4 * Copyright 1990,1991 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
27 * KDC Database interface definitions.
31 * Copyright (C) 1998 by the FundsXpress, INC.
33 * All rights reserved.
35 * Export of this software from the United States of America may require
36 * a specific license from the United States Government. It is the
37 * responsibility of any person or organization contemplating export to
38 * obtain such a license before exporting.
40 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
41 * distribute this software and its documentation for any purpose and
42 * without fee is hereby granted, provided that the above copyright
43 * notice appear in all copies and that both that copyright notice and
44 * this permission notice appear in supporting documentation, and that
45 * the name of FundsXpress. not be used in advertising or publicity pertaining
46 * to distribution of the software without specific, written prior
47 * permission. FundsXpress makes no representations about the suitability of
48 * this software for any purpose. It is provided "as is" without express
49 * or implied warranty.
51 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
52 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
53 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
60 #define KRB5_KDB_SALTTYPE_NORMAL 0
61 #define KRB5_KDB_SALTTYPE_V4 1
62 #define KRB5_KDB_SALTTYPE_NOREALM 2
63 #define KRB5_KDB_SALTTYPE_ONLYREALM 3
64 #define KRB5_KDB_SALTTYPE_SPECIAL 4
65 #define KRB5_KDB_SALTTYPE_AFS3 5
68 #define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
69 #define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
70 #define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
71 #define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
72 #define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
73 #define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
74 #define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
75 #define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
76 #define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
77 #define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
78 #define KRB5_KDB_DISALLOW_SVR 0x00001000
79 #define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
80 #define KRB5_KDB_SUPPORT_DESMD5 0x00004000
81 #define KRB5_KDB_NEW_PRINC 0x00008000
84 #define KRB5_KDB_CREATE_BTREE 0x00000001
85 #define KRB5_KDB_CREATE_HASH 0x00000002
90 * Note --- these structures cannot be modified without changing the
91 * database version number in libkdb.a, but should be expandable by
92 * adding new tl_data types.
94 typedef struct _krb5_tl_data {
95 struct _krb5_tl_data* tl_data_next; /* NOT saved */
96 krb5_int16 tl_data_type;
97 krb5_ui_2 tl_data_length;
98 krb5_octet * tl_data_contents;
102 * If this ever changes up the version number and make the arrays be as
105 * Currently the first type is the enctype and the second is the salt type.
107 typedef struct _krb5_key_data {
108 krb5_int16 key_data_ver; /* Version */
109 krb5_int16 key_data_kvno; /* Key Version */
110 krb5_int16 key_data_type[2]; /* Array of types */
111 krb5_ui_2 key_data_length[2]; /* Array of lengths */
112 krb5_octet * key_data_contents[2]; /* Array of pointers */
115 #define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */
117 typedef struct _krb5_keysalt {
119 krb5_data data; /* Length, data */
122 typedef struct _krb5_db_entry_new {
123 krb5_magic magic; /* NOT saved */
125 krb5_ui_4 mask; /* members currently changed/set */
126 krb5_flags attributes;
127 krb5_deltat max_life;
128 krb5_deltat max_renewable_life;
129 krb5_timestamp expiration; /* When the client expires */
130 krb5_timestamp pw_expiration; /* When its passwd expires */
131 krb5_timestamp last_success; /* Last successful passwd */
132 krb5_timestamp last_failed; /* Last failed passwd attempt */
133 krb5_kvno fail_auth_count; /* # of failed passwd attempt */
134 krb5_int16 n_tl_data;
135 krb5_int16 n_key_data;
136 krb5_ui_2 e_length; /* Length of extra data */
137 krb5_octet * e_data; /* Extra data to be saved */
139 krb5_principal princ; /* Length, data */
140 krb5_tl_data * tl_data; /* Linked list */
141 krb5_key_data * key_data; /* Array */
144 typedef struct _osa_policy_ent_t {
147 krb5_ui_4 pw_min_life;
148 krb5_ui_4 pw_max_life;
149 krb5_ui_4 pw_min_length;
150 krb5_ui_4 pw_min_classes;
151 krb5_ui_4 pw_history_num;
152 krb5_ui_4 policy_refcnt;
153 } osa_policy_ent_rec, *osa_policy_ent_t;
155 typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t);
157 typedef struct __krb5_key_salt_tuple {
158 krb5_enctype ks_enctype;
159 krb5_int32 ks_salttype;
160 } krb5_key_salt_tuple;
162 #define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb
163 #define KRB5_KDB_V1_BASE_LENGTH 38
165 #define KRB5_TL_LAST_PWD_CHANGE 0x0001
166 #define KRB5_TL_MOD_PRINC 0x0002
167 #define KRB5_TL_KADM_DATA 0x0003
168 #define KRB5_TL_KADM5_E_DATA 0x0004
169 #define KRB5_TL_RB1_CHALLENGE 0x0005
171 #define KRB5_TL_SECURID_STATE 0x0006
172 #define KRB5_TL_DB_ARGS 0x7fff
176 * Determines the number of failed KDC requests before DISALLOW_ALL_TIX is set
179 #define KRB5_MAX_FAIL_COUNT 5
181 /* XXX depends on knowledge of krb5_parse_name() formats */
182 #define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */
184 /* prompts used by default when reading the KDC password from the keyboard. */
185 #define KRB5_KDC_MKEY_1 "Enter KDC database master key"
186 #define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify"
189 extern char *krb5_mkey_pwd_prompt1;
190 extern char *krb5_mkey_pwd_prompt2;
193 * These macros specify the encoding of data within the database.
