kerberos/krb5_interface.h

// Copyright 2019 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef KERBEROS_KRB5_INTERFACE_H_
#define KERBEROS_KRB5_INTERFACE_H_

#include <string>

#include <base/compiler_specific.h>
#include <base/macros.h>

#include "kerberos/proto_bindings/kerberos_service.pb.h"

namespace base {
class FilePath;
}

namespace kerberos {

class Krb5Interface {
 public:
  Krb5Interface() = default;
  Krb5Interface(const Krb5Interface&) = delete;
  Krb5Interface& operator=(const Krb5Interface&) = delete;

  virtual ~Krb5Interface() = default;

  // Ticket-granting-ticket status, see GetTgtStatus().
  struct TgtStatus {
    // For how many seconds the ticket is still valid.
    int64_t validity_seconds = 0;

    // For how many seconds the ticket can be renewed.
    int64_t renewal_seconds = 0;

    constexpr TgtStatus() = default;

    constexpr TgtStatus(int64_t validity_seconds, int64_t renewal_seconds)
        : validity_seconds(validity_seconds),
          renewal_seconds(renewal_seconds) {}

    bool operator==(const TgtStatus& other) const {
      return validity_seconds == other.validity_seconds &&
             renewal_seconds == other.renewal_seconds;
    }
    bool operator!=(const TgtStatus& other) const { return !(*this == other); }
  };

  // Gets a Kerberos ticket-granting-ticket for the given |principal_name|
  // (user@REALM.COM). |password| is the password for the Kerberos account.
  // |krb5cc_path| is the file path where the Kerberos credential cache (i.e.
  // the TGT) is written to. |krb5conf_path| is the path to a Kerberos
  // configuration file (krb5.conf).
  virtual ErrorType AcquireTgt(const std::string& principal_name,
                               const std::string& password,
                               const base::FilePath& krb5cc_path,
                               const base::FilePath& krb5conf_path)
      WARN_UNUSED_RESULT = 0;

  // Renews an existing Kerberos ticket-granting-ticket for the given
  // |principal_name| (user@REALM.COM). |krb5cc_path| is the file path of the
  // Kerberos credential cache. |krb5conf_path| is the path to a Kerberos
  // configuration file (krb5.conf).
  virtual ErrorType RenewTgt(const std::string& principal_name,
                             const base::FilePath& krb5cc_path,
                             const base::FilePath& krb5conf_path)
      WARN_UNUSED_RESULT = 0;

  // Gets some stats about the ticket-granting-ticket in the credential cache
  // at |krb5cc_path|.
  virtual ErrorType GetTgtStatus(const base::FilePath& krb5cc_path,
                                 TgtStatus* status) WARN_UNUSED_RESULT = 0;

  // Validates the Kerberos configuration data |krb5conf|. If the config has
  // syntax errors or uses non-whitelisted options, returns ERROR_BAD_CONFIG
  // and fills |error_info| with error information.
  virtual ErrorType ValidateConfig(const std::string& krb5conf,
                                   ConfigErrorInfo* error_info)
      WARN_UNUSED_RESULT = 0;
};

}  // namespace kerberos

#endif  // KERBEROS_KRB5_INTERFACE_H_