globus_xio_gsi_driver(3) | Library Functions Manual | globus_xio_gsi_driver(3) |
NAME¶
globus_xio_gsi_driver - Globus XIO GSI Driver
- Globus XIO GSI Driver.
SYNOPSIS¶
Typedefs¶
typedef void(* globus_xio_gsi_delegation_init_callback_t)
(globus_result_t result, void *user_arg)
typedef void(* globus_xio_gsi_delegation_accept_callback_t)
(globus_result_t result, gss_cred_id_t delegated_cred, OM_uint32 time_rec,
void *user_arg)
Enumerations¶
enum globus_xio_gsi_error_t {
GLOBUS_XIO_GSI_ERROR_INVALID_PROTECTION_LEVEL,
GLOBUS_XIO_GSI_ERROR_WRAP_GSSAPI,
GLOBUS_XIO_GSI_ERROR_EMPTY_TARGET_NAME,
GLOBUS_XIO_GSI_ERROR_EMPTY_HOST_NAME,
GLOBUS_XIO_GSI_AUTHORIZATION_FAILED,
GLOBUS_XIO_GSI_ERROR_TOKEN_TOO_BIG }
enum globus_xio_gsi_cmd_t { GLOBUS_XIO_GSI_SET_CREDENTIAL,
GLOBUS_XIO_GSI_GET_CREDENTIAL,
GLOBUS_XIO_GSI_SET_GSSAPI_REQ_FLAGS,
GLOBUS_XIO_GSI_GET_GSSAPI_REQ_FLAGS,
GLOBUS_XIO_GSI_SET_PROXY_MODE, GLOBUS_XIO_GSI_GET_PROXY_MODE,
GLOBUS_XIO_GSI_SET_AUTHORIZATION_MODE,
GLOBUS_XIO_GSI_GET_AUTHORIZATION_MODE,
GLOBUS_XIO_GSI_SET_DELEGATION_MODE,
GLOBUS_XIO_GSI_GET_DELEGATION_MODE,
GLOBUS_XIO_GSI_SET_SSL_COMPATIBLE, GLOBUS_XIO_GSI_SET_ANON,
GLOBUS_XIO_GSI_SET_WRAP_MODE, GLOBUS_XIO_GSI_GET_WRAP_MODE,
GLOBUS_XIO_GSI_SET_BUFFER_SIZE,
GLOBUS_XIO_GSI_GET_BUFFER_SIZE,
GLOBUS_XIO_GSI_SET_PROTECTION_LEVEL,
GLOBUS_XIO_GSI_GET_PROTECTION_LEVEL,
GLOBUS_XIO_GSI_GET_TARGET_NAME,
GLOBUS_XIO_GSI_SET_TARGET_NAME, GLOBUS_XIO_GSI_GET_CONTEXT,
GLOBUS_XIO_GSI_GET_DELEGATED_CRED,
GLOBUS_XIO_GSI_GET_PEER_NAME, GLOBUS_XIO_GSI_GET_LOCAL_NAME,
GLOBUS_XIO_GSI_INIT_DELEGATION,
GLOBUS_XIO_GSI_REGISTER_INIT_DELEGATION,
GLOBUS_XIO_GSI_ACCEPT_DELEGATION,
GLOBUS_XIO_GSI_REGISTER_ACCEPT_DELEGATION,
GLOBUS_XIO_GSI_FORCE_SERVER_MODE,
GLOBUS_XIO_GSI_SET_ALLOW_MISSING_SIGNING_POLICY,
GLOBUS_XIO_GSI_GET_ALLOW_MISSING_SIGNING_POLICY,
GLOBUS_XIO_GSI_SET_CREDENTIALS_DIR,
GLOBUS_XIO_GSI_SET_APPLICATION_PROTOCOLS }
enum globus_xio_gsi_protection_level_t {
GLOBUS_XIO_GSI_PROTECTION_LEVEL_NONE,
GLOBUS_XIO_GSI_PROTECTION_LEVEL_INTEGRITY,
GLOBUS_XIO_GSI_PROTECTION_LEVEL_PRIVACY }
enum globus_xio_gsi_delegation_mode_t {
GLOBUS_XIO_GSI_DELEGATION_MODE_NONE,
GLOBUS_XIO_GSI_DELEGATION_MODE_LIMITED,
GLOBUS_XIO_GSI_DELEGATION_MODE_FULL }
enum globus_xio_gsi_proxy_mode_t {
GLOBUS_XIO_GSI_PROXY_MODE_FULL,
GLOBUS_XIO_GSI_PROXY_MODE_LIMITED,
GLOBUS_XIO_GSI_PROXY_MODE_MANY }
enum globus_xio_gsi_authorization_mode_t {
GLOBUS_XIO_GSI_NO_AUTHORIZATION,
GLOBUS_XIO_GSI_SELF_AUTHORIZATION,
GLOBUS_XIO_GSI_IDENTITY_AUTHORIZATION,
GLOBUS_XIO_GSI_HOST_AUTHORIZATION }
Functions¶
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_CREDENTIAL, gss_cred_id_t credential)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver,
GLOBUS_XIO_GSI_SET_CREDENTIAL, gss_cred_id_t credential)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_GET_CREDENTIAL, gss_cred_id_t *credential)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver,
GLOBUS_XIO_GSI_GET_CREDENTIAL, gss_cred_id_t *credential)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_GSSAPI_REQ_FLAGS, OM_uint32 req_flags)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_GET_GSSAPI_REQ_FLAGS, OM_uint32 *req_flags)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_PROXY_MODE, globus_xio_gsi_proxy_mode_t
proxy_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_GET_PROXY_MODE, globus_xio_gsi_proxy_mode_t
*proxy_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_AUTHORIZATION_MODE,
globus_xio_gsi_authorization_mode_t authz_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_GET_AUTHORIZATION_MODE,
