1*12720SWyllys.Ingersoll@Sun.COM /* 2*12720SWyllys.Ingersoll@Sun.COM * CDDL HEADER START 3*12720SWyllys.Ingersoll@Sun.COM * 4*12720SWyllys.Ingersoll@Sun.COM * The contents of this file are subject to the terms of the 5*12720SWyllys.Ingersoll@Sun.COM * Common Development and Distribution License (the "License"). 6*12720SWyllys.Ingersoll@Sun.COM * You may not use this file except in compliance with the License. 7*12720SWyllys.Ingersoll@Sun.COM * 8*12720SWyllys.Ingersoll@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*12720SWyllys.Ingersoll@Sun.COM * or http://www.opensolaris.org/os/licensing. 10*12720SWyllys.Ingersoll@Sun.COM * See the License for the specific language governing permissions 11*12720SWyllys.Ingersoll@Sun.COM * and limitations under the License. 12*12720SWyllys.Ingersoll@Sun.COM * 13*12720SWyllys.Ingersoll@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 14*12720SWyllys.Ingersoll@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*12720SWyllys.Ingersoll@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 16*12720SWyllys.Ingersoll@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 17*12720SWyllys.Ingersoll@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 18*12720SWyllys.Ingersoll@Sun.COM * 19*12720SWyllys.Ingersoll@Sun.COM * CDDL HEADER END 20*12720SWyllys.Ingersoll@Sun.COM */ 21*12720SWyllys.Ingersoll@Sun.COM 22*12720SWyllys.Ingersoll@Sun.COM /* 23*12720SWyllys.Ingersoll@Sun.COM * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 24*12720SWyllys.Ingersoll@Sun.COM */ 25*12720SWyllys.Ingersoll@Sun.COM 26*12720SWyllys.Ingersoll@Sun.COM /*----------------------------------------------------------------------------- 27*12720SWyllys.Ingersoll@Sun.COM * File: ApplianceParameters.h 28*12720SWyllys.Ingersoll@Sun.COM -----------------------------------------------------------------------------*/ 29*12720SWyllys.Ingersoll@Sun.COM 30*12720SWyllys.Ingersoll@Sun.COM #ifndef ApplianceParameters_h 31*12720SWyllys.Ingersoll@Sun.COM #define ApplianceParameters_h 32*12720SWyllys.Ingersoll@Sun.COM 33*12720SWyllys.Ingersoll@Sun.COM // Server Config 34*12720SWyllys.Ingersoll@Sun.COM 35*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SERVER_LOG_FILENAME "KeyMgrLog.log" 36*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SERVER_CONFIG_FILENAME "ServerConfig.cfg" 37*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CONNECTION_QUEUE_SIZE 100 38*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_THREAD_POOL_SIZE 8 39*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_THREAD_POOL_MIN_IDLE_THREADS 8 40*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_THREAD_POOL_MAX_IDLE_THREADS 8 41*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_THREAD_POOL_MAINTENANCE_FREQUENCY_IN_SECONDS 0 42*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_THREAD_POOL_SHRINK_BY 0 43*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_THREAD_POOL_SPAWN_BY 0 44*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_THREAD_POOL_ORIGINAL_SIZE 8 45*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SOCKET_TIMEOUT_IN_SECONDS 60 46*12720SWyllys.Ingersoll@Sun.COM // former default for SSL_Accept timeout was 10s - increased to 20s to support HP LTO-4 47*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SSL_ACCEPT_TIMEOUT_IN_SECONDS 20 48*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SOCKET_CONNECTION_BACKLOG 100 49*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_MANAGEMENT_SERVICE_MAX_CONNECTIONS 10 50*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CA_SERVICE_PORT_NUMBER 3331 51*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CERTIFICATE_SERVICE_PORT_NUMBER 3332 52*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_MANAGEMENT_SERVICE_PORT_NUMBER 3333 53*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_AGENT_SERVICE_PORT_NUMBER 3334 54*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DISCOVERY_SERVICE_PORT_NUMBER 3335 55*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_REPLICATION_SERVICE_PORT_NUMBER 3336 56*12720SWyllys.Ingersoll@Sun.COM #define EXTENDED_SSL_SESSION_CACHE_TIMEOUT 86400 57*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DATABASE_MAINTENANCE_FREQUENCY_IN_SECONDS 86400 58*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_TRIGGER_DATABASE_MAINTENANCE_TIMEOUT_IN_SECONDS 30 59*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_AUDIT_LOG_MAINTENANCE_FREQUENCY_IN_SECONDS 3600 60*12720SWyllys.Ingersoll@Sun.COM // see CR 6689920 