zhangyang
/
lewaimai_pos_windows


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533
							/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* lib/kadm5/admin.h */
/*
 * Copyright 2001, 2008 by the Massachusetts Institute of Technology.
 * All Rights Reserved.
 *
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 */
/*
 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
 *
 * $Header$
 */

/*
 * This API is not considered as stable as the main krb5 API.
 *
 * - We may make arbitrary incompatible changes between feature
 *   releases (e.g. from 1.7 to 1.8).
 * - We will make some effort to avoid making incompatible changes for
 *   bugfix releases, but will make them if necessary.
 */

#ifndef __KADM5_ADMIN_H__
#define __KADM5_ADMIN_H__

#include        <sys/types.h>
#include        <gssrpc/rpc.h>
#include        <krb5.h>
#include        <kdb.h>
#include        <com_err.h>
#include        <kadm5/kadm_err.h>
#include        <kadm5/chpass_util_strings.h>

#ifndef KADM5INT_BEGIN_DECLS
#if defined(__cplusplus)
#define KADM5INT_BEGIN_DECLS    extern "C" {
#define KADM5INT_END_DECLS      }
#else
#define KADM5INT_BEGIN_DECLS
#define KADM5INT_END_DECLS
#endif
#endif

KADM5INT_BEGIN_DECLS

#define KADM5_ADMIN_SERVICE     "kadmin/admin"
#define KADM5_CHANGEPW_SERVICE  "kadmin/changepw"
#define KADM5_HIST_PRINCIPAL    "kadmin/history"
#define KADM5_KIPROP_HOST_SERVICE "kiprop"

typedef krb5_principal  kadm5_princ_t;
typedef char            *kadm5_policy_t;
typedef long            kadm5_ret_t;

#define KADM5_PW_FIRST_PROMPT                           \
    (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
#define KADM5_PW_SECOND_PROMPT                                  \
    (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))

/*
 * Successful return code
 */
#define KADM5_OK        0

/*
 * Field masks
 */

/* kadm5_principal_ent_t */
#define KADM5_PRINCIPAL         0x000001
#define KADM5_PRINC_EXPIRE_TIME 0x000002
#define KADM5_PW_EXPIRATION     0x000004
#define KADM5_LAST_PWD_CHANGE   0x000008
#define KADM5_ATTRIBUTES        0x000010
#define KADM5_MAX_LIFE          0x000020
#define KADM5_MOD_TIME          0x000040
#define KADM5_MOD_NAME          0x000080
#define KADM5_KVNO              0x000100
#define KADM5_MKVNO             0x000200
#define KADM5_AUX_ATTRIBUTES    0x000400
#define KADM5_POLICY            0x000800
#define KADM5_POLICY_CLR        0x001000
/* version 2 masks */
#define KADM5_MAX_RLIFE         0x002000
#define KADM5_LAST_SUCCESS      0x004000
#define KADM5_LAST_FAILED       0x008000
#define KADM5_FAIL_AUTH_COUNT   0x010000
#define KADM5_KEY_DATA          0x020000
#define KADM5_TL_DATA           0x040000
#ifdef notyet /* Novell */
#define KADM5_CPW_FUNCTION      0x080000
#define KADM5_RANDKEY_USED      0x100000
#endif
#define KADM5_LOAD              0x200000

/* all but KEY_DATA, TL_DATA, LOAD */
#define KADM5_PRINCIPAL_NORMAL_MASK 0x41ffff


/* kadm5_policy_ent_t */
#define KADM5_PW_MAX_LIFE       0x004000
#define KADM5_PW_MIN_LIFE       0x008000
#define KADM5_PW_MIN_LENGTH     0x010000
#define KADM5_PW_MIN_CLASSES    0x020000
#define KADM5_PW_HISTORY_NUM    0x040000
#define KADM5_REF_COUNT         0x080000
#define KADM5_PW_MAX_FAILURE            0x100000
#define KADM5_PW_FAILURE_COUNT_INTERVAL 0x200000
#define KADM5_PW_LOCKOUT_DURATION       0x400000

