ROOT_528-00b_version: net/xrootd/src/xrootd/src/XrdSecssl/libsslGridSite/gridsite.h Source File

00001 /*
00002    Copyright (c) 2002-7, Andrew McNab, University of Manchester
00003    All rights reserved.
00004 
00005    Redistribution and use in source and binary forms, with or
00006    without modification, are permitted provided that the following
00007    conditions are met:
00008 
00009      o Redistributions of source code must retain the above
00010        copyright notice, this list of conditions and the following
00011        disclaimer. 
00012      o Redistributions in binary form must reproduce the above
00013        copyright notice, this list of conditions and the following
00014        disclaimer in the documentation and/or other materials
00015        provided with the distribution. 
00016 
00017    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
00018    CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
00019    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
00020    MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
00021    DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
00022    BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
00023    EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
00024    TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
00025    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
00026    ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
00027    OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
00028    OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
00029    POSSIBILITY OF SUCH DAMAGE.
00030 */
00031 
00032 /*---------------------------------------------------------------*
00033  * For more about GridSite: http://www.gridsite.org/             *
00034  *---------------------------------------------------------------*/
00035 
00036 #ifdef __cplusplus
00037 extern "C" {
00038 #endif
00039 
00040 #ifndef GRST_VERSION
00041 #define GRST_VERSION 010500
00042 #endif
00043 
00044 #ifndef GRST_NO_OPENSSL
00045 
00046 #ifndef HEADER_SSL_H
00047 #include <openssl/ssl.h>
00048 #endif
00049 
00050 #ifndef HEADER_CRYPTO_H
00051 #include <openssl/crypto.h>
00052 #endif
00053 #endif
00054 
00055 #ifndef _TIME_H
00056 #include <time.h>
00057 #endif
00058 
00059 #ifndef _STDIO_H
00060 #include <stdio.h>
00061 #endif
00062 
00063 #ifndef FALSE
00064 #define FALSE (0)
00065 #endif
00066 #ifndef TRUE
00067 #define TRUE (!FALSE)
00068 #endif
00069 
00070 // Everything ok (= OpenSSL X509_V_OK)
00071 #define GRST_RET_OK             0
00072 
00073 // Failed for unspecified reason
00074 #define GRST_RET_FAILED         1000
00075 
00076 // Failed to find certificate in some cert store / directory
00077 #define GRST_RET_CERT_NOT_FOUND 1001
00078 
00079 // Bad signature
00080 #define GRST_RET_BAD_SIGNATURE  1002
00081 
00082 // No such file or directory
00083 #define GRST_RET_NO_SUCH_FILE   1003
00084 
00085 
00086 // #define GRSTerrorLog(GRSTerrorLevel, GRSTerrorFmt, ...) if (GRSTerrorLogFunc != NULL) (GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, GRSTerrorFmt, __VA_ARGS__)
00087 
00088 #define GRSTerrorLog(GRSTerrorLevel, ...) if (GRSTerrorLogFunc != NULL) (GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, __VA_ARGS__)
00089 
00090 extern void (*GRSTerrorLogFunc)(char *, int, int, char *, ...);
00091 
00092 /* these levels are the same as Unix syslog() and Apache ap_log_error() */
00093 
00094 #define GRST_LOG_EMERG   0
00095 #define GRST_LOG_ALERT   1
00096 #define GRST_LOG_CRIT    2
00097 #define GRST_LOG_ERR     3
00098 #define GRST_LOG_WARNING 4
00099 #define GRST_LOG_NOTICE  5
00100 #define GRST_LOG_INFO    6
00101 #define GRST_LOG_DEBUG   7
