globus_gsi_sysconfig_set_key_permissions_unix(3)
Functions for UNIX platforms
Description
globus_gsi_sysconfig_unix
NAME
globus_gsi_sysconfig_unix - Functions for UNIX platforms
- Functions for UNIX platforms.
SYNOPSIS
Functions
globus_result_t
globus_gsi_sysconfig_set_key_permissions_unix (char
*filename)
UNIX - Set Key Permissions.
globus_result_t
globus_gsi_sysconfig_get_user_id_string_unix (char
**user_id_string)
UNIX - Get User ID.
globus_result_t
globus_gsi_sysconfig_get_username_unix (char
**username)
UNIX - Get Username.
globus_result_t
globus_gsi_sysconfig_get_proc_id_string_unix (char
**proc_id_string)
UNIX - Get Process ID.
globus_result_t
globus_gsi_sysconfig_make_absolute_path_for_filename_unix
(char *filename, char **absolute_path)
UNIX - Make Absolute Path.
globus_result_t
globus_gsi_sysconfig_split_dir_and_filename_unix
(char *full_filename, char **dir_string, char
**filename_string)
UNIX - Split Directory and Filename.
globus_result_t
globus_gsi_sysconfig_get_current_working_dir_unix
(char **working_dir)
UNIX - Get Current Working Directory.
globus_result_t
globus_gsi_sysconfig_get_home_dir_unix (char
**home_dir)
UNIX - Get HOME Directory
Get the HOME
Directory of the current user. Should be the $HOME
environment variable. "
globus_result_t globus_gsi_sysconfig_file_exists_unix
(const char *filename)
UNIX - File Exists.
globus_result_t globus_gsi_sysconfig_dir_exists_unix
(const char *filename)
UNIX - Directory Exists.
globus_result_t
globus_gsi_sysconfig_check_keyfile_unix (const char
*filename)
UNIX - Check File Status for Key.
globus_result_t
globus_gsi_sysconfig_check_keyfile_uid_unix (const
char *filename, uid_t uid)
UNIX - Check File Status for Key.
globus_result_t
globus_gsi_sysconfig_check_certfile_unix (const char
*filename)
UNIX - Check File Status for Cert.
globus_result_t
globus_gsi_sysconfig_check_certfile_uid_unix (const
char *filename, uid_t uid)
UNIX - Check File Status for Cert.
globus_result_t
globus_gsi_sysconfig_get_cert_dir_unix (char
**cert_dir)
UNIX - Get Trusted CA Cert Dir.
globus_result_t
globus_gsi_sysconfig_get_user_cert_filename_unix
(char **user_cert, char **user_key)
UNIX - Get User Certificate and Key Filenames.
globus_result_t
globus_gsi_sysconfig_get_host_cert_filename_unix
(char **host_cert, char **host_key)
UNIX - Get Host Certificate and Key Filenames.
globus_result_t
globus_gsi_sysconfig_get_service_cert_filename_unix
(char *service_name, char **service_cert, char
**service_key)
UNIX - Get Service Certificate and Key Filenames.
globus_result_t
globus_gsi_sysconfig_get_proxy_filename_unix (char
**user_proxy, globus_gsi_proxy_file_type_t
proxy_file_type)
UNIX - Get Proxy Filename.
globus_result_t
globus_gsi_sysconfig_get_signing_policy_filename_unix
(X509_NAME *ca_name, char *cert_dir, char
**signing_policy_filename)
UNIX - Get Signing Policy Filename.
globus_result_t
globus_gsi_sysconfig_get_ca_cert_files_unix (char
*ca_cert_dir, globus_fifo_t *ca_cert_list)
UNIX - Get CA Cert Filenames.
globus_result_t
globus_gsi_sysconfig_remove_all_owned_files_unix
(char *default_filename)
UNIX - Remove all proxies owned by current uid.
globus_result_t
globus_gsi_sysconfig_is_superuser_unix (int
*is_superuser)
UNIX - Check if the current user is root.
globus_result_t
globus_gsi_sysconfig_get_gridmap_filename_unix (char
**filename)
UNIX - Get the path and file name of the grid map file.
globus_result_t
globus_gsi_sysconfig_get_authz_conf_filename_unix
(char **filename)
UNIX - Get the path of authorization callback configuration.
globus_result_t
globus_gsi_sysconfig_get_authz_lib_conf_filename_unix
(char **filename)
UNIX - Get the path and file name of the authorization
callback configuration file.
globus_result_t
globus_gsi_sysconfig_get_gaa_conf_filename_unix (char
**filename)
UNIX - Get the path and file name of the gaa configuration
file.
