00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036 #ifndef HEADER_GRIDSITE_H
00037 #define HEADER_GRIDSITE_H
00038
00039 #ifndef GRST_VERSION
00040 #define GRST_VERSION 010500
00041 #endif
00042
00043 #ifdef __cplusplus
00044 extern "C" {
00045 #endif
00046
00047 #ifndef GRST_NO_OPENSSL
00048
00049 #ifndef HEADER_SSL_H
00050 #include <openssl/ssl.h>
00051 #endif
00052
00053 #ifndef HEADER_CRYPTO_H
00054 #include <openssl/crypto.h>
00055 #endif
00056
00057 #endif
00058
00059 #ifndef _TIME_H
00060 #include <time.h>
00061 #endif
00062
00063 #ifndef _STDIO_H
00064 #include <stdio.h>
00065 #endif
00066
00067 #ifndef _STDINT_H
00068 #include <stdint.h>
00069 #endif
00070
00071 #ifndef FALSE
00072 #define FALSE (0)
00073 #endif
00074 #ifndef TRUE
00075 #define TRUE (!FALSE)
00076 #endif
00077
00078
00079 #define GRST_RET_OK 0
00080
00081
00082 #define GRST_RET_FAILED 1000
00083
00084
00085 #define GRST_RET_CERT_NOT_FOUND 1001
00086
00087
00088 #define GRST_RET_BAD_SIGNATURE 1002
00089
00090
00091 #define GRST_RET_NO_SUCH_FILE 1003
00092
00093
00094
00095 #define GRSTerrorLog(GRSTerrorLevel, ...) ((GRSTerrorLogFunc != NULL) && ((GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, __VA_ARGS__)))
00096
00097 extern int (*GRSTerrorLogFunc)(char *, int, int, char *, ...);
00098
00099
00100
00101 #define GRST_LOG_EMERG 0
00102 #define GRST_LOG_ALERT 1
00103 #define GRST_LOG_CRIT 2
00104 #define GRST_LOG_ERR 3
00105 #define GRST_LOG_WARNING 4
00106 #define GRST_LOG_NOTICE 5
00107 #define GRST_LOG_INFO 6
00108 #define GRST_LOG_DEBUG 7
00109
00110 #define GRST_MAX_TIME_T INT32_MAX
00111
00112 typedef struct { char *auri;
00113 int delegation;
00114 int nist_loa;
00115 time_t notbefore;
00116 time_t notafter;
00117 void *next; } GRSTgaclCred;
00118
00119
00120 __attribute__ ((deprecated))
00121 typedef struct { char *name;
00122 char *value;
00123 void *next; } GRSTgaclNamevalue;
00124
00125 typedef int GRSTgaclAction;
00126 typedef unsigned int GRSTgaclPerm;
00127
00128 typedef struct { GRSTgaclCred *firstcred;
00129 GRSTgaclPerm allowed;
00130 GRSTgaclPerm denied;
00131 void *next; } GRSTgaclEntry;
00132
00133 typedef struct { GRSTgaclEntry *firstentry; } GRSTgaclAcl;
00134
00135 typedef struct { GRSTgaclCred *firstcred; char *dnlists; } GRSTgaclUser;
00136
00137 #define GRST_PERM_NONE 0
00138 #define GRST_PERM_READ 1
00139 #define GRST_PERM_EXEC 2
00140 #define GRST_PERM_LIST 4
00141 #define GRST_PERM_WRITE 8
00142 #define GRST_PERM_ADMIN 16
00143 #define GRST_PERM_ALL 31
00144
00145
00146 #define GRSTgaclPermIsNone(perm) ((perm) == 0)
00147
00148 #define GRSTgaclPermHasNone(perm) ((perm) == 0)
00149 #define GRSTgaclPermHasRead(perm) (((perm) & GRST_PERM_READ ) != 0)
