2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #ifndef OPENAFS_KAS_ADMIN_H
11 #define OPENAFS_KAS_ADMIN_H
13 #include <afs/param.h>
14 #include <afs/afs_Admin.h>
22 #define KAS_MAX_NAME_LEN 64
23 #define KAS_ENCRYPTION_KEY_LEN 8
24 extern const int KAS_PRINCIPAL_FLAG_NORMAL;
25 extern const int KAS_PRINCIPAL_FLAG_FREE;
26 extern const int KAS_PRINCIPAL_FLAG_OLDKEYS;
27 extern const int KAS_PRINCIPAL_FLAG_SPECIAL;
28 extern const int KAS_PRINCIPAL_FLAG_ASSOC_ROOT;
29 extern const int KAS_PRINCIPAL_FLAG_ASSOC;
30 extern const int KAS_PRINCIPAL_FLAG_ADMIN;
31 extern const int KAS_PRINCIPAL_FLAG_NO_TGS;
32 extern const int KAS_PRINCIPAL_FLAG_NO_SEAL;
33 extern const int KAS_PRINCIPAL_FLAG_NO_CPW;
34 extern const int KAS_PRINCIPAL_FLAG_NEW_ASSOC;
35 #define KAS_MAX_SERVER_OPERATION_LEN 16
36 #define KAS_MAX_PRINCIPAL_LEN 256
37 #define KAS_KEYCACHE_DEBUG_INFO_SIZE 25
39 typedef struct kas_identity {
40 char principal[KAS_MAX_NAME_LEN];
41 char instance[KAS_MAX_NAME_LEN];
42 } kas_identity_t, *kas_identity_p;
44 typedef struct kas_encryptionKey {
45 unsigned char key[KAS_ENCRYPTION_KEY_LEN];
46 } kas_encryptionKey_t, *kas_encryptionKey_p;
48 typedef enum { KAS_ADMIN, NO_KAS_ADMIN } kas_admin_t, *kas_admin_p;
49 typedef enum { TGS, NO_TGS } kas_tgs_t, *kas_tgs_p;
50 typedef enum { ENCRYPT, NO_ENCRYPT } kas_enc_t, *kas_enc_p;
51 typedef enum { CHANGE_PASSWORD, NO_CHANGE_PASSWORD } kas_cpw_t, *kas_cpw_p;
52 typedef enum { REUSE_PASSWORD, NO_REUSE_PASSWORD } kas_rpw_t, *kas_rpw_p;
55 typedef struct kas_principalEntry {
56 kas_admin_t adminSetting;
61 unsigned int userExpiration;
62 unsigned int lastModTime;
63 kas_identity_t lastModPrincipal;
64 unsigned int lastChangePasswordTime;
65 int maxTicketLifetime;
67 kas_encryptionKey_t key;
68 unsigned int keyCheckSum;
69 int daysToPasswordExpire;
72 } kas_principalEntry_t, *kas_principalEntry_p;
74 typedef struct kas_serverProcStats {
77 } kas_serverProcStats_t, *kas_serverProcStats_p;
79 typedef struct kas_serverStats {
82 int changePasswordRequests;
85 unsigned int serverStartTime;
86 struct timeval userTime;
87 struct timeval systemTime;
91 int hashTableUtilization;
92 kas_serverProcStats_t authenticate;
93 kas_serverProcStats_t changePassword;
94 kas_serverProcStats_t getTicket;
95 kas_serverProcStats_t createUser;
96 kas_serverProcStats_t setPassword;
97 kas_serverProcStats_t setFields;
98 kas_serverProcStats_t deleteUser;
99 kas_serverProcStats_t getEntry;
100 kas_serverProcStats_t listEntry;
101 kas_serverProcStats_t getStats;
102 kas_serverProcStats_t getPassword;
103 kas_serverProcStats_t getRandomKey;
104 kas_serverProcStats_t debug;
105 kas_serverProcStats_t udpAuthenticate;
106 kas_serverProcStats_t udpGetTicket;
107 kas_serverProcStats_t unlock;
108 kas_serverProcStats_t lockStatus;
110 } kas_serverStats_t, *kas_serverStats_p;
112 typedef struct key_keyCacheItem {
113 unsigned int lastUsed;
114 int keyVersionNumber;
117 char principal[KAS_MAX_NAME_LEN];
118 } key_keyCacheItem_t, *key_keyCacheItem_p;
120 typedef struct kas_serverDebugInfo {
122 unsigned int serverStartTime;
123 unsigned int currentTime;
125 unsigned int lastTransaction;