/* kadm5_config_params */
#define KADM5_CONFIG_REALM              0x00000001
#define KADM5_CONFIG_DBNAME             0x00000002
#define KADM5_CONFIG_MKEY_NAME          0x00000004
#define KADM5_CONFIG_MAX_LIFE           0x00000008
#define KADM5_CONFIG_MAX_RLIFE          0x00000010
#define KADM5_CONFIG_EXPIRATION         0x00000020
#define KADM5_CONFIG_FLAGS              0x00000040
#define KADM5_CONFIG_ADMIN_KEYTAB       0x00000080
#define KADM5_CONFIG_STASH_FILE         0x00000100
#define KADM5_CONFIG_ENCTYPE            0x00000200
#define KADM5_CONFIG_ADBNAME            0x00000400
#define KADM5_CONFIG_ADB_LOCKFILE       0x00000800
/*#define KADM5_CONFIG_PROFILE          0x00001000*/
#define KADM5_CONFIG_ACL_FILE           0x00002000
#define KADM5_CONFIG_KADMIND_PORT       0x00004000
#define KADM5_CONFIG_ENCTYPES           0x00008000
#define KADM5_CONFIG_ADMIN_SERVER       0x00010000
#define KADM5_CONFIG_DICT_FILE          0x00020000
#define KADM5_CONFIG_MKEY_FROM_KBD      0x00040000
#define KADM5_CONFIG_KPASSWD_PORT       0x00080000
#define KADM5_CONFIG_OLD_AUTH_GSSAPI    0x00100000
#define KADM5_CONFIG_NO_AUTH            0x00200000
#define KADM5_CONFIG_AUTH_NOFALLBACK    0x00400000
#ifdef notyet /* Novell */
#define KADM5_CONFIG_KPASSWD_SERVER     0x00800000
#endif
#define KADM5_CONFIG_IPROP_ENABLED      0x01000000
#define KADM5_CONFIG_ULOG_SIZE          0x02000000
#define KADM5_CONFIG_POLL_TIME          0x04000000
#define KADM5_CONFIG_IPROP_LOGFILE      0x08000000
#define KADM5_CONFIG_IPROP_PORT         0x10000000
#define KADM5_CONFIG_KVNO               0x20000000
/*
 * permission bits
 */
#define KADM5_PRIV_GET          0x01
#define KADM5_PRIV_ADD          0x02
#define KADM5_PRIV_MODIFY       0x04
#define KADM5_PRIV_DELETE       0x08

/*
 * API versioning constants
 */
#define KADM5_MASK_BITS         0xffffff00

#define KADM5_STRUCT_VERSION_MASK       0x12345600
#define KADM5_STRUCT_VERSION_1  (KADM5_STRUCT_VERSION_MASK|0x01)
#define KADM5_STRUCT_VERSION    KADM5_STRUCT_VERSION_1

#define KADM5_API_VERSION_MASK  0x12345700
#define KADM5_API_VERSION_2     (KADM5_API_VERSION_MASK|0x02)
#define KADM5_API_VERSION_3     (KADM5_API_VERSION_MASK|0x03)

typedef struct _kadm5_principal_ent_t {
    krb5_principal  principal;
    krb5_timestamp  princ_expire_time;
    krb5_timestamp  last_pwd_change;
    krb5_timestamp  pw_expiration;
    krb5_deltat     max_life;
    krb5_principal  mod_name;
    krb5_timestamp  mod_date;
    krb5_flags      attributes;
    krb5_kvno       kvno;
    krb5_kvno       mkvno;
    char            *policy;
    long            aux_attributes;

    /* version 2 fields */
    krb5_deltat max_renewable_life;
    krb5_timestamp last_success;
    krb5_timestamp last_failed;
    krb5_kvno fail_auth_count;
    krb5_int16 n_key_data;
    krb5_int16 n_tl_data;
    krb5_tl_data *tl_data;
    krb5_key_data *key_data;
} kadm5_principal_ent_rec, *kadm5_principal_ent_t;

typedef struct _kadm5_policy_ent_t {
    char            *policy;
    long            pw_min_life;
    long            pw_max_life;
    long            pw_min_length;
    long            pw_min_classes;
    long            pw_history_num;
    long            policy_refcnt;

