From 4ec2fceaca00bfd687481ec74af3855a20b23560 Mon Sep 17 00:00:00 2001 From: Michael Spang Date: Fri, 26 Oct 2007 00:24:10 -0400 Subject: [PATCH] Add stolen Kerberos 5 admin headers --- include/kadm5/adb_err.h | 36 ++ include/kadm5/admin.h | 733 ++++++++++++++++++++++++++++ include/kadm5/chpass_util_strings.h | 38 ++ include/kadm5/kadm_err.h | 77 +++ include/kadm5/kadm_rpc.h | 335 +++++++++++++ include/kdb.h | 334 +++++++++++++ 6 files changed, 1553 insertions(+) create mode 100644 include/kadm5/adb_err.h create mode 100644 include/kadm5/admin.h create mode 100644 include/kadm5/chpass_util_strings.h create mode 100644 include/kadm5/kadm_err.h create mode 100644 include/kadm5/kadm_rpc.h create mode 100644 include/kdb.h diff --git a/include/kadm5/adb_err.h b/include/kadm5/adb_err.h new file mode 100644 index 0000000..e018099 --- /dev/null +++ b/include/kadm5/adb_err.h @@ -0,0 +1,36 @@ +/* + * ettmp27965.h: + * This file is automatically generated; please do not edit it. + */ + +#include + +#define OSA_ADB_NOERR (28810240L) +#define OSA_ADB_DUP (28810241L) +#define OSA_ADB_NOENT (28810242L) +#define OSA_ADB_DBINIT (28810243L) +#define OSA_ADB_BAD_POLICY (28810244L) +#define OSA_ADB_BAD_PRINC (28810245L) +#define OSA_ADB_BAD_DB (28810246L) +#define OSA_ADB_XDR_FAILURE (28810247L) +#define OSA_ADB_FAILURE (28810248L) +#define OSA_ADB_BADLOCKMODE (28810249L) +#define OSA_ADB_CANTLOCK_DB (28810250L) +#define OSA_ADB_NOTLOCKED (28810251L) +#define OSA_ADB_NOLOCKFILE (28810252L) +#define OSA_ADB_NOEXCL_PERM (28810253L) +#define ERROR_TABLE_BASE_adb (28810240L) + +extern const struct error_table et_adb_error_table; + +#if !defined(_WIN32) +/* for compatibility with older versions... */ +extern void initialize_adb_error_table (void) /*@modifies internalState@*/; +#else +#define initialize_adb_error_table() +#endif + +#if !defined(_WIN32) +#define init_adb_err_tbl initialize_adb_error_table +#define adb_err_base ERROR_TABLE_BASE_adb +#endif diff --git a/include/kadm5/admin.h b/include/kadm5/admin.h new file mode 100644 index 0000000..bde7846 --- /dev/null +++ b/include/kadm5/admin.h @@ -0,0 +1,733 @@ +/* + * lib/kadm5/admin.h + * + * Copyright 2001 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ +/* + * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved + * + * $Header$ + */ + +#ifndef __KADM5_ADMIN_H__ +#define __KADM5_ADMIN_H__ + +#if !defined(USE_KADM5_API_VERSION) +#define USE_KADM5_API_VERSION 2 +#endif + +#include +#include +#include +#include +#include +#include +#include +#include + +#define KADM5_ADMIN_SERVICE "kadmin/admin" +#define KADM5_CHANGEPW_SERVICE "kadmin/changepw" +#define KADM5_HIST_PRINCIPAL "kadmin/history" + +typedef krb5_principal kadm5_princ_t; +typedef char *kadm5_policy_t; +typedef long kadm5_ret_t; + +#define KADM5_PW_FIRST_PROMPT \ + (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT)) +#define KADM5_PW_SECOND_PROMPT \ + (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT)) + +/* + * Successful return code + */ +#define KADM5_OK 0 + +/* + * Field masks + */ + +/* kadm5_principal_ent_t */ +#define KADM5_PRINCIPAL 0x000001 +#define KADM5_PRINC_EXPIRE_TIME 0x000002 +#define KADM5_PW_EXPIRATION 0x000004 +#define KADM5_LAST_PWD_CHANGE 0x000008 +#define KADM5_ATTRIBUTES 0x000010 +#define KADM5_MAX_LIFE 0x000020 +#define KADM5_MOD_TIME 0x000040 +#define KADM5_MOD_NAME 0x000080 +#define KADM5_KVNO 0x000100 +#define KADM5_MKVNO 0x000200 +#define KADM5_AUX_ATTRIBUTES 0x000400 +#define KADM5_POLICY 0x000800 +#define KADM5_POLICY_CLR 0x001000 +/* version 2 masks */ +#define KADM5_MAX_RLIFE 0x002000 +#define KADM5_LAST_SUCCESS 0x004000 +#define KADM5_LAST_FAILED 0x008000 +#define KADM5_FAIL_AUTH_COUNT 0x010000 +#define KADM5_KEY_DATA 0x020000 +#define KADM5_TL_DATA 0x040000 +/* all but KEY_DATA and TL_DATA */ +#define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff + +/* kadm5_policy_ent_t */ +#define KADM5_PW_MAX_LIFE 0x004000 +#define KADM5_PW_MIN_LIFE 0x008000 +#define KADM5_PW_MIN_LENGTH 0x010000 +#define KADM5_PW_MIN_CLASSES 0x020000 +#define KADM5_PW_HISTORY_NUM 0x040000 +#define KADM5_REF_COUNT 0x080000 + +/* kadm5_config_params */ +#define KADM5_CONFIG_REALM 0x000001 +#define KADM5_CONFIG_DBNAME 0x000002 +#define KADM5_CONFIG_MKEY_NAME 0x000004 +#define KADM5_CONFIG_MAX_LIFE 0x000008 +#define KADM5_CONFIG_MAX_RLIFE 0x000010 +#define KADM5_CONFIG_EXPIRATION 0x000020 +#define KADM5_CONFIG_FLAGS 0x000040 +#define KADM5_CONFIG_ADMIN_KEYTAB 0x000080 +#define KADM5_CONFIG_STASH_FILE 0x000100 +#define KADM5_CONFIG_ENCTYPE 0x000200 +#define KADM5_CONFIG_ADBNAME 0x000400 +#define KADM5_CONFIG_ADB_LOCKFILE 0x000800 +#define KADM5_CONFIG_PROFILE 0x001000 +#define KADM5_CONFIG_ACL_FILE 0x002000 +#define KADM5_CONFIG_KADMIND_PORT 0x004000 +#define KADM5_CONFIG_ENCTYPES 0x008000 +#define KADM5_CONFIG_ADMIN_SERVER 0x010000 +#define KADM5_CONFIG_DICT_FILE 0x020000 +#define KADM5_CONFIG_MKEY_FROM_KBD 0x040000 +#define KADM5_CONFIG_KPASSWD_PORT 0x080000 +#define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x100000 +#define KADM5_CONFIG_NO_AUTH 0x200000 +#define KADM5_CONFIG_AUTH_NOFALLBACK 0x400000 + +/* + * permission bits + */ +#define KADM5_PRIV_GET 0x01 +#define KADM5_PRIV_ADD 0x02 +#define KADM5_PRIV_MODIFY 0x04 +#define KADM5_PRIV_DELETE 0x08 + +/* + * API versioning constants + */ +#define KADM5_MASK_BITS 0xffffff00 + +#define KADM5_STRUCT_VERSION_MASK 0x12345600 +#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01) +#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1 + +#define KADM5_API_VERSION_MASK 0x12345700 +#define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01) +#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02) + +typedef struct _kadm5_principal_ent_t_v2 { + krb5_principal principal; + krb5_timestamp princ_expire_time; + krb5_timestamp last_pwd_change; + krb5_timestamp pw_expiration; + krb5_deltat max_life; + krb5_principal mod_name; + krb5_timestamp