1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
4 * Copyright 1995,2001,2009 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
31 * Kerberos V5 Change Password service name
33 #define KRB5_ADM_SERVICE_NAME "kpasswd"
34 #define KRB5_ADM_DEFAULT_PORT 464
36 #define KRB5_ADM_SERVICE_INSTANCE "changepw"
39 * Maximum password length.
41 #define KRB5_ADM_MAX_PASSWORD_LEN 512
44 * Protocol command strings.
46 #define KRB5_ADM_QUIT_CMD "QUIT"
47 #define KRB5_ADM_CHECKPW_CMD "CHECKPW"
48 #define KRB5_ADM_CHANGEPW_CMD "CHANGEPW"
49 #define KRB5_ADM_MOTD_CMD "MOTD"
50 #define KRB5_ADM_MIME_CMD "MIME"
51 #define KRB5_ADM_LANGUAGE_CMD "LANGUAGE"
53 #define KRB5_ADM_ADD_PRINC_CMD "ADD-PRINCIPAL"
54 #define KRB5_ADM_DEL_PRINC_CMD "DELETE-PRINCIPAL"
55 #define KRB5_ADM_REN_PRINC_CMD "RENAME-PRINCIPAL"
56 #define KRB5_ADM_MOD_PRINC_CMD "MODIFY-PRINCIPAL"
57 #define KRB5_ADM_INQ_PRINC_CMD "INQUIRE-PRINCIPAL"
58 #define KRB5_ADM_EXT_KEY_CMD "EXTRACT-KEY"
61 * Protocol command strings for the current version of the admin
62 * server. (Chris had removed them in the version he was working
65 * XXX I'm adding them back so the tree works. We need to take care
68 #define KRB5_ADM_CHG_OPW_CMD "OTHER-CHANGEPW"
69 #define KRB5_ADM_CHG_ORPW_CMD "OTHER-RANDOM-CHANGEPW"
70 #define KRB5_ADM_ADD_KEY_CMD "ADD-KEY"
71 #define KRB5_ADM_DEL_KEY_CMD "DELETE-KEY"
74 * Reply status values.
76 #define KRB5_ADM_SUCCESS 0
77 #define KRB5_ADM_CMD_UNKNOWN 1
78 #define KRB5_ADM_PW_UNACCEPT 2
79 #define KRB5_ADM_BAD_PW 3
80 #define KRB5_ADM_NOT_IN_TKT 4
81 #define KRB5_ADM_CANT_CHANGE 5
82 #define KRB5_ADM_LANG_NOT_SUPPORTED 6
84 #define KRB5_ADM_P_ALREADY_EXISTS 64
85 #define KRB5_ADM_P_DOES_NOT_EXIST 65
86 #define KRB5_ADM_NOT_AUTHORIZED 66
87 #define KRB5_ADM_BAD_OPTION 67
88 #define KRB5_ADM_VALUE_REQUIRED 68
89 #define KRB5_ADM_SYSTEM_ERROR 69
90 #define KRB5_ADM_KEY_DOES_NOT_EXIST 70
91 #define KRB5_ADM_KEY_ALREADY_EXISTS 71
94 * Principal flag keywords.
97 #define KRB5_ADM_KW_PASSWORD "PASSWORD"
98 #define KRB5_ADM_KW_APASSWORD "APASSWORD"
99 #define KRB5_ADM_KW_RANDOMKEY "RANDOMKEY"
100 #define KRB5_ADM_KW_ARANDOMKEY "ARANDOMKEY"
101 #define KRB5_ADM_KW_SETFLAGS "SETFLAGS"
102 #define KRB5_ADM_KW_UNSETFLAGS "UNSETFLAGS"
103 /* Settable and retrievable */
104 #define KRB5_ADM_KW_MAXLIFE "MAXLIFE"
105 #define KRB5_ADM_KW_MAXRENEWLIFE "MAXRENEWLIFE"
106 #define KRB5_ADM_KW_EXPIRATION "EXPIRATION"
107 #define KRB5_ADM_KW_PWEXPIRATION "PWEXPIRATION"
108 #define KRB5_ADM_KW_FLAGS "FLAGS"
109 #define KRB5_ADM_KW_AUXDATA "AUXDATA"
110 #define KRB5_ADM_KW_EXTRADATA "EXTRADATA"
111 /* Retrievable only */
112 #define KRB5_ADM_KW_LASTPWCHANGE "LASTPWCHANGE"
113 #define KRB5_ADM_KW_LASTSUCCESS "LASTSUCCESS"
114 #define KRB5_ADM_KW_LASTFAILED "LASTFAILED"
115 #define KRB5_ADM_KW_FAILCOUNT "FAILCOUNT"
116 #define KRB5_ADM_KW_KEYDATA "KEYDATA"
119 #define KRB5_ADM_M_PASSWORD 0x00000001
120 #define KRB5_ADM_M_MAXLIFE 0x00000002
121 #define KRB5_ADM_M_MAXRENEWLIFE 0x00000004
122 #define KRB5_ADM_M_EXPIRATION 0x00000008
123 #define KRB5_ADM_M_PWEXPIRATION 0x00000010
124 #define KRB5_ADM_M_RANDOMKEY 0x00000020
125 #define KRB5_ADM_M_FLAGS 0x00000040