Detailed Description
Functions for UNIX platforms.
These functions implement the UNIX version of the Globus GSI System Configuration API. They should never be called directly, please use the provided platform independent defines.
Function Documentation
globus_result_t globus_gsi_sysconfig_check_certfile_uid_unix (const char *filename, uid_t uid)
UNIX - Check File Status for Cert. This is a convenience function used to check the status of a certificate file. The desired status is the current user has ownership and read/write permissions, while group and others only have read permissions.
Parameters
filename The name of the
file to check the status of
uid The user id that may be the owner of the file
Returns
GLOBUS_SUCCESS if the status of the file was able to be determined. Otherwise, an error object identifier
globus_result_t globus_gsi_sysconfig_check_certfile_unix (const char *filename)
UNIX - Check File Status for Cert. This is a convenience function used to check the status of a certificate file. The desired status is the current user has ownership and read/write permissions, while group and others only have read permissions.
Parameters
filename The name of the file to check the status of
Returns
GLOBUS_SUCCESS if the status of the file was able to be determined. Otherwise, an error object identifier
globus_result_t globus_gsi_sysconfig_check_keyfile_uid_unix (const char *filename, uid_t uid)
UNIX - Check File Status for Key. This is a convenience function used to check the status of a private key file. The desired status is only the specified user has ownership and read permissions, everyone else should not be able to access it.
Parameters
filename The name of the
file to check the status of
uid The owner of the file to check the status of
Returns
GLOBUS_SUCCESS if the status of the file was able to be determined. Otherwise, an error object identifier
globus_result_t globus_gsi_sysconfig_check_keyfile_unix (const char *filename)
UNIX - Check File Status for Key. This is a convenience function used to check the status of a private key file. The desired status is only the current user has ownership and read permissions, everyone else should not be able to access it.
Parameters
filename The name of the file to check the status of
Returns
GLOBUS_SUCCESS if the status of the file was able to be determined. Otherwise, an error object identifier
globus_result_t globus_gsi_sysconfig_dir_exists_unix (const char * filename)
UNIX - Directory Exists. Check if the directory exists
Parameters
filename The filename of the directory to check for
Returns
GLOBUS_SUCCESS if the directory exists, otherwise an error object identifier.
globus_result_t globus_gsi_sysconfig_file_exists_unix (const char * filename)
UNIX - File Exists. Check if the file exists
Parameters
filename The filename of the file to check for
Returns
GLOBUS_SUCCESS if the file exists and is readable, otherwise an error object identifier
globus_result_t globus_gsi_sysconfig_get_authz_conf_filename_unix (char **filename)
UNIX - Get the path of authorization callback configuration. Get the path and file name of the authorization callback configuration file
Parameters
filename Contains the location of the authorization callback configuration file upon successful return
Returns
GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned
globus_result_t globus_gsi_sysconfig_get_authz_lib_conf_filename_unix (char** filename)
UNIX - Get the path and file name of the authorization callback configuration file. Get the path and file name of the authorization callback configuration file
Parameters
filename Contains the location of the authorization callback configuration file upon successful return
Returns
GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned
globus_result_t globus_gsi_sysconfig_get_ca_cert_files_unix (char *ca_cert_dir, globus_fifo_t * ca_cert_list)
UNIX - Get CA Cert Filenames. Gets a list of trusted CA certificate filenames in a trusted CA certificate directory.
Parameters
ca_cert_dir The trusted
CA certificate directory to get the filenames from
ca_cert_list The resulting list of CA certificate
filenames. This is a a globus list structure.
See also
globus_fifo_t
Returns
GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned
globus_result_t globus_gsi_sysconfig_get_cert_dir_unix (char ** cert_dir)
UNIX - Get Trusted CA Cert Dir. Get the Trusted Certificate Directory containing the trusted Certificate Authority certificates. This directory is determined in the order shown below. Failure in one method results in attempting the next.
|
1. |
X509_CERT_DIR environment variable - if this is set, the trusted certificates will be searched for in that directory. This variable allows the end user to specify the location of trusted certificates. | ||
|
2. |
$HOME/.globus/certificates - If this directory exists, and the previous methods of determining the trusted certs directory failed, this directory will be used. | ||
|
3. |
/etc/grid-security/certificates - This location is intended to be independent of the globus installation ($GLOBUS_LOCATION), and is generally only writeable by the host system administrator. | ||
|
4. |
$GLOBUS_LOCATION/share/certificates |
Parameters
cert_dir The trusted certificates directory
Returns
GLOBUS_SUCCESS if no error occurred, and a sufficient trusted certificates directory was found. Otherwise, an error object identifier returned.
globus_result_t globus_gsi_sysconfig_get_current_working_dir_unix (char **working_dir)
UNIX - Get Current Working
Directory. Get the current working directory on the system.
