Merge commit 'ceod'

pull/5/head
Michael Spang 14 years ago
commit 873f7ac9a6
  1. 1
      .gitignore
  2. 48
      ceo/members.py
  3. 7
      debian/.gitignore
  4. 2
      debian/ceo-clients.manpages
  5. 1
      debian/ceo-common.dirs
  6. 1
      debian/ceo-common.install
  7. 2
      debian/ceo-daemon.dirs
  8. 1
      debian/ceo-daemon.install
  9. 1
      debian/ceo-gui.manpages
  10. 5
      debian/changelog
  11. 33
      debian/control
  12. 1
      debian/docs
  13. 2
      debian/install
  14. 1
      debian/manpages
  15. 11
      debian/rules
  16. 52
      etc/accounts.cf
  17. 46
      etc/accounts.cf.example
  18. 5
      etc/kerberos.cf.example
  19. 14
      etc/ldap.cf.example
  20. 4
      etc/library.cf
  21. 5
      etc/library.cf.example
  22. 1
      etc/ops/adduser
  23. 49
      etc/spam/expired-account
  24. 71
      etc/spam/new-member
  25. 1
      include/k5-platform.h
  26. 747
      include/kadm5/admin.h
  27. 1
      include/kadm5/chpass_util_strings.h
  28. 74
      include/kadm5/kadm_err.h
  29. 500
      include/kdb.h
  30. 6
      src/.gitignore
  31. 74
      src/Makefile
  32. 161
      src/addclub.c
  33. 35
      src/addhomedir.c
  34. 3
      src/addhomedir.h
  35. 161
      src/addmember.c
  36. 23
      src/ceo.proto
  37. 173
      src/ceoc.c
  38. 58
      src/common.c
  39. 3
      src/common.h
  40. 31
      src/config-vars.h
  41. 11
      src/config.c
  42. 3
      src/config.h
  43. 10
      src/daemon.h
  44. 183
      src/dmaster.c
  45. 157
      src/dslave.c
  46. 220
      src/gss.c
  47. 12
      src/gss.h
  48. 71
      src/homedir.c
  49. 3
      src/homedir.h
  50. 19
      src/kadm.c
  51. 21
      src/krb5.c
  52. 2
      src/krb5.h
  53. 34
      src/ldap.c
  54. 2
      src/ldap.h
  55. 169
      src/net.c
  56. 47
      src/net.h
  57. 305
      src/op-adduser.c
  58. 121
      src/ops.c
  59. 14
      src/ops.h
  60. 2
      src/parser.c
  61. 131
      src/util.c
  62. 17
      src/util.h
  63. 139
      src/zfsaddhomedir.c

