| 0e014e3d |
1 | /* |
| 2 | * $Source$ |
| 3 | * $Author$ |
| 4 | * $Header$ |
| 5 | * |
| 6 | * Copyright 1987, 1988 by the Massachusetts Institute of Technology. |
| 7 | * |
| 8 | * For copying and distribution information, please see the file |
| 9 | * <mit-copyright.h>. |
| 10 | * |
| 11 | * Include file for the Kerberos library. |
| 12 | */ |
| 13 | |
| 14 | /* Only one time, please */ |
| 15 | #ifndef KRB_DEFS |
| 16 | #define KRB_DEFS |
| 17 | |
| 18 | #include <mit-copyright.h> |
| 19 | |
| 20 | /* Need some defs from des.h */ |
| 21 | #include <des.h> |
| 22 | |
| 23 | /* Text describing error codes */ |
| 24 | #define MAX_KRB_ERRORS 256 |
| 25 | extern char *krb_err_txt[MAX_KRB_ERRORS]; |
| 26 | |
| fae1c7a0 |
27 | /* |
| 28 | * These are not defined for at least SunOS 3.3, Ultrix 2.2, and A/UX 2.0 |
| 29 | */ |
| 30 | #if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40) || defined(_AUX_SOURCE) |
| 31 | #define FD_ZERO(p) ((p)->fds_bits[0] = 0) |
| 32 | #define FD_SET(n, p) ((p)->fds_bits[0] |= (1 << (n))) |
| 33 | #define FD_ISSET(n, p) ((p)->fds_bits[0] & (1 << (n))) |
| 34 | #endif |
| 0e014e3d |
35 | |
| 36 | /* General definitions */ |
| 37 | #define KSUCCESS 0 |
| 38 | #define KFAILURE 255 |
| 39 | |
| 40 | #ifdef NO_UIDGID_T |
| 41 | typedef unsigned short uid_t; |
| 42 | typedef unsigned short gid_t; |
| 43 | #endif /* NO_UIDGID_T */ |
| 44 | |
| 45 | /* |
| 46 | * Kerberos specific definitions |
| 47 | * |
| 48 | * KRBLOG is the log file for the kerberos master server. KRB_CONF is |
| 49 | * the configuration file where different host machines running master |
| 50 | * and slave servers can be found. KRB_MASTER is the name of the |
| 51 | * machine with the master database. The admin_server runs on this |
| 52 | * machine, and all changes to the db (as opposed to read-only |
| 53 | * requests, which can go to slaves) must go to it. KRB_HOST is the |
| 54 | * default machine * when looking for a kerberos slave server. Other |
| 55 | * possibilities are * in the KRB_CONF file. KRB_REALM is the name of |
| 56 | * the realm. |
| 57 | */ |
| 58 | |
| 59 | #ifdef notdef |
| 60 | this is server - only, does not belong here; |
| 61 | #define KRBLOG "/kerberos/kerberos.log" |
| 62 | are these used anyplace '?'; |
| 63 | #define VX_KRB_HSTFILE "/etc/krbhst" |
| 64 | #define PC_KRB_HSTFILE "\\kerberos\\krbhst" |
| 65 | #endif |
| 66 | |
| fae1c7a0 |
67 | #define KRB_CONF "/etc/athena/krb.conf" |
| 68 | #define KRB_RLM_TRANS "/etc/athena/krb.realms" |
| 0e014e3d |
69 | #define KRB_MASTER "kerberos" |
| 70 | #define KRB_HOST KRB_MASTER |
| 71 | #define KRB_REALM "ATHENA.MIT.EDU" |
| 72 | |
| 73 | /* The maximum sizes for aname, realm, sname, and instance +1 */ |
| 74 | #define ANAME_SZ 40 |
| 75 | #define REALM_SZ 40 |
| 76 | #define SNAME_SZ 40 |
| 77 | #define INST_SZ 40 |
| 78 | /* include space for '.' and '@' */ |
| 79 | #define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2) |
| 80 | #define KKEY_SZ 100 |
| 81 | #define VERSION_SZ 1 |
| 82 | #define MSG_TYPE_SZ 1 |
