search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
8322 nl: misleading-indentation
[unleashed/tickless.git] / usr / src / lib / gss_mechs / mech_krb5 / include / krb5 / kdb.h
blobc68914f143564062fbe299d7b80d8913093924a5
1 /*
2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 /*
7 * include/krb5/kdb.h
8 *
9 * Copyright 1990,1991 by the Massachusetts Institute of Technology.
10 * All Rights Reserved.
11 *
12 * Export of this software from the United States of America may
13 * require a specific license from the United States Government.
14 * It is the responsibility of any person or organization contemplating
15 * export to obtain such a license before exporting.
16 *
17 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
18 * distribute this software and its documentation for any purpose and
19 * without fee is hereby granted, provided that the above copyright
20 * notice appear in all copies and that both that copyright notice and
21 * this permission notice appear in supporting documentation, and that
22 * the name of M.I.T. not be used in advertising or publicity pertaining
23 * to distribution of the software without specific, written prior
24 * permission. Furthermore if you modify this software you must label
25 * your software as modified software and not distribute it in such a
26 * fashion that it might be confused with the original M.I.T. software.
27 * M.I.T. makes no representations about the suitability of
28 * this software for any purpose. It is provided "as is" without express
29 * or implied warranty.
30 *
31 *
32 * KDC Database interface definitions.
33 */
34
35 /*
36 * Copyright (C) 1998 by the FundsXpress, INC.
37 *
38 * All rights reserved.
39 *
40 * Export of this software from the United States of America may require
41 * a specific license from the United States Government. It is the
42 * responsibility of any person or organization contemplating export to
43 * obtain such a license before exporting.
44 *
45 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
46 * distribute this software and its documentation for any purpose and
47 * without fee is hereby granted, provided that the above copyright
48 * notice appear in all copies and that both that copyright notice and
49 * this permission notice appear in supporting documentation, and that
50 * the name of FundsXpress. not be used in advertising or publicity pertaining
51 * to distribution of the software without specific, written prior
52 * permission. FundsXpress makes no representations about the suitability of
53 * this software for any purpose. It is provided "as is" without express
54 * or implied warranty.
55 *
56 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
57 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
58 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
59 */
60
61 #ifndef KRB5_KDB5__
62 #define KRB5_KDB5__
63
64 /* Salt types */
65 #define KRB5_KDB_SALTTYPE_NORMAL 0
66 #define KRB5_KDB_SALTTYPE_V4 1
67 #define KRB5_KDB_SALTTYPE_NOREALM 2
68 #define KRB5_KDB_SALTTYPE_ONLYREALM 3
69 #define KRB5_KDB_SALTTYPE_SPECIAL 4
70 #define KRB5_KDB_SALTTYPE_AFS3 5
71
72 /* Attributes */
73 #define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
74 #define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
75 #define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
76 #define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
77 #define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
78 #define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
79 #define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
80 #define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
81 #define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
82 #define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
83 #define KRB5_KDB_DISALLOW_SVR 0x00001000
84 #define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
85 #define KRB5_KDB_SUPPORT_DESMD5 0x00004000
86 #define KRB5_KDB_NEW_PRINC 0x00008000
87
88 /* Creation flags */
89 #define KRB5_KDB_CREATE_BTREE 0x00000001
90 #define KRB5_KDB_CREATE_HASH 0x00000002
91
92 /*
93 * Note --- these structures cannot be modified without changing the
94 * database version number in libkdb.a, but should be expandable by
95 * adding new tl_data types.
96 */
97 typedef struct _krb5_tl_data {
98 struct _krb5_tl_data* tl_data_next; /* NOT saved */
99 krb5_int16 tl_data_type;
100 krb5_ui_2 tl_data_length;
101 krb5_octet * tl_data_contents;
102 } krb5_tl_data;
103
104 /*
105 * If this ever changes up the version number and make the arrays be as
106 * big as necessary.
107 *
108 * Currently the first type is the enctype and the second is the salt type.
109 */
110 typedef struct _krb5_key_data {
111 krb5_int16 key_data_ver; /* Version */
112 krb5_int16 key_data_kvno; /* Key Version */
113 krb5_int16 key_data_type[2]; /* Array of types */
114 #if 0
115 /*
116 * SUNW14resync (mech)
117 * This has changed in the mech so we change it here also
118 * prior to the admin resync.
