summaryrefslogtreecommitdiff
path: root/open-vm-tools/vgauth/lib/VGAuthInt.h
diff options
context:
space:
mode:
Diffstat (limited to 'open-vm-tools/vgauth/lib/VGAuthInt.h')
-rw-r--r--open-vm-tools/vgauth/lib/VGAuthInt.h323
1 files changed, 323 insertions, 0 deletions
diff --git a/open-vm-tools/vgauth/lib/VGAuthInt.h b/open-vm-tools/vgauth/lib/VGAuthInt.h
new file mode 100644
index 00000000..37b71179
--- /dev/null
+++ b/open-vm-tools/vgauth/lib/VGAuthInt.h
@@ -0,0 +1,323 @@
+/*********************************************************
+ * Copyright (C) 2011-2015 VMware, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation version 2.1 and no later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the Lesser GNU General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ *********************************************************/
+
+/*
+ * @file VGAuthInt.h
+ *
+ * Private functions and data types for client library.
+ */
+
+#ifndef _VGAUTHINT_H_
+#define _VGAUTHINT_H_
+
+#include "VGAuthBasicDefs.h"
+#include "VGAuthCommon.h"
+#include "VGAuthAuthentication.h"
+#include "VGAuthAlias.h"
+#include "audit.h"
+#include "prefs.h"
+
+#define VMW_TEXT_DOMAIN "VGAuthLib"
+#include "i18n.h"
+
+#ifdef _WIN32
+#include <windows.h>
+#else
+#include <unistd.h>
+#include <sys/types.h>
+#endif
+
+#include <glib.h>
+#include <glib/gstdio.h>
+
+/*
+ * Use this for any informational messages, eg "VGAuth initialized".
+ */
+#define Log g_message
+
+/*
+ * Use this for any error reporting, such as unexpected failures from APIs
+ * or bad input to VGAuth APIs.
+ */
+#define Warning g_warning
+
+/*
+ * Use this for any debugging messages.
+ */
+#define Debug g_debug
+
+
+/*
+ * Set this to be horribly inefficient but to be sure that nothing
+ * is assuming it will get a full packet as sent by a single syscall
+ * on the other end.
+ */
+#define NETWORK_FORCE_TINY_PACKETS 0
+
+
+/*
+ * State of the client/service communication channel
+ */
+typedef struct VCAGComm {
+ gboolean connected;
+ unsigned int sequenceNumber;
+ gchar *userName; // the user we're runing as, used for
+ // setting up the comm pipe permissions
+#ifdef UNITTEST
+ gboolean fileTest;
+ gboolean bufTest;
+
+ FILE *testFp;
+
+ char testBuffer[10240];
+ gsize bufLen;
+ gsize bufLoc;
+#endif
+
+#ifdef _WIN32
+ HANDLE hPipe;
+#else
+ int sock;
+#endif
+ char *pipeName;
+} VGAuthComm;
+
+struct VGAuthContext {
+ /*
+ * Needed for pam(3) initialization.
+ */
+ char *applicationName;
+
+ int numExtraParams;
+ VGAuthExtraParams *extraParams;
+
+#ifdef _WIN32
+ /*
+ * Used for authentication using SSPI, to track the SSPI challenge
+ * and response handshakes that are in progress.
+ */
+ GHashTable *sspiHandshakes;
+#endif
+
+ /*
+ *
+ * Connection data for keystore service, etc
+ */
+ VGAuthComm comm;
+
+ /*
+ * Impersonation state.
+ */
+ gboolean isImpersonating;
+
+ /*
+ * XXX optimization -- keep a comm channel alive for superuser?
+ *
+ * An app that just does validation would probably just be connected
+ * as root all the time anyways. But it could be useful for something
+ * that did both certstore work and validation.
+ */
+
+};
+
+
+typedef enum {
+ VGAUTH_HANDLE_FLAG_NONE = 0x0,
+ /* handle cannot be impersonated */
+ VGAUTH_HANDLE_FLAG_CAN_IMPERSONATE = 0x1,
+ /* handle cannot be used by CreateTicket */
+ VGAUTH_HANDLE_FLAG_CAN_CREATE_TICKET = 0x2,
+
+ /* normal handle */
+ VGAUTH_HANDLE_FLAG_NORMAL = (VGAUTH_HANDLE_FLAG_CAN_IMPERSONATE |
+ VGAUTH_HANDLE_FLAG_CAN_CREATE_TICKET),
+} VGAuthHandleFlag;
+
+
+typedef struct AuthDetails {
+ VGAuthUserHandleType type;
+ union {
+ struct {
+ char *subject;
+ VGAuthAliasInfo aliasInfo;
+ } samlData;
+ } val;
+} AuthDetails;
+
+struct VGAuthUserHandle {
+ char *userName;
+ VGAuthHandleFlag flags;
+ AuthDetails details;
+#ifdef _WIN32
+ HANDLE token;
+#else
+ uid_t uid;
+#endif
+};
+
+
+extern PrefHandle gPrefs;
+
+
+void VGAuth_AuditEvent(VGAuthContext *ctx,
+ gboolean isSuccess,
+ const char *fmt, ...) PRINTF_DECL(3, 4);
+
+gboolean VGAuth_IsRunningAsRoot(void);
+gchar *VGAuth_GetCurrentUsername(void);
+
+
+VGAuthError VGAuth_ConnectToServiceAsUser(VGAuthContext *ctx,
+ const char *userName);
