"Fossies" - the Fresh Open Source Software Archive

Member "krb5-1.18/src/lib/kadm5/admin.h" (12 Feb 2020, 20575 Bytes) of package /linux/misc/krb5-1.18.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "admin.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 1.17.1_vs_1.18.

    1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
    2 /* lib/kadm5/admin.h */
    3 /*
    4  * Copyright 2001, 2008 by the Massachusetts Institute of Technology.
    5  * All Rights Reserved.
    6  *
    7  * Export of this software from the United States of America may
    8  *   require a specific license from the United States Government.
    9  *   It is the responsibility of any person or organization contemplating
   10  *   export to obtain such a license before exporting.
   11  *
   12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
   13  * distribute this software and its documentation for any purpose and
   14  * without fee is hereby granted, provided that the above copyright
   15  * notice appear in all copies and that both that copyright notice and
   16  * this permission notice appear in supporting documentation, and that
   17  * the name of M.I.T. not be used in advertising or publicity pertaining
   18  * to distribution of the software without specific, written prior
   19  * permission.  Furthermore if you modify this software you must label
   20  * your software as modified software and not distribute it in such a
   21  * fashion that it might be confused with the original M.I.T. software.
   22  * M.I.T. makes no representations about the suitability of
   23  * this software for any purpose.  It is provided "as is" without express
   24  * or implied warranty.
   25  */
   26 /*
   27  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
   28  *
   29  * $Header$
   30  */
   31 
   32 /*
   33  * This API is not considered as stable as the main krb5 API.
   34  *
   35  * - We may make arbitrary incompatible changes between feature
   36  *   releases (e.g. from 1.7 to 1.8).
   37  * - We will make some effort to avoid making incompatible changes for
   38  *   bugfix releases, but will make them if necessary.
   39  */
   40 
   41 #ifndef __KADM5_ADMIN_H__
   42 #define __KADM5_ADMIN_H__
   43 
   44 #include        <sys/types.h>
   45 #include        <gssrpc/rpc.h>
   46 #include        <krb5.h>
   47 #include        <kdb.h>
   48 #include        <com_err.h>
   49 #include        <kadm5/kadm_err.h>
   50 #include        <kadm5/chpass_util_strings.h>
   51 
   52 #ifndef KADM5INT_BEGIN_DECLS
   53 #if defined(__cplusplus)
   54 #define KADM5INT_BEGIN_DECLS    extern "C" {
   55 #define KADM5INT_END_DECLS      }
   56 #else
   57 #define KADM5INT_BEGIN_DECLS
   58 #define KADM5INT_END_DECLS
   59 #endif
   60 #endif
   61 
   62 KADM5INT_BEGIN_DECLS
   63 
   64 #define KADM5_ADMIN_SERVICE     "kadmin/admin"
   65 #define KADM5_CHANGEPW_SERVICE  "kadmin/changepw"
   66 #define KADM5_HIST_PRINCIPAL    "kadmin/history"
   67 #define KADM5_KIPROP_HOST_SERVICE "kiprop"
   68 
   69 typedef krb5_principal  kadm5_princ_t;
   70 typedef char            *kadm5_policy_t;
   71 typedef long            kadm5_ret_t;
   72 
   73 #define KADM5_PW_FIRST_PROMPT                           \
