Install Now
globus_xio_gsi_driver - Globus XIO GSI Driver
Contents
Attributes And Cntls
GSI driver specific attrs and cntls
Seealso
globus_xio_attr_cntl ()
globus_xio_handle_cntl ()
Detailed Description
Globus XIO GSI Driver.
Enumeration Type Documentation
enumglobus_xio_gsi_authorization_mode_t
Globus XIO GSI authorization modes
EnumeratorGLOBUS_XIO_GSI_NO_AUTHORIZATION
Do not perform any authorization. This will cause a error when used in conjunction with delegation
on the init/client side.
GLOBUS_XIO_GSI_SELF_AUTHORIZATION
Authorize the peer if the peer has the same identity as ourselves
GLOBUS_XIO_GSI_IDENTITY_AUTHORIZATION
Authorize the peer if the peer identity matches the identity set in the target name.
GLOBUS_XIO_GSI_HOST_AUTHORIZATION
Authorize the peer if the identity of the peer matches the identity of the peer hostname.
enumglobus_xio_gsi_cmd_t
GSI driver specific cntls
EnumeratorGLOBUS_XIO_GSI_SET_CREDENTIAL
See usage for: globus_xio_gsi_attr_cntl , globus_xio_gsi_handle_cntlGLOBUS_XIO_GSI_GET_CREDENTIAL
See usage for: globus_xio_gsi_attr_cntl , globus_xio_gsi_handle_cntlGLOBUS_XIO_GSI_SET_GSSAPI_REQ_FLAGS
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_GET_GSSAPI_REQ_FLAGS
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_SET_PROXY_MODE
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_GET_PROXY_MODE
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_SET_AUTHORIZATION_MODE
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_GET_AUTHORIZATION_MODE
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_SET_DELEGATION_MODE
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_GET_DELEGATION_MODE
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_SET_SSL_COMPATIBLE
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_SET_ANON
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_SET_WRAP_MODE
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_GET_WRAP_MODE
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_SET_BUFFER_SIZE
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_GET_BUFFER_SIZE
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_SET_PROTECTION_LEVEL
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_GET_PROTECTION_LEVEL
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_GET_TARGET_NAME
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_SET_TARGET_NAME
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_GET_CONTEXT
See usage for: globus_xio_gsi_handle_cntlGLOBUS_XIO_GSI_GET_DELEGATED_CRED
See usage for: globus_xio_gsi_handle_cntlGLOBUS_XIO_GSI_GET_PEER_NAME
See usage for: globus_xio_gsi_handle_cntlGLOBUS_XIO_GSI_GET_LOCAL_NAME
See usage for: globus_xio_gsi_handle_cntlGLOBUS_XIO_GSI_INIT_DELEGATION
See usage for: globus_xio_gsi_handle_cntlGLOBUS_XIO_GSI_REGISTER_INIT_DELEGATION
See usage for: globus_xio_gsi_handle_cntlGLOBUS_XIO_GSI_ACCEPT_DELEGATION
See usage for: globus_xio_gsi_handle_cntlGLOBUS_XIO_GSI_REGISTER_ACCEPT_DELEGATION
See usage for: globus_xio_gsi_handle_cntlGLOBUS_XIO_GSI_FORCE_SERVER_MODE
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_SET_ALLOW_MISSING_SIGNING_POLICY
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_GET_ALLOW_MISSING_SIGNING_POLICY
See usage for: globus_xio_gsi_attr_cntlGLOBUS_XIO_GSI_SET_CREDENTIALS_DIR
See usage for: globus_xio_gsi_attr_cntl , globus_xio_gsi_handle_cntlGLOBUS_XIO_GSI_SET_APPLICATION_PROTOCOLS
See usage for: globus_xio_gsi_attr_cntl , globus_xio_gsi_handle_cntlenumglobus_xio_gsi_delegation_mode_t
Globus XIO GSI delegation modes
EnumeratorGLOBUS_XIO_GSI_DELEGATION_MODE_NONE