195 * Data encoding is little-endian.
197 #include "k5-platform.h"
198 #define krb5_kdb_decode_int16(cp, i16) \
199 *((krb5_int16 *) &(i16)) = load_16_le(cp)
200 #define krb5_kdb_decode_int32(cp, i32) \
201 *((krb5_int32 *) &(i32)) = load_32_le(cp)
202 #define krb5_kdb_encode_int16(i16, cp) store_16_le(i16, cp)
203 #define krb5_kdb_encode_int32(i32, cp) store_32_le(i32, cp)
205 #define KRB5_KDB_OPEN_RW 0
206 #define KRB5_KDB_OPEN_RO 1
208 #ifndef KRB5_KDB_SRV_TYPE_KDC
209 #define KRB5_KDB_SRV_TYPE_KDC 0x0100
212 #ifndef KRB5_KDB_SRV_TYPE_ADMIN
213 #define KRB5_KDB_SRV_TYPE_ADMIN 0x0200
216 #ifndef KRB5_KDB_SRV_TYPE_PASSWD
217 #define KRB5_KDB_SRV_TYPE_PASSWD 0x0300
220 #ifndef KRB5_KDB_SRV_TYPE_OTHER
221 #define KRB5_KDB_SRV_TYPE_OTHER 0x0400
224 #define KRB5_KDB_OPT_SET_DB_NAME 0
225 #define KRB5_KDB_OPT_SET_LOCK_MODE 1
227 #define KRB5_DB_LOCKMODE_SHARED 0x0001
228 #define KRB5_DB_LOCKMODE_EXCLUSIVE 0x0002
229 #define KRB5_DB_LOCKMODE_DONTBLOCK 0x0004
230 #define KRB5_DB_LOCKMODE_PERMANENT 0x0008
233 krb5_error_code krb5_db_open( krb5_context kcontext, char **db_args, int mode );
234 krb5_error_code krb5_db_init ( krb5_context kcontext );
235 krb5_error_code krb5_db_create ( krb5_context kcontext, char **db_args );
236 krb5_error_code krb5_db_inited ( krb5_context kcontext );
237 krb5_error_code kdb5_db_create ( krb5_context kcontext, char **db_args );
238 krb5_error_code krb5_db_fini ( krb5_context kcontext );
239 const char * krb5_db_errcode2string ( krb5_context kcontext, long err_code );
240 krb5_error_code krb5_db_destroy ( krb5_context kcontext, char **db_args );
241 krb5_error_code krb5_db_promote ( krb5_context kcontext, char **db_args );
242 krb5_error_code krb5_db_get_age ( krb5_context kcontext, char *db_name, time_t *t );
243 krb5_error_code krb5_db_set_option ( krb5_context kcontext, int option, void *value );
244 krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode );
245 krb5_error_code krb5_db_unlock ( krb5_context kcontext );
246 krb5_error_code krb5_db_get_principal ( krb5_context kcontext,
247 krb5_const_principal search_for,
248 krb5_db_entry *entries,
250 krb5_boolean *more );
251 krb5_error_code krb5_db_free_principal ( krb5_context kcontext,
252 krb5_db_entry *entry,
254 krb5_error_code krb5_db_put_principal ( krb5_context kcontext,
255 krb5_db_entry *entries,
257 krb5_error_code krb5_db_delete_principal ( krb5_context kcontext,
258 krb5_principal search_for,
260 krb5_error_code krb5_db_iterate ( krb5_context kcontext,
262 int (*func) (krb5_pointer, krb5_db_entry *),
263 krb5_pointer func_arg );
264 krb5_error_code krb5_supported_realms ( krb5_context kcontext,
266 krb5_error_code krb5_free_supported_realms ( krb5_context kcontext,
268 krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext,
270 krb5_keyblock *key );
271 krb5_error_code krb5_db_set_mkey ( krb5_context context,
273 krb5_error_code krb5_db_get_mkey ( krb5_context kcontext,
274 krb5_keyblock **key );
275 krb5_error_code krb5_db_free_master_key ( krb5_context kcontext,
276 krb5_keyblock *key );
277 krb5_error_code krb5_db_store_master_key ( krb5_context kcontext,
279 krb5_principal mname,
282 krb5_error_code krb5_db_fetch_mkey ( krb5_context context,
283 krb5_principal mname,
285 krb5_boolean fromkeyboard,
290 krb5_error_code krb5_db_verify_master_key ( krb5_context kcontext,
291 krb5_principal mprinc,
292 krb5_keyblock *mkey );
294 krb5_dbe_find_enctype( krb5_context kcontext,
295 krb5_db_entry *dbentp,
299 krb5_key_data **kdatap);
302 krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext,
