[moira.git] / include / krb.h

/*
 * $Source$
 * $Author$
 * $Header$ 
 *
 * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
 *
 * For copying and distribution information, please see the file
 * <mit-copyright.h>. 
 *
 * Include file for the Kerberos library. 
 */

/* Only one time, please */
#ifndef	KRB_DEFS
#define KRB_DEFS

#include <mit-copyright.h>

/* Need some defs from des.h	 */
#include <des.h>

/* Text describing error codes */
#define		MAX_KRB_ERRORS	256
extern char *krb_err_txt[MAX_KRB_ERRORS];

/* These are not defined for at least SunOS 3.3 and Ultrix 2.2 */
#if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)
#define FD_ZERO(p)  ((p)->fds_bits[0] = 0)
#define FD_SET(n, p)   ((p)->fds_bits[0] |= (1 << (n)))
#define FD_ISSET(n, p)   ((p)->fds_bits[0] & (1 << (n)))
#endif /* ULTRIX022 || SunOS */

/* General definitions */
#define		KSUCCESS	0
#define		KFAILURE	255

#ifdef NO_UIDGID_T
typedef unsigned short uid_t;
typedef unsigned short gid_t;
#endif /* NO_UIDGID_T */

/*
 * Kerberos specific definitions 
 *
 * KRBLOG is the log file for the kerberos master server. KRB_CONF is
 * the configuration file where different host machines running master
 * and slave servers can be found. KRB_MASTER is the name of the
 * machine with the master database.  The admin_server runs on this
 * machine, and all changes to the db (as opposed to read-only
 * requests, which can go to slaves) must go to it. KRB_HOST is the
 * default machine * when looking for a kerberos slave server.  Other
 * possibilities are * in the KRB_CONF file. KRB_REALM is the name of
 * the realm. 
 */

#ifdef notdef
this is server - only, does not belong here;
#define 	KRBLOG 		"/kerberos/kerberos.log"
are these used anyplace '?';
#define		VX_KRB_HSTFILE	"/etc/krbhst"
#define		PC_KRB_HSTFILE	"\\kerberos\\krbhst"
#endif

#define		KRB_CONF	"/etc/krb.conf"
#define		KRB_RLM_TRANS	"/etc/krb.realms"
#define		KRB_MASTER	"kerberos"
#define		KRB_HOST	 KRB_MASTER
#define		KRB_REALM	"ATHENA.MIT.EDU"

/* The maximum sizes for aname, realm, sname, and instance +1 */
#define 	ANAME_SZ	40
#define		REALM_SZ	40
#define		SNAME_SZ	40
#define		INST_SZ		40
/* include space for '.' and '@' */
#define		MAX_K_NAME_SZ	(ANAME_SZ + INST_SZ + REALM_SZ + 2)
#define		KKEY_SZ		100
#define		VERSION_SZ	1
#define		MSG_TYPE_SZ	1
#define		DATE_SZ		26	/* RTI date output */

#define		MAX_HSTNM	100

#ifndef DEFAULT_TKT_LIFE		/* allow compile-time override */
#define		DEFAULT_TKT_LIFE	96 /* default lifetime for krb_mk_req
					      & co., 8 hrs */
#endif

/* Definition of text structure used to pass text around */
#define		MAX_KTXT_LEN	1250

struct ktext {
    int     length;		/* Length of the text */
    unsigned char dat[MAX_KTXT_LEN];	/* The data itself */
    unsigned long mbz;		/* zero to catch runaway strings */
};

typedef struct ktext *KTEXT;
typedef struct ktext KTEXT_ST;


/* Definitions for send_to_kdc */
#define	CLIENT_KRB_TIMEOUT	4	/* time between retries */
#define CLIENT_KRB_RETRY	5	/* retry this many times */
#define	CLIENT_KRB_BUFLEN	512	/* max unfragmented packet */

/* Definitions for ticket file utilities */
#define	R_TKT_FIL	0
#define	W_TKT_FIL	1

/* Definitions for cl_get_tgt */
#ifdef PC
#define CL_GTGT_INIT_FILE		"\\kerberos\\k_in_tkts"
#else
#define CL_GTGT_INIT_FILE		"/etc/k_in_tkts"
#endif PC

