include/krb5/ccselect_plugin.h

0001 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
0002 /*
0003  * Copyright (C) 2011 by the Massachusetts Institute of Technology.
0004  * All rights reserved.
0005  *
0006  * Export of this software from the United States of America may
0007  *   require a specific license from the United States Government.
0008  *   It is the responsibility of any person or organization contemplating
0009  *   export to obtain such a license before exporting.
0010  *
0011  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
0012  * distribute this software and its documentation for any purpose and
0013  * without fee is hereby granted, provided that the above copyright
0014  * notice appear in all copies and that both that copyright notice and
0015  * this permission notice appear in supporting documentation, and that
0016  * the name of M.I.T. not be used in advertising or publicity pertaining
0017  * to distribution of the software without specific, written prior
0018  * permission.  Furthermore if you modify this software you must label
0019  * your software as modified software and not distribute it in such a
0020  * fashion that it might be confused with the original M.I.T. software.
0021  * M.I.T. makes no representations about the suitability of
0022  * this software for any purpose.  It is provided "as is" without express
0023  * or implied warranty.
0024  */
0025
0026 /*
0027  * Declarations for credential cache selection module implementors.
0028  *
0029  * The ccselect pluggable interface currently has only one supported major
0030  * version, which is 1.  Major version 1 has a current minor version number of
0031  * 1.
0032  *
0033  * Credential cache selection modules should define a function named
0034  * ccselect_<modulename>_initvt, matching the signature:
0035  *
0036  *   krb5_error_code
0037  *   ccselect_modname_initvt(krb5_context context, int maj_ver, int min_ver,
0038  *                           krb5_plugin_vtable vtable);
0039  *
0040  * The initvt function should:
0041  *
0042  * - Check that the supplied maj_ver number is supported by the module, or
0043  *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
0044  *
0045  * - Cast the vtable pointer as appropriate for maj_ver:
0046  *     maj_ver == 1: Cast to krb5_ccselect_vtable
0047  *
0048  * - Initialize the methods of the vtable, stopping as appropriate for the
0049  *   supplied min_ver.  Optional methods may be left uninitialized.
0050  *
0051  * Memory for the vtable is allocated by the caller, not by the module.
0052  */
0053
0054 #ifndef KRB5_CCSELECT_PLUGIN_H
0055 #define KRB5_CCSELECT_PLUGIN_H
0056
0057 #include <krb5/krb5.h>
0058 #include <krb5/plugin.h>
0059
0060 /* An abstract type for credential cache selection module data. */
0061 typedef struct krb5_ccselect_moddata_st *krb5_ccselect_moddata;
0062
0063 #define KRB5_CCSELECT_PRIORITY_AUTHORITATIVE 2
0064 #define KRB5_CCSELECT_PRIORITY_HEURISTIC     1
0065
0066 /*** Method type declarations ***/
0067
0068 /*
0069  * Mandatory: Initialize module data and set *priority_out to one of the
0070  * KRB5_CCSELECT_PRIORITY constants above.  Authoritative modules will be
0071  * consulted before heuristic ones.
0072  */
0073 typedef krb5_error_code
0074 (*krb5_ccselect_init_fn)(krb5_context context, krb5_ccselect_moddata *data_out,
0075                          int *priority_out);
0076
0077 /*
0078  * Mandatory: Select a cache based on a server principal.  Return 0 on success,
0079  * with *cache_out set to the selected cache and *princ_out set to its default
0080  * principal.  Return KRB5_PLUGIN_NO_HANDLE to defer to other modules.  Return
0081  * KRB5_CC_NOTFOUND with *princ_out set if the client principal can be
0082  * authoritatively determined but no cache exists for it.  Return other errors
0083  * as appropriate.
0084  */
0085 typedef krb5_error_code
0086 (*krb5_ccselect_choose_fn)(krb5_context context, krb5_ccselect_moddata data,
0087                            krb5_principal server, krb5_ccache *cache_out,
0088                            krb5_principal *princ_out);
0089
0090 /* Optional: Release resources used by module data. */
0091 typedef void
0092 (*krb5_ccselect_fini_fn)(krb5_context context, krb5_ccselect_moddata data);
0093
0094 /*** vtable declarations **/
0095
0096 /* Credential cache selection plugin vtable for major version 1. */
0097 typedef struct krb5_ccselect_vtable_st {
0098     const char *name;           /* Mandatory: name of module. */
0099     krb5_ccselect_init_fn init;
0100     krb5_ccselect_choose_fn choose;
0101     krb5_ccselect_fini_fn fini;
0102     /* Minor version 1 ends here. */
0103 } *krb5_ccselect_vtable;
0104
0105 #endif /* KRB5_CCSELECT_PLUGIN_H */