1 /* 2 * $Source: /cvs/src/sasl/mac/kerberos_includes/old_krb.h,v $ 3 * $Author: rjs3 $ 4 * $Header: /cvs/src/sasl/mac/kerberos_includes/old_krb.h,v 1.2 2001/12/04 02:06:06 rjs3 Exp $ 5 * 6 * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 7 * 8 * For copying and distribution information, please see the file 9 * <mit-copyright.h>. 10 * 11 * Include file for the Kerberos library. 12 */ 13 14 #ifndef _KERBEROS_KRB_H 15 #define _KERBEROS_KRB_H 16 17 /* #pragma ident "@(#)krb.h 1.12 97/04/14 SMI" */ 18 19 #include <kerberos/mit-copyright.h> 20 #include <kerberos/des.h> 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif 25 26 /* Text describing error codes */ 27 #define KRB_ERRORS_TABLE_SIZE 256 28 #define MAX_KRB_ERRORS (KRB_ERRORS_TABLE_SIZE-1) 29 extern char *krb_err_txt[KRB_ERRORS_TABLE_SIZE]; 30 31 /* These are not defined for at least SunOS 3.3 and Ultrix 2.2 */ 32 #if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40) 33 #define FD_ZERO(p) ((p)->fds_bits[0] = 0) 34 #define FD_SET(n, p) ((p)->fds_bits[0] |= (1 << (n))) 35 #define FD_ISSET(n, p) ((p)->fds_bits[0] & (1 << (n))) 36 #endif /* ULTRIX022 || SunOS */ 37 38 /* General definitions */ 39 #define KSUCCESS 0 40 #define KFAILURE 255 41 42 #ifdef NO_UIDGID_T 43 typedef unsigned short uid_t; 44 typedef unsigned short gid_t; 45 #endif /* NO_UIDGID_T */ 46 47 /* 48 * Kerberos specific definitions 49 * 50 * KRBLOG is the log file for the kerberos master server. KRB_CONF is 51 * the configuration file where different host machines running master 52 * and slave servers can be found. KRB_MASTER is the name of the 53 * machine with the master database. The admin_server runs on this 54 * machine, and all changes to the db (as opposed to read-only 55 * requests, which can go to slaves) must go to it. KRB_HOST is the 56 * default machine when looking for a kerberos slave server. Other 57 * possibilities are in the KRB_CONF file. KRB_REALM is the name of 58 * the realm. 59 */ 60 61 #ifdef notdef 62 this is server - only, does not belong here; 63 #define KRBLOG "/kerberos/kerberos.log" 64 are these used anyplace '?'; 65 #define VX_KRB_HSTFILE "/etc/krbhst" 66 #define PC_KRB_HSTFILE "\\kerberos\\krbhst" 67 #endif 68 69 #define KRB_CONF "/etc/krb.conf" 70 #define KRB_RLM_TRANS "/etc/krb.realms" 71 #define KRB_MASTER "kerberos" 72 #define KRB_HOST KRB_MASTER 73 /* #define KRB_REALM "ATHENA.MIT.EDU" */ 74 #define KRB_REALM krb_get_default_realm() 75 char *krb_get_default_realm(); 76 77 #ifdef NIS 78 /* defines for use with NIS service */ 79 #define KRB_CONF_MAP "krb.conf" /* conf NIS map name */ 80 #define KRB_REALM_DEFKEY "DEFAULT_REALM" /* key for default realm */ 81 #endif /* NIS */ 82 83 /* The maximum sizes for aname, realm, sname, and instance +1 */ 84 #define ANAME_SZ 40 85 #define REALM_SZ 40 86 #define SNAME_SZ 40 87 #define INST_SZ 40 88 /* include space for '.' and '@' */ 89 #define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2) 90 #define KKEY_SZ 100 91 #define VERSION_SZ 1 92 #define MSG_TYPE_SZ 1 93 #define DATE_SZ 26 /* RTI date output */ 94 95 #define MAX_HSTNM 100 96 97 #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ 98 #define DEFAULT_TKT_LIFE 96 /* default lifetime for krb_mk_req */ 