMS Extension object */
192  void *next; } GRSTx509Cert;
193 
194 #define GRST_CERT_BAD_FORMAT 1
195 #define GRST_CERT_BAD_CHAIN 2
196 #define GRST_CERT_BAD_SIG 4
197 #define GRST_CERT_BAD_TIME 8
198 #define GRST_CERT_BAD_OCSP 16
199 
200 #define GRST_CERT_TYPE_CA 1
201 #define GRST_CERT_TYPE_EEC 2
202 #define GRST_CERT_TYPE_PROXY 3
203 #define GRST_CERT_TYPE_VOMS 4
204 
205 /* a chain of certs, starting from the first CA */
206 typedef struct { GRSTx509Cert *firstcert; } GRSTx509Chain;
207 
208 #ifndef GRST_NO_OPENSSL
209 int GRSTx509CertLoad(GRSTx509Cert *, X509 *);
210 int GRSTx509ChainLoadCheck(GRSTx509Chain **, STACK_OF(X509) *, X509 *, char *, char *);
211 #endif
213 
214 #define GRST_HTTP_PORT 777
215 #define GRST_HTTPS_PORT 488
216 #define GRST_HTCP_PORT 777
217 #define GRST_GSIFTP_PORT 2811
218 
219 #define GRSThtcpNOPop 0
220 #define GRSThtcpTSTop 1
221 
222 typedef struct { unsigned char length_msb;
223  unsigned char length_lsb;
224  char text[1]; } GRSThtcpCountstr;
225 
226 #define GRSThtcpCountstrLen(string) (256*((string)->length_msb) + (string)->length_lsb)
227 
228 typedef struct { unsigned char total_length_msb;
229  unsigned char total_length_lsb;
230  unsigned char version_msb;
231  unsigned char version_lsb;
232  unsigned char data_length_msb;
233  unsigned char data_length_lsb;
234  unsigned int response : 4;
235  unsigned int opcode : 4;
236  unsigned int rr : 1;
237  unsigned int f1 : 1;
238  unsigned int reserved : 6;
239  unsigned int trans_id; /* must be 4 bytes */
247 
248 int GRSTgaclInit(void);
249 
250 __attribute__ ((deprecated))
252 
253 GRSTgaclCred *GRSTgaclCredCreate(char *, char *);
254 
255 __attribute__ ((deprecated))
256 int GRSTgaclCredAddValue(GRSTgaclCred *, char *, char *);
257 
258 #define GRSTgaclCredGetAuri(cred) ((cred)->auri)
259 
260 #define GRSTgaclCredSetNotBefore(cred, time) ((cred)->notbefore = (time))
261 #define GRSTgaclCredGetNotBefore(cred) ((cred)->notbefore)
262 
263 #define GRSTgaclCredSetNotAfter(cred, time) ((cred)->notafter = (time))
264 #define GRSTgaclCredGetNotAfter(cred) ((cred)->notafter)
265 
266 #define GRSTgaclCredSetDelegation(cred, level) ((cred)->delegation = (level))
267 #define GRSTgaclCredGetDelegation(cred) ((cred)->delegation)
268 
269 #define GRSTgaclCredSetNistLoa(cred, level) ((cred)->nist_loa = (level))
270 #define GRSTgaclCredGetNistLoa(cred) ((cred)->nist_loa)
271 
272 /* #define GACLfreeCred(x) GRSTgaclCredFree((x)) */
273 int GRSTgaclCredFree(GRSTgaclCred *);
274 
275 /* #define GACLaddCred(x,y) GRSTgaclEntryAddCred((x),(y)) */
276 int GRSTgaclEntryAddCred(GRSTgaclEntry *, GRSTgaclCred *);
277 
278 /* #define GACLdelCred(x,y) GRSTgaclEntryDelCred((x),(y)) */
279 int GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *);
280 
281 /* #define GACLprintCred(x,y) GRSTgaclCredPrint((x),(y)) */