/* Parameters for rd_ap_req */
/* Maximum alloable clock skew in seconds */
#define 	CLOCK_SKEW	5*60
/* Filename for readservkey */
#define		KEYFILE		"/etc/srvtab"

/* Structure definition for rd_ap_req */

struct auth_dat {
    unsigned char k_flags;	/* Flags from ticket */
    char    pname[ANAME_SZ];	/* Principal's name */
    char    pinst[INST_SZ];	/* His Instance */
    char    prealm[REALM_SZ];	/* His Realm */
    unsigned long checksum;	/* Data checksum (opt) */
    C_Block session;		/* Session Key */
    int     life;		/* Life of ticket */
    unsigned long time_sec;	/* Time ticket issued */
    unsigned long address;	/* Address in ticket */
    KTEXT_ST reply;		/* Auth reply (opt) */
};

typedef struct auth_dat AUTH_DAT;

/* Structure definition for credentials returned by get_cred */

struct credentials {
    char    service[ANAME_SZ];	/* Service name */
    char    instance[INST_SZ];	/* Instance */
    char    realm[REALM_SZ];	/* Auth domain */
    C_Block session;		/* Session key */
    int     lifetime;		/* Lifetime */
    int     kvno;		/* Key version number */
    KTEXT_ST ticket_st;		/* The ticket itself */
    long    issue_date;		/* The issue time */
    char    pname[ANAME_SZ];	/* Principal's name */
    char    pinst[INST_SZ];	/* Principal's instance */
};

typedef struct credentials CREDENTIALS;

/* Structure definition for rd_private_msg and rd_safe_msg */

struct msg_dat {
    unsigned char *app_data;	/* pointer to appl data */
    unsigned long app_length;	/* length of appl data */
    unsigned long hash;		/* hash to lookup replay */
    int     swap;		/* swap bytes? */
    long    time_sec;		/* msg timestamp seconds */
    unsigned char time_5ms;	/* msg timestamp 5ms units */
};

typedef struct msg_dat MSG_DAT;


/* Location of ticket file for save_cred and get_cred */
#ifdef PC
#define TKT_FILE        "\\kerberos\\ticket.ses"
#else
#define TKT_FILE        tkt_string()
#define TKT_ROOT        "/tmp/tkt"
#endif PC

/* Error codes returned from the KDC */
#define		KDC_OK		0	/* Request OK */
#define		KDC_NAME_EXP	1	/* Principal expired */
#define		KDC_SERVICE_EXP	2	/* Service expired */
#define		KDC_AUTH_EXP	3	/* Auth expired */
#define		KDC_PKT_VER	4	/* Protocol version unknown */
#define		KDC_P_MKEY_VER	5	/* Wrong master key version */
#define		KDC_S_MKEY_VER 	6	/* Wrong master key version */
#define		KDC_BYTE_ORDER	7	/* Byte order unknown */
#define		KDC_PR_UNKNOWN	8	/* Principal unknown */
#define		KDC_PR_N_UNIQUE 9	/* Principal not unique */
#define		KDC_NULL_KEY   10	/* Principal has null key */
#define		KDC_GEN_ERR    20	/* Generic error from KDC */


/* Values returned by get_credentials */
#define		GC_OK		0	/* Retrieve OK */
#define		RET_OK		0	/* Retrieve OK */
#define		GC_TKFIL       21	/* Can't read ticket file */
#define		RET_TKFIL      21	/* Can't read ticket file */
#define		GC_NOTKT       22	/* Can't find ticket or TGT */
#define		RET_NOTKT      22	/* Can't find ticket or TGT */


/* Values returned by mk_ap_req	 */
#define		MK_AP_OK	0	/* Success */
#define		MK_AP_TGTEXP   26	/* TGT Expired */