303 krb5_db_entry *dbentp,
308 krb5_key_data **kdatap);
311 krb5_db_setup_mkey_name ( krb5_context context,
315 krb5_principal *principal);
318 krb5_dbekd_decrypt_key_data( krb5_context context,
319 const krb5_keyblock * mkey,
320 const krb5_key_data * key_data,
321 krb5_keyblock * dbkey,
322 krb5_keysalt * keysalt);
325 krb5_dbekd_encrypt_key_data( krb5_context context,
326 const krb5_keyblock * mkey,
327 const krb5_keyblock * dbkey,
328 const krb5_keysalt * keysalt,
330 krb5_key_data * key_data);
333 krb5_dbe_lookup_mod_princ_data( krb5_context context,
334 krb5_db_entry * entry,
335 krb5_timestamp * mod_time,
336 krb5_principal * mod_princ);
340 krb5_dbe_update_last_pwd_change( krb5_context context,
341 krb5_db_entry * entry,
342 krb5_timestamp stamp);
345 krb5_dbe_lookup_tl_data( krb5_context context,
346 krb5_db_entry * entry,
347 krb5_tl_data * ret_tl_data);
350 krb5_dbe_create_key_data( krb5_context context,
351 krb5_db_entry * entry);
355 krb5_dbe_update_mod_princ_data( krb5_context context,
356 krb5_db_entry * entry,
357 krb5_timestamp mod_date,
358 krb5_const_principal mod_princ);
361 krb5_dbe_update_last_pwd_change( krb5_context context,
362 krb5_db_entry * entry,
363 krb5_timestamp stamp);
365 void *krb5_db_alloc( krb5_context kcontext,
369 void krb5_db_free( krb5_context kcontext,
374 krb5_dbe_lookup_last_pwd_change( krb5_context context,
375 krb5_db_entry * entry,
376 krb5_timestamp * stamp);
379 krb5_dbe_update_tl_data( krb5_context context,
380 krb5_db_entry * entry,
381 krb5_tl_data * new_tl_data);
384 krb5_dbe_cpw( krb5_context kcontext,
385 krb5_keyblock * master_key,
386 krb5_key_salt_tuple * ks_tuple,
390 krb5_boolean keepold,
391 krb5_db_entry * db_entry);
395 krb5_dbe_ark( krb5_context context,
396 krb5_keyblock * master_key,
397 krb5_key_salt_tuple * ks_tuple,
399 krb5_db_entry * db_entry);
402 krb5_dbe_crk( krb5_context context,
403 krb5_keyblock * master_key,
404 krb5_key_salt_tuple * ks_tuple,
406 krb5_boolean keepold,
407 krb5_db_entry * db_entry);
410 krb5_dbe_apw( krb5_context context,
411 krb5_keyblock * master_key,
412 krb5_key_salt_tuple * ks_tuple,
415 krb5_db_entry * db_entry);
417 /* default functions. Should not be directly called */
419 * Default functions prototype
423 krb5_dbe_def_search_enctype( krb5_context kcontext,
424 krb5_db_entry *dbentp,
429 krb5_key_data **kdatap);
432 krb5_def_store_mkey( krb5_context context,
434 krb5_principal mname,
440 krb5_db_def_fetch_mkey( krb5_context context,
441 krb5_principal mname,
447 krb5_def_verify_master_key( krb5_context context,
448 krb5_principal mprinc,
449 krb5_keyblock *mkey);
451 krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
453 krb5_keyblock *key );
455 krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
456 krb5_keyblock **key );
459 krb5_dbe_def_cpw( krb5_context context,
460 krb5_keyblock * master_key,
461 krb5_key_salt_tuple * ks_tuple,
465 krb5_boolean keepold,
466 krb5_db_entry * db_entry);
469 krb5_def_promote_db(krb5_context, char *, char **);
472 krb5_db_create_policy( krb5_context kcontext,
473 osa_policy_ent_t policy);
476 krb5_db_get_policy ( krb5_context kcontext,
478 osa_policy_ent_t *policy,
482 krb5_db_put_policy( krb5_context kcontext,
483 osa_policy_ent_t policy);
486 krb5_db_iter_policy( krb5_context kcontext,
488 osa_adb_iter_policy_func func,
492 krb5_db_delete_policy( krb5_context kcontext,
496 krb5_db_free_policy( krb5_context kcontext,
497 osa_policy_ent_t policy);
499 #define KRB5_KDB_DEF_FLAGS 0
501 #endif /* !defined(_WIN32) */
503 #endif /* KRB5_KDB5__ */