Add stolen Kerberos 5 admin headers

This commit is contained in:
Michael Spang 2007-10-26 00:24:10 -04:00 committed by Michael Spang
parent 0b805c08a4
commit 4ec2fceaca
6 changed files with 1553 additions and 0 deletions

36
include/kadm5/adb_err.h Normal file
View File

@ -0,0 +1,36 @@
/*
* ettmp27965.h:
* This file is automatically generated; please do not edit it.
*/
#include <com_err.h>
#define OSA_ADB_NOERR (28810240L)
#define OSA_ADB_DUP (28810241L)
#define OSA_ADB_NOENT (28810242L)
#define OSA_ADB_DBINIT (28810243L)
#define OSA_ADB_BAD_POLICY (28810244L)
#define OSA_ADB_BAD_PRINC (28810245L)
#define OSA_ADB_BAD_DB (28810246L)
#define OSA_ADB_XDR_FAILURE (28810247L)
#define OSA_ADB_FAILURE (28810248L)
#define OSA_ADB_BADLOCKMODE (28810249L)
#define OSA_ADB_CANTLOCK_DB (28810250L)
#define OSA_ADB_NOTLOCKED (28810251L)
#define OSA_ADB_NOLOCKFILE (28810252L)
#define OSA_ADB_NOEXCL_PERM (28810253L)
#define ERROR_TABLE_BASE_adb (28810240L)
extern const struct error_table et_adb_error_table;
#if !defined(_WIN32)
/* for compatibility with older versions... */
extern void initialize_adb_error_table (void) /*@modifies internalState@*/;
#else
#define initialize_adb_error_table()
#endif
#if !defined(_WIN32)
#define init_adb_err_tbl initialize_adb_error_table
#define adb_err_base ERROR_TABLE_BASE_adb
#endif

733
include/kadm5/admin.h Normal file
View File

@ -0,0 +1,733 @@
/*
* lib/kadm5/admin.h
*
* Copyright 2001 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*/
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
* $Header$
*/
#ifndef __KADM5_ADMIN_H__
#define __KADM5_ADMIN_H__
#if !defined(USE_KADM5_API_VERSION)
#define USE_KADM5_API_VERSION 2
#endif
#include <sys/types.h>
#include <gssrpc/rpc.h>
#include <krb5.h>
#include <kdb.h>
#include <com_err.h>
#include <kadm5/kadm_err.h>
#include <kadm5/adb_err.h>
#include <kadm5/chpass_util_strings.h>
#define KADM5_ADMIN_SERVICE "kadmin/admin"
#define KADM5_CHANGEPW_SERVICE "kadmin/changepw"
#define KADM5_HIST_PRINCIPAL "kadmin/history"
typedef krb5_principal kadm5_princ_t;
typedef char *kadm5_policy_t;
typedef long kadm5_ret_t;
#define KADM5_PW_FIRST_PROMPT \
(error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
#define KADM5_PW_SECOND_PROMPT \
(error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
/*
* Successful return code
*/
#define KADM5_OK 0
/*
* Field masks
*/
/* kadm5_principal_ent_t */
#define KADM5_PRINCIPAL 0x000001
#define KADM5_PRINC_EXPIRE_TIME 0x000002
#define KADM5_PW_EXPIRATION 0x000004
#define KADM5_LAST_PWD_CHANGE 0x000008
#define KADM5_ATTRIBUTES 0x000010
#define KADM5_MAX_LIFE 0x000020
#define KADM5_MOD_TIME 0x000040
#define KADM5_MOD_NAME 0x000080
#define KADM5_KVNO 0x000100
#define KADM5_MKVNO 0x000200
#define KADM5_AUX_ATTRIBUTES 0x000400
#define KADM5_POLICY 0x000800
#define KADM5_POLICY_CLR 0x001000
/* version 2 masks */
#define KADM5_MAX_RLIFE 0x002000
#define KADM5_LAST_SUCCESS 0x004000
#define KADM5_LAST_FAILED 0x008000
#define KADM5_FAIL_AUTH_COUNT 0x010000
#define KADM5_KEY_DATA 0x020000
#define KADM5_TL_DATA 0x040000
/* all but KEY_DATA and TL_DATA */
#define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff
/* kadm5_policy_ent_t */
#define KADM5_PW_MAX_LIFE 0x004000
#define KADM5_PW_MIN_LIFE 0x008000
#define KADM5_PW_MIN_LENGTH 0x010000
#define KADM5_PW_MIN_CLASSES 0x020000
#define KADM5_PW_HISTORY_NUM 0x040000
#define KADM5_REF_COUNT 0x080000
/* kadm5_config_params */
#define KADM5_CONFIG_REALM 0x000001
#define KADM5_CONFIG_DBNAME 0x000002
#define KADM5_CONFIG_MKEY_NAME 0x000004
#define KADM5_CONFIG_MAX_LIFE 0x000008
#define KADM5_CONFIG_MAX_RLIFE 0x000010
#define KADM5_CONFIG_EXPIRATION 0x000020
#define KADM5_CONFIG_FLAGS 0x000040
#define KADM5_CONFIG_ADMIN_KEYTAB 0x000080
#define KADM5_CONFIG_STASH_FILE 0x000100
#define KADM5_CONFIG_ENCTYPE 0x000200
#define KADM5_CONFIG_ADBNAME 0x000400
#define KADM5_CONFIG_ADB_LOCKFILE 0x000800
#define KADM5_CONFIG_PROFILE 0x001000
#define KADM5_CONFIG_ACL_FILE 0x002000
#define KADM5_CONFIG_KADMIND_PORT 0x004000
#define KADM5_CONFIG_ENCTYPES 0x008000
#define KADM5_CONFIG_ADMIN_SERVER 0x010000
#define KADM5_CONFIG_DICT_FILE 0x020000
#define KADM5_CONFIG_MKEY_FROM_KBD 0x040000
#define KADM5_CONFIG_KPASSWD_PORT 0x080000
#define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x100000
#define KADM5_CONFIG_NO_AUTH 0x200000
#define KADM5_CONFIG_AUTH_NOFALLBACK 0x400000
/*
* permission bits
*/
#define KADM5_PRIV_GET 0x01
#define KADM5_PRIV_ADD 0x02
#define KADM5_PRIV_MODIFY 0x04
#define KADM5_PRIV_DELETE 0x08
/*
* API versioning constants
*/
#define KADM5_MASK_BITS 0xffffff00
#define KADM5_STRUCT_VERSION_MASK 0x12345600
#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01)
#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1
#define KADM5_API_VERSION_MASK 0x12345700
#define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01)
#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02)
typedef struct _kadm5_principal_ent_t_v2 {
krb5_principal principal;
krb5_timestamp princ_expire_time;
krb5_timestamp last_pwd_change;
krb5_timestamp pw_expiration;
krb5_deltat max_life;
krb5_principal mod_name;
krb5_timestamp mod_date;
krb5_flags attributes;
krb5_kvno kvno;
krb5_kvno mkvno;
char *policy;
long aux_attributes;
/* version 2 fields */
krb5_deltat max_renewable_life;
krb5_timestamp last_success;
krb5_timestamp last_failed;
krb5_kvno fail_auth_count;
krb5_int16 n_key_data;
krb5_int16 n_tl_data;
krb5_tl_data *tl_data;
krb5_key_data *key_data;
} kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2;
typedef struct _kadm5_principal_ent_t_v1 {
krb5_principal principal;
krb5_timestamp princ_expire_time;
krb5_timestamp last_pwd_change;
krb5_timestamp pw_expiration;
krb5_deltat max_life;
krb5_principal mod_name;
krb5_timestamp mod_date;
krb5_flags attributes;
krb5_kvno kvno;
krb5_kvno mkvno;
char *policy;
long aux_attributes;
} kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1;
#if USE_KADM5_API_VERSION == 1
typedef struct _kadm5_principal_ent_t_v1
kadm5_principal_ent_rec, *kadm5_principal_ent_t;