   74     (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
   75 #define KADM5_PW_SECOND_PROMPT                                  \
   76     (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
   77 
   78 /*
   79  * Successful return code
   80  */
   81 #define KADM5_OK        0
   82 
   83 /*
   84  * Field masks
   85  */
   86 
   87 /* kadm5_principal_ent_t */
   88 #define KADM5_PRINCIPAL         0x000001
   89 #define KADM5_PRINC_EXPIRE_TIME 0x000002
   90 #define KADM5_PW_EXPIRATION     0x000004
   91 #define KADM5_LAST_PWD_CHANGE   0x000008
   92 #define KADM5_ATTRIBUTES        0x000010
   93 #define KADM5_MAX_LIFE          0x000020
   94 #define KADM5_MOD_TIME          0x000040
   95 #define KADM5_MOD_NAME          0x000080
   96 #define KADM5_KVNO              0x000100
   97 #define KADM5_MKVNO             0x000200
   98 #define KADM5_AUX_ATTRIBUTES    0x000400
   99 #define KADM5_POLICY            0x000800
  100 #define KADM5_POLICY_CLR        0x001000
  101 /* version 2 masks */
  102 #define KADM5_MAX_RLIFE         0x002000
  103 #define KADM5_LAST_SUCCESS      0x004000
  104 #define KADM5_LAST_FAILED       0x008000
  105 #define KADM5_FAIL_AUTH_COUNT   0x010000
  106 #define KADM5_KEY_DATA          0x020000
  107 #define KADM5_TL_DATA           0x040000
  108 #ifdef notyet /* Novell */
  109 #define KADM5_CPW_FUNCTION      0x080000
  110 #define KADM5_RANDKEY_USED      0x100000
  111 #endif
  112 #define KADM5_LOAD              0x200000
  113 #define KADM5_KEY_HIST          0x400000
  114 
  115 /* all but KEY_DATA, TL_DATA, LOAD */
  116 #define KADM5_PRINCIPAL_NORMAL_MASK 0x41ffff
  117 
  118 
  119 /* kadm5_policy_ent_t */
  120 #define KADM5_PW_MAX_LIFE               0x00004000
  121 #define KADM5_PW_MIN_LIFE               0x00008000
  122 #define KADM5_PW_MIN_LENGTH             0x00010000
  123 #define KADM5_PW_MIN_CLASSES            0x00020000
  124 #define KADM5_PW_HISTORY_NUM            0x00040000
  125 #define KADM5_REF_COUNT                 0x00080000
  126 #define KADM5_PW_MAX_FAILURE            0x00100000
  127 #define KADM5_PW_FAILURE_COUNT_INTERVAL 0x00200000
  128 #define KADM5_PW_LOCKOUT_DURATION       0x00400000
  129 #define KADM5_POLICY_ATTRIBUTES         0x00800000
  130 #define KADM5_POLICY_MAX_LIFE           0x01000000
  131 #define KADM5_POLICY_MAX_RLIFE          0x02000000
  132 #define KADM5_POLICY_ALLOWED_KEYSALTS   0x04000000
  133 #define KADM5_POLICY_TL_DATA            0x08000000
  134 
  135 /* kadm5_config_params */
  136 #define KADM5_CONFIG_REALM              0x00000001
  137 #define KADM5_CONFIG_DBNAME             0x00000002
  138 #define KADM5_CONFIG_MKEY_NAME          0x00000004
  139 #define KADM5_CONFIG_MAX_LIFE           0x00000008
  140 #define KADM5_CONFIG_MAX_RLIFE          0x00000010
  141 #define KADM5_CONFIG_EXPIRATION         0x00000020
  142 #define KADM5_CONFIG_FLAGS              0x00000040
  143 /*#define KADM5_CONFIG_ADMIN_KEYTAB       0x00000080*/
  144 #define KADM5_CONFIG_STASH_FILE         0x00000100
  145 #define KADM5_CONFIG_ENCTYPE            0x00000200
  146 #define KADM5_CONFIG_ADBNAME            0x00000400
  147 #define KADM5_CONFIG_ADB_LOCKFILE       0x00000800
