00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026 #ifndef VOMS_API_H
00027 #define VOMS_API_H
00028
00029 #include <fstream>
00030 #include <string>
00031 #include <vector>
00032
00033
00034 extern "C" {
00035 #ifdef NOGLOBUS
00036 #ifndef GSSAPI_H_
00037 typedef void * gss_cred_id_t;
00038 typedef void * gss_ctx_id_t;
00039 #endif
00040 #else
00041 #include "gssapi.h"
00042 #endif
00043
00044 #include <openssl/x509.h>
00045 #include <openssl/bio.h>
00046 #include <sys/types.h>
00047 #include "newformat.h"
00048 }
00049
00052 struct data {
00053 std::string group;
00054 std::string role;
00055 std::string cap;
00056 };
00057
00060 struct attribute {
00061 std::string name;
00062 std::string qualifier;
00063 std::string value;
00064 };
00065
00066 struct attributelist {
00067 std::string grantor;
00068 std::vector<attribute> attributes;
00069 };
00070
00071
00074 enum data_type {
00075 TYPE_NODATA,
00076 TYPE_STD,
00077 TYPE_CUSTOM
00078 };
00079
00080 struct contactdata {
00084 std::string nick;
00085 std::string host;
00086 std::string contact;
00087 std::string vo;
00088 int port;
00090 int version;
00091 };
00092
00093 struct voms {
00094 friend class vomsdata;
00095 int version;
00096 int siglen;
00097 std::string signature;
00098 std::string user;
00099 std::string userca;
00100 std::string server;
00101 std::string serverca;
00102 std::string voname;
00103 std::string uri;
00104 std::string date1;
00105 std::string date2;
00106 data_type type;
00107 std::vector<data> std;
00108 std::string custom;
00109
00110 std::vector<std::string> fqan;
00111 std::string serial;
00112
00113
00114 private:
00115 void *realdata;
00116 X509 *holder;
00117 public:
00118 voms(const voms &);
00119 voms();
00120 voms &operator=(const voms &);
00121 ~voms();
00122
00123 private:
00124 struct vomsr *translate();
00125 friend int TranslateVOMS(struct vomsdatar *vd, std::vector<voms>&v, int *error);
00126
00127 public:
00128 AC *GetAC();
00129
00130 public:
00131 std::vector<attributelist>& GetAttributes();
00132 std::vector<std::string> GetTargets();
00133 };
00134
00135 enum recurse_type {
00136 RECURSE_CHAIN,
00137 RECURSE_NONE,
00138 RECURSE_DEEP
00139 };
00140
00141 enum verify_type {
00142 VERIFY_FULL = 0xffffffff,
00143 VERIFY_NONE = 0x00000000,
00144 VERIFY_DATE = 0x00000001,
00145 VERIFY_TARGET = 0x00000002,
00146 VERIFY_KEY = 0x00000004,
00147 VERIFY_SIGN = 0x00000008,
00148 VERIFY_ORDER = 0x00000010,
00149 VERIFY_ID = 0x00000020,
00150 VERIFY_CERTLIST = 0x00000040
00151 };
00152
00155 enum verror_type {
00156 VERR_NONE,
00157 VERR_NOSOCKET,
00158 VERR_NOIDENT,
00159 VERR_COMM,
00160 VERR_PARAM,
00161 VERR_NOEXT,
00162 VERR_NOINIT,
00163 VERR_TIME,
00164 VERR_IDCHECK,
00165 VERR_EXTRAINFO,
00166 VERR_FORMAT,
00167 VERR_NODATA,
00168 VERR_PARSE,
00169 VERR_DIR,
00170 VERR_SIGN,
00171 VERR_SERVER,
00172 VERR_MEM,
00173 VERR_VERIFY,
00174
00175 VERR_TYPE,
00176 VERR_ORDER,
00177 VERR_SERVERCODE,
00178 VERR_NOTAVAIL,
00179 VERR_FILE
00180 };
00181
00182 typedef bool (*check_sig)(X509 *, void *, verror_type &);
00184 struct vomsdata {
00185 private:
00186 class Initializer {
00187 public:
00188 Initializer();
00189 private:
00190 Initializer(Initializer &);
00191 };
00192
00193 private:
00194 static Initializer init;
00195 std::string ca_cert_dir;
00196 std::string voms_cert_dir;
00197 int duration;
00198 std::string ordering;
00199 std::vector<contactdata> servers;
00200 std::vector<std::string> targets;
00201
00202 public:
00203 verror_type error;
00205 vomsdata(std::string voms_dir = "",
00206 std::string cert_dir = "");
00217 bool LoadSystemContacts(std::string dir = "");
00224 bool LoadUserContacts(std::string dir = "");
00234 std::vector<contactdata> FindByAlias(std::string alias);
00242 std::vector<contactdata> FindByVO(std::string vo);
00250 void Order(std::string att);
00257 void ResetOrder(void);
00259 void AddTarget(std::string target);
00264 std::vector<std::string> ListTargets(void);
00266 void ResetTargets(void);
00267 std::string ServerErrors(void);
00269 bool Retrieve(X509 *cert, STACK_OF(X509) *chain,