99 /* & co., 8 hrs */ 100 #endif 101 102 /* Definition of text structure used to pass text around */ 103 #define MAX_KTXT_LEN 1250 104 105 struct ktext { 106 int length; /* Length of the text */ 107 unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ 108 unsigned long mbz; /* zero to catch runaway */ 109 /* strings */ 110 }; 111 112 typedef struct ktext *KTEXT; 113 typedef struct ktext KTEXT_ST; 114 115 116 /* Definitions for send_to_kdc */ 117 #define CLIENT_KRB_TIMEOUT 4 /* time between retries */ 118 #define CLIENT_KRB_RETRY 5 /* retry this many times */ 119 #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ 120 121 /* Definitions for ticket file utilities */ 122 #define R_TKT_FIL 0 123 #define W_TKT_FIL 1 124 125 /* Definitions for cl_get_tgt */ 126 #ifdef PC 127 #define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts" 128 #else 129 #define CL_GTGT_INIT_FILE "/etc/k_in_tkts" 130 #endif /* PC */ 131 132 /* Parameters for rd_ap_req */ 133 /* Maximum alloable clock skew in seconds */ 134 #define CLOCK_SKEW 5*60 135 /* Filename for readservkey */ 136 #define KEYFILE "/etc/srvtab" 137 138 /* Structure definition for rd_ap_req */ 139 140 struct auth_dat { 141 unsigned char k_flags; /* Flags from ticket */ 142 char pname[ANAME_SZ]; /* Principal's name */ 143 char pinst[INST_SZ]; /* His Instance */ 144 char prealm[REALM_SZ]; /* His Realm */ 145 unsigned long checksum; /* Data checksum (opt) */ 146 C_Block session; /* Session Key */ 147 int life; /* Life of ticket */ 148 unsigned long time_sec; /* Time ticket issued */ 149 unsigned long address; /* Address in ticket */ 150 KTEXT_ST reply; /* Auth reply (opt) */ 151 }; 152 153 typedef struct auth_dat AUTH_DAT; 154 155 /* Structure definition for credentials returned by get_cred */ 156 157 struct credentials { 158 char service[ANAME_SZ]; /* Service name */ 159 char instance[INST_SZ]; /* Instance */ 160 char realm[REALM_SZ]; /* Auth domain */ 161 C_Block session; /* Session key */ 162 int lifetime; /* Lifetime */ 163 int kvno; /* Key version number */ 164 KTEXT_ST ticket_st; /* The ticket itself */ 165 long issue_date; /* The issue time */ 166 char pname[ANAME_SZ]; /* Principal's name */ 167 char pinst[INST_SZ]; /* Principal's instance */ 168 }; 169 170 typedef struct credentials CREDENTIALS; 171 172 /* Structure definition for rd_private_msg and rd_safe_msg */ 173 174 struct msg_dat { 175 unsigned char *app_data; /* pointer to appl data */ 176 unsigned long app_length; /* length of appl data */ 177 unsigned long hash; /* hash to lookup replay */ 178 int swap; /* swap bytes? */ 179 long time_sec; /* msg timestamp seconds */ 180 unsigned char time_5ms; /* msg timestamp 5ms units */ 181 }; 182 183 typedef struct msg_dat MSG_DAT; 184 185 186 /* Location of ticket file for save_cred and get_cred */ 187 #ifdef PC 188 #define TKT_FILE "\\kerberos\\ticket.ses" 189 #else 190 #define TKT_FILE tkt_string() 191 #define TKT_ROOT "/tmp/tkt" 192 #endif /* PC */ 193 194 /* Error codes returned from the KDC */ 195 #define KDC_OK 0 /* Request OK */ 196 #define KDC_NAME_EXP 1 /* Principal expired */ 197 #define KDC_SERVICE_EXP 2 /* Service expired */ 198 #define KDC_AUTH_EXP 3 /* Auth expired */ 199 #define KDC_PKT_VER 4 /* Protocol