gridsite.h

Go to the documentation of this file.
00001 /*
00002    Copyright (c) 2002-9, Andrew McNab, University of Manchester
00003    All rights reserved.
00004 
00005    Redistribution and use in source and binary forms, with or
00006    without modification, are permitted provided that the following
00007    conditions are met:
00008 
00009      o Redistributions of source code must retain the above
00010        copyright notice, this list of conditions and the following
00011        disclaimer. 
00012      o Redistributions in binary form must reproduce the above
00013        copyright notice, this list of conditions and the following
00014        disclaimer in the documentation and/or other materials
00015        provided with the distribution. 
00016 
00017    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
00018    CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
00019    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
00020    MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
00021    DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
00022    BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
00023    EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
00024    TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
00025    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
00026    ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
00027    OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
00028    OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
00029    POSSIBILITY OF SUCH DAMAGE.
00030 */
00031 
00032 /*---------------------------------------------------------------*
00033  * For more about GridSite: http://www.gridsite.org/             *
00034  *---------------------------------------------------------------*/
00035 
00036 #ifndef GRST_VERSION
00037 #define GRST_VERSION 010500
00038 
00039 #ifdef __cplusplus
00040 extern "C" {
00041 #endif
00042 
00043 #ifndef HEADER_SSL_H
00044 #include <openssl/ssl.h>
00045 #endif
00046 
00047 #ifndef HEADER_CRYPTO_H
00048 #include <openssl/crypto.h>
00049 #endif
00050 
00051 #ifndef _STDINT_H
00052 #include <stdint.h>
00053 #endif
00054 
00055 #ifndef FALSE
00056 #define FALSE (0)
00057 #endif
00058 #ifndef TRUE
00059 #define TRUE (!FALSE)
00060 #endif
00061 
00062 // Everything ok (= OpenSSL X509_V_OK)
00063 #define GRST_RET_OK             0
00064 
00065 // Failed for unspecified reason
00066 #define GRST_RET_FAILED         1000
00067 
00068 // Failed to find certificate in some cert store / directory
00069 #define GRST_RET_CERT_NOT_FOUND 1001
00070 
00071 // Bad signature
00072 #define GRST_RET_BAD_SIGNATURE  1002
00073 
00074 // No such file or directory
00075 #define GRST_RET_NO_SUCH_FILE   1003
00076 
00077 /* We use && now rather than if so this macro can be used inside if...else
00078    but that means the function must return an int rather than be void */
00079 #define GRSTerrorLog(GRSTerrorLevel, ...) ((GRSTerrorLogFunc != NULL) && ((GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, __VA_ARGS__)))
00080 
00081 extern int (*GRSTerrorLogFunc)(char *, int, int, char *, ...);
00082 
00083 /* these levels are the same as Unix syslog() and Apache ap_log_error() */
00084 
00085 #define GRST_LOG_EMERG   0
00086 #define GRST_LOG_ALERT   1
00087 #define GRST_LOG_CRIT    2
00088 #define GRST_LOG_ERR     3
00089 #define GRST_LOG_WARNING 4
00090 #define GRST_LOG_NOTICE  5
00091 #define GRST_LOG_INFO    6
00092 #define GRST_LOG_DEBUG   7
00093 
00094 #define GRST_MAX_TIME_T  INT32_MAX
00095 
00096 typedef struct { char                      *auri;
00097                  int                        delegation;
00098                  int                        nist_loa;