61*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_KEY_POOL_MAINTENANCE_FREQUENCY_IN_SECONDS 15 62*12720SWyllys.Ingersoll@Sun.COM #define KEY_POOL_MINIMUM_SIZE 1000 63*12720SWyllys.Ingersoll@Sun.COM #define KEY_POOL_MAXIMUM_SIZE 200000 64*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_KEY_GENERATION_BATCH_SIZE 10 65*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_REPLICATION_ANTI_ENTROPY_FREQUENCY_IN_SECONDS 60 66*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_MAXIMUM_REPLICATION_MESSAGE_SIZE_IN_BYTES 8192 67*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_MAXIMUM_JOIN_CLUSTER_MESSAGE_SIZE_IN_BYTES 262144 68*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_MAXIMUM_JOIN_CLUSTER_KMA_ENTRIES 20 69*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_REPLICATION_THROTTLE_TIME_IN_MILLISECONDS 1000 70*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_REPLICATION_SPREAD_TIME_IN_MILLISECONDS 3000 71*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_REPLICATION_TIMEOUT_IN_SECONDS 15 72*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_RETRIEVE_ROOT_CA_CERTIFICATE_TIMEOUT_IN_SECONDS 15 73*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_RETRIEVE_APPLIANCE_CERTIFICATE_TIMEOUT_IN_SECONDS 15 74*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_JOIN_CLUSTER_TIMEOUT_IN_SECONDS 15 75*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_JOIN_CLUSTER_REPLICATED_IN_SECONDS 10 76*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_REQUEST_ANTI_ENTROPY_PUSH_TIMEOUT_IN_SECONDS 60 77*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_PUSH_UPDATES_TIMEOUT_IN_SECONDS 60 78*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CLUSTER_PEER_STATUS_TIMEOUT_IN_SECONDS 10 79*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_TABLE_LOCK_TIMEOUT_IN_SECONDS 2 80*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_REPLICATION_TABLE_LOCK_TIMEOUT_IN_SECONDS 8 81*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_TRANSACTION_RETRY_TIMEOUT_IN_SECONDS 4 82*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_KEY_STORE_GROW_SIZE_IN_SLOTS 10000 83*12720SWyllys.Ingersoll@Sun.COM // Since write-caching is disabled on the hard disk, this is not necessary to force overwrites to disk 84*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_KEY_STORE_OVERWRITE_BUFFER_EXTRA_SIZE 0 85*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_KEY_STORE_OVERWRITE_PASS_COUNT 7 86*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CLOCK_ADJUSTMENT_LIMIT_IN_SECONDS 300 87*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DATABASE_START_TIMEOUT_IN_SECONDS 30 88*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DATABASE_TRANSACTION_RETRY_COUNT 10 89*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DATABASE_TRANSACTION_RETRY_SLEEP_IN_MILLISECONDS 1000 90*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_MAX_SNMP_TRAP_QUEUE_SIZE 10000 91*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SNMP_TIMEOUT_IN_SECONDS 10 92*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SNMP_RETRY_LIMIT 1 93*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_FILE_TRANSFER_MAXIMUM_CHUNK_SIZE_IN_KILOBYTES 1024 94*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CERTIFICATE_START_TIME_SHIFT_IN_SECONDS (60*60*24) 95*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DISCOVERY_FREQUENCY_IN_SECONDS (60*10) 96*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_AUDIT_LOG_FAIL_BACK_FREQUENCY_IN_SECONDS (60*10) 97*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_NTP_PEER_UPDATE_FREQUENCY_IN_SECONDS 23 98*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_NTP_PEER_UPDATE_QUERY_INTERVAL 156 99*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SYSTEM_DUMP_LOG_LINE_COUNT 5000 100*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_MASTER_KEY_PROVIDER_MAINTENANCE_FREQUENCY_IN_SECONDS 3600 101*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SEND_PUSH_UPDATES_TO_JOIN_PEER_KMA_IN_SECONDS 3600 102*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_PENDING_QUORUM_OPERATION_EXPIRATION_FREQUENCY_IN_SECONDS 600 103*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SUPPORT_ACCOUNT_MAX_PASSWORD_AGE_IN_DAYS 7 104*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_REPLICATION_ACCELERATION_TIMEOUT_IN_SECONDS 300 105*12720SWyllys.Ingersoll@Sun.COM 106*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DATABASE_ADMINISTRATOR_USERNAME "dbadmin" 107*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DATABASE_ADMINISTRATOR_PASSWORD "npwd4kms2" 