1/* 2 * $Source: /Volumes/backup/dsmigrate/Dumps/../CVS/passwordserver_sasl/cyrus_sasl/mac/kerberos_includes/old_krb.h,v $ 3 * $Author: snsimon $ 4 * $Header: /Volumes/backup/dsmigrate/Dumps/../CVS/passwordserver_sasl/cyrus_sasl/mac/kerberos_includes/old_krb.h,v 1.4 2005/01/10 19:13:36 snsimon Exp $ 5 * 6 * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 7 * 8 * For copying and distribution information, please see the file 9 * <mit-copyright.h>. 10 * 11 * Include file for the Kerberos library. 12 */ 13 14#ifndef _KERBEROS_KRB_H 15#define _KERBEROS_KRB_H 16 17/* #pragma ident "@(#)krb.h 1.12 97/04/14 SMI" */ 18 19#include <kerberos/mit-copyright.h> 20#include <kerberos/des.h> 21 22#ifdef __cplusplus 23extern "C" { 24#endif 25 26/* Text describing error codes */ 27#define KRB_ERRORS_TABLE_SIZE 256 28#define MAX_KRB_ERRORS (KRB_ERRORS_TABLE_SIZE-1) 29extern char *krb_err_txt[KRB_ERRORS_TABLE_SIZE]; 30 31/* These are not defined for at least SunOS 3.3 and Ultrix 2.2 */ 32#if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40) 33#define FD_ZERO(p) ((p)->fds_bits[0] = 0) 34#define FD_SET(n, p) ((p)->fds_bits[0] |= (1 << (n))) 35#define FD_ISSET(n, p) ((p)->fds_bits[0] & (1 << (n))) 36#endif /* ULTRIX022 || SunOS */ 37 38/* General definitions */ 39#define KSUCCESS 0 40#define KFAILURE 255 41 42#ifdef NO_UIDGID_T 43typedef unsigned short uid_t; 44typedef unsigned short gid_t; 45#endif /* NO_UIDGID_T */ 46 47/* 48 * Kerberos specific definitions 49 * 50 * KRBLOG is the log file for the kerberos master server. KRB_CONF is 51 * the configuration file where different host machines running master 52 * and slave servers can be found. KRB_MASTER is the name of the 53 * machine with the master database. The admin_server runs on this 54 * machine, and all changes to the db (as opposed to read-only 55 * requests, which can go to slaves) must go to it. KRB_HOST is the 56 * default machine when looking for a kerberos slave server. Other 57 * possibilities are in the KRB_CONF file. KRB_REALM is the name of 58 * the realm. 59 */ 60 61#ifdef notdef 62this is server - only, does not belong here; 63#define KRBLOG "/kerberos/kerberos.log" 64are these used anyplace '?'; 65#define VX_KRB_HSTFILE "/etc/krbhst" 66#define PC_KRB_HSTFILE "\\kerberos\\krbhst" 67#endif 68 69#define KRB_CONF "/etc/krb.conf" 70#define KRB_RLM_TRANS "/etc/krb.realms" 71#define KRB_MASTER "kerberos" 72#define KRB_HOST KRB_MASTER 73/* #define KRB_REALM "ATHENA.MIT.EDU" */ 74#define KRB_REALM krb_get_default_realm() 75char *krb_get_default_realm(); 76 77#ifdef NIS 78/* defines for use with NIS service */ 79#define KRB_CONF_MAP "krb.conf" /* conf NIS map name */ 80#define KRB_REALM_DEFKEY "DEFAULT_REALM" /* key for default realm */ 81#endif /* NIS */ 82 83/* The maximum sizes for aname, realm, sname, and instance +1 */ 84#define ANAME_SZ 40 85#define REALM_SZ 40 86#define SNAME_SZ 40 87#define INST_SZ 40 88/* include space for '.' and '@' */ 89#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2) 90#define KKEY_SZ 100 91#define VERSION_SZ 1 92#define MSG_TYPE_SZ 1 93#define DATE_SZ 26 /* RTI date output */ 94 95#define MAX_HSTNM 100 96 97#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ 98#define DEFAULT_TKT_LIFE 96 /* default lifetime for krb_mk_req */ 99 /* & co., 8 hrs */ 100#endif 101 102/* Definition of text structure used to pass text around */ 103#define MAX_KTXT_LEN 1250 104 105struct ktext { 106 int length; /* Length of the text */ 107 unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ 108 unsigned long mbz; /* zero to catch runaway */ 109 /* strings */ 110}; 111 112typedef struct ktext *KTEXT; 113typedef struct ktext KTEXT_ST; 114 115 116/* Definitions for send_to_kdc */ 117#define CLIENT_KRB_TIMEOUT 4 /* time between retries */ 118#define CLIENT_KRB_RETRY 5 /* retry this many times */ 119#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ 120 121/* Definitions for ticket file utilities */ 122#define R_TKT_FIL 0 123#define W_TKT_FIL 1 124 125/* Definitions for cl_get_tgt */ 126#ifdef PC 127#define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts" 128#else 129#define CL_GTGT_INIT_FILE "/etc/k_in_tkts" 130#endif /* PC */ 131 132/* Parameters for rd_ap_req */ 133/* Maximum alloable clock skew in seconds */ 134#define CLOCK_SKEW 5*60 135/* Filename for readservkey */ 136#define KEYFILE "/etc/srvtab" 137 138/* Structure definition for rd_ap_req */ 139 140struct auth_dat { 141 unsigned char k_flags; /* Flags from ticket */ 142 char pname[ANAME_SZ]; /* Principal's name */ 143 char pinst[INST_SZ]; /* His Instance */ 144 char prealm[REALM_SZ]; /* His Realm */ 145 unsigned long checksum; /* Data checksum (opt) */ 146 C_Block session; /* Session Key */ 147 int life; /* Life of ticket */ 148 unsigned long time_sec; /* Time ticket issued */ 149 unsigned long address; /* Address in ticket */ 150 KTEXT_ST reply; /* Auth reply (opt) */ 151}; 152 153typedef struct auth_dat AUTH_DAT; 154 155/* Structure definition for credentials returned by get_cred */ 156 157struct credentials { 158 char service[ANAME_SZ]; /* Service name */ 159 char instance[INST_SZ]; /* Instance */ 160 char realm[REALM_SZ]; /* Auth domain */ 161 C_Block session; /* Session key */ 162 int lifetime; /* Lifetime */ 163 int kvno; /* Key version number */ 164 KTEXT_ST ticket_st; /* The ticket itself */ 165 long issue_date; /* The issue time */ 166 char pname[ANAME_SZ]; /* Principal's name */ 167 char pinst[INST_SZ]; /* Principal's instance */ 168}; 169 170typedef struct credentials CREDENTIALS; 171 172/* Structure definition for rd_private_msg and rd_safe_msg */ 173 174struct msg_dat { 175 unsigned char *app_data; /* pointer to appl data */ 176 unsigned long app_length; /* length of appl data */ 177 unsigned long hash; /* hash to lookup replay */ 178 int swap; /* swap bytes? */ 179 long time_sec; /* msg timestamp seconds */ 180 unsigned char time_5ms; /* msg timestamp 5ms units */ 181}; 182 183typedef struct msg_dat MSG_DAT; 184 185 186/* Location of ticket file for save_cred and get_cred */ 187#ifdef PC 188#define TKT_FILE "\\kerberos\\ticket.ses" 189#else 190#define TKT_FILE tkt_string() 191#define TKT_ROOT "/tmp/tkt" 192#endif /* PC */ 193 194/* Error codes returned from the KDC */ 195#define KDC_OK 0 /* Request OK */ 196#define KDC_NAME_EXP 1 /* Principal expired */ 197#define KDC_SERVICE_EXP 2 /* Service expired */ 198#define KDC_AUTH_EXP 