diff --git a/include/k5-platform.h b/include/k5-platform.h new file mode 100644 index 0000000..affdde1 --- /dev/null +++ b/include/k5-platform.h @@ -0,0 +1 @@ +/* This file left intentionally blank. */ diff --git a/include/kadm5/adb_err.h b/include/kadm5/adb_err.h deleted file mode 100644 index e018099..0000000 --- a/include/kadm5/adb_err.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * ettmp27965.h: - * This file is automatically generated; please do not edit it. - */ - -#include - -#define OSA_ADB_NOERR (28810240L) -#define OSA_ADB_DUP (28810241L) -#define OSA_ADB_NOENT (28810242L) -#define OSA_ADB_DBINIT (28810243L) -#define OSA_ADB_BAD_POLICY (28810244L) -#define OSA_ADB_BAD_PRINC (28810245L) -#define OSA_ADB_BAD_DB (28810246L) -#define OSA_ADB_XDR_FAILURE (28810247L) -#define OSA_ADB_FAILURE (28810248L) -#define OSA_ADB_BADLOCKMODE (28810249L) -#define OSA_ADB_CANTLOCK_DB (28810250L) -#define OSA_ADB_NOTLOCKED (28810251L) -#define OSA_ADB_NOLOCKFILE (28810252L) -#define OSA_ADB_NOEXCL_PERM (28810253L) -#define ERROR_TABLE_BASE_adb (28810240L) - -extern const struct error_table et_adb_error_table; - -#if !defined(_WIN32) -/* for compatibility with older versions... */ -extern void initialize_adb_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_adb_error_table() -#endif - -#if !defined(_WIN32) -#define init_adb_err_tbl initialize_adb_error_table -#define adb_err_base ERROR_TABLE_BASE_adb -#endif diff --git a/include/kadm5/admin.h b/include/kadm5/admin.h index bde7846..99d18d4 100644 --- a/include/kadm5/admin.h +++ b/include/kadm5/admin.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved @@ -36,14 +36,13 @@ #if !defined(USE_KADM5_API_VERSION) #define USE_KADM5_API_VERSION 2 #endif - + #include #include #include #include #include #include -#include #include #define KADM5_ADMIN_SERVICE "kadmin/admin" @@ -89,9 +88,16 @@ typedef long kadm5_ret_t; #define KADM5_FAIL_AUTH_COUNT 0x010000 #define KADM5_KEY_DATA 0x020000 #define KADM5_TL_DATA 0x040000 +#ifdef notyet /* Novell */ +#define KADM5_CPW_FUNCTION 0x080000 +#define KADM5_RANDKEY_USED 0x100000 +#endif +#define KADM5_LOAD 0x200000 + /* all but KEY_DATA and TL_DATA */ #define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff + /* kadm5_policy_ent_t */ #define KADM5_PW_MAX_LIFE 0x004000 #define KADM5_PW_MIN_LIFE 0x008000 @@ -113,7 +119,7 @@ typedef long kadm5_ret_t; #define KADM5_CONFIG_ENCTYPE 0x000200 #define KADM5_CONFIG_ADBNAME 0x000400 #define KADM5_CONFIG_ADB_LOCKFILE 0x000800 -#define KADM5_CONFIG_PROFILE 0x001000 +/*#define KADM5_CONFIG_PROFILE 0x001000*/ #define KADM5_CONFIG_ACL_FILE 0x002000 #define KADM5_CONFIG_KADMIND_PORT 0x004000 #define KADM5_CONFIG_ENCTYPES 0x008000 @@ -124,7 +130,9 @@ typedef long kadm5_ret_t; #define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x100000 #define KADM5_CONFIG_NO_AUTH 0x200000 #define KADM5_CONFIG_AUTH_NOFALLBACK 0x400000 - +#ifdef notyet /* Novell */ +#define KADM5_CONFIG_KPASSWD_SERVER 0x800000 +#endif /* * permission bits */ @@ -204,22 +212,19 @@ typedef struct _kadm5_policy_ent_t { long policy_refcnt; } kadm5_policy_ent_rec, *kadm5_policy_ent_t; -typedef struct __krb5_key_salt_tuple { - krb5_enctype ks_enctype; - krb5_int32 ks_salttype; -} krb5_key_salt_tuple; - /* * Data structure returned by kadm5_get_config_params() */ typedef struct _kadm5_config_params { long mask; char * realm; - char * profile; int kadmind_port; int kpasswd_port; char * admin_server; +#ifdef notyet /* Novell */ /* ABI change? */ + char * kpasswd_server; +#endif char * dbname; char * admin_dbname; @@ -281,11 +286,11 @@ typedef struct __krb5_realm_params { #if USE_KADM5_API_VERSION > 1 krb5_error_code kadm5_get_config_params(krb5_context context, - char *kdcprofile, char *kdcenv, + int use_kdc_config, kadm5_config_params *params_in, kadm5_config_params *params_out); -krb5_error_code kadm5_free_config_params(krb5_context context, +krb5_error_code kadm5_free_config_params(krb5_context context, kadm5_config_params *params); krb5_error_code kadm5_free_realm_params(krb5_context kcontext, @@ -304,9 +309,10 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); kadm5_ret_t kadm5_init_with_password(char *client_name, - char *pass, + char *pass, char *service_name, #if USE_KADM5_API_VERSION == 1 char *realm, @@ -315,6 +321,7 @@ kadm5_ret_t kadm5_init_with_password(char *client_name, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, @@ -326,6 +333,7 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); #if USE_KADM5_API_VERSION > 1 kadm5_ret_t kadm5_init_with_creds(char *client_name, @@ -334,6 +342,7 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); #endif kadm5_ret_t kadm5_lock(void *server_handle); @@ -455,7 +464,7 @@ kadm5_ret_t kadm5_get_privs(void *server_handle, kadm5_ret_t kadm5_chpass_principal_util(void *server_handle, krb5_principal princ, - char *new_pw, + char *new_pw, char **ret_pw, char *msg_ret, unsigned int msg_len); @@ -480,9 +489,11 @@ kadm5_ret_t kadm5_free_key_data(void *server_handle, krb5_key_data *key_data); #endif -kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names, +kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names, int count); +krb5_error_code kadm5_init_krb5_context (krb5_context *); + #if USE_KADM5_API_VERSION == 1 /* * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time @@ -515,7 +526,7 @@ enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MO * Successful return code */ #define OVSEC_KADM_OK 0 - + /* * Create/Modify masks */ @@ -594,13 +605,15 @@ ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass, char *service_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, - char *pass, + char *pass, char *service_name, - char *realm, + char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char ** db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *keytab, @@ -608,6 +621,7 @@ ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle); ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle); @@ -664,7 +678,7 @@ ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle, ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle, krb5_principal princ, - char *new_pw, + char *new_pw, char **ret_pw, char *msg_ret); diff --git a/include/kadm5/chpass_util_strings.h b/include/kadm5/chpass_util_strings.h index cddd285..affdde1 100644 --- a/include/kadm5/chpass_util_strings.h +++ b/include/kadm5/chpass_util_strings.h @@ -1,38 +1 @@ -/* - * ettmp27966.h: - * This file is automatically generated; please do not edit it. - */ - -#include - -#define CHPASS_UTIL_GET_POLICY_INFO (-1492553984L) -#define CHPASS_UTIL_GET_PRINC_INFO (-1492553983L) -#define CHPASS_UTIL_NEW_PASSWORD_MISMATCH (-1492553982L) -#define CHPASS_UTIL_NEW_PASSWORD_PROMPT (-1492553981L) -#define CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT (-1492553980L) -#define CHPASS_UTIL_NO_PASSWORD_READ (-1492553979L) -#define CHPASS_UTIL_NO_POLICY_YET_Q_ERROR (-1492553978L) -#define CHPASS_UTIL_PASSWORD_CHANGED (-1492553977L) -#define CHPASS_UTIL_PASSWORD_IN_DICTIONARY (-1492553976L) -#define CHPASS_UTIL_PASSWORD_NOT_CHANGED (-1492553975L) -#define CHPASS_UTIL_PASSWORD_TOO_SHORT (-1492553974L) -#define CHPASS_UTIL_TOO_FEW_CLASSES (-1492553973L) -#define CHPASS_UTIL_PASSWORD_TOO_SOON (-1492553972L) -#define CHPASS_UTIL_PASSWORD_REUSE (-1492553971L) -#define CHPASS_UTIL_WHILE_TRYING_TO_CHANGE (-1492553970L) -#define CHPASS_UTIL_WHILE_READING_PASSWORD (-1492553969L) -#define ERROR_TABLE_BASE_ovku (-1492553984L) - -extern const struct error_table et_ovku_error_table; - -#if !defined(_WIN32) -/* for compatibility with older versions... */ -extern void initialize_ovku_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_ovku_error_table() -#endif - -#if !defined(_WIN32) -#define init_ovku_err_tbl initialize_ovku_error_table -#define ovku_err_base ERROR_TABLE_BASE_ovku -#endif +/* This file left intentionally blank. */ diff --git a/include/kadm5/kadm_err.h b/include/kadm5/kadm_err.h index 050ffca..54aa52d 100644 --- a/include/kadm5/kadm_err.h +++ b/include/kadm5/kadm_err.h @@ -1,9 +1,9 @@ /* - * ettmp27967.h: + * ettmp11037.h: * This file is automatically generated; please do not edit it. */ -#include +#include #define KADM5_FAILURE (43787520L) #define KADM5_AUTH_GET (43787521L) @@ -60,18 +60,15 @@ #define KADM5_SETV4KEY_INVAL_ENCTYPE (43787572L) #define KADM5_SETKEY3_ETYPE_MISMATCH (43787573L) #define KADM5_MISSING_KRB5_CONF_PARAMS (43787574L) +#define KADM5_XDR_FAILURE (43787575L) +extern const struct error_table et_ovk_error_table; +extern void initialize_ovk_error_table(void); + +/* For compatibility with Heimdal */ +extern void initialize_ovk_error_table_r(struct et_list **list); + #define ERROR_TABLE_BASE_ovk (43787520L) -extern const struct error_table et_ovk_error_table; - -#if !defined(_WIN32) /* for compatibility with older versions... */ -extern void initialize_ovk_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_ovk_error_table() -#endif - -#if !defined(_WIN32) #define init_ovk_err_tbl initialize_ovk_error_table #define ovk_err_base ERROR_TABLE_BASE_ovk -#endif diff --git a/include/kadm5/kadm_rpc.h b/include/kadm5/kadm_rpc.h deleted file mode 100644 index 07ffb3a..0000000 --- a/include/kadm5/kadm_rpc.h +++ /dev/null @@ -1,335 +0,0 @@ -#ifndef __KADM_RPC_H__ -#define __KADM_RPC_H__ - -#include - -#include -#include - -struct cprinc_arg { - krb5_ui_4 api_version; - kadm5_principal_ent_rec rec; - long mask; - char *passwd; -}; -typedef struct cprinc_arg cprinc_arg; -bool_t xdr_cprinc_arg(); - -struct cprinc3_arg { - krb5_ui_4 api_version; - kadm5_principal_ent_rec rec; - long mask; - int n_ks_tuple; - krb5_key_salt_tuple *ks_tuple; - char *passwd; -}; -typedef struct cprinc3_arg cprinc3_arg; -bool_t xdr_cprinc3_arg(); - -struct generic_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; -}; -typedef struct generic_ret generic_ret; -bool_t xdr_generic_ret(); - -struct dprinc_arg { - krb5_ui_4 api_version; - krb5_principal princ; -}; -typedef struct dprinc_arg dprinc_arg; -bool_t xdr_dprinc_arg(); - -struct mprinc_arg { - krb5_ui_4 api_version; - kadm5_principal_ent_rec rec; - long mask; -}; -typedef struct mprinc_arg mprinc_arg; -bool_t xdr_mprinc_arg(); - -struct rprinc_arg { - krb5_ui_4 api_version; - krb5_principal src; - krb5_principal dest; -}; -typedef struct rprinc_arg rprinc_arg; -bool_t xdr_rprinc_arg(); - -struct gprincs_arg { - krb5_ui_4 api_version; - char *exp; -}; -typedef struct gprincs_arg gprincs_arg; -bool_t xdr_gprincs_arg(); - -struct gprincs_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - char **princs; - int count; -}; -typedef struct gprincs_ret gprincs_ret; -bool_t xdr_gprincs_ret(); - -struct chpass_arg { - krb5_ui_4 api_version; - krb5_principal princ; - char *pass; -}; -typedef struct chpass_arg chpass_arg; -bool_t xdr_chpass_arg(); - -struct chpass3_arg { - krb5_ui_4 api_version; - krb5_principal princ; - krb5_boolean keepold; - int n_ks_tuple; - krb5_key_salt_tuple *ks_tuple; - char *pass; -}; -typedef struct chpass3_arg chpass3_arg; -bool_t xdr_chpass3_arg(); - -struct setv4key_arg { - krb5_ui_4 api_version; - krb5_principal princ; - krb5_keyblock *keyblock; -}; -typedef struct setv4key_arg setv4key_arg; -bool_t xdr_setv4key_arg(); - -struct setkey_arg { - krb5_ui_4 api_version; - krb5_principal princ; - krb5_keyblock *keyblocks; - int n_keys; -}; -typedef struct setkey_arg setkey_arg; -bool_t xdr_setkey_arg(); - -struct setkey3_arg { - krb5_ui_4 api_version; - krb5_principal princ; - krb5_boolean keepold; - int n_ks_tuple; - krb5_key_salt_tuple *ks_tuple; - krb5_keyblock *keyblocks; - int n_keys; -}; -typedef struct setkey3_arg setkey3_arg; -bool_t xdr_setkey3_arg(); - -struct chrand_arg { - krb5_ui_4 api_version; - krb5_principal princ; -}; -typedef struct chrand_arg chrand_arg; -bool_t xdr_chrand_arg(); - -struct chrand3_arg { - krb5_ui_4 api_version; - krb5_principal princ; - krb5_boolean keepold; - int n_ks_tuple; - krb5_key_salt_tuple *ks_tuple; -}; -typedef struct chrand3_arg chrand3_arg; -bool_t xdr_chrand3_arg(); - -struct chrand_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - krb5_keyblock key; - krb5_keyblock *keys; - int n_keys; -}; -typedef struct chrand_ret chrand_ret; -bool_t xdr_chrand_ret(); - -struct gprinc_arg { - krb5_ui_4 api_version; - krb5_principal princ; - long mask; -}; -typedef struct gprinc_arg gprinc_arg; -bool_t xdr_gprinc_arg(); - -struct gprinc_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - kadm5_principal_ent_rec rec; -}; -typedef struct gprinc_ret gprinc_ret; -bool_t xdr_gprinc_ret(); -bool_t xdr_kadm5_ret_t(); -bool_t xdr_kadm5_principal_ent_rec(); -bool_t xdr_kadm5_policy_ent_rec(); -bool_t xdr_krb5_keyblock(); -bool_t xdr_krb5_principal(); -bool_t xdr_krb5_enctype(); -bool_t xdr_krb5_octet(); -bool_t xdr_krb5_int32(); -bool_t xdr_u_int32(); - -struct cpol_arg { - krb5_ui_4 api_version; - kadm5_policy_ent_rec rec; - long