126 char lastOperation[KAS_MAX_SERVER_OPERATION_LEN];
127 char lastPrincipalAuth[KAS_MAX_PRINCIPAL_LEN];
128 char lastPrincipalUDPAuth[KAS_MAX_PRINCIPAL_LEN];
129 char lastPrincipalTGS[KAS_MAX_PRINCIPAL_LEN];
130 char lastPrincipalUDPTGS[KAS_MAX_PRINCIPAL_LEN];
131 char lastPrincipalAdmin[KAS_MAX_PRINCIPAL_LEN];
132 char lastServerTGS[KAS_MAX_PRINCIPAL_LEN];
133 char lastServerUDPTGS[KAS_MAX_PRINCIPAL_LEN];
134 unsigned int nextAutoCheckPointWrite;
135 int updatesRemainingBeforeAutoCheckPointWrite;
136 unsigned int dbHeaderRead;
141 int dbSpecialKeysVersion;
147 key_keyCacheItem_t keyCache[KAS_KEYCACHE_DEBUG_INFO_SIZE];
148 } kas_serverDebugInfo_t, *kas_serverDebugInfo_p;
150 extern int ADMINAPI kas_ServerOpen(const void *cellHandle,
151 const char **serverList,
152 void **serverHandleP, afs_status_p st);
154 extern int ADMINAPI kas_ServerClose(const void *serverHandle,
157 extern int ADMINAPI kas_PrincipalCreate(const void *cellHandle,
158 const void *serverHandle,
159 const kas_identity_p who,
160 const char *password,
163 extern int ADMINAPI kas_PrincipalDelete(const void *cellHandle,
164 const void *serverHandle,
165 const kas_identity_p who,
168 extern int ADMINAPI kas_PrincipalGet(const void *cellHandle,
169 const void *serverHandle,
170 const kas_identity_p who,
171 kas_principalEntry_p principal,
174 extern int ADMINAPI kas_PrincipalGetBegin(const void *cellHandle,
175 const void *serverHandle,
179 extern int ADMINAPI kas_PrincipalGetNext(const void *iterationId,
180 kas_identity_p who, afs_status_p st);
182 extern int ADMINAPI kas_PrincipalGetDone(const void *iterationIdP,
185 extern int ADMINAPI kas_PrincipalKeySet(const void *cellHandle,
186 const void *serverHandle,
187 const kas_identity_p who,
189 const kas_encryptionKey_p key,
192 extern int ADMINAPI kas_PrincipalLockStatusGet(const void *cellHandle,
193 const void *serverHandle,
194 const kas_identity_p who,
195 unsigned int *lock_end_timeP,
198 extern int ADMINAPI kas_PrincipalUnlock(const void *cellHandle,
199 const void *serverHandle,
200 const kas_identity_p who,
203 extern int ADMINAPI kas_PrincipalFieldsSet(const void *cellHandle,
204 const void *serverHandle,
205 const kas_identity_p who,
206 const kas_admin_p isAdmin,
207 const kas_tgs_p grantTickets,
208 const kas_enc_p canEncrypt,
209 const kas_cpw_p canChangePassword,
210 const unsigned int *expirationDate,
212 *maxTicketLifetime, const unsigned int
214 const kas_rpw_p passwordReuse,
216 *failedPasswordAttempts, const unsigned int
217 *failedPasswordLockTime,
220 extern int ADMINAPI kas_ServerStatsGet(const void *cellHandle,
221 const void *serverHandle,
222 kas_serverStats_p stats,
225 extern int ADMINAPI kas_ServerDebugGet(const void *cellHandle,
226 const void *serverHandle,
227 kas_serverDebugInfo_p debug,
230 extern int ADMINAPI kas_ServerRandomKeyGet(const void *cellHandle,
231 const void *serverHandle,
232 kas_encryptionKey_p key,
235 extern int ADMINAPI kas_StringToKey(const char *cellName, const char *string,
236 kas_encryptionKey_p key, afs_status_p st);
238 extern int ADMINAPI kas_KeyCheckSum(const kas_encryptionKey_p key,
239 unsigned int *cksumP, afs_status_p st);
241 #endif /* OPENAFS_KAS_ADMIN_H */