Update kadmin headers
[mspang/pyceo.git] / include / kadm5 / admin.h
1 /*
2  * lib/kadm5/admin.h
3  *
4  * Copyright 2001 by the Massachusetts Institute of Technology.
5  * All Rights Reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  * 
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  * 
26  */
27 /*
28  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
29  *
30  * $Header$
31  */
32
33 #ifndef __KADM5_ADMIN_H__
34 #define __KADM5_ADMIN_H__
35
36 #if !defined(USE_KADM5_API_VERSION)
37 #define USE_KADM5_API_VERSION 2
38 #endif
39      
40 #include        <sys/types.h>
41 #include        <gssrpc/rpc.h>
42 #include        <krb5.h>
43 #include        <kdb.h>
44 #include        <com_err.h>
45 #include        <kadm5/kadm_err.h>
46 #include        <kadm5/chpass_util_strings.h>
47
48 #define KADM5_ADMIN_SERVICE     "kadmin/admin"
49 #define KADM5_CHANGEPW_SERVICE  "kadmin/changepw"
50 #define KADM5_HIST_PRINCIPAL    "kadmin/history"
51
52 typedef krb5_principal  kadm5_princ_t;
53 typedef char            *kadm5_policy_t;
54 typedef long            kadm5_ret_t;
55
56 #define KADM5_PW_FIRST_PROMPT \
57         (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
58 #define KADM5_PW_SECOND_PROMPT \
59         (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
60
61 /*
62  * Successful return code
63  */
64 #define KADM5_OK        0
65
66 /*
67  * Field masks
68  */
69
70 /* kadm5_principal_ent_t */
71 #define KADM5_PRINCIPAL         0x000001
72 #define KADM5_PRINC_EXPIRE_TIME 0x000002
73 #define KADM5_PW_EXPIRATION     0x000004
74 #define KADM5_LAST_PWD_CHANGE   0x000008
75 #define KADM5_ATTRIBUTES        0x000010
76 #define KADM5_MAX_LIFE          0x000020
77 #define KADM5_MOD_TIME          0x000040
78 #define KADM5_MOD_NAME          0x000080
79 #define KADM5_KVNO              0x000100
80 #define KADM5_MKVNO             0x000200
81 #define KADM5_AUX_ATTRIBUTES    0x000400
82 #define KADM5_POLICY            0x000800
83 #define KADM5_POLICY_CLR        0x001000
84 /* version 2 masks */
85 #define KADM5_MAX_RLIFE         0x002000
86 #define KADM5_LAST_SUCCESS      0x004000
87 #define KADM5_LAST_FAILED       0x008000
88 #define KADM5_FAIL_AUTH_COUNT   0x010000
89 #define KADM5_KEY_DATA          0x020000
90 #define KADM5_TL_DATA           0x040000
91 #ifdef notyet /* Novell */
92 #define KADM5_CPW_FUNCTION      0x080000
93 #define KADM5_RANDKEY_USED      0x100000
94 #endif
95 #define KADM5_LOAD              0x200000
96
97 /* all but KEY_DATA and TL_DATA */
98 #define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff
99
100
101 /* kadm5_policy_ent_t */
102 #define KADM5_PW_MAX_LIFE       0x004000
103 #define KADM5_PW_MIN_LIFE       0x008000
104 #define KADM5_PW_MIN_LENGTH     0x010000
105 #define KADM5_PW_MIN_CLASSES    0x020000
106 #define KADM5_PW_HISTORY_NUM    0x040000
107 #define KADM5_REF_COUNT         0x080000
108
109 /* kadm5_config_params */
110 #define KADM5_CONFIG_REALM              0x000001
111 #define KADM5_CONFIG_DBNAME             0x000002
112 #define KADM5_CONFIG_MKEY_NAME          0x000004
113 #define KADM5_CONFIG_MAX_LIFE           0x000008
114 #define KADM5_CONFIG_MAX_RLIFE          0x000010
115 #define KADM5_CONFIG_EXPIRATION         0x000020
116 #define KADM5_CONFIG_FLAGS              0x000040
117 #define KADM5_CONFIG_ADMIN_KEYTAB       0x000080
118 #define KADM5_CONFIG_STASH_FILE         0x000100
119 #define KADM5_CONFIG_ENCTYPE            0x000200
120 #define KADM5_CONFIG_ADBNAME            0x000400
121 #define KADM5_CONFIG_ADB_LOCKFILE       0x000800
122 /*#define KADM5_CONFIG_PROFILE          0x001000*/
123 #define KADM5_CONFIG_ACL_FILE           0x002000
124 #define KADM5_CONFIG_KADMIND_PORT       0x004000
125 #define KADM5_CONFIG_ENCTYPES           0x008000
126 #define KADM5_CONFIG_ADMIN_SERVER       0x010000
127 #define KADM5_CONFIG_DICT_FILE          0x020000
128 #define KADM5_CONFIG_MKEY_FROM_KBD      0x040000
129 #define KADM5_CONFIG_KPASSWD_PORT       0x080000
130 #define KADM5_CONFIG_OLD_AUTH_GSSAPI    0x100000
131 #define KADM5_CONFIG_NO_AUTH            0x200000
132 #define KADM5_CONFIG_AUTH_NOFALLBACK    0x400000
133 #ifdef notyet /* Novell */
134 #define KADM5_CONFIG_KPASSWD_SERVER     0x800000
