Grid Community Toolkit  6.2.1705709074 (tag: v6.2.20240202)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
globus_oldgaa.h
1 /*
2  * Copyright 1999-2006 University of Chicago
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 /* library/globus_oldgaa.h. Generated automatically by configure. */
18 /**********************************************************************
19  globus_oldgaa.h:
20 
21 Description:
22  This header file used internally by the oldgaa routines
23 **********************************************************************/
24 #ifndef OLDGAA_API_H
25 #define OLDGAA_API_H
26 
27 #ifdef WIN32
28 #undef HAVE_SYS_TIME_H
29 #else
30 #ifndef HAVE_SYS_TIME_H
31 #define HAVE_SYS_TIME_H 1
32 #endif
33 #endif
34 
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38 
39 #ifndef NO_GLOBUS_CONFIG_H
40 #include "globus_config.h"
41 #endif
42 #include <stdio.h>
43 #include <stdlib.h>
44 #include <time.h>
45 #include <stdarg.h> /* for va_list */
46 #include <sys/stat.h> /* for time_t solaris ? */
47 #ifdef HAVE_SYS_TIME_H
48 #include <sys/time.h> /* for time_t on linux etc. */
49 #endif
50 
51 /**********************************************************************
52  Define constants
53 **********************************************************************/
54 
55 /* Error number returned if an argument is invalid */
56 
57 #define ERRNO_INVALID_ARGUMENT EINVAL
58 
59 #define OLDGAA_NO_OPTIONS ((oldgaa_options_ptr)0)
60 #define OLDGAA_NO_BUFFER ((oldgaa_buffer_ptr)0)
61 #define OLDGAA_EMPTY_BUFFER {0, NULL}
62 #define OLDGAA_NO_DATA ((oldgaa_data_ptr) 0)
63 
64 #define OLDGAA_NO_SEC_CONTEXT ((oldgaa_sec_context_ptr)0)
65 #define OLDGAA_SEC_ATTRBTS_UNBOUND ((oldgaa_sec_attribute_list_ptr)0)
66 
67 #define OLDGAA_NO_PRINCIPALS ((oldgaa_principals_ptr)0)
68 #define OLDGAA_NO_RIGHTS ((oldgaa_rights_ptr) 0)
69 #define OLDGAA_NO_CONDITIONS ((oldgaa_conditions_ptr)0)
70 #define OLDGAA_NO_COND_BINDINGS ((oldgaa_cond_bindings_ptr)0)
71 #define OLDGAA_NO_UNEVAL_CRED ((oldgaa_uneval_cred_ptr)0)
72 #define OLDGAA_NO_ANSWER ((oldgaa_answer_ptr)0)
73 #define OLDGAA_NO_SEC_ATTRB ((oldgaa_sec_attrb_ptr)0)
74 
75 #define OLDGAA_NO_IDENTITY_CRED ((oldgaa_identity_cred_ptr)0)
76 #define OLDGAA_NO_AUTHORIZATION_CRED ((oldgaa_authr_cred_ptr)0)
77 #define OLDGAA_NO_ATTRIBUTES ((oldgaa_attributes_ptr)0)
78 
79 #define TRUE 1
80 #define FALSE 0
81 
82 #define OLDGAA_NUM_ACCESS_RIGHTS 32
83 #define MAX_COND_LENGTH 200
84 
85 /* Time-related conditions */
86 
87 #define COND_DAY "cond_day"
88 #define COND_TIME "cond_time"
89 #define HOUR_SCALE_24 "hr_scale_24"
90 
91 
92 #define OLDGAA_ANYBODY "access_id_ANYBODY"
93 #define OLDGAA_USER "access_id_USER"
94 #define OLDGAA_GROUP "access_id_GROUP"
95 #define OLDGAA_HOST "access_id_HOST"
96 #define OLDGAA_CA "access_id_CA"
97 #define OLDGAA_APPLICATION "access_id_APPLICATION"
98 
99 /* Miscellaneous conditions */
100 
101 #define COND_SEC_MECH "cond_sec_mech"
102 #define COND_BANNED_SUBJECTS "cond_banned_subjects"
103 
104 /* NUL is the string termination character */
105 #define NUL '\0'
106 
107 
108 /* Globus-specific definitions */
109 
110 #define AUTH_GLOBUS "globus"
111 #define COND_SUBJECTS "cond_subjects"
112 #define GLOBUS_RIGHTS_VALUE "CA:sign"
113 
114 
115 
116 /* Condition flags:
117 
118  Each condition is marked as evaluated or not evaluated, if evaluated
119  marked as met, not met or further evaluation or enforcement is required.