/* Values returned by rd_ap_req */
#define		RD_AP_OK	0	/* Request authentic */
#define		RD_AP_UNDEC    31	/* Can't decode authenticator */
#define		RD_AP_EXP      32	/* Ticket expired */
#define		RD_AP_NYV      33	/* Ticket not yet valid */
#define		RD_AP_REPEAT   34	/* Repeated request */
#define		RD_AP_NOT_US   35	/* The ticket isn't for us */
#define		RD_AP_INCON    36	/* Request is inconsistent */
#define		RD_AP_TIME     37	/* delta_t too big */
#define		RD_AP_BADD     38	/* Incorrect net address */
#define		RD_AP_VERSION  39	/* protocol version mismatch */
#define		RD_AP_MSG_TYPE 40	/* invalid msg type */
#define		RD_AP_MODIFIED 41	/* message stream modified */
#define		RD_AP_ORDER    42	/* message out of order */
#define		RD_AP_UNAUTHOR 43	/* unauthorized request */

/* Values returned by get_pw_tkt */
#define		GT_PW_OK	0	/* Got password changing tkt */
#define		GT_PW_NULL     51	/* Current PW is null */
#define		GT_PW_BADPW    52	/* Incorrect current password */
#define		GT_PW_PROT     53	/* Protocol Error */
#define		GT_PW_KDCERR   54	/* Error returned by KDC */
#define		GT_PW_NULLTKT  55	/* Null tkt returned by KDC */


/* Values returned by send_to_kdc */
#define		SKDC_OK		0	/* Response received */
#define		SKDC_RETRY     56	/* Retry count exceeded */
#define		SKDC_CANT      57	/* Can't send request */

/*
 * Values returned by get_intkt
 * (can also return SKDC_* and KDC errors)
 */

#define		INTK_OK		0	/* Ticket obtained */
#define		INTK_W_NOTALL  61	/* Not ALL tickets returned */
#define		INTK_BADPW     62	/* Incorrect password */
#define		INTK_PROT      63	/* Protocol Error */
#define		INTK_ERR       70	/* Other error */

/* Values returned by get_adtkt */
#define         AD_OK           0	/* Ticket Obtained */
#define         AD_NOTGT       71	/* Don't have tgt */

/* Error codes returned by ticket file utilities */
#define		NO_TKT_FIL	76	/* No ticket file found */
#define		TKT_FIL_ACC	77	/* Couldn't access tkt file */
#define		TKT_FIL_LCK	78	/* Couldn't lock ticket file */
#define		TKT_FIL_FMT	79	/* Bad ticket file format */
#define		TKT_FIL_INI	80	/* tf_init not called first */

/* Error code returned by kparse_name */
#define		KNAME_FMT	81	/* Bad Kerberos name format */

/* Error code returned by krb_mk_safe */
#define		SAFE_PRIV_ERROR	-1	/* syscall error */

/*
 * macros for byte swapping; also scratch space
 * u_quad  0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0
 * u_long  0-->3, 1-->2, 2-->1, 3-->0
 * u_short 0-->1, 1-->0
 */

#define     swap_u_16(x) {\
 unsigned long   _krb_swap_tmp[4];\
 swab(((char *) x) +0, ((char *)  _krb_swap_tmp) +14 ,2); \
 swab(((char *) x) +2, ((char *)  _krb_swap_tmp) +12 ,2); \
 swab(((char *) x) +4, ((char *)  _krb_swap_tmp) +10 ,2); \
 swab(((char *) x) +6, ((char *)  _krb_swap_tmp) +8  ,2); \
 swab(((char *) x) +8, ((char *)  _krb_swap_tmp) +6 ,2); \
 swab(((char *) x) +10,((char *)  _krb_swap_tmp) +4 ,2); \
 swab(((char *) x) +12,((char *)  _krb_swap_tmp) +2 ,2); \
 swab(((char *) x) +14,((char *)  _krb_swap_tmp) +0 ,2); \
 bcopy((char *)_krb_swap_tmp,(char *)x,16);\
                            }

#define     swap_u_12(x) {\
 unsigned long   _krb_swap_tmp[4];\
 swab(( char *) x,     ((char *)  _krb_swap_tmp) +10 ,2); \
 swab(((char *) x) +2, ((char *)  _krb_swap_tmp) +8 ,2); \
 swab(((char *) x) +4, ((char *)  _krb_swap_tmp) +6 ,2); \
 swab(((char *) x) +6, ((char *)  _krb_swap_tmp) +4 ,2); \
 swab(((char *) x) +8, ((char *)  _krb_swap_tmp) +2 ,2); \
 swab(((char *) x) +10,((char *)  _krb_swap_tmp) +0 ,2); \
 bcopy((char *)_krb_swap_tmp,(char *)x,12);\
                            }

