gridsite.hGo to the documentation of this file.00001 /* 00002 Copyright (c) 2002-7, Andrew McNab, University of Manchester 00003 All rights reserved. 00004 00005 Redistribution and use in source and binary forms, with or 00006 without modification, are permitted provided that the following 00007 conditions are met: 00008 00009 o Redistributions of source code must retain the above 00010 copyright notice, this list of conditions and the following 00011 disclaimer. 00012 o Redistributions in binary form must reproduce the above 00013 copyright notice, this list of conditions and the following 00014 disclaimer in the documentation and/or other materials 00015 provided with the distribution. 00016 00017 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND 00018 CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 00019 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 00020 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 00021 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS 00022 BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 00023 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 00024 TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00025 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 00026 ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 00027 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 00028 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 00029 POSSIBILITY OF SUCH DAMAGE. 00030 */ 00031 00032 /*---------------------------------------------------------------* 00033 * For more about GridSite: http://www.gridsite.org/ * 00034 *---------------------------------------------------------------*/ 00035 00036 #ifndef GRST_VERSION 00037 #define GRST_VERSION 010500 00038 #endif 00039 00040 #ifndef GRST_NO_OPENSSL 00041 00042 #ifndef HEADER_SSL_H 00043 #include <openssl/ssl.h> 00044 #endif 00045 00046 #ifndef HEADER_CRYPTO_H 00047 #include <openssl/crypto.h> 00048 #endif 00049 00050 #endif 00051 00052 #ifndef _TIME_H 00053 #include <time.h> 00054 #endif 00055 00056 #ifndef _STDIO_H 00057 #include <stdio.h> 00058 #endif 00059 00060 #ifndef FALSE 00061 #define FALSE (0) 00062 #endif 00063 #ifndef TRUE 00064 #define TRUE (!FALSE) 00065 #endif 00066 00067 // Everything ok (= OpenSSL X509_V_OK) 00068 #define GRST_RET_OK 0 00069 00070 // Failed for unspecified reason 00071 #define GRST_RET_FAILED 1000 00072 00073 // Failed to find certificate in some cert store / directory 00074 #define GRST_RET_CERT_NOT_FOUND 1001 00075 00076 // Bad signature 00077 #define GRST_RET_BAD_SIGNATURE 1002 00078 00079 // No such file or directory 00080 #define GRST_RET_NO_SUCH_FILE 1003 00081 00082 00083 // #define GRSTerrorLog(GRSTerrorLevel, GRSTerrorFmt, ...) if (GRSTerrorLogFunc != NULL) (GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, GRSTerrorFmt, __VA_ARGS__) 00084 00085 #define GRSTerrorLog(GRSTerrorLevel, ...) if (GRSTerrorLogFunc != NULL) (GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, __VA_ARGS__) 00086 00087 void (*GRSTerrorLogFunc)(char *, int, int, char *, ...); 00088 00089 /* these levels are the same as Unix syslog() and Apache ap_log_error() */ 00090 00091 #define GRST_LOG_EMERG 0 00092 #define GRST_LOG_ALERT 1 00093 #define GRST_LOG_CRIT 2 00094 #define GRST_LOG_ERR 3 00095 #define GRST_LOG_WARNING 4 