4 * Copyright 2001, 2008 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
28 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
34 * This API is not considered as stable as the main krb5 API.
36 * - We may make arbitrary incompatible changes between feature
37 * releases (e.g. from 1.7 to 1.8).
38 * - We will make some effort to avoid making incompatible changes for
39 * bugfix releases, but will make them if necessary.
40 * - We make no commitments at all regarding the v1 API (obtained by
41 * defining USE_KADM5_API_VERSION to 1) and expect to remove it.
44 #ifndef __KADM5_ADMIN_H__
45 #define __KADM5_ADMIN_H__
47 #if !defined(USE_KADM5_API_VERSION)
48 #define USE_KADM5_API_VERSION 2
51 #include <sys/types.h>
52 #include <gssrpc/rpc.h>
56 #include <kadm5/kadm_err.h>
57 #include <kadm5/chpass_util_strings.h>
59 #define KADM5_ADMIN_SERVICE "kadmin/admin"
60 #define KADM5_CHANGEPW_SERVICE "kadmin/changepw"
61 #define KADM5_HIST_PRINCIPAL "kadmin/history"
62 #define KADM5_KIPROP_HOST_SERVICE "kiprop"
64 typedef krb5_principal kadm5_princ_t;
65 typedef char *kadm5_policy_t;
66 typedef long kadm5_ret_t;
68 #define KADM5_PW_FIRST_PROMPT \
69 (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
70 #define KADM5_PW_SECOND_PROMPT \
71 (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
74 * Successful return code
82 /* kadm5_principal_ent_t */
83 #define KADM5_PRINCIPAL 0x000001
84 #define KADM5_PRINC_EXPIRE_TIME 0x000002
85 #define KADM5_PW_EXPIRATION 0x000004
86 #define KADM5_LAST_PWD_CHANGE 0x000008
87 #define KADM5_ATTRIBUTES 0x000010
88 #define KADM5_MAX_LIFE 0x000020
89 #define KADM5_MOD_TIME 0x000040
90 #define KADM5_MOD_NAME 0x000080
91 #define KADM5_KVNO 0x000100
92 #define KADM5_MKVNO 0x000200
93 #define KADM5_AUX_ATTRIBUTES 0x000400
94 #define KADM5_POLICY 0x000800
95 #define KADM5_POLICY_CLR 0x001000
97 #define KADM5_MAX_RLIFE 0x002000
98 #define KADM5_LAST_SUCCESS 0x004000
99 #define KADM5_LAST_FAILED 0x008000
100 #define KADM5_FAIL_AUTH_COUNT 0x010000
101 #define KADM5_KEY_DATA 0x020000
102 #define KADM5_TL_DATA 0x040000
103 #ifdef notyet /* Novell */
104 #define KADM5_CPW_FUNCTION 0x080000
105 #define KADM5_RANDKEY_USED 0x100000
107 #define KADM5_LOAD 0x200000
109 /* all but KEY_DATA and TL_DATA */
110 #define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff
113 /* kadm5_policy_ent_t */
114 #define KADM5_PW_MAX_LIFE 0x004000
115 #define KADM5_PW_MIN_LIFE 0x008000
116 #define KADM5_PW_MIN_LENGTH 0x010000
117 #define KADM5_PW_MIN_CLASSES 0x020000
118 #define KADM5_PW_HISTORY_NUM 0x040000
119 #define KADM5_REF_COUNT 0x080000
121 /* kadm5_config_params */
122 #define KADM5_CONFIG_REALM 0x00000001
123 #define KADM5_CONFIG_DBNAME 0x00000002
124 #define KADM5_CONFIG_MKEY_NAME 0x00000004
125 #define KADM5_CONFIG_MAX_LIFE 0x00000008
126 #define KADM5_CONFIG_MAX_RLIFE 0x00000010
127 #define KADM5_CONFIG_EXPIRATION 0x00000020
128 #define KADM5_CONFIG_FLAGS 0x00000040
129 #define KADM5_CONFIG_ADMIN_KEYTAB 0x00000080
130 #define KADM5_CONFIG_STASH_FILE 0x00000100
131 #define KADM5_CONFIG_ENCTYPE 0x00000200
132 #define KADM5_CONFIG_ADBNAME 0x00000400
133 #define KADM5_CONFIG_ADB_LOCKFILE 0x00000800
134 /*#define KADM5_CONFIG_PROFILE 0x00001000*/
135 #define KADM5_CONFIG_ACL_FILE 0x00002000
136 #define KADM5_CONFIG_KADMIND_PORT 0x00004000
137 #define KADM5_CONFIG_ENCTYPES 0x00008000
138 #define KADM5_CONFIG_ADMIN_SERVER 0x00010000
139 #define KADM5_CONFIG_DICT_FILE 0x00020000