00099                  time_t                     notbefore;
00100                  time_t                     notafter;
00101                  void                      *next;     } GRSTgaclCred;
00102 
00103 /* used by pre-AURI GRSTgaclCred structs */ 
00104 __attribute__ ((deprecated))
00105 typedef struct { char                      *name;
00106                  char                      *value;
00107                  void                      *next;  } GRSTgaclNamevalue;
00108 
00109 typedef int                GRSTgaclAction;
00110 typedef unsigned int       GRSTgaclPerm;
00111  
00112 typedef struct { GRSTgaclCred   *firstcred;
00113                  GRSTgaclPerm    allowed;
00114                  GRSTgaclPerm    denied;
00115                  void           *next;    } GRSTgaclEntry;
00116  
00117 typedef struct { GRSTgaclEntry *firstentry; } GRSTgaclAcl;
00118  
00119 typedef struct { GRSTgaclCred *firstcred; char *dnlists; } GRSTgaclUser;
00120 
00121 #define GRST_PERM_NONE   0
00122 #define GRST_PERM_READ   1
00123 #define GRST_PERM_EXEC   2
00124 #define GRST_PERM_LIST   4
00125 #define GRST_PERM_WRITE  8
00126 #define GRST_PERM_ADMIN 16
00127 #define GRST_PERM_ALL   31
00128 
00129 /* DO NOT USE PermIsNone!! */
00130 #define GRSTgaclPermIsNone(perm)    ((perm) == 0)
00131 
00132 #define GRSTgaclPermHasNone(perm)    ((perm) == 0)
00133 #define GRSTgaclPermHasRead(perm)  (((perm) & GRST_PERM_READ ) != 0)
00134 #define GRSTgaclPermHasExec(perm)  (((perm) & GRST_PERM_EXEC ) != 0)
00135 #define GRSTgaclPermHasList(perm)  (((perm) & GRST_PERM_LIST ) != 0)
00136 #define GRSTgaclPermHasWrite(perm) (((perm) & GRST_PERM_WRITE) != 0)
00137 #define GRSTgaclPermHasAdmin(perm) (((perm) & GRST_PERM_ADMIN) != 0)
00138 
00139 #define GRST_ACTION_ALLOW 0
00140 #define GRST_ACTION_DENY  1
00141 
00142 #define GRST_HIST_PREFIX  ".grsthist"
00143 #define GRST_ACL_FILE     ".gacl"
00144 #define GRST_DN_LISTS     "/etc/grid-security/dn-lists"
00145 #define GRST_RECURS_LIMIT 9
00146 
00147 #define GRST_PROXYCERTINFO_OLD_OID      "1.3.6.1.4.1.3536.1.222"
00148 #define GRST_PROXYCERTINFO_OID          "1.3.6.1.5.5.7.1.14"
00149 #define GRST_VOMS_OID           "1.3.6.1.4.1.8005.100.100.5"
00150 #define GRST_VOMS_DIR           "/etc/grid-security/vomsdir"
00151 #define GRST_KEYUSAGE_OID       "2.5.29.15"
00152  
00153 #define GRST_ASN1_MAXCOORDLEN   50
00154 #define GRST_ASN1_MAXTAGS       500
00155 
00156 struct GRSTasn1TagList { char treecoords[GRST_ASN1_MAXCOORDLEN+1];
00157                          int  start;
00158                          int  headerlength;
00159                          int  length;
00160                          int  tag; } ;
00161 
00162 typedef struct { int    type;           /* CA, user, proxy, VOMS, ... */
00163                  int    errors;         /* unchecked, bad sig, bad time */
00164                  char   *issuer;        /* Cert CA DN, EEC of PC, or VOMS DN */
00165                  char   *dn;            /* Cert DN, or VOMS AC holder DN */
00166                  char   *value;         /* VOMS FQAN or NULL */
00167                  time_t notbefore;
00168                  time_t notafter;
00169                  int    delegation;     /* relative to END of any chain */
00170                  int    serial;
00171                  char   *ocsp;          /* accessLocation field */
00172                  void   *raw;           /* X509 or VOMS Extension object */
00173                  void   *next; } GRSTx509Cert;
00174 
00175 #define GRST_CERT_BAD_FORMAT 1
00176 #define GRST_CERT_BAD_CHAIN  2
00177 #define GRST_CERT_BAD_SIG    4
00178 #define GRST_CERT_BAD_TIME   8
00179 #define GRST_CERT_BAD_OCSP  16
