Grid Community Toolkit  6.2.1629922860 (tag: v6.2.20210826)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
globus_i_gsi_gss_utils.h
1 /*
2  * Copyright 1999-2006 University of Chicago
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef GLOBUS_I_GSI_GSS_UTILS_H
18 #define GLOBUS_I_GSI_GSS_UTILS_H
19 
20 #ifndef GLOBUS_DONT_DOCUMENT_INTERNAL
21 
25 #endif
26 
27 #include "gssapi.h"
28 #include "gssapi_openssl.h"
29 
30 /* ERROR MACROS */
31 
32 #define GLOBUS_GSI_GSSAPI_ERROR_RESULT(_MIN_RESULT_, _MIN_, \
33  _ERRSTR_) \
34  if (_MIN_RESULT_ != NULL) \
35  { \
36  char * tmpstr = \
37  globus_common_create_string _ERRSTR_; \
38  *_MIN_RESULT_ = (OM_uint32) globus_i_gsi_gssapi_error_result( \
39  _MIN_, __FILE__, __func__, \
40  __LINE__, tmpstr, NULL); \
41  globus_libc_free(tmpstr); \
42  }
43 
44 #define GLOBUS_GSI_GSSAPI_OPENSSL_ERROR_RESULT(_MIN_RESULT_, \
45  _ERRORTYPE_, _ERRORSTR_) \
46  { \
47  char * tmpstr = \
48  globus_common_create_string _ERRORSTR_; \
49  *_MIN_RESULT_ = \
50  (OM_uint32) globus_i_gsi_gssapi_openssl_error_result( \
51  _ERRORTYPE_, __FILE__, __func__, __LINE__, tmpstr, NULL); \
52  globus_libc_free(tmpstr); \
53  }
54 
55 #define GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(_MIN_RESULT_, _TOP_RESULT_, \
56  _ERRORTYPE_) \
57  *_MIN_RESULT_ = (OM_uint32) globus_i_gsi_gssapi_error_chain_result( \
58  (globus_result_t)_TOP_RESULT_, \
59  _ERRORTYPE_, __FILE__, \
60  __func__, __LINE__, NULL, NULL)
61 
62 #define GLOBUS_GSI_GSSAPI_LONG_ERROR_RESULT(_MIN_RESULT_, _MIN_, \
63  _ERRSTR_, _LONG_DESC_) \
64  { \
65  char * tmpstr = \
66  globus_common_create_string _ERRSTR_; \
67  *_MIN_RESULT_ = (OM_uint32) globus_i_gsi_gssapi_error_result( \
68  _MIN_, __FILE__, __func__, \
69  __LINE__, tmpstr, _LONG_DESC_); \
70  globus_libc_free(tmpstr); \
71  }
72 
73 #define GLOBUS_GSI_GSSAPI_OPENSSL_LONG_ERROR_RESULT(_MIN_RESULT_, \
74  _ERRORTYPE_, \
75  _ERRORSTR_, \
76  _LONG_DESC_) \
77  { \
78  char * tmpstr = \
79  globus_common_create_string _ERRORSTR_; \
80  *_MIN_RESULT_ = \
81  (OM_uint32) globus_i_gsi_gssapi_openssl_error_result( \
82  _ERRORTYPE_, __FILE__, __func__, \
83  __LINE__, tmpstr, _LONG_DESC_); \
84  globus_libc_free(tmpstr); \
85  }
86 
87 #define GLOBUS_GSI_GSSAPI_LONG_ERROR_CHAIN_RESULT(_MIN_RESULT_, _TOP_RESULT_, \
88  _ERRORTYPE_, _LONG_DESC_) \
89  *_MIN_RESULT_ = (OM_uint32) globus_i_gsi_gssapi_error_chain_result( \
90  (globus_result_t)_TOP_RESULT_, \
91  _ERRORTYPE_, __FILE__, \
92  __func__, __LINE__, NULL, _LONG_DESC_)
93 
94 #define GLOBUS_GSI_GSSAPI_MALLOC_ERROR(_MIN_RESULT_) \
95  { \
96  char * _tmp_str_ = \
97  globus_l_gsi_gssapi_error_strings[ \
98  GLOBUS_GSI_GSSAPI_ERROR_OUT_OF_MEMORY]; \
99  *_MIN_RESULT_ = (OM_uint32) globus_error_put( \
100  globus_error_wrap_errno_error( \
101  GLOBUS_GSI_GSSAPI_MODULE, \
102  errno, \
103  GLOBUS_GSI_GSSAPI_ERROR_OUT_OF_MEMORY, \
104  __FILE__, \
105  __func__, \
106  __LINE__, \
107  "%s", \
108  _tmp_str_)); \
109  }
110 
111 
112 /* DEBUG MACROS */
113 
114 extern int globus_i_gsi_gssapi_debug_level;
115 extern FILE * globus_i_gsi_gssapi_debug_fstream;
116 extern globus_mutex_t globus_i_gssapi_activate_mutex;
117 extern globus_bool_t globus_i_gssapi_active;
118 
119 
120 #ifdef BUILD_DEBUG
121 
122 #define GLOBUS_I_GSI_GSSAPI_DEBUG(_LEVEL_) \
123  (globus_i_gsi_gssapi_debug_level >= (_LEVEL_))
124 
125 #define GLOBUS_I_GSI_GSSAPI_DEBUG_FPRINTF(_LEVEL_, _MESSAGE_) \