mod_date; + krb5_flags attributes; + krb5_kvno kvno; + krb5_kvno mkvno; + char *policy; + long aux_attributes; + + /* version 2 fields */ + krb5_deltat max_renewable_life; + krb5_timestamp last_success; + krb5_timestamp last_failed; + krb5_kvno fail_auth_count; + krb5_int16 n_key_data; + krb5_int16 n_tl_data; + krb5_tl_data *tl_data; + krb5_key_data *key_data; +} kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2; + +typedef struct _kadm5_principal_ent_t_v1 { + krb5_principal principal; + krb5_timestamp princ_expire_time; + krb5_timestamp last_pwd_change; + krb5_timestamp pw_expiration; + krb5_deltat max_life; + krb5_principal mod_name; + krb5_timestamp mod_date; + krb5_flags attributes; + krb5_kvno kvno; + krb5_kvno mkvno; + char *policy; + long aux_attributes; +} kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1; + +#if USE_KADM5_API_VERSION == 1 +typedef struct _kadm5_principal_ent_t_v1 + kadm5_principal_ent_rec, *kadm5_principal_ent_t; +#else +typedef struct _kadm5_principal_ent_t_v2 + kadm5_principal_ent_rec, *kadm5_principal_ent_t; +#endif + +typedef struct _kadm5_policy_ent_t { + char *policy; + long pw_min_life; + long pw_max_life; + long pw_min_length; + long pw_min_classes; + long pw_history_num; + long policy_refcnt; +} kadm5_policy_ent_rec, *kadm5_policy_ent_t; + +typedef struct __krb5_key_salt_tuple { + krb5_enctype ks_enctype; + krb5_int32 ks_salttype; +} krb5_key_salt_tuple; + +/* + * Data structure returned by kadm5_get_config_params() + */ +typedef struct _kadm5_config_params { + long mask; + char * realm; + char * profile; + int kadmind_port; + int kpasswd_port; + + char * admin_server; + + char * dbname; + char * admin_dbname; + char * admin_lockfile; + char * admin_keytab; + char * acl_file; + char * dict_file; + + int mkey_from_kbd; + char * stash_file; + char * mkey_name; + krb5_enctype enctype; + krb5_deltat max_life; + krb5_deltat max_rlife; + krb5_timestamp expiration; + krb5_flags flags; + krb5_key_salt_tuple *keysalts; + krb5_int32 num_keysalts; +} kadm5_config_params; + +/*********************************************************************** + * This is the old krb5_realm_read_params, which I mutated into + * kadm5_get_config_params but which old code (kdb5_* and krb5kdc) + * still uses. + ***********************************************************************/ + +/* + * Data structure returned by krb5_read_realm_params() + */ +typedef struct __krb5_realm_params { + char * realm_profile; + char * realm_dbname; + char * realm_mkey_name; + char * realm_stash_file; + char * realm_kdc_ports; + char * realm_kdc_tcp_ports; + char * realm_acl_file; + krb5_int32 realm_kadmind_port; + krb5_enctype realm_enctype; + krb5_deltat realm_max_life; + krb5_deltat realm_max_rlife; + krb5_timestamp realm_expiration; + krb5_flags realm_flags; + krb5_key_salt_tuple *realm_keysalts; + unsigned int realm_reject_bad_transit:1; + unsigned int realm_kadmind_port_valid:1; + unsigned int realm_enctype_valid:1; + unsigned int realm_max_life_valid:1; + unsigned int realm_max_rlife_valid:1; + unsigned int realm_expiration_valid:1; + unsigned int realm_flags_valid:1; + unsigned int realm_reject_bad_transit_valid:1; + krb5_int32 realm_num_keysalts; +} krb5_realm_params; + +/* + * functions + */ + +#if USE_KADM5_API_VERSION > 1 +krb5_error_code kadm5_get_config_params(krb5_context context, + char *kdcprofile, char *kdcenv, + kadm5_config_params *params_in, + kadm5_config_params *params_out); + +krb5_error_code kadm5_free_config_params(krb5_context context, + kadm5_config_params *params); + +krb5_error_code kadm5_free_realm_params(krb5_context kcontext, + kadm5_config_params *params); + +krb5_error_code kadm5_get_admin_service_name(krb5_context, char *, + char *, size_t); +#endif + +kadm5_ret_t kadm5_init(char *client_name, char *pass, + char *service_name, +#if USE_KADM5_API_VERSION == 1 + char *realm, +#else + kadm5_config_params *params, +#endif + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle); +kadm5_ret_t kadm5_init_with_password(char *client_name, + char *pass, + char *service_name, +#if USE_KADM5_API_VERSION == 1 + char *realm, +#else + kadm5_config_params *params, +#endif + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle); +kadm5_ret_t kadm5_init_with_skey(char *client_name, + char *keytab, + char *service_name, +#if USE_KADM5_API_VERSION == 1 + char *realm, +#else + kadm5_config_params *params, +#endif + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle); +#if USE_KADM5_API_VERSION > 1 +kadm5_ret_t kadm5_init_with_creds(char *client_name, + krb5_ccache cc, + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle); +#endif +kadm5_ret_t kadm5_lock(void *server_handle); +kadm5_ret_t kadm5_unlock(void *server_handle); +kadm5_ret_t kadm5_flush(void *server_handle); +kadm5_ret_t kadm5_destroy(void *server_handle); +kadm5_ret_t kadm5_create_principal(void *server_handle, + kadm5_principal_ent_t ent, + long mask, char *pass); +kadm5_ret_t kadm5_create_principal_3(void *server_handle, + kadm5_principal_ent_t ent, + long mask, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + char *pass); +kadm5_ret_t kadm5_delete_principal(void *server_handle, + krb5_principal principal); +kadm5_ret_t kadm5_modify_principal(void *server_handle, + kadm5_principal_ent_t ent, + long mask); +kadm5_ret_t kadm5_rename_principal(void *server_handle, + krb5_principal,krb5_principal); +#if USE_KADM5_API_VERSION == 1 +kadm5_ret_t kadm5_get_principal(void *server_handle, + krb5_principal principal, + kadm5_principal_ent_t *ent); +#else +kadm5_ret_t kadm5_get_principal(void *server_handle, + krb5_principal principal, + kadm5_principal_ent_t ent, + long mask); +#endif +kadm5_ret_t kadm5_chpass_principal(void *server_handle, + krb5_principal principal, + char *pass); +kadm5_ret_t kadm5_chpass_principal_3(void *server_handle, + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + char *pass); +#if USE_KADM5_API_VERSION == 1 +kadm5_ret_t kadm5_randkey_principal(void *server_handle, + krb5_principal principal, + krb5_keyblock **keyblock); +#else +kadm5_ret_t kadm5_randkey_principal(void *server_handle, + krb5_principal principal, + krb5_keyblock **keyblocks, + int *n_keys); +kadm5_ret_t kadm5_randkey_principal_3(void *server_handle, + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + krb5_keyblock **keyblocks, + int *n_keys); +#endif +kadm5_ret_t kadm5_setv4key_principal(void *server_handle, + krb5_principal principal, + krb5_keyblock *keyblock); + +kadm5_ret_t kadm5_setkey_principal(void *server_handle, + krb5_principal principal, + krb5_keyblock *keyblocks, + int n_keys); + +kadm5_ret_t kadm5_setkey_principal_3(void *server_handle, + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + krb5_keyblock *keyblocks, + int n_keys); + +kadm5_ret_t kadm5_decrypt_key(void *server_handle, + kadm5_principal_ent_t entry, krb5_int32 + ktype, krb5_int32 stype, krb5_int32 + kvno, krb5_keyblock *keyblock, + krb5_keysalt *keysalt, int *kvnop); + +kadm5_ret_t kadm5_create_policy(void *server_handle, + kadm5_policy_ent_t ent, + long mask); +/* + * kadm5_create_policy_internal is not part of the supported, + * exposed API. It is available only in the server library, and you + * shouldn't use it unless you know why it's there and how it's + * different from kadm5_create_policy. + */ +kadm5_ret_t kadm5_create_policy_internal(void *server_handle, + kadm5_policy_ent_t + entry, long mask); +kadm5_ret_t kadm5_delete_policy(void *server_handle, + kadm5_policy_t policy); +kadm5_ret_t kadm5_modify_policy(void *server_handle, + kadm5_policy_ent_t ent, + long mask); +/* + * kadm5_modify_policy_internal is not part of the supported, + * exposed API. It is available only in the server library, and you + * shouldn't use it unless you know why it's there and how it's + * different from kadm5_modify_policy. + */ +kadm5_ret_t kadm5_modify_policy_internal(void *server_handle, + kadm5_policy_ent_t + entry, long mask); +#if USE_KADM5_API_VERSION == 1 +kadm5_ret_t kadm5_get_policy(void *server_handle, + kadm5_policy_t policy, + kadm5_policy_ent_t *ent); +#else +kadm5_ret_t kadm5_get_policy(void *server_handle, + kadm5_policy_t policy, + kadm5_policy_ent_t ent); +#endif +kadm5_ret_t kadm5_get_privs(void *server_handle, + long *privs); + +kadm5_ret_t kadm5_chpass_principal_util(void *server_handle, + krb5_principal princ, + char *new_pw, + char **ret_pw, + char *msg_ret, + unsigned int msg_len); + +kadm5_ret_t kadm5_free_principal_ent(void *server_handle, + kadm5_principal_ent_t + ent); +kadm5_ret_t kadm5_free_policy_ent(void *server_handle, + kadm5_policy_ent_t ent); + +kadm5_ret_t kadm5_get_principals(void *server_handle, + char *exp, char ***princs, + int *count); + +kadm5_ret_t kadm5_get_policies(void *server_handle, + char *exp, char ***pols, + int *count); + +#if USE_KADM5_API_VERSION > 1 +kadm5_ret_t kadm5_free_key_data(void *server_handle, + krb5_int16 *n_key_data, + krb5_key_data *key_data); +#endif + +kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names, + int count); + +#if USE_KADM5_API_VERSION == 1 +/* + * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time + * compatible with KADM5_API_VERSION_2. Basically, this means we have + * to continue to provide all the old ovsec_kadm function and symbol + * names. + */ + +#define OVSEC_KADM_ACLFILE "/krb5/ovsec_adm.acl" +#define OVSEC_KADM_WORDFILE "/krb5/ovsec_adm.dict" + +#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin" +#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw" +#define OVSEC_KADM_HIST_PRINCIPAL "ovsec_adm/history" + +typedef krb5_principal ovsec_kadm_princ_t; +typedef krb5_keyblock ovsec_kadm_keyblock; +typedef char *ovsec_kadm_policy_t; +typedef long ovsec_kadm_ret_t; + +enum ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL }; +enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL }; + +#define OVSEC_KADM_PW_FIRST_PROMPT \ + ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT)) +#define OVSEC_KADM_PW_SECOND_PROMPT \ + ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT)) + +/* + * Successful return code + */ +#define OVSEC_KADM_OK 0 + +/* + * Create/Modify masks + */ +/* principal */ +#define OVSEC_KADM_PRINCIPAL 0x000001 +#define OVSEC_KADM_PRINC_EXPIRE_TIME 0x000002 +#define OVSEC_KADM_PW_EXPIRATION 0x000004 +#define OVSEC_KADM_LAST_PWD_CHANGE 0x000008 +#define OVSEC_KADM_ATTRIBUTES 0x000010 +#define OVSEC_KADM_MAX_LIFE 0x000020 +#define OVSEC_KADM_MOD_TIME 0x000040 +#define OVSEC_KADM_MOD_NAME 0x000080 +#define OVSEC_KADM_KVNO 0x000100 +#define OVSEC_KADM_MKVNO 0x000200 +#define OVSEC_KADM_AUX_ATTRIBUTES 0x000400 +#define OVSEC_KADM_POLICY 0x000800 +#define OVSEC_KADM_POLICY_CLR 0x001000 +/* policy */ +#define OVSEC_KADM_PW_MAX_LIFE 0x004000 +#define OVSEC_KADM_PW_MIN_LIFE 0x008000 +#define OVSEC_KADM_PW_MIN_LENGTH 0x010000 +#define OVSEC_KADM_PW_MIN_CLASSES 0x020000 +#define OVSEC_KADM_PW_HISTORY_NUM 0x040000 +#define OVSEC_KADM_REF_COUNT 0x080000 + +/* + * permission bits + */ +#define OVSEC_KADM_PRIV_GET 0x01 +#define OVSEC_KADM_PRIV_ADD 0x02 +#define OVSEC_KADM_PRIV_MODIFY 0x04 +#define OVSEC_KADM_PRIV_DELETE 0x08 + +/* + * API versioning constants + */ +#define OVSEC_KADM_MASK_BITS 0xffffff00 + +#define OVSEC_KADM_STRUCT_VERSION_MASK 0x12345600 +#define OVSEC_KADM_STRUCT_VERSION_1 (OVSEC_KADM_STRUCT_VERSION_MASK|0x01) +#define OVSEC_KADM_STRUCT_VERSION OVSEC_KADM_STRUCT_VERSION_1 + +#define OVSEC_KADM_API_VERSION_MASK 0x12345700 +#define OVSEC_KADM_API_VERSION_1 (OVSEC_KADM_API_VERSION_MASK|0x01) + + +typedef struct _ovsec_kadm_principal_ent_t { + krb5_principal principal; + krb5_timestamp princ_expire_time; + krb5_timestamp last_pwd_change; + krb5_timestamp pw_expiration; + krb5_deltat max_life; + krb5_principal mod_name; + krb5_timestamp mod_date; + krb5_flags attributes; + krb5_kvno kvno; + krb5_kvno mkvno; + char *policy; + long