1178825Sdfr/* 2178825Sdfr * Copyright (c) 2005, PADL Software Pty Ltd. 3178825Sdfr * All rights reserved. 4178825Sdfr * 5178825Sdfr * Redistribution and use in source and binary forms, with or without 6178825Sdfr * modification, are permitted provided that the following conditions 7178825Sdfr * are met: 8178825Sdfr * 9178825Sdfr * 1. Redistributions of source code must retain the above copyright 10178825Sdfr * notice, this list of conditions and the following disclaimer. 11178825Sdfr * 12178825Sdfr * 2. Redistributions in binary form must reproduce the above copyright 13178825Sdfr * notice, this list of conditions and the following disclaimer in the 14178825Sdfr * documentation and/or other materials provided with the distribution. 15178825Sdfr * 16178825Sdfr * 3. Neither the name of PADL Software nor the names of its contributors 17178825Sdfr * may be used to endorse or promote products derived from this software 18178825Sdfr * without specific prior written permission. 19178825Sdfr * 20178825Sdfr * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND 21178825Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22178825Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23178825Sdfr * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE 24178825Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25178825Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26178825Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27178825Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28178825Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29178825Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30178825Sdfr * SUCH DAMAGE. 31178825Sdfr */ 32178825Sdfr 33178825Sdfr/* 34178825Sdfr * $Id: kcm_locl.h 20470 2007-04-20 10:41:11Z lha $ 35178825Sdfr */ 36178825Sdfr 37178825Sdfr#ifndef __KCM_LOCL_H__ 38178825Sdfr#define __KCM_LOCL_H__ 39178825Sdfr 40178825Sdfr#include "headers.h" 41178825Sdfr 42178825Sdfr#include <kcm.h> 43178825Sdfr 44178825Sdfr#define KCM_LOG_REQUEST(_context, _client, _opcode) do { \ 45178825Sdfr kcm_log(1, "%s request by process %d/uid %d", \ 46178825Sdfr kcm_op2string(_opcode), (_client)->pid, (_client)->uid); \ 47178825Sdfr } while (0) 48178825Sdfr 49178825Sdfr#define KCM_LOG_REQUEST_NAME(_context, _client, _opcode, _name) do { \ 50178825Sdfr kcm_log(1, "%s request for cache %s by process %d/uid %d", \ 51178825Sdfr kcm_op2string(_opcode), (_name), (_client)->pid, (_client)->uid); \ 52178825Sdfr } while (0) 53178825Sdfr 54178825Sdfr/* Cache management */ 55178825Sdfr 56178825Sdfr#define KCM_FLAGS_VALID 0x0001 57178825Sdfr#define KCM_FLAGS_USE_KEYTAB 0x0002 58178825Sdfr#define KCM_FLAGS_RENEWABLE 0x0004 59178825Sdfr#define KCM_FLAGS_OWNER_IS_SYSTEM 0x0008 60178825Sdfr#define KCM_FLAGS_USE_CACHED_KEY 0x0010 61178825Sdfr 62178825Sdfr#define KCM_MASK_KEY_PRESENT ( KCM_FLAGS_USE_KEYTAB | \ 63178825Sdfr KCM_FLAGS_USE_CACHED_KEY ) 64178825Sdfr 65178825Sdfrstruct kcm_ccache_data; 66178825Sdfrstruct kcm_creds; 67178825Sdfr 68178825Sdfrtypedef struct kcm_cursor { 69178825Sdfr pid_t pid; 70178825Sdfr uint32_t key; 71178825Sdfr struct kcm_creds *credp; /* pointer to next credential */ 72178825Sdfr struct kcm_cursor *next; 73178825Sdfr} kcm_cursor; 74178825Sdfr 75178825Sdfrtypedef struct kcm_ccache_data { 76178825Sdfr char *name; 77178825Sdfr unsigned refcnt; 78178825Sdfr uint16_t flags; 79178825Sdfr uint16_t mode; 80178825Sdfr uid_t uid; 81178825Sdfr gid_t gid; 82178825Sdfr