/* * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #ifndef __KADM5_ADMIN_H__ #define __KADM5_ADMIN_H__ #pragma ident "%Z%%M% %I% %E% SMI" #ifdef __cplusplus extern "C" { #endif /* * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * * Openvision retains the copyright to derivative works of * this source code. Do *NOT* create a derivative of this * source code before consulting with your legal department. * Do *NOT* integrate *ANY* of this source code into another * product before consulting with your legal department. * * For further information, read the top-level Openvision * copyright which is contained in the top-level MIT Kerberos * copyright. * * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * */ /* * lib/kadm5/admin.h * * Copyright 2001 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * * $Header$ */ #include #include #include #include #include #include #include #include #include #define KADM5_ADMIN_SERVICE_P "kadmin@admin" /* * Solaris Kerberos: * The kadmin/admin principal is unused on Solaris. This principal is used * in AUTH_GSSAPI but Solaris doesn't support AUTH_GSSAPI. RPCSEC_GSS can only * be used with host-based principals. * */ /* #define KADM5_ADMIN_SERVICE "kadmin/admin" */ #define KADM5_CHANGEPW_SERVICE_P "kadmin@changepw" #define KADM5_CHANGEPW_SERVICE "kadmin/changepw" #define KADM5_HIST_PRINCIPAL "kadmin/history" #define KADM5_ADMIN_HOST_SERVICE "kadmin" #define KADM5_CHANGEPW_HOST_SERVICE "changepw" #define KADM5_KIPROP_HOST_SERVICE "kiprop" typedef krb5_principal kadm5_princ_t; typedef char *kadm5_policy_t; typedef long kadm5_ret_t; typedef int rpc_int32; typedef unsigned int rpc_u_int32; #define KADM5_PW_FIRST_PROMPT \ (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT)) #define KADM5_PW_SECOND_PROMPT \ (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT)) /* * Successful return code */ #define KADM5_OK 0 /* * Field masks */ /* kadm5_principal_ent_t */ #define KADM5_PRINCIPAL 0x000001 #define KADM5_PRINC_EXPIRE_TIME 0x000002 #define KADM5_PW_EXPIRATION 0x000004 #define KADM5_LAST_PWD_CHANGE 0x000008 #define KADM5_ATTRIBUTES 0x000010 #define KADM5_MAX_LIFE 0x000020 #define KADM5_MOD_TIME 0x000040 #define KADM5_MOD_NAME 0x000080 #define KADM5_KVNO 0x000100 #define KADM5_MKVNO 0x000200 #define KADM5_AUX_ATTRIBUTES 0x000400 #define KADM5_POLICY 0x000800 #define KADM5_POLICY_CLR 0x001000 /* version 2 masks */ #define KADM5_MAX_RLIFE 0x002000 #define KADM5_LAST_SUCCESS 0x004000 #define KADM5_LAST_FAILED 0x008000 #define KADM5_FAIL_AUTH_COUNT 0x010000 #define KADM5_KEY_DATA 0x020000 #define KADM5_TL_DATA 0x040000 #ifdef notyet /* Novell */ #define KADM5_CPW_FUNCTION 0x080000 #define KADM5_RANDKEY_USED 0x100000 #endif #define KADM5_LOAD 0x200000 /* all but KEY_DATA and TL_DATA */ #define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff /* kadm5_policy_ent_t */ #define KADM5_PW_MAX_LIFE 0x004000 #define KADM5_PW_MIN_LIFE 0x008000 #define KADM5_PW_MIN_LENGTH 0x010000 #define KADM5_PW_MIN_CLASSES 0x020000 #define KADM5_PW_HISTORY_NUM 0x040000 #define KADM5_REF_COUNT 0x080000 /* kadm5_config_params */ #define KADM5_CONFIG_REALM 0x0000001 #define KADM5_CONFIG_DBNAME 0x0000002 #define KADM5_CONFIG_MKEY_NAME 0x0000004 #define KADM5_CONFIG_MAX_LIFE 0x0000008 #define KADM5_CONFIG_MAX_RLIFE 0x0000010 #define KADM5_CONFIG_EXPIRATION 0x0000020 #define KADM5_CONFIG_FLAGS 0x0000040 #define KADM5_CONFIG_ADMIN_KEYTAB 0x0000080 #define KADM5_CONFIG_STASH_FILE 0x0000100 #define KADM5_CONFIG_ENCTYPE 0x0000200 #define KADM5_CONFIG_ADBNAME 0x0000400 #define KADM5_CONFIG_ADB_LOCKFILE 0x0000800 #define KADM5_CONFIG_PROFILE 0x0001000 #define KADM5_CONFIG_ACL_FILE 0x0002000 #define KADM5_CONFIG_KADMIND_PORT 0x0004000 #define KADM5_CONFIG_ENCTYPES 0x0008000 #define KADM5_CONFIG_ADMIN_SERVER 0x0010000 #define KADM5_CONFIG_DICT_FILE 0x0020000 #define KADM5_CONFIG_MKEY_FROM_KBD 0x0040000 #define KADM5_CONFIG_KPASSWD_PORT 0x0080000 #define KADM5_CONFIG_KPASSWD_SERVER 0x0100000 #define KADM5_CONFIG_KPASSWD_PROTOCOL 0x0200000 #define