Home | History | Annotate | Line # | Download | only in kadm5
      1 /*	$NetBSD: admin.h,v 1.2 2017/01/28 21:31:49 christos Exp $	*/
      2 
      3 /*
      4  * Copyright (c) 1997-2000 Kungliga Tekniska Hgskolan
      5  * (Royal Institute of Technology, Stockholm, Sweden).
      6  * All rights reserved.
      7  *
      8  * Redistribution and use in source and binary forms, with or without
      9  * modification, are permitted provided that the following conditions
     10  * are met:
     11  *
     12  * 1. Redistributions of source code must retain the above copyright
     13  *    notice, this list of conditions and the following disclaimer.
     14  *
     15  * 2. Redistributions in binary form must reproduce the above copyright
     16  *    notice, this list of conditions and the following disclaimer in the
     17  *    documentation and/or other materials provided with the distribution.
     18  *
     19  * 3. Neither the name of the Institute nor the names of its contributors
     20  *    may be used to endorse or promote products derived from this software
     21  *    without specific prior written permission.
     22  *
     23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
     24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
     27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     33  * SUCH DAMAGE.
     34  */
     35 /* Id */
     36 
     37 #ifndef __KADM5_ADMIN_H__
     38 #define __KADM5_ADMIN_H__
     39 
     40 #define KADM5_API_VERSION_1 1
     41 #define KADM5_API_VERSION_2 2
     42 
     43 #ifndef USE_KADM5_API_VERSION
     44 #define USE_KADM5_API_VERSION KADM5_API_VERSION_2
     45 #endif
     46 
     47 #if USE_KADM5_API_VERSION != KADM5_API_VERSION_2
     48 #error No support for API versions other than 2
     49 #endif
     50 
     51 #define KADM5_STRUCT_VERSION 0
     52 
     53 /* For kadm5_log_get_version_fd() */
     54 #define LOG_VERSION_LAST -1
     55 #define LOG_VERSION_FIRST 1
     56 #define LOG_VERSION_UBER  0
     57 
     58 #include <krb5/krb5.h>
     59 
     60 #define KRB5_KDB_DISALLOW_POSTDATED	0x00000001
     61 #define KRB5_KDB_DISALLOW_FORWARDABLE	0x00000002
     62 #define KRB5_KDB_DISALLOW_TGT_BASED	0x00000004
     63 #define KRB5_KDB_DISALLOW_RENEWABLE	0x00000008
     64 #define KRB5_KDB_DISALLOW_PROXIABLE	0x00000010
     65 #define KRB5_KDB_DISALLOW_DUP_SKEY	0x00000020
     66 #define KRB5_KDB_DISALLOW_ALL_TIX	0x00000040
     67 #define KRB5_KDB_REQUIRES_PRE_AUTH	0x00000080
     68 #define KRB5_KDB_REQUIRES_HW_AUTH	0x00000100
     69 #define KRB5_KDB_REQUIRES_PWCHANGE	0x00000200
     70 #define KRB5_KDB_DISALLOW_SVR		0x00001000
     71 #define KRB5_KDB_PWCHANGE_SERVICE	0x00002000
     72 #define KRB5_KDB_SUPPORT_DESMD5		0x00004000
     73 #define KRB5_KDB_NEW_PRINC		0x00008000
     74 #define KRB5_KDB_OK_AS_DELEGATE		0x00010000
     75 #define KRB5_KDB_TRUSTED_FOR_DELEGATION	0x00020000
     76 #define KRB5_KDB_ALLOW_KERBEROS4	0x00040000
     77 #define KRB5_KDB_ALLOW_DIGEST		0x00080000
     78 
