From 56f2a1dacaa0c7e19cf1c0119711d82984b775c6 Mon Sep 17 00:00:00 2001
From: Paul Park <pjpark@mit.edu>
Date: Tue, 9 May 1995 19:19:54 +0000
Subject: [PATCH] Add definitions for new administrative protocol extensions

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5767 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/include/krb5/ChangeLog   |   4 ++
 src/include/krb5/adm.h       | 128 ++++++++++++++++++++++++++++++++---
 src/include/krb5/adm_proto.h |  38 ++++++++++-
 3 files changed, 158 insertions(+), 12 deletions(-)

diff --git a/src/include/krb5/ChangeLog b/src/include/krb5/ChangeLog
index 4d65e6034..ceed78d25 100644
--- a/src/include/krb5/ChangeLog
+++ b/src/include/krb5/ChangeLog
@@ -1,3 +1,7 @@
+
+Tue May 9 15:17:00 EDT 1995	Paul Park	(pjpark@mit.edu)
+	Add definitions and prototypes for new administrative protocol.
+
 Mon May  8 22:13:15 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
 	* los-proto.h: krb5_read_password - prompt strings should be const
diff --git a/src/include/krb5/adm.h b/src/include/krb5/adm.h
index e8290da28..917a7e308 100644
--- a/src/include/krb5/adm.h
+++ b/src/include/krb5/adm.h
@@ -28,6 +28,7 @@
  * Kerberos V5 Change Password service name
  */
 #define	KRB5_ADM_SERVICE_NAME	"changepw"
+#define	KRB5_ADM_DEFAULT_PORT	752
 
 /*
  * Maximum password length.
@@ -35,7 +36,7 @@
 #define	KRB5_ADM_MAX_PASSWORD_LEN	512
 
 /*
- * Protocl command strings.
+ * Protocol command strings.
  */
 #define	KRB5_ADM_QUIT_CMD	"QUIT"
 #define	KRB5_ADM_CHECKPW_CMD	"CHECKPW"
@@ -44,6 +45,15 @@
 #define	KRB5_ADM_MIME_CMD	"MIME"
 #define	KRB5_ADM_LANGUAGE_CMD	"LANGUAGE"
 
+#define	KRB5_ADM_ADD_PRINC_CMD	"ADD-PRINCIPAL"
+#define	KRB5_ADM_DEL_PRINC_CMD	"DELETE-PRINCIPAL"
+#define	KRB5_ADM_REN_PRINC_CMD	"RENAME-PRINCIPAL"
+#define	KRB5_ADM_MOD_PRINC_CMD	"MODIFY-PRINCIPAL"
+#define	KRB5_ADM_CHG_OPW_CMD	"OTHER-CHANGEPW"
+#define	KRB5_ADM_CHG_ORPW_CMD	"OTHER-RANDOM-CHANGEPW"
+#define	KRB5_ADM_INQ_PRINC_CMD	"INQUIRE-PRINCIPAL"
+#define	KRB5_ADM_EXT_KEY_CMD	"EXTRACT-KEY"
+
 /*
  * Reply status values.
  */
@@ -55,14 +65,114 @@
 #define	KRB5_ADM_CANT_CHANGE		5
 #define	KRB5_ADM_LANG_NOT_SUPPORTED	6
 
