GridSite Grid Security for the Web
Web platforms for Grids

Welcome page : Documentation : Download : License

gridsite.h

Go to the documentation of this file.
00001 /*
00002    Copyright (c) 2002-7, Andrew McNab, University of Manchester
00003    All rights reserved.
00004 
00005    Redistribution and use in source and binary forms, with or
00006    without modification, are permitted provided that the following
00007    conditions are met:
00008 
00009      o Redistributions of source code must retain the above
00010        copyright notice, this list of conditions and the following
00011        disclaimer. 
00012      o Redistributions in binary form must reproduce the above
00013        copyright notice, this list of conditions and the following
00014        disclaimer in the documentation and/or other materials
00015        provided with the distribution. 
00016 
00017    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
00018    CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
00019    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
00020    MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
00021    DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
00022    BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
00023    EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
00024    TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
00025    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
00026    ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
00027    OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
00028    OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
00029    POSSIBILITY OF SUCH DAMAGE.
00030 */
00031 
00032 /*---------------------------------------------------------------*
00033  * For more about GridSite: http://www.gridsite.org/             *
00034  *---------------------------------------------------------------*/
00035 
00036 #ifndef GRST_VERSION
00037 #define GRST_VERSION 010500
00038 #endif
00039 
00040 #ifndef GRST_NO_OPENSSL
00041 
00042 #ifndef HEADER_SSL_H
00043 #include <openssl/ssl.h>
00044 #endif
00045 
00046 #ifndef HEADER_CRYPTO_H
00047 #include <openssl/crypto.h>
00048 #endif
00049 
00050 #endif
00051 
00052 #ifndef _TIME_H
00053 #include <time.h>
00054 #endif
00055 
00056 #ifndef _STDIO_H
00057 #include <stdio.h>
00058 #endif
00059 
00060 #ifndef FALSE
00061 #define FALSE (0)
00062 #endif
00063 #ifndef TRUE
00064 #define TRUE (!FALSE)
00065 #endif
00066 
00067 // Everything ok (= OpenSSL X509_V_OK)
00068 #define GRST_RET_OK             0
00069 
00070 // Failed for unspecified reason
00071 #define GRST_RET_FAILED         1000
00072 
00073 // Failed to find certificate in some cert store / directory
00074 #define GRST_RET_CERT_NOT_FOUND 1001
00075 
00076 // Bad signature
00077 #define GRST_RET_BAD_SIGNATURE  1002
00078 
00079 // No such file or directory
00080 #define GRST_RET_NO_SUCH_FILE   1003
00081 
00082 
00083 // #define GRSTerrorLog(GRSTerrorLevel, GRSTerrorFmt, ...) if (GRSTerrorLogFunc != NULL) (GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, GRSTerrorFmt, __VA_ARGS__)
00084 
