api/6.2/myproxy__server_8h_source.html

/*

 * myproxy_server.h

 *

 * Myproxy server header file

 */

#ifndef __MYPROXY_SERVER_H

#define __MYPROXY_SERVER_H


#define MYPROXY_SERVER_POLICY_TYPE_FQAN "FQAN:"

#define MYPROXY_SERVER_POLICY_TYPE_SUBJECT "SUBJECT:"


extern int errno;


typedef struct myproxy_usage_s {

    int   pam_used;

    int   sasl_used;

    int   cred_pphrase_used;

    int   trusted_retr;

    int   certauthz_used;

    int   pubcookie_used;

    int   ca_used;

    int   credentials_exist;

    int   trustroots_sent;

    char  client_ip[256];

} myproxy_usage_t;


typedef struct myproxy_server_context_s

{

  char *my_name;                    /* My name for logging and such */

  int run_as_daemon;                /* Run as a daemon? */

  char *config_file;                /* configuration file */

  char *pidfile;            /* pid file */

  char *portfile;           /* port file */

  char *passphrase_policy_pgm;      /* external program for password check */

  char **accepted_credential_dns;   /* List of creds that can be stored */

  char **authorized_retriever_dns;  /* List of DNs we'll delegate to */

  char **default_retriever_dns;     /* List of DNs we'll delegate to */

  char **trusted_retriever_dns;     /* DNs we'll delegate to w/o passwd */

  char **default_trusted_retriever_dns; /* DNs we'll delegate to w/o pass */

  char **authorized_renewer_dns;    /* List of DNs that can renew creds */

  char **default_renewer_dns;       /* List of DNs that can renew creds */

  char **authorized_key_retrievers_dns; /* List of DNs that can retrieve keys */

  char **default_key_retrievers_dns;    /* List of DNs that can retrieve keys */

  int max_proxy_lifetime;       /* Max life (in seconds) of retrieved creds */

  int max_cred_lifetime;        /* Max life (in seconds) of stored creds */

  char *cert_dir;           /* Trusted certificate directory to send */

  char *pam_policy;                 /* How we depend on PAM for passwd auth */

  char *pam_id;                     /* Application name we present to PAM */

  char *sasl_policy;                /* SASL required, sufficient, disabled */

  char *certificate_issuer_program; /* CA callout external program */

  char *certificate_issuer_cert;    /* CA certificate */

  char *certificate_issuer_key;     /* CA signing key */

  const void *certificate_hashalg; /* hash algorithm for issued EECs (EVP_MD *)*/

  char *certificate_request_checker; /* callout for checking certreqs */

  char *certificate_issuer_checker; /* callout for checking issued certs */

  char *certificate_openssl_engine_id;   /* Which OpenSSL engine to use */

  char *certificate_openssl_engine_lockfile; /* synchronize engine calls */

  char **certificate_openssl_engine_pre; /* Which 'pre' commands to use */

  char **certificate_openssl_engine_post;/* Which 'post' commands to use */

  char *certificate_issuer_key_passphrase; /* CA signing key passphrase */

  char *certificate_issuer_subca_certfile; /* Sub-CA certs to be sent with CA-GET */

  char *certificate_issuer_email_domain; /* CA email domain for alt name */

  char *certificate_extfile;        /* CA extension file */

  char *certificate_extapp;         /* CA extension call-out */

  char *certificate_mapfile;        /* CA gridmap file if not the default */

  char *certificate_mapapp;         /* gridmap call-out */

  int   max_cert_lifetime;          /* like proxy_lifetime for the CA */

  int   min_keylen;                 /* minimum keylength for the CA */

  char *certificate_serialfile;     /* path to serialnumber file for CA */

  int   certificate_serial_skip;    /* CA serial number increment */

  char *certificate_out_dir;        /* path to certificate directory */

  char *ca_ldap_server;             /* URL to CA ldap user DN server */

  char *ca_ldap_uid_attribute;      /* Username attribute name */

  char *ca_ldap_searchbase;         /* Search base DN for ldap query */

  char *ca_ldap_connect_dn;         /* Optional connect-as ldap DN */

  char *ca_ldap_connect_passphrase; /* Optional connect-as ldap passphrase */

  char *ca_ldap_dn_attribute;       /* Opt - pull dn from record attr */

  int   ca_ldap_start_tls;          /* Optional LDAP StartTLS */

  char *accepted_credentials_mapfile; /* Force username/userDN gridmap lookup */

  char *accepted_credentials_mapapp;/* gridmap call-out */

  int check_multiple_credentials;   /* Check multiple creds for U/P match */

  char *syslog_ident;               /* Identity for logging to syslog */

  int syslog_facility;              /* syslog facility */

  int limited_proxy;                /* Should we delegate a limited proxy? */

  int request_timeout;              /* Timeout for child processes */

  int request_size_limit;           /* Size limit for incoming requests */

  int allow_self_authz;             /* Allow client subject to match cert? */

  char *proxy_extfile;              /* Extensions for issued proxies */

  char *proxy_extapp;               /* proxy extension call-out */

  int obsolete1;                    /* Obsolete: was disable_usage_stats */

  char *obsolete2;                  /* Obsolete: was usage_stats_target */

  myproxy_usage_t usage;

  int allow_voms_attribute_requests;/* Support VONAME/VOMSES in requests? */

  char *voms_userconf;              /* VOMS confuration file */

} myproxy_server_context_t;


typedef struct myproxy_server_peer_t {

  char name[1024];  /* shouldn't be allocated dynamicaly? */

  char **fqans;

} myproxy_server_peer_t;


/**********************************************************************

 *

 * Routines from myproxy_server_config.c

 *

 */


/*

 * myproxy_server_config_read()

 *

 * Read the configuration file as indicated in the context, parse

 * it and store the results in the context.

 *

 * Returns 0 on success, -1 on error setting verror.

 */

int myproxy_server_config_read(myproxy_server_context_t *context);


/*

 * myproxy_server_clear_context()

 *

 * Re-initialize the myproxy_server_context_t structure,

 * deallocating memory as needed.

 */

void myproxy_server_clear_context(myproxy_server_context_t *context);


/*

 * myproxy_server_check_policy_list()

 *

 * Check to see if the given client matches an entry the dn_list.

 *

 * Returns 1 if match found, 0 if no match found,

 * -1 on error, setting verror.

 */

int myproxy_server_check_policy_list(const char **dn_list,

                     const char *client_name);


/*

 * myproxy_server_check_policy_list_ext()

 *

 * Same as myproxy_server_check_policy_list() but receives more detailed

 * client description.

 */

int myproxy_server_check_policy_list_ext(const char **dn_list,

                     myproxy_server_peer_t *client);


/*

 * myproxy_server_check_policy()

 *

 * Check to see if the given client matches the dn_regex.

 *

 * Returns 1 if match found, 0 if no match found,

 * -1 on error, setting verror.

 */

int myproxy_server_check_policy(const char *dn_regex,

                const char *client);


/*

 * myproxy_server_check_policy_ext()

 *

 * Same as myproxy_server_check_policy() but receives more detailed client

 * description.

 */

int myproxy_server_check_policy_ext(const char *dn_regex,

                    myproxy_server_peer_t *client);

#endif /* !__MYPROXY_SERVER_H */