summaryrefslogtreecommitdiff
path: root/usr/src/lib/krb5/kadm5/admin.h
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/lib/krb5/kadm5/admin.h')
-rw-r--r--usr/src/lib/krb5/kadm5/admin.h565
1 files changed, 439 insertions, 126 deletions
diff --git a/usr/src/lib/krb5/kadm5/admin.h b/usr/src/lib/krb5/kadm5/admin.h
index ce78ab0bb3..d4d98c66f9 100644
--- a/usr/src/lib/krb5/kadm5/admin.h
+++ b/usr/src/lib/krb5/kadm5/admin.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -28,12 +28,36 @@ extern "C" {
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
*/
-
-
+/*
+ * lib/kadm5/admin.h
+ *
+ * Copyright 2001 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin.h,v 1.43.2.1 2000/05/19 22:24:14 raeburn Exp $
+ * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin.h,v 1.54 2004/08/21 02:31:09 tlyu Exp $
*/
#include <sys/types.h>
@@ -46,14 +70,14 @@ extern "C" {
#include <kadm5/adb_err.h>
#include <kadm5/chpass_util_strings.h>
-#define KADM5_ADMIN_SERVICE_P "kadmin@admin"
-#define KADM5_ADMIN_SERVICE "kadmin/admin"
-#define KADM5_CHANGEPW_SERVICE_P "kadmin@changepw"
-#define KADM5_CHANGEPW_SERVICE "kadmin/changepw"
-#define KADM5_HIST_PRINCIPAL "kadmin/history"
-#define KADM5_ADMIN_HOST_SERVICE "kadmin"
-#define KADM5_CHANGEPW_HOST_SERVICE "changepw"
-#define KADM5_KIPROP_HOST_SERVICE "kiprop"
+#define KADM5_ADMIN_SERVICE_P "kadmin@admin"
+#define KADM5_ADMIN_SERVICE "kadmin/admin"
+#define KADM5_CHANGEPW_SERVICE_P "kadmin@changepw"
+#define KADM5_CHANGEPW_SERVICE "kadmin/changepw"
+#define KADM5_HIST_PRINCIPAL "kadmin/history"
+#define KADM5_ADMIN_HOST_SERVICE "kadmin"
+#define KADM5_CHANGEPW_HOST_SERVICE "changepw"
+#define KADM5_KIPROP_HOST_SERVICE "kiprop"
typedef krb5_principal kadm5_princ_t;
typedef char *kadm5_policy_t;
@@ -61,51 +85,51 @@ typedef long kadm5_ret_t;
typedef int rpc_int32;
typedef unsigned int rpc_u_int32;
-#define KADM5_PW_FIRST_PROMPT \
- ((char *)error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
-#define KADM5_PW_SECOND_PROMPT \
- ((char *)error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
+#define KADM5_PW_FIRST_PROMPT \
+ (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
+#define KADM5_PW_SECOND_PROMPT \
+ (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
/*
- * Succsessfull return code
+ * Successful return code
*/
-#define KADM5_OK 0
+#define KADM5_OK 0
/*
* Field masks
*/
/* kadm5_principal_ent_t */
-#define KADM5_PRINCIPAL 0x000001
-#define KADM5_PRINC_EXPIRE_TIME 0x000002
-#define KADM5_PW_EXPIRATION 0x000004
-#define KADM5_LAST_PWD_CHANGE 0x000008
-#define KADM5_ATTRIBUTES 0x000010
-#define KADM5_MAX_LIFE 0x000020
-#define KADM5_MOD_TIME 0x000040
-#define KADM5_MOD_NAME 0x000080
-#define KADM5_KVNO 0x000100
-#define KADM5_MKVNO 0x000200
-#define KADM5_AUX_ATTRIBUTES 0x000400
-#define KADM5_POLICY 0x000800
-#define KADM5_POLICY_CLR 0x001000
+#define KADM5_PRINCIPAL 0x000001
+#define KADM5_PRINC_EXPIRE_TIME 0x000002
+#define KADM5_PW_EXPIRATION 0x000004
+#define KADM5_LAST_PWD_CHANGE 0x000008
+#define KADM5_ATTRIBUTES 0x000010
+#define KADM5_MAX_LIFE 0x000020
+#define KADM5_MOD_TIME 0x000040
+#define KADM5_MOD_NAME 0x000080
+#define KADM5_KVNO 0x000100
+#define KADM5_MKVNO 0x000200
+#define KADM5_AUX_ATTRIBUTES 0x000400
+#define KADM5_POLICY 0x000800
+#define KADM5_POLICY_CLR 0x001000
/* version 2 masks */
-#define KADM5_MAX_RLIFE 0x002000
-#define KADM5_LAST_SUCCESS 0x004000
-#define KADM5_LAST_FAILED 0x008000
-#define KADM5_FAIL_AUTH_COUNT 0x010000
-#define KADM5_KEY_DATA 0x020000
-#define KADM5_TL_DATA 0x040000
+#define KADM5_MAX_RLIFE 0x002000
+#define KADM5_LAST_SUCCESS 0x004000
+#define KADM5_LAST_FAILED 0x008000
+#define KADM5_FAIL_AUTH_COUNT 0x010000
+#define KADM5_KEY_DATA 0x020000
