1*0Sstevel@tonic-gate /* 2*0Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3*0Sstevel@tonic-gate * Use is subject to license terms. 4*0Sstevel@tonic-gate */ 5*0Sstevel@tonic-gate 6*0Sstevel@tonic-gate #ifndef __KADM5_ADMIN_H__ 7*0Sstevel@tonic-gate #define __KADM5_ADMIN_H__ 8*0Sstevel@tonic-gate 9*0Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 10*0Sstevel@tonic-gate 11*0Sstevel@tonic-gate #ifdef __cplusplus 12*0Sstevel@tonic-gate extern "C" { 13*0Sstevel@tonic-gate #endif 14*0Sstevel@tonic-gate 15*0Sstevel@tonic-gate /* 16*0Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 17*0Sstevel@tonic-gate * 18*0Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 19*0Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 20*0Sstevel@tonic-gate * source code before consulting with your legal department. 21*0Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 22*0Sstevel@tonic-gate * product before consulting with your legal department. 23*0Sstevel@tonic-gate * 24*0Sstevel@tonic-gate * For further information, read the top-level Openvision 25*0Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 26*0Sstevel@tonic-gate * copyright. 27*0Sstevel@tonic-gate * 28*0Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 29*0Sstevel@tonic-gate * 30*0Sstevel@tonic-gate */ 31*0Sstevel@tonic-gate 32*0Sstevel@tonic-gate 33*0Sstevel@tonic-gate /* 34*0Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved 35*0Sstevel@tonic-gate * 36*0Sstevel@tonic-gate * $Header: /cvs/krbdev/krb5/src/lib/kadm5/admin.h,v 1.43.2.1 2000/05/19 22:24:14 raeburn Exp $ 37*0Sstevel@tonic-gate */ 38*0Sstevel@tonic-gate 39*0Sstevel@tonic-gate #include <sys/types.h> 40*0Sstevel@tonic-gate #include <rpc/types.h> 41*0Sstevel@tonic-gate #include <rpc/rpc.h> 42*0Sstevel@tonic-gate #include <krb5.h> 43*0Sstevel@tonic-gate #include <k5-int.h> 44*0Sstevel@tonic-gate #include <com_err.h> 45*0Sstevel@tonic-gate #include <kadm5/kadm_err.h> 46*0Sstevel@tonic-gate #include <kadm5/adb_err.h> 47*0Sstevel@tonic-gate #include <kadm5/chpass_util_strings.h> 48*0Sstevel@tonic-gate 49*0Sstevel@tonic-gate #define KADM5_ADMIN_SERVICE_P "kadmin@admin" 50*0Sstevel@tonic-gate #define KADM5_ADMIN_SERVICE "kadmin/admin" 51*0Sstevel@tonic-gate #define KADM5_CHANGEPW_SERVICE_P "kadmin@changepw" 52*0Sstevel@tonic-gate #define KADM5_CHANGEPW_SERVICE "kadmin/changepw" 53*0Sstevel@tonic-gate #define KADM5_HIST_PRINCIPAL "kadmin/history" 54*0Sstevel@tonic-gate #define KADM5_ADMIN_HOST_SERVICE "kadmin" 55*0Sstevel@tonic-gate #define KADM5_CHANGEPW_HOST_SERVICE "changepw" 56*0Sstevel@tonic-gate #define KADM5_KIPROP_HOST_SERVICE "kiprop" 57*0Sstevel@tonic-gate 58*0Sstevel@tonic-gate typedef krb5_principal kadm5_princ_t; 59*0Sstevel@tonic-gate typedef char *kadm5_policy_t; 60*0Sstevel@tonic-gate typedef long kadm5_ret_t; 61*0Sstevel@tonic-gate typedef int rpc_int32; 62*0Sstevel@tonic-gate typedef unsigned int rpc_u_int32; 63*0Sstevel@tonic-gate 64*0Sstevel@tonic-gate #define KADM5_PW_FIRST_PROMPT \ 65*0Sstevel@tonic-gate ((char *)error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT)) 66*0Sstevel@tonic-gate #define KADM5_PW_SECOND_PROMPT \ 67*0Sstevel@tonic-gate ((char *)error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT)) 68*0Sstevel@tonic-gate 69*0Sstevel@tonic-gate /* 