/* * Copyright (c) 2005,2006 Secure Endpoints Inc. * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without * restriction, including without limitation the rights to use, copy, * modify, merge, publish, distribute, sublicense, and/or sell copies * of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ /* $Id$ */ #ifndef __AFSPLUGIN_EXT_H #define __AFSPLUGIN_EXT_H /*! \defgroup afs_ext OpenAFS Plugin extensions This section documents messages and data structures used by AFS extension plugins. These are plugins which augment the behavior of the AFS plugin. When performing specific tasks for NetIDMgr, the AFS plugin will send out messages to the extension plugins either via broadcast or unicast. The extension plugins provide functionality by responding to these messages. @{*/ #define MAXCELLCHARS 256 #define MAXHOSTCHARS 256 #define MAXHOSTSPERCELL 8 #define TRANSARCAFSDAEMON "TransarcAFSDaemon" #define AFS_TOKENNAME_AUTO L"Auto" #define AFS_TOKENNAME_KRB5 L"Kerberos5" #define AFS_TOKENNAME_KRB524 L"Kerberos524" #define AFS_TOKENNAME_KRB4 L"Kerberos4" /*! \brief An AFS token acquisition method identifier This takes on a value from ::afs_token_method or a token acquisition method identifier assigned to an extension plugin. */ typedef khm_int32 afs_tk_method; /*! \brief Predefined token acquisition methods */ enum afs_token_method { AFS_TOKEN_AUTO = 0, /*!< Automatic. This method iterates through Krb5, Krb524, Krb4 and then any extensions which provide token acquisition methods until one of them succeeds. */ AFS_TOKEN_KRB5, /*!< Kerberos 5 */ AFS_TOKEN_KRB524, /*!< Kerberos 5 with krb524 translation */ AFS_TOKEN_KRB4, /*!< Kerberos 4 */ }; /*! \brief Version of the OpenAFS Plugin This is an internal number that identifies the version of the OpenAFS plugin API that this extension was built against. This number is specified when sending the ::AFS_MSG_ANNOUNCE message. */ #define AFS_PLUGIN_VERSION 0x0000001 /*! \name Messages The AFS plugin registers the message type named ::AFS_MSG_TYPENAME and sends messages of this type to notify any AFS extension plugins to notify them of various events. @{*/ /*! \brief Name of the AFS plugin message This message type is registered when the AFS plugin starts and is unregistered when the plugin stops. Use kmq_find_type() to find the type ID of this message type. */ #define AFS_MSG_TYPENAME L"AfsExtMessage" /*! \brief Announce an extension plugin Sent by an extension plugin to announce its existence to the AFS plugin. This message should be sent by the extension plugin when it has finished loading, and is the only message permitted to be sent by an extension. All other messages are sent by the AFS plugin. Since this message contains pointer parameters and there is no cleanup performed on this, the message should be sent using kmq_send_message().

Type	type ID of ::AFS_MSG_TYPENAME
Subtype	::AFS_MSG_ANNOUNCE
uparam	0
vparam	Pointer to a ::afs_msg_announce structure

\note This message is only sent from extension plugins to the AFS plugin. */ #define AFS_MSG_ANNOUNCE 1 /*! \brief Parameter structure for announcing an extension plugin \see ::AFS_MSG_ANNOUNCE */ typedef struct tag_afs_msg_announce_v1 { khm_size cbsize; /*!< Size of the strucutre. Set to \a sizeof(::afs_msg_announce). If there is a version skew between the AFS plugin and the extension, then this parameter will ensure that the AFS plugin understands the correct version of the structure. */ khm_ui_4 version; /*!< Version of the AFS plugin that the extension is compiled for. Set this to ::AFS_PLUGIN_VERSION. Depending on this value, the AFS plugin will either reject the extension or determine which set of messages and structures should be used to communicate with the extension. */ const wchar_t * name; /*!< Name of the extension. Should be unique among all AFS extension plugins. Size constrained by ::KHUI_MAXCCH_NAME*/ khm_handle sub; /*!< A valid subscription for unicast messages. This must have been created through kmq_create_subscription(). The supplied handle will be automatically released when the plugin exits. However, if the announcement message fails, then the extension has to release the handle itself. */ khm_boolean provide_token_acq; /*!< non-zero if the extension provides a token acquisition method. The \a token_acq substructure should be filled if this member is set to non-zero. */ struct { const wchar_t * short_desc; /*!< Short description of token acquisition method. (localized, required). Size is constrained by ::KHUI_MAXCCH_SHORT_DESC */ const wchar_t * long_desc; /*!< Long description. (localized, optional). Size is constrained by ::KHUI_MAXCCH_LONG_DESC */ afs_tk_method method_id; /*!< Once the message is processed, this will receive a new method identifier. The value of this field on entry is ignored. */ } token_acq; /*!< Registration information for token acquisition method. Only assumed to be valid if \a provide_token_acq is TRUE. */ } afs_msg_announce; /*! \brief Sent to all extensions to resolve the identity of a token If the identity and credentials acquisition method of an AFS token cannot be determined by the AFS plugin, this message is sent out to extension plugins to allow them a chance to resolve it. If the extension plugin successfully resolves the identity and token acquisition method of the specified token, it should return ::KHM_ERROR_SUCCESS. Otherwise it should return a failure code. The actual return code is not interpreted other than whether or not it passes the ::KHM_SUCCEEDED() test.

