Grid Community Toolkit  6.2.1705709074 (tag: v6.2.20240202)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
globus_i_xio_gsi.h
1 /*
2  * Copyright 1999-2006 University of Chicago
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef GLOBUS_I_XIO_GSI_H
18 #define GLOBUS_I_XIO_GSI_H
19 
20 #include <assert.h>
21 #include "globus_xio_driver.h"
22 #include "globus_xio_load.h"
23 #include "globus_common.h"
24 #include "globus_xio_gsi.h"
25 #include "gssapi.h"
26 #include "globus_gss_assist.h"
27 #include "globus_error_gssapi.h"
28 
29 #define GLOBUS_XIO_GSI_DRIVER_MODULE GlobusXIOMyModule(gsi)
30 
31 /* create/calculate a token header */
32 
33 #define GlobusLXIOGSICreateHeader(__iovec, __length) \
34  { \
35  *(((unsigned char *) (__iovec).iov_base)) = \
36  (unsigned char) (((__length) >> 24) & 0xff); \
37  *(((unsigned char *) (__iovec).iov_base)+1) = \
38  (unsigned char) (((__length) >> 16) & 0xff); \
39  *(((unsigned char *) (__iovec).iov_base)+2) = \
40  (unsigned char) (((__length) >> 8) & 0xff); \
41  *(((unsigned char *) (__iovec).iov_base)+3) = \
42  (unsigned char) (((__length) ) & 0xff); \
43  }
44 
45 /* get the token length from a wrapped token */
46 
47 #define GlobusLXIOGSIGetTokenLength(__iovec, __length) \
48  { \
49  globus_byte_t * c; \
50  c = (__iovec).iov_base; \
51  (__length) = ((globus_size_t) (*((c)++))) << 24; \
52  (__length) |= ((globus_size_t) (*((c)++))) << 16; \
53  (__length) |= ((globus_size_t) (*((c)++))) << 8; \
54  (__length) |= ((globus_size_t) (*((c)++))); \
55  }
56 
57 
58 /* macro for wrapping gssapi errors */
59 
60 #define GlobusXIOErrorWrapGSSFailed(failed_func, major_status, minor_status) \
61  globus_error_put( \
62  globus_error_wrap_gssapi_error( \
63  GLOBUS_XIO_GSI_DRIVER_MODULE, \
64  (major_status), \
65  (minor_status), \
66  GLOBUS_XIO_GSI_ERROR_WRAP_GSSAPI, \
67  __FILE__, \
68  _xio_name, \
69  __LINE__, \
70  _XIOSL("%s failed."), \
71  (failed_func)))
72 
73 
74 #define GlobusXioGSIErrorBadProtectionLevel() \
75  globus_error_put( \
76  globus_error_construct_error( \
77  GLOBUS_XIO_GSI_DRIVER_MODULE, \
78  GLOBUS_NULL, \
79  GLOBUS_XIO_GSI_ERROR_INVALID_PROTECTION_LEVEL, \
80  __FILE__, \
81  _xio_name, \
82  __LINE__, \
83  _XIOSL("Peer specified lower protection level")))
84 
85 #define GlobusXioGSIErrorTokenTooBig() \
86  globus_error_put( \
87  globus_error_construct_error( \
88  GLOBUS_XIO_GSI_DRIVER_MODULE, \
89  GLOBUS_NULL, \
90  GLOBUS_XIO_GSI_ERROR_TOKEN_TOO_BIG, \
91  __FILE__, \
92  _xio_name, \
93  __LINE__, \
94  _XIOSL("Token size exceeds limit. Usually happens when someone tries to establish a insecure connection with a secure endpoint, e.g. when someone sends plain HTTP to a HTTPS endpoint without first establishing a SSL session.")))