#else
typedef struct _kadm5_principal_ent_t_v2
kadm5_principal_ent_rec, *kadm5_principal_ent_t;
#endif
typedef struct _kadm5_policy_ent_t {
char *policy;
long pw_min_life;
long pw_max_life;
long pw_min_length;
long pw_min_classes;
long pw_history_num;
long policy_refcnt;
} kadm5_policy_ent_rec, *kadm5_policy_ent_t;
typedef struct __krb5_key_salt_tuple {
krb5_enctype ks_enctype;
krb5_int32 ks_salttype;
} krb5_key_salt_tuple;
/*
* Data structure returned by kadm5_get_config_params()
*/
typedef struct _kadm5_config_params {
long mask;
char * realm;
char * profile;
int kadmind_port;
int kpasswd_port;
char * admin_server;
char * dbname;
char * admin_dbname;
char * admin_lockfile;
char * admin_keytab;
char * acl_file;
char * dict_file;
int mkey_from_kbd;
char * stash_file;
char * mkey_name;
krb5_enctype enctype;
krb5_deltat max_life;
krb5_deltat max_rlife;
krb5_timestamp expiration;
krb5_flags flags;
krb5_key_salt_tuple *keysalts;
krb5_int32 num_keysalts;
} kadm5_config_params;
/***********************************************************************
* This is the old krb5_realm_read_params, which I mutated into
* kadm5_get_config_params but which old code (kdb5_* and krb5kdc)
* still uses.
***********************************************************************/
/*
* Data structure returned by krb5_read_realm_params()
*/
typedef struct __krb5_realm_params {
char * realm_profile;
char * realm_dbname;
char * realm_mkey_name;
char * realm_stash_file;
char * realm_kdc_ports;
char * realm_kdc_tcp_ports;
char * realm_acl_file;
krb5_int32 realm_kadmind_port;
krb5_enctype realm_enctype;
krb5_deltat realm_max_life;
krb5_deltat realm_max_rlife;
krb5_timestamp realm_expiration;
krb5_flags realm_flags;
krb5_key_salt_tuple *realm_keysalts;
unsigned int realm_reject_bad_transit:1;
unsigned int realm_kadmind_port_valid:1;
unsigned int realm_enctype_valid:1;
unsigned int realm_max_life_valid:1;
unsigned int realm_max_rlife_valid:1;
unsigned int realm_expiration_valid:1;
unsigned int realm_flags_valid:1;
unsigned int realm_reject_bad_transit_valid:1;
krb5_int32 realm_num_keysalts;
} krb5_realm_params;
/*
* functions
*/
#if USE_KADM5_API_VERSION > 1
krb5_error_code kadm5_get_config_params(krb5_context context,
char *kdcprofile, char *kdcenv,
kadm5_config_params *params_in,
kadm5_config_params *params_out);
krb5_error_code kadm5_free_config_params(krb5_context context,
kadm5_config_params *params);
krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
kadm5_config_params *params);
krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
char *, size_t);
#endif
kadm5_ret_t kadm5_init(char *client_name, char *pass,
char *service_name,
#if USE_KADM5_API_VERSION == 1
char *realm,
#else
kadm5_config_params *params,
#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
kadm5_ret_t kadm5_init_with_password(char *client_name,
char *pass,
char *service_name,
#if USE_KADM5_API_VERSION == 1
char *realm,
#else
kadm5_config_params *params,
#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
kadm5_ret_t kadm5_init_with_skey(char *client_name,
char *keytab,
char *service_name,
#if USE_KADM5_API_VERSION == 1
char *realm,
#else
kadm5_config_params *params,
#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_init_with_creds(char *client_name,
krb5_ccache cc,
char *service_name,
kadm5_config_params *params,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
#endif
kadm5_ret_t kadm5_lock(void *server_handle);
kadm5_ret_t kadm5_unlock(void *server_handle);
kadm5_ret_t kadm5_flush(void *server_handle);
kadm5_ret_t kadm5_destroy(void *server_handle);
kadm5_ret_t kadm5_create_principal(void *server_handle,
kadm5_principal_ent_t ent,
long mask, char *pass);
kadm5_ret_t kadm5_create_principal_3(void *server_handle,
kadm5_principal_ent_t ent,
long mask,
int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
char *pass);
kadm5_ret_t kadm5_delete_principal(void *server_handle,
krb5_principal principal);
kadm5_ret_t kadm5_modify_principal(void *server_handle,
kadm5_principal_ent_t ent,
long mask);
kadm5_ret_t kadm5_rename_principal(void *server_handle,
krb5_principal,krb5_principal);
#if USE_KADM5_API_VERSION == 1
kadm5_ret_t kadm5_get_principal(void *server_handle,
krb5_principal principal,
kadm5_principal_ent_t *ent);
#else
kadm5_ret_t kadm5_get_principal(void *server_handle,
krb5_principal principal,
kadm5_principal_ent_t ent,
long mask);
#endif
kadm5_ret_t kadm5_chpass_principal(void *server_handle,
krb5_principal principal,
char *pass);
kadm5_ret_t kadm5_chpass_principal_3(void *server_handle,
krb5_principal principal,
krb5_boolean keepold,
int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
char *pass);
#if USE_KADM5_API_VERSION == 1
kadm5_ret_t kadm5_randkey_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock **keyblock);
#else
kadm5_ret_t kadm5_randkey_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock **keyblocks,
int *n_keys);
kadm5_ret_t kadm5_randkey_principal_3(void *server_handle,
krb5_principal principal,
krb5_boolean keepold,
int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
krb5_keyblock **keyblocks,
int *n_keys);
#endif
kadm5_ret_t kadm5_setv4key_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock *keyblock);
kadm5_ret_t kadm5_setkey_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock *keyblocks,
int n_keys);
kadm5_ret_t kadm5_setkey_principal_3(void *server_handle,
krb5_principal principal,
krb5_boolean keepold,
int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
krb5_keyblock *keyblocks,
int n_keys);
kadm5_ret_t kadm5_decrypt_key(void *server_handle,
kadm5_principal_ent_t entry, krb5_int32
ktype, krb5_int32 stype, krb5_int32
kvno, krb5_keyblock *keyblock,
krb5_keysalt *keysalt, int *kvnop);
kadm5_ret_t kadm5_create_policy(void *server_handle,
kadm5_policy_ent_t ent,
long mask);
/*
* kadm5_create_policy_internal is not part of the supported,
* exposed API. It is available only in the server library, and you
* shouldn't use it unless you know why it's there and how it's
* different from kadm5_create_policy.