1
.gitignore vendored

@ -1,4 +1,3 @@
/build-stamp
/build
*.pyc
*.cf

@ -23,11 +23,9 @@ cfg = {}
def configure():
"""Load Members Configuration"""
string_fields = [ 'username_regex', 'shells_file', 'server_url',
'users_base', 'groups_base', 'sasl_mech', 'sasl_realm',
'admin_bind_keytab', 'admin_bind_userid', 'realm',
'admin_principal', 'admin_keytab', 'expired_account_email',
'mathsoc_regex', 'mathsoc_dont_count' ]
string_fields = [ 'username_regex', 'shells_file', 'ldap_server_url',
'ldap_users_base', 'ldap_groups_base', 'ldap_sasl_mech', 'ldap_sasl_realm',
'expire_hook', 'mathsoc_regex', 'mathsoc_dont_count' ]
numeric_fields = [ 'min_password_length' ]
# read configuration file
@ -93,8 +91,8 @@ def connect(auth_callback):
tries = 0
while ld is None:
try:
ld = ldapi.connect_sasl(cfg['server_url'], cfg['sasl_mech'],
cfg['sasl_realm'], password)
ld = ldapi.connect_sasl(cfg['ldap_server_url'], cfg['ldap_sasl_mech'],
cfg['ldap_sasl_realm'], password)
except ldap.LOCAL_ERROR, e:
tries += 1
if tries > 3:
@ -178,10 +176,10 @@ def get(userid):
}
"""
return ldapi.lookup(ld, 'uid', userid, cfg['users_base'])
return ldapi.lookup(ld, 'uid', userid, cfg['ldap_users_base'])
def uid2dn(uid):
return 'uid=%s,%s' % (ldapi.escape(uid), cfg['users_base'])
return 'uid=%s,%s' % (ldapi.escape(uid), cfg['ldap_users_base'])
def list_term(term):
@ -200,7 +198,7 @@ def list_term(term):
}
"""
members = ldapi.search(ld, cfg['users_base'],
members = ldapi.search(ld, cfg['ldap_users_base'],
'(&(objectClass=member)(term=%s))', [ term ])
return dict([(member[0], member[1]) for member in members])
@ -220,7 +218,7 @@ def list_name(name):
]
"""
members = ldapi.search(ld, cfg['users_base'],
members = ldapi.search(ld, cfg['ldap_users_base'],
'(&(objectClass=member)(cn~=%s))', [ name ])
return dict([(member[0], member[1]) for member in members])
@ -262,7 +260,7 @@ def list_all():
]
"""
members = ldapi.search(ld, cfg['users_base'], '(objectClass=member)')
members = ldapi.search(ld, cfg['ldap_users_base'], '(objectClass=member)')
return dict([(member[0], member[1]) for member in members])
@ -278,7 +276,7 @@ def list_positions():
]
"""
members = ld.search_s(cfg['users_base'], ldap.SCOPE_SUBTREE, '(position=*)')
members = ld.search_s(cfg['ldap_users_base'], ldap.SCOPE_SUBTREE, '(position=*)')
positions = {}
for (_, member) in members:
for position in member['position']:
@ -299,7 +297,7 @@ def set_position(position, members):
Example: set_position('president', ['dtbartle'])
"""
res = ld.search_s(cfg['users_base'], ldap.SCOPE_SUBTREE,
res = ld.search_s(cfg['ldap_users_base'], ldap.SCOPE_SUBTREE,
'(&(objectClass=member)(position=%s))' % ldapi.escape(position))
old = set([ member['uid'][0] for (_, member) in res ])
new = set(members)
@ -312,7 +310,7 @@ def set_position(position, members):
for action in ['del', 'add']:
for userid in mods[action]:
dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['users_base'])
dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['ldap_users_base'])
entry1 = {'position' : [position]}
entry2 = {} #{'position' : []}
entry = ()
@ -325,8 +323,8 @@ def set_position(position, members):
def change_group_member(action, group, userid):
user_dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['users_base'])
group_dn = 'cn=%s,%s' % (ldapi.escape(group), cfg['groups_base'])
user_dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['ldap_users_base'])
group_dn = 'cn=%s,%s' % (ldapi.escape(group), cfg['ldap_groups_base'])
entry1 = {'uniqueMember' : []}
entry2 = {'uniqueMember' : [user_dn]}
entry = []
@ -344,7 +342,7 @@ def change_group_member(action, group, userid):
### Shells ###
def get_shell(userid):
member = ldapi.lookup(ld, 'uid', userid, cfg['users_base'])
member = ldapi.lookup(ld, 'uid', userid, cfg['ldap_users_base'])
if not member:
raise NoSuchMember(userid)
if 'loginShell' not in member:
@ -363,7 +361,7 @@ def get_shells():
def set_shell(userid, shell):
if not shell in get_shells():
raise InvalidArgument("shell", shell, "is not in %s" % cfg['shells_file'])
ldapi.modify(ld, 'uid', userid, cfg['users_base'], [ (ldap.MOD_REPLACE, 'loginShell', [ shell ]) ])
ldapi.modify(ld, 'uid', userid, cfg['ldap_users_base'], [ (ldap.MOD_REPLACE, 'loginShell', [ shell ]) ])
@ -420,7 +418,7 @@ def register(userid, term_list):
Example: register(3349, ["w2007", "s2007"])
"""
user_dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['users_base'])
user_dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['ldap_users_base'])
if type(term_list) in (str, unicode):
term_list = [ term_list ]
@ -452,7 +450,7 @@ def register(userid, term_list):
def register_nonmember(userid, term_list):
"""Registers a non-member for one or more terms."""
user_dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['users_base'])
user_dn = 'uid=%s,%s' % (ldapi.escape(userid), cfg['ldap_users_base'])
if type(term_list) in (str, unicode):
term_list = [ term_list ]
@ -511,7 +509,7 @@ def group_members(group):
Returns a list of group members
"""
group = ldapi.lookup(ld, 'cn', group, cfg['groups_base'])
group = ldapi.lookup(ld, 'cn', group, cfg['ldap_groups_base'])
if group and 'uniqueMember' in group:
r = re.compile('^uid=([^,]*)')
@ -519,11 +517,11 @@ def group_members(group):
return []
def expired_accounts():
members = ldapi.search(ld, cfg['users_base'],
members = ldapi.search(ld, cfg['ldap_users_base'],
'(&(objectClass=member)(!(|(term=%s)(nonMemberTerm=%s))))' %
(terms.current(), terms.current()))
return dict([(member[0], member[1]) for member in members])
def send_account_expired_email(name, email):
args = [ cfg['expired_account_email'], name, email ]
os.spawnv(os.P_WAIT, cfg['expired_account_email'], args)
args = [ cfg['expire_hook'], name, email ]
os.spawnv(os.P_WAIT, cfg['expire_hook'], args)

7
debian/.gitignore vendored

@ -1,4 +1,9 @@
/ceo.substvars
/ceo
/ceo-common
/ceo-clients
/ceo-daemon
/ceo-gui
/files
/*.debhelper
/*.debhelper.log
/*.substvars

@ -0,0 +1,2 @@
docs/addclub.1
docs/addmember.1

@ -0,0 +1 @@
etc/csc

@ -0,0 +1 @@
etc/accounts.cf etc/library.cf etc/ops etc/spam etc/csc

@ -1,3 +1 @@
usr/bin
etc/csc
etc/ldap/schema

@ -0,0 +1 @@
etc/csc.schema etc/ldap/schema

@ -0,0 +1 @@
docs/ceo.1

5
debian/changelog vendored

@ -1,3 +1,8 @@
ceo (0.4.24) stable testing; urgency=low
* Bump standards version.
-- Michael Spang <mspang@uwaterloo.ca> Wed, 29 Jul 2009 07:31:24 -0400
ceo (0.4.23) stable testing; urgency=low
* CEO library now only finds books that are signed out as being overdue.