No delegation
GLOBUS_XIO_GSI_DELEGATION_MODE_LIMITED
Delegate a limited proxy
GLOBUS_XIO_GSI_DELEGATION_MODE_FULL
Delegate a full proxy
enumglobus_xio_gsi_error_t
GSI driver specific error types
EnumeratorGLOBUS_XIO_GSI_ERROR_INVALID_PROTECTION_LEVEL
Indicates that the established context does not meet the required protection level
GLOBUS_XIO_GSI_ERROR_WRAP_GSSAPI
Wraps a GSSAPI error
GLOBUS_XIO_GSI_ERROR_EMPTY_TARGET_NAME
Indicates that GLOBUS_XIO_GSI_IDENTITY_AUTHORIZATION is set but that the target name is empty
GLOBUS_XIO_GSI_ERROR_EMPTY_HOST_NAME
Indicates that GLOBUS_XIO_GSI_HOST_AUTHORIZATION is set but that no host name is available
GLOBUS_XIO_GSI_AUTHORIZATION_FAILED
Indicates that the peer is not authorized
GLOBUS_XIO_GSI_ERROR_TOKEN_TOO_BIG
Indicates the token being read is too big. Usually happens when someone tries to establish a non
secure session with a endpoint that expects security
enumglobus_xio_gsi_protection_level_t
Globus XIO GSI protection levels
EnumeratorGLOBUS_XIO_GSI_PROTECTION_LEVEL_NONE
No security
GLOBUS_XIO_GSI_PROTECTION_LEVEL_INTEGRITY
Messages are signed
GLOBUS_XIO_GSI_PROTECTION_LEVEL_PRIVACY
Messages are signed and encrypted
enumglobus_xio_gsi_proxy_mode_t
Globus XIO GSI proxy modes
EnumeratorGLOBUS_XIO_GSI_PROXY_MODE_FULL
Accept only full proxies
GLOBUS_XIO_GSI_PROXY_MODE_LIMITED
Accept full proxies and limited proxies if they are the only limited proxy in the cert chain.
GLOBUS_XIO_GSI_PROXY_MODE_MANY
Accept both full and limited proxies unconditionally
Environment Variables
The gsi driver uses the following environment variables
• X509_USER_PROXY
• X509_USER_CERT
• X509_USER_KEY
• X509_CERT_DIR
For details see Globus: GSI Environment Variables
Error Types
The GSI driver uses mostly GSSAPI calls, so it generally just wraps the underlying GSSAPI errors or uses
generic XIO errors.
Seealso
globus_xio_driver_error_match ()
globus_error_gssapi_match ()
globus_error_match_openssl_error ()
Function Documentation
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_FORCE_SERVER_MODE,globus_bool_tserver_mode)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Force the server mode setting.
This explicitly sets the directionality of context establishment and delegation.
Parametersserver_mode The server mode.
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_GET_ALLOW_MISSING_SIGNING_POLICY,globus_bool_t*allow)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the allow missing signing policy flag
Parametersallow The flag currently set
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_GET_AUTHORIZATION_MODE,globus_xio_gsi_authorization_mode_t*authz_mode)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the authorization mode
Parametersauthz_mode The authorization mode that is currently in effect
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_GET_BUFFER_SIZE,globus_size_t*buffer_size)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the read buffer size
The read buffer is used for buffering wrapped data, is initialized with a default size of 128K and scaled
dynamically to always be able to fit whole tokens.
Parametersbuffer_size The size of the read buffer
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_GET_CREDENTIAL,gss_cred_id_t*credential)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the credential to be used
Parameterscredential The credential that is currently set. This will only return a credential if a credential
was explicitly set prior to this call. It will not return any credential automatically acquired
during context initialization.