version unknown */ 200 #define KDC_P_MKEY_VER 5 /* Wrong master key version */ 201 #define KDC_S_MKEY_VER 6 /* Wrong master key version */ 202 #define KDC_BYTE_ORDER 7 /* Byte order unknown */ 203 #define KDC_PR_UNKNOWN 8 /* Principal unknown */ 204 #define KDC_PR_N_UNIQUE 9 /* Principal not unique */ 205 #define KDC_NULL_KEY 10 /* Principal has null key */ 206 #define KDC_GEN_ERR 20 /* Generic error from KDC */ 207 208 209 /* Values returned by get_credentials */ 210 #define GC_OK 0 /* Retrieve OK */ 211 #define RET_OK 0 /* Retrieve OK */ 212 #define GC_TKFIL 21 /* Can't read ticket file */ 213 #define RET_TKFIL 21 /* Can't read ticket file */ 214 #define GC_NOTKT 22 /* Can't find ticket or TGT */ 215 #define RET_NOTKT 22 /* Can't find ticket or TGT */ 216 217 218 /* Values returned by mk_ap_req */ 219 #define MK_AP_OK 0 /* Success */ 220 #define MK_AP_TGTEXP 26 /* TGT Expired */ 221 222 /* Values returned by rd_ap_req */ 223 #define RD_AP_OK 0 /* Request authentic */ 224 #define RD_AP_UNDEC 31 /* Can't decode authenticator */ 225 #define RD_AP_EXP 32 /* Ticket expired */ 226 #define RD_AP_NYV 33 /* Ticket not yet valid */ 227 #define RD_AP_REPEAT 34 /* Repeated request */ 228 #define RD_AP_NOT_US 35 /* The ticket isn't for us */ 229 #define RD_AP_INCON 36 /* Request is inconsistent */ 230 #define RD_AP_TIME 37 /* delta_t too big */ 231 #define RD_AP_BADD 38 /* Incorrect net address */ 232 #define RD_AP_VERSION 39 /* protocol version mismatch */ 233 #define RD_AP_MSG_TYPE 40 /* invalid msg type */ 234 #define RD_AP_MODIFIED 41 /* message stream modified */ 235 #define RD_AP_ORDER 42 /* message out of order */ 236 #define RD_AP_UNAUTHOR 43 /* unauthorized request */ 237 238 /* Values returned by get_pw_tkt */ 239 #define GT_PW_OK 0 /* Got password changing tkt */ 240 #define GT_PW_NULL 51 /* Current PW is null */ 241 #define GT_PW_BADPW 52 /* Incorrect current password */ 242 #define GT_PW_PROT 53 /* Protocol Error */ 243 #define GT_PW_KDCERR 54 /* Error returned by KDC */ 244 #define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ 245 246 247 /* Values returned by send_to_kdc */ 248 #define SKDC_OK 0 /* Response received */ 249 #define SKDC_RETRY 56 /* Retry count exceeded */ 250 #define SKDC_CANT 57 /* Can't send request */ 251 252 /* 253 * Values returned by get_intkt 254 * (can also return SKDC_* and KDC errors) 255 */ 256 257 #define INTK_OK 0 /* Ticket obtained */ 258 #define INTK_W_NOTALL 61 /* Not ALL tickets returned */ 259 #define INTK_BADPW 62 /* Incorrect password */ 260 #define INTK_PROT 63 /* Protocol Error */ 261 #define INTK_ERR 70 /* Other error */ 262 263 /* Values returned by get_adtkt */ 264 #define AD_OK 0 /* Ticket Obtained */ 265 #define AD_NOTGT 71 /* Don't have tgt */ 266 267 /* Error codes returned by ticket file utilities */ 268 #define NO_TKT_FIL 76 /* No ticket file found */ 269 #define TKT_FIL_ACC 77 /* Couldn't access tkt file */ 270 #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ 271 #define TKT_FIL_FMT 79 /* Bad ticket file format */ 272 #define TKT_FIL_INI 80 /* tf_init not called first */ 273 274 /* Error code returned by kparse_name */ 275 #define KNAME_FMT 81 /* Bad Kerberos name format */ 276 277 /* Error code