Parameters
working_dir The current working directory
Returns
GLOBUS_SUCCESS or an error object identifier
globus_result_t globus_gsi_sysconfig_get_gaa_conf_filename_unix (char **filename)
UNIX - Get the path and file
name of the gaa configuration file. Get the path and file
name of the GAA configuration file
Parameters
filename Contains the location of the GAA callback configuration file upon successful return
Returns
GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned
globus_result_t globus_gsi_sysconfig_get_gridmap_filename_unix (char **filename)
UNIX - Get the path and file
name of the grid map file. Get the path and file name of the
grid map file.
Parameters
filename Contains the location of the grid map file upon successful return
Returns
GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned
globus_result_t globus_gsi_sysconfig_get_home_dir_unix (char ** home_dir)
UNIX - Get HOME Directory
Get the HOME Directory of the current user. Should be the
$HOME environment variable.
Parameters
home_dir The home directory of the current user
Returns
GLOBUS_SUCCESS if no error occurred, otherwise an error object is returned.
globus_result_t globus_gsi_sysconfig_get_host_cert_filename_unix (char **host_cert, char ** host_key)
UNIX - Get Host Certificate and Key Filenames. Get the Host Certificate and Key Filenames based on the current user’s environment. The host cert and key are searched for in the following locations (in order):
|
1. |
X509_USER_CERT and X509_USER_KEY environment variables |
|||
|
2. |
$GLOBUS_LOCATION/etc/host[cert|key].pem |
|||
|
3. |
$HOME/.globus/host[cert|key].pem |
Parameters
host_cert pointer to the
host certificate filename
host_key pointer to the host key filename
Returns
GLOBUS_SUCCESS if the host cert and key were found, otherwise an error object identifier is returned
globus_result_t globus_gsi_sysconfig_get_proc_id_string_unix (char **proc_id_string)
UNIX - Get Process ID. Get a
unique string representing the current process. This is just
the pid converted to a string.
Parameters
proc_id_string A unique string representing the process
Returns
GLOBUS_SUCCESS unless an error occurred
globus_result_t globus_gsi_sysconfig_get_proxy_filename_unix (char **user_proxy, globus_gsi_proxy_file_type_t proxy_file_type)
UNIX - Get Proxy Filename. Get the proxy cert filename based on the following search order:
|
1. |
X509_USER_PROXY environment variable - This environment variable is set by the at run time for the specific application. If the proxy_file_type variable is set to GLOBUS_PROXY_OUTPUT (a proxy filename for writing is requested), and the X509_USER_PROXY is set, this will be the resulting value of the user_proxy filename string passed in. If the proxy_file_type is set to GLOBUS_PROXY_INPUT and X509_USER_PROXY is set, but the file it points to does not exist, or has some other readability issues, the function will continue checking using the other methods available. | ||
|
2. |
Check the default location for the proxy file of \/tmp\/x509_u\<user_id\> where \<user id\> is some unique string for that user on the host |
Parameters
user_proxy the proxy
filename of the user
proxy_file_type Switch for determining whether to return
a existing proxy filename or if a filename suitable for
creating a proxy should be returned
Returns
GLOBUS_SUCCESS or an error object identifier
globus_result_t globus_gsi_sysconfig_get_service_cert_filename_unix (char *service_name, char ** service_cert, char ** service_key)
UNIX - Get Service Certificate and Key Filenames. Get the Service Certificate Filename based on the current user’s environment. The host cert and key are searched for in the following locations (in order):
|
1. |
X509_USER_CERT and X509_USER_KEY environment variables | ||
|
2. |
\/etc\/grid-security\/{service_name}\/{service_name}[cert|key].pem | ||
|
3. |
GLOBUS_LOCATION\/etc\/{service_name}\/{service_name}[cert|key].pem So for example, if my service was named: myservice, the location of the certificate would be: GLOBUS_LOCATION\/etc\/myservice\/myservicecert.pem | ||
|
4. |
\<users home\>\/.globus\/{service_name}\/{service_name}[cert|key].pem |
Parameters
service_name The name of
the service which allows us to determine the locations of
cert and key files to look for
service_cert pointer to the host certificate filename
service_key pointer to the host key filename
Returns
GLOBUS_SUCCESS if the service cert and key were found, otherwise an error object identifier
globus_result_t globus_gsi_sysconfig_get_signing_policy_filename_unix(X509_NAME * ca_name, char * cert_dir, char ** signing_policy_filename)
UNIX - Get Signing Policy
Filename. Get the Signing Policy Filename on the current
system, based on the CA’s subject name, and the
trusted certificates directory
Parameters
ca_name The X509 subject
name of the CA to get the signing policy of. The hash of the
CA is generated from this
cert_dir The trusted CA certificates directory,
containing the singing_policy files of the trusted
CA’s.