*/
kadm5_ret_t kadm5_create_policy_internal(void *server_handle,
kadm5_policy_ent_t
entry, long mask);
kadm5_ret_t kadm5_delete_policy(void *server_handle,
kadm5_policy_t policy);
kadm5_ret_t kadm5_modify_policy(void *server_handle,
kadm5_policy_ent_t ent,
long mask);
/*
* kadm5_modify_policy_internal is not part of the supported,
* exposed API. It is available only in the server library, and you
* shouldn't use it unless you know why it's there and how it's
* different from kadm5_modify_policy.
*/
kadm5_ret_t kadm5_modify_policy_internal(void *server_handle,
kadm5_policy_ent_t
entry, long mask);
#if USE_KADM5_API_VERSION == 1
kadm5_ret_t kadm5_get_policy(void *server_handle,
kadm5_policy_t policy,
kadm5_policy_ent_t *ent);
#else
kadm5_ret_t kadm5_get_policy(void *server_handle,
kadm5_policy_t policy,
kadm5_policy_ent_t ent);
#endif
kadm5_ret_t kadm5_get_privs(void *server_handle,
long *privs);
kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
krb5_principal princ,
char *new_pw,
char **ret_pw,
char *msg_ret,
unsigned int msg_len);
kadm5_ret_t kadm5_free_principal_ent(void *server_handle,
kadm5_principal_ent_t
ent);
kadm5_ret_t kadm5_free_policy_ent(void *server_handle,
kadm5_policy_ent_t ent);
kadm5_ret_t kadm5_get_principals(void *server_handle,
char *exp, char ***princs,
int *count);
kadm5_ret_t kadm5_get_policies(void *server_handle,
char *exp, char ***pols,
int *count);
#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_free_key_data(void *server_handle,
krb5_int16 *n_key_data,
krb5_key_data *key_data);
#endif
kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names,
int count);
#if USE_KADM5_API_VERSION == 1
/*
* OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time
* compatible with KADM5_API_VERSION_2. Basically, this means we have
* to continue to provide all the old ovsec_kadm function and symbol
* names.
*/
#define OVSEC_KADM_ACLFILE "/krb5/ovsec_adm.acl"
#define OVSEC_KADM_WORDFILE "/krb5/ovsec_adm.dict"
#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin"
#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw"
#define OVSEC_KADM_HIST_PRINCIPAL "ovsec_adm/history"
typedef krb5_principal ovsec_kadm_princ_t;
typedef krb5_keyblock ovsec_kadm_keyblock;
typedef char *ovsec_kadm_policy_t;
typedef long ovsec_kadm_ret_t;
enum ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL };
enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL };
#define OVSEC_KADM_PW_FIRST_PROMPT \
((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
#define OVSEC_KADM_PW_SECOND_PROMPT \
((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
/*
* Successful return code
*/
#define OVSEC_KADM_OK 0
/*
* Create/Modify masks
*/
/* principal */
#define OVSEC_KADM_PRINCIPAL 0x000001
#define OVSEC_KADM_PRINC_EXPIRE_TIME 0x000002
#define OVSEC_KADM_PW_EXPIRATION 0x000004
#define OVSEC_KADM_LAST_PWD_CHANGE 0x000008
#define OVSEC_KADM_ATTRIBUTES 0x000010
#define OVSEC_KADM_MAX_LIFE 0x000020
#define OVSEC_KADM_MOD_TIME 0x000040
#define OVSEC_KADM_MOD_NAME 0x000080
#define OVSEC_KADM_KVNO 0x000100
#define OVSEC_KADM_MKVNO 0x000200
#define OVSEC_KADM_AUX_ATTRIBUTES 0x000400
#define OVSEC_KADM_POLICY 0x000800
#define OVSEC_KADM_POLICY_CLR 0x001000
/* policy */
#define OVSEC_KADM_PW_MAX_LIFE 0x004000
#define OVSEC_KADM_PW_MIN_LIFE 0x008000
#define OVSEC_KADM_PW_MIN_LENGTH 0x010000
#define OVSEC_KADM_PW_MIN_CLASSES 0x020000
#define OVSEC_KADM_PW_HISTORY_NUM 0x040000
#define OVSEC_KADM_REF_COUNT 0x080000
/*
* permission bits
*/
#define OVSEC_KADM_PRIV_GET 0x01
#define OVSEC_KADM_PRIV_ADD 0x02
#define OVSEC_KADM_PRIV_MODIFY 0x04
#define OVSEC_KADM_PRIV_DELETE 0x08
/*
* API versioning constants
*/
#define OVSEC_KADM_MASK_BITS 0xffffff00
#define OVSEC_KADM_STRUCT_VERSION_MASK 0x12345600
#define OVSEC_KADM_STRUCT_VERSION_1 (OVSEC_KADM_STRUCT_VERSION_MASK|0x01)
#define OVSEC_KADM_STRUCT_VERSION OVSEC_KADM_STRUCT_VERSION_1
#define OVSEC_KADM_API_VERSION_MASK 0x12345700
#define OVSEC_KADM_API_VERSION_1 (OVSEC_KADM_API_VERSION_MASK|0x01)
typedef struct _ovsec_kadm_principal_ent_t {
krb5_principal principal;
krb5_timestamp princ_expire_time;
krb5_timestamp last_pwd_change;
krb5_timestamp pw_expiration;
krb5_deltat max_life;
krb5_principal mod_name;
krb5_timestamp mod_date;
krb5_flags attributes;
krb5_kvno kvno;
krb5_kvno mkvno;
char *policy;
long aux_attributes;
} ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t;
typedef struct _ovsec_kadm_policy_ent_t {
char *policy;
long pw_min_life;
long pw_max_life;
long pw_min_length;
long pw_min_classes;
long pw_history_num;
long policy_refcnt;
} ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t;
/*
* functions
*/
ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass,
char *service_name, char *realm,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name,
char *pass,
char *service_name,
char *realm,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name,
char *keytab,
char *service_name,
char *realm,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle);
ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle);
ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle,
ovsec_kadm_principal_ent_t ent,
long mask, char *pass);
ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle,
krb5_principal principal);
ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle,
ovsec_kadm_principal_ent_t ent,
long mask);
ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle,
krb5_principal,krb5_principal);
ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle,
krb5_principal principal,
ovsec_kadm_principal_ent_t *ent);
ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle,
krb5_principal principal,
char *pass);
ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock **keyblock);
ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle,
ovsec_kadm_policy_ent_t ent,
long mask);
/*
* ovsec_kadm_create_policy_internal is not part of the supported,
* exposed API. It is available only in the server library, and you
* shouldn't use it unless you know why it's there and how it's
* different from ovsec_kadm_create_policy.
