| 1 | /* $NetBSD: admin.h,v 1.2 2017/01/28 21:31:49 christos Exp $ */ |
|---|---|
| 2 | |
| 3 | /* |
| 4 | * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan |
| 5 | * (Royal Institute of Technology, Stockholm, Sweden). |
| 6 | * All rights reserved. |
| 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions |
| 10 | * are met: |
| 11 | * |
| 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in the |
| 17 | * documentation and/or other materials provided with the distribution. |
| 18 | * |
| 19 | * 3. Neither the name of the Institute nor the names of its contributors |
| 20 | * may be used to endorse or promote products derived from this software |
| 21 | * without specific prior written permission. |
| 22 | * |
| 23 | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND |
| 24 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 25 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 26 | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE |
| 27 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 28 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 29 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 30 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 31 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 32 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 33 | * SUCH DAMAGE. |
| 34 | */ |
| 35 | /* Id */ |
| 36 | |
| 37 | #ifndef __KADM5_ADMIN_H__ |
| 38 | #define __KADM5_ADMIN_H__ |
| 39 | |
| 40 | #define KADM5_API_VERSION_1 1 |
| 41 | #define KADM5_API_VERSION_2 2 |
| 42 | |
| 43 | #ifndef USE_KADM5_API_VERSION |
| 44 | #define USE_KADM5_API_VERSION KADM5_API_VERSION_2 |
| 45 | #endif |
| 46 | |
| 47 | #if USE_KADM5_API_VERSION != KADM5_API_VERSION_2 |
| 48 | #error No support for API versions other than 2 |
| 49 | #endif |
| 50 | |
| 51 | #define KADM5_STRUCT_VERSION 0 |
| 52 | |
| 53 | /* For kadm5_log_get_version_fd() */ |
| 54 | #define LOG_VERSION_LAST -1 |
| 55 | #define LOG_VERSION_FIRST 1 |
| 56 | #define LOG_VERSION_UBER 0 |
| 57 | |
| 58 | #include <krb5/krb5.h> |
| 59 | |
| 60 | #define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 |
| 61 | #define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 |
| 62 | #define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 |
| 63 | #define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 |
| 64 | #define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 |
| 65 | #define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 |
| 66 | #define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 |
| 67 | #define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 |
| 68 | #define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 |
| 69 | #define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 |
| 70 | #define KRB5_KDB_DISALLOW_SVR 0x00001000 |
| 71 | #define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 |
| 72 | #define KRB5_KDB_SUPPORT_DESMD5 0x00004000 |
| 73 | #define KRB5_KDB_NEW_PRINC 0x00008000 |
| 74 | #define KRB5_KDB_OK_AS_DELEGATE 0x00010000 |
| 75 | #define KRB5_KDB_TRUSTED_FOR_DELEGATION 0x00020000 |
| 76 | #define KRB5_KDB_ALLOW_KERBEROS4 0x00040000 |
