jpayne@69: /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ jpayne@69: /* jpayne@69: * Copyright (C) 2017 by the Massachusetts Institute of Technology. jpayne@69: * All rights reserved. jpayne@69: * jpayne@69: * Redistribution and use in source and binary forms, with or without jpayne@69: * modification, are permitted provided that the following conditions jpayne@69: * are met: jpayne@69: * jpayne@69: * * Redistributions of source code must retain the above copyright jpayne@69: * notice, this list of conditions and the following disclaimer. jpayne@69: * jpayne@69: * * Redistributions in binary form must reproduce the above copyright jpayne@69: * notice, this list of conditions and the following disclaimer in jpayne@69: * the documentation and/or other materials provided with the jpayne@69: * distribution. jpayne@69: * jpayne@69: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS jpayne@69: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT jpayne@69: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS jpayne@69: * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE jpayne@69: * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, jpayne@69: * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES jpayne@69: * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR jpayne@69: * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) jpayne@69: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, jpayne@69: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) jpayne@69: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED jpayne@69: * OF THE POSSIBILITY OF SUCH DAMAGE. jpayne@69: */ jpayne@69: jpayne@69: /* jpayne@69: * Declarations for kadm5_auth plugin module implementors. jpayne@69: * jpayne@69: * The kadm5_auth pluggable interface currently has only one supported major jpayne@69: * version, which is 1. Major version 1 has a current minor version number of jpayne@69: * 1. jpayne@69: * jpayne@69: * kadm5_auth plugin modules should define a function named jpayne@69: * kadm5_auth__initvt, matching the signature: jpayne@69: * jpayne@69: * krb5_error_code jpayne@69: * kadm5_auth_modname_initvt(krb5_context context, int maj_ver, int min_ver, jpayne@69: * krb5_plugin_vtable vtable); jpayne@69: * jpayne@69: * The initvt function should: jpayne@69: * jpayne@69: * - Check that the supplied maj_ver number is supported by the module, or jpayne@69: * return KRB5_PLUGIN_VER_NOTSUPP if it is not. jpayne@69: * jpayne@69: * - Cast the vtable pointer as appropriate for maj_ver: jpayne@69: * maj_ver == 1: Cast to krb5_kadm5_auth_vtable jpayne@69: * jpayne@69: * - Initialize the methods of the vtable, stopping as appropriate for the jpayne@69: * supplied min_ver. Optional methods may be left uninitialized. jpayne@69: * jpayne@69: * Memory for the vtable is allocated by the caller, not by the module. jpayne@69: */ jpayne@69: jpayne@69: #ifndef KRB5_KADM5_AUTH_PLUGIN_H jpayne@69: #define KRB5_KADM5_AUTH_PLUGIN_H jpayne@69: jpayne@69: #include jpayne@69: #include jpayne@69: jpayne@69: /* An abstract type for kadm5_auth module data. */ jpayne@69: typedef struct kadm5_auth_moddata_st *kadm5_auth_moddata; jpayne@69: jpayne@69: /* jpayne@69: * A module can optionally include to inspect principal or jpayne@69: * policy records from requests that add or modify principals or policies. jpayne@69: * Note that fields of principal and policy structures are only valid if the jpayne@69: * corresponding bit is set in the accompanying mask parameter. jpayne@69: */ jpayne@69: struct _kadm5_principal_ent_t; jpayne@69: struct _kadm5_policy_ent_t; jpayne@69: jpayne@69: /* jpayne@69: * A module can optionally generate restrictions when checking permissions for jpayne@69: * adding or modifying a principal entry. Restriction fields will only be jpayne@69: * honored if the corresponding mask bit is set. The operable mask bits are jpayne@69: * defined in and are: jpayne@69: * jpayne@69: * - KADM5_ATTRIBUTES for require_attrs, forbid_attrs jpayne@69: * - KADM5_POLICY for policy jpayne@69: * - KADM5_POLICY_CLR to require that policy be unset jpayne@69: * - KADM5_PRINC_EXPIRE_TIME for princ_lifetime jpayne@69: * - KADM5_PW_EXPIRATION for pw_lifetime jpayne@69: * - KADM5_MAX_LIFE for max_life jpayne@69: * - KADM5_MAX_RLIFE for max_renewable_life jpayne@69: */ jpayne@69: struct kadm5_auth_restrictions { jpayne@69: long mask; jpayne@69: krb5_flags require_attrs; jpayne@69: krb5_flags