120  This tells application which policies must be enforced.*/
121 
122 #define COND_FLG_EVALUATED 0x01 /* condition has been evaluated */
123 #define COND_FLG_MET 0x10 /* condition has been met */
124 #define COND_FLG_ENFORCE 0x100 /* condition has to be enforced */
125 
126 #define out_of_memory() oldgaa_gl__fout_of_memory(__FILE__, __LINE__);
127 
128 /************************* OLDGAA API data types ****************************/
129 
130 
131 typedef enum {
132 
133  OLDGAA_MAYBE = -1, /* (indicating a need for additional checks) is returned
134  if there are some unevaluated conditions and additional
135  application-specific checks are needed, or continuous
136  evaluation is required. */
137 
138  OLDGAA_YES = 0, /* (indicating authorization) is returned if all requested
139  operations are authorized. */
140  OLDGAA_SUCCESS = 0,
141 
142  OLDGAA_NO = 1, /* (indicating denial of authorization) is returned if at
143  least one operation is not authorized. */
144  OLDGAA_FAILURE,
145  OLDGAA_NO_POLICY,
146  OLDGAA_RETRIEVE_ERROR
147 } oldgaa_error_code;
148 
149 
150 typedef unsigned int uint32;
151 
152 
153 /* Define the implementation-dependent types */
154 
155 typedef struct oldgaa_data_struct oldgaa_data,
156  *oldgaa_data_ptr;
157 struct oldgaa_data_struct {
158  char *str;
159  char *error_str;
160  uint32 error_code;
161 };
162 
163 
164 typedef struct oldgaa_buffer_struct oldgaa_buffer,
165  *oldgaa_buffer_ptr;
166 struct oldgaa_buffer_struct {
167  size_t length;
168  void *value;
169 };
170 
171 typedef struct oldgaa_options_struct oldgaa_options,
172  *oldgaa_options_ptr;
173 
174 struct oldgaa_options_struct {
175  size_t length;
176  char *value;
177 };
178 
179 
180 typedef struct oldgaa_principals_struct oldgaa_principals,
181  *oldgaa_principals_ptr,
182  oldgaa_policy,
183  *oldgaa_policy_ptr;
184 
185 typedef struct oldgaa_rights_struct oldgaa_rights,
186  *oldgaa_rights_ptr;
187 
188 
189 typedef struct oldgaa_cond_bindings_struct oldgaa_cond_bindings,
190  *oldgaa_cond_bindings_ptr;
191 
192 
193 typedef struct oldgaa_conditions_struct oldgaa_conditions,
194  *oldgaa_conditions_ptr;
195 
196 
197 
198 struct oldgaa_principals_struct {
199  char* type;
200  char* authority;
201  char* value;
202  oldgaa_rights_ptr rights;
203  oldgaa_principals_ptr next;
204 };
205 
206 
207 struct oldgaa_rights_struct {
208  char* type;
209  char* authority;
210  char* value;
211  oldgaa_cond_bindings_ptr cond_bindings;
212  oldgaa_rights_ptr next;
213  int reference_count;
214 };
215 
216 
217 struct oldgaa_cond_bindings_struct {
218  oldgaa_conditions_ptr condition;
219  oldgaa_cond_bindings_ptr next;
220  int reference_count;
221 };
222 
223 
224 struct oldgaa_conditions_struct {
225  char* type;
226  char* authority;
227  char* value;
228  uint32 status;
229  oldgaa_conditions_ptr next;
230  int reference_count;
231 };
232 
233 
234 
235 
236 typedef struct oldgaa_sec_attrb_struct oldgaa_sec_attrb,
237  *oldgaa_sec_attrb_ptr;
238 struct oldgaa_sec_attrb_struct {
239  char* type;
240  char* authority;
241  char* value;
242  oldgaa_sec_attrb_ptr next;
243 };
244 
245 
246 /******************* OLDGAA API Security Context Structures *******************/
247 
248 /*
249  The oldgaa_sec_context_struct stores information relevant to access control
250  policy, e.g. authentication and authorization credentials presented or used
251  by the peer entity (usually the client of the request), connection state
252  information.