signing_policy_filename The resulting singing_policy
filename
Returns
GLOBUS_SUCCESS if no error occurred, otherwise an error object ID
globus_result_t globus_gsi_sysconfig_get_user_cert_filename_unix (char **user_cert, char ** user_key)
UNIX - Get User Certificate and Key Filenames. Get the User Certificate Filename based on the current user’s environment. The following locations are searched for cert and key files in order:
|
1. |
environment variables X509_USER_CERT and X509_USER_KEY |
|||
|
2. |
$HOME/.globus/usercert.pem and $HOME/.globus/userkey.pem |
|||
|
3. |
$HOME/.globus/usercred.p12 - this is a PKCS12 credential |
Parameters
user_cert pointer the
filename of the user certificate
user_key pointer to the filename of the user key
Returns
GLOBUS_SUCCESS if the cert and key files were found in one of the possible locations, otherwise an error object identifier is returned
globus_result_t globus_gsi_sysconfig_get_user_id_string_unix (char **user_id_string)
UNIX - Get User ID. Get a unique
string representing the current user. This is just the uid
converted to a string.
Parameters
user_id_string A unique string representing the user
Returns
GLOBUS_SUCCESS unless an error occurred
globus_result_t globus_gsi_sysconfig_get_username_unix (char ** username)
UNIX - Get Username. Get the
username of the current user.
Parameters
username This parameter will contain the current user name upon a successful return. It is the users responsibility to free memory allocated for this return value.
Returns
GLOBUS_SUCCESS unless an error occurred
globus_result_t globus_gsi_sysconfig_is_superuser_unix (int * is_superuser)
UNIX - Check if the current user
is root. Checks whether the current user is root.
Parameters
is_superuser 1 if the user is the superuser 0 if not
Returns
GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned
globus_result_t globus_gsi_sysconfig_make_absolute_path_for_filename_unix(char * filename, char ** absolute_path)
UNIX - Make Absolute Path. Make
the filename into an absolute path string based on the
current working directory.
Parameters
filename the filename to get the absolute path of.
absolute_path The resulting absolute path. This needs to be freed when no longer needed.
Returns
GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned
globus_result_t globus_gsi_sysconfig_remove_all_owned_files_unix (char *default_filename)
UNIX - Remove all proxies owned
by current uid. Removes all proxies (ie. all delegated and
grid-proxy-init generated proxies) found in the secure tmp
directory that are owned by the current user.
Parameters
default_filename The filename of the default proxy
Returns
GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned
globus_result_t globus_gsi_sysconfig_set_key_permissions_unix (char *filename)
UNIX - Set Key Permissions. Set
the file permissions of a file to read-write only by the
user which are the permissions that should be set for all
private keys.
Parameters
filename
Returns
GLOBUS_SUCCESS or an error object id
globus_result_t globus_gsi_sysconfig_split_dir_and_filename_unix (char *full_filename, char ** dir_string, char ** filename_string)
UNIX - Split Directory and
Filename. Split the directory and filename portions of a
filename string into two separate strings
Parameters
full_filename The
filename to split. Splits on the last occurrence of
’/’ where the directory is everything before the
last ’/’, and the filename is everything after.
dir_string
The directory portion of the filename string. If no
’/’ is found throughout the string, this
variable points to NULL. This needs to be freed when no
longer needed.
filename_string The filename portion of the filename
string. If no ’/’ is found throughout, this
variable is a duplicate of the full_filename parameter. This
needs to be freed when no longer needed.
Returns
GLOBUS_SUCCESS if no error occurred. Otherwise an error object ID is returned.
Author
Generated automatically by Doxygen for globus_gsi_sysconfig from the source code.