Path: blob/main/crypto/krb5/src/lib/kadm5/admin.h
105420 views
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */1/* lib/kadm5/admin.h */2/*3* Copyright 2001, 2008 by the Massachusetts Institute of Technology.4* All Rights Reserved.5*6* Export of this software from the United States of America may7* require a specific license from the United States Government.8* It is the responsibility of any person or organization contemplating9* export to obtain such a license before exporting.10*11* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and12* distribute this software and its documentation for any purpose and13* without fee is hereby granted, provided that the above copyright14* notice appear in all copies and that both that copyright notice and15* this permission notice appear in supporting documentation, and that16* the name of M.I.T. not be used in advertising or publicity pertaining17* to distribution of the software without specific, written prior18* permission. Furthermore if you modify this software you must label19* your software as modified software and not distribute it in such a20* fashion that it might be confused with the original M.I.T. software.21* M.I.T. makes no representations about the suitability of22* this software for any purpose. It is provided "as is" without express23* or implied warranty.24*/25/*26* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved27*28* $Header$29*/3031/*32* This API is not considered as stable as the main krb5 API.33*34* - We may make arbitrary incompatible changes between feature35* releases (e.g. from 1.7 to 1.8).36* - We will make some effort to avoid making incompatible changes for37* bugfix releases, but will make them if necessary.38*/3940#ifndef __KADM5_ADMIN_H__41#define __KADM5_ADMIN_H__4243#include <sys/types.h>44#include <gssrpc/rpc.h>45#include <krb5.h>46#include <kdb.h>47#include <com_err.h>48#include <kadm5/kadm_err.h>49#include <kadm5/chpass_util_strings.h>5051#ifndef KADM5INT_BEGIN_DECLS52#if defined(__cplusplus)53#define KADM5INT_BEGIN_DECLS extern "C" {54#define KADM5INT_END_DECLS }55#else56#define KADM5INT_BEGIN_DECLS57#define KADM5INT_END_DECLS58#endif59#endif6061KADM5INT_BEGIN_DECLS6263#define KADM5_ADMIN_SERVICE "kadmin/admin"64#define KADM5_CHANGEPW_SERVICE "kadmin/changepw"65#define KADM5_HIST_PRINCIPAL "kadmin/history"66#define KADM5_KIPROP_HOST_SERVICE "kiprop"6768typedef krb5_principal kadm5_princ_t;69typedef char *kadm5_policy_t;70typedef long kadm5_ret_t;7172#define KADM5_PW_FIRST_PROMPT \73(error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))74#define KADM5_PW_SECOND_PROMPT \75(error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))7677/*78* Successful return code79*/80#define KADM5_OK 08182/*83* Field masks84*/8586/* kadm5_principal_ent_t */87#define KADM5_PRINCIPAL 0x00000188#define KADM5_PRINC_EXPIRE_TIME 0x00000289#define KADM5_PW_EXPIRATION 0x00000490#define KADM5_LAST_PWD_CHANGE 0x00000891#define KADM5_ATTRIBUTES 0x00001092#define KADM5_MAX_LIFE 0x00002093#define KADM5_MOD_TIME 0x00004094#define KADM5_MOD_NAME 0x00008095#define KADM5_KVNO 0x00010096#define KADM5_MKVNO 0x00020097#define KADM5_AUX_ATTRIBUTES 0x00040098#define KADM5_POLICY 0x00080099#define KADM5_POLICY_CLR 0x001000100/* version 2 masks */101#define KADM5_MAX_RLIFE 0x002000102#define KADM5_LAST_SUCCESS 0x004000103#define KADM5_LAST_FAILED 0x008000104#define KADM5_FAIL_AUTH_COUNT 0x010000105#define KADM5_KEY_DATA 0x020000106#define KADM5_TL_DATA 0x040000107#ifdef notyet /* Novell */108#define KADM5_CPW_FUNCTION 0x080000109#define KADM5_RANDKEY_USED 0x100000110#endif111#define KADM5_LOAD 0x200000112#define KADM5_KEY_HIST 0x400000113114/* all but KEY_DATA, TL_DATA, LOAD */115#define KADM5_PRINCIPAL_NORMAL_MASK 0x41ffff116117118/* kadm5_policy_ent_t */119#define KADM5_PW_MAX_LIFE 