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_GET_DELEGATION_MODE,globus_xio_gsi_delegation_mode_t*delegation_mode)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the delegation mode
Parametersdelegation_mode The delegation mode currently in effect
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_GET_GSSAPI_REQ_FLAGS,OM_uint32*req_flags)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the GSSAPI req_flags to be used
Parametersreq_flags The req flags currently in effect
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_GET_PROTECTION_LEVEL,globus_xio_gsi_protection_level_t*protection_level)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the protection level
Parametersprotection_level The current protection level
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_GET_PROXY_MODE,globus_xio_gsi_proxy_mode_t*proxy_mode)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the proxy mode
Parametersproxy_mode The proxy mode that is currently in effect
Note
Changing the proxy mode changes the req_flags
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_GET_TARGET_NAME,gss_name_t*target_name)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the expected peer name
Parameterstarget_name The expected peer name
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_GET_WRAP_MODE,globus_bool_t*wrap_mode)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the wrapping mode
This mode determines whether tokens will be wrapped with a Globus IO style header or not.
Parameterswrap_mode The wrapping mode currently in use.
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_ALLOW_MISSING_SIGNING_POLICY,globus_bool_tallow)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the allow missing signing policy flag
Parametersallow The flag setting to use
Note
Changing this flag changes the req_flags
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_ANON,globus_bool_tanon_mode)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Do anonymous authentication
Parametersanon_mode The ssl compatibility mode to use
Note
Changing the ssl compatibility mode changes the req_flags and the wrapping mode
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_APPLICATION_PROTOCOLS,char**protocols)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the list of application protocols to negotiate during TLS handshake.
This uses tht TLS ALPN extension.
Parametersprotocols An array of protocol names. The array must be terminated by a NULL pointer.
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_AUTHORIZATION_MODE,globus_xio_gsi_authorization_mode_tauthz_mode)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the authorization mode
Parametersauthz_mode The authorization mode to set
string opt: auth='none'|'self'|'host'|'id'
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_BUFFER_SIZE,globus_size_tbuffer_size)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the read buffer size
The read buffer is used for buffering wrapped data, is initialized with a default size of 128K and scaled
dynamically to always be able to fit whole tokens.
Parametersbuffer_size The size of the read buffer
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_CREDENTIAL,gss_cred_id_tcredential)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the credential to be used
Parameterscredential The credential to set. The credential structure needs to remain valid for the lifetime of
any XIO data structure it is used by.
Note
If this is called with the handle_cntl, there must be no outstanding operations on the handle.
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_CREDENTIALS_DIR,constchar*directory)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the directory for credentials to use when accepting a security
context. This is used when a service requires different credentials based on the SNI TLS extension.
Parametersdirectory The path to the directory containing credentials. string opt: credentials_dir=stringglobus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_DELEGATION_MODE,globus_xio_gsi_delegation_mode_tdelegation_mode)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the delegation mode
Parametersdelegation_mode The delegation mode to use
Note
Changing the delegation mode changes the req_flags
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_GSSAPI_REQ_FLAGS,OM_uint32req_flags)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the GSSAPI req_flags to be used
Parametersreq_flags The req_flags to set
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_PROTECTION_LEVEL,globus_xio_gsi_protection_level_tprotection_level)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the protection level
Parametersprotection_level The protection level to set
Note
Changing the proxy mode changes the req_flags
string opt: protection='none'|'private'|'integrity'
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_PROXY_MODE,globus_xio_gsi_proxy_mode_tproxy_mode)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the proxy mode
Parametersproxy_mode The proxy mode to set
Note
Changing the proxy mode changes the req_flags
string opt: proxy='many'|'full'|'limited'
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_SSL_COMPATIBLE,globus_bool_tssl_mode)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Make the on the wire protocol SSL compatible.
This implies no wrapping of security tokens and no delegation
Parametersssl_mode The ssl compatibility mode to use
Note
Changing the ssl compatibility mode changes the req_flags
string opt: ssl_compatible='true'|'false'
globus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_TARGET_NAME,gss_name_ttarget_name)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the expected peer name
Parameterstarget_name The expected peer name
string opt: subject=stringglobus_result_tglobus_xio_gsi_attr_cntl(attr,driver,GLOBUS_XIO_GSI_SET_WRAP_MODE,globus_bool_twrap_mode)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the wrapping mode
This mode determines whether tokens will be wrapped with a Globus IO style header or not.
