1b528cefcSMark Murray /* 2*ae771770SStanislav Sedov * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan 3b528cefcSMark Murray * (Royal Institute of Technology, Stockholm, Sweden). 4b528cefcSMark Murray * All rights reserved. 5b528cefcSMark Murray * 6b528cefcSMark Murray * Redistribution and use in source and binary forms, with or without 7b528cefcSMark Murray * modification, are permitted provided that the following conditions 8b528cefcSMark Murray * are met: 9b528cefcSMark Murray * 10b528cefcSMark Murray * 1. Redistributions of source code must retain the above copyright 11b528cefcSMark Murray * notice, this list of conditions and the following disclaimer. 12b528cefcSMark Murray * 13b528cefcSMark Murray * 2. Redistributions in binary form must reproduce the above copyright 14b528cefcSMark Murray * notice, this list of conditions and the following disclaimer in the 15b528cefcSMark Murray * documentation and/or other materials provided with the distribution. 16b528cefcSMark Murray * 17b528cefcSMark Murray * 3. Neither the name of the Institute nor the names of its contributors 18b528cefcSMark Murray * may be used to endorse or promote products derived from this software 19b528cefcSMark Murray * without specific prior written permission. 20b528cefcSMark Murray * 21b528cefcSMark Murray * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22b528cefcSMark Murray * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23b528cefcSMark Murray * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24b528cefcSMark Murray * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25b528cefcSMark Murray * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26b528cefcSMark Murray * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27b528cefcSMark Murray * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28b528cefcSMark Murray * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29b528cefcSMark Murray * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30b528cefcSMark Murray * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31b528cefcSMark Murray * SUCH DAMAGE. 32b528cefcSMark Murray */ 33*ae771770SStanislav Sedov /* $Id$ */ 34b528cefcSMark Murray 35b528cefcSMark Murray #ifndef __KADM5_ADMIN_H__ 36b528cefcSMark Murray #define __KADM5_ADMIN_H__ 37b528cefcSMark Murray 38b528cefcSMark Murray #define KADM5_API_VERSION_1 1 39b528cefcSMark Murray #define KADM5_API_VERSION_2 2 40b528cefcSMark Murray 41b528cefcSMark Murray #ifndef USE_KADM5_API_VERSION 42b528cefcSMark Murray #define USE_KADM5_API_VERSION KADM5_API_VERSION_2 43b528cefcSMark Murray #endif 44b528cefcSMark Murray 45b528cefcSMark Murray #if USE_KADM5_API_VERSION != KADM5_API_VERSION_2 46b528cefcSMark Murray #error No support for API versions other than 2 47b528cefcSMark Murray #endif 48b528cefcSMark Murray 49b528cefcSMark Murray #define KADM5_STRUCT_VERSION 0 50b528cefcSMark Murray 51b528cefcSMark Murray #include <krb5.h> 52b528cefcSMark Murray 53b528cefcSMark Murray #define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 54b528cefcSMark Murray #define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 55b528cefcSMark Murray #define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 56b528cefcSMark Murray #define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 57b528cefcSMark Murray #define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 58b528cefcSMark Murray #define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 