xref: /titanic_51/usr/src/cmd/krb5/iprop/iprop.x (revision 1e49577a7fcde812700ded04431b49d67cc57d6d)
1 /*
2  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 %#pragma ident	"%Z%%M%	%I%	%E% SMI"
7 
8 #ifdef RPC_XDR
9 %#include "iprop.h"
10 #endif /* RPC_XDR */
11 
12 /*
13  * Initial declarations
14  */
15 
16 #ifndef RPC_HDR
17 typedef short int16_t;
18 typedef unsigned short uint16_t;
19 typedef int int32_t;
20 typedef unsigned int uint32_t;
21 typedef hyper int64_t;
22 typedef unsigned hyper uint64_t;
23 #endif  /* !RPC_HDR */
24 
25 typedef opaque	 utf8str_t<>;
26 
27 /*
28  * Transaction log serial no.
29  */
30 typedef uint32_t	kdb_sno_t;
31 
32 /* Timestamp */
33 struct kdbe_time_t {
34 	uint32_t	seconds;
35 	uint32_t	useconds;
36 };
37 
38 /* Key Data */
39 struct kdbe_key_t {
40 	int32_t		k_ver;	/* Version */
41 	int32_t		k_kvno;	/* Key version no. */
42 	int32_t		k_enctype<>;
43 	utf8str_t	k_contents<>;
44 };
45 
46 /* Content data */
47 struct kdbe_data_t {
48 	int32_t		k_magic;
49 	utf8str_t	k_data;
50 };
51 
52 /* Principal Data */
53 struct kdbe_princ_t {
54 	utf8str_t	k_realm;
55 	kdbe_data_t	k_components<>;
56 	int32_t		k_nametype;
57 };
58 
59 /* TL data (pre-auth specific data) */
60 struct kdbe_tl_t {
61 	int16_t		tl_type;
62 	opaque		tl_data<>;
63 };
64 
65 /* Structure to store pwd history */
66 typedef kdbe_key_t kdbe_pw_hist_t<>;
67 
68 /* Basic KDB entry attributes */
69 enum kdbe_attr_type_t {
70 	AT_ATTRFLAGS = 0,
71 	AT_MAX_LIFE = 1,
72 	AT_MAX_RENEW_LIFE = 2,
73 	AT_EXP = 3,
74 	AT_PW_EXP = 4,
75 	AT_LAST_SUCCESS = 5,
76 	AT_LAST_FAILED = 6,
77 	AT_FAIL_AUTH_COUNT = 7,
78 	AT_PRINC = 8,
79 	AT_KEYDATA = 9,
80 	AT_TL_DATA = 10,
81 	AT_LEN = 11,
82 	AT_MOD_PRINC = 12,
83 	AT_MOD_TIME = 13,
84 	AT_MOD_WHERE = 14,
85 	AT_PW_LAST_CHANGE = 15,
86 	AT_PW_POLICY = 16,
87 	AT_PW_POLICY_SWITCH = 17,
88 	AT_PW_HIST_KVNO = 18,
89 	AT_PW_HIST = 19
90 };
91 
92 /* KDB entry, Attribute=value */
93 union kdbe_val_t switch (kdbe_attr_type_t av_type) {
94 case AT_ATTRFLAGS:
95 	uint32_t	av_attrflags;
96 case AT_MAX_LIFE:
97 	uint32_t	av_max_life;
98 case AT_MAX_RENEW_LIFE:
99 	uint32_t	av_max_renew_life;
100 case AT_EXP:
101 	uint32_t	av_exp;
102 case AT_PW_EXP:
103 	uint32_t	av_pw_exp;
104 case AT_LAST_SUCCESS:
105 	uint32_t	av_last_success;
106 case AT_LAST_FAILED:
107 	uint32_t	av_last_failed;
108 case AT_FAIL_AUTH_COUNT:
109 	uint32_t	av_fail_auth_count;
110 case AT_PRINC:
111 	kdbe_princ_t	av_princ;
112 case AT_KEYDATA:
113 	kdbe_key_t	av_keydata<>;	/* array of keys */
114 case AT_TL_DATA:
115 	kdbe_tl_t	av_tldata<>;	/* array of TL data */
116 case AT_LEN:
117 	int16_t		av_len;
118 case AT_PW_LAST_CHANGE:
119 	uint32_t	av_pw_last_change;
120 case AT_MOD_PRINC:
121 	kdbe_princ_t	av_mod_princ;
122 case AT_MOD_TIME:
123 	uint32_t	av_mod_time;
124 case AT_MOD_WHERE:
125 	utf8str_t	av_mod_where;
126 case AT_PW_POLICY:
127 	utf8str_t	av_pw_policy;
128 case AT_PW_POLICY_SWITCH:
129 	bool		av_pw_policy_switch;
130 case AT_PW_HIST_KVNO:
131 	uint32_t	av_pw_hist_kvno;
132 case AT_PW_HIST:
133 	kdbe_pw_hist_t	av_pw_hist<>;	/* array of pw history */
134 default:
135 	opaque		av_extension<>;	/* futures */
136 };
137 
138 typedef kdbe_val_t kdbe_t<>;	    /* Array of attr/val makes a KDB entry */
139 
140 /*
141  * Incremental update
142  */
143 struct kdb_incr_update_t {
144 	utf8str_t	kdb_princ_name;	/* Principal name */
145 	kdb_sno_t	kdb_entry_sno;	/* Serial # of entry */
146 	kdbe_time_t	kdb_time;	/* Timestamp of update */
147 	kdbe_t		kdb_update; 	/* Attributes modified */
148 	bool		kdb_deleted;	/* Is this update a DELETION ? */
149 	bool		kdb_commit;	/* Is the entry committed or not ? */
150 	utf8str_t	kdb_kdcs_seen_by<>; /* Names of slaves that have */
151 					    /* seen this update - for */
152 					    /* future use */
153 	opaque		kdb_futures<>;	/* futures */
154 };
155 
156 /*
157  * Update log body
158  */
159 typedef kdb_incr_update_t kdb_ulog_t<>;
160 
161 enum update_status_t {
162 	UPDATE_OK = 0,
163 	UPDATE_ERROR = 1,
164 	UPDATE_FULL_RESYNC_NEEDED = 2,
165 	UPDATE_BUSY = 3,
166 	UPDATE_NIL = 4,
167 	UPDATE_PERM_DENIED = 5
168 };
169 
170 struct kdb_last_t {
171 	kdb_sno_t	last_sno;
172 	kdbe_time_t	last_time;
173 };
174 
175 struct kdb_incr_result_t {
176 	kdb_last_t		lastentry;
177 	kdb_ulog_t		updates;
178 	update_status_t		ret;
179 };
180 
181 struct kdb_fullresync_result_t {
182 	kdb_last_t		lastentry;
183 	update_status_t 	ret;
184 };
185 
186 program KRB5_IPROP_PROG {
187 	version KRB5_IPROP_VERS {
188 		/*
189 		 * NULL procedure
190 		 */
191 		void
192 		IPROP_NULL(void) = 0;
193 
194 		/*
195 		 * Keep waiting for and get next incremental update(s)
196 		 *
197 		 * Will return latest kdb_vers on the master (if different),
198 		 * alongwith return value and affected db entries.
199 		 */
200 		kdb_incr_result_t
201 		IPROP_GET_UPDATES(kdb_last_t) = 1;
202 
203 		/*
204 		 * We need to do the full-resync of the db, since the
205 		 * serial nos./timestamps are way out-of-whack
206 		 */
207 		kdb_fullresync_result_t
208 		IPROP_FULL_RESYNC(void) = 2;
209 	} = 1;
210 } = 100423;
211