3 /* Auth expired */ 199#define KDC_PKT_VER 4 /* Protocol version unknown */ 200#define KDC_P_MKEY_VER 5 /* Wrong master key version */ 201#define KDC_S_MKEY_VER 6 /* Wrong master key version */ 202#define KDC_BYTE_ORDER 7 /* Byte order unknown */ 203#define KDC_PR_UNKNOWN 8 /* Principal unknown */ 204#define KDC_PR_N_UNIQUE 9 /* Principal not unique */ 205#define KDC_NULL_KEY 10 /* Principal has null key */ 206#define KDC_GEN_ERR 20 /* Generic error from KDC */ 207 208 209/* Values returned by get_credentials */ 210#define GC_OK 0 /* Retrieve OK */ 211#define RET_OK 0 /* Retrieve OK */ 212#define GC_TKFIL 21 /* Can't read ticket file */ 213#define RET_TKFIL 21 /* Can't read ticket file */ 214#define GC_NOTKT 22 /* Can't find ticket or TGT */ 215#define RET_NOTKT 22 /* Can't find ticket or TGT */ 216 217 218/* Values returned by mk_ap_req */ 219#define MK_AP_OK 0 /* Success */ 220#define MK_AP_TGTEXP 26 /* TGT Expired */ 221 222/* Values returned by rd_ap_req */ 223#define RD_AP_OK 0 /* Request authentic */ 224#define RD_AP_UNDEC 31 /* Can't decode authenticator */ 225#define RD_AP_EXP 32 /* Ticket expired */ 226#define RD_AP_NYV 33 /* Ticket not yet valid */ 227#define RD_AP_REPEAT 34 /* Repeated request */ 228#define RD_AP_NOT_US 35 /* The ticket isn't for us */ 229#define RD_AP_INCON 36 /* Request is inconsistent */ 230#define RD_AP_TIME 37 /* delta_t too big */ 231#define RD_AP_BADD 38 /* Incorrect net address */ 232#define RD_AP_VERSION 39 /* protocol version mismatch */ 233#define RD_AP_MSG_TYPE 40 /* invalid msg type */ 234#define RD_AP_MODIFIED 41 /* message stream modified */ 235#define RD_AP_ORDER 42 /* message out of order */ 236#define RD_AP_UNAUTHOR 43 /* unauthorized request */ 237 238/* Values returned by get_pw_tkt */ 239#define GT_PW_OK 0 /* Got password changing tkt */ 240#define GT_PW_NULL 51 /* Current PW is null */ 241#define GT_PW_BADPW 52 /* Incorrect current password */ 242#define GT_PW_PROT 53 /* Protocol Error */ 243#define GT_PW_KDCERR 54 /* Error returned by KDC */ 244#define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ 245 246 247/* Values returned by send_to_kdc */ 248#define SKDC_OK 0 /* Response received */ 249#define SKDC_RETRY 56 /* Retry count exceeded */ 250#define SKDC_CANT 57 /* Can't send request */ 251 252/* 253 * Values returned by get_intkt 254 * (can also return SKDC_* and KDC errors) 255 */ 256 257#define INTK_OK 0 /* Ticket obtained */ 258#define INTK_W_NOTALL 61 /* Not ALL tickets returned */ 259#define INTK_BADPW 62 /* Incorrect password */ 260#define INTK_PROT 63 /* Protocol Error */ 261#define INTK_ERR 70 /* Other error */ 262 263/* Values returned by get_adtkt */ 264#define AD_OK 0 /* Ticket Obtained */ 265#define AD_NOTGT 71 /* Don't have tgt */ 266 267/* Error codes returned by ticket file utilities */ 268#define NO_TKT_FIL 76 /* No ticket file found */ 269#define TKT_FIL_ACC 77 /* Couldn't access tkt file */ 270#define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ 271#define TKT_FIL_FMT 79 /* Bad ticket file format */ 272#define TKT_FIL_INI 80 /* tf_init not called first */ 273 274/* Error code returned by kparse_name */ 275#define KNAME_FMT 81 /* Bad Kerberos name