59b528cefcSMark Murray #define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 60b528cefcSMark Murray #define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 61b528cefcSMark Murray #define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 62b528cefcSMark Murray #define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 63b528cefcSMark Murray #define KRB5_KDB_DISALLOW_SVR 0x00001000 64b528cefcSMark Murray #define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 65b528cefcSMark Murray #define KRB5_KDB_SUPPORT_DESMD5 0x00004000 66b528cefcSMark Murray #define KRB5_KDB_NEW_PRINC 0x00008000 67c19800e8SDoug Rabson #define KRB5_KDB_OK_AS_DELEGATE 0x00010000 68c19800e8SDoug Rabson #define KRB5_KDB_TRUSTED_FOR_DELEGATION 0x00020000 69c19800e8SDoug Rabson #define KRB5_KDB_ALLOW_KERBEROS4 0x00040000 70c19800e8SDoug Rabson #define KRB5_KDB_ALLOW_DIGEST 0x00080000 71b528cefcSMark Murray 72b528cefcSMark Murray #define KADM5_PRINCIPAL 0x000001 73b528cefcSMark Murray #define KADM5_PRINC_EXPIRE_TIME 0x000002 74b528cefcSMark Murray #define KADM5_PW_EXPIRATION 0x000004 75b528cefcSMark Murray #define KADM5_LAST_PWD_CHANGE 0x000008 76b528cefcSMark Murray #define KADM5_ATTRIBUTES 0x000010 77b528cefcSMark Murray #define KADM5_MAX_LIFE 0x000020 78b528cefcSMark Murray #define KADM5_MOD_TIME 0x000040 79b528cefcSMark Murray #define KADM5_MOD_NAME 0x000080 80b528cefcSMark Murray #define KADM5_KVNO 0x000100 81b528cefcSMark Murray #define KADM5_MKVNO 0x000200 82b528cefcSMark Murray #define KADM5_AUX_ATTRIBUTES 0x000400 83b528cefcSMark Murray #define KADM5_POLICY 0x000800 84b528cefcSMark Murray #define KADM5_POLICY_CLR 0x001000 85b528cefcSMark Murray #define KADM5_MAX_RLIFE 0x002000 86b528cefcSMark Murray #define KADM5_LAST_SUCCESS 0x004000 87b528cefcSMark Murray #define KADM5_LAST_FAILED 0x008000 88b528cefcSMark Murray #define KADM5_FAIL_AUTH_COUNT 0x010000 89b528cefcSMark Murray #define KADM5_KEY_DATA 0x020000 90b528cefcSMark Murray #define KADM5_TL_DATA 0x040000 91b528cefcSMark Murray 92b528cefcSMark Murray #define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA)) 93b528cefcSMark Murray 94b528cefcSMark Murray #define KADM5_PW_MAX_LIFE 0x004000 95b528cefcSMark Murray #define KADM5_PW_MIN_LIFE 0x008000 96b528cefcSMark Murray #define KADM5_PW_MIN_LENGTH 0x010000 97b528cefcSMark Murray #define KADM5_PW_MIN_CLASSES 0x020000 98b528cefcSMark Murray #define KADM5_PW_HISTORY_NUM 0x040000 99b528cefcSMark Murray #define KADM5_REF_COUNT 0x080000 100b528cefcSMark Murray 101b528cefcSMark Murray #define KADM5_POLICY_NORMAL_MASK (~0) 102b528cefcSMark Murray 103b528cefcSMark Murray #define KADM5_ADMIN_SERVICE "kadmin/admin" 104b528cefcSMark Murray #define KADM5_HIST_PRINCIPAL "kadmin/history" 105b528cefcSMark Murray #define KADM5_CHANGEPW_SERVICE "kadmin/changepw" 106b528cefcSMark Murray 107*ae771770SStanislav Sedov typedef struct { 108b528cefcSMark Murray int16_t key_data_ver; /* Version */ 109b528cefcSMark Murray int16_t key_data_kvno; /* Key Version */ 110b528cefcSMark Murray int16_t key_data_type[2]; /* Array of types */ 111b528cefcSMark Murray int16_t key_data_length[2]; /* Array of lengths */ 1125e9cd1aeSAssar Westerlund void* key_data_contents[2];/* Array of pointers */ 113b528cefcSMark Murray } krb5_key_data; 114b528cefcSMark Murray 115b528cefcSMark Murray typedef struct _krb5_tl_data { 116b528cefcSMark Murray struct _krb5_tl_data* tl_data_next; 