File indexing completed on 2024-05-18 08:30:05
0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
0020
0021
0022
0023
0024
0025
0026
0027
0028
0029
0030
0031
0032
0033
0034
0035
0036
0037
0038
0039
0040
0041
0042
0043
0044
0045
0046
0047
0048
0049
0050
0051
0052
0053
0054
0055
0056
0057
0058
0059
0060
0061
0062
0063
0064
0065 #ifndef KRB5_KDB5__
0066 #define KRB5_KDB5__
0067
0068 #include <krb5.h>
0069
0070
0071
0072 #define KRB5_KDB_API_VERSION 10
0073
0074
0075 #define KRB5_KDB_SALTTYPE_NORMAL 0
0076
0077 #define KRB5_KDB_SALTTYPE_NOREALM 2
0078 #define KRB5_KDB_SALTTYPE_ONLYREALM 3
0079 #define KRB5_KDB_SALTTYPE_SPECIAL 4
0080
0081 #define KRB5_KDB_SALTTYPE_CERTHASH 6
0082
0083
0084 #define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
0085 #define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
0086 #define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
0087 #define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
0088 #define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
0089 #define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
0090 #define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
0091 #define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
0092 #define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
0093 #define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
0094 #define KRB5_KDB_DISALLOW_SVR 0x00001000
0095 #define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
0096 #define KRB5_KDB_SUPPORT_DESMD5 0x00004000
0097 #define KRB5_KDB_NEW_PRINC 0x00008000
0098 #define KRB5_KDB_OK_AS_DELEGATE 0x00100000
0099 #define KRB5_KDB_OK_TO_AUTH_AS_DELEGATE 0x00200000
0100 #define KRB5_KDB_NO_AUTH_DATA_REQUIRED 0x00400000
0101 #define KRB5_KDB_LOCKDOWN_KEYS 0x00800000
0102
0103
0104 #define KRB5_KDB_CREATE_BTREE 0x00000001
0105 #define KRB5_KDB_CREATE_HASH 0x00000002
0106
0107
0108
0109 #define KRB5_KDB_FLAG_REFERRAL_OK 0x00000010
0110
0111 #define KRB5_KDB_FLAG_CLIENT 0x00000040
0112
0113 #define KRB5_KDB_FLAG_MAP_PRINCIPALS 0x00000080
0114
0115 #define KRB5_KDB_FLAG_PROTOCOL_TRANSITION 0x00000100
0116
0117 #define KRB5_KDB_FLAG_CONSTRAINED_DELEGATION 0x00000200
0118
0119 #define KRB5_KDB_FLAG_USER_TO_USER 0x00000800
0120
0121 #define KRB5_KDB_FLAG_CROSS_REALM 0x00001000
0122
0123 #define KRB5_KDB_FLAG_ISSUING_REFERRAL 0x00004000
0124
0125
0126 #define KRB5_KDB_FLAGS_S4U ( KRB5_KDB_FLAG_PROTOCOL_TRANSITION | \
0127 KRB5_KDB_FLAG_CONSTRAINED_DELEGATION )
0128
0129
0130 #define KRB5_DB_ITER_WRITE 0x00000001
0131 #define KRB5_DB_ITER_REV 0x00000002
0132 #define KRB5_DB_ITER_RECURSE 0x00000004
0133
0134
0135 #define KRB5_KDB_SK_SESSION_ENCTYPES "session_enctypes"
0136 #define KRB5_KDB_SK_REQUIRE_AUTH "require_auth"
0137
0138 #if !defined(_WIN32)
0139
0140
0141
0142
0143
0144
0145 typedef struct _krb5_tl_data {
0146 struct _krb5_tl_data* tl_data_next;
0147 krb5_int16 tl_data_type;
0148 krb5_ui_2 tl_data_length;
0149 krb5_octet * tl_data_contents;
0150 } krb5_tl_data;
0151
0152
0153
0154 typedef struct krb5_string_attr_st {
0155 char *key;
0156 char *value;
0157 } krb5_string_attr;
0158
0159
0160
0161
0162
0163
0164
0165 typedef struct _krb5_key_data {
0166 krb5_int16 key_data_ver;
0167 krb5_ui_2 key_data_kvno;
0168 krb5_int16 key_data_type[2];
0169 krb5_ui_2 key_data_length[2];
0170 krb5_octet * key_data_contents[2];
0171 } krb5_key_data;
0172
0173 #define KRB5_KDB_V1_KEY_DATA_ARRAY 2
0174
0175 typedef struct _krb5_keysalt {
0176 krb5_int16 type;
0177 krb5_data data;
0178 } krb5_keysalt;
0179
0180
0181
0182
0183
0184
0185
0186
0187
0188
0189 typedef struct _krb5_db_entry_new {
0190 krb5_magic magic;
0191 krb5_ui_2 len;
0192 krb5_ui_4 mask;
0193 krb5_flags attributes;
