UNIX - Set Key Permissions

globus_result_t globus_gsi_sysconfig_set_key_permissions_unix (char *filename)

UNIX - Get User ID

globus_result_t globus_gsi_sysconfig_get_user_id_string_unix (char **user_id_string)

UNIX - Get Username

globus_result_t globus_gsi_sysconfig_get_username_unix (char **username)

UNIX - Get Process ID

globus_result_t globus_gsi_sysconfig_get_proc_id_string_unix (char **proc_id_string)

UNIX - Make Absolute Path

globus_result_t globus_gsi_sysconfig_make_absolute_path_for_filename_unix (char *filename, char **absolute_path)

UNIX - Split Directory and Filename

globus_result_t globus_gsi_sysconfig_split_dir_and_filename_unix (char *full_filename, char **dir_string, char **filename_string)

UNIX - Get Current Working Directory

globus_result_t globus_gsi_sysconfig_get_current_working_dir_unix (char **working_dir)

UNIX - Get HOME Directory

globus_result_t globus_gsi_sysconfig_get_home_dir_unix (char **home_dir)

UNIX - File Exists

globus_result_t globus_gsi_sysconfig_file_exists_unix (const char *filename)

UNIX - Directory Exists

globus_result_t globus_gsi_sysconfig_dir_exists_unix (const char *filename)

UNIX - Check File Status for Key

globus_result_t globus_gsi_sysconfig_check_keyfile_unix (const char *filename)

UNIX - Check File Status for Cert

globus_result_t globus_gsi_sysconfig_check_certfile_unix (const char *filename)

UNIX - Get Trusted CA Cert Dir

globus_result_t globus_gsi_sysconfig_get_cert_dir_unix (char **cert_dir)

UNIX - Get User Certificate and Key Filenames

globus_result_t globus_gsi_sysconfig_get_user_cert_filename_unix (char **user_cert, char **user_key)

UNIX - Get Host Certificate and Key Filenames

globus_result_t globus_gsi_sysconfig_get_host_cert_filename_unix (char **host_cert, char **host_key)

UNIX - Get Service Certificate and Key Filenames

globus_result_t globus_gsi_sysconfig_get_service_cert_filename_unix (char *service_name, char **service_cert, char **service_key)

UNIX - Get Proxy Filename

globus_result_t globus_gsi_sysconfig_get_proxy_filename_unix (char **user_proxy, globus_gsi_proxy_file_type_t proxy_file_type)

UNIX - Get Signing Policy Filename

globus_result_t globus_gsi_sysconfig_get_signing_policy_filename_unix (X509_NAME *ca_name, char *cert_dir, char **signing_policy_filename)

UNIX - Get CA Cert Filenames

globus_result_t globus_gsi_sysconfig_get_ca_cert_files_unix (char *ca_cert_dir, globus_fifo_t *ca_cert_list)

UNIX - Remove all proxies owned by current uid

globus_result_t globus_gsi_sysconfig_remove_all_owned_files_unix (char *default_filename)

UNIX - Check if the current user is root

globus_result_t globus_gsi_sysconfig_is_superuser_unix (int *is_superuser)

UNIX - Get the path and file name of the grid map file

globus_result_t globus_gsi_sysconfig_get_gridmap_filename_unix (char **filename)

UNIX - Get the path and file name of the authorization callback configuration file

globus_result_t globus_gsi_sysconfig_get_authz_conf_filename_unix (char **filename)
globus_result_t globus_gsi_sysconfig_get_authz_lib_conf_filename_unix (char **filename)

UNIX - Get the path and file name of the gaa configuration file

globus_result_t globus_gsi_sysconfig_get_gaa_conf_filename_unix (char **filename)

Detailed Description

These functions implement the UNIX version of the Globus GSI System Configuration API.

They should never be called directly, please use the provided platform independent defines.

Function Documentation

globus_result_t globus_gsi_sysconfig_set_key_permissions_unix ( char * filename )

Set the file permissions of a file to read-write only by the user which are the permissions that should be set for all private keys.

Parameters:

filename

Returns:: GLOBUS_SUCCESS or an error object id

globus_result_t globus_gsi_sysconfig_get_user_id_string_unix ( char ** user_id_string )

Get a unique string representing the current user.

This is just the uid converted to a string.

Parameters:

user_id_string A unique string representing the user

Returns:: GLOBUS_SUCCESS unless an error occurred

globus_result_t globus_gsi_sysconfig_get_username_unix ( char ** username )

Get the username of the current user.

Parameters:

username This parameter will contain the current user name upon a successful return. It is the users responsibility to free memory allocated for this return value.

Returns:: GLOBUS_SUCCESS unless an error occurred

globus_result_t globus_gsi_sysconfig_get_proc_id_string_unix ( char ** proc_id_string )

Get a unique string representing the current process.

This is just the pid converted to a string.