#define     swap_C_Block(x) {\
 unsigned long   _krb_swap_tmp[4];\
 swab(( char *) x,    ((char *)  _krb_swap_tmp) +6 ,2); \
 swab(((char *) x) +2,((char *)  _krb_swap_tmp) +4 ,2); \
 swab(((char *) x) +4,((char *)  _krb_swap_tmp) +2 ,2); \
 swab(((char *) x) +6,((char *)  _krb_swap_tmp)    ,2); \
 bcopy((char *)_krb_swap_tmp,(char *)x,8);\
                            }
#define     swap_u_quad(x) {\
 unsigned long   _krb_swap_tmp[4];\
 swab(( char *) &x,    ((char *)  _krb_swap_tmp) +6 ,2); \
 swab(((char *) &x) +2,((char *)  _krb_swap_tmp) +4 ,2); \
 swab(((char *) &x) +4,((char *)  _krb_swap_tmp) +2 ,2); \
 swab(((char *) &x) +6,((char *)  _krb_swap_tmp)    ,2); \
 bcopy((char *)_krb_swap_tmp,(char *)&x,8);\
                            }

#define     swap_u_long(x) {\
 unsigned long   _krb_swap_tmp[4];\
 swab((char *)  &x,    ((char *)  _krb_swap_tmp) +2 ,2); \
 swab(((char *) &x) +2,((char *)  _krb_swap_tmp),2); \
 x = _krb_swap_tmp[0];   \
                           }

#define     swap_u_short(x) {\
 unsigned short	_krb_swap_sh_tmp; \
 swab((char *)  &x,    ( &_krb_swap_sh_tmp) ,2); \
 x = (unsigned short) _krb_swap_sh_tmp; \
                            }

/* Kerberos ticket flag field bit definitions */
#define K_FLAG_ORDER    0       /* bit 0 --> lsb */
#define K_FLAG_1                /* reserved */
#define K_FLAG_2                /* reserved */
#define K_FLAG_3                /* reserved */
#define K_FLAG_4                /* reserved */
#define K_FLAG_5                /* reserved */
#define K_FLAG_6                /* reserved */
#define K_FLAG_7                /* reserved, bit 7 --> msb */

#ifndef PC
char *tkt_string();
#endif	PC

#ifdef	OLDNAMES
#define krb_mk_req	mk_ap_req
#define krb_rd_req	rd_ap_req
#define krb_kntoln	an_to_ln
#define krb_set_key	set_serv_key
#define krb_get_cred	get_credentials
#define krb_mk_priv	mk_private_msg
#define krb_rd_priv	rd_private_msg
#define krb_mk_safe	mk_safe_msg
#define krb_rd_safe	rd_safe_msg
#define krb_mk_err	mk_appl_err_msg
#define krb_rd_err	rd_appl_err_msg
#define krb_ck_repl	check_replay
#define	krb_get_pw_in_tkt	get_in_tkt
#define krb_get_svc_in_tkt	get_svc_in_tkt
#define krb_get_pw_tkt		get_pw_tkt
#define krb_realmofhost		krb_getrealm
#define krb_get_phost		get_phost
#define krb_get_krbhst		get_krbhst
#define krb_get_lrealm		get_krbrlm
#endif	OLDNAMES

/* Defines for krb_sendauth and krb_recvauth */

#define	KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */
#define	KOPT_DO_MUTUAL   0x00000002 /* do mutual auth */

#define	KOPT_DONT_CANON  0x00000004 /*
				     * don't canonicalize inst as
				     * a hostname
				     */

#define	KRB_SENDAUTH_VLEN 8	    /* length for version strings */

#ifdef ATHENA_COMPAT
#define	KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */
#endif ATHENA_COMPAT