| 83 | #define DATE_SZ 26 /* RTI date output */ |
| 84 | |
| 85 | #define MAX_HSTNM 100 |
| 86 | |
| 87 | #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ |
| fae1c7a0 |
88 | #define DEFAULT_TKT_LIFE 120 /* default lifetime 10 hrs */ |
| 0e014e3d |
89 | #endif |
| 90 | |
| 91 | /* Definition of text structure used to pass text around */ |
| 92 | #define MAX_KTXT_LEN 1250 |
| 93 | |
| 94 | struct ktext { |
| 95 | int length; /* Length of the text */ |
| 96 | unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ |
| 97 | unsigned long mbz; /* zero to catch runaway strings */ |
| 98 | }; |
| 99 | |
| 100 | typedef struct ktext *KTEXT; |
| 101 | typedef struct ktext KTEXT_ST; |
| 102 | |
| 103 | |
| 104 | /* Definitions for send_to_kdc */ |
| 105 | #define CLIENT_KRB_TIMEOUT 4 /* time between retries */ |
| 106 | #define CLIENT_KRB_RETRY 5 /* retry this many times */ |
| 107 | #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ |
| 108 | |
| 109 | /* Definitions for ticket file utilities */ |
| 110 | #define R_TKT_FIL 0 |
| 111 | #define W_TKT_FIL 1 |
| 112 | |
| 113 | /* Definitions for cl_get_tgt */ |
| fae1c7a0 |
114 | #ifndef CL_GTGT_INIT_FILE |
| 0e014e3d |
115 | #ifdef PC |
| 116 | #define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts" |
| 117 | #else |
| fae1c7a0 |
118 | #define CL_GTGT_INIT_FILE "/etc/athena/k_in_tkts" |
| 119 | #endif /* PC */ |
| 120 | #endif /* CL_GTGT_INIT_FILE */ |
| 0e014e3d |
121 | |
| 122 | /* Parameters for rd_ap_req */ |
| 123 | /* Maximum alloable clock skew in seconds */ |
| 124 | #define CLOCK_SKEW 5*60 |
| 125 | /* Filename for readservkey */ |
| fae1c7a0 |
126 | #define KEYFILE "/etc/athena/srvtab" |
| 0e014e3d |
127 | |
| 128 | /* Structure definition for rd_ap_req */ |
| 129 | |
| 130 | struct auth_dat { |
| 131 | unsigned char k_flags; /* Flags from ticket */ |
| 132 | char pname[ANAME_SZ]; /* Principal's name */ |
| 133 | char pinst[INST_SZ]; /* His Instance */ |
| 134 | char prealm[REALM_SZ]; /* His Realm */ |
| 135 | unsigned long checksum; /* Data checksum (opt) */ |
| 136 | C_Block session; /* Session Key */ |
| 137 | int life; /* Life of ticket */ |
| 138 | unsigned long time_sec; /* Time ticket issued */ |
| 139 | unsigned long address; /* Address in ticket */ |
| 140 | KTEXT_ST reply; /* Auth reply (opt) */ |
| 141 | }; |
| 142 | |
| 143 | typedef struct auth_dat AUTH_DAT; |
| 144 | |
| 145 | /* Structure definition for credentials returned by get_cred */ |
| 146 | |
| 147 | struct credentials { |
| 148 | char service[ANAME_SZ]; /* Service name */ |
| 149 | char instance[INST_SZ]; /* Instance */ |
| 150 | char realm[REALM_SZ]; /* Auth domain */ |
| 151 | C_Block session; /* Session key */ |
| 152 | int lifetime; /* Lifetime */ |
| 153 | int kvno; /* Key version number */ |
| 154 | KTEXT_ST ticket_st; /* The ticket itself */ |
| 155 | long issue_date; /* The issue time */ |
| 156 | char pname[ANAME_SZ]; /* Principal's name */ |
| 157 | char pinst[INST_SZ]; /* Principal's instance */ |
| 158 | }; |
| 159 | |
| 160 | typedef struct credentials CREDENTIALS; |
| 161 | |
