xref: /titanic_41/usr/src/lib/krb5/kadm5/server_internal.h (revision 88c462ee0aea8b5c9699d860327c4db0ca1bcb43) 
1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
8  *
9  *	Openvision retains the copyright to derivative works of
10  *	this source code.  Do *NOT* create a derivative of this
11  *	source code before consulting with your legal department.
12  *	Do *NOT* integrate *ANY* of this source code into another
13  *	product before consulting with your legal department.
14  *
15  *	For further information, read the top-level Openvision
16  *	copyright which is contained in the top-level MIT Kerberos
17  *	copyright.
18  *
19  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
20  *
21  */
22 
23 
24 /*
25  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
26  *
27  * $Header$
28  */
29 
30 /*
31  * This header file is used internally by the Admin API server
32  * libraries and Admin server.  IF YOU THINK YOU NEED TO USE THIS FILE
33  * FOR ANYTHING, YOU'RE ALMOST CERTAINLY WRONG.
34  */
35 
36 #ifndef __KADM5_SERVER_INTERNAL_H__
37 #define __KADM5_SERVER_INTERNAL_H__
38 
39 #ifdef HAVE_MEMORY_H
40 #include    <memory.h>
41 #endif
42 #include    <stdlib.h>
43 #include    <errno.h>
44 #include    "k5-int.h"
45 #include    <krb5/kdb.h>
46 #include    <kadm5/admin.h>
47 #include    <rpc/xdr.h>
48 #include    "admin_internal.h"
49 
50 typedef struct _kadm5_server_handle_t {
51 	krb5_ui_4	magic_number;
52 	krb5_ui_4	struct_version;
53 	krb5_ui_4	api_version;
54 	krb5_context	context;
55 	krb5_principal	current_caller;
56 	kadm5_config_params  params;
57 	struct _kadm5_server_handle_t *lhandle;
58         char **db_args;
59 	krb5_keyblock	master_keyblock;
60 } kadm5_server_handle_rec, *kadm5_server_handle_t;
61 
62 #define OSA_ADB_PRINC_VERSION_1  0x12345C01
63 
64 typedef struct _osa_pw_hist_t {
65   int n_key_data;
66   krb5_key_data *key_data;
67 } osa_pw_hist_ent, *osa_pw_hist_t;
68 
69 typedef struct _osa_princ_ent_t {
70   int                         version;
71   char                        *policy;
72   long                        aux_attributes;
73   unsigned int                old_key_len;
74   unsigned int                old_key_next;
75   krb5_kvno                   admin_history_kvno;
76   osa_pw_hist_ent             *old_keys;
77 } osa_princ_ent_rec, *osa_princ_ent_t;
78 
79 
80 kadm5_ret_t    adb_policy_init(kadm5_server_handle_t handle);
81 kadm5_ret_t    adb_policy_close(kadm5_server_handle_t handle);
82 kadm5_ret_t    passwd_check(kadm5_server_handle_t handle,
83 			    char *pass, int use_policy,
84 			    kadm5_policy_ent_t policy,
85 			    krb5_principal principal);
86 kadm5_ret_t    principal_exists(krb5_principal principal);
87 krb5_error_code	    kdb_init_master(kadm5_server_handle_t handle,
88 				    char *r, int from_keyboard);
89 krb5_error_code	    kdb_init_hist(kadm5_server_handle_t handle,
90 				  char *r);
91 krb5_error_code     kdb_get_entry(kadm5_server_handle_t handle,
92 				  krb5_principal principal, krb5_db_entry *kdb,
93 				  osa_princ_ent_rec *adb);
94 krb5_error_code     kdb_free_entry(kadm5_server_handle_t handle,
95 				   krb5_db_entry *kdb, osa_princ_ent_rec *adb);
96 krb5_error_code     kdb_put_entry(kadm5_server_handle_t handle,
97 				  krb5_db_entry *kdb, osa_princ_ent_rec *adb);
98 krb5_error_code     kdb_delete_entry(kadm5_server_handle_t handle,
99 				     krb5_principal name);
100 krb5_error_code     kdb_iter_entry(kadm5_server_handle_t handle,
101 				   char *match_entry,
102 				   void (*iter_fct)(void *, krb5_principal),
103 				   void *data);
104 
105 int		    init_dict(kadm5_config_params *);
106 int		    find_word(const char *word);
107 void		    destroy_dict(void);
108 
109 /* XXX this ought to be in libkrb5.a, but isn't */
110 kadm5_ret_t krb5_copy_key_data_contents(krb5_context context,
111 					krb5_key_data *from,
112 					krb5_key_data *to);
113 kadm5_ret_t krb5_free_key_data_contents(krb5_context context,
114 					krb5_key_data *key);
115 
116 /*
117  * *Warning*
118  * *Warning*	    This is going to break if we
119  * *Warning*	    ever go multi-threaded
120  * *Warning*
121  */
122 extern	krb5_principal	current_caller;
123 
124 /*
125  * Why is this (or something similar) not defined *anywhere* in krb5?
126  */
127 #define KSUCCESS	0
128 #define WORD_NOT_FOUND	1
129 
130 /*
131  * all the various mask bits or'd together
132  */
133 
134 #define	ALL_PRINC_MASK \
135  (KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION | \
136   KADM5_LAST_PWD_CHANGE | KADM5_ATTRIBUTES | KADM5_MAX_LIFE | \
137   KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_KVNO | KADM5_MKVNO | \
138   KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_POLICY | \
139   KADM5_MAX_RLIFE | KADM5_TL_DATA | KADM5_KEY_DATA)
140 
141 #define ALL_POLICY_MASK \
142  (KADM5_POLICY | KADM5_PW_MAX_LIFE | KADM5_PW_MIN_LIFE | \
143   KADM5_PW_MIN_LENGTH | KADM5_PW_MIN_CLASSES | KADM5_PW_HISTORY_NUM | \
144   KADM5_REF_COUNT)
145 
146 #define SERVER_CHECK_HANDLE(handle) \
147 { \
148 	kadm5_server_handle_t srvr = \
149 	     (kadm5_server_handle_t) handle; \
150  \
151 	if (! srvr->current_caller) \
152 		return KADM5_BAD_SERVER_HANDLE; \
153 	if (! srvr->lhandle) \
154 	        return KADM5_BAD_SERVER_HANDLE; \
155 }
156 
157 #define CHECK_HANDLE(handle) \
158      GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION, \
159 			  KADM5_NEW_SERVER_API_VERSION) \
160      SERVER_CHECK_HANDLE(handle)
161 
162 bool_t          xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp);
163 
164 void
165 osa_free_princ_ent(osa_princ_ent_t val);
166 
167 #endif /* __KADM5_SERVER_INTERNAL_H__ */
168