33
debian/control vendored

@ -2,13 +2,32 @@ Source: ceo
Section: admin
Priority: optional
Maintainer: Systems Committee <syscom@csclub.uwaterloo.ca>
Build-Depends: debhelper (>= 5.0.0), python-dev (>= 2.4), python-support (>= 0.3), libkrb5-dev, libldap2-dev, libsasl2-dev
Standards-Version: 3.8.0
Build-Depends: debhelper (>= 5.0.0), python-dev (>= 2.4), python-support (>= 0.3), libkrb5-dev, libldap2-dev, libsasl2-dev, libsctp-dev, libprotobuf-c0-dev, libacl1-dev
Standards-Version: 3.8.2
Package: ceo
Package: ceo-common
Architecture: all
Description: Computer Science Club Common Files
This package contains the CSC Electronic Office
common files.
Package: ceo-gui
Architecture: all
Depends: ceo-clients, python-ldap, python-urwid, python-sqlobject, python-psycopg, ${python:Depends}, ${shlibs:Depends}
Description: Computer Science Club Administrative GUI
This package contains the CSC Electronic Office
graphical user interface.
Package: ceo-clients
Architecture: any
Depends: ceo-common, ${shlibs:Depends}
Description: Computer Science Club Administrative Clients
This package contains the CSC Electronic Office
client programs.
Package: ceo-daemon
Architecture: any
Depends: python-sqlobject, python-psycopg, python-ldap, python-urwid, ${python:Depends}, ${shlibs:Depends}
Description: Computer Science Club Administrative Utilities
Depends: ceo-common, ${shlibs:Depends}
Description: Computer Science Club Administrative Daemon
This package contains the CSC Electronic Office
and other Computer Science Club administrative
programs.
daemon.

1
debian/docs vendored

@ -1 +0,0 @@
docs/*

2
debian/install vendored

@ -1,2 +0,0 @@
etc/accounts.cf.example etc/kerberos.cf.example etc/ldap.cf.example etc/csc
etc/csc.schema etc/ldap/schema

1
debian/manpages vendored

@ -1 +0,0 @@
docs/*.[0-9]

11
debian/rules vendored

@ -1,7 +1,7 @@
#!/usr/bin/make -f
CFLAGS := -g -O2 -fstack-protector-all -fPIE
LDFLAGS := -pie
LDFLAGS := -pie -Wl,--as-needed
build:
python setup.py -q build
@ -18,13 +18,14 @@ install: build
dh_testdir
dh_testroot
dh_installdirs
python setup.py -q install --no-compile -O0 --root=debian/ceo
$(MAKE) -C src DESTDIR=$(CURDIR)/debian/ceo PREFIX=/usr install
python setup.py -q install --no-compile -O0 --root=debian/ceo-gui
$(MAKE) -C src DESTDIR=$(CURDIR)/debian/ceo-clients PREFIX=/usr install_clients
$(MAKE) -C src DESTDIR=$(CURDIR)/debian/ceo-daemon PREFIX=/usr install_daemon
binary-arch: build install
dh_testdir
dh_testroot
dh_installchangelogs
dh_installchangelogs
dh_installdocs
dh_installexamples
dh_install

@ -0,0 +1,52 @@
# /etc/csc/accounts.cf: CSC Accounts Configuration
### Member Account Options ###
member_min_id = 20001
member_max_id = 29999
member_shell = "/bin/bash"
member_home = "/users"
member_home_acl = "u::rwx,g::rx,o::rx"
member_home_skel = "/users/skel"
### Club Account Options ###
club_min_id = 30001
club_max_id = 39999
club_shell = "/bin/bash"
club_home = "/users"
club_home_acl = "A+group:%s:rwpRAxaWdDcCs:fd:allow"
club_home_skel = "/users/skel"
### Administrative Account Options ###
admin_min_id = 10001
admin_max_id = 19999
### LDAP Options ###
ldap_server_url = "ldaps://ldap-master.csclub.uwaterloo.ca"
ldap_users_base = "ou=People,dc=csclub,dc=uwaterloo,dc=ca"
ldap_groups_base = "ou=Group,dc=csclub,dc=uwaterloo,dc=ca"
ldap_sudo_base = "ou=SUDOers,dc=csclub,dc=uwaterloo,dc=ca"
ldap_sasl_mech = "GSSAPI"
ldap_sasl_realm = "CSCLUB.UWATERLOO.CA"
ldap_admin_principal = "ceod/admin@CSCLUB.UWATERLOO.CA"
### Kerberos Options ###
krb5_realm = "CSCLUB.UWATERLOO.CA"
krb5_admin_principal = "ceod/admin@CSCLUB.UWATERLOO.CA"
### Spam ###
notify_hook = "/etc/csc/spam/new-member"
expire_hook = "/etc/csc/spam/expired-account"
### Miscellaneous ###
username_regex = "^[a-z][-a-z0-9]*$"
min_password_length = 4
shells_file = "/etc/shells"
mathsoc_regex = ".*(mat/|vpa/se|computer science|math).*"
mathsoc_dont_count = "cpdohert dlgawley dtbartle mbiggs saforres tmyklebu mgregson rridge dbelange"

@ -1,46 +0,0 @@
# /etc/csc/accounts.cf: CSC Accounts Configuration
include /etc/csc/ldap.cf
include /etc/csc/kerberos.cf
### Member Account Options ###
member_min_id = 20001
member_max_id = 29999
member_shell = "/bin/bash"
member_home = "/users"
#member_home_acl = "u::rwx,g::rx,o::rx"
#member_home_dacl =
member_home_acl =
### Club Account Options ###
club_min_id = 30001
club_max_id = 39999
club_shell = "/bin/bash"
club_home = "/users"
club_home_acl = "A+group:%s:rwpRAxaWdDcCs:fd:allow"
### Administrative Account Options
admin_min_id = 10001
admin_max_id = 19999
admin_shell = "/bin/bash"
admin_home = "/users"
### Home Directory Options ###
skeleton_dir = "/users/skel"
homedir_mode = "0755"
refquota = "4G"
### Validation Tuning ###
username_regex = "^[a-z][-a-z0-9]*$"
min_password_length = 4
shells_file = "/etc/shells"
privileged_group = "staff"
notify_hook = "/etc/csc/notify-hook"
expired_account_email = "/etc/csc/expired-account"
mathsoc_regex = ".*(mat/|vpa/se|computer science|math).*"
mathsoc_dont_count = "cpdohert dlgawley dtbartle mbiggs saforres tmyklebu"