70*0Sstevel@tonic-gate * Succsessfull return code 71*0Sstevel@tonic-gate */ 72*0Sstevel@tonic-gate #define KADM5_OK 0 73*0Sstevel@tonic-gate 74*0Sstevel@tonic-gate /* 75*0Sstevel@tonic-gate * Field masks 76*0Sstevel@tonic-gate */ 77*0Sstevel@tonic-gate 78*0Sstevel@tonic-gate /* kadm5_principal_ent_t */ 79*0Sstevel@tonic-gate #define KADM5_PRINCIPAL 0x000001 80*0Sstevel@tonic-gate #define KADM5_PRINC_EXPIRE_TIME 0x000002 81*0Sstevel@tonic-gate #define KADM5_PW_EXPIRATION 0x000004 82*0Sstevel@tonic-gate #define KADM5_LAST_PWD_CHANGE 0x000008 83*0Sstevel@tonic-gate #define KADM5_ATTRIBUTES 0x000010 84*0Sstevel@tonic-gate #define KADM5_MAX_LIFE 0x000020 85*0Sstevel@tonic-gate #define KADM5_MOD_TIME 0x000040 86*0Sstevel@tonic-gate #define KADM5_MOD_NAME 0x000080 87*0Sstevel@tonic-gate #define KADM5_KVNO 0x000100 88*0Sstevel@tonic-gate #define KADM5_MKVNO 0x000200 89*0Sstevel@tonic-gate #define KADM5_AUX_ATTRIBUTES 0x000400 90*0Sstevel@tonic-gate #define KADM5_POLICY 0x000800 91*0Sstevel@tonic-gate #define KADM5_POLICY_CLR 0x001000 92*0Sstevel@tonic-gate /* version 2 masks */ 93*0Sstevel@tonic-gate #define KADM5_MAX_RLIFE 0x002000 94*0Sstevel@tonic-gate #define KADM5_LAST_SUCCESS 0x004000 95*0Sstevel@tonic-gate #define KADM5_LAST_FAILED 0x008000 96*0Sstevel@tonic-gate #define KADM5_FAIL_AUTH_COUNT 0x010000 97*0Sstevel@tonic-gate #define KADM5_KEY_DATA 0x020000 98*0Sstevel@tonic-gate #define KADM5_TL_DATA 0x040000 99*0Sstevel@tonic-gate /* all but KEY_DATA and TL_DATA */ 100*0Sstevel@tonic-gate #define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff 101*0Sstevel@tonic-gate 102*0Sstevel@tonic-gate /* kadm5_policy_ent_t */ 103*0Sstevel@tonic-gate #define KADM5_PW_MAX_LIFE 0x004000 104*0Sstevel@tonic-gate #define KADM5_PW_MIN_LIFE 0x008000 105*0Sstevel@tonic-gate #define KADM5_PW_MIN_LENGTH 0x010000 106*0Sstevel@tonic-gate #define KADM5_PW_MIN_CLASSES 0x020000 107*0Sstevel@tonic-gate #define KADM5_PW_HISTORY_NUM 0x040000 108*0Sstevel@tonic-gate #define KADM5_REF_COUNT 0x080000 109*0Sstevel@tonic-gate 110*0Sstevel@tonic-gate /* kadm5_config_params */ 111*0Sstevel@tonic-gate #define KADM5_CONFIG_REALM 0x0000001 112*0Sstevel@tonic-gate #define KADM5_CONFIG_DBNAME 0x0000002 113*0Sstevel@tonic-gate #define KADM5_CONFIG_MKEY_NAME 0x0000004 114*0Sstevel@tonic-gate #define KADM5_CONFIG_MAX_LIFE 0x0000008 115*0Sstevel@tonic-gate #define KADM5_CONFIG_MAX_RLIFE 0x0000010 116*0Sstevel@tonic-gate #define KADM5_CONFIG_EXPIRATION 0x0000020 117*0Sstevel@tonic-gate #define KADM5_CONFIG_FLAGS 0x0000040 118*0Sstevel@tonic-gate #define KADM5_CONFIG_ADMIN_KEYTAB 0x0000080 119*0Sstevel@tonic-gate #define KADM5_CONFIG_STASH_FILE 0x0000100 120*0Sstevel@tonic-gate #define KADM5_CONFIG_ENCTYPE 0x0000200 121*0Sstevel@tonic-gate #define KADM5_CONFIG_ADBNAME 0x0000400 122*0Sstevel@tonic-gate #define KADM5_CONFIG_ADB_LOCKFILE 0x0000800 123*0Sstevel@tonic-gate #define KADM5_CONFIG_PROFILE 0x0001000 124*0Sstevel@tonic-gate #define KADM5_CONFIG_ACL_FILE 0x0002000 125*0Sstevel@tonic-gate #define KADM5_CONFIG_KADMIND_PORT 0x0004000 126*0Sstevel@tonic-gate #define KADM5_CONFIG_ENCTYPES 0x0008000 127*0Sstevel@tonic-gate #define KADM5_CONFIG_ADMIN_SERVER 0x0010000 128*0Sstevel@tonic-gate #define KADM5_CONFIG_DICT_FILE 0x0020000 129*0Sstevel@tonic-gate #define KADM5_CONFIG_MKEY_FROM_KBD 