Go to the source code of this file.
Data Structures | |
| struct | GRSTgaclCred |
| struct | GRSTgaclEntry |
| struct | GRSTgaclAcl |
| struct | GRSTgaclUser |
| struct | GRSTasn1TagList |
| struct | GRSTx509Cert |
| struct | GRSTx509Chain |
| struct | GRSThtcpCountstr |
| struct | GRSThtcpMessage |
| struct | GRSThttpCharsList |
| struct | GRSThttpBody |
Typedefs | |
| typedef int | GRSTgaclAction |
| typedef unsigned int | GRSTgaclPerm |
Functions | |
| __attribute__ ((deprecated)) typedef struct | |
| int | GRSTx509CertLoad (GRSTx509Cert *, X509 *) |
| int | GRSTx509ChainLoad (GRSTx509Chain **chain, STACK_OF(X509)*certstack, X509 *lastcert, char *capath, char *vomsdir) |
| int | GRSTx509ChainLoadCheck (GRSTx509Chain **, STACK_OF(X509)*, X509 *, char *, char *) |
| Check certificate chain for GSI proxy acceptability. | |
| int | GRSTx509ChainFree (GRSTx509Chain *) |
| int | GRSTgaclInit (void) |
| GRSTgaclCred * | GRSTgaclCredCreate (char *, char *) |
| int | GRSTgaclCredFree (GRSTgaclCred *) |
| int | GRSTgaclEntryAddCred (GRSTgaclEntry *, GRSTgaclCred *) |
| int | GRSTgaclEntryDelCred (GRSTgaclEntry *, GRSTgaclCred *) |
| int | GRSTgaclCredCredPrint (GRSTgaclCred *, FILE *) |
| int | GRSTgaclCredCmpAuri (GRSTgaclCred *, GRSTgaclCred *) |
| GRSTgaclEntry * | GRSTgaclEntryNew (void) |
| int | GRSTgaclEntryFree (GRSTgaclEntry *) |
| int | GRSTgaclAclAddEntry (GRSTgaclAcl *, GRSTgaclEntry *) |
| int | GRSTgaclEntryPrint (GRSTgaclEntry *, FILE *) |
| int | GRSTgaclPermPrint (GRSTgaclPerm, FILE *) |
| int | GRSTgaclEntryAllowPerm (GRSTgaclEntry *, GRSTgaclPerm) |
| int | GRSTgaclEntryUnallowPerm (GRSTgaclEntry *, GRSTgaclPerm) |
| int | GRSTgaclEntryDenyPerm (GRSTgaclEntry *, GRSTgaclPerm) |
| int | GRSTgaclEntryUndenyPerm (GRSTgaclEntry *, GRSTgaclPerm) |
| char * | GRSTgaclPermToChar (GRSTgaclPerm) |
| GRSTgaclPerm | GRSTgaclPermFromChar (char *) |
| GRSTgaclAcl * | GRSTgaclAclNew (void) |
| int | GRSTgaclAclFree (GRSTgaclAcl *) |
| int | GRSTgaclAclPrint (GRSTgaclAcl *, FILE *) |
| int | GRSTgaclAclSave (GRSTgaclAcl *, char *) |
| GRSTgaclAcl * | GRSTgaclAclLoadFile (char *) |
| char * | GRSTgaclFileFindAclname (char *) |
| GRSTgaclAcl * | GRSTgaclAclLoadforFile (char *) |
| int | GRSTgaclFileIsAcl (char *) |
| GRSTgaclUser * | GRSTgaclUserNew (GRSTgaclCred *) |
| int | GRSTgaclUserFree (GRSTgaclUser *) |
| int | GRSTgaclUserAddCred (GRSTgaclUser *, GRSTgaclCred *) |
| int | GRSTgaclUserHasCred (GRSTgaclUser *, GRSTgaclCred *) |
| char *int | GRSTgaclUserLoadDNlists (GRSTgaclUser *, char *) |
| GRSTgaclCred * | GRSTgaclUserFindCredtype (GRSTgaclUser *, char *) |
| GRSTgaclUser *int | GRSTgaclUserHasAURI (GRSTgaclUser *, char *) |
| GRSTgaclPerm | GRSTgaclAclTestUser (GRSTgaclAcl *, GRSTgaclUser *) |
| GRSTgaclPerm | GRSTgaclAclTestexclUser (GRSTgaclAcl *, GRSTgaclUser *) |
| char * | GRSThttpUrlDecode (char *) |
| char * | GRSThttpUrlEncode (char *) |
| char * | GRSThttpUrlMildencode (char *) |
| int | GRSTx509NameCmp (char *, char *) |
| Compare X509 Distinguished Name strings. | |
| int | GRSTx509KnownCriticalExts (X509 *) |
| Check critical extensions. | |
| int | GRSTx509IsCA (X509 *) |
| Check if certificate can be used as a CA to sign standard X509 certs. | |
| int | GRSTx509CheckChain (int *, X509_STORE_CTX *) |
| int | GRSTx509VerifyCallback (int, X509_STORE_CTX *) |
| Example VerifyCallback routine. | |
| char X509 | STACK_OF (X509)* |
| char char X509 *char * | GRSTx509CachedProxyFind (char *, char *, char *) |
| Find a proxy file in the proxy cache. | |
| char * | GRSTx509FindProxyFileName (void) |
| Find proxy file name of the current user. | |
