| // Copyright 2019 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef KERBEROS_TGT_RENEWAL_SCHEDULER_H_ |
| #define KERBEROS_TGT_RENEWAL_SCHEDULER_H_ |
| |
| #include <string> |
| |
| #include <base/cancelable_callback.h> |
| #include <base/files/file_path.h> |
| #include <base/macros.h> |
| |
| #include "kerberos/krb5_interface.h" |
| #include "kerberos/proto_bindings/kerberos_service.pb.h" |
| |
| namespace kerberos { |
| |
| // Schedules tasks for automatic Kerberos ticket-granting-ticket (TGT) renewal. |
| // If the ticket lifetime is 10 hours, schedules calls to delegate_->RenewTgt() |
| // after, 6h 0m, 8h 24m, 9h 21m, 9h 44m, 9h 53m and 9h 57m. |
| // |
| // After that, the class calls delegate_->NotifyTgtExpiration() with |
| // TgtExpiration::kAboutToExpire. If the device was turned off and the scheduled |
| // tasks could not be run and the ticket is already expired, calls |
| // delegate_->NotifyTgtExpiration() with TgtExpiration::kExpired. |
| class TgtRenewalScheduler { |
| public: |
| enum class TgtExpiration { kExpired, kAboutToExpire }; |
| |
| // Exposed for testing. |
| |
| // If a TGT is about to expire in less than this interval, notify Chrome about |
| // the expiration. |
| static constexpr int kExpirationHeadsUpTimeSeconds = 180; |
| static_assert(kExpirationHeadsUpTimeSeconds > 0, ""); |
| |
| // Fraction of the TGT validity lifetime to schedule automatic TGT renewal. |
| // For instance, if the TGT is valid for another 1000 seconds and the factor |
| // is 0.8, the TGT would be renewed after 800 seconds. Must be strictly |
| // between 0 and 1. |
| static constexpr float kTgtRenewValidityLifetimeFraction = 0.6f; |
| static_assert(kTgtRenewValidityLifetimeFraction > 0.0f, ""); |
| static_assert(kTgtRenewValidityLifetimeFraction < 1.0f, ""); |
| |
| class Delegate { |
| public: |
| virtual ~Delegate() = default; |
| |
| // Called by ScheduleRenewal() to query the lifetime of the TGT. |
| virtual ErrorType GetTgtStatus(const std::string& principal_name, |
| Krb5Interface::TgtStatus* tgt_status) = 0; |
| |
| // Called by RunScheduledTgtRenewal(). Should try to renew the ticket for |
| // |principal_name|. |
| virtual ErrorType RenewTgt(const std::string& principal_name) = 0; |
| |
| // Called when the TGT is expired or about to expire. |
| virtual void NotifyTgtExpiration(const std::string& principal_name, |
| TgtExpiration expiration) = 0; |
| }; |
| |
| TgtRenewalScheduler(const std::string& principal_name, Delegate* delegate); |
| |
| // If the ticket is valid and not about to expire soon, schedules |
| // RunScheduledTgtRenewal() with a delay of a fraction of the TGT's remaining |
| // lifetime. Otherwise, calls delegate_->NotifyTgtExpiration() if |
| // |notify_expiration| is true. |
| void ScheduleRenewal(bool notify_expiration); |
| |
| private: |
| // Callback scheduled to renew the TGT. Calls |delegate_->RenewTgt()| and |
| // reschedules. |
| void RunScheduledTgtRenewal(); |
| |
| // User principal name (user@EXAMPLE.COM) that corresponds to the TGT. |
| const std::string principal_name_; |
| |
| // Delegate for TGT renewal and expiry notification. Not owned. |
| Delegate* const delegate_; |
| |
| // Callback for scheduled renewal tasks. |
| base::CancelableClosure tgt_renewal_callback_; |
| |
| DISALLOW_COPY_AND_ASSIGN(TgtRenewalScheduler); |
| }; |
| |
| } // namespace kerberos |
| |
| #endif // KERBEROS_TGT_RENEWAL_SCHEDULER_H_ |