Grid Community Toolkit  6.2.1705709074 (tag: v6.2.20240202)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
myproxy_authorization.h
1 #ifndef __MYPROXY_AUTHORIZATION_H
2 #define __MYPROXY_AUTHORIZATION_H
3 
4 #include "myproxy_creds.h"
5 #include "myproxy_server.h"
6 
7 typedef enum {
8  AUTHORIZETYPE_NULL = 0,
9  AUTHORIZETYPE_PASSWD,
10  AUTHORIZETYPE_CERT, /* uses SHA1 */
11  AUTHORIZETYPE_SASL,
12  AUTHORIZETYPE_CERT256, /* uses SHA256 */
13  AUTHORIZETYPE_NUMMETHODS
14 } author_method_t;
15 
16 typedef enum {
17  AUTHORIZEMETHOD_DISABLED,
18  AUTHORIZEMETHOD_REQUIRED,
19  AUTHORIZEMETHOD_SUFFICIENT
20 } author_status_t;
21 
22 /* client/server authorization data */
23 typedef struct
24 {
25  char *server_data; /* data sent from the server. It can be arbitrary ASCII
26  string ending with '\0'. */
27  char *client_data; /* data created by the client according to server_data */
28  size_t client_data_len;
29  author_method_t method;
30 } authorization_data_t;
31 
32 /* The methods argument should be an array of methods to prompt for,
33  terminated by AUTHORIZETPYE_NULL. */
34 int authorization_init_server (authorization_data_t ***data,
35  author_method_t methods[]);
36 void authorization_data_free (authorization_data_t **data);
37 void authorization_data_free_contents (authorization_data_t *data);
38 
39 char * authorization_get_name(author_method_t method);
40 author_method_t authorization_get_method(char *name);
41 author_status_t authorization_get_status(author_method_t method,
42  struct myproxy_creds *creds,
43  char *client_name,
44  myproxy_server_context_t* config);
45 
46 /*
47  * Fill in author_data with client's response and return pointer into
48  * author_data to data choosen by the client. No new space is allocated for
49  * the returned pointer. This function is called by the server.
50  * authorization_data_t is supposed to be allocated and (partly) filled in by
51  * the server.
52  */
53 authorization_data_t *
54 authorization_store_response(char *,
55  size_t,
56  author_method_t,
57  authorization_data_t **);
58 
59 /*
60  * Search a data for the supplied method in the supplied list. Using the extra
61  * data fill in the response and return a pointer into the list to the data
62  * choosen. No special space is allocated for the return value.
63  * Called by the client.
64  */
65 authorization_data_t *
66 authorization_create_response(authorization_data_t **,
67  author_method_t,
68  void *extra_data,
69  size_t extra_data_len);
70 /*
71  * Verifies that data sent by the client matches the expecting value for the
72  * server's challenge. Returns 1 on success, 0 on failure.
73  */
74 int authorization_check(authorization_data_t *client_auth_data,
75  struct myproxy_creds *creds,
76  char *client_name);
77 
78 int authorization_check_ex(authorization_data_t *client_auth_data,
79  struct myproxy_creds *creds,
80  char *client_name,
81  myproxy_server_context_t *config);
82 
83 #endif /* __MYPROXY_AUTHORIZATION_H */