155682Smarkm/* 2233294Sstas * Copyright (c) 1997-2000 Kungliga Tekniska H��gskolan 3233294Sstas * (Royal Institute of Technology, Stockholm, Sweden). 4233294Sstas * All rights reserved. 555682Smarkm * 6233294Sstas * Redistribution and use in source and binary forms, with or without 7233294Sstas * modification, are permitted provided that the following conditions 8233294Sstas * are met: 955682Smarkm * 10233294Sstas * 1. Redistributions of source code must retain the above copyright 11233294Sstas * notice, this list of conditions and the following disclaimer. 1255682Smarkm * 13233294Sstas * 2. Redistributions in binary form must reproduce the above copyright 14233294Sstas * notice, this list of conditions and the following disclaimer in the 15233294Sstas * documentation and/or other materials provided with the distribution. 1655682Smarkm * 17233294Sstas * 3. Neither the name of the Institute nor the names of its contributors 18233294Sstas * may be used to endorse or promote products derived from this software 19233294Sstas * without specific prior written permission. 2055682Smarkm * 21233294Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22233294Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23233294Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24233294Sstas * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25233294Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26233294Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27233294Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28233294Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29233294Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30233294Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31233294Sstas * SUCH DAMAGE. 3255682Smarkm */ 33233294Sstas/* $Id$ */ 3455682Smarkm 3555682Smarkm#ifndef __KADM5_ADMIN_H__ 3655682Smarkm#define __KADM5_ADMIN_H__ 3755682Smarkm 3855682Smarkm#define KADM5_API_VERSION_1 1 3955682Smarkm#define KADM5_API_VERSION_2 2 4055682Smarkm 4155682Smarkm#ifndef USE_KADM5_API_VERSION 4255682Smarkm#define USE_KADM5_API_VERSION KADM5_API_VERSION_2 4355682Smarkm#endif 4455682Smarkm 4555682Smarkm#if USE_KADM5_API_VERSION != KADM5_API_VERSION_2 4655682Smarkm#error No support for API versions other than 2 4755682Smarkm#endif 4855682Smarkm 4955682Smarkm#define KADM5_STRUCT_VERSION 0 5055682Smarkm 5155682Smarkm#include <krb5.h> 5255682Smarkm 5355682Smarkm#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 5455682Smarkm#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 5555682Smarkm#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 5655682Smarkm#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 5755682Smarkm#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 5855682Smarkm#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 5955682Smarkm#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 6055682Smarkm#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 6155682Smarkm#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 6255682Smarkm#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 6355682Smarkm#define KRB5_KDB_DISALLOW_SVR 0x00001000 6455682Smarkm#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 6555682Smarkm#define KRB5_KDB_SUPPORT_DESMD5 0x00004000 6655682Smarkm#define KRB5_KDB_NEW_PRINC 0x00008000 67178825Sdfr#define KRB5_KDB_OK_AS_DELEGATE 0x00010000 68178825Sdfr#define KRB5_KDB_TRUSTED_FOR_DELEGATION 0x00020000 69178825Sdfr#define KRB5_KDB_ALLOW_KERBEROS4 0x00040000 70178825Sdfr#define KRB5_KDB_ALLOW_DIGEST 0x00080000 7155682Smarkm 7255682Smarkm#define KADM5_PRINCIPAL 0x000001 7355682Smarkm#define KADM5_PRINC_EXPIRE_TIME 0x000002 7455682Smarkm#define KADM5_PW_EXPIRATION 0x000004 