1c19800e8SDoug Rabson /* 2c19800e8SDoug Rabson * Copyright (c) 2005, PADL Software Pty Ltd. 3c19800e8SDoug Rabson * All rights reserved. 4c19800e8SDoug Rabson * 5*ae771770SStanislav Sedov * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 6*ae771770SStanislav Sedov * 7c19800e8SDoug Rabson * Redistribution and use in source and binary forms, with or without 8c19800e8SDoug Rabson * modification, are permitted provided that the following conditions 9c19800e8SDoug Rabson * are met: 10c19800e8SDoug Rabson * 11c19800e8SDoug Rabson * 1. Redistributions of source code must retain the above copyright 12c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer. 13c19800e8SDoug Rabson * 14c19800e8SDoug Rabson * 2. Redistributions in binary form must reproduce the above copyright 15c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer in the 16c19800e8SDoug Rabson * documentation and/or other materials provided with the distribution. 17c19800e8SDoug Rabson * 18c19800e8SDoug Rabson * 3. Neither the name of PADL Software nor the names of its contributors 19c19800e8SDoug Rabson * may be used to endorse or promote products derived from this software 20c19800e8SDoug Rabson * without specific prior written permission. 21c19800e8SDoug Rabson * 22c19800e8SDoug Rabson * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND 23c19800e8SDoug Rabson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24c19800e8SDoug Rabson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25c19800e8SDoug Rabson * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE 26c19800e8SDoug Rabson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27c19800e8SDoug Rabson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28c19800e8SDoug Rabson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29c19800e8SDoug Rabson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30c19800e8SDoug Rabson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31c19800e8SDoug Rabson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32c19800e8SDoug Rabson * SUCH DAMAGE. 33c19800e8SDoug Rabson */ 34c19800e8SDoug Rabson 35c19800e8SDoug Rabson /* 36*ae771770SStanislav Sedov * $Id$ 37c19800e8SDoug Rabson */ 38c19800e8SDoug Rabson 39c19800e8SDoug Rabson #ifndef __KCM_LOCL_H__ 40c19800e8SDoug Rabson #define __KCM_LOCL_H__ 41c19800e8SDoug Rabson 42c19800e8SDoug Rabson #include "headers.h" 43c19800e8SDoug Rabson 44c19800e8SDoug Rabson #include <kcm.h> 45c19800e8SDoug Rabson 46c19800e8SDoug Rabson #define KCM_LOG_REQUEST(_context, _client, _opcode) do { \ 47c19800e8SDoug Rabson kcm_log(1, "%s request by process %d/uid %d", \ 48c19800e8SDoug Rabson kcm_op2string(_opcode), (_client)->pid, (_client)->uid); \ 49c19800e8SDoug Rabson } while (0) 50c19800e8SDoug Rabson 51c19800e8SDoug Rabson #define KCM_LOG_REQUEST_NAME(_context, _client, _opcode, _name) do { \ 52c19800e8SDoug Rabson kcm_log(1, "%s request for cache %s by process %d/uid %d", \ 53c19800e8SDoug Rabson kcm_op2string(_opcode), (_name), (_client)->pid, (_client)->uid); \ 54c19800e8SDoug Rabson } while (0) 55c19800e8SDoug Rabson 56c19800e8SDoug Rabson /* Cache management */ 