aux_attributes; +} ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t; + +typedef struct _ovsec_kadm_policy_ent_t { + char *policy; + long pw_min_life; + long pw_max_life; + long pw_min_length; + long pw_min_classes; + long pw_history_num; + long policy_refcnt; +} ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t; + +/* + * functions + */ +ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass, + char *service_name, char *realm, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle); +ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, + char *pass, + char *service_name, + char *realm, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle); +ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, + char *keytab, + char *service_name, + char *realm, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + void **server_handle); +ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle); +ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle); +ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle, + ovsec_kadm_principal_ent_t ent, + long mask, char *pass); +ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle, + krb5_principal principal); +ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle, + ovsec_kadm_principal_ent_t ent, + long mask); +ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle, + krb5_principal,krb5_principal); +ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle, + krb5_principal principal, + ovsec_kadm_principal_ent_t *ent); +ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle, + krb5_principal principal, + char *pass); +ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle, + krb5_principal principal, + krb5_keyblock **keyblock); +ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle, + ovsec_kadm_policy_ent_t ent, + long mask); +/* + * ovsec_kadm_create_policy_internal is not part of the supported, + * exposed API. It is available only in the server library, and you + * shouldn't use it unless you know why it's there and how it's + * different from ovsec_kadm_create_policy. + */ +ovsec_kadm_ret_t ovsec_kadm_create_policy_internal(void *server_handle, + ovsec_kadm_policy_ent_t + entry, long mask); +ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle, + ovsec_kadm_policy_t policy); +ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle, + ovsec_kadm_policy_ent_t ent, + long mask); +/* + * ovsec_kadm_modify_policy_internal is not part of the supported, + * exposed API. It is available only in the server library, and you + * shouldn't use it unless you know why it's there and how it's + * different from ovsec_kadm_modify_policy. + */ +ovsec_kadm_ret_t ovsec_kadm_modify_policy_internal(void *server_handle, + ovsec_kadm_policy_ent_t + entry, long mask); +ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle, + ovsec_kadm_policy_t policy, + ovsec_kadm_policy_ent_t *ent); +ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle, + long *privs); + +ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle, + krb5_principal princ, + char *new_pw, + char **ret_pw, + char *msg_ret); + +ovsec_kadm_ret_t ovsec_kadm_free_principal_ent(void *server_handle, + ovsec_kadm_principal_ent_t + ent); +ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle, + ovsec_kadm_policy_ent_t ent); + +ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle, + char **names, int count); + +ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle, + char *exp, char ***princs, + int *count); + +ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle, + char *exp, char ***pols, + int *count); + +#define OVSEC_KADM_FAILURE KADM5_FAILURE +#define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET +#define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD +#define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY +#define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE +#define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT +#define OVSEC_KADM_BAD_DB KADM5_BAD_DB +#define OVSEC_KADM_DUP KADM5_DUP +#define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR +#define OVSEC_KADM_NO_SRV KADM5_NO_SRV +#define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY +#define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT +#define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC +#define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY +#define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK +#define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS +#define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH +#define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY +#define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL +#define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR +#define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY +#define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE +#define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT +#define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS +#define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT +#define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE +#define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON +#define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF +#define OVSEC_KADM_INIT KADM5_INIT +#define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD +#define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL +#define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE +#define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION +#define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION +#define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION +#define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION +#define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION +#define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION +#define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION +#define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION +#define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING +#define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT + +#endif /* USE_KADM5_API_VERSION == 1 */ + +#endif /* __KADM5_ADMIN_H__ */ diff --git a/include/kadm5/chpass_util_strings.h b/include/kadm5/chpass_util_strings.h new file mode 100644 index 0000000..cddd285 --- /dev/null +++ b/include/kadm5/chpass_util_strings.h @@ -0,0 +1,38 @@ +/* + * ettmp27966.h: + * This file is automatically generated; please do not edit it. + */ + +#include + +#define CHPASS_UTIL_GET_POLICY_INFO (-1492553984L) +#define CHPASS_UTIL_GET_PRINC_INFO (-1492553983L) +#define CHPASS_UTIL_NEW_PASSWORD_MISMATCH (-1492553982L) +#define CHPASS_UTIL_NEW_PASSWORD_PROMPT (-1492553981L) +#define CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT (-1492553980L) +#define CHPASS_UTIL_NO_PASSWORD_READ (-1492553979L) +#define CHPASS_UTIL_NO_POLICY_YET_Q_ERROR (-1492553978L) +#define CHPASS_UTIL_PASSWORD_CHANGED (-1492553977L) +#define CHPASS_UTIL_PASSWORD_IN_DICTIONARY (-1492553976L) +#define CHPASS_UTIL_PASSWORD_NOT_CHANGED (-1492553975L) +#define CHPASS_UTIL_PASSWORD_TOO_SHORT (-1492553974L) +#define CHPASS_UTIL_TOO_FEW_CLASSES (-1492553973L) +#define CHPASS_UTIL_PASSWORD_TOO_SOON (-1492553972L) +#define CHPASS_UTIL_PASSWORD_REUSE (-1492553971L) +#define CHPASS_UTIL_WHILE_TRYING_TO_CHANGE (-1492553970L) +#define CHPASS_UTIL_WHILE_READING_PASSWORD (-1492553969L) +#define ERROR_TABLE_BASE_ovku (-1492553984L) + +extern const struct error_table et_ovku_error_table; + +#if !defined(_WIN32) +/* for compatibility with older versions... */ +extern void initialize_ovku_error_table (void) /*@modifies internalState@*/; +#else +#define initialize_ovku_error_table() +#endif + +#if !defined(_WIN32) +#define init_ovku_err_tbl initialize_ovku_error_table +#define ovku_err_base ERROR_TABLE_BASE_ovku +#endif diff --git a/include/kadm5/kadm_err.h b/include/kadm5/kadm_err.h new file mode 100644 index 0000000..050ffca --- /dev/null +++ b/include/kadm5/kadm_err.h @@ -0,0 +1,77 @@ +/* + * ettmp27967.h: + * This file is automatically generated; please do not edit it. + */ + +#include + +#define KADM5_FAILURE (43787520L) +#define KADM5_AUTH_GET (43787521L) +#define KADM5_AUTH_ADD (43787522L) +#define KADM5_AUTH_MODIFY (43787523L) +#define KADM5_AUTH_DELETE (43787524L) +#define KADM5_AUTH_INSUFFICIENT (43787525L) +#define KADM5_BAD_DB (43787526L) +#define KADM5_DUP (43787527L) +#define KADM5_RPC_ERROR (43787528L) +#define KADM5_NO_SRV (43787529L) +#define KADM5_BAD_HIST_KEY (43787530L) +#define KADM5_NOT_INIT (43787531L) +#define KADM5_UNK_PRINC (43787532L) +#define KADM5_UNK_POLICY (43787533L) +#define KADM5_BAD_MASK (43787534L) +#define KADM5_BAD_CLASS (43787535L) +#define KADM5_BAD_LENGTH (43787536L) +#define KADM5_BAD_POLICY (43787537L) +#define KADM5_BAD_PRINCIPAL (43787538L) +#define KADM5_BAD_AUX_ATTR (43787539L) +#define KADM5_BAD_HISTORY (43787540L) +#define KADM5_BAD_MIN_PASS_LIFE (43787541L) +#define KADM5_PASS_Q_TOOSHORT (43787542L) +#define KADM5_PASS_Q_CLASS (43787543L) +#define KADM5_PASS_Q_DICT (43787544L) +#define KADM5_PASS_REUSE (43787545L) +#define KADM5_PASS_TOOSOON (43787546L) +#define KADM5_POLICY_REF (43787547L) +#define KADM5_INIT (43787548L) +#define KADM5_BAD_PASSWORD (43787549L) +#define KADM5_PROTECT_PRINCIPAL (43787550L) +#define KADM5_BAD_SERVER_HANDLE (43787551L) +#define KADM5_BAD_STRUCT_VERSION (43787552L) +#define KADM5_OLD_STRUCT_VERSION (43787553L) +#define KADM5_NEW_STRUCT_VERSION (43787554L) +#define KADM5_BAD_API_VERSION (43787555L) +#define KADM5_OLD_LIB_API_VERSION (43787556L) +#define KADM5_OLD_SERVER_API_VERSION (43787557L) +#define KADM5_NEW_LIB_API_VERSION (43787558L) +#define KADM5_NEW_SERVER_API_VERSION (43787559L) +#define KADM5_SECURE_PRINC_MISSING (43787560L) +#define KADM5_NO_RENAME_SALT (43787561L) +#define KADM5_BAD_CLIENT_PARAMS (43787562L) +#define KADM5_BAD_SERVER_PARAMS (43787563L) +#define KADM5_AUTH_LIST (43787564L) +#define KADM5_AUTH_CHANGEPW (43787565L) +#define KADM5_GSS_ERROR (43787566L) +#define KADM5_BAD_TL_TYPE (43787567L) +#define KADM5_MISSING_CONF_PARAMS (43787568L) +#define KADM5_BAD_SERVER_NAME (43787569L) +#define KADM5_AUTH_SETKEY (43787570L) +#define KADM5_SETKEY_DUP_ENCTYPES (43787571L) +#define KADM5_SETV4KEY_INVAL_ENCTYPE (43787572L) +#define KADM5_SETKEY3_ETYPE_MISMATCH (43787573L) +#define KADM5_MISSING_KRB5_CONF_PARAMS (43787574L) +#define ERROR_TABLE_BASE_ovk (43787520L) + +extern const struct error_table et_ovk_error_table; + +#if !defined(_WIN32) +/* for compatibility with older versions... */ +extern void initialize_ovk_error_table (void) /*@modifies internalState@*/; +#else +#define initialize_ovk_error_table() +#endif + +#if !defined(_WIN32) +#define init_ovk_err_tbl initialize_ovk_error_table +#define ovk_err_base ERROR_TABLE_BASE_ovk +#endif diff --git a/include/kadm5/kadm_rpc.h b/include/kadm5/kadm_rpc.h new file mode 100644 index 0000000..07ffb3a --- /dev/null +++ b/include/kadm5/kadm_rpc.h @@ -0,0 +1,335 @@ +#ifndef __KADM_RPC_H__ +#define __KADM_RPC_H__ + +#include + +#include +#include + +struct cprinc_arg { + krb5_ui_4 api_version; + kadm5_principal_ent_rec rec; + long mask; + char *passwd; +}; +typedef struct cprinc_arg cprinc_arg; +bool_t xdr_cprinc_arg(); + +struct cprinc3_arg { + krb5_ui_4 api_version; + kadm5_principal_ent_rec rec; + long mask; + int n_ks_tuple; + krb5_key_salt_tuple *ks_tuple; + char *passwd; +}; +typedef struct cprinc3_arg cprinc3_arg; +bool_t xdr_cprinc3_arg(); + +struct generic_ret { + krb5_ui_4 api_version; + kadm5_ret_t code; +}; +typedef struct generic_ret generic_ret; +bool_t xdr_generic_ret(); + +struct dprinc_arg { + krb5_ui_4 api_version; + krb5_principal princ; +}; +typedef struct dprinc_arg dprinc_arg; +bool_t xdr_dprinc_arg(); + +struct mprinc_arg { + krb5_ui_4 api_version; + kadm5_principal_ent_rec rec; + long