1 #pragma ident "%Z%%M% %I% %E% SMI" 2 /* 3 * include/krb5/adm.h 4 * 5 * Copyright 1995,2001 by the Massachusetts Institute of Technology. 6 * All Rights Reserved. 7 * 8 * Export of this software from the United States of America may 9 * require a specific license from the United States Government. 10 * It is the responsibility of any person or organization contemplating 11 * export to obtain such a license before exporting. 12 * 13 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 14 * distribute this software and its documentation for any purpose and 15 * without fee is hereby granted, provided that the above copyright 16 * notice appear in all copies and that both that copyright notice and 17 * this permission notice appear in supporting documentation, and that 18 * the name of M.I.T. not be used in advertising or publicity pertaining 19 * to distribution of the software without specific, written prior 20 * permission. Furthermore if you modify this software you must label 21 * your software as modified software and not distribute it in such a 22 * fashion that it might be confused with the original M.I.T. software. 23 * M.I.T. makes no representations about the suitability of 24 * this software for any purpose. It is provided "as is" without express 25 * or implied warranty. 26 * 27 */ 28 #ifndef KRB5_ADM_H__ 29 #define KRB5_ADM_H__ 30 31 /* 32 * Kerberos V5 Change Password service name 33 */ 34 #define KRB5_ADM_SERVICE_NAME "kpasswd" 35 #define KRB5_ADM_DEFAULT_PORT 464 36 37 #define KRB5_ADM_SERVICE_INSTANCE "changepw" 38 39 /* 40 * Maximum password length. 41 */ 42 #define KRB5_ADM_MAX_PASSWORD_LEN 512 43 44 /* 45 * Protocol command strings. 46 */ 47 #define KRB5_ADM_QUIT_CMD "QUIT" 48 #define KRB5_ADM_CHECKPW_CMD "CHECKPW" 49 #define KRB5_ADM_CHANGEPW_CMD "CHANGEPW" 50 #define KRB5_ADM_MOTD_CMD "MOTD" 51 #define KRB5_ADM_MIME_CMD "MIME" 52 #define KRB5_ADM_LANGUAGE_CMD "LANGUAGE" 53 54 #define KRB5_ADM_ADD_PRINC_CMD "ADD-PRINCIPAL" 55 #define KRB5_ADM_DEL_PRINC_CMD "DELETE-PRINCIPAL" 56 #define KRB5_ADM_REN_PRINC_CMD "RENAME-PRINCIPAL" 57 #define KRB5_ADM_MOD_PRINC_CMD "MODIFY-PRINCIPAL" 58 #define KRB5_ADM_INQ_PRINC_CMD "INQUIRE-PRINCIPAL" 59 #define KRB5_ADM_EXT_KEY_CMD "EXTRACT-KEY" 60 61 /* 62 * Protocol command strings for the current version of the admin 63 * server. (Chris had removed them in the version he was working 64 * with.) 65 * 66 * XXX I'm adding them back so the tree works. We need to take care 67 * of this eventually. 