Expand description
§Raw bindings to libkadm5
This crate providers raw bindings to libkadm5.
These bindings are generated by bindgen by including kadm5/admin.h. The types provided
are filtered to only import required symbols for kadm5. In the future, this crate may also allow
for more symbols that may be useful, such as error types.
This crate links against libkrb5 plus the required kadm5 library depending on the feature selected (see below).
By default, those include headers and libraries are found using pkg-config. You can override this behavior with the following environment variables (which must be paths to directories containing the required libraries and header files):
SYSTEM_DEPS_KRB5_SEARCH_NATIVESYSTEM_DEPS_KRB5_INCLUDESYSTEM_DEPS_KADM5CLNT_SEARCH_NATIVESYSTEM_DEPS_KADM5CLNT_INCLUDESYSTEM_DEPS_KADM5SRV_SEARCH_NATIVESYSTEM_DEPS_KADM5SRV_INCLUDE
You can read more about this in the system-deps documentation.
§Features
This crate offers two features, client and server. You must choose one of them depending on how
your application is going to interact with the KDC. By default, client is enabled.
client: links againstkadm5clnt. Use this is you plan to remotely access the KDC, using kadmind’s GSS-API RPC interface, like the CLI toolkadmindoes.server: links againstkadm5srv. Use this is you plan to directly edit the KDB from the machine where the KDC is running, like the CLI toolkadmin.localdoes.
Structs§
- __
krb5_ key_ salt_ tuple - _kadm5_
config_ params - Data structure returned by kadm5_get_config_params()
- _kadm5_
key_ data - _kadm5_
policy_ ent_ t - _kadm5_
principal_ ent_ t - _krb5_
ccache - _krb5_
context - end “hostaddr.h”
- _krb5_
data - _krb5_
key_ data - If this ever changes up the version number and make the arrays be as big as necessary.
- _krb5_
keyblock - Exposed contents of a key.
- _krb5_
keysalt - _krb5_
tl_ data - Note — these structures cannot be modified without changing the database version number in libkdb.a, but should be expandable by adding new tl_data types.
- krb5_
principal_ data - krb5_
string_ attr_ st - String attributes (currently stored inside tl-data) map C string keys to values. They can be set via kadmin and consumed by KDC plugins.
Constants§
- ENCTYPE_
AES128_ CTS_ HMAC_ SHA1_ 96 - ENCTYPE_
AES128_ CTS_ HMAC_ SHA256_ 128 - ENCTYPE_
AES256_ CTS_ HMAC_ SHA1_ 96 - ENCTYPE_
AES256_ CTS_ HMAC_ SHA384_ 192 - ENCTYPE_
ARCFOUR_ HMAC - ENCTYPE_
ARCFOUR_ HMAC_ EXP - ENCTYPE_
CAMELLI A128_ CTS_ CMAC - ENCTYPE_
CAMELLI A256_ CTS_ CMAC - ENCTYPE_
DES3_ CBC_ ENV - ENCTYPE_
DES3_ CBC_ RAW - ENCTYPE_
DES3_ CBC_ SHA - ENCTYPE_
DES3_ CBC_ SHA1 - ENCTYPE_
DES_ CBC_ CRC - ENCTYPE_
DES_ CBC_ MD4 - ENCTYPE_
DES_ CBC_ MD5 - ENCTYPE_
DES_ CBC_ RAW - ENCTYPE_
DES_ HMAC_ SHA1 - ENCTYPE_
DSA_ SHA1_ CMS - ENCTYPE_
MD5_ RSA_ CMS - ENCTYPE_