Parameters:

proc_id_string A unique string representing the process

Returns:: GLOBUS_SUCCESS unless an error occurred

globus_result_t globus_gsi_sysconfig_make_absolute_path_for_filename_unix	(	char *	filename,
		char **	absolute_path
	)

Make the filename into an absolute path string based on the current working directory.

Parameters:

filename	the filename to get the absolute path of.
absolute_path	The resulting absolute path. This needs to be freed when no longer needed.

Returns:: GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned

globus_result_t globus_gsi_sysconfig_split_dir_and_filename_unix	(	char *	full_filename,
		char **	dir_string,
		char **	filename_string
	)

Split the directory and filename portions of a filename string into two separate strings.

Parameters:

full_filename	The filename to split. Splits on the last occurrance of '/' where the directory is everything before the last '/', and the filename is everything after.
dir_string	The directory portion of the filename string. If no '/' is found throughout the string, this variable points to NULL. This needs to be freed when no longer needed.
filename_string	The filename portion of the filename string. If no '/' is found throughout, this variable is a duplicate of the full_filename parameter. This needs to be freed when no longer needed.

Returns:: GLOBUS_SUCCESS if no error occurred. Otherwise an error object ID is returned.

globus_result_t globus_gsi_sysconfig_get_current_working_dir_unix ( char ** working_dir )

Get the current working directory on the system.

Parameters:

working_dir The current working directory

Returns:: GLOBUS_SUCCESS or an error object identifier

globus_result_t globus_gsi_sysconfig_get_home_dir_unix ( char ** home_dir )

Get the HOME Directory of the current user.

Should be the $HOME environment variable.

Parameters:

home_dir The home directory of the current user

Returns:: GLOBUS_SUCCESS if no error occured, otherwise an error object is returned.

globus_result_t globus_gsi_sysconfig_file_exists_unix ( const char * filename )

Check if the file exists.

Parameters:

filename The filename of the file to check for

Returns:: GLOBUS_SUCCESS if the file exists and is readable, otherwise an error object identifier

globus_result_t globus_gsi_sysconfig_dir_exists_unix ( const char * filename )

Check if the directory exists.

Parameters:

filename The filename of the directory to check for

Returns:: GLOBUS_SUCCESS if the directory exists, otherwise an error object identifier.

globus_result_t globus_gsi_sysconfig_check_keyfile_unix ( const char * filename )

This is a convenience function used to check the status of a private key file.

The desired status is only the current user has ownership and read permissions, everyone else should not be able to access it.

Parameters:

filename The name of the file to check the status of

Returns:: GLOBUS_SUCCESS if the status of the file was able to be determined. Otherwise, an error object identifier

globus_result_t globus_gsi_sysconfig_check_certfile_unix ( const char * filename )

This is a convenience function used to check the status of a certificate file.

The desired status is the current user has ownership and read/write permissions, while group and others only have read permissions.

Parameters:

filename The name of the file to check the status of

Returns:: GLOBUS_SUCCESS if the status of the file was able to be determined. Otherwise, an error object identifier

globus_result_t globus_gsi_sysconfig_get_cert_dir_unix ( char ** cert_dir )

Get the Trusted Certificate Directory containing the trusted Certificate Authority certificates.

This directory is determined in the order shown below. Failure in one method results in attempting the next.

X509_CERT_DIR environment variable - if this is set, the trusted certificates will be searched for in that directory. This variable allows the end user to specify the location of trusted certificates.
$HOME/.globus/certificates - If this directory exists, and the previous methods of determining the trusted certs directory failed, this directory will be used.
/etc/grid-security/certificates - This location is intended to be independent of the globus installation ($GLOBUS_LOCATION), and is generally only writeable by the host system administrator.
$GLOBUS_LOCATION/share/certificates

Parameters:

cert_dir The trusted certificates directory

Returns:: GLOBUS_SUCCESS if no error occurred, and a sufficient trusted certificates directory was found. Otherwise, an error object identifier returned.

globus_result_t globus_gsi_sysconfig_get_user_cert_filename_unix	(	char **	user_cert,
		char **	user_key
	)

Get the User Certificate Filename based on the current user's environment.

The following locations are searched for cert and key files in order:

environment variables X509_USER_CERT and X509_USER_KEY
$HOME/.globus/usercert.pem and $HOME/.globus/userkey.pem
$HOME/.globus/usercred.p12 - this is a PKCS12 credential

Parameters:

user_cert	pointer the filename of the user certificate
user_key	pointer to the filename of the user key

Returns:: GLOBUS_SUCCESS if the cert and key files were found in one of the possible locations, otherwise an error object identifier is returned

globus_result_t globus_gsi_sysconfig_get_host_cert_filename_unix	(	char **	host_cert,
		char **	host_key
	)

Get the Host Certificate and Key Filenames based on the current user's environment.

