1/* $NetBSD: kuserok_plugin.h,v 1.2 2017/01/28 21:31:49 christos Exp $ */ 2 3/* 4 * Copyright (c) 2011, Secure Endpoints Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * - Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 14 * - Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 28 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 30 * OF THE POSSIBILITY OF SUCH DAMAGE. 31 * 32 */ 33 34#ifndef HEIMDAL_KRB5_KUSEROK_PLUGIN_H 35#define HEIMDAL_KRB5_KUSEROK_PLUGIN_H 1 36 37#define KRB5_PLUGIN_KUSEROK "krb5_plugin_kuserok" 38#define KRB5_PLUGIN_KUSEROK_VERSION_0 0 39 40/** @struct krb5plugin_kuserok_ftable_desc 41 * 42 * @brief Description of the krb5_kuserok(3) plugin facility. 43 * 44 * The krb5_kuserok(3) function is pluggable. The plugin is named 45 * KRB5_PLUGIN_KUSEROK ("krb5_plugin_kuserok"), with a single minor 46 * version, KRB5_PLUGIN_KUSEROK_VERSION_0 (0). 47 * 48 * The plugin for krb5_kuserok(3) consists of a data symbol referencing 49 * a structure of type krb5plugin_kuserok_ftable, with four fields: 50 * 51 * @param init Plugin initialization function (see krb5-plugin(7)) 52 * 53 * @param minor_version The plugin minor version number (0) 54 * 55 * @param fini Plugin finalization function 56 * 57 * @param kuserok Plugin kuserok function 58 * 59 * The kuserok field is the plugin entry point that performs the 60 * traditional kuserok operation however the plugin desires. It is 61 * invoked in no particular order relative to other kuserok plugins, but 62 * it has a 'rule' argument that indicates which plugin is intended to 63 * act on the rule. The plugin kuserok function must return 64 * KRB5_PLUGIN_NO_HANDLE if the rule is not applicable to it. 65 * 66 * The plugin kuserok function has the following arguments, in this 67 * order: 68 * 69 * -# plug_ctx, the context value output by the plugin's init function 70 * -# context, a krb5_context 71 * -# rule, the kuserok rule being evaluated (from krb5.conf(5)) 72 * -# flags 73 * -# k5login_dir, configured location of k5login per-user files if any 74 * -# luser, name of the local user account to which principal is attempting to access. 75 * -# principal, the krb5_principal trying to access the luser account 76 * -# result, a krb5_boolean pointer where the plugin will output its result 77 * 78 * @ingroup krb5_support 79 */ 80typedef struct krb5plugin_kuserok_ftable_desc { 81 int minor_version; 82 krb5_error_code (KRB5_LIB_CALL *init)(krb5_context, void **); 83 void (KRB5_LIB_CALL *fini)(void *); 84 krb5_error_code (KRB5_LIB_CALL *kuserok)(void *, krb5_context, const char *, 85 unsigned int, const char *, const char *, 86 krb5_const_principal, 87 krb5_boolean *); 88} krb5plugin_kuserok_ftable; 89 90#define KUSEROK_ANAME_TO_LNAME_OK 1 91#define KUSEROK_K5LOGIN_IS_AUTHORITATIVE 2 92 93#endif /* HEIMDAL_KRB5_KUSEROK_PLUGIN_H */ 94