95 
96 #define GlobusXioGSIErrorEmptyTargetName() \
97  globus_error_put( \
98  globus_error_construct_error( \
99  GLOBUS_XIO_GSI_DRIVER_MODULE, \
100  GLOBUS_NULL, \
101  GLOBUS_XIO_GSI_ERROR_EMPTY_TARGET_NAME, \
102  __FILE__, \
103  _xio_name, \
104  __LINE__, \
105  _XIOSL("Identity authorization requested, but no target name set")))
106 
107 #define GlobusXioGSIErrorEmptyHostName() \
108  globus_error_put( \
109  globus_error_construct_error( \
110  GLOBUS_XIO_GSI_DRIVER_MODULE, \
111  GLOBUS_NULL, \
112  GLOBUS_XIO_GSI_ERROR_EMPTY_HOST_NAME, \
113  __FILE__, \
114  _xio_name, \
115  __LINE__, \
116  _XIOSL("Host authorization requested, but no host name set")))
117 
118 #define GlobusXioGSIAuthorizationFailed(_peer_name, _expected_name) \
119  globus_error_put( \
120  globus_error_construct_error( \
121  GLOBUS_XIO_GSI_DRIVER_MODULE, \
122  GLOBUS_NULL, \
123  GLOBUS_XIO_GSI_AUTHORIZATION_FAILED, \
124  __FILE__, \
125  _xio_name, \
126  __LINE__, \
127  _XIOSL("The peer authenticated as %s. Expected the peer " \
128  "to authenticate as %s"), (_peer_name), (_expected_name)))
129 
130 
131 /* XIO debug stuff */
132 
133 GlobusDebugDeclare(GLOBUS_XIO_GSI);
134 
135 #define GLOBUS_XIO_GSI_DEBUG_TRACE 4
136 #define GLOBUS_XIO_GSI_DEBUG_INTERNAL_TRACE 8
137 
138 #define GlobusXIOGSIDebugPrintf(level, message) \
139  GlobusDebugPrintf(GLOBUS_XIO_GSI, level, message)
140 
141 #define GlobusXIOGSIDebugEnter() \
142  GlobusXIOGSIDebugPrintf( \
143  GLOBUS_XIO_GSI_DEBUG_TRACE, \
144  (_XIOSL("[%s] Entering\n"), _xio_name))
145 
146 #define GlobusXIOGSIDebugExit() \
147  GlobusXIOGSIDebugPrintf( \
148  GLOBUS_XIO_GSI_DEBUG_TRACE, \
149  (_XIOSL("[%s] Exiting\n"), _xio_name))
150 
151 #define GlobusXIOGSIDebugExitWithError() \
152  GlobusXIOGSIDebugPrintf( \
153  GLOBUS_XIO_GSI_DEBUG_TRACE, \
154  (_XIOSL("[%s] Exiting with error\n"), _xio_name))
155 
156 #define GlobusXIOGSIDebugInternalEnter() \
157  GlobusXIOGSIDebugPrintf( \
158  GLOBUS_XIO_GSI_DEBUG_INTERNAL_TRACE, \
159  (_XIOSL("[%s] I Entering\n"), _xio_name))
160 
161 #define GlobusXIOGSIDebugInternalExit() \
162  GlobusXIOGSIDebugPrintf( \
163  GLOBUS_XIO_GSI_DEBUG_INTERNAL_TRACE, \
164  (_XIOSL("[%s] I Exiting\n"), _xio_name))
165 
166 #define GlobusXIOGSIDebugInternalExitWithError() \
167  GlobusXIOGSIDebugPrintf( \
168  GLOBUS_XIO_GSI_DEBUG_INTERNAL_TRACE, \
169  (_XIOSL("[%s] I Exiting with error\n"), _xio_name))
170 
171 /*
172  * attribute structure
173  */
174 typedef struct
175 {
176  gss_cred_id_t credential;
177  OM_uint32 req_flags;
178  OM_uint32 time_req;
179  gss_OID mech_type;
180  gss_channel_bindings_t channel_bindings;
181  globus_bool_t wrap_tokens;
182  globus_size_t buffer_size;
183  globus_xio_gsi_protection_level_t prot_level;
184  gss_name_t target_name;
185  globus_bool_t init;
186  globus_xio_gsi_authorization_mode_t authz_mode;
187  char * credentials_dir;
188  unsigned char * alpn_list;
189  size_t alpn_list_len;
190 } globus_l_attr_t;
191 
192 /*
193  * driver handle structure
194  */
195 
196 typedef struct
197 {
198  globus_l_attr_t * attr;
199  OM_uint32 ret_flags;
200  OM_uint32 time_rec;
201  OM_uint32 max_wrap_size;
202  gss_ctx_id_t context;
