1781Sgtb /* 25916Swillf * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3781Sgtb * Use is subject to license terms. 4781Sgtb */ 5781Sgtb 60Sstevel@tonic-gate /* 70Sstevel@tonic-gate * include/krb5/kdb.h 80Sstevel@tonic-gate * 90Sstevel@tonic-gate * Copyright 1990,1991 by the Massachusetts Institute of Technology. 100Sstevel@tonic-gate * All Rights Reserved. 110Sstevel@tonic-gate * 120Sstevel@tonic-gate * Export of this software from the United States of America may 130Sstevel@tonic-gate * require a specific license from the United States Government. 140Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 150Sstevel@tonic-gate * export to obtain such a license before exporting. 160Sstevel@tonic-gate * 170Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 180Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 190Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 200Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 210Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 220Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 230Sstevel@tonic-gate * to distribution of the software without specific, written prior 240Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 250Sstevel@tonic-gate * your software as modified software and not distribute it in such a 260Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 270Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 280Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 290Sstevel@tonic-gate * or implied warranty. 300Sstevel@tonic-gate * 310Sstevel@tonic-gate * 320Sstevel@tonic-gate * KDC Database interface definitions. 330Sstevel@tonic-gate */ 340Sstevel@tonic-gate 350Sstevel@tonic-gate /* 360Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC. 370Sstevel@tonic-gate * 380Sstevel@tonic-gate * All rights reserved. 390Sstevel@tonic-gate * 400Sstevel@tonic-gate * Export of this software from the United States of America may require 410Sstevel@tonic-gate * a specific license from the United States Government. It is the 420Sstevel@tonic-gate * responsibility of any person or organization contemplating export to 430Sstevel@tonic-gate * obtain such a license before exporting. 440Sstevel@tonic-gate * 450Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 460Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 470Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 480Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 490Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 500Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining 510Sstevel@tonic-gate * to distribution of the software without specific, written prior 520Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of 530Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 540Sstevel@tonic-gate * or implied warranty. 550Sstevel@tonic-gate * 560Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 570Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 580Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 590Sstevel@tonic-gate */ 600Sstevel@tonic-gate 610Sstevel@tonic-gate #ifndef KRB5_KDB5__ 620Sstevel@tonic-gate #define KRB5_KDB5__ 630Sstevel@tonic-gate 640Sstevel@tonic-gate /* Salt types */ 650Sstevel@tonic-gate #define KRB5_KDB_SALTTYPE_NORMAL 0 660Sstevel@tonic-gate #define KRB5_KDB_SALTTYPE_V4 1 670Sstevel@tonic-gate #define KRB5_KDB_SALTTYPE_NOREALM 2 680Sstevel@tonic-gate #define KRB5_KDB_SALTTYPE_ONLYREALM 3 690Sstevel@tonic-gate #define KRB5_KDB_SALTTYPE_SPECIAL 