282 int GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *);
283 
284 int GRSTgaclCredCmpAuri(GRSTgaclCred *, GRSTgaclCred *);
285 
286 /* #define GACLnewEntry(x) GRSTgaclEntryNew((x)) */
288 
289 /* #define GACLfreeEntry(x) GRSTgaclEntryFree((x)) */
291 
292 /* #define GACLaddEntry(x,y) GRSTgaclAclAddEntry((x),(y)) */
294 
295 /* #define GACLprintEntry(x,y) GRSTgaclEntryPrint((x),(y)) */
296 int GRSTgaclEntryPrint(GRSTgaclEntry *, FILE *);
297 
298 
299 /* #define GACLprintPerm(x,y) GRSTgaclPermPrint((x),(y)) */
300 int GRSTgaclPermPrint(GRSTgaclPerm, FILE *);
301 
302 /* #define GACLallowPerm(x,y) GRSTgaclEntryAllowPerm((x),(y)) */
303 int GRSTgaclEntryAllowPerm(GRSTgaclEntry *, GRSTgaclPerm);
304 
305 /* #define GACLunallowPerm(x,y) GRSTgaclEntryUnallowPerm((x),(y)) */
306 int GRSTgaclEntryUnallowPerm(GRSTgaclEntry *, GRSTgaclPerm);
307 
308 /* #define GACLdenyPerm(x,y) GRSTgaclEntryDenyPerm((x),(y)) */
309 int GRSTgaclEntryDenyPerm(GRSTgaclEntry *, GRSTgaclPerm);
310 
311 /* #define GACLundenyPerm(x,y) GRSTgaclEntryUndenyPerm((x),(y)) */
312 int GRSTgaclEntryUndenyPerm(GRSTgaclEntry *, GRSTgaclPerm);
313 
314 /* #define GACLpermToChar(x) GRSTgaclPermToChar((x)) */
315 char *GRSTgaclPermToChar(GRSTgaclPerm);
316 
317 /* #define GACLcharToPerm(x) GRSTgaclPermFromChar((x)) */
318 GRSTgaclPerm GRSTgaclPermFromChar(char *);
319 
320 /* #define GACLnewAcl(x) GRSTgaclAclNew((x)) */
322 
323 /* #define GACLfreeAcl(x) GRSTgaclAclFree((x)) */
325 
326 /* #define GACLprintAcl(x,y) GRSTgaclAclPrint((x),(y)) */
327 int GRSTgaclAclPrint(GRSTgaclAcl *, FILE *);
328 
329 /* #define GACLsaveAcl(x,y) GRSTgaclAclSave((y),(x)) */
330 int GRSTgaclAclSave(GRSTgaclAcl *, char *);
331 
332 /* #define GACLloadAcl(x) GRSTgaclFileLoadAcl((x)) */
334 
335 /* #define GACLfindAclForFile(x) GRSTgaclFileFindAclname((x)) */
336 char *GRSTgaclFileFindAclname(char *);
337 
338 /* #define GACLloadAclForFile(x) GRSTgaclFileLoadAcl((x)) */
340 
341 /* #define GACLisAclFile(x) GRSTgaclFileIsAcl((x)) */
342 int GRSTgaclFileIsAcl(char *);
343 
344 
345 /* #define GACLnewUser(x) GRSTgaclUserNew((x)) */
346 GRSTgaclUser *GRSTgaclUserNew(GRSTgaclCred *);
347 
348 /* #define GACLfreeUser(x) GRSTgaclUserFree((x)) */
350 
351 /* #define GACLuserAddCred(x,y) GRSTgaclUserAddCred((x),(y)) */
352 int GRSTgaclUserAddCred(GRSTgaclUser *, GRSTgaclCred *);
353 
354 /* #define GACLuserHasCred(x,y) GRSTgaclUserHasCred((x),(y)) */
355 int GRSTgaclUserHasCred(GRSTgaclUser *, GRSTgaclCred *);
356 
357 __attribute__ ((deprecated))
358 int GRSTgaclUserSetDNlists(GRSTgaclUser *, char *);
359 
360 int GRSTgaclUserLoadDNlists(GRSTgaclUser *, char *);
361 
362 /* #define GACLuserFindCredType(x,y) GRSTgaclUserFindCredtype((x),(y)) */
363 GRSTgaclCred *GRSTgaclUserFindCredtype(GRSTgaclUser *, char *);
364 
365 __attribute__ ((deprecated))