0194 krb5_deltat max_life;
0195 krb5_deltat max_renewable_life;
0196 krb5_timestamp expiration;
0197 krb5_timestamp pw_expiration;
0198 krb5_timestamp last_success;
0199 krb5_timestamp last_failed;
0200 krb5_kvno fail_auth_count;
0201 krb5_int16 n_tl_data;
0202 krb5_int16 n_key_data;
0203 krb5_ui_2 e_length;
0204 krb5_octet * e_data;
0205
0206 krb5_principal princ;
0207 krb5_tl_data * tl_data;
0208
0209
0210 krb5_key_data * key_data;
0211 } krb5_db_entry;
0212
0213 typedef struct _osa_policy_ent_t {
0214 int version;
0215 char *name;
0216 krb5_ui_4 pw_min_life;
0217 krb5_ui_4 pw_max_life;
0218 krb5_ui_4 pw_min_length;
0219 krb5_ui_4 pw_min_classes;
0220 krb5_ui_4 pw_history_num;
0221 krb5_ui_4 policy_refcnt;
0222
0223 krb5_ui_4 pw_max_fail;
0224 krb5_ui_4 pw_failcnt_interval;
0225 krb5_ui_4 pw_lockout_duration;
0226
0227 krb5_ui_4 attributes;
0228 krb5_ui_4 max_life;
0229 krb5_ui_4 max_renewable_life;
0230 char * allowed_keysalts;
0231 krb5_int16 n_tl_data;
0232 krb5_tl_data * tl_data;
0233 } osa_policy_ent_rec, *osa_policy_ent_t;
0234
0235 typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t);
0236
0237 typedef struct __krb5_key_salt_tuple {
0238 krb5_enctype ks_enctype;
0239 krb5_int32 ks_salttype;
0240 } krb5_key_salt_tuple;
0241
0242 #define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb
0243 #define KRB5_KDB_V1_BASE_LENGTH 38
0244
0245 #define KRB5_KDB_MAX_ALLOWED_KS_LEN 512
0246
0247 #define KRB5_TL_LAST_PWD_CHANGE 0x0001
0248 #define KRB5_TL_MOD_PRINC 0x0002
0249 #define KRB5_TL_KADM_DATA 0x0003
0250 #define KRB5_TL_KADM5_E_DATA 0x0004
0251 #define KRB5_TL_RB1_CHALLENGE 0x0005
0252 #ifdef SECURID
0253 #define KRB5_TL_SECURID_STATE 0x0006
0254 #endif
0255 #define KRB5_TL_USER_CERTIFICATE 0x0007
0256 #define KRB5_TL_MKVNO 0x0008
0257 #define KRB5_TL_ACTKVNO 0x0009
0258 #define KRB5_TL_MKEY_AUX 0x000a
0259
0260
0261
0262 #define KRB5_TL_STRING_ATTRS 0x000b
0263
0264 #define KRB5_TL_PAC_LOGON_INFO 0x0100
0265 #define KRB5_TL_SERVER_REFERRAL 0x0200
0266 #define KRB5_TL_SVR_REFERRAL_DATA 0x0300
0267 #define KRB5_TL_CONSTRAINED_DELEGATION_ACL 0x0400
0268 #define KRB5_TL_LM_KEY 0x0500
0269 #define KRB5_TL_X509_SUBJECT_ISSUER_NAME 0x0600
0270 #define KRB5_TL_LAST_ADMIN_UNLOCK 0x0700
0271
0272 #define KRB5_TL_DB_ARGS 0x7fff
0273
0274
0275 #define KRB5_TL_ACTKVNO_VER 1
0276
0277
0278 #define KRB5_TL_MKEY_AUX_VER 1
0279
0280 typedef struct _krb5_actkvno_node {
0281 struct _krb5_actkvno_node *next;
0282 krb5_kvno act_kvno;
0283 krb5_timestamp act_time;
0284 } krb5_actkvno_node;
0285
0286 typedef struct _krb5_mkey_aux_node {
0287 struct _krb5_mkey_aux_node *next;
0288 krb5_kvno mkey_kvno;
0289 krb5_key_data latest_mkey;
0290 } krb5_mkey_aux_node;
0291
0292 typedef struct _krb5_keylist_node {
0293 krb5_keyblock keyblock;
0294 krb5_kvno kvno;
0295 struct _krb5_keylist_node *next;
0296 } krb5_keylist_node;
0297
0298
0299
0300
0301
0302 #define KRB5_MAX_FAIL_COUNT 5
0303
0304
0305 #define KRB5_KDB_M_NAME "K/M"
0306
0307
0308 #define KRB5_KDC_MKEY_1 "Enter KDC database master key"
0309 #define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify"
0310
0311
0312 extern char *krb5_mkey_pwd_prompt1;
0313 extern char *krb5_mkey_pwd_prompt2;
0314
0315
0316
0317
0318
0319
0320 #ifdef _KRB5_INT_H
0321 #include "k5-platform.h"
0322 #define krb5_kdb_decode_int16(cp, i16) \
0323 *((krb5_int16 *) &(i16)) = load_16_le(cp)
0324 #define krb5_kdb_decode_int32(cp, i32) \
0325 *((krb5_int32 *) &(i32)) = load_32_le(cp)
0326 #define krb5_kdb_encode_int16(i16, cp) store_16_le(i16, cp)
0327 #define krb5_kdb_encode_int32(i32, cp) store_32_le(i32, cp)
0328 #endif
0329
0330 #define KRB5_KDB_OPEN_RW 0
0331 #define KRB5_KDB_OPEN_RO 1
0332
