1178825Sdfr/* 2178825Sdfr * Copyright (c) 2005, PADL Software Pty Ltd. 3178825Sdfr * All rights reserved. 4178825Sdfr * 5233294Sstas * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 6233294Sstas * 7178825Sdfr * Redistribution and use in source and binary forms, with or without 8178825Sdfr * modification, are permitted provided that the following conditions 9178825Sdfr * are met: 10178825Sdfr * 11178825Sdfr * 1. Redistributions of source code must retain the above copyright 12178825Sdfr * notice, this list of conditions and the following disclaimer. 13178825Sdfr * 14178825Sdfr * 2. Redistributions in binary form must reproduce the above copyright 15178825Sdfr * notice, this list of conditions and the following disclaimer in the 16178825Sdfr * documentation and/or other materials provided with the distribution. 17178825Sdfr * 18178825Sdfr * 3. Neither the name of PADL Software nor the names of its contributors 19178825Sdfr * may be used to endorse or promote products derived from this software 20178825Sdfr * without specific prior written permission. 21178825Sdfr * 22178825Sdfr * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND 23178825Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24178825Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25178825Sdfr * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE 26178825Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27178825Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28178825Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29178825Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30178825Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31178825Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32178825Sdfr * SUCH DAMAGE. 33178825Sdfr */ 34178825Sdfr 35233294Sstas/* 36233294Sstas * $Id$ 37178825Sdfr */ 38178825Sdfr 39178825Sdfr#ifndef __KCM_LOCL_H__ 40178825Sdfr#define __KCM_LOCL_H__ 41178825Sdfr 42178825Sdfr#include "headers.h" 43178825Sdfr 44178825Sdfr#include <kcm.h> 45178825Sdfr 46178825Sdfr#define KCM_LOG_REQUEST(_context, _client, _opcode) do { \ 47178825Sdfr kcm_log(1, "%s request by process %d/uid %d", \ 48178825Sdfr kcm_op2string(_opcode), (_client)->pid, (_client)->uid); \ 49178825Sdfr } while (0) 50178825Sdfr 51178825Sdfr#define KCM_LOG_REQUEST_NAME(_context, _client, _opcode, _name) do { \ 52178825Sdfr kcm_log(1, "%s request for cache %s by process %d/uid %d", \ 53178825Sdfr kcm_op2string(_opcode), (_name), (_client)->pid, (_client)->uid); \ 54178825Sdfr } while (0) 55178825Sdfr 56178825Sdfr/* Cache management */ 57178825Sdfr 58178825Sdfr#define KCM_FLAGS_VALID 0x0001 59178825Sdfr#define KCM_FLAGS_USE_KEYTAB 0x0002 60178825Sdfr#define KCM_FLAGS_RENEWABLE 0x0004 61178825Sdfr#define KCM_FLAGS_OWNER_IS_SYSTEM 0x0008 62178825Sdfr#define KCM_FLAGS_USE_CACHED_KEY 0x0010 63178825Sdfr 64178825Sdfr#define KCM_MASK_KEY_PRESENT ( KCM_FLAGS_USE_KEYTAB | \ 65178825Sdfr KCM_FLAGS_USE_CACHED_KEY ) 66178825Sdfr 67178825Sdfrstruct kcm_ccache_data; 68178825Sdfrstruct kcm_creds; 69178825Sdfr 70233294Sstasstruct kcm_default_cache { 71233294Sstas uid_t uid; 72233294Sstas pid_t session; /* really au_asid_t */ 73233294Sstas char *name; 74233294Sstas struct kcm_default_cache *next; 75233294Sstas}; 76178825Sdfr 77233294Sstasextern struct kcm_default_cache *default_caches; 78233294Sstas 79233294Sstasstruct kcm_creds { 80233294Sstas kcmuuid_t uuid; 81233294Sstas krb5_creds cred; 82233294Sstas struct kcm_creds *next; 83233294Sstas}; 84233294Sstas 85178825Sdfrtypedef struct kcm_ccache_data { 86178825Sdfr char *name; 87233294Sstas kcmuuid_t uuid; 88178825Sdfr unsigned refcnt; 89178825Sdfr uint16_t flags; 90178825Sdfr uint16_t