00102 
00103 #define GRST_MAX_TIME_T  INT32_MAX
00104 
00105 typedef struct { char                      *auri;
00106                  int                        delegation;
00107                  int                        nist_loa;
00108                  time_t                     notbefore;
00109                  time_t                     notafter;
00110                  void                      *next;     } GRSTgaclCred;
00111 
00112 /* used by pre-AURI GRSTgaclCred structs */ 
00113 typedef struct { char                      *name;
00114                  char                      *value;
00115                  void                      *next;  } GRSTgaclNamevalue;
00116 
00117 typedef int                GRSTgaclAction;
00118 typedef int                GRSTgaclPerm;
00119  
00120 typedef struct { GRSTgaclCred   *firstcred;
00121                  GRSTgaclPerm    allowed;
00122                  GRSTgaclPerm    denied;
00123                  void           *next;    } GRSTgaclEntry;
00124  
00125 typedef struct { GRSTgaclEntry *firstentry; } GRSTgaclAcl;
00126  
00127 typedef struct { GRSTgaclCred *firstcred; char *dnlists; } GRSTgaclUser;
00128 
00129 #define GRST_PERM_NONE   0
00130 #define GRST_PERM_READ   1
00131 #define GRST_PERM_EXEC   2
00132 #define GRST_PERM_LIST   4
00133 #define GRST_PERM_WRITE  8
00134 #define GRST_PERM_ADMIN 16
00135 #define GRST_PERM_ALL   31
00136 
00137 /* DO NOT USE PermIsNone!! */
00138 #define GRSTgaclPermIsNone(perm)    ((perm) == 0)
00139 
00140 #define GRSTgaclPermHasNone(perm)    ((perm) == 0)
00141 #define GRSTgaclPermHasRead(perm)  (((perm) & GRST_PERM_READ ) != 0)
00142 #define GRSTgaclPermHasExec(perm)  (((perm) & GRST_PERM_EXEC ) != 0)
00143 #define GRSTgaclPermHasList(perm)  (((perm) & GRST_PERM_LIST ) != 0)
00144 #define GRSTgaclPermHasWrite(perm) (((perm) & GRST_PERM_WRITE) != 0)
00145 #define GRSTgaclPermHasAdmin(perm) (((perm) & GRST_PERM_ADMIN) != 0)
00146 
00147 #define GRST_ACTION_ALLOW 0
00148 #define GRST_ACTION_DENY  1
00149 
00150 #define GRST_HIST_PREFIX  ".grsthist"
00151 #define GRST_ACL_FILE     ".gacl"
00152 #define GRST_DN_LISTS     "/etc/grid-security/dn-lists"
00153 #define GRST_RECURS_LIMIT 9
00154 
00155 #define GRST_PROXYCERTINFO_OID  "1.3.6.1.4.1.3536.1.222"
00156 #define GRST_PROXYCERTNEWINFO_OID "1.3.6.1.5.5.7.1.14"
00157 #define GRST_VOMS_OID           "1.3.6.1.4.1.8005.100.100.5"
00158 #define GRST_VOMS_DIR           "/etc/grid-security/vomsdir"
00159 
00160 #define GRST_ASN1_MAXCOORDLEN   50
00161 #define GRST_ASN1_MAXTAGS       500
00162 
00163 struct GRSTasn1TagList { char treecoords[GRST_ASN1_MAXCOORDLEN+1];
00164                          int  start;
00165                          int  headerlength;
00166                          int  length;
00167                          int  tag; } ;
00168 
00169 typedef struct { int    type;           /* CA, user, proxy, VOMS, ... */
00170                  int    errors;         /* unchecked, bad sig, bad time */
00171                  char   *issuer;        /* Cert CA DN, EEC of PC, or VOMS DN */
00172                  char   *dn;            /* Cert DN, or VOMS AC holder DN */
00173                  char   value[16384];   /* VOMS FQAN or NULL */
00174                  time_t notbefore;
00175                  time_t notafter;
00176                  int    delegation;     /* relative to END of any chain */
00177                  int    serial;
00178                  char   *ocsp;          /* accessLocation field */
00179                  void   *raw;           /* X509 or VOMS Extension object */
00180                  void   *next; } GRSTx509Cert;
00181 
00182 #define GRST_CERT_BAD_FORMAT 1