140 #define KADM5_CONFIG_MKEY_FROM_KBD 0x00040000
141 #define KADM5_CONFIG_KPASSWD_PORT 0x00080000
142 #define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x00100000
143 #define KADM5_CONFIG_NO_AUTH 0x00200000
144 #define KADM5_CONFIG_AUTH_NOFALLBACK 0x00400000
145 #ifdef notyet /* Novell */
146 #define KADM5_CONFIG_KPASSWD_SERVER 0x00800000
148 #define KADM5_CONFIG_IPROP_ENABLED 0x01000000
149 #define KADM5_CONFIG_ULOG_SIZE 0x02000000
150 #define KADM5_CONFIG_POLL_TIME 0x04000000
151 #define KADM5_CONFIG_IPROP_LOGFILE 0x08000000
152 #define KADM5_CONFIG_IPROP_PORT 0x10000000
153 #define KADM5_CONFIG_KVNO 0x20000000
157 #define KADM5_PRIV_GET 0x01
158 #define KADM5_PRIV_ADD 0x02
159 #define KADM5_PRIV_MODIFY 0x04
160 #define KADM5_PRIV_DELETE 0x08
163 * API versioning constants
165 #define KADM5_MASK_BITS 0xffffff00
167 #define KADM5_STRUCT_VERSION_MASK 0x12345600
168 #define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01)
169 #define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1
171 #define KADM5_API_VERSION_MASK 0x12345700
172 #define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01)
173 #define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02)
175 typedef struct _kadm5_principal_ent_t_v2 {
176 krb5_principal principal;
177 krb5_timestamp princ_expire_time;
178 krb5_timestamp last_pwd_change;
179 krb5_timestamp pw_expiration;
180 krb5_deltat max_life;
181 krb5_principal mod_name;
182 krb5_timestamp mod_date;
183 krb5_flags attributes;
189 /* version 2 fields */
190 krb5_deltat max_renewable_life;
191 krb5_timestamp last_success;
192 krb5_timestamp last_failed;
193 krb5_kvno fail_auth_count;
194 krb5_int16 n_key_data;
195 krb5_int16 n_tl_data;
196 krb5_tl_data *tl_data;
197 krb5_key_data *key_data;
198 } kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2;
200 typedef struct _kadm5_principal_ent_t_v1 {
201 krb5_principal principal;
202 krb5_timestamp princ_expire_time;
203 krb5_timestamp last_pwd_change;
204 krb5_timestamp pw_expiration;
205 krb5_deltat max_life;
206 krb5_principal mod_name;
207 krb5_timestamp mod_date;
208 krb5_flags attributes;
213 } kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1;
215 #if USE_KADM5_API_VERSION == 1
216 typedef struct _kadm5_principal_ent_t_v1
217 kadm5_principal_ent_rec, *kadm5_principal_ent_t;
219 typedef struct _kadm5_principal_ent_t_v2
220 kadm5_principal_ent_rec, *kadm5_principal_ent_t;
223 typedef struct _kadm5_policy_ent_t {
231 } kadm5_policy_ent_rec, *kadm5_policy_ent_t;
234 * Data structure returned by kadm5_get_config_params()
236 typedef struct _kadm5_config_params {
243 #ifdef notyet /* Novell */ /* ABI change? */
244 char * kpasswd_server;
247 /* Deprecated except for db2 backwards compatibility. Don't add
248 new uses except as fallbacks for parameters that should be
249 specified in the database module section of the config
253 /* dummy fields to preserve abi for now */
254 char * admin_dbname_was_here;
255 char * admin_lockfile_was_here;
264 krb5_enctype enctype;
265 krb5_deltat max_life;
266 krb5_deltat max_rlife;
267 krb5_timestamp expiration;
269 krb5_key_salt_tuple *keysalts;
270 krb5_int32 num_keysalts;
272 bool_t iprop_enabled;
273 uint32_t iprop_ulogsize;
274 krb5_deltat iprop_poll_time;
275 char * iprop_logfile;
276 /* char * iprop_server;*/
278 } kadm5_config_params;
280 /***********************************************************************
281 * This is the old krb5_realm_read_params, which I mutated into