7555682Smarkm#define KADM5_LAST_PWD_CHANGE 0x000008 7655682Smarkm#define KADM5_ATTRIBUTES 0x000010 7755682Smarkm#define KADM5_MAX_LIFE 0x000020 7855682Smarkm#define KADM5_MOD_TIME 0x000040 7955682Smarkm#define KADM5_MOD_NAME 0x000080 8055682Smarkm#define KADM5_KVNO 0x000100 8155682Smarkm#define KADM5_MKVNO 0x000200 8255682Smarkm#define KADM5_AUX_ATTRIBUTES 0x000400 8355682Smarkm#define KADM5_POLICY 0x000800 8455682Smarkm#define KADM5_POLICY_CLR 0x001000 8555682Smarkm#define KADM5_MAX_RLIFE 0x002000 8655682Smarkm#define KADM5_LAST_SUCCESS 0x004000 8755682Smarkm#define KADM5_LAST_FAILED 0x008000 8855682Smarkm#define KADM5_FAIL_AUTH_COUNT 0x010000 8955682Smarkm#define KADM5_KEY_DATA 0x020000 9055682Smarkm#define KADM5_TL_DATA 0x040000 9155682Smarkm 9255682Smarkm#define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA)) 9355682Smarkm 9455682Smarkm#define KADM5_PW_MAX_LIFE 0x004000 9555682Smarkm#define KADM5_PW_MIN_LIFE 0x008000 9655682Smarkm#define KADM5_PW_MIN_LENGTH 0x010000 9755682Smarkm#define KADM5_PW_MIN_CLASSES 0x020000 9855682Smarkm#define KADM5_PW_HISTORY_NUM 0x040000 9955682Smarkm#define KADM5_REF_COUNT 0x080000 10055682Smarkm 10155682Smarkm#define KADM5_POLICY_NORMAL_MASK (~0) 10255682Smarkm 10355682Smarkm#define KADM5_ADMIN_SERVICE "kadmin/admin" 10455682Smarkm#define KADM5_HIST_PRINCIPAL "kadmin/history" 10555682Smarkm#define KADM5_CHANGEPW_SERVICE "kadmin/changepw" 10655682Smarkm 107233294Sstastypedef struct { 10855682Smarkm int16_t key_data_ver; /* Version */ 10955682Smarkm int16_t key_data_kvno; /* Key Version */ 11055682Smarkm int16_t key_data_type[2]; /* Array of types */ 11155682Smarkm int16_t key_data_length[2]; /* Array of lengths */ 11272445Sassar void* key_data_contents[2];/* Array of pointers */ 11355682Smarkm} krb5_key_data; 11455682Smarkm 11555682Smarkmtypedef struct _krb5_tl_data { 11655682Smarkm struct _krb5_tl_data* tl_data_next; 117233294Sstas int16_t tl_data_type; 118233294Sstas int16_t tl_data_length; 119233294Sstas void* tl_data_contents; 12055682Smarkm} krb5_tl_data; 12155682Smarkm 122178825Sdfr#define KRB5_TL_LAST_PWD_CHANGE 0x0001 123178825Sdfr#define KRB5_TL_MOD_PRINC 0x0002 124178825Sdfr#define KRB5_TL_KADM_DATA 0x0003 125178825Sdfr#define KRB5_TL_KADM5_E_DATA 0x0004 126178825Sdfr#define KRB5_TL_RB1_CHALLENGE 0x0005 127178825Sdfr#define KRB5_TL_SECURID_STATE 0x0006 128178825Sdfr#define KRB5_TL_PASSWORD 0x0007 129178825Sdfr#define KRB5_TL_EXTENSION 0x0008 130178825Sdfr#define KRB5_TL_PKINIT_ACL 0x0009 131178825Sdfr#define KRB5_TL_ALIASES 0x000a 132178825Sdfr 13355682Smarkmtypedef struct _kadm5_principal_ent_t { 13455682Smarkm krb5_principal principal; 13555682Smarkm 13655682Smarkm krb5_timestamp princ_expire_time; 13755682Smarkm krb5_timestamp last_pwd_change; 13855682Smarkm krb5_timestamp pw_expiration; 13955682Smarkm krb5_deltat max_life; 14055682Smarkm krb5_principal mod_name; 14155682Smarkm krb5_timestamp mod_date; 14255682Smarkm krb5_flags attributes; 14355682Smarkm krb5_kvno kvno; 14455682Smarkm krb5_kvno mkvno; 14555682Smarkm 14655682Smarkm char * policy; 147178825Sdfr uint32_t aux_attributes; 14855682Smarkm 14955682Smarkm krb5_deltat max_renewable_life; 15055682Smarkm krb5_timestamp last_success; 15155682Smarkm krb5_timestamp last_failed; 15255682Smarkm krb5_kvno fail_auth_count; 15355682Smarkm int16_t n_key_data; 15455682Smarkm int16_t n_tl_data; 15555682Smarkm krb5_tl_data *tl_data; 15655682Smarkm krb5_key_data *key_data; 15755682Smarkm} kadm5_principal_ent_rec, *kadm5_principal_ent_t; 15855682Smarkm 15955682Smarkmtypedef struct _kadm5_policy_ent_t { 16055682Smarkm char *policy; 16155682Smarkm 162178825Sdfr uint32_t pw_min_life; 163178825Sdfr uint32_t pw_max_life; 164178825Sdfr