globus_xio_gsi_authorization_mode_t *authz_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_DELEGATION_MODE,
globus_xio_gsi_delegation_mode_t delegation_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_GET_DELEGATION_MODE,
globus_xio_gsi_delegation_mode_t *delegation_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_SSL_COMPATIBLE, globus_bool_t ssl_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_ANON, globus_bool_t anon_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_WRAP_MODE, globus_bool_t wrap_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_GET_WRAP_MODE, globus_bool_t *wrap_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_BUFFER_SIZE, globus_size_t buffer_size)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_GET_BUFFER_SIZE, globus_size_t *buffer_size)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_PROTECTION_LEVEL,
globus_xio_gsi_protection_level_t protection_level)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_GET_PROTECTION_LEVEL,
globus_xio_gsi_protection_level_t *protection_level)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_GET_TARGET_NAME, gss_name_t *target_name)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_TARGET_NAME, gss_name_t target_name)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver,
GLOBUS_XIO_GSI_GET_CONTEXT, gss_ctx_id_t *context)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver,
GLOBUS_XIO_GSI_GET_DELEGATED_CRED, gss_cred_id_t *credential)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver,
GLOBUS_XIO_GSI_GET_PEER_NAME, gss_name_t *peer_name)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver,
GLOBUS_XIO_GSI_GET_LOCAL_NAME, gss_name_t *local_name)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver,
GLOBUS_XIO_GSI_INIT_DELEGATION, gss_cred_id_t credential, gss_OID_set
restriction_oids, gss_buffer_set_t restriction_buffers, OM_uint32 time_req)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver,
GLOBUS_XIO_GSI_REGISTER_INIT_DELEGATION, gss_cred_id_t credential,
gss_OID_set restriction_oids, gss_buffer_set_t restriction_buffers,
OM_uint32 time_req, globus_xio_gsi_delegation_init_callback_t
callback, void *callback_arg)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver,
GLOBUS_XIO_GSI_ACCEPT_DELEGATION, gss_cred_id_t *credential,
gss_OID_set restriction_oids, gss_buffer_set_t restriction_buffers,
OM_uint32 time_req)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver,
GLOBUS_XIO_GSI_REGISTER_ACCEPT_DELEGATION, gss_OID_set
restriction_oids, gss_buffer_set_t restriction_buffers, OM_uint32 time_req,
globus_xio_gsi_delegation_accept_callback_t callback, void
*callback_arg)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_FORCE_SERVER_MODE, globus_bool_t server_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_ALLOW_MISSING_SIGNING_POLICY, globus_bool_t allow)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_GET_ALLOW_MISSING_SIGNING_POLICY, globus_bool_t
*allow)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_CREDENTIALS_DIR, const char *directory)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver,
GLOBUS_XIO_GSI_SET_CREDENTIALS_DIR, const char *directory)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver,
GLOBUS_XIO_GSI_SET_APPLICATION_PROTOCOLS, char **protocols)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver,
GLOBUS_XIO_GSI_SET_APPLICATION_PROTOCOLS, char **protocols)
Detailed Description¶
Globus XIO GSI Driver.
