ksu.h   [plain text]

/* 
 * Copyright (c) 1994 by the University of Southern California
 *
 * EXPORT OF THIS SOFTWARE from the United States of America may
 *     require a specific license from the United States Government.
 *     It is the responsibility of any person or organization contemplating
 *     export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute
 *     this software and its documentation in source and binary forms is
 *     hereby granted, provided that any documentation or other materials
 *     related to such distribution or use acknowledge that the software
 *     was developed by the University of Southern California. 
 *
 * DISCLAIMER OF WARRANTY.  THIS SOFTWARE IS PROVIDED "AS IS".  The
 *     University of Southern California MAKES NO REPRESENTATIONS OR
 *     WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
 *     limitation, the University of Southern California MAKES NO
 *     REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY
 *     PARTICULAR PURPOSE. The University of Southern
 *     California shall not be held liable for any liability nor for any
 *     direct, indirect, or consequential damages with respect to any
 *     claim by the user or distributor of the ksu software.
 *
 * KSU was writen by:  Ari Medvinsky, ari@isi.edu
 */

#include "k5-int.h"
#include "k5-util.h"
#include <stdio.h>
#include "com_err.h"
#include <sys/types.h> 
#include <sys/param.h>
#include <pwd.h>
#include <unistd.h>
#include <string.h>
#include <syslog.h>
/* <stdarg.h> or <varargs.h> is already included by com_err.h.  */

#define NO_TARGET_FILE '.'
#define SOURCE_USER_LOGIN "."

#define KRB5_DEFAULT_OPTIONS 0
#define KRB5_DEFAULT_TKT_LIFE 60*60*12 /* 12 hours */

#define KRB5_SECONDARY_CACHE "FILE:/tmp/krb5cc_"

#define KRB5_LOGIN_NAME ".k5login"
#define KRB5_USERS_NAME ".k5users"
#define USE_DEFAULT_REALM_NAME "."
#define PERMIT_ALL_COMMANDS "*" 
#define KRB5_SEC_BUFFSIZE 80
#define NOT_AUTHORIZED 1

#define CHUNK 3
#define CACHE_MODE 0600
#define MAX_CMD 2048 /* this is temp, should use realloc instead,          
			as done in most of the code */       
		      

extern int optind;
extern char * optarg;

/* globals */
extern char * prog_name;
extern int auth_debug;
extern int quiet;
extern char k5login_path[MAXPATHLEN];
extern char k5users_path[MAXPATHLEN];
extern char * gb_err;
/***********/

typedef struct opt_info{
	int opt;
	krb5_deltat lifetime;
	krb5_deltat rlife;
	int princ;
}opt_info;

/* krb_auth_su.c */
extern krb5_boolean krb5_auth_check
        (krb5_context, krb5_principal, char *, opt_info *,
		   char *, krb5_ccache, int *, uid_t);

extern krb5_boolean krb5_fast_auth
        (krb5_context, krb5_principal, krb5_principal, char *,
		   krb5_ccache);

extern krb5_boolean krb5_get_tkt_via_passwd 
	(krb5_context, krb5_ccache *, krb5_principal,
		   krb5_principal, opt_info *, krb5_boolean *);

extern void dump_principal 
	(krb5_context, char *, krb5_principal);

extern void plain_dump_principal 
	(krb5_context, krb5_principal);


extern krb5_error_code krb5_parse_lifetime
	(char *, long *);

extern krb5_error_code get_best_principal
	(krb5_context, char **, krb5_principal *);

/* ccache.c */
extern krb5_error_code krb5_ccache_copy
	(krb5_context, krb5_ccache, char *, krb5_principal, 
		   krb5_ccache *, krb5_boolean *, uid_t);

extern krb5_error_code krb5_store_all_creds
	(krb5_context, krb5_ccache, krb5_creds **, krb5_creds **);

extern krb5_error_code krb5_store_all_creds
	(krb5_context, krb5_ccache, krb5_creds **, krb5_creds **);

extern krb5_boolean compare_creds
	(krb5_context, krb5_creds *, krb5_creds *);

extern krb5_error_code krb5_get_nonexp_tkts
	(krb5_context, krb5_ccache, krb5_creds ***);

