Grid Community Toolkit  6.2.1653033972 (tag: v6.2.20220524)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
myproxy_server.h
1 /*
2  * myproxy_server.h
3  *
4  * Myproxy server header file
5  */
6 #ifndef __MYPROXY_SERVER_H
7 #define __MYPROXY_SERVER_H
8 
9 #define MYPROXY_SERVER_POLICY_TYPE_FQAN "FQAN:"
10 #define MYPROXY_SERVER_POLICY_TYPE_SUBJECT "SUBJECT:"
11 
12 extern int errno;
13 
14 typedef struct myproxy_usage_s {
15  int pam_used;
16  int sasl_used;
17  int cred_pphrase_used;
18  int trusted_retr;
19  int certauthz_used;
20  int pubcookie_used;
21  int ca_used;
22  int credentials_exist;
23  int trustroots_sent;
24  char client_ip[256];
25 } myproxy_usage_t;
26 
27 
28 typedef struct myproxy_server_context_s
29 {
30  char *my_name; /* My name for logging and such */
31  int run_as_daemon; /* Run as a daemon? */
32  char *config_file; /* configuration file */
33  char *pidfile; /* pid file */
34  char *portfile; /* port file */
35  char *passphrase_policy_pgm; /* external program for password check */
36  char **accepted_credential_dns; /* List of creds that can be stored */
37  char **authorized_retriever_dns; /* List of DNs we'll delegate to */
38  char **default_retriever_dns; /* List of DNs we'll delegate to */
39  char **trusted_retriever_dns; /* DNs we'll delegate to w/o passwd */
40  char **default_trusted_retriever_dns; /* DNs we'll delegate to w/o pass */
41  char **authorized_renewer_dns; /* List of DNs that can renew creds */
42  char **default_renewer_dns; /* List of DNs that can renew creds */
43  char **authorized_key_retrievers_dns; /* List of DNs that can retrieve keys */
44  char **default_key_retrievers_dns; /* List of DNs that can retrieve keys */
45  int max_proxy_lifetime; /* Max life (in seconds) of retrieved creds */
46  int max_cred_lifetime; /* Max life (in seconds) of stored creds */
47  char *cert_dir; /* Trusted certificate directory to send */
48  char *pam_policy; /* How we depend on PAM for passwd auth */
49  char *pam_id; /* Application name we present to PAM */
50  char *sasl_policy; /* SASL required, sufficient, disabled */
51  char *certificate_issuer_program; /* CA callout external program */
52  char *certificate_issuer_cert; /* CA certificate */
53  char *certificate_issuer_key; /* CA signing key */
54  const void *certificate_hashalg; /* hash algorithm for issued EECs (EVP_MD *)*/
55  char *certificate_request_checker; /* callout for checking certreqs */
56  char *certificate_issuer_checker; /* callout for checking issued certs */
57  char *certificate_openssl_engine_id; /* Which OpenSSL engine to use */
58  char *certificate_openssl_engine_lockfile; /* synchronize engine calls */
59  char **certificate_openssl_engine_pre; /* Which 'pre' commands to use */
60  char **certificate_openssl_engine_post;/* Which 'post' commands to use */
61  char *certificate_issuer_key_passphrase; /* CA signing key passphrase */
62  char *certificate_issuer_subca_certfile; /* Sub-CA certs to be sent with CA-GET */
63  char *certificate_issuer_email_domain; /* CA email domain for alt name */
64  char *certificate_extfile; /* CA extension file */
65  char *certificate_extapp; /* CA extension call-out */
66  char *certificate_mapfile; /* CA gridmap file if not the default */
67  char *certificate_mapapp; /* gridmap call-out */
68  int max_cert_lifetime; /* like proxy_lifetime for the CA */
69  int min_keylen; /* minimum keylength for the CA */
70  char *certificate_serialfile; /* path to serialnumber file for CA */
71  int certificate_serial_skip; /* CA serial number increment */
