/usr/include/lcmaps/lcmaps_basic.h is in lcmaps-basic-interface 1.6.1-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 | /*
* Copyright (c) Members of the EGEE Collaboration. 2004-2010.
* See http://www.eu-egee.org/partners/ for details on the copyright
* holders.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
/**
\defgroup LcmapsBasicInterface LCMAPS basic interfaces
\brief This interface returns the uid, gids and poolindex, i.e. leaseid,
using LCMAPS and takes the user credential in PEM format as input
The interface function is declared as a type, since the function is not
pre-defined when using dlopen().
-# lcmaps_return_account_from_pem_t: interface function type
\ingroup LcmapsInterface
*/
/**
\file lcmaps_basic.h
\brief Basic interface of the LCMAPS library.
\author Martijn Steenbakkers for the EU DataGrid.
\author Oscar Koeroo for the EGEE project.
This header contains the declarations of the LCMAPS library functions:
-# lcmaps_init():
To initialize the LCMAPS module
-# lcmaps_init_and_log():
To initialize the LCMAPS module and select logging type
-# lcmaps_init_and_logfile():
To initialize the LCMAPS module, select logging type and set logfile
-# lcmaps_run_without_credentials_and_return_username():
To do the user mapping, without credentials and return the user name
-# lcmaps_run_with_fqans_mapcounter_and_return_account()
To do the user mapping, based on DN+FQANs+mapcounter and return the account information
-# lcmaps_run_with_fqans_and_return_account()
To do the user mapping, based on DN+FQANs and return the account information
-# lcmaps_term():
To cleanly terminate the module
\ingroup LcmapsBasicInterface
*/
#ifndef LCMAPS_BASIC_H
#define LCMAPS_BASIC_H
/******************************************************************************
Include header files
******************************************************************************/
#include <stdio.h>
#include "lcmaps_version.h"
#include "lcmaps_types.h"
#include "lcmaps_if.h"
/******************************************************************************
* Module definition
*****************************************************************************/
/*!
\brief Initialize the LCMAPS module.
The function does the following:
- initialize LCMAPS module.
- setup logging, error handling (not yet).
- start PluginManager
\param fp file handle for logging (from gatekeeper or other previously opened file handle)
If the file handle is zero, assume that only syslogging is requested
\retval 0 initialization succeeded.
\retval 1 initialization failed.
*/
typedef int lcmaps_init_t(
FILE* fp
);
/*!
\brief Initialize the LCMAPS module and select logging type
The function does the following:
- initialize LCMAPS module.
- setup logging, error handling (not yet).
- start PluginManager
\param fp file handle for logging (from gatekeeper or other previously opened file handle)
If the file handle is zero, assume that only syslogging is requested
\param logtype type of logging (usrlog and/or syslog)
\retval 0 initialization succeeded.
\retval 1 initialization failed.
*/
typedef int lcmaps_init_and_log_t(
FILE* fp,
unsigned short logtype
);
/*!
\brief Initialize the LCMAPS module, select logging type and set logfile
The function does the following:
- initialize LCMAPS module.
- Setup logging by providing a file handle or file name, error handling (not yet).
- start PluginManager
\param logfile name of logfile
\param fp file handle for logging (from gatekeeper or other previously opened file handle)
If the file handle is zero, assume that only syslogging is requested
\param logtype type of logging (usrlog and/or syslog)
\retval 0 initialization succeeded.
\retval 1 initialization failed.
*/
typedef int lcmaps_init_and_logfile_t(
char * logfile,
FILE* fp,
unsigned short logtype
);
/*!
\brief Terminate the LCMAPS module.
The function does the following:
- terminate the LCMAPS module
- terminate the plugins
\retval 0 termination succeeded.
\retval 1 termination failed.
*/
typedef int lcmaps_term_t(void);
/*!
\brief do the user mapping using only the user DN and return the username
Based on the only the user DN do the following:
Do the user mapping based on the provided list of policies (first successful
policy found in the lcmaps policy file (lcmaps.db) will result in the user
mapping) and return user name.
This interface can be used to provide the legacy
\b globus_gss_assist_gridmap()
interface.