+#define	KRB5_ADM_P_ALREADY_EXISTS	64
+#define	KRB5_ADM_P_DOES_NOT_EXIST	65
+#define	KRB5_ADM_NOT_AUTHORIZED		66
+#define	KRB5_ADM_BAD_OPTION		67
+#define	KRB5_ADM_VALUE_REQUIRED		68
+#define	KRB5_ADM_SYSTEM_ERROR		69
+
+/*
+ * Principal flag keywords.
+ */
+/* Settable only */
+#define	KRB5_ADM_KW_PASSWORD		"PASSWORD"
+#define	KRB5_ADM_KW_RANDOMKEY		"RANDOMKEY"
+/* Settable and retrievable */
+#define	KRB5_ADM_KW_KVNO		"KVNO"
+#define	KRB5_ADM_KW_MAXLIFE		"MAXLIFE"
+#define	KRB5_ADM_KW_MAXRENEWLIFE	"MAXRENEWLIFE"
+#define	KRB5_ADM_KW_EXPIRATION		"EXPIRATION"
+#define	KRB5_ADM_KW_PWEXPIRATION	"PWEXPIRATION"
+#define	KRB5_ADM_KW_FLAGS		"FLAGS"
+#define	KRB5_ADM_KW_SALTTYPE		"SALTTYPE"
+/* Retrievable only */
+#define	KRB5_ADM_KW_MKVNO		"MKVNO"
+#define	KRB5_ADM_KW_LASTPWCHANGE	"LASTPWCHANGE"
+#define	KRB5_ADM_KW_LASTSUCCESS		"LASTSUCCESS"
+#define	KRB5_ADM_KW_LASTFAILED		"LASTFAILED"
+#define	KRB5_ADM_KW_FAILCOUNT		"FAILCOUNT"
+#define	KRB5_ADM_KW_MODNAME		"MODNAME"
+#define	KRB5_ADM_KW_MODDATE		"MODDATE"
+
+#define	KRB5_ADM_KW_MAX_SET		9
+#define	KRB5_ADM_KW_MAX_GET		15
+
+/* Valid mask */
+#define	KRB5_ADM_M_PASSWORD		0x00000001
+#define	KRB5_ADM_M_KVNO			0x00000002
+#define	KRB5_ADM_M_MAXLIFE		0x00000004
+#define	KRB5_ADM_M_MAXRENEWLIFE		0x00000008
+#define	KRB5_ADM_M_EXPIRATION		0x00000010
+#define	KRB5_ADM_M_PWEXPIRATION		0x00000020
+#define	KRB5_ADM_M_RANDOMKEY		0x00000040
+#define	KRB5_ADM_M_FLAGS		0x00000080
+#define	KRB5_ADM_M_SALTTYPE		0x00000100
+#define	KRB5_ADM_M_MKVNO		0x00000200
+#define	KRB5_ADM_M_LASTPWCHANGE		0x00000400
+#define	KRB5_ADM_M_LASTSUCCESS		0x00000800
+#define	KRB5_ADM_M_LASTFAILED		0x00001000
+#define	KRB5_ADM_M_FAILCOUNT		0x00002000
+#define	KRB5_ADM_M_MODNAME		0x00004000
+#define	KRB5_ADM_M_MODDATE		0x00008000
+#define	KRB5_ADM_M_UNUSED_16		0x00010000
+#define	KRB5_ADM_M_UNUSED_17		0x00020000
+#define	KRB5_ADM_M_UNUSED_18		0x00040000
+#define	KRB5_ADM_M_UNUSED_19		0x00080000
+#define	KRB5_ADM_M_UNUSED_20		0x00100000
+#define	KRB5_ADM_M_UNUSED_21		0x00200000
+#define	KRB5_ADM_M_UNUSED_22		0x00400000
+#define	KRB5_ADM_M_UNUSED_23		0x00800000
+#define	KRB5_ADM_M_UNUSED_24		0x01000000
+#define	KRB5_ADM_M_UNUSED_25		0x02000000
+#define	KRB5_ADM_M_UNUSED_26		0x04000000
+#define	KRB5_ADM_M_UNUSED_27		0x08000000
+#define	KRB5_ADM_M_UNUSED_28		0x10000000
+#define	KRB5_ADM_M_UNUSED_29		0x20000000
+#define	KRB5_ADM_M_GET			0x40000000
+#define	KRB5_ADM_M_SET			0x80000000
+
+#define	KRB5_ADM_M_SET_VALID		(KRB5_ADM_M_SET		+ \
+					 KRB5_ADM_M_PASSWORD	+ \
+					 KRB5_ADM_M_KVNO	+ \
+					 KRB5_ADM_M_MAXLIFE	+ \
+					 KRB5_ADM_M_MAXRENEWLIFE+ \
+					 KRB5_ADM_M_EXPIRATION	+ \
+					 KRB5_ADM_M_PWEXPIRATION+ \
+					 KRB5_ADM_M_RANDOMKEY	+ \
+					 KRB5_ADM_M_FLAGS	+ \
+					 KRB5_ADM_M_SALTTYPE)
+#define	KRB5_ADM_M_GET_VALID		(KRB5_ADM_M_GET		+ \
+					 KRB5_ADM_M_KVNO	+ \
+					 KRB5_ADM_M_MAXLIFE	+ \
+					 KRB5_ADM_M_MAXRENEWLIFE+ \
+					 KRB5_ADM_M_EXPIRATION	+ \
+					 KRB5_ADM_M_PWEXPIRATION+ \
+					 KRB5_ADM_M_FLAGS	+ \
+					 KRB5_ADM_M_SALTTYPE	+ \
+					 KRB5_ADM_M_MKVNO	+ \
+					 KRB5_ADM_M_LASTPWCHANGE+ \
+					 KRB5_ADM_M_LASTSUCCESS	+ \
+					 KRB5_ADM_M_LASTFAILED	+ \
+					 KRB5_ADM_M_FAILCOUNT	+ \
+					 KRB5_ADM_M_MODNAME	+ \
+					 KRB5_ADM_M_MODDATE)
+
+/* Values for salttype */
+#define	KRB5_ADM_SALTTYPE_NORMAL	"KRB5"
+#define	KRB5_ADM_SALTTYPE_V4		"KRB4"
+#define	KRB5_ADM_SALTTYPE_NOREALM	"KRB5-NOREALM"
+#define	KRB5_ADM_SALTTYPE_ONLYREALM	"KRB5-ONLYREALM"
+#define	KRB5_ADM_SALTTYPE_SPECIAL	"SPECIAL"
+
 /*
- * Subcodes.
+ * Keytab reply components.
  */
-#define	KRB5_ADM_BAD_ARGS		10
-#define	KRB5_ADM_BAD_CMD		11
-#define	KRB5_ADM_NO_CMD			12
-#define	KRB5_ADM_BAD_PRINC		20
-#define	KRB5_ADM_PWD_TOO_SHORT		21
-#define	KRB5_ADM_PWD_WEAK		22
-#define	KRB5_ADM_NOT_ALLOWED		100
+#define	KRB5_ADM_KT_PRINCIPAL	0
+#define	KRB5_ADM_KT_TIMESTAMP	1
+#define	KRB5_ADM_KT_VNO		2
+#define	KRB5_ADM_KT_KEY_KEYTYPE	3
+#define	KRB5_ADM_KT_KEY_ETYPE	4
+#define	KRB5_ADM_KT_KEY_KEY	5
+#define	KRB5_ADM_KT_NCOMPS	6
 #endif	/* KRB5_ADM_H__ */
diff --git a/src/include/krb5/adm_proto.h b/src/include/krb5/adm_proto.h
index 54e5c0f15..60f0f18ba 100644
--- a/src/include/krb5/adm_proto.h
+++ b/src/include/krb5/adm_proto.h
@@ -43,7 +43,39 @@ void krb5_adm_disconnect
 		   krb5_auth_context *,
 		   krb5_ccache));
 
