2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #ifndef OPENAFS_KAS_ADMIN_H
11 #define OPENAFS_KAS_ADMIN_H
13 #include <afs/param.h>
14 #include <afs/afs_Admin.h>
22 #define KAS_MAX_NAME_LEN 64
23 #define KAS_ENCRYPTION_KEY_LEN 8
24 extern const int KAS_PRINCIPAL_FLAG_NORMAL;
25 extern const int KAS_PRINCIPAL_FLAG_FREE;
26 extern const int KAS_PRINCIPAL_FLAG_OLDKEYS;
27 extern const int KAS_PRINCIPAL_FLAG_SPECIAL;
28 extern const int KAS_PRINCIPAL_FLAG_ASSOC_ROOT;
29 extern const int KAS_PRINCIPAL_FLAG_ASSOC;
30 extern const int KAS_PRINCIPAL_FLAG_ADMIN;
31 extern const int KAS_PRINCIPAL_FLAG_NO_TGS;
32 extern const int KAS_PRINCIPAL_FLAG_NO_SEAL;
33 extern const int KAS_PRINCIPAL_FLAG_NO_CPW;
34 extern const int KAS_PRINCIPAL_FLAG_NEW_ASSOC;
35 #define KAS_MAX_SERVER_OPERATION_LEN 16
36 #define KAS_MAX_PRINCIPAL_LEN 256
37 #define KAS_KEYCACHE_DEBUG_INFO_SIZE 25
39 typedef struct kas_identity {
40 char principal[KAS_MAX_NAME_LEN];
41 char instance[KAS_MAX_NAME_LEN];
42 } kas_identity_t, *kas_identity_p;
44 typedef struct kas_encryptionKey {
45 unsigned char key[KAS_ENCRYPTION_KEY_LEN];
46 } kas_encryptionKey_t, *kas_encryptionKey_p;
48 typedef enum {KAS_ADMIN, NO_KAS_ADMIN} kas_admin_t, *kas_admin_p;
49 typedef enum {TGS, NO_TGS} kas_tgs_t, *kas_tgs_p;
50 typedef enum {ENCRYPT, NO_ENCRYPT} kas_enc_t, *kas_enc_p;
51 typedef enum {CHANGE_PASSWORD, NO_CHANGE_PASSWORD} kas_cpw_t, *kas_cpw_p;
52 typedef enum {REUSE_PASSWORD, NO_REUSE_PASSWORD} kas_rpw_t, *kas_rpw_p;
55 typedef struct kas_principalEntry {
56 kas_admin_t adminSetting;
61 unsigned int userExpiration;
62 unsigned int lastModTime;
63 kas_identity_t lastModPrincipal;
64 unsigned int lastChangePasswordTime;
65 int maxTicketLifetime;
67 kas_encryptionKey_t key;
68 unsigned int keyCheckSum;
69 int daysToPasswordExpire;
72 } kas_principalEntry_t, *kas_principalEntry_p;
74 typedef struct kas_serverProcStats {
77 } kas_serverProcStats_t, *kas_serverProcStats_p;
79 typedef struct kas_serverStats {
82 int changePasswordRequests;
85 unsigned int serverStartTime;
86 struct timeval userTime;
87 struct timeval systemTime;
91 int hashTableUtilization;
92 kas_serverProcStats_t authenticate;
93 kas_serverProcStats_t changePassword;
94 kas_serverProcStats_t getTicket;
95 kas_serverProcStats_t createUser;
96 kas_serverProcStats_t setPassword;
97 kas_serverProcStats_t setFields;
98 kas_serverProcStats_t deleteUser;
99 kas_serverProcStats_t getEntry;
100 kas_serverProcStats_t listEntry;
101 kas_serverProcStats_t getStats;
102 kas_serverProcStats_t getPassword;
103 kas_serverProcStats_t getRandomKey;
104 kas_serverProcStats_t debug;
105 kas_serverProcStats_t udpAuthenticate;
106 kas_serverProcStats_t udpGetTicket;
107 kas_serverProcStats_t unlock;
108 kas_serverProcStats_t lockStatus;
110 } kas_serverStats_t, *kas_serverStats_p;
112 typedef struct key_keyCacheItem {
113 unsigned int lastUsed;
114 int keyVersionNumber;
117 char principal[KAS_MAX_NAME_LEN];
118 } key_keyCacheItem_t, *key_keyCacheItem_p;
120 typedef struct kas_serverDebugInfo {
122 unsigned int serverStartTime;
123 unsigned int currentTime;
125 unsigned int lastTransaction;
126 char lastOperation[KAS_MAX_SERVER_OPERATION_LEN];