108*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DATABASE_NAME "keymgr" 109*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DATABASE_PARAMS "" 110*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DATABASE_USERNAME "keymgr" 111*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DATABASE_PASSWORD "npwd4kms2" 112*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_KEY_STORE_FILE_NAME "KeyStore.dat" 113*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_OPENSSL_ROOT_CA_CERTIFICATE_FILE_NAME "RootCACertificate.crt" 114*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_OPENSSL_APPLIANCE_KEY_PAIR_FILE_NAME "KMAKeyPair.pem" 115*12720SWyllys.Ingersoll@Sun.COM #ifndef WIN32 116*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_OPENSSL_AGENT_PRIVATE_KEY_DIR "/var/opt/SUNWkms2/data/" 117*12720SWyllys.Ingersoll@Sun.COM #endif 118*12720SWyllys.Ingersoll@Sun.COM 119*12720SWyllys.Ingersoll@Sun.COM #ifndef DEFAULT_SERVER_VERSION 120*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SERVER_VERSION "2.1.04" 121*12720SWyllys.Ingersoll@Sun.COM #endif 122*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SNMP_TRAP_GENERIC_TRAP_OID "1.3.6.1.4.1.42.2" 123*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SNMP_TRAP_DATE_TIME_OID "1.3.6.1.4.1.42.2.1" 124*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SNMP_TRAP_AUDIT_CLASS_OID "1.3.6.1.4.1.42.2.2" 125*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SNMP_TRAP_AUDIT_OPERATION_OID "1.3.6.1.4.1.42.2.3" 126*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SNMP_TRAP_AUDIT_CONDITION_OID "1.3.6.1.4.1.42.2.4" 127*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SNMP_TRAP_AUDIT_SEVERITY_OID "1.3.6.1.4.1.42.2.5" 128*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SNMP_TRAP_ENTITY_ID_OID "1.3.6.1.4.1.42.2.6" 129*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SNMP_TRAP_NETWORK_ADDRESS_OID "1.3.6.1.4.1.42.2.7" 130*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SNMP_TRAP_MESSAGE_OID "1.3.6.1.4.1.42.2.8" 131*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SNMP_TRAP_AUDIT_SOLUTION_OID "1.3.6.1.4.1.42.2.9" 132*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_BACKUP_FILE_NAME "BackupFile" 133*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_RESTORE_FILE_NAME "RestoreFile" 134*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CACHED_BACKUP_FILE_NAME "/var/opt/SUNWkms2/CachedBackupFile" 135*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CACHED_CORE_SECURITY_XML_FILE_NAME "/var/opt/SUNWkms2/CachedCoreSecurityXMLFile" 136*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CACHED_BACKUP_KEY_XML_FILE_NAME "/var/opt/SUNWkms2/CachedBackupKeyXMLFile" 137*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SOFTWARE_UPGRADE_FILE_NAME "/SUNWkms2/boxcar/SoftwareUpgradeFile" 138*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_IMPORT_10KEYS_FILE_NAME "Import10KeysFile" 139*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_KEY_SHARING_EXPORT_FILE_NAME "KeySharingExport.dat" 140*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_KEY_SHARING_IMPORT_FILE_NAME "KeySharingImport.dat" 141*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_JOIN_PEER_KMA_FILE_NAME "/var/opt/SUNWkms2/data/JoinPeerKMAFile" 142*12720SWyllys.Ingersoll@Sun.COM 143*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_PRIMARY_NETWORK_IF "bge0" 144*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SECONDARY_NETWORK_IF "aggr1" 145*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_AGGREGATE_NETWORK "nge1 nge0" 146*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_PRIMARY_ALIAS "KMA-Mgmt" 147*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SECONDARY_ALIAS "KMA-Service" 148*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DATABASE_FILE_SYSTEM_PATH "/var/lib/pgsql" 149*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_BUNDLE_SOFTWARE_COMMAND "/opt/SUNWkms2/bin/BundleSoftwareUpgrade" 150*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_FLAR_FILE_PATH "/SUNWkms2/boxcar/SoftwareUpgrade.flar" 151*12720SWyllys.Ingersoll@Sun.COM 152*12720SWyllys.Ingersoll@Sun.COM // System Calls (Config) 153*12720SWyllys.Ingersoll@Sun.COM 154*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SERVER_RESTART_COMMAND "/usr/sbin/svcadm restart kms2 > /dev/null 2>&1" 155*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SET_IP_CONFIGURATION_COMMAND "/opt/SUNWkms2/bin/SetIPAddresses" 156*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_RESET_TO_FACTORY_DEFAULT_COMMAND "/opt/SUNWkms2/bin/ResetAndZeroizeLauncher > /dev/null 2>&1" 157*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_RESET_TO_FACTORY_AND_ZEROIZE_DEFAULT_COMMAND "/opt/SUNWkms2/bin/ResetAndZeroizeLauncher -zeroize > /dev/null 2>&1" 158*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SHUTDOWN_COMMAND "/usr/sbin/shutdown -y -g 5 -i 5 'KMS is shutting down the system' > /dev/null 2>&1" 159*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_ENABLE_SUPPORT_COMMAND "/bin/passwd -u support > /dev/null 2>&1" 160*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DISABLE_SUPPORT_COMMAND "/bin/passwd -l support > /dev/null 2>&1" 161*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_REGENERATE_SSH_KEYS_COMMAND "/opt/SUNWkms2/bin/RegenerateSSHKeys > /dev/null 2>&1" 162*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DISPLAY_SSH_KEYS_COMMAND "/opt/SUNWkms2/bin/GetSSHKeys" 163*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_ENABLE_SSH_COMMAND "/usr/sbin/svcadm enable ssh > /dev/null 2>&1" 164*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_DISABLE_SSH_COMMAND "/opt/SUNWkms2/bin/DisableSSH > /dev/null 2>&1" 165*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_GET_SUPPORT_STATUS_COMMAND "/opt/SUNWkms2/bin/StateOfSupport" 166*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_GET_SSH_STATUS_COMMAND "/opt/SUNWkms2/bin/StateOfSSHD" 167*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_ENABLE_SERVER_STARTUP_COMMAND "/bin/true" 168*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SERVER_STARTUP_COMMAND "/usr/sbin/svcadm enable kms2 > /dev/null 2>&1" 169*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SOFTWARE_UPGRADE_COMMAND "/opt/SUNWkms2/bin/InstallSoftwareVersion" 170*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_LIST_SOFTWARE_VERSIONS_COMMAND "/opt/SUNWkms2/bin/ListSoftwareVersions" 171*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_STOP_SOFTWARE_AND_RUN_COMMAND "echo Stop and run not implemented" // "/usr/local/bin/StopSoftwareAndRun" 172*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_VERIFY_SOFTWARE_COMMAND "/opt/SUNWkms2/bin/VerifySoftwareFile" 173*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_VERIFY_ACTIVATE_COMMAND "/opt/SUNWkms2/bin/VerifyActivateSoftware" 174*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CHANGE_SOFTWARE_COMMAND "/opt/SUNWkms2/bin/ChangeSoftwareVersion" 175*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_REBOOT_SYSTEM_COMMAND "/usr/sbin/shutdown -y -g 5 -i 6 'KMS is rebooting the system' > /dev/null 2>&1" 176*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_STOP_SERVER_COMMAND "/usr/sbin/svcadm disable kms2" 177*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_INTERFACE_CONFIG_COMMAND "/usr/sbin/ifconfig" 178*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SYSTEM_DUMP_COMMAND "/opt/SUNWkms2/bin/SystemDump" 179*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CONFIGURE_NTP_COMMAND "/opt/SUNWkms2/bin/ConfigureNTP" 180*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SET_TIMEZONE_COMMAND "/opt/SUNWkms2/bin/SetTimezone" 181*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_GET_KEYBOARD_LAYOUT_COMMAND "/opt/SUNWkms2/bin/GetKeyboardLayout" 182*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_SET_KEYBOARD_LAYOUT_COMMAND "/opt/SUNWkms2/bin/SetKeyboardLayout" 183*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CONFIGURE_PRIMARY_ADMIN_COMMAND "/opt/SUNWkms2/bin/ConfigurePrimaryAdmin" 184*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_GET_IPV6_ADDRESS_COMMAND "/opt/SUNWkms2/bin/GetIPv6Address" 185*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_INITIALIZE_SCA6000_COMMAND "/opt/SUNWkms2/bin/InitializeSCA6000" 186*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_QUERY_SYSTEM_MESSAGES_COMMAND "/opt/SUNWkms2/bin/QuerySystemMessages" 187*12720SWyllys.Ingersoll@Sun.COM 188*12720SWyllys.Ingersoll@Sun.COM // @see StringUtilities.cpp 189*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_PENDING_QUORUM_OPERATION_TIMEOUT "P2D" // Default to 2 days (defined by ISO 8601) 190*12720SWyllys.Ingersoll@Sun.COM #define PENDING_OPERATIONS_VERSION_STRING "2.2" 191*12720SWyllys.Ingersoll@Sun.COM 192*12720SWyllys.Ingersoll@Sun.COM // PKI 193*12720SWyllys.Ingersoll@Sun.COM 194*12720SWyllys.Ingersoll@Sun.COM #define KEY_SIZE 2048 195*12720SWyllys.Ingersoll@Sun.COM #define CRL_DAYS 365 196*12720SWyllys.Ingersoll@Sun.COM #define CRL_HOURS 0 197*12720SWyllys.Ingersoll@Sun.COM #define PKI_FORMAT FILE_FORMAT_PEM 198*12720SWyllys.Ingersoll@Sun.COM #define DER_FORMAT FILE_FORMAT_DER 199*12720SWyllys.Ingersoll@Sun.COM #define PKCS12_FORMAT FILE_FORMAT_PKCS12 200*12720SWyllys.Ingersoll@Sun.COM #define PKI_UNPROTECTED_PASSWORD "password" 201*12720SWyllys.Ingersoll@Sun.COM #define DN_O_ROOT_CA "Oracle" 202*12720SWyllys.Ingersoll@Sun.COM #define DN_OU_ROOT_CA "KMS" 203*12720SWyllys.Ingersoll@Sun.COM #define DN_CN_ROOT_CA "RootCA" 204*12720SWyllys.Ingersoll@Sun.COM // NOTE: Do not directly use the following values. 