providers/krb5/krb5_common.h

1N/A/*
1N/A    SSSD
1N/A
1N/A    Kerberos Backend, common header file
1N/A
1N/A    Authors:
1N/A        Sumit Bose <sbose@redhat.com>
1N/A
1N/A    Copyright (C) 2009 Red Hat
1N/A
1N/A
1N/A    This program is free software; you can redistribute it and/or modify
1N/A    it under the terms of the GNU General Public License as published by
1N/A    the Free Software Foundation; either version 3 of the License, or
1N/A    (at your option) any later version.
1N/A
1N/A    This program is distributed in the hope that it will be useful,
1N/A    but WITHOUT ANY WARRANTY; without even the implied warranty of
1N/A    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
1N/A    GNU General Public License for more details.
1N/A
1N/A    You should have received a copy of the GNU General Public License
1N/A    along with this program.  If not, see <http://www.gnu.org/licenses/>.
1N/A*/
1N/A
1N/A#ifndef __KRB5_COMMON_H__
1N/A#define __KRB5_COMMON_H__
1N/A
1N/A#include "config.h"
1N/A#include <stdbool.h>
1N/A
1N/A#include "providers/backend.h"
1N/A#include "util/util.h"
1N/A#include "util/sss_krb5.h"
1N/A
1N/A#define KDCINFO_TMPL PUBCONF_PATH"/kdcinfo.%s"
1N/A#define KPASSWDINFO_TMPL PUBCONF_PATH"/kpasswdinfo.%s"
1N/A
1N/A#define SSS_KRB5KDC_FO_SRV "KERBEROS"
1N/A#define SSS_KRB5KPASSWD_FO_SRV "KPASSWD"
1N/A
1N/Aenum krb5_opts {
1N/A    KRB5_KDC = 0,
1N/A    KRB5_BACKUP_KDC,
1N/A    KRB5_REALM,
1N/A    KRB5_CCACHEDIR,
1N/A    KRB5_CCNAME_TMPL,
1N/A    KRB5_AUTH_TIMEOUT,
1N/A    KRB5_KEYTAB,
1N/A    KRB5_VALIDATE,
1N/A    KRB5_KPASSWD,
1N/A    KRB5_BACKUP_KPASSWD,
1N/A    KRB5_STORE_PASSWORD_IF_OFFLINE,
1N/A    KRB5_RENEWABLE_LIFETIME,
1N/A    KRB5_LIFETIME,
1N/A    KRB5_RENEW_INTERVAL,
1N/A    KRB5_USE_FAST,
1N/A    KRB5_FAST_PRINCIPAL,
1N/A    KRB5_CANONICALIZE,
1N/A    KRB5_USE_ENTERPRISE_PRINCIPAL,
1N/A    KRB5_USE_KDCINFO,
1N/A    KRB5_MAP_USER,
1N/A
1N/A    KRB5_OPTS
1N/A};
1N/A
1N/Atypedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type;
1N/A
1N/Astruct krb5_service {
1N/A    char *name;
1N/A    char *realm;
1N/A    bool write_kdcinfo;
1N/A};
1N/A
1N/Astruct fo_service;
1N/Astruct deferred_auth_ctx;
3N/Astruct renew_tgt_ctx;
3N/A
3N/Aenum krb5_config_type {
1N/A    K5C_GENERIC,
3N/A    K5C_IPA_CLIENT,
3N/A    K5C_IPA_SERVER
1N/A};
3N/A
3N/Astruct map_id_name_to_krb_primary {
3N/A    const char *id_name;
3N/A    const char* krb_primary;
3N/A};
3N/A
3N/Astruct krb5_ctx {
1N/A    /* opts taken from kinit */
1N/A    /* in seconds */
1N/A    krb5_deltat starttime;
1N/A    krb5_deltat lifetime;
1N/A    char *lifetime_str;
1N/A    krb5_deltat rlife;
3N/A    char *rlife_str;
1N/A
3N/A    int forwardable;
3N/A    int proxiable;
3N/A    int addresses;
1N/A
3N/A    int not_forwardable;
1N/A    int not_proxiable;
1N/A    int no_addresses;
3N/A
3N/A    int verbose;
1N/A
1N/A    char* principal_name;
7N/A    char* service_name;
1N/A    char* keytab_name;
7N/A    char* k5_cache_name;
1N/A    char* k4_cache_name;
1N/A
1N/A    action_type action;
1N/A
1N/A    struct dp_option *opts;
1N/A    struct krb5_service *service;
1N/A    struct krb5_service *kpasswd_service;
1N/A    int child_debug_fd;
1N/A
1N/A    pcre *illegal_path_re;
1N/A
1N/A    struct deferred_auth_ctx *deferred_auth_ctx;
1N/A    struct renew_tgt_ctx *renew_tgt_ctx;
1N/A    bool use_fast;
1N/A    bool sss_creds_password;
3N/A
1N/A    hash_table_t *wait_queue_hash;
3N/A
1N/A    enum krb5_config_type config_type;
1N/A
3N/A    struct map_id_name_to_krb_primary *name_to_primary;
1N/A
3N/A    char *realm;
1N/A
1N/A    const char *use_fast_str;
3N/A    const char *fast_principal;
1N/A
1N/A    bool canonicalize;
1N/A};
1N/A
1N/Astruct remove_info_files_ctx {
1N/A    char *realm;
1N/A    struct be_ctx *be_ctx;
1N/A    const char *kdc_service_name;
1N/A    const char *kpasswd_service_name;
1N/A};
1N/A
1N/Aerrno_t sss_krb5_check_options(struct dp_option *opts,
