17c478bd9Sstevel@tonic-gate /* 2159d09a2SMark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate /* 7*55fea89dSDan Cross * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 87c478bd9Sstevel@tonic-gate * 97c478bd9Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 107c478bd9Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 117c478bd9Sstevel@tonic-gate * source code before consulting with your legal department. 127c478bd9Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 137c478bd9Sstevel@tonic-gate * product before consulting with your legal department. 147c478bd9Sstevel@tonic-gate * 157c478bd9Sstevel@tonic-gate * For further information, read the top-level Openvision 167c478bd9Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 177c478bd9Sstevel@tonic-gate * copyright. 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 207c478bd9Sstevel@tonic-gate * 217c478bd9Sstevel@tonic-gate */ 227c478bd9Sstevel@tonic-gate 237c478bd9Sstevel@tonic-gate 247c478bd9Sstevel@tonic-gate /* 257c478bd9Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved 267c478bd9Sstevel@tonic-gate * 27159d09a2SMark Phalan * $Header$ 287c478bd9Sstevel@tonic-gate */ 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate /* 317c478bd9Sstevel@tonic-gate * This header file is used internally by the Admin API server 327c478bd9Sstevel@tonic-gate * libraries and Admin server. IF YOU THINK YOU NEED TO USE THIS FILE 337c478bd9Sstevel@tonic-gate * FOR ANYTHING, YOU'RE ALMOST CERTAINLY WRONG. 347c478bd9Sstevel@tonic-gate */ 357c478bd9Sstevel@tonic-gate 367c478bd9Sstevel@tonic-gate #ifndef __KADM5_SERVER_INTERNAL_H__ 377c478bd9Sstevel@tonic-gate #define __KADM5_SERVER_INTERNAL_H__ 387c478bd9Sstevel@tonic-gate 3956a424ccSmp #ifdef HAVE_MEMORY_H 407c478bd9Sstevel@tonic-gate #include <memory.h> 4156a424ccSmp #endif 427c478bd9Sstevel@tonic-gate #include <stdlib.h> 43159d09a2SMark Phalan #include <errno.h> 447c478bd9Sstevel@tonic-gate #include "k5-int.h" 457c478bd9Sstevel@tonic-gate #include <krb5/kdb.h> 467c478bd9Sstevel@tonic-gate #include <kadm5/admin.h> 4754925bf6Swillf #include <rpc/xdr.h> 487c478bd9Sstevel@tonic-gate #include "admin_internal.h" 497c478bd9Sstevel@tonic-gate 507c478bd9Sstevel@tonic-gate typedef struct _kadm5_server_handle_t { 517c478bd9Sstevel@tonic-gate krb5_ui_4 magic_number; 527c478bd9Sstevel@tonic-gate krb5_ui_4 struct_version; 537c478bd9Sstevel@tonic-gate krb5_ui_4 api_version; 547c478bd9Sstevel@tonic-gate krb5_context context; 557c478bd9Sstevel@tonic-gate krb5_principal current_caller; 567c478bd9Sstevel@tonic-gate kadm5_config_params params; 577c478bd9Sstevel@tonic-gate struct _kadm5_server_handle_t *lhandle; 58159d09a2SMark Phalan char **db_args; 597c478bd9Sstevel@tonic-gate krb5_keyblock master_keyblock; 607c478bd9Sstevel@tonic-gate } kadm5_server_handle_rec, *kadm5_server_handle_t; 617c478bd9Sstevel@tonic-gate 6254925bf6Swillf #define