| int | GRSTx509MakeProxyCert (char **, FILE *, char *, char *, char *, int) |
| Make a GSI Proxy chain from a request, certificate and private key. | |
| char * | GRSTx509CachedProxyKeyFind (char *, char *, char *, STACK_OF(X509)*) |
| Find a temporary proxy private key file in the proxy cache. | |
| int | GRSTx509ProxyDestroy (char *, char *, char *) |
| Destroy stored GSI proxy files. | |
| int | GRSTx509ProxyGetTimes (char *, char *, char *, time_t *, time_t *) |
| Get start and finish validity times of stored GSI proxy file. | |
| int | GRSTx509CreateProxyRequest (char **, char **, char *) |
| Create a X.509 request for a GSI proxy and its private key. | |
| int | GRSTx509CreateProxyRequestKS (char **reqtxt, char **keytxt, char *ocspurl, int keysize) |
| int | GRSTx509MakeProxyRequest (char **, char *, char *, char *) |
| Create a X.509 request for a GSI proxy and its private key. | |
| int | GRSTx509MakeProxyRequestKS (char **reqtxt, char *proxydir, char *delegation_id, char *user_dn, int keysize) |
| char * | GRSTx509MakeDelegationID (void) |
| Returns a Delegation ID based on hash of GRST_CRED_0, ... | |
| int | GRSTx509StringToChain (STACK_OF(X509)**, char *) |
| Create a stack of X509 certificate from a PEM-encoded string. | |
| char * | GRSTx509MakeProxyFileName (char *, STACK_OF(X509)*) |
| Return the short file name for the given delegation_id and user_dn. | |
| int | GRSTx509CacheProxy (char *, char *, char *, char *) |
| Store a GSI proxy chain in the proxy cache, along with the private key. | |
| int | GRST_is_id_safe (const char *) |
| void | GRSThttpBodyInit (GRSThttpBody *) |
| void | GRSThttpPrintf (GRSThttpBody *, char *,...) |
| int | GRSThttpCopy (GRSThttpBody *, char *) |
| void | GRSThttpWriteOut (GRSThttpBody *) |
| int | GRSThttpPrintHeaderFooter (GRSThttpBody *, char *, char *) |
| int | GRSThttpPrintHeader (GRSThttpBody *, char *) |
| int | GRSThttpPrintFooter (GRSThttpBody *, char *) |
| char * | GRSThttpGetCGI (char *) |
| time_t | GRSTasn1TimeToTimeT (char *, size_t) |
| ASN1 time string (in a char *) to time_t. | |
| int | GRSTasn1SearchTaglist (struct GRSTasn1TagList taglist[], int, char *) |
| int | GRSTasn1ParseDump (BIO *, unsigned char *, long, struct GRSTasn1TagList taglist[], int, int *) |
| int | GRSTasn1GetX509Name (char *, int, char *, char *, struct GRSTasn1TagList taglist[], int) |
| int | GRSThtcpNOPrequestMake (char **, int *, unsigned int) |
| int | GRSThtcpNOPresponseMake (char **, int *, unsigned int) |
| int | GRSThtcpTSTrequestMake (char **, int *, unsigned int, char *, char *, char *) |
| int | GRSThtcpTSTresponseMake (char **, int *, unsigned int, char *, char *, char *) |
| int | GRSThtcpMessageParse (GRSThtcpMessage *, char *, int) |
Variables | |
| int(* | GRSTerrorLogFunc )(char *, int, int, char *,...) |
| GRSTgaclNamevalue | |
| int | |
| size_t | |
| typedef int GRSTgaclAction |
| typedef unsigned int GRSTgaclPerm |
| __attribute__ | ( | (deprecated) | ) |
| int GRST_is_id_safe | ( | const char * | ) |
| int GRSTasn1GetX509Name | ( | char * | , | |
| int | , | |||
| char * | , | |||
| char * | , | |||
| struct GRSTasn1TagList | taglist[], | |||
| int | ||||
| ) |
| int GRSTasn1ParseDump | ( | BIO * | , | |
| unsigned char * | , | |||
| long | , | |||
| struct GRSTasn1TagList | taglist[], | |||
| int | , | |||
| int * | ||||
| ) |
| int GRSTasn1SearchTaglist | ( | struct GRSTasn1TagList | taglist[], | |
| int | , | |||
| char * | ||||
| ) |
| time_t GRSTasn1TimeToTimeT | ( | char * | asn1time, | |
| size_t | len | |||
| ) |
ASN1 time string (in a char *) to time_t.