  148 #define KADM5_CONFIG_KADMIND_LISTEN     0x00001000
  149 #define KADM5_CONFIG_ACL_FILE           0x00002000
  150 #define KADM5_CONFIG_KADMIND_PORT       0x00004000
  151 #define KADM5_CONFIG_ENCTYPES           0x00008000
  152 #define KADM5_CONFIG_ADMIN_SERVER       0x00010000
  153 #define KADM5_CONFIG_DICT_FILE          0x00020000
  154 #define KADM5_CONFIG_MKEY_FROM_KBD      0x00040000
  155 #define KADM5_CONFIG_KPASSWD_PORT       0x00080000
  156 #define KADM5_CONFIG_OLD_AUTH_GSSAPI    0x00100000
  157 #define KADM5_CONFIG_NO_AUTH            0x00200000
  158 #define KADM5_CONFIG_AUTH_NOFALLBACK    0x00400000
  159 #define KADM5_CONFIG_KPASSWD_LISTEN     0x00800000
  160 #define KADM5_CONFIG_IPROP_ENABLED      0x01000000
  161 #define KADM5_CONFIG_ULOG_SIZE          0x02000000
  162 #define KADM5_CONFIG_POLL_TIME          0x04000000
  163 #define KADM5_CONFIG_IPROP_LOGFILE      0x08000000
  164 #define KADM5_CONFIG_IPROP_PORT         0x10000000
  165 #define KADM5_CONFIG_KVNO               0x20000000
  166 #define KADM5_CONFIG_IPROP_RESYNC_TIMEOUT   0x40000000
  167 #define KADM5_CONFIG_IPROP_LISTEN       0x80000000
  168 /*
  169  * permission bits
  170  */
  171 #define KADM5_PRIV_GET          0x01
  172 #define KADM5_PRIV_ADD          0x02
  173 #define KADM5_PRIV_MODIFY       0x04
  174 #define KADM5_PRIV_DELETE       0x08
  175 
  176 /*
  177  * API versioning constants
  178  */
  179 #define KADM5_MASK_BITS         0xffffff00
  180 
  181 #define KADM5_STRUCT_VERSION_MASK       0x12345600
  182 #define KADM5_STRUCT_VERSION_1  (KADM5_STRUCT_VERSION_MASK|0x01)
  183 #define KADM5_STRUCT_VERSION    KADM5_STRUCT_VERSION_1
  184 
  185 #define KADM5_API_VERSION_MASK  0x12345700
  186 #define KADM5_API_VERSION_2     (KADM5_API_VERSION_MASK|0x02)
  187 #define KADM5_API_VERSION_3     (KADM5_API_VERSION_MASK|0x03)
  188 #define KADM5_API_VERSION_4     (KADM5_API_VERSION_MASK|0x04)
  189 
  190 typedef struct _kadm5_principal_ent_t {
  191     krb5_principal  principal;
  192     krb5_timestamp  princ_expire_time;
  193     krb5_timestamp  last_pwd_change;
  194     krb5_timestamp  pw_expiration;
  195     krb5_deltat     max_life;
  196     krb5_principal  mod_name;
  197     krb5_timestamp  mod_date;
  198     krb5_flags      attributes;
  199     krb5_kvno       kvno;
  200     krb5_kvno       mkvno;
  201     char            *policy;
  202     long            aux_attributes;
  203 
  204     /* version 2 fields */
  205     krb5_deltat max_renewable_life;
  206     krb5_timestamp last_success;
  207     krb5_timestamp last_failed;
  208     krb5_kvno fail_auth_count;
  209     krb5_int16 n_key_data;
  210     krb5_int16 n_tl_data;
  211     krb5_tl_data *tl_data;
  212     krb5_key_data *key_data;
  213 } kadm5_principal_ent_rec, *kadm5_principal_ent_t;
  214 
  215 typedef struct _kadm5_policy_ent_t {
  216     char            *policy;
  217     long            pw_min_life;
  218     long            pw_max_life;
  219     long            pw_min_length;
  220     long            pw_min_classes;
  221     long            pw_history_num;
  222     long            policy_refcnt;  /* no longer used */
  223 
  224     /* version 3 fields */
  225     krb5_kvno       pw_max_fail;