00183 #define GRST_CERT_BAD_CHAIN  2
00184 #define GRST_CERT_BAD_SIG    4
00185 #define GRST_CERT_BAD_TIME   8
00186 #define GRST_CERT_BAD_OCSP  16
00187 
00188 #define GRST_CERT_TYPE_CA    1
00189 #define GRST_CERT_TYPE_EEC   2
00190 #define GRST_CERT_TYPE_PROXY 3
00191 #define GRST_CERT_TYPE_VOMS  4
00192 
00193 /* a chain of certs, starting from the first CA */
00194 typedef struct { GRSTx509Cert *firstcert; } GRSTx509Chain;
00195 
00196 #ifndef GRST_NO_OPENSSL
00197 int GRSTx509CertLoad(GRSTx509Cert *, X509 *);
00198 int GRSTx509ChainLoadCheck(GRSTx509Chain **, STACK_OF(X509) *, X509 *, char *, char *);
00199 #endif
00200 int GRSTx509ChainFree(GRSTx509Chain *);
00201 
00202 #define GRST_HTTP_PORT          777
00203 #define GRST_HTTPS_PORT         488
00204 #define GRST_HTCP_PORT          777
00205 #define GRST_GSIFTP_PORT        2811
00206                          
00207 #define GRSThtcpNOPop 0
00208 #define GRSThtcpTSTop 1
00209 
00210 typedef struct { unsigned char length_msb;
00211                  unsigned char length_lsb;
00212                  char text[1]; } GRSThtcpCountstr;
00213 
00214 #define GRSThtcpCountstrLen(string) (256*((string)->length_msb) + (string)->length_lsb)
00215 
00216 typedef struct { unsigned char total_length_msb;
00217                  unsigned char total_length_lsb;
00218                  unsigned char version_msb;
00219                  unsigned char version_lsb;
00220                  unsigned char data_length_msb;
00221                  unsigned char data_length_lsb;
00222                  unsigned int  response : 4;
00223                  unsigned int  opcode   : 4;
00224                  unsigned int  rr       : 1;                 
00225                  unsigned int  f1       : 1;
00226                  unsigned int  reserved : 6;
00227                  unsigned int  trans_id;        /* must be 4 bytes */
00228                  GRSThtcpCountstr *method;
00229                  GRSThtcpCountstr *uri;
00230                  GRSThtcpCountstr *version;
00231                  GRSThtcpCountstr *req_hdrs;
00232                  GRSThtcpCountstr *resp_hdrs;
00233                  GRSThtcpCountstr *entity_hdrs;
00234                  GRSThtcpCountstr *cache_hdrs;   } GRSThtcpMessage;
00235 
00236 int GRSTgaclInit(void);
00237 
00238 GRSTgaclCred *GRSTgaclCredNew(char *);
00239 
00240 GRSTgaclCred *GRSTgaclCredCreate(char *, char *);
00241 
00242 int     GRSTgaclCredAddValue(GRSTgaclCred *, char *, char *);
00243 
00244 #define GRSTgaclCredGetAuri(cred) ((cred)->auri)
00245 
00246 #define GRSTgaclCredSetNotBefore(cred, time) ((cred)->notbefore = (time))
00247 #define GRSTgaclCredGetNotBefore(cred) ((cred)->notbefore)
00248 
00249 #define GRSTgaclCredSetNotAfter(cred, time) ((cred)->notafter = (time))
00250 #define GRSTgaclCredGetNotAfter(cred) ((cred)->notafter)
00251 
00252 #define GRSTgaclCredSetDelegation(cred, level) ((cred)->delegation = (level))
00253 #define GRSTgaclCredGetDelegation(cred) ((cred)->delegation)
00254 
00255 #define GRSTgaclCredSetNistLoa(cred, level) ((cred)->nist_loa = (level))
00256 #define GRSTgaclCredGetNistLoa(cred) ((cred)->nist_loa)
00257 
00258 /* #define GACLfreeCred(x)              GRSTgaclCredFree((x)) */
00259 int        GRSTgaclCredFree(GRSTgaclCred *);
00260 
00261 /*  #define GACLaddCred(x,y)    GRSTgaclEntryAddCred((x),(y)) */
00262 int        GRSTgaclEntryAddCred(GRSTgaclEntry *, GRSTgaclCred *);
00263 
00264 /*  #define GACLdelCred(x,y)    GRSTgaclEntryDelCred((x),(y)) */
00265 int        GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *);
00266 
00267 /*  #define GACLprintCred(x,y)  GRSTgaclCredPrint((x),(y)) */
00268 int        GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *);