0333 #ifndef KRB5_KDB_SRV_TYPE_KDC
0334 #define KRB5_KDB_SRV_TYPE_KDC 0x0100
0335 #endif
0336
0337 #ifndef KRB5_KDB_SRV_TYPE_ADMIN
0338 #define KRB5_KDB_SRV_TYPE_ADMIN 0x0200
0339 #endif
0340
0341
0342
0343 #ifndef KRB5_KDB_SRV_TYPE_OTHER
0344 #define KRB5_KDB_SRV_TYPE_OTHER 0x0400
0345 #endif
0346
0347 #define KRB5_KDB_OPT_SET_DB_NAME 0
0348 #define KRB5_KDB_OPT_SET_LOCK_MODE 1
0349
0350 #define KRB5_DB_LOCKMODE_SHARED 0x0001
0351 #define KRB5_DB_LOCKMODE_EXCLUSIVE 0x0002
0352 #define KRB5_DB_LOCKMODE_PERMANENT 0x0008
0353
0354
0355 krb5_error_code krb5_db_setup_lib_handle(krb5_context kcontext);
0356 krb5_error_code krb5_db_open( krb5_context kcontext, char **db_args, int mode );
0357 krb5_error_code krb5_db_init ( krb5_context kcontext );
0358 krb5_error_code krb5_db_create ( krb5_context kcontext, char **db_args );
0359 krb5_error_code krb5_db_inited ( krb5_context kcontext );
0360 krb5_error_code kdb5_db_create ( krb5_context kcontext, char **db_args );
0361 krb5_error_code krb5_db_fini ( krb5_context kcontext );
0362 const char * krb5_db_errcode2string ( krb5_context kcontext, long err_code );
0363 krb5_error_code krb5_db_destroy ( krb5_context kcontext, char **db_args );
0364 krb5_error_code krb5_db_promote ( krb5_context kcontext, char **db_args );
0365 krb5_error_code krb5_db_get_age ( krb5_context kcontext, char *db_name, time_t *t );
0366 krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode );
0367 krb5_error_code krb5_db_unlock ( krb5_context kcontext );
0368 krb5_error_code krb5_db_get_principal ( krb5_context kcontext,
0369 krb5_const_principal search_for,
0370 unsigned int flags,
0371 krb5_db_entry **entry );
0372 void krb5_db_free_principal ( krb5_context kcontext, krb5_db_entry *entry );
0373 krb5_error_code krb5_db_put_principal ( krb5_context kcontext,
0374 krb5_db_entry *entry );
0375 krb5_error_code krb5_db_delete_principal ( krb5_context kcontext,
0376 krb5_principal search_for );
0377 krb5_error_code krb5_db_rename_principal ( krb5_context kcontext,
0378 krb5_principal source,
0379 krb5_principal target );
0380
0381
0382
0383
0384
0385
0386 krb5_error_code krb5_db_iterate ( krb5_context kcontext,
0387 char *match_entry,
0388 int (*func) (krb5_pointer, krb5_db_entry *),
0389 krb5_pointer func_arg, krb5_flags iterflags );
0390
0391
0392 krb5_error_code krb5_db_store_master_key ( krb5_context kcontext,
0393 char *keyfile,
0394 krb5_principal mname,
0395 krb5_kvno kvno,
0396 krb5_keyblock *key,
0397 char *master_pwd);
0398 krb5_error_code krb5_db_store_master_key_list ( krb5_context kcontext,
0399 char *keyfile,
0400 krb5_principal mname,
0401 char *master_pwd);
0402 krb5_error_code krb5_db_fetch_mkey ( krb5_context context,
0403 krb5_principal mname,
0404 krb5_enctype etype,
0405 krb5_boolean fromkeyboard,
0406 krb5_boolean twice,
0407 char *db_args,
0408 krb5_kvno *kvno,
0409 krb5_data *salt,
0410 krb5_keyblock *key);
0411 krb5_error_code
0412 krb5_db_fetch_mkey_list( krb5_context context,
0413 krb5_principal mname,
0414 const krb5_keyblock * mkey );
0415
0416 krb5_error_code
0417 krb5_dbe_find_enctype( krb5_context kcontext,
0418 krb5_db_entry *dbentp,
0419 krb5_int32 ktype,
0420 krb5_int32 stype,
0421 krb5_int32 kvno,
0422 krb5_key_data **kdatap);
0423
0424
0425 krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext,
0426 krb5_db_entry *dbentp,
0427 krb5_int32 *start,
0428 krb5_int32 ktype,
0429 krb5_int32 stype,
0430 krb5_int32 kvno,
0431 krb5_key_data **kdatap);
0432
0433 krb5_error_code
0434 krb5_db_setup_mkey_name ( krb5_context context,
0435 const char *keyname,
0436 const char *realm,
0437 char **fullname,
0438 krb5_principal *principal);
0439
0440
0441
0442
0443
0444 krb5_error_code