Opening/Closing¶
An XIO handle with the gsi driver can be created with either globus_xio_handle_create () or globus_xio_server_register_accept ().
If the handle is created with globus_xio_server_register_accept (), the globus_xio_register_open () call will proceed to accept a GSSAPI security context. Upon successful completion of the open (after the open callback has been called) the application may proceed to read or write data associated with the GSI session.
If the handle is created with globus_xio_handle_create (), then the XIO handle will implement the client-side (init) of the GSSAPI call sequence and establish a security context with the accepting side indicated by the contact_string passed to globus_xio_register_open ().
Reading/Writing¶
The GSI driver behaves similar to the underlying transport driver with respect to reads and writes, except for the try-read and try-write operations (ie. waitforbytes ==0) which always return immediately. This is due to the fact that the security layer needs to read and write tokens of a certain minimal size and thus needs to rely on the underlying transport to handle greater than 0 reads/write which is not possible in 'try' mode.
Server¶
globus_xio_server_create() causes a new transport-specific listener socket to be created to handle new GSI connections. globus_xio_server_register_accept() will accept a new connection for processing. globus_xio_server_register_close() cleans up the internal resources associated with the http server and calls close on the listener.
All accepted handles inherit all GSI-specific attributes set in the attr to globus_xio_server_create(), but can be overridden with the attr to globus_xio_register_open(). Furthermore, accepted handles will use the GSSAPI accept security context call unless explicitly overridden during the globus_xio_register_open() call ( GLOBUS_XIO_GSI_FORCE_SERVER_MODE).
Environment Variables¶
The gsi driver uses the following environment variables
- X509_USER_PROXY
- X509_USER_CERT
- X509_USER_KEY
- X509_CERT_DIR
For details see Globus: GSI Environment Variables
Attributes and Cntls¶
GSI driver specific attrs and cntls
See also
globus_xio_handle_cntl ()
Error Types¶
The GSI driver uses mostly GSSAPI calls, so it generally just wraps the underlying GSSAPI errors or uses generic XIO errors.
See also
globus_error_gssapi_match ()
globus_error_match_openssl_error ()
Typedef Documentation¶
typedef void(* globus_xio_gsi_delegation_accept_callback_t) (globus_result_t result, gss_cred_id_t delegated_cred, OM_uint32 time_rec, void *user_arg)¶
Globus XIO GSI init delegation callback
typedef void(* globus_xio_gsi_delegation_init_callback_t) (globus_result_t result, void *user_arg)¶
Globus XIO GSI init delegation callback
Enumeration Type Documentation¶
enum globus_xio_gsi_authorization_mode_t¶
Globus XIO GSI authorization modes
Enumerator
- GLOBUS_XIO_GSI_NO_AUTHORIZATION
- Do not perform any authorization. This will cause a error when used in conjunction with delegation on the init/client side.
- GLOBUS_XIO_GSI_SELF_AUTHORIZATION
- Authorize the peer if the peer has the same identity as ourselves
- GLOBUS_XIO_GSI_IDENTITY_AUTHORIZATION
- Authorize the peer if the peer identity matches the identity set in the target name.