57c19800e8SDoug Rabson 58c19800e8SDoug Rabson #define KCM_FLAGS_VALID 0x0001 59c19800e8SDoug Rabson #define KCM_FLAGS_USE_KEYTAB 0x0002 60c19800e8SDoug Rabson #define KCM_FLAGS_RENEWABLE 0x0004 61c19800e8SDoug Rabson #define KCM_FLAGS_OWNER_IS_SYSTEM 0x0008 62c19800e8SDoug Rabson #define KCM_FLAGS_USE_CACHED_KEY 0x0010 63c19800e8SDoug Rabson 64c19800e8SDoug Rabson #define KCM_MASK_KEY_PRESENT ( KCM_FLAGS_USE_KEYTAB | \ 65c19800e8SDoug Rabson KCM_FLAGS_USE_CACHED_KEY ) 66c19800e8SDoug Rabson 67c19800e8SDoug Rabson struct kcm_ccache_data; 68c19800e8SDoug Rabson struct kcm_creds; 69c19800e8SDoug Rabson 70*ae771770SStanislav Sedov struct kcm_default_cache { 71*ae771770SStanislav Sedov uid_t uid; 72*ae771770SStanislav Sedov pid_t session; /* really au_asid_t */ 73*ae771770SStanislav Sedov char *name; 74*ae771770SStanislav Sedov struct kcm_default_cache *next; 75*ae771770SStanislav Sedov }; 76*ae771770SStanislav Sedov 77*ae771770SStanislav Sedov extern struct kcm_default_cache *default_caches; 78*ae771770SStanislav Sedov 79*ae771770SStanislav Sedov struct kcm_creds { 80*ae771770SStanislav Sedov kcmuuid_t uuid; 81*ae771770SStanislav Sedov krb5_creds cred; 82*ae771770SStanislav Sedov struct kcm_creds *next; 83*ae771770SStanislav Sedov }; 84c19800e8SDoug Rabson 85c19800e8SDoug Rabson typedef struct kcm_ccache_data { 86c19800e8SDoug Rabson char *name; 87*ae771770SStanislav Sedov kcmuuid_t uuid; 88c19800e8SDoug Rabson unsigned refcnt; 89c19800e8SDoug Rabson uint16_t flags; 90c19800e8SDoug Rabson uint16_t mode; 91c19800e8SDoug Rabson uid_t uid; 92c19800e8SDoug Rabson gid_t gid; 93*ae771770SStanislav Sedov pid_t session; /* really au_asid_t */ 94c19800e8SDoug Rabson krb5_principal client; /* primary client principal */ 95c19800e8SDoug Rabson krb5_principal server; /* primary server principal (TGS if NULL) */ 96*ae771770SStanislav Sedov struct kcm_creds *creds; 97c19800e8SDoug Rabson krb5_deltat tkt_life; 98c19800e8SDoug Rabson krb5_deltat renew_life; 99*ae771770SStanislav Sedov int32_t kdc_offset; 100c19800e8SDoug Rabson union { 101c19800e8SDoug Rabson krb5_keytab keytab; 102c19800e8SDoug Rabson krb5_keyblock keyblock; 103c19800e8SDoug Rabson } key; 104c19800e8SDoug Rabson HEIMDAL_MUTEX mutex; 105c19800e8SDoug Rabson struct kcm_ccache_data *next; 106c19800e8SDoug Rabson } kcm_ccache_data; 107c19800e8SDoug Rabson 108c19800e8SDoug Rabson #define KCM_ASSERT_VALID(_ccache) do { \ 109c19800e8SDoug Rabson if (((_ccache)->flags & KCM_FLAGS_VALID) == 0) \ 110c19800e8SDoug Rabson krb5_abortx(context, "kcm_free_ccache_data: ccache invalid"); \ 111c19800e8SDoug Rabson else if ((_ccache)->refcnt == 0) \ 112c19800e8SDoug Rabson krb5_abortx(context, "kcm_free_ccache_data: ccache refcnt == 0"); \ 113c19800e8SDoug Rabson } while (0) 114c19800e8SDoug Rabson 115c19800e8SDoug Rabson typedef kcm_ccache_data *kcm_ccache; 116c19800e8SDoug Rabson 117c19800e8SDoug Rabson /* Event management */ 118c19800e8SDoug Rabson 119c19800e8SDoug Rabson typedef struct kcm_event { 120c19800e8SDoug Rabson int valid; 121c19800e8SDoug Rabson time_t fire_time; 122c19800e8SDoug Rabson unsigned fire_count; 123c19800e8SDoug Rabson