Add stolen Kerberos 5 admin headers
This commit is contained in:
parent
0b805c08a4
commit
4ec2fceaca
|
@ -0,0 +1,36 @@
|
|||
/*
|
||||
* ettmp27965.h:
|
||||
* This file is automatically generated; please do not edit it.
|
||||
*/
|
||||
|
||||
#include <com_err.h>
|
||||
|
||||
#define OSA_ADB_NOERR (28810240L)
|
||||
#define OSA_ADB_DUP (28810241L)
|
||||
#define OSA_ADB_NOENT (28810242L)
|
||||
#define OSA_ADB_DBINIT (28810243L)
|
||||
#define OSA_ADB_BAD_POLICY (28810244L)
|
||||
#define OSA_ADB_BAD_PRINC (28810245L)
|
||||
#define OSA_ADB_BAD_DB (28810246L)
|
||||
#define OSA_ADB_XDR_FAILURE (28810247L)
|
||||
#define OSA_ADB_FAILURE (28810248L)
|
||||
#define OSA_ADB_BADLOCKMODE (28810249L)
|
||||
#define OSA_ADB_CANTLOCK_DB (28810250L)
|
||||
#define OSA_ADB_NOTLOCKED (28810251L)
|
||||
#define OSA_ADB_NOLOCKFILE (28810252L)
|
||||
#define OSA_ADB_NOEXCL_PERM (28810253L)
|
||||
#define ERROR_TABLE_BASE_adb (28810240L)
|
||||
|
||||
extern const struct error_table et_adb_error_table;
|
||||
|
||||
#if !defined(_WIN32)
|
||||
/* for compatibility with older versions... */
|
||||
extern void initialize_adb_error_table (void) /*@modifies internalState@*/;
|
||||
#else
|
||||
#define initialize_adb_error_table()
|
||||
#endif
|
||||
|
||||
#if !defined(_WIN32)
|
||||
#define init_adb_err_tbl initialize_adb_error_table
|
||||
#define adb_err_base ERROR_TABLE_BASE_adb
|
||||
#endif
|
|
@ -0,0 +1,733 @@
|
|||
/*
|
||||
* lib/kadm5/admin.h
|
||||
*
|
||||
* Copyright 2001 by the Massachusetts Institute of Technology.
|
||||
* All Rights Reserved.
|
||||
*
|
||||
* Export of this software from the United States of America may
|
||||
* require a specific license from the United States Government.
|
||||
* It is the responsibility of any person or organization contemplating
|
||||
* export to obtain such a license before exporting.
|
||||
*
|
||||
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
||||
* distribute this software and its documentation for any purpose and
|
||||
* without fee is hereby granted, provided that the above copyright
|
||||
* notice appear in all copies and that both that copyright notice and
|
||||
* this permission notice appear in supporting documentation, and that
|
||||
* the name of M.I.T. not be used in advertising or publicity pertaining
|
||||
* to distribution of the software without specific, written prior
|
||||
* permission. Furthermore if you modify this software you must label
|
||||
* your software as modified software and not distribute it in such a
|
||||
* fashion that it might be confused with the original M.I.T. software.
|
||||
* M.I.T. makes no representations about the suitability of
|
||||
* this software for any purpose. It is provided "as is" without express
|
||||
* or implied warranty.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
|
||||
*
|
||||
* $Header$
|
||||
*/
|
||||
|
||||
#ifndef __KADM5_ADMIN_H__
|
||||
#define __KADM5_ADMIN_H__
|
||||
|
||||
#if !defined(USE_KADM5_API_VERSION)
|
||||
#define USE_KADM5_API_VERSION 2
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <gssrpc/rpc.h>
|
||||
#include <krb5.h>
|
||||
#include <kdb.h>
|
||||
#include <com_err.h>
|
||||
#include <kadm5/kadm_err.h>
|
||||
#include <kadm5/adb_err.h>
|
||||
#include <kadm5/chpass_util_strings.h>
|
||||
|
||||
#define KADM5_ADMIN_SERVICE "kadmin/admin"
|
||||
#define KADM5_CHANGEPW_SERVICE "kadmin/changepw"
|
||||
#define KADM5_HIST_PRINCIPAL "kadmin/history"
|
||||
|
||||
typedef krb5_principal kadm5_princ_t;
|
||||
typedef char *kadm5_policy_t;
|
||||
typedef long kadm5_ret_t;
|
||||
|
||||
#define KADM5_PW_FIRST_PROMPT \
|
||||
(error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
|
||||
#define KADM5_PW_SECOND_PROMPT \
|
||||
(error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
|
||||
|
||||
/*
|
||||
* Successful return code
|
||||
*/
|
||||
#define KADM5_OK 0
|
||||
|
||||
/*
|
||||
* Field masks
|
||||
*/
|
||||
|
||||
/* kadm5_principal_ent_t */
|
||||
#define KADM5_PRINCIPAL 0x000001
|
||||
#define KADM5_PRINC_EXPIRE_TIME 0x000002
|
||||
#define KADM5_PW_EXPIRATION 0x000004
|
||||
#define KADM5_LAST_PWD_CHANGE 0x000008
|
||||
#define KADM5_ATTRIBUTES 0x000010
|
||||
#define KADM5_MAX_LIFE 0x000020
|
||||
#define KADM5_MOD_TIME 0x000040
|
||||
#define KADM5_MOD_NAME 0x000080
|
||||
#define KADM5_KVNO 0x000100
|
||||
#define KADM5_MKVNO 0x000200
|
||||
#define KADM5_AUX_ATTRIBUTES 0x000400
|
||||
#define KADM5_POLICY 0x000800
|
||||
#define KADM5_POLICY_CLR 0x001000
|
||||
/* version 2 masks */
|
||||
#define KADM5_MAX_RLIFE 0x002000
|
||||
#define KADM5_LAST_SUCCESS 0x004000
|
||||
#define KADM5_LAST_FAILED 0x008000
|
||||
#define KADM5_FAIL_AUTH_COUNT 0x010000
|
||||
#define KADM5_KEY_DATA 0x020000
|
||||
#define KADM5_TL_DATA 0x040000
|
||||
/* all but KEY_DATA and TL_DATA */
|
||||
#define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff
|
||||
|
||||
/* kadm5_policy_ent_t */
|
||||
#define KADM5_PW_MAX_LIFE 0x004000
|
||||
#define KADM5_PW_MIN_LIFE 0x008000
|
||||
#define KADM5_PW_MIN_LENGTH 0x010000
|
||||
#define KADM5_PW_MIN_CLASSES 0x020000
|
||||
#define KADM5_PW_HISTORY_NUM 0x040000
|
||||
#define KADM5_REF_COUNT 0x080000
|
||||
|
||||
/* kadm5_config_params */
|
||||
#define KADM5_CONFIG_REALM 0x000001
|
||||
#define KADM5_CONFIG_DBNAME 0x000002
|
||||
#define KADM5_CONFIG_MKEY_NAME 0x000004
|
||||
#define KADM5_CONFIG_MAX_LIFE 0x000008
|
||||
#define KADM5_CONFIG_MAX_RLIFE 0x000010
|
||||
#define KADM5_CONFIG_EXPIRATION 0x000020
|
||||
#define KADM5_CONFIG_FLAGS 0x000040
|
||||
#define KADM5_CONFIG_ADMIN_KEYTAB 0x000080
|
||||
#define KADM5_CONFIG_STASH_FILE 0x000100
|
||||
#define KADM5_CONFIG_ENCTYPE 0x000200
|
||||
#define KADM5_CONFIG_ADBNAME 0x000400
|
||||
#define KADM5_CONFIG_ADB_LOCKFILE 0x000800
|
||||
#define KADM5_CONFIG_PROFILE 0x001000
|
||||
#define KADM5_CONFIG_ACL_FILE 0x002000
|
||||
#define KADM5_CONFIG_KADMIND_PORT 0x004000
|
||||
#define KADM5_CONFIG_ENCTYPES 0x008000
|
||||
#define KADM5_CONFIG_ADMIN_SERVER 0x010000
|
||||
#define KADM5_CONFIG_DICT_FILE 0x020000
|
||||
#define KADM5_CONFIG_MKEY_FROM_KBD 0x040000
|
||||
#define KADM5_CONFIG_KPASSWD_PORT 0x080000
|
||||
#define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x100000
|
||||
#define KADM5_CONFIG_NO_AUTH 0x200000
|
||||
#define KADM5_CONFIG_AUTH_NOFALLBACK 0x400000
|
||||
|
||||
/*
|
||||
* permission bits
|
||||
*/
|
||||
#define KADM5_PRIV_GET 0x01
|
||||
#define KADM5_PRIV_ADD 0x02
|
||||
#define KADM5_PRIV_MODIFY 0x04
|
||||
#define KADM5_PRIV_DELETE 0x08
|
||||
|
||||
/*
|
||||
* API versioning constants
|
||||
*/
|
||||
#define KADM5_MASK_BITS 0xffffff00
|
||||
|
||||
#define KADM5_STRUCT_VERSION_MASK 0x12345600
|
||||
#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01)
|
||||
#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1
|
||||
|
||||
#define KADM5_API_VERSION_MASK 0x12345700
|
||||
#define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01)
|
||||
#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02)
|
||||
|
||||
typedef struct _kadm5_principal_ent_t_v2 {
|
||||
krb5_principal principal;
|
||||
krb5_timestamp princ_expire_time;
|
||||
krb5_timestamp last_pwd_change;
|
||||
krb5_timestamp pw_expiration;
|
||||
krb5_deltat max_life;
|
||||
krb5_principal mod_name;
|
||||
krb5_timestamp mod_date;
|
||||
krb5_flags attributes;
|
||||
krb5_kvno kvno;
|
||||
krb5_kvno mkvno;
|
||||
char *policy;
|
||||
long aux_attributes;
|
||||
|
||||
/* version 2 fields */
|
||||
krb5_deltat max_renewable_life;
|
||||
krb5_timestamp last_success;
|
||||
krb5_timestamp last_failed;
|
||||
krb5_kvno fail_auth_count;
|
||||