Parameterswrap_mode The wrapping mode to use
globus_result_tglobus_xio_gsi_handle_cntl(handle,driver,GLOBUS_XIO_GSI_ACCEPT_DELEGATION,gss_cred_id_t*credential,gss_OID_setrestriction_oids,gss_buffer_set_trestriction_buffers,OM_uint32time_req)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Accept delegation-at-any-time process
Parameterscredential The delegated GSS credential
restriction_oids The OIDS for X.509 extensions to embed in the delegated credential
restriction_buffers The corresponding bodies for the X.509 extensions
time_req The requested lifetime of the delegated credential
globus_result_tglobus_xio_gsi_handle_cntl(handle,driver,GLOBUS_XIO_GSI_GET_CONTEXT,gss_ctx_id_t*context)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the GSS context
Parameterscontext The GSS context
globus_result_tglobus_xio_gsi_handle_cntl(handle,driver,GLOBUS_XIO_GSI_GET_CREDENTIAL,gss_cred_id_t*credential)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the credential to be used
Parameterscredential The credential that is currently set. This will only return a credential if a credential
was explicitly set prior to this call. It will not return any credential automatically acquired
during context initialization.
globus_result_tglobus_xio_gsi_handle_cntl(handle,driver,GLOBUS_XIO_GSI_GET_DELEGATED_CRED,gss_cred_id_t*credential)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the delegated credential
Parameterscredential The delegated credential
globus_result_tglobus_xio_gsi_handle_cntl(handle,driver,GLOBUS_XIO_GSI_GET_LOCAL_NAME,gss_name_t*local_name)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the GSS name associated with the local credentials
Parameterslocal_name The GSS name of the local credentials
globus_result_tglobus_xio_gsi_handle_cntl(handle,driver,GLOBUS_XIO_GSI_GET_PEER_NAME,gss_name_t*peer_name)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Get the name of the peer
Parameterspeer_name The GSS name of the peer.
globus_result_tglobus_xio_gsi_handle_cntl(handle,driver,GLOBUS_XIO_GSI_INIT_DELEGATION,gss_cred_id_tcredential,gss_OID_setrestriction_oids,gss_buffer_set_trestriction_buffers,OM_uint32time_req)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Initialize delegation-at-any-time process
Parameterscredential The GSS credential to delegate
restriction_oids The OIDs for X.509 extensions to embed in the delegated credential
restriction_buffers The corresponding bodies for the X.509 extensions
time_req The lifetime of the delegated credential
globus_result_tglobus_xio_gsi_handle_cntl(handle,driver,GLOBUS_XIO_GSI_REGISTER_ACCEPT_DELEGATION,gss_OID_setrestriction_oids,gss_buffer_set_trestriction_buffers,OM_uint32time_req,globus_xio_gsi_delegation_accept_callback_tcallback,void*callback_arg)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Accept non-blocking delegation-at-any-time process
Parametersrestriction_oids The OIDS for X.509 extensions to embed in the delegated credential
restriction_buffers The corresponding bodies for the X.509 extensions
time_req The lifetime of the delegated credential
callback The callback to call when the operation completes
callback_arg The arguments to pass to the callback
globus_result_tglobus_xio_gsi_handle_cntl(handle,driver,GLOBUS_XIO_GSI_REGISTER_INIT_DELEGATION,gss_cred_id_tcredential,gss_OID_setrestriction_oids,gss_buffer_set_trestriction_buffers,OM_uint32time_req,globus_xio_gsi_delegation_init_callback_tcallback,void*callback_arg)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Initialize non-blocking delegation-at-any-time process
Parameterscredential The GSS credential to delegate
restriction_oids The OIDS for X.509 extensions to embed in the delegated credential
restriction_buffers The corresponding bodies for the X.509 extensions
time_req The lifetime of the delegated credential
callback The callback to call when the operation completes
callback_arg The arguments to pass to the callback
globus_result_tglobus_xio_gsi_handle_cntl(handle,driver,GLOBUS_XIO_GSI_SET_APPLICATION_PROTOCOLS,char**protocols)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the list of application protocols to negotiate during TLS handshake.
