xref: /illumos-gate/usr/src/lib/gss_mechs/mech_krb5/include/krb5/adm.h (revision 1da57d551424de5a9d469760be7c4b4d4f10a755)
1 /*
2  * include/krb5/adm.h
3  *
4  * Copyright 1995,2001 by the Massachusetts Institute of Technology.
5  * All Rights Reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  *
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  *
26  */
27 #ifndef	KRB5_ADM_H__
28 #define	KRB5_ADM_H__
29 
30 /*
31  * Kerberos V5 Change Password service name
32  */
33 #define	KRB5_ADM_SERVICE_NAME	"kpasswd"
34 #define	KRB5_ADM_DEFAULT_PORT	464
35 
36 #define KRB5_ADM_SERVICE_INSTANCE "changepw"
37 
38 /*
39  * Maximum password length.
40  */
41 #define	KRB5_ADM_MAX_PASSWORD_LEN	512
42 
43 /*
44  * Protocol command strings.
45  */
46 #define	KRB5_ADM_QUIT_CMD	"QUIT"
47 #define	KRB5_ADM_CHECKPW_CMD	"CHECKPW"
48 #define	KRB5_ADM_CHANGEPW_CMD	"CHANGEPW"
49 #define	KRB5_ADM_MOTD_CMD	"MOTD"
50 #define	KRB5_ADM_MIME_CMD	"MIME"
51 #define	KRB5_ADM_LANGUAGE_CMD	"LANGUAGE"
52 
53 #define	KRB5_ADM_ADD_PRINC_CMD	"ADD-PRINCIPAL"
54 #define	KRB5_ADM_DEL_PRINC_CMD	"DELETE-PRINCIPAL"
55 #define	KRB5_ADM_REN_PRINC_CMD	"RENAME-PRINCIPAL"
56 #define	KRB5_ADM_MOD_PRINC_CMD	"MODIFY-PRINCIPAL"
57 #define	KRB5_ADM_INQ_PRINC_CMD	"INQUIRE-PRINCIPAL"
58 #define	KRB5_ADM_EXT_KEY_CMD	"EXTRACT-KEY"
59 
60 /*
61  * Protocol command strings for the current version of the admin
62  * server.  (Chris had removed them in the version he was working
63  * with.)
64  *
65  * XXX I'm adding them back so the tree works.  We need to take care
66  * of this eventually.
67  */
68 #define       KRB5_ADM_CHG_OPW_CMD    "OTHER-CHANGEPW"
69 #define       KRB5_ADM_CHG_ORPW_CMD   "OTHER-RANDOM-CHANGEPW"
70 #define       KRB5_ADM_ADD_KEY_CMD    "ADD-KEY"
71 #define       KRB5_ADM_DEL_KEY_CMD    "DELETE-KEY"
72 
73 /*
74  * Reply status values.
75  */
76 #define	KRB5_ADM_SUCCESS		0
77 #define	KRB5_ADM_CMD_UNKNOWN		1
78 #define	KRB5_ADM_PW_UNACCEPT		2
79 #define	KRB5_ADM_BAD_PW			3
80 #define	KRB5_ADM_NOT_IN_TKT		4
81 #define	KRB5_ADM_CANT_CHANGE		5
82 #define	KRB5_ADM_LANG_NOT_SUPPORTED	6
83 
84 #define	KRB5_ADM_P_ALREADY_EXISTS	64
85 #define	KRB5_ADM_P_DOES_NOT_EXIST	65
86 #define	KRB5_ADM_NOT_AUTHORIZED		66
87 #define	KRB5_ADM_BAD_OPTION		67
88 #define	KRB5_ADM_VALUE_REQUIRED		68
89 #define	KRB5_ADM_SYSTEM_ERROR		69
90 #define	KRB5_ADM_KEY_DOES_NOT_EXIST	70
91 #define	KRB5_ADM_KEY_ALREADY_EXISTS	71
92 
93 /*
94  * Principal flag keywords.