| 77 | #define KRB5_KDB_ALLOW_DIGEST 0x00080000 |
| 78 | |
| 79 | #define KADM5_PRINCIPAL 0x000001 |
| 80 | #define KADM5_PRINC_EXPIRE_TIME 0x000002 |
| 81 | #define KADM5_PW_EXPIRATION 0x000004 |
| 82 | #define KADM5_LAST_PWD_CHANGE 0x000008 |
| 83 | #define KADM5_ATTRIBUTES 0x000010 |
| 84 | #define KADM5_MAX_LIFE 0x000020 |
| 85 | #define KADM5_MOD_TIME 0x000040 |
| 86 | #define KADM5_MOD_NAME 0x000080 |
| 87 | #define KADM5_KVNO 0x000100 |
| 88 | #define KADM5_MKVNO 0x000200 |
| 89 | #define KADM5_AUX_ATTRIBUTES 0x000400 |
| 90 | #define KADM5_POLICY 0x000800 |
| 91 | #define KADM5_POLICY_CLR 0x001000 |
| 92 | #define KADM5_MAX_RLIFE 0x002000 |
| 93 | #define KADM5_LAST_SUCCESS 0x004000 |
| 94 | #define KADM5_LAST_FAILED 0x008000 |
| 95 | #define KADM5_FAIL_AUTH_COUNT 0x010000 |
| 96 | #define KADM5_KEY_DATA 0x020000 |
| 97 | #define KADM5_TL_DATA 0x040000 |
| 98 | |
| 99 | #define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA)) |
| 100 | |
| 101 | #define KADM5_PW_MAX_LIFE 0x004000 |
| 102 | #define KADM5_PW_MIN_LIFE 0x008000 |
| 103 | #define KADM5_PW_MIN_LENGTH 0x010000 |
| 104 | #define KADM5_PW_MIN_CLASSES 0x020000 |
| 105 | #define KADM5_PW_HISTORY_NUM 0x040000 |
| 106 | #define KADM5_REF_COUNT 0x080000 |
| 107 | |
| 108 | #define KADM5_POLICY_NORMAL_MASK (~0) |
| 109 | |
| 110 | #define KADM5_ADMIN_SERVICE "kadmin/admin" |
| 111 | #define KADM5_HIST_PRINCIPAL "kadmin/history" |
| 112 | #define KADM5_CHANGEPW_SERVICE "kadmin/changepw" |
| 113 | |
| 114 | typedef struct { |
| 115 | int16_t key_data_ver; /* Version */ |
| 116 | int16_t key_data_kvno; /* Key Version */ |
| 117 | int16_t key_data_type[2]; /* Array of types */ |
| 118 | int16_t key_data_length[2]; /* Array of lengths */ |
| 119 | void* key_data_contents[2];/* Array of pointers */ |
| 120 | } krb5_key_data; |
| 121 | |
| 122 | typedef struct _krb5_keysalt { |
| 123 | int16_t type; |
| 124 | krb5_data data; /* Length, data */ |
| 125 | } krb5_keysalt; |
| 126 | |
| 127 | typedef struct _krb5_tl_data { |
| 128 | struct _krb5_tl_data* tl_data_next; |
| 129 | int16_t tl_data_type; |
| 130 | int16_t tl_data_length; |
| 131 | void* tl_data_contents; |
| 132 | } krb5_tl_data; |
| 133 | |
| 134 | #define KRB5_TL_LAST_PWD_CHANGE 0x0001 |
| 135 | #define KRB5_TL_MOD_PRINC 0x0002 |
| 136 | #define KRB5_TL_KADM_DATA 0x0003 |
| 137 | #define KRB5_TL_KADM5_E_DATA 0x0004 |
| 138 | #define KRB5_TL_RB1_CHALLENGE 0x0005 |
| 139 | #define KRB5_TL_SECURID_STATE 0x0006 |
| 140 | #define KRB5_TL_PASSWORD 0x0007 |
| 141 | #define KRB5_TL_EXTENSION 0x0008 |
| 142 | #define KRB5_TL_PKINIT_ACL 0x0009 |
| 143 | #define KRB5_TL_ALIASES 0x000a |
| 144 | #define KRB5_TL_HIST_KVNO_DIFF_CLNT 0x000b |
| 145 | #define KRB5_TL_HIST_KVNO_DIFF_SVC 0x000c |
| 146 | |
| 147 | typedef struct _kadm5_principal_ent_t { |
| 148 | krb5_principal principal; |
| 149 | |
| 150 | krb5_timestamp princ_expire_time; |
| 151 | krb5_timestamp last_pwd_change; |
| 152 | krb5_timestamp pw_expiration; |
| 153 | krb5_deltat max_life; |
| 154 | krb5_principal mod_name; |
| 155 | krb5_timestamp mod_date; |
| 156 | krb5_flags attributes; |
| 157 | krb5_kvno kvno; |