72  char *certificate_out_dir; /* path to certificate directory */
73  char *ca_ldap_server; /* URL to CA ldap user DN server */
74  char *ca_ldap_uid_attribute; /* Username attribute name */
75  char *ca_ldap_searchbase; /* Search base DN for ldap query */
76  char *ca_ldap_connect_dn; /* Optional connect-as ldap DN */
77  char *ca_ldap_connect_passphrase; /* Optional connect-as ldap passphrase */
78  char *ca_ldap_dn_attribute; /* Opt - pull dn from record attr */
79  int ca_ldap_start_tls; /* Optional LDAP StartTLS */
80  char *accepted_credentials_mapfile; /* Force username/userDN gridmap lookup */
81  char *accepted_credentials_mapapp;/* gridmap call-out */
82  int check_multiple_credentials; /* Check multiple creds for U/P match */
83  char *syslog_ident; /* Identity for logging to syslog */
84  int syslog_facility; /* syslog facility */
85  int limited_proxy; /* Should we delegate a limited proxy? */
86  int request_timeout; /* Timeout for child processes */
87  int request_size_limit; /* Size limit for incoming requests */
88  int allow_self_authz; /* Allow client subject to match cert? */
89  char *proxy_extfile; /* Extensions for issued proxies */
90  char *proxy_extapp; /* proxy extension call-out */
91  int obsolete1; /* Obsolete: was disable_usage_stats */
92  char *obsolete2; /* Obsolete: was usage_stats_target */
93  myproxy_usage_t usage;
94  int allow_voms_attribute_requests;/* Support VONAME/VOMSES in requests? */
95  char *voms_userconf; /* VOMS confuration file */
96 } myproxy_server_context_t;
97 
98 typedef struct myproxy_server_peer_t {
99  char name[1024]; /* shouldn't be allocated dynamicaly? */
100  char **fqans;
101 } myproxy_server_peer_t;
102 
103 
104 /**********************************************************************
105  *
106  * Routines from myproxy_server_config.c
107  *
108  */
109 
110 /*
111  * myproxy_server_config_read()
112  *
113  * Read the configuration file as indicated in the context, parse
114  * it and store the results in the context.
115  *
116  * Returns 0 on success, -1 on error setting verror.
117  */
118 int myproxy_server_config_read(myproxy_server_context_t *context);
119 
120 /*
121  * myproxy_server_clear_context()
122  *
123  * Re-initialize the myproxy_server_context_t structure,
124  * deallocating memory as needed.
125  */
126 void myproxy_server_clear_context(myproxy_server_context_t *context);
127 
128 /*
129  * myproxy_server_check_policy_list()
130  *
131  * Check to see if the given client matches an entry the dn_list.
132  *
133  * Returns 1 if match found, 0 if no match found,
134  * -1 on error, setting verror.
135  */
136 int myproxy_server_check_policy_list(const char **dn_list,
137  const char *client_name);
138 
139 /*
140  * myproxy_server_check_policy_list_ext()
141  *
142  * Same as myproxy_server_check_policy_list() but receives more detailed
143  * client description.
144  */
145 int myproxy_server_check_policy_list_ext(const char **dn_list,
146  myproxy_server_peer_t *client);
147 
148 /*
149  * myproxy_server_check_policy()
150  *
151  * Check to see if the given client matches the dn_regex.
152  *
153  * Returns 1 if match found, 0 if no match found,
154  * -1 on error, setting verror.
155  */
156 int myproxy_server_check_policy(const char *dn_regex,
157  const char *client);
158 
159 /*
160  * myproxy_server_check_policy_ext()
161  *
162  * Same as myproxy_server_check_policy() but receives more detailed client
163  * description.
164  */
165 int myproxy_server_check_policy_ext(const char *dn_regex,
166  myproxy_server_peer_t *client);
167 #endif /* !__MYPROXY_SERVER_H */