@ -1,5 +0,0 @@
# /etc/csc/kerberos.cf: CSC Kerberos Administration Configuration
realm = "CSCLUB.UWATERLOO.CA"
admin_principal = "ceo/admin@CSCLUB.UWATERLOO.CA"
admin_keytab = "/etc/csc/ceo.keytab"

@ -1,14 +0,0 @@
# /etc/csc/ldap.cf: CSC LDAP Configuration
server_url = "ldaps:///"
users_base = "ou=People,dc=csclub,dc=uwaterloo,dc=ca"
groups_base = "ou=Group,dc=csclub,dc=uwaterloo,dc=ca"
sudo_base = "ou=SUDOers,dc=csclub,dc=uwaterloo,dc=ca"
admin_bind_dn =
admin_bind_keytab = "/etc/csc/ceo.keytab"
admin_bind_userid = "ceo"
sasl_mech = "GSSAPI"
sasl_realm = "CSCLUB.UWATERLOO.CA"

@ -0,0 +1,4 @@
# /etc/csc/library.cf: Library Config
library_connect_string = "postgres://librarian:PWPWPWPWPWPWPWPWPWPW@127.0.0.1/library"
aws_account_key = "KEYKEYKEYKEYKEYKEYKY"

@ -1,5 +0,0 @@
# /etc/csc/library.cf: Library Config
library_db_path = /users/office/library.db
library_connect_string = "sqlite:///home/mgregson/csc/pyceo/test.db"
aws_account_key = "1TNCT5S0RNDV13CJJCG2"

@ -0,0 +1 @@
ginseng adduser 0x01

@ -0,0 +1,49 @@
#!/bin/sh
name=$1
email=$2
shift 2
tmp="$(tempfile)"
trap "rm $tmp" 0
exec >"$tmp"
echo "From: Computer Science Club <ceo+expired@csclub.uwaterloo.ca>"
echo "Reply-to: CSClub Exec <exec@csclub.uwaterloo.ca>"
echo "To: $name <$email>"
echo "Subject: [CSClub] Account Expiration"
echo ""
echo "Hello,
We noticed that your Computer Science Club membership has expired. We would
like to remind you of the many benefits of being a member of the club:
* 4 GiB of disk quota
* Web space
* Email address
* Shell account
* Access to our library
If you would like to renew your membership (the fee is \$2 per term), we have
various methods of doing so:
* Come by our office (MC 3036)
* Send us a PayPal donation and send us the transaction id; see
http://csclub.uwaterloo.ca/about/donations for details
* Mail us a cheque; here's our address:
Computer Science Club
Math & Computer 3036/3037
University of Waterloo
200 University Avenue West
Waterloo, ON N3L 3G1
Canada
If you have any questions, feel free to contact us by phone at
(519) 888-4567 x33870, or by email at exec@csclub.uwaterloo.ca.
Regards,
The Computer Science Club"
exec >&- 2>&-
/usr/sbin/sendmail -t -f "ceo@csclub.uwaterloo.ca" < "$tmp"

@ -0,0 +1,71 @@
#!/bin/bash -p
# This is a privileged script.
IFS=$' \t\n'
PATH=/usr/bin:/bin
unset ENV BASH_ENV CDPATH
umask 077
prog=$1
auth=$2
shift 2
tmp="$(tempfile)"
trap "rm $tmp" 0
exec >"$tmp"
authrn="$(getent passwd "$auth" | awk -F: '{ print $5 }' | sed -e 's/,.*//')"
h_from="$prog <ceo+$prog@csclub.uwaterloo.ca>"
h_to="Membership and Accounts <ceo@csclub.uwaterloo.ca>"
h_cc="$authrn <$auth@csclub.uwaterloo.ca>"
if test "$prog" = addmember; then
user=$1 name=$2 dept=$3 status=$4; shift 4
subj="New Member: $user"
test -z "$dept" && dept="things unknown"
body="Name: $name
Account: $user
Program: $dept
Added by: $auth"
elif test "$prog" = addclub; then
user=$1 name=$2 status=$4; shift 4
subj="New Club Account: $user"
body="Club: $name
Account: $user
Added by: $auth"
else
exit 1
fi
output=$(cat)
if test "$status" = "failure"; then
subj="$subj (FAILURES)"
fi
echo "From: $h_from"
echo "To: $h_to"
echo "Cc: $h_cc"
echo "X-Auth-User: $auth"
echo "X-New-User: $user"
echo "X-New-Name: $name"
echo "Subject: $subj"
echo
echo "$body" | fmt -s
echo
if test "$status" = "success"; then
echo all failures went undetected
elif test -n "$output"; then
echo "$output"
fi
echo
echo Your Friend,
echo "$prog"
exec >&2
env - /usr/sbin/sendmail -t -f "ceo@csclub.uwaterloo.ca" < "$tmp"