This uses tht TLS ALPN extension.
Parametersprotocols An array of protocol names. The array must be terminated by a NULL pointer.
globus_result_tglobus_xio_gsi_handle_cntl(handle,driver,GLOBUS_XIO_GSI_SET_CREDENTIAL,gss_cred_id_tcredential)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the credential to be used
Parameterscredential The credential to set. The credential structure needs to remain valid for the lifetime of
any XIO data structure it is used by.
Note
If this is called with the handle_cntl, there must be no outstanding operations on the handle.
globus_result_tglobus_xio_gsi_handle_cntl(handle,driver,GLOBUS_XIO_GSI_SET_CREDENTIALS_DIR,constchar*directory)
This is an overloaded member function, provided for convenience. It differs from the above function only
in what argument(s) it accepts. Set the directory for credentials to use when accepting a security
context. This is used when a service requires different credentials based on the SNI TLS extension.
Parametersdirectory The path to the directory containing credentials. string opt: credentials_dir=stringName
globus_xio_gsi_driver - Globus XIO GSI Driver
- Globus XIO GSI Driver.
Opening/Closing
An XIO handle with the gsi driver can be created with either globus_xio_handle_create () or
globus_xio_server_register_accept ().
If the handle is created with globus_xio_server_register_accept (), the globus_xio_register_open () call
will proceed to accept a GSSAPI security context. Upon successful completion of the open (after the open
callback has been called) the application may proceed to read or write data associated with the GSI
session.
If the handle is created with globus_xio_handle_create (), then the XIO handle will implement the client-
side (init) of the GSSAPI call sequence and establish a security context with the accepting side
indicated by the contact_string passed to globus_xio_register_open ().
Reading/Writing
The GSI driver behaves similar to the underlying transport driver with respect to reads and writes,
except for the try-read and try-write operations (ie. waitforbytes ==0) which always return immediately.
This is due to the fact that the security layer needs to read and write tokens of a certain minimal size
and thus needs to rely on the underlying transport to handle greater than 0 reads/write which is not
possible in 'try' mode.
Server
globus_xio_server_create() causes a new transport-specific listener socket to be created to handle new
GSI connections. globus_xio_server_register_accept() will accept a new connection for processing.
globus_xio_server_register_close() cleans up the internal resources associated with the http server and
calls close on the listener.
All accepted handles inherit all GSI-specific attributes set in the attr to globus_xio_server_create(),
but can be overridden with the attr to globus_xio_register_open(). Furthermore, accepted handles will use
the GSSAPI accept security context call unless explicitly overridden during the
globus_xio_register_open() call ( GLOBUS_XIO_GSI_FORCE_SERVER_MODE).
