1178825Sdfr/*
2178825Sdfr * Copyright (c) 2005, PADL Software Pty Ltd.
3178825Sdfr * All rights reserved.
4178825Sdfr *
5233294Sstas * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
6233294Sstas *
7178825Sdfr * Redistribution and use in source and binary forms, with or without
8178825Sdfr * modification, are permitted provided that the following conditions
9178825Sdfr * are met:
10178825Sdfr *
11178825Sdfr * 1. Redistributions of source code must retain the above copyright
12178825Sdfr *    notice, this list of conditions and the following disclaimer.
13178825Sdfr *
14178825Sdfr * 2. Redistributions in binary form must reproduce the above copyright
15178825Sdfr *    notice, this list of conditions and the following disclaimer in the
16178825Sdfr *    documentation and/or other materials provided with the distribution.
17178825Sdfr *
18178825Sdfr * 3. Neither the name of PADL Software nor the names of its contributors
19178825Sdfr *    may be used to endorse or promote products derived from this software
20178825Sdfr *    without specific prior written permission.
21178825Sdfr *
22178825Sdfr * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
23178825Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24178825Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25178825Sdfr * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
26178825Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27178825Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28178825Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29178825Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30178825Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31178825Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32178825Sdfr * SUCH DAMAGE.
33178825Sdfr */
34178825Sdfr
35233294Sstas/*
36233294Sstas * $Id$
37178825Sdfr */
38178825Sdfr
39178825Sdfr#ifndef __KCM_LOCL_H__
40178825Sdfr#define __KCM_LOCL_H__
41178825Sdfr
42178825Sdfr#include "headers.h"
43178825Sdfr
44178825Sdfr#include <kcm.h>
45178825Sdfr
46178825Sdfr#define KCM_LOG_REQUEST(_context, _client, _opcode)	do { \
47178825Sdfr    kcm_log(1, "%s request by process %d/uid %d", \
48178825Sdfr	    kcm_op2string(_opcode), (_client)->pid, (_client)->uid); \
49178825Sdfr    } while (0)
50178825Sdfr
51178825Sdfr#define KCM_LOG_REQUEST_NAME(_context, _client, _opcode, _name)	do { \
52178825Sdfr    kcm_log(1, "%s request for cache %s by process %d/uid %d", \
53178825Sdfr	    kcm_op2string(_opcode), (_name), (_client)->pid, (_client)->uid); \
54178825Sdfr    } while (0)
55178825Sdfr
56178825Sdfr/* Cache management */
57178825Sdfr
58178825Sdfr#define KCM_FLAGS_VALID			0x0001
59178825Sdfr#define KCM_FLAGS_USE_KEYTAB		0x0002
60178825Sdfr#define KCM_FLAGS_RENEWABLE		0x0004
61178825Sdfr#define KCM_FLAGS_OWNER_IS_SYSTEM	0x0008
62178825Sdfr#define KCM_FLAGS_USE_CACHED_KEY	0x0010
63178825Sdfr
64178825Sdfr#define KCM_MASK_KEY_PRESENT		( KCM_FLAGS_USE_KEYTAB | \
65178825Sdfr					  KCM_FLAGS_USE_CACHED_KEY )
66178825Sdfr
67178825Sdfrstruct kcm_ccache_data;
68178825Sdfrstruct kcm_creds;
69178825Sdfr
70233294Sstasstruct kcm_default_cache {
71233294Sstas    uid_t uid;
72233294Sstas    pid_t session; /* really au_asid_t */
73233294Sstas    char *name;
74233294Sstas    struct kcm_default_cache *next;
75233294Sstas};
76178825Sdfr
77233294Sstasextern struct kcm_default_cache *default_caches;
78233294Sstas
79233294Sstasstruct kcm_creds {
80233294Sstas    kcmuuid_t uuid;
81233294Sstas    krb5_creds cred;
82233294Sstas    struct kcm_creds *next;
83233294Sstas};
84233294Sstas
85178825Sdfrtypedef struct kcm_ccache_data {
86178825Sdfr    char *name;
87233294Sstas    kcmuuid_t uuid;
88178825Sdfr    unsigned refcnt;
89178825Sdfr    uint16_t flags;
90178825Sdfr    uint16_t mode;