00180 
00181 #define GRST_CERT_TYPE_CA    1
00182 #define GRST_CERT_TYPE_EEC   2
00183 #define GRST_CERT_TYPE_PROXY 3
00184 #define GRST_CERT_TYPE_VOMS  4
00185 
00186 /* a chain of certs, starting from the first CA */
00187 typedef struct { GRSTx509Cert *firstcert; } GRSTx509Chain;
00188 
00189 int GRSTx509CertLoad(GRSTx509Cert *, X509 *);
00190 int GRSTx509ChainLoadCheck(GRSTx509Chain **, STACK_OF(X509) *, X509 *, char *, char *);
00191 int GRSTx509ChainFree(GRSTx509Chain *);
00192 
00193 #define GRST_HTTP_PORT          777
00194 #define GRST_HTTPS_PORT         488
00195 #define GRST_HTCP_PORT          777
00196 #define GRST_GSIFTP_PORT        2811
00197                          
00198 #define GRSThtcpNOPop 0
00199 #define GRSThtcpTSTop 1
00200 
00201 typedef struct { unsigned char length_msb;
00202                  unsigned char length_lsb;
00203                  char text[1]; } GRSThtcpCountstr;
00204 
00205 #define GRSThtcpCountstrLen(string) (256*((string)->length_msb) + (string)->length_lsb)
00206 
00207 typedef struct { unsigned char total_length_msb;
00208                  unsigned char total_length_lsb;
00209                  unsigned char version_msb;
00210                  unsigned char version_lsb;
00211                  unsigned char data_length_msb;
00212                  unsigned char data_length_lsb;
00213                  unsigned int  response : 4;
00214                  unsigned int  opcode   : 4;
00215                  unsigned int  rr       : 1;                 
00216                  unsigned int  f1       : 1;
00217                  unsigned int  reserved : 6;
00218                  unsigned int  trans_id;        /* must be 4 bytes */
00219                  GRSThtcpCountstr *method;
00220                  GRSThtcpCountstr *uri;
00221                  GRSThtcpCountstr *version;
00222                  GRSThtcpCountstr *req_hdrs;
00223                  GRSThtcpCountstr *resp_hdrs;
00224                  GRSThtcpCountstr *entity_hdrs;
00225                  GRSThtcpCountstr *cache_hdrs;   } GRSThtcpMessage;
00226 
00227 int GRSTgaclInit(void);
00228 
00229 __attribute__ ((deprecated))
00230 GRSTgaclCred *GRSTgaclCredNew(char *);
00231 
00232 GRSTgaclCred *GRSTgaclCredCreate(char *, char *);
00233 
00234 __attribute__ ((deprecated))
00235 int     GRSTgaclCredAddValue(GRSTgaclCred *, char *, char *);
00236 
00237 #define GRSTgaclCredGetAuri(cred) ((cred)->auri)
00238 
00239 #define GRSTgaclCredSetNotBefore(cred, time) ((cred)->notbefore = (time))
00240 #define GRSTgaclCredGetNotBefore(cred) ((cred)->notbefore)
00241 
00242 #define GRSTgaclCredSetNotAfter(cred, time) ((cred)->notafter = (time))
00243 #define GRSTgaclCredGetNotAfter(cred) ((cred)->notafter)
00244 
00245 #define GRSTgaclCredSetDelegation(cred, level) ((cred)->delegation = (level))
00246 #define GRSTgaclCredGetDelegation(cred) ((cred)->delegation)
00247 
00248 #define GRSTgaclCredSetNistLoa(cred, level) ((cred)->nist_loa = (level))
00249 #define GRSTgaclCredGetNistLoa(cred) ((cred)->nist_loa)
00250 
00251 /* #define GACLfreeCred(x)              GRSTgaclCredFree((x)) */
00252 int        GRSTgaclCredFree(GRSTgaclCred *);
00253 
00254 /*  #define GACLaddCred(x,y)    GRSTgaclEntryAddCred((x),(y)) */
00255 int        GRSTgaclEntryAddCred(GRSTgaclEntry *, GRSTgaclCred *);
00256 
00257 /*  #define GACLdelCred(x,y)    GRSTgaclEntryDelCred((x),(y)) */
00258 int        GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *);
00259 
00260 /*  #define GACLprintCred(x,y)  GRSTgaclCredPrint((x),(y)) */
00261 int        GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *);
00262 
00263 int        GRSTgaclCredCmpAuri(GRSTgaclCred *, GRSTgaclCred *);
00264 