00085 #define GRSTerrorLog(GRSTerrorLevel, ...) if (GRSTerrorLogFunc != NULL) (GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, __VA_ARGS__)
00086 
00087 void (*GRSTerrorLogFunc)(char *, int, int, char *, ...);
00088 
00089 /* these levels are the same as Unix syslog() and Apache ap_log_error() */
00090 
00091 #define GRST_LOG_EMERG   0
00092 #define GRST_LOG_ALERT   1
00093 #define GRST_LOG_CRIT    2
00094 #define GRST_LOG_ERR     3
00095 #define GRST_LOG_WARNING 4
00096 #define GRST_LOG_NOTICE  5
00097 #define GRST_LOG_INFO    6
00098 #define GRST_LOG_DEBUG   7
00099 
00100 #define GRST_MAX_TIME_T  INT32_MAX
00101 
00102 typedef struct { char                      *auri;
00103                  int                        delegation;
00104                  int                        nist_loa;
00105                  time_t                     notbefore;
00106                  time_t                     notafter;
00107                  void                      *next;     } GRSTgaclCred;
00108 
00109 /* used by pre-AURI GRSTgaclCred structs */ 
00110 __attribute__ ((deprecated))
00111 typedef struct { char                      *name;
00112                  char                      *value;
00113                  void                      *next;  } GRSTgaclNamevalue;
00114 
00115 typedef int                GRSTgaclAction;
00116 typedef unsigned int       GRSTgaclPerm;
00117  
00118 typedef struct { GRSTgaclCred   *firstcred;
00119                  GRSTgaclPerm    allowed;
00120                  GRSTgaclPerm    denied;
00121                  void           *next;    } GRSTgaclEntry;
00122  
00123 typedef struct { GRSTgaclEntry *firstentry; } GRSTgaclAcl;
00124  
00125 typedef struct { GRSTgaclCred *firstcred; char *dnlists; } GRSTgaclUser;
00126 
00127 #define GRST_PERM_NONE   0
00128 #define GRST_PERM_READ   1
00129 #define GRST_PERM_EXEC   2
00130 #define GRST_PERM_LIST   4
00131 #define GRST_PERM_WRITE  8
00132 #define GRST_PERM_ADMIN 16
00133 #define GRST_PERM_ALL   31
00134 
00135 /* DO NOT USE PermIsNone!! */
00136 #define GRSTgaclPermIsNone(perm)    ((perm) == 0)
00137 
00138 #define GRSTgaclPermHasNone(perm)    ((perm) == 0)
00139 #define GRSTgaclPermHasRead(perm)  (((perm) & GRST_PERM_READ ) != 0)
00140 #define GRSTgaclPermHasExec(perm)  (((perm) & GRST_PERM_EXEC ) != 0)
00141 #define GRSTgaclPermHasList(perm)  (((perm) & GRST_PERM_LIST ) != 0)
00142 #define GRSTgaclPermHasWrite(perm) (((perm) & GRST_PERM_WRITE) != 0)
00143 #define GRSTgaclPermHasAdmin(perm) (((perm) & GRST_PERM_ADMIN) != 0)
00144 
00145 #define GRST_ACTION_ALLOW 0
00146 #define GRST_ACTION_DENY  1
00147 
00148 #define GRST_HIST_PREFIX  ".grsthist"
00149 #define GRST_ACL_FILE     ".gacl"
00150 #define GRST_DN_LISTS     "/etc/grid-security/dn-lists"
00151 #define GRST_RECURS_LIMIT 9
00152 
00153 #define GRST_PROXYCERTINFO_OID  "1.3.6.1.4.1.3536.1.222"
00154 #define GRST_VOMS_OID           "1.3.6.1.4.1.8005.100.100.5"
00155 #define GRST_VOMS_DIR           "/etc/grid-security/vomsdir"
00156 
00157 #define GRST_ASN1_MAXCOORDLEN   50
00158 #define GRST_ASN1_MAXTAGS       500
00159 
00160 struct GRSTasn1TagList { char treecoords[GRST_ASN1_MAXCOORDLEN+1];
