1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 4*7c478bd9Sstevel@tonic-gate */ 5*7c478bd9Sstevel@tonic-gate 6*7c478bd9Sstevel@tonic-gate #ifndef __KADM5_ADMIN_H__ 7*7c478bd9Sstevel@tonic-gate #define __KADM5_ADMIN_H__ 8*7c478bd9Sstevel@tonic-gate 9*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 10*7c478bd9Sstevel@tonic-gate 11*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 12*7c478bd9Sstevel@tonic-gate extern "C" { 13*7c478bd9Sstevel@tonic-gate #endif 14*7c478bd9Sstevel@tonic-gate 15*7c478bd9Sstevel@tonic-gate /* 16*7c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 17*7c478bd9Sstevel@tonic-gate * 18*7c478bd9Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 19*7c478bd9Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 20*7c478bd9Sstevel@tonic-gate * source code before consulting with your legal department. 21*7c478bd9Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 22*7c478bd9Sstevel@tonic-gate * product before consulting with your legal department. 23*7c478bd9Sstevel@tonic-gate * 24*7c478bd9Sstevel@tonic-gate * For further information, read the top-level Openvision 25*7c478bd9Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 26*7c478bd9Sstevel@tonic-gate * copyright. 27*7c478bd9Sstevel@tonic-gate * 28*7c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 29*7c478bd9Sstevel@tonic-gate * 30*7c478bd9Sstevel@tonic-gate */ 31*7c478bd9Sstevel@tonic-gate 32*7c478bd9Sstevel@tonic-gate 33*7c478bd9Sstevel@tonic-gate /* 34*7c478bd9Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved 35*7c478bd9Sstevel@tonic-gate * 36*7c478bd9Sstevel@tonic-gate * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin.h,v 1.43.2.1 2000/05/19 22:24:14 raeburn Exp $ 37*7c478bd9Sstevel@tonic-gate */ 38*7c478bd9Sstevel@tonic-gate 39*7c478bd9Sstevel@tonic-gate #include <sys/types.h> 40*7c478bd9Sstevel@tonic-gate #include <rpc/types.h> 41*7c478bd9Sstevel@tonic-gate #include <rpc/rpc.h> 42*7c478bd9Sstevel@tonic-gate #include <krb5.h> 43*7c478bd9Sstevel@tonic-gate #include <k5-int.h> 44*7c478bd9Sstevel@tonic-gate #include <com_err.h> 45*7c478bd9Sstevel@tonic-gate #include <kadm5/kadm_err.h> 46*7c478bd9Sstevel@tonic-gate #include <kadm5/adb_err.h> 47*7c478bd9Sstevel@tonic-gate #include <kadm5/chpass_util_strings.h> 48*7c478bd9Sstevel@tonic-gate 49*7c478bd9Sstevel@tonic-gate #define KADM5_ADMIN_SERVICE_P "kadmin@admin" 50*7c478bd9Sstevel@tonic-gate #define KADM5_ADMIN_SERVICE "kadmin/admin" 51*7c478bd9Sstevel@tonic-gate #define KADM5_CHANGEPW_SERVICE_P "kadmin@changepw" 52*7c478bd9Sstevel@tonic-gate #define KADM5_CHANGEPW_SERVICE "kadmin/changepw" 53*7c478bd9Sstevel@tonic-gate #define KADM5_HIST_PRINCIPAL "kadmin/history" 54*7c478bd9Sstevel@tonic-gate #define KADM5_ADMIN_HOST_SERVICE "kadmin" 55*7c478bd9Sstevel@tonic-gate #define KADM5_CHANGEPW_HOST_SERVICE "changepw" 56*7c478bd9Sstevel@tonic-gate #define KADM5_KIPROP_HOST_SERVICE "kiprop" 57*7c478bd9Sstevel@tonic-gate 58*7c478bd9Sstevel@tonic-gate typedef krb5_principal kadm5_princ_t; 59*7c478bd9Sstevel@tonic-gate typedef char *kadm5_policy_t; 60*7c478bd9Sstevel@tonic-gate typedef long kadm5_ret_t; 61*7c478bd9Sstevel@tonic-gate typedef int rpc_int32; 62*7c478bd9Sstevel@tonic-gate typedef unsigned int rpc_u_int32; 63*7c478bd9Sstevel@tonic-gate 64*7c478bd9Sstevel@tonic-gate #define KADM5_PW_FIRST_PROMPT \ 65*7c478bd9Sstevel@tonic-gate ((char *)error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT)) 66*7c478bd9Sstevel@tonic-gate #define KADM5_PW_SECOND_PROMPT \ 67*7c478bd9Sstevel@tonic-gate ((char *)error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT)) 68*7c478bd9Sstevel@tonic-gate 69*7c478bd9Sstevel@tonic-gate /* 70*7c478bd9Sstevel@tonic-gate * Succsessfull return code 71*7c478bd9Sstevel@tonic-gate */ 72*7c478bd9Sstevel@tonic-gate #define