/*
* Copyright (C) 1994-2021 Altair Engineering, Inc.
* For more information, contact Altair at www.altair.com.
*
* This file is part of both the OpenPBS software ("OpenPBS")
* and the PBS Professional ("PBS Pro") software.
*
* Open Source License Information:
*
* OpenPBS is free software. You can redistribute it and/or modify it under
* the terms of the GNU Affero General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your
* option) any later version.
*
* OpenPBS is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
* License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see .
*
* Commercial License Information:
*
* PBS Pro is commercially licensed software that shares a common core with
* the OpenPBS software. For a copy of the commercial license terms and
* conditions, go to: (http://www.pbspro.com/agreement.html) or contact the
* Altair Legal Department.
*
* Altair's dual-license business model allows companies, individuals, and
* organizations to create proprietary derivative works of OpenPBS and
* distribute them - whether embedded or bundled with other software -
* under a commercial license agreement.
*
* Use of Altair's trademarks, including but not limited to "PBS™",
* "OpenPBS®", "PBS Professional®", and "PBS Pro™" and Altair's logos is
* subject to Altair's trademark licensing policies.
*/
#ifndef RENEW_CREDS_H
#define RENEW_CREDS_H
#include /* the master config generated by configure */
#if defined(PBS_SECURITY) && (PBS_SECURITY == KRB5)
#include
#include "list_link.h"
#include "pbs_ifl.h"
#include "attribute.h"
#include "job.h"
#include "mom_mach.h"
#include "work_task.h"
#include
struct krb_holder;
/* cred actions */
#define CRED_SINGLESHOT 0
#define CRED_RENEWAL 1
#define CRED_SETENV 2
#define CRED_CLOSE 3
#define CRED_DESTROY 4
#define CRED_DATA_SIZE 4096
enum PBS_KRB5_ERRORS {
PBS_KRB5_OK = 0,
PBS_KRB5_ERR_INTERNAL,
PBS_KRB5_ERR_CONTEXT_INIT,
PBS_KRB5_ERR_GET_CREDS,
PBS_KRB5_ERR_NO_KRB_PRINC,
PBS_KRB5_ERR_NO_USERNAME,
PBS_KRB5_ERR_USER_NOT_FOUND,
PBS_KRB5_ERR_CANT_OPEN_FILE,
PBS_KRB5_ERR_KILL_PROCESS,
PBS_KRB5_LAST
};
struct krb_holder *alloc_ticket();
int init_ticket_from_job(job *pjob, const task *ptask, struct krb_holder *ticket, int cred_action);
int init_ticket_from_req(char *principal, char *jobid, struct krb_holder *ticket, int cred_action);
void free_ticket(struct krb_holder *ticket, int cred_action);
char *get_ticket_ccname(struct krb_holder *ticket);
int cred_by_job(job *pjob, int cred_action);
void renew_job_cred(job *pjob);
/* storage functions */
void store_or_update_cred(char *jobid, char *credid, int cred_type, krb5_data *data, char *data_base64, long validity);
void delete_cred(char *jobid);
void send_cred_sisters(job *pjob);
int im_cred_send(job *pjob, hnodent *xp, int stream);
int im_cred_read(job *pjob, hnodent *np, int stream);
#if defined(HAVE_LIBKAFS) || defined(HAVE_LIBKOPENAFS)
void singleshot_afslog(struct krb_holder *ticket);
int start_afslog(const task *ptask, struct krb_holder *ticket, int, int);
int signal_afslog(const task *ptask, int signal);
int32_t getpag();
#define AFSLOG_TERM(x) \
{ \
if (signal_afslog(x, SIGTERM)) \
log_record(PBSEVENT_ERROR, PBS_EVENTCLASS_JOB, LOG_ERR, x->ti_job->ji_qs.ji_jobid, "sending SIGTERM to afslog process failed"); \
}
#else
#define AFSLOG_TERM(x) \
{ \
}
#endif /* OpenAFS */
#endif
#endif /* RENEW_CREDS_H */