00270 recurse_type how = RECURSE_CHAIN);
00279 bool Contact(std::string hostname, int port,
00280 std::string servsubject,
00281 std::string command);
00291 bool Contact(std::string hostname, int port,
00292 std::string servsubject,
00293 std::string command,
00294 int timeout);
00305 bool ContactRaw(std::string hostname, int port,
00306 std::string servsubject,
00307 std::string command,
00308 std::string &raw,
00309 int& version);
00318 bool ContactRaw(std::string hostname, int port,
00319 std::string servsubject,
00320 std::string command,
00321 std::string &raw,
00322 int& version,
00323 int timeout);
00333 void SetVerificationType(verify_type how);
00337 void SetLifetime(int lifetime);
00341 bool Import(std::string buffer);
00348 bool Export(std::string &data);
00355 bool DefaultData(voms &);
00358 std::vector<voms> data;
00361 std::string workvo;
00362 std::string extra_data;
00371 private:
00372 bool loadfile(std::string, uid_t uid, gid_t gid);
00373 bool loadfile0(std::string, uid_t uid, gid_t gid);
00374 bool verifydata(std::string &message, std::string subject, std::string ca,
00375 X509 *holder, voms &v);
00376 X509 *check(check_sig f, void *data);
00377 bool check_cert(X509 *cert);
00378 bool retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how,
00379 AC_SEQ **listnew, std::string &subject, std::string &ca,
00380 X509 **holder);
00381 verify_type ver_type;
00382
00383 std::string serverrors;
00384 std::string errmessage;
00385
00386 void seterror(verror_type, std::string);
00387
00388 bool verifyac(X509 *, X509 *, AC*, voms&);
00389 bool check_sig_ac(X509 *, void *);
00390 X509 *check(void *);
00391 bool my_conn(const std::string&, int, const std::string&, int,
00392 const std::string&, std::string&, std::string&,
00393 std::string&);
00394 bool contact(const std::string&, int, const std::string&,
00395 const std::string&, std::string&, std::string&,
00396 std::string&);
00397 bool my_conn(const std::string&, int, const std::string&, int,
00398 const std::string&, std::string&, std::string&,
00399 std::string&, int timeout);
00400 bool contact(const std::string&, int, const std::string&,
00401 const std::string&, std::string&, std::string&,
00402 std::string&, int timeout);
00403 bool verifydata(AC *ac, const std::string& subject, const std::string& ca,
00404 X509 *holder, voms &v);
00405 bool evaluate(AC_SEQ *, const std::string&, const std::string&, X509*);
00406
00407 public:
00408
00409 std::string ErrorMessage(void);
00412 #ifdef NOGLOBUS
00413 bool RetrieveFromCtx(gss_ctx_id_t context, recurse_type how);
00418 bool RetrieveFromCred(gss_cred_id_t credential, recurse_type how);
00422 #else
00423 bool RetrieveFromCtx(void *context, recurse_type how);
00428 bool RetrieveFromCred(void *credential, recurse_type how);
00432 bool RetrieveFromCtx(gss_ctx_id_t context, recurse_type how) {
00433 return RetrieveFromCtx((void*)context,how);
00434 }
00439 bool RetrieveFromCred(gss_cred_id_t credential, recurse_type how) {
00440 return RetrieveFromCred((void*)credential, how);
00441 }
00445 #endif
00446
00447 bool Retrieve(X509_EXTENSION *ext);
00451 bool RetrieveFromProxy(recurse_type how);
00455 bool Retrieve(FILE *file, recurse_type how);
00461 ~vomsdata();
00462 private:
00463
00464 bool check_cert(STACK_OF(X509) *);
00465 X509 *check_from_certs(AC *ac, const std::string& voname);
00466 X509 *check_from_file(AC *, std::ifstream&, const std::string &vo, const std::string &filename);
00467
00468 public:
00469 vomsdata(const vomsdata &);
00470
00471 private:
00472 int retry_count;
00473
00474 public:
00475 void SetRetryCount(int retryCount);
00476
00477 private:
00478 STACK_OF(X509) *load_chain(BIO *in);
00479
00480 public:
00481 void SetVerificationTime(time_t);
00482
00483 private:
00484 time_t verificationtime;
00485 bool verifyac(X509 *, X509 *, AC*, time_t, voms&);
00486
00487 public:
00488 bool LoadCredentials(X509*, EVP_PKEY *, STACK_OF(X509) *);
00489 };
00490
00491
00492 int getMajorVersionNumber(void);
00493 int getMinorVersionNumber(void);
00494 int getPatchVersionNumber(void);
00495
00496 #endif