diff options
| -rw-r--r-- | doc/kadm5/adb-unit-test.tex | 134 | ||||
| -rw-r--r-- | doc/kadm5/api-funcspec.tex | 1920 | ||||
| -rw-r--r-- | doc/kadm5/api-server-design.tex | 685 | ||||
| -rw-r--r-- | doc/kadm5/api-unit-test.tex | 2376 | ||||
| -rw-r--r-- | src/appl/popper/Imakefile | 93 | ||||
| -rw-r--r-- | src/include/krb5.h | 2271 | ||||
| -rw-r--r-- | src/include/krb5/k5-config.h | 311 |
7 files changed, 0 insertions, 7790 deletions
diff --git a/doc/kadm5/adb-unit-test.tex b/doc/kadm5/adb-unit-test.tex deleted file mode 100644 index 7016e00..0000000 --- a/doc/kadm5/adb-unit-test.tex +++ /dev/null @@ -1,134 +0,0 @@ -\documentstyle[times,fullpage,rcsid]{article} - -\rcs$Header$ - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% Make _ actually generate an _, and allow line-breaking after it. -\let\underscore=\_ -\catcode`_=13 -\def_{\underscore\penalty75\relax} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -\newcommand{\test}[1]{\begin{description} -\setlength{\itemsep}{0pt} -#1 -\end{description} - -} - -\newcommand{\numtest}[2]{\begin{description} -\setlength{\itemsep}{0pt} -\Number{#1} -#2 -\end{description} - -} - -\newcommand{\Number}[1]{\item[Number:] #1} -\newcommand{\Reason}[1]{\item[Reason:] #1} -%\newcommand{\Call}[1]{\item[Call:] #1} -\newcommand{\Expected}[1]{\item[Expected:] #1} -\newcommand{\Conditions}[1]{\item[Conditions:] #1} -\newcommand{\Priority}[1]{\item[Priority:] #1} -\newcommand{\Status}[1]{\item[Status:] #1} -%\newcommand{\Number}[1]{} -%\newcommand{\Reason}[1]{} -\newcommand{\Call}[1]{} -%\newcommand{\Expected}[1]{} -%\newcommand{\Conditions}[1]{} -%\newcommand{\Priority}[1]{} - -\title{OpenV*Secure Admin Database API\\ -Unit Test Description\footnote{\rcsHeader}} -\author{Jonathan I. Kamens} - -\begin{document} - -\maketitle - -%\tableofcontents - -\section{Introduction} - -The following is a description of a black-box unit test of the -OpenV*Secure Admin Database API (osa_adb). Each API function is -listed, followed by the tests that shoud be performed on it. - -The tests described here are based on the ``OV*Secure Admin Server -Implementation Design'' revision 1.14. - -\section{osa_adb_get_lock and osa_adb_release_lock} - -\numtest{1}{ -\Reason{A shared lock can be acquired.} -\Status{Implemented} -} - -\numtest{2}{ -\Reason{An exclusive lock can be acquired and released.} -\Status{Implemented} -} - -\numtest{3}{ -\Reason{A permanent lock can be acquired and released.} -\Status{Implemented} -} - -\numtest{4}{ -\Reason{Attempting to release a lock when none is held fails with -NOTLOCKED.} -\Status{Implemented} -} - -\numtest{5}{ -\Reason{Two processes can both acquire a shared lock.} -\Status{Implemented} -} - -\numtest{6}{ -\Reason{An attempt to acquire a shared lock while another process holds an -exclusive lock fails with CANTLOCK_DB.} -\Status{Implemented} -} - -\numtest{7}{ -\Reason{An attempt to acquire an exclusive lock while another process holds a -shared lock fails with CANTLOCK_DB.} -\Status{Implemented} -} - -\numtest{8}{ -\Reason{An attempt to open the database while a process holds a -permanent lock fails with NO_LOCKFILE.} -\Status{Implemented} -} - -\numtest{9}{ -\Reason{An attempt to acquire an exclusive lock while a process holds a -permanent lock fails with NO_LOCKFILE.} -\Status{Implemented} -} - -\numtest{10}{ -\Reason{Acquiring a permanent lock deletes the lockfile.} -\Status{Implemented} -} - -\numtest{11}{ -\Reason{Releasing a permanent lock re-creates the lockfile.} -\Status{Implemented} -} - -\numtest{12}{ -\Reason{A process can perform a get operation while another process holds a -shared lock.} -\Status{Implemented} -} - -\numtest{13}{ -\Reason{A process that is running and has opened the adb principal database -can retrieve a principal created after the open occurred.} -\Status{Implemented, but not working} -} - -\end{document} diff --git a/doc/kadm5/api-funcspec.tex b/doc/kadm5/api-funcspec.tex deleted file mode 100644 index 0910c39..0000000 --- a/doc/kadm5/api-funcspec.tex +++ /dev/null @@ -1,1920 +0,0 @@ -\documentstyle[12pt,fullpage,changebar,rcsid]{article} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% Make _ actually generate an _, and allow line-breaking after it. -\let\underscore=\_ -\catcode`_=13 -\def_{\underscore\penalty75\relax} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -\rcs$Id$ - -\setlength{\parskip}{.7\baselineskip} -\setlength{\parindent}{0pt} - -\def\v#1{\verb+#1+} - -\title{Kerberos Administration System \\ - KADM5 API Functional Specifications\thanks{\rcsId}} -\author{Barry Jaspan} - -\begin{document} - -\sloppy -\maketitle - -{\setlength{\parskip}{0pt}\tableofcontents} - -\section{Introduction} - -This document describes the Admin API that can be used to maintain -principals and policies. It describes the data structures used for -each function and the interpretation of each data type field, the -semantics of each API function, and the possible return codes. - -The Admin API is intended to be used by remote clients using an RPC -interface. It is implemented by the admin server running on the -Kerberos master server. It is also possible for a program running on -the Kerberos master server to use the Admin API directly, without -going through the admin server. - -\section{Versions of the API} - -The versions of this API and a brief description of the changes for -each are: - -\begin{description} -\item[KADM5_API_VERSION_1] Also called OVSEC_KADM_API_VERSION_1. The -initial version of this API, written by OpenVision Technologies and -donated to MIT for including in the public release. - -\item[KADM5_API_VERSION_2] This version contains the initial changes -necessary to make the OpenVision administration system work with the -mid-1996 MIT version of Kerberos 5. Changes include -\begin{enumerate} -\item Renaming of the API from OVSEC_KADM to KADM5. Most everything -has been renamed in one way or another, including functions, header -files, and data structures. Where possible, the old OVSEC_KADM names -have been left behind for compatibility with version 1. The -OVSEC_KADM name compatibility has not been extended to new -functionality in this version and will not be extended to future -versions. - -\item The kadm5_init functions now take a structure of parameters -instead of just a realm name, allowing the calling program to specify -non-default values for various configuration options. See section -\ref{sec:configparams} for details. - -\item The KADM5 API has been extended to support new features of the -Kerberos database, including multiple encryption and salt types per -principal. See section \ref{sec:keys} for details. - -\item kadm5_get_principal now allows a principal's keys to be -retrieved {\it by local clients only}. This is necessary in order for -the kadm5 API to provide the primary Kerberos database interface. - -\item The KADM5 authorization system has been completely changed. - -\item The functions kadm5_flush, kadm5_get_principals, and -kadm5_get_policies have been added. - -\item The KADM5 API now obeys a caller-allocates rather than -callee-allocates system. kadm5_get_principal and kadm5_get_policy are -affected. -\end{enumerate} -\end{description} - -\section{Policies and Password Quality} - -The Admin API Password Quality mechanism provides the following -controls. Note that two strings are defined to be ``significantly -different'' if they differ by at least one character. The compare is not -case sensitive. - -\begin{itemize} -\item A minimum length can be required; a password with -fewer than the specified number of characters will not be accepted. - -\item A minimum number of character classes can be required; a -password that does not contain at least one character from at least -the specified number of character classes will not be accepted. The -character classes are defined by islower(), isupper(), isdigit(), -ispunct(), and other. - -\item Passwords can be required to be different from -previous passwords; a password that generates the same encryption key -as any of the principal's specified previous number of passwords will -not be accepted. This comparison is performed on the encryption keys -generated from the passwords, not on the passwords themselves. - -\item A single ``forbidden password'' dictionary can be specified for all -users; a password that is not significantly different from every word -in the dictionary will not be accepted. -\end{itemize} - -\section{Data Structures} - -This section describes the data structures used by the Admin API. -They are defined in $<$kadm5/admin.h$>$. - -\subsection{Principals, kadm5_principal_ent_t} -\label{sec:principal-structure} - -A Kerberos principal entry is represented by a kadm5_principal_ent_t. -It contains a subset of the information stored in the master Kerberos -database as well as the additional information maintained by the admin -system. In the current version, the only additional information is -the principal's policy and the aux_attributes flags. - -The principal may or may not have a policy enforced on it. If the -POLICY bit (see section \ref{sec:masks}) is set in aux_attributes, the -policy field names the principal's policy. If the POLICY bit is not -set in aux_attributes, no policy is enforced on the principal and the -value of the policy field is undefined. - -\begin{figure}[htbp] -\begin{verbatim} -typedef struct _kadm5_principal_ent_t { - krb5_principal principal; - - krb5_timestamp princ_expire_time; - krb5_timestamp last_pwd_change; - krb5_timestamp pw_expiration; - krb5_deltat max_life; - krb5_principal mod_name; - krb5_timestamp mod_date; - krb5_flags attributes; - krb5_kvno kvno; - krb5_kvno mkvno; - - char * policy; - u_int32 aux_attributes; - - krb5_deltat max_renewable_life; - krb5_timestamp last_success; - krb5_timestamp last_failed; - krb5_kvno fail_auth_count; - krb5_int16 n_key_data; - krb5_int16 n_tl_data; - krb5_tl_data *tl_data; - krb5_key_data *key_data; -} kadm5_principal_ent_rec, *kadm5_principal_ent_t; -\end{verbatim} -\caption{Definition of kadm5_principal_ent_t.} -\label{fig:princ-t} -\end{figure} - -The fields of an kadm5_principal_ent_t are interpreted as -follows. - -\begin{description} -\item[principal] The name of the principal; must conform to Kerberos -naming specifications. - -\item[princ_expire_time] The expire time of the principal as a Kerberos -timestamp. No Kerberos tickets will be issued for a principal after -its expire time. - -\item[last_pwd_change] The time this principal's password was last -changed, as a Kerberos timestamp. - -\item[pw_expiration] The expire time of the user's current password, as a -Kerberos timestamp. No application service tickets will be issued for the -principal once the password expire time has passed. Note that the user can -only obtain tickets for services that have the PW_CHANGE_SERVICE bit set in -the attributes field. - -\item[max_life] The maximum lifetime of any Kerberos ticket issued to -this principal. - -\item[attributes] A bitfield of attributes for use by the KDC. -Note that only some are explicitly supported by the admin system. - -\begin{tabular}{clr} -{\bf Supported} & {\bf Name} & {\bf Value} \\ - & KRB5_KDB_DISALLOW_POSTDATED & 0x00000001 \\ - & KRB5_KDB_DISALLOW_FORWARDABLE & 0x00000002 \\ -X & KRB5_KDB_DISALLOW_TGT_BASED & 0x00000004 \\ - & KRB5_KDB_DISALLOW_RENEWABLE & 0x00000008 \\ - & KRB5_KDB_DISALLOW_PROXIABLE & 0x00000010 \\ - & KRB5_KDB_DISALLOW_DUP_SKEY & 0x00000020 \\ -X & KRB5_KDB_DISALLOW_ALL_TIX & 0x00000040 \\ - & KRB5_KDB_REQUIRES_PRE_AUTH & 0x00000080 \\ - & KRB5_KDB_REQUIRES_HW_AUTH & 0x00000100 \\ -X & KRB5_KDB_REQUIRES_PWCHANGE & 0x00000200 \\ - & KRB5_KDB_DISALLOW_SVR & 0x00001000 \\ -X & KRB5_KDB_PWCHANGE_SERVICE & 0x00002000 \\ - & KRB5_KDB_SUPPORT_DESMD5 & 0x00004000 \\ - & KRB5_KDB_NEW_PRINC & 0x00008000 -\end{tabular} - -The interpretation of each bit is as follows. For each of the bits -that disables a corresponding KDC_OPT option, the option is disabled -on an AS_REQ if the bit is set on either the client or the server, and -the option is disabled on TGS_REQ if the bit is set on the server (the -setting of the bit on the client is irrelevant for a TGS_REQ). - -\begin{description} -\item[KRB5_KDB_DISALLOW_POSTDATED] Disables the ALLOW_POSTDATED -and POSTDATED KDC options on AS_REQ and TGS_REQ. - -\item[KRB5_KDB_DISALLOW_FORWARDABLE] Disables the FORWARDABLE KDC -option for AS_REQ and TGS_REQ. - -\item[KRB5_KDB_DISALLOW_TGT_BASED] All TGS_REQ requests will fail for -a principal with this bit set. - -\item[KRB5_KDB_DISALLOW_RENEWABLE] Disables the RENEWABLE KDC option for -AS_REQ and TGS_REQ. - -\item[KRB5_KDB_DISALLOW_PROXIABLE] Disables the PROXIABLE KDC option on -AS_REQ and TGS_REQ. - -\item[KRB5_KDB_DISALLOW_DUP_SKEY] Disables the ENC_TKT_IN_SKEY option on -TGS_REQ. - -\item[KRB5_KDB_DISALLOW_ALL_TIX] All AS_REQ requests fail if this bit -is set for the client or the server, and all TGS_REQ requests fail if -this bit is set for the server. Note that this bit can be set -automatically if the symbol KRBCONF_KDC_MODIFIES_KDC is defined and a -specified number of pre-authentication attempts fail. - -\item[KRB5_KDB_REQUIRES_PRE_AUTH] Any AS_REQ will fail if this bit is -set and the padata field of the request is empty. Any TGS_REQ will -fail if this bit is set and the TKT_FLAG_PRE_AUTH bit is not set in -the tgt. Thus, it is possible to have the bit not set on the TGT but -to have a specific service require pre-authentication. - -\item[KRB5_KDB_REQUIRES_HW_AUTH] Unclear. - -\item[KRB5_KDB_REQUIRES_PWCHANGE] An AS_REQ will fail if this bit is -set on the client and the KRB5_KDC_PWCHANGE_SERVICE bit is not set on -the server. - -\item[KRB5_KDB_DISALLOW_SVR] All AS_REQ and TGS_REQ request will fail -if the server has this bit set. - -\item[KRB5_KDB_PWCHANGE_SERVICE] An request from a client whose -password has expired will succeed if this bit is set on the server. -Also see KRB5_KDC_REQUIRES_PWCHANGE. - -\item[KRB5_KDB_SUPPORT_DESMD5] This bit indicates that the principal -understands ENCTYPE_DES_MD5 and therefore that that encryption type -should be used whenever a DES encryption type is request (implicitly -assuming that it is the best DES-based encryption type available, -which may not be the case if we implement ENCTYPE_DES_SHA for -example). The bit is employed during an AS_REQ and a TGS_REQ whenever -the a key to be used is ENCTYPE_DES_CRC; if this bit is set (and if -the client listed MD5 in its request, in the case of a session key), -ENCTYPE_DES_MD5 is used instead. - -This bit is basically a kludge to save space in the KDC database. -Without it, a service that supported DES with CRC and MD5 would have -to have two separate key_data entries in the database, differing only -in encryption type. This bit allows a principal to have only a single -key, using CRC, because it tells the KDC that the same key can be used -with MD5. - -This solution will not scale well to handle the inevitable future -situation of multiple salt types with DES3 or other encryption -systems. A better solution is needed; perhaps the redundant key data -should just be stored in the database. - -\item[KRB5_KDB_NEW_PRINC] If this bit is set, the principal is still -being ``created'' and the administration system should allow -administrators with ``add'' priviledge to modify it. This bit was -created for use by a different Kerberos administration system that was -never completed, and is not presently used. -\end{description} - -\item[mod_name] The name of the Kerberos principal that most recently -modified this principal. - -\item[mod_date] The time this principal was last modified, as a Kerberos -timestamp. - -\item[kvno] The version of the principal's current key. - -\item[mkvno] The version of the Kerberos Master Key in effect when -this principal's key was last changed. In KADM5_API_VERSION_2, this -field is always zero. - -\item[policy] If the POLICY bit is set in aux_attributes, the name -of the policy controlling this principal. - -\item[aux_attributes] A bitfield of flags for use by the -administration system. Currently, the only valid flag is POLICY, and -it indicates whether or not the principal has a policy enforced on it. - -\item[max_renewable_life] The maximum renewable lifetime of any -Kerberos ticket issued to or for this principal. This field only -exists in KADM5_API_VERSION_2. - -\item[last_success] The KDC time of the last successful AS_REQ. This -is only updated if KRBCONF_KDC_MODIFIES_KDB is defined during -compilation of the KDC. This field only exists in -KADM5_API_VERSION_2. - -\item[last_failed] The KDC time of the last failed AS_REQ. This is -only updated if KRBCONF_KDC_MODIFIES_KDB is defined during compilation -of the KDC. This field only exists in KADM5_API_VERSION_2. - -\item[fail_auth_count] The number of consecutive failed AS_REQs. When -this number reaches KRB5_MAX_FAIL_COUNT, the KRB5_KDC_DISALLOW_ALL_TIX -is set on the principal. This is only updated if -KRBCONF_KDC_MODIFIES_KDB is defined during compilation. This field -only exists in KADM5_API_VERSION_2. - -\item[n_tl_data] The number of elements in the \v{tl_data} linked -list. This field only exists in KADM5_API_VERSION_2. - -\item[n_key_data] The number of elements in the \v{key_data} -array. This field only exists in KADM5_API_VERSION_2. - -\item[tl_data] A linked list of tagged data. This list is a mechanism -by which programs can store extended information in a principal entry, -without having to modify the database API. Each element is of type -krb5_tl_data: -\begin{verbatim} -typedef struct _krb5_tl_data { - struct _krb5_tl_data* tl_data_next; - krb5_int16 tl_data_type; - krb5_int16 tl_data_length; - krb5_octet * tl_data_contents; -} krb5_tl_data; -\end{verbatim} -The libkdb library defines the tagged data types -KRB5_TL_LAST_PWD_CHANGE, KRB5_TL_MOD_PRINC, and KRB5_TL_KADM_DATA, -which store the last password modification time, time and modifier of -last principal modification, and administration system data. All of -these entries are expected by the administration system and parsed out -into fields of the kadm5_principal_ent_rec structure; they are also -left in the tl_data list. - -The KADM5 API defines its own tagged data type, KRB5_TL_KADM5_E_DATA, -which stores the contents of the e_data field of a krb5_db_entry. The -tagged data is only present if the database entry has extended data, -and will only ever exist while KADM5 is implemented on top of the -DB/DBM database mechansim. - -Any additional tagged data fields found in the database will also be -provided, without interpretation. - -\item[key_data] An array of the principal's keys. The keys contained -in this array are encrypted in the Kerberos master key. See section -\ref{sec:keys} for a discussion of the krb5_key_data structure. -\end{description} - -\subsection{Policies, kadm5_policy_ent_t} -\label{sec:policy-fields} - -If the POLICY bit is set in aux_attributes, the \v{policy} name field -in the kadm5_principal_ent_t structure refers to a password policy -entry defined in a \v{kadm5_policy_ent_t}. - -\begin{verbatim} -typedef struct _kadm5_policy_ent_t { - char *policy; - - u_int32 pw_min_life; - u_int32 pw_max_life; - u_int32 pw_min_length; - u_int32 pw_min_classes; - u_int32 pw_history_num; - u_int32 policy_refcnt; -} kadm5_policy_ent_rec, *kadm5_policy_ent_t; -\end{verbatim} - -The fields of an kadm5_policy_ent_t are interpreted as follows. -Note that a policy's values only apply to a principal using that -policy. - -\begin{description} -\item[policy] The name of this policy, as a NULL-terminated string. -The ASCII characters between 32 (space) and 126 (tilde), inclusive, -are legal. - -\item[pw_min_life] The minimum password lifetime, in seconds. -A principal cannot change its password before pw_min_life seconds have -passed since last_pwd_change. - -\item[pw_max_life] The default duration, in seconds, used to compute -pw_expiration when a principal's password is changed. - -\item[pw_min_length] The minimum password length, in characters. A -principal cannot set its password to anything with fewer than this -number of characters. This value must be greater than zero. - -\item[pw_min_classes] The minimum number of character classes in the -password. This value can only be 1, 2, 3, 4, or 5. A principal cannot -set its password to anything with fewer than this number of character -classes in it. - -\item[pw_history_num] The number of past passwords that are -stored for the principal; the minimum value is 1 and the maximum value -is 10. A principal cannot set its password to any of its previous -pw_history_num passwords. The first ``previous'' password is the -current password; thus, a principal with a policy can never reset its -password to its current value. - -\item[policy_refcnt] The number of principals currently using this policy. -A policy cannot be deleted unless this number is zero. -\end{description} - -\subsection{Configuration parameters} -\label{sec:configparams} - -The KADM5 API acquires configuration information from the Kerberos -configuration file (\$KRB5_CONFIG or /etc/krb5.conf) and from the KDC -configuration file (\$KRB5_KDC_CONFIG or DEFAULT_KDC_PROFILE). In -KADM5_API_VERSION_2, some of the configuration parameters used by the -KADM5 API can be controlled by the caller by providing a -kadm5_config_params structure to kadm5_init: -% -\begin{verbatim} -typedef struct _kadm5_config_params { - u_int32 mask; - - /* Client and server fields */ - char *realm; - char *profile; - int kadmind_port; - - /* client fields */ - char *admin_server; - - /* server fields */ - char *dbname; - char *admin_dbname; - char *admin_lockfile; - char *acl_file; - char *dict_file; - char *admin_keytab; - - /* server library (database) fields */ - char *stash_file; - char *mkey_name; - krb5_enctype enctype; - krb5_deltat max_life; - krb5_deltat max_rlife; - krb5_timestamp expiration; - krb5_flags flags; - krb5_key_salt_tuple *keysalts; - krb5_int32 num_keysalts; -} kadm5_config_params; -\end{verbatim} -% -The following list describes each of the fields of the structure, -along with the profile variable name it overrides, its mask value, its -default value, and whether it is valid on the client, server, or both. -\begin{description} -\item[mask] No variable. No mask value. A bitfield specifying which -fields of the structure contain valid information. A caller sets this -mask before calling kadm5_init_*, indicating which parameters are -specified. The mask values are defined in $<$kadm5/admin.h$>$ and are -all prefixed with KADM5_CONFIG_; the prefix is not included in the -descriptions below. - -\item[realm] No variable. REALM. Client and server. The realm to -which these parameters apply, and the realm for which additional -parameters are to be acquired, if any. If this field is not specified -in the mask, the default local realm is used. - -\item[profile] Variable: profile (server only). PROFILE. Client and -server. The Kerberos profile to use. On the client, the default is -the value of the KRB5_CONFIG environment variable, or /etc/krb5.conf -if that is not set. On the server, the value of the ``profile'' -variable of the KDC configuration file will be used as the first -default if it exists; otherwise, the default is the value of the -KRB5_KDC_PROFILE environment variable or DEFAULT_KDC_PROFILE. - -\item[kadmind_port] Variable: kadmind_port. KADMIND_PORT. Client and -server. The port number the kadmind server listens on. The client -uses this field to determine where to connect, and the server to -determine where to listen. The default is 752 (XXX). - -\item[admin_server] Variable: admin_server. ADMIN_SERVER. Client. -The host name of the admin server to which to connect. There is no -default. If the value of this field contains a colon (:), the text -following the colon is treated as an integer and assigned to the -kadmind_port field, overriding any value of the kadmind_port variable. - -\item[dbname] Variable: dbname. DBNAME. Server. The Kerberos -database name to use; the Kerberos database stores principal -information. There is no default. - -\item[admin_dbname] Variable: admin_database_name. ADBNAME. Server. -The administration database name to use; the administration database -stores policy information. The default is the value of dbname -followed by ``.kadm5'', if dbname is set. - -\item[admin_lockfile] Variable: admin_database_lockfile. -ADB_LOCKFILE. Server. The administration database lock file name, -used to lock the administration database. The default is admin_dbname -followed by ``.lock'', if admin_dbname is set. - -\item[acl_file] Variable: acl_file. ACL_FILE. Server. The admin -server's ACL file. No default. - -\item[dict_file] Variable: admin_dict_file. DICT_FILE. Server. The -admin server's dictionary file of passwords to disallow. No default. - -\item[admin_keytab] Variable: admin_keytab. ADMIN_KEYTAB. Server. -The keytab file containing the kadmin/admin and kadmin/changepw -entries for the server to use. The default is the value of the -KRB5_KTNAME environment variable, if defined. - -\item[stash_file] Variable: key_stash_file. STASH_FILE. Server. The -file name containing the master key stash file. No default; libkdb -will work with a NULL value. - -\item[mkey_name] Variable: master_key_name. MKEY_NAME. Server. The -name of the master principal for the realm. No default; lbkdb will -work with a NULL value. - -\item[enctype] Variable: master_key_type. ENCTYPE. Server. The -encryption type of the master principal. No default. - -\item[max_life, max_rlife, expiration, flags] Variables: max_life, -max_renewable_life, default_principal_expiration, -default_principal_flags. MAX_LIFE, MAX_RLIFE, EXPIRATION, FLAGS. -Server. Default values for new principals. All default to 0. - -\item[keysalts, num_keysalts] Variable: supported_enctypes. ENCTYPES. -Server. The list of supported encryption type/salt type tuples; both -fields must be assigned if ENCTYPES is set. No default. -\end{description} - -\subsection{Principal keys} -\label{sec:keys} - -In KADM5_API_VERSION_1, all principals had a single key. The -encryption method was always DES, and the salt type was determined -outside the API (by command-line options to the administration -server). - -In KADM5_API_VERSION_2, principals can have multiple keys, each with -its own encryption type and salt. Each time a principal's key is -changed with kadm5_create_principal, kadm5_chpass_principal or -kadm5_randkey_principal, existing key entries are removed and a key -entry for each encryption and salt type tuple specified in the -configuration parameters is added. There is no provision for -specifying encryption and salt type information on a per-principal -basis; in a future version, this will probably be part of the admin -policy. There is also presently no provision for keeping multiple key -versions for a single principal active in the database. - -A single key is represented by a krb5_key_data: -% -\begin{verbatim} -typedef struct _krb5_key_data { - krb5_int16 key_data_ver; /* Version */ - krb5_int16 key_data_kvno; /* Key Version */ - krb5_int16 key_data_type[2]; /* Array of types */ - krb5_int16 key_data_length[2]; /* Array of lengths */ - krb5_octet * key_data_contents[2]; /* Array of pointers */ -} krb5_key_data; -\end{verbatim} -% -\begin{description} -\item[key_data_ver] The verion number of the structure. Versions 1 -and 2 are currently defined. If key_data_ver is 1 then the key is -either a random key (not requiring a salt) or the salt is the normal -v5 salt which is the same as the realm and therefore doesn't need to -be saved in the database. - -\item[key_data_kvno] The key version number of this key. - -\item[key_data_type] The first element is the enctype of this key. In -a version 2 structure, the second element is the salttype of this key. -The legal encryption types are defined in $<$krb5.h$>$. The legal -salt types are defined in $<$k5-int.h$>$. - -\item[key_data_length] The first element is length this key. In a -version 2 structure, the second element is length of the salt for this -key. - -\item[key_data_contents] The first element is the content of this key. -In a version 2 structure, the second element is the contents of the -salt for this key. -\end{description} - -\subsection{Field masks} -\label{sec:masks} - -The API functions for creating, retrieving, and modifying principals -and policies allow for a relevant subset of the fields of the -kadm5_principal_ent_t and kadm5_policy_ent_t to be specified or -changed. The chosen fields are determined by a bitmask that is passed -to the relevant function. Each API function has different rules for -which mask values can be specified, and can specify whether a given -mask value is mandatory, optional, or forbidden. Mandatory fields -must be present and forbidden fields must not be present or an error -is generated. When creating a principal or policy, optional fields -have a default value if they are not specified. When modifying a -principal or policy, optional fields are unchanged if they are not -specified. When retrieving a principal, optional fields are simply -not provided if they are not specified; not specifying undeeded fields -for retrieval may improve efficiency. The values for forbidden fields -are defined in the function semantics. - -The masks for principals are in table \ref{tab:princ-bits} and the -masks for policies are in table \ref{tab:policy-bits}. They are -defined in $<$kadm5/admin.h$>$. The KADM5_ prefix has been removed -from the Name fields. In the Create and Modify fields, M means -mandatory, F means forbidden, and O means optional. Create fields -that are optional specify the default value. The notation ``K/M -value'' means that the field inherits its value from the corresponding -field in the Kerberos master principal, for KADM5_API_VERSION_1, and -from the configuration parameters for KADM5_API_VERSION_2. - -All masks for principals are optional for retrevial, {\it except} that -the KEY_DATA mask is illegal when specified by a remote client; for -details, see the function semantics for kadm5_get_principal. - -Note that the POLICY and POLICY_CLR bits are special. When POLICY is -set, the policy is assigned to the principal. When POLICY_CLR is -specified, the policy is unassigned to the principal and as a result -no policy controls the principal. - -For convenience, the mask KADM5_PRINCIPAL_NORMAL_MASK contains all of -the principal masks {\it except} KADM5_KEY_DATA and KADM5_TL_DATA, and -the mask KADM5_POLICY_NORMAL_MASK contains all of the policy masks. - -\begin{table}[htbp] -\begin{tabular}{@{}lclll} -{\bf Name} & {\bf Value} & {\bf Fields Affected} & {\bf Create} & - {\bf Modify} \\ -PRINCIPAL & 0x000001 & principal & M & F \\ -PRINC_EXPIRE_TIME & 0x000002 & princ_expire_time & O, K/M value & O \\ -PW_EXPIRATION & 0x000004 & pw_expiration & O, now+pw_max_life & O \\ -LAST_PWD_CHANGE & 0x000008 & last_pwd_change & F & F \\ -ATTRIBUTES & 0x000010 & attributes & O, 0 & O \\ -MAX_LIFE & 0x000020 & max_life & O, K/M value & O \\ -MOD_TIME & 0x000040 & mod_date & F & F \\ -MOD_NAME & 0x000080 & mod_name & F & F \\ -KVNO & 0x000100 & kvno & O, 1 & O \\ -MKVNO & 0x000200 & mkvno & F & F \\ -AUX_ATTRIBUTES & 0x000400 & aux_attributes & F & F \\ -POLICY & 0x000800 & policy & O, none & O \\ -POLICY_CLR & 0x001000 & policy & F & O \\ -MAX_RLIFE & 0x002000 & max_renewable_life & O, K/M value & O \\ -LAST_SUCCESS & 0x004000 & last_success & F & O \\ -LAST_FAILED & 0x008000 & last_failed & F & O \\ -FAIL_AUTH_COUNT & 0x010000 & fail_auth_count & F & O \\ -KEY_DATA & 0x020000 & n_key_data, key_data & F & F \\ -TL_DATA & 0x040000 & n_tl_data, tl_data & F & F -\end{tabular} -\caption{Mask bits for creating, retrieving, and modifying principals.