krb5_int16 n_key_data;
|
||||
krb5_int16 n_tl_data;
|
||||
krb5_tl_data *tl_data;
|
||||
krb5_key_data *key_data;
|
||||
} kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2;
|
||||
|
||||
typedef struct _kadm5_principal_ent_t_v1 {
|
||||
krb5_principal principal;
|
||||
krb5_timestamp princ_expire_time;
|
||||
krb5_timestamp last_pwd_change;
|
||||
krb5_timestamp pw_expiration;
|
||||
krb5_deltat max_life;
|
||||
krb5_principal mod_name;
|
||||
krb5_timestamp mod_date;
|
||||
krb5_flags attributes;
|
||||
krb5_kvno kvno;
|
||||
krb5_kvno mkvno;
|
||||
char *policy;
|
||||
long aux_attributes;
|
||||
} kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1;
|
||||
|
||||
#if USE_KADM5_API_VERSION == 1
|
||||
typedef struct _kadm5_principal_ent_t_v1
|
||||
kadm5_principal_ent_rec, *kadm5_principal_ent_t;
|
||||
#else
|
||||
typedef struct _kadm5_principal_ent_t_v2
|
||||
kadm5_principal_ent_rec, *kadm5_principal_ent_t;
|
||||
#endif
|
||||
|
||||
typedef struct _kadm5_policy_ent_t {
|
||||
char *policy;
|
||||
long pw_min_life;
|
||||
long pw_max_life;
|
||||
long pw_min_length;
|
||||
long pw_min_classes;
|
||||
long pw_history_num;
|
||||
long policy_refcnt;
|
||||
} kadm5_policy_ent_rec, *kadm5_policy_ent_t;
|
||||
|
||||
typedef struct __krb5_key_salt_tuple {
|
||||
krb5_enctype ks_enctype;
|
||||
krb5_int32 ks_salttype;
|
||||
} krb5_key_salt_tuple;
|
||||
|
||||
/*
|
||||
* Data structure returned by kadm5_get_config_params()
|
||||
*/
|
||||
typedef struct _kadm5_config_params {
|
||||
long mask;
|
||||
char * realm;
|
||||
char * profile;
|
||||
int kadmind_port;
|
||||
int kpasswd_port;
|
||||
|
||||
char * admin_server;
|
||||
|
||||
char * dbname;
|
||||
char * admin_dbname;
|
||||
char * admin_lockfile;
|
||||
char * admin_keytab;
|
||||
char * acl_file;
|
||||
char * dict_file;
|
||||
|
||||
int mkey_from_kbd;
|
||||
char * stash_file;
|
||||
char * mkey_name;
|
||||
krb5_enctype enctype;
|
||||
krb5_deltat max_life;
|
||||
krb5_deltat max_rlife;
|
||||
krb5_timestamp expiration;
|
||||
krb5_flags flags;
|
||||
krb5_key_salt_tuple *keysalts;
|
||||
krb5_int32 num_keysalts;
|
||||
} kadm5_config_params;
|
||||
|
||||
/***********************************************************************
|
||||
* This is the old krb5_realm_read_params, which I mutated into
|
||||
* kadm5_get_config_params but which old code (kdb5_* and krb5kdc)
|
||||
* still uses.
|
||||
***********************************************************************/
|
||||
|
||||
/*
|
||||
* Data structure returned by krb5_read_realm_params()
|
||||
*/
|
||||
typedef struct __krb5_realm_params {
|
||||
char * realm_profile;
|
||||
char * realm_dbname;
|
||||
char * realm_mkey_name;
|
||||
char * realm_stash_file;
|
||||
char * realm_kdc_ports;
|
||||
char * realm_kdc_tcp_ports;
|
||||
char * realm_acl_file;
|
||||
krb5_int32 realm_kadmind_port;
|
||||
krb5_enctype realm_enctype;
|
||||
krb5_deltat realm_max_life;
|
||||
krb5_deltat realm_max_rlife;
|
||||
krb5_timestamp realm_expiration;
|
||||
krb5_flags realm_flags;
|
||||
krb5_key_salt_tuple *realm_keysalts;
|
||||
unsigned int realm_reject_bad_transit:1;
|
||||
unsigned int realm_kadmind_port_valid:1;
|
||||
unsigned int realm_enctype_valid:1;
|
||||
unsigned int realm_max_life_valid:1;
|
||||
unsigned int realm_max_rlife_valid:1;
|
||||
unsigned int realm_expiration_valid:1;
|
||||
unsigned int realm_flags_valid:1;
|
||||
unsigned int realm_reject_bad_transit_valid:1;
|
||||
krb5_int32 realm_num_keysalts;
|
||||
} krb5_realm_params;
|
||||
|
||||
/*
|
||||
* functions
|
||||
*/
|
||||
|
||||
#if USE_KADM5_API_VERSION > 1
|
||||
krb5_error_code kadm5_get_config_params(krb5_context context,
|
||||
char *kdcprofile, char *kdcenv,
|
||||
kadm5_config_params *params_in,
|
||||
kadm5_config_params *params_out);
|
||||
|
||||
krb5_error_code kadm5_free_config_params(krb5_context context,
|
||||
kadm5_config_params *params);
|
||||
|
||||
krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
|
||||
kadm5_config_params *params);
|
||||
|
||||
krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
|
||||
char *, size_t);
|
||||
#endif
|
||||
|
||||
kadm5_ret_t kadm5_init(char *client_name, char *pass,
|
||||
char *service_name,
|
||||
#if USE_KADM5_API_VERSION == 1
|
||||
char *realm,
|
||||
#else
|
||||
kadm5_config_params *params,
|
||||
#endif
|
||||
krb5_ui_4 struct_version,
|
||||
krb5_ui_4 api_version,
|
||||
void **server_handle);
|
||||
kadm5_ret_t kadm5_init_with_password(char *client_name,
|
||||
char *pass,
|
||||
char *service_name,
|
||||
#if USE_KADM5_API_VERSION == 1
|
||||
char *realm,
|
||||
#else
|
||||
kadm5_config_params *params,
|
||||
#endif
|
||||
krb5_ui_4 struct_version,
|
||||
krb5_ui_4 api_version,
|
||||
void **server_handle);
|
||||
kadm5_ret_t kadm5_init_with_skey(char *client_name,
|
||||
char *keytab,
|
||||
char *service_name,
|
||||
#if USE_KADM5_API_VERSION == 1
|
||||
char *realm,
|
||||
#else
|
||||
kadm5_config_params *params,
|
||||
#endif
|
||||
krb5_ui_4 struct_version,
|
||||
krb5_ui_4 api_version,
|
||||
void **server_handle);
|
||||
#if USE_KADM5_API_VERSION > 1
|
||||
kadm5_ret_t kadm5_init_with_creds(char *client_name,
|
||||
krb5_ccache cc,
|
||||
char *service_name,
|
||||
kadm5_config_params *params,
|
||||
krb5_ui_4 struct_version,
|
||||
krb5_ui_4 api_version,
|
||||
void **server_handle);
|
||||
#endif
|
||||
kadm5_ret_t kadm5_lock(void *server_handle);
|
||||
kadm5_ret_t kadm5_unlock(void *server_handle);
|
||||
kadm5_ret_t kadm5_flush(void *server_handle);
|
||||
kadm5_ret_t kadm5_destroy(void *server_handle);
|
||||
kadm5_ret_t kadm5_create_principal(void *server_handle,
|
||||
kadm5_principal_ent_t ent,
|
||||
long mask, char *pass);
|
||||
kadm5_ret_t kadm5_create_principal_3(void *server_handle,
|
||||
kadm5_principal_ent_t ent,
|
||||
long mask,
|
||||
int n_ks_tuple,
|
||||
krb5_key_salt_tuple *ks_tuple,
|
||||
char *pass);
|
||||
kadm5_ret_t kadm5_delete_principal(void *server_handle,
|
||||
krb5_principal principal);
|
||||
kadm5_ret_t kadm5_modify_principal(void *server_handle,
|
||||
kadm5_principal_ent_t ent,
|
||||
long mask);
|
||||
kadm5_ret_t kadm5_rename_principal(void *server_handle,
|
||||
krb5_principal,krb5_principal);
|
||||
#if USE_KADM5_API_VERSION == 1
|
||||
kadm5_ret_t kadm5_get_principal(void *server_handle,
|
||||
krb5_principal principal,
|
||||
kadm5_principal_ent_t *ent);
|
||||
#else
|
||||
kadm5_ret_t kadm5_get_principal(void *server_handle,
|
||||
krb5_principal principal,
|
||||
kadm5_principal_ent_t ent,
|
||||
long mask);
|
||||
#endif
|
||||
kadm5_ret_t kadm5_chpass_principal(void *server_handle,
|
||||
krb5_principal principal,
|
||||
char *pass);
|
||||
kadm5_ret_t kadm5_chpass_principal_3(void *server_handle,
|
||||
krb5_principal principal,
|
||||
krb5_boolean keepold,
|
||||
int n_ks_tuple,
|
||||
krb5_key_salt_tuple *ks_tuple,
|
||||
char *pass);
|
||||
#if USE_KADM5_API_VERSION == 1
|
||||
kadm5_ret_t kadm5_randkey_principal(void *server_handle,
|
||||
krb5_principal principal,
|
||||
krb5_keyblock **keyblock);
|
||||
#else
|
||||
kadm5_ret_t kadm5_randkey_principal(void *server_handle,
|
||||
krb5_principal principal,
|
||||
krb5_keyblock **keyblocks,
|
||||
int *n_keys);
|
||||
kadm5_ret_t kadm5_randkey_principal_3(void *server_handle,
|
||||
krb5_principal principal,
|
||||
krb5_boolean keepold,
|
||||
int n_ks_tuple,
|
||||
krb5_key_salt_tuple *ks_tuple,
|
||||
krb5_keyblock **keyblocks,
|
||||
int *n_keys);
|
||||
#endif
|
||||
kadm5_ret_t kadm5_setv4key_principal(void *server_handle,
|
||||
krb5_principal principal,
|
||||
krb5_keyblock *keyblock);
|
||||
|
||||