NULL - ENCTYPE_
RC2_ CBC_ ENV - ENCTYPE_
RSA_ ENV - ENCTYPE_
RSA_ ES_ OAEP_ ENV - ENCTYPE_
SHA1_ RSA_ CMS - ENCTYPE_
UNKNOWN - KADM5_
ADMIN_ SERVICE - KADM5_
API_ VERSION_ 2 - KADM5_
API_ VERSION_ 3 - KADM5_
API_ VERSION_ 4 - KADM5_
API_ VERSION_ MASK - KADM5_
ATTRIBUTES - KADM5_
AUTH_ ADD - KADM5_
AUTH_ CHANGEPW - KADM5_
AUTH_ DELETE - KADM5_
AUTH_ EXTRACT - KADM5_
AUTH_ GET - KADM5_
AUTH_ INITIAL - KADM5_
AUTH_ INSUFFICIENT - KADM5_
AUTH_ LIST - KADM5_
AUTH_ MODIFY - KADM5_
AUTH_ SETKEY - KADM5_
AUX_ ATTRIBUTES - KADM5_
BAD_ API_ VERSION - KADM5_
BAD_ AUX_ ATTR - KADM5_
BAD_ CLASS - KADM5_
BAD_ CLIENT_ PARAMS - KADM5_
BAD_ DB - KADM5_
BAD_ HISTORY - KADM5_
BAD_ HIST_ KEY - KADM5_
BAD_ KEYSALTS - KADM5_
BAD_ LENGTH - KADM5_
BAD_ MASK - KADM5_
BAD_ MIN_ PASS_ LIFE - KADM5_
BAD_ PASSWORD - KADM5_
BAD_ POLICY - KADM5_
BAD_ PRINCIPAL - KADM5_
BAD_ SERVER_ HANDLE - KADM5_
BAD_ SERVER_ NAME - KADM5_
BAD_ SERVER_ PARAMS - KADM5_
BAD_ STRUCT_ VERSION - KADM5_
BAD_ TL_ TYPE - KADM5_
CANT_ RESOLVE - KADM5_
CHANGEPW_ SERVICE - KADM5_
CONFIG_ ACL_ FILE - KADM5_
CONFIG_ ADBNAME - KADM5_
CONFIG_ ADB_ LOCKFILE - KADM5_
CONFIG_ ADMIN_ SERVER - KADM5_
CONFIG_ AUTH_ NOFALLBACK - KADM5_
CONFIG_ DBNAME - KADM5_
CONFIG_ DICT_ FILE - KADM5_
CONFIG_ ENCTYPE - KADM5_
CONFIG_ ENCTYPES - KADM5_
CONFIG_ EXPIRATION - KADM5_
CONFIG_ FLAGS - KADM5_
CONFIG_ IPROP_ ENABLED - KADM5_
CONFIG_ IPROP_ LISTEN - KADM5_
CONFIG_ IPROP_ LOGFILE - KADM5_
CONFIG_ IPROP_ PORT - KADM5_
CONFIG_ IPROP_ RESYNC_ TIMEOUT - KADM5_
CONFIG_ KADMIND_ LISTEN - KADM5_
CONFIG_ KADMIND_ PORT - KADM5_
CONFIG_ KPASSWD_ LISTEN - KADM5_
CONFIG_ KPASSWD_ PORT - KADM5_
CONFIG_ KVNO - KADM5_
CONFIG_ MAX_ LIFE - KADM5_
CONFIG_ MAX_ RLIFE - KADM5_
CONFIG_ MKEY_ FROM_ KBD - KADM5_
CONFIG_ MKEY_ NAME - KADM5_
CONFIG_ NO_ AUTH - KADM5_
CONFIG_ OLD_ AUTH_ GSSAPI - KADM5_
CONFIG_ POLL_ TIME - KADM5_
CONFIG_ REALM - KADM5_
CONFIG_ STASH_ FILE - KADM5_
CONFIG_ ULOG_ SIZE - KADM5_
DUP - KADM5_
FAILURE - KADM5_
FAIL_ AUTH_ COUNT - KADM5_
GSS_ ERROR - KADM5_
HIST_ PRINCIPAL - KADM5_
INIT - KADM5_
KEY_ DATA - KADM5_
KEY_ HIST - KADM5_
KIPROP_ HOST_ SERVICE - KADM5_
KVNO - KADM5_
LAST_ FAILED - KADM5_
LAST_ PWD_ CHANGE - KADM5_
LAST_ SUCCESS - KADM5_
LOAD - KADM5_
MASK_ BITS - KADM5_
MAX_ LIFE - KADM5_
MAX_ RLIFE - KADM5_
MISSING_ CONF_ PARAMS - KADM5_
MISSING_ KRB5_ CONF_ PARAMS - KADM5_
MKVNO - KADM5_
MOD_ NAME - KADM5_
MOD_ TIME - KADM5_
NEW_ LIB_ API_ VERSION - KADM5_
NEW_ SERVER_ API_ VERSION - KADM5_
NEW_ STRUCT_ VERSION - KADM5_
NOT_ INIT - KADM5_
NO_ RENAME_ SALT - KADM5_
NO_ SRV - KADM5_
OK - KADM5_
OLD_ LIB_ API_ VERSION - KADM5_
OLD_ SERVER_ API_ VERSION - KADM5_
OLD_ STRUCT_ VERSION - KADM5_
PASS_ Q_ CLASS - KADM5_
PASS_ Q_ DICT - KADM5_
PASS_ Q_ GENERIC - KADM5_
PASS_ Q_ TOOSHORT - KADM5_
PASS_ REUSE - KADM5_
PASS_ TOOSOON - KADM5_
