/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
*/
/*
*
* Copyright 2001, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*/
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
* $Header$
*/
/*
* This API is not considered as stable as the main krb5 API.
*
* - We may make arbitrary incompatible changes between feature
* releases (e.g. from 1.7 to 1.8).
* - We will make some effort to avoid making incompatible changes for
* bugfix releases, but will make them if necessary.
*/
/*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
* Openvision retains the copyright to derivative works of
* this source code. Do *NOT* create a derivative of this
* source code before consulting with your legal department.
* Do *NOT* integrate *ANY* of this source code into another
* product before consulting with your legal department.
*
* For further information, read the top-level Openvision
* copyright which is contained in the top-level MIT Kerberos
* copyright.
*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
*/
#ifndef __KADM5_ADMIN_H__
#define __KADM5_ADMIN_H__
#include <krb5.h>
#include <kdb.h>
#include <com_err.h>
#include <kadm5/kadm_err.h>
#include <kadm5/chpass_util_strings.h>
#ifndef KADM5INT_BEGIN_DECLS
#if defined(__cplusplus)
#define KADM5INT_END_DECLS }
#else
#define KADM5INT_BEGIN_DECLS
#define KADM5INT_END_DECLS
#endif
#endif
/*
* Solaris Kerberos:
* in AUTH_GSSAPI but Solaris doesn't support AUTH_GSSAPI. RPCSEC_GSS can only
* be used with host-based principals.
*
*/
typedef char *kadm5_policy_t;
typedef long kadm5_ret_t;
#define KADM5_PW_FIRST_PROMPT \
#define KADM5_PW_SECOND_PROMPT \
/*
* Successful return code
*/
#define KADM5_OK 0
/*
* Field masks
*/
/* kadm5_principal_ent_t */
/* version 2 masks */
#ifdef notyet /* Novell */
#endif
/* Solaris Kerberos: adding support for key history in LDAP KDB */
/* all but KEY_DATA, TL_DATA, LOAD */
/* kadm5_policy_ent_t */
/* kadm5_config_params */
/*#define KADM5_CONFIG_PROFILE 0x00001000*/
/* Solaris Kerberos */
#ifdef notyet /* Novell */
#endif
/* password change constants */
#define KRB5_KPASSWD_SUCCESS 0
/*
* permission bits
*/
/*
* API versioning constants
*/
typedef struct _kadm5_principal_ent_t {
char *policy;
long aux_attributes;
/* version 2 fields */
typedef struct _kadm5_policy_ent_t {
char *policy;
long pw_min_life;
long pw_max_life;
long pw_min_length;
long pw_min_classes;
long pw_history_num;
long policy_refcnt;
/* version 3 fields */
/*
* New types to indicate which protocol to use when sending
* password change requests
*/
typedef enum {
/*
* Data structure returned by kadm5_get_config_params()
*/
typedef struct _kadm5_config_params {
long mask;
char * realm;
int kadmind_port;
int kpasswd_port;
char * admin_server;
char * kpasswd_server;
#endif
/* Deprecated except for db2 backwards compatibility. Don't add
new uses except as fallbacks for parameters that should be
specified in the database module section of the config
file. */
char * dbname;
/* dummy fields to preserve abi for now */
char * admin_dbname_was_here;
char * admin_lockfile_was_here;
char * admin_keytab;
char * acl_file;
char * dict_file;
int mkey_from_kbd;
char * stash_file;
char * mkey_name;
char * iprop_logfile;
/* char * iprop_server;*/
int iprop_port;
char *kpasswd_server;
/***********************************************************************
* This is the old krb5_realm_read_params, which I mutated into
* kadm5_get_config_params but which old code (kdb5_* and krb5kdc)
* still uses.
***********************************************************************/
/*
* Data structure returned by krb5_read_realm_params()
*/
typedef struct __krb5_realm_params {
char * realm_profile;
char * realm_dbname;
char * realm_mkey_name;
char * realm_stash_file;
char * realm_kdc_ports;
char * realm_kdc_tcp_ports;
char * realm_acl_file;
char * realm_host_based_services;
char * realm_no_host_referral;
/*
* functions
*/
/* Solaris Kerberos */
void free_srv_names(char **srv_names);
const char *realm, char ***host_service_names);
const char *realm,
char ***host_service_names);
int use_kdc_config,
char *, size_t);
/*
* For all initialization functions, the caller must first initialize
* a context with kadm5_init_krb5_context which will survive as long
* as the resulting handle. The caller should free the context with
* krb5_free_context.
*/
char *pass, char **service_names,
char **db_args,
void **server_handle);
/* Solaris Kerberos */
char *pass, char **service_names,
char **db_args,
void **server_handle,
char **emsg);
char **service_names,
char **db_args,
void **server_handle);
char *client_name,
char *pass,
char **service_names,
char **db_args,
void **server_handle);
char *client_name,
char *keytab,
char **service_names,
char **db_args,
void **server_handle);
char *client_name,
char **service_names,
char **db_args,
void **server_handle);
char *msg_ret,
unsigned int msg_len);
long mask,
int n_ks_tuple,
char *pass);
long mask);
long mask);
char *pass);
int n_ks_tuple,
char *pass);
/*
* Solaris Kerberos:
* this routine is only implemented in the client library.
*/
int *n_keys);
int *n_keys);
int n_ks_tuple,
int *n_keys);
int n_keys);
int n_ks_tuple,
int n_keys);
long mask);
/*
* kadm5_create_policy_internal is not part of the supported,
* exposed API. It is available only in the server library, and you
* shouldn't use it unless you know why it's there and how it's
* different from kadm5_create_policy.
*/
long mask);
/*
* kadm5_modify_policy_internal is not part of the supported,
* exposed API. It is available only in the server library, and you
* shouldn't use it unless you know why it's there and how it's
* different from kadm5_modify_policy.
*/
long *privs);
char *new_pw,
char **ret_pw,
char *msg_ret,
unsigned int msg_len);
ent);
int *count);
int *count);
int count);
/*
* kadm5_get_principal_keys is used only by kadmin.local to extract existing
* keys from the database without changing them. It should never be exposed
* to the network protocol.
*/
int *n_keys);
char *new_password,
/* Solaris Kerberos */
#endif /* __KADM5_ADMIN_H__ */