- GLOBUS_XIO_GSI_HOST_AUTHORIZATION
- Authorize the peer if the identity of the peer matches the identity of the peer hostname.
enum globus_xio_gsi_cmd_t¶
GSI driver specific cntls
Enumerator
- GLOBUS_XIO_GSI_SET_CREDENTIAL
- See usage for: globus_xio_gsi_attr_cntl , globus_xio_gsi_handle_cntl
- GLOBUS_XIO_GSI_GET_CREDENTIAL
- See usage for: globus_xio_gsi_attr_cntl , globus_xio_gsi_handle_cntl
- GLOBUS_XIO_GSI_SET_GSSAPI_REQ_FLAGS
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_GET_GSSAPI_REQ_FLAGS
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_SET_PROXY_MODE
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_GET_PROXY_MODE
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_SET_AUTHORIZATION_MODE
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_GET_AUTHORIZATION_MODE
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_SET_DELEGATION_MODE
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_GET_DELEGATION_MODE
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_SET_SSL_COMPATIBLE
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_SET_ANON
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_SET_WRAP_MODE
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_GET_WRAP_MODE
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_SET_BUFFER_SIZE
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_GET_BUFFER_SIZE
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_SET_PROTECTION_LEVEL
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_GET_PROTECTION_LEVEL
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_GET_TARGET_NAME
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_SET_TARGET_NAME
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_GET_CONTEXT
- See usage for: globus_xio_gsi_handle_cntl
- GLOBUS_XIO_GSI_GET_DELEGATED_CRED
- See usage for: globus_xio_gsi_handle_cntl
- GLOBUS_XIO_GSI_GET_PEER_NAME
- See usage for: globus_xio_gsi_handle_cntl
- GLOBUS_XIO_GSI_GET_LOCAL_NAME
- See usage for: globus_xio_gsi_handle_cntl
- GLOBUS_XIO_GSI_INIT_DELEGATION
- See usage for: globus_xio_gsi_handle_cntl
- GLOBUS_XIO_GSI_REGISTER_INIT_DELEGATION
- See usage for: globus_xio_gsi_handle_cntl
- GLOBUS_XIO_GSI_ACCEPT_DELEGATION
- See usage for: globus_xio_gsi_handle_cntl
- GLOBUS_XIO_GSI_REGISTER_ACCEPT_DELEGATION
- See usage for: globus_xio_gsi_handle_cntl
- GLOBUS_XIO_GSI_FORCE_SERVER_MODE
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_SET_ALLOW_MISSING_SIGNING_POLICY
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_GET_ALLOW_MISSING_SIGNING_POLICY
- See usage for: globus_xio_gsi_attr_cntl
- GLOBUS_XIO_GSI_SET_CREDENTIALS_DIR
- See usage for: globus_xio_gsi_attr_cntl , globus_xio_gsi_handle_cntl
- GLOBUS_XIO_GSI_SET_APPLICATION_PROTOCOLS
- See usage for: globus_xio_gsi_attr_cntl , globus_xio_gsi_handle_cntl
enum globus_xio_gsi_delegation_mode_t¶
Globus XIO GSI delegation modes
Enumerator
- GLOBUS_XIO_GSI_DELEGATION_MODE_NONE
- No delegation
- GLOBUS_XIO_GSI_DELEGATION_MODE_LIMITED
- Delegate a limited proxy
- GLOBUS_XIO_GSI_DELEGATION_MODE_FULL
- Delegate a full proxy
enum globus_xio_gsi_error_t¶
GSI driver specific error types
Enumerator
- GLOBUS_XIO_GSI_ERROR_INVALID_PROTECTION_LEVEL
- Indicates that the established context does not meet the required protection level
- GLOBUS_XIO_GSI_ERROR_WRAP_GSSAPI
- Wraps a GSSAPI error
- GLOBUS_XIO_GSI_ERROR_EMPTY_TARGET_NAME
- Indicates that GLOBUS_XIO_GSI_IDENTITY_AUTHORIZATION is set but that the target name is empty
- GLOBUS_XIO_GSI_ERROR_EMPTY_HOST_NAME
- Indicates that GLOBUS_XIO_GSI_HOST_AUTHORIZATION is set but that no host name is available
- GLOBUS_XIO_GSI_AUTHORIZATION_FAILED
- Indicates that the peer is not authorized
- GLOBUS_XIO_GSI_ERROR_TOKEN_TOO_BIG
- Indicates the token being read is too big. Usually happens when someone tries to establish a non secure session with a endpoint that expects security
enum globus_xio_gsi_protection_level_t¶
Globus XIO GSI protection levels
Enumerator
- GLOBUS_XIO_GSI_PROTECTION_LEVEL_NONE
- No security
- GLOBUS_XIO_GSI_PROTECTION_LEVEL_INTEGRITY
- Messages are signed
- GLOBUS_XIO_GSI_PROTECTION_LEVEL_PRIVACY
- Messages are signed and encrypted
enum globus_xio_gsi_proxy_mode_t¶
Globus XIO GSI proxy modes
Enumerator
- GLOBUS_XIO_GSI_PROXY_MODE_FULL
- Accept only full proxies