mask; -}; -typedef struct cpol_arg cpol_arg; -bool_t xdr_cpol_arg(); - -struct dpol_arg { - krb5_ui_4 api_version; - char *name; -}; -typedef struct dpol_arg dpol_arg; -bool_t xdr_dpol_arg(); - -struct mpol_arg { - krb5_ui_4 api_version; - kadm5_policy_ent_rec rec; - long mask; -}; -typedef struct mpol_arg mpol_arg; -bool_t xdr_mpol_arg(); - -struct gpol_arg { - krb5_ui_4 api_version; - char *name; -}; -typedef struct gpol_arg gpol_arg; -bool_t xdr_gpol_arg(); - -struct gpol_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - kadm5_policy_ent_rec rec; -}; -typedef struct gpol_ret gpol_ret; -bool_t xdr_gpol_ret(); - -struct gpols_arg { - krb5_ui_4 api_version; - char *exp; -}; -typedef struct gpols_arg gpols_arg; -bool_t xdr_gpols_arg(); - -struct gpols_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - char **pols; - int count; -}; -typedef struct gpols_ret gpols_ret; -bool_t xdr_gpols_ret(); - -struct getprivs_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - long privs; -}; -typedef struct getprivs_ret getprivs_ret; -bool_t xdr_getprivs_ret(); - -#define KADM ((krb5_ui_4)2112) -#define KADMVERS ((krb5_ui_4)2) -#define CREATE_PRINCIPAL ((krb5_ui_4)1) -extern generic_ret *create_principal_1_svc(cprinc_arg *arg, - struct svc_req *rqstp); -extern generic_ret *create_principal_1(cprinc_arg *argp, CLIENT *clnt); - -#define DELETE_PRINCIPAL ((krb5_ui_4)2) -extern generic_ret *delete_principal_1_svc(dprinc_arg *arg, - struct svc_req *rqstp); -extern generic_ret *delete_principal_1(dprinc_arg *argp, CLIENT *clnt); - -#define MODIFY_PRINCIPAL ((krb5_ui_4)3) -extern generic_ret *modify_principal_1_svc(mprinc_arg *arg, - struct svc_req *rqstp); -extern generic_ret *modify_principal_1(mprinc_arg *argp, CLIENT *clnt); - -#define RENAME_PRINCIPAL ((krb5_ui_4)4) -extern generic_ret *rename_principal_1_svc(rprinc_arg *arg, - struct svc_req *rqstp); -extern generic_ret *rename_principal_1(rprinc_arg *argp, CLIENT *clnt); - -#define GET_PRINCIPAL ((krb5_ui_4)5) -extern gprinc_ret *get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp); -extern gprinc_ret *get_principal_1(gprinc_arg *argp, CLIENT *clnt); - -#define CHPASS_PRINCIPAL ((krb5_ui_4)6) -extern generic_ret *chpass_principal_1_svc(chpass_arg *arg, - struct svc_req *rqstp); -extern generic_ret *chpass_principal_1(chpass_arg *argp, CLIENT *clnt); - -#define CHRAND_PRINCIPAL ((krb5_ui_4)7) -extern chrand_ret *chrand_principal_1_svc(chrand_arg *arg, - struct svc_req *rqstp); -extern chrand_ret *chrand_principal_1(chrand_arg *argp, CLIENT *clnt); - -#define CREATE_POLICY ((krb5_ui_4)8) -extern generic_ret *create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp); -extern generic_ret *create_policy_1(cpol_arg *argp, CLIENT *clnt); - -#define DELETE_POLICY ((krb5_ui_4)9) -extern generic_ret *delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp); -extern generic_ret *delete_policy_1(dpol_arg *argp, CLIENT *clnt); - -#define MODIFY_POLICY ((krb5_ui_4)10) -extern generic_ret *modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp); -extern generic_ret *modify_policy_1(mpol_arg *argp, CLIENT *clnt); - -#define GET_POLICY ((krb5_ui_4)11) -extern gpol_ret *get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp); -extern gpol_ret *get_policy_1(gpol_arg *argp, CLIENT *clnt); - -#define GET_PRIVS ((krb5_ui_4)12) -extern getprivs_ret *get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp); -extern getprivs_ret *get_privs_1(void *argp, CLIENT *clnt); - -#define INIT ((krb5_ui_4)13) -extern generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp); -extern generic_ret *init_1(void *argp, CLIENT *clnt); - -#define GET_PRINCS ((krb5_ui_4) 14) -extern gprincs_ret *get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp); -extern gprincs_ret *get_princs_1(gprincs_arg *argp, CLIENT *clnt); - -#define GET_POLS ((krb5_ui_4) 15) -extern gpols_ret *get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp); -extern gpols_ret *get_pols_1(gpols_arg *argp, CLIENT *clnt); - -#define SETKEY_PRINCIPAL ((krb5_ui_4) 16) -extern generic_ret *setkey_principal_1_svc(setkey_arg *arg, - struct svc_req *rqstp); -extern generic_ret *setkey_principal_1(setkey_arg *argp, CLIENT *clnt); - -#define SETV4KEY_PRINCIPAL ((krb5_ui_4) 17) -extern generic_ret *setv4key_principal_1_svc(setv4key_arg *arg, - struct svc_req *rqstp); -extern generic_ret *setv4key_principal_1(setv4key_arg *argp, CLIENT *clnt); - -#define CREATE_PRINCIPAL3 ((krb5_ui_4) 18) -extern generic_ret *create_principal3_1_svc(cprinc3_arg *arg, - struct svc_req *rqstp); -extern generic_ret *create_principal3_1(cprinc3_arg *argp, CLIENT *clnt); - -#define CHPASS_PRINCIPAL3 ((krb5_ui_4) 19) -extern generic_ret *chpass_principal3_1_svc(chpass3_arg *arg, - struct svc_req *rqstp); -extern generic_ret *chpass_principal3_1(chpass3_arg *argp, CLIENT *clnt); - -#define CHRAND_PRINCIPAL3 ((krb5_ui_4) 20) -extern chrand_ret *chrand_principal3_1_svc(chrand3_arg *arg, - struct svc_req *rqstp); -extern chrand_ret *chrand_principal3_1(chrand3_arg *argp, CLIENT *clnt); - -#define SETKEY_PRINCIPAL3 ((krb5_ui_4) 21) -extern generic_ret *setkey_principal3_1_svc(setkey3_arg *arg, - struct svc_req *rqstp); -extern generic_ret *setkey_principal3_1(setkey3_arg *argp, CLIENT *clnt); - -#endif /* __KADM_RPC_H__ */ diff --git a/include/kdb.h b/include/kdb.h index e704908..e8a5878 100644 --- a/include/kdb.h +++ b/include/kdb.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +22,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * KDC Database interface definitions. */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +47,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -84,8 +84,6 @@ #define KRB5_KDB_CREATE_BTREE 0x00000001 #define KRB5_KDB_CREATE_HASH 0x00000002 -#if !defined(_WIN32) - /* * Note --- these structures cannot be modified without changing the * database version number in libkdb.a, but should be expandable by @@ -93,12 +91,12 @@ */ typedef struct _krb5_tl_data { struct _krb5_tl_data* tl_data_next; /* NOT saved */ - krb5_int16 tl_data_type; - krb5_ui_2 tl_data_length; - krb5_octet * tl_data_contents; + krb5_int16 tl_data_type; + krb5_ui_2 tl_data_length; + krb5_octet * tl_data_contents; } krb5_tl_data; -/* +/* * If this ever changes up the version number and make the arrays be as * big as necessary. * @@ -115,13 +113,14 @@ typedef struct _krb5_key_data { #define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */ typedef struct _krb5_keysalt { - krb5_int16 type; + krb5_int16 type; krb5_data data; /* Length, data */ } krb5_keysalt; typedef struct _krb5_db_entry_new { krb5_magic magic; /* NOT saved */ - krb5_ui_2 len; + krb5_ui_2 len; + krb5_ui_4 mask; /* members currently changed/set */ krb5_flags attributes; krb5_deltat max_life; krb5_deltat max_renewable_life; @@ -135,14 +134,32 @@ typedef struct _krb5_db_entry_new { krb5_ui_2 e_length; /* Length of extra data */ krb5_octet * e_data; /* Extra data to be saved */ - krb5_principal princ; /* Length, data */ + krb5_principal princ; /* Length, data */ krb5_tl_data * tl_data; /* Linked list */ krb5_key_data * key_data; /* Array */ } krb5_db_entry; +typedef struct _osa_policy_ent_t { + int version; + char *name; + krb5_ui_4 pw_min_life; + krb5_ui_4 pw_max_life; + krb5_ui_4 pw_min_length; + krb5_ui_4 pw_min_classes; + krb5_ui_4 pw_history_num; + krb5_ui_4 policy_refcnt; +} osa_policy_ent_rec, *osa_policy_ent_t; + +typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t); + +typedef struct __krb5_key_salt_tuple { + krb5_enctype ks_enctype; + krb5_int32 ks_salttype; +} krb5_key_salt_tuple; + #define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb #define KRB5_KDB_V1_BASE_LENGTH 38 - + #define KRB5_TL_LAST_PWD_CHANGE 0x0001 #define KRB5_TL_MOD_PRINC 0x0002 #define KRB5_TL_KADM_DATA 0x0003 @@ -150,8 +167,10 @@ typedef struct _krb5_db_entry_new { #define KRB5_TL_RB1_CHALLENGE 0x0005 #ifdef SECURID #define KRB5_TL_SECURID_STATE 0x0006 +#define KRB5_TL_DB_ARGS 0x7fff #endif /* SECURID */ - +#define KRB5_TL_USER_CERTIFICATE 0x0007 + /* * Determines the number of failed KDC requests before DISALLOW_ALL_TIX is set * on the principal. @@ -165,6 +184,7 @@ typedef struct _krb5_db_entry_new { #define KRB5_KDC_MKEY_1 "Enter KDC database master key" #define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify" + extern char *krb5_mkey_pwd_prompt1; extern char *krb5_mkey_pwd_prompt2; @@ -173,162 +193,308 @@ extern char *krb5_mkey_pwd_prompt2; * * Data encoding is little-endian. */ +#include "k5-platform.h" #define krb5_kdb_decode_int16(cp, i16) \ - *((krb5_int16 *) &(i16)) = (((krb5_int16) ((unsigned