00150 #define GRSTgaclPermHasExec(perm) (((perm) & GRST_PERM_EXEC ) != 0)
00151 #define GRSTgaclPermHasList(perm) (((perm) & GRST_PERM_LIST ) != 0)
00152 #define GRSTgaclPermHasWrite(perm) (((perm) & GRST_PERM_WRITE) != 0)
00153 #define GRSTgaclPermHasAdmin(perm) (((perm) & GRST_PERM_ADMIN) != 0)
00154
00155 #define GRST_ACTION_ALLOW 0
00156 #define GRST_ACTION_DENY 1
00157
00158 #define GRST_HIST_PREFIX ".grsthist"
00159 #define GRST_ACL_FILE ".gacl"
00160 #define GRST_DN_LISTS "/etc/grid-security/dn-lists"
00161 #define GRST_RECURS_LIMIT 9
00162
00163 #define GRST_PROXYCERTINFO_OLD_OID "1.3.6.1.4.1.3536.1.222"
00164 #define GRST_PROXYCERTINFO_OID "1.3.6.1.5.5.7.1.14"
00165 #define GRST_VOMS_OID "1.3.6.1.4.1.8005.100.100.5"
00166 #define GRST_VOMS_PK_CERT_LIST_OID "1.3.6.1.4.1.8005.100.100.10"
00167 #define GRST_VOMS_DIR "/etc/grid-security/vomsdir"
00168 #define GRST_KEYUSAGE_OID "2.5.29.15"
00169
00170 #define GRST_ASN1_MAXCOORDLEN 50
00171 #define GRST_ASN1_MAXTAGS 500
00172
00173 struct GRSTasn1TagList { char treecoords[GRST_ASN1_MAXCOORDLEN+1];
00174 int start;
00175 int headerlength;
00176 int length;
00177 int tag; } ;
00178
00179 #define GRST_X509_SERIAL_DIGITS 49
00180
00181 typedef struct { int type;
00182 int errors;
00183 char *issuer;
00184 char *dn;
00185 char *value;
00186 time_t notbefore;
00187 time_t notafter;
00188 int delegation;
00189 char serial[GRST_X509_SERIAL_DIGITS+1];
00190 char *ocsp;
00191 void *raw;
00192 void *next; } GRSTx509Cert;
00193
00194 #define GRST_CERT_BAD_FORMAT 1
00195 #define GRST_CERT_BAD_CHAIN 2
00196 #define GRST_CERT_BAD_SIG 4
00197 #define GRST_CERT_BAD_TIME 8
00198 #define GRST_CERT_BAD_OCSP 16
00199
00200 #define GRST_CERT_TYPE_CA 1
00201 #define GRST_CERT_TYPE_EEC 2
00202 #define GRST_CERT_TYPE_PROXY 3
00203 #define GRST_CERT_TYPE_VOMS 4
00204
00205
00206 typedef struct { GRSTx509Cert *firstcert; } GRSTx509Chain;
00207
00208 #ifndef GRST_NO_OPENSSL
00209 int GRSTx509CertLoad(GRSTx509Cert *, X509 *);
00210 int GRSTx509ChainLoad(GRSTx509Chain **chain,
00211 STACK_OF(X509) *certstack, X509 *lastcert,
00212 char *capath, char *vomsdir);
00213 int GRSTx509ChainLoadCheck(GRSTx509Chain **, STACK_OF(X509) *, X509 *, char *, char *);
00214 #endif
00215 int GRSTx509ChainFree(GRSTx509Chain *);
00216
00217 #define GRST_HTTP_PORT 777
00218 #define GRST_HTTPS_PORT 488
00219 #define GRST_HTCP_PORT 777
00220 #define GRST_GSIFTP_PORT 2811
00221
00222 #define GRSThtcpNOPop 0
00223 #define GRSThtcpTSTop 1
00224
00225 typedef struct { unsigned char length_msb;
00226 unsigned char length_lsb;
00227 char text[1]; } GRSThtcpCountstr;
00228
00229 #define GRSThtcpCountstrLen(string) (256*((string)->length_msb) + (string)->length_lsb)
00230
00231 typedef struct { unsigned char total_length_msb;