- GLOBUS_XIO_GSI_PROXY_MODE_LIMITED
- Accept full proxies and limited proxies if they are the only limited proxy in the cert chain.
- GLOBUS_XIO_GSI_PROXY_MODE_MANY
- Accept both full and limited proxies unconditionally
Function Documentation¶
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_FORCE_SERVER_MODE, globus_bool_t server_mode)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Force the server mode setting.
This explicitly sets the directionality of context establishment and delegation.
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_ALLOW_MISSING_SIGNING_POLICY, globus_bool_t * allow)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the allow missing signing policy flag
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_AUTHORIZATION_MODE, globus_xio_gsi_authorization_mode_t * authz_mode)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the authorization mode
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_BUFFER_SIZE, globus_size_t * buffer_size)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the read buffer size
The read buffer is used for buffering wrapped data, is initialized with a default size of 128K and scaled dynamically to always be able to fit whole tokens.
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_CREDENTIAL, gss_cred_id_t * credential)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the credential to be used
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_DELEGATION_MODE, globus_xio_gsi_delegation_mode_t * delegation_mode)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the delegation mode
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_GSSAPI_REQ_FLAGS, OM_uint32 * req_flags)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the GSSAPI req_flags to be used
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_PROTECTION_LEVEL, globus_xio_gsi_protection_level_t * protection_level)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the protection level
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_PROXY_MODE, globus_xio_gsi_proxy_mode_t * proxy_mode)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the proxy mode
Parameters
Note
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_TARGET_NAME, gss_name_t * target_name)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the expected peer name
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_WRAP_MODE, globus_bool_t * wrap_mode)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the wrapping mode
This mode determines whether tokens will be wrapped with a Globus IO style header or not.
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_ALLOW_MISSING_SIGNING_POLICY, globus_bool_t allow)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the allow missing signing policy flag
Parameters
Note
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_ANON, globus_bool_t anon_mode)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Do anonymous authentication
Parameters
Note
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_APPLICATION_PROTOCOLS, char ** protocols)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the list of application protocols to negotiate during TLS handshake. This uses tht TLS ALPN extension.
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_AUTHORIZATION_MODE, globus_xio_gsi_authorization_mode_t authz_mode)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the authorization mode
Parameters
string opt: auth='none'|'self'|'host'|'id'
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_BUFFER_SIZE, globus_size_t buffer_size)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the read buffer size
The read buffer is used for buffering wrapped data, is initialized with a default size of 128K and scaled dynamically to always be able to fit whole tokens.
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_CREDENTIAL, gss_cred_id_t credential)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the credential to be used
Parameters
Note
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_CREDENTIALS_DIR, const char * directory)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the directory for credentials to use when accepting a security context. This is used when a service requires different credentials based on the SNI TLS extension.
