1 /*****************************************************************************
2  *  Written by Chris Dunlap <cdunlap@llnl.gov>.
3  *  Copyright (C) 2007-2020 Lawrence Livermore National Security, LLC.
4  *  Copyright (C) 2002-2007 The Regents of the University of California.
5  *  UCRL-CODE-155910.
6  *
7  *  This file is part of the MUNGE Uid 'N' Gid Emporium (MUNGE).
8  *  For details, see <https://dun.github.io/munge/>.
9  *
10  *  MUNGE is free software: you can redistribute it and/or modify it under
11  *  the terms of the GNU General Public License as published by the Free
12  *  Software Foundation, either version 3 of the License, or (at your option)
13  *  any later version.  Additionally for the MUNGE library (libmunge), you
14  *  can redistribute it and/or modify it under the terms of the GNU Lesser
15  *  General Public License as published by the Free Software Foundation,
16  *  either version 3 of the License, or (at your option) any later version.
17  *
18  *  MUNGE is distributed in the hope that it will be useful, but WITHOUT
19  *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
20  *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
21  *  and GNU Lesser General Public License for more details.
22  *
23  *  You should have received a copy of the GNU General Public License
24  *  and GNU Lesser General Public License along with MUNGE.  If not, see
25  *  <http://www.gnu.org/licenses/>.
26  *****************************************************************************/
27 
28 
29 #ifndef MUNGE_DEFS_H
30 #define MUNGE_DEFS_H
31 
32 #if HAVE_CONFIG_H
33 #  include "config.h"
34 #endif /* HAVE_CONFIG_H */
35 
36 #include <munge.h>
37 
38 
39 /*  MUNGE credential prefix string.
40  */
41 #define MUNGE_CRED_PREFIX               "MUNGE:"
42 
43 /*  MUNGE credential suffix string.
44  */
45 #define MUNGE_CRED_SUFFIX               ":"
46 
47 /*  Amount of salt (in bytes) encoded into a credential.
48  */
49 #define MUNGE_CRED_SALT_LEN             8
50 
51 /*  Default munge_cipher_t for encrypting credentials.
52  *
53  *  2009-07-30: Do not default to MUNGE_CIPHER_AES256 since recent attacks show
54  *    it has a lower safety margin than AES128.  Currently, AES128 has no known
55  *    attack which is faster than 2^128.  However, the latest attack against
56  *    11-round AES256 requires only 2^70; note that full AES256 has 14 rounds.
57  *    <http://www.schneier.com/blog/archives/2009/07/another_new_aes.html>
58  */
59 #if HAVE_OPENSSL && !HAVE_EVP_AES_128_CBC
60 #  define MUNGE_DEFAULT_CIPHER          MUNGE_CIPHER_CAST5
61 #else  /* !HAVE_OPENSSL || HAVE_EVP_AES_128_CBC */
62 #  define MUNGE_DEFAULT_CIPHER          MUNGE_CIPHER_AES128
63 #endif /* !HAVE_OPENSSL || HAVE_EVP_AES_128_CBC */
64 
65 /*  Default munge_mac_t for validating credentials.
66  *    This should NEVER be set to MUNGE_MAC_NONE.
67  */
68 #if HAVE_OPENSSL && !HAVE_EVP_SHA256
69 #  define MUNGE_DEFAULT_MAC             MUNGE_MAC_SHA1
70 #else  /* !HAVE_OPENSSL || HAVE_EVP_SHA256 */
71 #  define MUNGE_DEFAULT_MAC             MUNGE_MAC_SHA256
72 #endif /* !HAVE_OPENSSL || HAVE_EVP_SHA256 */
73 
74 /*  Default munge_zip_t for compressing credentials.
75  *    Compression incurs a substantial performance penalty.
76  *    Typical payloads are too small to achieve any compression.
77  */
78 #define MUNGE_DEFAULT_ZIP               MUNGE_ZIP_NONE
79 
80 /*  Integer for the default number of seconds before a credential expires.
81  */
82 #define MUNGE_DEFAULT_TTL               300
83 
84 /*  Integer for the maximum number of seconds before a credential expires.
85  */
86 #define MUNGE_MAXIMUM_TTL               3600
87 
88 /*  Integer for the maximum size (in bytes) of a cipher block.
89  */
90 #define MUNGE_MAXIMUM_BLK_LEN           16
91 
92 /*  Integer for the maximum size (in bytes) of a cipher key.
93  */
94 #define MUNGE_MAXIMUM_KEY_LEN           32
95 
96 /*  Integer for the maximum size (in bytes) of a message digest (ie, SHA512).
97  */
98 #define MUNGE_MAXIMUM_MD_LEN            64
99 
100 /*  Integer for the minimum size (in bytes) of a message digest (ie, MD5).
101  */
102 #define MUNGE_MINIMUM_MD_LEN            16
103 
104 /*  Integer for the maximum size (in bytes) of a munge request message.
105  */
106 #define MUNGE_MAXIMUM_REQ_LEN           1048576
107 
108 /*  Flag to denote whether group information comes from "/etc/group".
109  *  If set, group information will not be updated unless this file
110  *    modification time changes.  If not set, the file modification time
111  *    will be ignored and group information will be updated via getgrent()
112  *    every time the "gids map" update timer expires.
113  */
114 #define MUNGE_GROUP_STAT_FLAG           1
115 
116 /*  Integer for the number of seconds between updating group information.
117  *  If set to 0, the GIDs mapping will be computed initially but never updated.
118  *  If set to -1, the GIDs mapping will be disabled altogether.