203  gss_cred_id_t delegated_cred;
204  gss_cred_id_t credential;
205  gss_OID mech_used;
206  gss_name_t peer_name;
207  gss_name_t local_name;
208  size_t write_iovec_count;
209  globus_xio_iovec_t * write_iovec;
210  globus_bool_t frame_writes;
211  size_t write_header_count;
212  unsigned char * write_headers;
213  globus_size_t bytes_written;
214  globus_xio_iovec_t read_iovec[2];
215  unsigned char header[4];
216  unsigned char * read_buffer;
217  globus_size_t bytes_read;
218  globus_xio_iovec_t * user_iovec;
219  size_t user_iovec_count;
220  size_t user_iovec_index;
221  size_t user_iovec_offset;
222  unsigned char * unwrapped_buffer;
223  globus_size_t unwrapped_buffer_length;
224  globus_size_t unwrapped_buffer_offset;
225  globus_size_t bytes_returned;
226  globus_bool_t done;
227  globus_object_t * result_obj;
228  globus_bool_t eof;
229  int connection_id;
230  globus_xio_driver_handle_t xio_driver_handle;
231  char * host_name;
232  gss_cred_id_t *cred_array;
233  size_t cred_array_length;
234 } globus_l_handle_t;
235 
236 /*
237  * Structure used for passing information needed for the init/accept delegation
238  * operations
239  */
240 
241 typedef struct
242 {
243  globus_l_handle_t * xio_handle;
244  void * user_arg;
245  globus_xio_gsi_delegation_init_callback_t
246  init_callback;
247  globus_xio_gsi_delegation_accept_callback_t
248  accept_callback;
249  gss_cred_id_t cred;
250  gss_OID_set restriction_oids;
251  gss_buffer_set_t restriction_buffers;
252  OM_uint32 time_req;
253  OM_uint32 time_rec;
254  globus_xio_iovec_t iovec[2];
255  unsigned char header[4];
256  globus_bool_t done;
257  globus_object_t * result_obj;
258  globus_bool_t reading_header;
259 } globus_l_delegation_handle_t;
260 
261 typedef struct
262 {
263  globus_bool_t done;
264  globus_result_t result;
265  globus_mutex_t mutex;
266  globus_cond_t cond;
267  OM_uint32 * time_rec;
268  gss_cred_id_t * cred;
269 } globus_l_xio_gsi_delegation_arg_t;
270 
271 #endif
272 
globus_bool_t
int globus_bool_t
Boolean type.
Definition: globus_types.h:93
globus_xio_gsi.h
XIO GSI Driver.
globus_xio_gsi_delegation_init_callback_t
void(* globus_xio_gsi_delegation_init_callback_t)(globus_result_t result, void *user_arg)
Definition: globus_xio_gsi.h:379
globus_gss_assist.h
GSS Assist Header.
globus_mutex_t
Mutex.
Definition: globus_thread.h:107
globus_xio_gsi_authorization_mode_t
globus_xio_gsi_authorization_mode_t
Definition: globus_xio_gsi.h:357
globus_cond_t
Condition variable.
Definition: globus_thread.h:124
globus_xio_gsi_protection_level_t
globus_xio_gsi_protection_level_t
Definition: globus_xio_gsi.h:312
globus_size_t
size_t globus_size_t
Standard size of memory objectThe globus_size_t is the size of a memory object. It is identical to si...
Definition: globus_types.h:48
globus_common.h
Headers common to all of Globus.
globus_result_t
uint32_t globus_result_t
Definition: globus_types.h:99
globus_xio_gsi_delegation_accept_callback_t
void(* globus_xio_gsi_delegation_accept_callback_t)(globus_result_t result, gss_cred_id_t delegated_cred, OM_uint32 time_rec, void *user_arg)
Definition: globus_xio_gsi.h:387
Generated by   doxygen 1.8.5