95  */
96 /* Settable only */
97 #define	KRB5_ADM_KW_PASSWORD		"PASSWORD"
98 #define	KRB5_ADM_KW_APASSWORD		"APASSWORD"
99 #define	KRB5_ADM_KW_RANDOMKEY		"RANDOMKEY"
100 #define	KRB5_ADM_KW_ARANDOMKEY		"ARANDOMKEY"
101 #define	KRB5_ADM_KW_SETFLAGS		"SETFLAGS"
102 #define	KRB5_ADM_KW_UNSETFLAGS		"UNSETFLAGS"
103 /* Settable and retrievable */
104 #define	KRB5_ADM_KW_MAXLIFE		"MAXLIFE"
105 #define	KRB5_ADM_KW_MAXRENEWLIFE	"MAXRENEWLIFE"
106 #define	KRB5_ADM_KW_EXPIRATION		"EXPIRATION"
107 #define	KRB5_ADM_KW_PWEXPIRATION	"PWEXPIRATION"
108 #define	KRB5_ADM_KW_FLAGS		"FLAGS"
109 #define	KRB5_ADM_KW_AUXDATA		"AUXDATA"
110 #define	KRB5_ADM_KW_EXTRADATA		"EXTRADATA"
111 /* Retrievable only */
112 #define	KRB5_ADM_KW_LASTPWCHANGE	"LASTPWCHANGE"
113 #define	KRB5_ADM_KW_LASTSUCCESS		"LASTSUCCESS"
114 #define	KRB5_ADM_KW_LASTFAILED		"LASTFAILED"
115 #define	KRB5_ADM_KW_FAILCOUNT		"FAILCOUNT"
116 #define	KRB5_ADM_KW_KEYDATA		"KEYDATA"
117 
118 /* Valid mask */
119 #define	KRB5_ADM_M_PASSWORD		0x00000001
120 #define	KRB5_ADM_M_MAXLIFE		0x00000002
121 #define	KRB5_ADM_M_MAXRENEWLIFE		0x00000004
122 #define	KRB5_ADM_M_EXPIRATION		0x00000008
123 #define	KRB5_ADM_M_PWEXPIRATION		0x00000010
124 #define	KRB5_ADM_M_RANDOMKEY		0x00000020
125 #define	KRB5_ADM_M_FLAGS		0x00000040
126 #define	KRB5_ADM_M_LASTPWCHANGE		0x00000080
127 #define	KRB5_ADM_M_LASTSUCCESS		0x00000100
128 #define	KRB5_ADM_M_LASTFAILED		0x00000200
129 #define	KRB5_ADM_M_FAILCOUNT		0x00000400
130 #define	KRB5_ADM_M_AUXDATA		0x00000800
131 #define	KRB5_ADM_M_KEYDATA		0x00001000
132 #define	KRB5_ADM_M_APASSWORD		0x00002000
133 #define	KRB5_ADM_M_ARANDOMKEY		0x00004000
134 #define	KRB5_ADM_M_UNUSED_15		0x00008000
135 #define	KRB5_ADM_M_UNUSED_16		0x00010000
136 #define KRB5_ADM_M_UNUSED_17		0x00020000
137 #define	KRB5_ADM_M_UNUSED_18		0x00040000
138 #define	KRB5_ADM_M_UNUSED_19		0x00080000
139 #define	KRB5_ADM_M_UNUSED_20		0x00100000
140 #define	KRB5_ADM_M_UNUSED_21		0x00200000
141 #define	KRB5_ADM_M_UNUSED_22		0x00400000
142 #define	KRB5_ADM_M_UNUSED_23		0x00800000
143 #define	KRB5_ADM_M_UNUSED_24		0x01000000
144 #define	KRB5_ADM_M_UNUSED_25		0x02000000
145 #define	KRB5_ADM_M_UNUSED_26		0x04000000
146 #define	KRB5_ADM_M_UNUSED_27		0x08000000
147 #define	KRB5_ADM_M_UNUSED_28		0x10000000
148 #define	KRB5_ADM_M_UNUSED_29		0x20000000
149 #define	KRB5_ADM_M_GET			0x40000000
150 #define	KRB5_ADM_M_SET			0x80000000