135 #endif
136 /*
137  * permission bits
138  */
139 #define KADM5_PRIV_GET          0x01
140 #define KADM5_PRIV_ADD          0x02
141 #define KADM5_PRIV_MODIFY       0x04
142 #define KADM5_PRIV_DELETE       0x08
143
144 /*
145  * API versioning constants
146  */
147 #define KADM5_MASK_BITS         0xffffff00
148
149 #define KADM5_STRUCT_VERSION_MASK       0x12345600
150 #define KADM5_STRUCT_VERSION_1  (KADM5_STRUCT_VERSION_MASK|0x01)
151 #define KADM5_STRUCT_VERSION    KADM5_STRUCT_VERSION_1
152
153 #define KADM5_API_VERSION_MASK  0x12345700
154 #define KADM5_API_VERSION_1     (KADM5_API_VERSION_MASK|0x01)
155 #define KADM5_API_VERSION_2     (KADM5_API_VERSION_MASK|0x02)
156
157 typedef struct _kadm5_principal_ent_t_v2 {
158         krb5_principal  principal;
159         krb5_timestamp  princ_expire_time;
160         krb5_timestamp  last_pwd_change;
161         krb5_timestamp  pw_expiration;
162         krb5_deltat     max_life;
163         krb5_principal  mod_name;
164         krb5_timestamp  mod_date;
165         krb5_flags      attributes;
166         krb5_kvno       kvno;
167         krb5_kvno       mkvno;
168         char            *policy;
169         long            aux_attributes;
170
171         /* version 2 fields */
172         krb5_deltat max_renewable_life;
173         krb5_timestamp last_success;
174         krb5_timestamp last_failed;
175         krb5_kvno fail_auth_count;
176         krb5_int16 n_key_data;
177         krb5_int16 n_tl_data;
178         krb5_tl_data *tl_data;
179         krb5_key_data *key_data;
180 } kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2;
181
182 typedef struct _kadm5_principal_ent_t_v1 {
183         krb5_principal  principal;
184         krb5_timestamp  princ_expire_time;
185         krb5_timestamp  last_pwd_change;
186         krb5_timestamp  pw_expiration;
187         krb5_deltat     max_life;
188         krb5_principal  mod_name;
189         krb5_timestamp  mod_date;
190         krb5_flags      attributes;
191         krb5_kvno       kvno;
192         krb5_kvno       mkvno;
193         char            *policy;
194         long            aux_attributes;
195 } kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1;
196
197 #if USE_KADM5_API_VERSION == 1
198 typedef struct _kadm5_principal_ent_t_v1
199      kadm5_principal_ent_rec, *kadm5_principal_ent_t;
200 #else
201 typedef struct _kadm5_principal_ent_t_v2
202      kadm5_principal_ent_rec, *kadm5_principal_ent_t;
203 #endif
204
205 typedef struct _kadm5_policy_ent_t {
206         char            *policy;
207         long            pw_min_life;
208         long            pw_max_life;
209         long            pw_min_length;
210         long            pw_min_classes;
211         long            pw_history_num;
212         long            policy_refcnt;
213 } kadm5_policy_ent_rec, *kadm5_policy_ent_t;
214
215 /*
216  * Data structure returned by kadm5_get_config_params()
217  */
218 typedef struct _kadm5_config_params {
219      long               mask;
220      char *             realm;
221      int                kadmind_port;
222      int                kpasswd_port;
223
224      char *             admin_server;
225 #ifdef notyet /* Novell */ /* ABI change? */
226      char *             kpasswd_server;
227 #endif
228
229      char *             dbname;
230      char *             admin_dbname;
231      char *             admin_lockfile;
232      char *             admin_keytab;
233      char *             acl_file;
234      char *             dict_file;
235
236      int                mkey_from_kbd;
237      char *             stash_file;
238      char *             mkey_name;
239      krb5_enctype       enctype;
240      krb5_deltat        max_life;
241      krb5_deltat        max_rlife;
242      krb5_timestamp     expiration;
243      krb5_flags         flags;
244      krb5_key_salt_tuple *keysalts;
245      krb5_int32         num_keysalts;
246 } kadm5_config_params;
247
248 /***********************************************************************
249  * This is the old krb5_realm_read_params, which I mutated into
250  * kadm5_get_config_params but which old code (kdb5_* and krb5kdc)
251  * still uses.