282 * kadm5_get_config_params but which old code (kdb5_* and krb5kdc)
284 ***********************************************************************/
287 * Data structure returned by krb5_read_realm_params()
289 typedef struct __krb5_realm_params {
290 char * realm_profile;
292 char * realm_mkey_name;
293 char * realm_stash_file;
294 char * realm_kdc_ports;
295 char * realm_kdc_tcp_ports;
296 char * realm_acl_file;
297 char * realm_host_based_services;
298 char * realm_no_host_referral;
299 krb5_int32 realm_kadmind_port;
300 krb5_enctype realm_enctype;
301 krb5_deltat realm_max_life;
302 krb5_deltat realm_max_rlife;
303 krb5_timestamp realm_expiration;
304 krb5_flags realm_flags;
305 krb5_key_salt_tuple *realm_keysalts;
306 unsigned int realm_reject_bad_transit:1;
307 unsigned int realm_kadmind_port_valid:1;
308 unsigned int realm_enctype_valid:1;
309 unsigned int realm_max_life_valid:1;
310 unsigned int realm_max_rlife_valid:1;
311 unsigned int realm_expiration_valid:1;
312 unsigned int realm_flags_valid:1;
313 unsigned int realm_reject_bad_transit_valid:1;
314 krb5_int32 realm_num_keysalts;
321 #if USE_KADM5_API_VERSION > 1
322 krb5_error_code kadm5_get_config_params(krb5_context context,
324 kadm5_config_params *params_in,
325 kadm5_config_params *params_out);
327 krb5_error_code kadm5_free_config_params(krb5_context context,
328 kadm5_config_params *params);
330 krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
331 kadm5_config_params *params);
333 krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
337 kadm5_ret_t kadm5_init(char *client_name, char *pass,
339 #if USE_KADM5_API_VERSION == 1
342 kadm5_config_params *params,
344 krb5_ui_4 struct_version,
345 krb5_ui_4 api_version,
347 void **server_handle);
348 kadm5_ret_t kadm5_init_with_password(char *client_name,
351 #if USE_KADM5_API_VERSION == 1
354 kadm5_config_params *params,
356 krb5_ui_4 struct_version,
357 krb5_ui_4 api_version,
359 void **server_handle);
360 kadm5_ret_t kadm5_init_with_skey(char *client_name,
363 #if USE_KADM5_API_VERSION == 1
366 kadm5_config_params *params,
368 krb5_ui_4 struct_version,
369 krb5_ui_4 api_version,
371 void **server_handle);
372 #if USE_KADM5_API_VERSION > 1
373 kadm5_ret_t kadm5_init_with_creds(char *client_name,
376 kadm5_config_params *params,
377 krb5_ui_4 struct_version,
378 krb5_ui_4 api_version,
380 void **server_handle);
382 kadm5_ret_t kadm5_lock(void *server_handle);
383 kadm5_ret_t kadm5_unlock(void *server_handle);
384 kadm5_ret_t kadm5_flush(void *server_handle);
385 kadm5_ret_t kadm5_destroy(void *server_handle);
386 kadm5_ret_t kadm5_create_principal(void *server_handle,
387 kadm5_principal_ent_t ent,
388 long mask, char *pass);
389 kadm5_ret_t kadm5_create_principal_3(void *server_handle,
390 kadm5_principal_ent_t ent,
393 krb5_key_salt_tuple *ks_tuple,
395 kadm5_ret_t kadm5_delete_principal(void *server_handle,
396 krb5_principal principal);
397 kadm5_ret_t kadm5_modify_principal(void *server_handle,
398 kadm5_principal_ent_t ent,
400 kadm5_ret_t kadm5_rename_principal(void *server_handle,
401 krb5_principal,krb5_principal);
402 #if USE_KADM5_API_VERSION == 1
403 kadm5_ret_t kadm5_get_principal(void *server_handle,
404 krb5_principal principal,
405 kadm5_principal_ent_t *ent);
407 kadm5_ret_t kadm5_get_principal(void *server_handle,
408 krb5_principal principal,
409 kadm5_principal_ent_t ent,
412 kadm5_ret_t kadm5_chpass_principal(void *server_handle,
413 krb5_principal principal,