0445 krb5_dbe_decrypt_key_data( krb5_context context,
0446 const krb5_keyblock * mkey,
0447 const krb5_key_data * key_data,
0448 krb5_keyblock * dbkey,
0449 krb5_keysalt * keysalt);
0450
0451 krb5_error_code
0452 krb5_dbe_encrypt_key_data( krb5_context context,
0453 const krb5_keyblock * mkey,
0454 const krb5_keyblock * dbkey,
0455 const krb5_keysalt * keysalt,
0456 int keyver,
0457 krb5_key_data * key_data);
0458
0459 krb5_error_code
0460 krb5_dbe_fetch_act_key_list(krb5_context context,
0461 krb5_principal princ,
0462 krb5_actkvno_node **act_key_list);
0463
0464 krb5_error_code
0465 krb5_dbe_find_act_mkey( krb5_context context,
0466 krb5_actkvno_node * act_mkey_list,
0467 krb5_kvno * act_kvno,
0468 krb5_keyblock ** act_mkey);
0469
0470 krb5_error_code
0471 krb5_dbe_find_mkey( krb5_context context,
0472 krb5_db_entry * entry,
0473 krb5_keyblock ** mkey);
0474
0475
0476 krb5_error_code
0477 krb5_dbe_lookup_mkvno( krb5_context context,
0478 krb5_db_entry * entry,
0479 krb5_kvno * mkvno);
0480
0481 krb5_keylist_node *
0482 krb5_db_mkey_list_alias( krb5_context kcontext );
0483
0484
0485 krb5_error_code
0486 krb5_dbe_get_mkvno( krb5_context context,
0487 krb5_db_entry * entry,
0488 krb5_kvno * mkvno);
0489
0490 krb5_error_code
0491 krb5_dbe_lookup_mod_princ_data( krb5_context context,
0492 krb5_db_entry * entry,
0493 krb5_timestamp * mod_time,
0494 krb5_principal * mod_princ);
0495
0496 krb5_error_code
0497 krb5_dbe_lookup_mkey_aux( krb5_context context,
0498 krb5_db_entry * entry,
0499 krb5_mkey_aux_node ** mkey_aux_data_list);
0500 krb5_error_code
0501 krb5_dbe_update_mkvno( krb5_context context,
0502 krb5_db_entry * entry,
0503 krb5_kvno mkvno);
0504
0505 krb5_error_code
0506 krb5_dbe_lookup_actkvno( krb5_context context,
0507 krb5_db_entry * entry,
0508 krb5_actkvno_node ** actkvno_list);
0509
0510 krb5_error_code
0511 krb5_dbe_update_mkey_aux( krb5_context context,
0512 krb5_db_entry * entry,
0513 krb5_mkey_aux_node * mkey_aux_data_list);
0514
0515 krb5_error_code
0516 krb5_dbe_update_actkvno(krb5_context context,
0517 krb5_db_entry * entry,
0518 const krb5_actkvno_node *actkvno_list);
0519
0520 krb5_error_code
0521 krb5_dbe_update_last_pwd_change( krb5_context context,
0522 krb5_db_entry * entry,
0523 krb5_timestamp stamp);
0524
0525 krb5_error_code
0526 krb5_dbe_update_last_admin_unlock( krb5_context context,
0527 krb5_db_entry * entry,
0528 krb5_timestamp stamp);
0529
0530 krb5_error_code
0531 krb5_dbe_lookup_tl_data( krb5_context context,
0532 krb5_db_entry * entry,
0533 krb5_tl_data * ret_tl_data);
0534
0535 krb5_error_code
0536 krb5_dbe_create_key_data( krb5_context context,
0537 krb5_db_entry * entry);
0538
0539
0540 krb5_error_code
0541 krb5_dbe_update_mod_princ_data( krb5_context context,
0542 krb5_db_entry * entry,
0543 krb5_timestamp mod_date,
0544 krb5_const_principal mod_princ);
0545
0546
0547
0548
0549
0550
0551
0552
0553
0554
0555 void *krb5_db_alloc( krb5_context kcontext,
0556 void *ptr,
0557 size_t size );
0558 void krb5_db_free( krb5_context kcontext,
0559 void *ptr);
0560
0561
0562 krb5_error_code
0563 krb5_dbe_lookup_last_pwd_change( krb5_context context,
0564 krb5_db_entry * entry,
0565 krb5_timestamp * stamp);
0566
0567 krb5_error_code
0568 krb5_dbe_lookup_last_admin_unlock( krb5_context context,
0569 krb5_db_entry * entry,
0570 krb5_timestamp * stamp);
0571
0572
0573
0574 krb5_error_code
0575 krb5_dbe_get_strings(krb5_context context, krb5_db_entry *entry,
0576 krb5_string_attr **strings_out, int *count_out);
0577
0578
0579
0580 krb5_error_code
0581 krb5_dbe_get_string(krb5_context context, krb5_db_entry *entry,
0582 const char *key, char **value_out);
0583
0584
0585 krb5_error_code