*/
ovsec_kadm_ret_t ovsec_kadm_create_policy_internal(void *server_handle,
ovsec_kadm_policy_ent_t
entry, long mask);
ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle,
ovsec_kadm_policy_t policy);
ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle,
ovsec_kadm_policy_ent_t ent,
long mask);
/*
* ovsec_kadm_modify_policy_internal is not part of the supported,
* exposed API. It is available only in the server library, and you
* shouldn't use it unless you know why it's there and how it's
* different from ovsec_kadm_modify_policy.
*/
ovsec_kadm_ret_t ovsec_kadm_modify_policy_internal(void *server_handle,
ovsec_kadm_policy_ent_t
entry, long mask);
ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle,
ovsec_kadm_policy_t policy,
ovsec_kadm_policy_ent_t *ent);
ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle,
long *privs);
ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle,
krb5_principal princ,
char *new_pw,
char **ret_pw,
char *msg_ret);
ovsec_kadm_ret_t ovsec_kadm_free_principal_ent(void *server_handle,
ovsec_kadm_principal_ent_t
ent);
ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle,
ovsec_kadm_policy_ent_t ent);
ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle,
char **names, int count);
ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle,
char *exp, char ***princs,
int *count);
ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle,
char *exp, char ***pols,
int *count);
#define OVSEC_KADM_FAILURE KADM5_FAILURE
#define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET
#define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD
#define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY
#define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE
#define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT
#define OVSEC_KADM_BAD_DB KADM5_BAD_DB
#define OVSEC_KADM_DUP KADM5_DUP
#define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR
#define OVSEC_KADM_NO_SRV KADM5_NO_SRV
#define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY
#define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT
#define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC
#define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY
#define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK
#define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS
#define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH
#define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY
#define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL
#define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR
#define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY
#define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE
#define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT
#define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS
#define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT
#define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE
#define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON
#define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF
#define OVSEC_KADM_INIT KADM5_INIT
#define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD
#define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL
#define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE
#define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION
#define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION
#define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION
#define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION
#define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION
#define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION
#define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION
#define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION
#define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING
#define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT
#endif /* USE_KADM5_API_VERSION == 1 */
#endif /* __KADM5_ADMIN_H__ */

View File

@ -0,0 +1,38 @@
/*
* ettmp27966.h:
* This file is automatically generated; please do not edit it.
*/
#include <com_err.h>
#define CHPASS_UTIL_GET_POLICY_INFO (-1492553984L)
#define CHPASS_UTIL_GET_PRINC_INFO (-1492553983L)
#define CHPASS_UTIL_NEW_PASSWORD_MISMATCH (-1492553982L)
#define CHPASS_UTIL_NEW_PASSWORD_PROMPT (-1492553981L)
#define CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT (-1492553980L)
#define CHPASS_UTIL_NO_PASSWORD_READ (-1492553979L)
#define CHPASS_UTIL_NO_POLICY_YET_Q_ERROR (-1492553978L)
#define CHPASS_UTIL_PASSWORD_CHANGED (-1492553977L)
#define CHPASS_UTIL_PASSWORD_IN_DICTIONARY (-1492553976L)
#define CHPASS_UTIL_PASSWORD_NOT_CHANGED (-1492553975L)
#define CHPASS_UTIL_PASSWORD_TOO_SHORT (-1492553974L)
#define CHPASS_UTIL_TOO_FEW_CLASSES (-1492553973L)
#define CHPASS_UTIL_PASSWORD_TOO_SOON (-1492553972L)
#define CHPASS_UTIL_PASSWORD_REUSE (-1492553971L)
#define CHPASS_UTIL_WHILE_TRYING_TO_CHANGE (-1492553970L)
#define CHPASS_UTIL_WHILE_READING_PASSWORD (-1492553969L)
#define ERROR_TABLE_BASE_ovku (-1492553984L)
extern const struct error_table et_ovku_error_table;
#if !defined(_WIN32)
/* for compatibility with older versions... */
extern void initialize_ovku_error_table (void) /*@modifies internalState@*/;
#else
#define initialize_ovku_error_table()
#endif
#if !defined(_WIN32)
#define init_ovku_err_tbl initialize_ovku_error_table
#define ovku_err_base ERROR_TABLE_BASE_ovku
#endif

77
include/kadm5/kadm_err.h Normal file
View File

@ -0,0 +1,77 @@
/*
* ettmp27967.h:
* This file is automatically generated; please do not edit it.