@ -1 +0,0 @@
/* This file left intentionally blank. */

@ -1,747 +0,0 @@
/*
* lib/kadm5/admin.h
*
* Copyright 2001 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*/
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
* $Header$
*/
#ifndef __KADM5_ADMIN_H__
#define __KADM5_ADMIN_H__
#if !defined(USE_KADM5_API_VERSION)
#define USE_KADM5_API_VERSION 2
#endif
#include <sys/types.h>
#include <gssrpc/rpc.h>
#include <krb5.h>
#include <kdb.h>
#include <com_err.h>
#include <kadm5/kadm_err.h>
#include <kadm5/chpass_util_strings.h>
#define KADM5_ADMIN_SERVICE "kadmin/admin"
#define KADM5_CHANGEPW_SERVICE "kadmin/changepw"
#define KADM5_HIST_PRINCIPAL "kadmin/history"
typedef krb5_principal kadm5_princ_t;
typedef char *kadm5_policy_t;
typedef long kadm5_ret_t;
#define KADM5_PW_FIRST_PROMPT \
(error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
#define KADM5_PW_SECOND_PROMPT \
(error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
/*
* Successful return code
*/
#define KADM5_OK 0
/*
* Field masks
*/
/* kadm5_principal_ent_t */
#define KADM5_PRINCIPAL 0x000001
#define KADM5_PRINC_EXPIRE_TIME 0x000002
#define KADM5_PW_EXPIRATION 0x000004
#define KADM5_LAST_PWD_CHANGE 0x000008
#define KADM5_ATTRIBUTES 0x000010
#define KADM5_MAX_LIFE 0x000020
#define KADM5_MOD_TIME 0x000040
#define KADM5_MOD_NAME 0x000080
#define KADM5_KVNO 0x000100
#define KADM5_MKVNO 0x000200
#define KADM5_AUX_ATTRIBUTES 0x000400
#define KADM5_POLICY 0x000800
#define KADM5_POLICY_CLR 0x001000
/* version 2 masks */
#define KADM5_MAX_RLIFE 0x002000
#define KADM5_LAST_SUCCESS 0x004000
#define KADM5_LAST_FAILED 0x008000
#define KADM5_FAIL_AUTH_COUNT 0x010000
#define KADM5_KEY_DATA 0x020000
#define KADM5_TL_DATA 0x040000
#ifdef notyet /* Novell */
#define KADM5_CPW_FUNCTION 0x080000
#define KADM5_RANDKEY_USED 0x100000
#endif
#define KADM5_LOAD 0x200000
/* all but KEY_DATA and TL_DATA */
#define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff
/* kadm5_policy_ent_t */
#define KADM5_PW_MAX_LIFE 0x004000
#define KADM5_PW_MIN_LIFE 0x008000
#define KADM5_PW_MIN_LENGTH 0x010000
#define KADM5_PW_MIN_CLASSES 0x020000
#define KADM5_PW_HISTORY_NUM 0x040000
#define KADM5_REF_COUNT 0x080000
/* kadm5_config_params */
#define KADM5_CONFIG_REALM 0x000001
#define KADM5_CONFIG_DBNAME 0x000002
#define KADM5_CONFIG_MKEY_NAME 0x000004
#define KADM5_CONFIG_MAX_LIFE 0x000008
#define KADM5_CONFIG_MAX_RLIFE 0x000010
#define KADM5_CONFIG_EXPIRATION 0x000020
#define KADM5_CONFIG_FLAGS 0x000040
#define KADM5_CONFIG_ADMIN_KEYTAB 0x000080
#define KADM5_CONFIG_STASH_FILE 0x000100
#define KADM5_CONFIG_ENCTYPE 0x000200
#define KADM5_CONFIG_ADBNAME 0x000400
#define KADM5_CONFIG_ADB_LOCKFILE 0x000800
/*#define KADM5_CONFIG_PROFILE 0x001000*/
#define KADM5_CONFIG_ACL_FILE 0x002000
#define KADM5_CONFIG_KADMIND_PORT 0x004000
#define KADM5_CONFIG_ENCTYPES 0x008000
#define KADM5_CONFIG_ADMIN_SERVER 0x010000
#define KADM5_CONFIG_DICT_FILE 0x020000
#define KADM5_CONFIG_MKEY_FROM_KBD 0x040000
#define KADM5_CONFIG_KPASSWD_PORT 0x080000
#define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x100000
#define KADM5_CONFIG_NO_AUTH 0x200000
#define KADM5_CONFIG_AUTH_NOFALLBACK 0x400000
#ifdef notyet /* Novell */
#define KADM5_CONFIG_KPASSWD_SERVER 0x800000
#endif
/*
* permission bits
*/
#define KADM5_PRIV_GET 0x01
#define KADM5_PRIV_ADD 0x02
#define KADM5_PRIV_MODIFY 0x04
#define KADM5_PRIV_DELETE 0x08
/*
* API versioning constants
*/
#define KADM5_MASK_BITS 0xffffff00
#define KADM5_STRUCT_VERSION_MASK 0x12345600
#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01)
#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1
#define KADM5_API_VERSION_MASK 0x12345700
#define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01)
#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02)
typedef struct _kadm5_principal_ent_t_v2 {
krb5_principal principal;
krb5_timestamp princ_expire_time;
krb5_timestamp last_pwd_change;
krb5_timestamp pw_expiration;
krb5_deltat max_life;
krb5_principal mod_name;
krb5_timestamp mod_date;
krb5_flags attributes;
krb5_kvno kvno;
krb5_kvno mkvno;
char *policy;
long aux_attributes;
/* version 2 fields */
krb5_deltat max_renewable_life;
krb5_timestamp last_success;
krb5_timestamp last_failed;
krb5_kvno fail_auth_count;
krb5_int16 n_key_data;
krb5_int16 n_tl_data;
krb5_tl_data *tl_data;
krb5_key_data *key_data;
} kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2;
typedef struct _kadm5_principal_ent_t_v1 {
krb5_principal principal;
krb5_timestamp princ_expire_time;
krb5_timestamp last_pwd_change;
krb5_timestamp pw_expiration;
krb5_deltat max_life;
krb5_principal mod_name;
krb5_timestamp mod_date;
krb5_flags attributes;
krb5_kvno kvno;
krb5_kvno mkvno;
char *policy;
long aux_attributes;
} kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1;
#if USE_KADM5_API_VERSION == 1
typedef struct _kadm5_principal_ent_t_v1
kadm5_principal_ent_rec, *kadm5_principal_ent_t;
#else
typedef struct _kadm5_principal_ent_t_v2
kadm5_principal_ent_rec, *kadm5_principal_ent_t;
#endif
typedef struct _kadm5_policy_ent_t {
char *policy;
long pw_min_life;
long pw_max_life;
long pw_min_length;
long pw_min_classes;
long pw_history_num;
long policy_refcnt;
} kadm5_policy_ent_rec, *kadm5_policy_ent_t;
/*
* Data structure returned by kadm5_get_config_params()
*/
typedef struct _kadm5_config_params {
long mask;
char * realm;
int kadmind_port;
int kpasswd_port;
char * admin_server;
#ifdef notyet /* Novell */ /* ABI change? */