0586 krb5_dbe_set_string(krb5_context context, krb5_db_entry *entry,
0587 const char *key, const char *value);
0588
0589 krb5_error_code
0590 krb5_dbe_delete_tl_data( krb5_context context,
0591 krb5_db_entry * entry,
0592 krb5_int16 tl_data_type);
0593
0594 krb5_error_code
0595 krb5_db_update_tl_data(krb5_context context,
0596 krb5_int16 * n_tl_datap,
0597 krb5_tl_data **tl_datap,
0598 krb5_tl_data * new_tl_data);
0599
0600 krb5_error_code
0601 krb5_dbe_update_tl_data( krb5_context context,
0602 krb5_db_entry * entry,
0603 krb5_tl_data * new_tl_data);
0604
0605
0606 krb5_error_code
0607 krb5_dbe_compute_salt(krb5_context context, const krb5_key_data *key,
0608 krb5_const_principal princ, krb5_int16 *salttype_out,
0609 krb5_data **salt_out);
0610
0611
0612
0613
0614
0615 krb5_error_code
0616 krb5_dbe_specialize_salt(krb5_context context, krb5_db_entry *entry);
0617
0618 krb5_error_code
0619 krb5_dbe_cpw( krb5_context kcontext,
0620 krb5_keyblock * master_key,
0621 krb5_key_salt_tuple * ks_tuple,
0622 int ks_tuple_count,
0623 char * passwd,
0624 int new_kvno,
0625 krb5_boolean keepold,
0626 krb5_db_entry * db_entry);
0627
0628
0629 krb5_error_code
0630 krb5_dbe_ark( krb5_context context,
0631 krb5_keyblock * master_key,
0632 krb5_key_salt_tuple * ks_tuple,
0633 int ks_tuple_count,
0634 krb5_db_entry * db_entry);
0635
0636 krb5_error_code
0637 krb5_dbe_crk( krb5_context context,
0638 krb5_keyblock * master_key,
0639 krb5_key_salt_tuple * ks_tuple,
0640 int ks_tuple_count,
0641 krb5_boolean keepold,
0642 krb5_db_entry * db_entry);
0643
0644 krb5_error_code
0645 krb5_dbe_apw( krb5_context context,
0646 krb5_keyblock * master_key,
0647 krb5_key_salt_tuple * ks_tuple,
0648 int ks_tuple_count,
0649 char * passwd,
0650 krb5_db_entry * db_entry);
0651
0652 int
0653 krb5_db_get_key_data_kvno( krb5_context context,
0654 int count,
0655 krb5_key_data * data);
0656
0657 krb5_error_code krb5_db_check_transited_realms(krb5_context kcontext,
0658 const krb5_data *tr_contents,
0659 const krb5_data *client_realm,
0660 const krb5_data *server_realm);
0661
0662 krb5_error_code krb5_db_check_policy_as(krb5_context kcontext,
0663 krb5_kdc_req *request,
0664 krb5_db_entry *client,
0665 krb5_db_entry *server,
0666 krb5_timestamp kdc_time,
0667 const char **status,
0668 krb5_pa_data ***e_data);
0669
0670 krb5_error_code krb5_db_check_policy_tgs(krb5_context kcontext,
0671 krb5_kdc_req *request,
0672 krb5_db_entry *server,
0673 krb5_ticket *ticket,
0674 const char **status,
0675 krb5_pa_data ***e_data);
0676
0677 void krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
0678 const krb5_address *local_addr,
0679 const krb5_address *remote_addr,
0680 krb5_db_entry *client, krb5_db_entry *server,
0681 krb5_timestamp authtime, krb5_error_code error_code);
0682
0683 void krb5_db_refresh_config(krb5_context kcontext);
0684
0685 krb5_error_code krb5_db_check_allowed_to_delegate(krb5_context kcontext,
0686 krb5_const_principal client,
0687 const krb5_db_entry *server,
0688 krb5_const_principal proxy);
0689
0690 krb5_error_code krb5_db_get_s4u_x509_principal(krb5_context kcontext,
0691 const krb5_data *client_cert,
0692 krb5_const_principal in_princ,
0693 unsigned int flags,
0694 krb5_db_entry **entry);
0695
0696 krb5_error_code krb5_db_allowed_to_delegate_from(krb5_context context,
0697 krb5_const_principal client,
0698 krb5_const_principal server,
0699 krb5_pac server_pac,
0700 const krb5_db_entry *proxy);
0701
0702
0703
0704
0705
0706
0707
0708
0709
0710
0711
0712 void
0713 krb5_dbe_sort_key_data(krb5_key_data *key_data, size_t key_data_length);
0714
0715 krb5_error_code
0716 krb5_db_issue_pac(krb5_context context, unsigned int flags,