| 162 | /* Structure definition for rd_private_msg and rd_safe_msg */ |
| 163 | |
| 164 | struct msg_dat { |
| 165 | unsigned char *app_data; /* pointer to appl data */ |
| 166 | unsigned long app_length; /* length of appl data */ |
| 167 | unsigned long hash; /* hash to lookup replay */ |
| 168 | int swap; /* swap bytes? */ |
| 169 | long time_sec; /* msg timestamp seconds */ |
| 170 | unsigned char time_5ms; /* msg timestamp 5ms units */ |
| 171 | }; |
| 172 | |
| 173 | typedef struct msg_dat MSG_DAT; |
| 174 | |
| 175 | |
| 176 | /* Location of ticket file for save_cred and get_cred */ |
| 177 | #ifdef PC |
| 178 | #define TKT_FILE "\\kerberos\\ticket.ses" |
| 179 | #else |
| 180 | #define TKT_FILE tkt_string() |
| 181 | #define TKT_ROOT "/tmp/tkt" |
| fae1c7a0 |
182 | #endif /* PC */ |
| 0e014e3d |
183 | |
| 184 | /* Error codes returned from the KDC */ |
| 185 | #define KDC_OK 0 /* Request OK */ |
| 186 | #define KDC_NAME_EXP 1 /* Principal expired */ |
| 187 | #define KDC_SERVICE_EXP 2 /* Service expired */ |
| 188 | #define KDC_AUTH_EXP 3 /* Auth expired */ |
| 189 | #define KDC_PKT_VER 4 /* Protocol version unknown */ |
| 190 | #define KDC_P_MKEY_VER 5 /* Wrong master key version */ |
| 191 | #define KDC_S_MKEY_VER 6 /* Wrong master key version */ |
| 192 | #define KDC_BYTE_ORDER 7 /* Byte order unknown */ |
| 193 | #define KDC_PR_UNKNOWN 8 /* Principal unknown */ |
| 194 | #define KDC_PR_N_UNIQUE 9 /* Principal not unique */ |
| 195 | #define KDC_NULL_KEY 10 /* Principal has null key */ |
| 196 | #define KDC_GEN_ERR 20 /* Generic error from KDC */ |
| 197 | |
| 198 | |
| 199 | /* Values returned by get_credentials */ |
| 200 | #define GC_OK 0 /* Retrieve OK */ |
| 201 | #define RET_OK 0 /* Retrieve OK */ |
| 202 | #define GC_TKFIL 21 /* Can't read ticket file */ |
| 203 | #define RET_TKFIL 21 /* Can't read ticket file */ |
| 204 | #define GC_NOTKT 22 /* Can't find ticket or TGT */ |
| 205 | #define RET_NOTKT 22 /* Can't find ticket or TGT */ |
| 206 | |
| 207 | |
| 208 | /* Values returned by mk_ap_req */ |
| 209 | #define MK_AP_OK 0 /* Success */ |
| 210 | #define MK_AP_TGTEXP 26 /* TGT Expired */ |
| 211 | |
| 212 | /* Values returned by rd_ap_req */ |
| 213 | #define RD_AP_OK 0 /* Request authentic */ |
| 214 | #define RD_AP_UNDEC 31 /* Can't decode authenticator */ |
| 215 | #define RD_AP_EXP 32 /* Ticket expired */ |
| 216 | #define RD_AP_NYV 33 /* Ticket not yet valid */ |
| 217 | #define RD_AP_REPEAT 34 /* Repeated request */ |
| 218 | #define RD_AP_NOT_US 35 /* The ticket isn't for us */ |
| 219 | #define RD_AP_INCON 36 /* Request is inconsistent */ |
| 220 | #define RD_AP_TIME 37 /* delta_t too big */ |
| 221 | #define RD_AP_BADD 38 /* Incorrect net address */ |
| 222 | #define RD_AP_VERSION 39 /* protocol version mismatch */ |
| 223 | #define RD_AP_MSG_TYPE 40 /* invalid msg type */ |
| 224 | #define RD_AP_MODIFIED 41 /* message stream modified */ |
| 225 | #define RD_AP_ORDER 42 /* message out of order */ |
| 226 | #define RD_AP_UNAUTHOR 43 /* unauthorized request */ |
| 227 | |
