kadm5-wrapper.h

См. документацию.

 
#ifndef ALD_KADM5_WRAPPER
#define ALD_KADM5_WRAPPER
 
#include "common.h"
#include "ALDCore.h"
#include <list>
#include <memory>
 
using namespace std;
 
namespace ALD
{
#define KADM5_ITF_NAME "kadmin"
 
#define KRB5_ITF_VERSION_1  1
#define KRB5_ITF_VERSION_2  2
 
#define KRB5CCNAME "KRB5CCNAME"
 
class CALDKrbPolicy
{
public:
    string  name;                   
    unsigned int itf_version;       
    unsigned int min_life;          
    unsigned int max_life;          
    unsigned int min_length;        
    unsigned int min_classes;       
    unsigned int history_num;       
    unsigned int refcnt;            
    /* KRB5_ITF_VERSION_2 */
    unsigned int max_fail;          
    unsigned int failcnt_interval;  
    unsigned int lockout_duration;  
    CALDKrbPolicy()                 
    {
        itf_version = KRB5_ITF_VERSION_2;
        max_life = 0;
        min_life = 0;
        min_length = 1;
        min_classes = 1;
        history_num = 0;
        refcnt = 0;
        max_fail = 0;
        failcnt_interval = 0;
        lockout_duration = 0;
    }
 
    void Assign(CALDKrbPolicy &policy)
    {
        name = policy.name;
        max_life = policy.max_life;
        min_life = policy.min_life;
        min_length = policy.min_length;
        min_classes = policy.min_classes;
        history_num = policy.history_num;
        refcnt = policy.refcnt;
        max_fail = policy.max_fail;
        failcnt_interval = policy.failcnt_interval;
        lockout_duration = policy.lockout_duration;
    }
    virtual ~CALDKrbPolicy(){} 
};
 
#define ALD_KRB_SET_PW_MAX_LIFE     0x01
#define ALD_KRB_SET_PW_MIN_LIFE     0x02
#define ALD_KRB_SET_PW_MIN_LENGTH   0x04
#define ALD_KRB_SET_PW_MIN_CLASSES  0x08
#define ALD_KRB_SET_PW_HISTORY_NUM  0x10
 
#define ALD_KRB_SET_PW_MAX_FAIL     0x20
#define ALD_KRB_SET_PW_FAIL_CNT_INT 0x40
#define ALD_KRB_SET_PW_LCK_OUT_DUR  0x80
 
#define ALD_KRB_SET_PW_ALL      ALD_KRB_SET_PW_MAX_LIFE | ALD_KRB_SET_PW_MIN_LIFE | ALD_KRB_SET_PW_MIN_LENGTH \
                                | ALD_KRB_SET_PW_MIN_CLASSES | ALD_KRB_SET_PW_HISTORY_NUM | ALD_KRB_SET_PW_MAX_FAIL \
                                | ALD_KRB_SET_PW_FAIL_CNT_INT | ALD_KRB_SET_PW_LCK_OUT_DUR
 
typedef shared_ptr<CALDKrbPolicy> CALDKrbPolicyPtr;  
 
class CALDKrbPrincipal
{
public:
    string        name;                 
    unsigned int  itf_version;          
    string        policy;               
    time_t        princ_expire_time;    
    time_t        last_pwd_change;      
    time_t        pw_expiration;        
    time_t        mod_date;             
    time_t        last_success;         
    time_t        last_failed;          
    unsigned int  fail_auth_count;      
    unsigned int  attributes;           
    unsigned int  max_life;             
    unsigned int  max_renewable_life;   
    ald_string_map strings;             
    CALDKrbPrincipal()  
    {
        itf_version = KRB5_ITF_VERSION_2;
        princ_expire_time = 0;
        last_pwd_change = 0;
        pw_expiration = 0;
        mod_date = 0;
        last_success = 0;
        last_failed = 0;
        fail_auth_count = 0;
        attributes = 0;
        max_life = 0;
        max_renewable_life = 0;
    }
    virtual ~CALDKrbPrincipal(){}   
};
 
#define ALD_KRB_DISALLOW_ALL_TIX    0x00000040
#define ALD_KRB_REQUIRES_PWCHANGE   0x00000200
#define ALD_KRB_DISALLOW_TGT_BASED  0x00000004
 