KADM5_OK 0 73*7c478bd9Sstevel@tonic-gate 74*7c478bd9Sstevel@tonic-gate /* 75*7c478bd9Sstevel@tonic-gate * Field masks 76*7c478bd9Sstevel@tonic-gate */ 77*7c478bd9Sstevel@tonic-gate 78*7c478bd9Sstevel@tonic-gate /* kadm5_principal_ent_t */ 79*7c478bd9Sstevel@tonic-gate #define KADM5_PRINCIPAL 0x000001 80*7c478bd9Sstevel@tonic-gate #define KADM5_PRINC_EXPIRE_TIME 0x000002 81*7c478bd9Sstevel@tonic-gate #define KADM5_PW_EXPIRATION 0x000004 82*7c478bd9Sstevel@tonic-gate #define KADM5_LAST_PWD_CHANGE 0x000008 83*7c478bd9Sstevel@tonic-gate #define KADM5_ATTRIBUTES 0x000010 84*7c478bd9Sstevel@tonic-gate #define KADM5_MAX_LIFE 0x000020 85*7c478bd9Sstevel@tonic-gate #define KADM5_MOD_TIME 0x000040 86*7c478bd9Sstevel@tonic-gate #define KADM5_MOD_NAME 0x000080 87*7c478bd9Sstevel@tonic-gate #define KADM5_KVNO 0x000100 88*7c478bd9Sstevel@tonic-gate #define KADM5_MKVNO 0x000200 89*7c478bd9Sstevel@tonic-gate #define KADM5_AUX_ATTRIBUTES 0x000400 90*7c478bd9Sstevel@tonic-gate #define KADM5_POLICY 0x000800 91*7c478bd9Sstevel@tonic-gate #define KADM5_POLICY_CLR 0x001000 92*7c478bd9Sstevel@tonic-gate /* version 2 masks */ 93*7c478bd9Sstevel@tonic-gate #define KADM5_MAX_RLIFE 0x002000 94*7c478bd9Sstevel@tonic-gate #define KADM5_LAST_SUCCESS 0x004000 95*7c478bd9Sstevel@tonic-gate #define KADM5_LAST_FAILED 0x008000 96*7c478bd9Sstevel@tonic-gate #define KADM5_FAIL_AUTH_COUNT 0x010000 97*7c478bd9Sstevel@tonic-gate #define KADM5_KEY_DATA 0x020000 98*7c478bd9Sstevel@tonic-gate #define KADM5_TL_DATA 0x040000 99*7c478bd9Sstevel@tonic-gate /* all but KEY_DATA and TL_DATA */ 100*7c478bd9Sstevel@tonic-gate #define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff 101*7c478bd9Sstevel@tonic-gate 102*7c478bd9Sstevel@tonic-gate /* kadm5_policy_ent_t */ 103*7c478bd9Sstevel@tonic-gate #define KADM5_PW_MAX_LIFE 0x004000 104*7c478bd9Sstevel@tonic-gate #define KADM5_PW_MIN_LIFE 0x008000 105*7c478bd9Sstevel@tonic-gate #define KADM5_PW_MIN_LENGTH 0x010000 106*7c478bd9Sstevel@tonic-gate #define KADM5_PW_MIN_CLASSES 0x020000 107*7c478bd9Sstevel@tonic-gate #define KADM5_PW_HISTORY_NUM 0x040000 108*7c478bd9Sstevel@tonic-gate #define KADM5_REF_COUNT 0x080000 109*7c478bd9Sstevel@tonic-gate 110*7c478bd9Sstevel@tonic-gate /* kadm5_config_params */ 111*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_REALM 0x0000001 112*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_DBNAME 0x0000002 113*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_MKEY_NAME 0x0000004 114*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_MAX_LIFE 0x0000008 115*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_MAX_RLIFE 0x0000010 116*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_EXPIRATION 0x0000020 117*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_FLAGS 0x0000040 118*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_ADMIN_KEYTAB 0x0000080 119*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_STASH_FILE 0x0000100 120*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_ENCTYPE 0x0000200 121*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_ADBNAME 0x0000400 122*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_ADB_LOCKFILE 0x0000800 123*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_PROFILE 0x0001000 124*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_ACL_FILE 0x0002000 125*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_KADMIND_PORT 0x0004000 126*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_ENCTYPES 0x0008000 127*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_ADMIN_SERVER 0x0010000 128*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_DICT_FILE 0x0020000 129*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_MKEY_FROM_KBD 0x0040000 130*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_KPASSWD_PORT 