OSA_ADB_PRINC_VERSION_1 0x12345C01 6354925bf6Swillf 6454925bf6Swillf typedef struct _osa_pw_hist_t { 6554925bf6Swillf int n_key_data; 6654925bf6Swillf krb5_key_data *key_data; 6754925bf6Swillf } osa_pw_hist_ent, *osa_pw_hist_t; 6854925bf6Swillf 6954925bf6Swillf typedef struct _osa_princ_ent_t { 7054925bf6Swillf int version; 7154925bf6Swillf char *policy; 7254925bf6Swillf long aux_attributes; 7354925bf6Swillf unsigned int old_key_len; 7454925bf6Swillf unsigned int old_key_next; 7554925bf6Swillf krb5_kvno admin_history_kvno; 7654925bf6Swillf osa_pw_hist_ent *old_keys; 7754925bf6Swillf } osa_princ_ent_rec, *osa_princ_ent_t; 7854925bf6Swillf 79159d09a2SMark Phalan 807c478bd9Sstevel@tonic-gate kadm5_ret_t adb_policy_init(kadm5_server_handle_t handle); 817c478bd9Sstevel@tonic-gate kadm5_ret_t adb_policy_close(kadm5_server_handle_t handle); 827c478bd9Sstevel@tonic-gate kadm5_ret_t passwd_check(kadm5_server_handle_t handle, 837c478bd9Sstevel@tonic-gate char *pass, int use_policy, 847c478bd9Sstevel@tonic-gate kadm5_policy_ent_t policy, 857c478bd9Sstevel@tonic-gate krb5_principal principal); 867c478bd9Sstevel@tonic-gate kadm5_ret_t principal_exists(krb5_principal principal); 877c478bd9Sstevel@tonic-gate krb5_error_code kdb_init_master(kadm5_server_handle_t handle, 887c478bd9Sstevel@tonic-gate char *r, int from_keyboard); 897c478bd9Sstevel@tonic-gate krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, 907c478bd9Sstevel@tonic-gate char *r); 917c478bd9Sstevel@tonic-gate krb5_error_code kdb_get_entry(kadm5_server_handle_t handle, 927c478bd9Sstevel@tonic-gate krb5_principal principal, krb5_db_entry *kdb, 937c478bd9Sstevel@tonic-gate osa_princ_ent_rec *adb); 947c478bd9Sstevel@tonic-gate krb5_error_code kdb_free_entry(kadm5_server_handle_t handle, 957c478bd9Sstevel@tonic-gate krb5_db_entry *kdb, osa_princ_ent_rec *adb); 967c478bd9Sstevel@tonic-gate krb5_error_code kdb_put_entry(kadm5_server_handle_t handle, 977c478bd9Sstevel@tonic-gate krb5_db_entry *kdb, osa_princ_ent_rec *adb); 987c478bd9Sstevel@tonic-gate krb5_error_code kdb_delete_entry(kadm5_server_handle_t handle, 997c478bd9Sstevel@tonic-gate krb5_principal name); 100159d09a2SMark Phalan krb5_error_code kdb_iter_entry(kadm5_server_handle_t handle, 101159d09a2SMark Phalan char *match_entry, 102*55fea89dSDan Cross void (*iter_fct)(void *, krb5_principal), 10356a424ccSmp void *data); 1047c478bd9Sstevel@tonic-gate 1057c478bd9Sstevel@tonic-gate int init_dict(kadm5_config_params *); 1067c478bd9Sstevel@tonic-gate int find_word(const char *word); 1077c478bd9Sstevel@tonic-gate void destroy_dict(void); 1087c478bd9Sstevel@tonic-gate 10956a424ccSmp /* XXX this ought to be in libkrb5.a, but isn't */ 11056a424ccSmp kadm5_ret_t krb5_copy_key_data_contents(krb5_context context, 111*55fea89dSDan Cross krb5_key_data *from, 11256a424ccSmp krb5_key_data *to); 113*55fea89dSDan Cross kadm5_ret_t krb5_free_key_data_contents(krb5_context