0717 krb5_db_entry *client, krb5_keyblock *replaced_reply_key,
0718 krb5_db_entry *server, krb5_db_entry *krbtgt,
0719 krb5_timestamp authtime, krb5_pac old_pac, krb5_pac new_pac,
0720 krb5_data ***auth_indicators);
0721
0722
0723
0724
0725
0726
0727 krb5_error_code
0728 krb5_dbe_def_search_enctype( krb5_context kcontext,
0729 krb5_db_entry *dbentp,
0730 krb5_int32 *start,
0731 krb5_int32 ktype,
0732 krb5_int32 stype,
0733 krb5_int32 kvno,
0734 krb5_key_data **kdatap);
0735
0736 krb5_error_code
0737 krb5_def_store_mkey_list( krb5_context context,
0738 char *keyfile,
0739 krb5_principal mname,
0740 krb5_keylist_node *keylist,
0741 char *master_pwd);
0742
0743 krb5_error_code
0744 krb5_db_def_fetch_mkey( krb5_context context,
0745 krb5_principal mname,
0746 krb5_keyblock *key,
0747 krb5_kvno *kvno,
0748 char *db_args);
0749
0750 krb5_error_code
0751 krb5_def_fetch_mkey_list( krb5_context context,
0752 krb5_principal mprinc,
0753 const krb5_keyblock *mkey,
0754 krb5_keylist_node **mkeys_list);
0755
0756 krb5_error_code
0757 krb5_dbe_def_cpw( krb5_context context,
0758 krb5_keyblock * master_key,
0759 krb5_key_salt_tuple * ks_tuple,
0760 int ks_tuple_count,
0761 char * passwd,
0762 int new_kvno,
0763 krb5_boolean keepold,
0764 krb5_db_entry * db_entry);
0765
0766 krb5_error_code
0767 krb5_dbe_def_decrypt_key_data( krb5_context context,
0768 const krb5_keyblock * mkey,
0769 const krb5_key_data * key_data,
0770 krb5_keyblock * dbkey,
0771 krb5_keysalt * keysalt);
0772
0773 krb5_error_code
0774 krb5_dbe_def_encrypt_key_data( krb5_context context,
0775 const krb5_keyblock * mkey,
0776 const krb5_keyblock * dbkey,
0777 const krb5_keysalt * keysalt,
0778 int keyver,
0779 krb5_key_data * key_data);
0780
0781 krb5_error_code
0782 krb5_db_def_rename_principal( krb5_context kcontext,
0783 krb5_const_principal source,
0784 krb5_const_principal target);
0785
0786 krb5_error_code
0787 krb5_db_create_policy( krb5_context kcontext,
0788 osa_policy_ent_t policy);
0789
0790 krb5_error_code
0791 krb5_db_get_policy ( krb5_context kcontext,
0792 char *name,
0793 osa_policy_ent_t *policy );
0794
0795 krb5_error_code
0796 krb5_db_put_policy( krb5_context kcontext,
0797 osa_policy_ent_t policy);
0798
0799 krb5_error_code
0800 krb5_db_iter_policy( krb5_context kcontext,
0801 char *match_entry,
0802 osa_adb_iter_policy_func func,
0803 void *data);
0804
0805 krb5_error_code
0806 krb5_db_delete_policy( krb5_context kcontext,
0807 char *policy);
0808
0809 void
0810 krb5_db_free_policy( krb5_context kcontext,
0811 osa_policy_ent_t policy);
0812
0813
0814 krb5_error_code
0815 krb5_db_set_context(krb5_context, void *db_context);
0816
0817 krb5_error_code
0818 krb5_db_get_context(krb5_context, void **db_context);
0819
0820 void
0821 krb5_dbe_free_key_data_contents(krb5_context, krb5_key_data *);
0822
0823 void
0824 krb5_dbe_free_key_list(krb5_context, krb5_keylist_node *);
0825
0826 void
0827 krb5_dbe_free_actkvno_list(krb5_context, krb5_actkvno_node *);
0828
0829 void
0830 krb5_dbe_free_mkey_aux_list(krb5_context, krb5_mkey_aux_node *);
0831
0832 void
0833 krb5_dbe_free_tl_data(krb5_context, krb5_tl_data *);
0834
0835 void
0836 krb5_dbe_free_strings(krb5_context, krb5_string_attr *, int count);
0837
0838 void
0839 krb5_dbe_free_string(krb5_context, char *);
0840
0841
0842
0843
0844
0845
0846 krb5_error_code krb5_db_register_keytab(krb5_context context);
0847
0848 #define KRB5_KDB_DEF_FLAGS 0
0849
0850 #define KDB_MAX_DB_NAME 128
0851 #define KDB_REALM_SECTION "realms"
0852 #define KDB_MODULE_POINTER "database_module"
0853 #define KDB_MODULE_DEF_SECTION "dbdefaults"
0854 #define KDB_MODULE_SECTION "dbmodules"
0855 #define KDB_LIB_POINTER "db_library"