00269 
00270 int        GRSTgaclCredCmpAuri(GRSTgaclCred *, GRSTgaclCred *);
00271 
00272 /*  #define GACLnewEntry(x)             GRSTgaclEntryNew((x)) */
00273 GRSTgaclEntry *GRSTgaclEntryNew(void);
00274 
00275 /*  #define GACLfreeEntry(x)    GRSTgaclEntryFree((x)) */
00276 int        GRSTgaclEntryFree(GRSTgaclEntry *);
00277 
00278 /*  #define GACLaddEntry(x,y)   GRSTgaclAclAddEntry((x),(y)) */
00279 int        GRSTgaclAclAddEntry(GRSTgaclAcl *, GRSTgaclEntry *);
00280 
00281 /*  #define GACLprintEntry(x,y) GRSTgaclEntryPrint((x),(y)) */
00282 int        GRSTgaclEntryPrint(GRSTgaclEntry *, FILE *);
00283 
00284 
00285 /*  #define GACLprintPerm(x,y)  GRSTgaclPermPrint((x),(y)) */
00286 int        GRSTgaclPermPrint(GRSTgaclPerm, FILE *);
00287 
00288 /*  #define GACLallowPerm(x,y)  GRSTgaclEntryAllowPerm((x),(y)) */
00289 int        GRSTgaclEntryAllowPerm(GRSTgaclEntry *, GRSTgaclPerm);
00290 
00291 /*  #define GACLunallowPerm(x,y)        GRSTgaclEntryUnallowPerm((x),(y)) */
00292 int        GRSTgaclEntryUnallowPerm(GRSTgaclEntry *, GRSTgaclPerm);
00293 
00294 /*  #define GACLdenyPerm(x,y)   GRSTgaclEntryDenyPerm((x),(y)) */
00295 int        GRSTgaclEntryDenyPerm(GRSTgaclEntry *, GRSTgaclPerm);
00296 
00297 /*  #define GACLundenyPerm(x,y) GRSTgaclEntryUndenyPerm((x),(y)) */
00298 int        GRSTgaclEntryUndenyPerm(GRSTgaclEntry *, GRSTgaclPerm);
00299 
00300 /*  #define GACLpermToChar(x)   GRSTgaclPermToChar((x)) */
00301 char      *GRSTgaclPermToChar(GRSTgaclPerm);
00302 
00303 /*  #define GACLcharToPerm(x)   GRSTgaclPermFromChar((x)) */
00304 GRSTgaclPerm   GRSTgaclPermFromChar(char *);
00305 
00306 /*  #define GACLnewAcl(x)               GRSTgaclAclNew((x)) */
00307 GRSTgaclAcl   *GRSTgaclAclNew(void);
00308 
00309 /*  #define GACLfreeAcl(x)              GRSTgaclAclFree((x)) */
00310 int        GRSTgaclAclFree(GRSTgaclAcl *);
00311 
00312 /*  #define GACLprintAcl(x,y)   GRSTgaclAclPrint((x),(y)) */
00313 int        GRSTgaclAclPrint(GRSTgaclAcl *, FILE *);
00314 
00315 /*  #define GACLsaveAcl(x,y)    GRSTgaclAclSave((y),(x)) */
00316 int        GRSTgaclAclSave(GRSTgaclAcl *, char *);
00317 
00318 /*  #define GACLloadAcl(x)              GRSTgaclFileLoadAcl((x)) */
00319 GRSTgaclAcl   *GRSTgaclAclLoadFile(char *);
00320 
00321 /*  #define GACLfindAclForFile(x)       GRSTgaclFileFindAclname((x)) */
00322 char      *GRSTgaclFileFindAclname(char *);
00323 
00324 /*  #define GACLloadAclForFile(x)       GRSTgaclFileLoadAcl((x)) */
00325 GRSTgaclAcl   *GRSTgaclAclLoadforFile(char *);
00326 
00327 /*  #define GACLisAclFile(x)    GRSTgaclFileIsAcl((x)) */
00328 int        GRSTgaclFileIsAcl(char *);
00329 
00330 
00331 /*  #define GACLnewUser(x)              GRSTgaclUserNew((x)) */
00332 GRSTgaclUser *GRSTgaclUserNew(GRSTgaclCred *);
00333 
00334 /*  #define GACLfreeUser(x)             GRSTgaclUserFree((x)) */
00335 int       GRSTgaclUserFree(GRSTgaclUser *);
00336 
00337 /*  #define GACLuserAddCred(x,y)        GRSTgaclUserAddCred((x),(y)) */
00338 int       GRSTgaclUserAddCred(GRSTgaclUser *, GRSTgaclCred *);
00339 
00340 /*  #define GACLuserHasCred(x,y)        GRSTgaclUserHasCred((x),(y)) */
00341 int       GRSTgaclUserHasCred(GRSTgaclUser *, GRSTgaclCred *);
00342 
00343 int       GRSTgaclUserSetDNlists(GRSTgaclUser *, char *);
00344 
00345 int       GRSTgaclUserLoadDNlists(GRSTgaclUser *, char *);
00346 
00347 /*  #define GACLuserFindCredType(x,y) GRSTgaclUserFindCredtype((x),(y)) */
00348 GRSTgaclCred *GRSTgaclUserFindCredtype(GRSTgaclUser *, char *);
00349 
00350 int GRSTgaclDNlistHasUser(char *, GRSTgaclUser *);
00351 
00352 int GRSTgaclUserHasAURI(GRSTgaclUser *, char *);
00353 
00354 /*  #define GACLtestUserAcl(x,y)        GRSTgaclAclTestUser((x),(y)) */