context, 11456a424ccSmp krb5_key_data *key); 11556a424ccSmp 1167c478bd9Sstevel@tonic-gate /* 117*55fea89dSDan Cross * *Warning* 118*55fea89dSDan Cross * *Warning* This is going to break if we 119*55fea89dSDan Cross * *Warning* ever go multi-threaded 120*55fea89dSDan Cross * *Warning* 1217c478bd9Sstevel@tonic-gate */ 1227c478bd9Sstevel@tonic-gate extern krb5_principal current_caller; 1237c478bd9Sstevel@tonic-gate 1247c478bd9Sstevel@tonic-gate /* 1257c478bd9Sstevel@tonic-gate * Why is this (or something similar) not defined *anywhere* in krb5? 1267c478bd9Sstevel@tonic-gate */ 1277c478bd9Sstevel@tonic-gate #define KSUCCESS 0 1287c478bd9Sstevel@tonic-gate #define WORD_NOT_FOUND 1 1297c478bd9Sstevel@tonic-gate 1307c478bd9Sstevel@tonic-gate /* 1317c478bd9Sstevel@tonic-gate * all the various mask bits or'd together 1327c478bd9Sstevel@tonic-gate */ 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate #define ALL_PRINC_MASK \ 1357c478bd9Sstevel@tonic-gate (KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION | \ 1367c478bd9Sstevel@tonic-gate KADM5_LAST_PWD_CHANGE | KADM5_ATTRIBUTES | KADM5_MAX_LIFE | \ 1377c478bd9Sstevel@tonic-gate KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_KVNO | KADM5_MKVNO | \ 1387c478bd9Sstevel@tonic-gate KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_POLICY | \ 1397c478bd9Sstevel@tonic-gate KADM5_MAX_RLIFE | KADM5_TL_DATA | KADM5_KEY_DATA) 1407c478bd9Sstevel@tonic-gate 1417c478bd9Sstevel@tonic-gate #define ALL_POLICY_MASK \ 1427c478bd9Sstevel@tonic-gate (KADM5_POLICY | KADM5_PW_MAX_LIFE | KADM5_PW_MIN_LIFE | \ 1437c478bd9Sstevel@tonic-gate KADM5_PW_MIN_LENGTH | KADM5_PW_MIN_CLASSES | KADM5_PW_HISTORY_NUM | \ 1447c478bd9Sstevel@tonic-gate KADM5_REF_COUNT) 1457c478bd9Sstevel@tonic-gate 1467c478bd9Sstevel@tonic-gate #define SERVER_CHECK_HANDLE(handle) \ 1477c478bd9Sstevel@tonic-gate { \ 1487c478bd9Sstevel@tonic-gate kadm5_server_handle_t srvr = \ 1497c478bd9Sstevel@tonic-gate (kadm5_server_handle_t) handle; \ 1507c478bd9Sstevel@tonic-gate \ 1517c478bd9Sstevel@tonic-gate if (! srvr->current_caller) \ 1527c478bd9Sstevel@tonic-gate return KADM5_BAD_SERVER_HANDLE; \ 1537c478bd9Sstevel@tonic-gate if (! srvr->lhandle) \ 1547c478bd9Sstevel@tonic-gate return KADM5_BAD_SERVER_HANDLE; \ 1557c478bd9Sstevel@tonic-gate } 1567c478bd9Sstevel@tonic-gate 1577c478bd9Sstevel@tonic-gate #define CHECK_HANDLE(handle) \ 1587c478bd9Sstevel@tonic-gate GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION, \ 1597c478bd9Sstevel@tonic-gate KADM5_NEW_SERVER_API_VERSION) \ 1607c478bd9Sstevel@tonic-gate SERVER_CHECK_HANDLE(handle) 1617c478bd9Sstevel@tonic-gate 16254925bf6Swillf bool_t xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp); 16354925bf6Swillf 16454925bf6Swillf void 16554925bf6Swillf osa_free_princ_ent(osa_princ_ent_t val); 166159d09a2SMark Phalan 1677c478bd9Sstevel@tonic-gate #endif /* __KADM5_SERVER_INTERNAL_H__ */ 168