0x0040000 130*0Sstevel@tonic-gate #define KADM5_CONFIG_KPASSWD_PORT 0x0080000 131*0Sstevel@tonic-gate #define KADM5_CONFIG_KPASSWD_SERVER 0x0100000 132*0Sstevel@tonic-gate #define KADM5_CONFIG_KPASSWD_PROTOCOL 0x0200000 133*0Sstevel@tonic-gate #define KADM5_CONFIG_IPROP_ENABLED 0x0400000 134*0Sstevel@tonic-gate #define KADM5_CONFIG_ULOG_SIZE 0x0800000 135*0Sstevel@tonic-gate #define KADM5_CONFIG_POLL_TIME 0x1000000 136*0Sstevel@tonic-gate 137*0Sstevel@tonic-gate /* password change constants */ 138*0Sstevel@tonic-gate #define KRB5_KPASSWD_SUCCESS 0 139*0Sstevel@tonic-gate #define KRB5_KPASSWD_MALFORMED 1 140*0Sstevel@tonic-gate #define KRB5_KPASSWD_HARDERROR 2 141*0Sstevel@tonic-gate #define KRB5_KPASSWD_AUTHERROR 3 142*0Sstevel@tonic-gate #define KRB5_KPASSWD_SOFTERROR 4 143*0Sstevel@tonic-gate #define KRB5_KPASSWD_ACCESSDENIED 5 144*0Sstevel@tonic-gate #define KRB5_KPASSWD_BAD_VERSION 6 145*0Sstevel@tonic-gate #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 146*0Sstevel@tonic-gate #define KRB5_KPASSWD_POLICY_REJECT 8 147*0Sstevel@tonic-gate #define KRB5_KPASSWD_BAD_PRINCIPAL 9 148*0Sstevel@tonic-gate #define KRB5_KPASSWD_ETYPE_NOSUPP 10 149*0Sstevel@tonic-gate 150*0Sstevel@tonic-gate /* 151*0Sstevel@tonic-gate * permission bits 152*0Sstevel@tonic-gate */ 153*0Sstevel@tonic-gate #define KADM5_PRIV_GET 0x01 154*0Sstevel@tonic-gate #define KADM5_PRIV_ADD 0x02 155*0Sstevel@tonic-gate #define KADM5_PRIV_MODIFY 0x04 156*0Sstevel@tonic-gate #define KADM5_PRIV_DELETE 0x08 157*0Sstevel@tonic-gate 158*0Sstevel@tonic-gate /* 159*0Sstevel@tonic-gate * API versioning constants 160*0Sstevel@tonic-gate */ 161*0Sstevel@tonic-gate #define KADM5_MASK_BITS 0xffffff00 162*0Sstevel@tonic-gate 163*0Sstevel@tonic-gate #define KADM5_STRUCT_VERSION_MASK 0x12345600 164*0Sstevel@tonic-gate #define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01) 165*0Sstevel@tonic-gate #define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1 166*0Sstevel@tonic-gate 167*0Sstevel@tonic-gate #define KADM5_API_VERSION_MASK 0x12345700 168*0Sstevel@tonic-gate #define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01) 169*0Sstevel@tonic-gate #define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02) 170*0Sstevel@tonic-gate 171*0Sstevel@tonic-gate #ifdef KRB5_DNS_LOOKUP 172*0Sstevel@tonic-gate /* 173*0Sstevel@tonic-gate * Name length constants for DNS lookups 174*0Sstevel@tonic-gate */ 175*0Sstevel@tonic-gate #define MAX_HOST_NAMELEN 256 176*0Sstevel@tonic-gate #define MAX_DNS_NAMELEN (15*(MAX_HOST_NAMELEN + 1)+1) 177*0Sstevel@tonic-gate #endif /* KRB5_DNS_LOOKUP */ 178*0Sstevel@tonic-gate 179*0Sstevel@tonic-gate typedef struct _kadm5_principal_ent_t_v2 { 180*0Sstevel@tonic-gate krb5_principal principal; 181*0Sstevel@tonic-gate krb5_timestamp princ_expire_time; 182*0Sstevel@tonic-gate krb5_timestamp last_pwd_change; 183*0Sstevel@tonic-gate krb5_timestamp pw_expiration; 184*0Sstevel@tonic-gate krb5_deltat max_life; 185*0Sstevel@tonic-gate krb5_principal mod_name; 186*0Sstevel@tonic-gate krb5_timestamp mod_date; 187*0Sstevel@tonic-gate krb5_flags attributes; 188*0Sstevel@tonic-gate krb5_kvno kvno; 189*0Sstevel@tonic-gate krb5_kvno mkvno; 190*0Sstevel@tonic-gate char *policy; 191*0Sstevel@tonic-gate long aux_attributes; 192*0Sstevel@tonic-gate 