CoCalc -- admin.h

GitHub Repository: freebsd/freebsd-src
Path: blob/main/crypto/krb5/src/lib/kadm5/admin.h
³⁹⁵³⁷ views
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2
/* lib/kadm5/admin.h */
3
/*
4
 * Copyright 2001, 2008 by the Massachusetts Institute of Technology.
5
 * All Rights Reserved.
6
 *
7
 * Export of this software from the United States of America may
8
 *   require a specific license from the United States Government.
9
 *   It is the responsibility of any person or organization contemplating
10
 *   export to obtain such a license before exporting.
11
 *
12
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13
 * distribute this software and its documentation for any purpose and
14
 * without fee is hereby granted, provided that the above copyright
15
 * notice appear in all copies and that both that copyright notice and
16
 * this permission notice appear in supporting documentation, and that
17
 * the name of M.I.T. not be used in advertising or publicity pertaining
18
 * to distribution of the software without specific, written prior
19
 * permission.  Furthermore if you modify this software you must label
20
 * your software as modified software and not distribute it in such a
21
 * fashion that it might be confused with the original M.I.T. software.
22
 * M.I.T. makes no representations about the suitability of
23
 * this software for any purpose.  It is provided "as is" without express
24
 * or implied warranty.
25
 */
26
/*
27
 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
28
 *
29
 * $Header$
30
 */
31

32
/*
33
 * This API is not considered as stable as the main krb5 API.
34
 *
35
 * - We may make arbitrary incompatible changes between feature
36
 *   releases (e.g. from 1.7 to 1.8).
37
 * - We will make some effort to avoid making incompatible changes for
38
 *   bugfix releases, but will make them if necessary.
39
 */
40

41
#ifndef __KADM5_ADMIN_H__
42
#define __KADM5_ADMIN_H__
43

44
#include        <sys/types.h>
45
#include        <gssrpc/rpc.h>
46
#include        <krb5.h>
47
#include        <kdb.h>
48
#include        <com_err.h>
49
#include        <kadm5/kadm_err.h>
50
#include        <kadm5/chpass_util_strings.h>
51

52
#ifndef KADM5INT_BEGIN_DECLS
53
#if defined(__cplusplus)
54
#define KADM5INT_BEGIN_DECLS    extern "C" {
55
#define KADM5INT_END_DECLS      }
56
#else
57
#define KADM5INT_BEGIN_DECLS
58
#define KADM5INT_END_DECLS
59
#endif
60
#endif
61

62
KADM5INT_BEGIN_DECLS
63

64
#define KADM5_ADMIN_SERVICE     "kadmin/admin"
65
#define KADM5_CHANGEPW_SERVICE  "kadmin/changepw"
66
#define KADM5_HIST_PRINCIPAL    "kadmin/history"
67
#define KADM5_KIPROP_HOST_SERVICE "kiprop"
68

69
typedef krb5_principal  kadm5_princ_t;
70
typedef char            *kadm5_policy_t;
71
typedef long            kadm5_ret_t;
72

73
#define KADM5_PW_FIRST_PROMPT                           \
74
    (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
75
#define KADM5_PW_SECOND_PROMPT                                  \
76
    (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
77

78
/*
79
 * Successful return code
80
 */
81
#define KADM5_OK        0
82

83
/*
84
 * Field masks
85
 */
86

87
/* kadm5_principal_ent_t */
88
#define KADM5_PRINCIPAL         0x000001
89
#define KADM5_PRINC_EXPIRE_TIME 0x000002
90
#define KADM5_PW_EXPIRATION     0x000004
91
#define KADM5_LAST_PWD_CHANGE   0x000008
92
#define KADM5_ATTRIBUTES        0x000010
93
#define KADM5_MAX_LIFE          0x000020
94
#define KADM5_MOD_TIME          0x000040
95
#define KADM5_MOD_NAME          0x000080
96
#define KADM5_KVNO              0x000100
97
#define KADM5_MKVNO             0x000200
98
#define KADM5_AUX_ATTRIBUTES    0x000400
99
#define KADM5_POLICY            0x000800
100
#define KADM5_POLICY_CLR        0x001000
101
/* version 2 masks */
102
#define KADM5_MAX_RLIFE         0x002000
103
#define KADM5_LAST_SUCCESS      0x004000
104
#define KADM5_LAST_FAILED       0x008000
105
#define KADM5_FAIL_AUTH_COUNT   0x010000
106
#define KADM5_KEY_DATA          0x020000
107
#define KADM5_TL_DATA           0x040000
108
#ifdef notyet /* Novell */
109
#define KADM5_CPW_FUNCTION      0x080000
110
#define KADM5_RANDKEY_USED      0x100000
111
#endif
112
#define KADM5_LOAD              0x200000
113
#define KADM5_KEY_HIST          0x400000
114