The host cert and key are searched for in the following locations (in order):

X509_USER_CERT and X509_USER_KEY environment variables
registry keys x509_user_cert and x509_user_key in software\Globus\GSI
\<GLOBUS_LOCATION\>\etc\host[cert|key].pem
\<users home directory\>\.globus\host[cert|key].pem

Parameters:

host_cert	pointer to the host certificate filename
host_key	pointer to the host key filename

Returns:: GLOBUS_SUCCESS if the host cert and key were found, otherwise an error object identifier is returned

globus_result_t globus_gsi_sysconfig_get_service_cert_filename_unix	(	char *	service_name,
		char **	service_cert,
		char **	service_key
	)

Get the Service Certificate Filename based on the current user's environment.

The host cert and key are searched for in the following locations (in order):

X509_USER_CERT and X509_USER_KEY environment variables
\/etc\/grid-security\/{service_name}\/{service_name}[cert|key].pem
GLOBUS_LOCATION\/etc\/{service_name}\/{service_name}[cert|key].pem So for example, if my service was named: myservice, the location of the certificate would be: GLOBUS_LOCATION\/etc\/myservice\/myservicecert.pem
\<users home\>\/.globus\/{service_name}\/{service_name}[cert|key].pem

Parameters:

service_name	The name of the service which allows us to determine the locations of cert and key files to look for
service_cert	pointer to the host certificate filename
service_key	pointer to the host key filename

Returns:: GLOBUS_SUCCESS if the service cert and key were found, otherwise an error object identifier

globus_result_t globus_gsi_sysconfig_get_proxy_filename_unix	(	char **	user_proxy,
		globus_gsi_proxy_file_type_t	proxy_file_type
	)

Get the proxy cert filename based on the following search order:

X509_USER_PROXY environment variable - This environment variable is set by the at run time for the specific application. If the proxy_file_type variable is set to GLOBUS_PROXY_OUTPUT (a proxy filename for writing is requested), and the X509_USER_PROXY is set, this will be the resulting value of the user_proxy filename string passed in. If the proxy_file_type is set to GLOBUS_PROXY_INPUT and X509_USER_PROXY is set, but the file it points to does not exist, or has some other readability issues, the function will continue checking using the other methods available.
Check the default location for the proxy file of \/tmp\/x509_u\<user_id\> where \<user id\> is some unique string for that user on the host

Parameters:

user_proxy	the proxy filename of the user
proxy_file_type	Switch for determining whether to return a existing proxy filename or if a filename suitable for creating a proxy should be returned

Returns:: GLOBUS_SUCCESS or an error object identifier

globus_result_t globus_gsi_sysconfig_get_signing_policy_filename_unix	(	X509_NAME *	ca_name,
		char *	cert_dir,
		char **	signing_policy_filename
	)

Get the Signing Policy Filename on the current system, based on the CA's subject name, and the trusted certificates directory.

Parameters:

ca_name	The X509 subject name of the CA to get the signing policy of. The hash of the CA is generated from this
cert_dir	The trusted CA certificates directory, containing the singing_policy files of the trusted CA's.
signing_policy_filename	The resulting singing_policy filename

Returns:: GLOBUS_SUCCESS if no error occurred, otherwise an error object ID

globus_result_t globus_gsi_sysconfig_get_ca_cert_files_unix	(	char *	ca_cert_dir,
		globus_fifo_t *	ca_cert_list
	)

Gets a list of trusted CA certificate filenames in a trusted CA certificate directory.

Parameters:

ca_cert_dir	The trusted CA certificate directory to get the filenames from
ca_cert_list	The resulting list of CA certificate filenames. This is a a globus list structure.

See also:: globus_fifo_t

Returns:: GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned

globus_result_t globus_gsi_sysconfig_remove_all_owned_files_unix ( char * default_filename )

Removes all proxies (ie.

all delegated and grid-proxy-init generated proxies) found in the secure tmp directory that are owned by the current user.

Parameters:

default_filename The filename of the default proxy

Returns:: GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned

globus_result_t globus_gsi_sysconfig_is_superuser_unix ( int * is_superuser )

Checks whether the current user is root.

Parameters:

is_superuser 1 if the user is the superuser 0 if not

Returns:: GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned

globus_result_t globus_gsi_sysconfig_get_gridmap_filename_unix ( char ** filename )

Get the path and file name of the grid map file.

Parameters:

filename Contains the location of the grid map file upon successful return

Returns:: GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned

globus_result_t globus_gsi_sysconfig_get_authz_conf_filename_unix ( char ** filename )

Get the path and file name of the authorization callback configuration file.

Parameters:

filename Contains the location of the authorization callback configuration file upon successful return

Returns:: GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned

globus_result_t globus_gsi_sysconfig_get_authz_lib_conf_filename_unix ( char ** filename )

Get the path and file name of the authorization callback configuration file.

Parameters:

filename Contains the location of the authorization callback configuration file upon successful return

Returns:: GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned

globus_result_t globus_gsi_sysconfig_get_gaa_conf_filename_unix ( char ** filename )

Get the path and file name of the GAA configuration file.

Parameters:

filename Contains the location of the GAA callback configuration file upon successful return

Returns:: GLOBUS_SUCCESS if no error occurred, otherwise an error object ID is returned