usr/src/lib/krb5/kadm5/srv/server_acl.h

   1 /*
   2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
   3  * Use is subject to license terms.
   4  */
   5
   6
   7
   8 #ifdef  __cplusplus
   9 extern "C" {
  10 #endif
  11
  12
  13 /*
  14  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
  15  *
  16  *      Openvision retains the copyright to derivative works of
  17  *      this source code.  Do *NOT* create a derivative of this
  18  *      source code before consulting with your legal department.
  19  *      Do *NOT* integrate *ANY* of this source code into another
  20  *      product before consulting with your legal department.
  21  *
  22  *      For further information, read the top-level Openvision
  23  *      copyright which is contained in the top-level MIT Kerberos
  24  *      copyright.
  25  *
  26  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
  27  *
  28  */
  29
  30
  31 /*
  32  * kadmin/v5server/kadm5_defs.h
  33  *
  34  * Copyright 1995 by the Massachusetts Institute of Technology.
  35  * All Rights Reserved.
  36  *
  37  * Export of this software from the United States of America may
  38  *   require a specific license from the United States Government.
  39  *   It is the responsibility of any person or organization contemplating
  40  *   export to obtain such a license before exporting.
  41  *
  42  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  43  * distribute this software and its documentation for any purpose and
  44  * without fee is hereby granted, provided that the above copyright
  45  * notice appear in all copies and that both that copyright notice and
  46  * this permission notice appear in supporting documentation, and that
  47  * the name of M.I.T. not be used in advertising or publicity pertaining
  48  * to distribution of the software without specific, written prior
  49  * permission.  Furthermore if you modify this software you must label
  50  * your software as modified software and not distribute it in such a
  51  * fashion that it might be confused with the original M.I.T. software.
  52  * M.I.T. makes no representations about the suitability of
  53  * this software for any purpose.  It is provided "as is" without express
  54  * or implied warranty.
  55  *
  56  */
  57
  58 #ifndef SERVER_ACL_H__
  59 #define SERVER_ACL_H__
  60
  61 #include <admin.h> /* SUNWresync121 XXX */
  62
  63 /*
  64  * Debug definitions.
  65  */
  66 #define DEBUG_SPROC     1
  67 #define DEBUG_OPERATION 2
  68 #define DEBUG_HOST      4
  69 #define DEBUG_REALM     8
  70 #define DEBUG_REQUESTS  16
  71 #define DEBUG_ACL       32
  72 #define DEBUG_PROTO     64
  73 #define DEBUG_CALLS     128
  74 #define DEBUG_NOSLAVES  256
  75 #ifdef  DEBUG
  76 #define DPRINT(l1, cl, al)      if ((cl & l1) != 0) printf al
  77 #else   /* DEBUG */
  78 #define DPRINT(l1, cl, al)
  79 #endif  /* DEBUG */
  80 #define DLOG(l1, cl, msg)       if ((cl & l1) != 0)     \
  81                                         com_err(programname, 0, msg)
  82
  83 /*
  84  * Access control bits.
  85  */
  86 #define ACL_INQUIRE             1       /* GET */
  87 #define ACL_ADD                 2
  88 #define ACL_MODIFY              4
  89 #define ACL_DELETE              8
  90 #define ACL_LIST                16
  91 #define ACL_CHANGEPW            32
  92 /* #define ACL_CHANGE_OWN_PW    16 */
  93 /* #define ACL_EXTRACT          64 */
  94 #define ACL_SETKEY              256
  95 #define ACL_MIGRATE             512     /* pam_krb5_migrate */
  96 #define ACL_IPROP               65536   /* SUNW IProp */
  97 #define ACL_RENAME              (ACL_ADD+ACL_DELETE)
  98
  99 #define ACL_ALL_MASK            (ACL_ADD        | \
 100                                  ACL_DELETE     | \
 101                                  ACL_MODIFY     | \
 102                                  ACL_CHANGEPW   | \
 103                                  ACL_INQUIRE    | \
 104                                  ACL_LIST       | \
 105                                  ACL_IPROP      | \
 106                                  ACL_MIGRATE    | \
 107                                  ACL_SETKEY)
 108
 109 typedef struct _restriction {
 110     long                mask;
 111     krb5_flags          require_attrs;
 112     krb5_flags          forbid_attrs;
 113     krb5_deltat         princ_lifetime;
 114     krb5_deltat         pw_lifetime;
 115     krb5_deltat         max_life;
 116     krb5_deltat         max_renewable_life;
 117     long                aux_attributes;
 118     char                *policy;
 119 } restriction_t;
 120
 121 krb5_error_code kadm5int_acl_init
 122         (krb5_context,
 123                    int,
 124                    char *);
 125 void kadm5int_acl_finish
 126         (krb5_context,
 127                    int);
 128 krb5_boolean kadm5int_acl_check
 129         (krb5_context,
 130                    gss_name_t,
 131                    krb5_int32,
 132                    krb5_principal,
 133                    restriction_t **);
 134 krb5_error_code kadm5int_acl_impose_restrictions
 135         (krb5_context,
 136                    kadm5_principal_ent_rec *,
 137                    long *,
 138                    restriction_t *);
 139 #endif  /* SERVER_ACL_H__ */
 140 #ifdef  __cplusplus
 141 }
 142 #endif
 143