0x0080000 131*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_KPASSWD_SERVER 0x0100000 132*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_KPASSWD_PROTOCOL 0x0200000 133*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_IPROP_ENABLED 0x0400000 134*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_ULOG_SIZE 0x0800000 135*7c478bd9Sstevel@tonic-gate #define KADM5_CONFIG_POLL_TIME 0x1000000 136*7c478bd9Sstevel@tonic-gate 137*7c478bd9Sstevel@tonic-gate /* password change constants */ 138*7c478bd9Sstevel@tonic-gate #define KRB5_KPASSWD_SUCCESS 0 139*7c478bd9Sstevel@tonic-gate #define KRB5_KPASSWD_MALFORMED 1 140*7c478bd9Sstevel@tonic-gate #define KRB5_KPASSWD_HARDERROR 2 141*7c478bd9Sstevel@tonic-gate #define KRB5_KPASSWD_AUTHERROR 3 142*7c478bd9Sstevel@tonic-gate #define KRB5_KPASSWD_SOFTERROR 4 143*7c478bd9Sstevel@tonic-gate #define KRB5_KPASSWD_ACCESSDENIED 5 144*7c478bd9Sstevel@tonic-gate #define KRB5_KPASSWD_BAD_VERSION 6 145*7c478bd9Sstevel@tonic-gate #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 146*7c478bd9Sstevel@tonic-gate #define KRB5_KPASSWD_POLICY_REJECT 8 147*7c478bd9Sstevel@tonic-gate #define KRB5_KPASSWD_BAD_PRINCIPAL 9 148*7c478bd9Sstevel@tonic-gate #define KRB5_KPASSWD_ETYPE_NOSUPP 10 149*7c478bd9Sstevel@tonic-gate 150*7c478bd9Sstevel@tonic-gate /* 151*7c478bd9Sstevel@tonic-gate * permission bits 152*7c478bd9Sstevel@tonic-gate */ 153*7c478bd9Sstevel@tonic-gate #define KADM5_PRIV_GET 0x01 154*7c478bd9Sstevel@tonic-gate #define KADM5_PRIV_ADD 0x02 155*7c478bd9Sstevel@tonic-gate #define KADM5_PRIV_MODIFY 0x04 156*7c478bd9Sstevel@tonic-gate #define KADM5_PRIV_DELETE 0x08 157*7c478bd9Sstevel@tonic-gate 158*7c478bd9Sstevel@tonic-gate /* 159*7c478bd9Sstevel@tonic-gate * API versioning constants 160*7c478bd9Sstevel@tonic-gate */ 161*7c478bd9Sstevel@tonic-gate #define KADM5_MASK_BITS 0xffffff00 162*7c478bd9Sstevel@tonic-gate 163*7c478bd9Sstevel@tonic-gate #define KADM5_STRUCT_VERSION_MASK 0x12345600 164*7c478bd9Sstevel@tonic-gate #define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01) 165*7c478bd9Sstevel@tonic-gate #define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1 166*7c478bd9Sstevel@tonic-gate 167*7c478bd9Sstevel@tonic-gate #define KADM5_API_VERSION_MASK 0x12345700 168*7c478bd9Sstevel@tonic-gate #define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01) 169*7c478bd9Sstevel@tonic-gate #define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02) 170*7c478bd9Sstevel@tonic-gate 171*7c478bd9Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP 172*7c478bd9Sstevel@tonic-gate /* 173*7c478bd9Sstevel@tonic-gate * Name length constants for DNS lookups 174*7c478bd9Sstevel@tonic-gate */ 175*7c478bd9Sstevel@tonic-gate #define MAX_HOST_NAMELEN 256 176*7c478bd9Sstevel@tonic-gate #define MAX_DNS_NAMELEN (15*(MAX_HOST_NAMELEN + 1)+1) 177*7c478bd9Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */ 178*7c478bd9Sstevel@tonic-gate 179*7c478bd9Sstevel@tonic-gate typedef struct _kadm5_principal_ent_t_v2 { 180*7c478bd9Sstevel@tonic-gate krb5_principal principal; 181*7c478bd9Sstevel@tonic-gate krb5_timestamp princ_expire_time; 182*7c478bd9Sstevel@tonic-gate krb5_timestamp last_pwd_change; 183*7c478bd9Sstevel@tonic-gate krb5_timestamp pw_expiration; 184*7c478bd9Sstevel@tonic-gate krb5_deltat max_life; 185*7c478bd9Sstevel@tonic-gate krb5_principal mod_name; 186*7c478bd9Sstevel@tonic-gate krb5_timestamp mod_date; 187*7c478bd9Sstevel@tonic-gate krb5_flags attributes; 188*7c478bd9Sstevel@tonic-gate krb5_kvno kvno; 189*7c478bd9Sstevel@tonic-gate krb5_kvno mkvno; 190*7c478bd9Sstevel@tonic-gate char *policy; 191*7c478bd9Sstevel@tonic-gate long aux_attributes; 192*7c478bd9Sstevel@tonic-gate 193*7c478bd9Sstevel@tonic-gate /* version 2 fields */ 194*7c478bd9Sstevel@tonic-gate