205*12720SWyllys.Ingersoll@Sun.COM // Use the configurable Security Parameter values instead 206*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_ROOT_CA_CERTIFICATE_LIFETIME "P49Y" 207*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_CERTIFICATE_LIFETIME "P49Y" 208*12720SWyllys.Ingersoll@Sun.COM #define AUTHENTICATION_SECRET_LENGTH 20 209*12720SWyllys.Ingersoll@Sun.COM #define AUTHENTICATION_CHALLENGE_LENGTH 20 210*12720SWyllys.Ingersoll@Sun.COM #define AUTHENTICATION_RESPONSE_LENGTH 20 211*12720SWyllys.Ingersoll@Sun.COM #define AUTHENTICATION_ITERATION_TIME_IN_MILLISECONDS 100 212*12720SWyllys.Ingersoll@Sun.COM // reduce the time for agents since we support agents on embedded processors 213*12720SWyllys.Ingersoll@Sun.COM #define AGENT_AUTHENTICATION_ITERATION_TIME_IN_MILLISECONDS 10 214*12720SWyllys.Ingersoll@Sun.COM #define MIN_AUTHENTICATION_ITERATION_COUNT 40000 // a bit less than 1/10 second on standard Appliance hardware 215*12720SWyllys.Ingersoll@Sun.COM #define MAX_AUTHENTICATION_ITERATION_COUNT 400000 // a bit less that 1 second on standard Appliance hardware 216*12720SWyllys.Ingersoll@Sun.COM 217*12720SWyllys.Ingersoll@Sun.COM // Core Security 218*12720SWyllys.Ingersoll@Sun.COM 219*12720SWyllys.Ingersoll@Sun.COM #define MAX_CORE_SECURITY_KEY_SPLIT_COUNT 10 220*12720SWyllys.Ingersoll@Sun.COM #define CORE_SECURITY_HMAC_LENGTH 64 221*12720SWyllys.Ingersoll@Sun.COM #define MAX_CORE_SECURITY_PAD_LENGTH 16 222*12720SWyllys.Ingersoll@Sun.COM 223*12720SWyllys.Ingersoll@Sun.COM //------------- to be removed: Transfer Partner code is obsolete ----------- 224*12720SWyllys.Ingersoll@Sun.COM #define MAX_KEY_DISTRIBUTION_PUBLIC_KEY_COUNT 4 225*12720SWyllys.Ingersoll@Sun.COM #define MAX_CORE_SECURITY_PUBLIC_KEY_LENGTH 256 226*12720SWyllys.Ingersoll@Sun.COM //-------------------------------------------------------------------------- 227*12720SWyllys.Ingersoll@Sun.COM 228*12720SWyllys.Ingersoll@Sun.COM // SOAP Services 229*12720SWyllys.Ingersoll@Sun.COM 230*12720SWyllys.Ingersoll@Sun.COM // TODO: make functions instead of macros? 231*12720SWyllys.Ingersoll@Sun.COM 232*12720SWyllys.Ingersoll@Sun.COM #define SOAP_SERVER_ERROR( pstSoap ) (soap_receiver_fault( pstSoap, "Server Error", NULL )) 233*12720SWyllys.Ingersoll@Sun.COM // This has been replaced with SoapClientError: 234*12720SWyllys.Ingersoll@Sun.COM //#define SOAP_CLIENT_ERROR( pstSoap, sMessage ) (soap_sender_fault( pstSoap, sMessage, NULL )) 235*12720SWyllys.Ingersoll@Sun.COM #define SOAP_IS_CLIENT_ERROR( pstSoap ) (strcmp( *soap_faultcode( pstSoap ), pstSoap->version == 2 ? "SOAP-ENV:Sender" : "SOAP-ENV:Client" ) == 0) 236*12720SWyllys.Ingersoll@Sun.COM #define GET_SOAP_FAULTCODE( pstSoap ) ((soap_set_fault( pstSoap ),*soap_faultcode( pstSoap )) ? (*soap_faultcode( pstSoap )) : "Unknown") 237*12720SWyllys.Ingersoll@Sun.COM #define GET_SOAP_FAULTSTRING( pstSoap ) ((soap_set_fault( pstSoap ),*soap_faultstring( pstSoap )) ? (*soap_faultstring( pstSoap )) : "Unknown") 238*12720SWyllys.Ingersoll@Sun.COM #define GET_SOAP_FAULTDETAIL( pstSoap ) ((soap_set_fault( pstSoap ),*soap_faultdetail( pstSoap )) ? (*soap_faultdetail( pstSoap )) : "Unknown") 239*12720SWyllys.Ingersoll@Sun.COM #define SOAP_AUDIT_LOG_MESSAGE( pStringTable, pstSoap ) ( CAuditMessage( CAuditLogger::AUDIT_VALUE_SOAP_FAULTCODE, GET_SOAP_FAULTCODE( pstSoap ) ) + CAuditMessage( CAuditLogger::AUDIT_VALUE_SOAP_FAULTSTRING, GET_SOAP_FAULTSTRING( pstSoap ) ) + CAuditMessage( CAuditLogger::AUDIT_VALUE_SOAP_FAULTDETAIL, GET_SOAP_FAULTDETAIL( pstSoap ) ) ) 240*12720SWyllys.Ingersoll@Sun.COM #define SOAP_HTTP_PROTOCOL "http://" 241*12720SWyllys.Ingersoll@Sun.COM #define SOAP_HTTPS_PROTOCOL "https://" 242*12720SWyllys.Ingersoll@Sun.COM 243*12720SWyllys.Ingersoll@Sun.COM // Data Entry 244*12720SWyllys.Ingersoll@Sun.COM 245*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_WIDE_STRING_VALUE_LENGTH 1 246*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_WIDE_STRING_VALUE_LENGTH 64 247*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_UTF8_STRING_VALUE_LENGTH ( MAXIMUM_WIDE_STRING_VALUE_LENGTH * 6 ) 248*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_WIDE_TEXT_VALUE_LENGTH 1 249*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_WIDE_TEXT_VALUE_LENGTH 8192 250*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_UTF8_TEXT_VALUE_LENGTH ( MAXIMUM_WIDE_TEXT_VALUE_LENGTH * 6 ) 251*12720SWyllys.Ingersoll@Sun.COM 252*12720SWyllys.Ingersoll@Sun.COM // Business Logic 253*12720SWyllys.Ingersoll@Sun.COM 254*12720SWyllys.Ingersoll@Sun.COM #define AUDIT_ID_BUFFER_LENGTH 16 255*12720SWyllys.Ingersoll@Sun.COM #define CERTIFICATE_SERIAL_NUMBER_BUFFER_LENGTH 16 256*12720SWyllys.Ingersoll@Sun.COM #define BACKUP_ID_BUFFER_LENGTH 16 257*12720SWyllys.Ingersoll@Sun.COM #define DATA_UNIT_ID_HEX_STRING_LENGTH 32 258*12720SWyllys.Ingersoll@Sun.COM #define DATA_UNIT_KEY_ID_BUFFER_LENGTH 30 259*12720SWyllys.Ingersoll@Sun.COM #define DATA_UNIT_KEY_ID_HEX_STRING_LENGTH (DATA_UNIT_KEY_ID_BUFFER_LENGTH*2) 260*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_QUERY_NEXT_PAGE_SIZE 1000 261*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_QUERY_FILTER_PARAMS_COUNT 100 262*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_LIST_DATA_UNIT_STATUS_PARAMS_COUNT ( MAXIMUM_QUERY_FILTER_PARAMS_COUNT ) 263*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_LIST_AUDIT_LOGS_FOR_AGENTS_PARAMS_COUNT ( MAXIMUM_QUERY_FILTER_PARAMS_COUNT ) 264*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_LIST_AUDIT_LOGS_FOR_DATA_UNITS_PARAMS_COUNT ( MAXIMUM_QUERY_FILTER_PARAMS_COUNT ) 265*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_LIST_AUDIT_LOGS_FOR_KEYS_PARAMS_COUNT ( MAXIMUM_QUERY_FILTER_PARAMS_COUNT ) 266*12720SWyllys.Ingersoll@Sun.COM // 0 allows unlimited # of DUs to be exported, positive int constricts the size 267*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_KEYSHARING_MAXIMUM_EXPORT_DATA_UNITS_RESULT_SIZE 0 268*12720SWyllys.Ingersoll@Sun.COM #define TRANSFER_PARTNER_KEY_ID_LENGTH 32 269*12720SWyllys.Ingersoll@Sun.COM #define TRANSFER_PARTNER_KEY_VALUE_LENGTH 259 270*12720SWyllys.Ingersoll@Sun.COM #define TRANSFER_PARTNER_KEY_VALUE_HEX_STRING_LENGTH (TRANSFER_PARTNER_KEY_VALUE_LENGTH*2) 271*12720SWyllys.Ingersoll@Sun.COM // NOTE: Do not directly use the following value. 272*12720SWyllys.Ingersoll@Sun.COM // Use the configurable Security Parameter value instead 273*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_MAX_FAILED_RETRIEVE_CERTIFICATE_ATTEMPTS 5 274*12720SWyllys.Ingersoll@Sun.COM // The obvious logic for determining if a key's bits are on a backup is as follows: 275*12720SWyllys.Ingersoll@Sun.COM // The key must have been created before the backup was created: 276*12720SWyllys.Ingersoll@Sun.COM // Backup.CreatedDate >= DataUnitKey.CreatedDate 277*12720SWyllys.Ingersoll@Sun.COM // And the key must not have been destroyed before the backup was created: 278*12720SWyllys.Ingersoll@Sun.COM // (DataUnitKey.DestroyedDate IS NULL) OR (Backup.CreatedDate <= DataUnitKey.DestroyedDate) 279*12720SWyllys.Ingersoll@Sun.COM // This logic would be fine in a single-appliance cluster, or if we had (or when we have) 280*12720SWyllys.Ingersoll@Sun.COM // time synchronization. But right now the appliances in a cluster may have different 281*12720SWyllys.Ingersoll@Sun.COM // times from each other, and that makes it dangerous to use a simple date comparison. 282*12720SWyllys.Ingersoll@Sun.COM // (Note that when determining if a key is on a backup, we *really* don't want false 283*12720SWyllys.Ingersoll@Sun.COM // negatives, but we don't mind false positives so much, within reason.) 284*12720SWyllys.Ingersoll@Sun.COM // To address this, the best solution we came up with is to use a "backup date window". 285*12720SWyllys.Ingersoll@Sun.COM // Instead of simply using the CreatedDate of a backup in our logic, we'll use: 286*12720SWyllys.Ingersoll@Sun.COM // (Backup.CreatedDate + BACKUP_DATE_WINDOW_INTERVAL) >= DataUnitKey.CreatedDate 287*12720SWyllys.Ingersoll@Sun.COM // and 288*12720SWyllys.Ingersoll@Sun.COM // (DataUnitKey.DestroyedDate IS NULL) OR ((Backup.CreatedDate - BACKUP_DATE_WINDOW_INTERVAL) <= DataUnitKey.DestroyedDate) 289*12720SWyllys.Ingersoll@Sun.COM // Note that the adding and subtracting of BACKUP_DATE_WINDOW_INTERVAL effectively increases 290*12720SWyllys.Ingersoll@Sun.COM // the chance that the calculation will show that a key's bits are on a backup. 