admin.h revision 178826
163899Sarchie/* 263899Sarchie * Copyright (c) 1997-2000 Kungliga Tekniska H�gskolan 363899Sarchie * (Royal Institute of Technology, Stockholm, Sweden). 463899Sarchie * All rights reserved. 563899Sarchie * 663899Sarchie * Redistribution and use in source and binary forms, with or without 763899Sarchie * modification, are permitted provided that the following conditions 863899Sarchie * are met: 963899Sarchie * 1063899Sarchie * 1. Redistributions of source code must retain the above copyright 1163899Sarchie * notice, this list of conditions and the following disclaimer. 1263899Sarchie * 1363899Sarchie * 2. Redistributions in binary form must reproduce the above copyright 1463899Sarchie * notice, this list of conditions and the following disclaimer in the 1563899Sarchie * documentation and/or other materials provided with the distribution. 1663899Sarchie * 1763899Sarchie * 3. Neither the name of the Institute nor the names of its contributors 1863899Sarchie * may be used to endorse or promote products derived from this software 1963899Sarchie * without specific prior written permission. 2063899Sarchie * 2163899Sarchie * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 2263899Sarchie * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2363899Sarchie * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2463899Sarchie * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 2563899Sarchie * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2663899Sarchie * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2763899Sarchie * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2863899Sarchie * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2963899Sarchie * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3063899Sarchie * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3163899Sarchie * SUCH DAMAGE. 3263899Sarchie */ 3363899Sarchie/* $Id: admin.h 20237 2007-02-16 23:54:34Z lha $ */ 3463899Sarchie 3563899Sarchie#ifndef __KADM5_ADMIN_H__ 3663899Sarchie#define __KADM5_ADMIN_H__ 3763899Sarchie 3863899Sarchie#define KADM5_API_VERSION_1 1 3963899Sarchie#define KADM5_API_VERSION_2 2 4063899Sarchie 4163899Sarchie#ifndef USE_KADM5_API_VERSION 4263899Sarchie#define USE_KADM5_API_VERSION KADM5_API_VERSION_2 4363899Sarchie#endif 4463899Sarchie 4563899Sarchie#if USE_KADM5_API_VERSION != KADM5_API_VERSION_2 4663899Sarchie#error No support for API versions other than 2 4763899Sarchie#endif 4863899Sarchie 4963899Sarchie#define KADM5_STRUCT_VERSION 0 5063899Sarchie 5163899Sarchie#include <krb5.h> 5263899Sarchie 5363899Sarchie#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 5463899Sarchie#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 5563899Sarchie#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 5663899Sarchie#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 5763899Sarchie#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 5863899Sarchie#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 5963899Sarchie#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 6063899Sarchie#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 6163899Sarchie#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 6263899Sarchie#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 6363899Sarchie#define KRB5_KDB_DISALLOW_SVR 0x00001000 6463899Sarchie#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 6563899Sarchie#define KRB5_KDB_SUPPORT_DESMD5 0x00004000 6684195Sdillon#define KRB5_KDB_NEW_PRINC 0x00008000 6784195Sdillon#define KRB5_KDB_OK_AS_DELEGATE 0x00010000 6884195Sdillon#define KRB5_KDB_TRUSTED_FOR_DELEGATION 0x00020000 6963899Sarchie#define KRB5_KDB_ALLOW_KERBEROS4 0x00040000 7063899Sarchie#define KRB5_KDB_ALLOW_DIGEST 0x00080000 7163899Sarchie 7263899Sarchie#define