115
/* all but KEY_DATA, TL_DATA, LOAD */
116
#define KADM5_PRINCIPAL_NORMAL_MASK 0x41ffff
117

118

119
/* kadm5_policy_ent_t */
120
#define KADM5_PW_MAX_LIFE               0x00004000
121
#define KADM5_PW_MIN_LIFE               0x00008000
122
#define KADM5_PW_MIN_LENGTH             0x00010000
123
#define KADM5_PW_MIN_CLASSES            0x00020000
124
#define KADM5_PW_HISTORY_NUM            0x00040000
125
#define KADM5_REF_COUNT                 0x00080000
126
#define KADM5_PW_MAX_FAILURE            0x00100000
127
#define KADM5_PW_FAILURE_COUNT_INTERVAL 0x00200000
128
#define KADM5_PW_LOCKOUT_DURATION       0x00400000
129
#define KADM5_POLICY_ATTRIBUTES         0x00800000
130
#define KADM5_POLICY_MAX_LIFE           0x01000000
131
#define KADM5_POLICY_MAX_RLIFE          0x02000000
132
#define KADM5_POLICY_ALLOWED_KEYSALTS   0x04000000
133
#define KADM5_POLICY_TL_DATA            0x08000000
134

135
/* kadm5_config_params */
136
#define KADM5_CONFIG_REALM              0x00000001
137
#define KADM5_CONFIG_DBNAME             0x00000002
138
#define KADM5_CONFIG_MKEY_NAME          0x00000004
139
#define KADM5_CONFIG_MAX_LIFE           0x00000008
140
#define KADM5_CONFIG_MAX_RLIFE          0x00000010
141
#define KADM5_CONFIG_EXPIRATION         0x00000020
142
#define KADM5_CONFIG_FLAGS              0x00000040
143
/*#define KADM5_CONFIG_ADMIN_KEYTAB       0x00000080*/
144
#define KADM5_CONFIG_STASH_FILE         0x00000100
145
#define KADM5_CONFIG_ENCTYPE            0x00000200
146
#define KADM5_CONFIG_ADBNAME            0x00000400
147
#define KADM5_CONFIG_ADB_LOCKFILE       0x00000800
148
#define KADM5_CONFIG_KADMIND_LISTEN     0x00001000
149
#define KADM5_CONFIG_ACL_FILE           0x00002000
150
#define KADM5_CONFIG_KADMIND_PORT       0x00004000
151
#define KADM5_CONFIG_ENCTYPES           0x00008000
152
#define KADM5_CONFIG_ADMIN_SERVER       0x00010000
153
#define KADM5_CONFIG_DICT_FILE          0x00020000
154
#define KADM5_CONFIG_MKEY_FROM_KBD      0x00040000
155
#define KADM5_CONFIG_KPASSWD_PORT       0x00080000
156
#define KADM5_CONFIG_OLD_AUTH_GSSAPI    0x00100000
157
#define KADM5_CONFIG_NO_AUTH            0x00200000
158
#define KADM5_CONFIG_AUTH_NOFALLBACK    0x00400000
159
#define KADM5_CONFIG_KPASSWD_LISTEN     0x00800000
160
#define KADM5_CONFIG_IPROP_ENABLED      0x01000000
161
#define KADM5_CONFIG_ULOG_SIZE          0x02000000
162
#define KADM5_CONFIG_POLL_TIME          0x04000000
163
#define KADM5_CONFIG_IPROP_LOGFILE      0x08000000
164
#define KADM5_CONFIG_IPROP_PORT         0x10000000
165
#define KADM5_CONFIG_KVNO               0x20000000
166
#define KADM5_CONFIG_IPROP_RESYNC_TIMEOUT   0x40000000
167
#define KADM5_CONFIG_IPROP_LISTEN       0x80000000
168
/*
169
 * permission bits
170
 */
171
#define KADM5_PRIV_GET          0x01
172
#define KADM5_PRIV_ADD          0x02
173
#define KADM5_PRIV_MODIFY       0x04
174
#define KADM5_PRIV_DELETE       0x08
175

176
/*
177
 * API versioning constants
178
 */
179
#define KADM5_MASK_BITS         0xffffff00
180