KADM5_CONFIG_IPROP_ENABLED 0x0400000 #define KADM5_CONFIG_ULOG_SIZE 0x0800000 #define KADM5_CONFIG_POLL_TIME 0x1000000 /* password change constants */ #define KRB5_KPASSWD_SUCCESS 0 #define KRB5_KPASSWD_MALFORMED 1 #define KRB5_KPASSWD_HARDERROR 2 #define KRB5_KPASSWD_AUTHERROR 3 #define KRB5_KPASSWD_SOFTERROR 4 #define KRB5_KPASSWD_ACCESSDENIED 5 #define KRB5_KPASSWD_BAD_VERSION 6 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 #define KRB5_KPASSWD_POLICY_REJECT 8 #define KRB5_KPASSWD_BAD_PRINCIPAL 9 #define KRB5_KPASSWD_ETYPE_NOSUPP 10 /* * permission bits */ #define KADM5_PRIV_GET 0x01 #define KADM5_PRIV_ADD 0x02 #define KADM5_PRIV_MODIFY 0x04 #define KADM5_PRIV_DELETE 0x08 /* * API versioning constants */ #define KADM5_MASK_BITS 0xffffff00 #define KADM5_STRUCT_VERSION_MASK 0x12345600 #define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01) #define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1 #define KADM5_API_VERSION_MASK 0x12345700 #define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01) #define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02) #ifdef KRB5_DNS_LOOKUP /* * Name length constants for DNS lookups */ #define MAX_HOST_NAMELEN 256 #define MAX_DNS_NAMELEN (15*(MAX_HOST_NAMELEN + 1)+1) #endif /* KRB5_DNS_LOOKUP */ typedef struct _kadm5_principal_ent_t_v2 { krb5_principal principal; krb5_timestamp princ_expire_time; krb5_timestamp last_pwd_change; krb5_timestamp pw_expiration; krb5_deltat max_life; krb5_principal mod_name; krb5_timestamp mod_date; krb5_flags attributes; krb5_kvno kvno; krb5_kvno mkvno; char *policy; long aux_attributes; /* version 2 fields */ krb5_deltat max_renewable_life; krb5_timestamp last_success; krb5_timestamp last_failed; krb5_kvno fail_auth_count; krb5_int16 n_key_data; krb5_int16 n_tl_data; krb5_tl_data *tl_data; krb5_key_data *key_data; } kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2; typedef struct _kadm5_principal_ent_t_v1 { krb5_principal principal; krb5_timestamp princ_expire_time; krb5_timestamp last_pwd_change; krb5_timestamp pw_expiration; krb5_deltat max_life; krb5_principal mod_name; krb5_timestamp mod_date; krb5_flags attributes; krb5_kvno kvno; krb5_kvno mkvno; char *policy; long aux_attributes; } kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1; #if USE_KADM5_API_VERSION == 1 typedef struct _kadm5_principal_ent_t_v1 kadm5_principal_ent_rec, *kadm5_principal_ent_t; #else typedef struct _kadm5_principal_ent_t_v2 kadm5_principal_ent_rec, *kadm5_principal_ent_t; #endif typedef struct _kadm5_policy_ent_t { char *policy; long pw_min_life; long pw_max_life; long pw_min_length; long pw_min_classes; long pw_history_num; long policy_refcnt; } kadm5_policy_ent_rec, *kadm5_policy_ent_t; #if 0 /************** Begin IFDEF'ed OUT *******************************/ typedef struct __krb5_key_salt_tuple { krb5_enctype ks_enctype; krb5_int32 ks_salttype; } krb5_key_salt_tuple; #endif /**************** END IFDEF'ed OUT *******************************/ /* * New types to indicate which protocol to use when sending * password change requests */ typedef enum { KRB5_CHGPWD_RPCSEC, KRB5_CHGPWD_CHANGEPW_V2 } krb5_chgpwd_prot; /* * Data structure returned by kadm5_get_config_params() */ typedef struct _kadm5_config_params { long mask; char * realm; char * profile; int kadmind_port; int kpasswd_port; char * admin_server; #ifdef notyet /* Novell */ /* ABI change? */ char * kpasswd_server; #endif char * dbname; char * admin_dbname; char * admin_lockfile; char * admin_keytab; char * acl_file; char * dict_file; int mkey_from_kbd; char * stash_file; char * mkey_name; krb5_enctype enctype; krb5_deltat max_life; krb5_deltat max_rlife; krb5_timestamp expiration; krb5_flags flags; krb5_key_salt_tuple *keysalts; krb5_int32 num_keysalts; char *kpasswd_server; krb5_chgpwd_prot kpasswd_protocol; bool_t iprop_enabled; int iprop_ulogsize; char *iprop_polltime; } kadm5_config_params; /*********************************************************************** * This is the old krb5_realm_read_params, which