VOMS CC API  1.5.0
voms_api.h
Go to the documentation of this file.
00001 /*********************************************************************
00002  *
00003  * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it 
00004  *
00005  * Copyright (c) Members of the EGEE Collaboration. 2004-2010.
00006  * See http://www.eu-egee.org/partners/ for details on the copyright holders.
00007  *
00008  * Licensed under the Apache License, Version 2.0 (the "License");
00009  * you may not use this file except in compliance with the License.
00010  * You may obtain a copy of the License at
00011  *
00012  *    http://www.apache.org/licenses/LICENSE-2.0
00013  *
00014  * Unless required by applicable law or agreed to in writing, software
00015  * distributed under the License is distributed on an "AS IS" BASIS,
00016  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00017  * See the License for the specific language governing permissions and
00018  * limitations under the License.
00019  *
00020  * Parts of this code may be based upon or even include verbatim pieces,
00021  * originally written by other people, in which case the original header
00022  * follows.
00023  *
00024  *********************************************************************/
00025 
00026 #ifndef VOMS_API_H
00027 #define VOMS_API_H
00028 
00029 #include <fstream>
00030 #include <string>
00031 #include <vector>
00032 
00033 #define NOGLOBUS
00034 extern "C" {
00035 #ifndef GSSAPI_H_
00036 /*
00037  *  Also check against _GSSAPI_H_ as that is what the Kerberos 5 code defines and
00038  *  what header files on some systems look for.
00039  */
00040 
00041 #ifndef _GSSAPI_H_
00042 typedef void * gss_cred_id_t;
00043 typedef void * gss_ctx_id_t;
00044 #endif
00045 #endif
00046 
00047 #include <openssl/x509.h>
00048 #include <openssl/bio.h>
00049 #include <sys/types.h>
00050 #include "newformat.h"
00051 }
00052 
00055 struct data {
00056   std::string group; 
00057   std::string role;  
00058   std::string cap;   
00059 };
00060 
00063 struct attribute {
00064   std::string name;      
00065   std::string qualifier; 
00066   std::string value;     
00067 };
00068 
00069 struct attributelist {
00070   std::string grantor;               
00071   std::vector<attribute> attributes; 
00072 };
00073 
00074 
00077 enum data_type { 
00078   TYPE_NODATA,  
00079   TYPE_STD,     
00080   TYPE_CUSTOM   
00081 };
00082 
00083 struct contactdata {   
00087   std::string  nick;    
00088   std::string  host;    
00089   std::string  contact; 
00090   std::string  vo;      
00091   int          port;      
00093   int          version; 
00094 };
00095 
00096 class vomspriv;
00097 
00098 struct voms {
00099   friend class vomsdata;
00100   int version;             
00101   int siglen;              
00102   std::string signature;   
00103   std::string user;        
00104   std::string userca;      
00105   std::string server;      
00106   std::string serverca;    
00107   std::string voname;      
00108   std::string uri;         
00109   std::string date1;       
00110   std::string date2;       
00111   data_type type;          
00112   std::vector<data> std;   
00113   std::string custom;      
00114   /* Data below this line only makes sense if version >= 1 */
00115   std::vector<std::string> fqan; 
00116   std::string serial;      
00117   /* Data below this line is private. */
00118 
00119 private:
00120   void *realdata;                  
00121   X509 *holder;
00122 public:
00123   voms(const voms &);
00124   voms();
00125   voms &operator=(const voms &);
00126   ~voms();
00127 
00128 private:
00129   struct vomsr *translate();
00130   friend int TranslateVOMS(struct vomsdatar *vd, std::vector<voms>&v, int *error);
00131 
00132 public:
00133   AC *GetAC();
00134 
00135 public:
00136   std::vector<attributelist>& GetAttributes();   
00137   std::vector<std::string> GetTargets();
00138 
00139 private:
00140   vomspriv *vp;
00141 };
00142 
00143 enum recurse_type { 
00144   RECURSE_CHAIN, 
00145   RECURSE_NONE,
00146   RECURSE_DEEP
00147 };
00148 
00149 enum verify_type {
00150   VERIFY_FULL      = 0xffffffff,
00151   VERIFY_NONE      = 0x00000000,
00152   VERIFY_DATE      = 0x00000001,
00153   VERIFY_TARGET    = 0x00000002,
00154   VERIFY_KEY       = 0x00000004,
00155   VERIFY_SIGN      = 0x00000008,
00156   VERIFY_ORDER     = 0x00000010,
00157   VERIFY_ID        = 0x00000020,
00158   VERIFY_CERTLIST  = 0x00000040
00159 };
00160 
00163 enum verror_type { 
00164   VERR_NONE,
00165   VERR_NOSOCKET,   
00166   VERR_NOIDENT,    
00167   VERR_COMM,       
00168   VERR_PARAM,      
00169   VERR_NOEXT,      
00170   VERR_NOINIT,     
00171   VERR_TIME,       
00172   VERR_IDCHECK,    
00173   VERR_EXTRAINFO,  
00174   VERR_FORMAT,     
00175   VERR_NODATA,     
00176   VERR_PARSE,      
00177   VERR_DIR,        
00178   VERR_SIGN,       
00179   VERR_SERVER,     
00180   VERR_MEM,        
00181   VERR_VERIFY,     
00182   //  VERR_IDENT, 
00183   VERR_TYPE,       
00184   VERR_ORDER,      
00185   VERR_SERVERCODE, 
00186   VERR_NOTAVAIL,   
00187   VERR_FILE        
00188 };
00189 
00190 typedef bool (*check_sig)(X509 *, void *, verror_type &); 