193*0Sstevel@tonic-gate /* version 2 fields */ 194*0Sstevel@tonic-gate krb5_deltat max_renewable_life; 195*0Sstevel@tonic-gate krb5_timestamp last_success; 196*0Sstevel@tonic-gate krb5_timestamp last_failed; 197*0Sstevel@tonic-gate krb5_kvno fail_auth_count; 198*0Sstevel@tonic-gate krb5_int16 n_key_data; 199*0Sstevel@tonic-gate krb5_int16 n_tl_data; 200*0Sstevel@tonic-gate krb5_tl_data *tl_data; 201*0Sstevel@tonic-gate krb5_key_data *key_data; 202*0Sstevel@tonic-gate } kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2; 203*0Sstevel@tonic-gate 204*0Sstevel@tonic-gate typedef struct _kadm5_principal_ent_t_v1 { 205*0Sstevel@tonic-gate krb5_principal principal; 206*0Sstevel@tonic-gate krb5_timestamp princ_expire_time; 207*0Sstevel@tonic-gate krb5_timestamp last_pwd_change; 208*0Sstevel@tonic-gate krb5_timestamp pw_expiration; 209*0Sstevel@tonic-gate krb5_deltat max_life; 210*0Sstevel@tonic-gate krb5_principal mod_name; 211*0Sstevel@tonic-gate krb5_timestamp mod_date; 212*0Sstevel@tonic-gate krb5_flags attributes; 213*0Sstevel@tonic-gate krb5_kvno kvno; 214*0Sstevel@tonic-gate krb5_kvno mkvno; 215*0Sstevel@tonic-gate char *policy; 216*0Sstevel@tonic-gate long aux_attributes; 217*0Sstevel@tonic-gate } kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1; 218*0Sstevel@tonic-gate 219*0Sstevel@tonic-gate 220*0Sstevel@tonic-gate typedef struct _kadm5_principal_ent_t_v2 221*0Sstevel@tonic-gate kadm5_principal_ent_rec, *kadm5_principal_ent_t; 222*0Sstevel@tonic-gate 223*0Sstevel@tonic-gate typedef struct _kadm5_policy_ent_t { 224*0Sstevel@tonic-gate char *policy; 225*0Sstevel@tonic-gate long pw_min_life; 226*0Sstevel@tonic-gate long pw_max_life; 227*0Sstevel@tonic-gate long pw_min_length; 228*0Sstevel@tonic-gate long pw_min_classes; 229*0Sstevel@tonic-gate long pw_history_num; 230*0Sstevel@tonic-gate long policy_refcnt; 231*0Sstevel@tonic-gate } kadm5_policy_ent_rec, *kadm5_policy_ent_t; 232*0Sstevel@tonic-gate 233*0Sstevel@tonic-gate typedef struct __krb5_key_salt_tuple { 234*0Sstevel@tonic-gate krb5_enctype ks_enctype; 235*0Sstevel@tonic-gate krb5_int32 ks_salttype; 236*0Sstevel@tonic-gate } krb5_key_salt_tuple; 237*0Sstevel@tonic-gate 238*0Sstevel@tonic-gate /* 239*0Sstevel@tonic-gate * New types to indicate which protocol to use when sending 240*0Sstevel@tonic-gate * password change requests 241*0Sstevel@tonic-gate */ 242*0Sstevel@tonic-gate typedef enum { 243*0Sstevel@tonic-gate KRB5_CHGPWD_RPCSEC, 244*0Sstevel@tonic-gate KRB5_CHGPWD_CHANGEPW_V2 245*0Sstevel@tonic-gate } krb5_chgpwd_prot; 246*0Sstevel@tonic-gate 247*0Sstevel@tonic-gate /* 248*0Sstevel@tonic-gate * Data structure returned by kadm5_get_config_params() 249*0Sstevel@tonic-gate */ 250*0Sstevel@tonic-gate typedef struct _kadm5_config_params { 251*0Sstevel@tonic-gate long mask; 252*0Sstevel@tonic-gate char *realm; 253*0Sstevel@tonic-gate char *profile; 254*0Sstevel@tonic-gate int kadmind_port; 255*0Sstevel@tonic-gate char *admin_server; 256*0Sstevel@tonic-gate char *dbname; 257*0Sstevel@tonic-gate char *admin_dbname; 258*0Sstevel@tonic-gate char *admin_lockfile; 259*0Sstevel@tonic-gate char *admin_keytab; 260*0Sstevel@tonic-gate char *acl_file; 261*0Sstevel@tonic-gate char *dict_file; 262*0Sstevel@tonic-gate int mkey_from_kbd; 263*0Sstevel@tonic-gate char *stash_file; 