00232 unsigned char total_length_lsb;
00233 unsigned char version_msb;
00234 unsigned char version_lsb;
00235 unsigned char data_length_msb;
00236 unsigned char data_length_lsb;
00237 unsigned int response : 4;
00238 unsigned int opcode : 4;
00239 unsigned int rr : 1;
00240 unsigned int f1 : 1;
00241 unsigned int reserved : 6;
00242 unsigned int trans_id;
00243 GRSThtcpCountstr *method;
00244 GRSThtcpCountstr *uri;
00245 GRSThtcpCountstr *version;
00246 GRSThtcpCountstr *req_hdrs;
00247 GRSThtcpCountstr *resp_hdrs;
00248 GRSThtcpCountstr *entity_hdrs;
00249 GRSThtcpCountstr *cache_hdrs; } GRSThtcpMessage;
00250
00251 int GRSTgaclInit(void);
00252
00253 __attribute__ ((deprecated))
00254 GRSTgaclCred *GRSTgaclCredNew(char *);
00255
00256 GRSTgaclCred *GRSTgaclCredCreate(char *, char *);
00257
00258 __attribute__ ((deprecated))
00259 int GRSTgaclCredAddValue(GRSTgaclCred *, char *, char *);
00260
00261 #define GRSTgaclCredGetAuri(cred) ((cred)->auri)
00262
00263 #define GRSTgaclCredSetNotBefore(cred, time) ((cred)->notbefore = (time))
00264 #define GRSTgaclCredGetNotBefore(cred) ((cred)->notbefore)
00265
00266 #define GRSTgaclCredSetNotAfter(cred, time) ((cred)->notafter = (time))
00267 #define GRSTgaclCredGetNotAfter(cred) ((cred)->notafter)
00268
00269 #define GRSTgaclCredSetDelegation(cred, level) ((cred)->delegation = (level))
00270 #define GRSTgaclCredGetDelegation(cred) ((cred)->delegation)
00271
00272 #define GRSTgaclCredSetNistLoa(cred, level) ((cred)->nist_loa = (level))
00273 #define GRSTgaclCredGetNistLoa(cred) ((cred)->nist_loa)
00274
00275
00276 int GRSTgaclCredFree(GRSTgaclCred *);
00277
00278
00279 int GRSTgaclEntryAddCred(GRSTgaclEntry *, GRSTgaclCred *);
00280
00281
00282 int GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *);
00283
00284
00285 int GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *);
00286
00287 int GRSTgaclCredCmpAuri(GRSTgaclCred *, GRSTgaclCred *);
00288
00289
00290 GRSTgaclEntry *GRSTgaclEntryNew(void);
00291
00292
00293 int GRSTgaclEntryFree(GRSTgaclEntry *);
00294
00295
00296 int GRSTgaclAclAddEntry(GRSTgaclAcl *, GRSTgaclEntry *);
00297
00298
00299 int GRSTgaclEntryPrint(GRSTgaclEntry *, FILE *);
00300
00301
00302
00303 int GRSTgaclPermPrint(GRSTgaclPerm, FILE *);
00304
00305
00306 int GRSTgaclEntryAllowPerm(GRSTgaclEntry *, GRSTgaclPerm);
00307
00308
00309 int GRSTgaclEntryUnallowPerm(GRSTgaclEntry *, GRSTgaclPerm);
00310
00311
00312 int GRSTgaclEntryDenyPerm(GRSTgaclEntry *, GRSTgaclPerm);
00313
00314
00315 int GRSTgaclEntryUndenyPerm(GRSTgaclEntry *, GRSTgaclPerm);
00316
00317
00318 char *GRSTgaclPermToChar(GRSTgaclPerm);
00319
00320
00321 GRSTgaclPerm GRSTgaclPermFromChar(char *);
00322
00323
00324 GRSTgaclAcl *GRSTgaclAclNew(void);
00325
00326