366 int GRSTgaclDNlistHasUser(char *, GRSTgaclUser *);
367 
368 int GRSTgaclUserHasAURI(GRSTgaclUser *, char *);
369 
370 /* #define GACLtestUserAcl(x,y) GRSTgaclAclTestUser((x),(y)) */
371 GRSTgaclPerm GRSTgaclAclTestUser(GRSTgaclAcl *, GRSTgaclUser *);
372 
373 /* #define GACLtestExclAcl(x,y) GRSTgaclAclTestexclUser((x),(y)) */
374 GRSTgaclPerm GRSTgaclAclTestexclUser(GRSTgaclAcl *, GRSTgaclUser *);
375 
376 char *GRSThttpUrlDecode(char *);
377 
378 /* #define GACLurlEncode(x) GRSThttpUrlEncode((x)) */
379 char *GRSThttpUrlEncode(char *);
380 
381 /* #define GACLmildUrlEncode(x) GRSThttpMildUrlEncode((x)) */
382 char *GRSThttpUrlMildencode(char *);
383 
384 int GRSTx509NameCmp(char *, char *);
385 
386 #ifndef GRST_NO_OPENSSL
387 int GRSTx509KnownCriticalExts(X509 *);
388 
389 int GRSTx509IsCA(X509 *);
390 int GRSTx509CheckChain(int *, X509_STORE_CTX *);
391 int GRSTx509VerifyCallback(int, X509_STORE_CTX *);
392 
393 __attribute__ ((deprecated))
394 int GRSTx509GetVomsCreds(int *, int, size_t, char *, X509 *, STACK_OF(X509) *, char *);
395 
396 __attribute__ ((deprecated))
397 GRSTgaclCred *GRSTx509CompactToCred(char *);
398 
399 __attribute__ ((deprecated))
400 int GRSTx509CompactCreds(int *, int, size_t, char *, STACK_OF(X509) *, char *, X509 *);
401 #endif
402 
403 char *GRSTx509CachedProxyFind(char *, char *, char *);
404 char *GRSTx509FindProxyFileName(void);
405 int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int);
406 char *GRSTx509CachedProxyKeyFind(char *, char *, char *);
407 int GRSTx509ProxyDestroy(char *, char *, char *);
408 int GRSTx509ProxyGetTimes(char *, char *, char *, time_t *, time_t *);
409 int GRSTx509CreateProxyRequest(char **, char **, char *);
410 int GRSTx509MakeProxyRequest(char **, char *, char *, char *);
411 
412 char *GRSTx509MakeDelegationID(void);
413 
414 #ifndef GRST_NO_OPENSSL
415 int GRSTx509StringToChain(STACK_OF(X509) **, char *);
416 char *GRSTx509MakeProxyFileName(char *, STACK_OF(X509) *);
417 #endif
418 
419 int GRSTx509CacheProxy(char *, char *, char *, char *);
420 
421 #define GRST_HEADFILE "gridsitehead.txt"
422 #define GRST_FOOTFILE "gridsitefoot.txt"
423 #define GRST_ADMIN_FILE "gridsite-admin.cgi"
424 
425 typedef struct { char *text;
427 
428 typedef struct { size_t size;
431 
433 void GRSThttpPrintf(GRSThttpBody *, char *, ...);
434 int GRSThttpCopy(GRSThttpBody *, char *);
436 int GRSThttpPrintHeaderFooter(GRSThttpBody *, char *, char *);
437 int GRSThttpPrintHeader(GRSThttpBody *, char *);
438 int GRSThttpPrintFooter(GRSThttpBody *, char *);
439 char *GRSThttpGetCGI(char *);
440 
441 time_t GRSTasn1TimeToTimeT(char *, size_t);
442 int GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[], int, char *);
443 #ifndef GRST_NO_OPENSSL
444 int GRSTasn1ParseDump(BIO *, unsigned char *, long,
445  struct GRSTasn1TagList taglist[], int, int *);