kadm5_ret_t kadm5_setkey_principal(void *server_handle,
|
||||
krb5_principal principal,
|
||||
krb5_keyblock *keyblocks,
|
||||
int n_keys);
|
||||
|
||||
kadm5_ret_t kadm5_setkey_principal_3(void *server_handle,
|
||||
krb5_principal principal,
|
||||
krb5_boolean keepold,
|
||||
int n_ks_tuple,
|
||||
krb5_key_salt_tuple *ks_tuple,
|
||||
krb5_keyblock *keyblocks,
|
||||
int n_keys);
|
||||
|
||||
kadm5_ret_t kadm5_decrypt_key(void *server_handle,
|
||||
kadm5_principal_ent_t entry, krb5_int32
|
||||
ktype, krb5_int32 stype, krb5_int32
|
||||
kvno, krb5_keyblock *keyblock,
|
||||
krb5_keysalt *keysalt, int *kvnop);
|
||||
|
||||
kadm5_ret_t kadm5_create_policy(void *server_handle,
|
||||
kadm5_policy_ent_t ent,
|
||||
long mask);
|
||||
/*
|
||||
* kadm5_create_policy_internal is not part of the supported,
|
||||
* exposed API. It is available only in the server library, and you
|
||||
* shouldn't use it unless you know why it's there and how it's
|
||||
* different from kadm5_create_policy.
|
||||
*/
|
||||
kadm5_ret_t kadm5_create_policy_internal(void *server_handle,
|
||||
kadm5_policy_ent_t
|
||||
entry, long mask);
|
||||
kadm5_ret_t kadm5_delete_policy(void *server_handle,
|
||||
kadm5_policy_t policy);
|
||||
kadm5_ret_t kadm5_modify_policy(void *server_handle,
|
||||
kadm5_policy_ent_t ent,
|
||||
long mask);
|
||||
/*
|
||||
* kadm5_modify_policy_internal is not part of the supported,
|
||||
* exposed API. It is available only in the server library, and you
|
||||
* shouldn't use it unless you know why it's there and how it's
|
||||
* different from kadm5_modify_policy.
|
||||
*/
|
||||
kadm5_ret_t kadm5_modify_policy_internal(void *server_handle,
|
||||
kadm5_policy_ent_t
|
||||
entry, long mask);
|
||||
#if USE_KADM5_API_VERSION == 1
|
||||
kadm5_ret_t kadm5_get_policy(void *server_handle,
|
||||
kadm5_policy_t policy,
|
||||
kadm5_policy_ent_t *ent);
|
||||
#else
|
||||
kadm5_ret_t kadm5_get_policy(void *server_handle,
|
||||
kadm5_policy_t policy,
|
||||
kadm5_policy_ent_t ent);
|
||||
#endif
|
||||
kadm5_ret_t kadm5_get_privs(void *server_handle,
|
||||
long *privs);
|
||||
|
||||
kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
|
||||
krb5_principal princ,
|
||||
char *new_pw,
|
||||
char **ret_pw,
|
||||
char *msg_ret,
|
||||
unsigned int msg_len);
|
||||
|
||||
kadm5_ret_t kadm5_free_principal_ent(void *server_handle,
|
||||
kadm5_principal_ent_t
|
||||
ent);
|
||||
kadm5_ret_t kadm5_free_policy_ent(void *server_handle,
|
||||
kadm5_policy_ent_t ent);
|
||||
|
||||
kadm5_ret_t kadm5_get_principals(void *server_handle,
|
||||
char *exp, char ***princs,
|
||||
int *count);
|
||||
|
||||
kadm5_ret_t kadm5_get_policies(void *server_handle,
|
||||
char *exp, char ***pols,
|
||||
int *count);
|
||||
|
||||
#if USE_KADM5_API_VERSION > 1
|
||||
kadm5_ret_t kadm5_free_key_data(void *server_handle,
|
||||
krb5_int16 *n_key_data,
|
||||
krb5_key_data *key_data);
|
||||
#endif
|
||||
|
||||
kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names,
|
||||
int count);
|
||||
|
||||
#if USE_KADM5_API_VERSION == 1
|
||||
/*
|
||||
* OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time
|
||||
* compatible with KADM5_API_VERSION_2. Basically, this means we have
|
||||
* to continue to provide all the old ovsec_kadm function and symbol
|
||||
* names.
|
||||
*/
|
||||
|
||||
#define OVSEC_KADM_ACLFILE "/krb5/ovsec_adm.acl"
|
||||
#define OVSEC_KADM_WORDFILE "/krb5/ovsec_adm.dict"
|
||||
|
||||
#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin"
|
||||
#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw"
|
||||
#define OVSEC_KADM_HIST_PRINCIPAL "ovsec_adm/history"
|
||||
|
||||
typedef krb5_principal ovsec_kadm_princ_t;
|
||||
typedef krb5_keyblock ovsec_kadm_keyblock;
|
||||
typedef char *ovsec_kadm_policy_t;
|
||||
typedef long ovsec_kadm_ret_t;
|
||||
|
||||
enum ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL };
|
||||
enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL };
|
||||
|
||||
#define OVSEC_KADM_PW_FIRST_PROMPT \
|
||||
((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
|
||||
#define OVSEC_KADM_PW_SECOND_PROMPT \
|
||||
((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
|
||||
|
||||
/*
|
||||
* Successful return code
|
||||
*/
|
||||
#define OVSEC_KADM_OK 0
|
||||
|
||||
/*
|
||||
* Create/Modify masks
|
||||
*/
|
||||
/* principal */
|
||||
#define OVSEC_KADM_PRINCIPAL 0x000001
|
||||
#define OVSEC_KADM_PRINC_EXPIRE_TIME 0x000002
|
||||
#define OVSEC_KADM_PW_EXPIRATION 0x000004
|
||||
#define OVSEC_KADM_LAST_PWD_CHANGE 0x000008
|
||||
#define OVSEC_KADM_ATTRIBUTES 0x000010
|
||||
#define OVSEC_KADM_MAX_LIFE 0x000020
|
||||
#define OVSEC_KADM_MOD_TIME 0x000040
|
||||
#define OVSEC_KADM_MOD_NAME 0x000080
|
||||
#define OVSEC_KADM_KVNO 0x000100
|
||||
#define OVSEC_KADM_MKVNO 0x000200
|
||||
#define OVSEC_KADM_AUX_ATTRIBUTES 0x000400
|
||||
#define OVSEC_KADM_POLICY 0x000800
|
||||
#define OVSEC_KADM_POLICY_CLR 0x001000
|
||||
/* policy */
|
||||
#define OVSEC_KADM_PW_MAX_LIFE 0x004000
|
||||
#define OVSEC_KADM_PW_MIN_LIFE 0x008000
|
||||
#define OVSEC_KADM_PW_MIN_LENGTH 0x010000
|
||||
#define OVSEC_KADM_PW_MIN_CLASSES 0x020000
|
||||
#define OVSEC_KADM_PW_HISTORY_NUM 0x040000
|
||||
#define OVSEC_KADM_REF_COUNT 0x080000
|
||||
|
||||
/*
|
||||
* permission bits
|
||||
*/
|
||||
#define OVSEC_KADM_PRIV_GET 0x01
|
||||
#define OVSEC_KADM_PRIV_ADD 0x02
|
||||
#define OVSEC_KADM_PRIV_MODIFY 0x04
|
||||
#define OVSEC_KADM_PRIV_DELETE 0x08
|
||||
|
||||
/*
|
||||
* API versioning constants
|
||||
*/
|
||||
#define OVSEC_KADM_MASK_BITS 0xffffff00
|
||||
|
||||
#define OVSEC_KADM_STRUCT_VERSION_MASK 0x12345600
|
||||
#define OVSEC_KADM_STRUCT_VERSION_1 (OVSEC_KADM_STRUCT_VERSION_MASK|0x01)
|
||||
#define OVSEC_KADM_STRUCT_VERSION OVSEC_KADM_STRUCT_VERSION_1
|
||||
|
||||
#define OVSEC_KADM_API_VERSION_MASK 0x12345700
|
||||
#define OVSEC_KADM_API_VERSION_1 (OVSEC_KADM_API_VERSION_MASK|0x01)
|
||||
|
||||
|
||||
typedef struct _ovsec_kadm_principal_ent_t {
|
||||
krb5_principal principal;
|
||||
krb5_timestamp princ_expire_time;
|
||||
krb5_timestamp last_pwd_change;
|
||||
krb5_timestamp pw_expiration;
|
||||
krb5_deltat max_life;
|
||||
krb5_principal mod_name;
|
||||
krb5_timestamp mod_date;
|
||||
krb5_flags attributes;
|
||||
krb5_kvno kvno;
|
||||
krb5_kvno mkvno;
|
||||
char *policy;
|
||||
long aux_attributes;
|
||||
} ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t;
|
||||
|
||||
typedef struct _ovsec_kadm_policy_ent_t {
|
||||
char *policy;
|
||||
long pw_min_life;
|
||||
long pw_max_life;
|
||||
long pw_min_length;
|
||||
long pw_min_classes;
|
||||
long pw_history_num;
|
||||
long policy_refcnt;
|
||||
} ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t;
|
||||
|
||||
/*
|
||||
* functions
|
||||
*/
|
||||
ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass,
|
||||
char *service_name, char *realm,
|
||||
krb5_ui_4 struct_version,
|
||||
krb5_ui_4 api_version,
|
||||
void **server_handle);
|
||||
ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name,
|
||||
char *pass,
|
||||
char *service_name,
|
||||
char *realm,
|
||||
krb5_ui_4 struct_version,
|
||||
krb5_ui_4 api_version,
|
||||
void **server_handle);
|
||||
ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name,
|
||||
char *keytab,
|
||||
char *service_name,
|
||||
char *realm,
|
||||
krb5_ui_4 struct_version,
|
||||
krb5_ui_4 api_version,
|
||||
void **server_handle);
|
||||
ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle);
|
||||
ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle);
|
||||
ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle,
|
||||