00327 int GRSTgaclAclFree(GRSTgaclAcl *);
00328
00329
00330 int GRSTgaclAclPrint(GRSTgaclAcl *, FILE *);
00331
00332
00333 int GRSTgaclAclSave(GRSTgaclAcl *, char *);
00334
00335
00336 GRSTgaclAcl *GRSTgaclAclLoadFile(char *);
00337
00338
00339 char *GRSTgaclFileFindAclname(char *);
00340
00341
00342 GRSTgaclAcl *GRSTgaclAclLoadforFile(char *);
00343
00344
00345 int GRSTgaclFileIsAcl(char *);
00346
00347
00348
00349 GRSTgaclUser *GRSTgaclUserNew(GRSTgaclCred *);
00350
00351
00352 int GRSTgaclUserFree(GRSTgaclUser *);
00353
00354
00355 int GRSTgaclUserAddCred(GRSTgaclUser *, GRSTgaclCred *);
00356
00357
00358 int GRSTgaclUserHasCred(GRSTgaclUser *, GRSTgaclCred *);
00359
00360 __attribute__ ((deprecated))
00361 int GRSTgaclUserSetDNlists(GRSTgaclUser *, char *);
00362
00363 int GRSTgaclUserLoadDNlists(GRSTgaclUser *, char *);
00364
00365
00366 GRSTgaclCred *GRSTgaclUserFindCredtype(GRSTgaclUser *, char *);
00367
00368 __attribute__ ((deprecated))
00369 int GRSTgaclDNlistHasUser(char *, GRSTgaclUser *);
00370
00371 int GRSTgaclUserHasAURI(GRSTgaclUser *, char *);
00372
00373
00374 GRSTgaclPerm GRSTgaclAclTestUser(GRSTgaclAcl *, GRSTgaclUser *);
00375
00376
00377 GRSTgaclPerm GRSTgaclAclTestexclUser(GRSTgaclAcl *, GRSTgaclUser *);
00378
00379 char *GRSThttpUrlDecode(char *);
00380
00381
00382 char *GRSThttpUrlEncode(char *);
00383
00384
00385 char *GRSThttpUrlMildencode(char *);
00386
00387 int GRSTx509NameCmp(char *, char *);
00388
00389 #ifndef GRST_NO_OPENSSL
00390 int GRSTx509KnownCriticalExts(X509 *);
00391
00392 int GRSTx509IsCA(X509 *);
00393 int GRSTx509CheckChain(int *, X509_STORE_CTX *);
00394 int GRSTx509VerifyCallback(int, X509_STORE_CTX *);
00395
00396 __attribute__ ((deprecated))
00397 int GRSTx509GetVomsCreds(int *, int, size_t, char *, X509 *, STACK_OF(X509) *, char *);
00398
00399 __attribute__ ((deprecated))
00400 GRSTgaclCred *GRSTx509CompactToCred(char *);
00401
00402 __attribute__ ((deprecated))
00403 int GRSTx509CompactCreds(int *, int, size_t, char *, STACK_OF(X509) *, char *, X509 *);
00404 #endif
00405
00406 char *GRSTx509CachedProxyFind(char *, char *, char *);
00407 char *GRSTx509FindProxyFileName(void);
00408 int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int);
00409 #ifndef GRST_NO_OPENSSL
00410 char *GRSTx509CachedProxyKeyFind(char *, char *, char *, STACK_OF(X509) *);
00411 #endif
00412 int GRSTx509ProxyDestroy(char *, char *, char *);
00413 int GRSTx509ProxyGetTimes(char *, char *, char *, time_t *, time_t *);
00414
00415 int GRSTx509CreateProxyRequest(char **, char **, char *);
00416 int GRSTx509CreateProxyRequestKS(char **reqtxt, char **keytxt, char *ocspurl, int keysize);
00417
00418 int GRSTx509MakeProxyRequest(char **, char *, char *, char *);
