1/* 2 KClient.h -- Application interface for KClient 3 4 � Copyright 1994,95 by Project Mandarin Inc. 5 6 Initial coding 8/94 Peter Bosanko. 7 Added new routines 8/95 PCB 8 Moved some constants 9 from krbdriver.h 10 11======================================================================== 12 DES and Kerberos portions of this file are... 13======================================================================== 14 15 Copyright (C) 1989 by the Massachusetts Institute of Technology 16 17 Export of this software from the United States of America is assumed 18 to require a specific license from the United States Government. 19 It is the responsibility of any person or organization contemplating 20 export to obtain such a license before exporting. 21 22WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 23distribute this software and its documentation for any purpose and 24without fee is hereby granted, provided that the above copyright 25notice appear in all copies and that both that copyright notice and 26this permission notice appear in supporting documentation, and that 27the name of M.I.T. not be used in advertising or publicity pertaining 28to distribution of the software without specific, written prior 29permission. M.I.T. makes no representations about the suitability of 30this software for any purpose. It is provided "as is" without express 31or implied warranty. 32 33*/ 34 35#ifndef _KCLIENT_ 36#define _KCLIENT_ 37 38#ifndef _TYPES_ 39#include <Types.h> 40#endif 41 42/* Error codes */ 43 44enum { 45 cKrbCorruptedFile = -1024, /* couldn't find a needed resource */ 46 cKrbNoKillIO, /* can't killIO because all calls sync */ 47 cKrbBadSelector, /* csCode passed doesn't select a recognized function */ 48 cKrbCantClose, /* we must always remain open */ 49 cKrbMapDoesntExist, /* tried to access a map that doesn't exist (index too large, 50 or criteria doesn't match anything) */ 51 cKrbSessDoesntExist, /* tried to access a session that doesn't exist */ 52 cKrbCredsDontExist, /* tried to access credentials that don't exist */ 53 cKrbTCPunavailable, /* couldn't open MacTCP driver */ 54 cKrbUserCancelled, /* user cancelled a log in operation */ 55 cKrbConfigurationErr, /* Kerberos Preference file is not configured properly */ 56 cKrbServerRejected, /* A server rejected our ticket */ 57 cKrbServerImposter, /* Server appears to be a phoney */ 58 cKrbServerRespIncomplete, /* Server response is not complete */ 59 cKrbNotLoggedIn, /* Returned by cKrbGetUserName if user is not logged in */ 60 cKrbOldDriver, /* old version of the driver */ 61 cKrbDriverInUse, /* driver is not reentrant */ 62 cKrbAppInBkgnd, /* driver won't put up password dialog when in background */ 63 cKrbInvalidSession, /* invalid structure passed to KClient/KServer routine */ 64 cKrbOptionNotDefined, /* returned from GetOption */ 65 66 cKrbKerberosErrBlock = -20000 /* start of block of 256 kerberos error numbers */ 67}; 68 69#define LARGEST_DRIVER_ERROR cKrbOptionNotDefined 70 71typedef char KClientErrString[64]; 72 73enum { KClientLoggedIn, KClientNotLoggedIn }; 74 75/* Different kerberos name formats (for KServerGetUserName) */ 76enum { 77 KClientLocalName, /* Don't specify realm */ 78 KClientCommonName, /* Only specify realm if it isn't local */ 79 KClientFullName /* Always specify realm */ 80}; 81 82/* Options */ 83enum { 84 kclientOptionSaveName = 1, 85 kclientOptionSynchTime, 86 kclientOptionShowMenu, 87 kclientOptionInstalled_1_6 88}; 89 90struct KClientKey { 91 unsigned char keyBytes[8]; 92}; 93typedef struct KClientKey KClientKey; 94 95struct KClientSessionInfo { 96 char sessionBytes[256]; 97}; 98typedef struct KClientSessionInfo KClientSessionInfo; 99typedef KClientSessionInfo *KClientSessionPtr; 100 101/* Defines for obsolete function names */ 