krb5_deltat max_renewable_life; 195*7c478bd9Sstevel@tonic-gate krb5_timestamp last_success; 196*7c478bd9Sstevel@tonic-gate krb5_timestamp last_failed; 197*7c478bd9Sstevel@tonic-gate krb5_kvno fail_auth_count; 198*7c478bd9Sstevel@tonic-gate krb5_int16 n_key_data; 199*7c478bd9Sstevel@tonic-gate krb5_int16 n_tl_data; 200*7c478bd9Sstevel@tonic-gate krb5_tl_data *tl_data; 201*7c478bd9Sstevel@tonic-gate krb5_key_data *key_data; 202*7c478bd9Sstevel@tonic-gate } kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2; 203*7c478bd9Sstevel@tonic-gate 204*7c478bd9Sstevel@tonic-gate typedef struct _kadm5_principal_ent_t_v1 { 205*7c478bd9Sstevel@tonic-gate krb5_principal principal; 206*7c478bd9Sstevel@tonic-gate krb5_timestamp princ_expire_time; 207*7c478bd9Sstevel@tonic-gate krb5_timestamp last_pwd_change; 208*7c478bd9Sstevel@tonic-gate krb5_timestamp pw_expiration; 209*7c478bd9Sstevel@tonic-gate krb5_deltat max_life; 210*7c478bd9Sstevel@tonic-gate krb5_principal mod_name; 211*7c478bd9Sstevel@tonic-gate krb5_timestamp mod_date; 212*7c478bd9Sstevel@tonic-gate krb5_flags attributes; 213*7c478bd9Sstevel@tonic-gate krb5_kvno kvno; 214*7c478bd9Sstevel@tonic-gate krb5_kvno mkvno; 215*7c478bd9Sstevel@tonic-gate char *policy; 216*7c478bd9Sstevel@tonic-gate long aux_attributes; 217*7c478bd9Sstevel@tonic-gate } kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1; 218*7c478bd9Sstevel@tonic-gate 219*7c478bd9Sstevel@tonic-gate 220*7c478bd9Sstevel@tonic-gate typedef struct _kadm5_principal_ent_t_v2 221*7c478bd9Sstevel@tonic-gate kadm5_principal_ent_rec, *kadm5_principal_ent_t; 222*7c478bd9Sstevel@tonic-gate 223*7c478bd9Sstevel@tonic-gate typedef struct _kadm5_policy_ent_t { 224*7c478bd9Sstevel@tonic-gate char *policy; 225*7c478bd9Sstevel@tonic-gate long pw_min_life; 226*7c478bd9Sstevel@tonic-gate long pw_max_life; 227*7c478bd9Sstevel@tonic-gate long pw_min_length; 228*7c478bd9Sstevel@tonic-gate long pw_min_classes; 229*7c478bd9Sstevel@tonic-gate long pw_history_num; 230*7c478bd9Sstevel@tonic-gate long policy_refcnt; 231*7c478bd9Sstevel@tonic-gate } kadm5_policy_ent_rec, *kadm5_policy_ent_t; 232*7c478bd9Sstevel@tonic-gate 233*7c478bd9Sstevel@tonic-gate typedef struct __krb5_key_salt_tuple { 234*7c478bd9Sstevel@tonic-gate krb5_enctype ks_enctype; 235*7c478bd9Sstevel@tonic-gate krb5_int32 ks_salttype; 236*7c478bd9Sstevel@tonic-gate } krb5_key_salt_tuple; 237*7c478bd9Sstevel@tonic-gate 238*7c478bd9Sstevel@tonic-gate /* 239*7c478bd9Sstevel@tonic-gate * New types to indicate which protocol to use when sending 240*7c478bd9Sstevel@tonic-gate * password change requests 241*7c478bd9Sstevel@tonic-gate */ 242*7c478bd9Sstevel@tonic-gate typedef enum { 243*7c478bd9Sstevel@tonic-gate KRB5_CHGPWD_RPCSEC, 244*7c478bd9Sstevel@tonic-gate KRB5_CHGPWD_CHANGEPW_V2 245*7c478bd9Sstevel@tonic-gate } krb5_chgpwd_prot; 246*7c478bd9Sstevel@tonic-gate 247*7c478bd9Sstevel@tonic-gate /* 248*7c478bd9Sstevel@tonic-gate * Data structure returned by kadm5_get_config_params() 249*7c478bd9Sstevel@tonic-gate */ 250*7c478bd9Sstevel@tonic-gate typedef struct _kadm5_config_params { 251*7c478bd9Sstevel@tonic-gate long mask; 252*7c478bd9Sstevel@tonic-gate char *realm; 253*7c478bd9Sstevel@tonic-gate char *profile; 254*7c478bd9Sstevel@tonic-gate int kadmind_port; 255*7c478bd9Sstevel@tonic-gate char *admin_server; 256*7c478bd9Sstevel@tonic-gate char *dbname; 257*7c478bd9Sstevel@tonic-gate char *admin_dbname; 258*7c478bd9Sstevel@tonic-gate char *admin_lockfile; 259*7c478bd9Sstevel@tonic-gate char *admin_keytab; 260*7c478bd9Sstevel@tonic-gate char *acl_file; 261*7c478bd9Sstevel@tonic-gate char *dict_file; 262*7c478bd9Sstevel@tonic-gate int mkey_from_kbd; 263*7c478bd9Sstevel@tonic-gate char *stash_file; 264*7c478bd9Sstevel@tonic-gate char *mkey_name; 265*7c478bd9Sstevel@tonic-gate