68 */ 69 #define KRB5_ADM_CHG_OPW_CMD "OTHER-CHANGEPW" 70 #define KRB5_ADM_CHG_ORPW_CMD "OTHER-RANDOM-CHANGEPW" 71 #define KRB5_ADM_ADD_KEY_CMD "ADD-KEY" 72 #define KRB5_ADM_DEL_KEY_CMD "DELETE-KEY" 73 74 /* 75 * Reply status values. 76 */ 77 #define KRB5_ADM_SUCCESS 0 78 #define KRB5_ADM_CMD_UNKNOWN 1 79 #define KRB5_ADM_PW_UNACCEPT 2 80 #define KRB5_ADM_BAD_PW 3 81 #define KRB5_ADM_NOT_IN_TKT 4 82 #define KRB5_ADM_CANT_CHANGE 5 83 #define KRB5_ADM_LANG_NOT_SUPPORTED 6 84 85 #define KRB5_ADM_P_ALREADY_EXISTS 64 86 #define KRB5_ADM_P_DOES_NOT_EXIST 65 87 #define KRB5_ADM_NOT_AUTHORIZED 66 88 #define KRB5_ADM_BAD_OPTION 67 89 #define KRB5_ADM_VALUE_REQUIRED 68 90 #define KRB5_ADM_SYSTEM_ERROR 69 91 #define KRB5_ADM_KEY_DOES_NOT_EXIST 70 92 #define KRB5_ADM_KEY_ALREADY_EXISTS 71 93 94 /* 95 * Principal flag keywords. 96 */ 97 /* Settable only */ 98 #define KRB5_ADM_KW_PASSWORD "PASSWORD" 99 #define KRB5_ADM_KW_APASSWORD "APASSWORD" 100 #define KRB5_ADM_KW_RANDOMKEY "RANDOMKEY" 101 #define KRB5_ADM_KW_ARANDOMKEY "ARANDOMKEY" 102 #define KRB5_ADM_KW_SETFLAGS "SETFLAGS" 103 #define KRB5_ADM_KW_UNSETFLAGS "UNSETFLAGS" 104 /* Settable and retrievable */ 105 #define KRB5_ADM_KW_MAXLIFE "MAXLIFE" 106 #define KRB5_ADM_KW_MAXRENEWLIFE "MAXRENEWLIFE" 107 #define KRB5_ADM_KW_EXPIRATION "EXPIRATION" 108 #define KRB5_ADM_KW_PWEXPIRATION "PWEXPIRATION" 109 #define KRB5_ADM_KW_FLAGS "FLAGS" 110 #define KRB5_ADM_KW_AUXDATA "AUXDATA" 111 #define KRB5_ADM_KW_EXTRADATA "EXTRADATA" 112 /* Retrievable only */ 113 #define KRB5_ADM_KW_LASTPWCHANGE "LASTPWCHANGE" 114 #define KRB5_ADM_KW_LASTSUCCESS "LASTSUCCESS" 115 #define KRB5_ADM_KW_LASTFAILED "LASTFAILED" 116 #define KRB5_ADM_KW_FAILCOUNT "FAILCOUNT" 117 #define KRB5_ADM_KW_KEYDATA "KEYDATA" 118 119 /* Valid mask */ 120 #define KRB5_ADM_M_PASSWORD 0x00000001 121 #define KRB5_ADM_M_MAXLIFE 0x00000002 122 #define KRB5_ADM_M_MAXRENEWLIFE 0x00000004 123 #define KRB5_ADM_M_EXPIRATION 0x00000008 124 #define KRB5_ADM_M_PWEXPIRATION 0x00000010 125 #define KRB5_ADM_M_RANDOMKEY 0x00000020 126 #define KRB5_ADM_M_FLAGS 0x00000040 127 #define KRB5_ADM_M_LASTPWCHANGE 0x00000080 128 #define KRB5_ADM_M_LASTSUCCESS 0x00000100 129 #define KRB5_ADM_M_LASTFAILED 0x00000200 130 #define KRB5_ADM_M_FAILCOUNT 0x00000400 131 #define KRB5_ADM_M_AUXDATA 0x00000800 132 #define KRB5_ADM_M_KEYDATA 0x00001000 133 #define KRB5_ADM_M_APASSWORD 0x00002000 134 #define KRB5_ADM_M_ARANDOMKEY 0x00004000 135 #define KRB5_ADM_M_UNUSED_15 0x00008000 136 #define KRB5_ADM_M_UNUSED_16 0x00010000 137 #define KRB5_ADM_M_UNUSED_17 0x00020000 138 #define KRB5_ADM_M_UNUSED_18 0x00040000 139 #define KRB5_ADM_M_UNUSED_19 0x00080000 140 #define KRB5_ADM_M_UNUSED_20 