102#define KClientInitSession KClientNewSession 103#define KClientVerifySendAuth KClientVerifyReplyTicket 104 105/************************************/ 106/* Some includes from des.h & krb.h */ 107/************************************/ 108#if defined(powerc) || defined(__powerc) 109#pragma options align=mac68k 110#endif 111 112#ifndef DES_DEFS 113 114typedef unsigned char des_cblock[8]; /* crypto-block size */ 115 116/* Key schedule */ 117typedef struct des_ks_struct { des_cblock _; } des_key_schedule[16]; 118 119#endif /* DES_DEFS */ 120 121#ifndef KRB_DEFS 122 123#define C_Block des_cblock 124#define Key_schedule des_key_schedule 125 126/* The maximum sizes for aname, realm, sname, and instance +1 */ 127#define ANAME_SZ 40 128#define REALM_SZ 40 129#define SNAME_SZ 40 130#define INST_SZ 40 131 132/* Definition of text structure used to pass text around */ 133#define MAX_KTXT_LEN 1250 134 135struct ktext { 136 long length; /* Length of the text */ 137 unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ 138 unsigned long mbz; /* zero to catch runaway strings */ 139}; 140 141typedef struct ktext *KTEXT; 142typedef struct ktext KTEXT_ST; 143 144struct credentials { 145 char service[ANAME_SZ]; /* Service name */ 146 char instance[INST_SZ]; /* Instance */ 147 char realm[REALM_SZ]; /* Auth domain */ 148 C_Block session; /* Session key */ 149 long lifetime; /* Lifetime */ 150 long kvno; /* Key version number */ 151 KTEXT_ST ticket_st; /* The ticket itself */ 152 long issue_date; /* The issue time */ 153 char pname[ANAME_SZ]; /* Principal's name */ 154 char pinst[INST_SZ]; /* Principal's instance */ 155}; 156 157typedef struct credentials CREDENTIALS; 158 159/* Structure definition for rd_private_msg and rd_safe_msg */ 160 161struct msg_dat { 162 unsigned char *app_data; /* pointer to appl data */ 163 unsigned long app_length; /* length of appl data */ 164 unsigned long hash; /* hash to lookup replay */ 165 long swap; /* swap bytes? */ 166 long time_sec; /* msg timestamp seconds */ 167 unsigned char time_5ms; /* msg timestamp 5ms units */ 168}; 169 170typedef struct msg_dat MSG_DAT; 171 172typedef unsigned long u_long; 173typedef unsigned short u_short; 174 175#define KRB_PASSWORD_SERVICE "changepw.kerberos" 176 177#endif /* KRB_DEFS */ 178 179#if defined(powerc) || defined(__powerc) 180#pragma options align=reset 181#endif 182 183#ifdef __cplusplus 184extern "C" { 185#endif 186 187/* 188 * call into des ecb_encrypt 189 */ 190/* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ 191int KClient_des_ecb_encrypt(KClientSessionInfo *session,des_cblock v1,des_cblock v2,int do_encrypt); 192 193/* 194 * call into des pcbc_encrypt 195 */ 196/* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ 197int KClient_des_pcbc_encrypt(KClientSessionInfo *session,des_cblock v1,des_cblock v2,long len,int do_encrypt); 198 199OSErr KClientNewSession(KClientSessionInfo *session, unsigned long lAddr,unsigned short lPort,unsigned long fAddr,unsigned short fPort); 200 201OSErr KClientDisposeSession(KClientSessionInfo *session); 202 203/* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ 204OSErr KClientGetTicketForServiceFull(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen,long cks); 205 206OSErr KClientGetTicketForService(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen); 207 208OSErr KClientLogin( KClientSessionInfo *session, KClientKey *privateKey ); 209 210OSErr KClientSetPrompt( KClientSessionInfo *session, char *prompt ); 211 212OSErr KClientPasswordLogin( KClientSessionInfo *session, char *password, KClientKey *privateKey ); 213 214OSErr KClientPasswordToKey( char *password, KClientKey *privateKey ); 215 216OSErr KClientKeyLogin( KClientSessionInfo *session, KClientKey *privateKey ); 217 218OSErr KClientLogout( void ); 219 220short KClientStatus( void ); 221 222OSErr KClientVersion( short *majorVersion, short *minorVersion, char *versionString ); 223 224OSErr KClientGetUserName(char *user); 225 226OSErr KClientGetSessionUserName(KClientSessionInfo *session, char *user, short nameType); 227 228OSErr KClientSetUserName(char *user); 229 230OSErr KClientCacheInitialTicket(KClientSessionInfo *session, char *service); 231 232OSErr KClientGetSessionKey(KClientSessionInfo *session, KClientKey *sessionKey); 233 234OSErr KClientMakeSendAuth(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen,long checksum, char *applicationVersion); 235 236OSErr KClientVerifyReplyTicket(KClientSessionInfo *session, void *buf,unsigned long *buflen ); 237 238OSErr KClientEncrypt(KClientSessionInfo *session, void *buf,unsigned long buflen,void *encryptBuf,unsigned long *encryptLength); 239 240OSErr KClientDecrypt(KClientSessionInfo *session, void *buf,unsigned long buflen,unsigned long *decryptOffset,unsigned long *decryptLength); 241 242void KClientErrorText(OSErr err, char *text); 243 244 245/* KServer calls */ 246 247OSErr KServerNewSession( KClientSessionInfo *session, char *service, 248 unsigned long lAddr,unsigned short lPort,unsigned long fAddr,unsigned short fPort); 249 250OSErr KServerVerifyTicket( KClientSessionInfo *session, void *buf, char *keyFileName ); 251 252OSErr KServerGetReplyTicket( KClientSessionInfo *session, void *buf, unsigned long *buflen ); 253 254OSErr KServerGetKey( KClientSessionInfo *session, KClientKey *privateKey, char *service, long version, char *filename ); 255 256OSErr KServerAddKey( KClientSessionInfo *session, KClientKey *privateKey, char *service, long version, char *filename ); 257 258OSErr KServerGetSessionTimeRemaining( KClientSessionInfo *session, long *seconds ); 259 260/* Configuration routines */ 261 262OSErr KClientGetLocalRealm( char *realm ); 263 264OSErr KClientSetLocalRealm( char *realm ); 265 266OSErr KClientGetRealm( char *host, char *realm ); 267 268OSErr KClientAddRealmMap( char *host, char *realm ); 269 270OSErr KClientDeleteRealmMap( char *host ); 271 272OSErr KClientGetNthRealmMap( long n, char *host, char *realm ); 273 274OSErr KClientGetNthServer( long n, char *host, char *realm, Boolean admin ); 275 276OSErr KClientAddServerMap( char *host, char *realm, Boolean admin ); 277 278OSErr KClientDeleteServerMap( char *host, char *realm ); 279 280OSErr KClientGetNthServerMap( long n, char *host, char *realm, Boolean *admin ); 281 282OSErr KClientGetNthServerPort( long n, short *port ); 283 284OSErr KClientSetNthServerPort( long n, short port ); 285 286OSErr KClientGetNumSessions( long *n ); 287 288OSErr KClientGetNthSession( long n, char *name, char *instance, char *realm ); 289 290OSErr KClientDeleteSession( char *name, char *instance, char *realm ); 291 292OSErr KClientGetCredentials( char *name, char *instance, char *realm, CREDENTIALS *cred ); 293 294OSErr KClientAddCredentials( char *name, char *instance, char *realm, CREDENTIALS *cred ); 295 296OSErr KClientDeleteCredentials( char *name, char *instance, char *realm, 297 char *sname, char *sinstance, char *srealm ); 298 299 300OSErr KClientGetNumCredentials( long *n, char *name, char *instance, char *realm ); 301 302OSErr KClientGetNthCredential( long n, char *name, char *instance, char *realm, 303 char *sname, char *sinstance, char *srealm ); 304 305OSErr KClientAddSpecial( char *service, char *name ); 306 307OSErr KClientDeleteSpecial( char *service ); 308 309OSErr KClientGetNumSpecials( long *n ); 310 311OSErr KClientGetNthSpecial( long n, char *name, char *service ); 312 313OSErr KClientSetOption( short option, void *value ); 314 315OSErr KClientGetOption( short option, void *value ); 316 317#ifdef __cplusplus 318} 319#endif 320 321#endif