} -\label{tab:princ-bits} -\end{table} - -\begin{table}[htbp] -\begin{tabular}{@{}lclll} -Name & Value & Field Affected & Create & Modify \\ -POLICY & same & policy & M & F \\ -PW_MAX_LIFE & 0x004000 & pw_max_life & O, 0 (infinite) & O \\ -PW_MIN_LIFE & 0x008000 & pw_min_life & O, 0 & O \\ -PW_MIN_LENGTH & 0x010000 & pw_min_length & O, 1 & O \\ -PW_MIN_CLASSES & 0x020000 & pw_min_classes & O, 1 & O \\ -PW_HISTORY_NUM & 0x040000 & pw_history_num & O, 0 & O \\ -REF_COUNT & 0x080000 & pw_refcnt & F & F -\end{tabular} -\caption{Mask bits for creating/modifying policies.} -\label{tab:policy-bits} -\end{table} - -\section{Constants, Header Files, Libraries} - -$<$kadm5/admin.h$>$ includes a number of required header files, -including RPC, Kerberos 5, com_err, and admin com_err -defines. It contains prototypes for all kadm5 routines mentioned -below, as well as all Admin API data structures, type definitions and -defines mentioned in this document. - -Before \v{\#include}ing $<$kadm5/admin.h$>$, the programmer can -specify the API version number that the program will use by -\v{\#define}ing USE_KADM5_API_VERSION; for example, define that symbol -to be 1 to use KADM5_API_VERSION_1. This will ensure that the correct -functional protoypes and data structures are defined. If no version -symbol is defined, the most recent version supported by the header -files will be used. - -Some of the defines and their values contained in $<$kadm5/admin.h$>$ -include the following, whose KADM5_ prefixes have been removed. -Symbols that do not exist in KADM5_API_VERSION_2 do not have a KADM5_ -prefix, but instead retain only with OVSEC_KADM_ prefix for -compatibility. -\begin{description} -\item[admin service principal] ADMIN_SERVICE (``kadmin/admin'') -\item[admin history key] HIST_PRINCIPAL (``kadmin/history'') -\item[change password principal] CHANGEPW_SERVICE (``kadmin/changepw'') -\item[server acl file path] ACLFILE (``/krb5/ovsec_adm.acl''). In -KADM5_API_VERSION 2, this is controlled by configuration parameters. -\item[dictionary] WORDFILE (``/krb5/kadmind.dict''). In -KADM5_API_VERSION 2, this is controlled by configuration parameters. -\end{description} - -KADM5 errors are described in $<$kadm5/kadm_err.h$>$, which -is included by $<$kadm5/admin.h$>$. - -The locations of the admin policy and principal databases, as well as -defines and type definitions for the databases, are defined in -$<$kadm5/adb.h$>$. Some of the defines in that file are: -\begin{description} -\item[admin policy database] POLICY_DB (``/krb5/kadm5_policy.db''). In -KADM5_API_VERSION 2, this is controlled by configuration parameters. -\item[admin principal database] PRINCIPAL_DB -(``/krb5/ovsec_principal.db''). In KADM5_API_VERSION 2, this is -controlled by configuration parameters. -\end{description} - -Client applications will link against libkadm5clnt.a and server -programs against libkadm5srv.a. Client applications must also link -against: libgssapi_krb5.a, libkrb5.a, libcrypto.a, librpclib.a, -libcom_err.a, and libdyn.a. Server applications must also link -against: libkdb5.a, libkrb5.a, libcrypto.a, librpclib.a, libcom_err.a, -and libdyn.a. - -\section{Error Codes} - -The error codes that can be returned by admin functions are listed -below. Error codes indicated with a ``*'' can be returned by every -admin function and always have the same meaning; these codes are -omitted from the list presented with each function. - -The admin system guarantees that a function that returns an error code -has no other side effect. - -The Admin system will use \v{com_err} for error codes. Note that this -means \v{com_err} codes may be returned from functions that the admin -routines call (e.g. the kerberos library). Callers should not expect -that only KADM5 errors will be returned. The Admin system error code -table name will be ``kadm'', and the offsets will be the same as the -order presented here. As mentioned above, the error table include file -will be $<$kadm5/kadm_err.h$>$. - -Note that these error codes are also used as protocol error code -constants and therefore must not change between product releases. -Additional codes should be added at the end of the list, not in the -middle. The integer value of KADM5_FAILURE is 43787520; the -remaining values are assigned in sequentially increasing order. - -\begin{description} -\item[* KADM5_FAILURE] Operation failed for unspecified reason -\item[* KADM5_AUTH_GET] Operation requires ``get'' privilege -\item[* KADM5_AUTH_ADD] Operation requires ``add'' privilege -\item[* KADM5_AUTH_MODIFY] Operation requires ``modify'' privilege -\item[* KADM5_AUTH_DELETE] Operation requires ``delete'' privilege -\item[* KADM5_AUTH_INSUFFICIENT] Insufficient authorization for -operation -\item[* KADM5_BAD_DB] Database inconsistency detected -\item[KADM5_DUP] Principal or policy already exists -\item[KADM5_RPC_ERROR] Communication failure with server -\item[KADM5_NO_SRV] No administration server found for realm -\item[KADM5_BAD_HIST_KEY] Password history principal key version -mismatch -\item[KADM5_NOT_INIT] Connection to server not initialized -\item[KADM5_UNK_PRINC] Principal does not exist -\item[KADM5_UNK_POLICY] Policy does not exist -\item[KADM5_BAD_MASK] Invalid field mask for operation -\item[KADM5_BAD_CLASS] Invalid number of character classes -\item[KADM5_BAD_LENGTH] Invalid password length -\item[KADM5_BAD_POLICY] Illegal policy name -\item[KADM5_BAD_PRINCIPAL] Illegal principal name. -\item[KADM5_BAD_AUX_ATTR] Invalid auxillary attributes -\item[KADM5_BAD_HISTORY] Invalid password history count -\item[KADM5_BAD_MIN_PASS_LIFE] Password minimum life is greater -then password maximum life -\item[KADM5_PASS_Q_TOOSHORT] Password is too short -\item[KADM5_PASS_Q_CLASS] Password does not contain enough -character classes -\item[KADM5_PASS_Q_DICT] Password is in the password dictionary -\item[KADM5_PASS_REUSE] Cannot resuse password -\item[KADM5_PASS_TOOSOON] Current password's minimum life has not -expired -\item[KADM5_POLICY_REF] Policy is in use -\item[KADM5_INIT] Connection to server already initialized -\item[KADM5_BAD_PASSWORD] Incorrect password -\item[KADM5_PROTECT_PRINCIPAL] Cannot change protected principal -\item[* KADM5_BAD_SERVER_HANDLE] Programmer error! Bad Admin server handle -\item[* KADM5_BAD_STRUCT_VERSION] Programmer error! Bad API structure version -\item[* KADM5_OLD_STRUCT_VERSION] API structure version specified by application is no longer supported (to fix, recompile application against current Admin API header files and libraries) -\item[* KADM5_NEW_STRUCT_VERSION] API structure version specified by application is unknown to libraries (to fix, obtain current Admin API header files and libraries and recompile application) -\item[* KADM5_BAD_API_VERION] Programmer error! Bad API version -\item[* KADM5_OLD_LIB_API_VERSION] API version specified by application is no longer supported by libraries (to fix, update application to adhere to current API version and recompile) -\item[* KADM5_OLD_SERVER_API_VERSION] API version specified by application is no longer supported by server (to fix, update application to adhere to current API version and recompile) -\item[* KADM5_NEW_LIB_API_VERSION] API version specified by application is unknown to libraries (to fix, obtain current Admin API header files and libraries and recompile application) -\item[* KADM5_NEW_SERVER_API_VERSION] API version specified by -application is unknown to server (to fix, obtain and install newest -Admin Server) -\item[KADM5_SECURE_PRINC_MISSING] Database error! Required principal missing -\item[KADM5_NO_RENAME_SALT] The salt type of the specified principal -does not support renaming -\item[KADM5_BAD_CLIENT_PARAMS] Illegal configuration parameter for -remote KADM5 client -\item[KADM5_BAD_SERVER_PARAMS] Illegal configuration parameter for -local KADM5 client. -\item[KADM5_AUTH_LIST] Operation requires ``list'' privilege -\item[KADM5_AUTH_CHANGEPW] Operation requires ``change-password'' privilege -\end{description} - -\section{Authentication and Authorization} -\label{sec:auth} - -Two Kerberos principals exist for use in communicating with the Admin -system: kadmin/admin and kadmin/changepw. Both principals -have the KRB5_KDB_DISALLOW_TGT_BASED bit set in their attributes so -that service tickets for them can only be acquired via a -password-based (AS_REQ) request. Additionally, kadmin/changepw -has the KRB5_KDB_PWCHANGE_SERVICE bit set so that a principal with an -expired password can still obtain a service ticket for it. - -The Admin system accepts requests that are authenticated to either -service principal, but the sets of operations that can be performed by -a request authenticated to each service are different. In particular, -only the functions chpass_principal, randkey_principal, get_principal, -and get_policy can be performed by a request authenticated to the -kadmin/changepw service. The function semantics descriptions below -give the precise details. - -Each Admin API operation authenticated to the kadmin/admin service -requires a specific authorization to run. This version uses a simple -named privilege system with the following names and meanings: - -\begin{description} -\item[Get] Able to examine the attributes (NOT key data) of principals -and policies. -\item[Add] Able to add principals and policies. -\item[Modify] Able to modify attributes of existing principals and -policies; this does not include changing passwords. -\item[Delete] Able to remove principals and policies. -\item[List] Able to retrieve a list of principals and policies. -\item[Changepw] Able to change the password of principals. -\end{description} - -Privileges are specified via an external configuration file on the -Kerberos master server. - -Table \ref{tab:func-overview} summarizes the authorization -requirements of each function. Additionally, each API function -description identifies the privilege required to perform it. The -Authorization checks only happen if you are using the RPC mechanism. -If you are using the server-side API functions locally on the admin -server, the only authorization check is if you can access the -approporiate local files. - -\section{Functions} - -\subsection{Overview} - -The functions provided by the Admin API, and the authorization they -require, are listed in the table \ref{tab:func-overview}. The -``kadm5_'' prefix has been removed from each function name. - -The function semantics in the following sections omit details that are -the same for every function. - -\begin{itemize} -\item The effects of every function are atomic. - -\item Every function performs an authorization check and returns -the appropriate KADM5_AUTH_* error code if the caller does not -have the required privilege. No other information or error code is -ever returned to an unauthorized user. - -\item Every function checks its arguments for NULL pointers or other -obviously invalid values, and returns EINVAL if any are detected. - -\item Any function that performs a policy check uses the policy named -in the principal's policy field. If the POLICY bit is not set in the -principal's aux_attributes field, however, the principal has no -policy, so the policy check is not performed. - -\item Unless otherwise specified, all functions return KADM5_OK. -\end{itemize} - -\begin{table}[htbp] -\caption{Summary of functions and required authorization.} -\label{tab:func-overview} -\begin{tabular}{@{}llp{3.24in}} -\\ -{\bf Function Name} & {\bf Authorization} & {\bf Operation} \\ - -init & none & Open a connection with the kadm5 library. OBSOLETE -but still provided---use init_with_password instead. \\ -init_with_password & none & Open a connection with the kadm5 -library using a password to obtain initial credentials. \\ -init_with_skey & none & Open a connection with the kadm5 library -using the keytab entry to obtain initial credentials. \\ -destroy & none & Close the connection with the kadm5 library. \\ -flush & none & Flush all database changes to disk; no-op when called -remotely. \\ -create_principal & add & Create a new principal. \\ -delete_principal & delete & Delete a principal. \\ -modify_principal & modify & Modify the attributes of an existing - principal (not password). \\ -rename_principal & add and delete & Rename a principal. \\ -get_principal & get\footnotemark & Retrieve a principal. \\ -get_principals & list & Retrieve some or all principal names. \\ -chpass_principal & changepw\footnotemark[\thefootnote] & - Change a principal's password. \\ -chpass_principal_util & changepw\footnotemark[\thefootnote] & Utility wrapper around chpass_principal. \\ -randkey_principal & changepw\footnotemark[\thefootnote] & - Randomize a principal's key. \\ -create_policy & add & Create a new policy. \\ -delete_policy & delete & Delete a policy. \\ -modify_policy & modify & Modify the attributes of a policy. \\ -get_policy & get & Retrieve a policy. \\ -get_policies & list & Retrieve some or all policy names. \\ -free_principal_ent & none & Free the memory associated with an - kadm5_principal_ent_t. \\ -free_policy_ent & none & Free the memory associated with an - kadm5_policy_ent_t. \\ -get_privs & none & Return the caller's admin server privileges. -\end{tabular} -\end{table} -\footnotetext[\thefootnote]{These functions also allow a principal to -perform the operation on itself; see the function's semantics for -details.} - -\subsection{kadm5_init_*} - -In KADM5_API_VERSION 1: - -\begin{verbatim} -kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, - char *service_name, char *realm, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) - -kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, - char *service_name, char *realm, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) - -kadm5_ret_t kadm5_init(char *client_name, char *pass, - char *service_name, char *realm, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) -\end{verbatim} - -In KADM5_API_VERSION 2: - -\begin{verbatim} -kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, - char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) - -kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, - char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) - -kadm5_ret_t kadm5_init(char *client_name, char *pass, - char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) -\end{verbatim} - -AUTHORIZATION REQUIRED: none - -NOTE: kadm5_init is an obsolete provided for backwards -compatibility. It is identical to kadm5_init_with_password. - -These three functions open a connection to the kadm5 library and -initialize any neccessary state information. They behave differently -when called from local and remote clients. - -In KADM5_API_VERSION_2, these functions take a kadm5_config_params -structure instead of a realm name as an argument. The semantics are -similar: if a NULL pointer is passed for the realm_params argument, -the default realm and default parameters for that realm, as specified -in the krb5 configuration file (e.g. /etc/krb5.conf) are used. If a -realm_params structure is provided, the fields that are set override -the default values. If a parameter is specified to the local or -remote libraries that does not apply to that side, an error code -(KADM5_BAD_CLIENT_PARAMS or KADM5_BAD_SERVER_PARAMS) is returned. See -section \ref{sec:configparams} for a discussion of configuration -parameters. - -For remote clients, the semantics are: - -\begin{enumerate} -\item Initializes all the com_err error tables used by the Admin -system. - -\item Acquires configuration parameters. In KADM5_API_VERSION_1, all -the defaults specified in the configuration file are used, according -to the realm. In KADM5_API_VERSION_2, the values in params_in are -merged with the default values. If an illegal mask value is -specified, KADM5_BAD_CLIENT_PARAMS is returned. - -\item Acquires a Kerberos ticket for the specified service. - -\begin{enumerate} -\item The ticket's client is client_name, which can be any valid -Kerberos principal. If client_name does not include a realm, the -default realm of the local host is used -\item The ticket's service is service_name@realm. service_name must -be one of the constants KADM5_ADMIN_SERVICE or -KADM5_CHANGEPW_SERVICE. -\item If realm is NULL, client_name's realm is used. - -\item For init_with_password, the ticket is decoded with the password -pass, which must be client_name's password. If pass is NULL or an -empty string, the user is prompted (via the tty) for a password. - -\item For init_with_skey, the ticket is decoded with client_name's key -obtained from the keytab keytab. If keytab is NULL or an empty string -the default keytab is used. -\end{enumerate} - -\item Creates a GSS-API authenticated connection to the Admin server, -using the just-acquired Kerberos ticket. - -\item Verifies that the struct_version and api_version specified by -the caller are valid and known to the library. - -\item Sends the specified api_version to the server. - -\item Upon successful completion, fills in server_handle with a handle -for this connection, to be used in all subsequent API calls. -\end{enumerate} - -The caller should always specify KADM5_STRUCT_VERSION for the -struct_version argument, a valid and supported API version constant -for the api_version argument (currently, theonly valid API version -constant is KADM5_API_VERSION_1), and a valid pointer in which -the server handle will be stored. - -Local clients, running on the KDC, may be useful. For now this is will -most likely be used for testing, but could in the future be the basis -for a command-line system that works both remotely and on the KDC -machine. If any kadm5_init_* is invoked locally its semantics are: - -\begin{enumerate} -\item Initializes all the com_err error tables used by the Admin -system. - -\item Acquires configuration parameters. In KADM5_API_VERSION_1, all -the defaults specified in the configuration file are used, according -to the realm. In KADM5_API_VERSION_2, the values in params_in are -merged with the default values. If an illegal mask value is -specified, KADM5_BAD_SERVER_PARAMS is returned. - -\item Initializes direct access to the KDC database. If pass (or -keytab) is NULL or an empty string, reads the master password from -/.k5.REALM-NAME (created by kstash). Otherwise, the non-NULL password -is ignored and the user is prompted for it via the tty. - -\item Initializes the dictionary (if present) for dictionary checks. - -\item Parses client_name as a Kerberos principal. client_name should -usually be specified as the name of the program. - -\item Verifies that the struct_version and api_version specified by -the caller are valid. - -\item Fills in server_handle with a handle containing all state -information (version numbers and client name) for this ``connection.'' -\end{enumerate} -The service_name argument is not used. - -RETURN CODES: - -\begin{description} -\item[KADM5_NO_SRV] No Admin server can be found for the -specified realm. - -\item[KADM5_RPC_ERROR] The RPC connection to the server cannot be -initiated. - -\item[KADM5_BAD_PASSWORD] Incorrect password. - -\item[KADM5_SECURE_PRINC_MISSING] The principal -KADM5_ADMIN_SERVICE or KADM5_CHANGEPW_SERVICE does not -exist. This is a special-case replacement return code for ``Server -not found in database'' for these required principals. - -\item[KADM5_BAD_CLIENT_PARAMS] A field in the parameters mask was -specified to the remote client library that is not legal for remote -clients. - -\item[KADM5_BAD_SERVER_PARAMS] A field in the parameters mask was -specified to the local client library that is not legal for local -clients. -\end{description} - -\subsection{kadm5_flush} - -\begin{verbatim} -kadm5_ret_t kadm5_flush(void *server_handle) -\end{verbatim} - -AUTHORIZATION REQUIRED: none - -Flush all changes to the Kerberos databases, leaving the connection to -the Admin API open. This function behaves differently when called by -local and remote clients. - -For local clients, the function closes and reopens the Kerberos -database with krb5_db_fini() and krb5_db_init(), and closes and -reopens the Admin policy database with adb_policy_close() and -adb_policy_open(). Although it is unlikely, any other these functions -could return errors; in that case, this function calls -kadm5_destroy and returns the error code. Therefore, if -kadm5_flush does not return KADM5_OK, the connection to the -Admin server has been terminated and, in principle, the databases -might be corrupt. - -For remote clients, the function is a no-op. - -\subsection{kadm5_destroy} - -\begin{verbatim} -kadm5_ret_t kadm5_destroy(void *server_handle) -\end{verbatim} - -AUTHORIZATION REQUIRED: none - -Close the connection to the Admin server and releases all related -resources. This function behaves differently when called by local and -remote clients. - -For remote clients, the semantics are: - -\begin{enumerate} -\item Destroy the temporary credential cache created by -kadm5_init. - -\item Tear down the GSS-API context negotiated with the server. - -\item Close the RPC connection. - -\item Free storage space associated with server_handle, after erasing -its magic number so it won't be mistaken for a valid handle by the -library later. -\end{enumerate} - -For local clients, this function just frees the storage space -associated with server_handle after erasing its magic number. - -RETURN CODES: - -\subsection{kadm5_create_principal} - -\begin{verbatim} -kadm5_ret_t -kadm5_create_principal(void *server_handle, - kadm5_principal_ent_t princ, u_int32 mask, - char *pw); -\end{verbatim} - -AUTHORIZATION REQUIRED: add - -\begin{enumerate} - -\item Return KADM5_BAD_MASK if the mask is invalid. -\item If the named principal exists, return KADM5_DUP. -\item If the POLICY bit is set and the named policy does not exist, -return KADM5_UNK_POLICY. -\item If KADM5_POLICY bit is set in aux_attributes check to see if -the password does not meets quality standards, return the appropriate -KADM5_PASS_Q_* error code if it fails. -\item Store the principal, set the key; see section \ref{sec:keys}. -\item If the POLICY bit is set, increment the named policy's reference -count by one. - -\item Set the pw_expiration field. -\begin{enumerate} -\item If the POLICY bit is not set, then -\begin{enumerate} -\item if the PW_EXPIRATION bit is set, set pw_expiration to the given -value, else -\item set pw_expiration to never. -\end{enumerate} -\item Otherwise, if the PW_EXPIRATION bit is set, set pw_expiration to -the sooner of the given value and now + pw_max_life. -\item Otherwise, set pw_expiration to now + pw_max_life. -\end{enumerate} - -\item Set mod_date to now and set mod_name to caller. -\item Set last_pwd_change to now. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_BAD_MASK] The field mask is invalid for a create -operation. -\item[KADM5_DUP] Principal already exists. -\item[KADM5_UNK_POLICY] Policy named in entry does not exist. -\item[KADM5_PASS_Q_*] Specified password does not meet policy -standards. -\end{description} - -\subsection{kadm5_delete_principal} - -\begin{verbatim} -kadm5_ret_t -kadm5_delete_principal(void *server_handle, krb5_principal princ); -\end{verbatim} - -AUTHORIZATION REQUIRED: delete - -\begin{enumerate} -\item Return KADM5_UNK_PRINC if the principal does not exist. -\item If the POLICY bit is set in aux_attributes, decrement the named -policy's reference count by one. -\item Delete principal. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Principal does not exist. -\end{description} - -\subsection{kadm5_modify_principal} - -\begin{verbatim} -kadm5_ret_t -kadm5_modify_principal(void *server_handle, - kadm5_principal_ent_t princ, u_int32 mask); -\end{verbatim} - -Modify the attributes of the principal named in -kadm5_principal_ent_t. This does not allow the principal to be -renamed or for its password to be changed. - -AUTHORIZATION REQUIRED: modify - -Although a principal's pw_expiration is usually computed based on its -policy and the time at which it changes its password, this function -also allows it to be specified explicitly. This allows an -administrator, for example, to create a principal and assign it to a -policy with a pw_max_life of one month, but to declare that the new -principal must change its password away from its initial value -sometime within the first week. - -\begin{enumerate} -\item Return KADM5_UNK_PRINC if the principal does not exist. -\item Return KADM5_BAD_MASK if the mask is invalid. -\item If POLICY bit is set but the new policy does not exist, return -KADM5_UNK_POLICY. -\item If either the POLICY or POLICY_CLR bits are set, update the -corresponding bits in aux_attributes. - -\item Update policy reference counts. -\begin{enumerate} -\item If the POLICY bit is set, then increment policy count on new -policy. -\item If the POLICY or POLICY_CLR bit is set, and the POLICY bit in -aux_attributes is set, decrement policy count on old policy. -\end{enumerate} - -\item Set pw_expiration according to the new policy. -\begin{enumerate} -\item If the POLICY bit is not set in aux_attributes, then -\begin{enumerate} -\item if the PW_EXPIRATION bit is set, set pw_expiration to the given -value, else -\item set pw_expiration to never. -\end{enumerate} -\item Otherwise, if the PW_EXPIRATION bit is set, set pw_expiration to -the sooner of the given value and last_pwd_change + pw_max_life. -\item Otherwise, set pw_expiration to last_pwd_change + pw_max_life. -\end{enumerate} - -\item Update the fields specified in the mask. -\item Update mod_name field to caller and mod_date to now. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Entry does not exist. -\item[KADM5_BAD_MASK] The mask is not valid for a modify -operation. -\item[KADM5_UNK_POLICY] The POLICY bit is set but the new -policy does not exist. -\end{description} - -\subsection{kadm5_rename_principal} - -\begin{verbatim} -kadm5_ret_t -kadm5_rename_principal(void *server_handle, krb5_principal source, - krb5_principal target); -\end{verbatim} - -AUTHORIZATION REQUIRED: add and delete - -\begin{enumerate} -\item Check to see if source principal exists, if not return -KADM5_UNK_PRINC error. -\item Check to see if target exists, if so return KADM5_DUP error. -\item Create the new principal named target, then delete the old -principal named source. All of target's fields will be the same as -source's fields, except that mod_name and mod_date will be updated to -reflect the current caller and time. -\end{enumerate} - -Note that since the principal name may have been used as the salt for -the principal's key, renaming the principal may render the principal's -current password useless; with the new salt, the key generated by -string-to-key on the password will suddenly be different. Therefore, -an application that renames a principal must also require the user to -specify a new password for the principal (and administrators should -notify the affected party). - -Note also that, by the same argument, renaming a principal will -invalidate that principal's password history information; since the -salt will be different, a user will be able to select a previous -password without error. - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Source principal does not exist. -\item[KADM5_DUP] Target principal already exist. -\end{description} - -\subsection{kadm5_chpass_principal} - -\begin{verbatim} -kadm5_ret_t -kadm5_chpass_principal(void *server_handle, krb5_principal princ, - char *pw); -\end{verbatim} - -AUTHORIZATION REQUIRED: changepw, or the calling principal being the -same as the princ argument. If the request is authenticated to the -kadmin/changepw service, the changepw privilege is disregarded. - -Change a principal's password. See section \ref{sec:keys} for a -description of how the keys are determined. - -This function enforces password policy and dictionary checks. If the new -password specified is in the password dictionary, and the policy bit is set -KADM5_PASS_DICT is returned. If the principal's POLICY bit is set in -aux_attributes, compliance with each of the named policy fields is verified -and an appropriate error code is returned if verification fails. - -Note that the policy checks are only be performed if the POLICY bit is -set in the principal's aux_attributes field. - -\begin{enumerate} -\item Make sure principal exists, if not return KADM5_UNK_PRINC error. -\item If caller does not have modify privilege, (now - last_pwd_change) $<$ -pw_min_life, and the KRB5_KDB_REQUIRES_PWCHANGE bit is not set in the -principal's attributes, return KADM5_PASS_TOOSOON. -\item If the principal your are trying to change is kadmin/history -return KADM5_PROTECT_PRINCIPAL. -\item If the password does not meet the quality -standards, return the appropriate KADM5_PASS_Q_* error code. -\item Convert password to key; see section \ref{sec:keys}. -\item If the new key is in the principal's password history, return -KADM5_PASS_REUSE. -\item Store old key in history. -\item Update principal to have new key. -\item Increment principal's key version number by one. -\item If the POLICY bit is set, set pw_expiration to now + -max_pw_life. If the POLICY bit is not set, set pw_expiration to -never. -\item If the KRB5_KDB_REQUIRES_PWCHANGE bit is set in the principal's -attributes, clear it. -\item Update last_pwd_change and mod_date to now, update mod_name to -caller. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Principal does not exist. -\item[KADM5_PASS_Q_*] Requested password does not meet quality -standards. -\item[KADM5_PASS_REUSE] Requested password is in user's -password history. -\item[KADM5_PASS_TOOSOON] Current password has not reached minimum life -\item[KADM5_PROTECT_PRINCIPAL] Cannot change the password of a special principal -\end{description} - - -\subsection{kadm5_chpass_principal_util} - -\begin{verbatim} -kadm5_ret_t -kadm5_chpass_principal_util(void *server_handle, krb5_principal princ, - char *new_pw, char **pw_ret, - char *msg_ret); -\end{verbatim} - -AUTHORIZATION REQUIRED: changepw, or the calling principal being the -same as the princ argument. If the request is authenticated to the -kadmin/changepw service, the changepw privilege is disregarded. - -This function is a wrapper around kadm5_chpass_principal. It can -read a new password from a user, change a principal's password, and -return detailed error messages. msg_ret should point to a char buffer -in the caller's space of sufficient length for the error messages -described below. 1024 bytes is recommended. It will also return the -new password to the caller if pw_ret is non-NULL. - -\begin{enumerate} -\item If new_pw is NULL, this routine will prompt the user for the new -password (using the strings specified by KADM5_PW_FIRST_PROMPT and -KADM5_PW_SECOND_PROMPT) and read (without echoing) the password input. -Since it is likely that this will simply call krb5_read_password only -terminal-based applications will make use of the password reading -functionality. If the passwords don't match the string ``New passwords do -not match - password not changed.'' will be copied into msg_ret, and the -error code KRB5_LIBOS_BADPWDMATCH will be returned. For other errors that -ocurr while reading the new password, copy the string ``<com_err message$>$ -occurred while trying to read new password.'' followed by a blank line and -the string specified by CHPASS_UTIL_PASSWORD_NOT_CHANGED into msg_ret and -return the error code returned by krb5_read_password. - -\item If pw_ret is non-NULL, and the password was prompted, set *pw_ret to -point to a static buffer containing the password. If pw_ret is non-NULL -and the password was supplied, set *pw_ret to the supplied password. - -\item Call kadm5_chpass_principal with princ, and new_pw. - -\item If successful copy the string specified by CHPASS_UTIL_PASSWORD_CHANGED -into msg_ret and return zero. - -\item For a policy related failure copy the appropriate message (from below) -followed by a newline and ``Password not changed.'' into msg_ret -filling in the parameters from the principal's policy information. If -the policy information cannot be obtained copy the generic message if -one is specified below. Return the error code from -kadm5_chpass_principal. - -Detailed messages: -\begin{description} - -\item[PASS_Q_TOO_SHORT] -New password is too short. Please choose a -password which is more than $<$pw-min-len$>$ characters. - -\item[PASS_Q_TOO_SHORT - generic] -New password is too short. Please choose a longer password. - -\item[PASS_REUSE] -New password was used previously. Please choose a -different password. - -\item[PASS_Q_CLASS] -New password does not have enough character classes. Classes include -lower class letters, upper case letters, digits, punctuation and all -other characters. Please choose a password with at least -$<$min-classes$>$ character classes. - -\item[PASS_Q_CLASS - generic] -New password does not have enough character classes. Classes include -lower class letters, upper case letters, digits, punctuation and all -other characters. - -\item[PASS_Q_DICT] -New password was found in a dictionary of possible passwords and -therefore may be easily guessed. Please choose another password. See -the kpasswd man page for help in choosing a good password. - -\item[PASS_TOOSOON] -Password cannot be changed because it was changed too recently. Please -wait until $<$last-pw-change+pw-min-life$>$ before you change it. If you -need to change your password before then, contact your system -security administrator. - -\item[PASS_TOOSOON - generic] -Password cannot be changed because it was changed too recently. If you -need to change your now please contact your system security -administrator. -\end{description} - -\item For other errors copy the string ``$<$com_err message$>$ -occurred while trying to change password.'' following by a blank line -and ``Password not changed.'' into msg_ret. Return the error code -returned by kadm5_chpass_principal. -\end{enumerate} - - -RETURN CODES: - -\begin{description} -\item[KRB5_LIBOS_BADPWDMATCH] Typed new passwords did not match. -\item[KADM5_UNK_PRINC] Principal does not exist. -\item[KADM5_PASS_Q_*] Requested password does not meet quality -standards. -\item[KADM5_PASS_REUSE] Requested password is in user's -password history. -\item[KADM5_PASS_TOOSOON] Current password has not reached minimum -life. -\end{description} - -\subsection{kadm5_randkey_principal} - -In KADM5_API_VERSION_1: - -\begin{verbatim} -kadm5_ret_t -kadm5_randkey_principal(void *server_handle, krb5_principal princ, - krb5_keyblock **new_key) -\end{verbatim} - -In KADM5_API_VERSION_2: - -\begin{verbatim} -kadm5_ret_t -kadm5_randkey_principal(void *server_handle, krb5_principal princ, - krb5_keyblock **new_keys, int *n_keys) -\end{verbatim} - -AUTHORIZATION REQUIRED: changepw, or the calling principal being the -same as the princ argument. If the request is authenticated to the -kadmin/changepw service, the changepw privilege is disregarded. - -Generate and assign a new random key to the named principal, and -return the generated key in allocated storage. In -KADM5_API_VERSION_2, multiple keys may be generated and returned as an -array, and n_new_keys is filled in with the number of keys generated. -See section \ref{sec:keys} for a description of how the keys are -chosen. In KADM5_API_VERSION_1, the caller must free the returned -krb5_keyblock * with krb5_free_keyblock. In KADM5_API_VERSION_2, the -caller must free each returned keyblock with krb5_free_keyblock. - -If the principal's POLICY bit is set in aux_attributes and the caller does -not have modify privilege , compliance with the password minimum life -specified by the policy is verified and an appropriate error code is returned -if verification fails. - -\begin{enumerate} -\item If the principal does not exist, return KADM5_UNK_PRINC. -\item If caller does not have modify privilege, (now - last_pwd_change) $<$ -pw_min_life, and the KRB5_KDB_REQUIRES_PWCHANGE bit is not set in the -principal's attributes, return KADM5_PASS_TOOSOON. -\item If the principal you are trying to change is kadmin/history return -KADM5_PROTECT_PRINCIPAL. -\item Store old key in history. -\item Update principal to have new key. -\item Increment principal's key version number by one. -\item If the POLICY bit in aux_attributes is set, set pw_expiration to -now + max_pw_life. -\item If the KRB5_KDC_REQUIRES_PWCHANGE bit is set in the principal's -attributes, clear it. -\item Update last_pwd_change and mod_date to now, update mod_name to -caller. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Principal does not exist. -\item[KADM5_PASS_TOOSOON] The minimum lifetime for the current -key has not expired. -\item[KADM5_PROTECT_PRINCIPAL] Cannot change the password of a special -principal -\end{description} - -This function can also be used as part of a sequence to create a new -principal with a random key. The steps to perform the operation -securely are - -\begin{enumerate} -\item Create the principal with kadm5_create_principal with a -random password string and with the KRB5_KDB_DISALLOW_ALL_TIX bit set -in the attributes field. - -\item Randomize the principal's key with kadm5_randkey_principal. - -\item Call kadm5_modify_principal to reset the -KRB5_KDB_DISALLOW_ALL_TIX bit in the attributes field. -\end{enumerate} - -The three steps are necessary to ensure secure creation. Since an -attacker might be able to guess the initial password assigned by the -client program, the principal must be disabled until the key can be -truly randomized. - -\subsection{kadm5_get_principal} - -In KADM5_API_VERSION_1: - -\begin{verbatim} -kadm5_ret_t -kadm5_get_principal(void *server_handle, krb5_principal princ, - kadm5_principal_ent_t *ent); -\end{verbatim} - -In KADM5_API_VERSION_2: - -\begin{verbatim} -kadm5_ret_t -kadm5_get_principal(void *server_handle, krb5_principal princ, - kadm5_principal_ent_t ent, u_int32 mask); -\end{verbatim} - -AUTHORIZATION REQUIRED: get, or the calling principal being the same -as the princ argument. If the request is authenticated to the -kadmin/changepw service, the get privilege is disregarded. - -In KADM5_API_VERSION_1, return all of the principal's attributes in -allocated memory; if an error is returned entry is set to NULL. In -KADM5_API_VERSION_2, fill in the fields of the principal structure -specified in the mask; memory for the structure is not allocated. -Typically, a caller will specify the mask KADM5_PRINCIPAL_NORMAL_MASK, -which includes all the fields {\it except} key_data and tl_data to -improve time and memory efficiency. A caller that wants key_data and -tl_data can bitwise-OR those masks onto NORMAL_MASK. - -The caller must free the returned entry with kadm5_free_principal_ent. - - -The function behaves differently for local and remote clients. For -remote clients, the KEY_DATA mask is illegal and results in a -KADM5_BAD_MASK error. - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Principal does not exist. -\item[KADM5_BAD_MASK] The mask is not valid for a get operation. - -\end{description} - -\subsection{kadm5_get_principals} - -\begin{verbatim} -kadm5_ret_t -kadm5_get_principals(void *server_handle, char *exp, - char ***princs, int *count) -\end{verbatim} - -Retrieves the list of principal names. - -AUTHORIZATION REQUIRED: list - -If \v{exp} is NULL, all principal names are retrieved; otherwise, -principal names that match the expression exp are retrieved. -\v{princs} is filled in with a pointer to a NULL-terminated array of -strings, and \v{count} is filled in with the number of principal names -in the array. \v{princs} must be freed with a call to -\v{kadm5_free_name_list}. - -All characters in the expression match themselves except ``?'' which -matches any single character, ``*'' which matches any number of -consecutive characters, and ``[chars]'' which matches any single -character of ``chars''. Any character which follows a ``$\backslash$'' -matches itself exactly, and a ``$\backslash$'' cannot be the last -character in the string. - -\subsection{kadm5_create_policy} - -\begin{verbatim} -kadm5_ret_t -kadm5_create_policy(void *server_handle, - kadm5_policy_ent_t policy, u_int32 mask); -\end{verbatim} - -Create a new policy. - -AUTHORIZATION REQUIRED: add - -\begin{enumerate} -\item Check to see if mask is valid, if not return KADM5_BAD_MASK error. -\item Return KADM5_BAD_POLICY if the policy name contains illegal -characters. - -\item Check to see if the policy already exists, if so return -KADM5_DUP error. -\item If the PW_MIN_CLASSES bit is set and pw_min_classes is not 1, 2, -3, 4, or 5, return KADM5_BAD_CLASS. -\item Create a new policy setting the appropriate fields determined -by the mask. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_DUP] Policy already exists -\item[KADM5_BAD_MASK] The mask is not valid for a create -operation. -\item[KADM5_BAD_CLASS] The specified number of character classes -is invalid. -\item[KADM5_BAD_POLICY] The policy name contains illegal characters. -\end{description} - -\subsection{kadm5_delete_policy} - -\begin{verbatim} -kadm5_ret_t -kadm5_delete_policy(void *server_handle, char *policy); -\end{verbatim} - -Deletes a policy. - -AUTHORIZATION REQUIRED: delete - -\begin{enumerate} -\item Return KADM5_BAD_POLICY if the policy name contains illegal -characters. -\item Return KADM5_UNK_POLICY if the named policy does not exist. -\item Return KADM5_POLICY_REF if the named policy's refcnt is not 0. -\item Delete policy. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_BAD_POLICY] The policy name contains illegal characters. -\item[KADM5_UNK_POLICY] Policy does not exist. -\item[KADM5_POLICY_REF] Policy is being referenced. -\end{description} - -\subsection{kadm5_modify_policy} - -\begin{verbatim} -kadm5_ret_t -kadm5_modify_policy(void *server_handle, - kadm5_policy_ent_t policy, u_int32 mask); -\end{verbatim} - -Modify an existing policy. Note that modifying a policy has no affect -on a principal using the policy until the next time the principal's -password is changed. - -AUTHORIZATION REQUIRED: modify - -\begin{enumerate} -\item Return KADM5_BAD_POLICY if the policy name contains illegal -characters. -\item Check to see if mask is legal, if not return KADM5_BAD_MASK error. -\item Check to see if policy exists, if not return -KADM5_UNK_POLICY error. -\item If the PW_MIN_CLASSES bit is set and pw_min_classes is not 1, 2, -3, 4, or 5, return KADM5_BAD_CLASS. -\item Update the fields specified in the mask. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_BAD_POLICY] The policy name contains illegal characters. -\item[KADM5_UNK_POLICY] Policy not found. -\item[KADM5_BAD_MASK] The mask is not valid for a modify -operation. -\item[KADM5_BAD_CLASS] The specified number of character classes -is invalid. -\end{description} - -\subsection{kadm5_get_policy} - -In KADM5_API_VERSION_1: - -\begin{verbatim} -kadm5_ret_t -kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t *ent); -\end{verbatim} - -In KADM5_API_VERSION_2: - -\begin{verbatim} -kadm5_ret_t -kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); -\end{verbatim} - -AUTHORIZATION REQUIRED: get, or the calling principal's policy being -the same as the policy argument. If the request is authenticated to -the kadmin/changepw service, the get privilege is disregarded. - -In KADM5_API_VERSION_1, return the policy's attributes in allocated -memory; if an error is returned entry is set to NULL. In -KADM5_API_VERSION_2, fill in fields of the policy structure allocated -by the caller. The caller must free the returned entry with -kadm5_free_policy_ent - -RETURN CODES: - -\begin{description} -\item[KADM5_BAD_POLICY] The policy name contains illegal characters. -\item[KADM5_UNK_POLICY] Policy not found. -\end{description} - -\subsection{kadm5_get_policies} - -\begin{verbatim} -kadm5_ret_t -kadm5_get_policies(void *server_handle, char *exp, - char ***pols, int *count) -\end{verbatim} - -Retrieves the list of principal names. - -AUTHORIZATION REQUIRED: list - -If \v{exp} is NULL, all principal names are retrieved; otherwise, -principal names that match the expression exp are retrieved. \v{pols} -is filled in with a pointer to a NULL-terminated array of strings, and -\v{count} is filled in with the number of principal names in the -array. \v{pols} must be freed with a call to -\v{kadm5_free_name_list}. - -All characters in the expression match themselves except ``?'' which -matches any single character, ``*'' which matches any number of -consecutive characters, and ``[chars]'' which matches any single -character of ``chars''. Any character which follows a ``$\backslash$'' -matches itself exactly, and a ``$\backslash$'' cannot be the last -character in the string. - -\subsection{kadm5_free_principal_ent, _policy_ent} - -\begin{verbatim} -void kadm5_free_principal_ent(void *server_handle, - kadm5_principal_ent_t princ); -\end{verbatim} - -In KADM5_API_VERSION_1, free the structure and contents allocated by a -call to kadm5_get_principal. In KADM5_API_VERSION_2, free the -contents allocated by a call to kadm5_get_principal. - -AUTHORIZATION REQUIRED: none (local operation) - -\begin{verbatim} -void kadm5_free_policy_ent(kadm5_policy_ent_t policy); -\end{verbatim} - -Free memory that was allocated by a call to kadm5_get_policy. If -the argument is NULL, the function returns succesfully. - -AUTHORIZATION REQUIRED: none (local operation) - -\subsection{kadm5_free_name_list} - -\begin{verbatim} -void kadm5_free_name_list(void *server_handle, - char **names, int *count); -\end{verbatim} - -Free the memory that was allocated by kadm5_get_principals or -kadm5_get_policies. names and count must be a matched pair of -values returned from one of those two functions. - -\subsection{kadm5_free_key_data} - -\begin{verbatim} -void kadm5_free_key_data(void *server_handle, - krb5_int16 *n_key_data, krb5_key_data *key_data) -\end{verbatim} - -Free the memory that was allocated by kadm5_randkey_principal. -n_key_data and key_data must be a matched pair of values returned from -that function. - -\subsection{kadm5_get_privs} - -\begin{verbatim} -kadm5_ret_t -kadm5_get_privs(void *server_handle, u_int32 *privs); -\end{verbatim} - -Return the caller's admin server privileges in the integer pointed to -by the argument. The Admin API does not define any way for a -principal's privileges to be set. Note that this function will -probably be removed or drastically changed in future versions of this -system. - -The returned value is a bitmask indicating the caller's privileges: - -\begin{tabular}{llr} -{\bf Privilege} & {\bf Symbol} & {\bf Value} \\ -Get & KADM5_PRIV_GET & 0x01 \\ -Add & KADM5_PRIV_ADD & 0x02 \\ -Modify & KADM5_PRIV_MODIFY & 0x04 \\ -Delete & KADM5_PRIV_DELETE & 0x08 \\ -List & KADM5_PRIV_LIST & 0x10 \\ -Changepw & KADM5_PRIV_CPW & 0x20 -\end{tabular} - -There is no guarantee that a caller will have a privilege indicated by -this function for any length of time or for any particular target; -applications using this function must still be prepared to handle all -possible KADM5_AUTH_* error codes. - -In the initial MIT Kerberos version of the admin server, permissions -depend both on the caller and the target; this function returns a -bitmask representing all privileges the caller can possibly have for -any possible target. - -\end{document} diff --git a/doc/kadm5/api-server-design.tex b/doc/kadm5/api-server-design.tex deleted file mode 100644 index f422c31..0000000 --- a/doc/kadm5/api-server-design.tex +++ /dev/null @@ -1,685 +0,0 @@ -\documentstyle[12pt,fullpage,changebar,rcsid]{article} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% Make _ actually generate an _, and allow line-breaking after it. -\let\underscore=\_ -\catcode`_=13 -\def_{\underscore\penalty75\relax} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -\rcs$Id$ - -\setlength{\parskip}{.7\baselineskip} -\setlength{\parindent}{0pt} - -\def\secure{OV*Secure} -\def\v#1{\verb+#1+} -\def\k#1{K$_#1$} - -\title{OV*Secure Admin Server \\ Implementation Design\thanks{\rcsId}} -\author{Barry Jaspan} - -\begin{document} - -\sloppy -\maketitle - -{\setlength{\parskip}{0pt}\tableofcontents} - -\section{Overview} - -The admin server is implemented as a nearly-stateless transaction -server, where each admin API function represents a single transaction. -No per-client or per-connection information is stored; only local -database handles are maintained between requests. - -The admin API is exported via an RPC interface that hides all details -about network encoding, authentication, and encryption of data on the -wire. The RPC mechanism does, however, allow the server to access the -underlying authentication credentials for authorization purposes. - -The admin server accesses a total of three databases. -\begin{itemize} -\item The master Kerberos database is used to store all the -information that the Kerberos server understands, thus allowing the -greatest functionality with no modifications to a standard KDC. - -\item The admin principal database stores \secure{}-specific per-principal -information. - -\item The policy database stores \secure{} policy information. -\end{itemize} - -The per-principal information stored in the admin principal database -consists of the principal's policy name and an array of the -principal's previous keys. The old keys are stored encrypted in the -key of the special principal ``ovsec_adm/history'' that is created by -ovsec_adm_create. Since a change in ovsec_adm/history's key renders -every principal's key history array useless, it can only be changed -using the ovsec_adm_edit utility; that program will reencrypt every -principal's key history in the new key.\footnote{ovsec_adm_edit has -not yet been implemented, and there are currently no plans to -implement it.} The admin server refuses all requests to change -ovsec_adm/history's key. - -\section{Main} - -The admin server starts by trapping all fatal signals and directing -them to a cleanup-and-exit function. It then creates and exports the -RPC interface and enters its main loop. - -The main loop dispatches all incoming requests to the RPC mechanism. -After 15 seconds of inactivity, the server closes all open databases; -each database will be automatically reopened by the API function -implementations as necessary. - -\section{Remote Procedure Calls} - -The RPC for the Admin system will be based on SUNRPC. SUNRPC is used -because it is a well-known, portable RPC mechanism. The underlying -external data representation (xdr) mechanisms for wire encapsulation -are well-known and extensible. - -Authentication to the admin server will be handled by adding a GSS-API -authentication type within the existing SUNRPC structure. This will -require code modifications to SUNRPC, but the API and wire protocol do -not need to change. This may affect whether the RPC will use UDP or -TCP; although all the admin functions are stateless, the GSS-API -authentication binding will not be and it might be easier to use TCP -for this reason. - -\section{Database Record Types} -\label{sec:db-types} - -\subsection{Admin Principal, osa_princ_ent_t} - -The admin principal database stores records of the type -osa_princ_ent_t (declared in $<$ovsec_admin/adb.h$>$), which is the -subset of the ovsec_kadm_principal_ent_t structure that is not stored -in the Kerberos database plus the necessary bookkeeping information. -The records are keyed by the ASCII representation of the principal's -name, including the trailing NULL. - -\begin{verbatim} -typedef struct _osa_princ_ent_t { - krb5_principal name; - - char * policy; - u_int32 aux_attributes; - - u_int32 num_old_keys; - u_int32 next_old_key; - krb5_kvno admin_history_kvno; - krb5_encrypted_keyblock *old_keys; -} osa_princ_ent_rec, *osa_princ_ent_t; -\end{verbatim} - -The fields that are different from ovsec_kadm_principal_ent_t are: - -\begin{description} -\item[num_old_keys] The number of previous keys in the old_keys array. -This value must be 0 $\le$ num_old_keys $<$ pw_history_num. - -\item[next_old_key] The index into old_keys where the next key should -be inserted. This value must be 0 $\le$ next_old_key $\le$ -num_old_keys. - -\item[admin_history_kvno] The key version number of the admin/history -principal's key used to encrypt the values in old_keys. If the admin -server finds that admin/history's kvno is different from the value in -this field, an error message is logged. (XXX where?) - -\item[old_keys] The array of the principal's previous keys, each -encrypted in the admin/history key. There are num_old_keys elements. -\end{description} - -\subsection{Policy, osa_policy_ent_t} - -The policy database stores records of the type osa_policy_ent_t -(declared in $<$ovsec_admin/adb.h$>$) , which is all of -ovsec_kadm_policy_ent_t plus necessary bookkeeping information. The -records are keyed by the policy name. - -\begin{verbatim} -typedef struct _osa_policy_ent_t { - char *policy; - - u_int32 pw_min_life; - u_int32 pw_max_life; - u_int32 pw_min_length; - u_int32 pw_min_classes; - u_int32 pw_history_num; - - u_int32 refcnt; -} osa_policy_ent_rec, *osa_policy_ent_t; -\end{verbatim} - -\subsection{Kerberos, krb5_db_entry} - -The Kerberos database stores records of type krb5_db_entry, which is -defined in the $<$krb5/kdb.h$>$ header file. - -\begin{verbatim} -typedef struct _krb5_encrypted_keyblock { - krb5_keytype keytype; - int length; - krb5_octet *contents; -} krb5_encrypted_keyblock; - -typedef struct _krb5_db_entry { - krb5_principal principal; - krb5_encrypted_keyblock key; - krb5_kvno kvno; - krb5_deltat max_life; - krb5_deltat max_renewable_life; - krb5_kvno mkvno; - - krb5_timestamp expiration; - krb5_timestamp pw_expiration; - krb5_timestamp last_pwd_change; - krb5_timestamp last_success; - - krb5_timestamp last_failed; - krb5_kvno fail_auth_count; - - krb5_principal mod_name; - krb5_timestamp mod_date; - krb5_flags attributes; - krb5_int32 salt_type:8, - salt_length:24; - krb5_octet *salt; - krb5_encrypted_keyblock alt_key; - krb5_int32 alt_salt_type:8, - alt_salt_length:24; - krb5_octet *alt_salt; - - krb5_int32 expansion[8]; -} krb5_db_entry; -\end{verbatim} - -The interpretation of most of these fields is the same as given in the -``Principals, ovsec_kadm_principal_ent_t'' section of the functional -specification. The fields that are not defined there are not used by -\secure{}; however, the admin server preserves the value of any fields -it does not understand. - -\section{Database Access Methods} - -\subsection{Principal and Policy Databases} - -This section describes the database abstraction used for the admin -principal and policy databases. Since both databases export -equivalent functionality, the API is only described once. The -character T is used to represent both ``princ'' and ``policy''. The -location of the principal database is defined by the \#define -PRINCIPAL_DB (``/krb5/ovsec_principal.db'') in $<$ovsec_admin/adb.h$>$. The -location of the policy database is defined by the \#define POLICY_DB -(``/krb5/ovsec_policy.db'') in $<$ovsec_admin/adb.h$>$. - -Note that this is {\it only} a database abstraction. All functional -intelligence, such as maintaining policy reference counts or sanity -checking, must be implemented above this layer. - -Prototypes for the osa functions are supplied in -$<$ovsec_admin/adb.h$>$. The routines can be found in -``install/lib/libadmsrv.a''. They require linking with the Berkely DB -library (``install/lib/libdb.a''). [Note: We needed to remove the dbm -compatibility routines from libdb.a because we want to leave KDB -library alone in case somebody wants to run a stock MIT KDC with our -admin server.] - -\subsubsection{Error codes} - -The database routines use com_err for error codes. The error code -table name is ``adb'' and the offsets are the same as the order -presented here. The error table header file is -$<$ovsec_admin/adb_err.h$>$. Callers of the OSA routines should first call -init_adb_err_tbl() to initialize the database table. - -\begin{description} -\item[OSA_ADB_OK] Operation successful. -\item[OSA_ADB_FAILURE] General failure. -\item[OSA_ADB_DUP] Operation would create a duplicate database entry. -\item[OSA_ADB_NOENT] Named entry not in database. -\item[OSA_ADB_BAD_PRINC] The krb5_principal structure is invalid. -\item[OSA_ADB_BAD_POLICY] The specified policy name is invalid. -\item[OSA_ADB_XDR_FAILURE] The principal or policy structure cannot be -encoded for storage. -\item[OSA_ADB_BADLOCKMODE] Bad lock mode specified. -\item[OSA_ADB_CANTLOCK_DB] Cannot lock database, presumably because it -is already locked. -\item[OSA_ADB_NOTLOCKED] Internal error, database not locked when -unlock is called. -\item[OSA_ADB_NOLOCKFILE] OpenV*Secure administration database lock -file (/krb5/ovsec_adm.lock) missing. -\end{description} - -Database functions can also return system errors. Unless otherwise -specified, database functions return OSA_ADB_OK. - -\subsubsection{Locking} - -All of the osa_adb functions except open and close lock and unlock the -database to prevent concurrency collisions. The overall locking -algorithm is as follows: - -\begin{enumerate} -\item osa_adb_open_T calls osa_adb_init_db to allocate the osa_adb_T_t -structure and open the locking file for further use. - -\item Each osa_adb functions locks the locking file and opens the -appropriate database with osa_adb_open_and_lock, performs its action, -and then closes the database and unlocks the locking file with -osa_adb_close_and_unlock. - -\item osa_adb_close_T calls osa_adb_fini_db to close the locking file -and deallocate the db structure. -\end{enumerate} - -Functions which modify the database acquire an exclusive lock, others -acqure a shared lock. osa_adb_iter_T acquires an exclusive lock for -safety but as stated below consequences of modifying the database in -the iteration function are undefined. - -\subsubsection{Function descriptions} - -\begin{verbatim} -osa_adb_ret_t -osa_adb_open_T(osa_adb_T_t *db, char *filename); -\end{verbatim} -% -Open the database named filename. Returns OSA_ADB_FAILURE if it -cannot open the database. - -\begin{verbatim} -osa_adb_ret_t -osa_adb_close_T(osa_adb_T_t db); -\end{verbatim} -% -Release all shared or exclusive locks (on BOTH databases, since they -use the same lock file) and close the database. - -It is an error to exit while a permanent lock is held; -OSA_ADB_NOLOCKFILE is returned in this case. - -\begin{verbatim} -osa_adb_ret_t osa_adb_get_lock(osa_adb_T_t db, int mode) -\end{verbatim} - -Acquire a lock on the administration databases; note that both -databases are locked simultaneously by a single call. The