time_t expire_time; 124c19800e8SDoug Rabson time_t backoff_time; 125c19800e8SDoug Rabson enum { 126c19800e8SDoug Rabson KCM_EVENT_NONE = 0, 127c19800e8SDoug Rabson KCM_EVENT_ACQUIRE_CREDS, 128c19800e8SDoug Rabson KCM_EVENT_RENEW_CREDS, 129c19800e8SDoug Rabson KCM_EVENT_DESTROY_CREDS, 130c19800e8SDoug Rabson KCM_EVENT_DESTROY_EMPTY_CACHE 131c19800e8SDoug Rabson } action; 132c19800e8SDoug Rabson kcm_ccache ccache; 133c19800e8SDoug Rabson struct kcm_event *next; 134c19800e8SDoug Rabson } kcm_event; 135c19800e8SDoug Rabson 136c19800e8SDoug Rabson /* wakeup interval for event queue */ 137c19800e8SDoug Rabson #define KCM_EVENT_QUEUE_INTERVAL 60 138c19800e8SDoug Rabson #define KCM_EVENT_DEFAULT_BACKOFF_TIME 5 139c19800e8SDoug Rabson #define KCM_EVENT_MAX_BACKOFF_TIME (12 * 60 * 60) 140c19800e8SDoug Rabson 141c19800e8SDoug Rabson 142c19800e8SDoug Rabson /* Request format is LENGTH | MAJOR | MINOR | OPERATION | request */ 143c19800e8SDoug Rabson /* Response format is LENGTH | STATUS | response */ 144c19800e8SDoug Rabson 145c19800e8SDoug Rabson typedef struct kcm_client { 146c19800e8SDoug Rabson pid_t pid; 147c19800e8SDoug Rabson uid_t uid; 148c19800e8SDoug Rabson gid_t gid; 149*ae771770SStanislav Sedov pid_t session; 150c19800e8SDoug Rabson } kcm_client; 151c19800e8SDoug Rabson 152c19800e8SDoug Rabson #define CLIENT_IS_ROOT(client) ((client)->uid == 0) 153c19800e8SDoug Rabson 154c19800e8SDoug Rabson /* Dispatch table */ 155c19800e8SDoug Rabson /* passed in OPERATION | ... ; returns STATUS | ... */ 156c19800e8SDoug Rabson typedef krb5_error_code (*kcm_method)(krb5_context, kcm_client *, kcm_operation, krb5_storage *, krb5_storage *); 157c19800e8SDoug Rabson 158c19800e8SDoug Rabson struct kcm_op { 159c19800e8SDoug Rabson const char *name; 160c19800e8SDoug Rabson kcm_method method; 161c19800e8SDoug Rabson }; 162c19800e8SDoug Rabson 163c19800e8SDoug Rabson #define DEFAULT_LOG_DEST "0/FILE:" LOCALSTATEDIR "/log/kcmd.log" 164c19800e8SDoug Rabson #define _PATH_KCM_CONF SYSCONFDIR "/kcm.conf" 165c19800e8SDoug Rabson 166c19800e8SDoug Rabson extern krb5_context kcm_context; 167c19800e8SDoug Rabson extern char *socket_path; 168c19800e8SDoug Rabson extern char *door_path; 169c19800e8SDoug Rabson extern size_t max_request; 170c19800e8SDoug Rabson extern sig_atomic_t exit_flag; 171c19800e8SDoug Rabson extern int name_constraints; 172*ae771770SStanislav Sedov #ifdef SUPPORT_DETACH 173c19800e8SDoug Rabson extern int detach_from_console; 174*ae771770SStanislav Sedov #endif 175*ae771770SStanislav Sedov extern int launchd_flag; 176c19800e8SDoug Rabson extern int disallow_getting_krbtgt; 177c19800e8SDoug Rabson 178c19800e8SDoug Rabson #if 0 179c19800e8SDoug Rabson extern const krb5_cc_ops krb5_kcmss_ops; 180c19800e8SDoug Rabson #endif 181c19800e8SDoug Rabson 182*ae771770SStanislav Sedov void kcm_service(void *, const heim_idata *, const heim_icred, 183*ae771770SStanislav Sedov heim_ipc_complete, heim_sipc_call); 184*ae771770SStanislav Sedov 185*ae771770SStanislav Sedov #include <kcm-protos.h> 186c19800e8SDoug Rabson 187c19800e8SDoug Rabson #endif /* __KCM_LOCL_H__ */ 188c19800e8SDoug Rabson 189