admin.h
1 /* 2 * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 /* $Id$ */ 34 35 #ifndef __KADM5_ADMIN_H__ 36 #define __KADM5_ADMIN_H__ 37 38 #define KADM5_API_VERSION_1 1 39 #define KADM5_API_VERSION_2 2 40 41 #ifndef USE_KADM5_API_VERSION 42 #define USE_KADM5_API_VERSION KADM5_API_VERSION_2 43 #endif 44 45 #if USE_KADM5_API_VERSION != KADM5_API_VERSION_2 46 #error No support for API versions other than 2 47 #endif 48 49 #define KADM5_STRUCT_VERSION 0 50 51 #include <krb5.h> 52 53 #define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 54 #define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 55 #define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 56 #define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 57 #define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 58 #define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 59 #define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 60 #define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 61 #define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 62 #define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 63 #define KRB5_KDB_DISALLOW_SVR 0x00001000 64 #define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 65 #define KRB5_KDB_SUPPORT_DESMD5 0x00004000 66 #define KRB5_KDB_NEW_PRINC 0x00008000 67 #define KRB5_KDB_OK_AS_DELEGATE 0x00010000 68 #define KRB5_KDB_TRUSTED_FOR_DELEGATION 0x00020000 69 #define KRB5_KDB_ALLOW_KERBEROS4 0x00040000 70 #define KRB5_KDB_ALLOW_DIGEST 0x00080000 71 72 #define KADM5_PRINCIPAL 0x000001 73 #define KADM5_PRINC_EXPIRE_TIME 0x000002 74 #define KADM5_PW_EXPIRATION 0x000004 75 #define KADM5_LAST_PWD_CHANGE 0x000008 76 #define KADM5_ATTRIBUTES 0x000010 77 #define KADM5_MAX_LIFE 0x000020 78 #define KADM5_MOD_TIME 0x000040 79 #define KADM5_MOD_NAME 0x000080 80 #define KADM5_KVNO 0x000100 81 #define KADM5_MKVNO 0x000200 82 #define KADM5_AUX_ATTRIBUTES 0x000400 83 #define KADM5_POLICY 0x000800 84 #define KADM5_POLICY_CLR 0x001000 85 #define KADM5_MAX_RLIFE 0x002000 86 #define KADM5_LAST_SUCCESS 0x004000 87 #define KADM5_LAST_FAILED 0x008000 88 #define KADM5_FAIL_AUTH_COUNT 0x010000 89 #define KADM5_KEY_DATA 0x020000 90 #define KADM5_TL_DATA 0x040000 91 92 #define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA)) 93 94 #define KADM5_PW_MAX_LIFE 0x004000 95 #define KADM5_PW_MIN_LIFE 0x008000 96 #define KADM5_PW_MIN_LENGTH 0x010000 97 #define KADM5_PW_MIN_CLASSES 0x020000 98 #define KADM5_PW_HISTORY_NUM 0x040000 99 #define KADM5_REF_COUNT 0x080000 100 101 #define KADM5_POLICY_NORMAL_MASK (~0) 102 103 #define KADM5_KADMIN_SERVICE "kadmin" 104 #define KADM5_ADMIN_SERVICE "kadmin/admin" 105 #define KADM5_HIST_PRINCIPAL "kadmin/history" 106 #define KADM5_CHANGEPW_SERVICE "kadmin/changepw" 107 108 typedef struct { 109 int16_t key_data_ver; /* Version */ 110 int16_t key_data_kvno; /* Key Version */ 111 int16_t key_data_type[2]; /* Array of types */ 112 int16_t key_data_length[2]; /* Array of lengths */ 113 void* key_data_contents[2];/* Array of pointers */ 114 } krb5_key_data; 115 116 typedef struct _krb5_keysalt { 117 int16_t type; 118 krb5_data data; /* Length, data */ 119 } krb5_keysalt; 120 121 typedef struct _krb5_tl_data { 122 struct _krb5_tl_data* tl_data_next; 