uint32_t pw_min_length; 165178825Sdfr uint32_t pw_min_classes; 166178825Sdfr uint32_t pw_history_num; 167178825Sdfr uint32_t policy_refcnt; 16855682Smarkm} kadm5_policy_ent_rec, *kadm5_policy_ent_t; 16955682Smarkm 17055682Smarkm#define KADM5_CONFIG_REALM (1 << 0) 17155682Smarkm#define KADM5_CONFIG_PROFILE (1 << 1) 17255682Smarkm#define KADM5_CONFIG_KADMIND_PORT (1 << 2) 17355682Smarkm#define KADM5_CONFIG_ADMIN_SERVER (1 << 3) 17455682Smarkm#define KADM5_CONFIG_DBNAME (1 << 4) 17555682Smarkm#define KADM5_CONFIG_ADBNAME (1 << 5) 17655682Smarkm#define KADM5_CONFIG_ADB_LOCKFILE (1 << 6) 17755682Smarkm#define KADM5_CONFIG_ACL_FILE (1 << 7) 17855682Smarkm#define KADM5_CONFIG_DICT_FILE (1 << 8) 17955682Smarkm#define KADM5_CONFIG_ADMIN_KEYTAB (1 << 9) 18055682Smarkm#define KADM5_CONFIG_MKEY_FROM_KEYBOARD (1 << 10) 18155682Smarkm#define KADM5_CONFIG_STASH_FILE (1 << 11) 18255682Smarkm#define KADM5_CONFIG_MKEY_NAME (1 << 12) 18355682Smarkm#define KADM5_CONFIG_ENCTYPE (1 << 13) 18455682Smarkm#define KADM5_CONFIG_MAX_LIFE (1 << 14) 18555682Smarkm#define KADM5_CONFIG_MAX_RLIFE (1 << 15) 18655682Smarkm#define KADM5_CONFIG_EXPIRATION (1 << 16) 18755682Smarkm#define KADM5_CONFIG_FLAGS (1 << 17) 18855682Smarkm#define KADM5_CONFIG_ENCTYPES (1 << 18) 18955682Smarkm 19055682Smarkm#define KADM5_PRIV_GET (1 << 0) 19155682Smarkm#define KADM5_PRIV_ADD (1 << 1) 19255682Smarkm#define KADM5_PRIV_MODIFY (1 << 2) 19355682Smarkm#define KADM5_PRIV_DELETE (1 << 3) 19455682Smarkm#define KADM5_PRIV_LIST (1 << 4) 19555682Smarkm#define KADM5_PRIV_CPW (1 << 5) 19655682Smarkm#define KADM5_PRIV_ALL (KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW) 19755682Smarkm 19855682Smarkmtypedef struct { 19955682Smarkm int XXX; 20055682Smarkm}krb5_key_salt_tuple; 20155682Smarkm 20255682Smarkmtypedef struct _kadm5_config_params { 203178825Sdfr uint32_t mask; 20455682Smarkm 20555682Smarkm /* Client and server fields */ 20655682Smarkm char *realm; 20755682Smarkm int kadmind_port; 20855682Smarkm 20955682Smarkm /* client fields */ 21055682Smarkm char *admin_server; 21155682Smarkm 21255682Smarkm /* server fields */ 21355682Smarkm char *dbname; 21455682Smarkm char *acl_file; 21555682Smarkm 21655682Smarkm /* server library (database) fields */ 21755682Smarkm char *stash_file; 21855682Smarkm} kadm5_config_params; 21955682Smarkm 22055682Smarkmtypedef krb5_error_code kadm5_ret_t; 22155682Smarkm 22272445Sassar#include "kadm5-protos.h" 22355682Smarkm 22455682Smarkm#if 0 22555682Smarkm/* unimplemented functions */ 226233294Sstaskadm5_ret_t 22755682Smarkmkadm5_decrypt_key(void *server_handle, 22855682Smarkm kadm5_principal_ent_t entry, int32_t 22955682Smarkm ktype, int32_t stype, int32_t 23055682Smarkm kvno, krb5_keyblock *keyblock, 23155682Smarkm krb5_keysalt *keysalt, int *kvnop); 23255682Smarkm 23355682Smarkmkadm5_ret_t 23455682Smarkmkadm5_create_policy(void *server_handle, 235233294Sstas kadm5_policy_ent_t policy, uint32_t mask); 23655682Smarkm 23755682Smarkmkadm5_ret_t 23855682Smarkmkadm5_delete_policy(void *server_handle, char *policy); 23955682Smarkm 24055682Smarkm 24155682Smarkmkadm5_ret_t 24255682Smarkmkadm5_modify_policy(void *server_handle, 243233294Sstas kadm5_policy_ent_t policy, 244178825Sdfr uint32_t mask); 24555682Smarkm 24655682Smarkmkadm5_ret_t 247233294Sstaskadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); 24855682Smarkm 24955682Smarkmkadm5_ret_t 25055682Smarkmkadm5_get_policies(void *server_handle, char *exp, 25155682Smarkm char ***pols, int *count); 25255682Smarkm 253233294Sstasvoid 25455682Smarkmkadm5_free_policy_ent(kadm5_policy_ent_t policy); 25555682Smarkm 25655682Smarkm#endif 25755682Smarkm 25855682Smarkm#endif /* __KADM5_ADMIN_H__ */ 259