446 #endif
447 int GRSTasn1GetX509Name(char *, int, char *, char *,
448  struct GRSTasn1TagList taglist[], int);
449 
450 int GRSThtcpNOPrequestMake(char **, int *, unsigned int);
451 int GRSThtcpNOPresponseMake(char **, int *, unsigned int);
452 int GRSThtcpTSTrequestMake(char **, int *, unsigned int, char *, char *, char *);
453 int GRSThtcpTSTresponseMake(char **, int *, unsigned int, char *, char *, char *);
454 int GRSThtcpMessageParse(GRSThtcpMessage *, char *, int);
455 
456 #ifndef GRST_PASSCODE_JS
457 //#define __GRST_PASSCODE_JS__
458 #define GRST_PASSCODE_JS "<script type=\"text/javascript\" language=\"Javascript\"><!--\nfunction changeValue(formName){ if( document.forms[formName].passcode.value==\"\" ) document.forms[formName].passcode.value=getCookie(\"GRIDHTTP_PASSCODE\"); return true; } \nfunction getCookie(c_name){ if (document.cookie.length>0) { c_start=document.cookie.indexOf(c_name + \"=\"); if (c_start!=-1) { c_start=c_start + c_name.length+1; c_end=document.cookie.indexOf(\";\",c_start); if (c_end==-1) c_end=document.cookie.length; return unescape(document.cookie.substring(c_start,c_end)); }} return \"\"; } \n -->\n</script>"
459 #endif
460 
461 #ifdef __cplusplus
462 } // extern "C"
463 #endif
464 
465 #endif // HEADER_GRIDSITE_H
void * next
Definition: gridsite.h:192
time_t notbefore
Definition: gridsite.h:186
int GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[], int, char *)
Definition: grst_asn1.c:119
int GRSTgaclUserAddCred(GRSTgaclUser *, GRSTgaclCred *)
Definition: grst_gacl.c:959
int headerlength
Definition: gridsite.h:175
int GRSTx509MakeProxyRequest(char **, char *, char *, char *)
Make and store a X.509 request for a GSI proxy.
Definition: grst_canl_x509.c:1997
int delegation
Definition: gridsite.h:113
GRSTgaclCred * GRSTgaclCredNew(char *type)
Definition: grst_gacl.c:137
char * GRSThttpUrlEncode(char *)
Definition: grst_http.c:368
GRSTgaclCred * GRSTgaclCredCreate(char *, char *)
Definition: grst_gacl.c:97
void * next
Definition: gridsite.h:131
int GRSTx509CompactCreds(int *lastcred, int maxcreds, size_t credlen, char *creds, STACK_OF(X509)*certstack, char *vomsdir, X509 *peercert)
Get the credentials in an X509 cert/GSI proxy, including any VOMS.
Definition: grst_canl_x509.c:1461
GRSTgaclCred * GRSTgaclUserFindCredtype(GRSTgaclUser *, char *)
Definition: grst_gacl.c:1046
int type
Definition: gridsite.h:181
int GRSTgaclEntryDenyPerm(GRSTgaclEntry *, GRSTgaclPerm)
Definition: grst_gacl.c:517
int GRSThttpCopy(GRSThttpBody *, char *)
Definition: grst_http.c:94
char * GRSTx509MakeProxyFileName(char *, STACK_OF(X509)*)
Return the short file name for the given delegation_id and user_dn.
Definition: grst_canl_x509.c:2300
void GRSThttpWriteOut(GRSThttpBody *)
Definition: grst_http.c:149
void GRSThttpPrintf(GRSThttpBody *, char *,...)
