usr/src/lib/gss_mechs/mech_krb5/include/krb5/adm.h

   1 #pragma ident   "%Z%%M% %I%     %E% SMI"
   2 /*
   3  * include/krb5/adm.h
   4  *
   5  * Copyright 1995,2001 by the Massachusetts Institute of Technology.
   6  * All Rights Reserved.
   7  *
   8  * Export of this software from the United States of America may
   9  *   require a specific license from the United States Government.
  10  *   It is the responsibility of any person or organization contemplating
  11  *   export to obtain such a license before exporting.
  12  *
  13  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  14  * distribute this software and its documentation for any purpose and
  15  * without fee is hereby granted, provided that the above copyright
  16  * notice appear in all copies and that both that copyright notice and
  17  * this permission notice appear in supporting documentation, and that
  18  * the name of M.I.T. not be used in advertising or publicity pertaining
  19  * to distribution of the software without specific, written prior
  20  * permission.  Furthermore if you modify this software you must label
  21  * your software as modified software and not distribute it in such a
  22  * fashion that it might be confused with the original M.I.T. software.
  23  * M.I.T. makes no representations about the suitability of
  24  * this software for any purpose.  It is provided "as is" without express
  25  * or implied warranty.
  26  *
  27  */
  28 #ifndef KRB5_ADM_H__
  29 #define KRB5_ADM_H__
  30
  31 /*
  32  * Kerberos V5 Change Password service name
  33  */
  34 #define KRB5_ADM_SERVICE_NAME   "kpasswd"
  35 #define KRB5_ADM_DEFAULT_PORT   464
  36
  37 #define KRB5_ADM_SERVICE_INSTANCE "changepw"
  38
  39 /*
  40  * Maximum password length.
  41  */
  42 #define KRB5_ADM_MAX_PASSWORD_LEN       512
  43
  44 /*
  45  * Protocol command strings.
  46  */
  47 #define KRB5_ADM_QUIT_CMD       "QUIT"
  48 #define KRB5_ADM_CHECKPW_CMD    "CHECKPW"
  49 #define KRB5_ADM_CHANGEPW_CMD   "CHANGEPW"
  50 #define KRB5_ADM_MOTD_CMD       "MOTD"
  51 #define KRB5_ADM_MIME_CMD       "MIME"
  52 #define KRB5_ADM_LANGUAGE_CMD   "LANGUAGE"
  53
  54 #define KRB5_ADM_ADD_PRINC_CMD  "ADD-PRINCIPAL"
  55 #define KRB5_ADM_DEL_PRINC_CMD  "DELETE-PRINCIPAL"
  56 #define KRB5_ADM_REN_PRINC_CMD  "RENAME-PRINCIPAL"
  57 #define KRB5_ADM_MOD_PRINC_CMD  "MODIFY-PRINCIPAL"
  58 #define KRB5_ADM_INQ_PRINC_CMD  "INQUIRE-PRINCIPAL"
  59 #define KRB5_ADM_EXT_KEY_CMD    "EXTRACT-KEY"
  60
  61 /*
  62  * Protocol command strings for the current version of the admin
  63  * server.  (Chris had removed them in the version he was working
  64  * with.)
  65  *
  66  * XXX I'm adding them back so the tree works.  We need to take care
  67  * of this eventually.
  68  */
  69 #define       KRB5_ADM_CHG_OPW_CMD    "OTHER-CHANGEPW"
  70 #define       KRB5_ADM_CHG_ORPW_CMD   "OTHER-RANDOM-CHANGEPW"
  71 #define       KRB5_ADM_ADD_KEY_CMD    "ADD-KEY"
  72 #define       KRB5_ADM_DEL_KEY_CMD    "DELETE-KEY"
  73
  74 /*
  75  * Reply status values.
