1/*
2	KClient.h -- Application interface for KClient
3
4	� Copyright 1994,95 by Project Mandarin Inc.
5
6	Initial coding 			8/94 Peter Bosanko.
7	Added new routines		8/95 PCB
8	Moved some constants
9	from krbdriver.h
10
11========================================================================
12	DES and Kerberos portions of this file are...
13========================================================================
14
15	Copyright (C) 1989 by the Massachusetts Institute of Technology
16
17	Export of this software from the United States of America is assumed
18	to require a specific license from the United States Government.
19	It is the responsibility of any person or organization contemplating
20	export to obtain such a license before exporting.
21
22WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
23distribute this software and its documentation for any purpose and
24without fee is hereby granted, provided that the above copyright
25notice appear in all copies and that both that copyright notice and
26this permission notice appear in supporting documentation, and that
27the name of M.I.T. not be used in advertising or publicity pertaining
28to distribution of the software without specific, written prior
29permission.  M.I.T. makes no representations about the suitability of
30this software for any purpose.  It is provided "as is" without express
31or implied warranty.
32
33*/
34
35#ifndef	_KCLIENT_
36#define	_KCLIENT_
37
38#ifndef _TYPES_
39#include <Types.h>
40#endif
41
42/* Error codes */
43
44enum {
45	cKrbCorruptedFile = -1024,	/* couldn't find a needed resource */
46	cKrbNoKillIO,				/* can't killIO because all calls sync */
47	cKrbBadSelector,			/* csCode passed doesn't select a recognized function */
48	cKrbCantClose,				/* we must always remain open */
49	cKrbMapDoesntExist,			/* tried to access a map that doesn't exist (index too large,
50									or criteria doesn't match anything) */
51	cKrbSessDoesntExist,		/* tried to access a session that doesn't exist */
52	cKrbCredsDontExist,			/* tried to access credentials that don't exist */
53	cKrbTCPunavailable,			/* couldn't open MacTCP driver */
54	cKrbUserCancelled,			/* user cancelled a log in operation */
55	cKrbConfigurationErr,		/* Kerberos Preference file is not configured properly */
56	cKrbServerRejected,			/* A server rejected our ticket */
57	cKrbServerImposter,			/* Server appears to be a phoney */
58	cKrbServerRespIncomplete,	/* Server response is not complete */
59	cKrbNotLoggedIn,			/* Returned by cKrbGetUserName if user is not logged in */
60	cKrbOldDriver,				/* old version of the driver */
61	cKrbDriverInUse,			/* driver is not reentrant */
62	cKrbAppInBkgnd,				/* driver won't put up password dialog when in background */
63	cKrbInvalidSession,			/* invalid structure passed to KClient/KServer routine */
64	cKrbOptionNotDefined,		/* returned from GetOption */
65
66	cKrbKerberosErrBlock = -20000	/* start of block of 256 kerberos error numbers */
67};
68
69#define LARGEST_DRIVER_ERROR	cKrbOptionNotDefined
70
71typedef char KClientErrString[64];
72
73enum { KClientLoggedIn, KClientNotLoggedIn };
74
75/* Different kerberos name formats (for KServerGetUserName) */
76enum {
77	KClientLocalName,				/* Don't specify realm */
78	KClientCommonName, 				/* Only specify realm if it isn't local */
79	KClientFullName					/* Always specify realm */
80};
81
82/* Options */
83enum {
84	kclientOptionSaveName = 1,
85	kclientOptionSynchTime,
86	kclientOptionShowMenu,
87	kclientOptionInstalled_1_6
88};
89
90struct KClientKey {
91	unsigned char keyBytes[8];
92};
93typedef struct KClientKey KClientKey;
94
95struct KClientSessionInfo {
96	char sessionBytes[256];
97};
98typedef struct KClientSessionInfo KClientSessionInfo;
99typedef KClientSessionInfo *KClientSessionPtr;
100
101/* Defines for obsolete function names */