0856 #define KDB_DATABASE_CONF_FILE DEFAULT_SECURE_PROFILE_PATH
0857 #define KDB_DATABASE_ENV_PROF KDC_PROFILE_ENV
0858
0859 #define KRB5_KDB_OPEN_RW 0
0860 #define KRB5_KDB_OPEN_RO 1
0861
0862 #define KRB5_KDB_OPT_SET_DB_NAME 0
0863 #define KRB5_KDB_OPT_SET_LOCK_MODE 1
0864
0865
0866
0867
0868
0869 #define KRB5_KDB_DAL_MAJOR_VERSION 9
0870
0871
0872
0873
0874
0875
0876
0877
0878
0879
0880
0881
0882
0883
0884
0885
0886
0887
0888
0889
0890
0891
0892
0893
0894
0895
0896
0897
0898
0899
0900
0901
0902
0903
0904
0905
0906
0907
0908
0909
0910
0911
0912
0913
0914
0915
0916
0917
0918
0919
0920
0921
0922
0923 typedef struct _kdb_vftabl {
0924 short int maj_ver;
0925 short int min_ver;
0926
0927
0928
0929
0930
0931 krb5_error_code (*init_library)(void);
0932
0933
0934
0935
0936
0937 krb5_error_code (*fini_library)(void);
0938
0939
0940
0941
0942
0943
0944
0945
0946 krb5_error_code (*init_module)(krb5_context kcontext, char *conf_section,
0947 char **db_args, int mode);
0948
0949
0950
0951
0952
0953 krb5_error_code (*fini_module)(krb5_context kcontext);
0954
0955
0956
0957
0958
0959
0960
0961
0962
0963
0964
0965
0966
0967
0968 krb5_error_code (*create)(krb5_context kcontext, char *conf_section,
0969 char **db_args);
0970
0971
0972
0973
0974
0975
0976
0977 krb5_error_code (*destroy)(krb5_context kcontext, char *conf_section,
0978 char **db_args);
0979
0980
0981
0982
0983
0984 krb5_error_code (*get_age)(krb5_context kcontext, char *db_name,
0985 time_t *age);
0986
0987
0988
0989
0990
0991
0992
0993
0994
0995
0996
0997
0998
0999
1000 krb5_error_code (*lock)(krb5_context kcontext, int mode);
1001
1002
1003 krb5_error_code (*unlock)(krb5_context kcontext);
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056 krb5_error_code (*get_principal)(krb5_context kcontext,
1057 krb5_const_principal search_for,
1058 unsigned int flags,
1059 krb5_db_entry **entry);
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072 krb5_error_code (*put_principal)(krb5_context kcontext,
1073 krb5_db_entry *entry, char **db_args);
1074
1075
1076
1077
1078
1079 krb5_error_code (*delete_principal)(krb5_context kcontext,
1080 krb5_const_principal search_for);
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091 krb5_error_code (*rename_principal)(krb5_context kcontext,
1092 krb5_const_principal source,
1093 krb5_const_principal target);
1094
1095
1096
1097
1098
1099
1100
1101 krb5_error_code (*iterate)(krb5_context kcontext,
1102 char *match_entry,
1103 int (*func)(krb5_pointer, krb5_db_entry *),
1104 krb5_pointer func_arg, krb5_flags iterflags);
1105
1106
1107
1108
1109
1110 krb5_error_code (*create_policy)(krb5_context kcontext,
1111 osa_policy_ent_t policy);
1112
1113
1114
1115
1116
1117 krb5_error_code (*get_policy)(krb5_context kcontext, char *name,
1118 osa_policy_ent_t *policy);
1119
1120
1121
1122
1123
1124 krb5_error_code (*put_policy)(krb5_context kcontext,
1125 osa_policy_ent_t policy);
1126
1127
1128
1129
1130
1131
1132
1133 krb5_error_code (*iter_policy)(krb5_context kcontext, char *match_entry,
1134 osa_adb_iter_policy_func func,
1135 void *data);
1136
1137
1138
1139
1140
1141 krb5_error_code (*delete_policy)(krb5_context kcontext, char *policy);
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151 krb5_error_code (*fetch_master_key)(krb5_context kcontext,
1152 krb5_principal mname,
1153 krb5_keyblock *key, krb5_kvno *kvno,
1154 char *db_args);
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170 krb5_error_code (*fetch_master_key_list)(krb5_context kcontext,
1171 krb5_principal mname,
1172 const krb5_keyblock *key,
1173 krb5_keylist_node **mkeys_list);
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184 krb5_error_code (*store_master_key_list)(krb5_context kcontext,