     79 #define KADM5_PRINCIPAL		0x000001
     80 #define KADM5_PRINC_EXPIRE_TIME	0x000002
     81 #define KADM5_PW_EXPIRATION	0x000004
     82 #define KADM5_LAST_PWD_CHANGE	0x000008
     83 #define KADM5_ATTRIBUTES	0x000010
     84 #define KADM5_MAX_LIFE		0x000020
     85 #define KADM5_MOD_TIME		0x000040
     86 #define KADM5_MOD_NAME		0x000080
     87 #define KADM5_KVNO		0x000100
     88 #define KADM5_MKVNO		0x000200
     89 #define KADM5_AUX_ATTRIBUTES	0x000400
     90 #define KADM5_POLICY		0x000800
     91 #define KADM5_POLICY_CLR	0x001000
     92 #define KADM5_MAX_RLIFE		0x002000
     93 #define KADM5_LAST_SUCCESS	0x004000
     94 #define KADM5_LAST_FAILED	0x008000
     95 #define KADM5_FAIL_AUTH_COUNT	0x010000
     96 #define KADM5_KEY_DATA		0x020000
     97 #define KADM5_TL_DATA		0x040000
     98 
     99 #define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA))
    100 
    101 #define KADM5_PW_MAX_LIFE 	0x004000
    102 #define KADM5_PW_MIN_LIFE	0x008000
    103 #define KADM5_PW_MIN_LENGTH 	0x010000
    104 #define KADM5_PW_MIN_CLASSES	0x020000
    105 #define KADM5_PW_HISTORY_NUM	0x040000
    106 #define KADM5_REF_COUNT		0x080000
    107 
    108 #define KADM5_POLICY_NORMAL_MASK (~0)
    109 
    110 #define KADM5_ADMIN_SERVICE	"kadmin/admin"
    111 #define KADM5_HIST_PRINCIPAL	"kadmin/history"
    112 #define KADM5_CHANGEPW_SERVICE	"kadmin/changepw"
    113 
    114 typedef struct {
    115     int16_t key_data_ver;	/* Version */
    116     int16_t key_data_kvno;	/* Key Version */
    117     int16_t key_data_type[2];	/* Array of types */
    118     int16_t key_data_length[2];	/* Array of lengths */
    119     void*   key_data_contents[2];/* Array of pointers */
    120 } krb5_key_data;
    121 
    122 typedef struct _krb5_keysalt {
    123     int16_t               type;
    124     krb5_data             data;                 /* Length, data */
    125 } krb5_keysalt;
    126 
    127 typedef struct _krb5_tl_data {
    128     struct _krb5_tl_data* tl_data_next;
    129     int16_t tl_data_type;
    130     int16_t tl_data_length;
    131     void*   tl_data_contents;
    132 } krb5_tl_data;
    133 
    134 #define KRB5_TL_LAST_PWD_CHANGE		0x0001
    135 #define KRB5_TL_MOD_PRINC		0x0002
    136 #define KRB5_TL_KADM_DATA		0x0003
    137 #define KRB5_TL_KADM5_E_DATA		0x0004
    138 #define KRB5_TL_RB1_CHALLENGE		0x0005
    139 #define KRB5_TL_SECURID_STATE           0x0006
    140 #define KRB5_TL_PASSWORD           	0x0007
    141 #define KRB5_TL_EXTENSION           	0x0008
    142 #define KRB5_TL_PKINIT_ACL           	0x0009
    143 #define KRB5_TL_ALIASES           	0x000a
    144 #define KRB5_TL_HIST_KVNO_DIFF_CLNT	0x000b
    145 #define KRB5_TL_HIST_KVNO_DIFF_SVC	0x000c
    146 
    147 typedef struct _kadm5_principal_ent_t {
    148     krb5_principal principal;
    149 
    150     krb5_timestamp princ_expire_time;
    151     krb5_timestamp last_pwd_change;
    152     krb5_timestamp pw_expiration;
    153     krb5_deltat max_life;
    154     krb5_principal mod_name;
