13125ebfcSsemery /* 2*661b8ac7SPeter Shoults * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. 33125ebfcSsemery */ 43125ebfcSsemery 57c478bd9Sstevel@tonic-gate /* 67c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 97c478bd9Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 107c478bd9Sstevel@tonic-gate * source code before consulting with your legal department. 117c478bd9Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 127c478bd9Sstevel@tonic-gate * product before consulting with your legal department. 137c478bd9Sstevel@tonic-gate * 147c478bd9Sstevel@tonic-gate * For further information, read the top-level Openvision 157c478bd9Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 167c478bd9Sstevel@tonic-gate * copyright. 177c478bd9Sstevel@tonic-gate * 187c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate 227c478bd9Sstevel@tonic-gate /* 237c478bd9Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved 247c478bd9Sstevel@tonic-gate * 257c478bd9Sstevel@tonic-gate */ 267c478bd9Sstevel@tonic-gate 2754925bf6Swillf #include <k5-int.h> 287c478bd9Sstevel@tonic-gate #include <krb5/kdb.h> 2954925bf6Swillf #include <kadm5/server_internal.h> 30*661b8ac7SPeter Shoults #include <kadm5/admin.h> 317c478bd9Sstevel@tonic-gate #include "misc.h" 327c478bd9Sstevel@tonic-gate 337c478bd9Sstevel@tonic-gate /* 3456a424ccSmp153739 * Function: chpass_principal_wrapper_3 357c478bd9Sstevel@tonic-gate * 367c478bd9Sstevel@tonic-gate * Purpose: wrapper to kadm5_chpass_principal that checks to see if 377c478bd9Sstevel@tonic-gate * pw_min_life has been reached. if not it returns an error. 387c478bd9Sstevel@tonic-gate * otherwise it calls kadm5_chpass_principal 397c478bd9Sstevel@tonic-gate * 407c478bd9Sstevel@tonic-gate * Arguments: 417c478bd9Sstevel@tonic-gate * principal (input) krb5_principals whose password we are 427c478bd9Sstevel@tonic-gate * changing 4356a424ccSmp153739 * keepold (input) whether to preserve old keys 4456a424ccSmp153739 * n_ks_tuple (input) the number of key-salt tuples in ks_tuple 4556a424ccSmp153739 * ks_tuple (input) array of tuples indicating the caller's 4656a424ccSmp153739 * requested enctypes/salttypes 4756a424ccSmp153739 * password (input) password we are going to change to. 4856a424ccSmp153739 * <return value> 0 on success error code on failure. 497c478bd9Sstevel@tonic-gate * 507c478bd9Sstevel@tonic-gate * Requires: 517c478bd9Sstevel@tonic-gate * kadm5_init to have been run. 527c478bd9Sstevel@tonic-gate * 537c478bd9Sstevel@tonic-gate * Effects: 547c478bd9Sstevel@tonic-gate * calls kadm5_chpass_principal which changes the kdb and the 557c478bd9Sstevel@tonic-gate * the admin db. 567c478bd9Sstevel@tonic-gate * 577c478bd9Sstevel@tonic-gate */ 587c478bd9Sstevel@tonic-gate kadm5_ret_t 5956a424ccSmp153739 chpass_principal_wrapper_3(void *server_handle, 6056a424ccSmp153739 krb5_principal principal, 6156a424ccSmp153739 krb5_boolean keepold, 6256a424ccSmp153739 int n_ks_tuple, 6356a424ccSmp153739 krb5_key_salt_tuple *ks_tuple, 6456a424ccSmp153739 char *password) 657c478bd9Sstevel@tonic-gate { 667c478bd9Sstevel@tonic-gate kadm5_ret_t ret; 677c478bd9Sstevel@tonic-gate 68*661b8ac7SPeter Shoults /* Solaris Kerberos */ 69*661b8ac7SPeter Shoults ret = kadm5_check_min_life(server_handle, principal, NULL, 0); 7056a424ccSmp153739 if (ret) 7156a424ccSmp153739 return ret; 727c478bd9Sstevel@tonic-gate 7356a424ccSmp153739 return kadm5_chpass_principal_3(server_handle, principal, 7456a424ccSmp153739 keepold, n_ks_tuple, ks_tuple, 