+#define KADM5_TL_DATA 0x040000
/* all but KEY_DATA and TL_DATA */
-#define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff
+#define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff
/* kadm5_policy_ent_t */
-#define KADM5_PW_MAX_LIFE 0x004000
-#define KADM5_PW_MIN_LIFE 0x008000
-#define KADM5_PW_MIN_LENGTH 0x010000
-#define KADM5_PW_MIN_CLASSES 0x020000
-#define KADM5_PW_HISTORY_NUM 0x040000
-#define KADM5_REF_COUNT 0x080000
+#define KADM5_PW_MAX_LIFE 0x004000
+#define KADM5_PW_MIN_LIFE 0x008000
+#define KADM5_PW_MIN_LENGTH 0x010000
+#define KADM5_PW_MIN_CLASSES 0x020000
+#define KADM5_PW_HISTORY_NUM 0x040000
+#define KADM5_REF_COUNT 0x080000
/* kadm5_config_params */
#define KADM5_CONFIG_REALM 0x0000001
@@ -150,23 +174,23 @@ typedef unsigned int rpc_u_int32;
/*
* permission bits
*/
-#define KADM5_PRIV_GET 0x01
-#define KADM5_PRIV_ADD 0x02
-#define KADM5_PRIV_MODIFY 0x04
-#define KADM5_PRIV_DELETE 0x08
+#define KADM5_PRIV_GET 0x01
+#define KADM5_PRIV_ADD 0x02
+#define KADM5_PRIV_MODIFY 0x04
+#define KADM5_PRIV_DELETE 0x08
/*
* API versioning constants
*/
-#define KADM5_MASK_BITS 0xffffff00
+#define KADM5_MASK_BITS 0xffffff00
-#define KADM5_STRUCT_VERSION_MASK 0x12345600
-#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01)
-#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1
+#define KADM5_STRUCT_VERSION_MASK 0x12345600
+#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01)
+#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1
-#define KADM5_API_VERSION_MASK 0x12345700
-#define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01)
-#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02)
+#define KADM5_API_VERSION_MASK 0x12345700
+#define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01)
+#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02)
#ifdef KRB5_DNS_LOOKUP
/*
@@ -192,12 +216,12 @@ typedef struct _kadm5_principal_ent_t_v2 {
/* version 2 fields */
krb5_deltat max_renewable_life;
- krb5_timestamp last_success;
- krb5_timestamp last_failed;
- krb5_kvno fail_auth_count;
+ krb5_timestamp last_success;
+ krb5_timestamp last_failed;
+ krb5_kvno fail_auth_count;
krb5_int16 n_key_data;
krb5_int16 n_tl_data;
- krb5_tl_data *tl_data;
+ krb5_tl_data *tl_data;
krb5_key_data *key_data;
} kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2;
@@ -216,9 +240,13 @@ typedef struct _kadm5_principal_ent_t_v1 {
long aux_attributes;
} kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1;
-
+#if USE_KADM5_API_VERSION == 1
+typedef struct _kadm5_principal_ent_t_v1
+ kadm5_principal_ent_rec, *kadm5_principal_ent_t;
+#else
typedef struct _kadm5_principal_ent_t_v2
-kadm5_principal_ent_rec, *kadm5_principal_ent_t;
+ kadm5_principal_ent_rec, *kadm5_principal_ent_t;
+#endif
typedef struct _kadm5_policy_ent_t {
char *policy;
@@ -248,33 +276,37 @@ typedef enum {
* Data structure returned by kadm5_get_config_params()
*/
typedef struct _kadm5_config_params {
- long mask;
- char *realm;
- char *profile;
- int kadmind_port;
- char *admin_server;
- char *dbname;
- char *admin_dbname;
- char *admin_lockfile;
- char *admin_keytab;
- char *acl_file;
- char *dict_file;
- int mkey_from_kbd;
- char *stash_file;
- char *mkey_name;
- krb5_enctype enctype;
- krb5_deltat max_life;
- krb5_deltat max_rlife;
- krb5_timestamp expiration;
- krb5_flags flags;
- krb5_key_salt_tuple *keysalts;
- krb5_int32 num_keysalts;
- char *kpasswd_server;
- int kpasswd_port;
- krb5_chgpwd_prot kpasswd_protocol;
- bool_t iprop_enabled;
- int iprop_ulogsize;
- char *iprop_polltime;
+ long mask;
+ char * realm;
+ char * profile;
+ int kadmind_port;
+ int kpasswd_port;
+
+ char * admin_server;
+
+ char * dbname;
+ char * admin_dbname;
+ char * admin_lockfile;