-/* adm_proto.c */
+/* adm_kw_dec.c */
+krb5_error_code krb5_adm_proto_to_dbent
+	PROTOTYPE((krb5_context,
+		   krb5_int32,
+		   krb5_data *,
+		   krb5_ui_4 *,
+		   krb5_db_entry *,
+		   char **));
+
+/* adm_kw_enc.c */
+krb5_error_code krb5_adm_dbent_to_proto
+	PROTOTYPE((krb5_context,
+		   krb5_ui_4,
+		   krb5_db_entry *,
+		   char *,
+		   krb5_int32 *,
+		   krb5_data **));
+
+/* adm_kt_dec.c */
+krb5_error_code krb5_adm_proto_to_ktent
+	PROTOTYPE((krb5_context,
+		   krb5_int32,
+		   krb5_data *,
+		   krb5_keytab_entry *));
+
+/* adm_kt_enc.c */
+krb5_error_code krb5_adm_ktent_to_proto
+	PROTOTYPE((krb5_context,
+		   krb5_keytab_entry *,
+		   krb5_int32 *,
+		   krb5_data **));
+
+/* adm_rw.c */
 void krb5_free_adm_data
 	PROTOTYPE((krb5_context,
 		   krb5_int32,
@@ -53,14 +85,14 @@ krb5_error_code krb5_send_adm_cmd
 	PROTOTYPE((krb5_context,
 		   krb5_pointer,
 		   krb5_auth_context *,
-		   int,
+		   krb5_int32,
 		   krb5_data *));
 krb5_error_code krb5_send_adm_reply
 	PROTOTYPE((krb5_context,
 		   krb5_pointer,
 		   krb5_auth_context *,
 		   krb5_int32,
-		   int,
+		   krb5_int32,
 		   krb5_data *));
 krb5_error_code krb5_read_adm_cmd
 	PROTOTYPE((krb5_context,
-- 
2.26.2