00265 /*  #define GACLnewEntry(x)             GRSTgaclEntryNew((x)) */
00266 GRSTgaclEntry *GRSTgaclEntryNew(void);
00267 
00268 /*  #define GACLfreeEntry(x)    GRSTgaclEntryFree((x)) */
00269 int        GRSTgaclEntryFree(GRSTgaclEntry *);
00270 
00271 /*  #define GACLaddEntry(x,y)   GRSTgaclAclAddEntry((x),(y)) */
00272 int        GRSTgaclAclAddEntry(GRSTgaclAcl *, GRSTgaclEntry *);
00273 
00274 /*  #define GACLprintEntry(x,y) GRSTgaclEntryPrint((x),(y)) */
00275 int        GRSTgaclEntryPrint(GRSTgaclEntry *, FILE *);
00276 
00277 
00278 /*  #define GACLprintPerm(x,y)  GRSTgaclPermPrint((x),(y)) */
00279 int        GRSTgaclPermPrint(GRSTgaclPerm, FILE *);
00280 
00281 /*  #define GACLallowPerm(x,y)  GRSTgaclEntryAllowPerm((x),(y)) */
00282 int        GRSTgaclEntryAllowPerm(GRSTgaclEntry *, GRSTgaclPerm);
00283 
00284 /*  #define GACLunallowPerm(x,y)        GRSTgaclEntryUnallowPerm((x),(y)) */
00285 int        GRSTgaclEntryUnallowPerm(GRSTgaclEntry *, GRSTgaclPerm);
00286 
00287 /*  #define GACLdenyPerm(x,y)   GRSTgaclEntryDenyPerm((x),(y)) */
00288 int        GRSTgaclEntryDenyPerm(GRSTgaclEntry *, GRSTgaclPerm);
00289 
00290 /*  #define GACLundenyPerm(x,y) GRSTgaclEntryUndenyPerm((x),(y)) */
00291 int        GRSTgaclEntryUndenyPerm(GRSTgaclEntry *, GRSTgaclPerm);
00292 
00293 /*  #define GACLpermToChar(x)   GRSTgaclPermToChar((x)) */
00294 char      *GRSTgaclPermToChar(GRSTgaclPerm);
00295 
00296 /*  #define GACLcharToPerm(x)   GRSTgaclPermFromChar((x)) */
00297 GRSTgaclPerm   GRSTgaclPermFromChar(char *);
00298 
00299 /*  #define GACLnewAcl(x)               GRSTgaclAclNew((x)) */
00300 GRSTgaclAcl   *GRSTgaclAclNew(void);
00301 
00302 /*  #define GACLfreeAcl(x)              GRSTgaclAclFree((x)) */
00303 int        GRSTgaclAclFree(GRSTgaclAcl *);
00304 
00305 /*  #define GACLprintAcl(x,y)   GRSTgaclAclPrint((x),(y)) */
00306 int        GRSTgaclAclPrint(GRSTgaclAcl *, FILE *);
00307 
00308 /*  #define GACLsaveAcl(x,y)    GRSTgaclAclSave((y),(x)) */
00309 int        GRSTgaclAclSave(GRSTgaclAcl *, char *);
00310 
00311 /*  #define GACLloadAcl(x)              GRSTgaclFileLoadAcl((x)) */
00312 GRSTgaclAcl   *GRSTgaclAclLoadFile(char *);
00313 
00314 /*  #define GACLfindAclForFile(x)       GRSTgaclFileFindAclname((x)) */
00315 char      *GRSTgaclFileFindAclname(char *);
00316 
00317 /*  #define GACLloadAclForFile(x)       GRSTgaclFileLoadAcl((x)) */
00318 GRSTgaclAcl   *GRSTgaclAclLoadforFile(char *);
00319 
00320 /*  #define GACLisAclFile(x)    GRSTgaclFileIsAcl((x)) */
00321 int        GRSTgaclFileIsAcl(char *);
00322 
00323 
00324 /*  #define GACLnewUser(x)              GRSTgaclUserNew((x)) */
00325 GRSTgaclUser *GRSTgaclUserNew(GRSTgaclCred *);
00326 
00327 /*  #define GACLfreeUser(x)             GRSTgaclUserFree((x)) */
00328 int       GRSTgaclUserFree(GRSTgaclUser *);
00329 
00330 /*  #define GACLuserAddCred(x,y)        GRSTgaclUserAddCred((x),(y)) */
00331 int       GRSTgaclUserAddCred(GRSTgaclUser *, GRSTgaclCred *);
00332 
00333 /*  #define GACLuserHasCred(x,y)        GRSTgaclUserHasCred((x),(y)) */
00334 int       GRSTgaclUserHasCred(GRSTgaclUser *, GRSTgaclCred *);
00335 
00336 __attribute__ ((deprecated))
00337 int       GRSTgaclUserSetDNlists(GRSTgaclUser *, char *);
00338 
00339 int       GRSTgaclUserLoadDNlists(GRSTgaclUser *, char *);
00340 
00341 /*  #define GACLuserFindCredType(x,y) GRSTgaclUserFindCredtype((x),(y)) */
00342 GRSTgaclCred *GRSTgaclUserFindCredtype(GRSTgaclUser *, char *);
00343 
00344 __attribute__ ((deprecated))
00345 int GRSTgaclDNlistHasUser(char *, GRSTgaclUser *);
00346 
00347 int GRSTgaclUserHasAURI(GRSTgaclUser *, char *);
00348 
00349 /*  #define GACLtestUserAcl(x,y)        GRSTgaclAclTestUser((x),(y)) */