264*0Sstevel@tonic-gate char *mkey_name; 265*0Sstevel@tonic-gate krb5_enctype enctype; 266*0Sstevel@tonic-gate krb5_deltat max_life; 267*0Sstevel@tonic-gate krb5_deltat max_rlife; 268*0Sstevel@tonic-gate krb5_timestamp expiration; 269*0Sstevel@tonic-gate krb5_flags flags; 270*0Sstevel@tonic-gate krb5_key_salt_tuple *keysalts; 271*0Sstevel@tonic-gate krb5_int32 num_keysalts; 272*0Sstevel@tonic-gate char *kpasswd_server; 273*0Sstevel@tonic-gate int kpasswd_port; 274*0Sstevel@tonic-gate krb5_chgpwd_prot kpasswd_protocol; 275*0Sstevel@tonic-gate bool_t iprop_enabled; 276*0Sstevel@tonic-gate int iprop_ulogsize; 277*0Sstevel@tonic-gate char *iprop_polltime; 278*0Sstevel@tonic-gate } kadm5_config_params; 279*0Sstevel@tonic-gate 280*0Sstevel@tonic-gate /*********************************************************************** 281*0Sstevel@tonic-gate * This is the old krb5_realm_read_params, which I mutated into 282*0Sstevel@tonic-gate * kadm5_get_config_params but which old code (kdb5_* and krb5kdc) 283*0Sstevel@tonic-gate * still uses. 284*0Sstevel@tonic-gate ***********************************************************************/ 285*0Sstevel@tonic-gate 286*0Sstevel@tonic-gate /* 287*0Sstevel@tonic-gate * Data structure returned by krb5_read_realm_params() 288*0Sstevel@tonic-gate */ 289*0Sstevel@tonic-gate typedef struct __krb5_realm_params { 290*0Sstevel@tonic-gate char *realm_profile; 291*0Sstevel@tonic-gate char *realm_dbname; 292*0Sstevel@tonic-gate char *realm_mkey_name; 293*0Sstevel@tonic-gate char *realm_stash_file; 294*0Sstevel@tonic-gate char *realm_kdc_ports; 295*0Sstevel@tonic-gate char *realm_kdc_tcp_ports; 296*0Sstevel@tonic-gate char *realm_acl_file; 297*0Sstevel@tonic-gate krb5_int32 realm_kadmind_port; 298*0Sstevel@tonic-gate krb5_enctype realm_enctype; 299*0Sstevel@tonic-gate krb5_deltat realm_max_life; 300*0Sstevel@tonic-gate krb5_deltat realm_max_rlife; 301*0Sstevel@tonic-gate krb5_timestamp realm_expiration; 302*0Sstevel@tonic-gate krb5_flags realm_flags; 303*0Sstevel@tonic-gate krb5_key_salt_tuple *realm_keysalts; 304*0Sstevel@tonic-gate unsigned int realm_kadmind_port_valid:1; 305*0Sstevel@tonic-gate unsigned int realm_enctype_valid:1; 306*0Sstevel@tonic-gate unsigned int realm_max_life_valid:1; 307*0Sstevel@tonic-gate unsigned int realm_max_rlife_valid:1; 308*0Sstevel@tonic-gate unsigned int realm_expiration_valid:1; 309*0Sstevel@tonic-gate unsigned int realm_flags_valid:1; 310*0Sstevel@tonic-gate unsigned int realm_filler:7; 311*0Sstevel@tonic-gate krb5_int32 realm_num_keysalts; 312*0Sstevel@tonic-gate } krb5_realm_params; 313*0Sstevel@tonic-gate 314*0Sstevel@tonic-gate /* 315*0Sstevel@tonic-gate * functions 316*0Sstevel@tonic-gate */ 317*0Sstevel@tonic-gate 318*0Sstevel@tonic-gate 319*0Sstevel@tonic-gate kadm5_ret_t 320*0Sstevel@tonic-gate kadm5_get_master(krb5_context context, const char *realm, char **master); 321*0Sstevel@tonic-gate 322*0Sstevel@tonic-gate kadm5_ret_t 323*0Sstevel@tonic-gate kadm5_get_adm_host_srv_name(krb5_context context, 324*0Sstevel@tonic-gate const char *realm, char **host_service_name); 325*0Sstevel@tonic-gate 326*0Sstevel@tonic-gate kadm5_ret_t 327*0Sstevel@tonic-gate kadm5_get_cpw_host_srv_name(krb5_context context, 328*0Sstevel@tonic-gate const char *realm, char **host_service_name); 