blob: 34c195fa24cfdbf01a096df0a8db15da10ba697b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
|
/*
* include/krb5/adm.h
*
* Copyright 1995,2001 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*/
#ifndef KRB5_ADM_H__
#define KRB5_ADM_H__
/*
* Kerberos V5 Change Password service name
*/
#define KRB5_ADM_SERVICE_NAME "kpasswd"
#define KRB5_ADM_DEFAULT_PORT 464
#define KRB5_ADM_SERVICE_INSTANCE "changepw"
/*
* Maximum password length.
*/
#define KRB5_ADM_MAX_PASSWORD_LEN 512
/*
* Protocol command strings.
*/
#define KRB5_ADM_QUIT_CMD "QUIT"
#define KRB5_ADM_CHECKPW_CMD "CHECKPW"
#define KRB5_ADM_CHANGEPW_CMD "CHANGEPW"
#define KRB5_ADM_MOTD_CMD "MOTD"
#define KRB5_ADM_MIME_CMD "MIME"
#define KRB5_ADM_LANGUAGE_CMD "LANGUAGE"
#define KRB5_ADM_ADD_PRINC_CMD "ADD-PRINCIPAL"
#define KRB5_ADM_DEL_PRINC_CMD "DELETE-PRINCIPAL"
#define KRB5_ADM_REN_PRINC_CMD "RENAME-PRINCIPAL"
#define KRB5_ADM_MOD_PRINC_CMD "MODIFY-PRINCIPAL"
#define KRB5_ADM_INQ_PRINC_CMD "INQUIRE-PRINCIPAL"
#define KRB5_ADM_EXT_KEY_CMD "EXTRACT-KEY"
/*
* Protocol command strings for the current version of the admin
* server. (Chris had removed them in the version he was working
* with.)
*
* XXX I'm adding them back so the tree works. We need to take care
* of this eventually.
*/
#define KRB5_ADM_CHG_OPW_CMD "OTHER-CHANGEPW"
#define KRB5_ADM_CHG_ORPW_CMD "OTHER-RANDOM-CHANGEPW"
#define KRB5_ADM_ADD_KEY_CMD "ADD-KEY"
#define KRB5_ADM_DEL_KEY_CMD "DELETE-KEY"
/*
* Reply status values.
*/
#define KRB5_ADM_SUCCESS 0
#define KRB5_ADM_CMD_UNKNOWN 1
#define KRB5_ADM_PW_UNACCEPT 2
#define KRB5_ADM_BAD_PW 3
#define KRB5_ADM_NOT_IN_TKT 4
#define KRB5_ADM_CANT_CHANGE 5
#define KRB5_ADM_LANG_NOT_SUPPORTED 6
#define KRB5_ADM_P_ALREADY_EXISTS 64
#define KRB5_ADM_P_DOES_NOT_EXIST 65
#define KRB5_ADM_NOT_AUTHORIZED 66
#define KRB5_ADM_BAD_OPTION 67
#define KRB5_ADM_VALUE_REQUIRED 68
#define KRB5_ADM_SYSTEM_ERROR 69
#define KRB5_ADM_KEY_DOES_NOT_EXIST 70
#define KRB5_ADM_KEY_ALREADY_EXISTS 71
/*
* Principal flag keywords.
*/
/* Settable only */
#define KRB5_ADM_KW_PASSWORD "PASSWORD"
#define KRB5_ADM_KW_APASSWORD "APASSWORD"
#define KRB5_ADM_KW_RANDOMKEY "RANDOMKEY"
#define KRB5_ADM_KW_ARANDOMKEY "ARANDOMKEY"
#define KRB5_ADM_KW_SETFLAGS "SETFLAGS"
#define KRB5_ADM_KW_UNSETFLAGS "UNSETFLAGS"
/* Settable and retrievable */
#define KRB5_ADM_KW_MAXLIFE "MAXLIFE"
#define KRB5_ADM_KW_MAXRENEWLIFE "MAXRENEWLIFE"
#define KRB5_ADM_KW_EXPIRATION "EXPIRATION"
#define KRB5_ADM_KW_PWEXPIRATION "PWEXPIRATION"
#define KRB5_ADM_KW_FLAGS "FLAGS"
#define KRB5_ADM_KW_AUXDATA "AUXDATA"
#define KRB5_ADM_KW_EXTRADATA "EXTRADATA"
/* Retrievable only */
#define KRB5_ADM_KW_LASTPWCHANGE "LASTPWCHANGE"
#define KRB5_ADM_KW_LASTSUCCESS "LASTSUCCESS"
#define KRB5_ADM_KW_LASTFAILED "LASTFAILED"
#define KRB5_ADM_KW_FAILCOUNT "FAILCOUNT"
#define KRB5_ADM_KW_KEYDATA "KEYDATA"
/* Valid mask */
#define KRB5_ADM_M_PASSWORD 0x00000001
#define KRB5_ADM_M_MAXLIFE 0x00000002
#define KRB5_ADM_M_MAXRENEWLIFE 0x00000004