+ char * admin_keytab;
+ char * acl_file;
+ char * dict_file;
+
+ int mkey_from_kbd;
+ char * stash_file;
+ char * mkey_name;
+ krb5_enctype enctype;
+ krb5_deltat max_life;
+ krb5_deltat max_rlife;
+ krb5_timestamp expiration;
+ krb5_flags flags;
+ krb5_key_salt_tuple *keysalts;
+ krb5_int32 num_keysalts;
+ char *kpasswd_server;
+
+ krb5_chgpwd_prot kpasswd_protocol;
+ bool_t iprop_enabled;
+ int iprop_ulogsize;
+ char *iprop_polltime;
} kadm5_config_params;
/***********************************************************************
@@ -287,13 +319,13 @@ typedef struct _kadm5_config_params {
* Data structure returned by krb5_read_realm_params()
*/
typedef struct __krb5_realm_params {
- char *realm_profile;
- char *realm_dbname;
- char *realm_mkey_name;
- char *realm_stash_file;
- char *realm_kdc_ports;
- char *realm_kdc_tcp_ports;
- char *realm_acl_file;
+ char * realm_profile;
+ char * realm_dbname;
+ char * realm_mkey_name;
+ char * realm_stash_file;
+ char * realm_kdc_ports;
+ char * realm_kdc_tcp_ports;
+ char * realm_acl_file;
krb5_int32 realm_kadmind_port;
krb5_enctype realm_enctype;
krb5_deltat realm_max_life;
@@ -301,13 +333,14 @@ typedef struct __krb5_realm_params {
krb5_timestamp realm_expiration;
krb5_flags realm_flags;
krb5_key_salt_tuple *realm_keysalts;
+ unsigned int realm_reject_bad_transit:1;
unsigned int realm_kadmind_port_valid:1;
unsigned int realm_enctype_valid:1;
unsigned int realm_max_life_valid:1;
unsigned int realm_max_rlife_valid:1;
unsigned int realm_expiration_valid:1;
unsigned int realm_flags_valid:1;
- unsigned int realm_filler:7;
+ unsigned int realm_reject_bad_transit_valid:1;
krb5_int32 realm_num_keysalts;
} krb5_realm_params;
@@ -315,52 +348,63 @@ typedef struct __krb5_realm_params {
* functions
*/
-
-kadm5_ret_t
-kadm5_get_master(krb5_context context, const char *realm, char **master);
-
kadm5_ret_t
kadm5_get_adm_host_srv_name(krb5_context context,
- const char *realm, char **host_service_name);
+ const char *realm, char **host_service_name);
kadm5_ret_t
kadm5_get_cpw_host_srv_name(krb5_context context,
- const char *realm, char **host_service_name);
+ const char *realm, char **host_service_name);
+#if USE_KADM5_API_VERSION > 1
krb5_error_code kadm5_get_config_params(krb5_context context,
char *kdcprofile, char *kdcenv,
kadm5_config_params *params_in,
kadm5_config_params *params_out);
-/* SUNWresync121 XXX */
-krb5_error_code kadm5_free_config_params(krb5_context context,
- kadm5_config_params *params);
+krb5_error_code kadm5_free_config_params(krb5_context context,
+ kadm5_config_params *params);
krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
kadm5_config_params *params);
-kadm5_ret_t kadm5_init(char *client_name, char *pass,
- char *service_name,
- kadm5_config_params *params,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- void **server_handle);
+krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
+ char *, size_t);
+#endif
+kadm5_ret_t kadm5_init(char *client_name, char *pass,
+ char *service_name,
+#if USE_KADM5_API_VERSION == 1
+ char *realm,
+#else
+ kadm5_config_params *params,
+#endif
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ void **server_handle);
kadm5_ret_t kadm5_init_with_password(char *client_name,
char *pass,
char *service_name,
+#if USE_KADM5_API_VERSION == 1
+ char *realm,
+#else
kadm5_config_params *params,
+#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
kadm5_ret_t kadm5_init_with_skey(char *client_name,
char *keytab,
char *service_name,
+#if USE_KADM5_API_VERSION == 1
+ char *realm,
+#else
kadm5_config_params *params,
+#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
-
+#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_init_with_creds(char *client_name,