0x00004000120#define KADM5_PW_MIN_LIFE 0x00008000121#define KADM5_PW_MIN_LENGTH 0x00010000122#define KADM5_PW_MIN_CLASSES 0x00020000123#define KADM5_PW_HISTORY_NUM 0x00040000124#define KADM5_REF_COUNT 0x00080000125#define KADM5_PW_MAX_FAILURE 0x00100000126#define KADM5_PW_FAILURE_COUNT_INTERVAL 0x00200000127#define KADM5_PW_LOCKOUT_DURATION 0x00400000128#define KADM5_POLICY_ATTRIBUTES 0x00800000129#define KADM5_POLICY_MAX_LIFE 0x01000000130#define KADM5_POLICY_MAX_RLIFE 0x02000000131#define KADM5_POLICY_ALLOWED_KEYSALTS 0x04000000132#define KADM5_POLICY_TL_DATA 0x08000000133134/* kadm5_config_params */135#define KADM5_CONFIG_REALM 0x00000001136#define KADM5_CONFIG_DBNAME 0x00000002137#define KADM5_CONFIG_MKEY_NAME 0x00000004138#define KADM5_CONFIG_MAX_LIFE 0x00000008139#define KADM5_CONFIG_MAX_RLIFE 0x00000010140#define KADM5_CONFIG_EXPIRATION 0x00000020141#define KADM5_CONFIG_FLAGS 0x00000040142/*#define KADM5_CONFIG_ADMIN_KEYTAB 0x00000080*/143#define KADM5_CONFIG_STASH_FILE 0x00000100144#define KADM5_CONFIG_ENCTYPE 0x00000200145#define KADM5_CONFIG_ADBNAME 0x00000400146#define KADM5_CONFIG_ADB_LOCKFILE 0x00000800147#define KADM5_CONFIG_KADMIND_LISTEN 0x00001000148#define KADM5_CONFIG_ACL_FILE 0x00002000149#define KADM5_CONFIG_KADMIND_PORT 0x00004000150#define KADM5_CONFIG_ENCTYPES 0x00008000151#define KADM5_CONFIG_ADMIN_SERVER 0x00010000152#define KADM5_CONFIG_DICT_FILE 0x00020000153#define KADM5_CONFIG_MKEY_FROM_KBD 0x00040000154#define KADM5_CONFIG_KPASSWD_PORT 0x00080000155#define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x00100000156#define KADM5_CONFIG_NO_AUTH 0x00200000157#define KADM5_CONFIG_AUTH_NOFALLBACK 0x00400000158#define KADM5_CONFIG_KPASSWD_LISTEN 0x00800000159#define KADM5_CONFIG_IPROP_ENABLED 0x01000000160#define KADM5_CONFIG_ULOG_SIZE 0x02000000161#define KADM5_CONFIG_POLL_TIME 0x04000000162#define KADM5_CONFIG_IPROP_LOGFILE 0x08000000163#define KADM5_CONFIG_IPROP_PORT 0x10000000164#define KADM5_CONFIG_KVNO 0x20000000165#define KADM5_CONFIG_IPROP_RESYNC_TIMEOUT 0x40000000166#define KADM5_CONFIG_IPROP_LISTEN 0x80000000167/*168* permission bits169*/170#define KADM5_PRIV_GET 0x01171#define KADM5_PRIV_ADD 0x02172#define KADM5_PRIV_MODIFY 0x04173#define KADM5_PRIV_DELETE 0x08174175/*176* API versioning constants177*/178#define KADM5_MASK_BITS 0xffffff00179180#define KADM5_STRUCT_VERSION_MASK 0x12345600181#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01)182#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1183184#define KADM5_API_VERSION_MASK 0x12345700185#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02)186#define KADM5_API_VERSION_3 (KADM5_API_VERSION_MASK|0x03)187#define KADM5_API_VERSION_4 (KADM5_API_VERSION_MASK|0x04)188189typedef struct _kadm5_principal_ent_t {190krb5_principal principal;191krb5_timestamp princ_expire_time;192krb5_timestamp last_pwd_change;193krb5_timestamp pw_expiration;194krb5_deltat max_life;195krb5_principal mod_name;196krb5_timestamp mod_date;197krb5_flags attributes;198krb5_kvno kvno;199krb5_kvno mkvno;200char *policy;201long aux_attributes;202203/* version 2 fields */204krb5_deltat max_renewable_life;205krb5_timestamp last_success;206krb5_timestamp last_failed;207krb5_kvno fail_auth_count;208krb5_int16 n_key_data;209krb5_int16 n_tl_data;210krb5_tl_data *tl_data;211krb5_key_data *key_data;212} kadm5_principal_ent_rec, *kadm5_principal_ent_t;213214typedef struct _kadm5_policy_ent_t {215char *policy;216long pw_min_life;217long pw_max_life;218long pw_min_length;219long pw_min_classes;220long pw_history_num;221long policy_refcnt; /* no longer used */222223/* version 3 fields */224krb5_kvno pw_max_fail;225krb5_deltat pw_failcnt_interval;226krb5_deltat pw_lockout_duration;227228/* version 4 fields */229krb5_flags attributes;230krb5_deltat max_life;231krb5_deltat max_renewable_life;232char *allowed_keysalts;233krb5_int16 n_tl_data;234krb5_tl_data *tl_data;235} kadm5_policy_ent_rec, *kadm5_policy_ent_t;236237/*238* Data structure returned by kadm5_get_config_params()239*/240typedef struct _kadm5_config_params {241long mask;242char * realm;243int kadmind_port;244int kpasswd_port;245246char * admin_server;247#ifdef notyet /* Novell */ /* ABI change? */248char * kpasswd_server;249#endif250251/* Deprecated except for db2 backwards compatibility. Don't add252new uses except as fallbacks for parameters that should be253specified in the database module section of the config254file. */255char * dbname;256257char * acl_file;258char * dict_file;259260int mkey_from_kbd;261char * stash_file;262char * mkey_name;263krb5_enctype enctype;264krb5_deltat max_life;265krb5_deltat max_rlife;266krb5_timestamp expiration;267krb5_flags flags;268krb5_key_salt_tuple *keysalts;269krb5_int32 num_keysalts;270krb5_kvno kvno;271bool_t iprop_enabled;272uint32_t iprop_ulogsize;273krb5_deltat iprop_poll_time;274char * iprop_logfile;275/* char * iprop_server;*/276int iprop_port;277int iprop_resync_timeout;278char * kadmind_listen;279char * kpasswd_listen;280char * iprop_listen;281} kadm5_config_params;282283typedef struct _kadm5_key_data {284krb5_kvno kvno;285krb5_keyblock key;286krb5_keysalt salt;287} kadm5_key_data;288289/*290* functions291*/292293/* The use_kdc_config parameter is no longer used, as configuration is294* retrieved from the context profile. */295krb5_error_code kadm5_get_config_params(krb5_context context,296int use_kdc_config,297kadm5_config_params *params_in,298kadm5_config_params *params_out);299300krb5_error_code kadm5_free_config_params(krb5_context context,301kadm5_config_params *params);302303krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,304char *, size_t);305306/*307* For all initialization functions, the caller must first initialize308* a context with kadm5_init_krb5_context which will survive as long309* as the resulting handle. The caller should free the context with310* krb5_free_context.311*/312313kadm5_ret_t kadm5_init(krb5_context context, char *client_name,314char *pass, char *service_name,315kadm5_config_params *params,316krb5_ui_4 struct_version,317krb5_ui_4 api_version,318char **db_args,319void **server_handle);320kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name,321char *service_name,322kadm5_config_params *params,323krb5_ui_4 struct_version,324krb5_ui_4 api_version,325char **db_args,326void **server_handle);327kadm5_ret_t kadm5_init_with_password(krb5_context context,328char *client_name,329char *pass,330char *service_name,331kadm5_config_params *params,332krb5_ui_4 struct_version,333krb5_ui_4 api_version,334char **db_args,335void **server_handle);336kadm5_ret_t kadm5_init_with_skey(krb5_context context,337char *client_name,338char *keytab,339char *service_name,340kadm5_config_params *params,341krb5_ui_4 struct_version,342krb5_ui_4 api_version,343char **db_args,344void **server_handle);345kadm5_ret_t kadm5_init_with_creds(krb5_context context,346char *client_name,347krb5_ccache cc,348char *service_name,349kadm5_config_params *params,350krb5_ui_4 struct_version,351krb5_ui_4 api_version,352char **db_args,353void **server_handle);354kadm5_ret_t kadm5_lock(void *server_handle);355kadm5_ret_t kadm5_unlock(void *server_handle);356kadm5_ret_t kadm5_flush(void *server_handle);357kadm5_ret_t kadm5_destroy(void *server_handle);358kadm5_ret_t kadm5_create_principal(void *server_handle,359kadm5_principal_ent_t ent,360long mask, char *pass);361kadm5_ret_t kadm5_create_principal_3(void *server_handle,362kadm5_principal_ent_t ent,363long mask,364int n_ks_tuple,365krb5_key_salt_tuple *ks_tuple,366char *pass);367kadm5_ret_t kadm5_delete_principal(void *server_handle,368krb5_principal principal);369kadm5_ret_t kadm5_modify_principal(void *server_handle,370kadm5_principal_ent_t ent,371long mask);372kadm5_ret_t kadm5_rename_principal(void *server_handle,373krb5_principal,krb5_principal);374kadm5_ret_t kadm5_get_principal(void *server_handle,375krb5_principal principal,376kadm5_principal_ent_t ent,377long mask);378kadm5_ret_t kadm5_chpass_principal(void *server_handle,379krb5_principal principal,380char *pass);381kadm5_ret_t kadm5_chpass_principal_3(void *server_handle,382krb5_principal principal,383unsigned int keepold,384int n_ks_tuple,385krb5_key_salt_tuple *ks_tuple,386char *pass);387kadm5_ret_t kadm5_randkey_principal(void *server_handle,388krb5_principal principal,389krb5_keyblock **keyblocks,390int *n_keys);391kadm5_ret_t kadm5_randkey_principal_3(void *server_handle,392krb5_principal principal,393unsigned int keepold,394int n_ks_tuple,395krb5_key_salt_tuple *ks_tuple,396krb5_keyblock **keyblocks,397int *n_keys);398399kadm5_ret_t kadm5_setkey_principal(void *server_handle,400krb5_principal principal,401krb5_keyblock *keyblocks,402int n_keys);403404kadm5_ret_t kadm5_setkey_principal_3(void *server_handle,405krb5_principal principal,406unsigned int keepold,407int n_ks_tuple,408krb5_key_salt_tuple *ks_tuple,409krb5_keyblock *keyblocks,410int n_keys);411412kadm5_ret_t kadm5_setkey_principal_4(void *server_handle,413krb5_principal principal,414unsigned int keepold,415kadm5_key_data *key_data,416int n_key_data);417418kadm5_ret_t kadm5_decrypt_key(void *server_handle,419kadm5_principal_ent_t entry, krb5_int32420ktype, krb5_int32 stype, krb5_int32421kvno, krb5_keyblock *keyblock,422krb5_keysalt *keysalt, int *kvnop);423424kadm5_ret_t kadm5_create_policy(void *server_handle,425kadm5_policy_ent_t ent,426long mask);427kadm5_ret_t kadm5_delete_policy(void *server_handle,428kadm5_policy_t policy);429kadm5_ret_t kadm5_modify_policy(void *server_handle,430kadm5_policy_ent_t ent,431long mask);432kadm5_ret_t kadm5_get_policy(void *server_handle,433kadm5_policy_t policy,434kadm5_policy_ent_t ent);435kadm5_ret_t kadm5_get_privs(void *server_handle,436long *privs);437438kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,439krb5_principal princ,440char *new_pw,441char **ret_pw,442char *msg_ret,443unsigned int msg_len);444445kadm5_ret_t kadm5_free_principal_ent(void *server_handle,446kadm5_principal_ent_t447ent);448kadm5_ret_t kadm5_free_policy_ent(void *server_handle,449kadm5_policy_ent_t ent);450451kadm5_ret_t kadm5_get_principals(void *server_handle,452char *exp, char ***princs,453int *count);454455kadm5_ret_t kadm5_get_policies(void *server_handle,456char *exp, char ***pols,457int *count);458459kadm5_ret_t kadm5_free_key_data(void *server_handle,460krb5_int16 *n_key_data,461krb5_key_data *key_data);462463kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names,464int count);465466krb5_error_code kadm5_init_krb5_context (krb5_context *);467468krb5_error_code kadm5_init_iprop(void *server_handle, char **db_args);469470kadm5_ret_t kadm5_get_principal_keys(void *server_handle,471krb5_principal principal,472krb5_kvno kvno,473kadm5_key_data **key_data,474int *n_key_data);475476kadm5_ret_t kadm5_purgekeys(void *server_handle,477krb5_principal principal,478int keepkvno);479480kadm5_ret_t kadm5_get_strings(void *server_handle,481krb5_principal principal,482krb5_string_attr **strings_out,483int *count_out);484485kadm5_ret_t kadm5_set_string(void *server_handle,486krb5_principal principal,487const char *key,488const char *value);489490kadm5_ret_t kadm5_free_strings(void *server_handle,491krb5_string_attr *strings,492int count);493494kadm5_ret_t kadm5_free_kadm5_key_data(krb5_context context, int n_key_data,495kadm5_key_data *key_data);496497kadm5_ret_t kadm5_create_alias(void *server_handle, krb5_principal alias,498krb5_principal target);499500KADM5INT_END_DECLS501502#endif /* __KADM5_ADMIN_H__ */503504505