119 */
120 krb5_ui_2 key_data_length[2]; Array of lengths
121 #endif
122 krb5_int16 key_data_length[2]; /* Array of lengths */
123 krb5_octet * key_data_contents[2]; /* Array of pointers */
124 } krb5_key_data;
125
126 #define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */
127
128 typedef struct _krb5_keysalt {
129 krb5_int16 type;
130 krb5_data data; /* Length, data */
131 } krb5_keysalt;
132
133 typedef struct _krb5_db_entry_new {
134 krb5_magic magic; /* NOT saved */
135 krb5_ui_2 len;
136 krb5_ui_4 mask; /* members currently changed/set */
137 krb5_flags attributes;
138 krb5_deltat max_life;
139 krb5_deltat max_renewable_life;
140 krb5_timestamp expiration; /* When the client expires */
141 krb5_timestamp pw_expiration; /* When its passwd expires */
142 krb5_timestamp last_success; /* Last successful passwd */
143 krb5_timestamp last_failed; /* Last failed passwd attempt */
144 krb5_kvno fail_auth_count; /* # of failed passwd attempt */
145 krb5_int16 n_tl_data;
146 krb5_int16 n_key_data;
147 krb5_ui_2 e_length; /* Length of extra data */
148 krb5_octet * e_data; /* Extra data to be saved */
149
150 krb5_principal princ; /* Length, data */
151 krb5_tl_data * tl_data; /* Linked list */
152 krb5_key_data * key_data; /* Array */
153 } krb5_db_entry;
154
155 typedef struct __krb5_key_salt_tuple {
156 krb5_enctype ks_enctype;
157 krb5_int32 ks_salttype;
158 } krb5_key_salt_tuple;
159
160 #define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb
161 #define KRB5_KDB_V1_BASE_LENGTH 38
162
163 #define KRB5_TL_LAST_PWD_CHANGE 0x0001
164 #define KRB5_TL_MOD_PRINC 0x0002
165 #define KRB5_TL_KADM_DATA 0x0003
166 #define KRB5_TL_KADM5_E_DATA 0x0004
167 #define KRB5_TL_RB1_CHALLENGE 0x0005
168 #ifdef SECURID
169 #define KRB5_TL_SECURID_STATE 0x0006
170 #define KRB5_TL_DB_ARGS 0x7fff
171 #endif /* SECURID */
172 #define KRB5_TL_USER_CERTIFICATE 0x0007
173
174 /*
175 * Determines the number of failed KDC requests before DISALLOW_ALL_TIX is set
176 * on the principal.
177 */
178 #define KRB5_MAX_FAIL_COUNT 5
179
180 /* XXX depends on knowledge of krb5_parse_name() formats */
181 #define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */
182
183 /* prompts used by default when reading the KDC password from the keyboard. */
184 #define KRB5_KDC_MKEY_1 "Enter KDC database master key"
185 #define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify"
186
187
188 extern char *krb5_mkey_pwd_prompt1;
189 extern char *krb5_mkey_pwd_prompt2;
190
191 /*
192 * These macros specify the encoding of data within the database.
193 *
194 * Data encoding is little-endian.
