1 /* 2 * include/krb5/adm.h 3 * 4 * Copyright 1995,2001 by the Massachusetts Institute of Technology. 5 * All Rights Reserved. 6 * 7 * Export of this software from the United States of America may 8 * require a specific license from the United States Government. 9 * It is the responsibility of any person or organization contemplating 10 * export to obtain such a license before exporting. 11 * 12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 13 * distribute this software and its documentation for any purpose and 14 * without fee is hereby granted, provided that the above copyright 15 * notice appear in all copies and that both that copyright notice and 16 * this permission notice appear in supporting documentation, and that 17 * the name of M.I.T. not be used in advertising or publicity pertaining 18 * to distribution of the software without specific, written prior 19 * permission. Furthermore if you modify this software you must label 20 * your software as modified software and not distribute it in such a 21 * fashion that it might be confused with the original M.I.T. software. 22 * M.I.T. makes no representations about the suitability of 23 * this software for any purpose. It is provided "as is" without express 24 * or implied warranty. 25 * 26 */ 27 #ifndef KRB5_ADM_H__ 28 #define KRB5_ADM_H__ 29 30 /* 31 * Kerberos V5 Change Password service name 32 */ 33 #define KRB5_ADM_SERVICE_NAME "kpasswd" 34 #define KRB5_ADM_DEFAULT_PORT 464 35 36 #define KRB5_ADM_SERVICE_INSTANCE "changepw" 37 38 /* 39 * Maximum password length. 40 */ 41 #define KRB5_ADM_MAX_PASSWORD_LEN 512 42 43 /* 44 * Protocol command strings. 45 */ 46 #define KRB5_ADM_QUIT_CMD "QUIT" 47 #define KRB5_ADM_CHECKPW_CMD "CHECKPW" 48 #define KRB5_ADM_CHANGEPW_CMD "CHANGEPW" 49 #define KRB5_ADM_MOTD_CMD "MOTD" 50 #define KRB5_ADM_MIME_CMD "MIME" 51 #define KRB5_ADM_LANGUAGE_CMD "LANGUAGE" 52 53 #define KRB5_ADM_ADD_PRINC_CMD "ADD-PRINCIPAL" 54 #define KRB5_ADM_DEL_PRINC_CMD "DELETE-PRINCIPAL" 55 #define KRB5_ADM_REN_PRINC_CMD "RENAME-PRINCIPAL" 56 #define KRB5_ADM_MOD_PRINC_CMD "MODIFY-PRINCIPAL" 57 #define KRB5_ADM_INQ_PRINC_CMD "INQUIRE-PRINCIPAL" 58 #define KRB5_ADM_EXT_KEY_CMD "EXTRACT-KEY" 59 60 /* 61 * Protocol command strings for the current version of the admin 62 * server. (Chris had removed them in the version he was working 63 * with.) 64 * 65 * XXX I'm adding them back so the tree works. We need to take care 66 * of this eventually. 67 */ 68 #define KRB5_ADM_CHG_OPW_CMD "OTHER-CHANGEPW" 69 #define KRB5_ADM_CHG_ORPW_CMD "OTHER-RANDOM-CHANGEPW" 70 #define KRB5_ADM_ADD_KEY_CMD "ADD-KEY" 71 #define KRB5_ADM_DEL_KEY_CMD "DELETE-KEY" 72 73 /* 74 * Reply status values. 