    155     krb5_timestamp mod_date;
    156     krb5_flags attributes;
    157     krb5_kvno kvno;
    158     krb5_kvno mkvno;
    159 
    160     char * policy;
    161     uint32_t aux_attributes;
    162 
    163     krb5_deltat max_renewable_life;
    164     krb5_timestamp last_success;
    165     krb5_timestamp last_failed;
    166     krb5_kvno fail_auth_count;
    167     int16_t n_key_data;
    168     int16_t n_tl_data;
    169     krb5_tl_data *tl_data;
    170     krb5_key_data *key_data;
    171 } kadm5_principal_ent_rec, *kadm5_principal_ent_t;
    172 
    173 typedef struct _kadm5_policy_ent_t {
    174     char *policy;
    175 
    176     uint32_t pw_min_life;
    177     uint32_t pw_max_life;
    178     uint32_t pw_min_length;
    179     uint32_t pw_min_classes;
    180     uint32_t pw_history_num;
    181     uint32_t policy_refcnt;
    182 } kadm5_policy_ent_rec, *kadm5_policy_ent_t;
    183 
    184 #define KADM5_CONFIG_REALM			(1 << 0)
    185 #define KADM5_CONFIG_PROFILE			(1 << 1)
    186 #define KADM5_CONFIG_KADMIND_PORT		(1 << 2)
    187 #define KADM5_CONFIG_ADMIN_SERVER		(1 << 3)
    188 #define KADM5_CONFIG_DBNAME			(1 << 4)
    189 #define KADM5_CONFIG_ADBNAME			(1 << 5)
    190 #define KADM5_CONFIG_ADB_LOCKFILE		(1 << 6)
    191 #define KADM5_CONFIG_ACL_FILE			(1 << 7)
    192 #define KADM5_CONFIG_DICT_FILE			(1 << 8)
    193 #define KADM5_CONFIG_ADMIN_KEYTAB		(1 << 9)
    194 #define KADM5_CONFIG_MKEY_FROM_KEYBOARD		(1 << 10)
    195 #define KADM5_CONFIG_STASH_FILE			(1 << 11)
    196 #define KADM5_CONFIG_MKEY_NAME			(1 << 12)
    197 #define KADM5_CONFIG_ENCTYPE			(1 << 13)
    198 #define KADM5_CONFIG_MAX_LIFE			(1 << 14)
    199 #define KADM5_CONFIG_MAX_RLIFE			(1 << 15)
    200 #define KADM5_CONFIG_EXPIRATION			(1 << 16)
    201 #define KADM5_CONFIG_FLAGS			(1 << 17)
    202 #define KADM5_CONFIG_ENCTYPES			(1 << 18)
    203 
    204 #define KADM5_PRIV_GET		(1 << 0)
    205 #define KADM5_PRIV_ADD 		(1 << 1)
    206 #define KADM5_PRIV_MODIFY	(1 << 2)
    207 #define KADM5_PRIV_DELETE	(1 << 3)
    208 #define KADM5_PRIV_LIST		(1 << 4)
    209 #define KADM5_PRIV_CPW		(1 << 5)
    210 #define KADM5_PRIV_GET_KEYS	(1 << 6)
    211 
    212 /* Note: KADM5_PRIV_GET_KEYS not included */
    213 #define KADM5_PRIV_ALL		(KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW)
    214 
    215 #define KADM5_BOGUS_KEY_DATA    "\xe5\xe5\xe5\xe5"
    216 
    217 typedef struct _kadm5_config_params {
    218     uint32_t mask;
    219 
    220     /* Client and server fields */
    221     char *realm;
    222     int kadmind_port;
    223 
    224     /* client fields */
    225     char *admin_server;
    226 
    227     /* server fields */
    228     char *dbname;
    229     char *acl_file;
    230 
    231     /* server library (database) fields */
    232     char *stash_file;
    233 } kadm5_config_params;
    234 
    235 typedef krb5_error_code kadm5_ret_t;
    236 
    237 #include "kadm5-protos.h"
    238 
    239 #endif /* __KADM5_ADMIN_H__ */
    240