Provided by: libglobus-gss-assist-doc_12.6-1_all bug

NAME

       globus_gss_assist_gridmap - Gridmap Authorization

        - Gridmap Authorization and Local User Mapping.

SYNOPSIS

   Macros
       #define GlobusGssAssistFreeDNArray(dn_a)
           Free array of distinguished names.

   Functions
       int globus_gss_assist_gridmap (char *globusidp, char **useridp)
           Look up the default mapping for a Grid identity in a gridmap file.
       int globus_gss_assist_userok (char *globusid, char *userid)
           Gridmap entry existence check.
       int globus_gss_assist_map_local_user (char *local_user, char **globusidp)
           Look up the default Grid identity associated with a local user name.
       globus_result_t globus_gss_assist_lookup_all_globusid (char *username, char **dns[], int
           *dn_count)
           Look up all Grid IDs associated with a local user ID.
       globus_result_t globus_gss_assist_map_and_authorize (gss_ctx_id_t context, char *service,
           char *desired_identity, char *identity_buffer, unsigned int identity_buffer_length)
           Authorize the peer of a security context to use a service.
       globus_result_t globus_gss_assist_map_and_authorize_sharing (char
           *shared_user_certificate, gss_ctx_id_t context, char *desired_identity, char
           *identity_buffer, unsigned int identity_buffer_length)
           Authorize a particular credential for shared access.

Detailed Description

       Gridmap Authorization and Local User Mapping.

       Functions in this group are used to authorize a GSSAPI credential to perform some action
       on the local machine. In addition to checking whether a credential is authorized, it can
       also be mapped to a local user name.

Macro Definition Documentation

   #define GlobusGssAssistFreeDNArray(dn_a)
       Free array of distinguished names. Free the contents of a name array created during a
       successful call to globus_gss_assist_lookup_all_globusid()

       Parameters
           dn_a Array of names to free.

       Return values
           void

Function Documentation

   int globus_gss_assist_gridmap (char * globusidp, char ** useridp)
       Look up the default mapping for a Grid identity in a gridmap file. The
       globus_gss_assist_gridmap() function parses the default gridmap file and modifies its
       useridp parameter to point to a copy of the string containing the default local identity
       that the grid identity is mapped to. If successful, the caller is responsible for freeing
       the string pointed to by useridp.

       By default, globus_gss_assist_gridmap() looks for the default gridmap file defined by the
       value of the GRIDMAP environment variable. If that is not set, it falls back to
       $HOME/.gridmap.

       Parameters
           globusidp The GSSAPI name string of the identity who requested authorization
           useridp A pointer to a string to be set to the default user ID for the local system.
           No validation is done to check that such a user exists.

       Returns
           On success, globus_gss_assist_gridmap() returns 0 and modifies the the string pointed
           to by the useridp parameter. If an error occurs, a non-zero value is returned and the
           value pointed to by useridp is undefined.

       Return values
           GLOBUS_SUCCESS Success
           1 Error

   globus_result_t globus_gss_assist_lookup_all_globusid (char * username, char ** dns[], int *
       dn_count)
       Look up all Grid IDs associated with a local user ID. The
       globus_gss_assist_lookup_all_globusid() function parses a gridmap file and finds all Grid
       IDs that map to a local user ID. The dns parameter is modified to point to an array of
       Grid ID strings from the gridmap file, and the dn_count parameter is modified to point to
       the number of Grid ID strings in the array. The caller is responsible for freeing the
       array using the macro GlobusGssAssistFreeDNArray().

       By default, globus_gss_assist_lookup_all_globusid() looks for the default gridmap file
       defined by the value of the GRIDMAP environment variable. If that is not set, it falls
       back to $HOME/.gridmap.

       Parameters
           username The local username to look up in the gridmap file.
           dns A pointer to an array of strings. This function modifies this to point to a newly
           allocated array of strings. The caller must use the macro GlobusGssAssistFreeDNArray()
           to free this memory.
           dn_count A pointer to an integer that is modified to contain the number of entries in
           the array returned via the dns parameter.