krb5_enctype enctype; 266*7c478bd9Sstevel@tonic-gate krb5_deltat max_life; 267*7c478bd9Sstevel@tonic-gate krb5_deltat max_rlife; 268*7c478bd9Sstevel@tonic-gate krb5_timestamp expiration; 269*7c478bd9Sstevel@tonic-gate krb5_flags flags; 270*7c478bd9Sstevel@tonic-gate krb5_key_salt_tuple *keysalts; 271*7c478bd9Sstevel@tonic-gate krb5_int32 num_keysalts; 272*7c478bd9Sstevel@tonic-gate char *kpasswd_server; 273*7c478bd9Sstevel@tonic-gate int kpasswd_port; 274*7c478bd9Sstevel@tonic-gate krb5_chgpwd_prot kpasswd_protocol; 275*7c478bd9Sstevel@tonic-gate bool_t iprop_enabled; 276*7c478bd9Sstevel@tonic-gate int iprop_ulogsize; 277*7c478bd9Sstevel@tonic-gate char *iprop_polltime; 278*7c478bd9Sstevel@tonic-gate } kadm5_config_params; 279*7c478bd9Sstevel@tonic-gate 280*7c478bd9Sstevel@tonic-gate /*********************************************************************** 281*7c478bd9Sstevel@tonic-gate * This is the old krb5_realm_read_params, which I mutated into 282*7c478bd9Sstevel@tonic-gate * kadm5_get_config_params but which old code (kdb5_* and krb5kdc) 283*7c478bd9Sstevel@tonic-gate * still uses. 284*7c478bd9Sstevel@tonic-gate ***********************************************************************/ 285*7c478bd9Sstevel@tonic-gate 286*7c478bd9Sstevel@tonic-gate /* 287*7c478bd9Sstevel@tonic-gate * Data structure returned by krb5_read_realm_params() 288*7c478bd9Sstevel@tonic-gate */ 289*7c478bd9Sstevel@tonic-gate typedef struct __krb5_realm_params { 290*7c478bd9Sstevel@tonic-gate char *realm_profile; 291*7c478bd9Sstevel@tonic-gate char *realm_dbname; 292*7c478bd9Sstevel@tonic-gate char *realm_mkey_name; 293*7c478bd9Sstevel@tonic-gate char *realm_stash_file; 294*7c478bd9Sstevel@tonic-gate char *realm_kdc_ports; 295*7c478bd9Sstevel@tonic-gate char *realm_kdc_tcp_ports; 296*7c478bd9Sstevel@tonic-gate char *realm_acl_file; 297*7c478bd9Sstevel@tonic-gate krb5_int32 realm_kadmind_port; 298*7c478bd9Sstevel@tonic-gate krb5_enctype realm_enctype; 299*7c478bd9Sstevel@tonic-gate krb5_deltat realm_max_life; 300*7c478bd9Sstevel@tonic-gate krb5_deltat realm_max_rlife; 301*7c478bd9Sstevel@tonic-gate krb5_timestamp realm_expiration; 302*7c478bd9Sstevel@tonic-gate krb5_flags realm_flags; 303*7c478bd9Sstevel@tonic-gate krb5_key_salt_tuple *realm_keysalts; 304*7c478bd9Sstevel@tonic-gate unsigned int realm_kadmind_port_valid:1; 305*7c478bd9Sstevel@tonic-gate unsigned int realm_enctype_valid:1; 306*7c478bd9Sstevel@tonic-gate unsigned int realm_max_life_valid:1; 307*7c478bd9Sstevel@tonic-gate unsigned int realm_max_rlife_valid:1; 308*7c478bd9Sstevel@tonic-gate unsigned int realm_expiration_valid:1; 309*7c478bd9Sstevel@tonic-gate unsigned int realm_flags_valid:1; 310*7c478bd9Sstevel@tonic-gate unsigned int realm_filler:7; 311*7c478bd9Sstevel@tonic-gate krb5_int32 realm_num_keysalts; 312*7c478bd9Sstevel@tonic-gate } krb5_realm_params; 313*7c478bd9Sstevel@tonic-gate 314*7c478bd9Sstevel@tonic-gate /* 315*7c478bd9Sstevel@tonic-gate * functions 316*7c478bd9Sstevel@tonic-gate */ 317*7c478bd9Sstevel@tonic-gate 318*7c478bd9Sstevel@tonic-gate 319*7c478bd9Sstevel@tonic-gate kadm5_ret_t 320*7c478bd9Sstevel@tonic-gate kadm5_get_master(krb5_context context, const char *realm, char **master); 321*7c478bd9Sstevel@tonic-gate 322*7c478bd9Sstevel@tonic-gate kadm5_ret_t 323*7c478bd9Sstevel@tonic-gate kadm5_get_adm_host_srv_name(krb5_context context, 324*7c478bd9Sstevel@tonic-gate const char *realm, char **host_service_name); 325*7c478bd9Sstevel@tonic-gate 326*7c478bd9Sstevel@tonic-gate kadm5_ret_t 327*7c478bd9Sstevel@tonic-gate kadm5_get_cpw_host_srv_name(krb5_context context, 328*7c478bd9Sstevel@tonic-gate const char *realm, char **host_service_name); 329*7c478bd9Sstevel@tonic-gate 330*7c478bd9Sstevel@tonic-gate krb5_error_code kadm5_get_config_params(krb5_context context, 