ovsec_kadm_principal_ent_t ent,
|
||||
long mask, char *pass);
|
||||
ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle,
|
||||
krb5_principal principal);
|
||||
ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle,
|
||||
ovsec_kadm_principal_ent_t ent,
|
||||
long mask);
|
||||
ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle,
|
||||
krb5_principal,krb5_principal);
|
||||
ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle,
|
||||
krb5_principal principal,
|
||||
ovsec_kadm_principal_ent_t *ent);
|
||||
ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle,
|
||||
krb5_principal principal,
|
||||
char *pass);
|
||||
ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle,
|
||||
krb5_principal principal,
|
||||
krb5_keyblock **keyblock);
|
||||
ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle,
|
||||
ovsec_kadm_policy_ent_t ent,
|
||||
long mask);
|
||||
/*
|
||||
* ovsec_kadm_create_policy_internal is not part of the supported,
|
||||
* exposed API. It is available only in the server library, and you
|
||||
* shouldn't use it unless you know why it's there and how it's
|
||||
* different from ovsec_kadm_create_policy.
|
||||
*/
|
||||
ovsec_kadm_ret_t ovsec_kadm_create_policy_internal(void *server_handle,
|
||||
ovsec_kadm_policy_ent_t
|
||||
entry, long mask);
|
||||
ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle,
|
||||
ovsec_kadm_policy_t policy);
|
||||
ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle,
|
||||
ovsec_kadm_policy_ent_t ent,
|
||||
long mask);
|
||||
/*
|
||||
* ovsec_kadm_modify_policy_internal is not part of the supported,
|
||||
* exposed API. It is available only in the server library, and you
|
||||
* shouldn't use it unless you know why it's there and how it's
|
||||
* different from ovsec_kadm_modify_policy.
|
||||
*/
|
||||
ovsec_kadm_ret_t ovsec_kadm_modify_policy_internal(void *server_handle,
|
||||
ovsec_kadm_policy_ent_t
|
||||
entry, long mask);
|
||||
ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle,
|
||||
ovsec_kadm_policy_t policy,
|
||||
ovsec_kadm_policy_ent_t *ent);
|
||||
ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle,
|
||||
long *privs);
|
||||
|
||||
ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle,
|
||||
krb5_principal princ,
|
||||
char *new_pw,
|
||||
char **ret_pw,
|
||||
char *msg_ret);
|
||||
|
||||
ovsec_kadm_ret_t ovsec_kadm_free_principal_ent(void *server_handle,
|
||||
ovsec_kadm_principal_ent_t
|
||||
ent);
|
||||
ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle,
|
||||
ovsec_kadm_policy_ent_t ent);
|
||||
|
||||
ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle,
|
||||
char **names, int count);
|
||||
|
||||
ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle,
|
||||
char *exp, char ***princs,
|
||||
int *count);
|
||||
|
||||
ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle,
|
||||
char *exp, char ***pols,
|
||||
int *count);
|
||||
|
||||
#define OVSEC_KADM_FAILURE KADM5_FAILURE
|
||||
#define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET
|
||||
#define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD
|
||||
#define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY
|
||||
#define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE
|
||||
#define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT
|
||||
#define OVSEC_KADM_BAD_DB KADM5_BAD_DB
|
||||
#define OVSEC_KADM_DUP KADM5_DUP
|
||||
#define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR
|
||||
#define OVSEC_KADM_NO_SRV KADM5_NO_SRV
|
||||
#define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY
|
||||
#define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT
|
||||
#define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC
|
||||
#define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY
|
||||
#define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK
|
||||
#define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS
|
||||
#define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH
|
||||
#define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY
|
||||
#define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL
|
||||
#define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR
|
||||
#define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY
|
||||
#define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE
|
||||
#define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT
|
||||
#define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS
|
||||
#define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT
|
||||
#define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE
|
||||
#define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON
|
||||
#define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF
|
||||
#define OVSEC_KADM_INIT KADM5_INIT
|
||||
#define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD
|
||||
#define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL
|
||||
#define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE
|
||||
#define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION
|
||||
#define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION
|
||||
#define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION
|
||||
#define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION
|
||||
#define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION
|
||||
#define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION
|
||||
#define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION
|
||||
#define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION
|
||||
#define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING
|
||||
#define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT
|
||||
|
||||
#endif /* USE_KADM5_API_VERSION == 1 */
|
||||
|
||||
#endif /* __KADM5_ADMIN_H__ */
|
|
@ -0,0 +1,38 @@
|
|||
/*
|
||||
* ettmp27966.h:
|
||||
* This file is automatically generated; please do not edit it.
|
||||
*/
|
||||
|
||||
#include <com_err.h>
|
||||
|
||||
#define CHPASS_UTIL_GET_POLICY_INFO (-1492553984L)
|
||||
#define CHPASS_UTIL_GET_PRINC_INFO (-1492553983L)
|
||||
#define CHPASS_UTIL_NEW_PASSWORD_MISMATCH (-1492553982L)
|
||||
#define CHPASS_UTIL_NEW_PASSWORD_PROMPT (-1492553981L)
|
||||
#define CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT (-1492553980L)
|
||||
#define CHPASS_UTIL_NO_PASSWORD_READ (-1492553979L)
|
||||
#define CHPASS_UTIL_NO_POLICY_YET_Q_ERROR (-1492553978L)
|
||||
#define CHPASS_UTIL_PASSWORD_CHANGED (-1492553977L)
|
||||
#define CHPASS_UTIL_PASSWORD_IN_DICTIONARY (-1492553976L)
|
||||
#define CHPASS_UTIL_PASSWORD_NOT_CHANGED (-1492553975L)
|
||||
#define CHPASS_UTIL_PASSWORD_TOO_SHORT (-1492553974L)
|
||||
#define CHPASS_UTIL_TOO_FEW_CLASSES (-1492553973L)
|
||||
#define CHPASS_UTIL_PASSWORD_TOO_SOON (-1492553972L)
|
||||
#define CHPASS_UTIL_PASSWORD_REUSE (-1492553971L)
|
||||
#define CHPASS_UTIL_WHILE_TRYING_TO_CHANGE (-1492553970L)
|
||||
#define CHPASS_UTIL_WHILE_READING_PASSWORD (-1492553969L)
|
||||
#define ERROR_TABLE_BASE_ovku (-1492553984L)
|
||||
|
||||
extern const struct error_table et_ovku_error_table;
|
||||
|
||||
#if !defined(_WIN32)
|
||||
/* for compatibility with older versions... */
|
||||
extern void initialize_ovku_error_table (void) /*@modifies internalState@*/;
|
||||
#else
|
||||
#define initialize_ovku_error_table()
|
||||
#endif
|
||||
|
||||
#if !defined(_WIN32)
|
||||
#define init_ovku_err_tbl initialize_ovku_error_table
|
||||
#define ovku_err_base ERROR_TABLE_BASE_ovku
|
||||
#endif
|
|
@ -0,0 +1,77 @@
|
|||
/*
|
||||
* ettmp27967.h:
|
||||
* This file is automatically generated; please do not edit it.