Synopsis
Typedefs
typedef void(* globus_xio_gsi_delegation_init_callback_t) (globus_result_t result, void *user_arg)
typedef void(* globus_xio_gsi_delegation_accept_callback_t) (globus_result_t result, gss_cred_id_t
delegated_cred, OM_uint32 time_rec, void *user_arg)
Enumerations
enum globus_xio_gsi_error_t { GLOBUS_XIO_GSI_ERROR_INVALID_PROTECTION_LEVEL,
GLOBUS_XIO_GSI_ERROR_WRAP_GSSAPI, GLOBUS_XIO_GSI_ERROR_EMPTY_TARGET_NAME,
GLOBUS_XIO_GSI_ERROR_EMPTY_HOST_NAME, GLOBUS_XIO_GSI_AUTHORIZATION_FAILED,
GLOBUS_XIO_GSI_ERROR_TOKEN_TOO_BIG }
enum globus_xio_gsi_cmd_t { GLOBUS_XIO_GSI_SET_CREDENTIAL, GLOBUS_XIO_GSI_GET_CREDENTIAL,
GLOBUS_XIO_GSI_SET_GSSAPI_REQ_FLAGS, GLOBUS_XIO_GSI_GET_GSSAPI_REQ_FLAGS,
GLOBUS_XIO_GSI_SET_PROXY_MODE, GLOBUS_XIO_GSI_GET_PROXY_MODE, GLOBUS_XIO_GSI_SET_AUTHORIZATION_MODE,
GLOBUS_XIO_GSI_GET_AUTHORIZATION_MODE, GLOBUS_XIO_GSI_SET_DELEGATION_MODE,
GLOBUS_XIO_GSI_GET_DELEGATION_MODE, GLOBUS_XIO_GSI_SET_SSL_COMPATIBLE, GLOBUS_XIO_GSI_SET_ANON,
GLOBUS_XIO_GSI_SET_WRAP_MODE, GLOBUS_XIO_GSI_GET_WRAP_MODE, GLOBUS_XIO_GSI_SET_BUFFER_SIZE,
GLOBUS_XIO_GSI_GET_BUFFER_SIZE, GLOBUS_XIO_GSI_SET_PROTECTION_LEVEL,
GLOBUS_XIO_GSI_GET_PROTECTION_LEVEL, GLOBUS_XIO_GSI_GET_TARGET_NAME, GLOBUS_XIO_GSI_SET_TARGET_NAME,
GLOBUS_XIO_GSI_GET_CONTEXT, GLOBUS_XIO_GSI_GET_DELEGATED_CRED, GLOBUS_XIO_GSI_GET_PEER_NAME,
GLOBUS_XIO_GSI_GET_LOCAL_NAME, GLOBUS_XIO_GSI_INIT_DELEGATION,
GLOBUS_XIO_GSI_REGISTER_INIT_DELEGATION, GLOBUS_XIO_GSI_ACCEPT_DELEGATION,
GLOBUS_XIO_GSI_REGISTER_ACCEPT_DELEGATION, GLOBUS_XIO_GSI_FORCE_SERVER_MODE,
GLOBUS_XIO_GSI_SET_ALLOW_MISSING_SIGNING_POLICY, GLOBUS_XIO_GSI_GET_ALLOW_MISSING_SIGNING_POLICY,
GLOBUS_XIO_GSI_SET_CREDENTIALS_DIR, GLOBUS_XIO_GSI_SET_APPLICATION_PROTOCOLS }
enum globus_xio_gsi_protection_level_t { GLOBUS_XIO_GSI_PROTECTION_LEVEL_NONE,
GLOBUS_XIO_GSI_PROTECTION_LEVEL_INTEGRITY, GLOBUS_XIO_GSI_PROTECTION_LEVEL_PRIVACY }
enum globus_xio_gsi_delegation_mode_t { GLOBUS_XIO_GSI_DELEGATION_MODE_NONE,
GLOBUS_XIO_GSI_DELEGATION_MODE_LIMITED, GLOBUS_XIO_GSI_DELEGATION_MODE_FULL }
enum globus_xio_gsi_proxy_mode_t { GLOBUS_XIO_GSI_PROXY_MODE_FULL, GLOBUS_XIO_GSI_PROXY_MODE_LIMITED,
GLOBUS_XIO_GSI_PROXY_MODE_MANY }
enum globus_xio_gsi_authorization_mode_t { GLOBUS_XIO_GSI_NO_AUTHORIZATION,
GLOBUS_XIO_GSI_SELF_AUTHORIZATION, GLOBUS_XIO_GSI_IDENTITY_AUTHORIZATION,
GLOBUS_XIO_GSI_HOST_AUTHORIZATION }
Functions
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_CREDENTIAL, gss_cred_id_t
credential)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_SET_CREDENTIAL, gss_cred_id_t
credential)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_CREDENTIAL, gss_cred_id_t
*credential)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_GET_CREDENTIAL, gss_cred_id_t
*credential)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_GSSAPI_REQ_FLAGS, OM_uint32
req_flags)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_GSSAPI_REQ_FLAGS, OM_uint32
*req_flags)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_PROXY_MODE,
globus_xio_gsi_proxy_mode_t proxy_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_PROXY_MODE,
globus_xio_gsi_proxy_mode_t *proxy_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_AUTHORIZATION_MODE,
globus_xio_gsi_authorization_mode_t authz_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_AUTHORIZATION_MODE,
globus_xio_gsi_authorization_mode_t *authz_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_DELEGATION_MODE,