00161                          int  start;
00162                          int  headerlength;
00163                          int  length;
00164                          int  tag; } ;
00165 
00166 typedef struct { int    type;           /* CA, user, proxy, VOMS, ... */
00167                  int    errors;         /* unchecked, bad sig, bad time */
00168                  char   *issuer;        /* Cert CA DN, EEC of PC, or VOMS DN */
00169                  char   *dn;            /* Cert DN, or VOMS AC holder DN */
00170                  char   *value;         /* VOMS FQAN or NULL */
00171                  time_t notbefore;
00172                  time_t notafter;
00173                  int    delegation;     /* relative to END of any chain */
00174                  int    serial;
00175                  char   *ocsp;          /* accessLocation field */
00176                  void   *raw;           /* X509 or VOMS Extension object */
00177                  void   *next; } GRSTx509Cert;
00178 
00179 #define GRST_CERT_BAD_FORMAT 1
00180 #define GRST_CERT_BAD_CHAIN  2
00181 #define GRST_CERT_BAD_SIG    4
00182 #define GRST_CERT_BAD_TIME   8
00183 #define GRST_CERT_BAD_OCSP  16
00184 
00185 #define GRST_CERT_TYPE_CA    1
00186 #define GRST_CERT_TYPE_EEC   2
00187 #define GRST_CERT_TYPE_PROXY 3
00188 #define GRST_CERT_TYPE_VOMS  4
00189 
00190 /* a chain of certs, starting from the first CA */
00191 typedef struct { GRSTx509Cert *firstcert; } GRSTx509Chain;
00192 
00193 #ifndef GRST_NO_OPENSSL
00194 int GRSTx509CertLoad(GRSTx509Cert *, X509 *);
00195 int GRSTx509ChainLoadCheck(GRSTx509Chain **, STACK_OF(X509) *, X509 *, char *, char *);
00196 #endif
00197 int GRSTx509ChainFree(GRSTx509Chain *);
00198 
00199 #define GRST_HTTP_PORT          777
00200 #define GRST_HTTPS_PORT         488
00201 #define GRST_HTCP_PORT          777
00202 #define GRST_GSIFTP_PORT        2811
00203                          
00204 #define GRSThtcpNOPop 0
00205 #define GRSThtcpTSTop 1
00206 
00207 typedef struct { unsigned char length_msb;
00208                  unsigned char length_lsb;
00209                  char text[1]; } GRSThtcpCountstr;
00210 
00211 #define GRSThtcpCountstrLen(string) (256*((string)->length_msb) + (string)->length_lsb)
00212 
00213 typedef struct { unsigned char total_length_msb;
00214                  unsigned char total_length_lsb;
00215                  unsigned char version_msb;
00216                  unsigned char version_lsb;
00217                  unsigned char data_length_msb;
00218                  unsigned char data_length_lsb;
00219                  unsigned int  response : 4;
00220                  unsigned int  opcode   : 4;
00221                  unsigned int  rr       : 1;                 
00222                  unsigned int  f1       : 1;
00223                  unsigned int  reserved : 6;
00224                  unsigned int  trans_id;        /* must be 4 bytes */
00225                  GRSThtcpCountstr *method;
00226                  GRSThtcpCountstr *uri;
00227                  GRSThtcpCountstr *version;
00228                  GRSThtcpCountstr *req_hdrs;