Type	type ID of ::AFS_MSG_TYPENAME
Subtype	::AFS_MSG_RESOLVE_TOKEN
uparam	0
vparam	Pointer to a ::afs_msg_resolve_token structure

\note This message is only sent from the AFS plugin to extension plugins \note Only sent if the extension plugin has ::provide_token_acq set. */ #define AFS_MSG_RESOLVE_TOKEN 2 /*! \brief Message structure for AFS_MSG_RESOLVE_TOKEN Other than the fields marked as \a [OUT], all other fields should be considered read-only and should not be modified. \see ::AFS_MSG_RESOLVE_TOKEN */ typedef struct tag_afs_msg_resolve_token_v1 { khm_size cbsize; /*!< Size of the structure. This will be set to \a sizeof(::afs_msg_resolve_token). */ const wchar_t * cell; /*!< Specifies the cell that the token belongs to. */ const struct ktc_token * token; /*!< The token */ const struct ktc_principal * serverp; /*!< Server principal */ const struct ktc_principal * clientp; /*!< Client principal */ khm_handle ident; /*!< [OUT] If the extension successfully resolves the identity, then it should assign a handle to the identity to this field and return ::KHM_ERROR_SUCCESS. The handle will be automatically freed by the AFS plugin. */ afs_tk_method method; /*!< [OUT] If the extension successfully resolves the identity, it should also assign the token acquisition method identifier to this field. The default method is ::AFS_TOKEN_AUTO. This field indicates the token acquisition method that was used to obtain the token and is used when the token needs to be renewed. */ } afs_msg_resolve_token; /*! \brief Sent to an extension plugin to obtain AFS tokens

Type	type ID of ::AFS_MSG_TYPENAME
Subtype	::AFS_MSG_KLOG
uparam	0
vparam	Pointer to a ::afs_msg_klog

\note Only sent from the AFS plugin to extension plugins \note Only sent to extension plugins which have ::provide_token_acq set. */ #define AFS_MSG_KLOG 3 /*! \brief Cell configuration information \see ::afs_msg_klog \note This structure uses ANSI char fields instead of unicode fields. */ typedef struct tag_afs_conf_cellA_v1 { khm_size cbsize; /*!< set to \a sizeof(afs_conf_cell) */ char name[MAXCELLCHARS]; /*!< Name of the cell */ short numServers; /*!< Number of servers for cell. Upper bound of MAXHOSTSPERCELL */ short flags; /*!< Not used. Set to zero. */ struct sockaddr_in hostAddr[MAXHOSTSPERCELL]; /*!< addresses for each server. There are \a numServers entries.*/ char hostName[MAXHOSTSPERCELL][MAXHOSTCHARS]; /*!< names of the servers. There are \a numServers entries. */ char * linkedCell; /*!< Not used. Set to zero. */ } afs_conf_cell; /*! \brief Message parameters for AFS_MSG_KLOG message \see ::AFS_MSG_KLOG \note This structure uses ANSI char fields instead of unicode fields. */ typedef struct tag_afs_msg_klogA_v1 { khm_size cbsize; /*!< Set to \a sizeof(afs_msg_klog) */ khm_handle identity; /*!< Handle to identity for which we are obtaining tokens. */ const char * service; /*!< Service name to use when obtaining token. This can be NULL if the service name has not be determined. */ const char * cell; /*!< Name of cell to obtain tokens for. Can be NULL if the local cell is to be used. */ const char * realm; /*!< Realm to use when obtaining tokens. Can be NULL if the realm has not been determined. */ const afs_conf_cell * cell_config; /*!< Cell configuration for the cell specified in \a cell. */ khm_int32 lifetime; /*!< Advisory lifetime specifier, in seconds. If set to zero, means there is no specification for lifetime. Extensions should feel free to ignore this parameter. */ } afs_msg_klog; /*!@}*/ /*!@}*/ #endif