252  ***********************************************************************/
253
254 /*
255  * Data structure returned by krb5_read_realm_params()
256  */
257 typedef struct __krb5_realm_params {
258     char *              realm_profile;
259     char *              realm_dbname;
260     char *              realm_mkey_name;
261     char *              realm_stash_file;
262     char *              realm_kdc_ports;
263     char *              realm_kdc_tcp_ports;
264     char *              realm_acl_file;
265     krb5_int32          realm_kadmind_port;
266     krb5_enctype        realm_enctype;
267     krb5_deltat         realm_max_life;
268     krb5_deltat         realm_max_rlife;
269     krb5_timestamp      realm_expiration;
270     krb5_flags          realm_flags;
271     krb5_key_salt_tuple *realm_keysalts;
272     unsigned int        realm_reject_bad_transit:1;
273     unsigned int        realm_kadmind_port_valid:1;
274     unsigned int        realm_enctype_valid:1;
275     unsigned int        realm_max_life_valid:1;
276     unsigned int        realm_max_rlife_valid:1;
277     unsigned int        realm_expiration_valid:1;
278     unsigned int        realm_flags_valid:1;
279     unsigned int        realm_reject_bad_transit_valid:1;
280     krb5_int32          realm_num_keysalts;
281 } krb5_realm_params;
282
283 /*
284  * functions
285  */
286
287 #if USE_KADM5_API_VERSION > 1
288 krb5_error_code kadm5_get_config_params(krb5_context context,
289                                         int use_kdc_config,
290                                         kadm5_config_params *params_in,
291                                         kadm5_config_params *params_out);
292
293 krb5_error_code kadm5_free_config_params(krb5_context context, 
294                                          kadm5_config_params *params);
295
296 krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
297                                         kadm5_config_params *params);
298
299 krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
300                                              char *, size_t);
301 #endif
302
303 kadm5_ret_t    kadm5_init(char *client_name, char *pass,
304                           char *service_name,
305 #if USE_KADM5_API_VERSION == 1
306                           char *realm,
307 #else
308                           kadm5_config_params *params,
309 #endif
310                           krb5_ui_4 struct_version,
311                           krb5_ui_4 api_version,
312                           char **db_args,
313                           void **server_handle);
314 kadm5_ret_t    kadm5_init_with_password(char *client_name,
315                                         char *pass, 
316                                         char *service_name,
317 #if USE_KADM5_API_VERSION == 1
318                                         char *realm,
319 #else
320                                         kadm5_config_params *params,
321 #endif
322                                         krb5_ui_4 struct_version,
323                                         krb5_ui_4 api_version,
324                                         char **db_args,
325                                         void **server_handle);
326 kadm5_ret_t    kadm5_init_with_skey(char *client_name,
327                                     char *keytab,
328                                     char *service_name,
329 #if USE_KADM5_API_VERSION == 1
330                                     char *realm,
331 #else
332                                     kadm5_config_params *params,
333 #endif
334                                     krb5_ui_4 struct_version,
335                                     krb5_ui_4 api_version,
336                                     char **db_args,
337                                     void **server_handle);
338 #if USE_KADM5_API_VERSION > 1
339 kadm5_ret_t    kadm5_init_with_creds(char *client_name,
340                                      krb5_ccache cc,
341                                      char *service_name,
342                                      kadm5_config_params *params,
343                                      krb5_ui_4 struct_version,
344                                      krb5_ui_4 api_version,