0x00100000 141 #define KRB5_ADM_M_UNUSED_21 0x00200000 142 #define KRB5_ADM_M_UNUSED_22 0x00400000 143 #define KRB5_ADM_M_UNUSED_23 0x00800000 144 #define KRB5_ADM_M_UNUSED_24 0x01000000 145 #define KRB5_ADM_M_UNUSED_25 0x02000000 146 #define KRB5_ADM_M_UNUSED_26 0x04000000 147 #define KRB5_ADM_M_UNUSED_27 0x08000000 148 #define KRB5_ADM_M_UNUSED_28 0x10000000 149 #define KRB5_ADM_M_UNUSED_29 0x20000000 150 #define KRB5_ADM_M_GET 0x40000000 151 #define KRB5_ADM_M_SET 0x80000000 152 153 #define KRB5_ADM_M_EXTRADATA 0x00000000 /* Hack to get */ 154 /* libkadm to compile */ 155 156 #define KRB5_ADM_M_SET_VALID (KRB5_ADM_M_SET + \ 157 KRB5_ADM_M_PASSWORD + \ 158 KRB5_ADM_M_APASSWORD + \ 159 KRB5_ADM_M_MAXLIFE + \ 160 KRB5_ADM_M_MAXRENEWLIFE+ \ 161 KRB5_ADM_M_EXPIRATION + \ 162 KRB5_ADM_M_PWEXPIRATION+ \ 163 KRB5_ADM_M_RANDOMKEY + \ 164 KRB5_ADM_M_ARANDOMKEY + \ 165 KRB5_ADM_M_FLAGS + \ 166 KRB5_ADM_M_AUXDATA) 167 #define KRB5_ADM_M_GET_VALID (KRB5_ADM_M_GET + \ 168 KRB5_ADM_M_MAXLIFE + \ 169 KRB5_ADM_M_MAXRENEWLIFE+ \ 170 KRB5_ADM_M_EXPIRATION + \ 171 KRB5_ADM_M_PWEXPIRATION+ \ 172 KRB5_ADM_M_FLAGS + \ 173 KRB5_ADM_M_LASTPWCHANGE+ \ 174 KRB5_ADM_M_LASTSUCCESS + \ 175 KRB5_ADM_M_LASTFAILED + \ 176 KRB5_ADM_M_FAILCOUNT + \ 177 KRB5_ADM_M_AUXDATA + \ 178 KRB5_ADM_M_KEYDATA) 179 180 /* 181 * Keytab reply components. 182 */ 183 #define KRB5_ADM_KT_PRINCIPAL 0 184 #define KRB5_ADM_KT_TIMESTAMP 1 185 #define KRB5_ADM_KT_VNO 2 186 #define KRB5_ADM_KT_KEY_ENCTYPE 3 187 #define KRB5_ADM_KT_KEY_KEY 4 188 #define KRB5_ADM_KT_NCOMPS 5 189 190 /* for krb5_key_salt_tuple */ 191 #include "kdb.h" 192 193 /* 194 * Data structure returned by krb5_read_realm_params() 195 */ 196 typedef struct __krb5_realm_params { 197 char * realm_profile; 198 char * realm_dbname; 199 char * realm_mkey_name; 200 char * realm_stash_file; 201 char * realm_kdc_ports; 202 char * realm_kdc_tcp_ports; 203 char * realm_acl_file; 204 krb5_int32 realm_kadmind_port; 205 krb5_enctype realm_enctype; 206 krb5_deltat realm_max_life; 207 krb5_deltat realm_max_rlife; 208 krb5_timestamp realm_expiration; 209 krb5_flags realm_flags; 210 krb5_key_salt_tuple *realm_keysalts; 211 unsigned int realm_reject_bad_transit:1; 212 unsigned int realm_kadmind_port_valid:1; 213 unsigned int realm_enctype_valid:1; 214 unsigned int realm_max_life_valid:1; 215 unsigned int realm_max_rlife_valid:1; 216 unsigned int realm_expiration_valid:1; 217 unsigned int realm_flags_valid:1; 218 unsigned int realm_reject_bad_transit_valid:1; 219 krb5_int32 realm_num_keysalts; 220 } krb5_realm_params; 221 #endif /* KRB5_ADM_H__ */ 222