331*7c478bd9Sstevel@tonic-gate char *kdcprofile, char *kdcenv, 332*7c478bd9Sstevel@tonic-gate kadm5_config_params *params_in, 333*7c478bd9Sstevel@tonic-gate kadm5_config_params *params_out); 334*7c478bd9Sstevel@tonic-gate 335*7c478bd9Sstevel@tonic-gate /* SUNWresync121 XXX */ 336*7c478bd9Sstevel@tonic-gate krb5_error_code kadm5_free_config_params(krb5_context context, 337*7c478bd9Sstevel@tonic-gate kadm5_config_params *params); 338*7c478bd9Sstevel@tonic-gate 339*7c478bd9Sstevel@tonic-gate krb5_error_code kadm5_free_realm_params(krb5_context kcontext, 340*7c478bd9Sstevel@tonic-gate kadm5_config_params *params); 341*7c478bd9Sstevel@tonic-gate 342*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_init(char *client_name, char *pass, 343*7c478bd9Sstevel@tonic-gate char *service_name, 344*7c478bd9Sstevel@tonic-gate kadm5_config_params *params, 345*7c478bd9Sstevel@tonic-gate krb5_ui_4 struct_version, 346*7c478bd9Sstevel@tonic-gate krb5_ui_4 api_version, 347*7c478bd9Sstevel@tonic-gate void **server_handle); 348*7c478bd9Sstevel@tonic-gate 349*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_password(char *client_name, 350*7c478bd9Sstevel@tonic-gate char *pass, 351*7c478bd9Sstevel@tonic-gate char *service_name, 352*7c478bd9Sstevel@tonic-gate kadm5_config_params *params, 353*7c478bd9Sstevel@tonic-gate krb5_ui_4 struct_version, 354*7c478bd9Sstevel@tonic-gate krb5_ui_4 api_version, 355*7c478bd9Sstevel@tonic-gate void **server_handle); 356*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_skey(char *client_name, 357*7c478bd9Sstevel@tonic-gate char *keytab, 358*7c478bd9Sstevel@tonic-gate char *service_name, 359*7c478bd9Sstevel@tonic-gate kadm5_config_params *params, 360*7c478bd9Sstevel@tonic-gate krb5_ui_4 struct_version, 361*7c478bd9Sstevel@tonic-gate krb5_ui_4 api_version, 362*7c478bd9Sstevel@tonic-gate void **server_handle); 363*7c478bd9Sstevel@tonic-gate 364*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_creds(char *client_name, 365*7c478bd9Sstevel@tonic-gate krb5_ccache cc, 366*7c478bd9Sstevel@tonic-gate char *service_name, 367*7c478bd9Sstevel@tonic-gate kadm5_config_params *params, 368*7c478bd9Sstevel@tonic-gate krb5_ui_4 struct_version, 369*7c478bd9Sstevel@tonic-gate krb5_ui_4 api_version, 370*7c478bd9Sstevel@tonic-gate void **server_handle); 371*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_flush(void *server_handle); 372*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_destroy(void *server_handle); 373*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_create_principal(void *server_handle, 374*7c478bd9Sstevel@tonic-gate kadm5_principal_ent_t ent, 375*7c478bd9Sstevel@tonic-gate long mask, char *pass); 376*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_create_principal_3(void *server_handle, 377*7c478bd9Sstevel@tonic-gate kadm5_principal_ent_t ent, 378*7c478bd9Sstevel@tonic-gate long mask, 379*7c478bd9Sstevel@tonic-gate int n_ks_tuple, 380*7c478bd9Sstevel@tonic-gate krb5_key_salt_tuple *ks_tuple, 381*7c478bd9Sstevel@tonic-gate char *pass); 382*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_delete_principal(void *server_handle, 383*7c478bd9Sstevel@tonic-gate krb5_principal principal); 384*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_modify_principal(void *server_handle, 385*7c478bd9Sstevel@tonic-gate kadm5_principal_ent_t ent, 386*7c478bd9Sstevel@tonic-gate long mask); 387*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_rename_principal(void *server_handle, 388*7c478bd9Sstevel@tonic-gate krb5_principal, krb5_principal); 389*7c478bd9Sstevel@tonic-gate 390*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_get_principal(void *server_handle, 391*7c478bd9Sstevel@tonic-gate krb5_principal principal, 392*7c478bd9Sstevel@tonic-gate kadm5_principal_ent_t ent, 