4 700Sstevel@tonic-gate #define KRB5_KDB_SALTTYPE_AFS3 5 710Sstevel@tonic-gate 720Sstevel@tonic-gate /* Attributes */ 730Sstevel@tonic-gate #define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 740Sstevel@tonic-gate #define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 750Sstevel@tonic-gate #define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 760Sstevel@tonic-gate #define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 770Sstevel@tonic-gate #define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 780Sstevel@tonic-gate #define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 790Sstevel@tonic-gate #define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 800Sstevel@tonic-gate #define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 810Sstevel@tonic-gate #define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 820Sstevel@tonic-gate #define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 830Sstevel@tonic-gate #define KRB5_KDB_DISALLOW_SVR 0x00001000 840Sstevel@tonic-gate #define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 850Sstevel@tonic-gate #define KRB5_KDB_SUPPORT_DESMD5 0x00004000 860Sstevel@tonic-gate #define KRB5_KDB_NEW_PRINC 0x00008000 870Sstevel@tonic-gate 880Sstevel@tonic-gate /* Creation flags */ 890Sstevel@tonic-gate #define KRB5_KDB_CREATE_BTREE 0x00000001 900Sstevel@tonic-gate #define KRB5_KDB_CREATE_HASH 0x00000002 910Sstevel@tonic-gate 920Sstevel@tonic-gate /* 930Sstevel@tonic-gate * Note --- these structures cannot be modified without changing the 940Sstevel@tonic-gate * database version number in libkdb.a, but should be expandable by 950Sstevel@tonic-gate * adding new tl_data types. 960Sstevel@tonic-gate */ 970Sstevel@tonic-gate typedef struct _krb5_tl_data { 980Sstevel@tonic-gate struct _krb5_tl_data* tl_data_next; /* NOT saved */ 990Sstevel@tonic-gate krb5_int16 tl_data_type; 100781Sgtb krb5_ui_2 tl_data_length; 1010Sstevel@tonic-gate krb5_octet * tl_data_contents; 1020Sstevel@tonic-gate } krb5_tl_data; 1030Sstevel@tonic-gate 1040Sstevel@tonic-gate /* 1050Sstevel@tonic-gate * If this ever changes up the version number and make the arrays be as 1060Sstevel@tonic-gate * big as necessary. 1070Sstevel@tonic-gate * 1080Sstevel@tonic-gate * Currently the first type is the enctype and the second is the salt type. 1090Sstevel@tonic-gate */ 1100Sstevel@tonic-gate typedef struct _krb5_key_data { 1110Sstevel@tonic-gate krb5_int16 key_data_ver; /* Version */ 1120Sstevel@tonic-gate krb5_int16 key_data_kvno; /* Key Version */ 1130Sstevel@tonic-gate krb5_int16 key_data_type[2]; /* Array of types */ 114781Sgtb #if 0 115781Sgtb /* 116781Sgtb * SUNW14resync (mech) 117781Sgtb * This has changed in the mech so we change it here also 118781Sgtb * prior to the admin resync. 119781Sgtb */ 120781Sgtb krb5_ui_2 key_data_length[2]; Array of lengths 121781Sgtb #endif 1220Sstevel@tonic-gate krb5_int16 key_data_length[2]; /* Array of lengths */ 1230Sstevel@tonic-gate krb5_octet * key_data_contents[2]; /* Array of pointers */ 1240Sstevel@tonic-gate } krb5_key_data; 1250Sstevel@tonic-gate 1260Sstevel@tonic-gate #define KRB5_KDB_V1_KEY_DATA_ARRAY 2 /* # of array elements */ 1270Sstevel@tonic-gate 1280Sstevel@tonic-gate typedef struct _krb5_keysalt { 1290Sstevel@tonic-gate krb5_int16 type; 1300Sstevel@tonic-gate krb5_data data; /* Length, data */ 1310Sstevel@tonic-gate } krb5_keysalt; 1320Sstevel@tonic-gate 1330Sstevel@tonic-gate typedef struct _krb5_db_entry_new { 1340Sstevel@tonic-gate krb5_magic magic; /* NOT saved */ 135781Sgtb krb5_ui_2 len; 136*7934SMark.Phalan@Sun.COM krb5_ui_4 mask; /* members currently changed/set */ 1370Sstevel@tonic-gate krb5_flags attributes; 1380Sstevel@tonic-gate krb5_deltat max_life; 1390Sstevel@tonic-gate krb5_deltat max_renewable_life; 1400Sstevel@tonic-gate krb5_timestamp expiration; /* When the client expires */ 1410Sstevel@tonic-gate krb5_timestamp pw_expiration; /* When its passwd expires */ 1420Sstevel@tonic-gate krb5_timestamp last_success; /* Last successful passwd */ 1430Sstevel@tonic-gate krb5_timestamp last_failed; /* Last failed passwd attempt */ 1440Sstevel@tonic-gate krb5_kvno fail_auth_count; /* # of failed passwd attempt */ 1450Sstevel@tonic-gate krb5_int16 n_tl_data; 1460Sstevel@tonic-gate krb5_int16 n_key_data; 147781Sgtb krb5_ui_2 e_length; /* Length of extra data */ 1480Sstevel@tonic-gate krb5_octet * e_data; /* Extra data to be saved */ 1490Sstevel@tonic-gate 1500Sstevel@tonic-gate krb5_principal princ; /* Length, data */ 1510Sstevel@tonic-gate krb5_tl_data * tl_data; /* Linked list */ 1520Sstevel@tonic-gate krb5_key_data * key_data; /* Array */ 1530Sstevel@tonic-gate } krb5_db_entry; 1540Sstevel@tonic-gate 1554960Swillf typedef struct __krb5_key_salt_tuple { 1564960Swillf krb5_enctype ks_enctype; 1574960Swillf krb5_int32 ks_salttype; 1584960Swillf } krb5_key_salt_tuple; 1594960Swillf 1600Sstevel@tonic-gate #define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb 1610Sstevel@tonic-gate #define KRB5_KDB_V1_BASE_LENGTH 38 1620Sstevel@tonic-gate 1630Sstevel@tonic-gate #define KRB5_TL_LAST_PWD_CHANGE 0x0001 1640Sstevel@tonic-gate #define KRB5_TL_MOD_PRINC 0x0002 1650Sstevel@tonic-gate #define KRB5_TL_KADM_DATA 0x0003 1660Sstevel@tonic-gate #define KRB5_TL_KADM5_E_DATA 0x0004 1670Sstevel@tonic-gate #define KRB5_TL_RB1_CHALLENGE 0x0005 1680Sstevel@tonic-gate #ifdef SECURID 1690Sstevel@tonic-gate #define KRB5_TL_SECURID_STATE 0x0006 1704960Swillf #define KRB5_TL_DB_ARGS 0x7fff 1710Sstevel@tonic-gate #endif /* SECURID */ 172*7934SMark.Phalan@Sun.COM #define KRB5_TL_USER_CERTIFICATE 0x0007 1730Sstevel@tonic-gate 1740Sstevel@tonic-gate /* 1750Sstevel@tonic-gate * Determines the number of failed KDC requests before DISALLOW_ALL_TIX is set 1760Sstevel@tonic-gate * on the principal. 1770Sstevel@tonic-gate */ 1780Sstevel@tonic-gate #define KRB5_MAX_FAIL_COUNT 5 1790Sstevel@tonic-gate 1800Sstevel@tonic-gate /* XXX depends on knowledge of krb5_parse_name() formats */ 1810Sstevel@tonic-gate #define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */ 1820Sstevel@tonic-gate 1830Sstevel@tonic-gate /* prompts used by default when reading the KDC password from the keyboard. */ 184781Sgtb #define KRB5_KDC_MKEY_1 "Enter KDC database master key" 185781Sgtb #define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify" 1860Sstevel@tonic-gate 187*7934SMark.Phalan@Sun.COM 1880Sstevel@tonic-gate extern char *krb5_mkey_pwd_prompt1; 1890Sstevel@tonic-gate extern char *krb5_mkey_pwd_prompt2; 1900Sstevel@tonic-gate 1910Sstevel@tonic-gate /* 1920Sstevel@tonic-gate * These macros specify the encoding of data within the database. 1930Sstevel@tonic-gate * 1940Sstevel@tonic-gate * Data encoding is little-endian. 