75 */ 76 #define KRB5_ADM_SUCCESS 0 77 #define KRB5_ADM_CMD_UNKNOWN 1 78 #define KRB5_ADM_PW_UNACCEPT 2 79 #define KRB5_ADM_BAD_PW 3 80 #define KRB5_ADM_NOT_IN_TKT 4 81 #define KRB5_ADM_CANT_CHANGE 5 82 #define KRB5_ADM_LANG_NOT_SUPPORTED 6 83 84 #define KRB5_ADM_P_ALREADY_EXISTS 64 85 #define KRB5_ADM_P_DOES_NOT_EXIST 65 86 #define KRB5_ADM_NOT_AUTHORIZED 66 87 #define KRB5_ADM_BAD_OPTION 67 88 #define KRB5_ADM_VALUE_REQUIRED 68 89 #define KRB5_ADM_SYSTEM_ERROR 69 90 #define KRB5_ADM_KEY_DOES_NOT_EXIST 70 91 #define KRB5_ADM_KEY_ALREADY_EXISTS 71 92 93 /* 94 * Principal flag keywords. 95 */ 96 /* Settable only */ 97 #define KRB5_ADM_KW_PASSWORD "PASSWORD" 98 #define KRB5_ADM_KW_APASSWORD "APASSWORD" 99 #define KRB5_ADM_KW_RANDOMKEY "RANDOMKEY" 100 #define KRB5_ADM_KW_ARANDOMKEY "ARANDOMKEY" 101 #define KRB5_ADM_KW_SETFLAGS "SETFLAGS" 102 #define KRB5_ADM_KW_UNSETFLAGS "UNSETFLAGS" 103 /* Settable and retrievable */ 104 #define KRB5_ADM_KW_MAXLIFE "MAXLIFE" 105 #define KRB5_ADM_KW_MAXRENEWLIFE "MAXRENEWLIFE" 106 #define KRB5_ADM_KW_EXPIRATION "EXPIRATION" 107 #define KRB5_ADM_KW_PWEXPIRATION "PWEXPIRATION" 108 #define KRB5_ADM_KW_FLAGS "FLAGS" 109 #define KRB5_ADM_KW_AUXDATA "AUXDATA" 110 #define KRB5_ADM_KW_EXTRADATA "EXTRADATA" 111 /* Retrievable only */ 112 #define KRB5_ADM_KW_LASTPWCHANGE "LASTPWCHANGE" 113 #define KRB5_ADM_KW_LASTSUCCESS "LASTSUCCESS" 114 #define KRB5_ADM_KW_LASTFAILED "LASTFAILED" 115 #define KRB5_ADM_KW_FAILCOUNT "FAILCOUNT" 116 #define KRB5_ADM_KW_KEYDATA "KEYDATA" 117 118 /* Valid mask */ 119 #define KRB5_ADM_M_PASSWORD 0x00000001 120 #define KRB5_ADM_M_MAXLIFE 0x00000002 121 #define KRB5_ADM_M_MAXRENEWLIFE 0x00000004 122 #define KRB5_ADM_M_EXPIRATION 0x00000008 123 #define KRB5_ADM_M_PWEXPIRATION 0x00000010 124 #define KRB5_ADM_M_RANDOMKEY 0x00000020 125 #define KRB5_ADM_M_FLAGS 0x00000040 126 #define KRB5_ADM_M_LASTPWCHANGE 0x00000080 127 #define KRB5_ADM_M_LASTSUCCESS 0x00000100 128 #define KRB5_ADM_M_LASTFAILED 0x00000200 129 #define KRB5_ADM_M_FAILCOUNT 0x00000400 130 #define KRB5_ADM_M_AUXDATA 0x00000800 131 #define KRB5_ADM_M_KEYDATA 0x00001000 132 #define KRB5_ADM_M_APASSWORD 0x00002000 133 #define KRB5_ADM_M_ARANDOMKEY 0x00004000 134 #define KRB5_ADM_M_UNUSED_15 0x00008000 135 #define KRB5_ADM_M_UNUSED_16 0x00010000 136 #define KRB5_ADM_M_UNUSED_17 0x00020000 137 #define KRB5_ADM_M_UNUSED_18 0x00040000 138 #define KRB5_ADM_M_UNUSED_19 0x00080000 139 #define KRB5_ADM_M_UNUSED_20 0x00100000 