00096 #define GRST_LOG_NOTICE 5 00097 #define GRST_LOG_INFO 6 00098 #define GRST_LOG_DEBUG 7 00099 00100 #define GRST_MAX_TIME_T INT32_MAX 00101 00102 typedef struct { char *auri; 00103 int delegation; 00104 int nist_loa; 00105 time_t notbefore; 00106 time_t notafter; 00107 void *next; } GRSTgaclCred; 00108 00109 /* used by pre-AURI GRSTgaclCred structs */ 00110 __attribute__ ((deprecated)) 00111 typedef struct { char *name; 00112 char *value; 00113 void *next; } GRSTgaclNamevalue; 00114 00115 typedef int GRSTgaclAction; 00116 typedef unsigned int GRSTgaclPerm; 00117 00118 typedef struct { GRSTgaclCred *firstcred; 00119 GRSTgaclPerm allowed; 00120 GRSTgaclPerm denied; 00121 void *next; } GRSTgaclEntry; 00122 00123 typedef struct { GRSTgaclEntry *firstentry; } GRSTgaclAcl; 00124 00125 typedef struct { GRSTgaclCred *firstcred; char *dnlists; } GRSTgaclUser; 00126 00127 #define GRST_PERM_NONE 0 00128 #define GRST_PERM_READ 1 00129 #define GRST_PERM_EXEC 2 00130 #define GRST_PERM_LIST 4 00131 #define GRST_PERM_WRITE 8 00132 #define GRST_PERM_ADMIN 16 00133 #define GRST_PERM_ALL 31 00134 00135 /* DO NOT USE PermIsNone!! */ 00136 #define GRSTgaclPermIsNone(perm) ((perm) == 0) 00137 00138 #define GRSTgaclPermHasNone(perm) ((perm) == 0) 00139 #define GRSTgaclPermHasRead(perm) (((perm) & GRST_PERM_READ ) != 0) 00140 #define GRSTgaclPermHasExec(perm) (((perm) & GRST_PERM_EXEC ) != 0) 00141 #define GRSTgaclPermHasList(perm) (((perm) & GRST_PERM_LIST ) != 0) 00142 #define GRSTgaclPermHasWrite(perm) (((perm) & GRST_PERM_WRITE) != 0) 00143 #define GRSTgaclPermHasAdmin(perm) (((perm) & GRST_PERM_ADMIN) != 0) 00144 00145 #define GRST_ACTION_ALLOW 0 00146 #define GRST_ACTION_DENY 1 00147 00148 #define GRST_HIST_PREFIX ".grsthist" 00149 #define GRST_ACL_FILE ".gacl" 00150 #define GRST_DN_LISTS "/etc/grid-security/dn-lists" 00151 #define GRST_RECURS_LIMIT 9 00152 00153 #define GRST_PROXYCERTINFO_OID "1.3.6.1.4.1.3536.1.222" 00154 #define GRST_VOMS_OID "1.3.6.1.4.1.8005.100.100.5" 00155 #define GRST_VOMS_DIR "/etc/grid-security/vomsdir" 00156 00157 #define GRST_ASN1_MAXCOORDLEN 50 00158 #define GRST_ASN1_MAXTAGS 500 00159 00160 struct GRSTasn1TagList { char treecoords[GRST_ASN1_MAXCOORDLEN+1]; 00161 int start; 00162 int headerlength; 00163 int length; 00164 int tag; } ; 00165 00166 typedef struct { int type; /* CA, user, proxy, VOMS, ... */ 00167 int errors; /* unchecked, bad sig, bad time */ 00168 char *issuer; /* Cert CA DN, EEC of PC, or VOMS DN */ 00169 char *dn; /* Cert DN, or VOMS AC holder DN */ 00170 char *value; /* VOMS FQAN or NULL */ 00171 time_t notbefore; 00172 time_t notafter; 00173 int delegation; /* relative to END of any chain */ 00174 int serial; 00175 char *ocsp; /* accessLocation field */ 00176 void *raw; /* X509 or VOMS Extension object */ 00177 void *next; } GRSTx509Cert; 00178 00179 #define GRST_CERT_BAD_FORMAT 1 00180 #define GRST_CERT_BAD_CHAIN 2 00181 #define GRST_CERT_BAD_SIG 4 00182 #define GRST_CERT_BAD_TIME 8 00183 #define GRST_CERT_BAD_OCSP 16 00184 00185 #define GRST_CERT_TYPE_CA 1 00186 #define GRST_CERT_TYPE_EEC 2 00187 #define GRST_CERT_TYPE_PROXY 3 00188 #define GRST_CERT_TYPE_VOMS 4 00189 00190 /* a chain of certs, starting from the first CA */ 00191 typedef struct { GRSTx509Cert *firstcert; } GRSTx509Chain; 00192 00193 #ifndef GRST_NO_OPENSSL 00194 