mask; +}; +typedef struct mprinc_arg mprinc_arg; +bool_t xdr_mprinc_arg(); + +struct rprinc_arg { + krb5_ui_4 api_version; + krb5_principal src; + krb5_principal dest; +}; +typedef struct rprinc_arg rprinc_arg; +bool_t xdr_rprinc_arg(); + +struct gprincs_arg { + krb5_ui_4 api_version; + char *exp; +}; +typedef struct gprincs_arg gprincs_arg; +bool_t xdr_gprincs_arg(); + +struct gprincs_ret { + krb5_ui_4 api_version; + kadm5_ret_t code; + char **princs; + int count; +}; +typedef struct gprincs_ret gprincs_ret; +bool_t xdr_gprincs_ret(); + +struct chpass_arg { + krb5_ui_4 api_version; + krb5_principal princ; + char *pass; +}; +typedef struct chpass_arg chpass_arg; +bool_t xdr_chpass_arg(); + +struct chpass3_arg { + krb5_ui_4 api_version; + krb5_principal princ; + krb5_boolean keepold; + int n_ks_tuple; + krb5_key_salt_tuple *ks_tuple; + char *pass; +}; +typedef struct chpass3_arg chpass3_arg; +bool_t xdr_chpass3_arg(); + +struct setv4key_arg { + krb5_ui_4 api_version; + krb5_principal princ; + krb5_keyblock *keyblock; +}; +typedef struct setv4key_arg setv4key_arg; +bool_t xdr_setv4key_arg(); + +struct setkey_arg { + krb5_ui_4 api_version; + krb5_principal princ; + krb5_keyblock *keyblocks; + int n_keys; +}; +typedef struct setkey_arg setkey_arg; +bool_t xdr_setkey_arg(); + +struct setkey3_arg { + krb5_ui_4 api_version; + krb5_principal princ; + krb5_boolean keepold; + int n_ks_tuple; + krb5_key_salt_tuple *ks_tuple; + krb5_keyblock *keyblocks; + int n_keys; +}; +typedef struct setkey3_arg setkey3_arg; +bool_t xdr_setkey3_arg(); + +struct chrand_arg { + krb5_ui_4 api_version; + krb5_principal princ; +}; +typedef struct chrand_arg chrand_arg; +bool_t xdr_chrand_arg(); + +struct chrand3_arg { + krb5_ui_4 api_version; + krb5_principal princ; + krb5_boolean keepold; + int n_ks_tuple; + krb5_key_salt_tuple *ks_tuple; +}; +typedef struct chrand3_arg chrand3_arg; +bool_t xdr_chrand3_arg(); + +struct chrand_ret { + krb5_ui_4 api_version; + kadm5_ret_t code; + krb5_keyblock key; + krb5_keyblock *keys; + int n_keys; +}; +typedef struct chrand_ret chrand_ret; +bool_t xdr_chrand_ret(); + +struct gprinc_arg { + krb5_ui_4 api_version; + krb5_principal princ; + long mask; +}; +typedef struct gprinc_arg gprinc_arg; +bool_t xdr_gprinc_arg(); + +struct gprinc_ret { + krb5_ui_4 api_version; + kadm5_ret_t code; + kadm5_principal_ent_rec rec; +}; +typedef struct gprinc_ret gprinc_ret; +bool_t xdr_gprinc_ret(); +bool_t xdr_kadm5_ret_t(); +bool_t xdr_kadm5_principal_ent_rec(); +bool_t xdr_kadm5_policy_ent_rec(); +bool_t xdr_krb5_keyblock(); +bool_t xdr_krb5_principal(); +bool_t xdr_krb5_enctype(); +bool_t xdr_krb5_octet(); +bool_t xdr_krb5_int32(); +bool_t xdr_u_int32(); + +struct cpol_arg { + krb5_ui_4 api_version; + kadm5_policy_ent_rec rec; + long mask; +}; +typedef struct cpol_arg cpol_arg; +bool_t xdr_cpol_arg(); + +struct dpol_arg { + krb5_ui_4 api_version; + char *name; +}; +typedef struct dpol_arg dpol_arg; +bool_t xdr_dpol_arg(); + +struct mpol_arg { + krb5_ui_4 api_version; + kadm5_policy_ent_rec rec; + long mask; +}; +typedef struct mpol_arg mpol_arg; +bool_t xdr_mpol_arg(); + +struct gpol_arg { + krb5_ui_4 api_version; + char *name; +}; +typedef struct gpol_arg gpol_arg; +bool_t xdr_gpol_arg(); + +struct gpol_ret { + krb5_ui_4 api_version; + kadm5_ret_t code; + kadm5_policy_ent_rec rec; +}; +typedef struct gpol_ret gpol_ret; +bool_t xdr_gpol_ret(); + +struct gpols_arg { + krb5_ui_4 api_version; + char *exp; +}; +typedef struct gpols_arg gpols_arg; +bool_t xdr_gpols_arg(); + +struct gpols_ret { + krb5_ui_4 api_version; + kadm5_ret_t code; + char **pols; + int count; +}; +typedef struct gpols_ret gpols_ret; +bool_t xdr_gpols_ret(); + +struct getprivs_ret { + krb5_ui_4 api_version; + kadm5_ret_t code; + long privs; +}; +typedef struct getprivs_ret getprivs_ret; +bool_t xdr_getprivs_ret(); + +#define KADM ((krb5_ui_4)2112) +#define KADMVERS ((krb5_ui_4)2) +#define CREATE_PRINCIPAL ((krb5_ui_4)1) +extern generic_ret *create_principal_1_svc(cprinc_arg *arg, + struct svc_req *rqstp); +extern generic_ret *create_principal_1(cprinc_arg *argp, CLIENT *clnt); + +#define DELETE_PRINCIPAL ((krb5_ui_4)2) +extern generic_ret *delete_principal_1_svc(dprinc_arg *arg, + struct svc_req *rqstp); +extern generic_ret *delete_principal_1(dprinc_arg *argp, CLIENT *clnt); + +#define MODIFY_PRINCIPAL ((krb5_ui_4)3) +extern generic_ret *modify_principal_1_svc(mprinc_arg *arg, + struct svc_req *rqstp); +extern generic_ret *modify_principal_1(mprinc_arg *argp, CLIENT *clnt); + +#define RENAME_PRINCIPAL ((krb5_ui_4)4) +extern generic_ret *rename_principal_1_svc(rprinc_arg *arg, + struct svc_req *rqstp); +extern generic_ret *rename_principal_1(rprinc_arg *argp, CLIENT *clnt); + +#define GET_PRINCIPAL ((krb5_ui_4)5) +extern gprinc_ret *get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp); +extern gprinc_ret *get_principal_1(gprinc_arg *argp, CLIENT *clnt); + +#define CHPASS_PRINCIPAL ((krb5_ui_4)6) +extern generic_ret *chpass_principal_1_svc(chpass_arg *arg, + struct svc_req *rqstp); +extern generic_ret *chpass_principal_1(chpass_arg *argp, CLIENT *clnt); + +#define CHRAND_PRINCIPAL ((krb5_ui_4)7) +extern chrand_ret *chrand_principal_1_svc(chrand_arg *arg, + struct svc_req *rqstp); +extern chrand_ret *chrand_principal_1(chrand_arg *argp, CLIENT *clnt); + +#define CREATE_POLICY ((krb5_ui_4)8) +extern generic_ret *create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp); +extern generic_ret *create_policy_1(cpol_arg *argp, CLIENT *clnt); + +#define DELETE_POLICY ((krb5_ui_4)9) +extern generic_ret *delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp); +extern generic_ret *delete_policy_1(dpol_arg *argp, CLIENT *clnt); + +#define MODIFY_POLICY ((krb5_ui_4)10) +extern generic_ret *modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp); +extern generic_ret *modify_policy_1(mpol_arg *argp, CLIENT *clnt); + +#define GET_POLICY ((krb5_ui_4)11) +extern