VOMS CC API
1.5.0
|
00001 /********************************************************************* 00002 * 00003 * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it 00004 * 00005 * Copyright (c) Members of the EGEE Collaboration. 2004-2010. 00006 * See http://www.eu-egee.org/partners/ for details on the copyright holders. 00007 * 00008 * Licensed under the Apache License, Version 2.0 (the "License"); 00009 * you may not use this file except in compliance with the License. 00010 * You may obtain a copy of the License at 00011 * 00012 * http://www.apache.org/licenses/LICENSE-2.0 00013 * 00014 * Unless required by applicable law or agreed to in writing, software 00015 * distributed under the License is distributed on an "AS IS" BASIS, 00016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00017 * See the License for the specific language governing permissions and 00018 * limitations under the License. 00019 * 00020 * Parts of this code may be based upon or even include verbatim pieces, 00021 * originally written by other people, in which case the original header 00022 * follows. 00023 * 00024 *********************************************************************/ 00025 00026 #ifndef VOMS_API_H 00027 #define VOMS_API_H 00028 00029 #include <fstream> 00030 #include <string> 00031 #include <vector> 00032 00033 #define NOGLOBUS 00034 extern "C" { 00035 #ifndef GSSAPI_H_ 00036 /* 00037 * Also check against _GSSAPI_H_ as that is what the Kerberos 5 code defines and 00038 * what header files on some systems look for. 00039 */ 00040 00041 #ifndef _GSSAPI_H_ 00042 typedef void * gss_cred_id_t; 00043 typedef void * gss_ctx_id_t; 00044 #endif 00045 #endif 00046 00047 #include <openssl/x509.h> 00048 #include <openssl/bio.h> 00049 #include <sys/types.h> 00050 #include "newformat.h" 00051 } 00052 00055 struct data { 00056 std::string group; 00057 std::string role; 00058 std::string cap; 00059 }; 00060 00063 struct attribute { 00064 std::string name; 00065 std::string qualifier; 00066 std::string value; 00067 }; 00068 00069 struct attributelist { 00070 std::string grantor; 00071 std::vector<attribute> attributes; 00072 }; 00073 00074 00077 enum data_type { 00078 TYPE_NODATA, 00079 TYPE_STD, 00080 TYPE_CUSTOM 00081 }; 00082 00083 struct contactdata { 00087 std::string nick; 00088 std::string host; 00089 std::string contact; 00090 std::string vo; 00091 int port; 00093 int version; 00094 }; 00095 00096 class vomspriv; 00097 00098 struct voms { 00099 friend class vomsdata; 00100 int version; 00101 int siglen; 00102 std::string signature; 00103 std::string user; 00104 std::string userca; 00105 std::string server; 00106 std::string serverca; 00107 std::string voname; 00108 std::string uri; 00109 std::string date1; 00110 std::string date2; 00111 data_type type; 00112 std::vector<data> std; 00113 std::string custom; 00114 /* Data below this line only makes sense if version >= 1 */ 00115 std::vector<std::string> fqan; 00116 std::string serial; 00117 /* Data below this line is private. */ 00118 00119 private: 00120 void *realdata; 00121 X509 *holder; 00122 public: 00123 voms(const voms &); 00124 voms(); 00125 voms &operator=(const voms &); 00126 ~voms(); 00127 00128 private: 00129 struct vomsr *translate(); 00130 friend int TranslateVOMS(struct vomsdatar *vd, std::vector<voms>&v, int *error); 00131 00132 public: 00133 AC *GetAC(); 00134 00135 public: 00136 std::vector<attributelist>& GetAttributes(); 00137 std::vector<std::string> GetTargets(); 00138 00139 private: 00140 vomspriv *vp; 00141 }; 00142 00143 enum recurse_type { 00144 RECURSE_CHAIN, 00145 RECURSE_NONE, 00146 RECURSE_DEEP 00147 }; 00148 00149 enum verify_type { 00150 VERIFY_FULL = 0xffffffff, 00151 VERIFY_NONE = 0x00000000, 00152 VERIFY_DATE = 0x00000001, 00153 VERIFY_TARGET = 0x00000002, 00154 VERIFY_KEY = 0x00000004, 00155 VERIFY_SIGN = 0x00000008, 00156 VERIFY_ORDER = 0x00000010, 00157 VERIFY_ID = 0x00000020, 00158 VERIFY_CERTLIST = 0x00000040 00159 }; 00160 00163 enum verror_type { 00164 VERR_NONE, 00165 VERR_NOSOCKET, 00166 VERR_NOIDENT, 00167 VERR_COMM, 00168 VERR_PARAM, 00169 VERR_NOEXT, 00170 VERR_NOINIT, 00171 VERR_TIME, 00172 VERR_IDCHECK, 00173 VERR_EXTRAINFO, 00174 VERR_FORMAT, 00175 VERR_NODATA, 00176 VERR_PARSE, 00177 VERR_DIR, 00178 VERR_SIGN, 00179 VERR_SERVER, 00180 VERR_MEM, 00181 VERR_VERIFY, 00182 // VERR_IDENT, 00183 VERR_TYPE, 00184 VERR_ORDER, 00185 VERR_SERVERCODE, 00186 VERR_NOTAVAIL, 00187 VERR_FILE 00188 }; 00189 00190 typedef bool (*check_sig)(X509 *, void *, verror_type &); 00192 class vomsdatapriv; 00193 00194 struct vomsdata { 00195 private: 00196 class Initializer { 00197 public: 00198 Initializer(); 00199 private: 00200 Initializer(Initializer &); 00201 }; 00202 00203 private: 00204 static Initializer init; 00205 std::string ca_cert_dir; 00206 std::string voms_cert_dir; 00207 int duration; 00208 std::string ordering; 00209 std::vector<contactdata> servers; 00210 std::vector<std::string> targets; 00211 00212 public: 00213 verror_type error; 00215 vomsdata(std::string voms_dir = "", 00216 std::string cert_dir = ""); 00227 bool LoadSystemContacts(std::string dir = ""); 00234 bool LoadUserContacts(std::string dir = ""); 00244 std::vector<contactdata> FindByAlias(std::string alias); 00252 std::vector<contactdata> FindByVO(std::string vo); 00260 void Order(std::string att); 00267 void ResetOrder(void); 00269 void AddTarget(std::string target); 00274 std::vector<std::string> ListTargets(void); 00276 void ResetTargets(void); 00277 std::string ServerErrors(void); 00279 bool Retrieve(X509 *cert, STACK_OF(X509) *chain, 00280 recurse_type how = RECURSE_CHAIN); 00289 bool Contact(std::string hostname, int port, 00290 std::string servsubject, 00291 std::string command); 00301 bool Contact(std::string hostname, int port, 00302 std::string servsubject, 00303 std::string command, 00304 int timeout); 00315 bool ContactRaw(std::string hostname, int port, 00316 std::string servsubject, 00317 std::string command, 00318 std::string &raw, 00319 int& version); 00328 bool ContactRaw(std::string hostname, int port, 00329 std::string servsubject, 00330 std::string command, 00331 std::string &raw, 00332 int& version, 00333 int timeout); 00343 void SetVerificationType(verify_type how); 00347 void SetLifetime(int lifetime); 00351 bool Import(std::string buffer); 00358 bool Export(std::string &data); 00365 bool DefaultData(voms &); 00368 std::vector<voms> data; 00371 std::string workvo; 00372 std::string extra_data; 00381 private: 00382 bool loadfile(std::string, uid_t uid, gid_t gid); 00383 bool loadfile0(std::string, uid_t uid, gid_t gid); 00384 bool verifydata(std::string &message, std::string subject, std::string ca, 00385 X509 *holder, voms &v); 00386 bool check_cert(X509 *cert); 00387 bool retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how, 00388 AC_SEQ **listnew, std::string &subject, std::string &ca, 00389 X509 **holder); 00390 verify_type ver_type; 00391 00392 std::string serverrors; 00393 std::string errmessage; 00394 00395 void seterror(verror_type, std::string); 00396 00397 bool check_sig_ac(X509 *, void *); 00398 X509 *check(void *); 00399 bool contact(const std::string&, int, const std::string&, 00400 const std::string&, std::string&, std::string&, 00401 std::string&, int timeout); 00402 bool verifydata(AC *ac, const std::string& subject, const std::string& ca, 00403 X509 *holder, voms &v); 00404 bool evaluate(AC_SEQ *, const std::string&, const std::string&, X509*); 00405 00406 public: 00407 00408 std::string ErrorMessage(void); 00411 #ifdef NOGLOBUS 00412 bool RetrieveFromCtx(gss_ctx_id_t context, recurse_type how); 00417 bool RetrieveFromCred(gss_cred_id_t credential, recurse_type how); 00421 #endif 00422 00423 bool Retrieve(X509_EXTENSION *ext); 00427 bool RetrieveFromProxy(recurse_type how); 00431 bool Retrieve(FILE *file, recurse_type how); 00438 bool Retrieve(AC *ac); 00442 ~vomsdata(); 00443 private: 00444 // X509 *check_file(void *); 00445 bool check_cert(STACK_OF(X509) *); 00446 X509 *check_from_certs(AC *ac, const std::string& voname); 00447 X509 *check_from_file(AC *, std::ifstream&, const std::string &vo, const std::string &filename); 00448 00449 public: 00450 vomsdata(const vomsdata &); 00451 00452 private: 00453 int retry_count; 00454 00455 public: 00456 void SetRetryCount(int retryCount); 00457 00458 public: 00459 void SetVerificationTime(time_t); 00460 00461 private: 00462 time_t verificationtime; 00463 bool verifyac(X509 *, X509 *, AC*, time_t, voms&); 00464 00465 public: 00466 bool LoadCredentials(X509*, EVP_PKEY *, STACK_OF(X509) *); 00467 bool ContactRESTRaw(const std::string&, int, const std::string&, std::string&, int, int); 00468 00469 private: 00470 bool InterpretOutput(const std::string&, std::string&); 00471 00472 private: 00473 vomsdatapriv *vdp; 00474 }; 00475 00476 00477 extern "C" { 00478 int getVOMSMajorVersionNumber(void); 00479 int getVOMSMinorVersionNumber(void); 00480 int getVOMSPatchVersionNumber(void); 00481 } 00482 00483 #endif