mode -argument can be OSA_ADB_SHARED, OSA_ADB_EXCLUSIVE, or -OSA_ADB_PERMANENT. The first two and the third are really disjoint -locking semantics and should not be interleaved. - -Shared and exclusive locks have the usual semantics, and a program can -upgrade a shared lock to an exclusive lock by calling the function -again. A reference count of open locks is maintained by this function -and osa_adb_release_lock so the functions can be called multiple -times; the actual lock is not released until the final -osa_adb_release_lock. Note, however, that once a lock is upgraded -from shared to exclusive it is not downgraded again until released -completely. In other words, get_lock(SHARED), get_lock(EXCLUSIVE), -release_lock() leaves the process with an exclusive lock with a -reference count of one. An attempt to get a shared or exclusive lock -that conflicts with another process results in the OSA_ADB_CANLOCK_DB -error code. - -This function and osa_adb_release_lock are called automatically as -needed by all other osa_adb functions to acquire shared and exclusive -locks and so are not normally needed. They can be used explicitly by -a program that wants to perform multiple osa_adb functions within the -context of a single lock (ie: ovsec_adm_export). - -Acquiring an OSA_ADB_PERMANENT lock is different. A permanent lock -consists of first acquiring an exclusive lock and then {\it deleting -the lock file}. Any subsequent attempt to acquire a lock by a -different process will fail with OSA_ADB_NOLOCKFILE instead of -OSA_ADB_CANTLOCK_DB (attempts in the same process will ``succeed'' -because only the reference count gets incremented). Releasing a -permanent lock re-creates the lock file. - -The purpose of a permanent lock is to absolutely ensure that the -database remain locked during non-atomic operations. If the locking -process dies while holding a permanent lock, all subsequent osa_adb -operations will fail, even through a system reboot. This is useful, -for example, for ovsec_adm_import which creates both new database -files in a temporary location and renames them into place. If both -renames do not fully complete the database will probably be -inconsistent and everything should stop working until an administrator -can clean it up. - -\begin{verbatim} -osa_adb_ret_t osa_adb_release_lock(osa_adb_T_t db) -\end{verbatim} - -Releases a shared or exclusive lock acquired with osa_adb_get_lock, or -decrements the reference count if multiple locks have been requested. -Releasing a permanent lock re-creates the lock file and releases all -of the processes locks (ie: the reference count is set back to zero). - -All of a process' shared or exclusive database locks are released when -the process terminates. A permanent lock is {\it not} released when -the process exits (although the exclusive lock it begins with -obviously is). - -\begin{verbatim} -osa_adb_ret_t -osa_adb_create_T(osa_adb_T_t db, osa_T_ent_t entry); -\end{verbatim} -% -Adds the entry to the database. All fields are defined. Returns -OSA_ADB_DUP if it already exists. - -\begin{verbatim} -osa_adb_ret_t -osa_adb_destroy_T(osa_adb_T_t db, osa_T_t name); -\end{verbatim} - -Removes the named entry from the database. Returns OSA_ADB_NOENT if -it does not exist. - -\begin{verbatim} -osa_adb_ret_t -osa_adb_get_T(osa_adb_T_t db, osa_T_t name, - osa_princ_ent_t *entry); -\end{verbatim} - -Looks up the named entry in the db, and returns it in *entry in -allocated storage that must be freed with osa_adb_free_T. Returns -OSA_ADB_NOENT if name does not exist, OSA_ADB_MEM if memory cannot be -allocated. - -\begin{verbatim} -osa_adb_ret_t -osadb_adb_put_T(osa_adb_T_t db, osa_T_ent_t entry); -\end{verbatim} - -Modifies the existing entry named in entry. All fields must be filled -in. Returns OSA_DB_NOENT if the named entry does not exist. Note -that this cannot be used to rename an entry; rename is implemented by -deleting the old name and creating the new one (NOT ATOMIC!). - -\begin{verbatim} -void osa_adb_free_T(osa_T_ent_t); -\end{verbatim} - -Frees the memory associated with an osa_T_ent_t allocated by -osa_adb_get_T. - -\begin{verbatim} -typedef osa_adb_ret_t (*osa_adb_iter_T_func)(void *data, - osa_T_ent_t entry); - -osa_adb_ret_t osa_adb_iter_T(osa_adb_T_t db, osa_adb_iter_T_func func, - void *data); -\end{verbatim} - -Iterates over every entry in the database. For each entry ent in the -database db, the function (*func)(data, ent) is called. If func -returns an error code, osa_adb_iter_T returns an error code. If all -invokations of func return OSA_ADB_OK, osa_adb_iter_T returns -OSA_ADB_OK. The function func is permitted to access the database, -but the consequences of modifying the database during the iteration -are undefined. - -\subsection{Kerberos Database} - -Kerberos uses dbm to store krb5_db_entry records. It can be accessed -and modified in parallel with the Kerberos server, using functions -that are defined inside the KDC and the libkdb.a. - -\subsubsection{Database Manipulation Functions} - -The following functions are declared in \v{lib/kdb/kdb_dbm.c} in the -Kerberos sources and are available in libkdb.a. They can return the -following error codes; error codes that can be returned by any -function are indicated with a ``*'' and are not listed specifically -for each function. - -\begin{description} -\item[* KRB5_KDB_NOTINITED] The database is not open; call -krb5_dbm_db_init. -\item[* KRB5_KDB_CANTLOCK_DB] The necessary lock cannot be acquired. Try -again later. -\item[* system errors] An error occurred accessing the database files. -\item[KRB5_KDB_DB_INUSE] The database was modified without the use -of proper locking.\footnote{This error occurs when the entire database -is swapped out from the under the process, say by a kdb5_edit restore. -It can only be returned by krb5_db_get_principal. It is not yet clear -what a program should do when it gets this error.} -\item[KRB5_KDB_NOENTRY] The principal to be deleted is not -in the database. -\end{description} - -\begin{verbatim} -krb5_dbm_db_init(void) -\end{verbatim} - -Opens the Kerberos database file (but does not actually call -dbm_open). This can be called even if the database is already open, -in which case it just returns success. - -\begin{verbatim} -krb5_dbm_db_fini(void) -\end{verbatim} - -Closes the database file; this MUST be called before the process -exits. Returns KRB5_KDB_DBNOTINITED if the database isn't open, but -that isn't really a fatal error. - -\begin{verbatim} -krb5_dbm_get_principal(krb5_principal searchfor, - krb5_db_entry *entries, int *nentries, krb5_boolean *more) -\end{verbatim} - -Search the database for the principal searchfor and write the results -into *entries. The interface is set up to handle wildcard gets, but -the code doesn't handle it: *nentries is assumed to be 1, and *more is -always returned as 0. - -This function does not retry if the database cannot be locked; that is -up to the caller. - -Returns KRB5_KDB_DB_INUSE. - -\begin{verbatim} -krb5_dbm_put_principal(krb5_db_entry *entries, int *nentries) -\end{verbatim} - -Stores *nentries elements from the entries array into the database. -On return *nentries is set to the number of entries actually written; -the first *nentries entries will have been written, even if an error -pis returned. - -This function does not retry if the database cannot be locked; that is -up to the caller. - -\begin{verbatim} -krb5_dbm_db_delete_principal(krb5_principal searchfor, int *nentries) -\end{verbatim} - -Removes the principal searchfor from the database. nentries will be -set to 0 or 1 on output, indicating the number of entries deleted (the -code does not currently support wildcards). - -Returns KRB5_KDB_NOENTRY. - -\begin{verbatim} -typedef krb5_error_code (*iter_func)(krb5_pointer, krb5_db_entry *); - -krb5_dbm_db_iterate(iter_func func, krb5_point func_arg) -\end{verbatim} - -Calls (*func)(func_arg, entry) for every entry in the database. If -func returns an error code, the iteration stops and that error code is -returned. - -Returns func error codes. - -\begin{verbatim} -void krb5_dbm_db_free_principal(krb5_db_entry *entries, int nentries) -\end{verbatim} - -Frees entries returned by krb5_dbm_db_get_principal. nentries entries -in the array entries will be freed. - -\subsubsection{Initialization and Key Access} - -Keys stored in the Kerberos database are encrypted in the Kerberos -master key. The admin server will therefore have to acquire the key -before it can perform any key-changing operations, and will have to -decrypt and encrypt the keys retrieved from and placed into the -database via krb5_db_get_principal and _put_principal. This section -describes the internal admin server API that will be used to perform -these functions. - -\begin{verbatim} -krb5_principal master_princ; -krb5_encrypt_block master_encblock; -krb5_keyblock master_keyblock; - -void kdc_init_master() -\end{verbatim} - -kdc_init_master opens the database and acquires the master key. It -also sets the global variables master_princ, master_encblock, and -master_keyblock: - -\begin{itemize} -\item master_princ is set to the name of the Kerberos master principal -(\v{K/M@REALM}). - -\item master_encblock is something I have no idea about. - -\item master_keyblock is the Kerberos master key -\end{itemize} - -\begin{verbatim} -krb5_error_code kdb_get_entry_and_key(krb5_principal principal, - krb5_db_entry *entry, - krb5_keyblock *key) -\end{verbatim} - -kdb_get_entry_and_key retrieves the named principal's entry from the -database in entry, and decrypts its key into key. The caller must -free entry with krb5_dbm_db_free_principal and free key-$>$contents with -free.\footnote{The caller should also \v{memset(key-$>$contents, 0, -key-$>$length)}. There should be a function krb5_free_keyblock_contents -for this, but there is not.} - -\begin{verbatim} -krb5_error_code kdb_put_entry_pw(krb5_db_entry *entry, char *pw) -\end{verbatim} - -kdb_put_entry_pw stores entry in the database. All the entry values -must already be set; this function does not change any of them except -the key. pw, the NULL-terminated password string, is converted to a -key using string-to-key with the salt type specified in -entry-$>$salt_type.\footnote{The salt_type should be set based on the -command line arguments to the kadmin server (see the ``Command Line'' -section of the functional specification).} - -\section{Admin Principal and Policy Database Implementation} - -The admin principal and policy databases will each be stored in a -single hash table, implemented by the Berkeley 4.4BSD db library. -Each record will consist of an entire osa_T_ent_t. The key into the -hash table is the entry name (for principals, the ASCII representation -of the name). The value is the T entry structure. Since the key and -data must be self-contained, with no pointers, the Sun xdr mechanisms -will be used to marshal and unmarshal data in the database. - -The server in the first release will be single-threaded in that a -request will run to completion (or error) before the next will run, -but multiple connections will be allowed simultaneously. - -\section{ACLs, acl_check} - -The ACL mechanism described in the ``Authorization ACLs'' section of -the functional specifications will be implemented by the acl_check -function. - -\begin{verbatim} -enum access_t { - ACCESS_DENIED = 0, - ACCESS_OK = 1, -}; - -enum access_t acl_check(krb5_principal princ, char *priv); -\end{verbatim} - -The priv argument must be one of ``get'', ``add'', ``delete'', or -``modify''. acl_check returns 1 if the principal princ has the named -privilege, 0 if it does not. - -\section{Function Details} - -This section discusses specific design issues for Admin API functions -that are not addresed by the functional specifications. - -\subsection{ovsec_kadm_create_principal} - -If the named principal exists in either the Kerberos or admin -principal database, but not both, return OVSEC_KADM_BAD_DB. - -The principal's initial key is not stored in the key history array at -creation time. - -\subsection{ovsec_kadm_delete_principal} - -If the named principal exists in either the Kerberos or admin -principal database, but not both, return OVSEC_KADM_BAD_DB. - -\subsection{ovsec_kadm_modify_principal} - -If the named principal exists in either the Kerberos or admin -principal database, but not both, return OVSEC_KADM_BAD_DB. - -If pw_history_num changes and the new value $n$ is smaller than the -current value of num_old_keys, old_keys should end up with the $n$ -most recent keys; these are found by counting backwards $n$ elements -in old_keys from next_old_key. next_old_keys should then be reset to -0, the oldest of the saved keys, and num_old_keys set to $n$, the -new actual number of old keys in the array. - -\subsection{ovsec_kadm_chpass_principal, randkey_principal} - -The algorithm for determining whether a password is in the principal's -key history is complicated by the use of the kadmin/history \k{h} -encrypting key. - -\begin{enumerate} -\item For ovsec_kadm_chpass_principal, convert the password to a key -using string-to-key and the salt method specified by the command line -arguments. - -\item If the POLICY bit is set and pw_history_num is not zero, check -if the new key is in the history. -\begin{enumerate} -\item Retrieve the principal's current key and decrypt it with \k{M}. -If it is the same as the new key, return OVSEC_KADM_PASS_REUSE. -\item Retrieve the kadmin/history key \k{h} and decrypt it with \k{M}. -\item Encrypt the principal's new key in \k{h}. -\item If the principal's new key encrypted in \k{h} is in old_keys, -return OVSEC_KADM_PASS_REUSE. -\item Encrypt the principal's current key in \k{h} and store it in -old_keys. -\item Erase the memory containing \k{h}. -\end{enumerate} - -\item Encrypt the principal's new key in \k{M} and store it in the -database. -\item Erase the memory containing \k{M}. -\end{enumerate} - -To store the an encrypted key in old_keys, insert it as the -next_old_key element of old_keys, and increment next_old_key by one -modulo pw_history_num. - -\subsection{ovsec_kadm_get_principal} - -If the named principal exists in either the Kerberos or admin -principal database, but not both, return OVSEC_KADM_BAD_DB. - -\end{document} diff --git a/doc/kadm5/api-unit-test.tex b/doc/kadm5/api-unit-test.tex deleted file mode 100644 index 8985263..0000000 --- a/doc/kadm5/api-unit-test.tex +++ /dev/null @@ -1,2376 +0,0 @@ -\documentstyle[times,fullpage,rcsid]{article} - -\rcs$Header$ - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% Make _ actually generate an _, and allow line-breaking after it. -\let\underscore=\_ -\catcode`_=13 -\def_{\underscore\penalty75\relax} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -\newcommand{\test}[1]{\begin{description} -\setlength{\itemsep}{0pt} -#1 -\end{description} - -} - -\newcommand{\numtest}[2]{\begin{description} -\setlength{\itemsep}{0pt} -\Number{#1} -#2 -\end{description} - -} - -\newcommand{\Number}[1]{\item[Number:] #1} -\newcommand{\Reason}[1]{\item[Reason:] #1} -%\newcommand{\Call}[1]{\item[Call:] #1} -\newcommand{\Expected}[1]{\item[Expected:] #1} -\newcommand{\Conditions}[1]{\item[Conditions:] #1} -\newcommand{\Priority}[1]{\item[Priority:] #1} -\newcommand{\Status}[1]{\item[Status:] #1} -%\newcommand{\Number}[1]{} -%\newcommand{\Reason}[1]{} -\newcommand{\Call}[1]{} -%\newcommand{\Expected}[1]{} -%\newcommand{\Conditions}[1]{} -%\newcommand{\Priority}[1]{} - -\title{OpenV*Secure 1.0 Admin API\\ -Unit Test Description\footnote{\rcsHeader}} -\author{Jonathan I. Kamens} - -\begin{document} - -\maketitle - -%\tableofcontents - -\section{Introduction} - -The following is a description of a black-box unit test of the -OpenV*Secure Admin API. Each API function is listed, followed by the -tests that shoud be performed on it. - -The tests described here are based on the ``OV*Secure Admin Functional -Specifications'' revision 1.41, dated August 18, 1994. - -Since inter-realm functionality is not a requirement for OpenV*Secure -1.0, it is not tested. - -All tests which test for success should verify, using some means other -than the return value of the function being tested, that the requested -operation was successfully performed. For example: for init, test -that other operations can be performed after init; for destroy, test -that other operations can't be performed after destroy; for modify -functions, verify that all modifications to the database which should -have taken place did, and that the new, modified data is in effect; -for get operations, verify that the data retrieved is the data that -should actually be in the database. - -As of now the tests are being re-worked to use database comparision routines -simular to the GUI tests. This routines are not completly in place yet. The -purpose for using these routines is for better detection of incorrect -database modification. - -Similarly, all tests which test for failure should verify that the -no component of the requested operation took place. For example: if -init fails, other operations should not work. If a modify fails, all -data in the database should be the same as it was before the attempt -to modify, and the old data should still be what is enforced. -Furthermore, tests which test for failure should verify that the -failure code returned is correct for the specific failure condition -tested. - -Most of the tests listed below should be run twice -- once locally on -the server after linking against the server API library, and once -talking to the server via authenticated Sun RPC after linking against -the client API library. Tests which should only be run locally or via -RPC are labelled with a ``local'' or ``RPC''. - -Furthermore, in addition to the tests labelled below, a test should be -implemented to verify that a client can't perform operations on the -server through the client API library when it's linked against -standard Sun RPC instead of OpenV*Secure's authenticated Sun RPC. -This will require a client with a modified version of ovsec_kadm_init -which doesn't call auth_gssapi_create. This client should call this -modified ovsec_kadm_init and then call some other admin API function, -specifying arguments to both functions that would work if the -authenticated Sun RPC had been used, but shouldn't if authentication -wasn't used. The test should verify that the API function call after -the init doesn't succeed. - -There is also another test to see if all the API functions handle getting an -invalid server handle correctly. This is not done as part of the tests that -are run through the TCL program cause the TCL program has no way of -invalidating a server handle. So there is a program that calls init and -changes the handle magic number, and then attempts to call each API function -with the corrupted server handle. - -\section{ovsec_kadm_init} - -\numtest{1}{ -\Reason{An empty string realm is rejected.} -\Status{Implemented} -} - -\numtest{2}{ -\Reason{A realm containing invalid characters is rejected.} -\Status{Implemented} -} - -\numtest{2.5}{ -\Reason{A non-existent realm is rejected.} -\Status{Implemented} -} - -\numtest{3}{ -\Reason{A bad service name representing an existing principal - (different from the client principal) is rejected.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{4}{ -\Reason{A bad service name representing a non-existent - principal is rejected.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{5}{ -\Reason{A bad service name identical to the (existing) client - name is rejected.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{6}{ -\Reason{A null password causes password prompting.} -\Status{Implemented} -} - -\numtest{7}{ -\Reason{An empty-string causes password prompting} -\Status{Implemented} -} - -\numtest{8}{ -\Reason{An incorrect password which is the password of another - user is rejected.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{9}{ -\Reason{An incorrect password which isn't the password of any - user is rejected.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{10}{ -\Reason{A null client_name is rejected.} -\Status{Implemented} -} - -% Empty string client name is legal. -%\numtest{11}{ -%\Reason{An empty-string client_name is rejected.} -%} - -\numtest{12}{ -\Reason{A client_name referring to a non-existent principal in - the default realm is rejected.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{13}{ -\Reason{A client_name referring to a non-existent principal - with the local realm specified explicitly is rejected.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{14}{ -\Reason{A client_name referring to a non-existent principal in - a nonexistent realm is rejected.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{15}{ -\Reason{A client_name referring to an existing principal in a - nonexistent realm is rejected.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{16}{ -\Reason{Valid invocation.} -\Status{Implemented} -} - -\numtest{17}{ -\Reason{Valid invocation (explicit client realm).} -\Status{Implemented} -} - -\numtest{18}{ -\Reason{Valid invocation (CHANGEPW_SERVICE).} -\Status{Implemented} -} - -\numtest{19}{ -\Reason{Valid invocation (explicit service realm).} -\Status{Implemented} -} - -\numtest{20}{ -\Reason{Valid invocation (database access allowed after init).} -\Status{Implemented} -} - -%\numtest{21}{ -%\Reason{Init fails when called twice in a row.} -%\Status{Implemented} -%} - -\numtest{22}{ -\Reason{A null password causes master-key prompting.} -\Conditions{local} -\Status{Implemented} -} - -\numtest{22.5}{ -\Reason{A empty string password causes master-key prompting.} -\Conditions{local} -\Status{Implemented} -} - -%\numtest{23}{ -%\Reason{A non-null password causes reading from the kstash.} -%\Conditions{local} -%\Status{Implemented} -%} - -\numtest{24}{ -\Reason{Null service name is ignored in local invocation.} -\Conditions{local} -\Status{Implemented} -} - -\numtest{25}{ -\Reason{Non-null service name is ignored in local invocation.} -\Conditions{local} -\Status{Implemented} -} - -%\numtest{26}{ -%\Reason{Can't do ``get'' operation before calling init.} -%\Status{Implemented} -%} - -%\numtest{27}{ -%\Reason{Can't do ``add'' operation before calling init.} -%\Status{Implemented} -%} - -%\numtest{28}{ -%\Reason{Can't do ``modify'' operation before calling init.} -%\Status{Implemented} -%} - -%\numtest{29}{ -%\Reason{Can't do ``delete'' operation before calling init.} -%\Status{Implemented} -%} - -\numtest{30}{ -\Reason{Can init after failed init attempt.} -\Conditions{local} -\Status{Implemented} -} - -\numtest{31}{ -\Priority{High} -\Reason{Return BAD_STRUCT_VERSION when the mask bits are set to invalid values} -\Status{Implemented} -} - -\numtest{32}{ -\Priority{High} -\Reason{Return BAD_STRUCT_VERSION when the mask bits are not set} -\Status{Implemented} -} - -\numtest{33}{ -\Priority{High} -\Reason{Return OLD_STRUCT_VERSION when attempting to use an old/unsupported - structure version} -\Status{Implemented} -} - -\numtest{34}{ -\Priority{High} -\Reason{Return NEW_STRUCT_VERSION when attempting to use a newer version of - of the structure then what is supported} -\Status{Implemented} -} - -\numtest{35}{ -\Priority{High} -\Reason{Return BAD_API_VERSION when the mask bits are set to invalid values} -\Status{Implemented} -} - -\numtest{36}{ -\Priority{High} -\Reason{Return BAD_API_VERSION when the mask bits are not set} -\Status{Implemented} -} - -\numtest{37}{ -\Priority{High} -\Reason{Return OLD_LIB_API_VERSION when using an old/unsuppored - api version number} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{38}{ -\Priority{High} -\Reason{Return OLD_SERVER_API_VERSION attempting to use an - old/unsupported api version number} -\Conditions{local} -\Status{Implemented} -} - -\numtest{39}{ -\Priority{High} -\Reason{Return NEW_LIB_API_VERSION when using a newer api - version number then supported} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{40}{ -\Priority{High} -\Reason{Return NEW_SERVER_API_VERSION when using a newer api version - number then supported} -\Conditions{local} -\Status{Implemented} -} - -\numtest{41}{ -\Priority{High} -\Reason{Return BAD_XXX_VERSION when the API and the structure - version numbers are reversed} -\Status{Implemented} -} - -\numtest{42}{ -\Priority{High} -\Reason{Succeeds when using valid api and struct version numbers and masks} -\Status{Implemented} -} - -\numtest{43}{ -\Priority{Low} -\Reason{Returns two different server handle when called twice with same info} -} - -\numtest{44}{ -\Priority{Low} -\Reason{Returns two different server handles when called twice with - different info} -} - -\numtest{45}{ -\Priority{Bug fix, secure-install/3390} -\Reason{Returns SECURE_PRINC_MISSING when ADMIN_SERVICE does not -exist.} -\Status{Implemented} -} - -\numtest{46}{ -\Priority{Bug fix, secure-install/3390} -\Reason{Returns SECURE_PRINC_MISSING when CHANGEPW_SERVICE does not -exist.} -\Status{Implemented} -} - -\section{ovsec_kadm_destroy} - -\numtest{1}{ -\Reason{Valid invocation.} -\Status{Implemented} -} - -%\numtest{2}{ -%\Reason{Valid invocation (``get'' not allowed after destroy).} -%\Status{Implemented} -%} - -%\numtest{3}{ -%\Reason{Valid invocation (``add'' not allowed after destroy).} -%\Status{Implemented} -%} - -%\numtest{4}{ -%\Reason{Valid invocation (``modify'' not allowed after destroy).} -%\Status{Implemented} -%} - -%\numtest{5}{ -%\Reason{Valid invocation (``delete'' not allowed after destroy).} -%\Status{Implemented} -%} - -%\numtest{6}{ -%\Reason{Fails if database not initialized.} -%\Status{Implemented} -%} - -%\numtest{7}{ -%\Reason{Fails if invoked twice in a row.} -%\Status{Implemented} -%} - -\numtest{8}{ -\Reason{Database can be reinitialized after destroy.} -\Status{Implemented} -} - -\numtest{9}{ -\Priority{High} -\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} -\Status{Implemented} -} - -\numtest{10}{ -\Priority{Low} -\Reason{Connects to correct server when mutliple handles exist} -\Conditions{client} -} - -\section{ovsec_kadm_create_principal} - -%In the tests below, ``getu'' refers to a user who has only ``get'' access, -%''addu'' refers to a user who has only ``add'' access, ``modifyu'' refers to -%a user who has only ``modify'' access, and ``deleteu'' refers to a user -%who has only ``delete'' access. ``amu'' refers to a user with ``add'' and -%''modify'' access. ``new_princ'' refers to a principal entry structure -%filled in as follows: -% -% krb5_parse_name("newuser", \&new_princ.principal); -% krb5_timeofday(\&new_princ.princ_expire_time); -% new_princ.princ_expire_time += 130; -% krb5_timeofday(\&new_princ.last_pwd_change); -% new_princ.last_pwd_change += 140; -% krb5_timeofday(\&new_princ.pw_expiration); -% new_princ.pw_expiration += 150; -% new_princ.max_life = 160; -% krb5_parse_name("usera", \&new_princ.mod_name); -% krb5_timeofday(\&new_princ.mod_date); -% new_princ.mod_date += 170; -% new_princ.attributes = 0xabcdabcd; -% new_princ.kvno = 180; -% new_princ.mkvno = 190; -% new_princ.policy = null; -% new_princ.aux_attributes = 0xdeadbeef; -% -%The offsets of 130 through 190 above are used to ensure that the -%fields are all known to be different from each other, so that -%accidentally switched fields can be detected. Some of the fields in -%this structure may be changed by the tests, but they should clean up -%after themselves. - -%\numtest{1}{ -%\Reason{Fails if database not initialized.} -%\Status{Implemented} -%} - -\numtest{2}{ -\Reason{Fails on null princ argument.} -\Status{Implemented} -} - -\numtest{3}{ -\Reason{Fails on null password argument.} -\Status{Implemented} -} - -\numtest{4}{ -\Reason{Fails on empty-string password argument.} -\Status{Implemented} -} - -\numtest{5}{ -\Reason{Fails when mask contains undefined bit.} -\Status{Implemented} -} - -\numtest{6}{ -\Reason{Fails when mask contains LAST_PWD_CHANGE bit.} -\Status{Implemented} -} - -\numtest{7}{ -\Reason{Fails when mask contains MOD_TIME bit.} -\Status{Implemented} -} - -\numtest{8}{ -\Reason{Fails when mask contains MOD_NAME bit.} -\Status{Implemented} -} - -\numtest{9}{ -\Reason{Fails when mask contains MKVNO bit.} -\Status{Implemented} -} - -\numtest{10}{ -\Reason{Fails when mask contains AUX_ATTRIBUTES bit.} -\Status{Implemented} -} - -\numtest{11}{ -\Reason{Fails when mask contains POLICY_CLR bit.} -\Status{Implemented} -} - -\numtest{12}{ -\Reason{Fails for caller with no access bits.} -\Status{Implemented} -} - -\numtest{13}{ -\Reason{Fails when caller has ``get'' access and not ``add''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{14}{ -\Reason{Fails when caller has ``modify'' access and not ``add''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{15}{ -\Reason{Fails when caller has ``delete'' access and not ``add''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{16}{ -\Reason{Fails when caller connected with CHANGEPW_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{17}{ -\Reason{Fails on attempt to create existing principal.} -\Status{Implemented} -} - -\numtest{18}{ -\Reason{Fails when password is too short.} -\Status{Implemented} -} - -\numtest{19}{ -\Reason{Fails when password has too few classes.} -\Status{Implemented} -} - -\numtest{20}{ -\Reason{Fails when password is in dictionary.} -\Status{Implemented} -} - -\numtest{21}{ -\Reason{Nonexistent policy is rejected.} -\Status{Implemented} -} - -\numtest{22}{ -\Reason{Fails on invalid principal name.} -\Status{Implemented} -} - -\numtest{23}{ -\Reason{Valid invocation.} -\Status{Implemented} -} - -\numtest{24}{ -\Reason{Succeeds when caller has ``add'' access and another one.} -\Status{Implemented} -} - -%\numtest{25}{ -%\Reason{Fails when password is too short, when override_qual is true.} -%} - -%\numtest{26}{ -%\Reason{Fails when password has too few classes, when -% override_qual is true.} -%} - -%\numtest{27}{ -%\Reason{Fails when password is in dictionary, when override_qual is -% true.} -%} - -\numtest{28}{ -\Reason{Succeeds when assigning policy.} -\Status{Implemented} -} - -\numtest{29}{ -\Priority{High} -\Reason{Allows 0 (never) for princ_expire_time.