extern krb5_error_code krb5_check_exp
	(krb5_context, krb5_ticket_times);

extern char *flags_string (krb5_creds *);

extern krb5_error_code krb5_get_login_princ
	(const char *, char ***);

extern void show_credential
	(krb5_context, krb5_creds *, krb5_ccache);

extern int gen_sym (void);

extern krb5_error_code krb5_ccache_overwrite
	(krb5_context, krb5_ccache, krb5_ccache, krb5_principal);

extern krb5_error_code krb5_store_some_creds
	(krb5_context, krb5_ccache, krb5_creds **, krb5_creds **,
		   krb5_principal, krb5_boolean *);

extern krb5_error_code krb5_ccache_copy_restricted
	(krb5_context, krb5_ccache, char *, krb5_principal, 
		   krb5_ccache *, krb5_boolean *, uid_t);

extern krb5_error_code krb5_ccache_refresh
	(krb5_context, krb5_ccache);

extern krb5_error_code krb5_ccache_filter
	(krb5_context, krb5_ccache, krb5_principal);

extern krb5_boolean krb5_find_princ_in_cred_list
	(krb5_context, krb5_creds **, krb5_principal);

extern krb5_error_code krb5_find_princ_in_cache
	(krb5_context, krb5_ccache, krb5_principal, krb5_boolean *);

extern void printtime (time_t);

/* authorization.c */
extern krb5_boolean fowner (FILE *, uid_t);

extern krb5_error_code krb5_authorization
	(krb5_context, krb5_principal, const char *, char *, 
		   krb5_boolean *, char **);

extern krb5_error_code k5login_lookup (FILE *, char *,
						 krb5_boolean *);

extern krb5_error_code k5users_lookup 
	(FILE *, char *, char *, krb5_boolean *, char **);

extern krb5_boolean fcmd_resolve
	(char *, char ***, char **);

extern krb5_boolean cmd_single (char *);

extern int cmd_arr_cmp_postfix (char **, char *);

extern int cmd_arr_cmp (char **, char *);

extern krb5_boolean find_first_cmd_that_exists 
	(char **, char **, char **);

extern int match_commands 
	(char *, char *, krb5_boolean *, char **, char **);

extern krb5_error_code get_line (FILE *, char **);

extern char *  get_first_token (char *, char **);

extern char *  get_next_token (char **);

extern void init_auth_names (char *);

/* main.c */
extern void usage (void);

extern int standard_shell (char *);

extern krb5_error_code get_params (int *, int, char **, char ***);

extern char *get_dir_of_file (const char *);

/* heuristic.c */
extern krb5_error_code get_all_princ_from_file (FILE *, char ***);

extern krb5_error_code list_union (char **, char **, char ***);

extern krb5_error_code filter (FILE *, char *, char **, char ***);

extern krb5_error_code get_authorized_princ_names
	(const char *, char *, char ***);

extern krb5_error_code get_closest_principal 
	(krb5_context, char **, krb5_principal *, krb5_boolean *);

extern krb5_error_code find_either_ticket 
	(krb5_context, krb5_ccache, krb5_principal,
		krb5_principal, krb5_boolean *);

extern krb5_error_code find_ticket 
	(krb5_context, krb5_ccache, krb5_principal,
		krb5_principal, krb5_boolean *);


extern krb5_error_code find_princ_in_list
	(krb5_context, krb5_principal, char **, krb5_boolean *);

extern krb5_error_code get_best_princ_for_target
	(krb5_context, uid_t, uid_t, char *, char *, krb5_ccache, 
		opt_info *, char *, char *, krb5_principal *, int *);

extern krb5_error_code ksu_tgtname (krb5_context, const krb5_data *,
					      const krb5_data *, 
					      krb5_principal *tgtprinc);

#ifndef min
#define min(a,b) ((a) > (b) ? (b) : (a))
#endif /* min */


extern char *krb5_lname_file;  /* Note: print this out just be sure
				  that it gets set */   	    

extern void *xmalloc (size_t), 
    *xrealloc (void *, size_t), 
    *xcalloc (size_t, size_t);
extern char *xstrdup (const char *);

#ifndef HAVE_UNSETENV
void unsetenv (char *);
#endif