*/
#include <com_err.h>
#define KADM5_FAILURE (43787520L)
#define KADM5_AUTH_GET (43787521L)
#define KADM5_AUTH_ADD (43787522L)
#define KADM5_AUTH_MODIFY (43787523L)
#define KADM5_AUTH_DELETE (43787524L)
#define KADM5_AUTH_INSUFFICIENT (43787525L)
#define KADM5_BAD_DB (43787526L)
#define KADM5_DUP (43787527L)
#define KADM5_RPC_ERROR (43787528L)
#define KADM5_NO_SRV (43787529L)
#define KADM5_BAD_HIST_KEY (43787530L)
#define KADM5_NOT_INIT (43787531L)
#define KADM5_UNK_PRINC (43787532L)
#define KADM5_UNK_POLICY (43787533L)
#define KADM5_BAD_MASK (43787534L)
#define KADM5_BAD_CLASS (43787535L)
#define KADM5_BAD_LENGTH (43787536L)
#define KADM5_BAD_POLICY (43787537L)
#define KADM5_BAD_PRINCIPAL (43787538L)
#define KADM5_BAD_AUX_ATTR (43787539L)
#define KADM5_BAD_HISTORY (43787540L)
#define KADM5_BAD_MIN_PASS_LIFE (43787541L)
#define KADM5_PASS_Q_TOOSHORT (43787542L)
#define KADM5_PASS_Q_CLASS (43787543L)
#define KADM5_PASS_Q_DICT (43787544L)
#define KADM5_PASS_REUSE (43787545L)
#define KADM5_PASS_TOOSOON (43787546L)
#define KADM5_POLICY_REF (43787547L)
#define KADM5_INIT (43787548L)
#define KADM5_BAD_PASSWORD (43787549L)
#define KADM5_PROTECT_PRINCIPAL (43787550L)
#define KADM5_BAD_SERVER_HANDLE (43787551L)
#define KADM5_BAD_STRUCT_VERSION (43787552L)
#define KADM5_OLD_STRUCT_VERSION (43787553L)
#define KADM5_NEW_STRUCT_VERSION (43787554L)
#define KADM5_BAD_API_VERSION (43787555L)
#define KADM5_OLD_LIB_API_VERSION (43787556L)
#define KADM5_OLD_SERVER_API_VERSION (43787557L)
#define KADM5_NEW_LIB_API_VERSION (43787558L)
#define KADM5_NEW_SERVER_API_VERSION (43787559L)
#define KADM5_SECURE_PRINC_MISSING (43787560L)
#define KADM5_NO_RENAME_SALT (43787561L)
#define KADM5_BAD_CLIENT_PARAMS (43787562L)
#define KADM5_BAD_SERVER_PARAMS (43787563L)
#define KADM5_AUTH_LIST (43787564L)
#define KADM5_AUTH_CHANGEPW (43787565L)
#define KADM5_GSS_ERROR (43787566L)
#define KADM5_BAD_TL_TYPE (43787567L)
#define KADM5_MISSING_CONF_PARAMS (43787568L)
#define KADM5_BAD_SERVER_NAME (43787569L)
#define KADM5_AUTH_SETKEY (43787570L)
#define KADM5_SETKEY_DUP_ENCTYPES (43787571L)
#define KADM5_SETV4KEY_INVAL_ENCTYPE (43787572L)
#define KADM5_SETKEY3_ETYPE_MISMATCH (43787573L)
#define KADM5_MISSING_KRB5_CONF_PARAMS (43787574L)
#define ERROR_TABLE_BASE_ovk (43787520L)
extern const struct error_table et_ovk_error_table;
#if !defined(_WIN32)
/* for compatibility with older versions... */
extern void initialize_ovk_error_table (void) /*@modifies internalState@*/;
#else
#define initialize_ovk_error_table()
#endif
#if !defined(_WIN32)
#define init_ovk_err_tbl initialize_ovk_error_table
#define ovk_err_base ERROR_TABLE_BASE_ovk
#endif

335
include/kadm5/kadm_rpc.h Normal file
View File

@ -0,0 +1,335 @@
#ifndef __KADM_RPC_H__
#define __KADM_RPC_H__
#include <gssrpc/types.h>
#include <krb5.h>
#include <kadm5/admin.h>
struct cprinc_arg {
krb5_ui_4 api_version;
kadm5_principal_ent_rec rec;
long mask;
char *passwd;
};
typedef struct cprinc_arg cprinc_arg;
bool_t xdr_cprinc_arg();
struct cprinc3_arg {
krb5_ui_4 api_version;
kadm5_principal_ent_rec rec;
long mask;
int n_ks_tuple;
krb5_key_salt_tuple *ks_tuple;
char *passwd;
};
typedef struct cprinc3_arg cprinc3_arg;
bool_t xdr_cprinc3_arg();
struct generic_ret {
krb5_ui_4 api_version;
kadm5_ret_t code;
};
typedef struct generic_ret generic_ret;
bool_t xdr_generic_ret();
struct dprinc_arg {
krb5_ui_4 api_version;
krb5_principal princ;
};
typedef struct dprinc_arg dprinc_arg;
bool_t xdr_dprinc_arg();
struct mprinc_arg {
krb5_ui_4 api_version;
kadm5_principal_ent_rec rec;
long mask;
};
typedef struct mprinc_arg mprinc_arg;
bool_t xdr_mprinc_arg();
struct rprinc_arg {
krb5_ui_4 api_version;
krb5_principal src;
krb5_principal dest;
};
typedef struct rprinc_arg rprinc_arg;
bool_t xdr_rprinc_arg();
struct gprincs_arg {
krb5_ui_4 api_version;
char *exp;
};
typedef struct gprincs_arg gprincs_arg;
bool_t xdr_gprincs_arg();
struct gprincs_ret {
krb5_ui_4 api_version;
kadm5_ret_t code;
char **princs;
int count;
};
typedef struct gprincs_ret gprincs_ret;
bool_t xdr_gprincs_ret();
struct chpass_arg {
krb5_ui_4 api_version;
krb5_principal princ;
char *pass;
};
typedef struct chpass_arg chpass_arg;
bool_t xdr_chpass_arg();
struct chpass3_arg {
krb5_ui_4 api_version;
krb5_principal princ;
krb5_boolean keepold;
int n_ks_tuple;
krb5_key_salt_tuple *ks_tuple;
char *pass;
};
typedef struct chpass3_arg chpass3_arg;
bool_t xdr_chpass3_arg();
struct setv4key_arg {
krb5_ui_4 api_version;
krb5_principal princ;
krb5_keyblock *keyblock;
};
typedef struct setv4key_arg setv4key_arg;
bool_t xdr_setv4key_arg();
struct setkey_arg {
krb5_ui_4 api_version;
krb5_principal princ;
krb5_keyblock *keyblocks;
int n_keys;
};
typedef struct setkey_arg setkey_arg;
bool_t xdr_setkey_arg();
struct setkey3_arg {
krb5_ui_4 api_version;
krb5_principal princ;
krb5_boolean keepold;
int n_ks_tuple;
krb5_key_salt_tuple *ks_tuple;
krb5_keyblock *keyblocks;
int n_keys;
};
typedef struct setkey3_arg setkey3_arg;