  76  */
  77 #define KRB5_ADM_SUCCESS                0
  78 #define KRB5_ADM_CMD_UNKNOWN            1
  79 #define KRB5_ADM_PW_UNACCEPT            2
  80 #define KRB5_ADM_BAD_PW                 3
  81 #define KRB5_ADM_NOT_IN_TKT             4
  82 #define KRB5_ADM_CANT_CHANGE            5
  83 #define KRB5_ADM_LANG_NOT_SUPPORTED     6
  84
  85 #define KRB5_ADM_P_ALREADY_EXISTS       64
  86 #define KRB5_ADM_P_DOES_NOT_EXIST       65
  87 #define KRB5_ADM_NOT_AUTHORIZED         66
  88 #define KRB5_ADM_BAD_OPTION             67
  89 #define KRB5_ADM_VALUE_REQUIRED         68
  90 #define KRB5_ADM_SYSTEM_ERROR           69
  91 #define KRB5_ADM_KEY_DOES_NOT_EXIST     70
  92 #define KRB5_ADM_KEY_ALREADY_EXISTS     71
  93
  94 /*
  95  * Principal flag keywords.
  96  */
  97 /* Settable only */
  98 #define KRB5_ADM_KW_PASSWORD            "PASSWORD"
  99 #define KRB5_ADM_KW_APASSWORD           "APASSWORD"
 100 #define KRB5_ADM_KW_RANDOMKEY           "RANDOMKEY"
 101 #define KRB5_ADM_KW_ARANDOMKEY          "ARANDOMKEY"
 102 #define KRB5_ADM_KW_SETFLAGS            "SETFLAGS"
 103 #define KRB5_ADM_KW_UNSETFLAGS          "UNSETFLAGS"
 104 /* Settable and retrievable */
 105 #define KRB5_ADM_KW_MAXLIFE             "MAXLIFE"
 106 #define KRB5_ADM_KW_MAXRENEWLIFE        "MAXRENEWLIFE"
 107 #define KRB5_ADM_KW_EXPIRATION          "EXPIRATION"
 108 #define KRB5_ADM_KW_PWEXPIRATION        "PWEXPIRATION"
 109 #define KRB5_ADM_KW_FLAGS               "FLAGS"
 110 #define KRB5_ADM_KW_AUXDATA             "AUXDATA"
 111 #define KRB5_ADM_KW_EXTRADATA           "EXTRADATA"
 112 /* Retrievable only */
 113 #define KRB5_ADM_KW_LASTPWCHANGE        "LASTPWCHANGE"
 114 #define KRB5_ADM_KW_LASTSUCCESS         "LASTSUCCESS"
 115 #define KRB5_ADM_KW_LASTFAILED          "LASTFAILED"
 116 #define KRB5_ADM_KW_FAILCOUNT           "FAILCOUNT"
 117 #define KRB5_ADM_KW_KEYDATA             "KEYDATA"
 118
 119 /* Valid mask */
 120 #define KRB5_ADM_M_PASSWORD             0x00000001
 121 #define KRB5_ADM_M_MAXLIFE              0x00000002
 122 #define KRB5_ADM_M_MAXRENEWLIFE         0x00000004
 123 #define KRB5_ADM_M_EXPIRATION           0x00000008
 124 #define KRB5_ADM_M_PWEXPIRATION         0x00000010
 125 #define KRB5_ADM_M_RANDOMKEY            0x00000020
 126 #define KRB5_ADM_M_FLAGS                0x00000040
 127 #define KRB5_ADM_M_LASTPWCHANGE         0x00000080
 128 #define KRB5_ADM_M_LASTSUCCESS          0x00000100
 129 #define KRB5_ADM_M_LASTFAILED           0x00000200
 130 #define KRB5_ADM_M_FAILCOUNT            0x00000400
 131 #define KRB5_ADM_M_AUXDATA              0x00000800
 132 #define KRB5_ADM_M_KEYDATA              0x00001000
 133 #define KRB5_ADM_M_APASSWORD            0x00002000
 134 #define KRB5_ADM_M_ARANDOMKEY           0x00004000
 135 #define KRB5_ADM_M_UNUSED_15            0x00008000
 136 #define KRB5_ADM_M_UNUSED_16            0x00010000
 137 #define KRB5_ADM_M_UNUSED_17            0x00020000
 138 #define KRB5_ADM_M_UNUSED_18            0x00040000
 139 #define KRB5_ADM_M_UNUSED_19            0x00080000
 140 #define KRB5_ADM_M_UNUSED_20            0x00100000
 141 #define KRB5_ADM_M_UNUSED_21            0x00200000
 142 #define KRB5_ADM_M_UNUSED_22            0x00400000
 143 #define KRB5_ADM_M_UNUSED_23            0x00800000
 144 #define KRB5_ADM_M_UNUSED_24            0x01000000
 145 #define KRB5_ADM_M_UNUSED_25            0x02000000
 146 #define KRB5_ADM_M_UNUSED_26            0x04000000
 147 #define KRB5_ADM_M_UNUSED_27            0x08000000
 148 #define KRB5_ADM_M_UNUSED_28            0x10000000
 149 #define KRB5_ADM_M_UNUSED_29            0x20000000