krb5_ccache cc,
char *service_name,
@@ -368,6 +412,9 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name,
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
void **server_handle);
+#endif
+kadm5_ret_t kadm5_lock(void *server_handle);
+kadm5_ret_t kadm5_unlock(void *server_handle);
kadm5_ret_t kadm5_flush(void *server_handle);
kadm5_ret_t kadm5_destroy(void *server_handle);
kadm5_ret_t kadm5_create_principal(void *server_handle,
@@ -385,13 +432,17 @@ kadm5_ret_t kadm5_modify_principal(void *server_handle,
kadm5_principal_ent_t ent,
long mask);
kadm5_ret_t kadm5_rename_principal(void *server_handle,
- krb5_principal, krb5_principal);
-
+ krb5_principal,krb5_principal);
+#if USE_KADM5_API_VERSION == 1
kadm5_ret_t kadm5_get_principal(void *server_handle,
- krb5_principal principal,
- kadm5_principal_ent_t ent,
- long mask);
-
+ krb5_principal principal,
+ kadm5_principal_ent_t *ent);
+#else
+kadm5_ret_t kadm5_get_principal(void *server_handle,
+ krb5_principal principal,
+ kadm5_principal_ent_t ent,
+ long mask);
+#endif
kadm5_ret_t kadm5_chpass_principal(void *server_handle,
krb5_principal principal,
char *pass);
@@ -401,6 +452,11 @@ kadm5_ret_t kadm5_chpass_principal_3(void *server_handle,
int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
char *pass);
+#if USE_KADM5_API_VERSION == 1
+kadm5_ret_t kadm5_randkey_principal(void *server_handle,
+ krb5_principal principal,
+ krb5_keyblock **keyblock);
+#else
/*
* Solaris Kerberos:
@@ -415,7 +471,6 @@ kadm5_ret_t kadm5_randkey_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock **keyblocks,
int *n_keys);
-
kadm5_ret_t kadm5_randkey_principal_3(void *server_handle,
krb5_principal principal,
krb5_boolean keepold,
@@ -423,6 +478,7 @@ kadm5_ret_t kadm5_randkey_principal_3(void *server_handle,
krb5_key_salt_tuple *ks_tuple,
krb5_keyblock **keyblocks,
int *n_keys);
+#endif
kadm5_ret_t kadm5_setv4key_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock *keyblock);
@@ -440,6 +496,12 @@ kadm5_ret_t kadm5_setkey_principal_3(void *server_handle,
krb5_keyblock *keyblocks,
int n_keys);
+kadm5_ret_t kadm5_decrypt_key(void *server_handle,
+ kadm5_principal_ent_t entry, krb5_int32
+ ktype, krb5_int32 stype, krb5_int32
+ kvno, krb5_keyblock *keyblock,
+ krb5_keysalt *keysalt, int *kvnop);
+
kadm5_ret_t kadm5_create_policy(void *server_handle,
kadm5_policy_ent_t ent,
long mask);
@@ -466,20 +528,24 @@ kadm5_ret_t kadm5_modify_policy(void *server_handle,
kadm5_ret_t kadm5_modify_policy_internal(void *server_handle,
kadm5_policy_ent_t
entry, long mask);
-
+#if USE_KADM5_API_VERSION == 1
+kadm5_ret_t kadm5_get_policy(void *server_handle,
+ kadm5_policy_t policy,
+ kadm5_policy_ent_t *ent);
+#else
kadm5_ret_t kadm5_get_policy(void *server_handle,
kadm5_policy_t policy,
kadm5_policy_ent_t ent);
-
+#endif
kadm5_ret_t kadm5_get_privs(void *server_handle,
- long *privs);
+ long *privs);
kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
krb5_principal princ,
char *new_pw,
char **ret_pw,
char *msg_ret,
- int msg_len);
+ unsigned int msg_len);
kadm5_ret_t kadm5_free_principal_ent(void *server_handle,
kadm5_principal_ent_t
@@ -495,14 +561,261 @@ kadm5_ret_t kadm5_get_policies(void *server_handle,
char *exp, char ***pols,
int *count);
-
+#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_free_key_data(void *server_handle,
krb5_int16 *n_key_data,
krb5_key_data *key_data);
+#endif
+
+kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names,
+ int count);
+
+#if USE_KADM5_API_VERSION == 1
+/*
+ * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time
+ * compatible with KADM5_API_VERSION_2. Basically, this means we have
+ * to continue to provide all the old ovsec_kadm function and symbol
+ * names.
