1/*	$NetBSD: kuserok_plugin.h,v 1.2 2017/01/28 21:31:49 christos Exp $	*/
2
3/*
4 * Copyright (c) 2011, Secure Endpoints Inc.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * - Redistributions of source code must retain the above copyright
12 *   notice, this list of conditions and the following disclaimer.
13 *
14 * - Redistributions in binary form must reproduce the above copyright
15 *   notice, this list of conditions and the following disclaimer in
16 *   the documentation and/or other materials provided with the
17 *   distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
28 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
30 * OF THE POSSIBILITY OF SUCH DAMAGE.
31 *
32 */
33
34#ifndef HEIMDAL_KRB5_KUSEROK_PLUGIN_H
35#define HEIMDAL_KRB5_KUSEROK_PLUGIN_H 1
36
37#define KRB5_PLUGIN_KUSEROK "krb5_plugin_kuserok"
38#define KRB5_PLUGIN_KUSEROK_VERSION_0 0
39
40/** @struct krb5plugin_kuserok_ftable_desc
41 *
42 * @brief Description of the krb5_kuserok(3) plugin facility.
43 *
44 * The krb5_kuserok(3) function is pluggable.  The plugin is named
45 * KRB5_PLUGIN_KUSEROK ("krb5_plugin_kuserok"), with a single minor
46 * version, KRB5_PLUGIN_KUSEROK_VERSION_0 (0).
47 *
48 * The plugin for krb5_kuserok(3) consists of a data symbol referencing
49 * a structure of type krb5plugin_kuserok_ftable, with four fields:
50 *
51 * @param init          Plugin initialization function (see krb5-plugin(7))
52 *
53 * @param minor_version The plugin minor version number (0)
54 *
55 * @param fini          Plugin finalization function
56 *
57 * @param kuserok       Plugin kuserok function
58 *
59 * The kuserok field is the plugin entry point that performs the
60 * traditional kuserok operation however the plugin desires.  It is
61 * invoked in no particular order relative to other kuserok plugins, but
62 * it has a 'rule' argument that indicates which plugin is intended to
63 * act on the rule.  The plugin kuserok function must return
64 * KRB5_PLUGIN_NO_HANDLE if the rule is not applicable to it.
65 *
66 * The plugin kuserok function has the following arguments, in this
67 * order:
68 *
69 * -# plug_ctx, the context value output by the plugin's init function
70 * -# context, a krb5_context
71 * -# rule, the kuserok rule being evaluated (from krb5.conf(5))
72 * -# flags
73 * -# k5login_dir, configured location of k5login per-user files if any
74 * -# luser, name of the local user account to which principal is attempting to access.
75 * -# principal, the krb5_principal trying to access the luser account
76 * -# result, a krb5_boolean pointer where the plugin will output its result
77 *
78 * @ingroup krb5_support
79 */
80typedef struct krb5plugin_kuserok_ftable_desc {
81    int			minor_version;
82    krb5_error_code	(KRB5_LIB_CALL *init)(krb5_context, void **);
83    void		(KRB5_LIB_CALL *fini)(void *);
84    krb5_error_code	(KRB5_LIB_CALL *kuserok)(void *, krb5_context, const char *,
85				   unsigned int, const char *, const char *,
86				   krb5_const_principal,
87				   krb5_boolean *);
88} krb5plugin_kuserok_ftable;
89
90#define KUSEROK_ANAME_TO_LNAME_OK        1
91#define KUSEROK_K5LOGIN_IS_AUTHORITATIVE 2
92
93#endif /* HEIMDAL_KRB5_KUSEROK_PLUGIN_H */
94