Data Structures | Typedefs | Functions | Variables
gridsite.h File Reference

Go to the source code of this file.

Data Structures

struct  GRSTgaclCred
struct  GRSTgaclEntry
struct  GRSTgaclAcl
struct  GRSTgaclUser
struct  GRSTasn1TagList
struct  GRSTx509Cert
struct  GRSTx509Chain
struct  GRSThtcpCountstr
struct  GRSThtcpMessage
struct  GRSThttpCharsList
struct  GRSThttpBody

Typedefs

typedef int GRSTgaclAction
typedef unsigned int GRSTgaclPerm

Functions

 __attribute__ ((deprecated)) typedef struct
int GRSTx509CertLoad (GRSTx509Cert *, X509 *)
int GRSTx509ChainLoadCheck (GRSTx509Chain **, STACK_OF(X509)*, X509 *, char *, char *)
 Check certificate chain for GSI proxy acceptability.
int GRSTx509ChainFree (GRSTx509Chain *)
int GRSTgaclInit (void)
GRSTgaclCredGRSTgaclCredCreate (char *, char *)
int GRSTgaclCredFree (GRSTgaclCred *)
int GRSTgaclEntryAddCred (GRSTgaclEntry *, GRSTgaclCred *)
int GRSTgaclEntryDelCred (GRSTgaclEntry *, GRSTgaclCred *)
int GRSTgaclCredCredPrint (GRSTgaclCred *, FILE *)
int GRSTgaclCredCmpAuri (GRSTgaclCred *, GRSTgaclCred *)
GRSTgaclEntryGRSTgaclEntryNew (void)
int GRSTgaclEntryFree (GRSTgaclEntry *)
int GRSTgaclAclAddEntry (GRSTgaclAcl *, GRSTgaclEntry *)
int GRSTgaclEntryPrint (GRSTgaclEntry *, FILE *)
int GRSTgaclPermPrint (GRSTgaclPerm, FILE *)
int GRSTgaclEntryAllowPerm (GRSTgaclEntry *, GRSTgaclPerm)
int GRSTgaclEntryUnallowPerm (GRSTgaclEntry *, GRSTgaclPerm)
int GRSTgaclEntryDenyPerm (GRSTgaclEntry *, GRSTgaclPerm)
int GRSTgaclEntryUndenyPerm (GRSTgaclEntry *, GRSTgaclPerm)
char * GRSTgaclPermToChar (GRSTgaclPerm)
GRSTgaclPerm GRSTgaclPermFromChar (char *)
GRSTgaclAclGRSTgaclAclNew (void)
int GRSTgaclAclFree (GRSTgaclAcl *)
int GRSTgaclAclPrint (GRSTgaclAcl *, FILE *)
int GRSTgaclAclSave (GRSTgaclAcl *, char *)
GRSTgaclAclGRSTgaclAclLoadFile (char *)
char * GRSTgaclFileFindAclname (char *)
GRSTgaclAclGRSTgaclAclLoadforFile (char *)
int GRSTgaclFileIsAcl (char *)
GRSTgaclUserGRSTgaclUserNew (GRSTgaclCred *)
int GRSTgaclUserFree (GRSTgaclUser *)
int GRSTgaclUserAddCred (GRSTgaclUser *, GRSTgaclCred *)
int GRSTgaclUserHasCred (GRSTgaclUser *, GRSTgaclCred *)
char *int GRSTgaclUserLoadDNlists (GRSTgaclUser *, char *)
GRSTgaclCredGRSTgaclUserFindCredtype (GRSTgaclUser *, char *)
GRSTgaclUser *int GRSTgaclUserHasAURI (GRSTgaclUser *, char *)
GRSTgaclPerm GRSTgaclAclTestUser (GRSTgaclAcl *, GRSTgaclUser *)
GRSTgaclPerm GRSTgaclAclTestexclUser (GRSTgaclAcl *, GRSTgaclUser *)
char * GRSThttpUrlDecode (char *)
char * GRSThttpUrlEncode (char *)
char * GRSThttpUrlMildencode (char *)
int GRSTx509NameCmp (char *, char *)
 Compare X509 Distinguished Name strings.
int GRSTx509KnownCriticalExts (X509 *)
 Check critical extensions.
int GRSTx509IsCA (X509 *)
 Check if certificate can be used as a CA to sign standard X509 certs.
int GRSTx509CheckChain (int *, X509_STORE_CTX *)
 Check certificate chain for GSI proxy acceptability.
int GRSTx509VerifyCallback (int, X509_STORE_CTX *)
 Example VerifyCallback routine.
char X509 STACK_OF (X509)*