7556a424ccSmp153739 password); 767c478bd9Sstevel@tonic-gate } 777c478bd9Sstevel@tonic-gate 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate /* 8056a424ccSmp153739 * Function: randkey_principal_wrapper_3 817c478bd9Sstevel@tonic-gate * 827c478bd9Sstevel@tonic-gate * Purpose: wrapper to kadm5_randkey_principal which checks the 8356a424ccSmp153739 * password's min. life. 847c478bd9Sstevel@tonic-gate * 857c478bd9Sstevel@tonic-gate * Arguments: 867c478bd9Sstevel@tonic-gate * principal (input) krb5_principal whose password we are 877c478bd9Sstevel@tonic-gate * changing 8856a424ccSmp153739 * keepold (input) whether to preserve old keys 8956a424ccSmp153739 * n_ks_tuple (input) the number of key-salt tuples in ks_tuple 9056a424ccSmp153739 * ks_tuple (input) array of tuples indicating the caller's 9156a424ccSmp153739 * requested enctypes/salttypes 927c478bd9Sstevel@tonic-gate * key (output) new random key 937c478bd9Sstevel@tonic-gate * <return value> 0, error code on error. 947c478bd9Sstevel@tonic-gate * 957c478bd9Sstevel@tonic-gate * Requires: 967c478bd9Sstevel@tonic-gate * kadm5_init needs to be run 977c478bd9Sstevel@tonic-gate * 987c478bd9Sstevel@tonic-gate * Effects: 997c478bd9Sstevel@tonic-gate * calls kadm5_randkey_principal 1007c478bd9Sstevel@tonic-gate * 1017c478bd9Sstevel@tonic-gate */ 1027c478bd9Sstevel@tonic-gate kadm5_ret_t 10356a424ccSmp153739 randkey_principal_wrapper_3(void *server_handle, 1047c478bd9Sstevel@tonic-gate krb5_principal principal, 10556a424ccSmp153739 krb5_boolean keepold, 10656a424ccSmp153739 int n_ks_tuple, 10756a424ccSmp153739 krb5_key_salt_tuple *ks_tuple, 1087c478bd9Sstevel@tonic-gate krb5_keyblock **keys, int *n_keys) 1097c478bd9Sstevel@tonic-gate { 11056a424ccSmp153739 kadm5_ret_t ret; 1117c478bd9Sstevel@tonic-gate 112*661b8ac7SPeter Shoults /* Solaris Kerberos */ 113*661b8ac7SPeter Shoults ret = kadm5_check_min_life(server_handle, principal, NULL, 0); 11456a424ccSmp153739 if (ret) 11556a424ccSmp153739 return ret; 11656a424ccSmp153739 return kadm5_randkey_principal_3(server_handle, principal, 11756a424ccSmp153739 keepold, n_ks_tuple, ks_tuple, 11856a424ccSmp153739 keys, n_keys); 11956a424ccSmp153739 } 12056a424ccSmp153739 12156a424ccSmp153739 kadm5_ret_t 122159d09a2SMark Phalan schpw_util_wrapper(void *server_handle, krb5_principal princ, 12356a424ccSmp153739 char *new_pw, char **ret_pw, 12456a424ccSmp153739 char *msg_ret, unsigned int msg_len) 12556a424ccSmp153739 { 12656a424ccSmp153739 kadm5_ret_t ret; 12756a424ccSmp153739 128*661b8ac7SPeter Shoults /* Solaris Kerberos */ 129*661b8ac7SPeter Shoults ret = kadm5_check_min_life(server_handle, princ, msg_ret, msg_len); 13056a424ccSmp153739 if (ret) 13156a424ccSmp153739 return ret; 13256a424ccSmp153739 13356a424ccSmp153739 return kadm5_chpass_principal_util(server_handle, princ, 13456a424ccSmp153739 new_pw, ret_pw, 13556a424ccSmp153739 msg_ret, msg_len); 13656a424ccSmp153739 } 13756a424ccSmp153739 13856a424ccSmp153739 kadm5_ret_t 1393125ebfcSsemery randkey_principal_wrapper(void *server_handle, krb5_principal princ, 1403125ebfcSsemery krb5_keyblock ** keys, int *n_keys) 1413125ebfcSsemery { 1423125ebfcSsemery kadm5_ret_t ret; 1433125ebfcSsemery 144*661b8ac7SPeter Shoults /* Solaris Kerberos */ 145*661b8ac7SPeter Shoults ret = kadm5_check_min_life(server_handle, princ, NULL, 0); 1463125ebfcSsemery if (ret) 1473125ebfcSsemery return ret; 1483125ebfcSsemery 1493125ebfcSsemery return kadm5_randkey_principal(server_handle, princ, keys, n_keys); 1503125ebfcSsemery } 151