  226     krb5_deltat     pw_failcnt_interval;
  227     krb5_deltat     pw_lockout_duration;
  228 
  229     /* version 4 fields */
  230     krb5_flags      attributes;
  231     krb5_deltat     max_life;
  232     krb5_deltat     max_renewable_life;
  233     char            *allowed_keysalts;
  234     krb5_int16      n_tl_data;
  235     krb5_tl_data    *tl_data;
  236 } kadm5_policy_ent_rec, *kadm5_policy_ent_t;
  237 
  238 /*
  239  * Data structure returned by kadm5_get_config_params()
  240  */
  241 typedef struct _kadm5_config_params {
  242     long               mask;
  243     char *             realm;
  244     int                kadmind_port;
  245     int                kpasswd_port;
  246 
  247     char *             admin_server;
  248 #ifdef notyet /* Novell */ /* ABI change? */
  249     char *             kpasswd_server;
  250 #endif
  251 
  252     /* Deprecated except for db2 backwards compatibility.  Don't add
  253        new uses except as fallbacks for parameters that should be
  254        specified in the database module section of the config
  255        file.  */
  256     char *             dbname;
  257 
  258     char *             acl_file;
  259     char *             dict_file;
  260 
  261     int                mkey_from_kbd;
  262     char *             stash_file;
  263     char *             mkey_name;
  264     krb5_enctype       enctype;
  265     krb5_deltat        max_life;
  266     krb5_deltat        max_rlife;
  267     krb5_timestamp     expiration;
  268     krb5_flags         flags;
  269     krb5_key_salt_tuple *keysalts;
  270     krb5_int32         num_keysalts;
  271     krb5_kvno          kvno;
  272     bool_t              iprop_enabled;
  273     uint32_t            iprop_ulogsize;
  274     krb5_deltat         iprop_poll_time;
  275     char *              iprop_logfile;
  276 /*    char *            iprop_server;*/
  277     int                 iprop_port;
  278     int                 iprop_resync_timeout;
  279     char *              kadmind_listen;
  280     char *              kpasswd_listen;
  281     char *              iprop_listen;
  282 } kadm5_config_params;
  283 
  284 typedef struct _kadm5_key_data {
  285     krb5_kvno       kvno;
  286     krb5_keyblock   key;
  287     krb5_keysalt    salt;
  288 } kadm5_key_data;
  289 
  290 /*
  291  * functions
  292  */
  293 
  294 krb5_error_code kadm5_get_config_params(krb5_context context,
  295                                         int use_kdc_config,
  296                                         kadm5_config_params *params_in,
  297                                         kadm5_config_params *params_out);
  298 
  299 krb5_error_code kadm5_free_config_params(krb5_context context,
  300                                          kadm5_config_params *params);
  301 
  302 krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
  303                                              char *, size_t);
  304 
  305 /*
  306  * For all initialization functions, the caller must first initialize
  307  * a context with kadm5_init_krb5_context which will survive as long
  308  * as the resulting handle.  The caller should free the context with
  309  * krb5_free_context.