91178825Sdfr    uid_t uid;
92178825Sdfr    gid_t gid;
93233294Sstas    pid_t session; /* really au_asid_t */
94178825Sdfr    krb5_principal client; /* primary client principal */
95178825Sdfr    krb5_principal server; /* primary server principal (TGS if NULL) */
96233294Sstas    struct kcm_creds *creds;
97178825Sdfr    krb5_deltat tkt_life;
98178825Sdfr    krb5_deltat renew_life;
99233294Sstas    int32_t kdc_offset;
100178825Sdfr    union {
101178825Sdfr	krb5_keytab keytab;
102178825Sdfr	krb5_keyblock keyblock;
103178825Sdfr    } key;
104178825Sdfr    HEIMDAL_MUTEX mutex;
105178825Sdfr    struct kcm_ccache_data *next;
106178825Sdfr} kcm_ccache_data;
107178825Sdfr
108178825Sdfr#define KCM_ASSERT_VALID(_ccache)		do { \
109178825Sdfr    if (((_ccache)->flags & KCM_FLAGS_VALID) == 0) \
110178825Sdfr	krb5_abortx(context, "kcm_free_ccache_data: ccache invalid"); \
111178825Sdfr    else if ((_ccache)->refcnt == 0) \
112178825Sdfr	krb5_abortx(context, "kcm_free_ccache_data: ccache refcnt == 0"); \
113178825Sdfr    } while (0)
114178825Sdfr
115178825Sdfrtypedef kcm_ccache_data *kcm_ccache;
116178825Sdfr
117178825Sdfr/* Event management */
118178825Sdfr
119178825Sdfrtypedef struct kcm_event {
120178825Sdfr    int valid;
121178825Sdfr    time_t fire_time;
122178825Sdfr    unsigned fire_count;
123178825Sdfr    time_t expire_time;
124178825Sdfr    time_t backoff_time;
125178825Sdfr    enum {
126178825Sdfr	KCM_EVENT_NONE = 0,
127178825Sdfr	KCM_EVENT_ACQUIRE_CREDS,
128178825Sdfr	KCM_EVENT_RENEW_CREDS,
129178825Sdfr	KCM_EVENT_DESTROY_CREDS,
130178825Sdfr	KCM_EVENT_DESTROY_EMPTY_CACHE
131178825Sdfr    } action;
132178825Sdfr    kcm_ccache ccache;
133178825Sdfr    struct kcm_event *next;
134178825Sdfr} kcm_event;
135178825Sdfr
136178825Sdfr/* wakeup interval for event queue */
137178825Sdfr#define KCM_EVENT_QUEUE_INTERVAL		60
138178825Sdfr#define KCM_EVENT_DEFAULT_BACKOFF_TIME		5
139178825Sdfr#define KCM_EVENT_MAX_BACKOFF_TIME		(12 * 60 * 60)
140178825Sdfr
141178825Sdfr
142178825Sdfr/* Request format is  LENGTH | MAJOR | MINOR | OPERATION | request */
143178825Sdfr/* Response format is LENGTH | STATUS | response */
144178825Sdfr
145178825Sdfrtypedef struct kcm_client {
146178825Sdfr    pid_t pid;
147178825Sdfr    uid_t uid;
148178825Sdfr    gid_t gid;
149233294Sstas    pid_t session;
150178825Sdfr} kcm_client;
151178825Sdfr
152178825Sdfr#define CLIENT_IS_ROOT(client) ((client)->uid == 0)
153178825Sdfr
154178825Sdfr/* Dispatch table */
155178825Sdfr/* passed in OPERATION | ... ; returns STATUS | ... */
156178825Sdfrtypedef krb5_error_code (*kcm_method)(krb5_context, kcm_client *, kcm_operation, krb5_storage *, krb5_storage *);
157178825Sdfr
158178825Sdfrstruct kcm_op {
159178825Sdfr    const char *name;
160178825Sdfr    kcm_method method;
161178825Sdfr};
162178825Sdfr
163178825Sdfr#define DEFAULT_LOG_DEST    "0/FILE:" LOCALSTATEDIR "/log/kcmd.log"
164178825Sdfr#define _PATH_KCM_CONF	    SYSCONFDIR "/kcm.conf"
165178825Sdfr
166178825Sdfrextern krb5_context kcm_context;
167178825Sdfrextern char *socket_path;
168178825Sdfrextern char *door_path;
169178825Sdfrextern size_t max_request;
170178825Sdfrextern sig_atomic_t exit_flag;
171178825Sdfrextern int name_constraints;
172233294Sstas#ifdef SUPPORT_DETACH
173178825Sdfrextern int detach_from_console;
174233294Sstas#endif
175233294Sstasextern int launchd_flag;
176178825Sdfrextern int disallow_getting_krbtgt;
177178825Sdfr
178178825Sdfr#if 0
179178825Sdfrextern const krb5_cc_ops krb5_kcmss_ops;
180178825Sdfr#endif
181178825Sdfr
182233294Sstasvoid	kcm_service(void *, const heim_idata *, const heim_icred,
183233294Sstas		    heim_ipc_complete, heim_sipc_call);
184178825Sdfr
185233294Sstas#include <kcm-protos.h>
186233294Sstas
187178825Sdfr#endif /* __KCM_LOCL_H__ */
188178825Sdfr
189