#endif	KRB_DEFS
Commit	Line	Data
0e014e3d	1	/*
	2	* $Source$
	3	* $Author$
	4	* $Header$
	5	*
	6	* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
	7	*
	8	* For copying and distribution information, please see the file
	9	* <mit-copyright.h>.
	10	*
	11	* Include file for the Kerberos library.
	12	*/
	13
	14	/* Only one time, please */
	15	#ifndef KRB_DEFS
	16	#define KRB_DEFS
	17
	18	#include <mit-copyright.h>
	19
	20	/* Need some defs from des.h */
	21	#include <des.h>
	22
	23	/* Text describing error codes */
	24	#define MAX_KRB_ERRORS 256
	25	extern char *krb_err_txt[MAX_KRB_ERRORS];
	26
	27	/* These are not defined for at least SunOS 3.3 and Ultrix 2.2 */
	28	#if defined(ULTRIX022) \|\| (defined(SunOS) && SunOS < 40)
	29	#define FD_ZERO(p) ((p)->fds_bits[0] = 0)
	30	#define FD_SET(n, p) ((p)->fds_bits[0] \|= (1 << (n)))
	31	#define FD_ISSET(n, p) ((p)->fds_bits[0] & (1 << (n)))
	32	#endif /* ULTRIX022 \|\| SunOS */
	33
	34	/* General definitions */
	35	#define KSUCCESS 0
	36	#define KFAILURE 255
	37
	38	#ifdef NO_UIDGID_T
	39	typedef unsigned short uid_t;
	40	typedef unsigned short gid_t;
	41	#endif /* NO_UIDGID_T */
	42
	43	/*
	44	* Kerberos specific definitions
	45	*
	46	* KRBLOG is the log file for the kerberos master server. KRB_CONF is
	47	* the configuration file where different host machines running master
	48	* and slave servers can be found. KRB_MASTER is the name of the
	49	* machine with the master database. The admin_server runs on this
	50	* machine, and all changes to the db (as opposed to read-only
	51	* requests, which can go to slaves) must go to it. KRB_HOST is the
	52	* default machine * when looking for a kerberos slave server. Other
	53	* possibilities are * in the KRB_CONF file. KRB_REALM is the name of
	54	* the realm.
	55	*/
	56
	57	#ifdef notdef
	58	this is server - only, does not belong here;
	59	#define KRBLOG "/kerberos/kerberos.log"
	60	are these used anyplace '?';
	61	#define VX_KRB_HSTFILE "/etc/krbhst"
	62	#define PC_KRB_HSTFILE "\\kerberos\\krbhst"
	63	#endif
	64
65	#define KRB_CONF "/etc/krb.conf"
66	#define KRB_RLM_TRANS "/etc/krb.realms"
67	#define KRB_MASTER "kerberos"
68	#define KRB_HOST KRB_MASTER
69	#define KRB_REALM "ATHENA.MIT.EDU"
70
71	/* The maximum sizes for aname, realm, sname, and instance +1 */
72	#define ANAME_SZ 40
73	#define REALM_SZ 40
74	#define SNAME_SZ 40
75	#define INST_SZ 40
76	/* include space for '.' and '@' */
77	#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
78	#define KKEY_SZ 100
79	#define VERSION_SZ 1
80	#define MSG_TYPE_SZ 1
81	#define DATE_SZ 26 /* RTI date output */
82
83	#define MAX_HSTNM 100
84
85	#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */
86	#define DEFAULT_TKT_LIFE 96 /* default lifetime for krb_mk_req
87	& co., 8 hrs */
88	#endif
89
90	/* Definition of text structure used to pass text around */
91	#define MAX_KTXT_LEN 1250
92
93	struct ktext {
94	int length; /* Length of the text */
95	unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
96	unsigned long mbz; /* zero to catch runaway strings */
97	};
98
99	typedef struct ktext *KTEXT;
100	typedef struct ktext KTEXT_ST;
101
102
103	/* Definitions for send_to_kdc */
104	#define CLIENT_KRB_TIMEOUT 4 /* time between retries */
105	#define CLIENT_KRB_RETRY 5 /* retry this many times */