forbid_attrs; jpayne@69: krb5_deltat princ_lifetime; jpayne@69: krb5_deltat pw_lifetime; jpayne@69: krb5_deltat max_life; jpayne@69: krb5_deltat max_renewable_life; jpayne@69: char *policy; jpayne@69: }; jpayne@69: jpayne@69: /*** Method type declarations ***/ jpayne@69: jpayne@69: /* jpayne@69: * Optional: Initialize module data. acl_file is the realm's configured ACL jpayne@69: * file, or NULL if none was configured. Return 0 on success, jpayne@69: * KRB5_PLUGIN_NO_HANDLE if the module is inoperable (due to configuration, for jpayne@69: * example), and any other error code to abort kadmind startup. Optionally set jpayne@69: * *data_out to a module data object to be passed to future calls. jpayne@69: */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_init_fn)(krb5_context context, const char *acl_file, jpayne@69: kadm5_auth_moddata *data_out); jpayne@69: jpayne@69: /* Optional: Release resources used by module data. */ jpayne@69: typedef void jpayne@69: (*kadm5_auth_fini_fn)(krb5_context context, kadm5_auth_moddata data); jpayne@69: jpayne@69: /* jpayne@69: * Each check method below should return 0 to explicitly authorize the request, jpayne@69: * KRB5_PLUGIN_NO_HANDLE to neither authorize nor deny the request, and any jpayne@69: * other error code (such as EPERM) to explicitly deny the request. If a check jpayne@69: * method is not defined, the module will neither authorize nor deny the jpayne@69: * request. A request succeeds if at least one kadm5_auth module explicitly jpayne@69: * authorizes the request and none of the modules explicitly deny it. jpayne@69: */ jpayne@69: jpayne@69: /* Optional: authorize an add-principal operation, and optionally generate jpayne@69: * restrictions. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_addprinc_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, jpayne@69: krb5_const_principal target, jpayne@69: const struct _kadm5_principal_ent_t *ent, long mask, jpayne@69: struct kadm5_auth_restrictions **rs_out); jpayne@69: jpayne@69: /* Optional: authorize a modify-principal operation, and optionally generate jpayne@69: * restrictions. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_modprinc_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, jpayne@69: krb5_const_principal target, jpayne@69: const struct _kadm5_principal_ent_t *ent, long mask, jpayne@69: struct kadm5_auth_restrictions **rs_out); jpayne@69: jpayne@69: /* Optional: authorize a set-string operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_setstr_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, jpayne@69: krb5_const_principal target, jpayne@69: const char *key, const char *value); jpayne@69: jpayne@69: /* Optional: authorize a change-password operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_cpw_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, krb5_const_principal target); jpayne@69: jpayne@69: /* Optional: authorize a randomize-keys operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_chrand_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, jpayne@69: krb5_const_principal target); jpayne@69: jpayne@69: /* Optional: authorize a set-key operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_setkey_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, jpayne@69: krb5_const_principal target); jpayne@69: jpayne@69: /* Optional: authorize a purgekeys operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_purgekeys_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, jpayne@69: krb5_const_principal target); jpayne@69: jpayne@69: /* Optional: authorize a delete-principal operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_delprinc_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, jpayne@69: krb5_const_principal target); jpayne@69: jpayne@69: /* Optional: authorize a rename-principal operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_renprinc_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, jpayne@69: krb5_const_principal src, jpayne@69: krb5_const_principal dest); jpayne@69: jpayne@69: /* Optional: authorize a get-principal operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_getprinc_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, jpayne@69: krb5_const_principal target); jpayne@69: jpayne@69: /* Optional: authorize a get-strings operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_getstrs_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, jpayne@69: krb5_const_principal