VOMS CC API  1.5.0
voms_api.h
Go to the documentation of this file.
1 /*********************************************************************
2  *
3  * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it
4  *
5  * Copyright (c) Members of the EGEE Collaboration. 2004-2010.
6  * See http://www.eu-egee.org/partners/ for details on the copyright holders.
7  *
8  * Licensed under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS,
16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  *
20  * Parts of this code may be based upon or even include verbatim pieces,
21  * originally written by other people, in which case the original header
22  * follows.
23  *
24  *********************************************************************/
25 
26 #ifndef VOMS_API_H
27 #define VOMS_API_H
28 
29 #include "config.h"
30 
31 #include <fstream>
32 #include <string>
33 #include <vector>
34 
35 #ifndef NOGLOBUS
36 #define NOGLOBUS
37 #endif
38 
39 extern "C" {
40 #ifndef GSSAPI_H_
41 /*
42  * Also check against _GSSAPI_H_ as that is what the Kerberos 5 code defines and
43  * what header files on some systems look for.
44  */
45 
46 #ifndef _GSSAPI_H_
47 typedef void * gss_cred_id_t;
48 typedef void * gss_ctx_id_t;
49 #endif
50 #endif
51 
52 #include <openssl/x509.h>
53 #include <openssl/bio.h>
54 #include <sys/types.h>
55 #include "newformat.h"
56 }
57 
60 struct data {
61  std::string group;
62  std::string role;
63  std::string cap;
64 };
65 
68 struct attribute {
69  std::string name;
70  std::string qualifier;
71  std::string value;
72 };
73 
74 struct attributelist {
75  std::string grantor;
76  std::vector<attribute> attributes;
77 };
78 
79 
82 enum data_type {
86 };
87 
88 struct contactdata {
92  std::string nick;
93  std::string host;
94  std::string contact;
95  std::string vo;
96  int port;
98  int version;
99 };
100 
101 class vomspriv;
102 
103 struct voms {
104  friend class vomsdata;
105  int version;
106  int siglen;
107  std::string signature;
108  std::string user;
109  std::string userca;
110  std::string server;
111  std::string serverca;
112  std::string voname;
113  std::string uri;
114  std::string date1;
115  std::string date2;
117  std::vector<data> std;
118  std::string custom;
119  /* Data below this line only makes sense if version >= 1 */
120  std::vector<std::string> fqan;
121  std::string serial;
122  /* Data below this line is private. */
123 
124 private:
125  void *realdata;
126  X509 *holder;
127 public:
128  voms(const voms &);
129  voms();
130  voms &operator=(const voms &);
131  ~voms();
132 
133 private:
134  struct vomsr *translate();
135  friend int TranslateVOMS(struct vomsdatar *vd, std::vector<voms>&v, int *error);
136 
137 public:
138  AC *GetAC();
139 
140 public:
141  std::vector<attributelist>& GetAttributes();
142  std::vector<std::string> GetTargets();
143 
144 private:
145  vomspriv *vp;
146 };
147 
152 };
153 
155  VERIFY_FULL = 0xffffffff,
156  VERIFY_NONE = 0x00000000,
157  VERIFY_DATE = 0x00000001,
158  VERIFY_TARGET = 0x00000002,
159  VERIFY_KEY = 0x00000004,
160  VERIFY_SIGN = 0x00000008,
161  VERIFY_ORDER = 0x00000010,
162  VERIFY_ID = 0x00000020,
163  VERIFY_CERTLIST = 0x00000040
164 };
165 
168 enum verror_type {
187  // VERR_IDENT,
193 };
194 
195 typedef bool (*check_sig)(X509 *, void *, verror_type &);
197 class vomsdatapriv;
198 
199 struct vomsdata {
200  private:
201  class Initializer {
202  public:
203  Initializer();
204  private:
205  Initializer(Initializer &);
206  };
207 
208  private:
209  static Initializer init;
210  std::string ca_cert_dir;
211  std::string voms_cert_dir;
212  int duration;
213  std::string ordering;
214  std::vector<contactdata> servers;
215  std::vector<std::string> targets;
216 
217  public:
220  static void SkipSslInitialization();
221 
222  vomsdata(std::string voms_dir = "",
223  std::string cert_dir = "");
234  bool LoadSystemContacts(std::string dir = "");
241  bool LoadUserContacts(std::string dir = "");
251  std::vector<contactdata> FindByAlias(std::string alias);
259  std::vector<contactdata> FindByVO(std::string vo);
267  void Order(std::string att);
274  void ResetOrder(void);
276  void AddTarget(std::string target);
281  std::vector<std::string> ListTargets(void);