106	#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */
107
108	/* Definitions for ticket file utilities */
109	#define R_TKT_FIL 0
110	#define W_TKT_FIL 1
111
112	/* Definitions for cl_get_tgt */
113	#ifdef PC
114	#define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts"
115	#else
116	#define CL_GTGT_INIT_FILE "/etc/k_in_tkts"
117	#endif PC
118
119	/* Parameters for rd_ap_req */
120	/* Maximum alloable clock skew in seconds */
121	#define CLOCK_SKEW 5*60
122	/* Filename for readservkey */
123	#define KEYFILE "/etc/srvtab"
124
125	/* Structure definition for rd_ap_req */
126
127	struct auth_dat {
128	unsigned char k_flags; /* Flags from ticket */
129	char pname[ANAME_SZ]; /* Principal's name */
130	char pinst[INST_SZ]; /* His Instance */
131	char prealm[REALM_SZ]; /* His Realm */
132	unsigned long checksum; /* Data checksum (opt) */
133	C_Block session; /* Session Key */
134	int life; /* Life of ticket */
135	unsigned long time_sec; /* Time ticket issued */
136	unsigned long address; /* Address in ticket */
137	KTEXT_ST reply; /* Auth reply (opt) */
138	};
139
140	typedef struct auth_dat AUTH_DAT;
141
142	/* Structure definition for credentials returned by get_cred */
143
144	struct credentials {
145	char service[ANAME_SZ]; /* Service name */
146	char instance[INST_SZ]; /* Instance */
147	char realm[REALM_SZ]; /* Auth domain */
148	C_Block session; /* Session key */
149	int lifetime; /* Lifetime */
150	int kvno; /* Key version number */
151	KTEXT_ST ticket_st; /* The ticket itself */
152	long issue_date; /* The issue time */
153	char pname[ANAME_SZ]; /* Principal's name */
154	char pinst[INST_SZ]; /* Principal's instance */
155	};
156
157	typedef struct credentials CREDENTIALS;
158
159	/* Structure definition for rd_private_msg and rd_safe_msg */
160
161	struct msg_dat {
162	unsigned char app_data; / pointer to appl data */
163	unsigned long app_length; /* length of appl data */
164	unsigned long hash; /* hash to lookup replay */
165	int swap; /* swap bytes? */
166	long time_sec; /* msg timestamp seconds */
167	unsigned char time_5ms; /* msg timestamp 5ms units */
168	};
169
170	typedef struct msg_dat MSG_DAT;
171
172
173	/* Location of ticket file for save_cred and get_cred */
174	#ifdef PC
175	#define TKT_FILE "\\kerberos\\ticket.ses"
176	#else
177	#define TKT_FILE tkt_string()
178	#define TKT_ROOT "/tmp/tkt"
179	#endif PC
180
181	/* Error codes returned from the KDC */
182	#define KDC_OK 0 /* Request OK */
183	#define KDC_NAME_EXP 1 /* Principal expired */
184	#define KDC_SERVICE_EXP 2 /* Service expired */
185	#define KDC_AUTH_EXP 3 /* Auth expired */
186	#define KDC_PKT_VER 4 /* Protocol version unknown */
187	#define KDC_P_MKEY_VER 5 /* Wrong master key version */
188	#define KDC_S_MKEY_VER 6 /* Wrong master key version */
189	#define KDC_BYTE_ORDER 7 /* Byte order unknown */
190	#define KDC_PR_UNKNOWN 8 /* Principal unknown */
191	#define KDC_PR_N_UNIQUE 9 /* Principal not unique */
192	#define KDC_NULL_KEY 10 /* Principal has null key */
193	#define KDC_GEN_ERR 20 /* Generic error from KDC */
194
195
196	/* Values returned by get_credentials */
197	#define GC_OK 0 /* Retrieve OK */
198	#define RET_OK 0 /* Retrieve OK */
199	#define GC_TKFIL 21 /* Can't read ticket file */
200	#define RET_TKFIL 21 /* Can't read ticket file */
201	#define GC_NOTKT 22 /* Can't find ticket or TGT */