415 kadm5_ret_t kadm5_chpass_principal_3(void *server_handle,
416 krb5_principal principal,
417 krb5_boolean keepold,
419 krb5_key_salt_tuple *ks_tuple,
421 #if USE_KADM5_API_VERSION == 1
422 kadm5_ret_t kadm5_randkey_principal(void *server_handle,
423 krb5_principal principal,
424 krb5_keyblock **keyblock);
426 kadm5_ret_t kadm5_randkey_principal(void *server_handle,
427 krb5_principal principal,
428 krb5_keyblock **keyblocks,
430 kadm5_ret_t kadm5_randkey_principal_3(void *server_handle,
431 krb5_principal principal,
432 krb5_boolean keepold,
434 krb5_key_salt_tuple *ks_tuple,
435 krb5_keyblock **keyblocks,
438 kadm5_ret_t kadm5_setv4key_principal(void *server_handle,
439 krb5_principal principal,
440 krb5_keyblock *keyblock);
442 kadm5_ret_t kadm5_setkey_principal(void *server_handle,
443 krb5_principal principal,
444 krb5_keyblock *keyblocks,
447 kadm5_ret_t kadm5_setkey_principal_3(void *server_handle,
448 krb5_principal principal,
449 krb5_boolean keepold,
451 krb5_key_salt_tuple *ks_tuple,
452 krb5_keyblock *keyblocks,
455 kadm5_ret_t kadm5_decrypt_key(void *server_handle,
456 kadm5_principal_ent_t entry, krb5_int32
457 ktype, krb5_int32 stype, krb5_int32
458 kvno, krb5_keyblock *keyblock,
459 krb5_keysalt *keysalt, int *kvnop);
461 kadm5_ret_t kadm5_create_policy(void *server_handle,
462 kadm5_policy_ent_t ent,
465 * kadm5_create_policy_internal is not part of the supported,
466 * exposed API. It is available only in the server library, and you
467 * shouldn't use it unless you know why it's there and how it's
468 * different from kadm5_create_policy.
470 kadm5_ret_t kadm5_create_policy_internal(void *server_handle,
473 kadm5_ret_t kadm5_delete_policy(void *server_handle,
474 kadm5_policy_t policy);
475 kadm5_ret_t kadm5_modify_policy(void *server_handle,
476 kadm5_policy_ent_t ent,
479 * kadm5_modify_policy_internal is not part of the supported,
480 * exposed API. It is available only in the server library, and you
481 * shouldn't use it unless you know why it's there and how it's
482 * different from kadm5_modify_policy.
484 kadm5_ret_t kadm5_modify_policy_internal(void *server_handle,
487 #if USE_KADM5_API_VERSION == 1
488 kadm5_ret_t kadm5_get_policy(void *server_handle,
489 kadm5_policy_t policy,
490 kadm5_policy_ent_t *ent);
492 kadm5_ret_t kadm5_get_policy(void *server_handle,
493 kadm5_policy_t policy,
494 kadm5_policy_ent_t ent);
496 kadm5_ret_t kadm5_get_privs(void *server_handle,
499 kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
500 krb5_principal princ,
504 unsigned int msg_len);
506 kadm5_ret_t kadm5_free_principal_ent(void *server_handle,
507 kadm5_principal_ent_t
509 kadm5_ret_t kadm5_free_policy_ent(void *server_handle,
510 kadm5_policy_ent_t ent);
512 kadm5_ret_t kadm5_get_principals(void *server_handle,
513 char *exp, char ***princs,
516 kadm5_ret_t kadm5_get_policies(void *server_handle,
517 char *exp, char ***pols,
520 #if USE_KADM5_API_VERSION > 1
521 kadm5_ret_t kadm5_free_key_data(void *server_handle,
522 krb5_int16 *n_key_data,
523 krb5_key_data *key_data);
526 kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names,
529 krb5_error_code kadm5_init_krb5_context (krb5_context *);
531 krb5_error_code kadm5_init_iprop(void *server_handle, char **db_args);
534 * kadm5_get_principal_keys is used only by kadmin.local to extract existing
535 * keys from the database without changing them. It should never be exposed
536 * to the network protocol.