} -\Status{Implemented} -} - -\numtest{30}{ -\Reason{Allows 0 (never) for pw_expiration when there's no policy.} -\Status{Implemented} -} - -\numtest{31}{ -\Reason{Allows 0 (never) for pw_expiration when there's a policy with - 0 for pw_max_life.} -\Status{Implemented} -} - -\numtest{32}{ -\Reason{Accepts 0 (never) for pw_expiration when there's a policy with - non-zero pw_max_life, but actually sets pw_expiration to now + - pw_max_life.} -\Status{Implemented} -} - -\numtest{33}{ -\Reason{Accepts and sets non-zero pw_expiration when no policy.} -\Status{Implemented} -} - -\numtest{34}{ -\Reason{Accepts and sets non-zero pw_expiration when there's a policy - with zero pw_max_life.} -\Status{Implemented} -} - -\numtest{35}{ -\Reason{Accepts and sets non-zero pw_expiration when there's a policy - with pw_max_life later than the specified pw_expiration.} -\Status{Implemented} -} - -\numtest{36}{ -\Reason{Accepts non-zero pw_expiration and limits it to now + - pw_max_life when it's later than now + non-zero pw_max_life in - policy.} -\Status{Implemented} -} - -\numtest{37}{ -\Priority{High} -\Reason{Sets pw_expiration to 0 (never) if there's no policy and no - specified pw_expiration.} -\Status{Implemented} -} - -\numtest{38}{ -\Priority{High} -\Reason{Sets pw_expiration to 0 (never) if it isn't specified and the - policy has a 0 (never) pw_max_life.} -\Status{Implemented} -} - -\numtest{39}{ -\Priority{High} -\Reason{Sets pw_expiration to now + pw_max_life if it isn't specified - and the policy has a non-zero pw_max_life.} -\Status{Implemented} -} - -\numtest{40}{ -\Priority{High} -\Reason{Allows 0 (forever) for max_life.} -\Status{Implemented} -} - -\numtest{41}{ -\Priority{High} -\Reason{Doesn't modify or free mod_name on success.} -} - -\numtest{42}{ -\Priority{High} -\Reason{Doesn't modify or free mod_name on failure.} -} - -\numtest{43}{ -\Priority{High} -\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} -\Status{Implemented} -} - -\numtest{44}{ -\Priority{Low} -\Reason{Connects to correct server when mutliple handles exist} -\Conditions{RPC} -} - - -\section{ovsec_kadm_delete_principal} - -%\numtest{1}{ -%\Reason{Fails if database not initialized.} -%\Status{Implemented} -%} - -\numtest{2}{ -\Reason{Fails on null principal.} -\Status{Implemented} -} - -% Empty string principal is legal. -%\numtest{3}{ -%\Reason{Fails on empty-string principal.} -%} - -% There is not invalid principal names -%\numtest{4}{ -%\Reason{Fails on invalid principal name.} -%} - -\numtest{5}{ -\Priority{High} -\Reason{Fails on nonexistent principal.} -\Status{Implemented} -} - -\numtest{6}{ -\Priority{High} -\Reason{Fails when caller connected with CHANGEPW_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{7}{ -\Priority{High} -\Reason{Fails if caller has ``add'' access and not ``delete''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{8}{ -\Priority{High} -\Reason{Fails if caller has ``modify'' access and not ``delete''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{9}{ -\Priority{High} -\Reason{Fails if caller has ``get'' access and not ``delete''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{10}{ -\Priority{High} -\Reason{Fails if caller has no access bits.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{11}{ -\Priority{High} -\Reason{Valid invocation.} -\Status{Implemented} -} - -\numtest{12}{ -\Priority{High} -\Reason{Valid invocation (on principal with policy).} -\Status{Implemented} -} - -\numtest{13}{ -\Priority{High} -\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} -\Status{Implemented} -} - -\numtest{14}{ -\Priority{Low} -\Reason{Connects to correct server when mutliple handles exist} -\Conditions{RPC} -} - - -\section{ovsec_kadm_modify_principal} - -%\numtest{1}{ -%\Reason{Fails if database not initialized.} -%\Status{Implemented} -%} - -\numtest{2}{ -\Priority{High} -\Reason{Fails if user connected with CHANGEPW_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{3}{ -\Reason{Fails on mask with undefined bit set.} -\Status{Implemented} -} - -\numtest{4}{ -\Reason{Fails on mask with PRINCIPAL set.} -\Status{Implemented} -} - -\numtest{5}{ -\Priority{High} -\Reason{Fails on mask with LAST_PWD_CHANGE set.} -\Status{Implemented} -} - -\numtest{6}{ -\Reason{Fails on mask with MOD_TIME set.} -\Status{Implemented} -} - -\numtest{7}{ -\Reason{Fails on mask with MOD_NAME set.} -\Status{Implemented} -} - -\numtest{8}{ -\Reason{Fails on mask with MKVNO set.} -\Status{Implemented} -} - -\numtest{9}{ -\Priority{High} -\Reason{Fails on mask with AUX_ATTRIBUTES set.} -\Status{Implemented} -} - -\numtest{10}{ -\Reason{Fails on nonexistent principal.} -\Status{Implemented} -} - -\numtest{11}{ -\Priority{High} -\Reason{Fails for user with no access bits.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{12}{ -\Priority{High} -\Reason{Fails for user with ``get'' access.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{13}{ -\Priority{High} -\Reason{Fails for user with ``add'' access.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{14}{ -\Priority{High} -\Reason{Fails for user with ``delete'' access.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{15}{ -\Priority{High} -\Reason{Succeeds for user with ``modify'' access.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{16}{ -\Reason{Succeeds for user with ``modify'' and another access.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{17}{ -\Priority{High} -\Reason{Fails when nonexistent policy is specified.} -\Status{Implemented} -} - -\numtest{18}{ -\Priority{High} -\Reason{Succeeds when existent policy is specified.} -\Status{Implemented} -} - -\numtest{19}{ -\Reason{Updates policy count when setting policy from none.} -\Status{Implemented} -} - -\numtest{20}{ -\Reason{Updates policy count when clearing policy from set.} -\Status{Implemented} -} - -\numtest{21}{ -\Reason{Updates policy count when setting policy from other policy.} -\Status{Implemented} -} - -\numtest{21.5}{ -\Reason{Policy reference count remains unchanged when policy is - changed to itself.} -\Status{Implemented.} -} - -\numtest{22}{ -\Reason{Allows 0 (never) for pw_expiration when there's no policy.} -\Status{Implemented} -} - -\numtest{23}{ -\Reason{Allows 0 (never) for pw_expiration when there's a policy with - 0 for pw_max_life.} -\Status{Implemented} -} - -\numtest{24}{ -\Reason{Accepts 0 (never) for pw_expiration when there's a policy with - non-zero pw_max_life, but actually sets pw_expiration to - last_pwd_change + pw_max_life.} -\Status{Implemented} -} - -\numtest{25}{ -\Reason{Accepts and sets non-zero pw_expiration when no policy.} -\Status{Implemented} -} - -\numtest{26}{ -\Reason{Accepts and sets non-zero pw_expiration when there's a policy - with zero pw_max_life.} -\Status{Implemented} -} - -\numtest{27}{ -\Reason{Accepts and sets non-zero pw_expiration when there's a policy - with pw_max_life later than the specified pw_expiration.} -\Status{Implemented} -} - -\numtest{28}{ -\Reason{Accepts non-zero pw_expiration and limits it to last_pwd_change + - pw_max_life when it's later than last_pwd_change + non-zero - pw_max_life in policy.} -\Status{Implemented} -} - -\numtest{29}{ -\Priority{High} -\Reason{Sets pw_expiration to 0 (never) if there's no policy and no - specified pw_expiration.} -\Status{Implemented} -} - -\numtest{30}{ -\Priority{High} -\Reason{Sets pw_expiration to 0 (never) if it isn't specified and the - policy has a 0 (never) pw_max_life.} -\Status{Implemented} -} - -\numtest{31}{ -\Priority{High} -\Reason{Sets pw_expiration to now + pw_max_life if it isn't specified - and the policy has a non-zero pw_max_life.} -\Status{Implemented} -} - -\numtest{32}{ -\Priority{High} -\Reason{Accepts princ_expire_time change.} -\Status{Implemented} -} - - - -\numtest{33}{ -\Priority{High} -\Reason{Accepts attributes change.} -\Status{Implemented} -} - -\numtest{33.25}{ -\Priority{High} -\Reason{Accepts attributes change (KRB5_KDB_REQUIRES_PW_CHANGE).} -\Status{Implemented} -} - -\numtest{33.5}{ -\Priority{High} -\Reason{Accepts attributes change (KRB5_DISALLOW_TGT_BASE).} -\Status{Implemented} -} - -\numtest{33.75}{ -\Priority{High} -\Reason{Accepts attributes change (KRB5_PW_CHANGE_SERVICE).} -\Status{Implemented} -} - -\numtest{34}{ -\Priority{High} -\Reason{Accepts max_life change.} -\Status{Implemented} -} - -\numtest{35}{ -\Priority{High} -\Reason{Accepts kvno change.} -\Status{Implemented} -} - -\numtest{36}{ -\Reason{Behaves correctly when policy is set to the same as it was - before.} -\Status{Implemented} -} - -\numtest{37}{ -\Reason{Behaves properly when POLICY_CLR is specified and there was no - policy before.} -\Status{Implemented} -} - -\numtest{38}{ -\Priority{High} -\Reason{Accepts 0 (never) for princ_expire_time.} -\Status{Implemented} -} - -\numtest{39}{ -\Priority{High} -\Reason{Accepts 0 for max_life.} -\Status{Implemented} -} - -\numtest{40}{ -\Reason{Rejects null principal argument.} -\Status{Implemented} -} - -\numtest{41}{ -\Priority{High} -\Reason{Doesn't modify or free mod_name on success.} -} - -\numtest{42}{ -\Priority{High} -\Reason{Doesn't modify or free mod_name on failure.} -} - -\numtest{43}{ -\Priority{High} -\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} -\Status{Implemented} -} - -\numtest{44}{ -\Priority{Low} -\Reason{Connects to correct server when mutliple handles exist} -\Conditions{RPC} -} - - -\section{ovsec_kadm_rename_principal} - -%\numtest{1}{ -%\Reason{Fails if database not initialized.} -%\Status{Implemented} -%} - -\numtest{2}{ -\Priority{High} -\Reason{Fails if user connected with CHANGEPW_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{3}{ -\Priority{High} -\Reason{Fails for user with no access bits.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{4}{ -\Reason{Fails for user with ``modify'' access and not ``add'' or -``delete''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{5}{ -\Reason{Fails for user with ``get'' access and not ``add'' or -``delete''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{6}{ -\Reason{Fails for user with ``modify'' and ``add'' but not ``delete''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{7}{ -\Reason{Fails for user with ``modify'' and ``delete'' but not ``add''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{8}{ -\Reason{Fails for user with ``get'' and ``add'' but not ``delete''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{9}{ -\Reason{Fails for user with ``get'' and ``delete'' but not ``add.''} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{10}{ -\Reason{Fails for user with ``modify'', ``get'' and ``add'', but not - ``delete''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{11}{ -\Reason{Fails for user with ``modify'', ``get'' and ``delete'', but - not ``add''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{12}{ -\Priority{High} -\Reason{Fails for user with ``add'' but not ``delete''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{13}{ -\Priority{High} -\Reason{Fails for user with ``delete'' but not ``add''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{14}{ -\Priority{High} -\Reason{Succeeds for user with ``add'' and ``delete''.} -\Status{Implemented} -} - -\numtest{15}{ -\Priority{High} -\Reason{Fails if target principal name exists.} -\Status{Implemented} -} - -\numtest{16}{ -\Priority{High} -\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} -\Status{Implemented} -} - -\numtest{17}{ -\Priority{Low} -\Reason{Connects to correct server when mutliple handles exist} -\Conditions{RPC} -} - - -\section{ovsec_kadm_chpass_principal} -\label{ovseckadmchpassprincipal} - -\subsection{Quality/history enforcement tests} - -This section lists a series of tests which will be run a number of -times, with various parameter settings (e.g., which access bits user -has, whether user connected with ADMIN_SERVICE or CHANGEPW_SERVICE, -etc.). The table following the -list of tests gives the various parameter settings under which the -tests should be run, as well which should succeed and which should -fail for each choice of parameter settings. - -\subsubsection{List of tests} - -The test number of each of these tests is an offset from the base -given in the table below. - -\numtest{1}{ -\Priority{High} -\Reason{With history setting of 1, change password to itself.} -} - -\numtest{2}{ -\Reason{With history setting of 2 but no password changes since - principal creation, change password to itself.} -} - -\numtest{3}{ -\Reason{With history setting of 2 and one password change since - principal creation, change password to itself - and directly previous password.} -} - -\numtest{4}{ -\Priority{High} -\Reason{With a history setting of 3 and no password changes, - change password to itself.} -} - -\numtest{5}{ -\Priority{High} -\Reason{With a history setting of 3 and 1 password change, - change password to itself or previous password.} -} - -\numtest{6}{ -\Priority{High} -\Reason{With a history setting of 3 and 2 password changes, - change password to itself and the two previous passwords.} -} - -\numtest{7}{ -\Priority{High} -\Reason{Change to previously unused password when now - - last_pwd_change $<$ pw_min_life.} -} - -\numtest{8}{ -\Priority{High} -\Reason{Change to previously unused password that doesn't contain enough - character classes.} -} - -\numtest{9}{ -\Priority{High} -\Reason{Change to previously unused password that's too short.} -} - -\numtest{10}{ -\Priority{High} -\Reason{Change to previously unused password that's in the dictionary.} -} - -\subsubsection{List of parameter settings} - -In the table below, ``7 passes'' means that test 7 above passes and -the rest of the tests fail. - -\begin{tabular}{llllll} -Base & Modify access? & Own password? & Service & Pass/Fail \\ \hline -0 & No & Yes & ADMIN & all fail \\ -20 & No & Yes & CHANGEPW & all fail \\ -40 & No & No & ADMIN & all fail \\ -60 & No & No & CHANGEPW & all fail \\ -80 & Yes & Yes & ADMIN & 7 passes \\ -100 & Yes & Yes & CHANGEPW & all fail \\ -120 & Yes & No & ADMIN & 7 passes \\ -140 & Yes & No & CHANGEPW & all fail \\ -\end{tabular} - -\subsection{Other quality/history tests} - -\numtest{161}{ -\Priority{High} -\Reason{With history of 1, can change password to anything other than - itself that doesn't conflict with other quality - rules.} -} - -\numtest{162}{ -\Reason{With history of 2 and 2 password changes, can change password - to original password.} -} - -\numtest{163}{ -\Priority{High} -\Reason{With history of 3 and 3 password changes, can change password - to original password.} -} - -\numtest{164}{ -\Priority{High} -\Reason{Can change password when now - last_pwd_change $>$ pw_min_life.} -} - -\numtest{165}{ -\Priority{High} -\Reason{Can change password when it contains exactly the number of - classes required by the policy.} -} - -\numtest{166}{ -\Priority{High} -\Reason{Can change password when it is exactly the length required by - the policy.} -} - -\numtest{167}{ -\Priority{High} -\Reason{Can change password to a word that isn't in the dictionary.} -} - - -\subsection{Other tests} - -%\numtest{168}{ -%\Reason{Fails if database not initialized.} -%} - -\numtest{169}{ -\Reason{Fails for non-existent principal.} -} - -\numtest{170}{ -\Reason{Fails for null password.} -} - -\numtest{171}{ -\Priority{High} -\Reason{Fails for empty-string password.} -} - -\numtest{172}{ -\Priority{High} -\Reason{Pw_expiration is set to now + max_pw_life if policy exists and - has non-zero max_pw_life.} -} - -\numtest{173}{ -\Priority{High} -\Reason{Pw_expiration is set to 0 if policy exists and has zero - max_pw_life.} -} - -\numtest{174}{ -\Priority{High} -\Reason{Pw_expiration is set to 0 if no policy.} -} - -\numtest{175}{ -\Priority{High} -\Reason{KRB5_KDC_REQUIRES_PWCHANGE bit is cleared when password is - successfully changed.} -} - -\numtest{176}{ -\Priority{High} -\Reason{Fails for user with no access bits, on other's password.} -} - -\numtest{177}{ -\Priority{High} -\Reason{Fails for user with ``get'' but not ``modify'' access, on - other's password.} -} - -\numtest{178}{ -\Reason{Fails for user with ``delete'' but not ``modify'' access, on - other's password.} -} - -\numtest{179}{ -\Reason{Fails for user with ``add'' but not ``modify'' access, on - other's password.} -} - -\numtest{180}{ -\Reason{Succeeds for user with ``get'' and ``modify'' access, on - other's password.} -\Status{Implemented} -} - -\numtest{180.5}{ -\Priority{High} -\Reason{Succeeds for user with ``modify'' but not ``get'' access, on - other's password.} -\Conditions{RPC} -\Status{Implemented} -} -\numtest{180.625}{ -\Priority{High} -\Reason{Fails for user with modify when connecting with CHANGEPW_SERVICE on - others password} -\Conditions{RPC} -\Status{Implemented} -} -\numtest{180.75}{ -\Priority{High} -\Reason{Fails for user with modify when connecting with CHANGEPW_SERVICE - on other's password which has expired} -\Conditions{RPC} -\Status{Implemented} -} - -%\numtest{181}{ -%\Reason{Password that would succeed if override_qual were false fails -% if override_qual is true.} -%\Expected{Returns CANNOT_OVERRIDE.} -%} - -\numtest{182}{ -\Priority{High} -\Reason{Can not change key of ovsec_adm/history principal.} -\Status{Implemented} -} - -\numtest{183}{ -\Priority{High} -\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} -\Status{Implemented} -} - -\numtest{184}{ -\Priority{Low} -\Reason{Connects to correct server when mutliple handles exist} -\Conditions{RPC} -} - - -\section{ovsec_kadm_chpass_principal_util} - -Rerun all the tests listed for ovsec_kadm_chpass_principal above in -Section \ref{ovseckadmchpassprincipal}. Verify that they succeed -and fail in the same circumstances. Also verify that in each failure -case, the error message returned in msg_ret is as specified in the -functional specification. - -Also, run the following additional tests. - -\numtest{1}{ -\Reason{Null msg_ret is rejected.} -} - -\numtest{2}{ -\Priority{High} -\Reason{New password is put into pw_ret, when it's prompted for.} -} - -\numtest{3}{ -\Priority{High} -Reason{New password is put into pw_ret, when it's supplied by the - caller.} -} - -\numtest{4}{ -\Priority{High} -\Reason{Successful invocation when pw_ret is null.} -} - - - -\section{ovsec_kadm_randkey_principal} - -\subsection{TOOSOON enforcement tests} - -This test should be run a number of times, as indicated in the table -following it. The table also indicates the expected result of each -run of the test. - -\test{ -\Reason{Change key when now - last_pwd_change $<$ pw_min_life.} -} - -\subsubsection{List of parameter settings} - -\begin{tabular}{llllll} -Number & Modify Access? & Own Key? & Service & Pass/Fail & Implemented? \\ \hline -1 & No & Yes & ADMIN & fail & Yes \\ -3 & No & Yes & CHANGEPW & fail & Yes \\ -5 & No & No & ADMIN & fail \\ -7 & No & No & CHANGEPW & fail \\ -9 & Yes & Yes & ADMIN & pass \\ -11 & Yes & Yes & CHANGEPW & fail \\ -13 & Yes & No & ADMIN & pass & Yes \\ -15 & Yes & No & CHANGEPW & fail & Yes \\ -\end{tabular} - -\subsection{Other tests} - -\numtest{17}{ -\Reason{Fails if database not initialized.} -} - -\numtest{18}{ -\Reason{Fails for non-existent principal.} -} - -\numtest{19}{ -\Reason{Fails for null keyblock pointer.} -} - -\numtest{20}{ -\Priority{High} -\Reason{Pw_expiration is set to now + max_pw_life if policy exists and - has non-zero max_pw_life.} -} - -\numtest{21}{ -\Priority{High} -\Reason{Pw_expiration is set to 0 if policy exists and has zero - max_pw_life.} -} - -\numtest{22}{ -\Priority{High} -\Reason{Pw_expiration is set to 0 if no policy.} -} - -\numtest{23}{ -\Priority{High} -\Reason{KRB5_KDC_REQUIRES_PWCHANGE bit is cleared when key is - successfully changed.} -} - -\numtest{24}{ -\Priority{High} -\Reason{Fails for user with no access bits, on other's password.} -} - -\numtest{25}{ -\Priority{High} -\Reason{Fails for user with ``get'' but not ``modify'' access, on - other's password.} -} - -\numtest{26}{ -\Reason{Fails for user with ``delete'' but not ``modify'' access, on - other's password.} -} - -\numtest{27}{ -\Reason{Fails for user with ``add'' but not ``modify'' access, on - other's password.} -} - -\numtest{28}{ -\Reason{Succeeds for user with ``get'' and ``modify'' access, on - other's password.} -\Status{Implemented} -} -\numtest{28.25}{ -\Priority{High} -\Reason{Fails for user with get and modify access on others password - When conneceted with CHANGEPW_SERVICE} -\Status{Implemented} -} - -\numtest{28.5}{ -\Priority{High} -\Reason{Succeeds for user with ``modify'' but not ``get'' access, on - other's password.} -\Status{Implemented} - -} - -\numtest{29}{ -\Reason{The new key that's assigned is truly random. XXX not sure how - to test this.} -} - -\numtest{30}{ -\Reason{Succeeds for own key, no other access bits when connecting with CHANGEPW service} -\Status{Implemented} -} -\numtest{31}{ -\Reason{Succeeds for own key, no other access bits when connecting with ADMIM service} -\Status{Implemented} -} - -\numtest{32}{ -\Reason{Cannot change ovsec_adm/history key} -\Status{Implemented} -} - -\numtest{33}{ -\Priority{High} -\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} -\Status{Implemented} -} - -\numtest{34}{ -\Priority{Low} -\Reason{Connects to correct server when mutliple handles exist} -\Conditions{RPC} -} - - -\section{ovsec_kadm_get_principal} - -\numtest{1}{ -\Reason{Fails for null ent.} -\Status{Implemented} -} - -\numtest{2}{ -\Reason{Fails for non-existent principal.} -\Status{Implemented} -} - -\numtest{3}{ -\Priority{High} -\Reason{Fails for user with no access bits, retrieving other principal.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{4}{ -\Priority{High} -\Reason{Fails for user with ``add'' but not ``get'', getting principal - other than his own, using ADMIN_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{5}{ -\Reason{Fails for user with ``modify'' but not ``get'', getting - principal other than his own, using ADMIN_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{6}{ -\Reason{Fails for user with ``delete'' but not ``get'', getting - principal other than his own, using ADMIN_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{7}{ -\Reason{Fails for user with ``delete'' but not ``get'', getting - principal other than his own, using CHANGEPW_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{8}{ -\Priority{High} -\Reason{Fails for user with ``get'', getting principal other than his - own, using CHANGEPW_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{9}{ -\Priority{High} -\Reason{Succeeds for user without ``get'', retrieving self, using - ADMIN_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{10}{ -\Reason{Succeeds for user without ``get'', retrieving self, using - CHANGEPW_SERVICE.} -\Status{Implemented} -} - -\numtest{11}{ -\Reason{Succeeds for user with ``get'', retrieving self, using - ADMIN_SERVICE.} -\Status{Implemented} -} - -\numtest{12}{ -\Reason{Succeeds for user with ``get'', retrieving self, using - CHANGEPW_SERVICE.} -\Status{Implemented} -} - -\numtest{13}{ -\Priority{High} -\Reason{Succeeds for user with ``get'', retrieving other user, using - ADMIN_SERVICE.} -\Status{Implemented} -} - -\numtest{14}{ -\Reason{Succeeds for user with ``get'' and ``modify'', retrieving - other principal, using ADMIN_SERVICE.} -\Status{Implemented} -} - -\numtest{15}{ -\Priority{High} -\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} -\Status{Implemented} -} - -\numtest{16}{ -\Priority{Low} -\Reason{Connects to correct server when mutliple handles exist} -\Conditions{RPC} -} - - -\section{ovsec_kadm_create_policy} - -\numtest{1}{ -\Reason{Fails for mask with undefined bit set.} -\Status{Implemented - untested} -} - -\numtest{2}{ -\Priority{High} -\Reason{Fails if caller connected with CHANGEPW_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{3}{ -\Reason{Fails for mask without POLICY bit set.} -\Status{Implemented - untested} -} - -\numtest{4}{ -\Reason{Fails for mask with REF_COUNT bit set.} -\Status{Implemented} -} - -\numtest{5}{ -\Reason{Fails for invalid policy name.} -\Status{Implemented - untested} -} - -\numtest{6}{ -\Priority{High} -\Reason{Fails for existing policy name.} -\Status{Implemented} -} - -\numtest{7}{ -\Reason{Fails for null policy name.} -\Status{Implemented - untested} -} - -\numtest{8}{ -\Priority{High} -\Reason{Fails for empty-string policy name.} -\Status{Implemented} -} - -\numtest{9}{ -\Priority{High} -\Reason{Accepts 0 for pw_min_life.} -\Status{Implemented} -} - -\numtest{10}{ -\Priority{High} -\Reason{Accepts non-zero for pw_min_life.} -\Status{Implemented} -} - -\numtest{11}{ -\Priority{High} -\Reason{Accepts 0 for pw_max_life.} -\Status{Implemented} -} - -\numtest{12}{ -\Priority{High} -\Reason{Accepts non-zero for pw_max_life.} -\Status{Implemented} -} - -\numtest{13}{ -\Priority{High} -\Reason{Rejects 0 for pw_min_length.} -\Status{Implemented} -} - -\numtest{14}{ -\Priority{High} -\Reason{Accepts non-zero for pw_min_length.} -\Status{Implemented} -} - -\numtest{15}{ -\Priority{High} -\Reason{Rejects 0 for pw_min_classes.} -\Status{Implemented} -} - -\numtest{16}{ -\Priority{High} -\Reason{Accepts 1 for pw_min_classes.} -\Status{Implemented} -} - -\numtest{17}{ -\Priority{High} -\Reason{Accepts 4 for pw_min_classes.} -\Status{Implemented} -} - -\numtest{18}{ -\Priority{High} -\Reason{Rejects 5 for pw_min_classes.} -\Status{Implemented} -} - -\numtest{19}{ -\Priority{High} -\Reason{Rejects 0 for pw_history_num.} -\Status{Implemented} -} - -\numtest{20}{ -\Priority{High} -\Reason{Accepts 1 for pw_history_num.} -\Status{Implemented} -} - -\numtest{21}{ -\Priority{High} -\Reason{Accepts 10 for pw_history_num.} -\Status{Implemented} -} - -\numtest{21.5}{ -\Reason{Rejects 11 for pw_history_num.} -\Status{Implemented - untested} -} - -\numtest{22}{ -\Priority{High} -\Reason{Fails for user with no access bits.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{23}{ -\Priority{High} -\Reason{Fails for user with ``get'' but not ``add''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{24}{ -\Reason{Fails for user with ``modify'' but not ``add.''} -\Conditions{RPC} -\Status{Implemented - untested} -} - -\numtest{25}{ -\Reason{Fails for user with ``delete'' but not ``add.''} -\Conditions{RPC} -\Status{Implemented - untested} -} - -\numtest{26}{ -\Priority{High} -\Reason{Succeeds for user with ``add.''} -\Status{Implemented} -} - -\numtest{27}{ -\Reason{Succeeds for user with ``get'' and ``add.''} -\Status{Implemented - untested} -} - -\numtest{28}{ -\Reason{Rejects null policy argument.} -\Status{Implemented - untested} -} - -\numtest{29}{ -\Reason{Rejects pw_min_life greater than pw_max_life.} -} - -\numtest{30}{ -\Priority{High} -\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} -\Status{Implemented} -} - -\numtest{31}{ -\Priority{Low} -\Reason{Connects to correct server when mutliple handles exist} -\Conditions{RPC} -} - - -\section{ovsec_kadm_delete_policy} - -\numtest{1}{ -\Reason{Fails for null policy name.} -} - -\numtest{2}{ -\Priority{High} -\Reason{Fails for empty-string policy name.} -\Status{Implemented} -} - -\numtest{3}{ -\Reason{Fails for non-existent policy name.} -} - -\numtest{4}{ -\Reason{Fails for bad policy name.} -} - -\numtest{5}{ -\Priority{High} -\Reason{Fails if caller connected with CHANGEPW_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{6}{ -\Priority{High} -\Reason{Fails for user with no access bits.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{7}{ -\Priority{High} -\Reason{Fails for user with ``add'' but not ``delete''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{8}{ -\Reason{Fails for user with ``modify'' but not ``delete''.} -\Conditions{RPC} -} - -\numtest{9}{ -\Reason{Fails for user with ``get'' but not ``delete.''} -\Conditions{RPC} -} - -\numtest{10}{ -\Priority{High} -\Reason{Succeeds for user with only ``delete''.} -\Status{Implemented} -} - -\numtest{11}{ -\Reason{Succeeds for user with ``delete'' and ``add''.} -} - -\numtest{12}{ -\Priority{High} -\Reason{Fails for policy with non-zero reference count.} -\Status{Implemented} -} - -\numtest{13}{ -\Priority{High} -\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} -\Status{Implemented} -} - -\numtest{14}{ -\Priority{Low} -\Reason{Connects to correct server when mutliple handles exist} -\Conditions{RPC} -} - - -\section{ovsec_kadm_modify_policy} - -\numtest{1}{ -\Reason{Fails for mask with undefined bit set.} -\Conditions{RPC} -} - -\numtest{2}{ -\Priority{High} -\Reason{Fails if caller connected with CHANGEPW_SERVICE.} -\Status{Implemented} -} - -\numtest{3}{ -\Reason{Fails for mask with POLICY bit set.} -} - -\numtest{4}{ -\Reason{Fails for mask with REF_COUNT bit set.} -\Status{Implemented} -} - -\numtest{5}{ -\Reason{Fails for invalid policy name.} -} - -\numtest{6}{ -\Reason{Fails for non-existent policy name.} -} - -\numtest{7}{ -\Reason{Fails for null policy name.} -} - -\numtest{8}{ -\Priority{High} -\Reason{Fails for empty-string policy name.} -\Status{Implemented} -} - -\numtest{9}{ -\Priority{High} -\Reason{Accepts 0 for pw_min_life.} -\Status{Implemented} -} - -\numtest{10}{ -\Priority{High} -\Reason{Accepts non-zero for pw_min_life.} -\Status{Implemented} -} - -\numtest{11}{ -\Priority{High} -\Reason{Accepts 0 for pw_max_life.} -\Status{Implemented} -} - -\numtest{12}{ -\Priority{High} -\Reason{Accepts non-zero for pw_max_life.} -\Status{Implemented} -} - -\numtest{13}{ -\Priority{High} -\Reason{Accepts 0 for pw_min_length.} -\Status{Implemented} -} - -\numtest{14}{ -\Priority{High} -\Reason{Accepts non-zero for pw_min_length.} -\Status{Implemented} -} - -\numtest{15}{ -\Priority{High} -\Reason{Rejects 0 for pw_min_classes.} -\Status{Implemented} -} - -\numtest{16}{ -\Priority{High} -\Reason{Accepts 1 for pw_min_classes.} -\Status{Implemented} -} - -\numtest{17}{ -\Priority{High} -\Reason{Accepts 4 for pw_min_classes.} -\Status{Implemented} -} - -\numtest{18}{ -\Priority{High} -\Reason{Rejects 5 for pw_min_classes.} -\Status{Implemented} -} - -\numtest{19}{ -\Priority{High} -\Reason{Rejects 0 for pw_history_num.} -\Status{Implemented} -} - -\numtest{20}{ -\Priority{High} -\Reason{Accepts 1 for pw_history_num.