|
||||
*/
|
||||
|
||||
#include <com_err.h>
|
||||
|
||||
#define KADM5_FAILURE (43787520L)
|
||||
#define KADM5_AUTH_GET (43787521L)
|
||||
#define KADM5_AUTH_ADD (43787522L)
|
||||
#define KADM5_AUTH_MODIFY (43787523L)
|
||||
#define KADM5_AUTH_DELETE (43787524L)
|
||||
#define KADM5_AUTH_INSUFFICIENT (43787525L)
|
||||
#define KADM5_BAD_DB (43787526L)
|
||||
#define KADM5_DUP (43787527L)
|
||||
#define KADM5_RPC_ERROR (43787528L)
|
||||
#define KADM5_NO_SRV (43787529L)
|
||||
#define KADM5_BAD_HIST_KEY (43787530L)
|
||||
#define KADM5_NOT_INIT (43787531L)
|
||||
#define KADM5_UNK_PRINC (43787532L)
|
||||
#define KADM5_UNK_POLICY (43787533L)
|
||||
#define KADM5_BAD_MASK (43787534L)
|
||||
#define KADM5_BAD_CLASS (43787535L)
|
||||
#define KADM5_BAD_LENGTH (43787536L)
|
||||
#define KADM5_BAD_POLICY (43787537L)
|
||||
#define KADM5_BAD_PRINCIPAL (43787538L)
|
||||
#define KADM5_BAD_AUX_ATTR (43787539L)
|
||||
#define KADM5_BAD_HISTORY (43787540L)
|
||||
#define KADM5_BAD_MIN_PASS_LIFE (43787541L)
|
||||
#define KADM5_PASS_Q_TOOSHORT (43787542L)
|
||||
#define KADM5_PASS_Q_CLASS (43787543L)
|
||||
#define KADM5_PASS_Q_DICT (43787544L)
|
||||
#define KADM5_PASS_REUSE (43787545L)
|
||||
#define KADM5_PASS_TOOSOON (43787546L)
|
||||
#define KADM5_POLICY_REF (43787547L)
|
||||
#define KADM5_INIT (43787548L)
|
||||
#define KADM5_BAD_PASSWORD (43787549L)
|
||||
#define KADM5_PROTECT_PRINCIPAL (43787550L)
|
||||
#define KADM5_BAD_SERVER_HANDLE (43787551L)
|
||||
#define KADM5_BAD_STRUCT_VERSION (43787552L)
|
||||
#define KADM5_OLD_STRUCT_VERSION (43787553L)
|
||||
#define KADM5_NEW_STRUCT_VERSION (43787554L)
|
||||
#define KADM5_BAD_API_VERSION (43787555L)
|
||||
#define KADM5_OLD_LIB_API_VERSION (43787556L)
|
||||
#define KADM5_OLD_SERVER_API_VERSION (43787557L)
|
||||
#define KADM5_NEW_LIB_API_VERSION (43787558L)
|
||||
#define KADM5_NEW_SERVER_API_VERSION (43787559L)
|
||||
#define KADM5_SECURE_PRINC_MISSING (43787560L)
|
||||
#define KADM5_NO_RENAME_SALT (43787561L)
|
||||
#define KADM5_BAD_CLIENT_PARAMS (43787562L)
|
||||
#define KADM5_BAD_SERVER_PARAMS (43787563L)
|
||||
#define KADM5_AUTH_LIST (43787564L)
|
||||
#define KADM5_AUTH_CHANGEPW (43787565L)
|
||||
#define KADM5_GSS_ERROR (43787566L)
|
||||
#define KADM5_BAD_TL_TYPE (43787567L)
|
||||
#define KADM5_MISSING_CONF_PARAMS (43787568L)
|
||||
#define KADM5_BAD_SERVER_NAME (43787569L)
|
||||
#define KADM5_AUTH_SETKEY (43787570L)
|
||||
#define KADM5_SETKEY_DUP_ENCTYPES (43787571L)
|
||||
#define KADM5_SETV4KEY_INVAL_ENCTYPE (43787572L)
|
||||
#define KADM5_SETKEY3_ETYPE_MISMATCH (43787573L)
|
||||
#define KADM5_MISSING_KRB5_CONF_PARAMS (43787574L)
|
||||
#define ERROR_TABLE_BASE_ovk (43787520L)
|
||||
|
||||
extern const struct error_table et_ovk_error_table;
|
||||
|
||||
#if !defined(_WIN32)
|
||||
/* for compatibility with older versions... */
|
||||
extern void initialize_ovk_error_table (void) /*@modifies internalState@*/;
|
||||
#else
|
||||
#define initialize_ovk_error_table()
|
||||
#endif
|
||||
|
||||
#if !defined(_WIN32)
|
||||
#define init_ovk_err_tbl initialize_ovk_error_table
|
||||
#define ovk_err_base ERROR_TABLE_BASE_ovk
|
||||
#endif
|
|
@ -0,0 +1,335 @@
|
|||
#ifndef __KADM_RPC_H__
|
||||
#define __KADM_RPC_H__
|
||||
|
||||
#include <gssrpc/types.h>
|
||||
|
||||
#include <krb5.h>
|
||||
#include <kadm5/admin.h>
|
||||
|
||||
struct cprinc_arg {
|
||||
krb5_ui_4 api_version;
|
||||
kadm5_principal_ent_rec rec;
|
||||
long mask;
|
||||
char *passwd;
|
||||
};
|
||||
typedef struct cprinc_arg cprinc_arg;
|
||||
bool_t xdr_cprinc_arg();
|
||||
|
||||
struct cprinc3_arg {
|
||||
krb5_ui_4 api_version;
|
||||
kadm5_principal_ent_rec rec;
|
||||
long mask;
|
||||
int n_ks_tuple;
|
||||
krb5_key_salt_tuple *ks_tuple;
|
||||
char *passwd;
|
||||
};
|
||||
typedef struct cprinc3_arg cprinc3_arg;
|
||||
bool_t xdr_cprinc3_arg();
|
||||
|
||||
struct generic_ret {
|
||||
krb5_ui_4 api_version;
|
||||
kadm5_ret_t code;
|
||||
};
|
||||
typedef struct generic_ret generic_ret;
|
||||
bool_t xdr_generic_ret();
|
||||
|
||||
struct dprinc_arg {
|
||||
krb5_ui_4 api_version;
|
||||
krb5_principal princ;
|
||||
};
|
||||
typedef struct dprinc_arg dprinc_arg;
|
||||
bool_t xdr_dprinc_arg();
|
||||
|
||||
struct mprinc_arg {
|
||||
krb5_ui_4 api_version;
|
||||
kadm5_principal_ent_rec rec;
|
||||
long mask;
|
||||
};
|
||||
typedef struct mprinc_arg mprinc_arg;
|
||||
bool_t xdr_mprinc_arg();
|
||||
|
||||
struct rprinc_arg {
|
||||
krb5_ui_4 api_version;
|
||||
krb5_principal src;
|
||||
krb5_principal dest;
|
||||
};
|
||||
typedef struct rprinc_arg rprinc_arg;
|
||||
bool_t xdr_rprinc_arg();
|
||||
|
||||
struct gprincs_arg {
|
||||
krb5_ui_4 api_version;
|
||||
char *exp;
|
||||
};
|
||||
typedef struct gprincs_arg gprincs_arg;
|
||||
bool_t xdr_gprincs_arg();
|
||||
|
||||
struct gprincs_ret {
|
||||
krb5_ui_4 api_version;
|
||||
kadm5_ret_t code;
|
||||
char **princs;
|
||||
int count;
|
||||
};
|
||||
typedef struct gprincs_ret gprincs_ret;
|
||||
bool_t xdr_gprincs_ret();
|
||||
|
||||
struct chpass_arg {
|
||||
krb5_ui_4 api_version;
|
||||
krb5_principal princ;
|
||||
char *pass;
|
||||
};
|
||||
typedef struct chpass_arg chpass_arg;
|
||||
bool_t xdr_chpass_arg();
|
||||
|
||||
struct chpass3_arg {
|
||||
krb5_ui_4 api_version;
|
||||
krb5_principal princ;
|
||||
krb5_boolean keepold;
|
||||
int n_ks_tuple;
|
||||
krb5_key_salt_tuple *ks_tuple;
|
||||
char *pass;
|
||||
};
|
||||
typedef struct chpass3_arg chpass3_arg;
|
||||
bool_t xdr_chpass3_arg();
|
||||
|
||||
struct setv4key_arg {
|
||||
krb5_ui_4 api_version;
|
||||
krb5_principal princ;
|
||||
krb5_keyblock *keyblock;
|
||||
};
|
||||
typedef struct setv4key_arg setv4key_arg;
|
||||
bool_t xdr_setv4key_arg();
|
||||
|
||||
struct setkey_arg {
|
||||
krb5_ui_4 api_version;
|
||||
krb5_principal princ;
|
||||
krb5_keyblock *keyblocks;
|
||||
int n_keys;
|
||||
};
|
||||
typedef struct setkey_arg setkey_arg;
|
||||
bool_t xdr_setkey_arg();
|
||||
|
||||
struct setkey3_arg {
|
||||
krb5_ui_4 api_version;
|
||||
krb5_principal princ;
|
||||
krb5_boolean keepold;
|
||||
int n_ks_tuple;
|
||||
krb5_key_salt_tuple *ks_tuple;
|
||||
krb5_keyblock *keyblocks;
|
||||
int n_keys;
|
||||
};
|
||||
typedef struct setkey3_arg setkey3_arg;
|
||||
bool_t xdr_setkey3_arg();
|
||||
|
||||
struct chrand_arg {
|
||||
krb5_ui_4 api_version;
|
||||
krb5_principal princ;
|
||||
};
|
||||
typedef struct chrand_arg chrand_arg;
|
||||
bool_t xdr_chrand_arg();
|
||||
|
||||
struct chrand3_arg {
|
||||
krb5_ui_4 api_version;
|
||||
krb5_principal princ;
|
||||
krb5_boolean keepold;
|
||||
int n_ks_tuple;
|
||||
krb5_key_salt_tuple *ks_tuple;
|
||||
};
|
||||
typedef struct chrand3_arg chrand3_arg;
|
||||
bool_t xdr_chrand3_arg();
|
||||
|
||||
struct chrand_ret {
|
||||
krb5_ui_4 api_version;
|
||||
kadm5_ret_t code;
|
||||
krb5_keyblock key;
|
||||
krb5_keyblock *keys;
|
||||
int n_keys;
|
||||
};
|
||||
typedef struct chrand_ret chrand_ret;
|
||||
bool_t xdr_chrand_ret();
|
||||
|
||||
struct gprinc_arg {
|
||||
krb5_ui_4 api_version;
|
||||
krb5_principal princ;
|
||||
long mask;
|
||||
};
|
||||
typedef struct gprinc_arg gprinc_arg;
|
||||