    /* version 3 fields */
    krb5_kvno       pw_max_fail;
    krb5_deltat     pw_failcnt_interval;
    krb5_deltat     pw_lockout_duration;
} kadm5_policy_ent_rec, *kadm5_policy_ent_t;

/*
 * Data structure returned by kadm5_get_config_params()
 */
typedef struct _kadm5_config_params {
    long               mask;
    char *             realm;
    int                kadmind_port;
    int                kpasswd_port;

    char *             admin_server;
#ifdef notyet /* Novell */ /* ABI change? */
    char *             kpasswd_server;
#endif

    /* Deprecated except for db2 backwards compatibility.  Don't add
       new uses except as fallbacks for parameters that should be
       specified in the database module section of the config
       file.  */
    char *             dbname;

    char *             admin_keytab;
    char *             acl_file;
    char *             dict_file;

    int                mkey_from_kbd;
    char *             stash_file;
    char *             mkey_name;
    krb5_enctype       enctype;
    krb5_deltat        max_life;
    krb5_deltat        max_rlife;
    krb5_timestamp     expiration;
    krb5_flags         flags;
    krb5_key_salt_tuple *keysalts;
    krb5_int32         num_keysalts;
    krb5_kvno          kvno;
    bool_t              iprop_enabled;
    uint32_t            iprop_ulogsize;
    krb5_deltat         iprop_poll_time;
    char *              iprop_logfile;
/*    char *            iprop_server;*/
    int                 iprop_port;
} kadm5_config_params;

/***********************************************************************
 * This is the old krb5_realm_read_params, which I mutated into
 * kadm5_get_config_params but which old code (kdb5_* and krb5kdc)
 * still uses.
 ***********************************************************************/

/*
 * Data structure returned by krb5_read_realm_params()
 */
typedef struct __krb5_realm_params {
    char *              realm_profile;
    char *              realm_mkey_name;
    char *              realm_stash_file;
    char *              realm_kdc_ports;
    char *              realm_kdc_tcp_ports;
    char *              realm_acl_file;
    char *              realm_host_based_services;
    char *              realm_no_host_referral;
    krb5_int32          realm_kadmind_port;
    krb5_enctype        realm_enctype;
    krb5_deltat         realm_max_life;
    krb5_deltat         realm_max_rlife;
    krb5_timestamp      realm_expiration;
    krb5_flags          realm_flags;
    krb5_key_salt_tuple *realm_keysalts;
    unsigned int        realm_reject_bad_transit:1;
    unsigned int        realm_restrict_anon:1;
    unsigned int        realm_kadmind_port_valid:1;
    unsigned int        realm_enctype_valid:1;
    unsigned int        realm_max_life_valid:1;
    unsigned int        realm_max_rlife_valid:1;
    unsigned int        realm_expiration_valid:1;
    unsigned int        realm_flags_valid:1;
    unsigned int        realm_reject_bad_transit_valid:1;
    unsigned int        realm_restrict_anon_valid:1;
    krb5_int32          realm_num_keysalts;
} krb5_realm_params;

/*
 * functions
 */

krb5_error_code kadm5_get_config_params(krb5_context context,
                                        int use_kdc_config,
                                        kadm5_config_params *params_in,
                                        kadm5_config_params *params_out);

krb5_error_code kadm5_free_config_params(krb5_context context,
                                         kadm5_config_params *params);

krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
                                        kadm5_config_params *params);

krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
                                             char *, size_t);