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_DELEGATION_MODE, globus_xio_gsi_delegation_mode_t delegation_mode)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the delegation mode
Parameters
Note
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_GSSAPI_REQ_FLAGS, OM_uint32 req_flags)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the GSSAPI req_flags to be used
Parameters
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_PROTECTION_LEVEL, globus_xio_gsi_protection_level_t protection_level)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the protection level
Parameters
Note
string opt: protection='none'|'private'|'integrity'
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_PROXY_MODE, globus_xio_gsi_proxy_mode_t proxy_mode)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the proxy mode
Parameters
Note
string opt: proxy='many'|'full'|'limited'
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_SSL_COMPATIBLE, globus_bool_t ssl_mode)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Make the on the wire protocol SSL compatible.
This implies no wrapping of security tokens and no delegation
Parameters
Note
string opt: ssl_compatible='true'|'false'
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_TARGET_NAME, gss_name_t target_name)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the expected peer name
Parameters
string opt: subject=string
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_WRAP_MODE, globus_bool_t wrap_mode)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the wrapping mode
This mode determines whether tokens will be wrapped with a Globus IO style header or not.
Parameters
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_ACCEPT_DELEGATION, gss_cred_id_t * credential, gss_OID_set restriction_oids, gss_buffer_set_t restriction_buffers, OM_uint32 time_req)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Accept delegation-at-any-time process
Parameters
restriction_oids The OIDS for X.509 extensions to embed in the delegated credential
restriction_buffers The corresponding bodies for the X.509 extensions
time_req The requested lifetime of the delegated credential
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_GET_CONTEXT, gss_ctx_id_t * context)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the GSS context
Parameters
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_GET_CREDENTIAL, gss_cred_id_t * credential)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the credential to be used
Parameters
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_GET_DELEGATED_CRED, gss_cred_id_t * credential)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the delegated credential
Parameters
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_GET_LOCAL_NAME, gss_name_t * local_name)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the GSS name associated with the local credentials
Parameters
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_GET_PEER_NAME, gss_name_t * peer_name)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Get the name of the peer
Parameters
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_INIT_DELEGATION, gss_cred_id_t credential, gss_OID_set restriction_oids, gss_buffer_set_t restriction_buffers, OM_uint32 time_req)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Initialize delegation-at-any-time process
Parameters
restriction_oids The OIDs for X.509 extensions to embed in the delegated credential
restriction_buffers The corresponding bodies for the X.509 extensions
time_req The lifetime of the delegated credential
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_REGISTER_ACCEPT_DELEGATION, gss_OID_set restriction_oids, gss_buffer_set_t restriction_buffers, OM_uint32 time_req, globus_xio_gsi_delegation_accept_callback_t callback, void * callback_arg)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Accept non-blocking delegation-at-any-time process
Parameters
restriction_buffers The corresponding bodies for the X.509 extensions
time_req The lifetime of the delegated credential
callback The callback to call when the operation completes
callback_arg The arguments to pass to the callback
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_REGISTER_INIT_DELEGATION, gss_cred_id_t credential, gss_OID_set restriction_oids, gss_buffer_set_t restriction_buffers, OM_uint32 time_req, globus_xio_gsi_delegation_init_callback_t callback, void * callback_arg)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Initialize non-blocking delegation-at-any-time process
Parameters
restriction_oids The OIDS for X.509 extensions to embed in the delegated credential
restriction_buffers The corresponding bodies for the X.509 extensions
time_req The lifetime of the delegated credential
callback The callback to call when the operation completes
callback_arg The arguments to pass to the callback
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_SET_APPLICATION_PROTOCOLS, char ** protocols)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the list of application protocols to negotiate during TLS handshake. This uses tht TLS ALPN extension.
Parameters
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_SET_CREDENTIAL, gss_cred_id_t credential)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the credential to be used
Parameters
Note
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_SET_CREDENTIALS_DIR, const char * directory)¶
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts. Set the directory for credentials to use when accepting a security context. This is used when a service requires different credentials based on the SNI TLS extension.
Parameters
Author¶
Generated automatically by Doxygen for globus_xio_gsi_driver from the source code.
Version 5.4 | globus_xio_gsi_driver |