345                                      char **db_args,
346                                      void **server_handle);
347 #endif
348 kadm5_ret_t    kadm5_lock(void *server_handle);
349 kadm5_ret_t    kadm5_unlock(void *server_handle);
350 kadm5_ret_t    kadm5_flush(void *server_handle);
351 kadm5_ret_t    kadm5_destroy(void *server_handle);
352 kadm5_ret_t    kadm5_create_principal(void *server_handle,
353                                       kadm5_principal_ent_t ent,
354                                       long mask, char *pass);
355 kadm5_ret_t    kadm5_create_principal_3(void *server_handle,
356                                         kadm5_principal_ent_t ent,
357                                         long mask,
358                                         int n_ks_tuple,
359                                         krb5_key_salt_tuple *ks_tuple,
360                                         char *pass);
361 kadm5_ret_t    kadm5_delete_principal(void *server_handle,
362                                       krb5_principal principal);
363 kadm5_ret_t    kadm5_modify_principal(void *server_handle,
364                                       kadm5_principal_ent_t ent,
365                                       long mask);
366 kadm5_ret_t    kadm5_rename_principal(void *server_handle,
367                                       krb5_principal,krb5_principal);
368 #if USE_KADM5_API_VERSION == 1
369 kadm5_ret_t    kadm5_get_principal(void *server_handle,
370                                    krb5_principal principal,
371                                    kadm5_principal_ent_t *ent);
372 #else
373 kadm5_ret_t    kadm5_get_principal(void *server_handle,
374                                    krb5_principal principal,
375                                    kadm5_principal_ent_t ent,
376                                    long mask);
377 #endif
378 kadm5_ret_t    kadm5_chpass_principal(void *server_handle,
379                                       krb5_principal principal,
380                                       char *pass);
381 kadm5_ret_t    kadm5_chpass_principal_3(void *server_handle,
382                                         krb5_principal principal,
383                                         krb5_boolean keepold,
384                                         int n_ks_tuple,
385                                         krb5_key_salt_tuple *ks_tuple,
386                                         char *pass);
387 #if USE_KADM5_API_VERSION == 1
388 kadm5_ret_t    kadm5_randkey_principal(void *server_handle,
389                                        krb5_principal principal,
390                                        krb5_keyblock **keyblock);
391 #else
392 kadm5_ret_t    kadm5_randkey_principal(void *server_handle,
393                                        krb5_principal principal,
394                                        krb5_keyblock **keyblocks,
395                                        int *n_keys);
396 kadm5_ret_t    kadm5_randkey_principal_3(void *server_handle,
397                                          krb5_principal principal,
398                                          krb5_boolean keepold,
399                                          int n_ks_tuple,
400                                          krb5_key_salt_tuple *ks_tuple,
401                                          krb5_keyblock **keyblocks,
402                                          int *n_keys);
403 #endif
404 kadm5_ret_t    kadm5_setv4key_principal(void *server_handle,
405                                         krb5_principal principal,
406                                         krb5_keyblock *keyblock);
407
408 kadm5_ret_t    kadm5_setkey_principal(void *server_handle,
409                                       krb5_principal principal,
410                                       krb5_keyblock *keyblocks,
411                                       int n_keys);
412
413 kadm5_ret_t    kadm5_setkey_principal_3(void *server_handle,
414                                         krb5_principal principal,
415                                         krb5_boolean keepold,
416                                         int n_ks_tuple,
417                                         krb5_key_salt_tuple *ks_tuple,