       Returns
           On success, globus_gss_assist_lookup_all_globusid() returns GLOBUS_SUCCESS and
           modifies its dns and dn_count parameters as described above. If an error occurs,
           globus_gss_assist_lookup_all_globusid() returns a globus_result_t that can be resolved
           to an error object and the values pointed to by dns and dn_count are undefined.

       Return values
           GLOBUS_SUCCESS Success
           GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_ARGUMENTS Error with arguments
           GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_GRIDMAP Invalid path to gridmap
           GLOBUS_GSI_GSS_ASSIST_ERROR_ERRNO System error

   globus_result_t globus_gss_assist_map_and_authorize (gss_ctx_id_t context, char * service,
       char * desired_identity, char * identity_buffer, unsigned int identity_buffer_length)
       Authorize the peer of a security context to use a service. The
       globus_gss_assist_map_and_authorize() function attempts to authorize the peer of a
       security context to use a particular service. If the desired_identity parameter is non-
       NULL, the authorization will succeed only if the peer is authorized for that identity.
       Otherwise, any valid authorized local user name will be used. If authorized, the local
       user name will be copied to the string pointed to by the identity_buffer parameter, which
       must be at least as long as the value passed as the identity_buffer_length parameter.

       If authorization callouts are defined in the callout configuration file,
       globus_gss_assist_map_and_authorize() will invoke both the GLOBUS_GENERIC_MAPPING_TYPE
       callout and the GLOBUS_GENERIC_AUTHZ_TYPE callout; otherwise the default gridmap file will
       be used for mapping and no service-specific authorization will be done.

       If globus_gss_assist_map_and_authorize() uses a gridmap file, it first looks for a file
       defined by the value of the GRIDMAP environment variable. If that is not set, it falls
       back to $HOME/.gridmap.

       Parameters
           context Security context to inspect for peer identity information.
           service A NULL-terminated string containing the name of the service that an
           authorization decision is being made for.
           desired_identity Optional. If non-NULL, perform an authorization to act as the local
           user named by this NULL-terminated string.
           identity_buffer A pointer to a string buffer into which will be copied the local user
           name that the peer of the context is authorized to act as.
           identity_buffer_length Length of the identity_buffer array.

       Returns
           On success, globus_gss_assist_map_and_authorize() returns GLOBUS_SUCCESS and copies
           the authorized local identity to the identity_buffer parameter. If an error occurs,
           globus_gss_assist_map_and_authorize() returns a globus_result_t that can be resolved
           to an error object.

       Return values
           GLOBUS_SUCCESS Success
           GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_CALLOUT_CONFIG Invalid authorization configuration
           file
           GLOBUS_CALLOUT_ERROR_WITH_HASHTABLE
            Hash table operation failed.
           GLOBUS_CALLOUT_ERROR_CALLOUT_ERROR The callout itself returned a error.
           GLOBUS_CALLOUT_ERROR_WITH_DL Dynamic library operation failed.
           GLOBUS_CALLOUT_ERROR_OUT_OF_MEMORY Out of memory
           GLOBUS_GSI_GSS_ASSIST_GSSAPI_ERROR A GSSAPI function returned an error
           GLOBUS_GSI_GSS_ASSIST_GRIDMAP_LOOKUP_FAILED Gridmap lookup failure
           GLOBUS_GSI_GSS_ASSIST_BUFFER_TOO_SMALL Caller provided insufficient buffer space for
           local identity

   globus_result_t globus_gss_assist_map_and_authorize_sharing (char * shared_user_certificate,
       gss_ctx_id_t context, char * desired_identity, char * identity_buffer, unsigned int
       identity_buffer_length)
       Authorize a particular credential for shared access. The
       globus_gss_assist_map_and_authorize_sharing() function attempts to authorize a particular
       credential for shared access. the desired_identity parameter is non-NULL, the
       authorization will succeed only if the credential is authorized for that identity.
       Otherwise, any valid authorized local user name will be used. If authorized, the local
       user name will be copied to the string pointed to by the identity_buffer parameter, which
       must be at least as long as the value passed as the identity_buffer_length parameter.

       If authorization callouts are defined in the callout configuration file,
       globus_gss_assist_map_and_authorize_sharing() will invoke both the
       GLOBUS_GENERIC_MAPPING_TYPE callout and the GLOBUS_GENERIC_AUTHZ_TYPE callout; otherwise
       the default gridmap file will be used for mapping and no service-specific authorization
       will be done.