181
#define KADM5_STRUCT_VERSION_MASK       0x12345600
182
#define KADM5_STRUCT_VERSION_1  (KADM5_STRUCT_VERSION_MASK|0x01)
183
#define KADM5_STRUCT_VERSION    KADM5_STRUCT_VERSION_1
184

185
#define KADM5_API_VERSION_MASK  0x12345700
186
#define KADM5_API_VERSION_2     (KADM5_API_VERSION_MASK|0x02)
187
#define KADM5_API_VERSION_3     (KADM5_API_VERSION_MASK|0x03)
188
#define KADM5_API_VERSION_4     (KADM5_API_VERSION_MASK|0x04)
189

190
typedef struct _kadm5_principal_ent_t {
191
    krb5_principal  principal;
192
    krb5_timestamp  princ_expire_time;
193
    krb5_timestamp  last_pwd_change;
194
    krb5_timestamp  pw_expiration;
195
    krb5_deltat     max_life;
196
    krb5_principal  mod_name;
197
    krb5_timestamp  mod_date;
198
    krb5_flags      attributes;
199
    krb5_kvno       kvno;
200
    krb5_kvno       mkvno;
201
    char            *policy;
202
    long            aux_attributes;
203

204
    /* version 2 fields */
205
    krb5_deltat max_renewable_life;
206
    krb5_timestamp last_success;
207
    krb5_timestamp last_failed;
208
    krb5_kvno fail_auth_count;
209
    krb5_int16 n_key_data;
210
    krb5_int16 n_tl_data;
211
    krb5_tl_data *tl_data;
212
    krb5_key_data *key_data;
213
} kadm5_principal_ent_rec, *kadm5_principal_ent_t;
214

215
typedef struct _kadm5_policy_ent_t {
216
    char            *policy;
217
    long            pw_min_life;
218
    long            pw_max_life;
219
    long            pw_min_length;
220
    long            pw_min_classes;
221
    long            pw_history_num;
222
    long            policy_refcnt;  /* no longer used */
223

224
    /* version 3 fields */
225
    krb5_kvno       pw_max_fail;
226
    krb5_deltat     pw_failcnt_interval;
227
    krb5_deltat     pw_lockout_duration;
228

229
    /* version 4 fields */
230
    krb5_flags      attributes;
231
    krb5_deltat     max_life;
232
    krb5_deltat     max_renewable_life;
233
    char            *allowed_keysalts;
234
    krb5_int16      n_tl_data;
235
    krb5_tl_data    *tl_data;
236
} kadm5_policy_ent_rec, *kadm5_policy_ent_t;
237

238
/*
239
 * Data structure returned by kadm5_get_config_params()
240
 */
241
typedef struct _kadm5_config_params {
242
    long               mask;
243
    char *             realm;
244
    int                kadmind_port;
245
    int                kpasswd_port;
246

247
    char *             admin_server;
248
#ifdef notyet /* Novell */ /* ABI change? */
249
    char *             kpasswd_server;
250
#endif
251

252
    /* Deprecated except for db2 backwards compatibility.  Don't add
253
       new uses except as fallbacks for parameters that should be
254
       specified in the database module section of the config
255
       file.  */
256
    char *             dbname;
257

258
    char *             acl_file;
259
    char *             dict_file;
260

261
    int                mkey_from_kbd;
262
    char *             stash_file;
263
    char *             mkey_name;
264
    krb5_enctype       enctype;
265
    krb5_deltat        max_life;
266
    krb5_deltat        max_rlife;
267
    krb5_timestamp     expiration;
268
    krb5_flags         flags;
269
    krb5_key_salt_tuple *keysalts;
270
    krb5_int32         num_keysalts;
271
    krb5_kvno          kvno;
272
    bool_t              iprop_enabled;
273
    uint32_t            iprop_ulogsize;
274
    krb5_deltat         iprop_poll_time;
275
    char *              iprop_logfile;
276
/*    char *            iprop_server;*/
277
    int                 iprop_port;
278
    int                 iprop_resync_timeout;
279
    char *              kadmind_listen;
280
    char *              kpasswd_listen;
281
    char *              iprop_listen;
282
} kadm5_config_params;
283

284
typedef struct _kadm5_key_data {
285
    krb5_kvno       kvno;
286
    krb5_keyblock   key;
287
    krb5_keysalt    salt;
288
} kadm5_key_data;
289

290
/*
291
 * functions
292
 */
293

294
/* The use_kdc_config parameter is no longer used, as configuration is
295
 * retrieved from the context profile. */
296
krb5_error_code kadm5_get_config_params(krb5_context context,
297
                                        int use_kdc_config,
298
                                        kadm5_config_params *params_in,
299
                                        kadm5_config_params *params_out);
300