| 158 | krb5_kvno mkvno; |
| 159 | |
| 160 | char * policy; |
| 161 | uint32_t aux_attributes; |
| 162 | |
| 163 | krb5_deltat max_renewable_life; |
| 164 | krb5_timestamp last_success; |
| 165 | krb5_timestamp last_failed; |
| 166 | krb5_kvno fail_auth_count; |
| 167 | int16_t n_key_data; |
| 168 | int16_t n_tl_data; |
| 169 | krb5_tl_data *tl_data; |
| 170 | krb5_key_data *key_data; |
| 171 | } kadm5_principal_ent_rec, *kadm5_principal_ent_t; |
| 172 | |
| 173 | typedef struct _kadm5_policy_ent_t { |
| 174 | char *policy; |
| 175 | |
| 176 | uint32_t pw_min_life; |
| 177 | uint32_t pw_max_life; |
| 178 | uint32_t pw_min_length; |
| 179 | uint32_t pw_min_classes; |
| 180 | uint32_t pw_history_num; |
| 181 | uint32_t policy_refcnt; |
| 182 | } kadm5_policy_ent_rec, *kadm5_policy_ent_t; |
| 183 | |
| 184 | #define KADM5_CONFIG_REALM (1 << 0) |
| 185 | #define KADM5_CONFIG_PROFILE (1 << 1) |
| 186 | #define KADM5_CONFIG_KADMIND_PORT (1 << 2) |
| 187 | #define KADM5_CONFIG_ADMIN_SERVER (1 << 3) |
| 188 | #define KADM5_CONFIG_DBNAME (1 << 4) |
| 189 | #define KADM5_CONFIG_ADBNAME (1 << 5) |
| 190 | #define KADM5_CONFIG_ADB_LOCKFILE (1 << 6) |
| 191 | #define KADM5_CONFIG_ACL_FILE (1 << 7) |
| 192 | #define KADM5_CONFIG_DICT_FILE (1 << 8) |
| 193 | #define KADM5_CONFIG_ADMIN_KEYTAB (1 << 9) |
| 194 | #define KADM5_CONFIG_MKEY_FROM_KEYBOARD (1 << 10) |
| 195 | #define KADM5_CONFIG_STASH_FILE (1 << 11) |
| 196 | #define KADM5_CONFIG_MKEY_NAME (1 << 12) |
| 197 | #define KADM5_CONFIG_ENCTYPE (1 << 13) |
| 198 | #define KADM5_CONFIG_MAX_LIFE (1 << 14) |
| 199 | #define KADM5_CONFIG_MAX_RLIFE (1 << 15) |
| 200 | #define KADM5_CONFIG_EXPIRATION (1 << 16) |
| 201 | #define KADM5_CONFIG_FLAGS (1 << 17) |
| 202 | #define KADM5_CONFIG_ENCTYPES (1 << 18) |
| 203 | |
| 204 | #define KADM5_PRIV_GET (1 << 0) |
| 205 | #define KADM5_PRIV_ADD (1 << 1) |
| 206 | #define KADM5_PRIV_MODIFY (1 << 2) |
| 207 | #define KADM5_PRIV_DELETE (1 << 3) |
| 208 | #define KADM5_PRIV_LIST (1 << 4) |
| 209 | #define KADM5_PRIV_CPW (1 << 5) |
| 210 | #define KADM5_PRIV_GET_KEYS (1 << 6) |
| 211 | |
| 212 | /* Note: KADM5_PRIV_GET_KEYS not included */ |
| 213 | #define KADM5_PRIV_ALL (KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW) |
| 214 | |
| 215 | #define KADM5_BOGUS_KEY_DATA "\xe5\xe5\xe5\xe5" |
| 216 | |
| 217 | typedef struct _kadm5_config_params { |
| 218 | uint32_t mask; |
| 219 | |
| 220 | /* Client and server fields */ |
| 221 | char *realm; |
| 222 | int kadmind_port; |
| 223 | |
| 224 | /* client fields */ |
| 225 | char *admin_server; |
| 226 | |
| 227 | /* server fields */ |
| 228 | char *dbname; |
| 229 | char *acl_file; |
| 230 | |
| 231 | /* server library (database) fields */ |
| 232 | char *stash_file; |
| 233 | } kadm5_config_params; |
| 234 | |
| 235 | typedef krb5_error_code kadm5_ret_t; |
| 236 | |
| 237 | #include "kadm5-protos.h" |
| 238 | |
| 239 | #endif /* __KADM5_ADMIN_H__ */ |
| 240 |
Generated while processing netbsd/crypto/external/bsd/heimdal/dist/lib/kadm5/ad.c
Generated on 2019-Jul-19 from project netbsd revision f9da89e0d
Powered by 
Code Browser 2.1
Generator usage only permitted with license.