POLICY - KADM5_
POLICY_ ALLOWED_ KEYSALTS - KADM5_
POLICY_ ATTRIBUTES - KADM5_
POLICY_ CLR - KADM5_
POLICY_ MAX_ LIFE - KADM5_
POLICY_ MAX_ RLIFE - KADM5_
POLICY_ REF - KADM5_
POLICY_ TL_ DATA - KADM5_
PRINCIPAL - KADM5_
PRINCIPAL_ NORMAL_ MASK - KADM5_
PRINC_ EXPIRE_ TIME - KADM5_
PRIV_ ADD - KADM5_
PRIV_ DELETE - KADM5_
PRIV_ GET - KADM5_
PRIV_ MODIFY - KADM5_
PROTECT_ KEYS - KADM5_
PROTECT_ PRINCIPAL - KADM5_
PW_ EXPIRATION - KADM5_
PW_ FAILURE_ COUNT_ INTERVAL - KADM5_
PW_ HISTORY_ NUM - KADM5_
PW_ LOCKOUT_ DURATION - KADM5_
PW_ MAX_ FAILURE - KADM5_
PW_ MAX_ LIFE - KADM5_
PW_ MIN_ CLASSES - KADM5_
PW_ MIN_ LENGTH - KADM5_
PW_ MIN_ LIFE - KADM5_
REF_ COUNT - KADM5_
RPC_ ERROR - KADM5_
SECURE_ PRINC_ MISSING - KADM5_
SETKE Y3_ ETYPE_ MISMATCH - KADM5_
SETKEY_ BAD_ KVNO - KADM5_
SETKEY_ DUP_ ENCTYPES - KADM5_
SETV4KEY_ INVAL_ ENCTYPE - KADM5_
STRUCT_ VERSION - KADM5_
STRUCT_ VERSION_ 1 - KADM5_
STRUCT_ VERSION_ MASK - KADM5_
TL_ DATA - KADM5_
UNK_ POLICY - KADM5_
UNK_ PRINC - KADM5_
XDR_ FAILURE - KRB5_
KDB_ DISALLOW_ ALL_ TIX - KRB5_
KDB_ DISALLOW_ DUP_ SKEY - KRB5_
KDB_ DISALLOW_ FORWARDABLE - KRB5_
KDB_ DISALLOW_ POSTDATED - KRB5_
KDB_ DISALLOW_ PROXIABLE - KRB5_
KDB_ DISALLOW_ RENEWABLE - KRB5_
KDB_ DISALLOW_ SVR - KRB5_
KDB_ DISALLOW_ TGT_ BASED - KRB5_
KDB_ LOCKDOWN_ KEYS - KRB5_
KDB_ NEW_ PRINC - KRB5_
KDB_ NO_ AUTH_ DATA_ REQUIRED - KRB5_
KDB_ OK_ AS_ DELEGATE - KRB5_
KDB_ OK_ TO_ AUTH_ AS_ DELEGATE - KRB5_
KDB_ PWCHANGE_ SERVICE - KRB5_
KDB_ REQUIRES_ HW_ AUTH - KRB5_
KDB_ REQUIRES_ PRE_ AUTH - KRB5_
KDB_ REQUIRES_ PWCHANGE - KRB5_
KDB_ SALTTYPE_ CERTHASH - KRB5_
KDB_ SALTTYPE_ NOREALM - KRB5_
KDB_ SALTTYPE_ NORMAL - KRB5_
KDB_ SALTTYPE_ ONLYREALM - KRB5_
KDB_ SALTTYPE_ SPECIAL - KRB5_
KDB_ SUPPORT_ DESM D5 - KRB5_
NT_ SRV_ HST - KRB5_OK
- KRB5_
TL_ LAST_ ADMIN_ UNLOCK
Functions§
- kadm5_
chpass_ ⚠principal - kadm5_
chpass_ ⚠principal_ 3 - kadm5_
chpass_ ⚠principal_ util - kadm5_
create_ ⚠policy - kadm5_
create_ ⚠principal - kadm5_
create_ ⚠principal_ 3 - kadm5_
decrypt_ ⚠key - kadm5_
delete_ ⚠policy - kadm5_
delete_ ⚠principal - kadm5_
destroy ⚠ - kadm5_
flush ⚠ - kadm5_
free_ ⚠config_ params - kadm5_
free_ ⚠kadm5_ key_ data - kadm5_
free_ ⚠key_ data - kadm5_
free_ ⚠name_ list - kadm5_
free_ ⚠policy_ ent - kadm5_
free_ ⚠principal_ ent - kadm5_
free_ ⚠strings - kadm5_
get_ ⚠admin_ service_ name - kadm5_
get_ ⚠config_ params - functions
- kadm5_
get_ ⚠policies - kadm5_
get_ ⚠policy - kadm5_
get_ ⚠principal - kadm5_
get_ ⚠principal_ keys - kadm5_
get_ ⚠principals - kadm5_
get_ ⚠privs - kadm5_
get_ ⚠strings - kadm5_
init ⚠ - For all initialization functions, the caller must first initialize a context with kadm5_init_krb5_context which will survive as long as the resulting handle. The caller should free the context with krb5_free_context.
