VOMS CC API 1.5.0
Loading...
Searching...
No Matches
voms_api.h
Go to the documentation of this file.
1/*********************************************************************
2 *
3 * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it
4 *
5 * Copyright (c) Members of the EGEE Collaboration. 2004-2010.
6 * See http://www.eu-egee.org/partners/ for details on the copyright holders.
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 *
20 * Parts of this code may be based upon or even include verbatim pieces,
21 * originally written by other people, in which case the original header
22 * follows.
23 *
24 *********************************************************************/
25
26#ifndef VOMS_API_H
27#define VOMS_API_H
28
29#include <fstream>
30#include <string>
31#include <vector>
32
33#ifndef NOGLOBUS
34#define NOGLOBUS
35#endif
36
37extern "C" {
38#ifndef GSSAPI_H_
39/*
40 * Also check against _GSSAPI_H_ as that is what the Kerberos 5 code defines and
41 * what header files on some systems look for.
42 */
43
44#ifndef _GSSAPI_H_
45typedef void * gss_cred_id_t;
46typedef void * gss_ctx_id_t;
47#endif
48#endif
49
50#include <openssl/x509.h>
51#include <openssl/bio.h>
52#include <sys/types.h>
53#include "newformat.h"
54}
55
58struct data {
59 std::string group;
60 std::string role;
61 std::string cap;
62};
63
66struct attribute {
67 std::string name;
68 std::string qualifier;
69 std::string value;
70};
71
73 std::string grantor;
74 std::vector<attribute> attributes;
75};
76
77
85
86struct contactdata {
90 std::string nick;
91 std::string host;
92 std::string contact;
93 std::string vo;
94 int port;
96 int version;
97};
98
99class vomspriv;
100
101struct voms {
102 friend class vomsdata;
104 int siglen;
105 std::string signature;
106 std::string user;
107 std::string userca;
108 std::string server;
109 std::string serverca;
110 std::string voname;
111 std::string uri;
112 std::string date1;
113 std::string date2;
115 std::vector<data> std;
116 std::string custom;
117 /* Data below this line only makes sense if version >= 1 */
118 std::vector<std::string> fqan;
119 std::string serial;
120 /* Data below this line is private. */
121
122private:
123 void *realdata;
124 X509 *holder;
125public:
126 voms(const voms &);
128 voms &operator=(const voms &);
130
131private:
132 struct vomsr *translate();
133 friend int TranslateVOMS(struct vomsdatar *vd, std::vector<voms>&v, int *error);
134
135public:
136 AC *GetAC();
137
138public:
139 std::vector<attributelist>& GetAttributes();
140 std::vector<std::string> GetTargets();
141
142private:
143 vomspriv *vp;
144};
145
151
153 VERIFY_FULL = 0xffffffff,
154 VERIFY_NONE = 0x00000000,
155 VERIFY_DATE = 0x00000001,
156 VERIFY_TARGET = 0x00000002,
157 VERIFY_KEY = 0x00000004,
158 VERIFY_SIGN = 0x00000008,
159 VERIFY_ORDER = 0x00000010,
160 VERIFY_ID = 0x00000020,
161 VERIFY_CERTLIST = 0x00000040
163
192
193typedef bool (*check_sig)(X509 *, void *, verror_type &);
195class vomsdatapriv;
196
197struct vomsdata {
198 private:
199 class Initializer {
200 public:
201 Initializer();
202 private:
203 Initializer(Initializer &);
204 };
205
206 private:
207 static Initializer init;
208 std::string ca_cert_dir;
209 std::string voms_cert_dir;
210 int duration;
211 std::string ordering;
212 std::vector<contactdata> servers;
213 std::vector<std::string> targets;
214
215 public:
219
220 vomsdata(std::string voms_dir = "",
221 std::string cert_dir = "");
232 bool LoadSystemContacts(std::string dir = "");
239 bool LoadUserContacts(std::string dir = "");
249 std::vector<contactdata> FindByAlias(std::string alias);
257 std::vector<contactdata> FindByVO(std::string vo);
265 void Order(std::string att);
272 void ResetOrder(void);
274 void AddTarget(std::string target);
279 std::vector<std::string> ListTargets(void);
281 void ResetTargets(void);
282 std::string ServerErrors(void);
284 bool Retrieve(X509 *cert, STACK_OF(X509) *chain,
294 bool Contact(std::string hostname, int port,
295 std::string servsubject,
296 std::string command);