mode; 91178825Sdfr uid_t uid; 92178825Sdfr gid_t gid; 93233294Sstas pid_t session; /* really au_asid_t */ 94178825Sdfr krb5_principal client; /* primary client principal */ 95178825Sdfr krb5_principal server; /* primary server principal (TGS if NULL) */ 96233294Sstas struct kcm_creds *creds; 97178825Sdfr krb5_deltat tkt_life; 98178825Sdfr krb5_deltat renew_life; 99233294Sstas int32_t kdc_offset; 100178825Sdfr union { 101178825Sdfr krb5_keytab keytab; 102178825Sdfr krb5_keyblock keyblock; 103178825Sdfr } key; 104178825Sdfr HEIMDAL_MUTEX mutex; 105178825Sdfr struct kcm_ccache_data *next; 106178825Sdfr} kcm_ccache_data; 107178825Sdfr 108178825Sdfr#define KCM_ASSERT_VALID(_ccache) do { \ 109178825Sdfr if (((_ccache)->flags & KCM_FLAGS_VALID) == 0) \ 110178825Sdfr krb5_abortx(context, "kcm_free_ccache_data: ccache invalid"); \ 111178825Sdfr else if ((_ccache)->refcnt == 0) \ 112178825Sdfr krb5_abortx(context, "kcm_free_ccache_data: ccache refcnt == 0"); \ 113178825Sdfr } while (0) 114178825Sdfr 115178825Sdfrtypedef kcm_ccache_data *kcm_ccache; 116178825Sdfr 117178825Sdfr/* Event management */ 118178825Sdfr 119178825Sdfrtypedef struct kcm_event { 120178825Sdfr int valid; 121178825Sdfr time_t fire_time; 122178825Sdfr unsigned fire_count; 123178825Sdfr time_t expire_time; 124178825Sdfr time_t backoff_time; 125178825Sdfr enum { 126178825Sdfr KCM_EVENT_NONE = 0, 127178825Sdfr KCM_EVENT_ACQUIRE_CREDS, 128178825Sdfr KCM_EVENT_RENEW_CREDS, 129178825Sdfr KCM_EVENT_DESTROY_CREDS, 130178825Sdfr KCM_EVENT_DESTROY_EMPTY_CACHE 131178825Sdfr } action; 132178825Sdfr kcm_ccache ccache; 133178825Sdfr struct kcm_event *next; 134178825Sdfr} kcm_event; 135178825Sdfr 136178825Sdfr/* wakeup interval for event queue */ 137178825Sdfr#define KCM_EVENT_QUEUE_INTERVAL 60 138178825Sdfr#define KCM_EVENT_DEFAULT_BACKOFF_TIME 5 139178825Sdfr#define KCM_EVENT_MAX_BACKOFF_TIME (12 * 60 * 60) 140178825Sdfr 141178825Sdfr 142178825Sdfr/* Request format is LENGTH | MAJOR | MINOR | OPERATION | request */ 143178825Sdfr/* Response format is LENGTH | STATUS | response */ 144178825Sdfr 145178825Sdfrtypedef struct kcm_client { 146178825Sdfr pid_t pid; 147178825Sdfr uid_t uid; 148178825Sdfr gid_t gid; 149233294Sstas pid_t session; 150178825Sdfr} kcm_client; 151178825Sdfr 152178825Sdfr#define CLIENT_IS_ROOT(client) ((client)->uid == 0) 153178825Sdfr 154178825Sdfr/* Dispatch table */ 155178825Sdfr/* passed in OPERATION | ... ; returns STATUS | ... */ 156178825Sdfrtypedef krb5_error_code (*kcm_method)(krb5_context, kcm_client *, kcm_operation, krb5_storage *, krb5_storage *); 157178825Sdfr 158178825Sdfrstruct kcm_op { 159178825Sdfr const char *name; 160178825Sdfr kcm_method method; 161178825Sdfr}; 162178825Sdfr 163178825Sdfr#define DEFAULT_LOG_DEST "0/FILE:" LOCALSTATEDIR "/log/kcmd.log" 164178825Sdfr#define _PATH_KCM_CONF SYSCONFDIR "/kcm.conf" 165178825Sdfr 166178825Sdfrextern krb5_context kcm_context; 167178825Sdfrextern char *socket_path; 168178825Sdfrextern char *door_path; 169178825Sdfrextern size_t max_request; 170178825Sdfrextern sig_atomic_t exit_flag; 171178825Sdfrextern int name_constraints; 172233294Sstas#ifdef SUPPORT_DETACH 173178825Sdfrextern int detach_from_console; 174233294Sstas#endif 175233294Sstasextern int launchd_flag; 176178825Sdfrextern int disallow_getting_krbtgt; 177178825Sdfr 178178825Sdfr#if 0 179178825Sdfrextern const krb5_cc_ops krb5_kcmss_ops; 180178825Sdfr#endif 181178825Sdfr 182233294Sstasvoid kcm_service(void *, const heim_idata *, const heim_icred, 183233294Sstas heim_ipc_complete, heim_sipc_call); 184178825Sdfr 185233294Sstas#include <kcm-protos.h> 186233294Sstas 187178825Sdfr#endif /* __KCM_LOCL_H__ */ 188178825Sdfr 189