- kadm5_
init_ ⚠anonymous - kadm5_
init_ ⚠iprop - kadm5_
init_ ⚠krb5_ context - kadm5_
init_ ⚠with_ creds - kadm5_
init_ ⚠with_ password - kadm5_
init_ ⚠with_ skey - kadm5_
lock ⚠ - kadm5_
modify_ ⚠policy - kadm5_
modify_ ⚠principal - kadm5_
purgekeys ⚠ - kadm5_
randkey_ ⚠principal - kadm5_
randkey_ ⚠principal_ 3 - kadm5_
rename_ ⚠principal - kadm5_
set_ ⚠string - kadm5_
setkey_ ⚠principal - kadm5_
setkey_ ⚠principal_ 3 - kadm5_
setkey_ ⚠principal_ 4 - kadm5_
unlock ⚠ - krb5_
cc_ ⚠close - Close a credential cache handle.
- krb5_
cc_ ⚠default - Resolve the default credential cache name.
- krb5_
cc_ ⚠get_ principal - Get the default principal of a credential cache.
- krb5_
cc_ ⚠resolve - Resolve a credential cache name.
- krb5_
enctype_ ⚠to_ string - Convert an encryption type to a string.
- krb5_
free_ ⚠context - Free a krb5 library context.
- krb5_
free_ ⚠default_ realm - Free a default realm string returned by krb5_get_default_realm().
- krb5_
free_ ⚠error_ message - Free an error message generated by krb5_get_error_message().
- krb5_
free_ ⚠principal - krb5_free.c / /* Free the storage assigned to a principal.
- krb5_
free_ ⚠unparsed_ name - Free a string representation of a principal.
- krb5_
get_ ⚠default_ realm - Retrieve the default realm.
- krb5_
get_ ⚠error_ message - Get the (possibly extended) error message for a code.
- krb5_
init_ ⚠context - Create a krb5 library context.
- krb5_
parse_ ⚠name - Convert a string principal name to a krb5_principal structure.
- krb5_
salttype_ ⚠to_ string - Convert a salt type to a string.
- krb5_
sname_ ⚠to_ principal - Generate a full principal name from a service name.
- krb5_
string_ ⚠to_ enctype - str_conv.c / /* Convert a string to an encryption type.
- krb5_
string_ ⚠to_ salttype - Convert a string to a salt type.
- krb5_
unparse_ ⚠name - Convert a krb5_principal structure to a string representation.
Type Aliases§
- bool_t
- kadm5_
config_ params - Data structure returned by kadm5_get_config_params()
- kadm5_
key_ data - kadm5_
policy_ ent_ rec - kadm5_
policy_ ent_ t - kadm5_
policy_ t - kadm5_
princ_ t - kadm5_
principal_ ent_ rec - kadm5_
principal_ ent_ t - kadm5_
ret_ t - krb5_
boolean - krb5_
ccache - krb5_
const_ principal - Constant version of krb5_principal_data.
- krb5_
context - krb5_
data - krb5_
deltat - krb5_
enctype - krb5_
error_ code - Used to convey an operation status. The value 0 indicates success; any other values are com_err codes. Use krb5_get_error_message() to obtain a string describing the error.
- krb5_
flags - krb5_
int16 - krb5_
int32 - krb5_
key_ data - If this ever changes up the version number and make the arrays be as big as necessary.
- krb5_
key_ salt_ tuple - krb5_
keyblock - Exposed contents of a key.
- krb5_
keysalt - krb5_
kvno - krb5_
magic - krb5_
octet - Word-size related definition.
- krb5_
principal - krb5_
string_ attr - String attributes (currently stored inside tl-data) map C string keys to values. They can be set via kadmin and consumed by KDC plugins.
- krb5_
timestamp - Represents a timestamp in seconds since the POSIX epoch. This legacy type is used frequently in the ABI, but cannot represent timestamps after 2038 as a positive number. Code which uses this type should cast values of it to uint32_t so that negative values are treated as timestamps between 2038 and 2106 on platforms with 64-bit time_t.
- krb5_
tl_ data - Note — these structures cannot be modified without changing the database version number in libkdb.a, but should be expandable by adding new tl_data types.
- krb5_
ui_ 2 - krb5_
ui_ 4