102#define KClientInitSession		KClientNewSession
103#define KClientVerifySendAuth	KClientVerifyReplyTicket
104
105/************************************/
106/* Some includes from des.h & krb.h */
107/************************************/
108#if defined(powerc) || defined(__powerc)
109#pragma options align=mac68k
110#endif
111
112#ifndef DES_DEFS
113
114typedef unsigned char des_cblock[8];	/* crypto-block size */
115
116/* Key schedule */
117typedef struct des_ks_struct { des_cblock _; } des_key_schedule[16];
118
119#endif /* DES_DEFS */
120
121#ifndef KRB_DEFS
122
123#define C_Block des_cblock
124#define Key_schedule des_key_schedule
125
126/* The maximum sizes for aname, realm, sname, and instance +1 */
127#define 	ANAME_SZ	40
128#define		REALM_SZ	40
129#define		SNAME_SZ	40
130#define		INST_SZ		40
131
132/* Definition of text structure used to pass text around */
133#define		MAX_KTXT_LEN	1250
134
135struct ktext {
136    long     length;		/* Length of the text */
137    unsigned char dat[MAX_KTXT_LEN];	/* The data itself */
138    unsigned long mbz;		/* zero to catch runaway strings */
139};
140
141typedef struct ktext *KTEXT;
142typedef struct ktext KTEXT_ST;
143
144struct credentials {
145    char    service[ANAME_SZ];	/* Service name */
146    char    instance[INST_SZ];	/* Instance */
147    char    realm[REALM_SZ];	/* Auth domain */
148    C_Block session;		/* Session key */
149    long     lifetime;		/* Lifetime */
150    long     kvno;		/* Key version number */
151    KTEXT_ST ticket_st;		/* The ticket itself */
152    long    issue_date;		/* The issue time */
153    char    pname[ANAME_SZ];	/* Principal's name */
154    char    pinst[INST_SZ];	/* Principal's instance */
155};
156
157typedef struct credentials CREDENTIALS;
158
159/* Structure definition for rd_private_msg and rd_safe_msg */
160
161struct msg_dat {
162    unsigned char *app_data;	/* pointer to appl data */
163    unsigned long app_length;	/* length of appl data */
164    unsigned long hash;		/* hash to lookup replay */
165    long     swap;		/* swap bytes? */
166    long    time_sec;		/* msg timestamp seconds */
167    unsigned char time_5ms;	/* msg timestamp 5ms units */
168};
169
170typedef struct msg_dat MSG_DAT;
171
172typedef unsigned long u_long;
173typedef unsigned short u_short;
174
175#define KRB_PASSWORD_SERVICE  "changepw.kerberos"
176
177#endif	/* KRB_DEFS */
178
179#if defined(powerc) || defined(__powerc)
180#pragma options align=reset
181#endif
182
183#ifdef __cplusplus
184extern "C" {
185#endif
186
187/*
188 * call into des ecb_encrypt
189 */
190/* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */
191int KClient_des_ecb_encrypt(KClientSessionInfo  *session,des_cblock v1,des_cblock v2,int do_encrypt);
192
193/*
194 * call into des pcbc_encrypt
195 */
196/* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */
197int KClient_des_pcbc_encrypt(KClientSessionInfo  *session,des_cblock v1,des_cblock v2,long len,int do_encrypt);
198
199OSErr KClientNewSession(KClientSessionInfo *session, unsigned long lAddr,unsigned short lPort,unsigned long fAddr,unsigned short fPort);
200
201OSErr KClientDisposeSession(KClientSessionInfo  *session);
202
203/* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */
204OSErr KClientGetTicketForServiceFull(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen,long cks);
205
206OSErr KClientGetTicketForService(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen);
207
208OSErr KClientLogin( KClientSessionInfo *session, KClientKey *privateKey );
209
210OSErr KClientSetPrompt(  KClientSessionInfo *session, char *prompt );
211
212OSErr KClientPasswordLogin( KClientSessionInfo *session, char *password, KClientKey *privateKey );
213
214OSErr KClientPasswordToKey( char *password, KClientKey *privateKey );
215
216OSErr KClientKeyLogin( KClientSessionInfo *session, KClientKey *privateKey );