#define KRB5_ADM_M_EXPIRATION 0x00000008
#define KRB5_ADM_M_PWEXPIRATION 0x00000010
#define KRB5_ADM_M_RANDOMKEY 0x00000020
#define KRB5_ADM_M_FLAGS 0x00000040
#define KRB5_ADM_M_LASTPWCHANGE 0x00000080
#define KRB5_ADM_M_LASTSUCCESS 0x00000100
#define KRB5_ADM_M_LASTFAILED 0x00000200
#define KRB5_ADM_M_FAILCOUNT 0x00000400
#define KRB5_ADM_M_AUXDATA 0x00000800
#define KRB5_ADM_M_KEYDATA 0x00001000
#define KRB5_ADM_M_APASSWORD 0x00002000
#define KRB5_ADM_M_ARANDOMKEY 0x00004000
#define KRB5_ADM_M_UNUSED_15 0x00008000
#define KRB5_ADM_M_UNUSED_16 0x00010000
#define KRB5_ADM_M_UNUSED_17 0x00020000
#define KRB5_ADM_M_UNUSED_18 0x00040000
#define KRB5_ADM_M_UNUSED_19 0x00080000
#define KRB5_ADM_M_UNUSED_20 0x00100000
#define KRB5_ADM_M_UNUSED_21 0x00200000
#define KRB5_ADM_M_UNUSED_22 0x00400000
#define KRB5_ADM_M_UNUSED_23 0x00800000
#define KRB5_ADM_M_UNUSED_24 0x01000000
#define KRB5_ADM_M_UNUSED_25 0x02000000
#define KRB5_ADM_M_UNUSED_26 0x04000000
#define KRB5_ADM_M_UNUSED_27 0x08000000
#define KRB5_ADM_M_UNUSED_28 0x10000000
#define KRB5_ADM_M_UNUSED_29 0x20000000
#define KRB5_ADM_M_GET 0x40000000
#define KRB5_ADM_M_SET 0x80000000
#define KRB5_ADM_M_EXTRADATA 0x00000000 /* Hack to get */
/* libkadm to compile */
#define KRB5_ADM_M_SET_VALID (KRB5_ADM_M_SET + \
KRB5_ADM_M_PASSWORD + \
KRB5_ADM_M_APASSWORD + \
KRB5_ADM_M_MAXLIFE + \
KRB5_ADM_M_MAXRENEWLIFE+ \
KRB5_ADM_M_EXPIRATION + \
KRB5_ADM_M_PWEXPIRATION+ \
KRB5_ADM_M_RANDOMKEY + \
KRB5_ADM_M_ARANDOMKEY + \
KRB5_ADM_M_FLAGS + \
KRB5_ADM_M_AUXDATA)
#define KRB5_ADM_M_GET_VALID (KRB5_ADM_M_GET + \
KRB5_ADM_M_MAXLIFE + \
KRB5_ADM_M_MAXRENEWLIFE+ \
KRB5_ADM_M_EXPIRATION + \
KRB5_ADM_M_PWEXPIRATION+ \
KRB5_ADM_M_FLAGS + \
KRB5_ADM_M_LASTPWCHANGE+ \
KRB5_ADM_M_LASTSUCCESS + \
KRB5_ADM_M_LASTFAILED + \
KRB5_ADM_M_FAILCOUNT + \
KRB5_ADM_M_AUXDATA + \
KRB5_ADM_M_KEYDATA)
/*
* Keytab reply components.
*/
#define KRB5_ADM_KT_PRINCIPAL 0
#define KRB5_ADM_KT_TIMESTAMP 1
#define KRB5_ADM_KT_VNO 2
#define KRB5_ADM_KT_KEY_ENCTYPE 3
#define KRB5_ADM_KT_KEY_KEY 4
#define KRB5_ADM_KT_NCOMPS 5
/* for krb5_key_salt_tuple */
#include "kdb.h"
/*
* Data structure returned by krb5_read_realm_params()
*/
typedef struct __krb5_realm_params {
char * realm_profile;
char * realm_dbname;
char * realm_mkey_name;
char * realm_stash_file;
char * realm_kdc_ports;
char * realm_kdc_tcp_ports;
char * realm_acl_file;
krb5_int32 realm_kadmind_port;
krb5_enctype realm_enctype;
krb5_deltat realm_max_life;
krb5_deltat realm_max_rlife;
krb5_timestamp realm_expiration;
krb5_flags realm_flags;
krb5_key_salt_tuple *realm_keysalts;
unsigned int realm_reject_bad_transit:1;
unsigned int realm_kadmind_port_valid:1;
unsigned int realm_enctype_valid:1;
unsigned int realm_max_life_valid:1;
unsigned int realm_max_rlife_valid:1;
unsigned int realm_expiration_valid:1;
unsigned int realm_flags_valid:1;
unsigned int realm_reject_bad_transit_valid:1;
krb5_int32 realm_num_keysalts;
} krb5_realm_params;
#endif /* KRB5_ADM_H__ */
|