char * kpasswd_server;
#endif
char * dbname;
char * admin_dbname;
char * admin_lockfile;
char * admin_keytab;
char * acl_file;
char * dict_file;
int mkey_from_kbd;
char * stash_file;
char * mkey_name;
krb5_enctype enctype;
krb5_deltat max_life;
krb5_deltat max_rlife;
krb5_timestamp expiration;
krb5_flags flags;
krb5_key_salt_tuple *keysalts;
krb5_int32 num_keysalts;
} kadm5_config_params;
/***********************************************************************
* This is the old krb5_realm_read_params, which I mutated into
* kadm5_get_config_params but which old code (kdb5_* and krb5kdc)
* still uses.
***********************************************************************/
/*
* Data structure returned by krb5_read_realm_params()
*/
typedef struct __krb5_realm_params {
char * realm_profile;
char * realm_dbname;
char * realm_mkey_name;
char * realm_stash_file;
char * realm_kdc_ports;
char * realm_kdc_tcp_ports;
char * realm_acl_file;
krb5_int32 realm_kadmind_port;
krb5_enctype realm_enctype;
krb5_deltat realm_max_life;
krb5_deltat realm_max_rlife;
krb5_timestamp realm_expiration;
krb5_flags realm_flags;
krb5_key_salt_tuple *realm_keysalts;
unsigned int realm_reject_bad_transit:1;
unsigned int realm_kadmind_port_valid:1;
unsigned int realm_enctype_valid:1;
unsigned int realm_max_life_valid:1;
unsigned int realm_max_rlife_valid:1;
unsigned int realm_expiration_valid:1;
unsigned int realm_flags_valid:1;
unsigned int realm_reject_bad_transit_valid:1;
krb5_int32 realm_num_keysalts;
} krb5_realm_params;
/*
* functions
*/
#if USE_KADM5_API_VERSION > 1
krb5_error_code kadm5_get_config_params(krb5_context context,
int use_kdc_config,
kadm5_config_params *params_in,
kadm5_config_params *params_out);
krb5_error_code kadm5_free_config_params(krb5_context context,
kadm5_config_params *params);
krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
kadm5_config_params *params);
krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
char *, size_t);
#endif
kadm5_ret_t kadm5_init(char *client_name, char *pass,
char *service_name,
#if USE_KADM5_API_VERSION == 1
char *realm,
#else
kadm5_config_params *params,
#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
kadm5_ret_t kadm5_init_with_password(char *client_name,
char *pass,
char *service_name,
#if USE_KADM5_API_VERSION == 1
char *realm,
#else
kadm5_config_params *params,
#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
kadm5_ret_t kadm5_init_with_skey(char *client_name,
char *keytab,
char *service_name,
#if USE_KADM5_API_VERSION == 1
char *realm,
#else
kadm5_config_params *params,
#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_init_with_creds(char *client_name,
krb5_ccache cc,
char *service_name,
kadm5_config_params *params,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
#endif
kadm5_ret_t kadm5_lock(void *server_handle);
kadm5_ret_t kadm5_unlock(void *server_handle);
kadm5_ret_t kadm5_flush(void *server_handle);
kadm5_ret_t kadm5_destroy(void *server_handle);
kadm5_ret_t kadm5_create_principal(void *server_handle,
kadm5_principal_ent_t ent,
long mask, char *pass);
kadm5_ret_t kadm5_create_principal_3(void *server_handle,
kadm5_principal_ent_t ent,
long mask,
int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
char *pass);
kadm5_ret_t kadm5_delete_principal(void *server_handle,
krb5_principal principal);
kadm5_ret_t kadm5_modify_principal(void *server_handle,
kadm5_principal_ent_t ent,
long mask);
kadm5_ret_t kadm5_rename_principal(void *server_handle,
krb5_principal,krb5_principal);
#if USE_KADM5_API_VERSION == 1
kadm5_ret_t kadm5_get_principal(void *server_handle,
krb5_principal principal,
kadm5_principal_ent_t *ent);
#else
kadm5_ret_t kadm5_get_principal(void *server_handle,
krb5_principal principal,
kadm5_principal_ent_t ent,
long mask);
#endif
kadm5_ret_t kadm5_chpass_principal(void *server_handle,
krb5_principal principal,
char *pass);
kadm5_ret_t kadm5_chpass_principal_3(void *server_handle,
krb5_principal principal,
krb5_boolean keepold,
int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
char *pass);
#if USE_KADM5_API_VERSION == 1
kadm5_ret_t kadm5_randkey_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock **keyblock);
#else
kadm5_ret_t kadm5_randkey_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock **keyblocks,
int *n_keys);
kadm5_ret_t kadm5_randkey_principal_3(void *server_handle,
krb5_principal principal,
krb5_boolean keepold,
int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
krb5_keyblock **keyblocks,
int *n_keys);
#endif
kadm5_ret_t kadm5_setv4key_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock *keyblock);
kadm5_ret_t kadm5_setkey_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock *keyblocks,
int n_keys);
kadm5_ret_t kadm5_setkey_principal_3(void *server_handle,
krb5_principal principal,
krb5_boolean keepold,
int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
krb5_keyblock *keyblocks,
int n_keys);
kadm5_ret_t kadm5_decrypt_key(void *server_handle,
kadm5_principal_ent_t entry, krb5_int32
ktype, krb5_int32 stype, krb5_int32
kvno, krb5_keyblock *keyblock,
krb5_keysalt *keysalt, int *kvnop);
kadm5_ret_t kadm5_create_policy(void *server_handle,
kadm5_policy_ent_t ent,
long mask);
/*
* kadm5_create_policy_internal is not part of the supported,
* exposed API. It is available only in the server library, and you
* shouldn't use it unless you know why it's there and how it's
* different from kadm5_create_policy.
*/
kadm5_ret_t kadm5_create_policy_internal(void *server_handle,
