13641Ssemery /*
2*12253SPeter.Shoults@Sun.COM * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
33641Ssemery */
43641Ssemery
50Sstevel@tonic-gate /*
60Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
70Sstevel@tonic-gate *
80Sstevel@tonic-gate * Openvision retains the copyright to derivative works of
90Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this
100Sstevel@tonic-gate * source code before consulting with your legal department.
110Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another
120Sstevel@tonic-gate * product before consulting with your legal department.
130Sstevel@tonic-gate *
140Sstevel@tonic-gate * For further information, read the top-level Openvision
150Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos
160Sstevel@tonic-gate * copyright.
170Sstevel@tonic-gate *
180Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
190Sstevel@tonic-gate *
200Sstevel@tonic-gate */
210Sstevel@tonic-gate
220Sstevel@tonic-gate /*
230Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
240Sstevel@tonic-gate *
250Sstevel@tonic-gate */
260Sstevel@tonic-gate
274960Swillf #include <k5-int.h>
284960Swillf #include <krb5/kdb.h>
290Sstevel@tonic-gate #include <kadm5/server_internal.h>
30*12253SPeter.Shoults@Sun.COM #include <kadm5/admin.h>
310Sstevel@tonic-gate #include "misc.h"
320Sstevel@tonic-gate
330Sstevel@tonic-gate /*
342881Smp153739 * Function: chpass_principal_wrapper_3
352881Smp153739 *
360Sstevel@tonic-gate * Purpose: wrapper to kadm5_chpass_principal that checks to see if
370Sstevel@tonic-gate * pw_min_life has been reached. if not it returns an error.
380Sstevel@tonic-gate * otherwise it calls kadm5_chpass_principal
390Sstevel@tonic-gate *
400Sstevel@tonic-gate * Arguments:
410Sstevel@tonic-gate * principal (input) krb5_principals whose password we are
420Sstevel@tonic-gate * changing
432881Smp153739 * keepold (input) whether to preserve old keys
442881Smp153739 * n_ks_tuple (input) the number of key-salt tuples in ks_tuple
452881Smp153739 * ks_tuple (input) array of tuples indicating the caller's
462881Smp153739 * requested enctypes/salttypes
472881Smp153739 * password (input) password we are going to change to.
482881Smp153739 * <return value> 0 on success error code on failure.
490Sstevel@tonic-gate *
500Sstevel@tonic-gate * Requires:
510Sstevel@tonic-gate * kadm5_init to have been run.
522881Smp153739 *
530Sstevel@tonic-gate * Effects:
540Sstevel@tonic-gate * calls kadm5_chpass_principal which changes the kdb and the
550Sstevel@tonic-gate * the admin db.
560Sstevel@tonic-gate *
570Sstevel@tonic-gate */
580Sstevel@tonic-gate kadm5_ret_t
chpass_principal_wrapper_3(void * server_handle,krb5_principal principal,krb5_boolean keepold,int n_ks_tuple,krb5_key_salt_tuple * ks_tuple,char * password)592881Smp153739 chpass_principal_wrapper_3(void *server_handle,
602881Smp153739 krb5_principal principal,
612881Smp153739 krb5_boolean keepold,
622881Smp153739 int n_ks_tuple,
632881Smp153739 krb5_key_salt_tuple *ks_tuple,
642881Smp153739 char *password)
650Sstevel@tonic-gate {
662881Smp153739 kadm5_ret_t ret;
670Sstevel@tonic-gate
68*12253SPeter.Shoults@Sun.COM /* Solaris Kerberos */
69*12253SPeter.Shoults@Sun.COM ret = kadm5_check_min_life(server_handle, principal, NULL, 0);
702881Smp153739 if (ret)
712881Smp153739 return ret;
720Sstevel@tonic-gate
732881Smp153739 return kadm5_chpass_principal_3(server_handle, principal,
742881Smp153739 keepold, n_ks_tuple, ks_tuple,
752881Smp153739 password);
760Sstevel@tonic-gate }
770Sstevel@tonic-gate
780Sstevel@tonic-gate
790Sstevel@tonic-gate /*
802881Smp153739 * Function: randkey_principal_wrapper_3
812881Smp153739 *
820Sstevel@tonic-gate * Purpose: wrapper to kadm5_randkey_principal which checks the
832881Smp153739 * password's min. life.