1950Sstevel@tonic-gate */ 196*7934SMark.Phalan@Sun.COM #include "k5-platform.h" 1970Sstevel@tonic-gate #define krb5_kdb_decode_int16(cp, i16) \ 1980Sstevel@tonic-gate *((krb5_int16 *) &(i16)) = (((krb5_int16) ((unsigned char) (cp)[0]))| \ 1990Sstevel@tonic-gate ((krb5_int16) ((unsigned char) (cp)[1]) << 8)) 2000Sstevel@tonic-gate #define krb5_kdb_decode_int32(cp, i32) \ 2010Sstevel@tonic-gate *((krb5_int32 *) &(i32)) = (((krb5_int32) ((unsigned char) (cp)[0]))| \ 2020Sstevel@tonic-gate ((krb5_int32) ((unsigned char) (cp)[1]) << 8) | \ 2030Sstevel@tonic-gate ((krb5_int32) ((unsigned char) (cp)[2]) << 16)| \ 2040Sstevel@tonic-gate ((krb5_int32) ((unsigned char) (cp)[3]) << 24)) 2050Sstevel@tonic-gate #define krb5_kdb_encode_int16(i16, cp) \ 2060Sstevel@tonic-gate { \ 2070Sstevel@tonic-gate (cp)[0] = (unsigned char) ((i16) & 0xff); \ 2080Sstevel@tonic-gate (cp)[1] = (unsigned char) (((i16) >> 8) & 0xff); \ 2090Sstevel@tonic-gate } 2100Sstevel@tonic-gate #define krb5_kdb_encode_int32(i32, cp) \ 2110Sstevel@tonic-gate { \ 2120Sstevel@tonic-gate (cp)[0] = (unsigned char) ((i32) & 0xff); \ 2130Sstevel@tonic-gate (cp)[1] = (unsigned char) (((i32) >> 8) & 0xff); \ 2140Sstevel@tonic-gate (cp)[2] = (unsigned char) (((i32) >> 16) & 0xff); \ 2150Sstevel@tonic-gate (cp)[3] = (unsigned char) (((i32) >> 24) & 0xff); \ 2160Sstevel@tonic-gate } 2170Sstevel@tonic-gate 2184960Swillf #define KRB5_KDB_OPEN_RW 0 2194960Swillf #define KRB5_KDB_OPEN_RO 1 2204960Swillf 2214960Swillf #ifndef KRB5_KDB_SRV_TYPE_KDC 2224960Swillf #define KRB5_KDB_SRV_TYPE_KDC 0x0100 2234960Swillf #endif 2244960Swillf 2254960Swillf #ifndef KRB5_KDB_SRV_TYPE_ADMIN 2264960Swillf #define KRB5_KDB_SRV_TYPE_ADMIN 0x0200 2274960Swillf #endif 2284960Swillf 2294960Swillf #ifndef KRB5_KDB_SRV_TYPE_PASSWD 2304960Swillf #define KRB5_KDB_SRV_TYPE_PASSWD 0x0300 2314960Swillf #endif 2324960Swillf 2334960Swillf #ifndef KRB5_KDB_SRV_TYPE_OTHER 2344960Swillf #define KRB5_KDB_SRV_TYPE_OTHER 0x0400 2354960Swillf #endif 2364960Swillf 2374960Swillf #define KRB5_KDB_OPT_SET_DB_NAME 0 2384960Swillf #define KRB5_KDB_OPT_SET_LOCK_MODE 1 2394960Swillf 2404960Swillf #define KRB5_DB_LOCKMODE_SHARED 0x0001 2414960Swillf #define KRB5_DB_LOCKMODE_EXCLUSIVE 0x0002 2424960Swillf #define KRB5_DB_LOCKMODE_DONTBLOCK 0x0004 2434960Swillf #define KRB5_DB_LOCKMODE_PERMANENT 0x0008 2444960Swillf 2450Sstevel@tonic-gate /* libkdb.spec */ 2464960Swillf krb5_error_code krb5_db_open( krb5_context kcontext, char **db_args, int mode ); 2474960Swillf krb5_error_code krb5_db_init ( krb5_context kcontext ); 2484960Swillf krb5_error_code krb5_db_create ( krb5_context kcontext, char **db_args ); 2494960Swillf krb5_error_code krb5_db_inited ( krb5_context kcontext ); 2504960Swillf krb5_error_code kdb5_db_create ( krb5_context kcontext, char **db_args ); 2514960Swillf krb5_error_code krb5_db_fini ( krb5_context kcontext ); 2524960Swillf const char * krb5_db_errcode2string ( krb5_context kcontext, long err_code ); 2534960Swillf krb5_error_code krb5_db_destroy ( krb5_context kcontext, char **db_args ); 2544960Swillf krb5_error_code krb5_db_promote ( krb5_context kcontext, char **db_args ); 2554960Swillf krb5_error_code krb5_db_get_age ( krb5_context kcontext, char *db_name, time_t *t ); 2564960Swillf krb5_error_code krb5_db_set_option ( krb5_context kcontext, int option, void *value ); 2574960Swillf krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode ); 2584960Swillf krb5_error_code krb5_db_unlock ( krb5_context kcontext ); 2594960Swillf krb5_error_code krb5_db_get_principal ( krb5_context kcontext, 2604960Swillf krb5_const_principal search_for, 2614960Swillf krb5_db_entry *entries, 2624960Swillf int *nentries, 