summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/lib/krb5/kuserok_plugin.h
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/lib/krb5/kuserok_plugin.h')
-rw-r--r--third_party/heimdal/lib/krb5/kuserok_plugin.h91
1 files changed, 91 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/krb5/kuserok_plugin.h b/third_party/heimdal/lib/krb5/kuserok_plugin.h
new file mode 100644
index 0000000..7c3f3b4
--- /dev/null
+++ b/third_party/heimdal/lib/krb5/kuserok_plugin.h
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2011, Secure Endpoints Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef HEIMDAL_KRB5_KUSEROK_PLUGIN_H
+#define HEIMDAL_KRB5_KUSEROK_PLUGIN_H 1
+
+#include <heimbase-svc.h>
+
+#define KRB5_PLUGIN_KUSEROK "krb5_plugin_kuserok"
+#define KRB5_PLUGIN_KUSEROK_VERSION_0 0
+
+/** @struct krb5plugin_kuserok_ftable_desc
+ *
+ * @brief Description of the krb5_kuserok(3) plugin facility.
+ *
+ * The krb5_kuserok(3) function is pluggable. The plugin is named
+ * KRB5_PLUGIN_KUSEROK ("krb5_plugin_kuserok"), with a single minor
+ * version, KRB5_PLUGIN_KUSEROK_VERSION_0 (0).
+ *
+ * The plugin for krb5_kuserok(3) consists of a data symbol referencing
+ * a structure of type krb5plugin_kuserok_ftable, with four fields:
+ *
+ * @param init Plugin initialization function (see krb5-plugin(7))
+ *
+ * @param minor_version The plugin minor version number (0)
+ *
+ * @param fini Plugin finalization function
+ *
+ * @param kuserok Plugin kuserok function
+ *
+ * The kuserok field is the plugin entry point that performs the
+ * traditional kuserok operation however the plugin desires. It is
+ * invoked in no particular order relative to other kuserok plugins, but
+ * it has a 'rule' argument that indicates which plugin is intended to
+ * act on the rule. The plugin kuserok function must return
+ * KRB5_PLUGIN_NO_HANDLE if the rule is not applicable to it.
+ *
+ * The plugin kuserok function has the following arguments, in this
+ * order:
+ *
+ * -# plug_ctx, the context value output by the plugin's init function
+ * -# context, a krb5_context
+ * -# rule, the kuserok rule being evaluated (from krb5.conf(5))
+ * -# flags
+ * -# k5login_dir, configured location of k5login per-user files if any
+ * -# luser, name of the local user account to which principal is attempting to access.
+ * -# principal, the krb5_principal trying to access the luser account
+ * -# result, a krb5_boolean pointer where the plugin will output its result
+ *
+ * @ingroup krb5_support
+ */
+typedef struct krb5plugin_kuserok_ftable_desc {
+ HEIM_PLUGIN_FTABLE_COMMON_ELEMENTS(krb5_context);
+ krb5_error_code (KRB5_LIB_CALL *kuserok)(void *, krb5_context, const char *,
+ unsigned int, const char *, const char *,
+ krb5_const_principal,
+ krb5_boolean *);
+} krb5plugin_kuserok_ftable;
+
+#define KUSEROK_ANAME_TO_LNAME_OK 1
+#define KUSEROK_K5LOGIN_IS_AUTHORITATIVE 2
+
+#endif /* HEIMDAL_KRB5_KUSEROK_PLUGIN_H */