char char X509 *char * GRSTx509CachedProxyFind (char *, char *, char *)
 Find a proxy file in the proxy cache.
char * GRSTx509FindProxyFileName (void)
 Find proxy file name of the current user.
int GRSTx509MakeProxyCert (char **, FILE *, char *, char *, char *, int)
 Make a GSI Proxy chain from a request, certificate and private key.
char * GRSTx509CachedProxyKeyFind (char *, char *, char *)
 Find a temporary proxy private key file in the proxy cache.
int GRSTx509ProxyDestroy (char *, char *, char *)
 Destroy stored GSI proxy files.
int GRSTx509ProxyGetTimes (char *, char *, char *, time_t *, time_t *)
 Get start and finish validity times of stored GSI proxy file.
int GRSTx509CreateProxyRequest (char **, char **, char *)
 Create a X.509 request for a GSI proxy and its private key.
int GRSTx509MakeProxyRequest (char **, char *, char *, char *)
 Make and store a X.509 request for a GSI proxy.
char * GRSTx509MakeDelegationID (void)
 Returns a Delegation ID based on hash of GRST_CRED_0, ...
int GRSTx509StringToChain (STACK_OF(X509)**, char *)
 Create a stack of X509 certificate from a PEM-encoded string.
char * GRSTx509MakeProxyFileName (char *, STACK_OF(X509)*)
 Return the short file name for the given delegation_id and user_dn.
int GRSTx509CacheProxy (char *, char *, char *, char *)
 Store a GSI proxy chain in the proxy cache, along with the private key.
void GRSThttpBodyInit (GRSThttpBody *)
void GRSThttpPrintf (GRSThttpBody *, char *,...)
int GRSThttpCopy (GRSThttpBody *, char *)
void GRSThttpWriteOut (GRSThttpBody *)
int GRSThttpPrintHeaderFooter (GRSThttpBody *, char *, char *)
int GRSThttpPrintHeader (GRSThttpBody *, char *)
int GRSThttpPrintFooter (GRSThttpBody *, char *)
char * GRSThttpGetCGI (char *)
time_t GRSTasn1TimeToTimeT (char *, size_t)
 ASN1 time string (in a char *) to time_t.
int GRSTasn1SearchTaglist (struct GRSTasn1TagList taglist[], int, char *)
int GRSTasn1ParseDump (BIO *, unsigned char *, long, struct GRSTasn1TagList taglist[], int, int *)
int GRSTasn1GetX509Name (char *, int, char *, char *, struct GRSTasn1TagList taglist[], int)
int GRSThtcpNOPrequestMake (char **, int *, unsigned int)
int GRSThtcpNOPresponseMake (char **, int *, unsigned int)
int GRSThtcpTSTrequestMake (char **, int *, unsigned int, char *, char *, char *)
int GRSThtcpTSTresponseMake (char **, int *, unsigned int, char *, char *, char *)
int GRSThtcpMessageParse (GRSThtcpMessage *, char *, int)

Variables

int(* GRSTerrorLogFunc )(char *, int, int, char *,...)
 GRSTgaclNamevalue
 int
 size_t

Typedef Documentation

typedef unsigned int GRSTgaclPerm

Function Documentation

__attribute__ ( (deprecated)  )
int GRSTasn1GetX509Name ( char *  ,
int  ,
char *  ,
char *  ,
struct GRSTasn1TagList  taglist[],
int   
)
int GRSTasn1ParseDump ( BIO *  ,
unsigned char *  ,
long  ,
struct GRSTasn1TagList  taglist[],
int  ,
int  
)
int GRSTasn1SearchTaglist ( struct GRSTasn1TagList  taglist[],
int  ,
char *   
)
time_t GRSTasn1TimeToTimeT ( char *  asn1time,
size_t  len 
)

ASN1 time string (in a char *) to time_t.