gpol_ret *get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp); +extern gpol_ret *get_policy_1(gpol_arg *argp, CLIENT *clnt); + +#define GET_PRIVS ((krb5_ui_4)12) +extern getprivs_ret *get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp); +extern getprivs_ret *get_privs_1(void *argp, CLIENT *clnt); + +#define INIT ((krb5_ui_4)13) +extern generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp); +extern generic_ret *init_1(void *argp, CLIENT *clnt); + +#define GET_PRINCS ((krb5_ui_4) 14) +extern gprincs_ret *get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp); +extern gprincs_ret *get_princs_1(gprincs_arg *argp, CLIENT *clnt); + +#define GET_POLS ((krb5_ui_4) 15) +extern gpols_ret *get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp); +extern gpols_ret *get_pols_1(gpols_arg *argp, CLIENT *clnt); + +#define SETKEY_PRINCIPAL ((krb5_ui_4) 16) +extern generic_ret *setkey_principal_1_svc(setkey_arg *arg, + struct svc_req *rqstp); +extern generic_ret *setkey_principal_1(setkey_arg *argp, CLIENT *clnt); + +#define SETV4KEY_PRINCIPAL ((krb5_ui_4) 17) +extern generic_ret *setv4key_principal_1_svc(setv4key_arg *arg, + struct svc_req *rqstp); +extern generic_ret *setv4key_principal_1(setv4key_arg *argp, CLIENT *clnt); + +#define CREATE_PRINCIPAL3 ((krb5_ui_4) 18) +extern generic_ret *create_principal3_1_svc(cprinc3_arg *arg, + struct svc_req *rqstp); +extern generic_ret *create_principal3_1(cprinc3_arg *argp, CLIENT *clnt); + +#define CHPASS_PRINCIPAL3 ((krb5_ui_4) 19) +extern generic_ret *chpass_principal3_1_svc(chpass3_arg *arg, + struct svc_req *rqstp); +extern generic_ret *chpass_principal3_1(chpass3_arg *argp, CLIENT *clnt); + +#define CHRAND_PRINCIPAL3 ((krb5_ui_4) 20) +extern chrand_ret *chrand_principal3_1_svc(chrand3_arg *arg, + struct svc_req *rqstp); +extern chrand_ret *chrand_principal3_1(chrand3_arg *argp, CLIENT *clnt); + +#define SETKEY_PRINCIPAL3 ((krb5_ui_4) 21) +extern generic_ret *setkey_principal3_1_svc(setkey3_arg *arg, + struct svc_req *rqstp); +extern generic_ret *setkey_principal3_1(setkey3_arg *argp, CLIENT *clnt); + +#endif /* __KADM_RPC_H__ */ diff --git a/include/kdb.h b/include/kdb.h new file mode 100644 index 0000000..e704908 --- /dev/null +++ b/include/kdb.h @@ -0,0 +1,334 @@ +/* + * include/krb5/kdb.h + * + * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * KDC Database interface definitions. + */ + +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#ifndef KRB5_KDB5__ +#define KRB5_KDB5__ + +/* Salt types */ +#define KRB5_KDB_SALTTYPE_NORMAL 0 +#define KRB5_KDB_SALTTYPE_V4 1 +#define KRB5_KDB_SALTTYPE_NOREALM 2 +#define KRB5_KDB_SALTTYPE_ONLYREALM 3 +#define KRB5_KDB_SALTTYPE_SPECIAL 4 +#define KRB5_KDB_SALTTYPE_AFS3 5 + +/* Attributes */ +#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 +#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 +#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 +#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 +#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 +#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 +#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 +#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 +#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 +#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 +#define KRB5_KDB_DISALLOW_SVR 0x00001000 +#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 +#define KRB5_KDB_SUPPORT_DESMD5 0x00004000 +#define KRB5_KDB_NEW_PRINC 0x00008000 + +/* Creation flags */ +#define KRB5_KDB_CREATE_BTREE 0x00000001 +#define KRB5_KDB_CREATE_HASH 0x00000002 + +#if !defined(_WIN32) + +/* + * Note --- these structures cannot be modified without changing the + * database version number in libkdb.a, but should be expandable by + * adding new tl_data types. + */ +typedef struct _krb5_tl_data { + struct _krb5_tl_data* tl_data_next; /* NOT saved */ + krb5_int16 tl_data_type; + krb5_ui_2 tl_data_length; + krb5_octet * tl_data_contents; +} krb5_tl_data; + +/* + * If this ever changes up the version number and make the arrays be as + * big as necessary. + * + * Currently the first type is the enctype and the second is the salt type. + */ +typedef struct _krb5_key_data { + krb5_int16 key_data_ver; /* Version */ + krb5_int16 key_data_kvno; /* Key Version */ + krb5_int16 key_data_type[2]; /* Array of types */ + krb5_ui_2 key_data_length[2]; /* Array of lengths */ + krb5_octet * key_data_contents[2]; /* Array of pointers */ +} krb5_key_data; + +#define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */ + +typedef struct _krb5_keysalt { + krb5_int16 type; + krb5_data data; /* Length, data */ +} krb5_keysalt; + +typedef struct _krb5_db_entry_new { + krb5_magic magic; /* NOT saved */ + krb5_ui_2 len; + krb5_flags attributes; + krb5_deltat max_life; + krb5_deltat max_renewable_life; + krb5_timestamp expiration; /* When the client expires */ + krb5_timestamp pw_expiration; /* When its passwd expires */ + krb5_timestamp last_success; /* Last successful passwd */ + krb5_timestamp last_failed; /* Last failed passwd attempt */ + krb5_kvno fail_auth_count; /* # of failed passwd attempt */ + krb5_int16 n_tl_data; + krb5_int16 n_key_data; + krb5_ui_2 e_length; /* Length of extra data */ + krb5_octet * e_data; /* Extra data to be saved */ + + krb5_principal princ; /* Length, data */ + krb5_tl_data * tl_data; /* Linked list */ + krb5_key_data * key_data; /* Array */ +} krb5_db_entry; + +#define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb +#define KRB5_KDB_V1_BASE_LENGTH 38 + +#define KRB5_TL_LAST_PWD_CHANGE 0x0001 +#define KRB5_TL_MOD_PRINC 0x0002 +#define KRB5_TL_KADM_DATA 0x0003 +#define KRB5_TL_KADM5_E_DATA 0x0004 +#define KRB5_TL_RB1_CHALLENGE 0x0005 +#ifdef SECURID +#define KRB5_TL_SECURID_STATE 0x0006 +#endif /* SECURID */ + +/* + * Determines the number of failed KDC requests before DISALLOW_ALL_TIX is set + * on the principal. + */ +#define