1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
/*
SSSD
KCM Server - private header file
Copyright (C) Red Hat, 2016
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __KCMSRV_PVT_H__
#define __KCMSRV_PVT_H__
#include "config.h"
#include <sys/types.h>
#include <krb5/krb5.h>
#include "responder/common/responder.h"
#define KCM_PROTOCOL_VERSION_MAJOR 2
#define KCM_PROTOCOL_VERSION_MINOR 0
/* This should ideally be in RUNSTATEDIR, but Heimdal uses a hardcoded
* /var/run, and we need to use the same default path. */
#define DEFAULT_KCM_SOCKET_PATH "/var/run/.heim_org.h5l.kcm-socket"
/*
* KCM IO structure
*
* In theory we cold use sss_iobuf there, but since iobuf was
* made opaque, this allows it to allocate the structures on
* the stack in one go.
* */
struct kcm_data {
uint8_t *data;
size_t length;
};
/*
* To avoid leaking the sssd-specific responder data to other
* modules, the ccache databases and other KCM specific data
* are kept separately
*/
struct kcm_resp_ctx {
krb5_context k5c;
struct kcm_ccdb *db;
};
/* Supported ccache back ends */
enum kcm_ccdb_be {
CCDB_BE_MEMORY,
CCDB_BE_SECDB,
};
/*
* responder context that contains both the responder data,
* like the ccaches and the sssd-specific stuff like the
* generic responder ctx
*/
struct kcm_ctx {
struct resp_ctx *rctx;
int fd_limit;
char *socket_path;
enum kcm_ccdb_be cc_be;
struct kcm_ops_queue_ctx *qctx;
struct kcm_resp_ctx *kcm_data;
};
int kcm_connection_setup(struct cli_ctx *cctx);
/*
* Internally in SSSD-KCM we use SSSD-internal error codes so that we
* can always the same sss_strerror() functions to format the errors
* nicely, but the client expects libkrb5 error codes.
*/
krb5_error_code sss2krb5_error(errno_t err);
/* We enqueue all requests by the same UID to avoid concurrency issues.
*/
struct kcm_ops_queue_entry;
struct kcm_ops_queue_ctx *kcm_ops_queue_create(TALLOC_CTX *mem_ctx,
struct kcm_ctx *kctx);
struct tevent_req *kcm_op_queue_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct kcm_ops_queue_ctx *qctx,
struct cli_creds *client);
errno_t kcm_op_queue_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
struct kcm_ops_queue_entry **_entry);
#endif /* __KCMSRV_PVT_H__ */
|
