Mercurial > repos > rliterman > csp2
comparison CSP2/CSP2_env/env-d9b9114564458d9d-741b3de822f2aaca6c6caa4325c4afce/include/krb5/localauth_plugin.h @ 69:33d812a61356
planemo upload commit 2e9511a184a1ca667c7be0c6321a36dc4e3d116d
| author | jpayne |
|---|---|
| date | Tue, 18 Mar 2025 17:55:14 -0400 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 67:0e9998148a16 | 69:33d812a61356 |
|---|---|
| 1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ | |
| 2 /* | |
| 3 * Copyright (C) 2013 by the Massachusetts Institute of Technology. | |
| 4 * All rights reserved. | |
| 5 * | |
| 6 * Redistribution and use in source and binary forms, with or without | |
| 7 * modification, are permitted provided that the following conditions | |
| 8 * are met: | |
| 9 * | |
| 10 * * Redistributions of source code must retain the above copyright | |
| 11 * notice, this list of conditions and the following disclaimer. | |
| 12 * | |
| 13 * * Redistributions in binary form must reproduce the above copyright | |
| 14 * notice, this list of conditions and the following disclaimer in | |
| 15 * the documentation and/or other materials provided with the | |
| 16 * distribution. | |
| 17 * | |
| 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
| 21 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
| 22 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 23 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
| 24 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 25 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
| 27 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
| 29 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 30 */ | |
| 31 | |
| 32 /* | |
| 33 * Declarations for localauth plugin module implementors. | |
| 34 * | |
| 35 * The localauth pluggable interface currently has only one supported major | |
| 36 * version, which is 1. Major version 1 has a current minor version number of | |
| 37 * 1. | |
| 38 * | |
| 39 * Localauth plugin modules should define a function named | |
| 40 * localauth_<modulename>_initvt, matching the signature: | |
| 41 * | |
| 42 * krb5_error_code | |
| 43 * localauth_modname_initvt(krb5_context context, int maj_ver, int min_ver, | |
| 44 * krb5_plugin_vtable vtable); | |
| 45 * | |
| 46 * The initvt function should: | |
| 47 * | |
| 48 * - Check that the supplied maj_ver number is supported by the module, or | |
| 49 * return KRB5_PLUGIN_VER_NOTSUPP if it is not. | |
| 50 * | |
| 51 * - Cast the vtable pointer as appropriate for maj_ver: | |
| 52 * maj_ver == 1: Cast to krb5_localauth_vtable | |
| 53 * | |
| 54 * - Initialize the methods of the vtable, stopping as appropriate for the | |
| 55 * supplied min_ver. Optional methods may be left uninitialized. | |
| 56 * | |
| 57 * Memory for the vtable is allocated by the caller, not by the module. | |
| 58 */ | |
| 59 | |
| 60 #ifndef KRB5_LOCALAUTH_PLUGIN_H | |
| 61 #define KRB5_LOCALAUTH_PLUGIN_H | |
| 62 | |
| 63 #include <krb5/krb5.h> | |
| 64 #include <krb5/plugin.h> | |
| 65 | |
| 66 /* An abstract type for localauth module data. */ | |
| 67 typedef struct krb5_localauth_moddata_st *krb5_localauth_moddata; | |
| 68 | |
| 69 /*** Method type declarations ***/ | |
| 70 | |
| 71 /* Optional: Initialize module data. */ | |
| 72 typedef krb5_error_code | |
| 73 (*krb5_localauth_init_fn)(krb5_context context, | |
| 74 krb5_localauth_moddata *data); | |
| 75 | |
| 76 /* Optional: Release resources used by module data. */ | |
| 77 typedef void | |
| 78 (*krb5_localauth_fini_fn)(krb5_context context, krb5_localauth_moddata data); | |
| 79 | |
| 80 /* | |
| 81 * Optional: Determine whether aname is authorized to log in as the local | |
| 82 * account lname. Return 0 if aname is authorized, EPERM if aname is | |
| 83 * authoritatively not authorized, KRB5_PLUGIN_NO_HANDLE if the module cannot | |
| 84 * determine whether aname is authorized, and any other error code for a | |
| 85 * serious failure to process the request. aname will be considered authorized | |
| 86 * if at least one module returns 0 and all other modules return | |
| 87 * KRB5_PLUGIN_NO_HANDLE. | |
| 88 */ | |
| 89 typedef krb5_error_code | |
| 90 (*krb5_localauth_userok_fn)(krb5_context context, krb5_localauth_moddata data, | |
| 91 krb5_const_principal aname, const char *lname); | |
| 92 | |
| 93 /* | |
| 94 * Optional (mandatory if an2ln_types is set): Determine the local account name | |
| 95 * corresponding to aname. Return 0 and set *lname_out if a mapping can be | |
| 96 * determined; the contents of *lname_out will later be released with a call to | |
| 97 * the module's free_string method. Return KRB5_LNAME_NOTRANS if no mapping | |
| 98 * can be determined. Return any other error code for a serious failure to | |
| 99 * process the request; this will halt the krb5_aname_to_localname operation. | |
| 100 * | |
| 101 * If the module's an2ln_types field is set, this method will only be invoked | |
| 102 * when a profile "auth_to_local" value references one of the module's types. | |
| 103 * type and residual will be set to the type and residual of the auth_to_local | |
| 104 * value. | |
| 105 * | |
| 106 * If the module's an2ln_types field is not set but the an2ln method is | |
| 107 * implemented, this method will be invoked independently of the profile's | |
| 108 * auth_to_local settings, with type and residual set to NULL. If multiple | |
| 109 * modules are registered with an2ln methods but no an2ln_types field, the | |
| 110 * order of invocation is not defined, but all such modules will be consulted | |
| 111 * before the built-in mechanisms are tried. | |
| 112 */ | |
| 113 typedef krb5_error_code | |
| 114 (*krb5_localauth_an2ln_fn)(krb5_context context, krb5_localauth_moddata data, | |
| 115 const char *type, const char *residual, | |
| 116 krb5_const_principal aname, char **lname_out); | |
| 117 | |
| 118 /* | |
| 119 * Optional (mandatory if an2ln is implemented): Release the memory returned by | |
| 120 * an invocation of an2ln. | |
| 121 */ | |
| 122 typedef void | |
| 123 (*krb5_localauth_free_string_fn)(krb5_context context, | |
| 124 krb5_localauth_moddata data, char *str); | |
| 125 | |
| 126 /* localauth vtable for major version 1. */ | |
| 127 typedef struct krb5_localauth_vtable_st { | |
| 128 const char *name; /* Mandatory: name of module. */ | |
| 129 const char **an2ln_types; /* Optional: uppercase auth_to_local types */ | |
| 130 krb5_localauth_init_fn init; | |
| 131 krb5_localauth_fini_fn fini; | |
| 132 krb5_localauth_userok_fn userok; | |
| 133 krb5_localauth_an2ln_fn an2ln; | |
| 134 krb5_localauth_free_string_fn free_string; | |
| 135 /* Minor version 1 ends here. */ | |
| 136 } *krb5_localauth_vtable; | |
| 137 | |
| 138 #endif /* KRB5_LOCALAUTH_PLUGIN_H */ |