/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* plugins/kdb/ldap/libkdb_ldap/ldap_principal.h */
/*
* Copyright (c) 2004-2005, Novell, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * The copyright holder's name is not used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _LDAP_PRINCIPAL_H
#define _LDAP_PRINCIPAL_H 1
#include "ldap_tkt_policy.h"
#include "princ_xdr.h"
#define KEYHEADER 12
#define NOOFKEYS(ptr) ((ptr[10]<<8) | ptr[11])
#define PRINCIPALLEN(ptr) ((ptr[0]<<8) | ptr[1])
#define PRINCIPALNAME(ptr) (ptr + KEYHEADER + (NOOFKEYS(ptr) *8))
#define KEYBODY(ptr) PRINCIPALNAME(ptr) + PRINCIPALLEN(ptr)
#define PKEYVER(ptr) ((ptr[2]<<8) | ptr[3])
#define MKEYVER(ptr) ((ptr[4]<<8) | ptr[5])
#define KEYTYPE(ptr,j) ((ptr[KEYHEADER+(j*8)]<<8) | ptr[KEYHEADER+1+(j*8)])
#define KEYLENGTH(ptr,j) ((ptr[KEYHEADER+2+(j*8)]<<8) | ptr[KEYHEADER+3+(j*8)])
#define SALTTYPE(ptr,j) ((ptr[KEYHEADER+4+(j*8)]<<8) | ptr[KEYHEADER+5+(j*8)])
#define SALTLENGTH(ptr,j) ((ptr[KEYHEADER+6+(j*8)]<<8) | ptr[KEYHEADER+7+(j*8)])
#define MAX_KEY_LENGTH 1024
#define CONTAINERDN_ARG "containerdn"
#define USERDN_ARG "dn"
#define TKTPOLICY_ARG "tktpolicy"
#define LINKDN_ARG "linkdn"
/* #define FILTER "(&(objectclass=krbprincipalaux)(krbprincipalname=" */
#define FILTER "(&(|(objectclass=krbprincipalaux)(objectclass=krbprincipal))(krbprincipalname="
#define KDB_USER_PRINCIPAL 0x01
#define KDB_SERVICE_PRINCIPAL 0x02
#define KDB_STANDALONE_PRINCIPAL_OBJECT 0x01
/* these will be consumed only by krb5_ldap_delete_principal*/
/* these will be set by krb5_ldap_get_principal and fed into the tl_data */
/* See also attributes_set[] in ldap_principal.c. */
#define KDB_MAX_LIFE_ATTR 0x000001
#define KDB_MAX_RLIFE_ATTR 0x000002
#define KDB_TKT_FLAGS_ATTR 0x000004
#define KDB_PRINC_EXPIRE_TIME_ATTR 0x000008
#define KDB_POL_REF_ATTR 0x000010
#define KDB_AUTH_IND_ATTR 0x000020
#define KDB_PWD_POL_REF_ATTR 0x000040
#define KDB_PWD_EXPIRE_TIME_ATTR 0x000080
#define KDB_SECRET_KEY_ATTR 0x000100
#define KDB_LAST_PWD_CHANGE_ATTR 0x000200
#define KDB_EXTRA_DATA_ATTR 0x000400
#define KDB_LAST_SUCCESS_ATTR 0x000800
#define KDB_LAST_FAILED_ATTR 0x001000
#define KDB_FAIL_AUTH_COUNT_ATTR 0x002000
#define KDB_LAST_ADMIN_UNLOCK_ATTR 0x004000
#define KDB_PWD_HISTORY_ATTR 0x008000
/*
* This is a private contract between krb5_ldap_lockout_audit()
* and krb5_ldap_put_principal(). If present, it means that the
* krbPwdMaxFailure attribute should be incremented by one.
*/
#define KADM5_FAIL_AUTH_COUNT_INCREMENT 0x080000 /* KADM5_CPW_FUNCTION */
extern struct timeval timeout;
extern char *policyclass[];
krb5_error_code
krb5_ldap_put_principal(krb5_context, krb5_db_entry *, char **);
krb5_error_code
krb5_ldap_get_principal(krb5_context , krb5_const_principal ,
unsigned int, krb5_db_entry **);
krb5_error_code
krb5_ldap_delete_principal(krb5_context, krb5_const_principal);
krb5_error_code
krb5_ldap_rename_principal(krb5_context context, krb5_const_principal source,
krb5_const_principal target);
krb5_error_code
krb5_ldap_iterate(krb5_context, char *,
krb5_error_code (*)(krb5_pointer, krb5_db_entry *),
krb5_pointer, krb5_flags);
void
k5_free_key_data(krb5_int16 n_key_data, krb5_key_data *key_data);
void
krb5_dbe_free_contents(krb5_context context, krb5_db_entry *entry);
void
krb5_dbe_free_contents(krb5_context, krb5_db_entry *);
krb5_error_code
krb5_ldap_unparse_principal_name(char *);
krb5_error_code
krb5_ldap_parse_principal_name(char *, char **);
struct berval**
krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data,
krb5_kvno mkvno);
krb5_error_code
krb5_decode_histkey(krb5_context, struct berval **, osa_princ_ent_rec *);
krb5_error_code
krb5_decode_krbsecretkey(krb5_context, krb5_db_entry *, struct berval **,
krb5_kvno *);
void
free_berdata(struct berval **array);
krb5_error_code
berval2tl_data(struct berval *in, krb5_tl_data **out);
krb5_error_code
krb5_read_tkt_policy(krb5_context, krb5_ldap_context *, krb5_db_entry *,
char *);
#endif