\param user_dn_tmp user DN
\param request authorization request as an RSL string
\param usernamep pointer to user name (to be freed by calling application).
Note: usernamep should be non-NULL at the start !
\param npols number of policies to be considered for evaluation
\param policynames the names of the policies to be considered for evaluation
\retval 0 mapping succeeded.
\retval 1 mapping failed.
*/
typedef int lcmaps_run_without_credentials_and_return_username_t(
char * user_dn_tmp,
lcmaps_request_t request,
char ** usernamep,
int npols,
char ** policynames
);
/*!
\brief let LCMAPS handle the user mapping based on fqans and
return the account information
LCMAPS will run with a list of FQANs and the DN as an input. In addition a
list of policies may be provided.
The allocated uid, gids and the poolindex will be returned to the calling
application.
This interface is intended to be used by a wrapper function for the
\b WorkSpace \b Service (WSS, f.q.a. Dynamic Account Service - DAS).
\param user_dn the DN of the user
\param fqan_list the list of (VOMS) FQANs that have been asserted to the user
\param nfqan the number of FQANs in fqan_list
\param mapcounter the counter which will be added to the poolindex, effectively enabling
multiple account mappings
\param request RSL string
\param npols number of policies to be considered for evaluation
\param policynames the names of the policies to be considered for evaluation
\param puid pointer to the uid found (output parameter)
\param ppgid_list pointer to the list of primary gids found (output parameter)
\param pnpgid pointer to the number of primary gids found (output parameter)
\param psgid_list pointer to the list of secondary gids found (output parameter)
\param pnsgid pointer to the number of secondary gids found (output parameter)
\param poolindexp pointer to poolindex string (output parameter)
\retval 0 mapping succeeded.
\retval 1 mapping failed.
*/
typedef int lcmaps_run_with_fqans_mapcounter_and_return_account_t(
char * user_dn,
char ** fqan_list,
int nfqan,
int mapcounter,
lcmaps_request_t request,
int npols,
char ** policynames,
uid_t * puid,
gid_t ** ppgid_list,
int * pnpgid,
gid_t ** psgid_list,
int * pnsgid,
char ** poolindexp
);
/*!
\brief let LCMAPS handle the user mapping based on fqans and
return the account information
LCMAPS will run with a list of FQANs and the DN as an input. In addition a
list of policies may be provided.
The allocated uid, gids and the poolindex will be returned to the calling
application.
This interface is intended to be used by a wrapper function for the
\b WorkSpace \b Service (WSS, f.q.a. Dynamic Account Service - DAS).
\param user_dn the DN of the user
\param fqan_list the list of (VOMS) FQANs that have been asserted to the user
\param nfqan the number of FQANs in fqan_list
\param request RSL string
\param npols number of policies to be considered for evaluation
\param policynames the names of the policies to be considered for evaluation
\param puid pointer to the uid found (output parameter)
\param ppgid_list pointer to the list of primary gids found (output parameter)
\param pnpgid pointer to the number of primary gids found (output parameter)
\param psgid_list pointer to the list of secondary gids found (output parameter)
\param pnsgid pointer to the number of secondary gids found (output parameter)
\param poolindexp pointer to poolindex string (output parameter)
\retval 0 mapping succeeded.
\retval 1 mapping failed.
*/
typedef int lcmaps_run_with_fqans_and_return_account_t(
char * user_dn,
char ** fqan_list,
int nfqan,
lcmaps_request_t request,
int npols,
char ** policynames,
uid_t * puid,
gid_t ** ppgid_list,
int * pnpgid,
gid_t ** psgid_list,
int * pnsgid,
char ** poolindexp
);
#ifndef LCMAPS_USE_DLOPEN
lcmaps_init_and_logfile_t lcmaps_init_and_logfile;
lcmaps_init_t lcmaps_init;
lcmaps_init_and_log_t lcmaps_init_and_log;
lcmaps_term_t lcmaps_term;
lcmaps_run_without_credentials_and_return_username_t lcmaps_run_without_credentials_and_return_username;
lcmaps_run_with_fqans_mapcounter_and_return_account_t lcmaps_run_with_fqans_mapcounter_and_return_account;
lcmaps_run_with_fqans_and_return_account_t lcmaps_run_with_fqans_and_return_account;
#endif
/*!