+VGAuthError VGAuth_ConnectToServiceAsCurrentUser(VGAuthContext *ctx);
+gboolean VGAuth_IsConnectedToServiceAsUser(VGAuthContext *ctx,
+ const char *userName);
+gboolean VGAuth_IsConnectedToServiceAsAnyUser(VGAuthContext *ctx);
+
+VGAuthError VGAuth_InitConnection(VGAuthContext *ctx);
+VGAuthError VGAuth_CloseConnection(VGAuthContext *ctx);
+
+VGAuthError VGAuth_CommSendData(VGAuthContext *ctx,
+ gchar *request);
+
+VGAuthError VGAuth_CommReadData(VGAuthContext *ctx,
+ gsize *len,
+ gchar **response);
+
+VGAuthError VGAuth_SendConnectRequest(VGAuthContext *ctx);
+
+VGAuthError VGAuth_SendSessionRequest(VGAuthContext *ctx,
+ const char *userName,
+ char **pipeName); // OUT
+
+VGAuthError VGAuth_SendCreateTicketRequest(VGAuthContext *ctx,
+ VGAuthUserHandle *handle,
+ char **ticket); // OUT
+VGAuthError VGAuth_SendValidateTicketRequest(VGAuthContext *ctx,
+ const char *ticket,
+ VGAuthUserHandle **handle); // OUT
+VGAuthError VGAuth_SendRevokeTicketRequest(VGAuthContext *ctx,
+ const char *ticket);
+
+VGAuthError VGAuth_SendAddAliasRequest(VGAuthContext *ctx,
+ const char *userName,
+ gboolean addMappedLink,
+ const char *pemCert,
+ VGAuthAliasInfo *si);
+
+VGAuthError VGAuth_SendRemoveAliasRequest(VGAuthContext *ctx,
+ const char *userName,
+ const char *pemCert,
+ VGAuthSubject *subj);
+
+VGAuthError VGAuth_SendQueryUserAliasesRequest(VGAuthContext *ctx,
+ const char *userName,
+ int *num, // OUT
+ VGAuthUserAlias **uaList);// OUT
+
+VGAuthError VGAuth_SendQueryMappedAliasesRequest(VGAuthContext *ctx,
+ int *num, // OUT
+ VGAuthMappedAlias **maList); // OUT
+
+VGAuthError VGAuth_SendValidateSamlBearerTokenRequest(VGAuthContext *ctx,
+ gboolean validateOnly,
+ const char *samlToken,
+ const char *userName,
+ VGAuthUserHandle **userHandle);
+
+VGAuthError VGAuth_CreateHandleForUsername(VGAuthContext *ctx,
+ const char *userName,
+ VGAuthUserHandleType type,
+ HANDLE token,
+ VGAuthUserHandle **handle); // OUT
+
+VGAuthError VGAuth_SetUserHandleSamlInfo(VGAuthContext *ctx,
+ VGAuthUserHandle *handle,
+ const char *samlSubject,
+ VGAuthAliasInfo *si);
+
+VGAuthError VGAuthImpersonateImpl(VGAuthContext *ctx,
+ VGAuthUserHandle *handle);
+
+VGAuthError VGAuthEndImpersonationImpl(VGAuthContext *ctx);
+
+VGAuthError VGAuth_NetworkConnect(VGAuthContext *ctx);
+
+gboolean VGAuth_NetworkValidatePublicPipeOwner(VGAuthContext *ctx);
+
+VGAuthError VGAuth_NetworkWriteBytes(VGAuthContext *ctx,
+ gsize len,
+ gchar *buffer);
+
+VGAuthError VGAuth_NetworkReadBytes(VGAuthContext *ctx,
+ gsize *len,
+ gchar **buffer);
+
+
+VGAuthError VGAuthValidateUsernamePasswordImpl(VGAuthContext *ctx,
+ const char *userName,
+ const char *password,
+ VGAuthUserHandle **handle);
+
+#ifdef UNITTEST
+VGAuthError VGAuthComm_SetTestBufferInput(VGAuthContext *ctx,
+ const char *buffer);
+
+VGAuthError VGAuthComm_SetTestFileInput(VGAuthContext *ctx,
+ const char *filename);
+
+void VGAuth_UnitTestReplies(VGAuthContext *ctx);
+#endif
+
+#ifdef _WIN32
+VGAuthError VGAuth_MakeToken(VGAuthContext *ctx, const char *userName,
+ VGAuthUserHandleType type,
+ VGAuthUserHandle **handle);
+#endif
+
+VGAuthError VGAuthInitAuthentication(VGAuthContext *ctx);
+VGAuthError VGAuthInitAuthenticationPlatform(VGAuthContext *ctx);
+
+void VGAuthShutdownAuthentication(VGAuthContext *ctx);
+void VGAuthShutdownAuthenticationPlatform(VGAuthContext *ctx);
+
+VGAuthError VGAuthGenerateSSPIChallengeImpl(VGAuthContext *ctx,
+ size_t sspiRequestLen,
+ const unsigned char *sspiRequest,
+ unsigned int *id,
+ size_t *challengeLen,
+ unsigned char **challenge);
+
+VGAuthError VGAuthValdiateSSPIResponseImpl(VGAuthContext *ctx,
+ unsigned int id,
+ size_t responseLen,
+ const unsigned char *response,
+ VGAuthUserHandle **userHandle);
+
+#define VGAuthValidateExtraParams(numEP, ep) \
+ VGAuthValidateExtraParamsImpl(__FUNCTION__, (numEP), ep)
+
+VGAuthError VGAuthValidateExtraParamsImpl(const char *funcName,
+ int numExtraParams,
+ const VGAuthExtraParams *params);
+
+void VGAuth_FreeAliasInfoContents(VGAuthAliasInfo *si);
+void VGAuth_CopyAliasInfo(const VGAuthAliasInfo *src,
+ VGAuthAliasInfo *dst);
+
+#endif // _VGAUTHINT_H_
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-07 18:48:08 +0000