kadm5_policy_ent_t
entry, long mask);
kadm5_ret_t kadm5_delete_policy(void *server_handle,
kadm5_policy_t policy);
kadm5_ret_t kadm5_modify_policy(void *server_handle,
kadm5_policy_ent_t ent,
long mask);
/*
* kadm5_modify_policy_internal is not part of the supported,
* exposed API. It is available only in the server library, and you
* shouldn't use it unless you know why it's there and how it's
* different from kadm5_modify_policy.
*/
kadm5_ret_t kadm5_modify_policy_internal(void *server_handle,
kadm5_policy_ent_t
entry, long mask);
#if USE_KADM5_API_VERSION == 1
kadm5_ret_t kadm5_get_policy(void *server_handle,
kadm5_policy_t policy,
kadm5_policy_ent_t *ent);
#else
kadm5_ret_t kadm5_get_policy(void *server_handle,
kadm5_policy_t policy,
kadm5_policy_ent_t ent);
#endif
kadm5_ret_t kadm5_get_privs(void *server_handle,
long *privs);
kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
krb5_principal princ,
char *new_pw,
char **ret_pw,
char *msg_ret,
unsigned int msg_len);
kadm5_ret_t kadm5_free_principal_ent(void *server_handle,
kadm5_principal_ent_t
ent);
kadm5_ret_t kadm5_free_policy_ent(void *server_handle,
kadm5_policy_ent_t ent);
kadm5_ret_t kadm5_get_principals(void *server_handle,
char *exp, char ***princs,
int *count);
kadm5_ret_t kadm5_get_policies(void *server_handle,
char *exp, char ***pols,
int *count);
#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_free_key_data(void *server_handle,
krb5_int16 *n_key_data,
krb5_key_data *key_data);
#endif
kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names,
int count);
krb5_error_code kadm5_init_krb5_context (krb5_context *);
#if USE_KADM5_API_VERSION == 1
/*
* OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time
* compatible with KADM5_API_VERSION_2. Basically, this means we have
* to continue to provide all the old ovsec_kadm function and symbol
* names.
*/
#define OVSEC_KADM_ACLFILE "/krb5/ovsec_adm.acl"
#define OVSEC_KADM_WORDFILE "/krb5/ovsec_adm.dict"
#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin"
#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw"
#define OVSEC_KADM_HIST_PRINCIPAL "ovsec_adm/history"
typedef krb5_principal ovsec_kadm_princ_t;
typedef krb5_keyblock ovsec_kadm_keyblock;
typedef char *ovsec_kadm_policy_t;
typedef long ovsec_kadm_ret_t;
enum ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL };
enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL };
#define OVSEC_KADM_PW_FIRST_PROMPT \
((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
#define OVSEC_KADM_PW_SECOND_PROMPT \
((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
/*
* Successful return code
*/
#define OVSEC_KADM_OK 0
/*
* Create/Modify masks
*/
/* principal */
#define OVSEC_KADM_PRINCIPAL 0x000001
#define OVSEC_KADM_PRINC_EXPIRE_TIME 0x000002
#define OVSEC_KADM_PW_EXPIRATION 0x000004
#define OVSEC_KADM_LAST_PWD_CHANGE 0x000008
#define OVSEC_KADM_ATTRIBUTES 0x000010
#define OVSEC_KADM_MAX_LIFE 0x000020
#define OVSEC_KADM_MOD_TIME 0x000040
#define OVSEC_KADM_MOD_NAME 0x000080
#define OVSEC_KADM_KVNO 0x000100
#define OVSEC_KADM_MKVNO 0x000200
#define OVSEC_KADM_AUX_ATTRIBUTES 0x000400
#define OVSEC_KADM_POLICY 0x000800
#define OVSEC_KADM_POLICY_CLR 0x001000
/* policy */
#define OVSEC_KADM_PW_MAX_LIFE 0x004000
#define OVSEC_KADM_PW_MIN_LIFE 0x008000
#define OVSEC_KADM_PW_MIN_LENGTH 0x010000
#define OVSEC_KADM_PW_MIN_CLASSES 0x020000
#define OVSEC_KADM_PW_HISTORY_NUM 0x040000
#define OVSEC_KADM_REF_COUNT 0x080000
/*
* permission bits
*/
#define OVSEC_KADM_PRIV_GET 0x01
#define OVSEC_KADM_PRIV_ADD 0x02
#define OVSEC_KADM_PRIV_MODIFY 0x04
#define OVSEC_KADM_PRIV_DELETE 0x08
/*
* API versioning constants
*/
#define OVSEC_KADM_MASK_BITS 0xffffff00
#define OVSEC_KADM_STRUCT_VERSION_MASK 0x12345600
#define OVSEC_KADM_STRUCT_VERSION_1 (OVSEC_KADM_STRUCT_VERSION_MASK|0x01)
#define OVSEC_KADM_STRUCT_VERSION OVSEC_KADM_STRUCT_VERSION_1
#define OVSEC_KADM_API_VERSION_MASK 0x12345700
#define OVSEC_KADM_API_VERSION_1 (OVSEC_KADM_API_VERSION_MASK|0x01)
typedef struct _ovsec_kadm_principal_ent_t {
krb5_principal principal;
krb5_timestamp princ_expire_time;
krb5_timestamp last_pwd_change;
krb5_timestamp pw_expiration;
krb5_deltat max_life;
krb5_principal mod_name;
krb5_timestamp mod_date;
krb5_flags attributes;
krb5_kvno kvno;
krb5_kvno mkvno;
char *policy;
long aux_attributes;
} ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t;
typedef struct _ovsec_kadm_policy_ent_t {
char *policy;
long pw_min_life;
long pw_max_life;
long pw_min_length;
long pw_min_classes;
long pw_history_num;
long policy_refcnt;
} ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t;
/*
* functions
*/
ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass,
char *service_name, char *realm,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name,
char *pass,
char *service_name,
char *realm,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char ** db_args,
void **server_handle);
ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name,
char *keytab,
char *service_name,
char *realm,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle);
ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle);
ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle,
ovsec_kadm_principal_ent_t ent,
long mask, char *pass);
ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle,
krb5_principal principal);
ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle,
ovsec_kadm_principal_ent_t ent,
long mask);
ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle,
krb5_principal,krb5_principal);
ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle,
krb5_principal principal,
ovsec_kadm_principal_ent_t *ent);
ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle,
krb5_principal principal,
char *pass);
ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock **keyblock);
ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle,
ovsec_kadm_policy_ent_t ent,
long mask);
/*
* ovsec_kadm_create_policy_internal is not part of the supported,
* exposed API. It is available only in the server library, and you
* shouldn't use it unless you know why it's there and how it's
* different from ovsec_kadm_create_policy.
*/
ovsec_kadm_ret_t ovsec_kadm_create_policy_internal(void *server_handle,
ovsec_kadm_policy_ent_t
entry, long mask);
ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle,
ovsec_kadm_policy_t policy);
ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle,
ovsec_kadm_policy_ent_t ent,
long mask);
/*
* ovsec_kadm_modify_policy_internal is not part of the supported,
* exposed API. It is available only in the server library, and you
* shouldn't use it unless you know why it's there and how it's
* different from ovsec_kadm_modify_policy.
*/
ovsec_kadm_ret_t ovsec_kadm_modify_policy_internal(void *server_handle,
ovsec_kadm_policy_ent_t
entry, long mask);
ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle,
ovsec_kadm_policy_t policy,
ovsec_kadm_policy_ent_t *ent);
ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle,
long *privs);
ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle,
krb5_principal princ,
char *new_pw,
char **ret_pw,
char *msg_ret);
ovsec_kadm_ret_t ovsec_kadm_free_principal_ent(void *server_handle,
ovsec_kadm_principal_ent_t
ent);
ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle,
ovsec_kadm_policy_ent_t ent);
ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle,
char **names, int count);
ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle,
char *exp, char ***princs,
int *count);
ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle,
char *exp, char ***pols,
int *count);
#define OVSEC_KADM_FAILURE KADM5_FAILURE
#define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET
#define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD
#define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY
#define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE
#define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT
#define OVSEC_KADM_BAD_DB KADM5_BAD_DB
#define OVSEC_KADM_DUP KADM5_DUP
#define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR
#define OVSEC_KADM_NO_SRV KADM5_NO_SRV
#define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY
#define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT
#define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC
#define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY
#define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK
#define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS
#define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH
#define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY
#define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL
#define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR
#define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY
#define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE
#define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT
#define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS
#define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT
#define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE
#define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON
#define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF
#define OVSEC_KADM_INIT KADM5_INIT
#define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD
#define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL
#define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE
#define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION
#define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION
#define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION
#define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION
#define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION
#define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION
#define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION
#define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION
#define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING
#define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT
#endif /* USE_KADM5_API_VERSION == 1 */
#endif /* __KADM5_ADMIN_H__ */

@ -1 +0,0 @@
/* This file left intentionally blank. */

@ -1,74 +0,0 @@
/*
* ettmp11037.h:
* This file is automatically generated; please do not edit it.
*/
#include <et/com_err.h>
#define KADM5_FAILURE (43787520L)
#define KADM5_AUTH_GET (43787521L)
#define KADM5_AUTH_ADD (43787522L)
#define KADM5_AUTH_MODIFY (43787523L)
#define KADM5_AUTH_DELETE (43787524L)
#define KADM5_AUTH_INSUFFICIENT (43787525L)
#define KADM5_BAD_DB (43787526L)
#define KADM5_DUP (43787527L)
#define KADM5_RPC_ERROR (43787528L)
#define KADM5_NO_SRV (43787529L)
#define KADM5_BAD_HIST_KEY (43787530L)
#define KADM5_NOT_INIT (43787531L)
#define KADM5_UNK_PRINC (43787532L)
#define KADM5_UNK_POLICY (43787533L)
#define KADM5_BAD_MASK (43787534L)
#define KADM5_BAD_CLASS (43787535L)