\brief Do the mapping based on the user's credential in PEM-string format
LCMAPS runs receiving a proxy credential in a PEM formatted string.
A list of policies may be provided.
The allocated uid, gids and the poolindex will be returned to the calling
application.
This interface is intended to be used by the modified suexec wrapper.
\param user_dn The DN of the user
\param pem_string The PEM-encoded string containing the user proxy
\param mapcounter: The counter which will be added to the poolindex, effectively enabling
multiple account mappings
\param request RSL string
\param npols Number of policies to be considered for evaluation
\param policynames The names of the policies to be considered for evaluation
\param puid Pointer to the uid found (output parameter)
\param ppgid_list Pointer to the list of primary gids found (output parameter)
\param pnpgid Pointer to the number of primary gids found (output parameter)
\param psgid_list Pointer to the list of secondary gids found (output parameter)
\param pnsgid Pointer to the number of secondary gids found (output parameter)
\param poolindexp Pointer to poolindex string (output parameter)
\retval 0 mapping succeeded
\retval 1 mapping failed
*/
typedef int lcmaps_run_with_pem_and_return_account_t(
char * user_dn,
char * pem_string,
int mapcounter,
lcmaps_request_t request,
int npols,
char ** policynames,
uid_t * puid,
gid_t ** ppgid_list,
int * pnpgid,
gid_t ** psgid_list,
int * pnsgid,
char ** poolindexp
);
/*!
\brief Verify the account mapping
LCMAPS verifies the account mapping based on the proxy credential
in a PEM formatted string.
A list of policies may be provided.
This interface is intended to be used by the modified suexec wrapper.
\param user_dn the user DN (input)
\param pem_string: the PEM-encoded string containing the user proxy (input)
\param uid the uid of the account that should be verified (input)
\param pgid_list the list of primary gids of the account that should be verified (input)
\param npgid the number of primary gids of the account that should be verified (input)
\param sgid_list the list of secondary gids of the account that should be verified (input)
\param nsgid the number of secondary gids of the account that should be verified (input)
\param poolindex poolindex string of the account that should be verified (input)
\param request RSL string (input)
\param npols number of policies to be considered for evaluation (input)
\param policynames the names of the policies to be considered for evaluation (input)
\retval 0 verification succeeded
\retval 1 verification failed
*/
typedef int lcmaps_run_and_verify_account_from_pem_t(
char * user_dn,
char * pem_string,
uid_t uid,
gid_t * pgid_list,
int npgid,
gid_t * sgid_list,
int nsgid,
char * poolindex,
lcmaps_request_t request,
int npols,
char ** policynames
);
#ifndef LCMAPS_USE_DLOPEN
lcmaps_run_with_pem_and_return_account_t lcmaps_run_with_pem_and_return_account;
lcmaps_run_and_verify_account_from_pem_t lcmaps_run_and_verify_account_from_pem;
#endif /* LCMAPS_USE_DLOPEN */
/**
\fn lcmaps_disable_voms_attributes_verification
\brief disable the VOMS attribute verification by LCMAPS
\since LCMAPS v1.4?
\ingroup LcmapsBasicInterface
*/
typedef void lcmaps_disable_voms_attributes_verification_t(void);
/**
\brief enable the VOMS attribute verification by LCMAPS (on by default)
\since LCMAPS v1.4?
*/
typedef void lcmaps_enable_voms_attributes_verification_t(void);
/**
\brief test if the VOMS attribute verification by LCMAPS is set.
\since LCMAPS v1.4?
\retval 0 if not set
\retval >0 if set
*/
typedef int lcmaps_is_set_to_verify_voms_attributes_t(void);
#ifndef LCMAPS_USE_DLOPEN
lcmaps_disable_voms_attributes_verification_t lcmaps_disable_voms_attributes_verification;
lcmaps_enable_voms_attributes_verification_t lcmaps_enable_voms_attributes_verification;
lcmaps_is_set_to_verify_voms_attributes_t lcmaps_is_set_to_verify_voms_attributes;
#endif
#endif /* LCMAPS_BASIC_H */
|