00192 class vomsdatapriv;
00193 
00194 struct vomsdata {
00195   private:
00196   class Initializer {
00197   public:
00198     Initializer();
00199   private:
00200     Initializer(Initializer &);
00201   };
00202 
00203   private:
00204   static Initializer init;
00205   std::string ca_cert_dir;
00206   std::string voms_cert_dir;
00207   int duration;
00208   std::string ordering;
00209   std::vector<contactdata> servers;
00210   std::vector<std::string> targets;
00211 
00212   public:
00213   verror_type error; 
00215   vomsdata(std::string voms_dir = "", 
00216            std::string cert_dir = ""); 
00227   bool LoadSystemContacts(std::string dir = ""); 
00234   bool LoadUserContacts(std::string dir = ""); 
00244   std::vector<contactdata> FindByAlias(std::string alias); 
00252   std::vector<contactdata> FindByVO(std::string vo); 
00260   void Order(std::string att); 
00267   void ResetOrder(void); 
00269   void AddTarget(std::string target);         
00274   std::vector<std::string> ListTargets(void); 
00276   void ResetTargets(void);        
00277   std::string ServerErrors(void); 
00279   bool Retrieve(X509 *cert, STACK_OF(X509) *chain, 
00280                 recurse_type how = RECURSE_CHAIN); 
00289   bool Contact(std::string hostname, int port, 
00290                std::string servsubject, 
00291                std::string command); 
00301   bool Contact(std::string hostname, int port, 
00302                std::string servsubject, 
00303                std::string command,
00304                int timeout); 
00315   bool ContactRaw(std::string hostname, int port, 
00316                   std::string servsubject, 
00317                   std::string command,
00318                   std::string &raw,
00319       int& version);  
00328   bool ContactRaw(std::string hostname, int port, 
00329                   std::string servsubject, 
00330                   std::string command,
00331                   std::string &raw,
00332       int& version,
00333       int timeout);  
00343   void SetVerificationType(verify_type how); 
00347   void SetLifetime(int lifetime); 
00351   bool Import(std::string buffer);
00358   bool Export(std::string &data); 
00365   bool DefaultData(voms &); 
00368   std::vector<voms> data; 
00371   std::string workvo;     
00372   std::string extra_data; 
00381 private:
00382   bool loadfile(std::string, uid_t uid, gid_t gid);
00383   bool loadfile0(std::string, uid_t uid, gid_t gid);
00384   bool verifydata(std::string &message, std::string subject, std::string ca, 
00385                   X509 *holder, voms &v);
00386   bool check_cert(X509 *cert);
00387   bool retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how,
00388                 AC_SEQ **listnew, std::string &subject, std::string &ca,
00389                 X509 **holder);
00390   verify_type ver_type;
00391 
00392   std::string serverrors;
00393   std::string errmessage;
00394   
00395   void seterror(verror_type, std::string);
00396 
00397   bool check_sig_ac(X509 *, void *);
00398   X509 *check(void *);
00399   bool contact(const std::string&, int, const std::string&,
00400                const std::string&, std::string&, std::string&,
00401                std::string&, int timeout);
00402   bool verifydata(AC *ac, const std::string& subject, const std::string& ca, 
00403                   X509 *holder, voms &v);
00404   bool evaluate(AC_SEQ *, const std::string&, const std::string&, X509*);
00405 
00406 public:
00407 
00408   std::string ErrorMessage(void); 
00411 #ifdef NOGLOBUS
00412   bool RetrieveFromCtx(gss_ctx_id_t context, recurse_type how); 
00417   bool RetrieveFromCred(gss_cred_id_t credential, recurse_type how);  
00421 #endif
00422 
00423   bool Retrieve(X509_EXTENSION *ext); 
00427   bool RetrieveFromProxy(recurse_type how); 
00431   bool Retrieve(FILE *file, recurse_type how); 
00438   bool Retrieve(AC *ac);
00442   ~vomsdata();
00443 private:
00444   //  X509 *check_file(void *);
00445   bool check_cert(STACK_OF(X509) *);
00446   X509 *check_from_certs(AC *ac, const std::string& voname);
00447   X509 *check_from_file(AC *, std::ifstream&, const std::string &vo, const std::string &filename);
00448 
00449 public:
00450   vomsdata(const vomsdata &);
00451 
00452 private:
00453   int retry_count;
00454   
00455 public:
00456   void SetRetryCount(int retryCount);
00457   
00458 public:
00459   void SetVerificationTime(time_t);
00460                                   
00461 private:
00462   time_t verificationtime;
00463   bool verifyac(X509 *, X509 *, AC*, time_t, voms&);
00464 
00465 public:
00466   bool LoadCredentials(X509*, EVP_PKEY *, STACK_OF(X509) *);
00467   bool ContactRESTRaw(const std::string&, int, const std::string&, std::string&, int, int);
00468 
00469 private:
00470   bool InterpretOutput(const std::string&, std::string&);
00471 
00472 private:
00473   vomsdatapriv *vdp;
00474 };
00475 
00476 
00477 extern "C" {
00478 int getVOMSMajorVersionNumber(void);
00479 int getVOMSMinorVersionNumber(void);
00480 int getVOMSPatchVersionNumber(void);
00481 }
00482 
00483 #endif
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Friends Defines