2634960Swillf krb5_boolean *more ); 2644960Swillf krb5_error_code krb5_db_get_principal_nolock ( krb5_context kcontext, 2654960Swillf krb5_const_principal search_for, 2664960Swillf krb5_db_entry *entries, 2674960Swillf int *nentries, 2684960Swillf krb5_boolean *more ); 2694960Swillf krb5_error_code krb5_db_free_principal ( krb5_context kcontext, 2704960Swillf krb5_db_entry *entry, 2714960Swillf int count ); 2724960Swillf krb5_error_code krb5_db_put_principal ( krb5_context kcontext, 2734960Swillf krb5_db_entry *entries, 2744960Swillf int *nentries); 2754960Swillf krb5_error_code krb5_db_delete_principal ( krb5_context kcontext, 2764960Swillf krb5_principal search_for, 2774960Swillf int *nentries ); 2785916Swillf /* Solaris Kerberos: adding support for db_args */ 2794960Swillf krb5_error_code krb5_db_iterate ( krb5_context kcontext, 2804960Swillf char *match_entry, 2814960Swillf int (*func) (krb5_pointer, krb5_db_entry *), 2825916Swillf krb5_pointer func_arg, 2835916Swillf char **db_args ); 2844960Swillf krb5_error_code krb5_supported_realms ( krb5_context kcontext, 2854960Swillf char **realms ); 2864960Swillf krb5_error_code krb5_free_supported_realms ( krb5_context kcontext, 2874960Swillf char **realms ); 2884960Swillf krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext, 2894960Swillf char *pwd, 2904960Swillf krb5_keyblock *key ); 2914960Swillf krb5_error_code krb5_db_set_mkey ( krb5_context context, 2924960Swillf krb5_keyblock *key); 2934960Swillf krb5_error_code krb5_db_get_mkey ( krb5_context kcontext, 2944960Swillf krb5_keyblock **key ); 2954960Swillf krb5_error_code krb5_db_free_master_key ( krb5_context kcontext, 2964960Swillf krb5_keyblock *key ); 2974960Swillf krb5_error_code krb5_db_store_master_key ( krb5_context kcontext, 2984960Swillf char *db_arg, 2994960Swillf krb5_principal mname, 3004960Swillf krb5_keyblock *key, 3014960Swillf char *master_pwd); 3024960Swillf krb5_error_code krb5_db_fetch_mkey ( krb5_context context, 3034960Swillf krb5_principal mname, 3044960Swillf krb5_enctype etype, 3054960Swillf krb5_boolean fromkeyboard, 3064960Swillf krb5_boolean twice, 3074960Swillf char *db_args, 3084960Swillf krb5_data *salt, 3094960Swillf krb5_keyblock *key); 3104960Swillf krb5_error_code krb5_db_verify_master_key ( krb5_context kcontext, 3114960Swillf krb5_principal mprinc, 3124960Swillf krb5_keyblock *mkey ); 3134960Swillf krb5_error_code 3144960Swillf krb5_dbe_find_enctype( krb5_context kcontext, 3154960Swillf krb5_db_entry *dbentp, 3164960Swillf krb5_int32 ktype, 3174960Swillf krb5_int32 stype, 3184960Swillf krb5_int32 kvno, 3194960Swillf krb5_key_data **kdatap); 3200Sstevel@tonic-gate 3214960Swillf 3224960Swillf krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext, 3234960Swillf krb5_db_entry *dbentp, 3244960Swillf krb5_int32 *start, 3254960Swillf krb5_int32 ktype, 3264960Swillf krb5_int32 stype, 3274960Swillf krb5_int32 kvno, 3284960Swillf krb5_key_data **kdatap); 329781Sgtb 3304960Swillf krb5_error_code 3314960Swillf krb5_db_setup_mkey_name ( krb5_context context, 3324960Swillf const char *keyname, 3334960Swillf const char *realm, 3344960Swillf char **fullname, 3354960Swillf krb5_principal *principal); 3364960Swillf 3374960Swillf krb5_error_code 3384960Swillf krb5_dbekd_decrypt_key_data( krb5_context context, 3394960Swillf const krb5_keyblock * mkey, 3404960Swillf const krb5_key_data * key_data, 3414960Swillf krb5_keyblock * dbkey, 3424960Swillf krb5_keysalt * keysalt); 