I mutated into * kadm5_get_config_params but which old code (kdb5_* and krb5kdc) * still uses. ***********************************************************************/ /* * Data structure returned by krb5_read_realm_params() */ typedef struct __krb5_realm_params { char * realm_profile; char * realm_dbname; char * realm_mkey_name; char * realm_stash_file; char * realm_kdc_ports; char * realm_kdc_tcp_ports; char * realm_acl_file; krb5_int32 realm_kadmind_port; krb5_enctype realm_enctype; krb5_deltat realm_max_life; krb5_deltat realm_max_rlife; krb5_timestamp realm_expiration; krb5_flags realm_flags; krb5_key_salt_tuple *realm_keysalts; unsigned int realm_reject_bad_transit:1; unsigned int realm_kadmind_port_valid:1; unsigned int realm_enctype_valid:1; unsigned int realm_max_life_valid:1; unsigned int realm_max_rlife_valid:1; unsigned int realm_expiration_valid:1; unsigned int realm_flags_valid:1; unsigned int realm_reject_bad_transit_valid:1; krb5_int32 realm_num_keysalts; } krb5_realm_params; /* * functions */ kadm5_ret_t kadm5_get_adm_host_srv_name(krb5_context context, const char *realm, char **host_service_name); kadm5_ret_t kadm5_get_cpw_host_srv_name(krb5_context context, const char *realm, char **host_service_name); #if USE_KADM5_API_VERSION > 1 krb5_error_code kadm5_get_config_params(krb5_context context, char *kdcprofile, char *kdcenv, kadm5_config_params *params_in, kadm5_config_params *params_out); krb5_error_code kadm5_free_config_params(krb5_context context, kadm5_config_params *params); krb5_error_code kadm5_free_realm_params(krb5_context kcontext, kadm5_config_params *params); krb5_error_code kadm5_get_admin_service_name(krb5_context, char *, char *, size_t); #endif kadm5_ret_t kadm5_init(char *client_name, char *pass, char *service_name, #if USE_KADM5_API_VERSION == 1 char *realm, #else kadm5_config_params *params, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args, void **server_handle); kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, char *service_name, #if USE_KADM5_API_VERSION == 1 char *realm, #else kadm5_config_params *params, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args, void **server_handle); kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, char *service_name, #if USE_KADM5_API_VERSION == 1 char *realm, #else kadm5_config_params *params, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args, void **server_handle); #if USE_KADM5_API_VERSION > 1 kadm5_ret_t kadm5_init_with_creds(char *client_name, krb5_ccache cc, char *service_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args, void **server_handle); #endif kadm5_ret_t kadm5_lock(void *server_handle); kadm5_ret_t kadm5_unlock(void *server_handle); kadm5_ret_t kadm5_flush(void *server_handle); kadm5_ret_t kadm5_destroy(void *server_handle); kadm5_ret_t kadm5_create_principal(void *server_handle, kadm5_principal_ent_t ent, long mask, char *pass); kadm5_ret_t kadm5_create_principal_3(void *server_handle, kadm5_principal_ent_t ent, long mask, int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, char *pass); kadm5_ret_t kadm5_delete_principal(void *server_handle, krb5_principal principal); kadm5_ret_t kadm5_modify_principal(void *server_handle, kadm5_principal_ent_t ent, long mask); kadm5_ret_t kadm5_rename_principal(void *server_handle, krb5_principal,krb5_principal); #if USE_KADM5_API_VERSION == 1 kadm5_ret_t kadm5_get_principal(void *server_handle, krb5_principal principal, kadm5_principal_ent_t *ent); #else kadm5_ret_t kadm5_get_principal(void *server_handle, krb5_principal principal, kadm5_principal_ent_t ent, long mask); #endif kadm5_ret_t kadm5_chpass_principal(void *server_handle, krb5_principal principal, char *pass); kadm5_ret_t kadm5_chpass_principal_3(void *server_handle, krb5_principal principal, krb5_boolean keepold, int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, char *pass); #if USE_KADM5_API_VERSION == 1 kadm5_ret_t kadm5_randkey_principal(void *server_handle, krb5_principal principal, krb5_keyblock **keyblock); #else /* * Solaris Kerberos: * this routine is only implemented in the client library. */ kadm5_ret_t kadm5_randkey_principal_old(void *server_handle, krb5_principal principal, krb5_keyblock **keyblocks, int *n_keys); kadm5_ret_t kadm5_randkey_principal(void *server_handle, krb5_principal principal, krb5_keyblock **keyblocks, int *n_keys); kadm5_ret_t kadm5_randkey_principal_3(void *server_handle, krb5_principal principal, krb5_boolean keepold, int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, krb5_keyblock **keyblocks, int *n_keys); #endif kadm5_ret_t kadm5_setv4key_principal(void *server_handle, krb5_principal principal, krb5_keyblock *keyblock); kadm5_ret_t kadm5_setkey_principal(void *server_handle, krb5_principal principal, krb5_keyblock *keyblocks, int n_keys); kadm5_ret_t kadm5_setkey_principal_3(void *server_handle, krb5_principal principal, krb5_boolean keepold, int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, krb5_keyblock *keyblocks, int n_keys); kadm5_ret_t kadm5_decrypt_key(void *server_handle, kadm5_principal_ent_t entry, krb5_int32 ktype, krb5_int32 stype, krb5_int32 kvno, krb5_keyblock *keyblock, krb5_keysalt *keysalt, int *kvnop); kadm5_ret_t kadm5_create_policy(void *server_handle, kadm5_policy_ent_t ent, long mask); /* * kadm5_create_policy_internal is not part of the supported, * exposed API. It is available only in the server library, and you * shouldn't use it unless you know why it's there and how it's * different from kadm5_create_policy. */ kadm5_ret_t kadm5_create_policy_internal(void *server_handle, kadm5_policy_ent_t entry, long mask); kadm5_ret_t kadm5_delete_policy(void *server_handle, kadm5_policy_t policy); kadm5_ret_t kadm5_modify_policy(void *server_handle, kadm5_policy_ent_t ent, long mask); /* * kadm5_modify_policy_internal is not part of the supported, * exposed API. It is available only in the server library, and you * shouldn't use it unless you know why it's there and how it's * different from kadm5_modify_policy. */ kadm5_ret_t kadm5_modify_policy_internal(void *server_handle, kadm5_policy_ent_t entry, long mask); #if USE_KADM5_API_VERSION == 1 kadm5_ret_t kadm5_get_policy(void *server_handle, kadm5_policy_t policy, kadm5_policy_ent_t *ent); #else kadm5_ret_t kadm5_get_policy(void *server_handle, kadm5_policy_t policy, kadm5_policy_ent_t ent); #endif kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs); kadm5_ret_t kadm5_chpass_principal_util(void *server_handle, krb5_principal princ, char *new_pw, char **ret_pw, char *msg_ret, unsigned int msg_len); kadm5_ret_t kadm5_free_principal_ent(void *server_handle, kadm5_principal_ent_t ent); kadm5_ret_t kadm5_free_policy_ent(void *server_handle, kadm5_policy_ent_t ent); kadm5_ret_t kadm5_get_principals(void *server_handle, char *exp, char ***princs, int *count); kadm5_ret_t kadm5_get_policies(void *server_handle, char *exp, char ***pols, int *count); #if USE_KADM5_API_VERSION > 1 kadm5_ret_t kadm5_free_key_data(void *server_handle, krb5_int16 *n_key_data, krb5_key_data *key_data); #endif kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names, int count); krb5_error_code kadm5_init_krb5_context (krb5_context *); #if USE_KADM5_API_VERSION == 1 /* * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time * compatible with KADM5_API_VERSION_2. Basically, this means we have * to continue to provide all the old ovsec_kadm function and symbol * names. */ #define OVSEC_KADM_ACLFILE "/krb5/ovsec_adm.acl" #define OVSEC_KADM_WORDFILE "/krb5/ovsec_adm.dict" #define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin" #define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw" #define OVSEC_KADM_HIST_PRINCIPAL "ovsec_adm/history" typedef krb5_principal ovsec_kadm_princ_t; typedef krb5_keyblock ovsec_kadm_keyblock; typedef char *ovsec_kadm_policy_t; typedef long ovsec_kadm_ret_t; enum ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL }; enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL }; #define OVSEC_KADM_PW_FIRST_PROMPT \ ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT)) #define OVSEC_KADM_PW_SECOND_PROMPT \ ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT)) /* * Successful return code */ #define OVSEC_KADM_OK 0 /* * Create/Modify masks */ /* principal */ #define OVSEC_KADM_PRINCIPAL 0x000001 #define OVSEC_KADM_PRINC_EXPIRE_TIME 0x000002 #define OVSEC_KADM_PW_EXPIRATION 0x000004 #define OVSEC_KADM_LAST_PWD_CHANGE 0x000008 #define OVSEC_KADM_ATTRIBUTES 0x000010 #define OVSEC_KADM_MAX_LIFE 0x000020 #define OVSEC_KADM_MOD_TIME 0x000040 #define OVSEC_KADM_MOD_NAME 0x000080 #define OVSEC_KADM_KVNO 0x000100 #define OVSEC_KADM_MKVNO 0x000200 #define OVSEC_KADM_AUX_ATTRIBUTES 0x000400 #define OVSEC_KADM_POLICY 0x000800 #define OVSEC_KADM_POLICY_CLR 0x001000 /* policy */ #define OVSEC_KADM_PW_MAX_LIFE 0x004000 #define OVSEC_KADM_PW_MIN_LIFE 0x008000 #define OVSEC_KADM_PW_MIN_LENGTH 0x010000 #define OVSEC_KADM_PW_MIN_CLASSES 0x020000 #define OVSEC_KADM_PW_HISTORY_NUM 0x040000 #define OVSEC_KADM_REF_COUNT 0x080000 /* * permission bits */ #define OVSEC_KADM_PRIV_GET 0x01 #define OVSEC_KADM_PRIV_ADD 0x02 #define OVSEC_KADM_PRIV_MODIFY 0x04 #define OVSEC_KADM_PRIV_DELETE 0x08 /* * API versioning constants */ #define OVSEC_KADM_MASK_BITS 0xffffff00 #define OVSEC_KADM_STRUCT_VERSION_MASK 0x12345600 #define OVSEC_KADM_STRUCT_VERSION_1 (OVSEC_KADM_STRUCT_VERSION_MASK|0x01) #define OVSEC_KADM_STRUCT_VERSION OVSEC_KADM_STRUCT_VERSION_1 #define OVSEC_KADM_API_VERSION_MASK 0x12345700 #define OVSEC_KADM_API_VERSION_1 (OVSEC_KADM_API_VERSION_MASK|0x01) typedef struct _ovsec_kadm_principal_ent_t { krb5_principal principal; krb5_timestamp princ_expire_time; krb5_timestamp last_pwd_change; krb5_timestamp pw_expiration; krb5_deltat max_life; krb5_principal mod_name; krb5_timestamp mod_date; krb5_flags attributes; krb5_kvno kvno; krb5_kvno mkvno; char *policy; long aux_attributes; } ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t; typedef struct _ovsec_kadm_policy_ent_t { char *policy; long pw_min_life; long pw_max_life; long pw_min_length; long pw_min_classes; long pw_history_num; long policy_refcnt; } ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t; /* * functions */ ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass, char *service_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, char *pass, char *service_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, char ** db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *keytab, char *service_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle); ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle); ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle, ovsec_kadm_principal_ent_t ent, long mask, char *pass); ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle, krb5_principal principal); ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle, ovsec_kadm_principal_ent_t ent, long mask); ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle, krb5_principal,krb5_principal); ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle, krb5_principal principal, ovsec_kadm_principal_ent_t *ent); ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle, krb5_principal principal, char *pass); ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle, krb5_principal principal, krb5_keyblock **keyblock); ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle, ovsec_kadm_policy_ent_t ent, long mask); /* * ovsec_kadm_create_policy_internal is not part of the supported, * exposed API. It is available only in the server library, and you * shouldn't use it unless you know why it's there and how it's * different from ovsec_kadm_create_policy. */ ovsec_kadm_ret_t ovsec_kadm_create_policy_internal(void *server_handle, ovsec_kadm_policy_ent_t entry, long mask); ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle, ovsec_kadm_policy_t policy); ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle, ovsec_kadm_policy_ent_t ent, long mask); /* * ovsec_kadm_modify_policy_internal is not part of the supported, * exposed API. It