bool_t xdr_gprinc_arg();
|
||||
|
||||
struct gprinc_ret {
|
||||
krb5_ui_4 api_version;
|
||||
kadm5_ret_t code;
|
||||
kadm5_principal_ent_rec rec;
|
||||
};
|
||||
typedef struct gprinc_ret gprinc_ret;
|
||||
bool_t xdr_gprinc_ret();
|
||||
bool_t xdr_kadm5_ret_t();
|
||||
bool_t xdr_kadm5_principal_ent_rec();
|
||||
bool_t xdr_kadm5_policy_ent_rec();
|
||||
bool_t xdr_krb5_keyblock();
|
||||
bool_t xdr_krb5_principal();
|
||||
bool_t xdr_krb5_enctype();
|
||||
bool_t xdr_krb5_octet();
|
||||
bool_t xdr_krb5_int32();
|
||||
bool_t xdr_u_int32();
|
||||
|
||||
struct cpol_arg {
|
||||
krb5_ui_4 api_version;
|
||||
kadm5_policy_ent_rec rec;
|
||||
long mask;
|
||||
};
|
||||
typedef struct cpol_arg cpol_arg;
|
||||
bool_t xdr_cpol_arg();
|
||||
|
||||
struct dpol_arg {
|
||||
krb5_ui_4 api_version;
|
||||
char *name;
|
||||
};
|
||||
typedef struct dpol_arg dpol_arg;
|
||||
bool_t xdr_dpol_arg();
|
||||
|
||||
struct mpol_arg {
|
||||
krb5_ui_4 api_version;
|
||||
kadm5_policy_ent_rec rec;
|
||||
long mask;
|
||||
};
|
||||
typedef struct mpol_arg mpol_arg;
|
||||
bool_t xdr_mpol_arg();
|
||||
|
||||
struct gpol_arg {
|
||||
krb5_ui_4 api_version;
|
||||
char *name;
|
||||
};
|
||||
typedef struct gpol_arg gpol_arg;
|
||||
bool_t xdr_gpol_arg();
|
||||
|
||||
struct gpol_ret {
|
||||
krb5_ui_4 api_version;
|
||||
kadm5_ret_t code;
|
||||
kadm5_policy_ent_rec rec;
|
||||
};
|
||||
typedef struct gpol_ret gpol_ret;
|
||||
bool_t xdr_gpol_ret();
|
||||
|
||||
struct gpols_arg {
|
||||
krb5_ui_4 api_version;
|
||||
char *exp;
|
||||
};
|
||||
typedef struct gpols_arg gpols_arg;
|
||||
bool_t xdr_gpols_arg();
|
||||
|
||||
struct gpols_ret {
|
||||
krb5_ui_4 api_version;
|
||||
kadm5_ret_t code;
|
||||
char **pols;
|
||||
int count;
|
||||
};
|
||||
typedef struct gpols_ret gpols_ret;
|
||||
bool_t xdr_gpols_ret();
|
||||
|
||||
struct getprivs_ret {
|
||||
krb5_ui_4 api_version;
|
||||
kadm5_ret_t code;
|
||||
long privs;
|
||||
};
|
||||
typedef struct getprivs_ret getprivs_ret;
|
||||
bool_t xdr_getprivs_ret();
|
||||
|
||||
#define KADM ((krb5_ui_4)2112)
|
||||
#define KADMVERS ((krb5_ui_4)2)
|
||||
#define CREATE_PRINCIPAL ((krb5_ui_4)1)
|
||||
extern generic_ret *create_principal_1_svc(cprinc_arg *arg,
|
||||
struct svc_req *rqstp);
|
||||
extern generic_ret *create_principal_1(cprinc_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define DELETE_PRINCIPAL ((krb5_ui_4)2)
|
||||
extern generic_ret *delete_principal_1_svc(dprinc_arg *arg,
|
||||
struct svc_req *rqstp);
|
||||
extern generic_ret *delete_principal_1(dprinc_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define MODIFY_PRINCIPAL ((krb5_ui_4)3)
|
||||
extern generic_ret *modify_principal_1_svc(mprinc_arg *arg,
|
||||
struct svc_req *rqstp);
|
||||
extern generic_ret *modify_principal_1(mprinc_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define RENAME_PRINCIPAL ((krb5_ui_4)4)
|
||||
extern generic_ret *rename_principal_1_svc(rprinc_arg *arg,
|
||||
struct svc_req *rqstp);
|
||||
extern generic_ret *rename_principal_1(rprinc_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define GET_PRINCIPAL ((krb5_ui_4)5)
|
||||
extern gprinc_ret *get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp);
|
||||
extern gprinc_ret *get_principal_1(gprinc_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define CHPASS_PRINCIPAL ((krb5_ui_4)6)
|
||||
extern generic_ret *chpass_principal_1_svc(chpass_arg *arg,
|
||||
struct svc_req *rqstp);
|
||||
extern generic_ret *chpass_principal_1(chpass_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define CHRAND_PRINCIPAL ((krb5_ui_4)7)
|
||||
extern chrand_ret *chrand_principal_1_svc(chrand_arg *arg,
|
||||
struct svc_req *rqstp);
|
||||
extern chrand_ret *chrand_principal_1(chrand_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define CREATE_POLICY ((krb5_ui_4)8)
|
||||
extern generic_ret *create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp);
|
||||
extern generic_ret *create_policy_1(cpol_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define DELETE_POLICY ((krb5_ui_4)9)
|
||||
extern generic_ret *delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp);
|
||||
extern generic_ret *delete_policy_1(dpol_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define MODIFY_POLICY ((krb5_ui_4)10)
|
||||
extern generic_ret *modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp);
|
||||
extern generic_ret *modify_policy_1(mpol_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define GET_POLICY ((krb5_ui_4)11)
|
||||
extern gpol_ret *get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp);
|
||||
extern gpol_ret *get_policy_1(gpol_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define GET_PRIVS ((krb5_ui_4)12)
|
||||
extern getprivs_ret *get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp);
|
||||
extern getprivs_ret *get_privs_1(void *argp, CLIENT *clnt);
|
||||
|
||||
#define INIT ((krb5_ui_4)13)
|
||||
extern generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp);
|
||||
extern generic_ret *init_1(void *argp, CLIENT *clnt);
|
||||
|
||||
#define GET_PRINCS ((krb5_ui_4) 14)
|
||||
extern gprincs_ret *get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp);
|
||||
extern gprincs_ret *get_princs_1(gprincs_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define GET_POLS ((krb5_ui_4) 15)
|
||||
extern gpols_ret *get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp);
|
||||
extern gpols_ret *get_pols_1(gpols_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define SETKEY_PRINCIPAL ((krb5_ui_4) 16)
|
||||
extern generic_ret *setkey_principal_1_svc(setkey_arg *arg,
|
||||
struct svc_req *rqstp);
|
||||
extern generic_ret *setkey_principal_1(setkey_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define SETV4KEY_PRINCIPAL ((krb5_ui_4) 17)
|
||||
extern generic_ret *setv4key_principal_1_svc(setv4key_arg *arg,
|
||||
struct svc_req *rqstp);
|
||||
extern generic_ret *setv4key_principal_1(setv4key_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define CREATE_PRINCIPAL3 ((krb5_ui_4) 18)
|
||||
extern generic_ret *create_principal3_1_svc(cprinc3_arg *arg,
|
||||
struct svc_req *rqstp);
|
||||
extern generic_ret *create_principal3_1(cprinc3_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define CHPASS_PRINCIPAL3 ((krb5_ui_4) 19)
|
||||
extern generic_ret *chpass_principal3_1_svc(chpass3_arg *arg,
|
||||
struct svc_req *rqstp);
|
||||
extern generic_ret *chpass_principal3_1(chpass3_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define CHRAND_PRINCIPAL3 ((krb5_ui_4) 20)
|
||||
extern chrand_ret *chrand_principal3_1_svc(chrand3_arg *arg,
|
||||
struct svc_req *rqstp);
|
||||
extern chrand_ret *chrand_principal3_1(chrand3_arg *argp, CLIENT *clnt);
|
||||
|
||||
#define SETKEY_PRINCIPAL3 ((krb5_ui_4) 21)
|
||||
extern generic_ret *setkey_principal3_1_svc(setkey3_arg *arg,
|
||||
struct svc_req *rqstp);
|
||||
extern generic_ret *setkey_principal3_1(setkey3_arg *argp, CLIENT *clnt);
|
||||
|
||||
#endif /* __KADM_RPC_H__ */
|
|
@ -0,0 +1,334 @@
|
|||
/*
|
||||
* include/krb5/kdb.h
|
||||
*
|
||||
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
|
||||
* All Rights Reserved.