00355 GRSTgaclPerm   GRSTgaclAclTestUser(GRSTgaclAcl *, GRSTgaclUser *);
00356 
00357 /*  #define GACLtestExclAcl(x,y)        GRSTgaclAclTestexclUser((x),(y)) */
00358 GRSTgaclPerm   GRSTgaclAclTestexclUser(GRSTgaclAcl *, GRSTgaclUser *);
00359 
00360 char      *GRSThttpUrlDecode(char *);
00361 
00362 /*  #define GACLurlEncode(x)    GRSThttpUrlEncode((x)) */
00363 char      *GRSThttpUrlEncode(char *);
00364 
00365 /*  #define GACLmildUrlEncode(x)        GRSThttpMildUrlEncode((x)) */
00366 char      *GRSThttpUrlMildencode(char *);
00367 
00368 int GRSTx509NameCmp(char *, char *);
00369 
00370 #ifndef GRST_NO_OPENSSL
00371 int GRSTx509KnownCriticalExts(X509 *);
00372 
00373 int GRSTx509IsCA(X509 *);
00374 int GRSTx509CheckChain(int *, X509_STORE_CTX *);
00375 int GRSTx509VerifyCallback(int, X509_STORE_CTX *);
00376 
00377 int GRSTx509GetVomsCreds(int *, int, size_t, char *, X509 *, STACK_OF(X509) *, char *);
00378 
00379 GRSTgaclCred *GRSTx509CompactToCred(char *);
00380 
00381 int GRSTx509CompactCreds(int *, int, size_t, char *, STACK_OF(X509) *, char *, X509 *);
00382 #endif 
00383 
00384 char *GRSTx509CachedProxyFind(char *, char *, char *);
00385 char *GRSTx509FindProxyFileName(void);
00386 int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int);
00387 char *GRSTx509CachedProxyKeyFind(char *, char *, char *);
00388 int GRSTx509ProxyDestroy(char *, char *, char *);
00389 int GRSTx509ProxyGetTimes(char *, char *, char *, time_t *, time_t *);
00390 int GRSTx509CreateProxyRequest(char **, char **, char *);
00391 int GRSTx509MakeProxyRequest(char **, char *, char *, char *);
00392 
00393 char *GRSTx509MakeDelegationID(void);
00394 
00395 #ifndef GRST_NO_OPENSSL
00396 int GRSTx509StringToChain(STACK_OF(X509) **, char *);
00397 char *GRSTx509MakeProxyFileName(char *, STACK_OF(X509) *);
00398 #endif
00399 
00400 int GRSTx509CacheProxy(char *, char *, char *, char *);
00401 
00402 #define GRST_HEADFILE   "gridsitehead.txt"
00403 #define GRST_FOOTFILE   "gridsitefoot.txt"
00404 #define GRST_ADMIN_FILE "gridsite-admin.cgi"
00405 
00406 typedef struct { char *text;
00407                  void *next; } GRSThttpCharsList;
00408 
00409 typedef struct { size_t             size;
00410                  GRSThttpCharsList *first;
00411                  GRSThttpCharsList *last;  } GRSThttpBody;
00412 
00413 void  GRSThttpBodyInit(GRSThttpBody *); 
00414 void  GRSThttpPrintf(GRSThttpBody *, char *, ...);
00415 int   GRSThttpCopy(GRSThttpBody *, char *);
00416 void  GRSThttpWriteOut(GRSThttpBody *);
00417 int   GRSThttpPrintHeaderFooter(GRSThttpBody *, char *, char *);
00418 int   GRSThttpPrintHeader(GRSThttpBody *, char *);
00419 int   GRSThttpPrintFooter(GRSThttpBody *, char *);
00420 char *GRSThttpGetCGI(char *);
00421 
00422 time_t GRSTasn1TimeToTimeT(unsigned char *, size_t);
00423 int    GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[], int, char *);
00424 #ifndef GRST_NO_OPENSSL
00425 int    GRSTasn1ParseDump(BIO *, unsigned char *, long,
00426                          struct GRSTasn1TagList taglist[], int, int *);
00427 #endif
00428 int    GRSTasn1GetX509Name(char *, int, char *, char *,
00429                            struct GRSTasn1TagList taglist[], int);
00430 
00431 int    GRSThtcpNOPrequestMake(char **, int *, unsigned int);
00432 int    GRSThtcpNOPresponseMake(char **, int *, unsigned int);
00433 int    GRSThtcpTSTrequestMake(char **, int *, unsigned int, char *, char *, char *);
00434 int    GRSThtcpTSTresponseMake(char **, int *, unsigned int, char *, char *, char *);
00435 int    GRSThtcpMessageParse(GRSThtcpMessage *, char *, int);
00436 
00437 #ifdef __cplusplus
00438 }
00439 #endif