00229                  GRSThtcpCountstr *resp_hdrs;
00230                  GRSThtcpCountstr *entity_hdrs;
00231                  GRSThtcpCountstr *cache_hdrs;   } GRSThtcpMessage;
00232 
00233 int GRSTgaclInit(void);
00234 
00235 __attribute__ ((deprecated))
00236 GRSTgaclCred *GRSTgaclCredNew(char *);
00237 
00238 GRSTgaclCred *GRSTgaclCredCreate(char *, char *);
00239 
00240 __attribute__ ((deprecated))
00241 int     GRSTgaclCredAddValue(GRSTgaclCred *, char *, char *);
00242 
00243 #define GRSTgaclCredGetAuri(cred) ((cred)->auri)
00244 
00245 #define GRSTgaclCredSetNotBefore(cred, time) ((cred)->notbefore = (time))
00246 #define GRSTgaclCredGetNotBefore(cred) ((cred)->notbefore)
00247 
00248 #define GRSTgaclCredSetNotAfter(cred, time) ((cred)->notafter = (time))
00249 #define GRSTgaclCredGetNotAfter(cred) ((cred)->notafter)
00250 
00251 #define GRSTgaclCredSetDelegation(cred, level) ((cred)->delegation = (level))
00252 #define GRSTgaclCredGetDelegation(cred) ((cred)->delegation)
00253 
00254 #define GRSTgaclCredSetNistLoa(cred, level) ((cred)->nist_loa = (level))
00255 #define GRSTgaclCredGetNistLoa(cred) ((cred)->nist_loa)
00256 
00257 /* #define GACLfreeCred(x)              GRSTgaclCredFree((x)) */
00258 int        GRSTgaclCredFree(GRSTgaclCred *);
00259 
00260 /*  #define GACLaddCred(x,y)    GRSTgaclEntryAddCred((x),(y)) */
00261 int        GRSTgaclEntryAddCred(GRSTgaclEntry *, GRSTgaclCred *);
00262 
00263 /*  #define GACLdelCred(x,y)    GRSTgaclEntryDelCred((x),(y)) */
00264 int        GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *);
00265 
00266 /*  #define GACLprintCred(x,y)  GRSTgaclCredPrint((x),(y)) */
00267 int        GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *);
00268 
00269 int        GRSTgaclCredCmpAuri(GRSTgaclCred *, GRSTgaclCred *);
00270 
00271 /*  #define GACLnewEntry(x)             GRSTgaclEntryNew((x)) */
00272 GRSTgaclEntry *GRSTgaclEntryNew(void);
00273 
00274 /*  #define GACLfreeEntry(x)    GRSTgaclEntryFree((x)) */
00275 int        GRSTgaclEntryFree(GRSTgaclEntry *);
00276 
00277 /*  #define GACLaddEntry(x,y)   GRSTgaclAclAddEntry((x),(y)) */
00278 int        GRSTgaclAclAddEntry(GRSTgaclAcl *, GRSTgaclEntry *);
00279 
00280 /*  #define GACLprintEntry(x,y) GRSTgaclEntryPrint((x),(y)) */
00281 int        GRSTgaclEntryPrint(GRSTgaclEntry *, FILE *);
00282 
00283 
00284 /*  #define GACLprintPerm(x,y)  GRSTgaclPermPrint((x),(y)) */
00285 int        GRSTgaclPermPrint(GRSTgaclPerm, FILE *);
00286 
00287 /*  #define GACLallowPerm(x,y)  GRSTgaclEntryAllowPerm((x),(y)) */
00288 int        GRSTgaclEntryAllowPerm(GRSTgaclEntry *, GRSTgaclPerm);
00289 
00290 /*  #define GACLunallowPerm(x,y)        GRSTgaclEntryUnallowPerm((x),(y)) */
00291 int        GRSTgaclEntryUnallowPerm(GRSTgaclEntry *, GRSTgaclPerm);
00292 
00293 /*  #define GACLdenyPerm(x,y)   GRSTgaclEntryDenyPerm((x),(y)) */
00294 int        GRSTgaclEntryDenyPerm(GRSTgaclEntry *, GRSTgaclPerm);
00295 
00296 /*  #define GACLundenyPerm(x,y) GRSTgaclEntryUndenyPerm((x),(y)) */
00297 int        GRSTgaclEntryUndenyPerm(GRSTgaclEntry *, GRSTgaclPerm);
00298 
00299 /*  #define GACLpermToChar(x)   GRSTgaclPermToChar((x)) */