format */ 276 277/* Error code returned by krb_mk_safe */ 278#define SAFE_PRIV_ERROR -1 /* syscall error */ 279 280/* 281 * macros for byte swapping; also scratch space 282 * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 283 * u_long 0-->3, 1-->2, 2-->1, 3-->0 284 * u_short 0-->1, 1-->0 285 */ 286 287#define swap_u_16(x) {\ 288 unsigned long _krb_swap_tmp[4]; \ 289 swab(((char *)x) +0, ((char *)_krb_swap_tmp) +14, 2); \ 290 swab(((char *)x) +2, ((char *)_krb_swap_tmp) +12, 2); \ 291 swab(((char *)x) +4, ((char *)_krb_swap_tmp) +10, 2); \ 292 swab(((char *)x) +6, ((char *)_krb_swap_tmp) +8, 2); \ 293 swab(((char *)x) +8, ((char *)_krb_swap_tmp) +6, 2); \ 294 swab(((char *)x) +10, ((char *)_krb_swap_tmp) +4, 2); \ 295 swab(((char *)x) +12, ((char *)_krb_swap_tmp) +2, 2); \ 296 swab(((char *)x) +14, ((char *)_krb_swap_tmp) +0, 2); \ 297 memcpy((char *)x, (char *)_krb_swap_tmp, 16); \ 298 } 299 300#define swap_u_12(x) {\ 301 unsigned long _krb_swap_tmp[4]; \ 302 swab(((char *)x) +0, ((char *)_krb_swap_tmp) +10, 2); \ 303 swab(((char *)x) +2, ((char *)_krb_swap_tmp) +8, 2); \ 304 swab(((char *)x) +4, ((char *)_krb_swap_tmp) +6, 2); \ 305 swab(((char *)x) +6, ((char *)_krb_swap_tmp) +4, 2); \ 306 swab(((char *)x) +8, ((char *)_krb_swap_tmp) +2, 2); \ 307 swab(((char *)x) +10, ((char *)_krb_swap_tmp) +0, 2); \ 308 memcpy((char *)x, (char *)_krb_swap_tmp, 12); \ 309 } 310 311#define swap_C_Block(x) {\ 312 unsigned long _krb_swap_tmp[4]; \ 313 swab(((char *)x) +0, ((char *)_krb_swap_tmp) +6, 2); \ 314 swab(((char *)x) +2, ((char *)_krb_swap_tmp) +4, 2); \ 315 swab(((char *)x) +4, ((char *)_krb_swap_tmp) +2, 2); \ 316 swab(((char *)x) +6, ((char *)_krb_swap_tmp) +0, 2); \ 317 memcpy((char *)x, (char *)_krb_swap_tmp, 8); \ 318 } 319 320#define swap_u_quad(x) {\ 321 unsigned long _krb_swap_tmp[4]; \ 322 swab(((char *)&x) +0, ((char *)_krb_swap_tmp) +6, 2); \ 323 swab(((char *)&x) +2, ((char *)_krb_swap_tmp) +4, 2); \ 324 swab(((char *)&x) +4, ((char *)_krb_swap_tmp) +2, 2); \ 325 swab(((char *)&x) +6, ((char *)_krb_swap_tmp) +0, 2); \ 326 memcpy((char *)&x, (char *)_krb_swap_tmp, 8); \ 327 } 328 329#define swap_u_long(x) { \ 330 unsigned long _krb_swap_tmp[4]; \ 331 swab(((char *)&x) +0, ((char *)_krb_swap_tmp) +2, 2); \ 332 swab(((char *)&x) +2, ((char *)_krb_swap_tmp) +0, 2); \ 333 x = _krb_swap_tmp[0]; \ 334 } 335 336#define swap_u_short(x) {\ 337 unsigned short _krb_swap_sh_tmp; \ 338 swab(((char *)&x), (&_krb_swap_sh_tmp), 2); \ 339 x = (unsigned short) _krb_swap_sh_tmp; \ 340 } 341 342/* Kerberos ticket flag field bit definitions */ 343#define K_FLAG_ORDER 0 /* bit 0 --> lsb */ 344#define K_FLAG_1 /* reserved */ 345#define K_FLAG_2 /* reserved */ 346#define K_FLAG_3 /* reserved */ 347#define K_FLAG_4 /* reserved */ 348#define K_FLAG_5 /* reserved */ 349#define K_FLAG_6 /* reserved */ 350#define K_FLAG_7 /* reserved, bit 7 --> msb */ 351 352#ifndef PC 353char *tkt_string(); 354#endif /* PC */ 355 356/* 357 * forward declartion otherwise need to include netinet/in.h 358 */ 359 360struct sockaddr_in; 361 362#ifdef OLDNAMES 363#define krb_mk_req mk_ap_req 364#define krb_rd_req rd_ap_req 365#define krb_kntoln an_to_ln 366#define krb_set_key