119  */
120 #define MUNGE_GROUP_UPDATE_SECS         3600
121 
122 /*  Integer for the number of seconds between purging the replay hash
123  *    of expired credentials.
124  */
125 #define MUNGE_REPLAY_PURGE_SECS         60
126 
127 /*  Number of attempts to signal a process before sending SIGKILL.
128  */
129 #define MUNGE_SIGNAL_ATTEMPTS           19
130 
131 /*  Starting number of milliseconds between signaling a process and checking
132  *    to see if it has responded (i.e., kicked the bucket, shuffled off this
133  *    mortal coil, run down the curtain, and joined the bleedin' choir
134  *    invisible).  The delay is further incremented by this amount after each
135  *    attempt.
136  */
137 #define MUNGE_SIGNAL_DELAY_MSECS        50
138 
139 /*  Socket backlog for the server listening on the unix domain socket.
140  */
141 #define MUNGE_SOCKET_BACKLOG            256
142 
143 /*  String specifying the unix domain socket pathname for client-server comms.
144  *  May be overridden in "config.h".
145  */
146 #ifndef MUNGE_SOCKET_NAME
147 #define MUNGE_SOCKET_NAME               RUNSTATEDIR "/munge/munge.socket.2"
148 #endif /* !MUNGE_SOCKET_NAME */
149 
150 /*  Number of attempts a client makes connecting to the server before failing.
151  */
152 #define MUNGE_SOCKET_CONNECT_ATTEMPTS   10
153 
154 /*  Number of milliseconds for the start of the linear back-off where the
155  *    client sleeps between attempts at retrying a connection to the unix
156  *    domain socket.
157  */
158 #define MUNGE_SOCKET_CONNECT_RETRY_MSECS        50
159 
160 /*  Flag to allow previously-decoded credentials to be retried.
161  *  If the client receives a socket error while communicating with the
162  *    server, it will retry the transaction up to MUNGE_SOCKET_RETRY_ATTEMPTS.
163  *    If such an error occurs after the credential has been inserted into the
164  *    replay hash, a subsequent retry will appear as a replayed credential.
165  *  If set, a previously-decoded credential will not be marked as being
166  *    replayed if the transaction is being retried.
167  */
168 #define MUNGE_SOCKET_RETRY_FLAG         1
169 
170 /*  Number of attempts a client makes communicating with the server for a
171  *    given credential transaction before failing.
172  */
173 #define MUNGE_SOCKET_RETRY_ATTEMPTS     5
174 
175 /*  Number of milliseconds for the start of the linear back-off where the
176  *    client sleeps between attempts at retrying a credential transaction.
177  */
178 #define MUNGE_SOCKET_RETRY_MSECS        10
179 
180 /*  Number of milliseconds until a socket read/write is timed-out.
181  */
182 #define MUNGE_SOCKET_TIMEOUT_MSECS      2000
183 
184 /*  Number of threads to create for processing credential requests.
185  */
186 #define MUNGE_THREADS                   2
187 
188 /*  Flag to allow root to decode any credential regardless of its
189  *    UID/GID restrictions.
190  */
191 #define MUNGE_AUTH_ROOT_ALLOW_FLAG      0
192 
193 /*  The directory in which the pipe used to authenticate a particular client
194  *    via fd-passing will be created.  The server must be able to create files
195  *    in this directory, but the client only needs to be able to read a file
196  *    from within it.  Recommended permissions for this directory are 0711.
197  */
198 #define MUNGE_AUTH_SERVER_DIR           LOCALSTATEDIR "/lib/munge"
199 
200 /*  The directory in which the file used to authenticate a particular client
201  *    via fd-passing will be created.  The client must be able to create files
202  *    in this directory.  Recommended permissions for this directory are 1733.
203  */
204 #define MUNGE_AUTH_CLIENT_DIR           "/tmp"
205 
206 /*  The amount of entropy (in bytes) to place in the filename of the pipe and
207  *    file used to authenticate a particular client via fd-passing.
208  */
209 #define MUNGE_AUTH_RND_BYTES            16
210 
211 /*  Integer for the default length (in bytes) of a key.
212  */
213 #define MUNGE_KEY_LEN_DFL_BYTES         128
214 
215 /*  Integer for the maximum length (in bytes) of a key.
216  *  Note: Update src/mungekey/mungekey.8.in when changing this value.
217  */
218 #define MUNGE_KEY_LEN_MAX_BYTES         1024
219 
220 /*  Integer for the minimum length (in bytes) of a key.
221  *  Note: Update src/mungekey/mungekey.8.in when changing this value.
222  */
223 #define MUNGE_KEY_LEN_MIN_BYTES         32
224 
225 /*  String specifying the pathname of the daemon's keyfile.
226  */
227 #define MUNGE_KEYFILE_PATH              SYSCONFDIR "/munge/munge.key"
228 
229 /*  String specifying the pathname of the daemon's logfile.
230  */
231 #define MUNGE_LOGFILE_PATH              LOCALSTATEDIR "/log/munge/munged.log"
232 
233 /*  String specifying the pathname of the daemon's pidfile.
234  */
235 #define MUNGE_PIDFILE_PATH              RUNSTATEDIR "/munge/munged.pid"
236 
237 /*  String specifying the pathname of the daemon's PRNG seedfile.
238  */
239 #define MUNGE_SEEDFILE_PATH             LOCALSTATEDIR "/lib/munge/munged.seed"
240 
241 
242 #endif /* !MUNGE_DEFS_H */
243