(Use ASN1_STRING_data() to convert ASN1_GENERALIZEDTIME to char * if necessary)
| int GRSTgaclAclAddEntry | ( | GRSTgaclAcl * | , | |
| GRSTgaclEntry * | ||||
| ) |
| int GRSTgaclAclFree | ( | GRSTgaclAcl * | ) |
| GRSTgaclAcl* GRSTgaclAclLoadFile | ( | char * | ) |
| GRSTgaclAcl* GRSTgaclAclLoadforFile | ( | char * | ) |
| GRSTgaclAcl* GRSTgaclAclNew | ( | void | ) |
| int GRSTgaclAclPrint | ( | GRSTgaclAcl * | , | |
| FILE * | ||||
| ) |
| int GRSTgaclAclSave | ( | GRSTgaclAcl * | , | |
| char * | ||||
| ) |
| GRSTgaclPerm GRSTgaclAclTestexclUser | ( | GRSTgaclAcl * | , | |
| GRSTgaclUser * | ||||
| ) |
| GRSTgaclPerm GRSTgaclAclTestUser | ( | GRSTgaclAcl * | , | |
| GRSTgaclUser * | ||||
| ) |
| int GRSTgaclCredCmpAuri | ( | GRSTgaclCred * | , | |
| GRSTgaclCred * | ||||
| ) |
| GRSTgaclCred* GRSTgaclCredCreate | ( | char * | , | |
| char * | ||||
| ) |
| int GRSTgaclCredCredPrint | ( | GRSTgaclCred * | , | |
| FILE * | ||||
| ) |
| int GRSTgaclCredFree | ( | GRSTgaclCred * | ) |
| int GRSTgaclEntryAddCred | ( | GRSTgaclEntry * | , | |
| GRSTgaclCred * | ||||
| ) |
| int GRSTgaclEntryAllowPerm | ( | GRSTgaclEntry * | , | |
| GRSTgaclPerm | ||||
| ) |
| int GRSTgaclEntryDelCred | ( | GRSTgaclEntry * | , | |
| GRSTgaclCred * | ||||
| ) |
| int GRSTgaclEntryDenyPerm | ( | GRSTgaclEntry * | , | |
| GRSTgaclPerm | ||||
| ) |
| int GRSTgaclEntryFree | ( | GRSTgaclEntry * | ) |
| GRSTgaclEntry* GRSTgaclEntryNew | ( | void | ) |
| int GRSTgaclEntryPrint | ( | GRSTgaclEntry * | , | |
| FILE * | ||||
| ) |
| int GRSTgaclEntryUnallowPerm | ( | GRSTgaclEntry * | , | |
| GRSTgaclPerm | ||||
| ) |
| int GRSTgaclEntryUndenyPerm | ( | GRSTgaclEntry * | , | |
| GRSTgaclPerm | ||||
| ) |
| char* GRSTgaclFileFindAclname | ( | char * | ) |
| int GRSTgaclFileIsAcl | ( | char * | ) |
| int GRSTgaclInit | ( | void | ) |
| GRSTgaclPerm GRSTgaclPermFromChar | ( | char * | ) |
| int GRSTgaclPermPrint | ( | GRSTgaclPerm | , | |
| FILE * | ||||
| ) |
| char* GRSTgaclPermToChar | ( | GRSTgaclPerm | ) |
| int GRSTgaclUserAddCred | ( | GRSTgaclUser * | , | |
| GRSTgaclCred * | ||||
| ) |
| GRSTgaclCred* GRSTgaclUserFindCredtype | ( | GRSTgaclUser * | , | |
| char * | ||||
| ) |
| int GRSTgaclUserFree | ( | GRSTgaclUser * | ) |
| GRSTgaclUser* int GRSTgaclUserHasAURI | ( | GRSTgaclUser * | , | |
| char * | ||||
| ) |
| int GRSTgaclUserHasCred | ( | GRSTgaclUser * | , | |
| GRSTgaclCred * | ||||
| ) |
| char* int GRSTgaclUserLoadDNlists | ( | GRSTgaclUser * | , | |
| char * | ||||
| ) |
| GRSTgaclUser* GRSTgaclUserNew | ( | GRSTgaclCred * | ) |
| int GRSThtcpMessageParse | ( | GRSThtcpMessage * | , | |
| char * | , | |||
| int | ||||
| ) |
| void GRSThttpBodyInit | ( | GRSThttpBody * | ) |
| int GRSThttpCopy | ( | GRSThttpBody * | , | |
| char * | ||||
| ) |
| char* GRSThttpGetCGI | ( | char * | ) |