306 bool Contact(std::string hostname, int port,
307 std::string servsubject,
308 std::string command,
309 int timeout);
321 bool ContactRaw(std::string hostname, int port,
322 std::string servsubject,
323 std::string command,
324 std::string &raw,
325 int& version);
334 bool ContactRaw(std::string hostname, int port,
335 std::string servsubject,
336 std::string command,
337 std::string &raw,
338 int& version,
339 int timeout);
354 void SetLifetime(int lifetime);
358 bool Import(std::string buffer);
365 bool Export(std::string &data);
375 std::vector<voms> data;
378 std::string workvo;
379 std::string extra_data;
388private:
389 bool loadfile(std::string, uid_t uid, gid_t gid);
390 bool loadfile0(std::string, uid_t uid, gid_t gid);
391 bool verifydata(std::string &message, std::string subject, std::string ca,
392 X509 *holder, voms &v);
393 bool check_cert(X509 *cert);
394 bool retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how,
395 AC_SEQ **listnew, std::string &subject, std::string &ca,
396 X509 **holder);
397 verify_type ver_type;
398
399 std::string serverrors;
400 std::string errmessage;
401
402 void seterror(verror_type, std::string);
403
404 bool check_sig_ac(X509 *, void *);
405 X509 *check(void *);
406 bool contact(const std::string&, int, const std::string&,
407 const std::string&, std::string&, std::string&,
408 std::string&, int timeout);
409 bool verifydata(AC *ac, const std::string& subject, const std::string& ca,
410 X509 *holder, voms &v);
411 bool evaluate(AC_SEQ *, const std::string&, const std::string&, X509*);
412
413public:
414
415 std::string ErrorMessage(void);
418#ifdef NOGLOBUS
428#endif
429
430 bool Retrieve(X509_EXTENSION *ext);
438 bool Retrieve(FILE *file, recurse_type how);
445 bool Retrieve(AC *ac);
450private:
451 // X509 *check_file(void *);
452 bool check_cert(STACK_OF(X509) *);
453 X509 *check_from_certs(AC *ac, const std::string& voname);
454 X509 *check_from_file(AC *, std::ifstream&, const std::string &vo, const std::string &filename);
455
456public:
458
459private:
460 int retry_count;
461
462public:
463 void SetRetryCount(int retryCount);
464
465public:
467
468private:
469 time_t verificationtime;
470 bool verifyac(X509 *, X509 *, AC*, time_t, voms&);
471
472public:
473 bool LoadCredentials(X509*, EVP_PKEY *, STACK_OF(X509) *);
474 bool ContactRESTRaw(const std::string&, int, const std::string&, std::string&, int, int);
475
476private:
477 bool InterpretOutput(const std::string&, std::string&);
478
479private:
480 vomsdatapriv *vdp;
481};
482
483
484extern "C" {
488}
489
490#endif
std::string value
Definition voms_api.h:69
std::string qualifier
Definition voms_api.h:68
std::string name
Definition voms_api.h:67
std::string grantor
Definition voms_api.h:73
std::vector< attribute > attributes
Definition voms_api.h:74
std::string host
Definition voms_api.h:91
std::string contact
Definition voms_api.h:92
std::string nick
Definition voms_api.h:90
std::string vo
Definition voms_api.h:93
int version
Definition voms_api.h:96
User's characteristics: can be repeated. Generic name-value attribute : can be repeated.
Definition voms_api.h:58
std::string group
Definition voms_api.h:59
std::string cap
Definition voms_api.h:61
std::string role
Definition voms_api.h:60
std::string date2
Definition voms_api.h:113
std::vector< std::string > fqan
Definition voms_api.h:118
int version
Definition voms_api.h:103
std::string user
Definition voms_api.h:106
std::string voname
Definition voms_api.h:110
AC * GetAC()
int siglen
Definition voms_api.h:104
std::string signature
Definition voms_api.h:105
std::vector< attributelist > & GetAttributes()
std::string uri
Definition voms_api.h:111
std::string serial
Definition voms_api.h:119
std::string userca
Definition voms_api.h:107
std::string custom
Definition voms_api.h:116
friend int TranslateVOMS(struct vomsdatar *vd, std::vector< voms > &v, int *error)
voms(const voms &)
data_type type
Definition voms_api.h:114
std::string serverca
Definition voms_api.h:109
std::string date1
Definition voms_api.h:112