202	#define RET_NOTKT 22 /* Can't find ticket or TGT */
203
204
205	/* Values returned by mk_ap_req */
206	#define MK_AP_OK 0 /* Success */
207	#define MK_AP_TGTEXP 26 /* TGT Expired */
208
209	/* Values returned by rd_ap_req */
210	#define RD_AP_OK 0 /* Request authentic */
211	#define RD_AP_UNDEC 31 /* Can't decode authenticator */
212	#define RD_AP_EXP 32 /* Ticket expired */
213	#define RD_AP_NYV 33 /* Ticket not yet valid */
214	#define RD_AP_REPEAT 34 /* Repeated request */
215	#define RD_AP_NOT_US 35 /* The ticket isn't for us */
216	#define RD_AP_INCON 36 /* Request is inconsistent */
217	#define RD_AP_TIME 37 /* delta_t too big */
218	#define RD_AP_BADD 38 /* Incorrect net address */
219	#define RD_AP_VERSION 39 /* protocol version mismatch */
220	#define RD_AP_MSG_TYPE 40 /* invalid msg type */
221	#define RD_AP_MODIFIED 41 /* message stream modified */
222	#define RD_AP_ORDER 42 /* message out of order */
223	#define RD_AP_UNAUTHOR 43 /* unauthorized request */
224
225	/* Values returned by get_pw_tkt */
226	#define GT_PW_OK 0 /* Got password changing tkt */
227	#define GT_PW_NULL 51 /* Current PW is null */
228	#define GT_PW_BADPW 52 /* Incorrect current password */
229	#define GT_PW_PROT 53 /* Protocol Error */
230	#define GT_PW_KDCERR 54 /* Error returned by KDC */
231	#define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */
232
233
234	/* Values returned by send_to_kdc */
235	#define SKDC_OK 0 /* Response received */
236	#define SKDC_RETRY 56 /* Retry count exceeded */
237	#define SKDC_CANT 57 /* Can't send request */
238
239	/*
240	* Values returned by get_intkt
241	* (can also return SKDC_* and KDC errors)
242	*/
243
244	#define INTK_OK 0 /* Ticket obtained */
245	#define INTK_W_NOTALL 61 /* Not ALL tickets returned */
246	#define INTK_BADPW 62 /* Incorrect password */
247	#define INTK_PROT 63 /* Protocol Error */
248	#define INTK_ERR 70 /* Other error */
249
250	/* Values returned by get_adtkt */
251	#define AD_OK 0 /* Ticket Obtained */
252	#define AD_NOTGT 71 /* Don't have tgt */
253
254	/* Error codes returned by ticket file utilities */
255	#define NO_TKT_FIL 76 /* No ticket file found */
256	#define TKT_FIL_ACC 77 /* Couldn't access tkt file */
257	#define TKT_FIL_LCK 78 /* Couldn't lock ticket file */
258	#define TKT_FIL_FMT 79 /* Bad ticket file format */
259	#define TKT_FIL_INI 80 /* tf_init not called first */
260
261	/* Error code returned by kparse_name */
262	#define KNAME_FMT 81 /* Bad Kerberos name format */
263
264	/* Error code returned by krb_mk_safe */
265	#define SAFE_PRIV_ERROR -1 /* syscall error */
266
267	/*
268	* macros for byte swapping; also scratch space
269	* u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0
270	* u_long 0-->3, 1-->2, 2-->1, 3-->0
271	* u_short 0-->1, 1-->0
272	*/
273
274	#define swap_u_16(x) {\
275	unsigned long _krb_swap_tmp[4];\
276	swab(((char ) x) +0, ((char ) _krb_swap_tmp) +14 ,2); \
277	swab(((char ) x) +2, ((char ) _krb_swap_tmp) +12 ,2); \
278	swab(((char ) x) +4, ((char ) _krb_swap_tmp) +10 ,2); \
279	swab(((char ) x) +6, ((char ) _krb_swap_tmp) +8 ,2); \
280	swab(((char ) x) +8, ((char ) _krb_swap_tmp) +6 ,2); \
281	swab(((char ) x) +10,((char ) _krb_swap_tmp) +4 ,2); \
282	swab(((char ) x) +12,((char ) _krb_swap_tmp) +2 ,2); \
283	swab(((char ) x) +14,((char ) _krb_swap_tmp) +0 ,2); \