int GRSTx509CertLoad(GRSTx509Cert *, X509 *); 00195 int GRSTx509ChainLoadCheck(GRSTx509Chain **, STACK_OF(X509) *, X509 *, char *, char *); 00196 #endif 00197 int GRSTx509ChainFree(GRSTx509Chain *); 00198 00199 #define GRST_HTTP_PORT 777 00200 #define GRST_HTTPS_PORT 488 00201 #define GRST_HTCP_PORT 777 00202 #define GRST_GSIFTP_PORT 2811 00203 00204 #define GRSThtcpNOPop 0 00205 #define GRSThtcpTSTop 1 00206 00207 typedef struct { unsigned char length_msb; 00208 unsigned char length_lsb; 00209 char text[1]; } GRSThtcpCountstr; 00210 00211 #define GRSThtcpCountstrLen(string) (256*((string)->length_msb) + (string)->length_lsb) 00212 00213 typedef struct { unsigned char total_length_msb; 00214 unsigned char total_length_lsb; 00215 unsigned char version_msb; 00216 unsigned char version_lsb; 00217 unsigned char data_length_msb; 00218 unsigned char data_length_lsb; 00219 unsigned int response : 4; 00220 unsigned int opcode : 4; 00221 unsigned int rr : 1; 00222 unsigned int f1 : 1; 00223 unsigned int reserved : 6; 00224 unsigned int trans_id; /* must be 4 bytes */ 00225 GRSThtcpCountstr *method; 00226 GRSThtcpCountstr *uri; 00227 GRSThtcpCountstr *version; 00228 GRSThtcpCountstr *req_hdrs; 00229 GRSThtcpCountstr *resp_hdrs; 00230 GRSThtcpCountstr *entity_hdrs; 00231 GRSThtcpCountstr *cache_hdrs; } GRSThtcpMessage; 00232 00233 int GRSTgaclInit(void); 00234 00235 __attribute__ ((deprecated)) 00236 GRSTgaclCred *GRSTgaclCredNew(char *); 00237 00238 GRSTgaclCred *GRSTgaclCredCreate(char *, char *); 00239 00240 __attribute__ ((deprecated)) 00241 int GRSTgaclCredAddValue(GRSTgaclCred *, char *, char *); 00242 00243 #define GRSTgaclCredGetAuri(cred) ((cred)->auri) 00244 00245 #define GRSTgaclCredSetNotBefore(cred, time) ((cred)->notbefore = (time)) 00246 #define GRSTgaclCredGetNotBefore(cred) ((cred)->notbefore) 00247 00248 #define GRSTgaclCredSetNotAfter(cred, time) ((cred)->notafter = (time)) 00249 #define GRSTgaclCredGetNotAfter(cred) ((cred)->notafter) 00250 00251 #define GRSTgaclCredSetDelegation(cred, level) ((cred)->delegation = (level)) 00252 #define GRSTgaclCredGetDelegation(cred) ((cred)->delegation) 00253 00254 #define GRSTgaclCredSetNistLoa(cred, level) ((cred)->nist_loa = (level)) 00255 #define GRSTgaclCredGetNistLoa(cred) ((cred)->nist_loa) 00256 00257 /* #define GACLfreeCred(x) GRSTgaclCredFree((x)) */ 00258 int GRSTgaclCredFree(GRSTgaclCred *); 00259 00260 /* #define GACLaddCred(x,y) GRSTgaclEntryAddCred((x),(y)) */ 00261 int GRSTgaclEntryAddCred(GRSTgaclEntry *, GRSTgaclCred *); 00262 00263 /* #define GACLdelCred(x,y) GRSTgaclEntryDelCred((x),(y)) */ 00264 int GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *); 00265 00266 /* #define GACLprintCred(x,y) GRSTgaclCredPrint((x),(y)) */ 00267 int GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *); 00268 00269 int GRSTgaclCredCmpAuri(GRSTgaclCred *, GRSTgaclCred *); 00270 00271 /* #define GACLnewEntry(x) GRSTgaclEntryNew((x)) */ 00272 GRSTgaclEntry *GRSTgaclEntryNew(void); 00273 00274 /* #define GACLfreeEntry(x) GRSTgaclEntryFree((x)) */ 00275 int GRSTgaclEntryFree(GRSTgaclEntry *); 00276 00277 /* #define GACLaddEntry(x,y) GRSTgaclAclAddEntry((x),(y)) */ 00278 int GRSTgaclAclAddEntry(GRSTgaclAcl *, GRSTgaclEntry *); 00279 00280 /* #define GACLprintEntry(x,y) GRSTgaclEntryPrint((x),(y)) */ 00281 int