globus_xio_gsi_delegation_mode_t delegation_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_DELEGATION_MODE,
globus_xio_gsi_delegation_mode_t *delegation_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_SSL_COMPATIBLE, globus_bool_t
ssl_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_ANON, globus_bool_t anon_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_WRAP_MODE, globus_bool_t
wrap_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_WRAP_MODE, globus_bool_t
*wrap_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_BUFFER_SIZE, globus_size_t
buffer_size)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_BUFFER_SIZE, globus_size_t
*buffer_size)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_PROTECTION_LEVEL,
globus_xio_gsi_protection_level_t protection_level)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_PROTECTION_LEVEL,
globus_xio_gsi_protection_level_t *protection_level)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_TARGET_NAME, gss_name_t
*target_name)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_TARGET_NAME, gss_name_t
target_name)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_GET_CONTEXT, gss_ctx_id_t
*context)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_GET_DELEGATED_CRED,
gss_cred_id_t *credential)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_GET_PEER_NAME, gss_name_t
*peer_name)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_GET_LOCAL_NAME, gss_name_t
*local_name)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_INIT_DELEGATION, gss_cred_id_t
credential, gss_OID_set restriction_oids, gss_buffer_set_t restriction_buffers, OM_uint32 time_req)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_REGISTER_INIT_DELEGATION,
gss_cred_id_t credential, gss_OID_set restriction_oids, gss_buffer_set_t restriction_buffers,
OM_uint32 time_req, globus_xio_gsi_delegation_init_callback_t callback, void *callback_arg)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_ACCEPT_DELEGATION,
gss_cred_id_t *credential, gss_OID_set restriction_oids, gss_buffer_set_t restriction_buffers,
OM_uint32 time_req)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_REGISTER_ACCEPT_DELEGATION,
gss_OID_set restriction_oids, gss_buffer_set_t restriction_buffers, OM_uint32 time_req,
globus_xio_gsi_delegation_accept_callback_t callback, void *callback_arg)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_FORCE_SERVER_MODE, globus_bool_t
server_mode)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_ALLOW_MISSING_SIGNING_POLICY,
globus_bool_t allow)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_GET_ALLOW_MISSING_SIGNING_POLICY,
globus_bool_t *allow)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_CREDENTIALS_DIR, const char
*directory)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_SET_CREDENTIALS_DIR, const
char *directory)
globus_result_t globus_xio_gsi_attr_cntl (attr, driver, GLOBUS_XIO_GSI_SET_APPLICATION_PROTOCOLS, char
**protocols)
globus_result_t globus_xio_gsi_handle_cntl (handle, driver, GLOBUS_XIO_GSI_SET_APPLICATION_PROTOCOLS,
char **protocols)
Typedef Documentation
typedefvoid(*globus_xio_gsi_delegation_accept_callback_t)(globus_result_tresult,gss_cred_id_tdelegated_cred,OM_uint32time_rec,void*user_arg)
Globus XIO GSI init delegation callback
typedefvoid(*globus_xio_gsi_delegation_init_callback_t)(globus_result_tresult,void*user_arg)
Globus XIO GSI init delegation callback
PNG Icons