291*12720SWyllys.Ingersoll@Sun.COM // It's still possible to get false negatives, and there will be more false positives, 292*12720SWyllys.Ingersoll@Sun.COM // but if BACKUP_DATE_WINDOW_INTERVAL is set to the largest reasonable value that 293*12720SWyllys.Ingersoll@Sun.COM // appliances' clocks could differ by, then we can eliminate false negatives to a 294*12720SWyllys.Ingersoll@Sun.COM // fairly high degree of probability. (We can raise the probability to any arbitrary 295*12720SWyllys.Ingersoll@Sun.COM // amount by increasing the window, but the trade-off is that we'll have more and more 296*12720SWyllys.Ingersoll@Sun.COM // false positives.) 297*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_BACKUP_DATE_WINDOW_IN_SECONDS 300 298*12720SWyllys.Ingersoll@Sun.COM 299*12720SWyllys.Ingersoll@Sun.COM // Security Parameter Constraints 300*12720SWyllys.Ingersoll@Sun.COM 301*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_LONG_TERM_RETENTION_AUDIT_LOG_SIZE_LIMIT 1000 302*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_LONG_TERM_RETENTION_AUDIT_LOG_SIZE_LIMIT 1000000 303*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_LONG_TERM_RETENTION_AUDIT_LOG_LIFETIME "P7D" 304*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_MEDIUM_TERM_RETENTION_AUDIT_LOG_SIZE_LIMIT 1000 305*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_MEDIUM_TERM_RETENTION_AUDIT_LOG_SIZE_LIMIT 1000000 306*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_MEDIUM_TERM_RETENTION_AUDIT_LOG_LIFETIME "P7D" 307*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_SHORT_TERM_RETENTION_AUDIT_LOG_SIZE_LIMIT 1000 308*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_SHORT_TERM_RETENTION_AUDIT_LOG_SIZE_LIMIT 1000000 309*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_SHORT_TERM_RETENTION_AUDIT_LOG_LIFETIME "P7D" 310*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_AUDIT_LOG_MAINTENANCE_FREQUENCY "PT1M" 311*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_ROOT_CA_CERTIFICATE_LIFETIME "P1M" 312*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_CERTIFICATE_LIFETIME "P1M" 313*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_RETRIEVE_CERTIFICATE_ATTEMPT_LIMIT 1 314*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_RETRIEVE_CERTIFICATE_ATTEMPT_LIMIT 1000 315*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_PASSPHRASE_MINIMUM_LENGTH 8 316*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_PASSPHRASE_MINIMUM_LENGTH ( MAXIMUM_WIDE_STRING_VALUE_LENGTH ) 317*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_MANAGEMENT_SESSION_TIMEOUT_IN_MINUTES 0 318*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_MANAGEMENT_SESSION_TIMEOUT_IN_MINUTES 60 319*12720SWyllys.Ingersoll@Sun.COM 320*12720SWyllys.Ingersoll@Sun.COM // The SYSTEM_FIPS_MODE_ONLY_ values must match those in 321*12720SWyllys.Ingersoll@Sun.COM // enum KMS_Management__FIPSModeOnly in KMS_Management_SOAP.h and 322*12720SWyllys.Ingersoll@Sun.COM // enum KMSManagement_FIPSModeOnly in KMSManagement.h 323*12720SWyllys.Ingersoll@Sun.COM #define SYSTEM_FIPS_MODE_ONLY_UNCHANGED (-1) 324*12720SWyllys.Ingersoll@Sun.COM #define SYSTEM_FIPS_MODE_ONLY_FALSE 0 325*12720SWyllys.Ingersoll@Sun.COM #define SYSTEM_FIPS_MODE_ONLY_TRUE 1 326*12720SWyllys.Ingersoll@Sun.COM #define MINIMUM_FIPS_MODE_ONLY ( SYSTEM_FIPS_MODE_ONLY_FALSE ) 327*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_FIPS_MODE_ONLY ( SYSTEM_FIPS_MODE_ONLY_TRUE ) 328*12720SWyllys.Ingersoll@Sun.COM 329*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_MINIMUM_PASSPHRASE_LENGTH 8 330*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_MANAGEMENT_SESSION_TIMEOUT_IN_MINUTES 15 331*12720SWyllys.Ingersoll@Sun.COM #define DEFAULT_FIPS_MODE_ONLY ( SYSTEM_FIPS_MODE_ONLY_FALSE ) 332*12720SWyllys.Ingersoll@Sun.COM 333*12720SWyllys.Ingersoll@Sun.COM // To limit maximum query size, we limit # created 334*12720SWyllys.Ingersoll@Sun.COM // this is probably (hopefully) temporary 335*12720SWyllys.Ingersoll@Sun.COM #define MAXIMUM_CREATION_COUNT 999 336*12720SWyllys.Ingersoll@Sun.COM 337*12720SWyllys.Ingersoll@Sun.COM // Audit Log 338*12720SWyllys.Ingersoll@Sun.COM 339*12720SWyllys.Ingersoll@Sun.COM #define AUDIT_LOG_DEFAULT_SIZE_LONG_TERM_RETENTION 1000000 340*12720SWyllys.Ingersoll@Sun.COM #define AUDIT_LOG_DEFAULT_SIZE_MEDIUM_TERM_RETENTION 100000 341*12720SWyllys.Ingersoll@Sun.COM #define AUDIT_LOG_DEFAULT_SIZE_SHORT_TERM_RETENTION 10000 342*12720SWyllys.Ingersoll@Sun.COM #define AUDIT_LOG_DEFAULT_LIFETIME_DAYS_LONG_TERM_RETENTION "P2Y" 343*12720SWyllys.Ingersoll@Sun.COM #define AUDIT_LOG_DEFAULT_LIFETIME_DAYS_MEDIUM_TERM_RETENTION "P3M" 344*12720SWyllys.Ingersoll@Sun.COM #define