target); jpayne@69: jpayne@69: /* Optional: authorize an extract-keys operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_extract_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, jpayne@69: krb5_const_principal target); jpayne@69: jpayne@69: /* Optional: authorize a list-principals operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_listprincs_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client); jpayne@69: jpayne@69: /* Optional: authorize an add-policy operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_addpol_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, const char *policy, jpayne@69: const struct _kadm5_policy_ent_t *ent, long mask); jpayne@69: jpayne@69: /* Optional: authorize a modify-policy operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_modpol_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, const char *policy, jpayne@69: const struct _kadm5_policy_ent_t *ent, long mask); jpayne@69: jpayne@69: /* Optional: authorize a delete-policy operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_delpol_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, const char *policy); jpayne@69: jpayne@69: /* Optional: authorize a get-policy operation. client_policy is the client jpayne@69: * principal's policy name, or NULL if it does not have one. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_getpol_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client, const char *policy, jpayne@69: const char *client_policy); jpayne@69: jpayne@69: /* Optional: authorize a list-policies operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_listpols_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client); jpayne@69: jpayne@69: /* Optional: authorize an iprop operation. */ jpayne@69: typedef krb5_error_code jpayne@69: (*kadm5_auth_iprop_fn)(krb5_context context, kadm5_auth_moddata data, jpayne@69: krb5_const_principal client); jpayne@69: jpayne@69: /* jpayne@69: * Optional: receive a notification that the most recent authorized operation jpayne@69: * has ended. If a kadm5_auth module is also a KDB module, it can assume that jpayne@69: * all KDB methods invoked between a kadm5_auth authorization method invocation jpayne@69: * and a kadm5_auth end invocation are performed as part of the authorized jpayne@69: * operation. jpayne@69: * jpayne@69: * The end method may be invoked without a preceding authorization method in jpayne@69: * some cases; the module must be prepared to ignore such calls. jpayne@69: */ jpayne@69: typedef void jpayne@69: (*kadm5_auth_end_fn)(krb5_context context, kadm5_auth_moddata data); jpayne@69: jpayne@69: /* jpayne@69: * Optional: free a restrictions object. This method does not need to be jpayne@69: * defined if the module does not generate restrictions objects, or if it jpayne@69: * returns aliases to restrictions objects contained from within the module jpayne@69: * data. jpayne@69: */ jpayne@69: typedef void jpayne@69: (*kadm5_auth_free_restrictions_fn)(krb5_context context, jpayne@69: kadm5_auth_moddata data, jpayne@69: struct kadm5_auth_restrictions *rs); jpayne@69: jpayne@69: /* kadm5_auth vtable for major version 1. */ jpayne@69: typedef struct kadm5_auth_vtable_st { jpayne@69: const char *name; /* Mandatory: name of module. */ jpayne@69: kadm5_auth_init_fn init; jpayne@69: kadm5_auth_fini_fn fini; jpayne@69: jpayne@69: kadm5_auth_addprinc_fn addprinc; jpayne@69: kadm5_auth_modprinc_fn modprinc; jpayne@69: kadm5_auth_setstr_fn setstr; jpayne@69: kadm5_auth_cpw_fn cpw; jpayne@69: kadm5_auth_chrand_fn chrand; jpayne@69: kadm5_auth_setkey_fn setkey; jpayne@69: kadm5_auth_purgekeys_fn purgekeys; jpayne@69: kadm5_auth_delprinc_fn delprinc; jpayne@69: kadm5_auth_renprinc_fn renprinc; jpayne@69: jpayne@69: kadm5_auth_getprinc_fn getprinc; jpayne@69: kadm5_auth_getstrs_fn getstrs; jpayne@69: kadm5_auth_extract_fn extract; jpayne@69: kadm5_auth_listprincs_fn listprincs; jpayne@69: jpayne@69: kadm5_auth_addpol_fn addpol; jpayne@69: kadm5_auth_modpol_fn modpol; jpayne@69: kadm5_auth_delpol_fn delpol; jpayne@69: kadm5_auth_getpol_fn getpol; jpayne@69: kadm5_auth_listpols_fn listpols; jpayne@69: jpayne@69: kadm5_auth_iprop_fn iprop; jpayne@69: jpayne@69: kadm5_auth_end_fn end; jpayne@69: jpayne@69: kadm5_auth_free_restrictions_fn free_restrictions; jpayne@69: /* Minor version 1 ends here. */ jpayne@69: } *kadm5_auth_vtable; jpayne@69: jpayne@69: #endif /* KRB5_KADM5_AUTH_PLUGIN_H */