284	bcopy((char )_krb_swap_tmp,(char )x,16);\
285	}
286
287	#define swap_u_12(x) {\
288	unsigned long _krb_swap_tmp[4];\
289	swab(( char ) x, ((char ) _krb_swap_tmp) +10 ,2); \
290	swab(((char ) x) +2, ((char ) _krb_swap_tmp) +8 ,2); \
291	swab(((char ) x) +4, ((char ) _krb_swap_tmp) +6 ,2); \
292	swab(((char ) x) +6, ((char ) _krb_swap_tmp) +4 ,2); \
293	swab(((char ) x) +8, ((char ) _krb_swap_tmp) +2 ,2); \
294	swab(((char ) x) +10,((char ) _krb_swap_tmp) +0 ,2); \
295	bcopy((char )_krb_swap_tmp,(char )x,12);\
296	}
297
298	#define swap_C_Block(x) {\
299	unsigned long _krb_swap_tmp[4];\
300	swab(( char ) x, ((char ) _krb_swap_tmp) +6 ,2); \
301	swab(((char ) x) +2,((char ) _krb_swap_tmp) +4 ,2); \
302	swab(((char ) x) +4,((char ) _krb_swap_tmp) +2 ,2); \
303	swab(((char ) x) +6,((char ) _krb_swap_tmp) ,2); \
304	bcopy((char )_krb_swap_tmp,(char )x,8);\
305	}
306	#define swap_u_quad(x) {\
307	unsigned long _krb_swap_tmp[4];\
308	swab(( char ) &x, ((char ) _krb_swap_tmp) +6 ,2); \
309	swab(((char ) &x) +2,((char ) _krb_swap_tmp) +4 ,2); \
310	swab(((char ) &x) +4,((char ) _krb_swap_tmp) +2 ,2); \
311	swab(((char ) &x) +6,((char ) _krb_swap_tmp) ,2); \
312	bcopy((char )_krb_swap_tmp,(char )&x,8);\
313	}
314
315	#define swap_u_long(x) {\
316	unsigned long _krb_swap_tmp[4];\
317	swab((char ) &x, ((char ) _krb_swap_tmp) +2 ,2); \
318	swab(((char ) &x) +2,((char ) _krb_swap_tmp),2); \
319	x = _krb_swap_tmp[0]; \
320	}
321
322	#define swap_u_short(x) {\
323	unsigned short _krb_swap_sh_tmp; \
324	swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \
325	x = (unsigned short) _krb_swap_sh_tmp; \
326	}
327
328	/* Kerberos ticket flag field bit definitions */
329	#define K_FLAG_ORDER 0 /* bit 0 --> lsb */
330	#define K_FLAG_1 /* reserved */
331	#define K_FLAG_2 /* reserved */
332	#define K_FLAG_3 /* reserved */
333	#define K_FLAG_4 /* reserved */
334	#define K_FLAG_5 /* reserved */
335	#define K_FLAG_6 /* reserved */
336	#define K_FLAG_7 /* reserved, bit 7 --> msb */
337
338	#ifndef PC
339	char *tkt_string();
340	#endif PC
341
342	#ifdef OLDNAMES
343	#define krb_mk_req mk_ap_req
344	#define krb_rd_req rd_ap_req
345	#define krb_kntoln an_to_ln
346	#define krb_set_key set_serv_key
347	#define krb_get_cred get_credentials
348	#define krb_mk_priv mk_private_msg
349	#define krb_rd_priv rd_private_msg
350	#define krb_mk_safe mk_safe_msg
351	#define krb_rd_safe rd_safe_msg
352	#define krb_mk_err mk_appl_err_msg
353	#define krb_rd_err rd_appl_err_msg
354	#define krb_ck_repl check_replay
355	#define krb_get_pw_in_tkt get_in_tkt
356	#define krb_get_svc_in_tkt get_svc_in_tkt
357	#define krb_get_pw_tkt get_pw_tkt
358	#define krb_realmofhost krb_getrealm
359	#define krb_get_phost get_phost
360	#define krb_get_krbhst get_krbhst
361	#define krb_get_lrealm get_krbrlm
362	#endif OLDNAMES
363
364	/* Defines for krb_sendauth and krb_recvauth */
365
366	#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */
367	#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */
368
369	#define KOPT_DONT_CANON 0x00000004 /*
370	* don't canonicalize inst as
371	* a hostname
372	*/
373
374	#define KRB_SENDAUTH_VLEN 8 /* length for version strings */
375
376	#ifdef ATHENA_COMPAT
377	#define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */
378	#endif ATHENA_COMPAT
379
380	#endif KRB_DEFS