418                                         krb5_keyblock *keyblocks,
419                                         int n_keys);
420
421 kadm5_ret_t    kadm5_decrypt_key(void *server_handle,
422                                  kadm5_principal_ent_t entry, krb5_int32
423                                  ktype, krb5_int32 stype, krb5_int32
424                                  kvno, krb5_keyblock *keyblock,
425                                  krb5_keysalt *keysalt, int *kvnop);
426
427 kadm5_ret_t    kadm5_create_policy(void *server_handle,
428                                    kadm5_policy_ent_t ent,
429                                    long mask);
430 /*
431  * kadm5_create_policy_internal is not part of the supported,
432  * exposed API.  It is available only in the server library, and you
433  * shouldn't use it unless you know why it's there and how it's
434  * different from kadm5_create_policy.
435  */
436 kadm5_ret_t    kadm5_create_policy_internal(void *server_handle,
437                                             kadm5_policy_ent_t
438                                             entry, long mask);
439 kadm5_ret_t    kadm5_delete_policy(void *server_handle,
440                                    kadm5_policy_t policy);
441 kadm5_ret_t    kadm5_modify_policy(void *server_handle,
442                                    kadm5_policy_ent_t ent,
443                                    long mask);
444 /*
445  * kadm5_modify_policy_internal is not part of the supported,
446  * exposed API.  It is available only in the server library, and you
447  * shouldn't use it unless you know why it's there and how it's
448  * different from kadm5_modify_policy.
449  */
450 kadm5_ret_t    kadm5_modify_policy_internal(void *server_handle,
451                                             kadm5_policy_ent_t
452                                             entry, long mask);
453 #if USE_KADM5_API_VERSION == 1
454 kadm5_ret_t    kadm5_get_policy(void *server_handle,
455                                 kadm5_policy_t policy,
456                                 kadm5_policy_ent_t *ent);
457 #else
458 kadm5_ret_t    kadm5_get_policy(void *server_handle,
459                                 kadm5_policy_t policy,
460                                 kadm5_policy_ent_t ent);
461 #endif
462 kadm5_ret_t    kadm5_get_privs(void *server_handle,
463                                long *privs);
464
465 kadm5_ret_t    kadm5_chpass_principal_util(void *server_handle,
466                                            krb5_principal princ,
467                                            char *new_pw, 
468                                            char **ret_pw,
469                                            char *msg_ret,
470                                            unsigned int msg_len);
471
472 kadm5_ret_t    kadm5_free_principal_ent(void *server_handle,
473                                         kadm5_principal_ent_t
474                                         ent);
475 kadm5_ret_t    kadm5_free_policy_ent(void *server_handle,
476                                      kadm5_policy_ent_t ent);
477
478 kadm5_ret_t    kadm5_get_principals(void *server_handle,
479                                     char *exp, char ***princs,
480                                     int *count);
481
482 kadm5_ret_t    kadm5_get_policies(void *server_handle,
483                                   char *exp, char ***pols,
484                                   int *count);
485
486 #if USE_KADM5_API_VERSION > 1
487 kadm5_ret_t    kadm5_free_key_data(void *server_handle,
488                                    krb5_int16 *n_key_data,
489                                    krb5_key_data *key_data);
490 #endif
491
492 kadm5_ret_t    kadm5_free_name_list(void *server_handle, char **names, 
493                                     int count);
494
495 krb5_error_code kadm5_init_krb5_context (krb5_context *);
496
497 #if USE_KADM5_API_VERSION == 1
498 /*
499  * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time
500  * compatible with KADM5_API_VERSION_2.  Basically, this means we have
501  * to continue to provide all the old ovsec_kadm function and symbol
502  * names.