AUDIT_LOG_DEFAULT_LIFETIME_DAYS_SHORT_TERM_RETENTION "P7D" 345*12720SWyllys.Ingersoll@Sun.COM 346*12720SWyllys.Ingersoll@Sun.COM // Replication 347*12720SWyllys.Ingersoll@Sun.COM 348*12720SWyllys.Ingersoll@Sun.COM // schema version 7: change to soap Discovery Service for supporting DNS 349*12720SWyllys.Ingersoll@Sun.COM // schema version 8: change to soap Agent Service for RetrieveDataUnitKeys 350*12720SWyllys.Ingersoll@Sun.COM // schema version 9: ensure that Ready keys appear in current backup 351*12720SWyllys.Ingersoll@Sun.COM // schema version 10: IPv6 support and AES key wrap 352*12720SWyllys.Ingersoll@Sun.COM // schema version 11: ICSF integration, distributed quorum, SNMP v2 353*12720SWyllys.Ingersoll@Sun.COM // schema version 12: replication acceleration 354*12720SWyllys.Ingersoll@Sun.COM #define REPLICATION_SCHEMA_VERSION_MIN 8 355*12720SWyllys.Ingersoll@Sun.COM #define REPLICATION_SCHEMA_VERSION_MAX 12 356*12720SWyllys.Ingersoll@Sun.COM #define REPLICATION_SCHEMA_VERSION_KEYS_IN_BACKUP 9 357*12720SWyllys.Ingersoll@Sun.COM #define REPLICATION_SCHEMA_VERSION_IPV6_ADDRESSES 10 358*12720SWyllys.Ingersoll@Sun.COM #define REPLICATION_SCHEMA_VERSION_AES_KEY_WRAP 10 359*12720SWyllys.Ingersoll@Sun.COM #define REPLICATION_SCHEMA_VERSION_MASTER_KEY_MODE 11 360*12720SWyllys.Ingersoll@Sun.COM #define REPLICATION_SCHEMA_VERSION_DISTRIBUTED_QUORUM 11 361*12720SWyllys.Ingersoll@Sun.COM #define REPLICATION_SCHEMA_VERSION_SNMP_PROTOCOL_VERSION_TWO 11 362*12720SWyllys.Ingersoll@Sun.COM #define REPLICATION_SCHEMA_VERSION_REPLICATION_ACCELERATION 12 363*12720SWyllys.Ingersoll@Sun.COM // value to return on inactive software versions 364*12720SWyllys.Ingersoll@Sun.COM #define REPLICATION_SCHEMA_VERSION_INVALID 0 365*12720SWyllys.Ingersoll@Sun.COM 366*12720SWyllys.Ingersoll@Sun.COM // Key Sharing Transfer Formats 367*12720SWyllys.Ingersoll@Sun.COM 368*12720SWyllys.Ingersoll@Sun.COM #define TRANSFER_FORMAT_INVALID (-100) 369*12720SWyllys.Ingersoll@Sun.COM #define TRANSFER_FORMAT_DEFAULT (-1) 370*12720SWyllys.Ingersoll@Sun.COM #define TRANSFER_FORMAT_LEGACY 0 371*12720SWyllys.Ingersoll@Sun.COM #define TRANSFER_FORMAT_LEGACY_VERSION_STRING "2.0.1" 372*12720SWyllys.Ingersoll@Sun.COM #define TRANSFER_FORMAT_FIPS 1 373*12720SWyllys.Ingersoll@Sun.COM #define TRANSFER_FORMAT_FIPS_VERSION_STRING "2.1" 374*12720SWyllys.Ingersoll@Sun.COM 375*12720SWyllys.Ingersoll@Sun.COM // Master Key Modes 376*12720SWyllys.Ingersoll@Sun.COM #define _MASTER_KEY_MODE_OFF 0 377*12720SWyllys.Ingersoll@Sun.COM #define _MASTER_KEY_MODE_ALL_KEYS 1 378*12720SWyllys.Ingersoll@Sun.COM #define _MASTER_KEY_MODE_RECOVER_KEYS_ONLY 2 379*12720SWyllys.Ingersoll@Sun.COM 380*12720SWyllys.Ingersoll@Sun.COM // Derived/Master Key stuff 381*12720SWyllys.Ingersoll@Sun.COM #define KEY_VERSION_PREFIX_LENGTH 2 382*12720SWyllys.Ingersoll@Sun.COM #define KEY_VERSION_PREFIX_HEX_LENGTH (KEY_VERSION_PREFIX_LENGTH*2) 383*12720SWyllys.Ingersoll@Sun.COM #define NON_DERIVED_KEY_VERSION 0x0000 384*12720SWyllys.Ingersoll@Sun.COM #define NON_DERIVED_KEY_VERSION_HEX (L"0000") 385*12720SWyllys.Ingersoll@Sun.COM #define DERIVED_KEY_VERSION 0x0001 386*12720SWyllys.Ingersoll@Sun.COM #define DERIVED_KEY_VERSION_HEX (L"0001") 387*12720SWyllys.Ingersoll@Sun.COM #define MASTER_KEY_ID_PREFIX_HEX (L"0000") 388*12720SWyllys.Ingersoll@Sun.COM #define MASTER_KEY_ID_PREFIX_LENGTH 2 389*12720SWyllys.Ingersoll@Sun.COM #define MASTER_KEY_ID_PREFIX_HEX_LENGTH (MASTER_KEY_ID_PREFIX_LENGTH*2) 390*12720SWyllys.Ingersoll@Sun.COM #define MASTER_KEY_ID_KMAID_LENGTH 8 391*12720SWyllys.Ingersoll@Sun.COM #define MASTER_KEY_ID_KMAID_HEX_LENGTH (MASTER_KEY_ID_KMAID_LENGTH*2) 392*12720SWyllys.Ingersoll@Sun.COM #define MASTER_KEY_ID_RANDOM_LENGTH 8 393*12720SWyllys.Ingersoll@Sun.COM #define MASTER_KEY_ID_LENGTH (MASTER_KEY_ID_PREFIX_LENGTH + MASTER_KEY_ID_KMAID_LENGTH + MASTER_KEY_ID_RANDOM_LENGTH) 394*12720SWyllys.Ingersoll@Sun.COM #define MASTER_KEY_ID_HEX_LENGTH (MASTER_KEY_ID_LENGTH*2) // ICSF can only handle 32-byte string IDs for keys 395*12720SWyllys.Ingersoll@Sun.COM #define MASTER_KEY_ID_BASE64_LENGTH 32 396*12720SWyllys.Ingersoll@Sun.COM #define DATA_UNIT_KEY_ID_HEX_LENGTH (DATA_UNIT_KEY_ID_BUFFER_LENGTH*2) 397*12720SWyllys.Ingersoll@Sun.COM 398*12720SWyllys.Ingersoll@Sun.COM // SNMP Manager protocol version stuff 399*12720SWyllys.Ingersoll@Sun.COM #define SYSTEM_SNMP_PROTOCOL_VERSION_THREE 0 400*12720SWyllys.Ingersoll@Sun.COM #define SYSTEM_SNMP_PROTOCOL_VERSION_TWO 1 401*12720SWyllys.Ingersoll@Sun.COM 402*12720SWyllys.Ingersoll@Sun.COM #endif //ApplianceParameters_h 403