returned by krb_mk_safe */ 278 #define SAFE_PRIV_ERROR -1 /* syscall error */ 279 280 /* 281 * macros for byte swapping; also scratch space 282 * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 283 * u_long 0-->3, 1-->2, 2-->1, 3-->0 284 * u_short 0-->1, 1-->0 285 */ 286 287 #define swap_u_16(x) {\ 288 unsigned long _krb_swap_tmp[4]; \ 289 swab(((char *)x) +0, ((char *)_krb_swap_tmp) +14, 2); \ 290 swab(((char *)x) +2, ((char *)_krb_swap_tmp) +12, 2); \ 291 swab(((char *)x) +4, ((char *)_krb_swap_tmp) +10, 2); \ 292 swab(((char *)x) +6, ((char *)_krb_swap_tmp) +8, 2); \ 293 swab(((char *)x) +8, ((char *)_krb_swap_tmp) +6, 2); \ 294 swab(((char *)x) +10, ((char *)_krb_swap_tmp) +4, 2); \ 295 swab(((char *)x) +12, ((char *)_krb_swap_tmp) +2, 2); \ 296 swab(((char *)x) +14, ((char *)_krb_swap_tmp) +0, 2); \ 297 memcpy((char *)x, (char *)_krb_swap_tmp, 16); \ 298 } 299 300 #define swap_u_12(x) {\ 301 unsigned long _krb_swap_tmp[4]; \ 302 swab(((char *)x) +0, ((char *)_krb_swap_tmp) +10, 2); \ 303 swab(((char *)x) +2, ((char *)_krb_swap_tmp) +8, 2); \ 304 swab(((char *)x) +4, ((char *)_krb_swap_tmp) +6, 2); \ 305 swab(((char *)x) +6, ((char *)_krb_swap_tmp) +4, 2); \ 306 swab(((char *)x) +8, ((char *)_krb_swap_tmp) +2, 2); \ 307 swab(((char *)x) +10, ((char *)_krb_swap_tmp) +0, 2); \ 308 memcpy((char *)x, (char *)_krb_swap_tmp, 12); \ 309 } 310 311 #define swap_C_Block(x) {\ 312 unsigned long _krb_swap_tmp[4]; \ 313 swab(((char *)x) +0, ((char *)_krb_swap_tmp) +6, 2); \ 314 swab(((char *)x) +2, ((char *)_krb_swap_tmp) +4, 2); \ 315 swab(((char *)x) +4, ((char *)_krb_swap_tmp) +2, 2); \ 316 swab(((char *)x) +6, ((char *)_krb_swap_tmp) +0, 2); \ 317 memcpy((char *)x, (char *)_krb_swap_tmp, 8); \ 318 } 319 320 #define swap_u_quad(x) {\ 321 unsigned long _krb_swap_tmp[4]; \ 322 swab(((char *)&x) +0, ((char *)_krb_swap_tmp) +6, 2); \ 323 swab(((char *)&x) +2, ((char *)_krb_swap_tmp) +4, 2); \ 324 swab(((char *)&x) +4, ((char *)_krb_swap_tmp) +2, 2); \ 325 swab(((char *)&x) +6, ((char *)_krb_swap_tmp) +0, 2); \ 326 memcpy((char *)&x, (char *)_krb_swap_tmp, 8); \ 327 } 328 329 #define swap_u_long(x) { \ 330 unsigned long _krb_swap_tmp[4]; \ 331 swab(((char *)&x) +0, ((char *)_krb_swap_tmp) +2, 2); \ 332 swab(((char *)&x) +2, ((char *)_krb_swap_tmp) +0, 2); \ 333 x = _krb_swap_tmp[0]; \ 334 } 335 336 #define swap_u_short(x) {\ 337 unsigned short _krb_swap_sh_tmp; \ 338 swab(((char *)&x), (&_krb_swap_sh_tmp), 2); \ 339 x = (unsigned short) _krb_swap_sh_tmp; \ 340 } 341 342 /* Kerberos ticket flag field bit definitions */ 343 #define K_FLAG_ORDER 0 /* bit 0 --> lsb */ 344 #define K_FLAG_1 /* reserved */ 345 #define K_FLAG_2 /* reserved */ 346 #define K_FLAG_3 /* reserved */ 347 #define K_FLAG_4 /* reserved */ 348 #define K_FLAG_5 /* reserved */ 349 #define K_FLAG_6 /* reserved */ 350 #define K_FLAG_7 /* reserved, bit 7 --> msb */ 351 352 #ifndef PC 353 char *tkt_string(); 354 #endif /* PC */ 355 356 /* 357 * forward declartion otherwise need to include netinet/in.h 358 */ 359 360 struct sockaddr_in; 361 362 #ifdef OLDNAMES 363 #define krb_mk_req mk_ap_req 364 #define krb_rd_req rd_ap_req 365 #define krb_kntoln an_to_ln 366 #define krb_set_key set_serv_key 367 #define krb_get_cred