KADM5_PRINCIPAL 0x000001 7399207Sbrian#define KADM5_PRINC_EXPIRE_TIME 0x000002 7463899Sarchie#define KADM5_PW_EXPIRATION 0x000004 7563899Sarchie#define KADM5_LAST_PWD_CHANGE 0x000008 7699207Sbrian#define KADM5_ATTRIBUTES 0x000010 7799207Sbrian#define KADM5_MAX_LIFE 0x000020 7863899Sarchie#define KADM5_MOD_TIME 0x000040 7963899Sarchie#define KADM5_MOD_NAME 0x000080 8063899Sarchie#define KADM5_KVNO 0x000100 8163899Sarchie#define KADM5_MKVNO 0x000200 8263899Sarchie#define KADM5_AUX_ATTRIBUTES 0x000400 8399207Sbrian#define KADM5_POLICY 0x000800 8463899Sarchie#define KADM5_POLICY_CLR 0x001000 8563899Sarchie#define KADM5_MAX_RLIFE 0x002000 8663899Sarchie#define KADM5_LAST_SUCCESS 0x004000 8763899Sarchie#define KADM5_LAST_FAILED 0x008000 8863899Sarchie#define KADM5_FAIL_AUTH_COUNT 0x010000 8963899Sarchie#define KADM5_KEY_DATA 0x020000 9063899Sarchie#define KADM5_TL_DATA 0x040000 9163899Sarchie 9263899Sarchie#define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA)) 9363899Sarchie 9463899Sarchie#define KADM5_PW_MAX_LIFE 0x004000 9563899Sarchie#define KADM5_PW_MIN_LIFE 0x008000 9663899Sarchie#define KADM5_PW_MIN_LENGTH 0x010000 9763899Sarchie#define KADM5_PW_MIN_CLASSES 0x020000 9899207Sbrian#define KADM5_PW_HISTORY_NUM 0x040000 9963899Sarchie#define KADM5_REF_COUNT 0x080000 10063899Sarchie 101145921Sglebius#define KADM5_POLICY_NORMAL_MASK (~0) 102145921Sglebius 103145921Sglebius#define KADM5_ADMIN_SERVICE "kadmin/admin" 104145921Sglebius#define KADM5_HIST_PRINCIPAL "kadmin/history" 105145921Sglebius#define KADM5_CHANGEPW_SERVICE "kadmin/changepw" 10663899Sarchie 10763899Sarchietypedef struct _krb5_key_data { 108145921Sglebius int16_t key_data_ver; /* Version */ 109145921Sglebius int16_t key_data_kvno; /* Key Version */ 11063899Sarchie int16_t key_data_type[2]; /* Array of types */ 11163899Sarchie int16_t key_data_length[2]; /* Array of lengths */ 11263899Sarchie void* key_data_contents[2];/* Array of pointers */ 11363899Sarchie} krb5_key_data; 11463899Sarchie 11563899Sarchietypedef struct _krb5_tl_data { 116145921Sglebius struct _krb5_tl_data* tl_data_next; 117145921Sglebius int16_t tl_data_type; 118145921Sglebius int16_t tl_data_length; 119145921Sglebius void* tl_data_contents; 12063899Sarchie} krb5_tl_data; 121145921Sglebius 12263899Sarchie#define KRB5_TL_LAST_PWD_CHANGE 0x0001 12399207Sbrian#define KRB5_TL_MOD_PRINC 0x0002 12499207Sbrian#define KRB5_TL_KADM_DATA 0x0003 12563899Sarchie#define KRB5_TL_KADM5_E_DATA 0x0004 12663899Sarchie#define KRB5_TL_RB1_CHALLENGE 0x0005 12763899Sarchie#define KRB5_TL_SECURID_STATE 0x0006 12863899Sarchie#define KRB5_TL_PASSWORD 0x0007 12965892Sru#define KRB5_TL_EXTENSION 0x0008 13071796Sbrian#define KRB5_TL_PKINIT_ACL 0x0009 13163899Sarchie#define KRB5_TL_ALIASES 0x000a 132127094Sdes 133127094Sdestypedef struct _kadm5_principal_ent_t { 13463899Sarchie krb5_principal principal; 135127094Sdes 136127094Sdes krb5_timestamp princ_expire_time; 137127094Sdes krb5_timestamp last_pwd_change; 138127094Sdes krb5_timestamp pw_expiration; 139127094Sdes krb5_deltat max_life; 140127094Sdes krb5_principal mod_name; 141127094Sdes krb5_timestamp mod_date; 142127094Sdes krb5_flags attributes; 143131613Sdes krb5_kvno kvno; 144127094Sdes krb5_kvno mkvno; 145127094Sdes 14663899Sarchie char * policy; 147131613Sdes uint32_t aux_attributes; 14863899Sarchie 14963899Sarchie krb5_deltat max_renewable_life; 15065892Sru krb5_timestamp last_success; 151124621Sphk krb5_timestamp last_failed; 152131614Sdes krb5_kvno fail_auth_count; 153127094Sdes int16_t n_key_data; 154127094Sdes int16_t n_tl_data; 15563899Sarchie krb5_tl_data *tl_data; 156127094Sdes krb5_key_data *key_data; 157127094Sdes} kadm5_principal_ent_rec, *kadm5_principal_ent_t; 158127094Sdes 159127094Sdestypedef struct _kadm5_policy_ent_t { 160127094Sdes char *policy; 161127094Sdes 162127094Sdes uint32_t pw_min_life; 163127094Sdes uint32_t pw_max_life; 164127094Sdes uint32_t pw_min_length; 165131614Sdes uint32_t pw_min_classes; 166127094Sdes uint32_t pw_history_num; 16763899Sarchie uint32_t policy_refcnt; 168127094Sdes} kadm5_policy_ent_rec, *kadm5_policy_ent_t; 169131699Sdes 170127094Sdes#define KADM5_CONFIG_REALM (1 << 0) 171127094Sdes#define KADM5_CONFIG_PROFILE (1 << 1) 172127094Sdes#define KADM5_CONFIG_KADMIND_PORT (1 << 2) 17363899Sarchie#define KADM5_CONFIG_ADMIN_SERVER (1 << 3) 174127094Sdes#define KADM5_CONFIG_DBNAME (1 << 4) 175127094Sdes#define KADM5_CONFIG_ADBNAME (1 << 5) 17663899Sarchie#define KADM5_CONFIG_ADB_LOCKFILE (1 << 6) 177131613Sdes#define KADM5_CONFIG_ACL_FILE (1 << 7) 17863899Sarchie#define KADM5_CONFIG_DICT_FILE (1 << 8) 179127094Sdes#define KADM5_CONFIG_ADMIN_KEYTAB (1 << 9) 180127094Sdes#define KADM5_CONFIG_MKEY_FROM_KEYBOARD (1 << 10) 18163899Sarchie#define KADM5_CONFIG_STASH_FILE (1 << 11) 182127094Sdes#define KADM5_CONFIG_MKEY_NAME (1 << 12) 183127094Sdes#define KADM5_CONFIG_ENCTYPE (1 << 13) 18463899Sarchie#define KADM5_CONFIG_MAX_LIFE (1 << 14) 185131614Sdes#define KADM5_CONFIG_MAX_RLIFE (1 << 15) 186127094Sdes#define KADM5_CONFIG_EXPIRATION (1 << 16) 187127094Sdes#define KADM5_CONFIG_FLAGS (1 << 17) 188127094Sdes#define KADM5_CONFIG_ENCTYPES (1 << 18) 189127094Sdes 19063899Sarchie#define KADM5_PRIV_GET (1 << 0) 191127094Sdes#define KADM5_PRIV_ADD (1 << 1) 192127094Sdes#define KADM5_PRIV_MODIFY (1 << 2) 19363899Sarchie#define KADM5_PRIV_DELETE (1 << 3) 194127094Sdes#define KADM5_PRIV_LIST (1 << 4) 195127094Sdes#define KADM5_PRIV_CPW (1 << 5) 196127094Sdes#define KADM5_PRIV_ALL (KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW) 197127094Sdes 198127094Sdestypedef struct { 199127094Sdes int XXX; 200127094Sdes}krb5_key_salt_tuple; 201127094Sdes 202127094Sdestypedef struct _kadm5_config_params { 203127094Sdes uint32_t mask; 204127094Sdes 205127094Sdes /* Client and server fields */ 206127094Sdes char *realm; 207127094Sdes int kadmind_port; 208127094Sdes 209127094Sdes /* client fields */ 210127094Sdes char *admin_server; 211127094Sdes 212127094Sdes /* server fields */ 213127094Sdes char *dbname; 214127094Sdes char *acl_file; 215127094Sdes 216127094Sdes /* server library (database) fields */ 217127094Sdes char *stash_file; 218127094Sdes} kadm5_config_params; 219127094Sdes 220127094Sdestypedef krb5_error_code kadm5_ret_t; 221127094Sdes 222127094Sdes#include "kadm5-protos.h" 223127094Sdes 224127094Sdes#if 0 225127094Sdes/* unimplemented functions */ 226127094Sdeskadm5_ret_t 22763899Sarchiekadm5_decrypt_key(void *server_handle, 228127094Sdes kadm5_principal_ent_t entry, int32_t 229127094Sdes ktype, int32_t stype, int32_t 230127094Sdes kvno, krb5_keyblock *keyblock, 231127094Sdes krb5_keysalt *keysalt, int *kvnop); 232127094Sdes 233127094Sdeskadm5_ret_t 234127094Sdeskadm5_create_policy(void *server_handle, 235127094Sdes kadm5_policy_ent_t policy, uint32_t mask); 236127094Sdes 237127094Sdeskadm5_ret_t 238127094Sdeskadm5_delete_policy(void *server_handle, char *policy); 239127094Sdes 240127094Sdes 241127094Sdeskadm5_ret_t 242127094Sdeskadm5_modify_policy(void *server_handle, 24363899Sarchie kadm5_policy_ent_t policy, 244127094Sdes uint32_t mask); 245127094Sdes 24663899Sarchiekadm5_ret_t 247127094Sdeskadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); 24863899Sarchie 249127094Sdeskadm5_ret_t 250127094Sdeskadm5_get_policies(void *server_handle, char *exp, 251127094Sdes char ***pols, int *count); 252127094Sdes 253127094Sdesvoid 254127094Sdeskadm5_free_policy_ent(kadm5_policy_ent_t policy); 255127094Sdes 256131614Sdes#endif 257127094Sdes 258127094Sdes#endif /* __KADM5_ADMIN_H__ */ 259131614Sdes