| void GRSThttpPrintf | ( | GRSThttpBody * | , | |
| char * | , | |||
| ... | ||||
| ) |
| int GRSThttpPrintFooter | ( | GRSThttpBody * | , | |
| char * | ||||
| ) |
| int GRSThttpPrintHeader | ( | GRSThttpBody * | , | |
| char * | ||||
| ) |
| int GRSThttpPrintHeaderFooter | ( | GRSThttpBody * | , | |
| char * | , | |||
| char * | ||||
| ) |
| char* GRSThttpUrlDecode | ( | char * | ) |
| char* GRSThttpUrlEncode | ( | char * | ) |
| char* GRSThttpUrlMildencode | ( | char * | ) |
| void GRSThttpWriteOut | ( | GRSThttpBody * | ) |
| char char X509* char* GRSTx509CachedProxyFind | ( | char * | proxydir, | |
| char * | delegation_id, | |||
| char * | user_dn | |||
| ) |
Find a proxy file in the proxy cache.
Returns the full path and file name of proxy file associated with given delegation ID and user DN.
Return a pointer to a malloc'd string with the full path of the proxy file corresponding to the given delegation_id, or NULL if not found.
| char* GRSTx509CachedProxyKeyFind | ( | char * | proxydir, | |
| char * | delegation_id, | |||
| char * | user_dn, | |||
| STACK_OF(X509)* | certstack | |||
| ) |
Find a temporary proxy private key file in the proxy cache.
Returns the full path and file name of the private key file associated with given delegation ID and user DN.
Return a pointer to a malloc'd string with the full path of the private proxy key corresponding to the given delegation_id, or NULL if not found.
| int GRSTx509CacheProxy | ( | char * | proxydir, | |
| char * | delegation_id, | |||
| char * | user_dn, | |||
| char * | proxychain | |||
| ) |
Store a GSI proxy chain in the proxy cache, along with the private key.
Returns GRST_RET_OK on success, non-zero otherwise. The existing private key with the same delegation ID and user DN is moved out of the temporary cache.
| int GRSTx509CertLoad | ( | GRSTx509Cert * | , | |
| X509 * | ||||
| ) |
| int GRSTx509ChainFree | ( | GRSTx509Chain * | ) |
| int GRSTx509ChainLoad | ( | GRSTx509Chain ** | chain, | |
| STACK_OF(X509)* | certstack, | |||
| X509 * | lastcert, | |||
| char * | capath, | |||
| char * | vomsdir | |||
| ) |
| int GRSTx509ChainLoadCheck | ( | GRSTx509Chain ** | chain, | |
| STACK_OF(X509)* | certstack, | |||
| X509 * | lastcert, | |||
| char * | capath, | |||
| char * | vomsdir | |||
| ) |
Check certificate chain for GSI proxy acceptability.
Returns GRST_RET_OK if valid; caNl errors otherwise.
The GridSite version handles old and new style Globus proxies, and proxies derived from user certificates issued with "X509v3 Basic Constraints: CA:FALSE" (eg UK e-Science CA)
TODO: we do not yet check ProxyCertInfo and ProxyCertPolicy extensions (although via GRSTx509KnownCriticalExts() we can accept them.)
| int GRSTx509CreateProxyRequest | ( | char ** | , | |
| char ** | , | |||
| char * | ||||
| ) |
Create a X.509 request for a GSI proxy and its private key.