538 kadm5_ret_t kadm5_get_principal_keys(void *server_handle,
539 krb5_principal principal,
540 krb5_keyblock **keyblocks,
543 #if USE_KADM5_API_VERSION == 1
545 * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time
546 * compatible with KADM5_API_VERSION_2. Basically, this means we have
547 * to continue to provide all the old ovsec_kadm function and symbol
551 #define OVSEC_KADM_ACLFILE "/krb5/ovsec_adm.acl"
552 #define OVSEC_KADM_WORDFILE "/krb5/ovsec_adm.dict"
554 #define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin"
555 #define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw"
556 #define OVSEC_KADM_HIST_PRINCIPAL "ovsec_adm/history"
558 typedef krb5_principal ovsec_kadm_princ_t;
559 typedef krb5_keyblock ovsec_kadm_keyblock;
560 typedef char *ovsec_kadm_policy_t;
561 typedef long ovsec_kadm_ret_t;
563 enum ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL };
564 enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL };
566 #define OVSEC_KADM_PW_FIRST_PROMPT \
567 ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
568 #define OVSEC_KADM_PW_SECOND_PROMPT \
569 ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
572 * Successful return code
574 #define OVSEC_KADM_OK 0
577 * Create/Modify masks
580 #define OVSEC_KADM_PRINCIPAL 0x000001
581 #define OVSEC_KADM_PRINC_EXPIRE_TIME 0x000002
582 #define OVSEC_KADM_PW_EXPIRATION 0x000004
583 #define OVSEC_KADM_LAST_PWD_CHANGE 0x000008
584 #define OVSEC_KADM_ATTRIBUTES 0x000010
585 #define OVSEC_KADM_MAX_LIFE 0x000020
586 #define OVSEC_KADM_MOD_TIME 0x000040
587 #define OVSEC_KADM_MOD_NAME 0x000080
588 #define OVSEC_KADM_KVNO 0x000100
589 #define OVSEC_KADM_MKVNO 0x000200
590 #define OVSEC_KADM_AUX_ATTRIBUTES 0x000400
591 #define OVSEC_KADM_POLICY 0x000800
592 #define OVSEC_KADM_POLICY_CLR 0x001000
594 #define OVSEC_KADM_PW_MAX_LIFE 0x004000
595 #define OVSEC_KADM_PW_MIN_LIFE 0x008000
596 #define OVSEC_KADM_PW_MIN_LENGTH 0x010000
597 #define OVSEC_KADM_PW_MIN_CLASSES 0x020000
598 #define OVSEC_KADM_PW_HISTORY_NUM 0x040000
599 #define OVSEC_KADM_REF_COUNT 0x080000
604 #define OVSEC_KADM_PRIV_GET 0x01
605 #define OVSEC_KADM_PRIV_ADD 0x02
606 #define OVSEC_KADM_PRIV_MODIFY 0x04
607 #define OVSEC_KADM_PRIV_DELETE 0x08
610 * API versioning constants
612 #define OVSEC_KADM_MASK_BITS 0xffffff00
614 #define OVSEC_KADM_STRUCT_VERSION_MASK 0x12345600
615 #define OVSEC_KADM_STRUCT_VERSION_1 (OVSEC_KADM_STRUCT_VERSION_MASK|0x01)
616 #define OVSEC_KADM_STRUCT_VERSION OVSEC_KADM_STRUCT_VERSION_1
618 #define OVSEC_KADM_API_VERSION_MASK 0x12345700
619 #define OVSEC_KADM_API_VERSION_1 (OVSEC_KADM_API_VERSION_MASK|0x01)
622 typedef struct _ovsec_kadm_principal_ent_t {
623 krb5_principal principal;
624 krb5_timestamp princ_expire_time;
625 krb5_timestamp last_pwd_change;
626 krb5_timestamp pw_expiration;
627 krb5_deltat max_life;
628 krb5_principal mod_name;
629 krb5_timestamp mod_date;
630 krb5_flags attributes;
635 } ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t;
637 typedef struct _ovsec_kadm_policy_ent_t {
645 } ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t;
650 ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass,
651 char *service_name, char *realm,
652 krb5_ui_4 struct_version,
653 krb5_ui_4 api_version,
655 void **server_handle);
656 ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name,
660 krb5_ui_4 struct_version,
661 krb5_ui_4 api_version,
663 void **server_handle);
664 ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name,
668 krb5_ui_4 struct_version,
669 krb5_ui_4 api_version,
671 void **server_handle);
672 ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle);
673 ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle);
674 ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle,
675 ovsec_kadm_principal_ent_t ent,
676 long mask, char *pass);
677 ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle,
678 krb5_principal principal);
679 ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle,
680 ovsec_kadm_principal_ent_t ent,
682 ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle,
683 krb5_principal,krb5_principal);
684 ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle,
685 krb5_principal principal,
686 ovsec_kadm_principal_ent_t *ent);
687 ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle,
688 krb5_principal principal,
690 ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle,
691 krb5_principal principal,
692 krb5_keyblock **keyblock);
