1 /* 2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #ifndef __KADM5_ADMIN_H__ 7 #define __KADM5_ADMIN_H__ 8 9 | #pragma ident "@(#)admin.h 1.11 04/09/08 SMI" 9 | #pragma ident "@(#)admin.h 1.10 04/06/15 SMI" 10 11 #ifdef __cplusplus 12 extern "C" { 13 #endif 14 15 /* 16 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 17 * 18 * Openvision retains the copyright to derivative works of 19 * this source code. Do *NOT* create a derivative of this 20 * source code before consulting with your legal department. 21 * Do *NOT* integrate *ANY* of this source code into another 22 * product before consulting with your legal department. 23 * 24 * For further information, read the top-level Openvision 25 * copyright which is contained in the top-level MIT Kerberos 26 * copyright. 27 * 28 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 29 * 30 */ 31 32 33 /* 34 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved 35 * 36 * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin.h,v 1.43.2.1 2000/05/19 22:24:14 raeburn Exp $ 37 */ 38 39 #include <sys/types.h> 40 #include <rpc/types.h> 41 #include <rpc/rpc.h> 42 #include <krb5.h> 43 #include <k5-int.h> 44 #include <com_err.h> 45 #include <kadm5/kadm_err.h> 46 #include <kadm5/adb_err.h> 47 #include <kadm5/chpass_util_strings.h> 48 49 #define KADM5_ADMIN_SERVICE_P "kadmin@admin" 50 #define KADM5_ADMIN_SERVICE "kadmin/admin" 51 #define KADM5_CHANGEPW_SERVICE_P "kadmin@changepw" 52 #define KADM5_CHANGEPW_SERVICE "kadmin/changepw" 53 #define KADM5_HIST_PRINCIPAL "kadmin/history" 54 #define KADM5_ADMIN_HOST_SERVICE "kadmin" 55 #define KADM5_CHANGEPW_HOST_SERVICE "changepw" 56 + #define KADM5_KIPROP_HOST_SERVICE "kiprop" 57 58 typedef krb5_principal kadm5_princ_t; 59 typedef char *kadm5_policy_t; 60 typedef long kadm5_ret_t; 61 typedef int rpc_int32; 62 typedef unsigned int rpc_u_int32; 63 64 #define KADM5_PW_FIRST_PROMPT \ 65 ((char *)error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT)) 66 #define KADM5_PW_SECOND_PROMPT \ 67 ((char *)error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT)) 68 69 /* 70 * Succsessfull return code 71 */ 72 #define KADM5_OK 0 73 74 /* 75 * Field masks 76 */ 77 78 /* kadm5_principal_ent_t */ 79 #define KADM5_PRINCIPAL 0x000001 80 #define KADM5_PRINC_EXPIRE_TIME 0x000002 81 #define KADM5_PW_EXPIRATION 0x000004 82 #define KADM5_LAST_PWD_CHANGE 0x000008 83 #define KADM5_ATTRIBUTES 0x000010 84 #define KADM5_MAX_LIFE 0x000020 85 #define KADM5_MOD_TIME 0x000040 86 #define KADM5_MOD_NAME 0x000080 87 #define KADM5_KVNO 0x000100 88 #define KADM5_MKVNO 0x000200 89 #define KADM5_AUX_ATTRIBUTES 0x000400 90 #define KADM5_POLICY 0x000800 91 #define KADM5_POLICY_CLR 0x001000 92 /* version 2 masks */ 93 #define KADM5_MAX_RLIFE 0x002000 94 #define KADM5_LAST_SUCCESS 0x004000 95 #define KADM5_LAST_FAILED 0x008000 96 #define KADM5_FAIL_AUTH_COUNT 0x010000 97 #define KADM5_KEY_DATA 0x020000 98 #define KADM5_TL_DATA 0x040000 99 /* all but KEY_DATA and TL_DATA */ 100 #define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff 101 102 /* kadm5_policy_ent_t */ 103 #define KADM5_PW_MAX_LIFE 0x004000 104 #define KADM5_PW_MIN_LIFE 0x008000 105 #define KADM5_PW_MIN_LENGTH 0x010000 106 #define KADM5_PW_MIN_CLASSES 0x020000 107 #define KADM5_PW_HISTORY_NUM 0x040000 108 #define KADM5_REF_COUNT 0x080000 109 110 /* kadm5_config_params */ 111 #define KADM5_CONFIG_REALM 0x0000001 112 #define KADM5_CONFIG_DBNAME 0x0000002 113 #define KADM5_CONFIG_MKEY_NAME 0x0000004 114 #define KADM5_CONFIG_MAX_LIFE 0x0000008 115 #define KADM5_CONFIG_MAX_RLIFE 0x0000010 116 #define KADM5_CONFIG_EXPIRATION 0x0000020 117 #define KADM5_CONFIG_FLAGS 0x0000040 118 #define KADM5_CONFIG_ADMIN_KEYTAB 0x0000080 119 #define KADM5_CONFIG_STASH_FILE 0x0000100 120 #define KADM5_CONFIG_ENCTYPE 0x0000200 121 #define KADM5_CONFIG_ADBNAME 0x0000400 122 #define KADM5_CONFIG_ADB_LOCKFILE 0x0000800 123 #define KADM5_CONFIG_PROFILE 0x0001000 124 #define KADM5_CONFIG_ACL_FILE 0x0002000 125 #define KADM5_CONFIG_KADMIND_PORT 0x0004000 126 #define KADM5_CONFIG_ENCTYPES 0x0008000 127 #define KADM5_CONFIG_ADMIN_SERVER 0x0010000 128 #define KADM5_CONFIG_DICT_FILE 0x0020000 129 #define KADM5_CONFIG_MKEY_FROM_KBD 0x0040000 130 #define KADM5_CONFIG_KPASSWD_PORT 0x0080000 131 #define KADM5_CONFIG_KPASSWD_SERVER 0x0100000 132 #define KADM5_CONFIG_KPASSWD_PROTOCOL 0x0200000 133 + #define KADM5_CONFIG_IPROP_ENABLED 0x0400000 134 + #define KADM5_CONFIG_ULOG_SIZE 0x0800000 135 + #define KADM5_CONFIG_POLL_TIME 0x1000000 136 137 /* password change constants */ 138 #define KRB5_KPASSWD_SUCCESS 0 139 #define KRB5_KPASSWD_MALFORMED 1 140 #define KRB5_KPASSWD_HARDERROR 2 141 #define KRB5_KPASSWD_AUTHERROR 3 142 #define KRB5_KPASSWD_SOFTERROR 4 143 #define KRB5_KPASSWD_ACCESSDENIED 5 144 #define KRB5_KPASSWD_BAD_VERSION 6 145 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 146 #define KRB5_KPASSWD_POLICY_REJECT 8 147 #define KRB5_KPASSWD_BAD_PRINCIPAL 9 148 #define KRB5_KPASSWD_ETYPE_NOSUPP 10 149 150 /* 151 * permission bits 152 */ 153 #define KADM5_PRIV_GET 0x01 154 #define KADM5_PRIV_ADD 0x02 155 #define KADM5_PRIV_MODIFY 0x04 156 #define KADM5_PRIV_DELETE 0x08 157 158 /* 159 * API versioning constants 160 */ 161 #define KADM5_MASK_BITS 0xffffff00 162 163 #define KADM5_STRUCT_VERSION_MASK 0x12345600 164 #define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01) 165 #define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1 166 167 #define KADM5_API_VERSION_MASK 0x12345700 168 #define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01) 169 #define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02) 170 171 #ifdef KRB5_DNS_LOOKUP 172 /* 173 * Name length constants for DNS lookups 174 */ 175 #define MAX_HOST_NAMELEN 256 176 #define MAX_DNS_NAMELEN (15*(MAX_HOST_NAMELEN + 1)+1) 177 #endif /* KRB5_DNS_LOOKUP */ 178 179 typedef struct _kadm5_principal_ent_t_v2 { 180 krb5_principal principal; 181 krb5_timestamp princ_expire_time; 182 krb5_timestamp last_pwd_change; 183 krb5_timestamp pw_expiration; 184 krb5_deltat max_life; 185 krb5_principal mod_name; 186 krb5_timestamp mod_date; 187 krb5_flags attributes; 188 krb5_kvno kvno; 189 krb5_kvno mkvno; 190 char *policy; 191 long aux_attributes; 192 193 /* version 2 fields */ 194 krb5_deltat max_renewable_life; 195 krb5_timestamp last_success; 196 krb5_timestamp last_failed; 197 krb5_kvno fail_auth_count; 198 krb5_int16 n_key_data; 199 krb5_int16 n_tl_data; 200 krb5_tl_data *tl_data; 201 krb5_key_data *key_data; 202 } kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2; ----Unchanged portion omitted---- 246 247 /* 248 * Data structure returned by kadm5_get_config_params() 249 */ 250 typedef struct _kadm5_config_params { 251 long mask; 252 char *realm; 253 char *profile; 254 int kadmind_port; 255 char *admin_server; 256 char *dbname; 257 char *admin_dbname; 258 char *admin_lockfile; 259 char *admin_keytab; 260 char *acl_file; 261 char *dict_file; 262 int mkey_from_kbd; 263 char *stash_file; 264 char *mkey_name; 265 krb5_enctype enctype; 266 krb5_deltat max_life; 267 krb5_deltat max_rlife; 268 krb5_timestamp expiration; 269 krb5_flags flags; 270 krb5_key_salt_tuple *keysalts; 271 krb5_int32 num_keysalts; 272 char *kpasswd_server; 273 int kpasswd_port; 274 krb5_chgpwd_prot kpasswd_protocol; 275 + bool_t iprop_enabled; 276 + int iprop_ulogsize; 277 + char *iprop_polltime; 278 } kadm5_config_params; ----Unchanged portion omitted----