 150 #define KRB5_ADM_M_GET                  0x40000000
 151 #define KRB5_ADM_M_SET                  0x80000000
 152
 153 #define KRB5_ADM_M_EXTRADATA            0x00000000 /* Hack to get */
 154                                                    /* libkadm to compile */
 155
 156 #define KRB5_ADM_M_SET_VALID            (KRB5_ADM_M_SET         + \
 157                                          KRB5_ADM_M_PASSWORD    + \
 158                                          KRB5_ADM_M_APASSWORD   + \
 159                                          KRB5_ADM_M_MAXLIFE     + \
 160                                          KRB5_ADM_M_MAXRENEWLIFE+ \
 161                                          KRB5_ADM_M_EXPIRATION  + \
 162                                          KRB5_ADM_M_PWEXPIRATION+ \
 163                                          KRB5_ADM_M_RANDOMKEY   + \
 164                                          KRB5_ADM_M_ARANDOMKEY  + \
 165                                          KRB5_ADM_M_FLAGS       + \
 166                                          KRB5_ADM_M_AUXDATA)
 167 #define KRB5_ADM_M_GET_VALID            (KRB5_ADM_M_GET         + \
 168                                          KRB5_ADM_M_MAXLIFE     + \
 169                                          KRB5_ADM_M_MAXRENEWLIFE+ \
 170                                          KRB5_ADM_M_EXPIRATION  + \
 171                                          KRB5_ADM_M_PWEXPIRATION+ \
 172                                          KRB5_ADM_M_FLAGS       + \
 173                                          KRB5_ADM_M_LASTPWCHANGE+ \
 174                                          KRB5_ADM_M_LASTSUCCESS + \
 175                                          KRB5_ADM_M_LASTFAILED  + \
 176                                          KRB5_ADM_M_FAILCOUNT   + \
 177                                          KRB5_ADM_M_AUXDATA     + \
 178                                          KRB5_ADM_M_KEYDATA)
 179
 180 /*
 181  * Keytab reply components.
 182  */
 183 #define KRB5_ADM_KT_PRINCIPAL   0
 184 #define KRB5_ADM_KT_TIMESTAMP   1
 185 #define KRB5_ADM_KT_VNO         2
 186 #define KRB5_ADM_KT_KEY_ENCTYPE 3
 187 #define KRB5_ADM_KT_KEY_KEY     4
 188 #define KRB5_ADM_KT_NCOMPS      5
 189
 190 /* for krb5_key_salt_tuple */
 191 #include "kdb.h"
 192
 193 /*
 194  * Data structure returned by krb5_read_realm_params()
 195  */
 196 typedef struct __krb5_realm_params {
 197     char *              realm_profile;
 198     char *              realm_dbname;
 199     char *              realm_mkey_name;
 200     char *              realm_stash_file;
 201     char *              realm_kdc_ports;
 202     char *              realm_kdc_tcp_ports;
 203     char *              realm_acl_file;
 204     krb5_int32          realm_kadmind_port;
 205     krb5_enctype        realm_enctype;
 206     krb5_deltat         realm_max_life;
 207     krb5_deltat         realm_max_rlife;
 208     krb5_timestamp      realm_expiration;
 209     krb5_flags          realm_flags;
 210     krb5_key_salt_tuple *realm_keysalts;
 211     unsigned int        realm_reject_bad_transit:1;
 212     unsigned int        realm_kadmind_port_valid:1;
 213     unsigned int        realm_enctype_valid:1;
 214     unsigned int        realm_max_life_valid:1;
 215     unsigned int        realm_max_rlife_valid:1;
 216     unsigned int        realm_expiration_valid:1;
 217     unsigned int        realm_flags_valid:1;
 218     unsigned int        realm_reject_bad_transit_valid:1;
 219     krb5_int32          realm_num_keysalts;
 220 } krb5_realm_params;
 221 #endif  /* KRB5_ADM_H__ */