117b528cefcSMark Murray int16_t tl_data_type; 118b528cefcSMark Murray int16_t tl_data_length; 1195e9cd1aeSAssar Westerlund void* tl_data_contents; 120b528cefcSMark Murray } krb5_tl_data; 121b528cefcSMark Murray 122c19800e8SDoug Rabson #define KRB5_TL_LAST_PWD_CHANGE 0x0001 123c19800e8SDoug Rabson #define KRB5_TL_MOD_PRINC 0x0002 124c19800e8SDoug Rabson #define KRB5_TL_KADM_DATA 0x0003 125c19800e8SDoug Rabson #define KRB5_TL_KADM5_E_DATA 0x0004 126c19800e8SDoug Rabson #define KRB5_TL_RB1_CHALLENGE 0x0005 127c19800e8SDoug Rabson #define KRB5_TL_SECURID_STATE 0x0006 128c19800e8SDoug Rabson #define KRB5_TL_PASSWORD 0x0007 129c19800e8SDoug Rabson #define KRB5_TL_EXTENSION 0x0008 130c19800e8SDoug Rabson #define KRB5_TL_PKINIT_ACL 0x0009 131c19800e8SDoug Rabson #define KRB5_TL_ALIASES 0x000a 132c19800e8SDoug Rabson 133b528cefcSMark Murray typedef struct _kadm5_principal_ent_t { 134b528cefcSMark Murray krb5_principal principal; 135b528cefcSMark Murray 136b528cefcSMark Murray krb5_timestamp princ_expire_time; 137b528cefcSMark Murray krb5_timestamp last_pwd_change; 138b528cefcSMark Murray krb5_timestamp pw_expiration; 139b528cefcSMark Murray krb5_deltat max_life; 140b528cefcSMark Murray krb5_principal mod_name; 141b528cefcSMark Murray krb5_timestamp mod_date; 142b528cefcSMark Murray krb5_flags attributes; 143b528cefcSMark Murray krb5_kvno kvno; 144b528cefcSMark Murray krb5_kvno mkvno; 145b528cefcSMark Murray 146b528cefcSMark Murray char * policy; 147c19800e8SDoug Rabson uint32_t aux_attributes; 148b528cefcSMark Murray 149b528cefcSMark Murray krb5_deltat max_renewable_life; 150b528cefcSMark Murray krb5_timestamp last_success; 151b528cefcSMark Murray krb5_timestamp last_failed; 152b528cefcSMark Murray krb5_kvno fail_auth_count; 153b528cefcSMark Murray int16_t n_key_data; 154b528cefcSMark Murray int16_t n_tl_data; 155b528cefcSMark Murray krb5_tl_data *tl_data; 156b528cefcSMark Murray krb5_key_data *key_data; 157b528cefcSMark Murray } kadm5_principal_ent_rec, *kadm5_principal_ent_t; 158b528cefcSMark Murray 159b528cefcSMark Murray typedef struct _kadm5_policy_ent_t { 160b528cefcSMark Murray char *policy; 161b528cefcSMark Murray 162c19800e8SDoug Rabson uint32_t pw_min_life; 163c19800e8SDoug Rabson uint32_t pw_max_life; 164c19800e8SDoug Rabson uint32_t pw_min_length; 165c19800e8SDoug Rabson uint32_t pw_min_classes; 166c19800e8SDoug Rabson uint32_t pw_history_num; 167c19800e8SDoug Rabson uint32_t policy_refcnt; 168b528cefcSMark Murray } kadm5_policy_ent_rec, *kadm5_policy_ent_t; 169b528cefcSMark Murray 170b528cefcSMark Murray #define KADM5_CONFIG_REALM (1 << 0) 171b528cefcSMark Murray #define KADM5_CONFIG_PROFILE (1 << 1) 172b528cefcSMark Murray #define KADM5_CONFIG_KADMIND_PORT (1 << 2) 173b528cefcSMark Murray #define KADM5_CONFIG_ADMIN_SERVER (1 << 3) 174b528cefcSMark Murray #define KADM5_CONFIG_DBNAME (1 << 4) 175b528cefcSMark Murray #define KADM5_CONFIG_ADBNAME (1 << 5) 176b528cefcSMark Murray #define KADM5_CONFIG_ADB_LOCKFILE (1 << 6) 177b528cefcSMark Murray #define KADM5_CONFIG_ACL_FILE (1 << 7) 178b528cefcSMark Murray #define KADM5_CONFIG_DICT_FILE (1 << 8) 179b528cefcSMark Murray #define KADM5_CONFIG_ADMIN_KEYTAB (1 << 9) 180b528cefcSMark Murray #define KADM5_CONFIG_MKEY_FROM_KEYBOARD (1 << 10) 181b528cefcSMark Murray #define KADM5_CONFIG_STASH_FILE (1 << 11) 182b528cefcSMark Murray #define KADM5_CONFIG_MKEY_NAME (1 << 12) 183b528cefcSMark Murray #define KADM5_CONFIG_ENCTYPE (1 << 13) 184b528cefcSMark Murray #define KADM5_CONFIG_MAX_LIFE (1 << 14) 185b528cefcSMark Murray #define KADM5_CONFIG_MAX_RLIFE (1 << 15) 186b528cefcSMark Murray #define KADM5_CONFIG_EXPIRATION (1 << 16) 187b528cefcSMark Murray #define KADM5_CONFIG_FLAGS (1 << 17) 188b528cefcSMark Murray #define KADM5_CONFIG_ENCTYPES (1 << 18) 189b528cefcSMark Murray 190b528cefcSMark Murray #define KADM5_PRIV_GET (1 << 0) 191b528cefcSMark Murray #define KADM5_PRIV_ADD (1 << 1) 192b528cefcSMark Murray #define KADM5_PRIV_MODIFY (1 << 2) 193b528cefcSMark Murray #define KADM5_PRIV_DELETE (1 << 3) 194b528cefcSMark Murray #define KADM5_PRIV_LIST (1 << 4) 195b528cefcSMark Murray #define KADM5_PRIV_CPW (1 << 5) 196b528cefcSMark Murray #define KADM5_PRIV_ALL (KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW) 197b528cefcSMark Murray 198b528cefcSMark Murray typedef struct { 199b528cefcSMark Murray int XXX; 200b528cefcSMark Murray }krb5_key_salt_tuple; 201b528cefcSMark Murray 202b528cefcSMark Murray typedef struct _kadm5_config_params { 203c19800e8SDoug Rabson uint32_t mask; 204b528cefcSMark Murray 205b528cefcSMark Murray /* Client and server fields */ 206b528cefcSMark Murray char *realm; 207b528cefcSMark Murray int kadmind_port; 208b528cefcSMark Murray 209b528cefcSMark Murray /* client fields */ 210b528cefcSMark Murray char *admin_server; 211b528cefcSMark Murray 212b528cefcSMark Murray /* server fields */ 213b528cefcSMark Murray char *dbname; 214b528cefcSMark Murray char *acl_file; 215b528cefcSMark Murray 216b528cefcSMark Murray /* server library (database) fields */ 217b528cefcSMark Murray char *stash_file; 218b528cefcSMark Murray } kadm5_config_params; 219b528cefcSMark Murray 220b528cefcSMark Murray typedef krb5_error_code kadm5_ret_t; 221b528cefcSMark Murray 2225e9cd1aeSAssar Westerlund #include "kadm5-protos.h" 223b528cefcSMark Murray 224b528cefcSMark Murray #if 0 225b528cefcSMark Murray /* unimplemented functions */ 226b528cefcSMark Murray kadm5_ret_t 227b528cefcSMark Murray kadm5_decrypt_key(void *server_handle, 228b528cefcSMark Murray kadm5_principal_ent_t entry, int32_t 229b528cefcSMark Murray ktype, int32_t stype, int32_t 230b528cefcSMark Murray kvno, krb5_keyblock *keyblock, 231b528cefcSMark Murray krb5_keysalt *keysalt, int *kvnop); 232b528cefcSMark Murray 233b528cefcSMark Murray kadm5_ret_t 234b528cefcSMark Murray kadm5_create_policy(void *server_handle, 235c19800e8SDoug Rabson kadm5_policy_ent_t policy, uint32_t mask); 236b528cefcSMark Murray 237b528cefcSMark Murray kadm5_ret_t 238b528cefcSMark Murray kadm5_delete_policy(void *server_handle, char *policy); 239b528cefcSMark Murray 240b528cefcSMark Murray 241b528cefcSMark Murray kadm5_ret_t 242b528cefcSMark Murray kadm5_modify_policy(void *server_handle, 243b528cefcSMark Murray kadm5_policy_ent_t policy, 244c19800e8SDoug Rabson uint32_t mask); 245b528cefcSMark Murray 246b528cefcSMark Murray kadm5_ret_t 247b528cefcSMark Murray kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); 248b528cefcSMark Murray 249b528cefcSMark Murray kadm5_ret_t 250b528cefcSMark Murray kadm5_get_policies(void *server_handle, char *exp, 251b528cefcSMark Murray char ***pols, int *count); 252b528cefcSMark Murray 253b528cefcSMark Murray void 254b528cefcSMark Murray kadm5_free_policy_ent(kadm5_policy_ent_t policy); 255b528cefcSMark Murray 256b528cefcSMark Murray #endif 257b528cefcSMark Murray 258b528cefcSMark Murray #endif /* __KADM5_ADMIN_H__ */ 259