get_credentials 368 #define krb_mk_priv mk_private_msg 369 #define krb_rd_priv rd_private_msg 370 #define krb_mk_safe mk_safe_msg 371 #define krb_rd_safe rd_safe_msg 372 #define krb_mk_err mk_appl_err_msg 373 #define krb_rd_err rd_appl_err_msg 374 #define krb_ck_repl check_replay 375 #define krb_get_pw_in_tkt get_in_tkt 376 #define krb_get_svc_in_tkt get_svc_in_tkt 377 #define krb_get_pw_tkt get_pw_tkt 378 #define krb_realmofhost krb_getrealm 379 #define krb_get_phost get_phost 380 #define krb_get_krbhst get_krbhst 381 #define krb_get_lrealm get_krbrlm 382 #else 383 #ifdef __STDC__ 384 extern int krb_mk_req(KTEXT, char *, char *, char *, long); 385 extern int krb_rd_req(KTEXT, char *, char *, long, AUTH_DAT *, char *); 386 extern int krb_kntoln(AUTH_DAT *, char *); 387 extern int krb_set_key(char *, int); 388 extern int krb_get_cred(char *, char *, char *, CREDENTIALS *); 389 extern long krb_mk_safe(unsigned char *, unsigned char *, unsigned long, 390 C_Block *, struct sockaddr_in *, struct sockaddr_in *); 391 extern long krb_rd_safe(unsigned char *, unsigned long, C_Block *, 392 struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *); 393 extern long krb_mk_err(unsigned char *, long, char *); 394 extern int krb_rd_err(unsigned char *, unsigned long, long *, MSG_DAT *); 395 extern char *krb_realmofhost(char *); 396 extern char *krb_get_phost(char *); 397 extern int krb_get_krbhst(char *, char *, int); 398 extern int krb_get_admhst(char *, char *, int); 399 extern int krb_get_lrealm(char *realm, int n); 400 extern int krb_sendauth(long, int, KTEXT, char *, char *, char *, unsigned long, 401 MSG_DAT *, CREDENTIALS *, Key_schedule, struct sockaddr_in *, 402 struct sockaddr_in *, char *); 403 extern int krb_recvauth(long, int, KTEXT, char *, char *, 404 struct sockaddr_in *, struct sockaddr_in *, 405 AUTH_DAT *, char *, Key_schedule, char *); 406 extern int krb_net_write(int, char *, int); 407 extern int krb_net_read(int, char *, int); 408 extern void krb_set_tkt_string(char *); 409 #else 410 extern int krb_mk_req(); 411 extern int krb_rd_req(); 412 extern int krb_kntoln(); 413 extern int krb_set_key(); 414 extern int krb_get_cred(); 415 extern long krb_mk_safe(); 416 extern long krb_rd_safe(); 417 extern long krb_mk_err(); 418 extern int krb_rd_err(); 419 extern char *krb_realmofhost(); 420 extern char *krb_get_phost(); 421 extern int krb_get_krbhst(); 422 extern int krb_get_admhst(); 423 extern int krb_get_lrealm(); 424 extern int krb_sendauth(); 425 extern int krb_recvauth(); 426 extern int krb_net_write(); 427 extern int krb_net_read(); 428 extern void krb_set_tkt_string(); 429 #endif /* __STDC__ */ 430 #endif /* OLDNAMES */ 431 432 /* Defines for krb_sendauth and krb_recvauth */ 433 434 #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ 435 #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ 436 #define KOPT_DONT_CANON 0x00000004 /* don't canonicalize inst */ 437 /* as a hostname */ 438 439 #define KRB_SENDAUTH_VLEN 8 /* length for version strings */ 440 441 #ifdef ATHENA_COMPAT 442 #define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */ 443 #endif /* ATHENA_COMPAT */ 444 445 #ifdef __cplusplus 446 } 447 #endif 448 449 #endif /* _KERBEROS_KRB_H */ 450