Definition: grst_http.c:57
GRSTgaclPerm denied
Definition: gridsite.h:130
int GRSTgaclInit(void)
Definition: grst_gacl.c:77
unsigned char total_length_msb
Definition: gridsite.h:228
GRSThtcpCountstr * req_hdrs
Definition: gridsite.h:243
char *int GRSTgaclUserLoadDNlists(GRSTgaclUser *, char *)
Definition: grst_gacl.c:1185
int GRSThtcpMessageParse(GRSThtcpMessage *, char *, int)
Definition: grst_htcp.c:226
unsigned char total_length_lsb
Definition: gridsite.h:229
int GRSTgaclDNlistHasUser(char *listurl, GRSTgaclUser *user)
Definition: grst_gacl.c:1279
GRSTgaclEntry * GRSTgaclEntryNew(void)
Definition: grst_gacl.c:367
int GRSTx509IsCA(X509 *)
Check if certificate can be used as a CA to sign standard X509 certs.
Definition: grst_canl_x509.c:161
int GRSTgaclUserFree(GRSTgaclUser *)
Definition: grst_gacl.c:946
int GRSTx509CreateProxyRequest(char **, char **, char *)
Create a X.509 request for a GSI proxy and its private key.
Definition: grst_canl_x509.c:1912
int GRSThtcpTSTrequestMake(char **, int *, unsigned int, char *, char *, char *)
Definition: grst_htcp.c:116
unsigned int GRSTgaclPerm
Definition: gridsite.h:126
int GRSTgaclAclSave(GRSTgaclAcl *, char *)
Definition: grst_gacl.c:605
unsigned int trans_id
Definition: gridsite.h:239
int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int)
Make a GSI Proxy chain from a request, certificate and private key.
Definition: grst_canl_x509.c:1572
unsigned char data_length_msb
Definition: gridsite.h:232
GRSTgaclNamevalue
Definition: gridsite.h:123
GRSTgaclEntry * firstentry
Definition: gridsite.h:133
int GRSTgaclEntryUndenyPerm(GRSTgaclEntry *, GRSTgaclPerm)
Definition: grst_gacl.c:524
int
Definition: gridsite.h:394
char * text
Definition: gridsite.h:425
GRSTgaclCred * GRSTx509CompactToCred(char *grst_cred)
Turn a Compact Cred line into a GRSTgaclCred object.
Definition: grst_canl_x509.c:1400
int start
Definition: gridsite.h:174
int(* GRSTerrorLogFunc)(char *, int, int, char *,...)
Definition: grst_err.c:40
char * ocsp
Definition: gridsite.h:190
GRSTgaclPerm GRSTgaclPermFromChar(char *)
Definition: grst_gacl.c:546
GRSTgaclAcl * GRSTgaclAclLoadforFile(char *)
Definition: grst_gacl.c:906
unsigned char version_msb
Definition: gridsite.h:230
int GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *)
Definition: grst_gacl.c:296
char * value
Definition: gridsite.h:185
int GRSTasn1ParseDump(BIO *, unsigned char *, long, struct GRSTasn1TagList taglist[], int, int *)
Definition: grst_asn1.c:458
char * GRSTx509FindProxyFileName(void)
Find proxy file name of the current user.
Definition: grst_canl_x509.c:1544
Definition: gridsite.h:133
int GRSTx509GetVomsCreds(int *lastcred, int maxcreds, size_t credlen, char *creds, X509 *usercert, STACK_OF(X509)*certstack, char *vomsdir)
Get the VOMS attributes in the extensions to the given cert stack.
Definition: grst_canl_x509.c:1345
void GRSThttpBodyInit(GRSThttpBody *)
Definition: grst_http.c:52
int GRSTgaclEntryUnallowPerm(GRSTgaclEntry *, GRSTgaclPerm)
Definition: grst_gacl.c:510
GRSTgaclPerm allowed
Definition: gridsite.h:129
GRSTgaclUser * GRSTgaclUserNew(GRSTgaclCred *)
Definition: grst_gacl.c:929
char * GRSTx509MakeDelegationID(void)
Returns a Delegation ID based on hash of GRST_CRED_0, ...