00419 int GRSTx509MakeProxyRequestKS(char **reqtxt, char *proxydir,
00420 char *delegation_id, char *user_dn, int keysize);
00421
00422 char *GRSTx509MakeDelegationID(void);
00423
00424 #ifndef GRST_NO_OPENSSL
00425 int GRSTx509StringToChain(STACK_OF(X509) **, char *);
00426 char *GRSTx509MakeProxyFileName(char *, STACK_OF(X509) *);
00427 #endif
00428
00429 int GRSTx509CacheProxy(char *, char *, char *, char *);
00430 int GRST_is_id_safe(const char *);
00431
00432 #define GRST_HEADFILE "gridsitehead.txt"
00433 #define GRST_FOOTFILE "gridsitefoot.txt"
00434 #define GRST_ADMIN_FILE "gridsite-admin.cgi"
00435
00436 typedef struct { char *text;
00437 void *next; } GRSThttpCharsList;
00438
00439 typedef struct { size_t size;
00440 GRSThttpCharsList *first;
00441 GRSThttpCharsList *last; } GRSThttpBody;
00442
00443 void GRSThttpBodyInit(GRSThttpBody *);
00444 void GRSThttpPrintf(GRSThttpBody *, char *, ...);
00445 int GRSThttpCopy(GRSThttpBody *, char *);
00446 void GRSThttpWriteOut(GRSThttpBody *);
00447 int GRSThttpPrintHeaderFooter(GRSThttpBody *, char *, char *);
00448 int GRSThttpPrintHeader(GRSThttpBody *, char *);
00449 int GRSThttpPrintFooter(GRSThttpBody *, char *);
00450 char *GRSThttpGetCGI(char *);
00451
00452 time_t GRSTasn1TimeToTimeT(char *, size_t);
00453 int GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[], int, char *);
00454 #ifndef GRST_NO_OPENSSL
00455 int GRSTasn1ParseDump(BIO *, unsigned char *, long,
00456 struct GRSTasn1TagList taglist[], int, int *);
00457 #endif
00458 int GRSTasn1GetX509Name(char *, int, char *, char *,
00459 struct GRSTasn1TagList taglist[], int);
00460
00461 int GRSThtcpNOPrequestMake(char **, int *, unsigned int);
00462 int GRSThtcpNOPresponseMake(char **, int *, unsigned int);
00463 int GRSThtcpTSTrequestMake(char **, int *, unsigned int, char *, char *, char *);
00464 int GRSThtcpTSTresponseMake(char **, int *, unsigned int, char *, char *, char *);
00465 int GRSThtcpMessageParse(GRSThtcpMessage *, char *, int);
00466
00467 #ifndef GRST_PASSCODE_JS
00468
00469 #define GRST_PASSCODE_JS "<script type=\"text/javascript\" language=\"Javascript\"><!--\nfunction changeValue(formName){ if( document.forms[formName].passcode.value==\"\" ) document.forms[formName].passcode.value=getCookie(\"GRIDHTTP_PASSCODE\"); return true; } \nfunction getCookie(c_name){ if (document.cookie.length>0) { c_start=document.cookie.indexOf(c_name + \"=\"); if (c_start!=-1) { c_start=c_start + c_name.length+1; c_end=document.cookie.indexOf(\";\",c_start); if (c_end==-1) c_end=document.cookie.length; return unescape(document.cookie.substring(c_start,c_end)); }} return \"\"; } \n -->\n</script>"
00470 #endif
00471
00472 #ifdef __cplusplus
00473 }
00474 #endif
00475
00476 #endif // HEADER_GRIDSITE_H