set_serv_key 367#define krb_get_cred get_credentials 368#define krb_mk_priv mk_private_msg 369#define krb_rd_priv rd_private_msg 370#define krb_mk_safe mk_safe_msg 371#define krb_rd_safe rd_safe_msg 372#define krb_mk_err mk_appl_err_msg 373#define krb_rd_err rd_appl_err_msg 374#define krb_ck_repl check_replay 375#define krb_get_pw_in_tkt get_in_tkt 376#define krb_get_svc_in_tkt get_svc_in_tkt 377#define krb_get_pw_tkt get_pw_tkt 378#define krb_realmofhost krb_getrealm 379#define krb_get_phost get_phost 380#define krb_get_krbhst get_krbhst 381#define krb_get_lrealm get_krbrlm 382#else 383#ifdef __STDC__ 384extern int krb_mk_req(KTEXT, char *, char *, char *, long); 385extern int krb_rd_req(KTEXT, char *, char *, long, AUTH_DAT *, char *); 386extern int krb_kntoln(AUTH_DAT *, char *); 387extern int krb_set_key(char *, int); 388extern int krb_get_cred(char *, char *, char *, CREDENTIALS *); 389extern long krb_mk_safe(unsigned char *, unsigned char *, unsigned long, 390 C_Block *, struct sockaddr_in *, struct sockaddr_in *); 391extern long krb_rd_safe(unsigned char *, unsigned long, C_Block *, 392 struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *); 393extern long krb_mk_err(unsigned char *, long, char *); 394extern int krb_rd_err(unsigned char *, unsigned long, long *, MSG_DAT *); 395extern char *krb_realmofhost(char *); 396extern char *krb_get_phost(char *); 397extern int krb_get_krbhst(char *, char *, int); 398extern int krb_get_admhst(char *, char *, int); 399extern int krb_get_lrealm(char *realm, int n); 400extern int krb_sendauth(long, int, KTEXT, char *, char *, char *, unsigned long, 401 MSG_DAT *, CREDENTIALS *, Key_schedule, struct sockaddr_in *, 402 struct sockaddr_in *, char *); 403extern int krb_recvauth(long, int, KTEXT, char *, char *, 404 struct sockaddr_in *, struct sockaddr_in *, 405 AUTH_DAT *, char *, Key_schedule, char *); 406extern int krb_net_write(int, char *, int); 407extern int krb_net_read(int, char *, int); 408extern void krb_set_tkt_string(char *); 409#else 410extern int krb_mk_req(); 411extern int krb_rd_req(); 412extern int krb_kntoln(); 413extern int krb_set_key(); 414extern int krb_get_cred(); 415extern long krb_mk_safe(); 416extern long krb_rd_safe(); 417extern long krb_mk_err(); 418extern int krb_rd_err(); 419extern char *krb_realmofhost(); 420extern char *krb_get_phost(); 421extern int krb_get_krbhst(); 422extern int krb_get_admhst(); 423extern int krb_get_lrealm(); 424extern int krb_sendauth(); 425extern int krb_recvauth(); 426extern int krb_net_write(); 427extern int krb_net_read(); 428extern void krb_set_tkt_string(); 429#endif /* __STDC__ */ 430#endif /* OLDNAMES */ 431 432/* Defines for krb_sendauth and krb_recvauth */ 433 434#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ 435#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ 436#define KOPT_DONT_CANON 0x00000004 /* don't canonicalize inst */ 437 /* as a hostname */ 438 439#define KRB_SENDAUTH_VLEN 8 /* length for version strings */ 440 441#ifdef ATHENA_COMPAT 442#define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */ 443#endif /* ATHENA_COMPAT */ 444 445#ifdef __cplusplus 446} 447#endif 448 449#endif /* _KERBEROS_KRB_H */ 450