840Sstevel@tonic-gate *
850Sstevel@tonic-gate * Arguments:
860Sstevel@tonic-gate * principal (input) krb5_principal whose password we are
870Sstevel@tonic-gate * changing
882881Smp153739 * keepold (input) whether to preserve old keys
892881Smp153739 * n_ks_tuple (input) the number of key-salt tuples in ks_tuple
902881Smp153739 * ks_tuple (input) array of tuples indicating the caller's
912881Smp153739 * requested enctypes/salttypes
920Sstevel@tonic-gate * key (output) new random key
932881Smp153739 * <return value> 0, error code on error.
940Sstevel@tonic-gate *
950Sstevel@tonic-gate * Requires:
960Sstevel@tonic-gate * kadm5_init needs to be run
972881Smp153739 *
980Sstevel@tonic-gate * Effects:
990Sstevel@tonic-gate * calls kadm5_randkey_principal
1000Sstevel@tonic-gate *
1010Sstevel@tonic-gate */
1020Sstevel@tonic-gate kadm5_ret_t
randkey_principal_wrapper_3(void * server_handle,krb5_principal principal,krb5_boolean keepold,int n_ks_tuple,krb5_key_salt_tuple * ks_tuple,krb5_keyblock ** keys,int * n_keys)1032881Smp153739 randkey_principal_wrapper_3(void *server_handle,
1042881Smp153739 krb5_principal principal,
1052881Smp153739 krb5_boolean keepold,
1062881Smp153739 int n_ks_tuple,
1072881Smp153739 krb5_key_salt_tuple *ks_tuple,
1082881Smp153739 krb5_keyblock **keys, int *n_keys)
1090Sstevel@tonic-gate {
1102881Smp153739 kadm5_ret_t ret;
1110Sstevel@tonic-gate
112*12253SPeter.Shoults@Sun.COM /* Solaris Kerberos */
113*12253SPeter.Shoults@Sun.COM ret = kadm5_check_min_life(server_handle, principal, NULL, 0);
1142881Smp153739 if (ret)
1152881Smp153739 return ret;
1162881Smp153739 return kadm5_randkey_principal_3(server_handle, principal,
1172881Smp153739 keepold, n_ks_tuple, ks_tuple,
1182881Smp153739 keys, n_keys);
1192881Smp153739 }
1200Sstevel@tonic-gate
1212881Smp153739 kadm5_ret_t
schpw_util_wrapper(void * server_handle,krb5_principal princ,char * new_pw,char ** ret_pw,char * msg_ret,unsigned int msg_len)1227934SMark.Phalan@Sun.COM schpw_util_wrapper(void *server_handle, krb5_principal princ,
1237934SMark.Phalan@Sun.COM char *new_pw, char **ret_pw,
1247934SMark.Phalan@Sun.COM char *msg_ret, unsigned int msg_len)
1252881Smp153739 {
1262881Smp153739 kadm5_ret_t ret;
1272881Smp153739
128*12253SPeter.Shoults@Sun.COM /* Solaris Kerberos */
129*12253SPeter.Shoults@Sun.COM ret = kadm5_check_min_life(server_handle, princ, msg_ret, msg_len);
1302881Smp153739 if (ret)
1312881Smp153739 return ret;
1322881Smp153739
1332881Smp153739 return kadm5_chpass_principal_util(server_handle, princ,
1342881Smp153739 new_pw, ret_pw,
1352881Smp153739 msg_ret, msg_len);
1362881Smp153739 }
1370Sstevel@tonic-gate
1382881Smp153739 kadm5_ret_t
randkey_principal_wrapper(void * server_handle,krb5_principal princ,krb5_keyblock ** keys,int * n_keys)1393641Ssemery randkey_principal_wrapper(void *server_handle, krb5_principal princ,
1403641Ssemery krb5_keyblock ** keys, int *n_keys)
1413641Ssemery {
1423641Ssemery kadm5_ret_t ret;
1433641Ssemery
144*12253SPeter.Shoults@Sun.COM /* Solaris Kerberos */
145*12253SPeter.Shoults@Sun.COM ret = kadm5_check_min_life(server_handle, princ, NULL, 0);
1463641Ssemery if (ret)
1473641Ssemery return ret;
1483641Ssemery
1493641Ssemery return kadm5_randkey_principal(server_handle, princ, keys, n_keys);
1503641Ssemery }
151