00350 GRSTgaclPerm   GRSTgaclAclTestUser(GRSTgaclAcl *, GRSTgaclUser *);
00351 
00352 /*  #define GACLtestExclAcl(x,y)        GRSTgaclAclTestexclUser((x),(y)) */
00353 GRSTgaclPerm   GRSTgaclAclTestexclUser(GRSTgaclAcl *, GRSTgaclUser *);
00354 
00355 char      *GRSThttpUrlDecode(char *);
00356 
00357 /*  #define GACLurlEncode(x)    GRSThttpUrlEncode((x)) */
00358 char      *GRSThttpUrlEncode(char *);
00359 
00360 /*  #define GACLmildUrlEncode(x)        GRSThttpMildUrlEncode((x)) */
00361 char      *GRSThttpUrlMildencode(char *);
00362 
00363 int GRSTx509NameCmp(char *, char *);
00364 
00365 int GRSTx509KnownCriticalExts(X509 *);
00366 
00367 int GRSTx509IsCA(X509 *);
00368 int GRSTx509CheckChain(int *, X509_STORE_CTX *);
00369 int GRSTx509VerifyCallback(int, X509_STORE_CTX *);
00370 
00371 __attribute__ ((deprecated))
00372 int GRSTx509GetVomsCreds(int *, int, size_t, char *, X509 *, STACK_OF(X509) *, char *);
00373 
00374 __attribute__ ((deprecated))
00375 GRSTgaclCred *GRSTx509CompactToCred(char *);
00376 
00377 __attribute__ ((deprecated))
00378 int GRSTx509CompactCreds(int *, int, size_t, char *, STACK_OF(X509) *, char *, X509 *);
00379 
00380 char *GRSTx509CachedProxyFind(char *, char *, char *);
00381 char *GRSTx509FindProxyFileName(void);
00382 int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int);
00383 char *GRSTx509CachedProxyKeyFind(char *, char *, char *);
00384 int GRSTx509ProxyDestroy(char *, char *, char *);
00385 int GRSTx509ProxyGetTimes(char *, char *, char *, time_t *, time_t *);
00386 int GRSTx509CreateProxyRequest(char **, char **, char *);
00387 int GRSTx509MakeProxyRequest(char **, char *, char *, char *);
00388 int GRSTx509StringToChain(STACK_OF(X509) **, char *);
00389 char *GRSTx509MakeDelegationID(void);
00390 char *GRSTx509MakeProxyFileName(char *, STACK_OF(X509) *);
00391 int GRSTx509CacheProxy(char *, char *, char *, char *);
00392 
00393 #define GRST_HEADFILE   "gridsitehead.txt"
00394 #define GRST_FOOTFILE   "gridsitefoot.txt"
00395 #define GRST_ADMIN_FILE "gridsite-admin.cgi"
00396 
00397 typedef struct { char *text;
00398                  void *next; } GRSThttpCharsList;
00399 
00400 typedef struct { size_t             size;
00401                  GRSThttpCharsList *first;
00402                  GRSThttpCharsList *last;  } GRSThttpBody;
00403 
00404 void  GRSThttpBodyInit(GRSThttpBody *); 
00405 void  GRSThttpPrintf(GRSThttpBody *, char *, ...);
00406 int   GRSThttpCopy(GRSThttpBody *, char *);
00407 void  GRSThttpWriteOut(GRSThttpBody *);
00408 int   GRSThttpPrintHeaderFooter(GRSThttpBody *, char *, char *);
00409 int   GRSThttpPrintHeader(GRSThttpBody *, char *);
00410 int   GRSThttpPrintFooter(GRSThttpBody *, char *);
00411 char *GRSThttpGetCGI(char *);
00412 
00413 time_t GRSTasn1TimeToTimeT(char *, size_t);
00414 int    GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[], int, char *);
00415 int    GRSTasn1ParseDump(BIO *, unsigned char *, long,
00416                          struct GRSTasn1TagList taglist[], int, int *);
00417 int    GRSTasn1GetX509Name(char *, int, char *, char *,
00418                            struct GRSTasn1TagList taglist[], int);
00419 
00420 int    GRSThtcpNOPrequestMake(char **, int *, unsigned int);
00421 int    GRSThtcpNOPresponseMake(char **, int *, unsigned int);
00422 int    GRSThtcpTSTrequestMake(char **, int *, unsigned int, char *, char *, char *);
00423 int    GRSThtcpTSTresponseMake(char **, int *, unsigned int, char *, char *, char *);
00424 int    GRSThtcpMessageParse(GRSThtcpMessage *, char *, int);
00425 
00426 #ifdef __cplusplus
00427 } // extern "C"
00428 #endif
00429 
00430 #endif // GRST_VERSION

Generated on Sun Sep 26 15:24:41 2010 by  doxygen 1.3.9.1