The authentication module is a fundamentally important part of the GROWL system. It enables the GROWL user to assert his/ her identify by the use of an x.509 certificate issued by the UK Grid Certification Authority http://ca.grid-support.ac.uk. By doing so one can gain access to Grid resources and use more GROWL library functionality.
GROWL uses the public-domain MyProxy server at myproxy.grid-support.ac.uk.
Version: 1.0
Public calls: growl_getDelegation, growl_testDelegation
Public modules: libgrowl.a
Other modules required: libgrowl.a, gSOAP v2.1.4, MyProxy, Globus
GSI
Date: 2004
Origin: Hand-Knitted Software, R.J. Allan, CCLRC Daresbury Laboratory
Language: C
Conditions on external use: Standard, see separate chapter
This module is used by including growl.h and linking to the library libgrowl.a. Publically callable procedures are listed here.
growl_getDelegation is called to start a new GROWL session. The user must have lodged a proxy certificate with a MyProxy server, e.g. myproxy.grid-support.ac.uk. The support command $(GROWL)/bin/grid-login is provided to do this, and assumes that the user has valid certificate and key in $(HOME)/.globus/usercert.pem and $(HOME)/.globus/userkey.pem as explained in the Globus user guide.
The routine then accesses MyProxy to download a delegated proxy to the GROWL server which will be used for the duration of the session as specified by its time-to-live value. The routine returns a unique session key which must be used to invoke other GROWL services requiring to use the proxy.
[frame=single]
int getDelegation(char *uid,
char *passPhrase,
int ttl,
char *oldId,
char **sessionId);
char *uid
On entry: uid or DN which was used to store the user's proxy with the
appropriate MyProxy server.
char *passPhrase
On entry: pass phrase which was used to store the user's proxy with the
appropriate MyProxy server.
int ttl
On entry: Time to live for the delegated proxy to created (in hours).
char *oldId
On entry: a session key or NULL.
char **sessionId
On exit: session key to be used for the new session, may be the same
as a previous one (oldId) if given or will be a new one generated by
growl_testDelegation.
Integer, 0=success, !0=failure. Failures are likely to be because there is no such proxy certificate in the MyProxy repository.
SOAP error message if there is a problem.
growl_testDelegation is used to test if there is still a valid proxy associated with a given session key. If so it returns the same session key. If not it generates a new one which can be passed to growl_getDelegation .
[frame=single] int testDelegation(char *oldId, char **sessionId);
char *oldId
On entry: old session key.
char **sessionId
On exit: new session key. This will be the same as the old key if the
associated proxy is still valid.
Integer, 0=success, !0=failure.
SOAP error message if there is a problem.
growl_rmDelegation deletes the proxy associated with a given session key from the GROWL server. It should be invoked to provide additional security at the end of a session.
[frame=single] int rmDelegation(char *oldId);
char *oldId
On entry: old session key.
Integer, 0=success, !0=failure.
SOAP error message if there is a problem.
Workspace: internal workspace is allocated in all these
routines by the gSOAP system for the long return string. This should
be freed by the user when it is no longer required.
Use of globals: none
Other routines called directly: none
Input/ output: none
Restrictions:
Notes:
Session keys are generated using uuidgen. The C code for uuidgen is built using libuuid from the e2fsprogs package and is available by anonymous ftp from http://tsx-11.mit.edu (and its mirrors) in /pub/linux/packages/ext2fs.
The following example shows how growl_testDelegation and growl_getDelegation can be used.
[frame=single]
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "growl.h"
int main(int argc, char **argv) {
char uid[]="rja";
char passPhrase[]="new passwd";
int ttl=2;
char oldId[]="f6a6d3fe-1b36-4131-8dbe-dd29a5c483c5";
char *sessionId;
int res;
res = growl_testDelegation(oldId, &sessionId);
printf("Got new session key %s\n", sessionId);
if(strcmp(oldId,sessionId)) {
strcpy(oldId, sessionId);
printf("Need to renew session %s\n", oldId);
res = growl_getDelegation(uid, passPhrase, ttl, oldId, &sessionId);
} else
printf("Existing session still OK\n");
free(sessionId);
return 0;
}