std::vector< std::string > GetTargets()
std::vector< data > std
Definition voms_api.h:115
voms & operator=(const voms &)
std::string server
Definition voms_api.h:108
bool Export(std::string &data)
std::vector< contactdata > FindByVO(std::string vo)
std::vector< contactdata > FindByAlias(std::string alias)
void ResetOrder(void)
void AddTarget(std::string target)
bool RetrieveFromCred(gss_cred_id_t credential, recurse_type how)
bool Import(std::string buffer)
bool Retrieve(FILE *file, recurse_type how)
void SetVerificationTime(time_t)
std::string ServerErrors(void)
void ResetTargets(void)
void SetVerificationType(verify_type how)
bool LoadUserContacts(std::string dir="")
bool Retrieve(X509_EXTENSION *ext)
bool ContactRaw(std::string hostname, int port, std::string servsubject, std::string command, std::string &raw, int &version, int timeout)
bool RetrieveFromCtx(gss_ctx_id_t context, recurse_type how)
bool LoadSystemContacts(std::string dir="")
bool Contact(std::string hostname, int port, std::string servsubject, std::string command, int timeout)
std::string ErrorMessage(void)
bool RetrieveFromProxy(recurse_type how)
bool ContactRESTRaw(const std::string &, int, const std::string &, std::string &, int, int)
vomsdata(std::string voms_dir="", std::string cert_dir="")
verror_type error
Definition voms_api.h:216
std::string workvo
Definition voms_api.h:378
std::vector< voms > data
Definition voms_api.h:375
bool ContactRaw(std::string hostname, int port, std::string servsubject, std::string command, std::string &raw, int &version)
bool Retrieve(AC *ac)
void SetLifetime(int lifetime)
std::string extra_data
Definition voms_api.h:379
static void SkipSslInitialization()
bool DefaultData(voms &)
bool LoadCredentials(X509 *, EVP_PKEY *, STACK_OF(X509) *)
void SetRetryCount(int retryCount)
bool Retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how=RECURSE_CHAIN)
bool Contact(std::string hostname, int port, std::string servsubject, std::string command)
std::vector< std::string > ListTargets(void)
void Order(std::string att)
vomsdata(const vomsdata &)
recurse_type
Definition voms_api.h:146
@ RECURSE_NONE
Definition voms_api.h:148
@ RECURSE_DEEP
Definition voms_api.h:149
@ RECURSE_CHAIN
Definition voms_api.h:147
int getVOMSMinorVersionNumber(void)
int getVOMSPatchVersionNumber(void)
void * gss_cred_id_t
Definition voms_api.h:45
bool(* check_sig)(X509 *, void *, verror_type &)
Definition voms_api.h:193
void * gss_ctx_id_t
Definition voms_api.h:46
data_type
The type of data returned.
Definition voms_api.h:80
@ TYPE_CUSTOM
Definition voms_api.h:83
@ TYPE_NODATA
Definition voms_api.h:81
@ TYPE_STD
Definition voms_api.h:82
verify_type
Definition voms_api.h:152
@ VERIFY_SIGN
Definition voms_api.h:158
@ VERIFY_NONE
Definition voms_api.h:154
@ VERIFY_ORDER
Definition voms_api.h:159
@ VERIFY_KEY
Definition voms_api.h:157
@ VERIFY_FULL
Definition voms_api.h:153
@ VERIFY_CERTLIST
Definition voms_api.h:161
@ VERIFY_TARGET
Definition voms_api.h:156
@ VERIFY_ID
Definition voms_api.h:160
@ VERIFY_DATE
Definition voms_api.h:155
verror_type
Error codes.
Definition voms_api.h:166
@ VERR_PARAM
Definition voms_api.h:171
@ VERR_FILE
Definition voms_api.h:190
@ VERR_EXTRAINFO
Definition voms_api.h:176
@ VERR_NOINIT
Definition voms_api.h:173
@ VERR_NONE
Definition voms_api.h:167
@ VERR_NOSOCKET
Definition voms_api.h:168
@ VERR_FORMAT
Definition voms_api.h:177
@ VERR_NOEXT
Definition voms_api.h:172
@ VERR_IDCHECK
Definition voms_api.h:175
@ VERR_TIME
Definition voms_api.h:174
@ VERR_VERIFY
Definition voms_api.h:184
@ VERR_PARSE
Definition voms_api.h:179
@ VERR_ORDER
Definition voms_api.h:187
@ VERR_COMM
Definition voms_api.h:170
@ VERR_SERVERCODE
Definition voms_api.h:188
@ VERR_TYPE
Definition voms_api.h:186
@ VERR_NODATA
Definition voms_api.h:178
@ VERR_SIGN
Definition voms_api.h:181
@ VERR_MEM
Definition voms_api.h:183
@ VERR_NOTAVAIL
Definition voms_api.h:189
@ VERR_NOIDENT
Definition voms_api.h:169
@ VERR_DIR
Definition voms_api.h:180
@ VERR_SERVER
Definition voms_api.h:182
int getVOMSMajorVersionNumber(void)