1185 char *db_arg,
1186 krb5_principal mname,
1187 krb5_keylist_node *keylist,
1188 char *master_pwd);
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199 krb5_error_code (*dbe_search_enctype)(krb5_context kcontext,
1200 krb5_db_entry *dbentp,
1201 krb5_int32 *start, krb5_int32 ktype,
1202 krb5_int32 stype, krb5_int32 kvno,
1203 krb5_key_data **kdatap);
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215 krb5_error_code (*change_pwd)(krb5_context context,
1216 krb5_keyblock *master_key,
1217 krb5_key_salt_tuple *ks_tuple,
1218 int ks_tuple_count, char *passwd,
1219 int new_kvno, krb5_boolean keepold,
1220 krb5_db_entry *db_entry);
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231 krb5_error_code (*promote_db)(krb5_context context, char *conf_section,
1232 char **db_args);
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246 krb5_error_code (*decrypt_key_data)(krb5_context kcontext,
1247 const krb5_keyblock *mkey,
1248 const krb5_key_data *key_data,
1249 krb5_keyblock *dbkey,
1250 krb5_keysalt *keysalt);
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262 krb5_error_code (*encrypt_key_data)(krb5_context kcontext,
1263 const krb5_keyblock *mkey,
1264 const krb5_keyblock *dbkey,
1265 const krb5_keysalt *keysalt,
1266 int keyver, krb5_key_data *key_data);
1267
1268
1269
1270
1271
1272
1273
1274 krb5_error_code (*check_transited_realms)(krb5_context kcontext,
1275 const krb5_data *tr_contents,
1276 const krb5_data *client_realm,
1277 const krb5_data *server_realm);
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288 krb5_error_code (*check_policy_as)(krb5_context kcontext,
1289 krb5_kdc_req *request,
1290 krb5_db_entry *client,
1291 krb5_db_entry *server,
1292 krb5_timestamp kdc_time,
1293 const char **status,
1294 krb5_pa_data ***e_data);
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306 krb5_error_code (*check_policy_tgs)(krb5_context kcontext,
1307 krb5_kdc_req *request,
1308 krb5_db_entry *server,
1309 krb5_ticket *ticket,
1310 const char **status,
1311 krb5_pa_data ***e_data);
1312
1313
1314
1315
1316
1317 void (*audit_as_req)(krb5_context kcontext, krb5_kdc_req *request,
1318 const krb5_address *local_addr,
1319 const krb5_address *remote_addr,
1320 krb5_db_entry *client, krb5_db_entry *server,
1321 krb5_timestamp authtime, krb5_error_code error_code);
1322
1323
1324
1325
1326
1327
1328
1329 void (*refresh_config)(krb5_context kcontext);
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344 krb5_error_code (*check_allowed_to_delegate)(krb5_context context,
1345 krb5_const_principal client,
1346 const krb5_db_entry *server,
1347 krb5_const_principal proxy);
1348
1349
1350
1351
1352
1353
1354 void (*free_principal_e_data)(krb5_context kcontext, krb5_octet *e_data);
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369 krb5_error_code (*get_s4u_x509_principal)(krb5_context kcontext,
1370 const krb5_data *client_cert,
1371 krb5_const_principal princ,
1372 unsigned int flags,
1373 krb5_db_entry **entry_out);
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391 krb5_error_code (*allowed_to_delegate_from)(krb5_context context,
1392 krb5_const_principal client,
1393 krb5_const_principal server,
1394 krb5_pac server_pac,
1395 const krb5_db_entry *proxy);
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441 krb5_error_code (*issue_pac)(krb5_context context, unsigned int flags,
1442 krb5_db_entry *client,
1443 krb5_keyblock *replaced_reply_key,
1444 krb5_db_entry *server,
1445 krb5_db_entry *signing_krbtgt,
1446 krb5_timestamp authtime, krb5_pac old_pac,
1447 krb5_pac new_pac,
1448 krb5_data ***auth_indicators);
1449
1450
1451 } kdb_vftabl;
1452
1453 #endif
1454
1455 #endif