char) (cp)[0]))| \ - ((krb5_int16) ((unsigned char) (cp)[1]) << 8)) + *((krb5_int16 *) &(i16)) = load_16_le(cp) #define krb5_kdb_decode_int32(cp, i32) \ - *((krb5_int32 *) &(i32)) = (((krb5_int32) ((unsigned char) (cp)[0]))| \ - ((krb5_int32) ((unsigned char) (cp)[1]) << 8) | \ - ((krb5_int32) ((unsigned char) (cp)[2]) << 16)| \ - ((krb5_int32) ((unsigned char) (cp)[3]) << 24)) -#define krb5_kdb_encode_int16(i16, cp) \ - { \ - (cp)[0] = (unsigned char) ((i16) & 0xff); \ - (cp)[1] = (unsigned char) (((i16) >> 8) & 0xff); \ - } -#define krb5_kdb_encode_int32(i32, cp) \ - { \ - (cp)[0] = (unsigned char) ((i32) & 0xff); \ - (cp)[1] = (unsigned char) (((i32) >> 8) & 0xff); \ - (cp)[2] = (unsigned char) (((i32) >> 16) & 0xff); \ - (cp)[3] = (unsigned char) (((i32) >> 24) & 0xff); \ - } + *((krb5_int32 *) &(i32)) = load_32_le(cp) +#define krb5_kdb_encode_int16(i16, cp) store_16_le(i16, cp) +#define krb5_kdb_encode_int32(i32, cp) store_32_le(i32, cp) + +#define KRB5_KDB_OPEN_RW 0 +#define KRB5_KDB_OPEN_RO 1 + +#ifndef KRB5_KDB_SRV_TYPE_KDC +#define KRB5_KDB_SRV_TYPE_KDC 0x0100 +#endif + +#ifndef KRB5_KDB_SRV_TYPE_ADMIN +#define KRB5_KDB_SRV_TYPE_ADMIN 0x0200 +#endif + +#ifndef KRB5_KDB_SRV_TYPE_PASSWD +#define KRB5_KDB_SRV_TYPE_PASSWD 0x0300 +#endif + +#ifndef KRB5_KDB_SRV_TYPE_OTHER +#define KRB5_KDB_SRV_TYPE_OTHER 0x0400 +#endif + +#define KRB5_KDB_OPT_SET_DB_NAME 0 +#define KRB5_KDB_OPT_SET_LOCK_MODE 1 + +#define KRB5_DB_LOCKMODE_SHARED 0x0001 +#define KRB5_DB_LOCKMODE_EXCLUSIVE 0x0002 +#define KRB5_DB_LOCKMODE_DONTBLOCK 0x0004 +#define KRB5_DB_LOCKMODE_PERMANENT 0x0008 /* libkdb.spec */ -krb5_error_code krb5_db_set_name (krb5_context, char * ); -krb5_error_code krb5_db_init (krb5_context); -krb5_error_code krb5_db_fini (krb5_context); -krb5_error_code krb5_db_get_age (krb5_context, char *, time_t * ); -krb5_error_code krb5_db_create (krb5_context, char *, krb5_int32 ); -krb5_error_code krb5_db_rename (krb5_context, char *, char * ); -krb5_error_code krb5_db_get_principal (krb5_context, krb5_const_principal , - krb5_db_entry *, int *, - krb5_boolean * ); -void krb5_db_free_principal (krb5_context, krb5_db_entry *, int ); -krb5_error_code krb5_db_put_principal (krb5_context, krb5_db_entry *, int * ); -krb5_error_code krb5_db_delete_principal (krb5_context, krb5_const_principal, - int * ); -krb5_error_code krb5_db_iterate (krb5_context, - krb5_error_code (* ) (krb5_pointer, - krb5_db_entry *), - krb5_pointer); -krb5_error_code krb5_db_iterate_ext (krb5_context, - krb5_error_code (* ) (krb5_pointer, - krb5_db_entry *), - krb5_pointer, int, int); -krb5_error_code krb5_db_verify_master_key (krb5_context, krb5_principal, - krb5_keyblock *); -krb5_error_code krb5_db_store_mkey (krb5_context, char *, krb5_principal, - krb5_keyblock *); +krb5_error_code krb5_db_open( krb5_context kcontext, char **db_args, int mode ); +krb5_error_code krb5_db_init ( krb5_context kcontext ); +krb5_error_code krb5_db_create ( krb5_context kcontext, char **db_args ); +krb5_error_code krb5_db_inited ( krb5_context kcontext ); +krb5_error_code kdb5_db_create ( krb5_context kcontext, char **db_args ); +krb5_error_code krb5_db_fini ( krb5_context kcontext ); +const char * krb5_db_errcode2string ( krb5_context kcontext, long err_code ); +krb5_error_code krb5_db_destroy ( krb5_context kcontext, char **db_args ); +krb5_error_code krb5_db_promote ( krb5_context kcontext, char **db_args ); +krb5_error_code krb5_db_get_age ( krb5_context kcontext, char *db_name, time_t *t ); +krb5_error_code krb5_db_set_option ( krb5_context kcontext, int option, void *value ); +krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode ); +krb5_error_code krb5_db_unlock ( krb5_context kcontext ); +krb5_error_code krb5_db_get_principal ( krb5_context kcontext, + krb5_const_principal search_for, + krb5_db_entry *entries, + int *nentries, + krb5_boolean *more ); +krb5_error_code krb5_db_free_principal ( krb5_context kcontext, + krb5_db_entry *entry, + int count ); +krb5_error_code krb5_db_put_principal ( krb5_context kcontext, + krb5_db_entry *entries, + int *nentries); +krb5_error_code krb5_db_delete_principal ( krb5_context kcontext, + krb5_principal search_for, + int *nentries ); +krb5_error_code krb5_db_iterate ( krb5_context kcontext, + char *match_entry, + int (*func) (krb5_pointer, krb5_db_entry *), + krb5_pointer func_arg ); +krb5_error_code krb5_supported_realms ( krb5_context kcontext, + char **realms ); +krb5_error_code krb5_free_supported_realms ( krb5_context kcontext, + char **realms ); +krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext, + char *pwd, + krb5_keyblock *key ); +krb5_error_code krb5_db_set_mkey ( krb5_context context, + krb5_keyblock *key); +krb5_error_code krb5_db_get_mkey ( krb5_context kcontext, + krb5_keyblock **key ); +krb5_error_code krb5_db_free_master_key ( krb5_context kcontext, + krb5_keyblock *key ); +krb5_error_code krb5_db_store_master_key ( krb5_context kcontext, + char *db_arg, + krb5_principal mname, + krb5_keyblock *key, + char *master_pwd); +krb5_error_code krb5_db_fetch_mkey ( krb5_context context, + krb5_principal mname, + krb5_enctype etype, + krb5_boolean fromkeyboard, + krb5_boolean twice, + char *db_args, + krb5_data *salt, + krb5_keyblock *key); +krb5_error_code krb5_db_verify_master_key ( krb5_context kcontext, + krb5_principal mprinc, + krb5_keyblock *mkey ); +krb5_error_code +krb5_dbe_find_enctype( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); -krb5_error_code krb5_db_setup_mkey_name (krb5_context, const char *, - const char *, char **, - krb5_principal *); -krb5_error_code krb5_db_set_mkey (krb5_context, krb5_keyblock *); +krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); -krb5_error_code krb5_db_get_mkey (krb5_context, krb5_keyblock **); -krb5_error_code krb5_db_destroy (krb5_context, char * ); -krb5_error_code krb5_db_lock (krb5_context, int ); -krb5_error_code krb5_db_unlock (krb5_context); -krb5_error_code krb5_db_set_nonblocking (krb5_context, krb5_boolean, - krb5_boolean * ); -krb5_boolean krb5_db_set_lockmode (krb5_context, krb5_boolean); -krb5_error_code krb5_db_fetch_mkey (krb5_context, krb5_principal, krb5_enctype, - krb5_boolean, krb5_boolean, char *, - krb5_data *, - krb5_keyblock * ); +krb5_error_code +krb5_db_setup_mkey_name ( krb5_context context, + const char *keyname, + const char *realm, + char **fullname, + krb5_principal *principal); -krb5_error_code krb5_db_open_database (krb5_context); -krb5_error_code krb5_db_close_database (krb5_context); +krb5_error_code +krb5_dbekd_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt); -krb5_error_code krb5_dbekd_encrypt_key_data (krb5_context, - const krb5_keyblock *, - const krb5_keyblock *, - const krb5_keysalt *, - int, - krb5_key_data *); -krb5_error_code krb5_dbekd_decrypt_key_data (krb5_context, - const krb5_keyblock *, - const krb5_key_data *, - krb5_keyblock *, - krb5_keysalt *); -krb5_error_code krb5_dbe_create_key_data (krb5_context, - krb5_db_entry *); -krb5_error_code krb5_dbe_update_tl_data (krb5_context, - krb5_db_entry *, - krb5_tl_data *); -krb5_error_code krb5_dbe_lookup_tl_data (krb5_context, - krb5_db_entry *, - krb5_tl_data *); -krb5_error_code krb5_dbe_update_last_pwd_change (krb5_context, - krb5_db_entry *, - krb5_timestamp); -krb5_error_code krb5_dbe_lookup_last_pwd_change (krb5_context, - krb5_db_entry *, - krb5_timestamp *); -krb5_error_code krb5_dbe_update_mod_princ_data (krb5_context, - krb5_db_entry *, - krb5_timestamp, - krb5_const_principal); -krb5_error_code krb5_dbe_lookup_mod_princ_data (krb5_context, - krb5_db_entry *, - krb5_timestamp *, - krb5_principal *); -int krb5_encode_princ_dbkey (krb5_context, krb5_data *, krb5_const_principal); -void krb5_free_princ_dbkey (krb5_context, krb5_data *); -krb5_error_code krb5_encode_princ_contents (krb5_context, krb5_data *, - krb5_db_entry *); -void krb5_free_princ_contents (krb5_context, krb5_data *); -krb5_error_code krb5_decode_princ_contents (krb5_context, krb5_data *, - krb5_db_entry *); -void krb5_dbe_free_contents (krb5_context, krb5_db_entry *); +krb5_error_code +krb5_dbekd_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data); -krb5_error_code krb5_dbe_find_enctype (krb5_context, krb5_db_entry *, - krb5_int32, - krb5_int32, - krb5_int32, - krb5_key_data **); +krb5_error_code +krb5_dbe_lookup_mod_princ_data( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp * mod_time, + krb5_principal * mod_princ); + -krb5_error_code krb5_dbe_search_enctype (krb5_context, - krb5_db_entry *, - krb5_int32 *, - krb5_int32, - krb5_int32, - krb5_int32, - krb5_key_data **); +krb5_error_code +krb5_dbe_update_last_pwd_change( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp stamp); -struct __krb5_key_salt_tuple; +krb5_error_code +krb5_dbe_lookup_tl_data( krb5_context context, + krb5_db_entry * entry, + krb5_tl_data * ret_tl_data); -krb5_error_code krb5_dbe_cpw (krb5_context, - krb5_keyblock *, - struct __krb5_key_salt_tuple *, - int, - char *, - int, - krb5_boolean, - krb5_db_entry *); -krb5_error_code krb5_dbe_apw (krb5_context, - krb5_keyblock *, - struct __krb5_key_salt_tuple *, - int, - char *, - krb5_db_entry *); -krb5_error_code krb5_dbe_crk (krb5_context, - krb5_keyblock *, - struct __krb5_key_salt_tuple *, - int, - krb5_boolean, - krb5_db_entry *); -krb5_error_code krb5_dbe_ark (krb5_context, - krb5_keyblock *, - struct __krb5_key_salt_tuple *, - int, - krb5_db_entry *); +krb5_error_code +krb5_dbe_create_key_data( krb5_context context, + krb5_db_entry * entry); -krb5_error_code krb5_ser_db_context_init (krb5_context); + +krb5_error_code +krb5_dbe_update_mod_princ_data( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp mod_date, + krb5_const_principal mod_princ); + +krb5_error_code +krb5_dbe_update_last_pwd_change( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp stamp); + +void *krb5_db_alloc( krb5_context kcontext, + void *ptr, + size_t size ); + +void krb5_db_free( krb5_context kcontext, + void *ptr); + + +krb5_error_code +krb5_dbe_lookup_last_pwd_change( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp * stamp); + +krb5_error_code +krb5_dbe_update_tl_data( krb5_context context, + krb5_db_entry * entry, + krb5_tl_data * new_tl_data); + +krb5_error_code +krb5_dbe_cpw( krb5_context kcontext, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + int new_kvno, + krb5_boolean keepold, + krb5_db_entry * db_entry); + + +krb5_error_code +krb5_dbe_ark( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + krb5_db_entry * db_entry); + +krb5_error_code +krb5_dbe_crk( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + krb5_boolean keepold, + krb5_db_entry * db_entry); + +krb5_error_code +krb5_dbe_apw( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + krb5_db_entry * db_entry); + +/* default functions. Should not be directly called */ +/* + * Default functions prototype + */ + +krb5_error_code +krb5_dbe_def_search_enctype( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); + +krb5_error_code +krb5_def_store_mkey( krb5_context context, + char *keyfile, + krb5_principal mname, + krb5_keyblock *key, + char *master_pwd); + + +krb5_error_code +krb5_db_def_fetch_mkey( krb5_context context, + krb5_principal mname, + krb5_keyblock *key, + int *kvno, + char *db_args); + +krb5_error_code +krb5_def_verify_master_key( krb5_context context, + krb5_principal mprinc, + krb5_keyblock *mkey); + +krb5_error_code kdb_def_set_mkey ( krb5_context kcontext, + char *pwd, + krb5_keyblock *key ); + +krb5_error_code kdb_def_get_mkey ( krb5_context kcontext, + krb5_keyblock **key ); + +krb5_error_code +krb5_dbe_def_cpw( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + int new_kvno, + krb5_boolean keepold, + krb5_db_entry * db_entry); + +krb5_error_code +krb5_def_promote_db(krb5_context, char *, char **); + +krb5_error_code +krb5_db_create_policy( krb5_context kcontext, + osa_policy_ent_t policy); + +krb5_error_code +krb5_db_get_policy ( krb5_context kcontext, + char *name, + osa_policy_ent_t *policy, + int *nentries); + +krb5_error_code +krb5_db_put_policy( krb5_context kcontext, + osa_policy_ent_t policy); + +krb5_error_code +krb5_db_iter_policy( krb5_context kcontext, + char *match_entry, + osa_adb_iter_policy_func func, + void *data); + +krb5_error_code +krb5_db_delete_policy( krb5_context kcontext, + char *policy); + +void +krb5_db_free_policy( krb5_context kcontext, + osa_policy_ent_t policy); #define KRB5_KDB_DEF_FLAGS 0 -#endif /* !defined(_WIN32) */ #endif /* KRB5_KDB5__ */ diff --git a/src/kadm.c b/src/kadm.c index 0fd05b6..fed6888 100644 --- a/src/kadm.c +++ b/src/kadm.c @@ -16,7 +16,7 @@ void ceo_kadm_init() { retval = kadm5_init_with_skey(admin_principal, admin_keytab, KADM5_ADMIN_SERVICE, ¶ms, KADM5_STRUCT_VERSION, - KADM5_API_VERSION_2, &handle); + KADM5_API_VERSION_2, NULL, &handle); if (retval) { com_err(prog, retval, "while initializing kadm5"); exit(1);