1/*
2 * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
3 * Use is subject to license terms.
4 */
5
6%#pragma ident	"%Z%%M%	%I%	%E% SMI"
7
8#ifdef RPC_XDR
9%#include "iprop.h"
10#endif /* RPC_XDR */
11
12/*
13 * Initial declarations
14 */
15
16#ifndef RPC_HDR
17typedef short int16_t;
18typedef unsigned short uint16_t;
19typedef int int32_t;
20typedef unsigned int uint32_t;
21typedef hyper int64_t;
22typedef unsigned hyper uint64_t;
23#endif  /* !RPC_HDR */
24
25typedef opaque	 utf8str_t<>;
26
27/*
28 * Transaction log serial no.
29 */
30typedef uint32_t	kdb_sno_t;
31
32/* Timestamp */
33struct kdbe_time_t {
34	uint32_t	seconds;
35	uint32_t	useconds;
36};
37
38/* Key Data */
39struct kdbe_key_t {
40	int32_t		k_ver;	/* Version */
41	int32_t		k_kvno;	/* Key version no. */
42	int32_t		k_enctype<>;
43	utf8str_t	k_contents<>;
44};
45
46/* Content data */
47struct kdbe_data_t {
48	int32_t		k_magic;
49	utf8str_t	k_data;
50};
51
52/* Principal Data */
53struct kdbe_princ_t {
54	utf8str_t	k_realm;
55	kdbe_data_t	k_components<>;
56	int32_t		k_nametype;
57};
58
59/* TL data (pre-auth specific data) */
60struct kdbe_tl_t {
61	int16_t		tl_type;
62	opaque		tl_data<>;
63};
64
65/* Structure to store pwd history */
66typedef kdbe_key_t kdbe_pw_hist_t<>;
67
68/* Basic KDB entry attributes */
69enum kdbe_attr_type_t {
70	AT_ATTRFLAGS = 0,
71	AT_MAX_LIFE = 1,
72	AT_MAX_RENEW_LIFE = 2,
73	AT_EXP = 3,
74	AT_PW_EXP = 4,
75	AT_LAST_SUCCESS = 5,
76	AT_LAST_FAILED = 6,
77	AT_FAIL_AUTH_COUNT = 7,
78	AT_PRINC = 8,
79	AT_KEYDATA = 9,
80	AT_TL_DATA = 10,
81	AT_LEN = 11,
82	AT_MOD_PRINC = 12,
83	AT_MOD_TIME = 13,
84	AT_MOD_WHERE = 14,
85	AT_PW_LAST_CHANGE = 15,
86	AT_PW_POLICY = 16,
87	AT_PW_POLICY_SWITCH = 17,
88	AT_PW_HIST_KVNO = 18,
89	AT_PW_HIST = 19
90};
91
92/* KDB entry, Attribute=value */
93union kdbe_val_t switch (kdbe_attr_type_t av_type) {
94case AT_ATTRFLAGS:
95	uint32_t	av_attrflags;
96case AT_MAX_LIFE:
97	uint32_t	av_max_life;
98case AT_MAX_RENEW_LIFE:
99	uint32_t	av_max_renew_life;
100case AT_EXP:
101	uint32_t	av_exp;
102case AT_PW_EXP:
103	uint32_t	av_pw_exp;
104case AT_LAST_SUCCESS:
105	uint32_t	av_last_success;
106case AT_LAST_FAILED:
107	uint32_t	av_last_failed;
108case AT_FAIL_AUTH_COUNT:
109	uint32_t	av_fail_auth_count;
110case AT_PRINC:
111	kdbe_princ_t	av_princ;
112case AT_KEYDATA:
113	kdbe_key_t	av_keydata<>;	/* array of keys */
114case AT_TL_DATA:
115	kdbe_tl_t	av_tldata<>;	/* array of TL data */
116case AT_LEN:
117	int16_t		av_len;
118case AT_PW_LAST_CHANGE:
119	uint32_t	av_pw_last_change;
120case AT_MOD_PRINC:
121	kdbe_princ_t	av_mod_princ;
122case AT_MOD_TIME:
123	uint32_t	av_mod_time;
124case AT_MOD_WHERE:
125	utf8str_t	av_mod_where;
126case AT_PW_POLICY:
127	utf8str_t	av_pw_policy;
128case AT_PW_POLICY_SWITCH:
129	bool		av_pw_policy_switch;
130case AT_PW_HIST_KVNO:
131	uint32_t	av_pw_hist_kvno;
132case AT_PW_HIST:
133	kdbe_pw_hist_t	av_pw_hist<>;	/* array of pw history */
134default:
135	opaque		av_extension<>;	/* futures */
136};
137
138typedef kdbe_val_t kdbe_t<>;	    /* Array of attr/val makes a KDB entry */
139
140/*
141 * Incremental update
142 */
143struct kdb_incr_update_t {
144	utf8str_t	kdb_princ_name;	/* Principal name */
145	kdb_sno_t	kdb_entry_sno;	/* Serial # of entry */
146	kdbe_time_t	kdb_time;	/* Timestamp of update */
147	kdbe_t		kdb_update; 	/* Attributes modified */
148	bool		kdb_deleted;	/* Is this update a DELETION ? */
149	bool		kdb_commit;	/* Is the entry committed or not ? */
150	utf8str_t	kdb_kdcs_seen_by<>; /* Names of slaves that have */
151					    /* seen this update - for */
152					    /* future use */
153	opaque		kdb_futures<>;	/* futures */
154};
155
156/*
157 * Update log body
158 */
159typedef kdb_incr_update_t kdb_ulog_t<>;
160
161enum update_status_t {
162	UPDATE_OK = 0,
163	UPDATE_ERROR = 1,
164	UPDATE_FULL_RESYNC_NEEDED = 2,
165	UPDATE_BUSY = 3,
166	UPDATE_NIL = 4,
167	UPDATE_PERM_DENIED = 5
168};
169
170struct kdb_last_t {
171	kdb_sno_t	last_sno;
172	kdbe_time_t	last_time;
173};
174
175struct kdb_incr_result_t {
176	kdb_last_t		lastentry;
177	kdb_ulog_t		updates;
178	update_status_t		ret;
179};
180
181struct kdb_fullresync_result_t {
182	kdb_last_t		lastentry;
183	update_status_t 	ret;
184};
185
186program KRB5_IPROP_PROG {
187	version KRB5_IPROP_VERS {
188		/*
189		 * NULL procedure
190		 */
191		void
192		IPROP_NULL(void) = 0;
193
194		/*
195		 * Keep waiting for and get next incremental update(s)
196		 *
197		 * Will return latest kdb_vers on the master (if different),
198		 * alongwith return value and affected db entries.
199		 */
200		kdb_incr_result_t
201		IPROP_GET_UPDATES(kdb_last_t) = 1;
202
203		/*
204		 * We need to do the full-resync of the db, since the
205		 * serial nos./timestamps are way out-of-whack
206		 */
207		kdb_fullresync_result_t
208		IPROP_FULL_RESYNC(void) = 2;
209	} = 1;
210} = 100423;
211