       If globus_gss_assist_map_and_authorize_sharing() uses a gridmap file, it first looks for a
       file defined by the value of the GRIDMAP environment variable. If that is not set, it
       falls back to $HOME/.gridmap.

       Parameters
           shared_user_certificate cert and cert chain of user that owns the resources to be
           shared, in PEM format. This will be parsed to find the identity that should be mapped.
           context Security context of the underlying connection. This should generally be
           ignored.
           desired_identity Optional. If non-NULL, perform an authorization to act as the local
           user named by this NULL-terminated string.
           identity_buffer A pointer to a string buffer into which will be copied the local user
           name that the peer of the context is authorized to act as.
           identity_buffer_length Length of the identity_buffer array.

       Returns
           On success, globus_gss_assist_map_and_authorize_sharing() returns GLOBUS_SUCCESS and
           copies the authorized local identity to the identity_buffer parameter. If an error
           occurs, globus_gss_assist_map_and_authorize_sharing() returns a globus_result_t that
           can be resolved to an error object.

       Return values
           GLOBUS_SUCCESS Success
           GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_CALLOUT_CONFIG Invalid authorization configuration
           file
           GLOBUS_CALLOUT_ERROR_WITH_HASHTABLE
            Hash table operation failed.
           GLOBUS_CALLOUT_ERROR_CALLOUT_ERROR The callout itself returned a error.
           GLOBUS_CALLOUT_ERROR_WITH_DL Dynamic library operation failed.
           GLOBUS_CALLOUT_ERROR_OUT_OF_MEMORY Out of memory
           GLOBUS_GSI_GSS_ASSIST_GSSAPI_ERROR A GSSAPI function returned an error
           GLOBUS_GSI_GSS_ASSIST_GRIDMAP_LOOKUP_FAILED Gridmap lookup failure
           GLOBUS_GSI_GSS_ASSIST_BUFFER_TOO_SMALL Caller provided insufficient buffer space for
           local identity

   int globus_gss_assist_map_local_user (char * local_user, char ** globusidp)
       Look up the default Grid identity associated with a local user name. The
       globus_gss_assist_map_local_user() function parses the gridmap file to determine a if the
       user name passed as the local_user parameter is the default local user for a Grid ID in
       the gridmap file. If so, it modifies globusidp to point to a copy of that ID. Otherwise,
       it searches the gridmap file for a Grid ID that has a non-default mapping for local_user
       and modifies globusidp to point to a copy of that ID. If successful, the caller is
       responsible for freeing the string pointed to by the globusidp pointer.

       By default, globus_gss_assist_map_local_user() looks for the default gridmap file defined
       by the value of the GRIDMAP environment variable. If that is not set, it falls back to
       $HOME/.gridmap.

       Parameters
           local_user The local username to find a Grid ID for
           globusidp A Grid ID that maps from the local_user.

       Returns
           On success, globus_gss_assist_map_local_user() returns 0 and modifies globusidp to
           point to a Grid ID that maps to local_user; otherwise,
           globus_gss_assist_map_local_user() returns 1 and the value pointed to by globusidp is
           undefined.

       Return values
           GLOBUS_SUCCESS Success
           1 Error

   int globus_gss_assist_userok (char * globusid, char * userid)
       Gridmap entry existence check. The globus_gss_assist_userok() function parses the default
       gridmap file and checks whether any mapping exists for the grid identity passed as the
       globusid parameter and the local user identity passed as the @ userid parameter.

       By default, globus_gss_assist_userok() looks for the default gridmap file defined by the
       value of the GRIDMAP environment variable. If that is not set, it falls back to
       $HOME/.gridmap.

       Parameters
           globusid The GSSAPI name string of the identity who requested authorization
           userid The local account name that access is sought for.

       Returns
           If globus_gss_assist_userok() is able to find a mapping between globusid and userid,
           it returns 0; otherwise it returns 1.

       Return values
           GLOBUS_SUCCESS Success
           1 Error

Author

       Generated automatically by Doxygen for globus_gss_assist from the source code.