126 { \
127  if (GLOBUS_I_GSI_GSSAPI_DEBUG(_LEVEL_)) \
128  { \
129  globus_libc_fprintf _MESSAGE_; \
130  } \
131 }
132 
133 #define GLOBUS_I_GSI_GSSAPI_DEBUG_FNPRINTF(_LEVEL_, _MESSAGE_) \
134 { \
135  if (GLOBUS_I_GSI_GSSAPI_DEBUG(_LEVEL_)) \
136  { \
137  char * _tmp_str_ = \
138  globus_common_create_nstring _MESSAGE_; \
139  globus_libc_fprintf(globus_i_gsi_gssapi_debug_fstream, \
140  "%s", _tmp_str_); \
141  globus_libc_free(_tmp_str_); \
142  } \
143 }
144 
145 #define GLOBUS_I_GSI_GSSAPI_DEBUG_PRINT(_LEVEL_, _MESSAGE_) \
146 { \
147  if (GLOBUS_I_GSI_GSSAPI_DEBUG(_LEVEL_)) \
148  { \
149  globus_libc_fprintf( \
150  globus_i_gsi_gssapi_debug_fstream, \
151  "%s", _MESSAGE_); \
152  } \
153 }
154 
155 #define GLOBUS_I_GSI_GSSAPI_DEBUG_PRINT_OBJECT(_LEVEL_, _TYPE_, _OBJ_) \
156 { \
157  if (GLOBUS_I_GSI_GSSAPI_DEBUG(_LEVEL_)) \
158  { \
159  _TYPE_##_print_fp( \
160  globus_i_gsi_gssapi_debug_fstream, \
161  _OBJ_); \
162  } \
163 }
164 
165 #else
166 
167 #define GLOBUS_I_GSI_GSSAPI_DEBUG(_LEVEL_) 0
168 #define GLOBUS_I_GSI_GSSAPI_DEBUG_FPRINTF(_LEVEL_, _MESSAGE_)
169 #define GLOBUS_I_GSI_GSSAPI_DEBUG_FNPRINTF(_LEVEL_, _MESSAGE_)
170 #define GLOBUS_I_GSI_GSSAPI_DEBUG_PRINT(_LEVEL_, _MESSAGE_)
171 #define GLOBUS_I_GSI_GSSAPI_DEBUG_PRINT_OBJECT(_LEVEL,_TYPE_, _OBJ_)
172 
173 #endif
174 
175 #define GLOBUS_I_GSI_GSSAPI_DEBUG_ENTER \
176  GLOBUS_I_GSI_GSSAPI_DEBUG_FPRINTF( \
177  3, (globus_i_gsi_gssapi_debug_fstream, \
178  "%s entering\n", __func__))
179 
180 #define GLOBUS_I_GSI_GSSAPI_DEBUG_EXIT \
181  GLOBUS_I_GSI_GSSAPI_DEBUG_FPRINTF( \
182  3, (globus_i_gsi_gssapi_debug_fstream, \
183  "%s exiting: major_status=%d\n", \
184  __func__, (int)major_status))
185 
186 #define GLOBUS_I_GSI_GSSAPI_INTERNAL_DEBUG_EXIT \
187  GLOBUS_I_GSI_GSSAPI_DEBUG_FPRINTF( \
188  3, (globus_i_gsi_gssapi_debug_fstream, \
189  "%s exiting\n", \
190  __func__))
191 
192 extern int globus_i_gsi_gssapi_min_tls_protocol;
193 extern int globus_i_gsi_gssapi_max_tls_protocol;
194 extern const char * globus_i_gsi_gssapi_cipher_list;
195 extern globus_bool_t globus_i_gsi_gssapi_server_cipher_order;
196 extern uid_t globus_i_gsi_gssapi_vhost_cred_owner;
197 
198 typedef enum
199 {
200  GLOBUS_I_GSI_GSS_DEFAULT_CONTEXT,
201  GLOBUS_I_GSI_GSS_ANON_CONTEXT
202 } globus_i_gsi_gss_context_type_t;
203 
204 OM_uint32
205 globus_i_gsi_gss_copy_name_to_name(
206  OM_uint32 * minor_status,
207  gss_name_desc ** output,
208  const gss_name_desc * input);
209 
210 OM_uint32
211 globus_i_gsi_gss_create_and_fill_context(
212  OM_uint32 * minor_status,
213  gss_ctx_id_desc ** context_handle,
214  gss_OID mech,
215  const gss_name_t target_name,
216  gss_cred_id_desc * cred_handle,
217  const gss_cred_usage_t cred_usage,
218  OM_uint32 req_flags);
219 
220 OM_uint32
221 globus_i_gsi_gss_create_anonymous_cred(
222  OM_uint32 * minor_status,
223  gss_cred_id_t * output_cred_handle,
224  const gss_cred_usage_t cred_usage);
225 
226 OM_uint32
227 globus_i_gsi_gss_cred_read_bio(
228  OM_uint32 * minor_status,
229  const gss_cred_usage_t cred_usage,
230  gss_cred_id_t * cred_id_handle,
231  BIO * bp);
232 
233 OM_uint32
234 globus_i_gsi_gss_cred_read(
235  OM_uint32 * minor_status,
236  const gss_cred_usage_t cred_usage,
237  gss_cred_id_t * cred_handle,
238  const X509_NAME * desired_subject);
239 
240 OM_uint32
241 globus_i_gsi_gss_create_cred(
242  OM_uint32 * minor_status,
