1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce/*
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce SSSD
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Secrets Responder, private header file
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Copyright (C) Simo Sorce <ssorce@redhat.com> 2016
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce This program is free software; you can redistribute it and/or modify
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce it under the terms of the GNU General Public License as published by
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce the Free Software Foundation; either version 3 of the License, or
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce (at your option) any later version.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce This program is distributed in the hope that it will be useful,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce but WITHOUT ANY WARRANTY; without even the implied warranty of
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce GNU General Public License for more details.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce You should have received a copy of the GNU General Public License
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce along with this program. If not, see <http://www.gnu.org/licenses/>.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce*/
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#ifndef __SECSRV_PRIVATE_H__
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#define __SECSRV_PRIVATE_H__
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#include "config.h"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#include "responder/common/responder.h"
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce#include "responder/secrets/secsrv.h"
df99d709c8cbef3c378c111944d83b7345e4c1eaPavel Březina#include "util/sss_iobuf.h"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#include <http_parser.h>
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcestruct sec_kvp {
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char *name;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char *value;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce};
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcestruct sec_data {
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char *data;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce size_t length;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce};
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceenum sec_http_status_codes {
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce STATUS_200 = 0,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce STATUS_400,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce STATUS_401,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce STATUS_403,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce STATUS_404,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce STATUS_405,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce STATUS_406,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce STATUS_409,
7171a7584dda534dde5409f3e7f4657e845ece15Fabiano Fidêncio STATUS_413,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce STATUS_500,
41cd6072648bb7a9e14e56ed38004a2947f67657Jakub Hrozek STATUS_504,
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio STATUS_507,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce};
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcestruct sec_proto_ctx {
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce http_parser_settings callbacks;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce http_parser parser;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce};
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcestruct sec_url {
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char *schema;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char *host;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce int port;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char *path;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce char *query;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char *fragment;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char *userinfo;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce};
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcestruct sec_req_ctx {
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce struct cli_ctx *cctx;
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce const char *base_path;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce const char *cfg_section;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce bool complete;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce size_t total_size;
109ed7ca1a82420798efdc6a9b019675a5bd0f4fJakub Hrozek size_t max_payload_size;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char *request_url;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char *mapped_path;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce enum http_method method;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce struct sec_url parsed_url;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce struct sec_kvp *headers;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce int num_headers;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce struct sec_data body;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce struct sec_data reply;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce};
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcetypedef struct tevent_req *(*sec_provider_req_t)(TALLOC_CTX *mem_ctx,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce struct tevent_context *ev,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce void *provider_ctx,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce struct sec_req_ctx *secreq);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcestruct provider_handle {
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce const char *name;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce sec_provider_req_t fn;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce void *context;
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce};
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceint sec_get_provider(struct sec_ctx *sctx, const char *name,
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce struct provider_handle **out_handle);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceint sec_add_provider(struct sec_ctx *sctx, struct provider_handle *handle);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
60612b5fbdaaa62ebe6c7f4c27200316f08506d6Jakub Hrozek#define SEC_BASEPATH "/secrets/"
60612b5fbdaaa62ebe6c7f4c27200316f08506d6Jakub Hrozek#define SEC_KCM_BASEPATH "/kcm/"
60612b5fbdaaa62ebe6c7f4c27200316f08506d6Jakub Hrozek
60612b5fbdaaa62ebe6c7f4c27200316f08506d6Jakub Hrozek/* The KCM responder must "impersonate" the owner of the credentials.
60612b5fbdaaa62ebe6c7f4c27200316f08506d6Jakub Hrozek * Only a trusted UID can do that -- root by default, but unit
60612b5fbdaaa62ebe6c7f4c27200316f08506d6Jakub Hrozek * tests might choose otherwise */
60612b5fbdaaa62ebe6c7f4c27200316f08506d6Jakub Hrozek#ifndef KCM_PEER_UID
60612b5fbdaaa62ebe6c7f4c27200316f08506d6Jakub Hrozek#define KCM_PEER_UID 0
60612b5fbdaaa62ebe6c7f4c27200316f08506d6Jakub Hrozek#endif /* KCM_PEER_UID */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce/* providers.c */
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceint sec_req_routing(TALLOC_CTX *mem_ctx, struct sec_req_ctx *secreq,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce struct provider_handle **handle);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceint sec_provider_recv(struct tevent_req *subreq);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceint sec_http_append_header(TALLOC_CTX *mem_ctx, char **dest,
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce char *field, char *value);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceint sec_http_status_reply(TALLOC_CTX *mem_ctx, struct sec_data *reply,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce enum sec_http_status_codes code);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceint sec_http_reply_with_body(TALLOC_CTX *mem_ctx, struct sec_data *reply,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce enum sec_http_status_codes code,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce const char *content_type,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce struct sec_data *body);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceint sec_http_reply_with_headers(TALLOC_CTX *mem_ctx, struct sec_data *reply,
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce int status_code, const char *reason,
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce struct sec_kvp *headers, int num_headers,
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce struct sec_data *body);
df99d709c8cbef3c378c111944d83b7345e4c1eaPavel Březinaerrno_t sec_http_reply_iobuf(TALLOC_CTX *mem_ctx,
df99d709c8cbef3c378c111944d83b7345e4c1eaPavel Březina struct sec_data *reply,
df99d709c8cbef3c378c111944d83b7345e4c1eaPavel Březina int response_code,
df99d709c8cbef3c378c111944d83b7345e4c1eaPavel Březina struct sss_iobuf *response);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceenum sec_http_status_codes sec_errno_to_http_status(errno_t err);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceint sec_json_to_simple_secret(TALLOC_CTX *mem_ctx,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce const char *input,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char **secret);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceint sec_simple_secret_to_json(TALLOC_CTX *mem_ctx,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce const char *secret,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char **output);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceint sec_array_to_json(TALLOC_CTX *mem_ctx,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char **array, int count,
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce char **output);
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce
e625eb47a3091d92eda2271b123f8aab06227b63Simo Sorcebool sec_req_has_header(struct sec_req_ctx *req,
e625eb47a3091d92eda2271b123f8aab06227b63Simo Sorce const char *name, const char *value);
e625eb47a3091d92eda2271b123f8aab06227b63Simo Sorce
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce/* secsrv_cmd.c */
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce#define SEC_PACKET_MAX_RECV_SIZE 8192
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceint sec_send_data(int fd, struct sec_data *data);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorceint sec_recv_data(int fd, struct sec_data *data);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#endif /* __SECSRV_PRIVATE_H__ */