/*
 * For all initialization functions, the caller must first initialize
 * a context with kadm5_init_krb5_context which will survive as long
 * as the resulting handle.  The caller should free the context with
 * krb5_free_context.
 */

kadm5_ret_t    kadm5_init(krb5_context context, char *client_name,
                          char *pass, char *service_name,
                          kadm5_config_params *params,
                          krb5_ui_4 struct_version,
                          krb5_ui_4 api_version,
                          char **db_args,
                          void **server_handle);
kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name,
                                 char *service_name,
                                 kadm5_config_params *params,
                                 krb5_ui_4 struct_version,
                                 krb5_ui_4 api_version,
                                 char **db_args,
                                 void **server_handle);
kadm5_ret_t    kadm5_init_with_password(krb5_context context,
                                        char *client_name,
                                        char *pass,
                                        char *service_name,
                                        kadm5_config_params *params,
                                        krb5_ui_4 struct_version,
                                        krb5_ui_4 api_version,
                                        char **db_args,
                                        void **server_handle);
kadm5_ret_t    kadm5_init_with_skey(krb5_context context,
                                    char *client_name,
                                    char *keytab,
                                    char *service_name,
                                    kadm5_config_params *params,
                                    krb5_ui_4 struct_version,
                                    krb5_ui_4 api_version,
                                    char **db_args,
                                    void **server_handle);
kadm5_ret_t    kadm5_init_with_creds(krb5_context context,
                                     char *client_name,
                                     krb5_ccache cc,
                                     char *service_name,
                                     kadm5_config_params *params,
                                     krb5_ui_4 struct_version,
                                     krb5_ui_4 api_version,
                                     char **db_args,
                                     void **server_handle);
kadm5_ret_t    kadm5_lock(void *server_handle);
kadm5_ret_t    kadm5_unlock(void *server_handle);
kadm5_ret_t    kadm5_flush(void *server_handle);
kadm5_ret_t    kadm5_destroy(void *server_handle);
kadm5_ret_t    kadm5_create_principal(void *server_handle,
                                      kadm5_principal_ent_t ent,
                                      long mask, char *pass);
kadm5_ret_t    kadm5_create_principal_3(void *server_handle,
                                        kadm5_principal_ent_t ent,
                                        long mask,
                                        int n_ks_tuple,
                                        krb5_key_salt_tuple *ks_tuple,
                                        char *pass);
kadm5_ret_t    kadm5_delete_principal(void *server_handle,
                                      krb5_principal principal);
kadm5_ret_t    kadm5_modify_principal(void *server_handle,
                                      kadm5_principal_ent_t ent,
                                      long mask);
kadm5_ret_t    kadm5_rename_principal(void *server_handle,
                                      krb5_principal,krb5_principal);
kadm5_ret_t    kadm5_get_principal(void *server_handle,
                                   krb5_principal principal,
                                   kadm5_principal_ent_t ent,
                                   long mask);
kadm5_ret_t    kadm5_chpass_principal(void *server_handle,
                                      krb5_principal principal,
                                      char *pass);
kadm5_ret_t    kadm5_chpass_principal_3(void *server_handle,
                                        krb5_principal principal,
                                        krb5_boolean keepold,
                                        int n_ks_tuple,
                                        krb5_key_salt_tuple *ks_tuple,
                                        char *pass);
kadm5_ret_t    kadm5_randkey_principal(void *server_handle,
                                       krb5_principal principal,
                                       krb5_keyblock **keyblocks,
                                       int *n_keys);
kadm5_ret_t    kadm5_randkey_principal_3(void *server_handle,
                                         krb5_principal principal,
                                         krb5_boolean keepold,
                                         int n_ks_tuple,
                                         krb5_key_salt_tuple *ks_tuple,
                                         krb5_keyblock **keyblocks,
                                         int *n_keys);
kadm5_ret_t    kadm5_setv4key_principal(void *server_handle,
                                        krb5_principal principal,
                                        krb5_keyblock *keyblock);

kadm5_ret_t    kadm5_setkey_principal(void *server_handle,
                                      krb5_principal principal,
                                      krb5_keyblock *keyblocks,
                                      int n_keys);

kadm5_ret_t    kadm5_setkey_principal_3(void *server_handle,
                                        krb5_principal principal,
                                        krb5_boolean keepold,
                                        int n_ks_tuple,
                                        krb5_key_salt_tuple *ks_tuple,
                                        krb5_keyblock *keyblocks,
                                        int n_keys);