1N/A                               struct sss_domain_info *dom,
3N/A                               struct krb5_ctx *krb5_ctx);
1N/A
1N/Aerrno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path,
1N/A                       struct dp_option *opts, int opt_id);
1N/A
3N/Aerrno_t sss_krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
1N/A                             const char *conf_path, struct dp_option **_opts);
3N/A
1N/Aerrno_t write_krb5info_file(const char *realm, const char *kdc,
1N/A                            const char *service);
1N/A
1N/Aint krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
1N/A                      const char *service_name,
3N/A                      const char *primary_servers,
1N/A                      const char *backup_servers,
1N/A                      const char *realm,
1N/A                      bool use_kdcinfo,
1N/A                      struct krb5_service **_service);
1N/A
1N/Avoid remove_krb5_info_files_callback(void *pvt);
1N/A
1N/Avoid krb5_finalize(struct tevent_context *ev,
1N/A                   struct tevent_signal *se,
1N/A                   int signum,
1N/A                   int count,
1N/A                   void *siginfo,
1N/A                   void *private_data);
1N/A
3N/Aerrno_t krb5_install_offline_callback(struct be_ctx *be_ctx,
1N/A                                      struct krb5_ctx *krb_ctx);
1N/A
1N/Aerrno_t krb5_install_sigterm_handler(struct tevent_context *ev,
1N/A                                     struct krb5_ctx *krb5_ctx);
1N/A
1N/Aerrno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm);
1N/A
3N/Aerrno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
1N/A                            struct sss_domain_info *dom, const char *username,
3N/A                            const char *user_dom, char **_upn);
1N/A
1N/Aerrno_t compare_principal_realm(const char *upn, const char *realm,
1N/A                                bool *different_realm);
1N/A
1N/A/* from krb5_keytab.c */
1N/A
1N/A/**
1N/A * @brief Copy given keytab into a MEMORY keytab
1N/A *
1N/A * @param[in] mem_ctx Talloc memory context the new keytab name should be
1N/A *                    allocated on
 * @param[in] kctx Kerberos context
 * @param[in] inp_keytab_file Existing keytab, if set to NULL the default
 *                            keytab will be used
 * @param[out] _mem_name Name of the new MEMORY keytab
 * @param[out] _mem_keytab Krb5 keytab handle for the new MEMORY keytab, NULL
 *                         may be passed here if the caller has no use for the
 *                         handle
 *
 * The memory for the MEMORY keytab is handled by libkrb5 internally and
 * a reference counter is used. If the reference counter of the specific
 * MEMORY keytab reaches 0, i.e. no open ones are left, the memory is free.
 * This means we cannot call krb5_kt_close() for the new MEMORY keytab  in
 * copy_keytab_into_memory() because this would destroy it immediately. Hence
 * we have to return the handle so that the caller can safely remove the
 * MEMORY keytab if the is not needed anymore. Since libkrb5 frees the
 * internal memory when the library is unloaded short running processes can
 * safely pass NULL as the 5th argument because on exit all memory is freed.
 * Long running processes which need more control over the memory consumption
 * should close the handle for free the memory at runtime.
 */
krb5_error_code copy_keytab_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx,
                                        const char *inp_keytab_file,
                                        char **_mem_name,
                                        krb5_keytab *_mem_keytab);

errno_t set_extra_args(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
                       const char ***krb5_child_extra_args);
#endif /* __KRB5_COMMON_H__ */