Returns GRST_RET_OK on success, non-zero otherwise. Request string and private key are PEM encoded strings
| char* GRSTx509FindProxyFileName | ( | void | ) |
Find proxy file name of the current user.
Return a string with the proxy file name or NULL if not present. This function does not check if the proxy has expired.
| int GRSTx509IsCA | ( | X509 * | cert | ) |
Check if certificate can be used as a CA to sign standard X509 certs.
Return GRST_RET_OK if true; GRST_RET_FAILED if not.
| int GRSTx509KnownCriticalExts | ( | X509 * | cert | ) |
Check critical extensions.
Returning GRST_RET_OK if all of extensions are known to us or OpenSSL; GRST_REF_FAILED otherwise.
Since this function relies on functionality (X509_supported_extension) introduced in 0.9.7, then we do nothing and report an error (GRST_RET_FAILED) if one of the associated defines (X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) is absent.
| char* GRSTx509MakeDelegationID | ( | void | ) |
Returns a Delegation ID based on hash of GRST_CRED_0, ...
Returns a malloc'd string with Delegation ID made by SHA1-hashing the values of the compact credentials exported by mod_gridsite
| int GRSTx509MakeProxyCert | ( | char ** | proxychain, | |
| FILE * | debugfp, | |||
| char * | reqtxt, | |||
| char * | cert, | |||
| char * | key, | |||
| int | minutes | |||
| ) |
Make a GSI Proxy chain from a request, certificate and private key.
The proxy chain is returned in *proxychain. If debugfp is non-NULL, errors are output to that file pointer. The proxy will expired in the given number of minutes starting from the current time.
| char* GRSTx509MakeProxyFileName | ( | char * | delegation_id, | |
| STACK_OF(X509)* | certstack | |||
| ) |
Return the short file name for the given delegation_id and user_dn.
Returns a malloc'd string with the short file name (no paths) that derived from the hashed delegation_id and user_dn
File name is SHA1_HASH(DelegationID)+"-"+SHA1_HASH(DN) where DN is DER encoded version of user_dn with any trailing CN=proxy removed Hashes are the most significant 8 bytes, in lowercase hexadecimal.
| int GRSTx509MakeProxyRequest | ( | char ** | , | |
| char * | , | |||
| char * | , | |||
| char * | ||||
| ) |
Create a X.509 request for a GSI proxy and its private key.
Returns GRST_RET_OK on success, non-zero otherwise. Request string and private key are PEM encoded strings
| int GRSTx509MakeProxyRequestKS | ( | char ** | reqtxt, | |
| char * | proxydir, | |||
| char * | delegation_id, | |||
| char * | user_dn, | |||
| int | keysize | |||
| ) |
| int GRSTx509NameCmp | ( | char * | a, | |
| char * | b | |||
| ) |
Compare X509 Distinguished Name strings.
This function attempts to do with string representations what would ideally be done with OIDs/values. In particular, we equate "/Email=" == "/emailAddress=" to deal with this important change between OpenSSL 0.9.6 and 0.9.7. Other than that, it is currently the same as ordinary strcasecmp(3) (for consistency with EDG/LCG/EGEE gridmapdir case insensitivity.)
| int GRSTx509ProxyDestroy | ( | char * | proxydir, | |
| char * | delegation_id, | |||
| char * | user_dn | |||
| ) |
Destroy stored GSI proxy files.
Returns GRST_RET_OK on success, non-zero otherwise. (Including GRST_RET_NO_SUCH_FILE if the private key or cert chain were not found.)
| int GRSTx509ProxyGetTimes | ( | char * | proxydir, | |
| char * | delegation_id, | |||
| char * | user_dn, | |||
| time_t * | start, | |||
| time_t * | finish | |||
| ) |
Get start and finish validity times of stored GSI proxy file.
Returns GRST_RET_OK on success, non-zero otherwise. (Including GRST_RET_NO_SUCH_FILE if the cert chain was not found.)
| int GRSTx509StringToChain | ( | STACK_OF(X509)** | certstack, | |
| char * | certstring | |||
| ) |
Create a stack of X509 certificate from a PEM-encoded string.
Creates a dynamically allocated stack of X509 certificate objects by walking through the PEM-encoded X509 certificates.
Returns GRST_RET_OK on success, non-zero otherwise.
| char STACK_OF | ( | X509 | ) |
| int(* GRSTerrorLogFunc)(char *, int, int, char *,...) |
1.6.1