10Sstevel@tonic-gate /* 2*7934SMark.Phalan@Sun.COM * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 30Sstevel@tonic-gate * Use is subject to license terms. 40Sstevel@tonic-gate */ 50Sstevel@tonic-gate 60Sstevel@tonic-gate /* 70Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 80Sstevel@tonic-gate * 90Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 100Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 110Sstevel@tonic-gate * source code before consulting with your legal department. 120Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 130Sstevel@tonic-gate * product before consulting with your legal department. 140Sstevel@tonic-gate * 150Sstevel@tonic-gate * For further information, read the top-level Openvision 160Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 170Sstevel@tonic-gate * copyright. 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 200Sstevel@tonic-gate * 210Sstevel@tonic-gate */ 220Sstevel@tonic-gate 230Sstevel@tonic-gate 240Sstevel@tonic-gate /* 250Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved 260Sstevel@tonic-gate * 27*7934SMark.Phalan@Sun.COM * $Header$ 280Sstevel@tonic-gate */ 290Sstevel@tonic-gate 300Sstevel@tonic-gate /* 310Sstevel@tonic-gate * This header file is used internally by the Admin API server 320Sstevel@tonic-gate * libraries and Admin server. IF YOU THINK YOU NEED TO USE THIS FILE 330Sstevel@tonic-gate * FOR ANYTHING, YOU'RE ALMOST CERTAINLY WRONG. 340Sstevel@tonic-gate */ 350Sstevel@tonic-gate 360Sstevel@tonic-gate #ifndef __KADM5_SERVER_INTERNAL_H__ 370Sstevel@tonic-gate #define __KADM5_SERVER_INTERNAL_H__ 380Sstevel@tonic-gate 392881Smp153739 #ifdef HAVE_MEMORY_H 400Sstevel@tonic-gate #include <memory.h> 412881Smp153739 #endif 420Sstevel@tonic-gate #include <stdlib.h> 43*7934SMark.Phalan@Sun.COM #include <errno.h> 440Sstevel@tonic-gate #include "k5-int.h" 450Sstevel@tonic-gate #include <krb5/kdb.h> 460Sstevel@tonic-gate #include <kadm5/admin.h> 474960Swillf #include <rpc/xdr.h> 480Sstevel@tonic-gate #include "admin_internal.h" 490Sstevel@tonic-gate 500Sstevel@tonic-gate typedef struct _kadm5_server_handle_t { 510Sstevel@tonic-gate krb5_ui_4 magic_number; 520Sstevel@tonic-gate krb5_ui_4 struct_version; 530Sstevel@tonic-gate krb5_ui_4 api_version; 540Sstevel@tonic-gate krb5_context context; 550Sstevel@tonic-gate krb5_principal current_caller; 560Sstevel@tonic-gate kadm5_config_params params; 570Sstevel@tonic-gate struct _kadm5_server_handle_t *lhandle; 58*7934SMark.Phalan@Sun.COM char **db_args; 590Sstevel@tonic-gate krb5_keyblock master_keyblock; 600Sstevel@tonic-gate } kadm5_server_handle_rec, *kadm5_server_handle_t; 610Sstevel@tonic-gate 624960Swillf #define OSA_ADB_PRINC_VERSION_1 0x12345C01 634960Swillf 644960Swillf typedef struct _osa_pw_hist_t { 654960Swillf int n_key_data; 664960Swillf krb5_key_data *key_data; 674960Swillf } osa_pw_hist_ent, *osa_pw_hist_t; 684960Swillf 694960Swillf typedef struct _osa_princ_ent_t { 704960Swillf int version; 714960Swillf char *policy; 724960Swillf long aux_attributes; 734960Swillf unsigned int old_key_len; 744960Swillf unsigned int old_key_next; 754960Swillf krb5_kvno admin_history_kvno; 764960Swillf osa_pw_hist_ent *old_keys; 774960Swillf } osa_princ_ent_rec, *osa_princ_ent_t; 784960Swillf 79*7934SMark.Phalan@Sun.COM 800Sstevel@tonic-gate kadm5_ret_t adb_policy_init(kadm5_server_handle_t handle); 810Sstevel@tonic-gate kadm5_ret_t adb_policy_close(kadm5_server_handle_t handle); 820Sstevel@tonic-gate kadm5_ret_t passwd_check(kadm5_server_handle_t handle, 830Sstevel@tonic-gate char *pass, int use_policy, 840Sstevel@tonic-gate kadm5_policy_ent_t policy, 850Sstevel@tonic-gate krb5_principal principal); 860Sstevel@tonic-gate kadm5_ret_t principal_exists(krb5_principal principal); 870Sstevel@tonic-gate krb5_error_code kdb_init_master(kadm5_server_handle_t handle, 880Sstevel@tonic-gate char *r, int from_keyboard); 890Sstevel@tonic-gate krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, 