301
krb5_error_code kadm5_free_config_params(krb5_context context,
302
                                         kadm5_config_params *params);
303

304
krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
305
                                             char *, size_t);
306

307
/*
308
 * For all initialization functions, the caller must first initialize
309
 * a context with kadm5_init_krb5_context which will survive as long
310
 * as the resulting handle.  The caller should free the context with
311
 * krb5_free_context.
312
 */
313

314
kadm5_ret_t    kadm5_init(krb5_context context, char *client_name,
315
                          char *pass, char *service_name,
316
                          kadm5_config_params *params,
317
                          krb5_ui_4 struct_version,
318
                          krb5_ui_4 api_version,
319
                          char **db_args,
320
                          void **server_handle);
321
kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name,
322
                                 char *service_name,
323
                                 kadm5_config_params *params,
324
                                 krb5_ui_4 struct_version,
325
                                 krb5_ui_4 api_version,
326
                                 char **db_args,
327
                                 void **server_handle);
328
kadm5_ret_t    kadm5_init_with_password(krb5_context context,
329
                                        char *client_name,
330
                                        char *pass,
331
                                        char *service_name,
332
                                        kadm5_config_params *params,
333
                                        krb5_ui_4 struct_version,
334
                                        krb5_ui_4 api_version,
335
                                        char **db_args,
336
                                        void **server_handle);
337
kadm5_ret_t    kadm5_init_with_skey(krb5_context context,
338
                                    char *client_name,
339
                                    char *keytab,
340
                                    char *service_name,
341
                                    kadm5_config_params *params,
342
                                    krb5_ui_4 struct_version,
343
                                    krb5_ui_4 api_version,
344
                                    char **db_args,
345
                                    void **server_handle);
346
kadm5_ret_t    kadm5_init_with_creds(krb5_context context,
347
                                     char *client_name,
348
                                     krb5_ccache cc,
349
                                     char *service_name,
350
                                     kadm5_config_params *params,
351
                                     krb5_ui_4 struct_version,
352
                                     krb5_ui_4 api_version,
353
                                     char **db_args,
354
                                     void **server_handle);
355
kadm5_ret_t    kadm5_lock(void *server_handle);
356
kadm5_ret_t    kadm5_unlock(void *server_handle);
357
kadm5_ret_t    kadm5_flush(void *server_handle);
358
kadm5_ret_t    kadm5_destroy(void *server_handle);
359
kadm5_ret_t    kadm5_create_principal(void *server_handle,
360
                                      kadm5_principal_ent_t ent,
361
                                      long mask, char *pass);
362
kadm5_ret_t    kadm5_create_principal_3(void *server_handle,
363
                                        kadm5_principal_ent_t ent,
364
                                        long mask,
365
                                        int n_ks_tuple,
366
                                        krb5_key_salt_tuple *ks_tuple,
367
                                        char *pass);
368
kadm5_ret_t    kadm5_delete_principal(void *server_handle,
369
                                      krb5_principal principal);
370
kadm5_ret_t    kadm5_modify_principal(void *server_handle,
371
                                      kadm5_principal_ent_t ent,
372
                                      long mask);
373
kadm5_ret_t    kadm5_rename_principal(void *server_handle,
374
                                      krb5_principal,krb5_principal);
375
kadm5_ret_t    kadm5_get_principal(void *server_handle,
376
                                   krb5_principal principal,
377
                                   kadm5_principal_ent_t ent,
378
                                   long mask);
379
kadm5_ret_t    kadm5_chpass_principal(void *server_handle,
380
                                      krb5_principal principal,
381
                                      char *pass);
382
kadm5_ret_t    kadm5_chpass_principal_3(void *server_handle,
383
                                        krb5_principal principal,
384
                                        unsigned int keepold,
385
                                        int n_ks_tuple,
386
                                        krb5_key_salt_tuple *ks_tuple,
387
                                        char *pass);
388
kadm5_ret_t    kadm5_randkey_principal(void *server_handle,
389
                                       krb5_principal principal,
390
                                       krb5_keyblock **keyblocks,
391
                                       int *n_keys);
392
kadm5_ret_t    kadm5_randkey_principal_3(void *server_handle,
393
                                         krb5_principal principal,
394
                                         unsigned int keepold,
395
                                         int n_ks_tuple,
396
                                         krb5_key_salt_tuple *ks_tuple,
397
                                         krb5_keyblock **keyblocks,
398
                                         int *n_keys);
399