GRSTgaclEntryPrint(GRSTgaclEntry *, FILE *); 00282 00283 00284 /* #define GACLprintPerm(x,y) GRSTgaclPermPrint((x),(y)) */ 00285 int GRSTgaclPermPrint(GRSTgaclPerm, FILE *); 00286 00287 /* #define GACLallowPerm(x,y) GRSTgaclEntryAllowPerm((x),(y)) */ 00288 int GRSTgaclEntryAllowPerm(GRSTgaclEntry *, GRSTgaclPerm); 00289 00290 /* #define GACLunallowPerm(x,y) GRSTgaclEntryUnallowPerm((x),(y)) */ 00291 int GRSTgaclEntryUnallowPerm(GRSTgaclEntry *, GRSTgaclPerm); 00292 00293 /* #define GACLdenyPerm(x,y) GRSTgaclEntryDenyPerm((x),(y)) */ 00294 int GRSTgaclEntryDenyPerm(GRSTgaclEntry *, GRSTgaclPerm); 00295 00296 /* #define GACLundenyPerm(x,y) GRSTgaclEntryUndenyPerm((x),(y)) */ 00297 int GRSTgaclEntryUndenyPerm(GRSTgaclEntry *, GRSTgaclPerm); 00298 00299 /* #define GACLpermToChar(x) GRSTgaclPermToChar((x)) */ 00300 char *GRSTgaclPermToChar(GRSTgaclPerm); 00301 00302 /* #define GACLcharToPerm(x) GRSTgaclPermFromChar((x)) */ 00303 GRSTgaclPerm GRSTgaclPermFromChar(char *); 00304 00305 /* #define GACLnewAcl(x) GRSTgaclAclNew((x)) */ 00306 GRSTgaclAcl *GRSTgaclAclNew(void); 00307 00308 /* #define GACLfreeAcl(x) GRSTgaclAclFree((x)) */ 00309 int GRSTgaclAclFree(GRSTgaclAcl *); 00310 00311 /* #define GACLprintAcl(x,y) GRSTgaclAclPrint((x),(y)) */ 00312 int GRSTgaclAclPrint(GRSTgaclAcl *, FILE *); 00313 00314 /* #define GACLsaveAcl(x,y) GRSTgaclAclSave((y),(x)) */ 00315 int GRSTgaclAclSave(GRSTgaclAcl *, char *); 00316 00317 /* #define GACLloadAcl(x) GRSTgaclFileLoadAcl((x)) */ 00318 GRSTgaclAcl *GRSTgaclAclLoadFile(char *); 00319 00320 /* #define GACLfindAclForFile(x) GRSTgaclFileFindAclname((x)) */ 00321 char *GRSTgaclFileFindAclname(char *); 00322 00323 /* #define GACLloadAclForFile(x) GRSTgaclFileLoadAcl((x)) */ 00324 GRSTgaclAcl *GRSTgaclAclLoadforFile(char *); 00325 00326 /* #define GACLisAclFile(x) GRSTgaclFileIsAcl((x)) */ 00327 int GRSTgaclFileIsAcl(char *); 00328 00329 00330 /* #define GACLnewUser(x) GRSTgaclUserNew((x)) */ 00331 GRSTgaclUser *GRSTgaclUserNew(GRSTgaclCred *); 00332 00333 /* #define GACLfreeUser(x) GRSTgaclUserFree((x)) */ 00334 int GRSTgaclUserFree(GRSTgaclUser *); 00335 00336 /* #define GACLuserAddCred(x,y) GRSTgaclUserAddCred((x),(y)) */ 00337 int GRSTgaclUserAddCred(GRSTgaclUser *, GRSTgaclCred *); 00338 00339 /* #define GACLuserHasCred(x,y) GRSTgaclUserHasCred((x),(y)) */ 00340 int GRSTgaclUserHasCred(GRSTgaclUser *, GRSTgaclCred *); 00341 00342 __attribute__ ((deprecated)) 00343 int GRSTgaclUserSetDNlists(GRSTgaclUser *, char *); 00344 00345 int GRSTgaclUserLoadDNlists(GRSTgaclUser *, char *); 00346 00347 /* #define GACLuserFindCredType(x,y) GRSTgaclUserFindCredtype((x),(y)) */ 00348 GRSTgaclCred *GRSTgaclUserFindCredtype(GRSTgaclUser *, char *); 00349 00350 __attribute__ ((deprecated)) 00351 int GRSTgaclDNlistHasUser(char *, GRSTgaclUser *); 00352 00353 int GRSTgaclUserHasAURI(GRSTgaclUser *, char *); 00354 00355 /* #define GACLtestUserAcl(x,y) GRSTgaclAclTestUser((x),(y)) */ 00356 GRSTgaclPerm GRSTgaclAclTestUser(GRSTgaclAcl *, GRSTgaclUser *); 00357 00358 /* #define GACLtestExclAcl(x,y) GRSTgaclAclTestexclUser((x),(y)) */ 00359 GRSTgaclPerm GRSTgaclAclTestexclUser(GRSTgaclAcl *, GRSTgaclUser *); 00360 00361 char *GRSThttpUrlDecode(char *); 00362 00363 /* #define GACLurlEncode(x) GRSThttpUrlEncode((x)) */ 00364 char *GRSThttpUrlEncode(char *); 00365 