1 /* 2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #ifndef _SERVER_ACL_H 7 #define _SERVER_ACL_H 8 9 #pragma ident "%Z%%M% %I% %E% SMI" 10 11 #ifdef __cplusplus 12 extern "C" { 13 #endif 14 15 16 /* 17 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 18 * 19 * Openvision retains the copyright to derivative works of 20 * this source code. Do *NOT* create a derivative of this 21 * source code before consulting with your legal department. 22 * Do *NOT* integrate *ANY* of this source code into another 23 * product before consulting with your legal department. 24 * 25 * For further information, read the top-level Openvision 26 * copyright which is contained in the top-level MIT Kerberos 27 * copyright. 28 * 29 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 30 * 31 */ 32 33 34 /* 35 * kadmin/v5server/kadm5_defs.h 36 * 37 * Copyright 1995 by the Massachusetts Institute of Technology. 38 * All Rights Reserved. 39 * 40 * Export of this software from the United States of America may 41 * require a specific license from the United States Government. 42 * It is the responsibility of any person or organization contemplating 43 * export to obtain such a license before exporting. 44 * 45 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 46 * distribute this software and its documentation for any purpose and 47 * without fee is hereby granted, provided that the above copyright 48 * notice appear in all copies and that both that copyright notice and 49 * this permission notice appear in supporting documentation, and that 50 * the name of M.I.T. not be used in advertising or publicity pertaining 51 * to distribution of the software without specific, written prior 52 * permission. Furthermore if you modify this software you must label 53 * your software as modified software and not distribute it in such a 54 * fashion that it might be confused with the original M.I.T. software. 55 * M.I.T. makes no representations about the suitability of 56 * this software for any purpose. It is provided "as is" without express 57 * or implied warranty. 58 * 59 */ 60 61 #include <admin.h> /* SUNWresync121 XXX */ 62 63 /* 64 * Debug definitions. 65 */ 66 #define DEBUG_SPROC 1 67 #define DEBUG_OPERATION 2 68 #define DEBUG_HOST 4 69 #define DEBUG_REALM 8 70 #define DEBUG_REQUESTS 16 71 #define DEBUG_ACL 32 72 #define DEBUG_PROTO 64 73 #define DEBUG_CALLS 128 74 #define DEBUG_NOSLAVES 256 75 #ifdef DEBUG 76 #define DPRINT(l1, cl, al) if ((cl & l1) != 0) printf al 77 #else /* DEBUG */ 78 #define DPRINT(l1, cl, al) 79 #endif /* DEBUG */ 80 #define DLOG(l1, cl, msg) if ((cl & l1) != 0) \ 81 com_err(programname, 0, msg) 82 83 /* 84 * Access control bits. 85 */ 86 #define ACL_INQUIRE 1 /* GET */ 87 #define ACL_ADD 2 88 #define ACL_MODIFY 4 89 #define ACL_DELETE 8 90 #define ACL_LIST 16 91 #define ACL_CHANGEPW 32 92 /* #define ACL_CHANGE_OWN_PW 16 */ 93 /* #define ACL_EXTRACT 64 */ 94 #define ACL_SETKEY 256 95 #define ACL_MIGRATE 512 /* pam_krb5_migrate */ 96 #define ACL_IPROP 65536 /* SUNW IProp */ 97 #define ACL_RENAME (ACL_ADD+ACL_DELETE) 98 99 #define ACL_ALL_MASK (ACL_ADD | \ 100 ACL_DELETE | \ 101 ACL_MODIFY | \ 102 ACL_CHANGEPW | \ 103 ACL_INQUIRE | \ 104 ACL_LIST | \ 105 ACL_IPROP | \ 106 ACL_MIGRATE | \ 107 ACL_SETKEY) 108 109 typedef struct _restriction { 110 long mask; 111 krb5_flags require_attrs; 112 krb5_flags forbid_attrs; 113 krb5_deltat princ_lifetime; 114 krb5_deltat pw_lifetime; 115 krb5_deltat max_life; 116 krb5_deltat max_renewable_life; 117 long aux_attributes; 118 char *policy; 119 } restriction_t; 120 121 krb5_error_code acl_init 122 KRB5_PROTOTYPE((krb5_context, 123 int, 124 char *)); 125 void acl_finish 126 KRB5_PROTOTYPE((krb5_context, 127 int)); 128 krb5_boolean acl_check 129 KRB5_PROTOTYPE((krb5_context, 130 gss_name_t, 131 krb5_int32, 132 krb5_principal, 133 restriction_t **)); 134 krb5_error_code acl_impose_restrictions 135 KRB5_PROTOTYPE((krb5_context, 136 kadm5_principal_ent_rec *, 137 long *, 138 restriction_t *)); 139 #ifdef __cplusplus 140 } 141 #endif 142 143 #endif /* !_SERVER_ACL_H */ 144