283  void ResetTargets(void);
284  std::string ServerErrors(void);
286  bool Retrieve(X509 *cert, STACK_OF(X509) *chain,
287  recurse_type how = RECURSE_CHAIN);
296  bool Contact(std::string hostname, int port,
297  std::string servsubject,
298  std::string command);
308  bool Contact(std::string hostname, int port,
309  std::string servsubject,
310  std::string command,
311  int timeout);
323  bool ContactRaw(std::string hostname, int port,
324  std::string servsubject,
325  std::string command,
326  std::string &raw,
327  int& version);
336  bool ContactRaw(std::string hostname, int port,
337  std::string servsubject,
338  std::string command,
339  std::string &raw,
340  int& version,
341  int timeout);
352  void SetVerificationType(verify_type how);
356  void SetLifetime(int lifetime);
360  bool Import(std::string buffer);
367  bool Export(std::string &data);
374  bool DefaultData(voms &);
377  std::vector<voms> data;
380  std::string workvo;
381  std::string extra_data;
390 private:
391  bool loadfile(std::string, uid_t uid, gid_t gid);
392  bool loadfile0(std::string, uid_t uid, gid_t gid);
393  bool verifydata(std::string &message, std::string subject, std::string ca,
394  X509 *holder, voms &v);
395  bool check_cert(X509 *cert);
396  bool retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how,
397  AC_SEQ **listnew, std::string &subject, std::string &ca,
398  X509 **holder);
399  verify_type ver_type;
400 
401  std::string serverrors;
402  std::string errmessage;
403 
404  void seterror(verror_type, std::string);
405 
406  bool check_sig_ac(X509 *, void *);
407  X509 *check(void *);
408  bool contact(const std::string&, int, const std::string&,
409  const std::string&, std::string&, std::string&,
410  std::string&, int timeout);
411  bool verifydata(AC *ac, const std::string& subject, const std::string& ca,
412  X509 *holder, voms &v);
413  bool evaluate(AC_SEQ *, const std::string&, const std::string&, X509*);
414 
415 public:
416 
417  std::string ErrorMessage(void);
420 #ifdef NOGLOBUS
421  bool RetrieveFromCtx(gss_ctx_id_t context, recurse_type how);
426  bool RetrieveFromCred(gss_cred_id_t credential, recurse_type how);
430 #endif
431 
432  bool Retrieve(X509_EXTENSION *ext);
436  bool RetrieveFromProxy(recurse_type how);
440  bool Retrieve(FILE *file, recurse_type how);
447  bool Retrieve(AC *ac);
451  ~vomsdata();
452 private:
453  // X509 *check_file(void *);
454  bool check_cert(STACK_OF(X509) *);
455  X509 *check_from_certs(AC *ac, const std::string& voname);
456  X509 *check_from_file(AC *, std::ifstream&, const std::string &vo, const std::string &filename);
457 
458 public:
459  vomsdata(const vomsdata &);
460 
461 private:
462  int retry_count;
463 
464 public:
465  void SetRetryCount(int retryCount);
466 
467 public:
468  void SetVerificationTime(time_t);
469 
470 private:
471  time_t verificationtime;
472  bool verifyac(X509 *, X509 *, AC*, time_t, voms&);
473 
474 public:
475  bool LoadCredentials(X509*, EVP_PKEY *, STACK_OF(X509) *);
476  bool ContactRESTRaw(const std::string&, int, const std::string&, std::string&, int, int);
477 
478 private:
479  bool InterpretOutput(const std::string&, std::string&);
480 
481 private:
482  vomsdatapriv *vdp;
483 };
484 
485 
486 extern "C" {
487 int getVOMSMajorVersionNumber(void);
488 int getVOMSMinorVersionNumber(void);
489 int getVOMSPatchVersionNumber(void);
490 }
491 
492 #endif
std::string custom
Definition: voms_api.h:118
std::string host
Definition: voms_api.h:93
void Order(std::string att)
std::string qualifier
Definition: voms_api.h:70
bool Export(std::string &data)
int getVOMSMajorVersionNumber(void)
std::string signature
Definition: voms_api.h:107
Definition: voms_api.h:103
std::string uri
Definition: voms_api.h:113
int getVOMSMinorVersionNumber(void)
bool RetrieveFromProxy(recurse_type how)
std::vector< std::string > GetTargets()
std::vector< contactdata > FindByAlias(std::string alias)
std::string ServerErrors(void)
std::string user
Definition: voms_api.h:108
static void SkipSslInitialization()
int getVOMSPatchVersionNumber(void)
void AddTarget(std::string target)
std::vector< std::string > ListTargets(void)
verror_type
Error codes.