Definition: grst_canl_x509.c:2260
int GRSTgaclUserHasCred(GRSTgaclUser *, GRSTgaclCred *)
Definition: grst_gacl.c:982
Definition: gridsite.h:173
GRSThtcpCountstr * version
Definition: gridsite.h:242
Definition: gridsite.h:112
char * GRSThttpUrlMildencode(char *)
Definition: grst_http.c:401
time_t notafter
Definition: gridsite.h:187
time_t GRSTasn1TimeToTimeT(char *, size_t)
ASN1 time string (in a char *) to time_t.
Definition: grst_asn1.c:24
time_t notbefore
Definition: gridsite.h:115
int GRSTx509VerifyCallback(int, X509_STORE_CTX *)
Example VerifyCallback routine.
Definition: grst_canl_x509.c:1190
int GRSTx509ChainLoadCheck(GRSTx509Chain **, STACK_OF(X509)*, X509 *, char *, char *)
Check certificate chain for GSI proxy acceptability.
Definition: grst_canl_x509.c:1132
int tag
Definition: gridsite.h:177
char X509 STACK_OF(X509)*
size_t size
Definition: gridsite.h:428
GRSThtcpCountstr * entity_hdrs
Definition: gridsite.h:245
int GRSTx509ProxyGetTimes(char *, char *, char *, time_t *, time_t *)
Get start and finish validity times of stored GSI proxy file.
Definition: grst_canl_x509.c:2171
char * GRSThttpUrlDecode(char *)
Definition: grst_http.c:329
GRSTgaclUser *int GRSTgaclUserHasAURI(GRSTgaclUser *, char *)
Definition: grst_gacl.c:1284
char * dn
Definition: gridsite.h:184
int GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *)
int GRSTgaclAclPrint(GRSTgaclAcl *, FILE *)
Definition: grst_gacl.c:591
int GRSTgaclEntryFree(GRSTgaclEntry *)
Definition: grst_gacl.c:386
char * auri
Definition: gridsite.h:112
int length
Definition: gridsite.h:176
int GRSTx509KnownCriticalExts(X509 *)
Check critical extensions.
Definition: grst_canl_x509.c:124
GRSThttpCharsList * last
Definition: gridsite.h:430
int GRSTx509CacheProxy(char *, char *, char *, char *)
Store a GSI proxy chain in the proxy cache, along with the private key.
Definition: grst_canl_x509.c:2387
int GRSTgaclCredAddValue(GRSTgaclCred *cred, char *name, char *rawvalue)
Definition: grst_gacl.c:160
int GRSTgaclAclAddEntry(GRSTgaclAcl *, GRSTgaclEntry *)
Definition: grst_gacl.c:433
Definition: gridsite.h:135
int delegation
Definition: gridsite.h:188
unsigned char data_length_lsb
Definition: gridsite.h:233
int GRSTx509CertLoad(GRSTx509Cert *, X509 *)
Definition: gridsite.h:428
int GRSTx509ChainFree(GRSTx509Chain *)
Definition: grst_canl_x509.c:176
GRSThttpCharsList * first
Definition: gridsite.h:429
int nist_loa
Definition: gridsite.h:114
unsigned char version_lsb
Definition: gridsite.h:231
int GRSThtcpNOPrequestMake(char **, int *, unsigned int)
Definition: grst_htcp.c:47
Definition: gridsite.h:206
char * GRSThttpGetCGI(char *)
Definition: grst_http.c:236
GRSTgaclAcl * GRSTgaclAclNew(void)
Definition: grst_gacl.c:563
GRSTgaclPerm GRSTgaclAclTestexclUser(GRSTgaclAcl *, GRSTgaclUser *)
Definition: grst_gacl.c:1343
GRSTx509Cert * firstcert
Definition: gridsite.h:206
void * raw
Definition: gridsite.h:191
__attribute__((deprecated)) typedef struct
Definition: gridsite.h:120
GRSThtcpCountstr * resp_hdrs
Definition: gridsite.h:244
char * GRSTgaclPermToChar(GRSTgaclPerm)
Definition: grst_gacl.c:531
GRSTgaclAcl * GRSTgaclAclLoadFile(char *)
Definition: grst_gacl.c:758
GRSThtcpCountstr * method
Definition: gridsite.h:240
int GRSTx509StringToChain(STACK_OF(X509)**, char *)
Create a stack of X509 certificate from a PEM-encoded string.