503  */
504
505 #define OVSEC_KADM_ACLFILE              "/krb5/ovsec_adm.acl"
506 #define OVSEC_KADM_WORDFILE             "/krb5/ovsec_adm.dict"
507
508 #define OVSEC_KADM_ADMIN_SERVICE        "ovsec_adm/admin"
509 #define OVSEC_KADM_CHANGEPW_SERVICE     "ovsec_adm/changepw"
510 #define OVSEC_KADM_HIST_PRINCIPAL       "ovsec_adm/history"
511
512 typedef krb5_principal  ovsec_kadm_princ_t;
513 typedef krb5_keyblock   ovsec_kadm_keyblock;
514 typedef char            *ovsec_kadm_policy_t;
515 typedef long            ovsec_kadm_ret_t;
516
517 enum    ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL };
518 enum    ovsec_kadm_saltmod  { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL };
519
520 #define OVSEC_KADM_PW_FIRST_PROMPT \
521         ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
522 #define OVSEC_KADM_PW_SECOND_PROMPT \
523         ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
524
525 /*
526  * Successful return code
527  */
528 #define OVSEC_KADM_OK   0
529  
530 /*
531  * Create/Modify masks
532  */
533 /* principal */
534 #define OVSEC_KADM_PRINCIPAL            0x000001
535 #define OVSEC_KADM_PRINC_EXPIRE_TIME    0x000002
536 #define OVSEC_KADM_PW_EXPIRATION        0x000004
537 #define OVSEC_KADM_LAST_PWD_CHANGE      0x000008
538 #define OVSEC_KADM_ATTRIBUTES           0x000010
539 #define OVSEC_KADM_MAX_LIFE             0x000020
540 #define OVSEC_KADM_MOD_TIME             0x000040
541 #define OVSEC_KADM_MOD_NAME             0x000080
542 #define OVSEC_KADM_KVNO                 0x000100
543 #define OVSEC_KADM_MKVNO                0x000200
544 #define OVSEC_KADM_AUX_ATTRIBUTES       0x000400
545 #define OVSEC_KADM_POLICY               0x000800
546 #define OVSEC_KADM_POLICY_CLR           0x001000
547 /* policy */
548 #define OVSEC_KADM_PW_MAX_LIFE          0x004000
549 #define OVSEC_KADM_PW_MIN_LIFE          0x008000
550 #define OVSEC_KADM_PW_MIN_LENGTH        0x010000
551 #define OVSEC_KADM_PW_MIN_CLASSES       0x020000
552 #define OVSEC_KADM_PW_HISTORY_NUM       0x040000
553 #define OVSEC_KADM_REF_COUNT            0x080000
554
555 /*
556  * permission bits
557  */
558 #define OVSEC_KADM_PRIV_GET     0x01
559 #define OVSEC_KADM_PRIV_ADD     0x02
560 #define OVSEC_KADM_PRIV_MODIFY  0x04
561 #define OVSEC_KADM_PRIV_DELETE  0x08
562
563 /*
564  * API versioning constants
565  */
566 #define OVSEC_KADM_MASK_BITS            0xffffff00
567
568 #define OVSEC_KADM_STRUCT_VERSION_MASK  0x12345600
569 #define OVSEC_KADM_STRUCT_VERSION_1     (OVSEC_KADM_STRUCT_VERSION_MASK|0x01)
570 #define OVSEC_KADM_STRUCT_VERSION       OVSEC_KADM_STRUCT_VERSION_1
571
572 #define OVSEC_KADM_API_VERSION_MASK     0x12345700
573 #define OVSEC_KADM_API_VERSION_1        (OVSEC_KADM_API_VERSION_MASK|0x01)
574
575
576 typedef struct _ovsec_kadm_principal_ent_t {
577         krb5_principal  principal;
578         krb5_timestamp  princ_expire_time;
579         krb5_timestamp  last_pwd_change;
580         krb5_timestamp  pw_expiration;
581         krb5_deltat     max_life;
582         krb5_principal  mod_name;
583         krb5_timestamp  mod_date;
584         krb5_flags      attributes;
585         krb5_kvno       kvno;
586         krb5_kvno       mkvno;
587         char            *policy;
588         long            aux_attributes;
589 } ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t;
590
591 typedef struct _ovsec_kadm_policy_ent_t {
592         char            *policy;
593         long            pw_min_life;
594         long            pw_max_life;
595         long            pw_min_length;
596         long            pw_min_classes;
597         long            pw_history_num;
598         long            policy_refcnt;