Definition: voms_api.h:168
AC * GetAC()
std::string name
Definition: voms_api.h:69
std::vector< attributelist > & GetAttributes()
int siglen
Definition: voms_api.h:106
std::string ErrorMessage(void)
void * gss_cred_id_t
Definition: voms_api.h:47
std::string vo
Definition: voms_api.h:95
std::string serial
Definition: voms_api.h:121
std::string value
Definition: voms_api.h:71
std::string date1
Definition: voms_api.h:114
int version
Definition: voms_api.h:105
verify_type
Definition: voms_api.h:154
void SetVerificationTime(time_t)
std::vector< voms > data
Definition: voms_api.h:377
std::string nick
Definition: voms_api.h:92
verror_type error
Definition: voms_api.h:218
std::string userca
Definition: voms_api.h:109
std::string serverca
Definition: voms_api.h:111
std::string extra_data
Definition: voms_api.h:381
data_type type
Definition: voms_api.h:116
std::string voname
Definition: voms_api.h:112
bool ContactRESTRaw(const std::string &, int, const std::string &, std::string &, int, int)
void ResetTargets(void)
bool ContactRaw(std::string hostname, int port, std::string servsubject, std::string command, std::string &raw, int &version)
vomsdata(std::string voms_dir="", std::string cert_dir="")
std::string cap
Definition: voms_api.h:63
friend int TranslateVOMS(struct vomsdatar *vd, std::vector< voms > &v, int *error)
std::vector< std::string > fqan
Definition: voms_api.h:120
int port
Definition: voms_api.h:96
voms & operator=(const voms &)
recurse_type
Definition: voms_api.h:148
std::vector< contactdata > FindByVO(std::string vo)
bool DefaultData(voms &)
std::string grantor
Definition: voms_api.h:75
std::string contact
Definition: voms_api.h:94
bool LoadCredentials(X509 *, EVP_PKEY *, STACK_OF(X509) *)
bool Import(std::string buffer)
bool RetrieveFromCred(gss_cred_id_t credential, recurse_type how)
bool(* check_sig)(X509 *, void *, verror_type &)
Definition: voms_api.h:195
int version
Definition: voms_api.h:98
void SetLifetime(int lifetime)
std::string server
Definition: voms_api.h:110
std::string workvo
Definition: voms_api.h:380
void * gss_ctx_id_t
Definition: voms_api.h:48
std::string date2
Definition: voms_api.h:115
bool LoadSystemContacts(std::string dir="")
void SetRetryCount(int retryCount)
bool Contact(std::string hostname, int port, std::string servsubject, std::string command)
bool Retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how=RECURSE_CHAIN)
bool LoadUserContacts(std::string dir="")
std::vector< data > std
Definition: voms_api.h:117
std::vector< attribute > attributes
Definition: voms_api.h:76
std::string role
Definition: voms_api.h:62
User&#39;s characteristics: can be repeated. Generic name-value attribute : can be repeated.
Definition: voms_api.h:60
void ResetOrder(void)
std::string group
Definition: voms_api.h:61
bool RetrieveFromCtx(gss_ctx_id_t context, recurse_type how)
data_type
The type of data returned.
Definition: voms_api.h:82
void SetVerificationType(verify_type how)