(Use ASN1_STRING_data() to convert ASN1_GENERALIZEDTIME to char * if necessary)

int GRSTgaclAclAddEntry ( GRSTgaclAcl ,
GRSTgaclEntry  
)
int GRSTgaclAclFree ( GRSTgaclAcl )
GRSTgaclAcl* GRSTgaclAclLoadFile ( char *  )
GRSTgaclAcl* GRSTgaclAclLoadforFile ( char *  )
GRSTgaclAcl* GRSTgaclAclNew ( void  )
int GRSTgaclAclPrint ( GRSTgaclAcl ,
FILE *   
)
int GRSTgaclAclSave ( GRSTgaclAcl ,
char *   
)
GRSTgaclPerm GRSTgaclAclTestexclUser ( GRSTgaclAcl ,
GRSTgaclUser  
)
GRSTgaclPerm GRSTgaclAclTestUser ( GRSTgaclAcl ,
GRSTgaclUser  
)
int GRSTgaclCredCmpAuri ( GRSTgaclCred ,
GRSTgaclCred  
)
GRSTgaclCred* GRSTgaclCredCreate ( char *  ,
char *   
)
int GRSTgaclCredCredPrint ( GRSTgaclCred ,
FILE *   
)
int GRSTgaclCredFree ( GRSTgaclCred )
int GRSTgaclEntryAddCred ( GRSTgaclEntry ,
GRSTgaclCred  
)
int GRSTgaclEntryAllowPerm ( GRSTgaclEntry ,
GRSTgaclPerm   
)
int GRSTgaclEntryDelCred ( GRSTgaclEntry ,
GRSTgaclCred  
)
int GRSTgaclEntryDenyPerm ( GRSTgaclEntry ,
GRSTgaclPerm   
)
int GRSTgaclEntryFree ( GRSTgaclEntry )
GRSTgaclEntry* GRSTgaclEntryNew ( void  )
int GRSTgaclEntryPrint ( GRSTgaclEntry ,
FILE *   
)
int GRSTgaclEntryUnallowPerm ( GRSTgaclEntry ,
GRSTgaclPerm   
)
int GRSTgaclEntryUndenyPerm ( GRSTgaclEntry ,
GRSTgaclPerm   
)
char* GRSTgaclFileFindAclname ( char *  )
int GRSTgaclFileIsAcl ( char *  )
int GRSTgaclInit ( void  )
GRSTgaclPerm GRSTgaclPermFromChar ( char *  )
int GRSTgaclPermPrint ( GRSTgaclPerm  ,
FILE *   
)
char* GRSTgaclPermToChar ( GRSTgaclPerm  )
int GRSTgaclUserAddCred ( GRSTgaclUser ,
GRSTgaclCred  
)
GRSTgaclCred* GRSTgaclUserFindCredtype ( GRSTgaclUser ,
char *   
)
int GRSTgaclUserFree ( GRSTgaclUser )
GRSTgaclUser* int GRSTgaclUserHasAURI ( GRSTgaclUser ,
char *   
)
int GRSTgaclUserHasCred ( GRSTgaclUser ,
GRSTgaclCred  
)
char* int GRSTgaclUserLoadDNlists ( GRSTgaclUser ,
char *   
)
GRSTgaclUser* GRSTgaclUserNew ( GRSTgaclCred )
int GRSThtcpMessageParse ( GRSThtcpMessage ,
char *  ,
int   
)
int GRSThtcpNOPrequestMake ( char **  ,
int ,
unsigned  int 
)
int GRSThtcpNOPresponseMake ( char **  ,
int ,
unsigned  int 
)
int GRSThtcpTSTrequestMake ( char **  ,
int ,
unsigned  int,
char *  ,
char *  ,
char *   
)
int GRSThtcpTSTresponseMake ( char **  ,
int ,
unsigned  int,
char *  ,
char *  ,
char *   
)
void GRSThttpBodyInit ( GRSThttpBody )
int GRSThttpCopy ( GRSThttpBody ,
char *   
)
char* GRSThttpGetCGI ( char *  )
void GRSThttpPrintf ( GRSThttpBody ,
char *  ,
  ... 
)
int GRSThttpPrintFooter ( GRSThttpBody ,
char *   
)
int GRSThttpPrintHeader ( GRSThttpBody ,
char *   
)
int GRSThttpPrintHeaderFooter ( GRSThttpBody ,
char *  ,
char *   
)
char* GRSThttpUrlDecode ( char *  )
char* GRSThttpUrlEncode ( char *  )
char* GRSThttpUrlMildencode ( char *  )
void GRSThttpWriteOut ( GRSThttpBody )
char char X509* char* GRSTx509CachedProxyFind ( char *  proxydir,
char *  delegation_id,
char *  user_dn 
)