400
kadm5_ret_t    kadm5_setkey_principal(void *server_handle,
401
                                      krb5_principal principal,
402
                                      krb5_keyblock *keyblocks,
403
                                      int n_keys);
404

405
kadm5_ret_t    kadm5_setkey_principal_3(void *server_handle,
406
                                        krb5_principal principal,
407
                                        unsigned int keepold,
408
                                        int n_ks_tuple,
409
                                        krb5_key_salt_tuple *ks_tuple,
410
                                        krb5_keyblock *keyblocks,
411
                                        int n_keys);
412

413
kadm5_ret_t    kadm5_setkey_principal_4(void *server_handle,
414
                                        krb5_principal principal,
415
                                        unsigned int keepold,
416
                                        kadm5_key_data *key_data,
417
                                        int n_key_data);
418

419
kadm5_ret_t    kadm5_decrypt_key(void *server_handle,
420
                                 kadm5_principal_ent_t entry, krb5_int32
421
                                 ktype, krb5_int32 stype, krb5_int32
422
                                 kvno, krb5_keyblock *keyblock,
423
                                 krb5_keysalt *keysalt, int *kvnop);
424

425
kadm5_ret_t    kadm5_create_policy(void *server_handle,
426
                                   kadm5_policy_ent_t ent,
427
                                   long mask);
428
kadm5_ret_t    kadm5_delete_policy(void *server_handle,
429
                                   kadm5_policy_t policy);
430
kadm5_ret_t    kadm5_modify_policy(void *server_handle,
431
                                   kadm5_policy_ent_t ent,
432
                                   long mask);
433
kadm5_ret_t    kadm5_get_policy(void *server_handle,
434
                                kadm5_policy_t policy,
435
                                kadm5_policy_ent_t ent);
436
kadm5_ret_t    kadm5_get_privs(void *server_handle,
437
                               long *privs);
438

439
kadm5_ret_t    kadm5_chpass_principal_util(void *server_handle,
440
                                           krb5_principal princ,
441
                                           char *new_pw,
442
                                           char **ret_pw,
443
                                           char *msg_ret,
444
                                           unsigned int msg_len);
445

446
kadm5_ret_t    kadm5_free_principal_ent(void *server_handle,
447
                                        kadm5_principal_ent_t
448
                                        ent);
449
kadm5_ret_t    kadm5_free_policy_ent(void *server_handle,
450
                                     kadm5_policy_ent_t ent);
451

452
kadm5_ret_t    kadm5_get_principals(void *server_handle,
453
                                    char *exp, char ***princs,
454
                                    int *count);
455

456
kadm5_ret_t    kadm5_get_policies(void *server_handle,
457
                                  char *exp, char ***pols,
458
                                  int *count);
459

460
kadm5_ret_t    kadm5_free_key_data(void *server_handle,
461
                                   krb5_int16 *n_key_data,
462
                                   krb5_key_data *key_data);
463

464
kadm5_ret_t    kadm5_free_name_list(void *server_handle, char **names,
465
                                    int count);
466

467
krb5_error_code kadm5_init_krb5_context (krb5_context *);
468

469
krb5_error_code kadm5_init_iprop(void *server_handle, char **db_args);
470

471
kadm5_ret_t    kadm5_get_principal_keys(void *server_handle,
472
                                        krb5_principal principal,
473
                                        krb5_kvno kvno,
474
                                        kadm5_key_data **key_data,
475
                                        int *n_key_data);
476

477
kadm5_ret_t    kadm5_purgekeys(void *server_handle,
478
                               krb5_principal principal,
479
                               int keepkvno);
480

481
kadm5_ret_t    kadm5_get_strings(void *server_handle,
482
                                 krb5_principal principal,
483
                                 krb5_string_attr **strings_out,
484
                                 int *count_out);
485

486
kadm5_ret_t    kadm5_set_string(void *server_handle,
487
                                krb5_principal principal,
488
                                const char *key,
489
                                const char *value);
490

491
kadm5_ret_t    kadm5_free_strings(void *server_handle,
492
                                  krb5_string_attr *strings,
493
                                  int count);
494

495
kadm5_ret_t    kadm5_free_kadm5_key_data(krb5_context context, int n_key_data,
496
                                         kadm5_key_data *key_data);
497

498
kadm5_ret_t    kadm5_create_alias(void *server_handle, krb5_principal alias,
499
                                  krb5_principal target);
500

501
KADM5INT_END_DECLS
502

503
#endif /* __KADM5_ADMIN_H__ */
504

505
Product

Resources

Company