|
||||
*
|
||||
* Export of this software from the United States of America may
|
||||
* require a specific license from the United States Government.
|
||||
* It is the responsibility of any person or organization contemplating
|
||||
* export to obtain such a license before exporting.
|
||||
*
|
||||
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
||||
* distribute this software and its documentation for any purpose and
|
||||
* without fee is hereby granted, provided that the above copyright
|
||||
* notice appear in all copies and that both that copyright notice and
|
||||
* this permission notice appear in supporting documentation, and that
|
||||
* the name of M.I.T. not be used in advertising or publicity pertaining
|
||||
* to distribution of the software without specific, written prior
|
||||
* permission. Furthermore if you modify this software you must label
|
||||
* your software as modified software and not distribute it in such a
|
||||
* fashion that it might be confused with the original M.I.T. software.
|
||||
* M.I.T. makes no representations about the suitability of
|
||||
* this software for any purpose. It is provided "as is" without express
|
||||
* or implied warranty.
|
||||
*
|
||||
*
|
||||
* KDC Database interface definitions.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 1998 by the FundsXpress, INC.
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Export of this software from the United States of America may require
|
||||
* a specific license from the United States Government. It is the
|
||||
* responsibility of any person or organization contemplating export to
|
||||
* obtain such a license before exporting.
|
||||
*
|
||||
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
||||
* distribute this software and its documentation for any purpose and
|
||||
* without fee is hereby granted, provided that the above copyright
|
||||
* notice appear in all copies and that both that copyright notice and
|
||||
* this permission notice appear in supporting documentation, and that
|
||||
* the name of FundsXpress. not be used in advertising or publicity pertaining
|
||||
* to distribution of the software without specific, written prior
|
||||
* permission. FundsXpress makes no representations about the suitability of
|
||||
* this software for any purpose. It is provided "as is" without express
|
||||
* or implied warranty.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
#ifndef KRB5_KDB5__
|
||||
#define KRB5_KDB5__
|
||||
|
||||
/* Salt types */
|
||||
#define KRB5_KDB_SALTTYPE_NORMAL 0
|
||||
#define KRB5_KDB_SALTTYPE_V4 1
|
||||
#define KRB5_KDB_SALTTYPE_NOREALM 2
|
||||
#define KRB5_KDB_SALTTYPE_ONLYREALM 3
|
||||
#define KRB5_KDB_SALTTYPE_SPECIAL 4
|
||||
#define KRB5_KDB_SALTTYPE_AFS3 5
|
||||
|
||||
/* Attributes */
|
||||
#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
|
||||
#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
|
||||
#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
|
||||
#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
|
||||
#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
|
||||
#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
|
||||
#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
|
||||
#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
|
||||
#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
|
||||
#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
|
||||
#define KRB5_KDB_DISALLOW_SVR 0x00001000
|
||||
#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
|
||||
#define KRB5_KDB_SUPPORT_DESMD5 0x00004000
|
||||
#define KRB5_KDB_NEW_PRINC 0x00008000
|
||||
|
||||
/* Creation flags */
|
||||
#define KRB5_KDB_CREATE_BTREE 0x00000001
|
||||
#define KRB5_KDB_CREATE_HASH 0x00000002
|
||||
|
||||
#if !defined(_WIN32)
|
||||
|
||||
/*
|
||||
* Note --- these structures cannot be modified without changing the
|
||||
* database version number in libkdb.a, but should be expandable by
|
||||
* adding new tl_data types.
|
||||
*/
|
||||
typedef struct _krb5_tl_data {
|
||||
struct _krb5_tl_data* tl_data_next; /* NOT saved */
|
||||
krb5_int16 tl_data_type;
|
||||
krb5_ui_2 tl_data_length;
|
||||
krb5_octet * tl_data_contents;
|
||||
} krb5_tl_data;
|
||||
|
||||
/*
|
||||
* If this ever changes up the version number and make the arrays be as
|
||||
* big as necessary.
|
||||
*
|
||||
* Currently the first type is the enctype and the second is the salt type.
|
||||
*/
|
||||
typedef struct _krb5_key_data {
|
||||
krb5_int16 key_data_ver; /* Version */
|
||||
krb5_int16 key_data_kvno; /* Key Version */
|
||||
krb5_int16 key_data_type[2]; /* Array of types */
|
||||
krb5_ui_2 key_data_length[2]; /* Array of lengths */
|
||||
krb5_octet * key_data_contents[2]; /* Array of pointers */
|
||||
} krb5_key_data;
|
||||
|
||||
#define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */
|
||||
|
||||
typedef struct _krb5_keysalt {
|
||||
krb5_int16 type;
|
||||
krb5_data data; /* Length, data */
|
||||
} krb5_keysalt;
|
||||
|
||||
typedef struct _krb5_db_entry_new {
|
||||
krb5_magic magic; /* NOT saved */
|
||||
krb5_ui_2 len;
|
||||
krb5_flags attributes;
|
||||
krb5_deltat max_life;
|
||||
krb5_deltat max_renewable_life;
|
||||
krb5_timestamp expiration; /* When the client expires */
|
||||
krb5_timestamp pw_expiration; /* When its passwd expires */
|
||||
krb5_timestamp last_success; /* Last successful passwd */
|
||||
krb5_timestamp last_failed; /* Last failed passwd attempt */
|
||||
krb5_kvno fail_auth_count; /* # of failed passwd attempt */
|
||||
krb5_int16 n_tl_data;
|
||||
krb5_int16 n_key_data;
|
||||
krb5_ui_2 e_length; /* Length of extra data */
|
||||
krb5_octet * e_data; /* Extra data to be saved */
|
||||
|
||||
krb5_principal princ; /* Length, data */
|
||||
krb5_tl_data * tl_data; /* Linked list */
|
||||
krb5_key_data * key_data; /* Array */
|
||||
} krb5_db_entry;
|
||||
|
||||
#define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb
|
||||
#define KRB5_KDB_V1_BASE_LENGTH 38
|
||||
|
||||
#define KRB5_TL_LAST_PWD_CHANGE 0x0001
|
||||
#define KRB5_TL_MOD_PRINC 0x0002
|
||||
#define KRB5_TL_KADM_DATA 0x0003
|
||||
#define KRB5_TL_KADM5_E_DATA 0x0004
|
||||
#define KRB5_TL_RB1_CHALLENGE 0x0005
|
||||
#ifdef SECURID
|
||||
#define KRB5_TL_SECURID_STATE 0x0006
|
||||
#endif /* SECURID */
|
||||
|
||||
/*
|
||||
* Determines the number of failed KDC requests before DISALLOW_ALL_TIX is set
|
||||
* on the principal.
|
||||
*/
|
||||
#define KRB5_MAX_FAIL_COUNT 5
|
||||
|
||||
/* XXX depends on knowledge of krb5_parse_name() formats */
|
||||
#define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */
|
||||
|
||||
/* prompts used by default when reading the KDC password from the keyboard. */
|
||||
#define KRB5_KDC_MKEY_1 "Enter KDC database master key"
|
||||
#define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify"
|
||||
|
||||
extern char *krb5_mkey_pwd_prompt1;
|
||||
extern char *krb5_mkey_pwd_prompt2;
|
||||
|
||||
/*
|
||||
* These macros specify the encoding of data within the database.