} -\Status{Implemented} -} - -\numtest{21}{ -\Priority{High} -\Reason{Accepts 10 for pw_history_num.} -\Status{Implemented} -} - -\numtest{22}{ -\Priority{High} -\Reason{Fails for user with no access bits.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{23}{ -\Priority{High} -\Reason{Fails for user with ``get'' but not ``modify''.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{24}{ -\Reason{Fails for user with ``add'' but not ``modify.''} -\Conditions{RPC} -} - -\numtest{25}{ -\Reason{Fails for user with ``delete'' but not ``modify.''} -\Conditions{RPC} -} - -\numtest{26}{ -\Priority{High} -\Reason{Succeeds for user with ``modify.''} -\Status{Implemented} -} - -\numtest{27}{ -\Reason{Succeeds for user with ``get'' and ``modify.''} -} - -\numtest{28}{ -\Reason{Rejects null policy argument.} -} - -\numtest{29}{ -\Reason{Rejects change which makes pw_min_life greater than - pw_max_life.} -} - -\numtest{30}{ -\Priority{High} -\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} -\Status{Implemented} -} - -\numtest{31}{ -\Priority{Low} -\Reason{Connects to correct server when mutliple handles exist} -\Conditions{RPC} -} - -\section{ovsec_kadm_get_policy} - -\numtest{1}{ -\Reason{Fails for null policy.} -} - -\numtest{2}{ -\Reason{Fails for invalid policy name.} -} - -\numtest{3}{ -\Priority{High} -\Reason{Fails for empty-string policy name.} -\Status{Implemented} -} - -\numtest{4}{ -\Reason{Fails for non-existent policy name.} -} - -\numtest{5}{ -\Reason{Fails for null ent.} -} - -\numtest{6}{ -\Priority{High} -\Reason{Fails for user with no access bits trying to get other's - policy, using ADMIN_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{7}{ -\Priority{High} -\Reason{Fails for user with ``add'' but not ``get'' trying to get - other's policy, using ADMIN_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{8}{ -\Reason{Fails for user with ``modify'' but not ``get'' trying to get - other's policy, using ADMIN_SERVICE.} -\Conditions{RPC} -} - -\numtest{9}{ -\Reason{Fails for user with ``delete'' but not ``get'' trying to get - other's policy, using ADMIN_SERVICE.} -\Conditions{RPC} -} - -\numtest{10}{ -\Reason{Fails for user with ``delete'' but not ``get'' trying to get - other's policy, using CHANGEPW_SERVICE.} -\Conditions{RPC} -} - -\numtest{11}{ -\Priority{High} -\Reason{Succeeds for user with only ``get'', trying to get own policy, - using ADMIN_SERVICE.} -\Status{Implemented} -} - -\numtest{12}{ -\Priority{High} -\Reason{Succeeds for user with only ``get'', trying to get own policy, - using CHANGEPW_SERVICE.} -\Status{Implemented} -} - -\numtest{13}{ -\Reason{Succeeds for user with ``add'' and ``get'', trying to get own - policy, using ADMIN_SERVICE.} -} - -\numtest{14}{ -\Reason{Succeeds for user with ``add'' and ``get'', trying to get own - policy, using CHANGEPW_SERVICE.} -} - -\numtest{15}{ -\Reason{Succeeds for user without ``get'', trying to get own policy, - using ADMIN_SERVICE.} -} - -\numtest{16}{ -\Priority{High} -\Reason{Succeeds for user without ``get'', trying to get own policy, - using CHANGEPW_SERVICE.} -\Status{Implemented} -} - -\numtest{17}{ -\Priority{High} -\Reason{Succeeds for user with ``get'', trying to get other's policy, - using ADMIN_SERVICE.} -\Status{Implemented} -} - -\numtest{18}{ -\Priority{High} -\Reason{Fails for user with ``get'', trying to get other's policy, - using CHANGEPW_SERVICE.} -\Conditions{RPC} -\Status{Implemented} -} - -\numtest{19}{ -\Reason{Succeeds for user with ``modify'' and ``get'', trying to get - other's policy, using ADMIN_SERVICE.} -} - -\numtest{20}{ -\Reason{Fails for user with ``modify'' and ``get'', trying to get - other's policy, using CHANGEPW_SERVICE.} -} - -\numtest{21}{ -\Priority{High} -\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} -\Status{Implemented} -} - -\numtest{22}{ -\Priority{Low} -\Reason{Connects to correct server when mutliple handles exist} -\Conditions{RPC} -} - - -\section{ovsec_kadm_free_principal_ent} - -In addition to the tests listed here, a memory-leak detector such as -TestCenter, Purify or dbmalloc should be used to verify that the -memory freed by this function is really freed. - -\numtest{1}{ -\Reason{Null princ succeeds.} -} - -\numtest{2}{ -\Reason{Non-null princ succeeds.} -} - - -\section{ovsec_kadm_free_policy_ent} - -In addition to the tests listed here, a memory-leak detector such as -TestCenter, Purify or dbmalloc should be used to verify that the -memory freed by this function is really freed. - -\numtest{1}{ -\Reason{Null policy succeeds.} -} - -\numtest{2}{ -\Reason{Non-null policy succeeds.} -} - - - -\section{ovsec_kadm_get_privs} - -\numtest{1}{ -\Reason{Fails for null pointer argument.} -} - -This test should be run with the 16 possible combinations of access -bits (since there are 4 access bits, there are $2^4 = 16$ possible -combinations of them): - -\numtest{2}{ -\Priority{High} -\Reason{Returns correct bit mask for access bits of user.} -\Conditions{RPC} -} - -This test should be run locally: - -\numtest{3}{ -\Priority{High} -\Reason{Returns 0x0f.} -\Conditions{local} -} - -\end{document} diff --git a/src/appl/popper/Imakefile b/src/appl/popper/Imakefile deleted file mode 100644 index d46dc30..0000000 --- a/src/appl/popper/Imakefile +++ /dev/null @@ -1,93 +0,0 @@ -# $Source$ -# $Author$ -# $Id$ -# -# Copyright 1991 by the Massachusetts Institute of Technology. -# All Rights Reserved. -# -# Export of this software from the United States of America may -# require a specific license from the United States Government. -# It is the responsibility of any person or organization contemplating -# export to obtain such a license before exporting. -# -# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -# distribute this software and its documentation for any purpose and -# without fee is hereby granted, provided that the above copyright -# notice appear in all copies and that both that copyright notice and -# this permission notice appear in supporting documentation, and that -# the name of M.I.T. not be used in advertising or publicity pertaining -# to distribution of the software without specific, written prior -# permission. M.I.T. makes no representations about the suitability of -# this software for any purpose. It is provided "as is" without express -# or implied warranty. -# -# - -# Options are: -# BIND43 - If you are using BSD 4.3 domain -# name service. -# DEBUG - Include the debugging code. Note: You -# still have to use the -d or -t flag to -# enable debugging. -# HAVE_VSPRINTF - If the vsprintf functions are -# available -# on your system. -# SYSLOG42 - For BSD 4.2 syslog (default is BSD 4.3 -# syslog). -# STRNCASECMP - If you do not have strncasecmp() -# KERBEROS - If you want authentication vis Kerberos -# (tom) -# KERBEROS_PASSWD_HACK - Use popper as passwd server -# NOSTATUS - Don't create a Mail(1)-like -# Status: header - -#if defined(OS_BSD_RENO) || defined(OS_Ultrix) || defined(OS_SunOS4) || defined(OS_BSD) -BINDDEF=-DBIND43 -#else -/* assume it's not there; not really critical since we are using Kerberos to - beef up the normal IP-address checking stuff */ -BINDDEF= -#endif - -#if 0 - -/* Zephyr stuff not needed yet, since spop isn't done yet. */ -DEFINES = -DHAVE_VSPRINTF -DKERBEROS -DKRB5 -DNOSTATUS -DDEBUG $(BINDDEF) $(ZEPHDEFS) -LOCAL_LIBRARIES = $(ZEPHLIBS) $(KLIB) -DEP_LIBS= $(ZEPHDEPLIB) $(DEPKLIB) - -#else - -DEFINES = -DHAVE_VSPRINTF -DKERBEROS -DKRB5 -DNOSTATUS -DDEBUG $(BINDDEF) -LOCAL_LIBRARIES = $(KLIB) -DEP_LIBS= $(DEPKLIB) - -#endif -OBJS = pop_dele.o pop_dropcopy.o pop_dropinfo.o \ - pop_get_command.o pop_get_subcommand.o pop_init.o \ - pop_last.o pop_list.o pop_log.o pop_lower.o \ - pop_msg.o pop_parse.o pop_pass.o pop_quit.o \ - pop_rset.o pop_send.o pop_stat.o pop_updt.o \ - pop_user.o pop_xtnd.o pop_xmit.o popper.o -SRCS = pop_dele.c pop_dropcopy.c pop_dropinfo.c \ - pop_get_command.c pop_get_subcommand.c pop_init.c \ - pop_last.c pop_list.c pop_log.c pop_lower.c \ - pop_msg.c pop_parse.c pop_pass.c pop_quit.c \ - pop_rset.c pop_send.c pop_stat.c pop_updt.c \ - pop_user.c pop_xtnd.c pop_xmit.c popper.c $(SPOP_SRCS) -#if 0 -SPOP_OBJS = pop_enter.o -SPOP_SRCS = pop_enter.c -#endif - -all:: popper - -NormalProgramTarget(popper,$(OBJS),$(DEP_LIBS),$(LOCAL_LIBRARIES),) -Krb5InstallServerProgram(popper) - -#if 0 -NormalProgramTarget(spop,$(SPOP_OBJS),$(DEP_LIBS),$(LOCAL_LIBRARIES),) -Krb5InstallServerProgram(spop) -#endif - -DependTarget() diff --git a/src/include/krb5.h b/src/include/krb5.h deleted file mode 100644 index 761f379..0000000 --- a/src/include/krb5.h +++ /dev/null @@ -1,2271 +0,0 @@ -/* - * include/krb5.h - * - * Copyright 1989,1990,1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * General definitions for Kerberos version 5. - */ - -#ifndef KRB5_GENERAL__ -#define KRB5_GENERAL__ - -#ifdef _MSDOS - -#define SIZEOF_INT 2 -#define SIZEOF_LONG 4 - -#ifndef KRB5_CONFIG__ -#define KRB5_PROVIDE_PROTOTYPES -#define HAS_VOID_TYPE -#define HAVE_STDARG_H -#ifndef INTERFACE -#define INTERFACE __far __export __pascal -#define INTERFACE_C __far __export __cdecl -#endif /* !INTERFACE */ -#define FAR _far -#define NEAR _near -#ifndef _SIZE_T_DEFINED -typedef unsigned int size_t; -#define _SIZE_T_DEFINED -#endif /* !_SIZE_T_DEFINED */ -#ifndef KRB5_SYSTYPES__ -#define KRB5_SYSTYPES__ -#include <sys/types.h> -typedef unsigned long u_long; /* Not part of sys/types.h on the pc */ -typedef unsigned int u_int; -typedef unsigned short u_short; -typedef unsigned char u_char; -#endif /* KRB5_SYSTYPES__ */ - -#endif /* !KRB5_CONFIG */ -#else /* !_MSDOS */ -#ifndef KRB5_CONFIG__ -#define INTERFACE -#define INTERFACE_C -#define FAR -#define NEAR -#endif /* !KRB5_CONFIG__ */ -#ifdef HAS_SYS_TYPES -#include <sys/types.h> -#endif -#endif /* _MSDOS */ - -/* - * begin wordsize.h - */ - -/* - * Word-size related definition. - */ - -typedef unsigned char krb5_octet; -typedef unsigned char krb5_ui_1; - -#if (SIZEOF_INT == 2) -typedef int krb5_int16; -typedef unsigned int krb5_ui_2; -#define VALID_INT_BITS 0x7fff -#define VALID_UINT_BITS 0xffff -#elif (SIZEOF_SHORT == 2) -typedef short krb5_int16; -typedef unsigned short krb5_ui_2; -#else - ?==error: undefined 16 bit type -#endif - -#if (SIZEOF_INT == 4) -typedef int krb5_int32; -typedef unsigned int krb5_ui_4; -#define VALID_INT_BITS 0x7fffffff -#define VALID_UINT_BITS 0xffffffff -#elif (SIZEOF_LONG == 4) -typedef long krb5_int32; -typedef unsigned long krb5_ui_4; -#elif (SIZEOF_SHORT == 4) -typedef short krb5_int32; -typedef unsigned short krb5_ui_4; -#else - ?== error: undefined 32 bit type -#endif - -#define KRB5_INT32_MAX 2147483647 -/* this strange form is necessary since - is a unary operator, not a sign - indicator */ -#define KRB5_INT32_MIN (-KRB5_INT32_MAX-1) - -/* - * end wordsize.h - */ - -/* - * begin "base-defs.h" - */ - -/* - * Basic definitions for Kerberos V5 library - */ - -#ifndef FALSE -#define FALSE 0 -#endif -#ifndef TRUE -#define TRUE 1 -#endif - -typedef unsigned int krb5_boolean; -typedef unsigned int krb5_msgtype; -typedef unsigned int krb5_kvno; - -typedef unsigned int krb5_addrtype; -typedef unsigned int krb5_keytype; -typedef unsigned int krb5_enctype; -typedef unsigned int krb5_cksumtype; -typedef unsigned int krb5_authdatatype; - -typedef krb5_int32 krb5_preauthtype; /* This may change, later on */ -typedef krb5_int32 krb5_flags; -typedef krb5_int32 krb5_timestamp; -typedef krb5_int32 krb5_error_code; -typedef krb5_int32 krb5_deltat; - -typedef krb5_error_code krb5_magic; - -typedef struct _krb5_data { - krb5_magic magic; - int length; - char FAR *data; -} krb5_data; - -/* Define krb5_const as necessary */ - -/* - * Hardcoded scrudge to deal with Ultrix; see note on NPROTOTYPE below - */ - -#if defined(KRB5_NO_CONST) || (defined(__ultrix) && !defined(__GNUC__)) -#define krb5_const -#else -#define krb5_const const -#endif - -#if defined(__STDC__) || defined(HAS_VOID_TYPE) || defined(_WINDOWS) -typedef void FAR * krb5_pointer; -typedef void krb5_const FAR * krb5_const_pointer; -#else -typedef char FAR * krb5_pointer; -typedef char krb5_const FAR * krb5_const_pointer; -#endif - -#if (defined(__STDC__) || defined(_WINDOWS) || defined(KRB5_PROVIDE_PROTOTYPES)) && !defined(KRB5_NO_PROTOTYPES) -#define KRB5_PROTOTYPE(x) x -#if defined(__STDC__) || defined(HAVE_STDARG_H) || defined(_WINDOWS) -#define KRB5_STDARG_P(x) x -#else -#define KRB5_STDARG_P(x) () -#endif /* defined(__STDC__) || defined(HAVE_STDARG_H) */ -#else -#define KRB5_PROTOTYPE(x) () -#define KRB5_STDARG_P(x) () -#endif /* STDC or PROTOTYPES */ - -/* - * This gross compiler dependency is in here because the stock Ultrix - * compiler defines __STDC__ but doesn't deal with nested prototypes - * properly. The reason this isn't tested for is so that this header - * is actually useful when installed. - */ -#if defined(KRB5_NO_NESTED_PROTOTYPES) || (defined(__ultrix) && !defined(__GNUC__)) -#define KRB5_NPROTOTYPE(x) () -#else -#define KRB5_NPROTOTYPE(x) KRB5_PROTOTYPE(x) -#endif - -typedef struct krb5_principal_data { - krb5_magic magic; - krb5_data realm; - krb5_data FAR *data; /* An array of strings */ - krb5_int32 length; - krb5_int32 type; -} krb5_principal_data; - -typedef krb5_principal_data FAR * krb5_principal; - -/* - * Per V5 spec on definition of principal types - */ - -/* Name type not known */ -#define KRB5_NT_UNKNOWN 0 -/* Just the name of the principal as in DCE, or for users */ -#define KRB5_NT_PRINCIPAL 1 -/* Service and other unique instance (krbtgt) */ -#define KRB5_NT_SRV_INST 2 -/* Service with host name as instance (telnet, rcommands) */ -#define KRB5_NT_SRV_HST 3 -/* Service with host as remaining components */ -#define KRB5_NT_SRV_XHST 4 -/* Unique ID */ -#define KRB5_NT_UID 5 - -/* constant version thereof: */ -typedef krb5_const krb5_principal_data FAR *krb5_const_principal; - -#define krb5_princ_realm(context, princ) (&(princ)->realm) -#define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value)) -#define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value) -#define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value) -#define krb5_princ_size(context, princ) (princ)->length -#define krb5_princ_type(context, princ) (princ)->type -#define krb5_princ_name(context, princ) (princ)->data -#define krb5_princ_component(context, princ,i) ((princ)->data + i) - -/* - * end "base-defs.h" - */ - -/* - * begin "hostaddr.h" - */ - -/* structure for address */ -typedef struct _krb5_address { - krb5_magic magic; - krb5_addrtype addrtype; - int length; - krb5_octet FAR *contents; -} krb5_address; - -/* per Kerberos v5 protocol spec */ -#define ADDRTYPE_INET 0x0002 -#define ADDRTYPE_CHAOS 0x0005 -#define ADDRTYPE_XNS 0x0006 -#define ADDRTYPE_ISO 0x0007 -#define ADDRTYPE_DDP 0x0010 -/* not yet in the spec... */ -#define ADDRTYPE_ADDRPORT 0x0100 -#define ADDRTYPE_IPPORT 0x0101 - -/* macros to determine if a type is a local type */ -#define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000) - -/* - * end "hostaddr.h" - */ - - -struct _krb5_context; -typedef struct _krb5_context FAR * krb5_context; - -struct _krb5_auth_context; -typedef struct _krb5_auth_context FAR * krb5_auth_context; - -/* - * begin "encryption.h" - */ - -typedef struct _krb5_keyblock { - krb5_magic magic; - krb5_keytype keytype; - krb5_enctype etype; /* hint of what encryption type to use */ - int length; - krb5_octet FAR *contents; -} krb5_keyblock; - -typedef struct _krb5_checksum { - krb5_magic magic; - krb5_cksumtype checksum_type; /* checksum type */ - int length; - krb5_octet FAR *contents; -} krb5_checksum; - -typedef struct _krb5_encrypt_block { - krb5_magic magic; - struct _krb5_cryptosystem_entry FAR *crypto_entry; - krb5_keyblock FAR *key; - krb5_pointer priv; /* for private use, e.g. DES - key schedules */ - krb5_int32 priv_size; /* Size of private data */ -} krb5_encrypt_block; - -typedef struct _krb5_enc_data { - krb5_magic magic; - krb5_enctype etype; - krb5_kvno kvno; - krb5_data ciphertext; -} krb5_enc_data; - -/* could be used in a table to find an etype and initialize a block */ -typedef struct _krb5_cryptosystem_entry { - krb5_magic magic; - krb5_error_code (*encrypt_func) KRB5_NPROTOTYPE(( krb5_const_pointer /* in */, - krb5_pointer /* out */, - krb5_const size_t, - krb5_encrypt_block FAR *, - krb5_pointer)); - krb5_error_code (*decrypt_func) KRB5_NPROTOTYPE(( krb5_const_pointer /* in */, - krb5_pointer /* out */, - krb5_const size_t, - krb5_encrypt_block FAR *, - krb5_pointer)); - krb5_error_code (*process_key) KRB5_NPROTOTYPE(( krb5_encrypt_block FAR *, - krb5_const krb5_keyblock FAR *)); - krb5_error_code (*finish_key) KRB5_NPROTOTYPE(( krb5_encrypt_block FAR *)); - krb5_error_code (*string_to_key) KRB5_NPROTOTYPE((krb5_const krb5_encrypt_block FAR *, - krb5_const krb5_keytype, - krb5_keyblock FAR *, - krb5_const krb5_data FAR *, - krb5_const krb5_data FAR *)); - krb5_error_code (*init_random_key) KRB5_NPROTOTYPE((krb5_const krb5_keyblock FAR *, - krb5_pointer FAR *)); - krb5_error_code (*finish_random_key) KRB5_NPROTOTYPE(( krb5_pointer FAR *)); - krb5_error_code (*random_key) KRB5_NPROTOTYPE(( krb5_const krb5_encrypt_block FAR *, - krb5_pointer, - krb5_keyblock FAR * FAR *)); - int block_length; - int pad_minimum; /* needed for cksum size computation */ - int keysize; - krb5_enctype proto_enctype; /* encryption type, - (assigned protocol number AND - table index) */ - krb5_keytype proto_keytype; /* key type, - (assigned protocol number AND - table index) */ -} krb5_cryptosystem_entry; - -typedef struct _krb5_cs_table_entry { - krb5_magic magic; - krb5_cryptosystem_entry FAR *system; - krb5_pointer random_sequence; /* from init_random_key() */ -} krb5_cs_table_entry; - -/* could be used in a table to find a sumtype */ -typedef krb5_error_code (*SUM_FUNC) KRB5_NPROTOTYPE ( - (krb5_pointer /* in */, - size_t /* in_length */, - krb5_pointer /* key/seed */, - size_t /* key/seed size */, - krb5_checksum FAR * /* out_cksum */)); - -typedef krb5_error_code (*SUM_VERF_FUNC) KRB5_NPROTOTYPE ( - (krb5_checksum FAR * /* out_cksum */, - krb5_pointer /* in */, - size_t /* in_length */, - krb5_pointer /* key/seed */, - size_t /* key/seed size */)); - -typedef struct _krb5_checksum_entry { - krb5_magic magic; - SUM_FUNC sum_func; /* Checksum generator */ - SUM_VERF_FUNC sum_verf_func; /* Verifier of checksum */ - int checksum_length; /* length of stuff returned by - sum_func */ - unsigned int is_collision_proof:1; - unsigned int uses_key:1; -} krb5_checksum_entry; - -/* per Kerberos v5 protocol spec */ -#define KEYTYPE_NULL 0x0000 -#define KEYTYPE_DES 0x0001 /* Data Encryption Standard, - FIPS 46,81 */ -#define KEYTYPE_UNKNOWN 0x01ff - -#define ETYPE_NULL 0x0000 -#define ETYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ -#define ETYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */ -#define ETYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */ -#define ETYPE_RAW_DES_CBC 0x0004 /* Raw DES cbc mode */ - -#define ETYPE_UNKNOWN 0x1FF /* Reserved local value */ - -#define CKSUMTYPE_CRC32 0x0001 -#define CKSUMTYPE_RSA_MD4 0x0002 -#define CKSUMTYPE_RSA_MD4_DES 0x0003 -#define CKSUMTYPE_DESCBC 0x0004 -/* des-mac-k */ -/* rsa-md4-des-k */ -#define CKSUMTYPE_RSA_MD5 0x0007 -#define CKSUMTYPE_RSA_MD5_DES 0x0008 - -#ifndef krb5_roundup -/* round x up to nearest multiple of y */ -#define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y)) -#endif /* roundup */ - -/* macro function definitions to help clean up code */ -#define krb5_encrypt_size(length, crypto) \ - krb5_roundup((length)+(crypto)->pad_minimum, (crypto)->block_length) - -/* This array is indexed by encryption type */ -extern krb5_cs_table_entry * NEAR krb5_csarray[]; -extern int krb5_max_cryptosystem; /* max entry in array */ - -/* This array is indexed by key type, and has (should have) pointers to - the same entries as krb5_csarray */ -/* XXX what if a given keytype works for several etypes? */ -extern krb5_cs_table_entry * NEAR krb5_keytype_array[]; -extern int krb5_max_keytype; /* max entry in array */ - -/* This array is indexed by checksum type */ -extern krb5_checksum_entry * NEAR krb5_cksumarray[]; -extern int krb5_max_cksum; /* max entry in array */ - -#define valid_etype(etype) ((((int) (etype)) <= krb5_max_cryptosystem) && ((etype) > 0) && krb5_csarray[etype]) - -#define valid_keytype(ktype) ((((int) (ktype)) <= krb5_max_keytype) && ((ktype) > 0) && krb5_keytype_array[ktype]) - -#define valid_cksumtype(cktype) ((((int) (cktype)) <= krb5_max_cksum) && ((cktype) > 0) && krb5_cksumarray[cktype]) - -#define is_coll_proof_cksum(cktype) (krb5_cksumarray[cktype]->is_collision_proof) -#define is_keyed_cksum(cktype) (krb5_cksumarray[cktype]->uses_key) - -/* set up *eblockp to use etype */ -#define krb5_use_cstype(context, eblockp, etype) (eblockp)->crypto_entry = krb5_csarray[(etype)]->system -/* ...or keytype */ -#define krb5_use_keytype(context, eblockp, keytype) (eblockp)->crypto_entry = krb5_keytype_array[(keytype)]->system - -#define krb5_encrypt(context, inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->encrypt_func)(inptr, outptr, size, eblock, ivec) -#define krb5_decrypt(context, inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->decrypt_func)(inptr, outptr, size, eblock, ivec) -#define krb5_process_key(context, eblock, key) (*(eblock)->crypto_entry->process_key)(eblock, key) -#define krb5_finish_key(context, eblock) (*(eblock)->crypto_entry->finish_key)(eblock) -#define krb5_string_to_key(context, eblock, keytype, keyblock, data, princ) (*(eblock)->crypto_entry->string_to_key)(eblock, keytype, keyblock, data, princ) -#define krb5_init_random_key(context, eblock, keyblock, ptr) (*(eblock)->crypto_entry->init_random_key)(keyblock, ptr) -#define krb5_finish_random_key(context, eblock, ptr) (*(eblock)->crypto_entry->finish_random_key)(ptr) -#define krb5_random_key(context, eblock, ptr, keyblock) (*(eblock)->crypto_entry->random_key)(eblock, ptr, keyblock) - -#define krb5_eblock_keytype(context, eblockp) ((eblockp)->crypto_entry->proto_keytype) -#define krb5_eblock_enctype(context, eblockp) ((eblockp)->crypto_entry->proto_enctype) - -/* - * Here's the stuff for the checksum switch: - */ -#define krb5_checksum_size(context, ctype) (krb5_cksumarray[ctype]->checksum_length) -#define krb5_calculate_checksum(context, ctype, in, in_length, seed, seed_length, outcksum) ((*krb5_cksumarray[ctype]->sum_func)(in, in_length, seed, seed_length, outcksum)) -#define krb5_verify_checksum(context, ctype, cksum, in, in_length, seed, seed_length) ((*krb5_cksumarray[ctype]->sum_verf_func)(cksum, in, in_length, seed, seed_length)) - -/* - * end "encryption.h" - */ - -/* - * begin "fieldbits.h" - */ - -/* kdc_options for kdc_request */ -/* options is 32 bits; each host is responsible to put the 4 bytes - representing these bits into net order before transmission */ -/* #define KDC_OPT_RESERVED 0x80000000 */ -#define KDC_OPT_FORWARDABLE 0x40000000 -#define KDC_OPT_FORWARDED 0x20000000 -#define KDC_OPT_PROXIABLE 0x10000000 -#define KDC_OPT_PROXY 0x08000000 -#define KDC_OPT_ALLOW_POSTDATE 0x04000000 -#define KDC_OPT_POSTDATED 0x02000000 -/* #define KDC_OPT_UNUSED 0x01000000 */ -#define KDC_OPT_RENEWABLE 0x00800000 -/* #define KDC_OPT_UNUSED 0x00400000 */ -/* #define KDC_OPT_RESERVED 0x00200000 */ -/* #define KDC_OPT_RESERVED 0x00100000 */ -/* #define KDC_OPT_RESERVED 0x00080000 */ -/* #define KDC_OPT_RESERVED 0x00040000 */ -/* #define KDC_OPT_RESERVED 0x00020000 */ -/* #define KDC_OPT_RESERVED 0x00010000 */ -/* #define KDC_OPT_RESERVED 0x00008000 */ -/* #define KDC_OPT_RESERVED 0x00004000 */ -/* #define KDC_OPT_RESERVED 0x00002000 */ -/* #define KDC_OPT_RESERVED 0x00001000 */ -/* #define KDC_OPT_RESERVED 0x00000800 */ -/* #define KDC_OPT_RESERVED 0x00000400 */ -/* #define KDC_OPT_RESERVED 0x00000200 */ -/* #define KDC_OPT_RESERVED 0x00000100 */ -/* #define KDC_OPT_RESERVED 0x00000080 */ -/* #define KDC_OPT_RESERVED 0x00000040 */ -/* #define KDC_OPT_RESERVED 0x00000020 */ -#define KDC_OPT_RENEWABLE_OK 0x00000010 -#define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008 -/* #define KDC_OPT_UNUSED 0x00000004 */ -#define KDC_OPT_RENEW 0x00000002 -#define KDC_OPT_VALIDATE 0x00000001 - -/* - * Mask of ticket flags in the TGT which should be converted into KDC - * options when using the TGT to get derivitive tickets. - * - * New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE | - * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE - */ -#define KDC_TKT_COMMON_MASK 0x54800000 - -/* definitions for ap_options fields */ -/* ap_options are 32 bits; each host is responsible to put the 4 bytes - representing these bits into net order before transmission */ -#define AP_OPTS_RESERVED 0x80000000 -#define AP_OPTS_USE_SESSION_KEY 0x40000000 -#define AP_OPTS_MUTUAL_REQUIRED 0x20000000 -/* #define AP_OPTS_RESERVED 0x10000000 */ -/* #define AP_OPTS_RESERVED 0x08000000 */ -/* #define AP_OPTS_RESERVED 0x04000000 */ -/* #define AP_OPTS_RESERVED 0x02000000 */ -/* #define AP_OPTS_RESERVED 0x01000000 */ -/* #define AP_OPTS_RESERVED 0x00800000 */ -/* #define AP_OPTS_RESERVED 0x00400000 */ -/* #define AP_OPTS_RESERVED 0x00200000 */ -/* #define AP_OPTS_RESERVED 0x00100000 */ -/* #define AP_OPTS_RESERVED 0x00080000 */ -/* #define AP_OPTS_RESERVED 0x00040000 */ -/* #define AP_OPTS_RESERVED 0x00020000 */ -/* #define AP_OPTS_RESERVED 0x00010000 */ -/* #define AP_OPTS_RESERVED 0x00008000 */ -/* #define AP_OPTS_RESERVED 0x00004000 */ -/* #define AP_OPTS_RESERVED 0x00002000 */ -/* #define AP_OPTS_RESERVED 0x00001000 */ -/* #define AP_OPTS_RESERVED 0x00000800 */ -/* #define AP_OPTS_RESERVED 0x00000400 */ -/* #define AP_OPTS_RESERVED 0x00000200 */ -/* #define AP_OPTS_RESERVED 0x00000100 */ -/* #define AP_OPTS_RESERVED 0x00000080 */ -/* #define AP_OPTS_RESERVED 0x00000040 */ -/* #define AP_OPTS_RESERVED 0x00000020 */ -/* #define AP_OPTS_RESERVED 0x00000010 */ -/* #define AP_OPTS_RESERVED 0x00000008 */ -/* #define AP_OPTS_RESERVED 0x00000004 */ -/* #define AP_OPTS_RESERVED 0x00000002 */ -#define AP_OPTS_USE_SUBKEY 0x00000001 - -#define AP_OPTS_WIRE_MASK 0xfffffff0 - -/* definitions for ad_type fields. */ -#define AD_TYPE_RESERVED 0x8000 -#define AD_TYPE_EXTERNAL 0x4000 -#define AD_TYPE_REGISTERED 0x2000 - -#define AD_TYPE_FIELD_TYPE_MASK 0x1fff - -/* Ticket flags */ -/* flags are 32 bits; each host is responsible to put the 4 bytes - representing these bits into net order before transmission */ -/* #define TKT_FLG_RESERVED 0x80000000 */ -#define TKT_FLG_FORWARDABLE 0x40000000 -#define TKT_FLG_FORWARDED 0x20000000 -#define TKT_FLG_PROXIABLE 0x10000000 -#define TKT_FLG_PROXY 0x08000000 -#define TKT_FLG_MAY_POSTDATE 0x04000000 -#define TKT_FLG_POSTDATED 0x02000000 -#define TKT_FLG_INVALID 0x01000000 -#define TKT_FLG_RENEWABLE 0x00800000 -#define TKT_FLG_INITIAL 0x00400000 -#define TKT_FLG_PRE_AUTH 0x00200000 -#define TKT_FLG_HW_AUTH 0x00100000 -/* #define TKT_FLG_RESERVED 0x00080000 */ -/* #define TKT_FLG_RESERVED 0x00040000 */ -/* #define TKT_FLG_RESERVED 0x00020000 */ -/* #define TKT_FLG_RESERVED 0x00010000 */ -/* #define TKT_FLG_RESERVED 0x00008000 */ -/* #define TKT_FLG_RESERVED 0x00004000 */ -/* #define TKT_FLG_RESERVED 0x00002000 */ -/* #define TKT_FLG_RESERVED 0x00001000 */ -/* #define TKT_FLG_RESERVED 0x00000800 */ -/* #define TKT_FLG_RESERVED 0x00000400 */ -/* #define TKT_FLG_RESERVED 0x00000200 */ -/* #define TKT_FLG_RESERVED 0x00000100 */ -/* #define TKT_FLG_RESERVED 0x00000080 */ -/* #define TKT_FLG_RESERVED 0x00000040 */ -/* #define TKT_FLG_RESERVED 0x00000020 */ -/* #define TKT_FLG_RESERVED 0x00000010 */ -/* #define TKT_FLG_RESERVED 0x00000008 */ -/* #define TKT_FLG_RESERVED 0x00000004 */ -/* #define TKT_FLG_RESERVED 0x00000002 */ -/* #define TKT_FLG_RESERVED 0x00000001 */ - -/* definitions for lr_type fields. */ -#define LR_TYPE_THIS_SERVER_ONLY 0x8000 - -#define LR_TYPE_INTERPRETATION_MASK 0x7fff - -/* definitions for ad_type fields. */ -#define AD_TYPE_EXTERNAL 0x4000 -#define AD_TYPE_REGISTERED 0x2000 - -#define AD_TYPE_FIELD_TYPE_MASK 0x1fff -#define AD_TYPE_INTERNAL_MASK 0x3fff - -/* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */ -#define MSEC_DIRBIT 0x8000 -#define MSEC_VAL_MASK 0x7fff - -/* - * end "fieldbits.h" - */ - -/* - * begin "proto.h" - */ - -/* Protocol version number */ -#define KRB5_PVNO 5 - -/* Message types */ - -#define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */ -#define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */ -#define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */ -#define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */ -#define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */ -#define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */ -#define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */ -#define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */ -#define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */ -#define KRB5_ERROR ((krb5_msgtype)30) /* Error response */ - -/* LastReq types */ -#define KRB5_LRQ_NONE 0 -#define KRB5_LRQ_ALL_LAST_TGT 1 -#define KRB5_LRQ_ONE_LAST_TGT (-1) -#define KRB5_LRQ_ALL_LAST_INITIAL 2 -#define KRB5_LRQ_ONE_LAST_INITIAL (-2) -#define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3 -#define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3) -#define KRB5_LRQ_ALL_LAST_RENEWAL 4 -#define KRB5_LRQ_ONE_LAST_RENEWAL (-4) -#define KRB5_LRQ_ALL_LAST_REQ 5 -#define KRB5_LRQ_ONE_LAST_REQ (-5) - -/* PADATA types */ -#define KRB5_PADATA_NONE 0 -#define KRB5_PADATA_AP_REQ 1 -#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ -#define KRB5_PADATA_ENC_TIMESTAMP 2 -#define KRB5_PADATA_PW_SALT 3 -#if 0 /* Not used */ -#define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */ -#endif -#define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */ -#define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */ -#define KRB5_PADATA_SESAME 7 /* Sesame project */ -#define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */ - -/* Reserved for SPX pre-authentication. */ -#define KRB5_PADATA_DASS 16 - -/* Transited encoding types */ -#define KRB5_DOMAIN_X500_COMPRESS 1 - -/* alternate authentication types */ -#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64 - -/* authorization data types */ -#define KRB5_AUTHDATA_OSF_DCE 64 -#define KRB5_AUTHDATA_SESAME 65 - -/* - * end "proto.h" - */ - -/* - * begin "error_def.h" - */ - -#include <errno.h> - -/* - * end "error_def.h" - */ - -/* Time set */ -typedef struct _krb5_ticket_times { - krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime - in ticket? otherwise client can't get this */ - krb5_timestamp starttime; /* optional in ticket, if not present, - use authtime */ - krb5_timestamp endtime; - krb5_timestamp renew_till; -} krb5_ticket_times; - -/* structure for auth data */ -typedef struct _krb5_authdata { - krb5_magic magic; - krb5_authdatatype ad_type; - int length; - krb5_octet FAR *contents; -} krb5_authdata; - -/* structure for transited encoding */ -typedef struct _krb5_transited { - krb5_magic magic; - krb5_octet tr_type; - krb5_data tr_contents; -} krb5_transited; - -typedef struct _krb5_enc_tkt_part { - krb5_magic magic; - /* to-be-encrypted portion */ - krb5_flags flags; /* flags */ - krb5_keyblock FAR *session; /* session key: includes keytype */ - krb5_principal client; /* client name/realm */ - krb5_transited transited; /* list of transited realms */ - krb5_ticket_times times; /* auth, start, end, renew_till */ - krb5_address FAR * FAR *caddrs; /* array of ptrs to addresses */ - krb5_authdata FAR * FAR *authorization_data; /* auth data */ -} krb5_enc_tkt_part; - -typedef struct _krb5_ticket { - krb5_magic magic; - /* cleartext portion */ - krb5_principal server; /* server name/realm */ - krb5_enc_data enc_part; /* encryption type, kvno, encrypted - encoding */ - krb5_enc_tkt_part FAR *enc_part2; /* ptr to decrypted version, if - available */ -} krb5_ticket; - -/* the unencrypted version */ -typedef struct _krb5_authenticator { - krb5_magic magic; - krb5_principal client; /* client name/realm */ - krb5_checksum FAR *checksum; /* checksum, includes type, optional */ - krb5_int32 cusec; /* client usec portion */ - krb5_timestamp ctime; /* client sec portion */ - krb5_keyblock FAR *subkey; /* true session key, optional */ - krb5_int32 seq_number; /* sequence #, optional */ - krb5_authdata FAR * FAR *authorization_data; /* New add by Ari, auth data */ -} krb5_authenticator; - -typedef struct _krb5_tkt_authent { - krb5_magic magic; - krb5_ticket FAR *ticket; - krb5_authenticator FAR *authenticator; - krb5_flags ap_options; -} krb5_tkt_authent; - -/* credentials: Ticket, session key, etc. */ -typedef struct _krb5_creds { - krb5_magic magic; - krb5_principal client; /* client's principal identifier */ - krb5_principal server; /* server's principal identifier */ - krb5_keyblock keyblock; /* session encryption key info */ - krb5_ticket_times times; /* lifetime info */ - krb5_boolean is_skey; /* true if ticket is encrypted in - another ticket's skey */ - krb5_flags ticket_flags; /* flags in ticket */ - krb5_address FAR * FAR *addresses; /* addrs in ticket */ - krb5_data ticket; /* ticket string itself */ - krb5_data second_ticket; /* second ticket, if related to - ticket (via DUPLICATE-SKEY or - ENC-TKT-IN-SKEY) */ - krb5_authdata FAR * FAR *authdata; /* authorization data */ -} krb5_creds; - -/* Last request fields */ -typedef struct _krb5_last_req_entry { - krb5_magic magic; - krb5_octet lr_type; - krb5_timestamp value; -} krb5_last_req_entry; - -/* pre-authentication data */ -typedef struct _krb5_pa_data { - krb5_magic magic; - krb5_ui_2 pa_type; - int length; - krb5_octet FAR *contents; -} krb5_pa_data; - -typedef struct _krb5_kdc_req { - krb5_magic magic; - krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */ - krb5_pa_data FAR * FAR *padata; /* e.g. encoded AP_REQ */ - /* real body */ - krb5_flags kdc_options; /* requested options */ - krb5_principal client; /* includes realm; optional */ - krb5_principal server; /* includes realm (only used if no - client) */ - krb5_timestamp from; /* requested starttime */ - krb5_timestamp till; /* requested endtime */ - krb5_timestamp rtime; /* (optional) requested renew_till */ - krb5_int32 nonce; /* nonce to match request/response */ - int netypes; /* # of etypes, must be positive */ - krb5_enctype FAR *etype; /* requested encryption type(s) */ - krb5_address FAR * FAR *addresses; /* requested addresses, optional */ - krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */ - krb5_authdata FAR * FAR *unenc_authdata; /* unencrypted auth data, - if available */ - krb5_ticket FAR * FAR *second_ticket;/* second ticket array; OPTIONAL */ -} krb5_kdc_req; - -typedef struct _krb5_enc_kdc_rep_part { - krb5_magic magic; - /* encrypted part: */ - krb5_msgtype msg_type; /* krb5 message type */ - krb5_keyblock FAR *session; /* session key */ - krb5_last_req_entry FAR * FAR *last_req; /* array of ptrs to entries */ - krb5_int32 nonce; /* nonce from request */ - krb5_timestamp key_exp; /* expiration date */ - krb5_flags flags; /* ticket flags */ - krb5_ticket_times times; /* lifetime info */ - krb5_principal server; /* server's principal identifier */ - krb5_address FAR * FAR *caddrs; /* array of ptrs to addresses, - optional */ -} krb5_enc_kdc_rep_part; - -typedef struct _krb5_kdc_rep { - krb5_magic magic; - /* cleartext part: */ - krb5_msgtype msg_type; /* AS_REP or KDC_REP? */ - krb5_pa_data FAR * FAR *padata; /* preauthentication data from KDC */ - krb5_principal client; /* client's principal identifier */ - krb5_ticket FAR *ticket; /* ticket */ - krb5_enc_data enc_part; /* encryption type, kvno, encrypted - encoding */ - krb5_enc_kdc_rep_part FAR *enc_part2;/* unencrypted version, if available */ -} krb5_kdc_rep; - -/* error message structure */ -typedef struct _krb5_error { - krb5_magic magic; - /* some of these may be meaningless in certain contexts */ - krb5_timestamp ctime; /* client sec portion; optional */ - krb5_int32 cusec; /* client usec portion; optional */ - krb5_int32 susec; /* server usec portion */ - krb5_timestamp stime; /* server sec portion */ - krb5_ui_4 error; /* error code (protocol error #'s) */ - krb5_principal client; /* client's principal identifier; - optional */ - krb5_principal server; /* server's principal identifier */ - krb5_data text; /* descriptive text */ - krb5_data e_data; /* additional error-describing data */ -} krb5_error; - -typedef struct _krb5_ap_req { - krb5_magic magic; - krb5_flags ap_options; /* requested options */ - krb5_ticket FAR *ticket; /* ticket */ - krb5_enc_data authenticator; /* authenticator (already encrypted) */ -} krb5_ap_req; - -typedef struct _krb5_ap_rep { - krb5_magic magic; - krb5_enc_data enc_part; -} krb5_ap_rep; - -typedef struct _krb5_ap_rep_enc_part { - krb5_magic magic; - krb5_timestamp ctime; /* client time, seconds portion */ - krb5_int32 cusec; /* client time, microseconds portion */ - krb5_keyblock FAR *subkey; /* true session key, optional */ - krb5_int32 seq_number; /* sequence #, optional */ -} krb5_ap_rep_enc_part; - -typedef struct _krb5_response { - krb5_magic magic; - krb5_octet message_type; - krb5_data response; -} krb5_response; - -typedef struct _krb5_safe { - krb5_magic magic; - krb5_data user_data; /* user data */ - krb5_timestamp timestamp; /* client time, optional */ - krb5_int32 usec; /* microsecond portion of time, - optional */ - krb5_int32 seq_number; /* sequence #, optional */ - krb5_address FAR *s_address; /* sender address */ - krb5_address FAR *r_address; /* recipient address, optional */ - krb5_checksum FAR *checksum; /* data integrity checksum */ -} krb5_safe; - -typedef struct _krb5_priv { - krb5_magic magic; - krb5_enc_data enc_part; /* encrypted part */ -} krb5_priv; - -typedef struct _krb5_priv_enc_part { - krb5_magic magic; - krb5_data user_data; /* user data */ - krb5_timestamp timestamp; /* client time, optional */ - krb5_int32 usec; /* microsecond portion of time, opt. */ - krb5_int32 seq_number; /* sequence #, optional */ - krb5_address FAR *s_address; /* sender address */ - krb5_address FAR *r_address; /* recipient address, optional */ -} krb5_priv_enc_part; - -typedef struct _krb5_cred_info { - krb5_magic magic; - krb5_keyblock FAR *session; /* session key used to encrypt */ - /* ticket */ - krb5_principal client; /* client name/realm, optional */ - krb5_principal server; /* server name/realm, optional */ - krb5_flags flags; /* ticket flags, optional */ - krb5_ticket_times times; /* auth, start, end, renew_till, */ - /* optional */ - krb5_address FAR * FAR *caddrs; /* array of ptrs to addresses */ -} krb5_cred_info; - -typedef struct _krb5_cred_enc_part { - krb5_magic magic; - krb5_int32 nonce; /* nonce, optional */ - krb5_timestamp timestamp; /* client time */ - krb5_int32 usec; /* microsecond portion of time */ - krb5_address FAR *s_address; /* sender address, optional */ - krb5_address FAR *r_address; /* recipient address, optional */ - krb5_cred_info FAR * FAR *ticket_info; -} krb5_cred_enc_part; - -typedef struct _krb5_cred { - krb5_magic magic; - krb5_ticket FAR * FAR *tickets; /* tickets */ - krb5_enc_data enc_part; /* encrypted part */ - krb5_cred_enc_part FAR *enc_part2; /* unencrypted version, if available*/ -} krb5_cred; - -/* Sandia password generation structures */ -typedef struct _passwd_phrase_element { - krb5_magic magic; - krb5_data FAR *passwd; - krb5_data FAR *phrase; -} passwd_phrase_element; - -typedef struct _krb5_pwd_data { - krb5_magic magic; - int sequence_count; - passwd_phrase_element FAR * FAR *element; -} krb5_pwd_data; - -/* these need to be here so the typedefs are available for the prototypes */ - -/* - * begin "safepriv.h" - */ - -#define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001 -#define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002 -#define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004 -#define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008 - -typedef struct krb5_replay_data { - krb5_timestamp timestamp; - krb5_int32 usec; - krb5_int32 seq; -} krb5_replay_data; - -/* flags for krb5_auth_con_genaddrs() */ -#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001 -#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002 -#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004 -#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008 - -/* - * end "safepriv.h" - */ - - -/* - * begin "ccache.h" - */ - -typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ - -typedef struct _krb5_ccache { - krb5_magic magic; - struct _krb5_cc_ops FAR *ops; - krb5_pointer data; -} FAR *krb5_ccache; - -typedef struct _krb5_cc_ops { - krb5_magic magic; - char FAR *prefix; - char FAR * (INTERFACE *get_name) KRB5_NPROTOTYPE((krb5_context, krb5_ccache)); - krb5_error_code (INTERFACE *resolve) KRB5_NPROTOTYPE((krb5_context, krb5_ccache FAR *, - char FAR *)); - krb5_error_code (INTERFACE *gen_new) KRB5_NPROTOTYPE((krb5_context, krb5_ccache FAR *)); - krb5_error_code (INTERFACE *init) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, - krb5_principal)); - krb5_error_code (INTERFACE *destroy) KRB5_NPROTOTYPE((krb5_context, krb5_ccache)); - krb5_error_code (INTERFACE *close) KRB5_NPROTOTYPE((krb5_context, krb5_ccache)); - krb5_error_code (INTERFACE *store) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, - krb5_creds FAR *)); - krb5_error_code (INTERFACE *retrieve) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, - krb5_flags, krb5_creds FAR *, - krb5_creds FAR *)); - krb5_error_code (INTERFACE *get_princ) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, - krb5_principal FAR *)); - krb5_error_code (INTERFACE *get_first) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, - krb5_cc_cursor FAR *)); - krb5_error_code (INTERFACE *get_next) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, - krb5_cc_cursor FAR *, krb5_creds FAR *)); - krb5_error_code (INTERFACE *end_get) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, - krb5_cc_cursor FAR *)); - krb5_error_code (INTERFACE *remove_cred) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, - krb5_flags, krb5_creds FAR *)); - krb5_error_code (INTERFACE *set_flags) KRB5_NPROTOTYPE((krb5_context, krb5_ccache, - krb5_flags)); -} krb5_cc_ops; - -/* for retrieve_cred */ -#define KRB5_TC_MATCH_TIMES 0x00000001 -#define KRB5_TC_MATCH_IS_SKEY 0x00000002 -#define KRB5_TC_MATCH_FLAGS 0x00000004 -#define KRB5_TC_MATCH_TIMES_EXACT 0x00000008 -#define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010 -#define KRB5_TC_MATCH_AUTHDATA 0x00000020 -#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040 -#define KRB5_TC_MATCH_2ND_TKT 0x00000080 - -/* for set_flags and other functions */ -#define KRB5_TC_OPENCLOSE 0x00000001 - -#define krb5_cc_initialize(context, cache, principal) (*(cache)->ops->init)(context, cache, principal) -#define krb5_cc_gen_new(context, cache) (*(cache)->ops->gen_new)(context, cache) -#define krb5_cc_destroy(context, cache) (*(cache)->ops->destroy)(context, cache) -#define krb5_cc_close(context, cache) (*(cache)->ops->close)(context, cache) -#define krb5_cc_store_cred(context, cache, creds) (*(cache)->ops->store)(context, cache, creds) -#define krb5_cc_retrieve_cred(context, cache, flags, mcreds, creds) (*(cache)->ops->retrieve)(context, cache, flags, mcreds, creds) -#define krb5_cc_get_principal(context, cache, principal) (*(cache)->ops->get_princ)(context, cache, principal) -#define krb5_cc_start_seq_get(context, cache, cursor) (*(cache)->ops->get_first)(context, cache, cursor) -#define krb5_cc_next_cred(context, cache, cursor, creds) (*(cache)->ops->get_next)(context, cache, cursor, creds) -#define krb5_cc_end_seq_get(context, cache, cursor) (*(cache)->ops->end_get)(context, cache, cursor) -#define krb5_cc_remove_cred(context, cache, flags, creds) (*(cache)->ops->remove_cred)(context, cache,flags, creds) -#define krb5_cc_set_flags(context, cache, flags) (*(cache)->ops->set_flags)(context, cache, flags) -#define krb5_cc_get_name(context, cache) (*(cache)->ops->get_name)(context, cache) -#define krb5_cc_get_type(context, cache) (*(cache)->ops->prefix) - -extern krb5_cc_ops FAR *krb5_cc_dfl_ops; - -/* - * end "ccache.h" - */ - -/* - * begin "rcache.h" - */ - -typedef struct krb5_rc_st { - krb5_magic magic; - struct _krb5_rc_ops FAR *ops; - krb5_pointer data; -} FAR *krb5_rcache; - -typedef struct _krb5_donot_replay { - krb5_magic magic; - char FAR *server; /* null-terminated */ - char FAR *client; /* null-terminated */ - krb5_int32 cusec; - krb5_timestamp ctime; -} krb5_donot_replay; - -typedef struct _krb5_rc_ops { - krb5_magic magic; - char FAR *type; - krb5_error_code (*init)KRB5_NPROTOTYPE((krb5_context, krb5_rcache,krb5_deltat)); /* create */ - krb5_error_code (*recover)KRB5_NPROTOTYPE((krb5_context, krb5_rcache)); /* open */ - krb5_error_code (*destroy)KRB5_NPROTOTYPE((krb5_context, krb5_rcache)); - krb5_error_code (*close)KRB5_NPROTOTYPE((krb5_context, krb5_rcache)); - krb5_error_code (*store)KRB5_NPROTOTYPE((krb5_context, krb5_rcache,krb5_donot_replay FAR *)); - krb5_error_code (*expunge)KRB5_NPROTOTYPE((krb5_context, krb5_rcache)); - krb5_error_code (*get_span)KRB5_NPROTOTYPE((krb5_context, krb5_rcache,krb5_deltat FAR *)); - char FAR *(*get_name)KRB5_NPROTOTYPE((krb5_context, krb5_rcache)); - krb5_error_code (*resolve)KRB5_NPROTOTYPE((krb5_context, krb5_rcache, char FAR *)); -} krb5_rc_ops; - -krb5_error_code krb5_rc_default - KRB5_PROTOTYPE((krb5_context, - krb5_rcache FAR *)); -krb5_error_code krb5_rc_register_type - KRB5_PROTOTYPE((krb5_context, - krb5_rc_ops FAR *)); -krb5_error_code krb5_rc_resolve_type - KRB5_PROTOTYPE((krb5_context, - krb5_rcache FAR *,char FAR *)); -krb5_error_code krb5_rc_resolve_full - KRB5_PROTOTYPE((krb5_context, - krb5_rcache FAR *,char FAR *)); -char FAR * krb5_rc_get_type - KRB5_PROTOTYPE((krb5_context, - krb5_rcache)); -char FAR * krb5_rc_default_type - KRB5_PROTOTYPE((krb5_context)); -char FAR * krb5_rc_default_name - KRB5_PROTOTYPE((krb5_context)); -krb5_error_code krb5_auth_to_rep - KRB5_PROTOTYPE((krb5_context, - krb5_tkt_authent FAR *, - krb5_donot_replay FAR *)); - -#define krb5_rc_initialize(context, id, span) (*(id)->ops->init)(context, id, span) -#define krb5_rc_recover(context, id) (*(id)->ops->recover)(context, id) -#define krb5_rc_destroy(context, id) (*(id)->ops->destroy)(context, id) -#define krb5_rc_close(context, id) (*(id)->ops->close)(context, id) -#define krb5_rc_store(context, id, dontreplay) (*(id)->ops->store)(context, id, dontreplay) -#define krb5_rc_expunge(context, id) (*(id)->ops->expunge)(context, id) -#define krb5_rc_get_lifespan(context, id, spanp) (*(id)->ops->get_span)(context, id, spanp) -#define krb5_rc_get_name(context, id) (*(id)->ops->get_name)(context, id) -#define krb5_rc_resolve(context, id, name) (*(id)->ops->resolve)(context, id, name) - -extern krb5_rc_ops krb5_rc_dfl_ops; - -/* - * end "rcache.h" - */ - -/* - * begin "keytab.h" - */ - - -/* XXX */ -#define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */ - -typedef krb5_pointer krb5_kt_cursor; /* XXX */ - -typedef struct krb5_keytab_entry_st { - krb5_magic magic; - krb5_principal principal; /* principal of this key */ - krb5_timestamp timestamp; /* time entry written to keytable */ - krb5_kvno vno; /* key version number */ - krb5_keyblock key; /* the secret key */ -} krb5_keytab_entry; - - -typedef struct _krb5_kt { - krb5_magic magic; - struct _krb5_kt_ops FAR *ops; - krb5_pointer data; -} FAR *krb5_keytab; - - -typedef struct _krb5_kt_ops { - krb5_magic magic; - char FAR *prefix; - /* routines always present */ - krb5_error_code (*resolve) - KRB5_NPROTOTYPE((krb5_context, - krb5_const char FAR *, - krb5_keytab FAR *)); - krb5_error_code (*get_name) - KRB5_NPROTOTYPE((krb5_context, - krb5_keytab, - char FAR *, - int)); - krb5_error_code (*close) - KRB5_NPROTOTYPE((krb5_context, - krb5_keytab)); - krb5_error_code (*get) - KRB5_NPROTOTYPE((krb5_context, - krb5_keytab, - krb5_principal, - krb5_kvno, - krb5_keytype, - krb5_keytab_entry FAR *)); - krb5_error_code (*start_seq_get) - KRB5_NPROTOTYPE((krb5_context, - krb5_keytab, - krb5_kt_cursor FAR *)); - krb5_error_code (*get_next) - KRB5_NPROTOTYPE((krb5_context, - krb5_keytab, - krb5_keytab_entry FAR *, - krb5_kt_cursor FAR *)); - krb5_error_code (*end_get) - KRB5_NPROTOTYPE((krb5_context, - krb5_keytab, - krb5_kt_cursor FAR *)); - /* routines to be included on extended version (write routines) */ - krb5_error_code (*add) - KRB5_NPROTOTYPE((krb5_context, - krb5_keytab, - krb5_keytab_entry FAR *)); - krb5_error_code (*remove) - KRB5_NPROTOTYPE((krb5_context, - krb5_keytab, - krb5_keytab_entry FAR *)); - - /* Handle for serializer */ - void * serializer; -} krb5_kt_ops; - -#define krb5_kt_get_type(context, keytab) (*(keytab)->ops->prefix) -#define krb5_kt_get_name(context, keytab, name, namelen) (*(keytab)->ops->get_name)(context, keytab,name,namelen) -#define krb5_kt_close(context, keytab) (*(keytab)->ops->close)(context, keytab) -#define krb5_kt_get_entry(context, keytab, principal, vno, keytype, entry) (*(keytab)->ops->get)(context, keytab, principal, vno, keytype, entry) -#define krb5_kt_start_seq_get(context, keytab, cursor) (*(keytab)->ops->start_seq_get)(context, keytab, cursor) -#define krb5_kt_next_entry(context, keytab, entry, cursor) (*(keytab)->ops->get_next)(context, keytab, entry, cursor) -#define krb5_kt_end_seq_get(context, keytab, cursor) (*(keytab)->ops->end_get)(context, keytab, cursor) -/* remove and add are functions, so that they can return NOWRITE - if not a writable keytab */ - - -extern krb5_kt_ops krb5_kt_dfl_ops; - -/* - * end "keytab.h" - */ - -/* - * begin "func-proto.h" - */ - -krb5_error_code INTERFACE krb5_init_context - KRB5_PROTOTYPE((krb5_context FAR *)); -void krb5_free_context - KRB5_PROTOTYPE((krb5_context)); - -krb5_error_code krb5_set_default_in_tkt_etypes - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_enctype *)); -krb5_error_code krb5_get_default_in_tkt_etypes - KRB5_PROTOTYPE((krb5_context, - krb5_enctype **)); - -/* libkrb.spec */ -krb5_error_code krb5_kdc_rep_decrypt_proc - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * )); -krb5_error_code krb5_encrypt_tkt_part - KRB5_PROTOTYPE((krb5_context, - krb5_encrypt_block *, - krb5_const krb5_keyblock *, - krb5_ticket * )); -krb5_error_code krb5_decrypt_tkt_part - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_keyblock *, - krb5_ticket * )); -krb5_error_code krb5_get_cred_from_kdc - KRB5_PROTOTYPE((krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** )); -void krb5_free_tgt_creds - KRB5_PROTOTYPE((krb5_context, - krb5_creds ** )); /* XXX too hard to do with const */ - -#define KRB5_GC_USER_USER 1 /* want user-user ticket */ -#define KRB5_GC_CACHED 2 /* want cached ticket only */ - -krb5_error_code INTERFACE krb5_get_credentials - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_flags, - krb5_ccache, - krb5_creds FAR *, - krb5_creds FAR * FAR *)); -krb5_error_code INTERFACE krb5_get_cred_via_tkt - KRB5_PROTOTYPE((krb5_context, - krb5_creds *, - krb5_const krb5_flags, - krb5_address * krb5_const *, - krb5_creds *, - krb5_creds **)); -krb5_error_code krb5_mk_req - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context *, - krb5_const krb5_flags, - char *, - char *, - krb5_data *, - krb5_ccache, - krb5_data * )); -krb5_error_code INTERFACE krb5_mk_req_extended - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context FAR *, - krb5_const krb5_flags, - krb5_data FAR *, - krb5_creds FAR *, - krb5_data FAR * )); -krb5_error_code krb5_mk_rep - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_data *)); -krb5_error_code INTERFACE krb5_rd_rep - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_const krb5_data FAR *, - krb5_ap_rep_enc_part FAR * FAR *)); -krb5_error_code krb5_mk_error - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_error *, - krb5_data * )); -krb5_error_code krb5_rd_error - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_data *, - krb5_error ** )); -krb5_error_code krb5_rd_safe - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_const krb5_data *, - krb5_data *, - krb5_replay_data *)); -krb5_error_code krb5_rd_priv - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_const krb5_data *, - krb5_data *, - krb5_replay_data *)); -krb5_error_code INTERFACE krb5_parse_name - KRB5_PROTOTYPE((krb5_context, - krb5_const char FAR *, - krb5_principal FAR * )); -krb5_error_code INTERFACE krb5_unparse_name - KRB5_PROTOTYPE((krb5_context, - krb5_const_principal, - char FAR * FAR * )); -krb5_error_code krb5_unparse_name_ext - KRB5_PROTOTYPE((krb5_context, - krb5_const_principal, - char **, - int *)); -krb5_boolean krb5_address_search - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_address *, - krb5_address * krb5_const *)); -krb5_boolean krb5_address_compare - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_address *, - krb5_const krb5_address *)); -int krb5_address_order - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_address *, - krb5_const krb5_address *)); -krb5_boolean krb5_realm_compare - KRB5_PROTOTYPE((krb5_context, - krb5_const_principal, - krb5_const_principal)); -krb5_boolean krb5_principal_compare - KRB5_PROTOTYPE((krb5_context, - krb5_const_principal, - krb5_const_principal)); -krb5_error_code krb5_copy_keyblock - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_keyblock *, - krb5_keyblock **)); -krb5_error_code krb5_copy_keyblock_contents - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_keyblock *, - krb5_keyblock *)); -krb5_error_code krb5_copy_creds - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_creds *, - krb5_creds **)); -krb5_error_code krb5_copy_data - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_data *, - krb5_data **)); -krb5_error_code krb5_copy_principal - KRB5_PROTOTYPE((krb5_context, - krb5_const_principal, - krb5_principal *)); -krb5_error_code krb5_copy_addresses - KRB5_PROTOTYPE((krb5_context, - krb5_address * krb5_const *, - krb5_address ***)); -krb5_error_code krb5_copy_ticket - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_ticket *, krb5_ticket **)); -krb5_error_code krb5_copy_authdata - KRB5_PROTOTYPE((krb5_context, - krb5_authdata * krb5_const *, - krb5_authdata ***)); -krb5_error_code krb5_copy_authenticator - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_authenticator *, - krb5_authenticator **)); -krb5_error_code krb5_copy_checksum - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_checksum *, - krb5_checksum **)); -void INTERFACE krb5_init_ets KRB5_PROTOTYPE((krb5_context)); -krb5_error_code krb5_generate_subkey - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_keyblock *, krb5_keyblock **)); -krb5_error_code krb5_generate_seq_number - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_keyblock *, krb5_int32 *)); -krb5_error_code krb5_get_server_rcache - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_data *, krb5_rcache *)); -krb5_error_code INTERFACE_C krb5_build_principal_ext - KRB5_STDARG_P((krb5_context, krb5_principal FAR *, int, krb5_const char FAR *, ...)); -krb5_error_code krb5_build_principal - KRB5_STDARG_P((krb5_context, krb5_principal *, int, krb5_const char *, ...)); -#ifdef va_start -/* XXX depending on varargs include file defining va_start... */ -krb5_error_code krb5_build_principal_va - KRB5_PROTOTYPE((krb5_context, - krb5_principal *, int, krb5_const char *, va_list)); -#endif - -krb5_error_code krb5_425_conv_principal - KRB5_PROTOTYPE((krb5_context, - krb5_const char *name, krb5_const char *instance, krb5_const char *realm, - krb5_principal *princ)); - -krb5_error_code -krb5_524_conv_principal - KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_principal princ, - char *name, char *inst, char *realm)); - -krb5_error_code krb5_obtain_padata - KRB5_PROTOTYPE((krb5_context, - int type, krb5_principal client, krb5_address **src_addr, - krb5_keyblock *encrypt_key, krb5_pa_data **data)); - -krb5_error_code krb5_verify_padata - KRB5_PROTOTYPE((krb5_context, - krb5_pa_data * data, krb5_principal client, - krb5_address **src_addr, krb5_keyblock *decrypt_key, - int *req_id, int *flags)); - -/* libkt.spec */ -krb5_error_code krb5_kt_register - KRB5_PROTOTYPE((krb5_context, - krb5_kt_ops * )); -krb5_error_code krb5_kt_resolve - KRB5_PROTOTYPE((krb5_context, - krb5_const char *, - krb5_keytab * )); -krb5_error_code krb5_kt_default_name - KRB5_PROTOTYPE((krb5_context, - char *, - int )); -krb5_error_code krb5_kt_default - KRB5_PROTOTYPE((krb5_context, - krb5_keytab * )); -krb5_error_code krb5_kt_free_entry - KRB5_PROTOTYPE((krb5_context, - krb5_keytab_entry * )); -/* remove and add are functions, so that they can return NOWRITE - if not a writable keytab */ -krb5_error_code krb5_kt_remove_entry - KRB5_PROTOTYPE((krb5_context, - krb5_keytab, - krb5_keytab_entry * )); -krb5_error_code krb5_kt_add_entry - KRB5_PROTOTYPE((krb5_context, - krb5_keytab, - krb5_keytab_entry * )); -krb5_error_code krb5_principal2salt - KRB5_PROTOTYPE((krb5_context, - krb5_const_principal, krb5_data *)); -krb5_error_code krb5_principal2salt_norealm - KRB5_PROTOTYPE((krb5_context, - krb5_const_principal, krb5_data *)); - -/* librc.spec--see rcache.h */ - -/* libcc.spec */ -krb5_error_code krb5_cc_resolve - KRB5_PROTOTYPE((krb5_context, - char *, - krb5_ccache * )); -krb5_error_code krb5_cc_generate_new - KRB5_PROTOTYPE((krb5_context, - krb5_cc_ops *, - krb5_ccache * )); -char * krb5_cc_default_name - KRB5_PROTOTYPE((krb5_context)); -krb5_error_code INTERFACE krb5_cc_default - KRB5_PROTOTYPE((krb5_context, - krb5_ccache FAR *)); -unsigned int INTERFACE krb5_get_notification_message - KRB5_PROTOTYPE((void)); - -/* chk_trans.c */ -krb5_error_code krb5_check_transited_list - KRB5_PROTOTYPE((krb5_context, - krb5_data *trans, krb5_data *realm1, krb5_data *realm2)); - -/* free_rtree.c */ -void krb5_free_realm_tree - KRB5_PROTOTYPE((krb5_context, - krb5_principal *)); - -/* krb5_free.c */ -void INTERFACE krb5_free_principal - KRB5_PROTOTYPE((krb5_context, - krb5_principal )); -void krb5_free_authenticator - KRB5_PROTOTYPE((krb5_context, - krb5_authenticator * )); -void krb5_free_authenticator_contents - KRB5_PROTOTYPE((krb5_context, - krb5_authenticator * )); -void INTERFACE krb5_free_addresses - KRB5_PROTOTYPE((krb5_context, - krb5_address FAR * FAR * )); -void krb5_free_address - KRB5_PROTOTYPE((krb5_context, - krb5_address * )); -void krb5_free_authdata - KRB5_PROTOTYPE((krb5_context, - krb5_authdata ** )); -void krb5_free_enc_tkt_part - KRB5_PROTOTYPE((krb5_context, - krb5_enc_tkt_part * )); -void krb5_free_ticket - KRB5_PROTOTYPE((krb5_context, - krb5_ticket * )); -void krb5_free_tickets - KRB5_PROTOTYPE((krb5_context, - krb5_ticket ** )); -void krb5_free_kdc_req - KRB5_PROTOTYPE((krb5_context, - krb5_kdc_req * )); -void krb5_free_kdc_rep - KRB5_PROTOTYPE((krb5_context, - krb5_kdc_rep * )); -void krb5_free_last_req - KRB5_PROTOTYPE((krb5_context, - krb5_last_req_entry ** )); -void krb5_free_enc_kdc_rep_part - KRB5_PROTOTYPE((krb5_context, - krb5_enc_kdc_rep_part * )); -void krb5_free_error - KRB5_PROTOTYPE((krb5_context, - krb5_error * )); -void krb5_free_ap_req - KRB5_PROTOTYPE((krb5_context, - krb5_ap_req * )); -void krb5_free_ap_rep - KRB5_PROTOTYPE((krb5_context, - krb5_ap_rep * )); -void krb5_free_safe - KRB5_PROTOTYPE((krb5_context, - krb5_safe * )); -void krb5_free_priv - KRB5_PROTOTYPE((krb5_context, - krb5_priv * )); -void krb5_free_priv_enc_part - KRB5_PROTOTYPE((krb5_context, - krb5_priv_enc_part * )); -void krb5_free_cred - KRB5_PROTOTYPE((krb5_context, - krb5_cred *)); -void INTERFACE krb5_free_creds - KRB5_PROTOTYPE((krb5_context, - krb5_creds FAR *)); -void INTERFACE krb5_free_cred_contents - KRB5_PROTOTYPE((krb5_context, - krb5_creds FAR *)); -void krb5_free_cred_enc_part - KRB5_PROTOTYPE((krb5_context, - krb5_cred_enc_part *)); -void krb5_free_checksum - KRB5_PROTOTYPE((krb5_context, - krb5_checksum *)); -void krb5_free_keyblock - KRB5_PROTOTYPE((krb5_context, - krb5_keyblock *)); -void krb5_free_pa_data - KRB5_PROTOTYPE((krb5_context, - krb5_pa_data **)); -void INTERFACE krb5_free_ap_rep_enc_part - KRB5_PROTOTYPE((krb5_context, - krb5_ap_rep_enc_part FAR *)); -void krb5_free_tkt_authent - KRB5_PROTOTYPE((krb5_context, - krb5_tkt_authent *)); -void krb5_free_pwd_data - KRB5_PROTOTYPE((krb5_context, - krb5_pwd_data *)); -void krb5_free_pwd_sequences - KRB5_PROTOTYPE((krb5_context, - passwd_phrase_element **)); - -/* From krb5/os but needed but by the outside world */ -krb5_error_code INTERFACE krb5_us_timeofday - KRB5_PROTOTYPE((krb5_context, - krb5_int32 FAR *, - krb5_int32 FAR * )); -krb5_error_code INTERFACE krb5_timeofday - KRB5_PROTOTYPE((krb5_context, - krb5_int32 FAR * )); - /* get all the addresses of this host */ -krb5_error_code INTERFACE krb5_os_localaddr - KRB5_PROTOTYPE((krb5_context, - krb5_address FAR * FAR * FAR *)); -krb5_error_code INTERFACE krb5_get_default_realm - KRB5_PROTOTYPE((krb5_context, - char FAR * FAR * )); -krb5_error_code INTERFACE krb5_set_default_realm - KRB5_PROTOTYPE((krb5_context, - krb5_const char FAR * )); -krb5_error_code INTERFACE krb5_sname_to_principal - KRB5_PROTOTYPE((krb5_context, - krb5_const char FAR *, - krb5_const char FAR *, - krb5_int32, - krb5_principal FAR *)); - -krb5_error_code INTERFACE krb5_set_config_files - KRB5_PROTOTYPE ((krb5_context, krb5_const char **)); - -krb5_error_code krb5_encode_kdc_rep - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_msgtype, - krb5_const krb5_enc_kdc_rep_part *, - krb5_encrypt_block *, - krb5_const krb5_keyblock *, - krb5_kdc_rep *, - krb5_data ** )); - -krb5_error_code krb5_send_tgs - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_flags, - krb5_const krb5_ticket_times *, - krb5_const krb5_enctype *, - krb5_const_principal, - krb5_address * krb5_const *, - krb5_authdata * krb5_const *, - krb5_pa_data * krb5_const *, - krb5_const krb5_data *, - krb5_creds *, - krb5_response * )); - -krb5_error_code krb5_get_in_tkt - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_flags, - krb5_address * krb5_const *, - krb5_enctype *, - krb5_preauthtype *, - krb5_error_code ( * )(krb5_context, - krb5_const krb5_keytype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, - krb5_error_code ( * )(krb5_context, - krb5_const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ), - krb5_const_pointer, - krb5_creds *, - krb5_ccache, - krb5_kdc_rep ** )); - -krb5_error_code INTERFACE krb5_get_in_tkt_with_password - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_flags, - krb5_address FAR * krb5_const FAR *, - krb5_enctype FAR *, - krb5_preauthtype FAR *, - krb5_const char FAR *, - krb5_ccache, - krb5_creds FAR *, - krb5_kdc_rep FAR * FAR * )); - -krb5_error_code krb5_get_in_tkt_with_skey - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_flags, - krb5_address * krb5_const *, - krb5_enctype *, - krb5_preauthtype *, - krb5_const krb5_keyblock *, - krb5_ccache, - krb5_creds *, - krb5_kdc_rep ** )); - -krb5_error_code krb5_get_in_tkt_with_keytab - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_flags, - krb5_address * krb5_const *, - krb5_enctype *, - krb5_preauthtype *, - krb5_const krb5_keytab, - krb5_ccache, - krb5_creds *, - krb5_kdc_rep ** )); - - -krb5_error_code krb5_decode_kdc_rep - KRB5_PROTOTYPE((krb5_context, - krb5_data *, - krb5_const krb5_keyblock *, - krb5_const krb5_enctype, - krb5_kdc_rep ** )); - -krb5_error_code krb5_rd_req - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context *, - krb5_const krb5_data *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **)); - -krb5_error_code krb5_rd_req_decoded - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context *, - krb5_const krb5_ap_req *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **)); - -krb5_error_code krb5_kt_read_service_key - KRB5_PROTOTYPE((krb5_context, - krb5_pointer, - krb5_principal, - krb5_kvno, - krb5_keytype, - krb5_keyblock **)); -krb5_error_code krb5_mk_safe - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_const krb5_data *, - krb5_data *, - krb5_replay_data *)); -krb5_error_code krb5_mk_priv - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_const krb5_data *, - krb5_data *, - krb5_replay_data *)); -krb5_error_code krb5_cc_register - KRB5_PROTOTYPE((krb5_context, - krb5_cc_ops *, - krb5_boolean )); - -krb5_error_code krb5_sendauth - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context *, - krb5_pointer, - char *, - krb5_principal, - krb5_principal, - krb5_flags, - krb5_data *, - krb5_creds *, - krb5_ccache, - krb5_error **, - krb5_ap_rep_enc_part **, - krb5_creds **)); - -krb5_error_code krb5_recvauth KRB5_PROTOTYPE((krb5_context, - krb5_auth_context *, - krb5_pointer, - char *, - krb5_principal, - krb5_int32, - krb5_keytab, - krb5_ticket **)); - -krb5_error_code krb5_walk_realm_tree - KRB5_PROTOTYPE((krb5_context, - krb5_const krb5_data *, - krb5_const krb5_data *, - krb5_principal **, - int)); - -krb5_error_code INTERFACE krb5_mk_ncred - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_creds **, - krb5_data **, - krb5_replay_data *)); - -krb5_error_code INTERFACE krb5_mk_1cred - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_creds *, - krb5_data **, - krb5_replay_data *)); - -krb5_error_code krb5_rd_cred - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_data *, - krb5_creds ***, - krb5_replay_data *)); - -krb5_error_code krb5_auth_con_init - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context *)); - -krb5_error_code krb5_auth_con_free - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context)); - -krb5_error_code krb5_auth_con_setflags - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_int32)); - -krb5_error_code krb5_auth_con_getflags - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_int32 *)); - -krb5_error_code krb5_auth_con_setaddrs - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_address *, - krb5_address *)); - -krb5_error_code krb5_auth_con_getaddrs - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_address **, - krb5_address **)); - -krb5_error_code krb5_auth_con_setports - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_address *, - krb5_address *)); - -krb5_error_code krb5_auth_con_setuseruserkey - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_keyblock *)); - -krb5_error_code krb5_auth_con_getkey - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_keyblock **)); - -krb5_error_code krb5_auth_con_getlocalsubkey - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_keyblock **)); - -krb5_error_code krb5_auth_con_setcksumtype - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_cksumtype)); - -krb5_error_code krb5_auth_con_getcksumtype - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_cksumtype *)); - -krb5_error_code krb5_auth_con_getlocalseqnumber - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_int32 *)); - -krb5_error_code krb5_auth_con_getremoteseqnumber - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_int32 *)); - -krb5_error_code krb5_auth_con_initivector - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context)); - -krb5_error_code krb5_auth_con_setivector - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_pointer)); - -krb5_error_code krb5_auth_con_getivector - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_pointer *)); - -krb5_error_code krb5_auth_con_setrcache - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_rcache)); - -krb5_error_code krb5_auth_con_getrcache - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_rcache *)); - -krb5_error_code krb5_auth_con_getauthenticator - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_authenticator **)); - -krb5_error_code krb5_auth_con_getremotesubkey - KRB5_PROTOTYPE((krb5_context, - krb5_auth_context, - krb5_keyblock **)); - -#define KRB5_REALM_BRANCH_CHAR '.' - -/* - * end "func-proto.h" - */ - -/* - * begin "k5-free.h" - */ - -/* to keep lint happy */ -#define krb5_xfree(val) free((char FAR *)(val)) - -#define krb5_free_data(context, val) { krb5_xfree((val)->data); krb5_xfree(val);} - -/* - * end "k5-free.h" - */ - -/* The name of the Kerberos ticket granting service... and its size */ -#define KRB5_TGS_NAME "krbtgt" -#define KRB5_TGS_NAME_SIZE 6 - -/* flags for recvauth */ -#define KRB5_RECVAUTH_SKIP_VERSION 0x0001 -#define KRB5_RECVAUTH_BADAUTHVERS 0x0002 - -#endif /* KRB5_GENERAL__ */ -/* - * include/krb5/krb5_err.h: - * This file is automatically generated; please do not edit it. - */ -#define KRB5KDC_ERR_NONE (-1765328384L) -#define KRB5KDC_ERR_NAME_EXP (-1765328383L) -#define KRB5KDC_ERR_SERVICE_EXP (-1765328382L) -#define KRB5KDC_ERR_BAD_PVNO (-1765328381L) -#define KRB5KDC_ERR_C_OLD_MAST_KVNO (-1765328380L) -#define KRB5KDC_ERR_S_OLD_MAST_KVNO (-1765328379L) -#define KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN (-1765328378L) -#define KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (-1765328377L) -#define KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE (-1765328376L) -#define KRB5KDC_ERR_NULL_KEY (-1765328375L) -#define KRB5KDC_ERR_CANNOT_POSTDATE (-1765328374L) -#define KRB5KDC_ERR_NEVER_VALID (-1765328373L) -#define KRB5KDC_ERR_POLICY (-1765328372L) -#define KRB5KDC_ERR_BADOPTION (-1765328371L) -#define KRB5KDC_ERR_ETYPE_NOSUPP (-1765328370L) -#define KRB5KDC_ERR_SUMTYPE_NOSUPP (-1765328369L) -#define KRB5KDC_ERR_PADATA_TYPE_NOSUPP (-1765328368L) -#define KRB5KDC_ERR_TRTYPE_NOSUPP (-1765328367L) -#define KRB5KDC_ERR_CLIENT_REVOKED (-1765328366L) -#define KRB5KDC_ERR_SERVICE_REVOKED (-1765328365L) -#define KRB5KDC_ERR_TGT_REVOKED (-1765328364L) -#define KRB5KDC_ERR_CLIENT_NOTYET (-1765328363L) -#define KRB5KDC_ERR_SERVICE_NOTYET (-1765328362L) -#define KRB5KDC_ERR_KEY_EXP (-1765328361L) -#define KRB5KDC_ERR_PREAUTH_FAILED (-1765328360L) -#define KRB5KDC_ERR_PREAUTH_REQUIRED (-1765328359L) -#define KRB5KDC_ERR_SERVER_NOMATCH (-1765328358L) -#define KRB5PLACEHOLD_27 (-1765328357L) -#define KRB5PLACEHOLD_28 (-1765328356L) -#define KRB5PLACEHOLD_29 (-1765328355L) -#define KRB5PLACEHOLD_30 (-1765328354L) -#define KRB5KRB_AP_ERR_BAD_INTEGRITY (-1765328353L) -#define KRB5KRB_AP_ERR_TKT_EXPIRED (-1765328352L) -#define KRB5KRB_AP_ERR_TKT_NYV (-1765328351L) -#define KRB5KRB_AP_ERR_REPEAT (-1765328350L) -#define KRB5KRB_AP_ERR_NOT_US (-1765328349L) -#define KRB5KRB_AP_ERR_BADMATCH (-1765328348L) -#define KRB5KRB_AP_ERR_SKEW (-1765328347L) -#define KRB5KRB_AP_ERR_BADADDR (-1765328346L) -#define KRB5KRB_AP_ERR_BADVERSION (-1765328345L) -#define KRB5KRB_AP_ERR_MSG_TYPE (-1765328344L) -#define KRB5KRB_AP_ERR_MODIFIED (-1765328343L) -#define KRB5KRB_AP_ERR_BADORDER (-1765328342L) -#define KRB5KRB_AP_ERR_ILL_CR_TKT (-1765328341L) -#define KRB5KRB_AP_ERR_BADKEYVER (-1765328340L) -#define KRB5KRB_AP_ERR_NOKEY (-1765328339L) -#define KRB5KRB_AP_ERR_MUT_FAIL (-1765328338L) -#define KRB5KRB_AP_ERR_BADDIRECTION (-1765328337L) -#define KRB5KRB_AP_ERR_METHOD (-1765328336L) -#define KRB5KRB_AP_ERR_BADSEQ (-1765328335L) -#define KRB5KRB_AP_ERR_INAPP_CKSUM (-1765328334L) -#define KRB5PLACEHOLD_51 (-1765328333L) -#define KRB5PLACEHOLD_52 (-1765328332L) -#define KRB5PLACEHOLD_53 (-1765328331L) -#define KRB5PLACEHOLD_54 (-1765328330L) -#define KRB5PLACEHOLD_55 (-1765328329L) -#define KRB5PLACEHOLD_56 (-1765328328L) -#define KRB5PLACEHOLD_57 (-1765328327L) -#define KRB5PLACEHOLD_58 (-1765328326L) -#define KRB5PLACEHOLD_59 (-1765328325L) -#define KRB5KRB_ERR_GENERIC (-1765328324L) -#define KRB5KRB_ERR_FIELD_TOOLONG (-1765328323L) -#define KRB5PLACEHOLD_62 (-1765328322L) -#define KRB5PLACEHOLD_63 (-1765328321L) -#define KRB5PLACEHOLD_64 (-1765328320L) -#define KRB5PLACEHOLD_65 (-1765328319L) -#define KRB5PLACEHOLD_66 (-1765328318L) -#define KRB5PLACEHOLD_67 (-1765328317L) -#define KRB5PLACEHOLD_68 (-1765328316L) -#define KRB5PLACEHOLD_69 (-1765328315L) -#define KRB5PLACEHOLD_70 (-1765328314L) -#define KRB5PLACEHOLD_71 (-1765328313L) -#define KRB5PLACEHOLD_72 (-1765328312L) -#define KRB5PLACEHOLD_73 (-1765328311L) -#define KRB5PLACEHOLD_74 (-1765328310L) -#define KRB5PLACEHOLD_75 (-1765328309L) -#define KRB5PLACEHOLD_76 (-1765328308L) -#define KRB5PLACEHOLD_77 (-1765328307L) -#define KRB5PLACEHOLD_78 (-1765328306L) -#define KRB5PLACEHOLD_79 (-1765328305L) -#define KRB5PLACEHOLD_80 (-1765328304L) -#define KRB5PLACEHOLD_81 (-1765328303L) -#define KRB5PLACEHOLD_82 (-1765328302L) -#define KRB5PLACEHOLD_83 (-1765328301L) -#define KRB5PLACEHOLD_84 (-1765328300L) -#define KRB5PLACEHOLD_85 (-1765328299L) -#define KRB5PLACEHOLD_86 (-1765328298L) -#define KRB5PLACEHOLD_87 (-1765328297L) -#define KRB5PLACEHOLD_88 (-1765328296L) -#define KRB5PLACEHOLD_89 (-1765328295L) -#define KRB5PLACEHOLD_90 (-1765328294L) -#define KRB5PLACEHOLD_91 (-1765328293L) -#define KRB5PLACEHOLD_92 (-1765328292L) -#define KRB5PLACEHOLD_93 (-1765328291L) -#define KRB5PLACEHOLD_94 (-1765328290L) -#define KRB5PLACEHOLD_95 (-1765328289L) -#define KRB5PLACEHOLD_96 (-1765328288L) -#define KRB5PLACEHOLD_97 (-1765328287L) -#define KRB5PLACEHOLD_98 (-1765328286L) -#define KRB5PLACEHOLD_99 (-1765328285L) -#define KRB5PLACEHOLD_100 (-1765328284L) -#define KRB5PLACEHOLD_101 (-1765328283L) -#define KRB5PLACEHOLD_102 (-1765328282L) -#define KRB5PLACEHOLD_103 (-1765328281L) -#define KRB5PLACEHOLD_104 (-1765328280L) -#define KRB5PLACEHOLD_105 (-1765328279L) -#define KRB5PLACEHOLD_106 (-1765328278L) -#define KRB5PLACEHOLD_107 (-1765328277L) -#define KRB5PLACEHOLD_108 (-1765328276L) -#define KRB5PLACEHOLD_109 (-1765328275L) -#define KRB5PLACEHOLD_110 (-1765328274L) -#define KRB5PLACEHOLD_111 (-1765328273L) -#define KRB5PLACEHOLD_112 (-1765328272L) -#define KRB5PLACEHOLD_113 (-1765328271L) -#define KRB5PLACEHOLD_114 (-1765328270L) -#define KRB5PLACEHOLD_115 (-1765328269L) -#define KRB5PLACEHOLD_116 (-1765328268L) -#define KRB5PLACEHOLD_117 (-1765328267L) -#define KRB5PLACEHOLD_118 (-1765328266L) -#define KRB5PLACEHOLD_119 (-1765328265L) -#define KRB5PLACEHOLD_120 (-1765328264L) -#define KRB5PLACEHOLD_121 (-1765328263L) -#define KRB5PLACEHOLD_122 (-1765328262L) -#define KRB5PLACEHOLD_123 (-1765328261L) -#define KRB5PLACEHOLD_124 (-1765328260L) -#define KRB5PLACEHOLD_125 (-1765328259L) -#define KRB5PLACEHOLD_126 (-1765328258L) -#define KRB5PLACEHOLD_127 (-1765328257L) -#define KRB5_ERR_RCSID (-1765328256L) -#define KRB5_LIBOS_BADLOCKFLAG (-1765328255L) -#define KRB5_LIBOS_CANTREADPWD (-1765328254L) -#define KRB5_LIBOS_BADPWDMATCH (-1765328253L) -#define KRB5_LIBOS_PWDINTR (-1765328252L) -#define KRB5_PARSE_ILLCHAR (-1765328251L) -#define KRB5_PARSE_MALFORMED (-1765328250L) -#define KRB5_CONFIG_CANTOPEN (-1765328249L) -#define KRB5_CONFIG_BADFORMAT (-1765328248L) -#define KRB5_CONFIG_NOTENUFSPACE (-1765328247L) -#define KRB5_BADMSGTYPE (-1765328246L) -#define KRB5_CC_BADNAME (-1765328245L) -#define KRB5_CC_UNKNOWN_TYPE (-1765328244L) -#define KRB5_CC_NOTFOUND (-1765328243L) -#define KRB5_CC_END (-1765328242L) -#define KRB5_NO_TKT_SUPPLIED (-1765328241L) -#define KRB5KRB_AP_WRONG_PRINC (-1765328240L) -#define KRB5KRB_AP_ERR_TKT_INVALID (-1765328239L) -#define KRB5_PRINC_NOMATCH (-1765328238L) -#define KRB5_KDCREP_MODIFIED (-1765328237L) -#define KRB5_KDCREP_SKEW (-1765328236L) -#define KRB5_IN_TKT_REALM_MISMATCH (-1765328235L) -#define KRB5_PROG_ETYPE_NOSUPP (-1765328234L) -#define KRB5_PROG_KEYTYPE_NOSUPP (-1765328233L) -#define KRB5_WRONG_ETYPE (-1765328232L) -#define KRB5_PROG_SUMTYPE_NOSUPP (-1765328231L) -#define KRB5_REALM_UNKNOWN (-1765328230L) -#define KRB5_SERVICE_UNKNOWN (-1765328229L) -#define KRB5_KDC_UNREACH (-1765328228L) -#define KRB5_NO_LOCALNAME (-1765328227L) -#define KRB5_RC_TYPE_EXISTS (-1765328226L) -#define KRB5_RC_MALLOC (-1765328225L) -#define KRB5_RC_TYPE_NOTFOUND (-1765328224L) -#define KRB5_RC_UNKNOWN (-1765328223L) -#define KRB5_RC_REPLAY (-1765328222L) -#define KRB5_RC_IO (-1765328221L) -#define KRB5_RC_NOIO (-1765328220L) -#define KRB5_RC_PARSE (-1765328219L) -#define KRB5_RC_IO_EOF (-1765328218L) -#define KRB5_RC_IO_MALLOC (-1765328217L) -#define KRB5_RC_IO_PERM (-1765328216L) -#define KRB5_RC_IO_IO (-1765328215L) -#define KRB5_RC_IO_UNKNOWN (-1765328214L) -#define KRB5_RC_IO_SPACE (-1765328213L) -#define KRB5_TRANS_CANTOPEN (-1765328212L) -#define KRB5_TRANS_BADFORMAT (-1765328211L) -#define KRB5_LNAME_CANTOPEN (-1765328210L) -#define KRB5_LNAME_NOTRANS (-1765328209L) -#define KRB5_LNAME_BADFORMAT (-1765328208L) -#define KRB5_CRYPTO_INTERNAL (-1765328207L) -#define KRB5_KT_BADNAME (-1765328206L) -#define KRB5_KT_UNKNOWN_TYPE (-1765328205L) -#define KRB5_KT_NOTFOUND (-1765328204L) -#define KRB5_KT_END (-1765328203L) -#define KRB5_KT_NOWRITE (-1765328202L) -#define KRB5_KT_IOERR (-1765328201L) -#define KRB5_NO_TKT_IN_RLM (-1765328200L) -#define KRB5DES_BAD_KEYPAR (-1765328199L) -#define KRB5DES_WEAK_KEY (-1765328198L) -#define KRB5_BAD_KEYTYPE (-1765328197L) -#define KRB5_BAD_KEYSIZE (-1765328196L) -#define KRB5_BAD_MSIZE (-1765328195L) -#define KRB5_CC_TYPE_EXISTS (-1765328194L) -#define KRB5_KT_TYPE_EXISTS (-1765328193L) -#define KRB5_CC_IO (-1765328192L) -#define KRB5_FCC_PERM (-1765328191L) -#define KRB5_FCC_NOFILE (-1765328190L) -#define KRB5_FCC_INTERNAL (-1765328189L) -#define KRB5_CC_WRITE (-1765328188L) -#define KRB5_CC_NOMEM (-1765328187L) -#define KRB5_INVALID_FLAGS (-1765328186L) -#define KRB5_NO_2ND_TKT (-1765328185L) -#define KRB5_NOCREDS_SUPPLIED (-1765328184L) -#define KRB5_SENDAUTH_BADAUTHVERS (-1765328183L) -#define KRB5_SENDAUTH_BADAPPLVERS (-1765328182L) -#define KRB5_SENDAUTH_BADRESPONSE (-1765328181L) -#define KRB5_SENDAUTH_REJECTED (-1765328180L) -#define KRB5_SENDAUTH_MUTUAL_FAILED (-1765328179L) -#define KRB5_PREAUTH_BAD_TYPE (-1765328178L) -#define KRB5_PREAUTH_NO_KEY (-1765328177L) -#define KRB5_PREAUTH_FAILED (-1765328176L) -#define KRB5_RCACHE_BADVNO (-1765328175L) -#define KRB5_CCACHE_BADVNO (-1765328174L) -#define KRB5_KEYTAB_BADVNO (-1765328173L) -#define KRB5_PROG_ATYPE_NOSUPP (-1765328172L) -#define KRB5_RC_REQUIRED (-1765328171L) -#define KRB5_ERR_BAD_HOSTNAME (-1765328170L) -#define KRB5_ERR_HOST_REALM_UNKNOWN (-1765328169L) -#define KRB5_SNAME_UNSUPP_NAMETYPE (-1765328168L) -#define KRB5KRB_AP_ERR_V4_REPLY (-1765328167L) -#define KRB5_REALM_CANT_RESOLVE (-1765328166L) -#define KRB5_TKT_NOT_FORWARDABLE (-1765328165L) -extern void initialize_krb5_error_table (); -#define ERROR_TABLE_BASE_krb5 (-1765328384L) - -/* for compatibility with older versions... */ -#define init_krb5_err_tbl initialize_krb5_error_table -#define krb5_err_base ERROR_TABLE_BASE_krb5 -/* - * include/krb5/kdb5_err.h: - * This file is automatically generated; please do not edit it. - */ -#define KRB5_KDB_RCSID (-1780008448L) -#define KRB5_KDB_INUSE (-1780008447L) -#define KRB5_KDB_UK_SERROR (-1780008446L) -#define KRB5_KDB_UK_RERROR (-1780008445L) -#define KRB5_KDB_UNAUTH (-1780008444L) -#define KRB5_KDB_NOENTRY (-1780008443L) -#define KRB5_KDB_ILL_WILDCARD (-1780008442L) -#define KRB5_KDB_DB_INUSE (-1780008441L) -#define KRB5_KDB_DB_CHANGED (-1780008440L) -#define KRB5_KDB_TRUNCATED_RECORD (-1780008439L) -#define KRB5_KDB_RECURSIVELOCK (-1780008438L) -#define KRB5_KDB_NOTLOCKED (-1780008437L) -#define KRB5_KDB_BADLOCKMODE (-1780008436L) -#define KRB5_KDB_DBNOTINITED (-1780008435L) -#define KRB5_KDB_DBINITED (-1780008434L) -#define KRB5_KDB_ILLDIRECTION (-1780008433L) -#define KRB5_KDB_NOMASTERKEY (-1780008432L) -#define KRB5_KDB_BADMASTERKEY (-1780008431L) -#define KRB5_KDB_INVALIDKEYSIZE (-1780008430L) -#define KRB5_KDB_CANTREAD_STORED (-1780008429L) -#define KRB5_KDB_BADSTORED_MKEY (-1780008428L) -#define KRB5_KDB_CANTLOCK_DB (-1780008427L) -#define KRB5_KDB_DB_CORRUPT (-1780008426L) -#define KRB5_KDB_BAD_VERSION (-1780008425L) -#define KRB5_KDB_BAD_SALTTYPE (-1780008424L) -#define KRB5_KDB_BAD_KEYTYPE (-1780008423L) -extern void initialize_kdb5_error_table (); -#define ERROR_TABLE_BASE_kdb5 (-1780008448L) - -/* for compatibility with older versions... */ -#define init_kdb5_err_tbl initialize_kdb5_error_table -#define kdb5_err_base ERROR_TABLE_BASE_kdb5 -/* - * include/krb5/kv5m_err.h: - * This file is automatically generated; please do not edit it. - */ -#define KV5M_NONE (-1760647424L) -#define KV5M_PRINCIPAL (-1760647423L) -#define KV5M_DATA (-1760647422L) -#define KV5M_KEYBLOCK (-1760647421L) -#define KV5M_CHECKSUM (-1760647420L) -#define KV5M_ENCRYPT_BLOCK (-1760647419L) -#define KV5M_ENC_DATA (-1760647418L) -#define KV5M_CRYPTOSYSTEM_ENTRY (-1760647417L) -#define KV5M_CS_TABLE_ENTRY (-1760647416L) -#define KV5M_CHECKSUM_ENTRY (-1760647415L) -#define KV5M_AUTHDATA (-1760647414L) -#define KV5M_TRANSITED (-1760647413L) -#define KV5M_ENC_TKT_PART (-1760647412L) -#define KV5M_TICKET (-1760647411L) -#define KV5M_AUTHENTICATOR (-1760647410L) -#define KV5M_TKT_AUTHENT (-1760647409L) -#define KV5M_CREDS (-1760647408L) -#define KV5M_LAST_REQ_ENTRY (-1760647407L) -#define KV5M_PA_DATA (-1760647406L) -#define KV5M_KDC_REQ (-1760647405L) -#define KV5M_ENC_KDC_REP_PART (-1760647404L) -#define KV5M_KDC_REP (-1760647403L) -#define KV5M_ERROR (-1760647402L) -#define KV5M_AP_REQ (-1760647401L) -#define KV5M_AP_REP (-1760647400L) -#define KV5M_AP_REP_ENC_PART (-1760647399L) -#define KV5M_RESPONSE (-1760647398L) -#define KV5M_SAFE (-1760647397L) -#define KV5M_PRIV (-1760647396L) -#define KV5M_PRIV_ENC_PART (-1760647395L) -#define KV5M_CRED (-1760647394L) -#define KV5M_CRED_INFO (-1760647393L) -#define KV5M_CRED_ENC_PART (-1760647392L) -#define KV5M_PWD_DATA (-1760647391L) -#define KV5M_ADDRESS (-1760647390L) -#define KV5M_KEYTAB_ENTRY (-1760647389L) -#define KV5M_CONTEXT (-1760647388L) -#define KV5M_OS_CONTEXT (-1760647387L) -#define KV5M_ALT_METHOD (-1760647386L) -#define KV5M_ETYPE_INFO_ENTRY (-1760647385L) -#define KV5M_DB_CONTEXT (-1760647384L) -#define KV5M_AUTH_CONTEXT (-1760647383L) -#define KV5M_KEYTAB (-1760647382L) -#define KV5M_RCACHE (-1760647381L) -#define KV5M_CCACHE (-1760647380L) -extern void initialize_kv5m_error_table (); -#define ERROR_TABLE_BASE_kv5m (-1760647424L) - -/* for compatibility with older versions... */ -#define init_kv5m_err_tbl initialize_kv5m_error_table -#define kv5m_err_base ERROR_TABLE_BASE_kv5m -/* - * include/krb5/asn1_err.h: - * This file is automatically generated; please do not edit it. - */ -#define ASN1_BAD_TIMEFORMAT (1859794432L) -#define ASN1_MISSING_FIELD (1859794433L) -#define ASN1_MISPLACED_FIELD (1859794434L) -#define ASN1_TYPE_MISMATCH (1859794435L) -#define ASN1_OVERFLOW (1859794436L) -#define ASN1_OVERRUN (1859794437L) -#define ASN1_BAD_ID (1859794438L) -#define ASN1_BAD_LENGTH (1859794439L) -#define ASN1_BAD_FORMAT (1859794440L) -#define ASN1_PARSE_ERROR (1859794441L) -extern void initialize_asn1_error_table (); -#define ERROR_TABLE_BASE_asn1 (1859794432L) - -/* for compatibility with older versions... */ -#define init_asn1_err_tbl initialize_asn1_error_table -#define asn1_err_base ERROR_TABLE_BASE_asn1 diff --git a/src/include/krb5/k5-config.h b/src/include/krb5/k5-config.h deleted file mode 100644 index 9d2ec6c..0000000 --- a/src/include/krb5/k5-config.h +++ /dev/null @@ -1,311 +0,0 @@ -/* - * Copyright 1990,1991,1994,1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Configuration definition file. - */ - - -#ifndef KRB5_CONFIG__ -#define KRB5_CONFIG__ - -#ifdef _MSDOS -/* - * Machine-type definitions: PC Clone 386 running Microloss Windows - */ - -/* Kerberos Windows initialization file */ -#define KERBEROS_INI "kerberos.ini" -#define INI_FILES "Files" -#define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */ -#define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */ - -#define KRB5_DBM_COMPAT__ /* Don't load dbm.h */ -#define KRB5_KDB5__ /* Don't load kdb.h */ -#define KRB5_KDB5_DBM__ /* Don't load kdb_dbm.h */ - -#define BITS16 -#define SIZEOF_INT 2 -#define SIZEOF_SHORT 2 -#define SIZEOF_LONG 4 -#define MAXHOSTNAMELEN 512 -#define MAXPATHLEN 256 /* Also for Windows temp files */ - -#define KRB5_USE_INET -#define MSDOS_FILESYSTEM -#define USE_STRING_H -#define HAVE_SRAND -#define HAVE_ERRNO -#define HAS_STRDUP -#define NO_USERID -#define NOFCHMOD -#define NOCHMOD -#define NO_PASSWORD -#define WM_KERBEROS5_CHANGED "Kerberos5 Changed" - -#define HAS_ANSI_VOLATILE -#define HAS_VOID_TYPE -#define KRB5_PROVIDE_PROTOTYPES -#define HAVE_STDARG_H -#define HAVE_SYS_TYPES_H - -#ifndef _SIZE_T_DEFINED -typedef unsigned int size_t; -#define _SIZE_T_DEFINED -#endif - -#ifndef KRB5_SYSTYPES__ -#define KRB5_SYSTYPES__ -#include <sys/types.h> -typedef unsigned long u_long; /* Not part of sys/types.h on the pc */ -typedef unsigned int u_int; -typedef unsigned short u_short; -typedef unsigned char u_char; -#endif /* KRB5_SYSTYPES__ */ - -#ifndef INTERFACE -#define INTERFACE __far __export __pascal -#define INTERFACE_C __far __export __cdecl -#endif - -/* - * The following defines are needed to make <windows.h> work - * in stdc mode (/Za flag). Winsock.h needs <windows.h>. - */ -#define FAR _far -#define NEAR _near -#define _far __far -#define _near __near -#define _pascal __pascal -#define _cdecl __cdecl -#define _huge __huge - -#ifdef NEED_WINDOWS -#include <windows.h> -#endif - -#ifdef NEED_LOWLEVEL_IO -/* Ugly. Microsoft, in stdc mode, doesn't support the low-level i/o - * routines directly. Rather, they only export the _<function> version. - * The following defines works around this problem. - */ -#include <sys\types.h> -#include <sys\stat.h> -#include <fcntl.h> -#include <io.h> -#include <process.h> -#define O_RDONLY _O_RDONLY -#define O_WRONLY _O_WRONLY -#define O_RDWR _O_RDWR -#define O_APPEND _O_APPEND -#define O_CREAT _O_CREAT -#define O_TRUNC _O_TRUNC -#define O_EXCL _O_EXCL -#define O_TEXT _O_TEXT -#define O_BINARY _O_BINARY -#define O_NOINHERIT _O_NOINHERIT -#define stat _stat -#define unlink _unlink -#define lseek _lseek -#define write _write -#define open _open -#define close _close -#define read _read -#define fstat _fstat -#define mktemp _mktemp -#define dup _dup - -#define getpid _getpid -#endif - -#ifdef NEED_SYSERROR -/* Only needed by util/et/error_message.c but let's keep the source clean */ -#define sys_nerr _sys_nerr -#define sys_errlist _sys_errlist -#endif - -/* XXX these should be parameterized soon... */ -#define PROVIDE_DES_CBC_MD5 -#define PROVIDE_DES_CBC_CRC -#define PROVIDE_RAW_DES_CBC -#define PROVIDE_CRC32 -#define PROVIDE_DES_CBC_CKSUM -#define PROVIDE_RSA_MD4 -#define PROVIDE_RSA_MD5 -#define DEFAULT_PWD_STRING1 "Enter password:" -#define DEFAULT_PWD_STRING2 "Re-enter password for verification:" - -/* Functions with slightly different names on the PC -*/ -#define strcasecmp _stricmp -#define strdup _strdup -#define off_t _off_t - -#else /* Rest of include file is for non-Microloss-Windows */ - -#if defined(_MACINTOSH) -#include <stddef.h> - -typedef struct { - int dummy; -} datum; - -#include <stddef.h> - -#ifdef NEED_LOWLEVEL_IO -#include <fcntl.h> -#endif - -#ifndef _MWERKS -/* there is no <stat.h> for mpw */ -typedef unsigned long mode_t; -typedef unsigned long ino_t; -typedef unsigned long dev_t; -typedef short nlink_t; -typedef unsigned long uid_t; -typedef unsigned long gid_t; -typedef long off_t; -struct stat -{ - mode_t st_mode; /* File mode; see #define's below */ - ino_t st_ino; /* File serial number */ - dev_t st_dev; /* ID of device containing this file */ - nlink_t st_nlink; /* Number of links */ - uid_t st_uid; /* User ID of the file's owner */ - gid_t st_gid; /* Group ID of the file's group */ - dev_t st_rdev; /* Device type */ - off_t st_size; /* File size in bytes */ - unsigned long st_atime; /* Time of last access */ - unsigned long st_mtime; /* Time of last data modification */ - unsigned long st_ctime; /* Time of last file status change */ - long st_blksize; /* Optimal blocksize */ - long st_blocks; /* blocks allocated for file */ -}; - -int stat(const char *path, struct stat *buf); -int fstat(int fildes, struct stat *buf); - -#endif /* _MWERKS */ - -#define EFBIG 1000 - -#define NOFCHMOD 1 -#define NOCHMOD 1 -#define _MACSOCKAPI_ - -#define THREEPARAMOPEN(x,y,z) open(x,y) -#define MAXPATHLEN 255 - -/* protocol families same as address families */ -#define PF_INET AF_INET - -/* XXX these should be parameterized soon... */ -#define PROVIDE_DES_CBC_MD5 -#define PROVIDE_DES_CBC_CRC -#define PROVIDE_RAW_DES_CBC -#define PROVIDE_CRC32 -#define PROVIDE_DES_CBC_CKSUM -#define PROVIDE_RSA_MD4 -#define PROVIDE_RSA_MD5 - -#else /* _MACINTOSH */ -#define THREEPARAMOPEN(x,y,z) open(x,y,z) -#endif /* _MACINTOSH */ - -#ifndef KRB5_AUTOCONF__ -#define KRB5_AUTOCONF__ -#include "autoconf.h" -#endif - -#ifndef KRB5_SYSTYPES__ -#define KRB5_SYSTYPES__ - -#ifdef HAVE_SYS_TYPES_H /* From autoconf.h */ -#include <sys/types.h> -#else /* HAVE_SYS_TYPES_H */ -typedef unsigned long u_long; -typedef unsigned int u_int; -typedef unsigned short u_short; -typedef unsigned char u_char; -#endif /* HAVE_SYS_TYPES_H */ -#endif /* KRB5_SYSTYPES__ */ - -#ifdef SYSV -/* Change srandom and random to use rand and srand */ -/* Taken from the Sandia changes. XXX We should really just include */ -/* srandom and random into Kerberos release, since rand() is a really */ -/* bad random number generator.... [tytso:19920616.2231EDT] */ -#define random() rand() -#define srandom(a) srand(a) -#ifndef unicos61 -#define utimes(a,b) utime(a,b) -#endif /* unicos61 */ -#endif /* SYSV */ - -/* XXX these should be parameterized soon... */ -#define PROVIDE_DES_CBC_MD5 -#define PROVIDE_DES_CBC_CRC -#define PROVIDE_RAW_DES_CBC -#define PROVIDE_CRC32 -#define PROVIDE_DES_CBC_CKSUM -#define PROVIDE_RSA_MD4 -#define PROVIDE_RSA_MD5 - -#define DEFAULT_PWD_STRING1 "Enter password:" -#define DEFAULT_PWD_STRING2 "Re-enter password for verification:" - -#define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ -#define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */ -#define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */ - -/* - * For paranoid DOE types that don't want to give helpful error - * messages to the client....er, attacker - */ -#undef KRBCONF_VAGUE_ERRORS - -/* - * Define this if you want the KDC to modify the Kerberos database; - * this allows the last request information to be updated, as well as - * the failure count information. - * - * Note that this doesn't work if you're using slave servers!!! It - * also causes the database to be modified (and thus need to be - * locked) frequently. - */ -#undef KRBCONF_KDC_MODIFIES_KDB - -/* - * Windows requires a different api interface to each function. Here - * just define it as NULL. - */ -#define INTERFACE -#define INTERFACE_C -#define FAR -#define NEAR -#ifndef O_BINARY -#define O_BINARY 0 -#endif - -#ifndef HAS_LABS -#define labs(x) abs(x) -#endif - -#endif /* _MSDOS */ -#endif /* KRB5_CONFIG__ */ |