329*0Sstevel@tonic-gate 330*0Sstevel@tonic-gate krb5_error_code kadm5_get_config_params(krb5_context context, 331*0Sstevel@tonic-gate char *kdcprofile, char *kdcenv, 332*0Sstevel@tonic-gate kadm5_config_params *params_in, 333*0Sstevel@tonic-gate kadm5_config_params *params_out); 334*0Sstevel@tonic-gate 335*0Sstevel@tonic-gate /* SUNWresync121 XXX */ 336*0Sstevel@tonic-gate krb5_error_code kadm5_free_config_params(krb5_context context, 337*0Sstevel@tonic-gate kadm5_config_params *params); 338*0Sstevel@tonic-gate 339*0Sstevel@tonic-gate krb5_error_code kadm5_free_realm_params(krb5_context kcontext, 340*0Sstevel@tonic-gate kadm5_config_params *params); 341*0Sstevel@tonic-gate 342*0Sstevel@tonic-gate kadm5_ret_t kadm5_init(char *client_name, char *pass, 343*0Sstevel@tonic-gate char *service_name, 344*0Sstevel@tonic-gate kadm5_config_params *params, 345*0Sstevel@tonic-gate krb5_ui_4 struct_version, 346*0Sstevel@tonic-gate krb5_ui_4 api_version, 347*0Sstevel@tonic-gate void **server_handle); 348*0Sstevel@tonic-gate 349*0Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_password(char *client_name, 350*0Sstevel@tonic-gate char *pass, 351*0Sstevel@tonic-gate char *service_name, 352*0Sstevel@tonic-gate kadm5_config_params *params, 353*0Sstevel@tonic-gate krb5_ui_4 struct_version, 354*0Sstevel@tonic-gate krb5_ui_4 api_version, 355*0Sstevel@tonic-gate void **server_handle); 356*0Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_skey(char *client_name, 357*0Sstevel@tonic-gate char *keytab, 358*0Sstevel@tonic-gate char *service_name, 359*0Sstevel@tonic-gate kadm5_config_params *params, 360*0Sstevel@tonic-gate krb5_ui_4 struct_version, 361*0Sstevel@tonic-gate krb5_ui_4 api_version, 362*0Sstevel@tonic-gate void **server_handle); 363*0Sstevel@tonic-gate 364*0Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_creds(char *client_name, 365*0Sstevel@tonic-gate krb5_ccache cc, 366*0Sstevel@tonic-gate char *service_name, 367*0Sstevel@tonic-gate kadm5_config_params *params, 368*0Sstevel@tonic-gate krb5_ui_4 struct_version, 369*0Sstevel@tonic-gate krb5_ui_4 api_version, 370*0Sstevel@tonic-gate void **server_handle); 371*0Sstevel@tonic-gate kadm5_ret_t kadm5_flush(void *server_handle); 372*0Sstevel@tonic-gate kadm5_ret_t kadm5_destroy(void *server_handle); 373*0Sstevel@tonic-gate kadm5_ret_t kadm5_create_principal(void *server_handle, 374*0Sstevel@tonic-gate kadm5_principal_ent_t ent, 375*0Sstevel@tonic-gate long mask, char *pass); 376*0Sstevel@tonic-gate kadm5_ret_t kadm5_create_principal_3(void *server_handle, 377*0Sstevel@tonic-gate kadm5_principal_ent_t ent, 378*0Sstevel@tonic-gate long mask, 379*0Sstevel@tonic-gate int n_ks_tuple, 380*0Sstevel@tonic-gate krb5_key_salt_tuple *ks_tuple, 381*0Sstevel@tonic-gate char *pass); 382*0Sstevel@tonic-gate kadm5_ret_t kadm5_delete_principal(void *server_handle, 383*0Sstevel@tonic-gate krb5_principal principal); 384*0Sstevel@tonic-gate kadm5_ret_t kadm5_modify_principal(void *server_handle, 385*0Sstevel@tonic-gate kadm5_principal_ent_t ent, 386*0Sstevel@tonic-gate long mask); 387*0Sstevel@tonic-gate kadm5_ret_t kadm5_rename_principal(void *server_handle, 388*0Sstevel@tonic-gate krb5_principal, krb5_principal); 389*0Sstevel@tonic-gate 390*0Sstevel@tonic-gate kadm5_ret_t kadm5_get_principal(void *server_handle, 391*0Sstevel@tonic-gate krb5_principal principal, 392*0Sstevel@tonic-gate kadm5_principal_ent_t ent, 393*0Sstevel@tonic-gate long mask); 394*0Sstevel@tonic-gate 395*0Sstevel@tonic-gate kadm5_ret_t kadm5_chpass_principal(void *server_handle, 396*0Sstevel@tonic-gate krb5_principal principal, 397*0Sstevel@tonic-gate char *pass); 398*0Sstevel@tonic-gate kadm5_ret_t kadm5_chpass_principal_3(void *server_handle, 399*0Sstevel@tonic-gate krb5_principal principal, 400*0Sstevel@tonic-gate krb5_boolean keepold, 401*0Sstevel@tonic-gate int n_ks_tuple, 402*0Sstevel@tonic-gate krb5_key_salt_tuple *ks_tuple, 403*0Sstevel@tonic-gate char *pass); 404*0Sstevel@tonic-gate 405*0Sstevel@tonic-gate /* 406*0Sstevel@tonic-gate * Solaris Kerberos: 407*0Sstevel@tonic-gate * this routine is only implemented in the client library. 408*0Sstevel@tonic-gate */ 409*0Sstevel@tonic-gate kadm5_ret_t kadm5_randkey_principal_old(void *server_handle, 410*0Sstevel@tonic-gate krb5_principal principal, 411*0Sstevel@tonic-gate krb5_keyblock **keyblocks, 412*0Sstevel@tonic-gate int *n_keys); 413*0Sstevel@tonic-gate 414*0Sstevel@tonic-gate kadm5_ret_t kadm5_randkey_principal(void *server_handle, 415*0Sstevel@tonic-gate krb5_principal principal, 416*0Sstevel@tonic-gate krb5_keyblock **keyblocks, 417*0Sstevel@tonic-gate int *n_keys); 418*0Sstevel@tonic-gate 419*0Sstevel@tonic-gate kadm5_ret_t kadm5_randkey_principal_3(void *server_handle, 420*0Sstevel@tonic-gate krb5_principal principal, 421*0Sstevel@tonic-gate krb5_boolean keepold, 422*0Sstevel@tonic-gate int n_ks_tuple, 423*0Sstevel@tonic-gate krb5_key_salt_tuple *ks_tuple, 424*0Sstevel@tonic-gate krb5_keyblock **keyblocks, 425*0Sstevel@tonic-gate int *n_keys); 426*0Sstevel@tonic-gate kadm5_ret_t kadm5_setv4key_principal(void *server_handle, 427*0Sstevel@tonic-gate krb5_principal principal, 428*0Sstevel@tonic-gate krb5_keyblock *keyblock); 429*0Sstevel@tonic-gate 430*0Sstevel@tonic-gate kadm5_ret_t kadm5_setkey_principal(void *server_handle, 431*0Sstevel@tonic-gate krb5_principal principal, 432*0Sstevel@tonic-gate krb5_keyblock *keyblocks, 433*0Sstevel@tonic-gate int n_keys); 434*0Sstevel@tonic-gate 435*0Sstevel@tonic-gate kadm5_ret_t kadm5_setkey_principal_3(void *server_handle, 436*0Sstevel@tonic-gate krb5_principal principal, 437*0Sstevel@tonic-gate krb5_boolean keepold, 438*0Sstevel@tonic-gate int n_ks_tuple, 439*0Sstevel@tonic-gate krb5_key_salt_tuple *ks_tuple, 440*0Sstevel@tonic-gate krb5_keyblock *keyblocks, 441*0Sstevel@tonic-gate int n_keys); 442*0Sstevel@tonic-gate 443*0Sstevel@tonic-gate kadm5_ret_t kadm5_create_policy(void *server_handle, 444*0Sstevel@tonic-gate kadm5_policy_ent_t ent, 445*0Sstevel@tonic-gate long mask); 446*0Sstevel@tonic-gate /* 447*0Sstevel@tonic-gate * kadm5_create_policy_internal is not part of the supported, 448*0Sstevel@tonic-gate * exposed API. It is available only in the server library, and you 449*0Sstevel@tonic-gate * shouldn't use it unless you know why it's there and how it's 450*0Sstevel@tonic-gate * different from kadm5_create_policy. 