|
||||
*
|
||||
* Data encoding is little-endian.
|
||||
*/
|
||||
#define krb5_kdb_decode_int16(cp, i16) \
|
||||
*((krb5_int16 *) &(i16)) = (((krb5_int16) ((unsigned char) (cp)[0]))| \
|
||||
((krb5_int16) ((unsigned char) (cp)[1]) << 8))
|
||||
#define krb5_kdb_decode_int32(cp, i32) \
|
||||
*((krb5_int32 *) &(i32)) = (((krb5_int32) ((unsigned char) (cp)[0]))| \
|
||||
((krb5_int32) ((unsigned char) (cp)[1]) << 8) | \
|
||||
((krb5_int32) ((unsigned char) (cp)[2]) << 16)| \
|
||||
((krb5_int32) ((unsigned char) (cp)[3]) << 24))
|
||||
#define krb5_kdb_encode_int16(i16, cp) \
|
||||
{ \
|
||||
(cp)[0] = (unsigned char) ((i16) & 0xff); \
|
||||
(cp)[1] = (unsigned char) (((i16) >> 8) & 0xff); \
|
||||
}
|
||||
#define krb5_kdb_encode_int32(i32, cp) \
|
||||
{ \
|
||||
(cp)[0] = (unsigned char) ((i32) & 0xff); \
|
||||
(cp)[1] = (unsigned char) (((i32) >> 8) & 0xff); \
|
||||
(cp)[2] = (unsigned char) (((i32) >> 16) & 0xff); \
|
||||
(cp)[3] = (unsigned char) (((i32) >> 24) & 0xff); \
|
||||
}
|
||||
|
||||
/* libkdb.spec */
|
||||
krb5_error_code krb5_db_set_name (krb5_context, char * );
|
||||
krb5_error_code krb5_db_init (krb5_context);
|
||||
krb5_error_code krb5_db_fini (krb5_context);
|
||||
krb5_error_code krb5_db_get_age (krb5_context, char *, time_t * );
|
||||
krb5_error_code krb5_db_create (krb5_context, char *, krb5_int32 );
|
||||
krb5_error_code krb5_db_rename (krb5_context, char *, char * );
|
||||
krb5_error_code krb5_db_get_principal (krb5_context, krb5_const_principal ,
|
||||
krb5_db_entry *, int *,
|
||||
krb5_boolean * );
|
||||
void krb5_db_free_principal (krb5_context, krb5_db_entry *, int );
|
||||
krb5_error_code krb5_db_put_principal (krb5_context, krb5_db_entry *, int * );
|
||||
krb5_error_code krb5_db_delete_principal (krb5_context, krb5_const_principal,
|
||||
int * );
|
||||
krb5_error_code krb5_db_iterate (krb5_context,
|
||||
krb5_error_code (* ) (krb5_pointer,
|
||||
krb5_db_entry *),
|
||||
krb5_pointer);
|
||||
krb5_error_code krb5_db_iterate_ext (krb5_context,
|
||||
krb5_error_code (* ) (krb5_pointer,
|
||||
krb5_db_entry *),
|
||||
krb5_pointer, int, int);
|
||||
krb5_error_code krb5_db_verify_master_key (krb5_context, krb5_principal,
|
||||
krb5_keyblock *);
|
||||
krb5_error_code krb5_db_store_mkey (krb5_context, char *, krb5_principal,
|
||||
krb5_keyblock *);
|
||||
|
||||
krb5_error_code krb5_db_setup_mkey_name (krb5_context, const char *,
|
||||
const char *, char **,
|
||||
krb5_principal *);
|
||||
|
||||
krb5_error_code krb5_db_set_mkey (krb5_context, krb5_keyblock *);
|
||||
|
||||
krb5_error_code krb5_db_get_mkey (krb5_context, krb5_keyblock **);
|
||||
krb5_error_code krb5_db_destroy (krb5_context, char * );
|
||||
krb5_error_code krb5_db_lock (krb5_context, int );
|
||||
krb5_error_code krb5_db_unlock (krb5_context);
|
||||
krb5_error_code krb5_db_set_nonblocking (krb5_context, krb5_boolean,
|
||||
krb5_boolean * );
|
||||
krb5_boolean krb5_db_set_lockmode (krb5_context, krb5_boolean);
|
||||
krb5_error_code krb5_db_fetch_mkey (krb5_context, krb5_principal, krb5_enctype,
|
||||
krb5_boolean, krb5_boolean, char *,
|
||||
krb5_data *,
|
||||
krb5_keyblock * );
|
||||
|
||||
krb5_error_code krb5_db_open_database (krb5_context);
|
||||
krb5_error_code krb5_db_close_database (krb5_context);
|
||||
|
||||
krb5_error_code krb5_dbekd_encrypt_key_data (krb5_context,
|
||||
const krb5_keyblock *,
|
||||
const krb5_keyblock *,
|
||||
const krb5_keysalt *,
|
||||
int,
|
||||
krb5_key_data *);
|
||||
krb5_error_code krb5_dbekd_decrypt_key_data (krb5_context,
|
||||
const krb5_keyblock *,
|
||||
const krb5_key_data *,
|
||||
krb5_keyblock *,
|
||||
krb5_keysalt *);
|
||||
krb5_error_code krb5_dbe_create_key_data (krb5_context,
|
||||
krb5_db_entry *);
|
||||
krb5_error_code krb5_dbe_update_tl_data (krb5_context,
|
||||
krb5_db_entry *,
|
||||
krb5_tl_data *);
|
||||
krb5_error_code krb5_dbe_lookup_tl_data (krb5_context,
|
||||
krb5_db_entry *,
|
||||
krb5_tl_data *);
|
||||
krb5_error_code krb5_dbe_update_last_pwd_change (krb5_context,
|
||||
krb5_db_entry *,
|
||||
krb5_timestamp);
|
||||
krb5_error_code krb5_dbe_lookup_last_pwd_change (krb5_context,
|
||||
krb5_db_entry *,
|
||||
krb5_timestamp *);
|
||||
krb5_error_code krb5_dbe_update_mod_princ_data (krb5_context,
|
||||
krb5_db_entry *,
|
||||
krb5_timestamp,
|
||||
krb5_const_principal);
|
||||
krb5_error_code krb5_dbe_lookup_mod_princ_data (krb5_context,
|
||||
krb5_db_entry *,
|
||||
krb5_timestamp *,
|
||||
krb5_principal *);
|
||||
int krb5_encode_princ_dbkey (krb5_context, krb5_data *, krb5_const_principal);
|
||||
void krb5_free_princ_dbkey (krb5_context, krb5_data *);
|
||||
krb5_error_code krb5_encode_princ_contents (krb5_context, krb5_data *,
|
||||
krb5_db_entry *);
|
||||
void krb5_free_princ_contents (krb5_context, krb5_data *);
|
||||
krb5_error_code krb5_decode_princ_contents (krb5_context, krb5_data *,
|
||||
krb5_db_entry *);
|
||||
void krb5_dbe_free_contents (krb5_context, krb5_db_entry *);
|
||||
|
||||
krb5_error_code krb5_dbe_find_enctype (krb5_context, krb5_db_entry *,
|
||||
krb5_int32,
|
||||
krb5_int32,
|
||||
krb5_int32,
|
||||
krb5_key_data **);
|
||||
|
||||
krb5_error_code krb5_dbe_search_enctype (krb5_context,
|
||||
krb5_db_entry *,
|
||||
krb5_int32 *,
|
||||
krb5_int32,
|
||||
krb5_int32,
|
||||
krb5_int32,
|
||||
krb5_key_data **);
|
||||
|
||||
struct __krb5_key_salt_tuple;
|
||||
|
||||
krb5_error_code krb5_dbe_cpw (krb5_context,
|
||||
krb5_keyblock *,
|
||||
struct __krb5_key_salt_tuple *,
|
||||
int,
|
||||
char *,
|
||||
int,
|
||||
krb5_boolean,
|
||||
krb5_db_entry *);
|
||||
krb5_error_code krb5_dbe_apw (krb5_context,
|
||||
krb5_keyblock *,
|
||||
struct __krb5_key_salt_tuple *,
|
||||
int,
|
||||
char *,
|
||||
krb5_db_entry *);
|
||||
krb5_error_code krb5_dbe_crk (krb5_context,
|
||||
krb5_keyblock *,
|
||||
struct __krb5_key_salt_tuple *,
|
||||
int,
|
||||
krb5_boolean,
|
||||
krb5_db_entry *);
|
||||
krb5_error_code krb5_dbe_ark (krb5_context,
|
||||
krb5_keyblock *,
|
||||
struct __krb5_key_salt_tuple *,
|
||||
int,
|
||||
krb5_db_entry *);
|
||||
|
||||
krb5_error_code krb5_ser_db_context_init (krb5_context);
|
||||
|
||||
#define KRB5_KDB_DEF_FLAGS 0
|
||||
|
||||
#endif /* !defined(_WIN32) */
|
||||
#endif /* KRB5_KDB5__ */
|
Loading…
Reference in New Issue