Find a proxy file in the proxy cache.

Returns the full path and file name of proxy file associated with given delegation ID and user DN.

Return a pointer to a malloc'd string with the full path of the proxy file corresponding to the given delegation_id, or NULL if not found.

char* GRSTx509CachedProxyKeyFind ( char *  proxydir,
char *  delegation_id,
char *  user_dn 
)

Find a temporary proxy private key file in the proxy cache.

Returns the full path and file name of the private key file associated with given delegation ID and user DN.

Return a pointer to a malloc'd string with the full path of the private proxy key corresponding to the given delegation_id, or NULL if not found.

int GRSTx509CacheProxy ( char *  proxydir,
char *  delegation_id,
char *  user_dn,
char *  proxychain 
)

Store a GSI proxy chain in the proxy cache, along with the private key.

Returns GRST_RET_OK on success, non-zero otherwise. The existing private key with the same delegation ID and user DN is moved out of the temporary cache.

int GRSTx509CertLoad ( GRSTx509Cert ,
X509 *   
)
int GRSTx509ChainFree ( GRSTx509Chain )
int GRSTx509ChainLoadCheck ( GRSTx509Chain **  chain,
STACK_OF(X509)*  certstack,
X509 *  lastcert,
char *  capath,
char *  vomsdir 
)

Check certificate chain for GSI proxy acceptability.

Returns GRST_RET_OK if valid; OpenSSL X509 errors otherwise.

The GridSite version handles old and new style Globus proxies, and proxies derived from user certificates issued with "X509v3 Basic Constraints: CA:FALSE" (eg UK e-Science CA)

TODO: we do not yet check ProxyCertInfo and ProxyCertPolicy extensions (although via GRSTx509KnownCriticalExts() we can accept them.)

int GRSTx509CheckChain ( int first_non_ca,
X509_STORE_CTX *  ctx 
)

Check certificate chain for GSI proxy acceptability.

Returns X509_V_OK/GRST_RET_OK if valid; OpenSSL X509 errors otherwise.

Inspired by GSIcheck written by Mike Jones, SVE, Manchester Computing, The University of Manchester.

The GridSite version handles old and new style Globus proxies, and proxies derived from user certificates issued with "X509v3 Basic Constraints: CA:FALSE" (eg UK e-Science CA)

We do not check chain links between certs here: this is done by GRST_check_issued/X509_check_issued in mod_ssl's ssl_engine_init.c

TODO: we do not yet check ProxyCertInfo and ProxyCertPolicy extensions (although via GRSTx509KnownCriticalExts() we can accept them.)

int GRSTx509CreateProxyRequest ( char **  reqtxt,
char **  keytxt,
char *  ocspurl 
)

Create a X.509 request for a GSI proxy and its private key.