00300 char      *GRSTgaclPermToChar(GRSTgaclPerm);
00301 
00302 /*  #define GACLcharToPerm(x)   GRSTgaclPermFromChar((x)) */
00303 GRSTgaclPerm   GRSTgaclPermFromChar(char *);
00304 
00305 /*  #define GACLnewAcl(x)               GRSTgaclAclNew((x)) */
00306 GRSTgaclAcl   *GRSTgaclAclNew(void);
00307 
00308 /*  #define GACLfreeAcl(x)              GRSTgaclAclFree((x)) */
00309 int        GRSTgaclAclFree(GRSTgaclAcl *);
00310 
00311 /*  #define GACLprintAcl(x,y)   GRSTgaclAclPrint((x),(y)) */
00312 int        GRSTgaclAclPrint(GRSTgaclAcl *, FILE *);
00313 
00314 /*  #define GACLsaveAcl(x,y)    GRSTgaclAclSave((y),(x)) */
00315 int        GRSTgaclAclSave(GRSTgaclAcl *, char *);
00316 
00317 /*  #define GACLloadAcl(x)              GRSTgaclFileLoadAcl((x)) */
00318 GRSTgaclAcl   *GRSTgaclAclLoadFile(char *);
00319 
00320 /*  #define GACLfindAclForFile(x)       GRSTgaclFileFindAclname((x)) */
00321 char      *GRSTgaclFileFindAclname(char *);
00322 
00323 /*  #define GACLloadAclForFile(x)       GRSTgaclFileLoadAcl((x)) */
00324 GRSTgaclAcl   *GRSTgaclAclLoadforFile(char *);
00325 
00326 /*  #define GACLisAclFile(x)    GRSTgaclFileIsAcl((x)) */
00327 int        GRSTgaclFileIsAcl(char *);
00328 
00329 
00330 /*  #define GACLnewUser(x)              GRSTgaclUserNew((x)) */
00331 GRSTgaclUser *GRSTgaclUserNew(GRSTgaclCred *);
00332 
00333 /*  #define GACLfreeUser(x)             GRSTgaclUserFree((x)) */
00334 int       GRSTgaclUserFree(GRSTgaclUser *);
00335 
00336 /*  #define GACLuserAddCred(x,y)        GRSTgaclUserAddCred((x),(y)) */
00337 int       GRSTgaclUserAddCred(GRSTgaclUser *, GRSTgaclCred *);
00338 
00339 /*  #define GACLuserHasCred(x,y)        GRSTgaclUserHasCred((x),(y)) */
00340 int       GRSTgaclUserHasCred(GRSTgaclUser *, GRSTgaclCred *);
00341 
00342 __attribute__ ((deprecated))
00343 int       GRSTgaclUserSetDNlists(GRSTgaclUser *, char *);
00344 
00345 int       GRSTgaclUserLoadDNlists(GRSTgaclUser *, char *);
00346 
00347 /*  #define GACLuserFindCredType(x,y) GRSTgaclUserFindCredtype((x),(y)) */
00348 GRSTgaclCred *GRSTgaclUserFindCredtype(GRSTgaclUser *, char *);
00349 
00350 __attribute__ ((deprecated))
00351 int GRSTgaclDNlistHasUser(char *, GRSTgaclUser *);
00352 
00353 int GRSTgaclUserHasAURI(GRSTgaclUser *, char *);
00354 
00355 /*  #define GACLtestUserAcl(x,y)        GRSTgaclAclTestUser((x),(y)) */
00356 GRSTgaclPerm   GRSTgaclAclTestUser(GRSTgaclAcl *, GRSTgaclUser *);
00357 
00358 /*  #define GACLtestExclAcl(x,y)        GRSTgaclAclTestexclUser((x),(y)) */
00359 GRSTgaclPerm   GRSTgaclAclTestexclUser(GRSTgaclAcl *, GRSTgaclUser *);
00360 
00361 char      *GRSThttpUrlDecode(char *);
00362 
00363 /*  #define GACLurlEncode(x)    GRSThttpUrlEncode((x)) */
00364 char      *GRSThttpUrlEncode(char *);
00365 
00366 /*  #define GACLmildUrlEncode(x)        GRSThttpMildUrlEncode((x)) */
00367 char      *GRSThttpUrlMildencode(char *);
00368 
00369 int GRSTx509NameCmp(char *, char *);
00370 
00371 #ifndef GRST_NO_OPENSSL
00372 int GRSTx509KnownCriticalExts(X509 *);
00373 
00374 int GRSTx509IsCA(X509 *);
00375 int GRSTx509CheckChain(int *, X509_STORE_CTX *);