127 char lastPrincipalAuth[KAS_MAX_PRINCIPAL_LEN];
128 char lastPrincipalUDPAuth[KAS_MAX_PRINCIPAL_LEN];
129 char lastPrincipalTGS[KAS_MAX_PRINCIPAL_LEN];
130 char lastPrincipalUDPTGS[KAS_MAX_PRINCIPAL_LEN];
131 char lastPrincipalAdmin[KAS_MAX_PRINCIPAL_LEN];
132 char lastServerTGS[KAS_MAX_PRINCIPAL_LEN];
133 char lastServerUDPTGS[KAS_MAX_PRINCIPAL_LEN];
134 unsigned int nextAutoCheckPointWrite;
135 int updatesRemainingBeforeAutoCheckPointWrite;
136 unsigned int dbHeaderRead;
141 int dbSpecialKeysVersion;
147 key_keyCacheItem_t keyCache[KAS_KEYCACHE_DEBUG_INFO_SIZE];
148 } kas_serverDebugInfo_t, *kas_serverDebugInfo_p;
150 extern int ADMINAPI kas_ServerOpen(
151 const void *cellHandle,
152 const char **serverList,
153 void **serverHandleP,
157 extern int ADMINAPI kas_ServerClose(
158 const void *serverHandle,
162 extern int ADMINAPI kas_PrincipalCreate(
163 const void *cellHandle,
164 const void *serverHandle,
165 const kas_identity_p who,
166 const char *password,
170 extern int ADMINAPI kas_PrincipalDelete(
171 const void *cellHandle,
172 const void *serverHandle,
173 const kas_identity_p who,
177 extern int ADMINAPI kas_PrincipalGet(
178 const void *cellHandle,
179 const void *serverHandle,
180 const kas_identity_p who,
181 kas_principalEntry_p principal,
185 extern int ADMINAPI kas_PrincipalGetBegin(
186 const void *cellHandle,
187 const void *serverHandle,
192 extern int ADMINAPI kas_PrincipalGetNext(
193 const void *iterationId,
198 extern int ADMINAPI kas_PrincipalGetDone(
199 const void *iterationIdP,
203 extern int ADMINAPI kas_PrincipalKeySet(
204 const void *cellHandle,
205 const void *serverHandle,
206 const kas_identity_p who,
208 const kas_encryptionKey_p key,
212 extern int ADMINAPI kas_PrincipalLockStatusGet(
213 const void *cellHandle,
214 const void *serverHandle,
215 const kas_identity_p who,
216 unsigned int *lock_end_timeP,
220 extern int ADMINAPI kas_PrincipalUnlock(
221 const void *cellHandle,
222 const void *serverHandle,
223 const kas_identity_p who,
227 extern int ADMINAPI kas_PrincipalFieldsSet(
228 const void *cellHandle,
229 const void *serverHandle,
230 const kas_identity_p who,
231 const kas_admin_p isAdmin,
232 const kas_tgs_p grantTickets,
233 const kas_enc_p canEncrypt,
234 const kas_cpw_p canChangePassword,
235 const unsigned int *expirationDate,
236 const unsigned int *maxTicketLifetime,
237 const unsigned int *passwordExpires,
238 const kas_rpw_p passwordReuse,
239 const unsigned int *failedPasswordAttempts,
240 const unsigned int *failedPasswordLockTime,
244 extern int ADMINAPI kas_ServerStatsGet(
245 const void *cellHandle,
246 const void *serverHandle,
247 kas_serverStats_p stats,
251 extern int ADMINAPI kas_ServerDebugGet(
252 const void *cellHandle,
253 const void *serverHandle,
254 kas_serverDebugInfo_p debug,
258 extern int ADMINAPI kas_ServerRandomKeyGet(
259 const void *cellHandle,
260 const void *serverHandle,
261 kas_encryptionKey_p key,
265 extern int ADMINAPI kas_StringToKey(
266 const char *cellName,
268 kas_encryptionKey_p key,
272 extern int ADMINAPI kas_KeyCheckSum(
273 const kas_encryptionKey_p key,
274 unsigned int *cksumP,
278 #endif /* OPENAFS_KAS_ADMIN_H */