Returns GRST_RET_OK on success, non-zero otherwise. Request string and private key are PEM encoded strings

char* GRSTx509FindProxyFileName ( void  )

Find proxy file name of the current user.

Return a string with the proxy file name or NULL if not present. This function does not check if the proxy has expired.

int GRSTx509IsCA ( X509 *  cert)

Check if certificate can be used as a CA to sign standard X509 certs.

Return GRST_RET_OK if true; GRST_RET_FAILED if not.

int GRSTx509KnownCriticalExts ( X509 *  cert)

Check critical extensions.

Returning GRST_RET_OK if all of extensions are known to us or OpenSSL; GRST_REF_FAILED otherwise.

Since this function relies on functionality (X509_supported_extension) introduced in 0.9.7, then we do nothing and report an error (GRST_RET_FAILED) if one of the associated defines (X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) is absent.

char* GRSTx509MakeDelegationID ( void  )

Returns a Delegation ID based on hash of GRST_CRED_0, ...

Returns a malloc'd string with Delegation ID made by SHA1-hashing the values of the compact credentials exported by mod_gridsite

int GRSTx509MakeProxyCert ( char **  proxychain,
FILE *  debugfp,
char *  reqtxt,
char *  cert,
char *  key,
int  minutes 
)

Make a GSI Proxy chain from a request, certificate and private key.

The proxy chain is returned in *proxychain. If debugfp is non-NULL, errors are output to that file pointer. The proxy will expired in the given number of minutes starting from the current time.

char* GRSTx509MakeProxyFileName ( char *  delegation_id,
STACK_OF(X509)*  certstack 
)

Return the short file name for the given delegation_id and user_dn.

Returns a malloc'd string with the short file name (no paths) that derived from the hashed delegation_id and user_dn

File name is SHA1_HASH(DelegationID)+"-"+SHA1_HASH(DN) where DN is DER encoded version of user_dn with any trailing CN=proxy removed Hashes are the most significant 8 bytes, in lowercase hexadecimal.

int GRSTx509MakeProxyRequest ( char **  reqtxt,
char *  proxydir,
char *  delegation_id,
char *  user_dn 
)

Make and store a X.509 request for a GSI proxy.

Returns GRST_RET_OK on success, non-zero otherwise. Request string is PEM encoded, and the key is stored in the temporary cache under proxydir

int GRSTx509NameCmp ( char *  a,
char *  b 
)

Compare X509 Distinguished Name strings.

This function attempts to do with string representations what would ideally be done with OIDs/values. In particular, we equate "/Email=" == "/emailAddress=" to deal with this important change between OpenSSL 0.9.6 and 0.9.7. Other than that, it is currently the same as ordinary strcasecmp(3) (for consistency with EDG/LCG/EGEE gridmapdir case insensitivity.)

int GRSTx509ProxyDestroy ( char *  proxydir,
char *  delegation_id,
char *  user_dn 
)

Destroy stored GSI proxy files.

Returns GRST_RET_OK on success, non-zero otherwise. (Including GRST_RET_NO_SUCH_FILE if the private key or cert chain were not found.)

int GRSTx509ProxyGetTimes ( char *  proxydir,
char *  delegation_id,
char *  user_dn,
time_t *  start,
time_t *  finish 
)

Get start and finish validity times of stored GSI proxy file.

Returns GRST_RET_OK on success, non-zero otherwise. (Including GRST_RET_NO_SUCH_FILE if the cert chain was not found.)

int GRSTx509StringToChain ( STACK_OF(X509)**  certstack,
char *  certstring 
)

Create a stack of X509 certificate from a PEM-encoded string.

Creates a dynamically allocated stack of X509 certificate objects by walking through the PEM-encoded X509 certificates.

Returns GRST_RET_OK on success, non-zero otherwise.

int GRSTx509VerifyCallback ( int  ,
X509_STORE_CTX *   
)

Example VerifyCallback routine.

char STACK_OF ( X509  )

Variable Documentation

int(* GRSTerrorLogFunc)(char *, int, int, char *,...)
int