00376 int GRSTx509VerifyCallback(int, X509_STORE_CTX *);
00377 
00378 __attribute__ ((deprecated))
00379 int GRSTx509GetVomsCreds(int *, int, size_t, char *, X509 *, STACK_OF(X509) *, char *);
00380 
00381 __attribute__ ((deprecated))
00382 GRSTgaclCred *GRSTx509CompactToCred(char *);
00383 
00384 __attribute__ ((deprecated))
00385 int GRSTx509CompactCreds(int *, int, size_t, char *, STACK_OF(X509) *, char *, X509 *);
00386 #endif 
00387 
00388 char *GRSTx509CachedProxyFind(char *, char *, char *);
00389 char *GRSTx509FindProxyFileName(void);
00390 int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int);
00391 char *GRSTx509CachedProxyKeyFind(char *, char *, char *);
00392 int GRSTx509ProxyDestroy(char *, char *, char *);
00393 int GRSTx509ProxyGetTimes(char *, char *, char *, time_t *, time_t *);
00394 int GRSTx509CreateProxyRequest(char **, char **, char *);
00395 int GRSTx509MakeProxyRequest(char **, char *, char *, char *);
00396 
00397 char *GRSTx509MakeDelegationID(void);
00398 
00399 #ifndef GRST_NO_OPENSSL
00400 int GRSTx509StringToChain(STACK_OF(X509) **, char *);
00401 char *GRSTx509MakeProxyFileName(char *, STACK_OF(X509) *);
00402 #endif
00403 
00404 int GRSTx509CacheProxy(char *, char *, char *, char *);
00405 
00406 #define GRST_HEADFILE   "gridsitehead.txt"
00407 #define GRST_FOOTFILE   "gridsitefoot.txt"
00408 #define GRST_ADMIN_FILE "gridsite-admin.cgi"
00409 
00410 typedef struct { char *text;
00411                  void *next; } GRSThttpCharsList;
00412 
00413 typedef struct { size_t             size;
00414                  GRSThttpCharsList *first;
00415                  GRSThttpCharsList *last;  } GRSThttpBody;
00416 
00417 void  GRSThttpBodyInit(GRSThttpBody *); 
00418 void  GRSThttpPrintf(GRSThttpBody *, char *, ...);
00419 int   GRSThttpCopy(GRSThttpBody *, char *);
00420 void  GRSThttpWriteOut(GRSThttpBody *);
00421 int   GRSThttpPrintHeaderFooter(GRSThttpBody *, char *, char *);
00422 int   GRSThttpPrintHeader(GRSThttpBody *, char *);
00423 int   GRSThttpPrintFooter(GRSThttpBody *, char *);
00424 char *GRSThttpGetCGI(char *);
00425 
00426 time_t GRSTasn1TimeToTimeT(char *, size_t);
00427 int    GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[], int, char *);
00428 #ifndef GRST_NO_OPENSSL
00429 int    GRSTasn1ParseDump(BIO *, unsigned char *, long,
00430                          struct GRSTasn1TagList taglist[], int, int *);
00431 #endif
00432 int    GRSTasn1GetX509Name(char *, int, char *, char *,
00433                            struct GRSTasn1TagList taglist[], int);
00434 
00435 int    GRSThtcpNOPrequestMake(char **, int *, unsigned int);
00436 int    GRSThtcpNOPresponseMake(char **, int *, unsigned int);
00437 int    GRSThtcpTSTrequestMake(char **, int *, unsigned int, char *, char *, char *);
00438 int    GRSThtcpTSTresponseMake(char **, int *, unsigned int, char *, char *, char *);
00439 int    GRSThtcpMessageParse(GRSThtcpMessage *, char *, int);

Generated on Mon Jan 5 04:06:29 2009 by  doxygen 1.3.9.1


Last modified Mon  5 January 2009 . View page history
Switch to HTTPS . Print View . Built with GridSite 1.4.3
Funded by:   GridPP   STFC   JISC   University of Manchester