kadm5_ret_t    kadm5_decrypt_key(void *server_handle,
                                 kadm5_principal_ent_t entry, krb5_int32
                                 ktype, krb5_int32 stype, krb5_int32
                                 kvno, krb5_keyblock *keyblock,
                                 krb5_keysalt *keysalt, int *kvnop);

kadm5_ret_t    kadm5_create_policy(void *server_handle,
                                   kadm5_policy_ent_t ent,
                                   long mask);
/*
 * kadm5_create_policy_internal is not part of the supported,
 * exposed API.  It is available only in the server library, and you
 * shouldn't use it unless you know why it's there and how it's
 * different from kadm5_create_policy.
 */
kadm5_ret_t    kadm5_create_policy_internal(void *server_handle,
                                            kadm5_policy_ent_t
                                            entry, long mask);
kadm5_ret_t    kadm5_delete_policy(void *server_handle,
                                   kadm5_policy_t policy);
kadm5_ret_t    kadm5_modify_policy(void *server_handle,
                                   kadm5_policy_ent_t ent,
                                   long mask);
/*
 * kadm5_modify_policy_internal is not part of the supported,
 * exposed API.  It is available only in the server library, and you
 * shouldn't use it unless you know why it's there and how it's
 * different from kadm5_modify_policy.
 */
kadm5_ret_t    kadm5_modify_policy_internal(void *server_handle,
                                            kadm5_policy_ent_t
                                            entry, long mask);
kadm5_ret_t    kadm5_get_policy(void *server_handle,
                                kadm5_policy_t policy,
                                kadm5_policy_ent_t ent);
kadm5_ret_t    kadm5_get_privs(void *server_handle,
                               long *privs);

kadm5_ret_t    kadm5_chpass_principal_util(void *server_handle,
                                           krb5_principal princ,
                                           char *new_pw,
                                           char **ret_pw,
                                           char *msg_ret,
                                           unsigned int msg_len);

kadm5_ret_t    kadm5_free_principal_ent(void *server_handle,
                                        kadm5_principal_ent_t
                                        ent);
kadm5_ret_t    kadm5_free_policy_ent(void *server_handle,
                                     kadm5_policy_ent_t ent);

kadm5_ret_t    kadm5_get_principals(void *server_handle,
                                    char *exp, char ***princs,
                                    int *count);

kadm5_ret_t    kadm5_get_policies(void *server_handle,
                                  char *exp, char ***pols,
                                  int *count);

kadm5_ret_t    kadm5_free_key_data(void *server_handle,
                                   krb5_int16 *n_key_data,
                                   krb5_key_data *key_data);

kadm5_ret_t    kadm5_free_name_list(void *server_handle, char **names,
                                    int count);

krb5_error_code kadm5_init_krb5_context (krb5_context *);

krb5_error_code kadm5_init_iprop(void *server_handle, char **db_args);

/*
 * kadm5_get_principal_keys is used only by kadmin.local to extract existing
 * keys from the database without changing them.  It should never be exposed
 * to the network protocol.
 */
kadm5_ret_t    kadm5_get_principal_keys(void *server_handle,
                                        krb5_principal principal,
                                        krb5_keyblock **keyblocks,
                                        int *n_keys);


kadm5_ret_t    kadm5_purgekeys(void *server_handle,
                               krb5_principal principal,
                               int keepkvno);

kadm5_ret_t    kadm5_get_strings(void *server_handle,
                                 krb5_principal principal,
                                 krb5_string_attr **strings_out,
                                 int *count_out);

kadm5_ret_t    kadm5_set_string(void *server_handle,
                                krb5_principal principal,
                                const char *key,
                                const char *value);

kadm5_ret_t    kadm5_free_strings(void *server_handle,
                                  krb5_string_attr *strings,
                                  int count);

KADM5INT_END_DECLS

#endif /* __KADM5_ADMIN_H__ */