151 
152 #define KRB5_ADM_M_EXTRADATA		0x00000000 /* Hack to get */
153 						   /* libkadm to compile */
154 
155 #define	KRB5_ADM_M_SET_VALID		(KRB5_ADM_M_SET		+ \
156 					 KRB5_ADM_M_PASSWORD	+ \
157 					 KRB5_ADM_M_APASSWORD	+ \
158 					 KRB5_ADM_M_MAXLIFE	+ \
159 					 KRB5_ADM_M_MAXRENEWLIFE+ \
160 					 KRB5_ADM_M_EXPIRATION	+ \
161 					 KRB5_ADM_M_PWEXPIRATION+ \
162 					 KRB5_ADM_M_RANDOMKEY	+ \
163 					 KRB5_ADM_M_ARANDOMKEY	+ \
164 					 KRB5_ADM_M_FLAGS	+ \
165 					 KRB5_ADM_M_AUXDATA)
166 #define	KRB5_ADM_M_GET_VALID		(KRB5_ADM_M_GET		+ \
167 					 KRB5_ADM_M_MAXLIFE	+ \
168 					 KRB5_ADM_M_MAXRENEWLIFE+ \
169 					 KRB5_ADM_M_EXPIRATION	+ \
170 					 KRB5_ADM_M_PWEXPIRATION+ \
171 					 KRB5_ADM_M_FLAGS	+ \
172 					 KRB5_ADM_M_LASTPWCHANGE+ \
173 					 KRB5_ADM_M_LASTSUCCESS	+ \
174 					 KRB5_ADM_M_LASTFAILED	+ \
175 					 KRB5_ADM_M_FAILCOUNT	+ \
176 					 KRB5_ADM_M_AUXDATA	+ \
177 					 KRB5_ADM_M_KEYDATA)
178 
179 /*
180  * Keytab reply components.
181  */
182 #define	KRB5_ADM_KT_PRINCIPAL	0
183 #define	KRB5_ADM_KT_TIMESTAMP	1
184 #define	KRB5_ADM_KT_VNO		2
185 #define	KRB5_ADM_KT_KEY_ENCTYPE	3
186 #define	KRB5_ADM_KT_KEY_KEY	4
187 #define	KRB5_ADM_KT_NCOMPS	5
188 
189 /* for krb5_key_salt_tuple */
190 #include "kdb.h"
191 
192 /*
193  * Data structure returned by krb5_read_realm_params()
194  */
195 typedef struct __krb5_realm_params {
196     char *		realm_profile;
197     char *		realm_dbname;
198     char *		realm_mkey_name;
199     char *		realm_stash_file;
200     char *		realm_kdc_ports;
201     char *		realm_kdc_tcp_ports;
202     char *		realm_acl_file;
203     krb5_int32		realm_kadmind_port;
204     krb5_enctype	realm_enctype;
205     krb5_deltat		realm_max_life;
206     krb5_deltat		realm_max_rlife;
207     krb5_timestamp	realm_expiration;
208     krb5_flags		realm_flags;
209     krb5_key_salt_tuple	*realm_keysalts;
210     unsigned int	realm_reject_bad_transit:1;
211     unsigned int	realm_kadmind_port_valid:1;
212     unsigned int	realm_enctype_valid:1;
213     unsigned int	realm_max_life_valid:1;
214     unsigned int	realm_max_rlife_valid:1;
215     unsigned int	realm_expiration_valid:1;
216     unsigned int	realm_flags_valid:1;
217     unsigned int	realm_reject_bad_transit_valid:1;
218     krb5_int32		realm_num_keysalts;
219 } krb5_realm_params;
220 #endif	/* KRB5_ADM_H__ */
221