00366 /* #define GACLmildUrlEncode(x) GRSThttpMildUrlEncode((x)) */ 00367 char *GRSThttpUrlMildencode(char *); 00368 00369 int GRSTx509NameCmp(char *, char *); 00370 00371 #ifndef GRST_NO_OPENSSL 00372 int GRSTx509KnownCriticalExts(X509 *); 00373 00374 int GRSTx509IsCA(X509 *); 00375 int GRSTx509CheckChain(int *, X509_STORE_CTX *); 00376 int GRSTx509VerifyCallback(int, X509_STORE_CTX *); 00377 00378 __attribute__ ((deprecated)) 00379 int GRSTx509GetVomsCreds(int *, int, size_t, char *, X509 *, STACK_OF(X509) *, char *); 00380 00381 __attribute__ ((deprecated)) 00382 GRSTgaclCred *GRSTx509CompactToCred(char *); 00383 00384 __attribute__ ((deprecated)) 00385 int GRSTx509CompactCreds(int *, int, size_t, char *, STACK_OF(X509) *, char *, X509 *); 00386 #endif 00387 00388 char *GRSTx509CachedProxyFind(char *, char *, char *); 00389 char *GRSTx509FindProxyFileName(void); 00390 int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int); 00391 char *GRSTx509CachedProxyKeyFind(char *, char *, char *); 00392 int GRSTx509ProxyDestroy(char *, char *, char *); 00393 int GRSTx509ProxyGetTimes(char *, char *, char *, time_t *, time_t *); 00394 int GRSTx509CreateProxyRequest(char **, char **, char *); 00395 int GRSTx509MakeProxyRequest(char **, char *, char *, char *); 00396 00397 char *GRSTx509MakeDelegationID(void); 00398 00399 #ifndef GRST_NO_OPENSSL 00400 int GRSTx509StringToChain(STACK_OF(X509) **, char *); 00401 char *GRSTx509MakeProxyFileName(char *, STACK_OF(X509) *); 00402 #endif 00403 00404 int GRSTx509CacheProxy(char *, char *, char *, char *); 00405 00406 #define GRST_HEADFILE "gridsitehead.txt" 00407 #define GRST_FOOTFILE "gridsitefoot.txt" 00408 #define GRST_ADMIN_FILE "gridsite-admin.cgi" 00409 00410 typedef struct { char *text; 00411 void *next; } GRSThttpCharsList; 00412 00413 typedef struct { size_t size; 00414 GRSThttpCharsList *first; 00415 GRSThttpCharsList *last; } GRSThttpBody; 00416 00417 void GRSThttpBodyInit(GRSThttpBody *); 00418 void GRSThttpPrintf(GRSThttpBody *, char *, ...); 00419 int GRSThttpCopy(GRSThttpBody *, char *); 00420 void GRSThttpWriteOut(GRSThttpBody *); 00421 int GRSThttpPrintHeaderFooter(GRSThttpBody *, char *, char *); 00422 int GRSThttpPrintHeader(GRSThttpBody *, char *); 00423 int GRSThttpPrintFooter(GRSThttpBody *, char *); 00424 char *GRSThttpGetCGI(char *); 00425 00426 time_t GRSTasn1TimeToTimeT(char *, size_t); 00427 int GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[], int, char *); 00428 #ifndef GRST_NO_OPENSSL 00429 int GRSTasn1ParseDump(BIO *, unsigned char *, long, 00430 struct GRSTasn1TagList taglist[], int, int *); 00431 #endif 00432 int GRSTasn1GetX509Name(char *, int, char *, char *, 00433 struct GRSTasn1TagList taglist[], int); 00434 00435 int GRSThtcpNOPrequestMake(char **, int *, unsigned int); 00436 int GRSThtcpNOPresponseMake(char **, int *, unsigned int); 00437 int GRSThtcpTSTrequestMake(char **, int *, unsigned int, char *, char *, char *); 00438 int GRSThtcpTSTresponseMake(char **, int *, unsigned int, char *, char *, char *); 00439 int GRSThtcpMessageParse(GRSThtcpMessage *, char *, int); Generated on Mon Jan 5 04:06:29 2009 by 1.3.9.1
Last modified Mon 5 January 2009 . View page history Switch to HTTPS . Print View . Built with GridSite 1.4.3 |
|
Funded by: GridPP STFC JISC University of Manchester |