195 */
196 #include "k5-platform.h"
197 #define krb5_kdb_decode_int16(cp, i16) \
198 *((krb5_int16 *) &(i16)) = (((krb5_int16) ((unsigned char) (cp)[0]))| \
199 ((krb5_int16) ((unsigned char) (cp)[1]) << 8))
200 #define krb5_kdb_decode_int32(cp, i32) \
201 *((krb5_int32 *) &(i32)) = (((krb5_int32) ((unsigned char) (cp)[0]))| \
202 ((krb5_int32) ((unsigned char) (cp)[1]) << 8) | \
203 ((krb5_int32) ((unsigned char) (cp)[2]) << 16)| \
204 ((krb5_int32) ((unsigned char) (cp)[3]) << 24))
205 #define krb5_kdb_encode_int16(i16, cp) \
206 { \
207 (cp)[0] = (unsigned char) ((i16) & 0xff); \
208 (cp)[1] = (unsigned char) (((i16) >> 8) & 0xff); \
209 }
210 #define krb5_kdb_encode_int32(i32, cp) \
211 { \
212 (cp)[0] = (unsigned char) ((i32) & 0xff); \
213 (cp)[1] = (unsigned char) (((i32) >> 8) & 0xff); \
214 (cp)[2] = (unsigned char) (((i32) >> 16) & 0xff); \
215 (cp)[3] = (unsigned char) (((i32) >> 24) & 0xff); \
216 }
217
218 #define KRB5_KDB_OPEN_RW 0
219 #define KRB5_KDB_OPEN_RO 1
220
221 #ifndef KRB5_KDB_SRV_TYPE_KDC
222 #define KRB5_KDB_SRV_TYPE_KDC 0x0100
223 #endif
224
225 #ifndef KRB5_KDB_SRV_TYPE_ADMIN
226 #define KRB5_KDB_SRV_TYPE_ADMIN 0x0200
227 #endif
228
229 #ifndef KRB5_KDB_SRV_TYPE_PASSWD
230 #define KRB5_KDB_SRV_TYPE_PASSWD 0x0300
231 #endif
232
233 #ifndef KRB5_KDB_SRV_TYPE_OTHER
234 #define KRB5_KDB_SRV_TYPE_OTHER 0x0400
235 #endif
236
237 #define KRB5_KDB_OPT_SET_DB_NAME 0
238 #define KRB5_KDB_OPT_SET_LOCK_MODE 1
239
240 #define KRB5_DB_LOCKMODE_SHARED 0x0001
241 #define KRB5_DB_LOCKMODE_EXCLUSIVE 0x0002
242 #define KRB5_DB_LOCKMODE_DONTBLOCK 0x0004
243 #define KRB5_DB_LOCKMODE_PERMANENT 0x0008
244
245 /* libkdb.spec */
246 krb5_error_code krb5_db_open( krb5_context kcontext, char **db_args, int mode );
247 krb5_error_code krb5_db_init ( krb5_context kcontext );
248 krb5_error_code krb5_db_create ( krb5_context kcontext, char **db_args );
249 krb5_error_code krb5_db_inited ( krb5_context kcontext );
250 krb5_error_code kdb5_db_create ( krb5_context kcontext, char **db_args );
251 krb5_error_code krb5_db_fini ( krb5_context kcontext );
252 const char * krb5_db_errcode2string ( krb5_context kcontext, long err_code );
253 krb5_error_code krb5_db_destroy ( krb5_context kcontext, char **db_args );
254 krb5_error_code krb5_db_promote ( krb5_context kcontext, char **db_args );
255 krb5_error_code krb5_db_get_age ( krb5_context kcontext, char *db_name, time_t *t );
256 krb5_error_code krb5_db_set_option ( krb5_context kcontext, int option, void *value );
257 krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode );
258 krb5_error_code krb5_db_unlock ( krb5_context kcontext );
259 krb5_error_code krb5_db_get_principal ( krb5_context kcontext,
260 krb5_const_principal search_for,
261 krb5_db_entry *entries,
262 int *nentries,
263 krb5_boolean *more );
264 krb5_error_code krb5_db_get_principal_nolock ( krb5_context kcontext,
265 krb5_const_principal search_for,
266 krb5_db_entry *entries,
267 int *nentries,
268 krb5_boolean *more );
269 krb5_error_code krb5_db_free_principal ( krb5_context kcontext,
270 krb5_db_entry *entry,
271 int count );
272 krb5_error_code krb5_db_put_principal ( krb5_context kcontext,
273 krb5_db_entry *entries,
274 int *nentries);
275 krb5_error_code krb5_db_delete_principal ( krb5_context kcontext,
276 krb5_principal search_for,
277 int *nentries );
278 /* Solaris Kerberos: adding support for db_args */
279 krb5_error_code krb5_db_iterate ( krb5_context kcontext,