+ */
+
+#define OVSEC_KADM_ACLFILE "/krb5/ovsec_adm.acl"
+#define OVSEC_KADM_WORDFILE "/krb5/ovsec_adm.dict"
-kadm5_ret_t kadm5_free_name_list(void *server_handle,
- char **names, int count);
+#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin"
+#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw"
+#define OVSEC_KADM_HIST_PRINCIPAL "ovsec_adm/history"
+typedef krb5_principal ovsec_kadm_princ_t;
+typedef krb5_keyblock ovsec_kadm_keyblock;
+typedef char *ovsec_kadm_policy_t;
+typedef long ovsec_kadm_ret_t;
+
+enum ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL };
+enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL };
+
+#define OVSEC_KADM_PW_FIRST_PROMPT \
+ ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
+#define OVSEC_KADM_PW_SECOND_PROMPT \
+ ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
+
+/*
+ * Successful return code
+ */
+#define OVSEC_KADM_OK 0
+
+/*
+ * Create/Modify masks
+ */
+/* principal */
+#define OVSEC_KADM_PRINCIPAL 0x000001
+#define OVSEC_KADM_PRINC_EXPIRE_TIME 0x000002
+#define OVSEC_KADM_PW_EXPIRATION 0x000004
+#define OVSEC_KADM_LAST_PWD_CHANGE 0x000008
+#define OVSEC_KADM_ATTRIBUTES 0x000010
+#define OVSEC_KADM_MAX_LIFE 0x000020
+#define OVSEC_KADM_MOD_TIME 0x000040
+#define OVSEC_KADM_MOD_NAME 0x000080
+#define OVSEC_KADM_KVNO 0x000100
+#define OVSEC_KADM_MKVNO 0x000200
+#define OVSEC_KADM_AUX_ATTRIBUTES 0x000400
+#define OVSEC_KADM_POLICY 0x000800
+#define OVSEC_KADM_POLICY_CLR 0x001000
+/* policy */
+#define OVSEC_KADM_PW_MAX_LIFE 0x004000
+#define OVSEC_KADM_PW_MIN_LIFE 0x008000
+#define OVSEC_KADM_PW_MIN_LENGTH 0x010000
+#define OVSEC_KADM_PW_MIN_CLASSES 0x020000
+#define OVSEC_KADM_PW_HISTORY_NUM 0x040000
+#define OVSEC_KADM_REF_COUNT 0x080000
+
+/*
+ * permission bits
+ */
+#define OVSEC_KADM_PRIV_GET 0x01
+#define OVSEC_KADM_PRIV_ADD 0x02
+#define OVSEC_KADM_PRIV_MODIFY 0x04
+#define OVSEC_KADM_PRIV_DELETE 0x08
+
+/*
+ * API versioning constants
+ */
+#define OVSEC_KADM_MASK_BITS 0xffffff00
+
+#define OVSEC_KADM_STRUCT_VERSION_MASK 0x12345600
+#define OVSEC_KADM_STRUCT_VERSION_1 (OVSEC_KADM_STRUCT_VERSION_MASK|0x01)
+#define OVSEC_KADM_STRUCT_VERSION OVSEC_KADM_STRUCT_VERSION_1
+
+#define OVSEC_KADM_API_VERSION_MASK 0x12345700
+#define OVSEC_KADM_API_VERSION_1 (OVSEC_KADM_API_VERSION_MASK|0x01)
+
+
+typedef struct _ovsec_kadm_principal_ent_t {
+ krb5_principal principal;
+ krb5_timestamp princ_expire_time;
+ krb5_timestamp last_pwd_change;
+ krb5_timestamp pw_expiration;
+ krb5_deltat max_life;
+ krb5_principal mod_name;
+ krb5_timestamp mod_date;
+ krb5_flags attributes;
+ krb5_kvno kvno;
+ krb5_kvno mkvno;
+ char *policy;
+ long aux_attributes;
+} ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t;
+
+typedef struct _ovsec_kadm_policy_ent_t {
+ char *policy;
+ long pw_min_life;
+ long pw_max_life;
+ long pw_min_length;
+ long pw_min_classes;
+ long pw_history_num;
+ long policy_refcnt;
+} ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t;
+
+/*
+ * functions
+ */
+ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass,
+ char *service_name, char *realm,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ void **server_handle);
+ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name,
+ char *pass,
+ char *service_name,
+ char *realm,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ void **server_handle);
+ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name,
+ char *keytab,
+ char *service_name,
+ char *realm,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ void **server_handle);
+ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle);
+ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle);
+ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle,
+ ovsec_kadm_principal_ent_t ent,
+ long mask, char *pass);
+ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle,
+ krb5_principal principal);
+ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle,
+ ovsec_kadm_principal_ent_t ent,
+ long mask);
+ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle,
+ krb5_principal,krb5_principal);
+ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle,
+ krb5_principal principal,
+ ovsec_kadm_principal_ent_t *ent);
+ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle,
+ krb5_principal principal,
+ char *pass);
+ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle,
+ krb5_principal principal,
+ krb5_keyblock **keyblock);
+ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle,
+ ovsec_kadm_policy_ent_t ent,
+ long mask);
+/*