bool_t xdr_setkey3_arg();
struct chrand_arg {
krb5_ui_4 api_version;
krb5_principal princ;
};
typedef struct chrand_arg chrand_arg;
bool_t xdr_chrand_arg();
struct chrand3_arg {
krb5_ui_4 api_version;
krb5_principal princ;
krb5_boolean keepold;
int n_ks_tuple;
krb5_key_salt_tuple *ks_tuple;
};
typedef struct chrand3_arg chrand3_arg;
bool_t xdr_chrand3_arg();
struct chrand_ret {
krb5_ui_4 api_version;
kadm5_ret_t code;
krb5_keyblock key;
krb5_keyblock *keys;
int n_keys;
};
typedef struct chrand_ret chrand_ret;
bool_t xdr_chrand_ret();
struct gprinc_arg {
krb5_ui_4 api_version;
krb5_principal princ;
long mask;
};
typedef struct gprinc_arg gprinc_arg;
bool_t xdr_gprinc_arg();
struct gprinc_ret {
krb5_ui_4 api_version;
kadm5_ret_t code;
kadm5_principal_ent_rec rec;
};
typedef struct gprinc_ret gprinc_ret;
bool_t xdr_gprinc_ret();
bool_t xdr_kadm5_ret_t();
bool_t xdr_kadm5_principal_ent_rec();
bool_t xdr_kadm5_policy_ent_rec();
bool_t xdr_krb5_keyblock();
bool_t xdr_krb5_principal();
bool_t xdr_krb5_enctype();
bool_t xdr_krb5_octet();
bool_t xdr_krb5_int32();
bool_t xdr_u_int32();
struct cpol_arg {
krb5_ui_4 api_version;
kadm5_policy_ent_rec rec;
long mask;
};
typedef struct cpol_arg cpol_arg;
bool_t xdr_cpol_arg();
struct dpol_arg {
krb5_ui_4 api_version;
char *name;
};
typedef struct dpol_arg dpol_arg;
bool_t xdr_dpol_arg();
struct mpol_arg {
krb5_ui_4 api_version;
kadm5_policy_ent_rec rec;
long mask;
};
typedef struct mpol_arg mpol_arg;
bool_t xdr_mpol_arg();
struct gpol_arg {
krb5_ui_4 api_version;
char *name;
};
typedef struct gpol_arg gpol_arg;
bool_t xdr_gpol_arg();
struct gpol_ret {
krb5_ui_4 api_version;
kadm5_ret_t code;
kadm5_policy_ent_rec rec;
};
typedef struct gpol_ret gpol_ret;
bool_t xdr_gpol_ret();
struct gpols_arg {
krb5_ui_4 api_version;
char *exp;
};
typedef struct gpols_arg gpols_arg;
bool_t xdr_gpols_arg();
struct gpols_ret {
krb5_ui_4 api_version;
kadm5_ret_t code;
char **pols;
int count;
};
typedef struct gpols_ret gpols_ret;
bool_t xdr_gpols_ret();
struct getprivs_ret {
krb5_ui_4 api_version;
kadm5_ret_t code;
long privs;
};
typedef struct getprivs_ret getprivs_ret;
bool_t xdr_getprivs_ret();
#define KADM ((krb5_ui_4)2112)
#define KADMVERS ((krb5_ui_4)2)
#define CREATE_PRINCIPAL ((krb5_ui_4)1)
extern generic_ret *create_principal_1_svc(cprinc_arg *arg,
struct svc_req *rqstp);
extern generic_ret *create_principal_1(cprinc_arg *argp, CLIENT *clnt);
#define DELETE_PRINCIPAL ((krb5_ui_4)2)
extern generic_ret *delete_principal_1_svc(dprinc_arg *arg,
struct svc_req *rqstp);
extern generic_ret *delete_principal_1(dprinc_arg *argp, CLIENT *clnt);
#define MODIFY_PRINCIPAL ((krb5_ui_4)3)
extern generic_ret *modify_principal_1_svc(mprinc_arg *arg,
struct svc_req *rqstp);
extern generic_ret *modify_principal_1(mprinc_arg *argp, CLIENT *clnt);
#define RENAME_PRINCIPAL ((krb5_ui_4)4)
extern generic_ret *rename_principal_1_svc(rprinc_arg *arg,
struct svc_req *rqstp);
extern generic_ret *rename_principal_1(rprinc_arg *argp, CLIENT *clnt);
#define GET_PRINCIPAL ((krb5_ui_4)5)
extern gprinc_ret *get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp);
extern gprinc_ret *get_principal_1(gprinc_arg *argp, CLIENT *clnt);
#define CHPASS_PRINCIPAL ((krb5_ui_4)6)
extern generic_ret *chpass_principal_1_svc(chpass_arg *arg,
struct svc_req *rqstp);
extern generic_ret *chpass_principal_1(chpass_arg *argp, CLIENT *clnt);
#define CHRAND_PRINCIPAL ((krb5_ui_4)7)
extern chrand_ret *chrand_principal_1_svc(chrand_arg *arg,
struct svc_req *rqstp);
extern chrand_ret *chrand_principal_1(chrand_arg *argp, CLIENT *clnt);
#define CREATE_POLICY ((krb5_ui_4)8)
extern generic_ret *create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp);
extern generic_ret *create_policy_1(cpol_arg *argp, CLIENT *clnt);
#define DELETE_POLICY ((krb5_ui_4)9)
extern generic_ret *delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp);
extern generic_ret *delete_policy_1(dpol_arg *argp, CLIENT *clnt);
#define MODIFY_POLICY ((krb5_ui_4)10)
extern generic_ret *modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp);
extern generic_ret *modify_policy_1(mpol_arg *argp, CLIENT *clnt);
#define GET_POLICY ((krb5_ui_4)11)
extern gpol_ret *get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp);
extern gpol_ret *get_policy_1(gpol_arg *argp, CLIENT *clnt);
#define GET_PRIVS ((krb5_ui_4)12)
extern getprivs_ret *get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp);
extern getprivs_ret *get_privs_1(void *argp, CLIENT *clnt);
#define INIT ((krb5_ui_4)13)
extern generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp);
extern generic_ret *init_1(void *argp, CLIENT *clnt);
#define GET_PRINCS ((krb5_ui_4) 14)
extern gprincs_ret *get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp);
extern gprincs_ret *get_princs_1(gprincs_arg *argp, CLIENT *clnt);
#define GET_POLS ((krb5_ui_4) 15)
extern gpols_ret *get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp);
extern gpols_ret *get_pols_1(gpols_arg *argp, CLIENT *clnt);
