/usr/include/globus/myproxy_server.h is in libmyproxy-dev 5.9-6.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 | /*
* myproxy_server.h
*
* Myproxy server header file
*/
#ifndef __MYPROXY_SERVER_H
#define __MYPROXY_SERVER_H
#define MYPROXY_SERVER_POLICY_TYPE_FQAN "FQAN:"
#define MYPROXY_SERVER_POLICY_TYPE_SUBJECT "SUBJECT:"
extern int errno;
typedef struct myproxy_usage_s {
int pam_used;
int sasl_used;
int cred_pphrase_used;
int trusted_retr;
int certauthz_used;
int pubcookie_used;
int ca_used;
int credentials_exist;
int trustroots_sent;
char client_ip[256];
} myproxy_usage_t;
typedef struct myproxy_server_context_s
{
char *my_name; /* My name for logging and such */
int run_as_daemon; /* Run as a daemon? */
char *config_file; /* configuration file */
char *pidfile; /* pid file */
char *portfile; /* port file */
char *passphrase_policy_pgm; /* external program for password check */
char **accepted_credential_dns; /* List of creds that can be stored */
char **authorized_retriever_dns; /* List of DNs we'll delegate to */
char **default_retriever_dns; /* List of DNs we'll delegate to */
char **trusted_retriever_dns; /* DNs we'll delegate to w/o passwd */
char **default_trusted_retriever_dns; /* DNs we'll delegate to w/o pass */
char **authorized_renewer_dns; /* List of DNs that can renew creds */
char **default_renewer_dns; /* List of DNs that can renew creds */
char **authorized_key_retrievers_dns; /* List of DNs that can retrieve keys */
char **default_key_retrievers_dns; /* List of DNs that can retrieve keys */
int max_proxy_lifetime; /* Max life (in seconds) of retrieved creds */
int max_cred_lifetime; /* Max life (in seconds) of stored creds */
char *cert_dir; /* Trusted certificate directory to send */
char *pam_policy; /* How we depend on PAM for passwd auth */
char *pam_id; /* Application name we present to PAM */
char *sasl_policy; /* SASL required, sufficient, disabled */
char *certificate_issuer_program; /* CA callout external program */
char *certificate_issuer_cert; /* CA certificate */
char *certificate_issuer_key; /* CA signing key */
const void *certificate_hashalg; /* hash algorithm for issued EECs (EVP_MD *)*/
char *certificate_request_checker; /* callout for checking certreqs */
char *certificate_issuer_checker; /* callout for checking issued certs */
char *certificate_openssl_engine_id; /* Which OpenSSL engine to use */
char *certificate_openssl_engine_lockfile; /* synchronize engine calls */
char **certificate_openssl_engine_pre; /* Which 'pre' commands to use */
char **certificate_openssl_engine_post;/* Which 'post' commands to use */
char *certificate_issuer_key_passphrase; /* CA signing key passphrase */
char *certificate_issuer_subca_certfile; /* Sub-CA certs to be sent with CA-GET */
char *certificate_issuer_email_domain; /* CA email domain for alt name */
char *certificate_extfile; /* CA extension file */
char *certificate_extapp; /* CA extension call-out */
char *certificate_mapfile; /* CA gridmap file if not the default */
char *certificate_mapapp; /* gridmap call-out */
int max_cert_lifetime; /* like proxy_lifetime for the CA */
int min_keylen; /* minimum keylength for the CA */
char *certificate_serialfile; /* path to serialnumber file for CA */
int certificate_serial_skip; /* CA serial number increment */
char *certificate_out_dir; /* path to certificate directory */
char *ca_ldap_server; /* URL to CA ldap user DN server */
char *ca_ldap_uid_attribute; /* Username attribute name */
char *ca_ldap_searchbase; /* Search base DN for ldap query */
char *ca_ldap_connect_dn; /* Optional connect-as ldap DN */
char *ca_ldap_connect_passphrase; /* Optional connect-as ldap passphrase */
char *ca_ldap_dn_attribute; /* Opt - pull dn from record attr */
int ca_ldap_start_tls; /* Optional LDAP StartTLS */
char *pubcookie_cert; /* Pubcookie login server certificate */
char *pubcookie_key; /* Pubcookie application server key */
char *accepted_credentials_mapfile; /* Force username/userDN gridmap lookup */
char *accepted_credentials_mapapp;/* gridmap call-out */
int check_multiple_credentials; /* Check multiple creds for U/P match */
char *syslog_ident; /* Identity for logging to syslog */
int syslog_facility; /* syslog facility */
int limited_proxy; /* Should we delegate a limited proxy? */
int request_timeout; /* Timeout for child processes */
int request_size_limit; /* Size limit for incoming requests */
int allow_self_authz; /* Allow client subject to match cert? */
char *proxy_extfile; /* Extensions for issued proxies */
char *proxy_extapp; /* proxy extension call-out */
int disable_usage_stats; /* 0 if default usage metrics reporting OK */
char *usage_stats_target; /* Usage Statistics target string */
myproxy_usage_t usage;
#ifdef HAVE_VOMS
int allow_voms_attribute_requests;/* Support VONAME/VOMSES in requests? */
char *voms_userconf; /* VOMS confuration file */
#endif
} myproxy_server_context_t;
typedef struct myproxy_server_peer_t {
char name[1024]; /* shouldn't be allocated dynamicaly? */
char **fqans;
} myproxy_server_peer_t;
/**********************************************************************
*
* Routines from myproxy_server_config.c
*
*/
/*
* myproxy_server_config_read()
*
* Read the configuration file as indicated in the context, parse
* it and store the results in the context.
*
* Returns 0 on success, -1 on error setting verror.
*/
int myproxy_server_config_read(myproxy_server_context_t *context);
/*
* myproxy_server_clear_context()
*
* Re-initialize the myproxy_server_context_t structure,
* deallocating memory as needed.
*/
void myproxy_server_clear_context(myproxy_server_context_t *context);
/*
* myproxy_server_check_policy_list()
*
* Check to see if the given client matches an entry the dn_list.
*
* Returns 1 if match found, 0 if no match found,
* -1 on error, setting verror.
*/
int myproxy_server_check_policy_list(const char **dn_list,
const char *client_name);
/*
* myproxy_server_check_policy_list_ext()
*
* Same as myproxy_server_check_policy_list() but receives more detailed
* client description.
*/
int myproxy_server_check_policy_list_ext(const char **dn_list,
myproxy_server_peer_t *client);
/*
* myproxy_server_check_policy()
*
* Check to see if the given client matches the dn_regex.
*
* Returns 1 if match found, 0 if no match found,
* -1 on error, setting verror.
*/
int myproxy_server_check_policy(const char *dn_regex,
const char *client);
/*
* myproxy_server_check_policy_ext()
*
* Same as myproxy_server_check_policy() but receives more detailed client
* description.
*/
int myproxy_server_check_policy_ext(const char *dn_regex,
myproxy_server_peer_t *client);
#endif /* !__MYPROXY_SERVER_H */
|