280 char *match_entry,
281 int (*func) (krb5_pointer, krb5_db_entry *),
282 krb5_pointer func_arg,
283 char **db_args );
284 krb5_error_code krb5_supported_realms ( krb5_context kcontext,
285 char **realms );
286 krb5_error_code krb5_free_supported_realms ( krb5_context kcontext,
287 char **realms );
288 krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext,
289 char *pwd,
290 krb5_keyblock *key );
291 krb5_error_code krb5_db_set_mkey ( krb5_context context,
292 krb5_keyblock *key);
293 krb5_error_code krb5_db_get_mkey ( krb5_context kcontext,
294 krb5_keyblock **key );
295 krb5_error_code krb5_db_free_master_key ( krb5_context kcontext,
296 krb5_keyblock *key );
297 krb5_error_code krb5_db_store_master_key ( krb5_context kcontext,
298 char *db_arg,
299 krb5_principal mname,
300 krb5_keyblock *key,
301 char *master_pwd);
302 krb5_error_code krb5_db_fetch_mkey ( krb5_context context,
303 krb5_principal mname,
304 krb5_enctype etype,
305 krb5_boolean fromkeyboard,
306 krb5_boolean twice,
307 char *db_args,
308 krb5_data *salt,
309 krb5_keyblock *key);
310 krb5_error_code krb5_db_verify_master_key ( krb5_context kcontext,
311 krb5_principal mprinc,
312 krb5_keyblock *mkey );
313 krb5_error_code
314 krb5_dbe_find_enctype( krb5_context kcontext,
315 krb5_db_entry *dbentp,
316 krb5_int32 ktype,
317 krb5_int32 stype,
318 krb5_int32 kvno,
319 krb5_key_data **kdatap);
320
321
322 krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext,
323 krb5_db_entry *dbentp,
324 krb5_int32 *start,
325 krb5_int32 ktype,
326 krb5_int32 stype,
327 krb5_int32 kvno,
328 krb5_key_data **kdatap);
329
330 krb5_error_code
331 krb5_db_setup_mkey_name ( krb5_context context,
332 const char *keyname,
333 const char *realm,
334 char **fullname,
335 krb5_principal *principal);
336
337 krb5_error_code
338 krb5_dbekd_decrypt_key_data( krb5_context context,
339 const krb5_keyblock * mkey,
340 const krb5_key_data * key_data,
341 krb5_keyblock * dbkey,
342 krb5_keysalt * keysalt);
343
344 krb5_error_code
345 krb5_dbekd_encrypt_key_data( krb5_context context,
346 const krb5_keyblock * mkey,
347 const krb5_keyblock * dbkey,
348 const krb5_keysalt * keysalt,
349 int keyver,
350 krb5_key_data * key_data);
351
352 krb5_error_code
353 krb5_dbe_lookup_mod_princ_data( krb5_context context,
354 krb5_db_entry * entry,
355 krb5_timestamp * mod_time,
356 krb5_principal * mod_princ);
357
358
359 krb5_error_code
360 krb5_dbe_update_last_pwd_change( krb5_context context,
361 krb5_db_entry * entry,
362 krb5_timestamp stamp);
363
364 krb5_error_code
365 krb5_dbe_lookup_tl_data( krb5_context context,
366 krb5_db_entry * entry,
367 krb5_tl_data * ret_tl_data);
368
369 krb5_error_code
370 krb5_dbe_create_key_data( krb5_context context,
371 krb5_db_entry * entry);
372
373
374 krb5_error_code
375 krb5_dbe_update_mod_princ_data( krb5_context context,
376 krb5_db_entry * entry,
377 krb5_timestamp mod_date,
378 krb5_const_principal mod_princ);
379
380 krb5_error_code
381 krb5_dbe_update_last_pwd_change( krb5_context context,
382 krb5_db_entry * entry,
383 krb5_timestamp stamp);
384
385 void *krb5_db_alloc( krb5_context kcontext,
386 void *ptr,
387 size_t size );
388
389 void krb5_db_free( krb5_context kcontext,
390 void *ptr);
391
392
393 krb5_error_code
394 krb5_dbe_lookup_last_pwd_change( krb5_context context,
395 krb5_db_entry * entry,
396 krb5_timestamp * stamp);
397
398 krb5_error_code
399 krb5_dbe_update_tl_data( krb5_context context,