#define SETKEY_PRINCIPAL ((krb5_ui_4) 16)
extern generic_ret *setkey_principal_1_svc(setkey_arg *arg,
struct svc_req *rqstp);
extern generic_ret *setkey_principal_1(setkey_arg *argp, CLIENT *clnt);
#define SETV4KEY_PRINCIPAL ((krb5_ui_4) 17)
extern generic_ret *setv4key_principal_1_svc(setv4key_arg *arg,
struct svc_req *rqstp);
extern generic_ret *setv4key_principal_1(setv4key_arg *argp, CLIENT *clnt);
#define CREATE_PRINCIPAL3 ((krb5_ui_4) 18)
extern generic_ret *create_principal3_1_svc(cprinc3_arg *arg,
struct svc_req *rqstp);
extern generic_ret *create_principal3_1(cprinc3_arg *argp, CLIENT *clnt);
#define CHPASS_PRINCIPAL3 ((krb5_ui_4) 19)
extern generic_ret *chpass_principal3_1_svc(chpass3_arg *arg,
struct svc_req *rqstp);
extern generic_ret *chpass_principal3_1(chpass3_arg *argp, CLIENT *clnt);
#define CHRAND_PRINCIPAL3 ((krb5_ui_4) 20)
extern chrand_ret *chrand_principal3_1_svc(chrand3_arg *arg,
struct svc_req *rqstp);
extern chrand_ret *chrand_principal3_1(chrand3_arg *argp, CLIENT *clnt);
#define SETKEY_PRINCIPAL3 ((krb5_ui_4) 21)
extern generic_ret *setkey_principal3_1_svc(setkey3_arg *arg,
struct svc_req *rqstp);
extern generic_ret *setkey_principal3_1(setkey3_arg *argp, CLIENT *clnt);
#endif /* __KADM_RPC_H__ */

334
include/kdb.h Normal file
View File

@ -0,0 +1,334 @@
/*
* include/krb5/kdb.h
*
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* KDC Database interface definitions.
*/
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
* All rights reserved.
*
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of FundsXpress. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
#ifndef KRB5_KDB5__
#define KRB5_KDB5__
/* Salt types */
#define KRB5_KDB_SALTTYPE_NORMAL 0
#define KRB5_KDB_SALTTYPE_V4 1
#define KRB5_KDB_SALTTYPE_NOREALM 2
#define KRB5_KDB_SALTTYPE_ONLYREALM 3
#define KRB5_KDB_SALTTYPE_SPECIAL 4
#define KRB5_KDB_SALTTYPE_AFS3 5
/* Attributes */
#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
#define KRB5_KDB_DISALLOW_SVR 0x00001000
#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
#define KRB5_KDB_SUPPORT_DESMD5 0x00004000
#define KRB5_KDB_NEW_PRINC 0x00008000
/* Creation flags */
#define KRB5_KDB_CREATE_BTREE 0x00000001
#define KRB5_KDB_CREATE_HASH 0x00000002
#if !defined(_WIN32)
/*
* Note --- these structures cannot be modified without changing the
* database version number in libkdb.a, but should be expandable by
* adding new tl_data types.
*/
typedef struct _krb5_tl_data {
struct _krb5_tl_data* tl_data_next; /* NOT saved */
krb5_int16 tl_data_type;
krb5_ui_2 tl_data_length;
krb5_octet * tl_data_contents;
} krb5_tl_data;
/*
* If this ever changes up the version number and make the arrays be as
* big as necessary.
*
* Currently the first type is the enctype and the second is the salt type.
*/
typedef struct _krb5_key_data {
krb5_int16 key_data_ver; /* Version */
krb5_int16 key_data_kvno; /* Key Version */
krb5_int16 key_data_type[2]; /* Array of types */
krb5_ui_2 key_data_length[2]; /* Array of lengths */
krb5_octet * key_data_contents[2]; /* Array of pointers */
} krb5_key_data;
#define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */
typedef struct _krb5_keysalt {
krb5_int16 type;
krb5_data data; /* Length, data */
} krb5_keysalt;
typedef struct _krb5_db_entry_new {
krb5_magic magic; /* NOT saved */
krb5_ui_2 len;
krb5_flags attributes;
krb5_deltat max_life;
krb5_deltat max_renewable_life;
krb5_timestamp expiration; /* When the client expires */
krb5_timestamp pw_expiration; /* When its passwd expires */
krb5_timestamp last_success; /* Last successful passwd */
krb5_timestamp last_failed; /* Last failed passwd attempt */
krb5_kvno fail_auth_count; /* # of failed passwd attempt */
krb5_int16 n_tl_data;
krb5_int16 n_key_data;
krb5_ui_2 e_length; /* Length of extra data */
krb5_octet * e_data; /* Extra data to be saved */
krb5_principal princ; /* Length, data */
krb5_tl_data * tl_data; /* Linked list */
krb5_key_data * key_data; /* Array */
} krb5_db_entry;
#define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb
#define KRB5_KDB_V1_BASE_LENGTH 38
#define KRB5_TL_LAST_PWD_CHANGE 0x0001
#define KRB5_TL_MOD_PRINC 0x0002
#define KRB5_TL_KADM_DATA 0x0003
#define KRB5_TL_KADM5_E_DATA 0x0004
#define KRB5_TL_RB1_CHALLENGE 0x0005
#ifdef SECURID
#define KRB5_TL_SECURID_STATE 0x0006
#endif /* SECURID */
/*
* Determines the number of failed KDC requests before DISALLOW_ALL_TIX is set
* on the principal.
*/
#define KRB5_MAX_FAIL_COUNT 5
/* XXX depends on knowledge of krb5_parse_name() formats */
#define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */
/* prompts used by default when reading the KDC password from the keyboard. */
#define KRB5_KDC_MKEY_1 "Enter KDC database master key"
#define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify"
extern char *krb5_mkey_pwd_prompt1;
extern char *krb5_mkey_pwd_prompt2;
/*
* These macros specify the encoding of data within the database.
*
* Data encoding is little-endian.