Definition: grst_canl_x509.c:2210
unsigned char length_lsb
Definition: gridsite.h:223
int GRSTx509CheckChain(int *, X509_STORE_CTX *)
Check certificate chain for GSI proxy acceptability.
Definition: grst_canl_x509.c:1164
void * next
Definition: gridsite.h:426
void * next
Definition: gridsite.h:117
int GRSTgaclEntryAllowPerm(GRSTgaclEntry *, GRSTgaclPerm)
Definition: grst_gacl.c:503
Definition: gridsite.h:128
int GRSTgaclUserSetDNlists(GRSTgaclUser *user, char *dnlists)
Definition: grst_gacl.c:1076
Definition: gridsite.h:425
int GRSTx509NameCmp(char *, char *)
Compare X509 Distinguished Name strings.
Definition: grst_canl_x509.c:85
int errors
Definition: gridsite.h:182
GRSThtcpCountstr * uri
Definition: gridsite.h:241
int GRSTgaclPermPrint(GRSTgaclPerm, FILE *)
Definition: grst_gacl.c:489
GRSThtcpCountstr * cache_hdrs
Definition: gridsite.h:246
int GRSThttpPrintHeader(GRSThttpBody *, char *)
Definition: grst_http.c:204
GRSTgaclPerm GRSTgaclAclTestUser(GRSTgaclAcl *, GRSTgaclUser *)
Definition: grst_gacl.c:1298
time_t notafter
Definition: gridsite.h:116
char treecoords[GRST_ASN1_MAXCOORDLEN+1]
Definition: gridsite.h:173
char char X509 *char * GRSTx509CachedProxyFind(char *, char *, char *)
Find a proxy file in the proxy cache.
Definition: grst_canl_x509.c:1837
int GRSTx509ProxyDestroy(char *, char *, char *)
Destroy stored GSI proxy files.
Definition: grst_canl_x509.c:2126
char * issuer
Definition: gridsite.h:183
int GRSThtcpTSTresponseMake(char **, int *, unsigned int, char *, char *, char *)
Definition: grst_htcp.c:162
Definition: gridsite.h:228
char * GRSTx509CachedProxyKeyFind(char *, char *, char *)
Find a temporary proxy private key file in the proxy cache.
Definition: grst_canl_x509.c:1867
int GRSTgaclCredFree(GRSTgaclCred *)
Definition: grst_gacl.c:223
int GRSTgaclCredCmpAuri(GRSTgaclCred *, GRSTgaclCred *)
Definition: grst_gacl.c:342
Definition: gridsite.h:222
unsigned char length_msb
Definition: gridsite.h:222
int GRSTgaclAclFree(GRSTgaclAcl *)
Definition: grst_gacl.c:579
int GRSThttpPrintHeaderFooter(GRSThttpBody *, char *, char *)
Definition: grst_http.c:167
int GRSThttpPrintFooter(GRSThttpBody *, char *)
Definition: grst_http.c:220
int GRSTgaclEntryPrint(GRSTgaclEntry *, FILE *)
Definition: grst_gacl.c:449
GRSTgaclCred * firstcred
Definition: gridsite.h:128
char * GRSTgaclFileFindAclname(char *)
Definition: grst_gacl.c:848
int GRSTgaclAction
Definition: gridsite.h:125
int GRSThtcpNOPresponseMake(char **, int *, unsigned int)
Definition: grst_htcp.c:81
GRSTgaclCred * firstcred
Definition: gridsite.h:135
int GRSTgaclEntryAddCred(GRSTgaclEntry *, GRSTgaclCred *)
Definition: grst_gacl.c:267
Definition: gridsite.h:181
int GRSTasn1GetX509Name(char *, int, char *, char *, struct GRSTasn1TagList taglist[], int)
Definition: grst_asn1.c:498
int GRSTgaclFileIsAcl(char *)
Definition: grst_gacl.c:835