  310  */
  311 
  312 kadm5_ret_t    kadm5_init(krb5_context context, char *client_name,
  313                           char *pass, char *service_name,
  314                           kadm5_config_params *params,
  315                           krb5_ui_4 struct_version,
  316                           krb5_ui_4 api_version,
  317                           char **db_args,
  318                           void **server_handle);
  319 kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name,
  320                                  char *service_name,
  321                                  kadm5_config_params *params,
  322                                  krb5_ui_4 struct_version,
  323                                  krb5_ui_4 api_version,
  324                                  char **db_args,
  325                                  void **server_handle);
  326 kadm5_ret_t    kadm5_init_with_password(krb5_context context,
  327                                         char *client_name,
  328                                         char *pass,
  329                                         char *service_name,
  330                                         kadm5_config_params *params,
  331                                         krb5_ui_4 struct_version,
  332                                         krb5_ui_4 api_version,
  333                                         char **db_args,
  334                                         void **server_handle);
  335 kadm5_ret_t    kadm5_init_with_skey(krb5_context context,
  336                                     char *client_name,
  337                                     char *keytab,
  338                                     char *service_name,
  339                                     kadm5_config_params *params,
  340                                     krb5_ui_4 struct_version,
  341                                     krb5_ui_4 api_version,
  342                                     char **db_args,
  343                                     void **server_handle);
  344 kadm5_ret_t    kadm5_init_with_creds(krb5_context context,
  345                                      char *client_name,
  346                                      krb5_ccache cc,
  347                                      char *service_name,
  348                                      kadm5_config_params *params,
  349                                      krb5_ui_4 struct_version,
  350                                      krb5_ui_4 api_version,
  351                                      char **db_args,
  352                                      void **server_handle);
  353 kadm5_ret_t    kadm5_lock(void *server_handle);
  354 kadm5_ret_t    kadm5_unlock(void *server_handle);
  355 kadm5_ret_t    kadm5_flush(void *server_handle);
  356 kadm5_ret_t    kadm5_destroy(void *server_handle);
  357 kadm5_ret_t    kadm5_create_principal(void *server_handle,
  358                                       kadm5_principal_ent_t ent,
  359                                       long mask, char *pass);
  360 kadm5_ret_t    kadm5_create_principal_3(void *server_handle,
  361                                         kadm5_principal_ent_t ent,
  362                                         long mask,
  363                                         int n_ks_tuple,
  364                                         krb5_key_salt_tuple *ks_tuple,
  365                                         char *pass);
  366 kadm5_ret_t    kadm5_delete_principal(void *server_handle,
  367                                       krb5_principal principal);
  368 kadm5_ret_t    kadm5_modify_principal(void *server_handle,
  369                                       kadm5_principal_ent_t ent,
  370                                       long mask);
  371 kadm5_ret_t    kadm5_rename_principal(void *server_handle,
  372                                       krb5_principal,krb5_principal);
  373 kadm5_ret_t    kadm5_get_principal(void *server_handle,
  374                                    krb5_principal principal,
  375                                    kadm5_principal_ent_t ent,
  376                                    long mask);
  377 kadm5_ret_t    kadm5_chpass_principal(void *server_handle,
  378                                       krb5_principal principal,
  379                                       char *pass);
  380 kadm5_ret_t    kadm5_chpass_principal_3(void *server_handle,
  381                                         krb5_principal principal,
  382                                         krb5_boolean keepold,
  383                                         int n_ks_tuple,
  384                                         krb5_key_salt_tuple *ks_tuple,
  385                                         char *pass);
  386 kadm5_ret_t    kadm5_randkey_principal(void *server_handle,
  387                                        krb5_principal principal,
  388                                        krb5_keyblock **keyblocks,
  389                                        int *n_keys);
  390 kadm5_ret_t    kadm5_randkey_principal_3(void *server_handle,
  391                                          krb5_principal principal,
  392                                          krb5_boolean keepold,
  393                                          int n_ks_tuple,
  394                                          krb5_key_salt_tuple *ks_tuple,
  395                                          krb5_keyblock **keyblocks,