393*7c478bd9Sstevel@tonic-gate long mask); 394*7c478bd9Sstevel@tonic-gate 395*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_chpass_principal(void *server_handle, 396*7c478bd9Sstevel@tonic-gate krb5_principal principal, 397*7c478bd9Sstevel@tonic-gate char *pass); 398*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_chpass_principal_3(void *server_handle, 399*7c478bd9Sstevel@tonic-gate krb5_principal principal, 400*7c478bd9Sstevel@tonic-gate krb5_boolean keepold, 401*7c478bd9Sstevel@tonic-gate int n_ks_tuple, 402*7c478bd9Sstevel@tonic-gate krb5_key_salt_tuple *ks_tuple, 403*7c478bd9Sstevel@tonic-gate char *pass); 404*7c478bd9Sstevel@tonic-gate 405*7c478bd9Sstevel@tonic-gate /* 406*7c478bd9Sstevel@tonic-gate * Solaris Kerberos: 407*7c478bd9Sstevel@tonic-gate * this routine is only implemented in the client library. 408*7c478bd9Sstevel@tonic-gate */ 409*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_randkey_principal_old(void *server_handle, 410*7c478bd9Sstevel@tonic-gate krb5_principal principal, 411*7c478bd9Sstevel@tonic-gate krb5_keyblock **keyblocks, 412*7c478bd9Sstevel@tonic-gate int *n_keys); 413*7c478bd9Sstevel@tonic-gate 414*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_randkey_principal(void *server_handle, 415*7c478bd9Sstevel@tonic-gate krb5_principal principal, 416*7c478bd9Sstevel@tonic-gate krb5_keyblock **keyblocks, 417*7c478bd9Sstevel@tonic-gate int *n_keys); 418*7c478bd9Sstevel@tonic-gate 419*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_randkey_principal_3(void *server_handle, 420*7c478bd9Sstevel@tonic-gate krb5_principal principal, 421*7c478bd9Sstevel@tonic-gate krb5_boolean keepold, 422*7c478bd9Sstevel@tonic-gate int n_ks_tuple, 423*7c478bd9Sstevel@tonic-gate krb5_key_salt_tuple *ks_tuple, 424*7c478bd9Sstevel@tonic-gate krb5_keyblock **keyblocks, 425*7c478bd9Sstevel@tonic-gate int *n_keys); 426*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_setv4key_principal(void *server_handle, 427*7c478bd9Sstevel@tonic-gate krb5_principal principal, 428*7c478bd9Sstevel@tonic-gate krb5_keyblock *keyblock); 429*7c478bd9Sstevel@tonic-gate 430*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_setkey_principal(void *server_handle, 431*7c478bd9Sstevel@tonic-gate krb5_principal principal, 432*7c478bd9Sstevel@tonic-gate krb5_keyblock *keyblocks, 433*7c478bd9Sstevel@tonic-gate int n_keys); 434*7c478bd9Sstevel@tonic-gate 435*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_setkey_principal_3(void *server_handle, 436*7c478bd9Sstevel@tonic-gate krb5_principal principal, 437*7c478bd9Sstevel@tonic-gate krb5_boolean keepold, 438*7c478bd9Sstevel@tonic-gate int n_ks_tuple, 439*7c478bd9Sstevel@tonic-gate krb5_key_salt_tuple *ks_tuple, 440*7c478bd9Sstevel@tonic-gate krb5_keyblock *keyblocks, 441*7c478bd9Sstevel@tonic-gate int n_keys); 442*7c478bd9Sstevel@tonic-gate 443*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_create_policy(void *server_handle, 444*7c478bd9Sstevel@tonic-gate kadm5_policy_ent_t ent, 445*7c478bd9Sstevel@tonic-gate long mask); 446*7c478bd9Sstevel@tonic-gate /* 447*7c478bd9Sstevel@tonic-gate * kadm5_create_policy_internal is not part of the supported, 448*7c478bd9Sstevel@tonic-gate * exposed API. It is available only in the server library, and you 449*7c478bd9Sstevel@tonic-gate * shouldn't use it unless you know why it's there and how it's 450*7c478bd9Sstevel@tonic-gate * different from kadm5_create_policy. 