174462Salfred/* $FreeBSD$ */ 2261046Smav/*- 3261046Smav * Copyright (c) 2009, Sun Microsystems, Inc. 4261046Smav * All rights reserved. 5166431Sschweikh * 6261046Smav * Redistribution and use in source and binary forms, with or without 7261046Smav * modification, are permitted provided that the following conditions are met: 8261046Smav * - Redistributions of source code must retain the above copyright notice, 9261046Smav * this list of conditions and the following disclaimer. 10261046Smav * - Redistributions in binary form must reproduce the above copyright notice, 11261046Smav * this list of conditions and the following disclaimer in the documentation 12261046Smav * and/or other materials provided with the distribution. 13261046Smav * - Neither the name of Sun Microsystems, Inc. nor the names of its 14261046Smav * contributors may be used to endorse or promote products derived 15261046Smav * from this software without specific prior written permission. 16166431Sschweikh * 17261046Smav * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18261046Smav * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19261046Smav * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20261046Smav * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21261046Smav * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22261046Smav * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23261046Smav * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24261046Smav * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25261046Smav * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26261046Smav * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27261046Smav * POSSIBILITY OF SUCH DAMAGE. 2874462Salfred */ 2974462Salfred/* 3074462Salfred * auth_kerb.h, Protocol for Kerberos style authentication for RPC 3174462Salfred * 3274462Salfred * Copyright (C) 1986, Sun Microsystems, Inc. 3374462Salfred */ 3474462Salfred 3574462Salfred#ifndef _RPC_AUTH_KERB_H 3674462Salfred#define _RPC_AUTH_KERB_H 3774462Salfred 3874462Salfred#ifdef KERBEROS 3974462Salfred 4074462Salfred#include <kerberos/krb.h> 4174462Salfred#include <sys/socket.h> 4274462Salfred#include <sys/t_kuser.h> 4374462Salfred#include <netinet/in.h> 4474462Salfred#include <rpc/svc.h> 4574462Salfred 4674462Salfred/* 4774462Salfred * There are two kinds of "names": fullnames and nicknames 4874462Salfred */ 4974462Salfredenum authkerb_namekind { 5074462Salfred AKN_FULLNAME, 5174462Salfred AKN_NICKNAME 5274462Salfred}; 5374462Salfred/* 5474462Salfred * A fullname contains the ticket and the window 5574462Salfred */ 5674462Salfredstruct authkerb_fullname { 5774462Salfred KTEXT_ST ticket; 5874462Salfred u_long window; /* associated window */ 5974462Salfred}; 6074462Salfred 6174462Salfred/* 6274462Salfred * cooked credential stored in rq_clntcred 6374462Salfred */ 6474462Salfredstruct authkerb_clnt_cred { 6574462Salfred /* start of AUTH_DAT */ 6674462Salfred unsigned char k_flags; /* Flags from ticket */ 6774462Salfred char pname[ANAME_SZ]; /* Principal's name */ 6874462Salfred char pinst[INST_SZ]; /* His Instance */ 6974462Salfred char prealm[REALM_SZ]; /* His Realm */ 7074462Salfred unsigned long checksum; /* Data checksum (opt) */ 7174462Salfred C_Block session; /* Session Key */ 7274462Salfred int life; /* Life of ticket */ 7374462Salfred unsigned long time_sec; /* Time ticket issued */ 7474462Salfred unsigned long address; /* Address in ticket */ 7574462Salfred /* KTEXT_ST reply; Auth reply (opt) */ 7674462Salfred /* end of AUTH_DAT */ 7774462Salfred unsigned long expiry; /* time the ticket is expiring */ 7874462Salfred u_long nickname; /* Nickname into cache */ 7974462Salfred u_long window; /* associated window */ 8074462Salfred}; 8174462Salfred 8274462Salfredtypedef struct authkerb_clnt_cred authkerb_clnt_cred; 8374462Salfred 8474462Salfred/* 8574462Salfred * A credential 8674462Salfred */ 8774462Salfredstruct authkerb_cred { 8874462Salfred enum authkerb_namekind akc_namekind; 8974462Salfred struct authkerb_fullname akc_fullname; 9074462Salfred u_long akc_nickname; 9174462Salfred}; 9274462Salfred 9374462Salfred/* 9474462Salfred * A kerb authentication verifier 9574462Salfred */ 9674462Salfredstruct authkerb_verf { 9774462Salfred union { 9874462Salfred struct timeval akv_ctime; /* clear time */ 9974462Salfred des_block akv_xtime; /* crypt time */ 10074462Salfred } akv_time_u; 10174462Salfred u_long akv_int_u; 10274462Salfred}; 10374462Salfred 10474462Salfred/* 10574462Salfred * des authentication verifier: client variety 10674462Salfred * 10774462Salfred * akv_timestamp is the current time. 10874462Salfred * akv_winverf is the credential window + 1. 10974462Salfred * Both are encrypted using the conversation key. 11074462Salfred */ 11174462Salfred#ifndef akv_timestamp 11274462Salfred#define akv_timestamp akv_time_u.akv_ctime 11374462Salfred#define akv_xtimestamp akv_time_u.akv_xtime 11474462Salfred#define akv_winverf akv_int_u 11574462Salfred#endif 11674462Salfred/* 11774462Salfred * des authentication verifier: server variety 11874462Salfred * 11974462Salfred * akv_timeverf is the client's timestamp + client's window 12074462Salfred * akv_nickname is the server's nickname for the client. 12174462Salfred * akv_timeverf is encrypted using the conversation key. 12274462Salfred */ 12374462Salfred#ifndef akv_timeverf 12474462Salfred#define akv_timeverf akv_time_u.akv_ctime 12574462Salfred#define akv_xtimeverf akv_time_u.akv_xtime 12674462Salfred#define akv_nickname akv_int_u 12774462Salfred#endif 12874462Salfred 12974462Salfred/* 13074462Salfred * Register the service name, instance and realm. 13174462Salfred */ 13274462Salfredextern int authkerb_create(char *, char *, char *, u_int, 13374462Salfred struct netbuf *, int *, dev_t, int, AUTH **); 13474462Salfredextern bool_t xdr_authkerb_cred(XDR *, struct authkerb_cred *); 13574462Salfredextern bool_t xdr_authkerb_verf(XDR *, struct authkerb_verf *); 13674462Salfredextern int svc_kerb_reg(SVCXPRT *, char *, char *, char *); 13774462Salfredextern enum auth_stat _svcauth_kerb(struct svc_req *, struct rpc_msg *); 13874462Salfred 139166431Sschweikh#endif /* KERBEROS */ 14074462Salfred#endif /* !_RPC_AUTH_KERB_H */ 141