is available only in the server library, and you * shouldn't use it unless you know why it's there and how it's * different from ovsec_kadm_modify_policy. */ ovsec_kadm_ret_t ovsec_kadm_modify_policy_internal(void *server_handle, ovsec_kadm_policy_ent_t entry, long mask); ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle, ovsec_kadm_policy_t policy, ovsec_kadm_policy_ent_t *ent); ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle, long *privs); ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle, krb5_principal princ, char *new_pw, char **ret_pw, char *msg_ret); ovsec_kadm_ret_t ovsec_kadm_free_principal_ent(void *server_handle, ovsec_kadm_principal_ent_t ent); ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle, ovsec_kadm_policy_ent_t ent); ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle, char **names, int count); ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle, char *exp, char ***princs, int *count); ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle, char *exp, char ***pols, int *count); #define OVSEC_KADM_FAILURE KADM5_FAILURE #define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET #define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD #define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY #define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE #define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT #define OVSEC_KADM_BAD_DB KADM5_BAD_DB #define OVSEC_KADM_DUP KADM5_DUP #define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR #define OVSEC_KADM_NO_SRV KADM5_NO_SRV #define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY #define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT #define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC #define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY #define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK #define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS #define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH #define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY #define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL #define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR #define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY #define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE #define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT #define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS #define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT #define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE #define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON #define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF #define OVSEC_KADM_INIT KADM5_INIT #define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD #define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL #define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE #define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION #define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION #define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION #define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION #define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION #define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION #define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION #define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION #define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING #define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT #endif /* USE_KADM5_API_VERSION == 1 */ #define MAXPRINCLEN 125 void trunc_name(size_t *len, char **dots); krb5_chgpwd_prot _kadm5_get_kpasswd_protocol(void *server_handle); kadm5_ret_t kadm5_chpass_principal_v2(void *server_handle, krb5_principal princ, char *new_password, kadm5_ret_t *srvr_rsp_code, krb5_data *srvr_msg); void handle_chpw(krb5_context context, int s, void *serverhandle, kadm5_config_params *params); #ifdef __cplusplus } #endif #endif /* __KADM5_ADMIN_H__ */