Subsections


AUTHENTICATION

Summary

The authentication module is a fundamentally important part of the GROWL system. It enables the GROWL user to assert his/ her identify by the use of an x.509 certificate issued by the UK Grid Certification Authority http://ca.grid-support.ac.uk. By doing so one can gain access to Grid resources and use more GROWL library functionality.

Attributes

Version: 1.0
Public calls: growl_getDelegation, growl_testDelegation
Public modules: libauthentication.a libgrowl.a
Other modules required: libgrowl.a, gSOAP v2.1.4, MyProxy, Globus GSI
Date: 2004
Origin: Hand-Knitted Software, R.J. Allan, CCLRC Daresbury Laboratory
Language: C
Conditions on external use: Standard, see separate chapter
Workspace: internal workspace is allocated in all these routines by the gSOAP system for the long return string. This should be freed by the user when it is no longer required.
Use of globals: none
Other routines called directly: none
Input/ output: none
Restrictions:
Notes:

How to use the Package

This module is used by including the libgrowl.a library or the libresources.a and libbase.a libraries. Publically callable procedures are listed here.

Specification of Authentication Module

Specification of growl_getdelegation

growl_getDelegation is called to start a new GROWL session. The user must have lodged a proxy certificate with a MyProxy server, e.g. myproxy.grid-support.ac.uk. This routine accesses MyProxy to download a delegated proxy to GROWL which will be used for the duration of the session as specified by a time to live value. The routine returns a unique session key which must be used to invoke other GROWL services requiring to use the proxy.

[frame=single]
       int getDelegation(
                         char *uid, 
			 char *passPhrase, 
			 int ttl, 
			 char *oldId, 
			 char **sessionId);

Argument List

char *uid
On entry: uid or DN which was used to store the user's proxy with the appropriate MyProxy server.

char *passPhrase
On entry: pass phrase which was used to store the user's proxy with the appropriate MyProxy server.

int ttl
On entry: Time to live for the delegated proxy to created (in hours).

char *oldId
On entry: session key to be used for the new session, may be the same as a previous one or generated by growl_testDelegation.

char **sessionId
On exit: new session key.

Information returned to the User

Integer, 0=success, !0=failure. Failures are likely to be because there is no such proxy certificate in the MyProxy repository.

Error Returns

SOAP error message if there is a problem.

Specification of growl_testdelegation

growl_testDelegation is used to test if there is still a valid proxy associated with a given session key. If so it returns the same session key. If not it generates a new one which can be passed to growl_getDelegation .

[frame=single]
   int testDelegation(
                      char *oldId, 
		      char **sessionId);

Argument List

char *oldId
On entry: old session key.

char **sessionId
On exit: new session key. This will be the same as the old key if the associated proxy is still valid.

Information returned to the User

Integer, 0=success, !0=failure.

Error Returns

SOAP error message if there is a problem.

Specification of growl_rmdelegation

growl_Delegation deletes the proxy associated with a given session key from the GROWL system. It should be invoked to provide additional security at the end of a session.

[frame=single]
   int rmDelegation(
                      char *oldId);

Argument List

char *oldId
On entry: old session key.

Information returned to the User

Integer, 0=success, !0=failure.

Error Returns

SOAP error message if there is a problem.

METHOD

Algorithmic detail

Session keys are generated using uuidgen. The C code for uuidgen is built using libuuid from the e2fsprogs package and is available by anonymous ftp from http://tsx-11.mit.edu (and its mirrors) in /pub/linux/packages/ext2fs.

EXAMPLE

The following example shows how growl_testDelegation and growl_getDelegation can be used.

Example text

[frame=single]
#include 'growl.h' 

   char uid[]="rja";
   char passPhrase[]="new passwd";
   int ttl=2; 
   char oldId[]="f6a6d3fe-1b36-4131-8dbe-dd29a5c483c5";
   char *sessionId;
   int res;

   res = growl_testDelegation(oldId, &sessionId);
   if(strcmp(oldId,sessionId)) {
       printf("Need to renew session\n");
       strcpy(oldId, sessionId);

       res = growl_getDelegation(uid, passPhrase, ttl, oldId, &sessionId);
   }
Rob Allan 2009-11-10