253 
254  The context consists of:
255 
256  1) Identity
257 
258  Verified authentication information, such as principal name for a
259  particular security mechanism.
260 
261  2) Authorized credentials
262  This type of credentials is used to hold delegated credentials and
263  capabilities.
264 
265  3) Group membership
266  This type of credentials specifies that the grantee is a member of
267  only the listed groups.
268 
269  4) Group non-membership
270  This type of credentials specifies that the grantee is NOT a member
271  of the listed groups.
272 
273  5) Attributes
274  This type of credentials contains miscellaneous attributes
275  attached to the grantee, e.g. age of the grantee, grantee's security
276  clearance.
277 
278  6) Unevaluated Credentials
279  Evaluation of the acquired credentials can be deferred till the
280  credential is needed to perform the operation.
281 
282  7) Evaluation and Retrieval Functions for Upcalls
283  These functions are called to evaluate application-specific conditions,
284  to request additional credentials and verify them.
285  The GSS API is an example of how this can be filled in.
286 
287  8) Connection State Information
288  Contains a mechanism-specific representation of per-connection
289  context, some of the data stored here include keyblocks, addresses. */
290 
291 typedef enum {
292  OLDGAA_IDENTITY ,
293  OLDGAA_GROUP_MEMB ,
294  OLDGAA_GROUP_NON_MEMB ,
295  OLDGAA_AUTHORIZED ,
296  OLDGAA_MISCELLANEOUS
297 } oldgaa_cred_type;
298 
299 
300 
301 typedef struct oldgaa_sec_context_struct oldgaa_sec_context,
302  *oldgaa_sec_context_ptr;
303 
304 typedef struct oldgaa_identity_cred_struct oldgaa_identity_cred,
305  *oldgaa_identity_cred_ptr;
306 
307 typedef struct oldgaa_authr_cred_struct oldgaa_authr_cred,
308  *oldgaa_authr_cred_ptr;
309 
310 typedef struct oldgaa_attributes_struct oldgaa_attributes,
311  *oldgaa_attributes_ptr;
312 
313 typedef struct oldgaa_uneval_cred_struct oldgaa_uneval_cred,
314  *oldgaa_uneval_cred_ptr;
315 
316 
317 struct oldgaa_sec_context_struct {
318  oldgaa_identity_cred_ptr identity_cred;
319  oldgaa_authr_cred_ptr authr_cred;
320  oldgaa_identity_cred_ptr group_membership;
321  oldgaa_identity_cred_ptr group_non_membership;
322  oldgaa_attributes_ptr attributes;
323  oldgaa_uneval_cred_ptr unevl_cred;
324  oldgaa_buffer_ptr connection_state;
325 
326  void
327  (*condition_evaluation)(oldgaa_sec_context_ptr, oldgaa_options_ptr,
328  oldgaa_conditions_ptr, ...);
329 
330  void
331  (*pull_cred)(oldgaa_sec_context_ptr, ...);
332 
333  void
334  (*cred_evaluate)(oldgaa_sec_context_ptr, ...);
335  };
336 
337 
338 
339 struct oldgaa_identity_cred_struct {
340  oldgaa_principals_ptr principal;
341  oldgaa_conditions_ptr conditions;
342  oldgaa_buffer_ptr mech_spec_cred;
343  oldgaa_identity_cred_ptr next;
344 };
345 
346 
347 struct oldgaa_authr_cred_struct{
348  oldgaa_principals_ptr grantor;
349  oldgaa_principals_ptr grantee;
350  oldgaa_buffer objects;
351  oldgaa_rights_ptr access_rights;
352  oldgaa_buffer_ptr mech_spec_cred;
353  oldgaa_authr_cred_ptr next;
354 };
355 
356 
357 struct oldgaa_attributes_struct {
358  char* mech_type;
359  char* type;
360  char* value;
361  oldgaa_cond_bindings_ptr conditions;
362  oldgaa_buffer_ptr mech_spec_cred;
363  oldgaa_attributes_ptr next;
364 };
365 
366 
367 struct oldgaa_uneval_cred_struct {
368  oldgaa_cred_type cred_type;
369  oldgaa_principals_ptr grantor;
370  oldgaa_principals_ptr grantee;
371  oldgaa_buffer_ptr mech_spec_cred;
372  void (*cred_verification )(oldgaa_sec_context_ptr, va_list ap);
373  oldgaa_uneval_cred_ptr next;
374 };
375 
376 
377 
378 /********************** OLDGAA API answer data structures *******************/
379 
380 
381 typedef struct oldgaa_time_period_struct oldgaa_time_period,
382  *oldgaa_time_period_ptr;
383 struct oldgaa_time_period_struct{
384  time_t start_time; /* NULL for unconstrained start time */
385  time_t end_time; /* NULL for unconstrained end time */
386 };
387 
388 
389 
390 /* oldgaa_answer_struct contains:
391 
392  o valid_time:
393  Authorization valid time period.
394  The time period during which the authorization is granted is
395  returned as condition to be checked by the application.
396  Expiration time is calculated based on time-related restrictions
397  expressed by the security attributes and restrictions in the
398  authentication, authorization and delegated credentials.
399 
400  o rights:
401 
402  The requested operations are returned marked as granted or denied
403  along with a list of corresponding conditions, if any.
404 
405 
406  */
407 
408 typedef struct oldgaa_answer_struct oldgaa_answer, *oldgaa_answer_ptr;
409 
410 struct oldgaa_answer_struct{
411  oldgaa_time_period_ptr valid_time;
412  oldgaa_rights_ptr rights;
413 };
414 
415 
416 
417 /**********************************************************************
418  Function prototypes
419 **********************************************************************/
420 
421 /* The oldgaa_get_object_policy_infofunction is called to obtain security policy
422  information associated with the protected object.*/
423 
424 oldgaa_error_code
425 oldgaa_get_object_policy_info(uint32* minor_status, /* OUT */
426  oldgaa_data_ptr object, /* IN */
427  oldgaa_data_ptr policy_db, /* IN */
428  oldgaa_policy_ptr(*retrieve)(uint32* minor_status, /* OUT */
429  oldgaa_data_ptr object, /* IN */
430  oldgaa_data_ptr policy_db, ... ), /* IN */
431  oldgaa_policy_ptr* policy /* OUT */, ...);
432 
433 
434 /* The oldgaa_check_authorization function tells the application
435  server whether the requested operation or a set of operations is authorized,
436  or if additional checks are required. */
437 
438 oldgaa_error_code
439 oldgaa_check_authorization
440  (uint32 *minor_status, /* OUT */
441  oldgaa_sec_context_ptr sec_context, /* IN&OUT */
442  oldgaa_policy_ptr policy_handle, /* IN */
443  oldgaa_rights_ptr check_access_rights, /* IN */
444  oldgaa_options_ptr oldgaa_options, /* IN, OPTIONAL */
445  oldgaa_answer_ptr *detailed_answer /* OUT */
446  );
447 
448 
449 /* The oldgaa_inquire_policy_info function allows application to discover
450 access control policies associated with the target object. */
451 
452 oldgaa_error_code
453 oldgaa_inquire_policy_info
454  (uint32 *minor_status, /* OUT */
455  oldgaa_sec_context_ptr sec_context, /* IN&OUT */
456  oldgaa_policy_ptr policy_handle, /* IN */
457  oldgaa_rights_ptr *rights /* OUT */
458  );
459 
460 
461 
462 /************************* Allocation functions *******************************/
463 
464 /* added by SLANG - implemented in source, but never defined in header*/
465 oldgaa_error_code
466 oldgaa_allocate_data (oldgaa_data_ptr* buffer /* IN */);
467 
468 /* added by SLANG - implemented in source, but never defined in header*/
469 oldgaa_error_code
470 oldgaa_allocate_options (oldgaa_options_ptr* buffer_addr /* IN */);
471 
472 /* added by SLANG - implemented in source, but never defined in header*/
473 oldgaa_error_code
474 oldgaa_allocate_sec_attrb (oldgaa_sec_attrb_ptr* buffer_addr /* IN */);
