| // Copyright 2019 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef KERBEROS_KRB5_INTERFACE_H_ |
| #define KERBEROS_KRB5_INTERFACE_H_ |
| |
| #include <string> |
| |
| #include <base/compiler_specific.h> |
| #include <base/macros.h> |
| |
| #include "kerberos/proto_bindings/kerberos_service.pb.h" |
| |
| namespace base { |
| class FilePath; |
| } |
| |
| namespace kerberos { |
| |
| class Krb5Interface { |
| public: |
| Krb5Interface() = default; |
| Krb5Interface(const Krb5Interface&) = delete; |
| Krb5Interface& operator=(const Krb5Interface&) = delete; |
| |
| virtual ~Krb5Interface() = default; |
| |
| // Ticket-granting-ticket status, see GetTgtStatus(). |
| struct TgtStatus { |
| // For how many seconds the ticket is still valid. |
| int64_t validity_seconds = 0; |
| |
| // For how many seconds the ticket can be renewed. |
| int64_t renewal_seconds = 0; |
| |
| constexpr TgtStatus() = default; |
| |
| constexpr TgtStatus(int64_t validity_seconds, int64_t renewal_seconds) |
| : validity_seconds(validity_seconds), |
| renewal_seconds(renewal_seconds) {} |
| |
| bool operator==(const TgtStatus& other) const { |
| return validity_seconds == other.validity_seconds && |
| renewal_seconds == other.renewal_seconds; |
| } |
| bool operator!=(const TgtStatus& other) const { return !(*this == other); } |
| }; |
| |
| // Gets a Kerberos ticket-granting-ticket for the given |principal_name| |
| // (user@REALM.COM). |password| is the password for the Kerberos account. |
| // |krb5cc_path| is the file path where the Kerberos credential cache (i.e. |
| // the TGT) is written to. |krb5conf_path| is the path to a Kerberos |
| // configuration file (krb5.conf). |
| virtual ErrorType AcquireTgt(const std::string& principal_name, |
| const std::string& password, |
| const base::FilePath& krb5cc_path, |
| const base::FilePath& krb5conf_path) |
| WARN_UNUSED_RESULT = 0; |
| |
| // Renews an existing Kerberos ticket-granting-ticket for the given |
| // |principal_name| (user@REALM.COM). |krb5cc_path| is the file path of the |
| // Kerberos credential cache. |krb5conf_path| is the path to a Kerberos |
| // configuration file (krb5.conf). |
| virtual ErrorType RenewTgt(const std::string& principal_name, |
| const base::FilePath& krb5cc_path, |
| const base::FilePath& krb5conf_path) |
| WARN_UNUSED_RESULT = 0; |
| |
| // Gets some stats about the ticket-granting-ticket in the credential cache |
| // at |krb5cc_path|. |
| virtual ErrorType GetTgtStatus(const base::FilePath& krb5cc_path, |
| TgtStatus* status) WARN_UNUSED_RESULT = 0; |
| |
| // Validates the Kerberos configuration data |krb5conf|. If the config has |
| // syntax errors or uses non-allowlisted options, returns ERROR_BAD_CONFIG |
| // and fills |error_info| with error information. |
| virtual ErrorType ValidateConfig(const std::string& krb5conf, |
| ConfigErrorInfo* error_info) |
| WARN_UNUSED_RESULT = 0; |
| }; |
| |
| } // namespace kerberos |
| |
| #endif // KERBEROS_KRB5_INTERFACE_H_ |