140 #define KRB5_ADM_M_UNUSED_21 0x00200000 141 #define KRB5_ADM_M_UNUSED_22 0x00400000 142 #define KRB5_ADM_M_UNUSED_23 0x00800000 143 #define KRB5_ADM_M_UNUSED_24 0x01000000 144 #define KRB5_ADM_M_UNUSED_25 0x02000000 145 #define KRB5_ADM_M_UNUSED_26 0x04000000 146 #define KRB5_ADM_M_UNUSED_27 0x08000000 147 #define KRB5_ADM_M_UNUSED_28 0x10000000 148 #define KRB5_ADM_M_UNUSED_29 0x20000000 149 #define KRB5_ADM_M_GET 0x40000000 150 #define KRB5_ADM_M_SET 0x80000000 151 152 #define KRB5_ADM_M_EXTRADATA 0x00000000 /* Hack to get */ 153 /* libkadm to compile */ 154 155 #define KRB5_ADM_M_SET_VALID (KRB5_ADM_M_SET + \ 156 KRB5_ADM_M_PASSWORD + \ 157 KRB5_ADM_M_APASSWORD + \ 158 KRB5_ADM_M_MAXLIFE + \ 159 KRB5_ADM_M_MAXRENEWLIFE+ \ 160 KRB5_ADM_M_EXPIRATION + \ 161 KRB5_ADM_M_PWEXPIRATION+ \ 162 KRB5_ADM_M_RANDOMKEY + \ 163 KRB5_ADM_M_ARANDOMKEY + \ 164 KRB5_ADM_M_FLAGS + \ 165 KRB5_ADM_M_AUXDATA) 166 #define KRB5_ADM_M_GET_VALID (KRB5_ADM_M_GET + \ 167 KRB5_ADM_M_MAXLIFE + \ 168 KRB5_ADM_M_MAXRENEWLIFE+ \ 169 KRB5_ADM_M_EXPIRATION + \ 170 KRB5_ADM_M_PWEXPIRATION+ \ 171 KRB5_ADM_M_FLAGS + \ 172 KRB5_ADM_M_LASTPWCHANGE+ \ 173 KRB5_ADM_M_LASTSUCCESS + \ 174 KRB5_ADM_M_LASTFAILED + \ 175 KRB5_ADM_M_FAILCOUNT + \ 176 KRB5_ADM_M_AUXDATA + \ 177 KRB5_ADM_M_KEYDATA) 178 179 /* 180 * Keytab reply components. 181 */ 182 #define KRB5_ADM_KT_PRINCIPAL 0 183 #define KRB5_ADM_KT_TIMESTAMP 1 184 #define KRB5_ADM_KT_VNO 2 185 #define KRB5_ADM_KT_KEY_ENCTYPE 3 186 #define KRB5_ADM_KT_KEY_KEY 4 187 #define KRB5_ADM_KT_NCOMPS 5 188 189 /* for krb5_key_salt_tuple */ 190 #include "kdb.h" 191 192 /* 193 * Data structure returned by krb5_read_realm_params() 194 */ 195 typedef struct __krb5_realm_params { 196 char * realm_profile; 197 char * realm_dbname; 198 char * realm_mkey_name; 199 char * realm_stash_file; 200 char * realm_kdc_ports; 201 char * realm_kdc_tcp_ports; 202 char * realm_acl_file; 203 krb5_int32 realm_kadmind_port; 204 krb5_enctype realm_enctype; 205 krb5_deltat realm_max_life; 206 krb5_deltat realm_max_rlife; 207 krb5_timestamp realm_expiration; 208 krb5_flags realm_flags; 209 krb5_key_salt_tuple *realm_keysalts; 210 unsigned int realm_reject_bad_transit:1; 211 unsigned int realm_kadmind_port_valid:1; 212 unsigned int realm_enctype_valid:1; 213 unsigned int realm_max_life_valid:1; 214 unsigned int realm_max_rlife_valid:1; 215 unsigned int realm_expiration_valid:1; 216 unsigned int realm_flags_valid:1; 217 unsigned int realm_reject_bad_transit_valid:1; 218 krb5_int32 realm_num_keysalts; 219 } krb5_realm_params; 220 #endif /* KRB5_ADM_H__ */ 221