217
218OSErr KClientLogout( void );
219
220short KClientStatus( void );
221
222OSErr KClientVersion( short *majorVersion, short *minorVersion, char *versionString );
223
224OSErr KClientGetUserName(char *user);
225
226OSErr KClientGetSessionUserName(KClientSessionInfo *session, char *user, short nameType);
227
228OSErr KClientSetUserName(char *user);
229
230OSErr KClientCacheInitialTicket(KClientSessionInfo *session, char *service);
231
232OSErr KClientGetSessionKey(KClientSessionInfo *session, KClientKey *sessionKey);
233
234OSErr KClientMakeSendAuth(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen,long checksum, char *applicationVersion);
235
236OSErr KClientVerifyReplyTicket(KClientSessionInfo *session, void *buf,unsigned long *buflen );
237
238OSErr KClientEncrypt(KClientSessionInfo *session, void *buf,unsigned long buflen,void *encryptBuf,unsigned long *encryptLength);
239
240OSErr KClientDecrypt(KClientSessionInfo *session, void *buf,unsigned long buflen,unsigned long *decryptOffset,unsigned long *decryptLength);
241
242void KClientErrorText(OSErr err, char *text);
243
244
245/* KServer calls */
246
247OSErr KServerNewSession( KClientSessionInfo *session, char *service,
248						unsigned long lAddr,unsigned short lPort,unsigned long fAddr,unsigned short fPort);
249
250OSErr KServerVerifyTicket( KClientSessionInfo *session, void *buf, char *keyFileName );
251
252OSErr KServerGetReplyTicket( KClientSessionInfo *session, void *buf, unsigned long *buflen );
253
254OSErr KServerGetKey( KClientSessionInfo *session, KClientKey *privateKey, char *service, long version, char *filename );
255
256OSErr KServerAddKey( KClientSessionInfo *session, KClientKey *privateKey, char *service, long version, char *filename );
257
258OSErr KServerGetSessionTimeRemaining( KClientSessionInfo *session, long *seconds );
259
260/* Configuration routines */
261
262OSErr KClientGetLocalRealm( char *realm );
263
264OSErr KClientSetLocalRealm( char *realm );
265
266OSErr KClientGetRealm( char *host, char *realm );
267
268OSErr KClientAddRealmMap( char *host, char *realm );
269
270OSErr KClientDeleteRealmMap( char *host );
271
272OSErr KClientGetNthRealmMap( long n, char *host, char *realm );
273
274OSErr KClientGetNthServer( long n, char *host, char *realm, Boolean admin );
275
276OSErr KClientAddServerMap( char *host, char *realm, Boolean admin );
277
278OSErr KClientDeleteServerMap( char *host, char *realm );
279
280OSErr KClientGetNthServerMap( long n, char *host, char *realm, Boolean *admin );
281
282OSErr KClientGetNthServerPort( long n, short *port );
283
284OSErr KClientSetNthServerPort( long n, short port );
285
286OSErr KClientGetNumSessions( long *n );
287
288OSErr KClientGetNthSession( long n, char *name, char *instance, char *realm );
289
290OSErr KClientDeleteSession( char *name, char *instance, char *realm );
291
292OSErr KClientGetCredentials( char *name, char *instance, char *realm, CREDENTIALS *cred );
293
294OSErr KClientAddCredentials( char *name, char *instance, char *realm, CREDENTIALS *cred );
295
296OSErr KClientDeleteCredentials( char *name, char *instance, char *realm,
297								char *sname, char *sinstance, char *srealm );
298
299
300OSErr KClientGetNumCredentials( long *n, char *name, char *instance, char *realm );
301
302OSErr KClientGetNthCredential( long n, char *name, char *instance, char *realm,
303								char *sname, char *sinstance, char *srealm );
304
305OSErr KClientAddSpecial( char *service, char *name );
306
307OSErr KClientDeleteSpecial( char *service );
308
309OSErr KClientGetNumSpecials( long *n );
310
311OSErr KClientGetNthSpecial( long n, char *name, char *service );
312
313OSErr KClientSetOption( short option, void *value );
314
315OSErr KClientGetOption( short option, void *value );
316
317#ifdef __cplusplus
318}
319#endif
320
321#endif