400 krb5_db_entry * entry,
401 krb5_tl_data * new_tl_data);
402
403 krb5_error_code
404 krb5_dbe_cpw( krb5_context kcontext,
405 krb5_keyblock * master_key,
406 krb5_key_salt_tuple * ks_tuple,
407 int ks_tuple_count,
408 char * passwd,
409 int new_kvno,
410 krb5_boolean keepold,
411 krb5_db_entry * db_entry);
412
413
414 krb5_error_code
415 krb5_dbe_ark( krb5_context context,
416 krb5_keyblock * master_key,
417 krb5_key_salt_tuple * ks_tuple,
418 int ks_tuple_count,
419 krb5_db_entry * db_entry);
420
421 krb5_error_code
422 krb5_dbe_crk( krb5_context context,
423 krb5_keyblock * master_key,
424 krb5_key_salt_tuple * ks_tuple,
425 int ks_tuple_count,
426 krb5_boolean keepold,
427 krb5_db_entry * db_entry);
428
429 krb5_error_code
430 krb5_dbe_apw( krb5_context context,
431 krb5_keyblock * master_key,
432 krb5_key_salt_tuple * ks_tuple,
433 int ks_tuple_count,
434 char * passwd,
435 krb5_db_entry * db_entry);
436
437 /* default functions. Should not be directly called */
438 /*
439 * Default functions prototype
440 */
441
442 krb5_error_code
443 krb5_dbe_def_search_enctype( krb5_context kcontext,
444 krb5_db_entry *dbentp,
445 krb5_int32 *start,
446 krb5_int32 ktype,
447 krb5_int32 stype,
448 krb5_int32 kvno,
449 krb5_key_data **kdatap);
450
451 krb5_error_code
452 krb5_def_store_mkey( krb5_context context,
453 char *keyfile,
454 krb5_principal mname,
455 krb5_keyblock *key,
456 char *master_pwd);
457
458
459 krb5_error_code
460 krb5_db_def_fetch_mkey( krb5_context context,
461 krb5_principal mname,
462 krb5_keyblock *key,
463 int *kvno,
464 char *db_args);
465
466 krb5_error_code
467 krb5_def_verify_master_key( krb5_context context,
468 krb5_principal mprinc,
469 krb5_keyblock *mkey);
470
471 krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
472 char *pwd,
473 krb5_keyblock *key );
474
475 krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
476 krb5_keyblock **key );
477
478 krb5_error_code
479 krb5_dbe_def_cpw( krb5_context context,
480 krb5_keyblock * master_key,
481 krb5_key_salt_tuple * ks_tuple,
482 int ks_tuple_count,
483 char * passwd,
484 int new_kvno,
485 krb5_boolean keepold,
486 krb5_db_entry * db_entry);
487
488 krb5_error_code
489 krb5_db_supports_iprop(krb5_context kcontext, int *iprop_supported);
490
491 krb5_error_code
492 krb5_def_promote_db(krb5_context, char *, char **);
493
494 typedef struct _osa_policy_ent_t {
495 int version;
496 char *name;
497 uint32_t pw_min_life;
498 uint32_t pw_max_life;
499 uint32_t pw_min_length;
500 uint32_t pw_min_classes;
501 uint32_t pw_history_num;
502 uint32_t policy_refcnt;
503 } osa_policy_ent_rec, *osa_policy_ent_t;
504
505 typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t);
506
507 krb5_error_code
508 krb5_db_create_policy( krb5_context kcontext,
509 osa_policy_ent_t policy);
510
511 krb5_error_code
512 krb5_db_get_policy ( krb5_context kcontext,
513 char *name,
514 osa_policy_ent_t *policy,
515 int *nentries);
516
517 krb5_error_code
518 krb5_db_put_policy( krb5_context kcontext,
519 osa_policy_ent_t policy);
520
521 krb5_error_code
522 krb5_db_iter_policy( krb5_context kcontext,
523 char *match_entry,
524 osa_adb_iter_policy_func func,
525 void *data);
526
527 krb5_error_code
528 krb5_db_delete_policy( krb5_context kcontext,
529 char *policy);
530
531 void
532 krb5_db_free_policy( krb5_context kcontext,
533 osa_policy_ent_t policy);
534
535 #define KRB5_KDB_DEF_FLAGS 0
536
537 #endif /* KRB5_KDB5__ */
unleashed repo fork