599 } ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t;
600
601 /*
602  * functions
603  */
604 ovsec_kadm_ret_t    ovsec_kadm_init(char *client_name, char *pass,
605                                     char *service_name, char *realm,
606                                     krb5_ui_4 struct_version,
607                                     krb5_ui_4 api_version,
608                                     char **db_args,
609                                     void **server_handle);
610 ovsec_kadm_ret_t    ovsec_kadm_init_with_password(char *client_name,
611                                                   char *pass, 
612                                                   char *service_name,
613                                                   char *realm, 
614                                                   krb5_ui_4 struct_version,
615                                                   krb5_ui_4 api_version,
616                                                   char ** db_args,
617                                                   void **server_handle);
618 ovsec_kadm_ret_t    ovsec_kadm_init_with_skey(char *client_name,
619                                               char *keytab,
620                                               char *service_name,
621                                               char *realm,
622                                               krb5_ui_4 struct_version,
623                                               krb5_ui_4 api_version,
624                                               char **db_args,
625                                               void **server_handle);
626 ovsec_kadm_ret_t    ovsec_kadm_flush(void *server_handle);
627 ovsec_kadm_ret_t    ovsec_kadm_destroy(void *server_handle);
628 ovsec_kadm_ret_t    ovsec_kadm_create_principal(void *server_handle,
629                                                 ovsec_kadm_principal_ent_t ent,
630                                                 long mask, char *pass);
631 ovsec_kadm_ret_t    ovsec_kadm_delete_principal(void *server_handle,
632                                                 krb5_principal principal);
633 ovsec_kadm_ret_t    ovsec_kadm_modify_principal(void *server_handle,
634                                                 ovsec_kadm_principal_ent_t ent,
635                                                 long mask);
636 ovsec_kadm_ret_t    ovsec_kadm_rename_principal(void *server_handle,
637                                                 krb5_principal,krb5_principal);
638 ovsec_kadm_ret_t    ovsec_kadm_get_principal(void *server_handle,
639                                              krb5_principal principal,
640                                              ovsec_kadm_principal_ent_t *ent);
641 ovsec_kadm_ret_t    ovsec_kadm_chpass_principal(void *server_handle,
642                                                 krb5_principal principal,
643                                                 char *pass);
644 ovsec_kadm_ret_t    ovsec_kadm_randkey_principal(void *server_handle,
645                                                  krb5_principal principal,
646                                                  krb5_keyblock **keyblock);
647 ovsec_kadm_ret_t    ovsec_kadm_create_policy(void *server_handle,
648                                              ovsec_kadm_policy_ent_t ent,
649                                              long mask);
650 /*
651  * ovsec_kadm_create_policy_internal is not part of the supported,
652  * exposed API.  It is available only in the server library, and you
653  * shouldn't use it unless you know why it's there and how it's
654  * different from ovsec_kadm_create_policy.