475 
476 oldgaa_error_code
477 oldgaa_allocate_buffer (oldgaa_buffer_ptr* buffer_addr /* IN */);
478 
479 oldgaa_error_code
480 oldgaa_allocate_principals (oldgaa_principals_ptr* buffer_addr);
481 
482 oldgaa_error_code
483 oldgaa_allocate_conditions (oldgaa_conditions_ptr* buffer_addr);
484 
485 oldgaa_error_code
486 oldgaa_allocate_rights (oldgaa_rights_ptr* buffer_addr /* IN */);
487 
488 oldgaa_error_code
489 oldgaa_allocate_cond_bindings (oldgaa_cond_bindings_ptr* buffer_addr /* IN */);
490 
491 oldgaa_error_code
492 oldgaa_allocate_sec_attb_list (oldgaa_sec_attrb_ptr* buffer_addr /* IN */);
493 
494 oldgaa_error_code
495 oldgaa_allocate_sec_context (oldgaa_sec_context_ptr* buffer_addr);
496 
497 oldgaa_error_code
498 oldgaa_allocate_identity_cred(oldgaa_identity_cred_ptr* buffer_addr /* IN&OUT */);
499 
500 oldgaa_error_code
501 oldgaa_allocate_answer(oldgaa_answer_ptr *ptr);
502 
503 oldgaa_sec_context_ptr
504 oldgaa_globus_allocate_sec_context(char *signer);
505 
506 oldgaa_rights_ptr
507 oldgaa_globus_allocate_rights();
508 
509 
510 /************************* Release functions *******************************/
511 
512 oldgaa_error_code
513 oldgaa_release_buffer (uint32 *minor_status,
514  oldgaa_buffer_ptr * buffer);
515 
516 oldgaa_error_code
517 oldgaa_release_buffer_contents (uint32 *minor_status,
518  oldgaa_buffer_ptr buffer);
519 
520 oldgaa_error_code
521 oldgaa_release_sec_context(uint32 *minor_status,
522  oldgaa_sec_context_ptr *sec_context);
523 
524 oldgaa_error_code
525 oldgaa_release_identity_cred (uint32 *minor_status,
526  oldgaa_identity_cred_ptr *identity_cred);
527 
528 oldgaa_error_code
529 oldgaa_release_authr_cred(uint32 *minor_status,
530  oldgaa_authr_cred_ptr *authr_cred);
531 
532 oldgaa_error_code
533 oldgaa_release_attributes(uint32 *minor_status,
534  oldgaa_attributes_ptr *attributes);
535 
536 oldgaa_error_code
537 oldgaa_release_options(uint32 *minor_status,
538  oldgaa_options_ptr buffer);
539 oldgaa_error_code
540 oldgaa_release_uneval_cred(uint32 *minor_status,
541  oldgaa_uneval_cred_ptr *uneval_cred);
542 
543 oldgaa_error_code
544 oldgaa_release_principals(uint32 *minor_status,
545  oldgaa_principals_ptr *principals);
546 
547 oldgaa_error_code
548 oldgaa_release_rights(uint32 *minor_status,
549  oldgaa_rights_ptr *rights);
550 
551 oldgaa_error_code
552 oldgaa_release_cond_bindings(uint32 *minor_status,
553  oldgaa_cond_bindings_ptr *cond_bind);
554 
555 oldgaa_error_code
556 oldgaa_release_conditions(uint32 *minor_status,
557  oldgaa_conditions_ptr *conditions);
558 
559 oldgaa_error_code
560 oldgaa_release_answer(uint32 *minor_status,
561  oldgaa_answer_ptr *answer);
562 
563 oldgaa_error_code
564 oldgaa_release_data(uint32 *minor_status,
565  oldgaa_data_ptr buffer);
566 
567 oldgaa_error_code
568 oldgaa_release_sec_attrb(uint32 *minor_status,
569  oldgaa_sec_attrb_ptr *attributes);
570 
571 #ifdef __cplusplus
572 }
573 #endif
574 
575 #endif /* OLDGAA_API_H */
Globus Platform Configuration.