#define ALD_KRB_SET_POLICY              0x000800
#define ALD_KRB_SET_RANDKEY             0x001000
#define ALD_KRB_SET_PWCHANGE            0x002000
#define ALD_KRB_SET_DISALLOWTIX         0x004000
#define ALD_KRB_SET_MAXLIFE             0x008000
#define ALD_KRB_SET_MAXRLIFE            0x010000
#define ALD_KRB_CLR_FAILCNT             0x020000
#define ALD_KRB_SET_DISALLOWTGTBASED    0x040000
 
#define ALD_KRB_STR_ACCOUNT_TYPE "ald_account"
#define ALD_KRB_STR_ACCOUNT_USER "user"
#define ALD_KRB_STR_ACCOUNT_SERVICE "service"
#define ALD_KRB_STR_ACCOUNT_INTERNAL "internal"
 
typedef shared_ptr<CALDKrbPrincipal> CALDKrbPrincipalPtr;   
 
class IALDKadm5Connection
{
public:
    virtual unsigned int GetItfVersion() = 0;   
 
    // Connection
    virtual void ConnectPassword(const string& user, const string& pwd, bool kadmin, bool savecred = false) = 0;
 
    virtual void ConnectKeytab(const string& user, const string& keytab, bool kadmin, bool savecred = false) = 0;
 
    virtual string ConnectCreds(const string& cache, bool kadmin) = 0;
 
    virtual bool IsConnected() = 0;                         
 
    virtual void Disconnect(bool keep_cred = false) = 0;
 
    // Policies
    virtual void Policies(const string& expr, ald_string_list& pollist) = 0;
 
    virtual CALDKrbPolicyPtr PolicyGet(const string& polname) = 0;
 
    virtual void PolicyAdd(CALDKrbPolicyPtr Policy, unsigned int setmask) = 0;
 
    virtual void PolicyMod(CALDKrbPolicyPtr Policy, unsigned int setmask) = 0;
 
    virtual void PolicyDel(const string& policy) = 0;
 
    // Principals
    virtual void Principals(const string& expr, ald_string_list& princlist) = 0;
 
    virtual CALDKrbPrincipalPtr PrincipalGet(const string& princname) = 0;
 
    virtual void PrincipalAdd(CALDKrbPrincipalPtr Principal, const string& pwd, unsigned int setmask) = 0;
 
    virtual void PrincipalMod(CALDKrbPrincipalPtr Principal, unsigned int setmask) = 0;
 
    virtual void PrincipalDel(CALDKrbPrincipalPtr Principal) = 0;
 
    virtual void PrincipalGetStrings(CALDKrbPrincipalPtr Principal) = 0;
 
    virtual void PrincipalSetString(CALDKrbPrincipalPtr Principal, const string &key, const string &val) = 0;
 
    virtual void PrincipalChangePwd(CALDKrbPrincipalPtr Principal, const string& pwd) = 0;
 
    // Keytab
    virtual bool KeytabCheckPrincipal(const string& keytab, const string& princname) = 0;
 
    virtual void KeytabAddPrincipal(const string& keytab, const string& princname) = 0;
 
    virtual void KeytabRmPrincipal(const string& keytab, const string& princname) = 0;
 
    virtual void KeytabPrincipals(const string& keytab, ald_string_list& princlist) = 0;
 
    // States and properties
    virtual string GetDefaultRealm() = 0;   
    virtual long GetLastError() = 0;        
    virtual bool IfReconnectNeeded() = 0;   
    virtual string GetUserId() = 0;         
 
    virtual ~IALDKadm5Connection(){} 
};
 
typedef shared_ptr<IALDKadm5Connection> CALDKadm5ConnPtr; 
 
 
class IALDKadm5Wrapper: public CALDInterface
{
public:
    IALDKadm5Wrapper(IALDCore& Core):CALDInterface(KADM5_ITF_NAME, Core){} 
    virtual CALDKadm5ConnPtr getConnection() = 0;    
};
 
typedef shared_ptr<IALDKadm5Wrapper> CALDKadm5WrapperPtr; 
 
#define ADM_KRB_USER_NAME         "K/M"
 
} // ALD
 
#endif  // ALD_KADM5_WRAPPER