451*0Sstevel@tonic-gate */ 452*0Sstevel@tonic-gate kadm5_ret_t kadm5_create_policy_internal(void *server_handle, 453*0Sstevel@tonic-gate kadm5_policy_ent_t 454*0Sstevel@tonic-gate entry, long mask); 455*0Sstevel@tonic-gate kadm5_ret_t kadm5_delete_policy(void *server_handle, 456*0Sstevel@tonic-gate kadm5_policy_t policy); 457*0Sstevel@tonic-gate kadm5_ret_t kadm5_modify_policy(void *server_handle, 458*0Sstevel@tonic-gate kadm5_policy_ent_t ent, 459*0Sstevel@tonic-gate long mask); 460*0Sstevel@tonic-gate /* 461*0Sstevel@tonic-gate * kadm5_modify_policy_internal is not part of the supported, 462*0Sstevel@tonic-gate * exposed API. It is available only in the server library, and you 463*0Sstevel@tonic-gate * shouldn't use it unless you know why it's there and how it's 464*0Sstevel@tonic-gate * different from kadm5_modify_policy. 465*0Sstevel@tonic-gate */ 466*0Sstevel@tonic-gate kadm5_ret_t kadm5_modify_policy_internal(void *server_handle, 467*0Sstevel@tonic-gate kadm5_policy_ent_t 468*0Sstevel@tonic-gate entry, long mask); 469*0Sstevel@tonic-gate 470*0Sstevel@tonic-gate kadm5_ret_t kadm5_get_policy(void *server_handle, 471*0Sstevel@tonic-gate kadm5_policy_t policy, 472*0Sstevel@tonic-gate kadm5_policy_ent_t ent); 473*0Sstevel@tonic-gate 474*0Sstevel@tonic-gate kadm5_ret_t kadm5_get_privs(void *server_handle, 475*0Sstevel@tonic-gate long *privs); 476*0Sstevel@tonic-gate 477*0Sstevel@tonic-gate kadm5_ret_t kadm5_chpass_principal_util(void *server_handle, 478*0Sstevel@tonic-gate krb5_principal princ, 479*0Sstevel@tonic-gate char *new_pw, 480*0Sstevel@tonic-gate char **ret_pw, 481*0Sstevel@tonic-gate char *msg_ret, 482*0Sstevel@tonic-gate int msg_len); 483*0Sstevel@tonic-gate 484*0Sstevel@tonic-gate kadm5_ret_t kadm5_free_principal_ent(void *server_handle, 485*0Sstevel@tonic-gate kadm5_principal_ent_t 486*0Sstevel@tonic-gate ent); 487*0Sstevel@tonic-gate kadm5_ret_t kadm5_free_policy_ent(void *server_handle, 488*0Sstevel@tonic-gate kadm5_policy_ent_t ent); 489*0Sstevel@tonic-gate 490*0Sstevel@tonic-gate kadm5_ret_t kadm5_get_principals(void *server_handle, 491*0Sstevel@tonic-gate char *exp, char ***princs, 492*0Sstevel@tonic-gate int *count); 493*0Sstevel@tonic-gate 494*0Sstevel@tonic-gate kadm5_ret_t kadm5_get_policies(void *server_handle, 495*0Sstevel@tonic-gate char *exp, char ***pols, 496*0Sstevel@tonic-gate int *count); 497*0Sstevel@tonic-gate 498*0Sstevel@tonic-gate 499*0Sstevel@tonic-gate kadm5_ret_t kadm5_free_key_data(void *server_handle, 500*0Sstevel@tonic-gate krb5_int16 *n_key_data, 501*0Sstevel@tonic-gate krb5_key_data *key_data); 502*0Sstevel@tonic-gate 503*0Sstevel@tonic-gate kadm5_ret_t kadm5_free_name_list(void *server_handle, 504*0Sstevel@tonic-gate char **names, int count); 505*0Sstevel@tonic-gate 506*0Sstevel@tonic-gate 507*0Sstevel@tonic-gate krb5_chgpwd_prot _kadm5_get_kpasswd_protocol(void *server_handle); 508*0Sstevel@tonic-gate kadm5_ret_t kadm5_chpass_principal_v2(void *server_handle, 509*0Sstevel@tonic-gate krb5_principal princ, 510*0Sstevel@tonic-gate char *new_password, 511*0Sstevel@tonic-gate kadm5_ret_t *srvr_rsp_code, 512*0Sstevel@tonic-gate krb5_data *srvr_msg); 513*0Sstevel@tonic-gate 514*0Sstevel@tonic-gate void handle_chpw(krb5_context context, int s, void *serverhandle, 515*0Sstevel@tonic-gate kadm5_config_params *params); 516*0Sstevel@tonic-gate 517*0Sstevel@tonic-gate #ifdef __cplusplus 518*0Sstevel@tonic-gate } 519*0Sstevel@tonic-gate #endif 520*0Sstevel@tonic-gate 521*0Sstevel@tonic-gate #endif /* __KADM5_ADMIN_H__ */ 522