krb5_principal client; /* primary client principal */ 83178825Sdfr krb5_principal server; /* primary server principal (TGS if NULL) */ 84178825Sdfr struct kcm_creds { 85178825Sdfr krb5_creds cred; /* XXX would be useful for have ACLs on creds */ 86178825Sdfr struct kcm_creds *next; 87178825Sdfr } *creds; 88178825Sdfr uint32_t n_cursor; 89178825Sdfr kcm_cursor *cursors; 90178825Sdfr krb5_deltat tkt_life; 91178825Sdfr krb5_deltat renew_life; 92178825Sdfr union { 93178825Sdfr krb5_keytab keytab; 94178825Sdfr krb5_keyblock keyblock; 95178825Sdfr } key; 96178825Sdfr HEIMDAL_MUTEX mutex; 97178825Sdfr struct kcm_ccache_data *next; 98178825Sdfr} kcm_ccache_data; 99178825Sdfr 100178825Sdfr#define KCM_ASSERT_VALID(_ccache) do { \ 101178825Sdfr if (((_ccache)->flags & KCM_FLAGS_VALID) == 0) \ 102178825Sdfr krb5_abortx(context, "kcm_free_ccache_data: ccache invalid"); \ 103178825Sdfr else if ((_ccache)->refcnt == 0) \ 104178825Sdfr krb5_abortx(context, "kcm_free_ccache_data: ccache refcnt == 0"); \ 105178825Sdfr } while (0) 106178825Sdfr 107178825Sdfrtypedef kcm_ccache_data *kcm_ccache; 108178825Sdfr 109178825Sdfr/* Event management */ 110178825Sdfr 111178825Sdfrtypedef struct kcm_event { 112178825Sdfr int valid; 113178825Sdfr time_t fire_time; 114178825Sdfr unsigned fire_count; 115178825Sdfr time_t expire_time; 116178825Sdfr time_t backoff_time; 117178825Sdfr enum { 118178825Sdfr KCM_EVENT_NONE = 0, 119178825Sdfr KCM_EVENT_ACQUIRE_CREDS, 120178825Sdfr KCM_EVENT_RENEW_CREDS, 121178825Sdfr KCM_EVENT_DESTROY_CREDS, 122178825Sdfr KCM_EVENT_DESTROY_EMPTY_CACHE 123178825Sdfr } action; 124178825Sdfr kcm_ccache ccache; 125178825Sdfr struct kcm_event *next; 126178825Sdfr} kcm_event; 127178825Sdfr 128178825Sdfr/* wakeup interval for event queue */ 129178825Sdfr#define KCM_EVENT_QUEUE_INTERVAL 60 130178825Sdfr#define KCM_EVENT_DEFAULT_BACKOFF_TIME 5 131178825Sdfr#define KCM_EVENT_MAX_BACKOFF_TIME (12 * 60 * 60) 132178825Sdfr 133178825Sdfr 134178825Sdfr/* Request format is LENGTH | MAJOR | MINOR | OPERATION | request */ 135178825Sdfr/* Response format is LENGTH | STATUS | response */ 136178825Sdfr 137178825Sdfrtypedef struct kcm_client { 138178825Sdfr pid_t pid; 139178825Sdfr uid_t uid; 140178825Sdfr gid_t gid; 141178825Sdfr} kcm_client; 142178825Sdfr 143178825Sdfr#define CLIENT_IS_ROOT(client) ((client)->uid == 0) 144178825Sdfr 145178825Sdfr/* Dispatch table */ 146178825Sdfr/* passed in OPERATION | ... ; returns STATUS | ... */ 147178825Sdfrtypedef krb5_error_code (*kcm_method)(krb5_context, kcm_client *, kcm_operation, krb5_storage *, krb5_storage *); 148178825Sdfr 149178825Sdfrstruct kcm_op { 150178825Sdfr const char *name; 151178825Sdfr kcm_method method; 152178825Sdfr}; 153178825Sdfr 154178825Sdfr#define DEFAULT_LOG_DEST "0/FILE:" LOCALSTATEDIR "/log/kcmd.log" 155178825Sdfr#define _PATH_KCM_CONF SYSCONFDIR "/kcm.conf" 156178825Sdfr 157178825Sdfrextern krb5_context kcm_context; 158178825Sdfrextern char *socket_path; 159178825Sdfrextern char *door_path; 160178825Sdfrextern size_t max_request; 161178825Sdfrextern sig_atomic_t exit_flag; 162178825Sdfrextern int name_constraints; 163178825Sdfrextern int detach_from_console; 164178825Sdfrextern int disallow_getting_krbtgt; 165178825Sdfr 166178825Sdfr#if 0 167178825Sdfrextern const krb5_cc_ops krb5_kcmss_ops; 168178825Sdfr#endif 169178825Sdfr 170178825Sdfr#include <kcm_protos.h> 171178825Sdfr 172178825Sdfr#endif /* __KCM_LOCL_H__ */ 173178825Sdfr 174