655  */
656 ovsec_kadm_ret_t    ovsec_kadm_create_policy_internal(void *server_handle,
657                                                       ovsec_kadm_policy_ent_t
658                                                       entry, long mask);
659 ovsec_kadm_ret_t    ovsec_kadm_delete_policy(void *server_handle,
660                                              ovsec_kadm_policy_t policy);
661 ovsec_kadm_ret_t    ovsec_kadm_modify_policy(void *server_handle,
662                                              ovsec_kadm_policy_ent_t ent,
663                                              long mask);
664 /*
665  * ovsec_kadm_modify_policy_internal is not part of the supported,
666  * exposed API.  It is available only in the server library, and you
667  * shouldn't use it unless you know why it's there and how it's
668  * different from ovsec_kadm_modify_policy.
669  */
670 ovsec_kadm_ret_t    ovsec_kadm_modify_policy_internal(void *server_handle,
671                                                       ovsec_kadm_policy_ent_t
672                                                       entry, long mask);
673 ovsec_kadm_ret_t    ovsec_kadm_get_policy(void *server_handle,
674                                           ovsec_kadm_policy_t policy,
675                                           ovsec_kadm_policy_ent_t *ent);
676 ovsec_kadm_ret_t    ovsec_kadm_get_privs(void *server_handle,
677                                          long *privs);
678
679 ovsec_kadm_ret_t    ovsec_kadm_chpass_principal_util(void *server_handle,
680                                                      krb5_principal princ,
681                                                      char *new_pw, 
682                                                      char **ret_pw,
683                                                      char *msg_ret);
684
685 ovsec_kadm_ret_t    ovsec_kadm_free_principal_ent(void *server_handle,
686                                                   ovsec_kadm_principal_ent_t
687                                                   ent);
688 ovsec_kadm_ret_t    ovsec_kadm_free_policy_ent(void *server_handle,
689                                                ovsec_kadm_policy_ent_t ent);
690
691 ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle,
692                                            char **names, int count);
693
694 ovsec_kadm_ret_t    ovsec_kadm_get_principals(void *server_handle,
695                                               char *exp, char ***princs,
696                                               int *count);
697
698 ovsec_kadm_ret_t    ovsec_kadm_get_policies(void *server_handle,
699                                             char *exp, char ***pols,
700                                             int *count);
701
702 #define OVSEC_KADM_FAILURE KADM5_FAILURE
703 #define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET
704 #define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD
705 #define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY
706 #define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE
707 #define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT
708 #define OVSEC_KADM_BAD_DB KADM5_BAD_DB
709 #define OVSEC_KADM_DUP KADM5_DUP
710 #define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR
711 #define OVSEC_KADM_NO_SRV KADM5_NO_SRV
712 #define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY
713 #define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT
714 #define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC
715 #define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY
716 #define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK
717 #define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS
718 #define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH
719 #define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY
720 #define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL
721 #define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR
722 #define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY
723 #define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE
724 #define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT
725 #define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS
726 #define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT
727 #define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE
728 #define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON
729 #define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF
730 #define OVSEC_KADM_INIT KADM5_INIT
731 #define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD
732 #define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL
733 #define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE
734 #define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION
735 #define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION
736 #define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION
737 #define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION
738 #define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION
739 #define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION
740 #define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION
741 #define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION
742 #define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING
743 #define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT
744
745 #endif /* USE_KADM5_API_VERSION == 1 */
746
747 #endif /* __KADM5_ADMIN_H__ */