126 #define KRB5_ADM_M_LASTPWCHANGE 0x00000080
127 #define KRB5_ADM_M_LASTSUCCESS 0x00000100
128 #define KRB5_ADM_M_LASTFAILED 0x00000200
129 #define KRB5_ADM_M_FAILCOUNT 0x00000400
130 #define KRB5_ADM_M_AUXDATA 0x00000800
131 #define KRB5_ADM_M_KEYDATA 0x00001000
132 #define KRB5_ADM_M_APASSWORD 0x00002000
133 #define KRB5_ADM_M_ARANDOMKEY 0x00004000
134 #define KRB5_ADM_M_UNUSED_15 0x00008000
135 #define KRB5_ADM_M_UNUSED_16 0x00010000
136 #define KRB5_ADM_M_UNUSED_17 0x00020000
137 #define KRB5_ADM_M_UNUSED_18 0x00040000
138 #define KRB5_ADM_M_UNUSED_19 0x00080000
139 #define KRB5_ADM_M_UNUSED_20 0x00100000
140 #define KRB5_ADM_M_UNUSED_21 0x00200000
141 #define KRB5_ADM_M_UNUSED_22 0x00400000
142 #define KRB5_ADM_M_UNUSED_23 0x00800000
143 #define KRB5_ADM_M_UNUSED_24 0x01000000
144 #define KRB5_ADM_M_UNUSED_25 0x02000000
145 #define KRB5_ADM_M_UNUSED_26 0x04000000
146 #define KRB5_ADM_M_UNUSED_27 0x08000000
147 #define KRB5_ADM_M_UNUSED_28 0x10000000
148 #define KRB5_ADM_M_UNUSED_29 0x20000000
149 #define KRB5_ADM_M_GET 0x40000000
150 #define KRB5_ADM_M_SET 0x80000000
152 #define KRB5_ADM_M_EXTRADATA 0x00000000 /* Hack to get */
153 /* libkadm to compile */
155 #define KRB5_ADM_M_SET_VALID (KRB5_ADM_M_SET + \
156 KRB5_ADM_M_PASSWORD + \
157 KRB5_ADM_M_APASSWORD + \
158 KRB5_ADM_M_MAXLIFE + \
159 KRB5_ADM_M_MAXRENEWLIFE+ \
160 KRB5_ADM_M_EXPIRATION + \
161 KRB5_ADM_M_PWEXPIRATION+ \
162 KRB5_ADM_M_RANDOMKEY + \
163 KRB5_ADM_M_ARANDOMKEY + \
166 #define KRB5_ADM_M_GET_VALID (KRB5_ADM_M_GET + \
167 KRB5_ADM_M_MAXLIFE + \
168 KRB5_ADM_M_MAXRENEWLIFE+ \
169 KRB5_ADM_M_EXPIRATION + \
170 KRB5_ADM_M_PWEXPIRATION+ \
172 KRB5_ADM_M_LASTPWCHANGE+ \
173 KRB5_ADM_M_LASTSUCCESS + \
174 KRB5_ADM_M_LASTFAILED + \
175 KRB5_ADM_M_FAILCOUNT + \
176 KRB5_ADM_M_AUXDATA + \
180 * Keytab reply components.
182 #define KRB5_ADM_KT_PRINCIPAL 0
183 #define KRB5_ADM_KT_TIMESTAMP 1
184 #define KRB5_ADM_KT_VNO 2
185 #define KRB5_ADM_KT_KEY_ENCTYPE 3
186 #define KRB5_ADM_KT_KEY_KEY 4
187 #define KRB5_ADM_KT_NCOMPS 5
189 /* for krb5_key_salt_tuple */
193 * Data structure returned by krb5_read_realm_params()
195 typedef struct __krb5_realm_params {
196 char * realm_profile;
197 char * realm_mkey_name;
198 char * realm_stash_file;
199 char * realm_kdc_ports;
200 char * realm_kdc_tcp_ports;
201 char * realm_acl_file;
202 char * realm_host_based_services;
203 char * realm_no_host_referral;
204 krb5_int32 realm_kadmind_port;
205 krb5_enctype realm_enctype;
206 krb5_deltat realm_max_life;
207 krb5_deltat realm_max_rlife;
208 krb5_timestamp realm_expiration;
209 krb5_flags realm_flags;
210 krb5_key_salt_tuple *realm_keysalts;
211 unsigned int realm_reject_bad_transit:1;
212 unsigned int realm_restrict_anon:1;
213 unsigned int realm_kadmind_port_valid:1;
214 unsigned int realm_enctype_valid:1;
215 unsigned int realm_max_life_valid:1;
216 unsigned int realm_max_rlife_valid:1;
217 unsigned int realm_expiration_valid:1;
218 unsigned int realm_flags_valid:1;
219 unsigned int realm_reject_bad_transit_valid:1;
220 unsigned int realm_restrict_anon_valid:1;
221 krb5_int32 realm_num_keysalts;
223 #endif /* KRB5_ADM_H__ */