  396                                          int *n_keys);
  397 
  398 kadm5_ret_t    kadm5_setkey_principal(void *server_handle,
  399                                       krb5_principal principal,
  400                                       krb5_keyblock *keyblocks,
  401                                       int n_keys);
  402 
  403 kadm5_ret_t    kadm5_setkey_principal_3(void *server_handle,
  404                                         krb5_principal principal,
  405                                         krb5_boolean keepold,
  406                                         int n_ks_tuple,
  407                                         krb5_key_salt_tuple *ks_tuple,
  408                                         krb5_keyblock *keyblocks,
  409                                         int n_keys);
  410 
  411 kadm5_ret_t    kadm5_setkey_principal_4(void *server_handle,
  412                                         krb5_principal principal,
  413                                         krb5_boolean keepold,
  414                                         kadm5_key_data *key_data,
  415                                         int n_key_data);
  416 
  417 kadm5_ret_t    kadm5_decrypt_key(void *server_handle,
  418                                  kadm5_principal_ent_t entry, krb5_int32
  419                                  ktype, krb5_int32 stype, krb5_int32
  420                                  kvno, krb5_keyblock *keyblock,
  421                                  krb5_keysalt *keysalt, int *kvnop);
  422 
  423 kadm5_ret_t    kadm5_create_policy(void *server_handle,
  424                                    kadm5_policy_ent_t ent,
  425                                    long mask);
  426 kadm5_ret_t    kadm5_delete_policy(void *server_handle,
  427                                    kadm5_policy_t policy);
  428 kadm5_ret_t    kadm5_modify_policy(void *server_handle,
  429                                    kadm5_policy_ent_t ent,
  430                                    long mask);
  431 kadm5_ret_t    kadm5_get_policy(void *server_handle,
  432                                 kadm5_policy_t policy,
  433                                 kadm5_policy_ent_t ent);
  434 kadm5_ret_t    kadm5_get_privs(void *server_handle,
  435                                long *privs);
  436 
  437 kadm5_ret_t    kadm5_chpass_principal_util(void *server_handle,
  438                                            krb5_principal princ,
  439                                            char *new_pw,
  440                                            char **ret_pw,
  441                                            char *msg_ret,
  442                                            unsigned int msg_len);
  443 
  444 kadm5_ret_t    kadm5_free_principal_ent(void *server_handle,
  445                                         kadm5_principal_ent_t
  446                                         ent);
  447 kadm5_ret_t    kadm5_free_policy_ent(void *server_handle,
  448                                      kadm5_policy_ent_t ent);
  449 
  450 kadm5_ret_t    kadm5_get_principals(void *server_handle,
  451                                     char *exp, char ***princs,
  452                                     int *count);
  453 
  454 kadm5_ret_t    kadm5_get_policies(void *server_handle,
  455                                   char *exp, char ***pols,
  456                                   int *count);
  457 
  458 kadm5_ret_t    kadm5_free_key_data(void *server_handle,
  459                                    krb5_int16 *n_key_data,
  460                                    krb5_key_data *key_data);
  461 
  462 kadm5_ret_t    kadm5_free_name_list(void *server_handle, char **names,
  463                                     int count);
  464 
  465 krb5_error_code kadm5_init_krb5_context (krb5_context *);
  466 
  467 krb5_error_code kadm5_init_iprop(void *server_handle, char **db_args);
  468 
  469 kadm5_ret_t    kadm5_get_principal_keys(void *server_handle,
  470                                         krb5_principal principal,
  471                                         krb5_kvno kvno,
  472                                         kadm5_key_data **key_data,
  473                                         int *n_key_data);
  474 
  475 kadm5_ret_t    kadm5_purgekeys(void *server_handle,
  476                                krb5_principal principal,
  477                                int keepkvno);
  478 
  479 kadm5_ret_t    kadm5_get_strings(void *server_handle,
  480                                  krb5_principal principal,
  481                                  krb5_string_attr **strings_out,
  482                                  int *count_out);
  483 
  484 kadm5_ret_t    kadm5_set_string(void *server_handle,
  485                                 krb5_principal principal,
  486                                 const char *key,
  487                                 const char *value);
  488 
  489 kadm5_ret_t    kadm5_free_strings(void *server_handle,
  490                                   krb5_string_attr *strings,
  491                                   int count);
  492 
  493 kadm5_ret_t    kadm5_free_kadm5_key_data(krb5_context context, int n_key_data,
  494                                          kadm5_key_data *key_data);
  495 
  496 KADM5INT_END_DECLS
  497 
  498 #endif /* __KADM5_ADMIN_H__ */