+ * ovsec_kadm_create_policy_internal is not part of the supported,
+ * exposed API. It is available only in the server library, and you
+ * shouldn't use it unless you know why it's there and how it's
+ * different from ovsec_kadm_create_policy.
+ */
+ovsec_kadm_ret_t ovsec_kadm_create_policy_internal(void *server_handle,
+ ovsec_kadm_policy_ent_t
+ entry, long mask);
+ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle,
+ ovsec_kadm_policy_t policy);
+ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle,
+ ovsec_kadm_policy_ent_t ent,
+ long mask);
+/*
+ * ovsec_kadm_modify_policy_internal is not part of the supported,
+ * exposed API. It is available only in the server library, and you
+ * shouldn't use it unless you know why it's there and how it's
+ * different from ovsec_kadm_modify_policy.
+ */
+ovsec_kadm_ret_t ovsec_kadm_modify_policy_internal(void *server_handle,
+ ovsec_kadm_policy_ent_t
+ entry, long mask);
+ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle,
+ ovsec_kadm_policy_t policy,
+ ovsec_kadm_policy_ent_t *ent);
+ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle,
+ long *privs);
+
+ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle,
+ krb5_principal princ,
+ char *new_pw,
+ char **ret_pw,
+ char *msg_ret);
+
+ovsec_kadm_ret_t ovsec_kadm_free_principal_ent(void *server_handle,
+ ovsec_kadm_principal_ent_t
+ ent);
+ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle,
+ ovsec_kadm_policy_ent_t ent);
+
+ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle,
+ char **names, int count);
+
+ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle,
+ char *exp, char ***princs,
+ int *count);
+
+ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle,
+ char *exp, char ***pols,
+ int *count);
+
+#define OVSEC_KADM_FAILURE KADM5_FAILURE
+#define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET
+#define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD
+#define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY
+#define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE
+#define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT
+#define OVSEC_KADM_BAD_DB KADM5_BAD_DB
+#define OVSEC_KADM_DUP KADM5_DUP
+#define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR
+#define OVSEC_KADM_NO_SRV KADM5_NO_SRV
+#define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY
+#define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT
+#define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC
+#define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY
+#define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK
+#define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS
+#define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH
+#define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY
+#define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL
+#define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR
+#define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY
+#define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE
+#define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT
+#define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS
+#define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT
+#define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE
+#define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON
+#define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF
+#define OVSEC_KADM_INIT KADM5_INIT
+#define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD
+#define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL
+#define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE
+#define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION
+#define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION
+#define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION
+#define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION
+#define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION
+#define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION
+#define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION
+#define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION
+#define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING
+#define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT
+
+#endif /* USE_KADM5_API_VERSION == 1 */
krb5_chgpwd_prot _kadm5_get_kpasswd_protocol(void *server_handle);
kadm5_ret_t kadm5_chpass_principal_v2(void *server_handle,
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-31 18:05:15 +0000