globus_gssapi_gsi  12.1
gssapi_openssl.h
Go to the documentation of this file.
1 /*
2  * Copyright 1999-2006 University of Chicago
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef GSSAPI_OPENSSL_H
18 #define GSSAPI_OPENSSL_H
19 
26 #include "globus_config.h"
27 #include "globus_common.h"
28 
29 #include "gssapi.h"
31 
32 #include "globus_gsi_callback.h"
33 #include "globus_gsi_proxy.h"
34 #include "globus_gsi_credential.h"
35 
36 #include <stdio.h>
37 #include "openssl/ssl.h"
38 #include "openssl/err.h"
39 #include "openssl/bio.h"
40 #include "openssl/pem.h"
41 #include "openssl/x509.h"
42 #include "openssl/x509v3.h"
43 #include "openssl/stack.h"
44 
45 #define GLOBUS_I_GSI_GSSAPI_IMPL_VERSION 1
46 
47 #define GSS_I_CTX_INITIALIZED 1
48 #define GSS_I_DISALLOW_ENCRYPTION 2
49 #define GSS_I_PROTECTION_FAIL_ON_CONTEXT_EXPIRATION 4
50 #define GSS_I_APPLICATION_WILL_HANDLE_EXTENSIONS 8
51 
52 #define GSS_C_QOP_GLOBUS_GSSAPI_OPENSSL_BIG 1
53 
54 /*
55  * we need to distinguish between a token
56  * created by us using get_mic vs one using
57  * the SSL application data
58  * We use this in wrap and unwrap
59  * Future versions of SSL may use this
60  *
61  * Our wrapped buffer (integrity only) has
62  *
63  * byte type[1] = SSL3_RT_GSSAPI_OPENSSL
64  * byte version_major[1] = 0x03
65  * byte version_minor[1] = 0
66  * byte mic_length[2] = 2 byte length of following mic
67  *
68  * byte mic_seq[8] = 8 byte sequence number
69  * byte mic_data_length[4] = 4 byte length of data
70  * byte hash[*] = the hash of variable length
71  *
72  * byte data[*] = the data being wrapped.
73  */
74 
75 #define SSL3_RT_GSSAPI_OPENSSL 26
76 
77 /* These conversions macros are taken from SSL */
78 
79 #define L2N(LONG_VAL, CHAR_ARRAY) \
80  { \
81  unsigned char * _char_array_ = CHAR_ARRAY; \
82  *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 24) & 0xff); \
83  *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 16) & 0xff); \
84  *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 8) & 0xff); \
85  *(_char_array_++) = (unsigned char) (((LONG_VAL)) & 0xff); \
86  }
87 
88 #define N2L(CHAR_ARRAY, LONG_VAL) \
89  { \
90  unsigned char * _char_array_ = CHAR_ARRAY; \
91  (LONG_VAL) = ((*(_char_array_++)) << 24) & 0xff000000; \
92  (LONG_VAL) |= ((*(_char_array_++)) << 16) & 0xff0000; \
93  (LONG_VAL) |= ((*(_char_array_++)) << 8) & 0xff00; \
94  (LONG_VAL) |= ((*(_char_array_++)) & 0xff); \
95  }
96 
97 #define N2S(CHAR_ARRAY, SHORT) \
98  { \
99  char * _char_array_ = CHAR_ARRAY; \
100  (SHORT) = ((unsigned int) (*(_char_array_++))) << 8; \
101  (SHORT) |= ((unsigned int) (*(_char_array_++))); \
102  }
103 
104 #define S2N(SHORT, CHAR_ARRAY) \
105  { \
106  char * _char_array_ = CHAR_ARRAY; \
107  *(_char_array_++) = (unsigned char) (((SHORT) >> 8) & 0xff); \
108  *(_char_array_++) = (unsigned char) ((SHORT) & 0xff); \
109  }
110 
111 /* Compare OIDs */
112 
113 #define g_OID_equal(o1, o2) \
114  (((o1) == (o2)) || \
115  ((o1) && (o2) && \
116  ((o1)->length == (o2)->length) && \
117  (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0)))
118 
119 typedef struct gss_name_desc_struct {
120  /* gss_buffer_desc name_buffer ; */
121  gss_OID name_oid;
122 
123  X509_NAME * x509n;
124  char * x509n_oneline;
125  GENERAL_NAMES * subjectAltNames;
126  char * user_name;
127  char * service_name;
128  char * host_name;
129  char * ip_address;
130  char * ip_name;
131 } gss_name_desc;
132 
133 typedef struct gss_cred_id_desc_struct {
134  globus_gsi_cred_handle_t cred_handle;
135  gss_name_desc * globusid;
136  gss_cred_usage_t cred_usage;
137  SSL_CTX * ssl_context;
138 } gss_cred_id_desc;
139 
140 typedef struct gss_ctx_id_desc_struct{
141  globus_mutex_t mutex;
142  globus_gsi_callback_data_t callback_data;
143  gss_cred_id_desc * peer_cred_handle;
144  gss_cred_id_desc * cred_handle;
145  gss_cred_id_desc * deleg_cred_handle;
146  globus_gsi_proxy_handle_t proxy_handle;
147  OM_uint32 ret_flags;
148  OM_uint32 req_flags;
149  OM_uint32 ctx_flags;
150  int cred_obtained;
151  SSL * gss_ssl;
152  BIO * gss_rbio;
153  BIO * gss_wbio;
154  BIO * gss_sslbio;
155  gss_con_st_t gss_state;
156  int locally_initiated;
157  gss_delegation_state_t delegation_state;
158  gss_OID_set extension_oids;
159 } gss_ctx_id_desc;
160 
161 extern
162 const gss_OID_desc * const gss_mech_globus_gssapi_openssl;
163 
164 extern
165 const gss_OID_desc * const gss_proxycertinfo_extension;
166 
167 extern
168 gss_OID_desc * gss_nt_host_ip;
169 
170 extern
171 gss_OID_desc * gss_nt_x509;
172 
173 #define GLOBUS_GSS_C_NT_HOST_IP gss_nt_host_ip
174 #define GLOBUS_GSS_C_NT_X509 gss_nt_x509
175 
176 extern
177 globus_thread_once_t once_control;
178 
179 void
180 globus_l_gsi_gssapi_activate_once(void);
181 
182 #endif /* GSSAPI_OPENSSL_H */
gss_delegation_state_t
Delegation State Type.
Definition: globus_gsi_gss_constants.h:110
globus_thread_once_t once_control
Definition: module.c:98
gss_con_st_t
Connection State Type.
Definition: globus_gsi_gss_constants.h:98
Globus GSI GSS constants.