*/
#define krb5_kdb_decode_int16(cp, i16) \
*((krb5_int16 *) &(i16)) = (((krb5_int16) ((unsigned char) (cp)[0]))| \
((krb5_int16) ((unsigned char) (cp)[1]) << 8))
#define krb5_kdb_decode_int32(cp, i32) \
*((krb5_int32 *) &(i32)) = (((krb5_int32) ((unsigned char) (cp)[0]))| \
((krb5_int32) ((unsigned char) (cp)[1]) << 8) | \
((krb5_int32) ((unsigned char) (cp)[2]) << 16)| \
((krb5_int32) ((unsigned char) (cp)[3]) << 24))
#define krb5_kdb_encode_int16(i16, cp) \
{ \
(cp)[0] = (unsigned char) ((i16) & 0xff); \
(cp)[1] = (unsigned char) (((i16) >> 8) & 0xff); \
}
#define krb5_kdb_encode_int32(i32, cp) \
{ \
(cp)[0] = (unsigned char) ((i32) & 0xff); \
(cp)[1] = (unsigned char) (((i32) >> 8) & 0xff); \
(cp)[2] = (unsigned char) (((i32) >> 16) & 0xff); \
(cp)[3] = (unsigned char) (((i32) >> 24) & 0xff); \
}
/* libkdb.spec */
krb5_error_code krb5_db_set_name (krb5_context, char * );
krb5_error_code krb5_db_init (krb5_context);
krb5_error_code krb5_db_fini (krb5_context);
krb5_error_code krb5_db_get_age (krb5_context, char *, time_t * );
krb5_error_code krb5_db_create (krb5_context, char *, krb5_int32 );
krb5_error_code krb5_db_rename (krb5_context, char *, char * );
krb5_error_code krb5_db_get_principal (krb5_context, krb5_const_principal ,
krb5_db_entry *, int *,
krb5_boolean * );
void krb5_db_free_principal (krb5_context, krb5_db_entry *, int );
krb5_error_code krb5_db_put_principal (krb5_context, krb5_db_entry *, int * );
krb5_error_code krb5_db_delete_principal (krb5_context, krb5_const_principal,
int * );
krb5_error_code krb5_db_iterate (krb5_context,
krb5_error_code (* ) (krb5_pointer,
krb5_db_entry *),
krb5_pointer);
krb5_error_code krb5_db_iterate_ext (krb5_context,
krb5_error_code (* ) (krb5_pointer,
krb5_db_entry *),
krb5_pointer, int, int);
krb5_error_code krb5_db_verify_master_key (krb5_context, krb5_principal,
krb5_keyblock *);
krb5_error_code krb5_db_store_mkey (krb5_context, char *, krb5_principal,
krb5_keyblock *);
krb5_error_code krb5_db_setup_mkey_name (krb5_context, const char *,
const char *, char **,
krb5_principal *);
krb5_error_code krb5_db_set_mkey (krb5_context, krb5_keyblock *);
krb5_error_code krb5_db_get_mkey (krb5_context, krb5_keyblock **);
krb5_error_code krb5_db_destroy (krb5_context, char * );
krb5_error_code krb5_db_lock (krb5_context, int );
krb5_error_code krb5_db_unlock (krb5_context);
krb5_error_code krb5_db_set_nonblocking (krb5_context, krb5_boolean,
krb5_boolean * );
krb5_boolean krb5_db_set_lockmode (krb5_context, krb5_boolean);
krb5_error_code krb5_db_fetch_mkey (krb5_context, krb5_principal, krb5_enctype,
krb5_boolean, krb5_boolean, char *,
krb5_data *,
krb5_keyblock * );
krb5_error_code krb5_db_open_database (krb5_context);
krb5_error_code krb5_db_close_database (krb5_context);
krb5_error_code krb5_dbekd_encrypt_key_data (krb5_context,
const krb5_keyblock *,
const krb5_keyblock *,
const krb5_keysalt *,
int,
krb5_key_data *);
krb5_error_code krb5_dbekd_decrypt_key_data (krb5_context,
const krb5_keyblock *,
const krb5_key_data *,
krb5_keyblock *,
krb5_keysalt *);
krb5_error_code krb5_dbe_create_key_data (krb5_context,
krb5_db_entry *);
krb5_error_code krb5_dbe_update_tl_data (krb5_context,
krb5_db_entry *,
krb5_tl_data *);
krb5_error_code krb5_dbe_lookup_tl_data (krb5_context,
krb5_db_entry *,
krb5_tl_data *);
krb5_error_code krb5_dbe_update_last_pwd_change (krb5_context,
krb5_db_entry *,
krb5_timestamp);
krb5_error_code krb5_dbe_lookup_last_pwd_change (krb5_context,
krb5_db_entry *,
krb5_timestamp *);
krb5_error_code krb5_dbe_update_mod_princ_data (krb5_context,
krb5_db_entry *,
krb5_timestamp,
krb5_const_principal);
krb5_error_code krb5_dbe_lookup_mod_princ_data (krb5_context,
krb5_db_entry *,
krb5_timestamp *,
krb5_principal *);
int krb5_encode_princ_dbkey (krb5_context, krb5_data *, krb5_const_principal);
void krb5_free_princ_dbkey (krb5_context, krb5_data *);
krb5_error_code krb5_encode_princ_contents (krb5_context, krb5_data *,
krb5_db_entry *);
void krb5_free_princ_contents (krb5_context, krb5_data *);
krb5_error_code krb5_decode_princ_contents (krb5_context, krb5_data *,
krb5_db_entry *);
void krb5_dbe_free_contents (krb5_context, krb5_db_entry *);
krb5_error_code krb5_dbe_find_enctype (krb5_context, krb5_db_entry *,
krb5_int32,
krb5_int32,
krb5_int32,
krb5_key_data **);
krb5_error_code krb5_dbe_search_enctype (krb5_context,
krb5_db_entry *,
krb5_int32 *,
krb5_int32,
krb5_int32,
krb5_int32,
krb5_key_data **);
struct __krb5_key_salt_tuple;
krb5_error_code krb5_dbe_cpw (krb5_context,
krb5_keyblock *,
struct __krb5_key_salt_tuple *,
int,
char *,
int,
krb5_boolean,
krb5_db_entry *);
krb5_error_code krb5_dbe_apw (krb5_context,
krb5_keyblock *,
struct __krb5_key_salt_tuple *,
int,
char *,
krb5_db_entry *);
krb5_error_code krb5_dbe_crk (krb5_context,
krb5_keyblock *,
struct __krb5_key_salt_tuple *,
int,
krb5_boolean,
krb5_db_entry *);
krb5_error_code krb5_dbe_ark (krb5_context,
krb5_keyblock *,
struct __krb5_key_salt_tuple *,
int,
krb5_db_entry *);
krb5_error_code krb5_ser_db_context_init (krb5_context);
#define KRB5_KDB_DEF_FLAGS 0
#endif /* !defined(_WIN32) */
#endif /* KRB5_KDB5__ */