900Sstevel@tonic-gate char *r); 910Sstevel@tonic-gate krb5_error_code kdb_get_entry(kadm5_server_handle_t handle, 920Sstevel@tonic-gate krb5_principal principal, krb5_db_entry *kdb, 930Sstevel@tonic-gate osa_princ_ent_rec *adb); 940Sstevel@tonic-gate krb5_error_code kdb_free_entry(kadm5_server_handle_t handle, 950Sstevel@tonic-gate krb5_db_entry *kdb, osa_princ_ent_rec *adb); 960Sstevel@tonic-gate krb5_error_code kdb_put_entry(kadm5_server_handle_t handle, 970Sstevel@tonic-gate krb5_db_entry *kdb, osa_princ_ent_rec *adb); 980Sstevel@tonic-gate krb5_error_code kdb_delete_entry(kadm5_server_handle_t handle, 990Sstevel@tonic-gate krb5_principal name); 100*7934SMark.Phalan@Sun.COM krb5_error_code kdb_iter_entry(kadm5_server_handle_t handle, 101*7934SMark.Phalan@Sun.COM char *match_entry, 1022881Smp153739 void (*iter_fct)(void *, krb5_principal), 1032881Smp153739 void *data); 1040Sstevel@tonic-gate 1050Sstevel@tonic-gate int init_dict(kadm5_config_params *); 1060Sstevel@tonic-gate int find_word(const char *word); 1070Sstevel@tonic-gate void destroy_dict(void); 1080Sstevel@tonic-gate 1092881Smp153739 /* XXX this ought to be in libkrb5.a, but isn't */ 1102881Smp153739 kadm5_ret_t krb5_copy_key_data_contents(krb5_context context, 1112881Smp153739 krb5_key_data *from, 1122881Smp153739 krb5_key_data *to); 1132881Smp153739 kadm5_ret_t krb5_free_key_data_contents(krb5_context context, 1142881Smp153739 krb5_key_data *key); 1152881Smp153739 1160Sstevel@tonic-gate /* 1170Sstevel@tonic-gate * *Warning* 1180Sstevel@tonic-gate * *Warning* This is going to break if we 1190Sstevel@tonic-gate * *Warning* ever go multi-threaded 1200Sstevel@tonic-gate * *Warning* 1210Sstevel@tonic-gate */ 1220Sstevel@tonic-gate extern krb5_principal current_caller; 1230Sstevel@tonic-gate 1240Sstevel@tonic-gate /* 1250Sstevel@tonic-gate * Why is this (or something similar) not defined *anywhere* in krb5? 1260Sstevel@tonic-gate */ 1270Sstevel@tonic-gate #define KSUCCESS 0 1280Sstevel@tonic-gate #define WORD_NOT_FOUND 1 1290Sstevel@tonic-gate 1300Sstevel@tonic-gate /* 1310Sstevel@tonic-gate * all the various mask bits or'd together 1320Sstevel@tonic-gate */ 1330Sstevel@tonic-gate 1340Sstevel@tonic-gate #define ALL_PRINC_MASK \ 1350Sstevel@tonic-gate (KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION | \ 1360Sstevel@tonic-gate KADM5_LAST_PWD_CHANGE | KADM5_ATTRIBUTES | KADM5_MAX_LIFE | \ 1370Sstevel@tonic-gate KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_KVNO | KADM5_MKVNO | \ 1380Sstevel@tonic-gate KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_POLICY | \ 1390Sstevel@tonic-gate KADM5_MAX_RLIFE | KADM5_TL_DATA | KADM5_KEY_DATA) 1400Sstevel@tonic-gate 1410Sstevel@tonic-gate #define ALL_POLICY_MASK \ 1420Sstevel@tonic-gate (KADM5_POLICY | KADM5_PW_MAX_LIFE | KADM5_PW_MIN_LIFE | \ 1430Sstevel@tonic-gate KADM5_PW_MIN_LENGTH | KADM5_PW_MIN_CLASSES | KADM5_PW_HISTORY_NUM | \ 1440Sstevel@tonic-gate KADM5_REF_COUNT) 1450Sstevel@tonic-gate 1460Sstevel@tonic-gate #define SERVER_CHECK_HANDLE(handle) \ 1470Sstevel@tonic-gate { \ 1480Sstevel@tonic-gate kadm5_server_handle_t srvr = \ 1490Sstevel@tonic-gate (kadm5_server_handle_t) handle; \ 1500Sstevel@tonic-gate \ 1510Sstevel@tonic-gate if (! srvr->current_caller) \ 1520Sstevel@tonic-gate return KADM5_BAD_SERVER_HANDLE; \ 1530Sstevel@tonic-gate if (! srvr->lhandle) \ 1540Sstevel@tonic-gate return KADM5_BAD_SERVER_HANDLE; \ 1550Sstevel@tonic-gate } 1560Sstevel@tonic-gate 1570Sstevel@tonic-gate #define CHECK_HANDLE(handle) \ 1580Sstevel@tonic-gate GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION, \ 1590Sstevel@tonic-gate KADM5_NEW_SERVER_API_VERSION) \ 1600Sstevel@tonic-gate SERVER_CHECK_HANDLE(handle) 1610Sstevel@tonic-gate 1624960Swillf bool_t xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp); 1634960Swillf 1644960Swillf void 1654960Swillf osa_free_princ_ent(osa_princ_ent_t val); 166*7934SMark.Phalan@Sun.COM 1670Sstevel@tonic-gate #endif /* __KADM5_SERVER_INTERNAL_H__ */ 168