693 ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle,
694 ovsec_kadm_policy_ent_t ent,
697 * ovsec_kadm_create_policy_internal is not part of the supported,
698 * exposed API. It is available only in the server library, and you
699 * shouldn't use it unless you know why it's there and how it's
700 * different from ovsec_kadm_create_policy.
702 ovsec_kadm_ret_t ovsec_kadm_create_policy_internal(void *server_handle,
703 ovsec_kadm_policy_ent_t
705 ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle,
706 ovsec_kadm_policy_t policy);
707 ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle,
708 ovsec_kadm_policy_ent_t ent,
711 * ovsec_kadm_modify_policy_internal is not part of the supported,
712 * exposed API. It is available only in the server library, and you
713 * shouldn't use it unless you know why it's there and how it's
714 * different from ovsec_kadm_modify_policy.
716 ovsec_kadm_ret_t ovsec_kadm_modify_policy_internal(void *server_handle,
717 ovsec_kadm_policy_ent_t
719 ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle,
720 ovsec_kadm_policy_t policy,
721 ovsec_kadm_policy_ent_t *ent);
722 ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle,
725 ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle,
726 krb5_principal princ,
731 ovsec_kadm_ret_t ovsec_kadm_free_principal_ent(void *server_handle,
732 ovsec_kadm_principal_ent_t
734 ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle,
735 ovsec_kadm_policy_ent_t ent);
737 ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle,
738 char **names, int count);
740 ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle,
741 char *exp, char ***princs,
744 ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle,
745 char *exp, char ***pols,
748 #define OVSEC_KADM_FAILURE KADM5_FAILURE
749 #define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET
750 #define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD
751 #define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY
752 #define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE
753 #define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT
754 #define OVSEC_KADM_BAD_DB KADM5_BAD_DB
755 #define OVSEC_KADM_DUP KADM5_DUP
756 #define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR
757 #define OVSEC_KADM_NO_SRV KADM5_NO_SRV
758 #define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY
759 #define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT
760 #define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC
761 #define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY
762 #define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK
763 #define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS
764 #define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH
765 #define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY
766 #define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL
767 #define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR
768 #define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY
769 #define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE
770 #define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT
771 #define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS
772 #define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT
773 #define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE
774 #define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON
775 #define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF
776 #define OVSEC_KADM_INIT KADM5_INIT
777 #define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD
778 #define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL
779 #define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE
780 #define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION
781 #define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION
782 #define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION
783 #define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION
784 #define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION
785 #define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION
786 #define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION
787 #define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION
788 #define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING
789 #define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT
791 #endif /* USE_KADM5_API_VERSION == 1 */
793 #endif /* __KADM5_ADMIN_H__ */