3430Sstevel@tonic-gate 3444960Swillf krb5_error_code 3454960Swillf krb5_dbekd_encrypt_key_data( krb5_context context, 3464960Swillf const krb5_keyblock * mkey, 3474960Swillf const krb5_keyblock * dbkey, 3484960Swillf const krb5_keysalt * keysalt, 3494960Swillf int keyver, 3504960Swillf krb5_key_data * key_data); 3514960Swillf 3524960Swillf krb5_error_code 3534960Swillf krb5_dbe_lookup_mod_princ_data( krb5_context context, 3544960Swillf krb5_db_entry * entry, 3554960Swillf krb5_timestamp * mod_time, 3564960Swillf krb5_principal * mod_princ); 3574960Swillf 358781Sgtb 3594960Swillf krb5_error_code 3604960Swillf krb5_dbe_update_last_pwd_change( krb5_context context, 3614960Swillf krb5_db_entry * entry, 3624960Swillf krb5_timestamp stamp); 3634960Swillf 3644960Swillf krb5_error_code 3654960Swillf krb5_dbe_lookup_tl_data( krb5_context context, 3664960Swillf krb5_db_entry * entry, 3674960Swillf krb5_tl_data * ret_tl_data); 3684960Swillf 3694960Swillf krb5_error_code 3704960Swillf krb5_dbe_create_key_data( krb5_context context, 3714960Swillf krb5_db_entry * entry); 3724960Swillf 3730Sstevel@tonic-gate 3744960Swillf krb5_error_code 3754960Swillf krb5_dbe_update_mod_princ_data( krb5_context context, 3764960Swillf krb5_db_entry * entry, 3774960Swillf krb5_timestamp mod_date, 3784960Swillf krb5_const_principal mod_princ); 3794960Swillf 3804960Swillf krb5_error_code 3814960Swillf krb5_dbe_update_last_pwd_change( krb5_context context, 3824960Swillf krb5_db_entry * entry, 3834960Swillf krb5_timestamp stamp); 3844960Swillf 3854960Swillf void *krb5_db_alloc( krb5_context kcontext, 3864960Swillf void *ptr, 3874960Swillf size_t size ); 3884960Swillf 3894960Swillf void krb5_db_free( krb5_context kcontext, 3904960Swillf void *ptr); 3914960Swillf 3924960Swillf 3934960Swillf krb5_error_code 3944960Swillf krb5_dbe_lookup_last_pwd_change( krb5_context context, 3954960Swillf krb5_db_entry * entry, 3964960Swillf krb5_timestamp * stamp); 3974960Swillf 3984960Swillf krb5_error_code 3994960Swillf krb5_dbe_update_tl_data( krb5_context context, 4004960Swillf krb5_db_entry * entry, 4014960Swillf krb5_tl_data * new_tl_data); 4024960Swillf 4034960Swillf krb5_error_code 4044960Swillf krb5_dbe_cpw( krb5_context kcontext, 4054960Swillf krb5_keyblock * master_key, 4064960Swillf krb5_key_salt_tuple * ks_tuple, 4074960Swillf int ks_tuple_count, 4084960Swillf char * passwd, 4094960Swillf int new_kvno, 4104960Swillf krb5_boolean keepold, 4114960Swillf krb5_db_entry * db_entry); 4124960Swillf 4134960Swillf 4144960Swillf krb5_error_code 4154960Swillf krb5_dbe_ark( krb5_context context, 4164960Swillf krb5_keyblock * master_key, 4174960Swillf krb5_key_salt_tuple * ks_tuple, 4184960Swillf int ks_tuple_count, 4194960Swillf krb5_db_entry * db_entry); 4204960Swillf 4214960Swillf krb5_error_code 4224960Swillf krb5_dbe_crk( krb5_context context, 4234960Swillf krb5_keyblock * master_key, 4244960Swillf krb5_key_salt_tuple * ks_tuple, 4254960Swillf int ks_tuple_count, 4264960Swillf krb5_boolean keepold, 4274960Swillf krb5_db_entry * db_entry); 4284960Swillf 4294960Swillf krb5_error_code 4304960Swillf krb5_dbe_apw( krb5_context context, 4314960Swillf krb5_keyblock * master_key, 4324960Swillf krb5_key_salt_tuple * ks_tuple, 4334960Swillf int ks_tuple_count, 4344960Swillf char * passwd, 4354960Swillf krb5_db_entry * db_entry); 4364960Swillf 4374960Swillf /* default functions. Should not be directly called */ 4384960Swillf /* 4394960Swillf * Default functions prototype 