451*7c478bd9Sstevel@tonic-gate */ 452*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_create_policy_internal(void *server_handle, 453*7c478bd9Sstevel@tonic-gate kadm5_policy_ent_t 454*7c478bd9Sstevel@tonic-gate entry, long mask); 455*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_delete_policy(void *server_handle, 456*7c478bd9Sstevel@tonic-gate kadm5_policy_t policy); 457*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_modify_policy(void *server_handle, 458*7c478bd9Sstevel@tonic-gate kadm5_policy_ent_t ent, 459*7c478bd9Sstevel@tonic-gate long mask); 460*7c478bd9Sstevel@tonic-gate /* 461*7c478bd9Sstevel@tonic-gate * kadm5_modify_policy_internal is not part of the supported, 462*7c478bd9Sstevel@tonic-gate * exposed API. It is available only in the server library, and you 463*7c478bd9Sstevel@tonic-gate * shouldn't use it unless you know why it's there and how it's 464*7c478bd9Sstevel@tonic-gate * different from kadm5_modify_policy. 465*7c478bd9Sstevel@tonic-gate */ 466*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_modify_policy_internal(void *server_handle, 467*7c478bd9Sstevel@tonic-gate kadm5_policy_ent_t 468*7c478bd9Sstevel@tonic-gate entry, long mask); 469*7c478bd9Sstevel@tonic-gate 470*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_get_policy(void *server_handle, 471*7c478bd9Sstevel@tonic-gate kadm5_policy_t policy, 472*7c478bd9Sstevel@tonic-gate kadm5_policy_ent_t ent); 473*7c478bd9Sstevel@tonic-gate 474*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_get_privs(void *server_handle, 475*7c478bd9Sstevel@tonic-gate long *privs); 476*7c478bd9Sstevel@tonic-gate 477*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_chpass_principal_util(void *server_handle, 478*7c478bd9Sstevel@tonic-gate krb5_principal princ, 479*7c478bd9Sstevel@tonic-gate char *new_pw, 480*7c478bd9Sstevel@tonic-gate char **ret_pw, 481*7c478bd9Sstevel@tonic-gate char *msg_ret, 482*7c478bd9Sstevel@tonic-gate int msg_len); 483*7c478bd9Sstevel@tonic-gate 484*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_free_principal_ent(void *server_handle, 485*7c478bd9Sstevel@tonic-gate kadm5_principal_ent_t 486*7c478bd9Sstevel@tonic-gate ent); 487*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_free_policy_ent(void *server_handle, 488*7c478bd9Sstevel@tonic-gate kadm5_policy_ent_t ent); 489*7c478bd9Sstevel@tonic-gate 490*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_get_principals(void *server_handle, 491*7c478bd9Sstevel@tonic-gate char *exp, char ***princs, 492*7c478bd9Sstevel@tonic-gate int *count); 493*7c478bd9Sstevel@tonic-gate 494*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_get_policies(void *server_handle, 495*7c478bd9Sstevel@tonic-gate char *exp, char ***pols, 496*7c478bd9Sstevel@tonic-gate int *count); 497*7c478bd9Sstevel@tonic-gate 498*7c478bd9Sstevel@tonic-gate 499*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_free_key_data(void *server_handle, 500*7c478bd9Sstevel@tonic-gate krb5_int16 *n_key_data, 501*7c478bd9Sstevel@tonic-gate krb5_key_data *key_data); 502*7c478bd9Sstevel@tonic-gate 503*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_free_name_list(void *server_handle, 504*7c478bd9Sstevel@tonic-gate char **names, int count); 505*7c478bd9Sstevel@tonic-gate 506*7c478bd9Sstevel@tonic-gate 507*7c478bd9Sstevel@tonic-gate krb5_chgpwd_prot _kadm5_get_kpasswd_protocol(void *server_handle); 508*7c478bd9Sstevel@tonic-gate kadm5_ret_t kadm5_chpass_principal_v2(void *server_handle, 509*7c478bd9Sstevel@tonic-gate krb5_principal princ, 510*7c478bd9Sstevel@tonic-gate char *new_password, 511*7c478bd9Sstevel@tonic-gate kadm5_ret_t *srvr_rsp_code, 512*7c478bd9Sstevel@tonic-gate krb5_data *srvr_msg); 513*7c478bd9Sstevel@tonic-gate 514*7c478bd9Sstevel@tonic-gate void handle_chpw(krb5_context context, int s, void *serverhandle, 515*7c478bd9Sstevel@tonic-gate kadm5_config_params *params); 516*7c478bd9Sstevel@tonic-gate 517*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 518*7c478bd9Sstevel@tonic-gate } 519*7c478bd9Sstevel@tonic-gate #endif 520*7c478bd9Sstevel@tonic-gate 521*7c478bd9Sstevel@tonic-gate #endif /* __KADM5_ADMIN_H__ */ 522