243  const gss_cred_usage_t cred_usage,
244  gss_cred_id_t * output_cred_handle_P,
245  globus_gsi_cred_handle_t * cred_handle,
246  globus_bool_t sni_context);
247 
248 int globus_i_gsi_gss_verify_extensions_callback(
249  globus_gsi_callback_data_t callback_data,
250  X509_EXTENSION * extension);
251 
252 OM_uint32
253 globus_i_gsi_gss_handshake(
254  OM_uint32 * minor_status,
255  gss_ctx_id_desc * context_handle);
256 
257 OM_uint32
258 globus_i_gsi_gss_get_token(
259  OM_uint32 * minor_status,
260  const gss_ctx_id_desc * context_handle,
261  BIO * bio,
262  const gss_buffer_t output_token);
263 
264 OM_uint32
265 globus_i_gsi_gss_put_token(
266  OM_uint32 * minor_status,
267  const gss_ctx_id_desc * context_handle,
268  BIO * bio,
269  const gss_buffer_t input_token);
270 
271 OM_uint32
272 globus_i_gsi_gss_retrieve_peer(
273  OM_uint32 * minor_status,
274  gss_ctx_id_desc * context_handle,
275  const gss_cred_usage_t cred_usage);
276 
277 #if LINK_WITH_INTERNAL_OPENSSL_API
278 OM_uint32
279 globus_i_gsi_gss_SSL_write_bio(
280  OM_uint32 * minor_status,
281  gss_ctx_id_desc * context,
282  BIO * bp);
283 
284 OM_uint32
285 globus_i_gsi_gss_SSL_read_bio(
286  OM_uint32 * minor_status,
287  gss_ctx_id_desc * context,
288  BIO * bp);
289 #endif
290 
291 OM_uint32
292 globus_i_gsi_gss_get_context_goodtill(
293  OM_uint32 * minor_status,
294  gss_ctx_id_t context,
295  time_t * goodtill);
296 
297 OM_uint32
298 globus_i_gsi_gssapi_init_ssl_context(
299  OM_uint32 * minor_status,
300  gss_cred_id_t credential,
301  globus_i_gsi_gss_context_type_t anon_ctx,
302  globus_bool_t sni_context);
303 
305 globus_i_gsi_gssapi_openssl_error_result(
306  int error_type,
307  const char * filename,
308  const char * function_name,
309  int line_number,
310  const char * short_desc,
311  const char * long_desc);
312 
314 globus_i_gsi_gssapi_error_result(
315  const OM_uint32 minor_status,
316  const char * filename,
317  const char * function_name,
318  int line_number,
319  const char * short_desc,
320  const char * long_desc);
321 
323 globus_i_gsi_gssapi_error_chain_result(
324  globus_result_t chain_result,
325  int error_type,
326  const char * filename,
327  const char * function_name,
328  int line_number,
329  const char * short_desc,
330  const char * long_desc);
331 
333 globus_i_gsi_gssapi_error_join_chains_result(
334  globus_result_t outer_error,
335  globus_result_t inner_error);
336 
337 OM_uint32
338 globus_i_gsi_gssapi_get_hostname(
339  OM_uint32 * minor_status,
340  gss_name_desc * name);
341 
342 OM_uint32
343 globus_i_gss_read_vhost_cred_dir(
344  OM_uint32 *minor_status,
345  const char *dirname,
346  gss_cred_id_t **output_credentials_array,
347  size_t *output_credentials_array_count);
348 
349 typedef enum
350 {
351  GSS_I_COMPATIBILITY_HYBRID,
352  GSS_I_COMPATIBILITY_STRICT_GT2,
353  GSS_I_COMPATIBILITY_STRICT_RFC2818
354 }
355 gss_i_name_compatibility_mode_t;
356 
357 extern gss_i_name_compatibility_mode_t gss_i_name_compatibility_mode;
358 
359 #endif /* GLOBUS_I_GSI_GSS_UTILS_H */
int globus_bool_t
Boolean type.
Definition: globus_types.h:93
struct globus_l_gsi_cred_handle_s * globus_gsi_cred_handle_t
Definition: globus_gsi_credential.h:162
GSS API OpenSSL.
Mutex.
Definition: globus_thread.h:107
uint32_t globus_result_t
Definition: globus_types.h:99
struct globus_l_gsi_callback_data_s * globus_gsi_callback_data_t
Definition: globus_gsi_callback.h:121