123 int16_t tl_data_type; 124 int16_t tl_data_length; 125 void* tl_data_contents; 126 } krb5_tl_data; 127 128 #define KRB5_TL_LAST_PWD_CHANGE 0x0001 129 #define KRB5_TL_MOD_PRINC 0x0002 130 #define KRB5_TL_KADM_DATA 0x0003 131 #define KRB5_TL_KADM5_E_DATA 0x0004 132 #define KRB5_TL_RB1_CHALLENGE 0x0005 133 #define KRB5_TL_SECURID_STATE 0x0006 134 #define KRB5_TL_PASSWORD 0x0007 135 #define KRB5_TL_EXTENSION 0x0008 136 #define KRB5_TL_PKINIT_ACL 0x0009 137 #define KRB5_TL_ALIASES 0x000a 138 #define KRB5_TL_HIST_KVNO_DIFF_CLNT 0x000b 139 #define KRB5_TL_HIST_KVNO_DIFF_SVC 0x000c 140 141 typedef struct _kadm5_principal_ent_t { 142 krb5_principal principal; 143 144 krb5_timestamp princ_expire_time; 145 krb5_timestamp last_pwd_change; 146 krb5_timestamp pw_expiration; 147 krb5_deltat max_life; 148 krb5_principal mod_name; 149 krb5_timestamp mod_date; 150 krb5_flags attributes; 151 krb5_kvno kvno; 152 krb5_kvno mkvno; 153 154 char * policy; 155 uint32_t aux_attributes; 156 157 krb5_deltat max_renewable_life; 158 krb5_timestamp last_success; 159 krb5_timestamp last_failed; 160 krb5_kvno fail_auth_count; 161 int16_t n_key_data; 162 int16_t n_tl_data; 163 krb5_tl_data *tl_data; 164 krb5_key_data *key_data; 165 } kadm5_principal_ent_rec, *kadm5_principal_ent_t; 166 167 typedef struct _kadm5_policy_ent_t { 168 char *policy; 169 170 uint32_t pw_min_life; 171 uint32_t pw_max_life; 172 uint32_t pw_min_length; 173 uint32_t pw_min_classes; 174 uint32_t pw_history_num; 175 uint32_t policy_refcnt; 176 } kadm5_policy_ent_rec, *kadm5_policy_ent_t; 177 178 #define KADM5_CONFIG_REALM (1 << 0) 179 #define KADM5_CONFIG_PROFILE (1 << 1) 180 #define KADM5_CONFIG_KADMIND_PORT (1 << 2) 181 #define KADM5_CONFIG_ADMIN_SERVER (1 << 3) 182 #define KADM5_CONFIG_DBNAME (1 << 4) 183 #define KADM5_CONFIG_ADBNAME (1 << 5) 184 #define KADM5_CONFIG_ADB_LOCKFILE (1 << 6) 185 #define KADM5_CONFIG_ACL_FILE (1 << 7) 186 #define KADM5_CONFIG_DICT_FILE (1 << 8) 187 #define KADM5_CONFIG_ADMIN_KEYTAB (1 << 9) 188 #define KADM5_CONFIG_MKEY_FROM_KEYBOARD (1 << 10) 189 #define KADM5_CONFIG_STASH_FILE (1 << 11) 190 #define KADM5_CONFIG_MKEY_NAME (1 << 12) 191 #define KADM5_CONFIG_ENCTYPE (1 << 13) 192 #define KADM5_CONFIG_MAX_LIFE (1 << 14) 193 #define KADM5_CONFIG_MAX_RLIFE (1 << 15) 194 #define KADM5_CONFIG_EXPIRATION (1 << 16) 195 #define KADM5_CONFIG_FLAGS (1 << 17) 196 #define KADM5_CONFIG_ENCTYPES (1 << 18) 197 198 #define KADM5_PRIV_GET (1 << 0) 199 #define KADM5_PRIV_ADD (1 << 1) 200 #define KADM5_PRIV_MODIFY (1 << 2) 201 #define KADM5_PRIV_DELETE (1 << 3) 202 #define KADM5_PRIV_LIST (1 << 4) 203 #define KADM5_PRIV_CPW (1 << 5) 204 #define KADM5_PRIV_GET_KEYS (1 << 6) 205 #define KADM5_PRIV_ALL (KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW) 206 207 typedef struct _kadm5_config_params { 208 uint32_t mask; 209 210 /* Client and server fields */ 211 char *realm; 212 int kadmind_port; 213 214 /* client fields */ 215 char *admin_server; 216 217 /* server fields */ 218 char *dbname; 219 char *acl_file; 220 221 /* server library (database) fields */ 222 char *stash_file; 223 } kadm5_config_params; 224 225 typedef krb5_error_code kadm5_ret_t; 226 227 #include "kadm5-protos.h" 228 229 #endif /* __KADM5_ADMIN_H__ */