4404960Swillf */ 4414960Swillf 4424960Swillf krb5_error_code 4434960Swillf krb5_dbe_def_search_enctype( krb5_context kcontext, 4444960Swillf krb5_db_entry *dbentp, 4454960Swillf krb5_int32 *start, 4464960Swillf krb5_int32 ktype, 4474960Swillf krb5_int32 stype, 4484960Swillf krb5_int32 kvno, 4494960Swillf krb5_key_data **kdatap); 4500Sstevel@tonic-gate 4514960Swillf krb5_error_code 4524960Swillf krb5_def_store_mkey( krb5_context context, 4534960Swillf char *keyfile, 4544960Swillf krb5_principal mname, 4554960Swillf krb5_keyblock *key, 4564960Swillf char *master_pwd); 4574960Swillf 4584960Swillf 4594960Swillf krb5_error_code 4604960Swillf krb5_db_def_fetch_mkey( krb5_context context, 4614960Swillf krb5_principal mname, 4624960Swillf krb5_keyblock *key, 4634960Swillf int *kvno, 4644960Swillf char *db_args); 4654960Swillf 4664960Swillf krb5_error_code 4674960Swillf krb5_def_verify_master_key( krb5_context context, 4684960Swillf krb5_principal mprinc, 4694960Swillf krb5_keyblock *mkey); 4700Sstevel@tonic-gate 4714960Swillf krb5_error_code kdb_def_set_mkey ( krb5_context kcontext, 4724960Swillf char *pwd, 4734960Swillf krb5_keyblock *key ); 4744960Swillf 4754960Swillf krb5_error_code kdb_def_get_mkey ( krb5_context kcontext, 4764960Swillf krb5_keyblock **key ); 4770Sstevel@tonic-gate 4784960Swillf krb5_error_code 4794960Swillf krb5_dbe_def_cpw( krb5_context context, 4804960Swillf krb5_keyblock * master_key, 4814960Swillf krb5_key_salt_tuple * ks_tuple, 4824960Swillf int ks_tuple_count, 4834960Swillf char * passwd, 4844960Swillf int new_kvno, 4854960Swillf krb5_boolean keepold, 4864960Swillf krb5_db_entry * db_entry); 4874960Swillf 4884960Swillf krb5_error_code 4894960Swillf krb5_db_supports_iprop(krb5_context kcontext, int *iprop_supported); 4900Sstevel@tonic-gate 4914960Swillf krb5_error_code 4924960Swillf krb5_def_promote_db(krb5_context, char *, char **); 4934960Swillf 4944960Swillf typedef struct _osa_policy_ent_t { 4954960Swillf int version; 4964960Swillf char *name; 4974960Swillf uint32_t pw_min_life; 4984960Swillf uint32_t pw_max_life; 4994960Swillf uint32_t pw_min_length; 5004960Swillf uint32_t pw_min_classes; 5014960Swillf uint32_t pw_history_num; 5024960Swillf uint32_t policy_refcnt; 5034960Swillf } osa_policy_ent_rec, *osa_policy_ent_t; 5044960Swillf 5054960Swillf typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t); 5064960Swillf 5074960Swillf krb5_error_code 5084960Swillf krb5_db_create_policy( krb5_context kcontext, 5094960Swillf osa_policy_ent_t policy); 5100Sstevel@tonic-gate 5114960Swillf krb5_error_code 5124960Swillf krb5_db_get_policy ( krb5_context kcontext, 5134960Swillf char *name, 5144960Swillf osa_policy_ent_t *policy, 5154960Swillf int *nentries); 5164960Swillf 5174960Swillf krb5_error_code 5184960Swillf krb5_db_put_policy( krb5_context kcontext, 5194960Swillf osa_policy_ent_t policy); 5204960Swillf 5214960Swillf krb5_error_code 5224960Swillf krb5_db_iter_policy( krb5_context kcontext, 5234960Swillf char *match_entry, 5244960Swillf osa_adb_iter_policy_func func, 5254960Swillf void *data); 5264960Swillf 5274960Swillf krb5_error_code 5284960Swillf krb5_db_delete_policy( krb5_context kcontext, 5294960Swillf char *policy); 5304960Swillf 5314960Swillf void 5324960Swillf krb5_db_free_policy( krb5_context kcontext, 5334960Swillf osa_policy_ent_t policy); 5344960Swillf 5350Sstevel@tonic-gate #define KRB5_KDB_DEF_FLAGS 0 5360Sstevel@tonic-gate 5370Sstevel@tonic-gate #endif /* KRB5_KDB5__ */ 538