KRB5_MAX_FAIL_COUNT 5 + +/* XXX depends on knowledge of krb5_parse_name() formats */ +#define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */ + +/* prompts used by default when reading the KDC password from the keyboard. */ +#define KRB5_KDC_MKEY_1 "Enter KDC database master key" +#define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify" + +extern char *krb5_mkey_pwd_prompt1; +extern char *krb5_mkey_pwd_prompt2; + +/* + * These macros specify the encoding of data within the database. + * + * Data encoding is little-endian. + */ +#define krb5_kdb_decode_int16(cp, i16) \ + *((krb5_int16 *) &(i16)) = (((krb5_int16) ((unsigned char) (cp)[0]))| \ + ((krb5_int16) ((unsigned char) (cp)[1]) << 8)) +#define krb5_kdb_decode_int32(cp, i32) \ + *((krb5_int32 *) &(i32)) = (((krb5_int32) ((unsigned char) (cp)[0]))| \ + ((krb5_int32) ((unsigned char) (cp)[1]) << 8) | \ + ((krb5_int32) ((unsigned char) (cp)[2]) << 16)| \ + ((krb5_int32) ((unsigned char) (cp)[3]) << 24)) +#define krb5_kdb_encode_int16(i16, cp) \ + { \ + (cp)[0] = (unsigned char) ((i16) & 0xff); \ + (cp)[1] = (unsigned char) (((i16) >> 8) & 0xff); \ + } +#define krb5_kdb_encode_int32(i32, cp) \ + { \ + (cp)[0] = (unsigned char) ((i32) & 0xff); \ + (cp)[1] = (unsigned char) (((i32) >> 8) & 0xff); \ + (cp)[2] = (unsigned char) (((i32) >> 16) & 0xff); \ + (cp)[3] = (unsigned char) (((i32) >> 24) & 0xff); \ + } + +/* libkdb.spec */ +krb5_error_code krb5_db_set_name (krb5_context, char * ); +krb5_error_code krb5_db_init (krb5_context); +krb5_error_code krb5_db_fini (krb5_context); +krb5_error_code krb5_db_get_age (krb5_context, char *, time_t * ); +krb5_error_code krb5_db_create (krb5_context, char *, krb5_int32 ); +krb5_error_code krb5_db_rename (krb5_context, char *, char * ); +krb5_error_code krb5_db_get_principal (krb5_context, krb5_const_principal , + krb5_db_entry *, int *, + krb5_boolean * ); +void krb5_db_free_principal (krb5_context, krb5_db_entry *, int ); +krb5_error_code krb5_db_put_principal (krb5_context, krb5_db_entry *, int * ); +krb5_error_code krb5_db_delete_principal (krb5_context, krb5_const_principal, + int * ); +krb5_error_code krb5_db_iterate (krb5_context, + krb5_error_code (* ) (krb5_pointer, + krb5_db_entry *), + krb5_pointer); +krb5_error_code krb5_db_iterate_ext (krb5_context, + krb5_error_code (* ) (krb5_pointer, + krb5_db_entry *), + krb5_pointer, int, int); +krb5_error_code krb5_db_verify_master_key (krb5_context, krb5_principal, + krb5_keyblock *); +krb5_error_code krb5_db_store_mkey (krb5_context, char *, krb5_principal, + krb5_keyblock *); + +krb5_error_code krb5_db_setup_mkey_name (krb5_context, const char *, + const char *, char **, + krb5_principal *); + +krb5_error_code krb5_db_set_mkey (krb5_context, krb5_keyblock *); + +krb5_error_code krb5_db_get_mkey (krb5_context, krb5_keyblock **); +krb5_error_code krb5_db_destroy (krb5_context, char * ); +krb5_error_code krb5_db_lock (krb5_context, int ); +krb5_error_code krb5_db_unlock (krb5_context); +krb5_error_code krb5_db_set_nonblocking (krb5_context, krb5_boolean, + krb5_boolean * ); +krb5_boolean krb5_db_set_lockmode (krb5_context, krb5_boolean); +krb5_error_code krb5_db_fetch_mkey (krb5_context, krb5_principal, krb5_enctype, + krb5_boolean, krb5_boolean, char *, + krb5_data *, + krb5_keyblock * ); + +krb5_error_code krb5_db_open_database (krb5_context); +krb5_error_code krb5_db_close_database (krb5_context); + +krb5_error_code krb5_dbekd_encrypt_key_data (krb5_context, + const krb5_keyblock *, + const krb5_keyblock *, + const krb5_keysalt *, + int, + krb5_key_data *); +krb5_error_code krb5_dbekd_decrypt_key_data (krb5_context, + const krb5_keyblock *, + const krb5_key_data *, + krb5_keyblock *, + krb5_keysalt *); +krb5_error_code krb5_dbe_create_key_data (krb5_context, + krb5_db_entry *); +krb5_error_code krb5_dbe_update_tl_data (krb5_context, + krb5_db_entry *, + krb5_tl_data *); +krb5_error_code krb5_dbe_lookup_tl_data (krb5_context, + krb5_db_entry *, + krb5_tl_data *); +krb5_error_code krb5_dbe_update_last_pwd_change (krb5_context, + krb5_db_entry *, + krb5_timestamp); +krb5_error_code krb5_dbe_lookup_last_pwd_change (krb5_context, + krb5_db_entry *, + krb5_timestamp *); +krb5_error_code krb5_dbe_update_mod_princ_data (krb5_context, + krb5_db_entry *, + krb5_timestamp, + krb5_const_principal); +krb5_error_code krb5_dbe_lookup_mod_princ_data (krb5_context, + krb5_db_entry *, + krb5_timestamp *, + krb5_principal *); +int krb5_encode_princ_dbkey (krb5_context, krb5_data *, krb5_const_principal); +void krb5_free_princ_dbkey (krb5_context, krb5_data *); +krb5_error_code krb5_encode_princ_contents (krb5_context, krb5_data *, + krb5_db_entry *); +void krb5_free_princ_contents (krb5_context, krb5_data *); +krb5_error_code krb5_decode_princ_contents (krb5_context, krb5_data *, + krb5_db_entry *); +void krb5_dbe_free_contents (krb5_context, krb5_db_entry *); + +krb5_error_code krb5_dbe_find_enctype (krb5_context, krb5_db_entry *, + krb5_int32, + krb5_int32, + krb5_int32, + krb5_key_data **); + +krb5_error_code krb5_dbe_search_enctype (krb5_context, + krb5_db_entry *, + krb5_int32 *, + krb5_int32, + krb5_int32, + krb5_int32, + krb5_key_data **); + +struct __krb5_key_salt_tuple; + +krb5_error_code krb5_dbe_cpw (krb5_context, + krb5_keyblock *, + struct __krb5_key_salt_tuple *, + int, + char *, + int, + krb5_boolean, + krb5_db_entry *); +krb5_error_code krb5_dbe_apw (krb5_context, + krb5_keyblock *, + struct __krb5_key_salt_tuple *, + int, + char *, + krb5_db_entry *); +krb5_error_code krb5_dbe_crk (krb5_context, + krb5_keyblock *, + struct __krb5_key_salt_tuple *, + int, + krb5_boolean, + krb5_db_entry *); +krb5_error_code krb5_dbe_ark (krb5_context, + krb5_keyblock *, + struct __krb5_key_salt_tuple *, + int, + krb5_db_entry *); + +krb5_error_code krb5_ser_db_context_init (krb5_context); + +#define KRB5_KDB_DEF_FLAGS 0 + +#endif /* !defined(_WIN32) */ +#endif /* KRB5_KDB5__ */