| 228 | /* Values returned by get_pw_tkt */ |
| 229 | #define GT_PW_OK 0 /* Got password changing tkt */ |
| 230 | #define GT_PW_NULL 51 /* Current PW is null */ |
| 231 | #define GT_PW_BADPW 52 /* Incorrect current password */ |
| 232 | #define GT_PW_PROT 53 /* Protocol Error */ |
| 233 | #define GT_PW_KDCERR 54 /* Error returned by KDC */ |
| 234 | #define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ |
| 235 | |
| 236 | |
| 237 | /* Values returned by send_to_kdc */ |
| 238 | #define SKDC_OK 0 /* Response received */ |
| 239 | #define SKDC_RETRY 56 /* Retry count exceeded */ |
| 240 | #define SKDC_CANT 57 /* Can't send request */ |
| 241 | |
| 242 | /* |
| 243 | * Values returned by get_intkt |
| 244 | * (can also return SKDC_* and KDC errors) |
| 245 | */ |
| 246 | |
| 247 | #define INTK_OK 0 /* Ticket obtained */ |
| 248 | #define INTK_W_NOTALL 61 /* Not ALL tickets returned */ |
| 249 | #define INTK_BADPW 62 /* Incorrect password */ |
| 250 | #define INTK_PROT 63 /* Protocol Error */ |
| 251 | #define INTK_ERR 70 /* Other error */ |
| 252 | |
| 253 | /* Values returned by get_adtkt */ |
| 254 | #define AD_OK 0 /* Ticket Obtained */ |
| 255 | #define AD_NOTGT 71 /* Don't have tgt */ |
| 256 | |
| 257 | /* Error codes returned by ticket file utilities */ |
| 258 | #define NO_TKT_FIL 76 /* No ticket file found */ |
| 259 | #define TKT_FIL_ACC 77 /* Couldn't access tkt file */ |
| 260 | #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ |
| 261 | #define TKT_FIL_FMT 79 /* Bad ticket file format */ |
| 262 | #define TKT_FIL_INI 80 /* tf_init not called first */ |
| 263 | |
| 264 | /* Error code returned by kparse_name */ |
| 265 | #define KNAME_FMT 81 /* Bad Kerberos name format */ |
| 266 | |
| 267 | /* Error code returned by krb_mk_safe */ |
| 268 | #define SAFE_PRIV_ERROR -1 /* syscall error */ |
| 269 | |
| 270 | /* |
| 271 | * macros for byte swapping; also scratch space |
| 272 | * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 |
| 273 | * u_long 0-->3, 1-->2, 2-->1, 3-->0 |
| 274 | * u_short 0-->1, 1-->0 |
| 275 | */ |
| 276 | |
| 277 | #define swap_u_16(x) {\ |
| 278 | unsigned long _krb_swap_tmp[4];\ |
| 279 | swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \ |
| 280 | swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \ |
| 281 | swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \ |
| 282 | swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \ |
| 283 | swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \ |
| 284 | swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \ |
| 285 | swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \ |
| 286 | swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \ |
| 287 | bcopy((char *)_krb_swap_tmp,(char *)x,16);\ |
| 288 | } |
| 289 | |
| 290 | #define swap_u_12(x) {\ |
| 291 | unsigned long _krb_swap_tmp[4];\ |
| 292 | swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \ |
| 293 | swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \ |
| 294 | swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \ |
| 295 | swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \ |
| 296 | swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \ |
| 297 | swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \ |
| 298 | bcopy((char *)_krb_swap_tmp,(char *)x,12);\ |
| 299 | } |
| 300 | |
| 301 | #define swap_C_Block(x) {\ |
| 302 | unsigned long _krb_swap_tmp[4];\ |
| 303 | swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \ |
| 304 | swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \ |
| 305 | swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \ |
| 306 | swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \ |
| 307 | bcopy((char *)_krb_swap_tmp,(char *)x,8);\ |
| 308 | } |
| 309 | #define swap_u_quad(x) {\ |
| 310 | unsigned long _krb_swap_tmp[4];\ |
| 311 | swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \ |
| 312 | swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \ |
| 313 | swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \ |
| 314 | swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \ |
| 315 | bcopy((char *)_krb_swap_tmp,(char *)&x,8);\ |
| 316 | } |
| 317 | |
| 318 | #define swap_u_long(x) {\ |
| 319 | unsigned long _krb_swap_tmp[4];\ |
| 320 | swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \ |
| 321 | swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \ |
| 322 | x = _krb_swap_tmp[0]; \ |
| 323 | } |
| 324 | |
| 325 | #define swap_u_short(x) {\ |
| 326 | unsigned short _krb_swap_sh_tmp; \ |
| 327 | swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \ |
| 328 | x = (unsigned short) _krb_swap_sh_tmp; \ |
| 329 | } |
| 330 | |
| 331 | /* Kerberos ticket flag field bit definitions */ |
| 332 | #define K_FLAG_ORDER 0 /* bit 0 --> lsb */ |
| 333 | #define K_FLAG_1 /* reserved */ |
| 334 | #define K_FLAG_2 /* reserved */ |
| 335 | #define K_FLAG_3 /* reserved */ |
| 336 | #define K_FLAG_4 /* reserved */ |
| 337 | #define K_FLAG_5 /* reserved */ |
| 338 | #define K_FLAG_6 /* reserved */ |
| 339 | #define K_FLAG_7 /* reserved, bit 7 --> msb */ |
| 340 | |
| 341 | #ifndef PC |
| 342 | char *tkt_string(); |
| fae1c7a0 |
343 | #endif /* PC */ |
| 0e014e3d |
344 | |
| 345 | #ifdef OLDNAMES |
| 346 | #define krb_mk_req mk_ap_req |
| 347 | #define krb_rd_req rd_ap_req |
| 348 | #define krb_kntoln an_to_ln |
| 349 | #define krb_set_key set_serv_key |
| 350 | #define krb_get_cred get_credentials |
| 351 | #define krb_mk_priv mk_private_msg |
| 352 | #define krb_rd_priv rd_private_msg |
| 353 | #define krb_mk_safe mk_safe_msg |
| 354 | #define krb_rd_safe rd_safe_msg |
| 355 | #define krb_mk_err mk_appl_err_msg |
| 356 | #define krb_rd_err rd_appl_err_msg |
| 357 | #define krb_ck_repl check_replay |
| 358 | #define krb_get_pw_in_tkt get_in_tkt |
| 359 | #define krb_get_svc_in_tkt get_svc_in_tkt |
| 360 | #define krb_get_pw_tkt get_pw_tkt |
| 361 | #define krb_realmofhost krb_getrealm |
| 362 | #define krb_get_phost get_phost |
| 363 | #define krb_get_krbhst get_krbhst |
| 364 | #define krb_get_lrealm get_krbrlm |
| fae1c7a0 |
365 | #endif /* OLDNAMES */ |
| 0e014e3d |
366 | |
| 367 | /* Defines for krb_sendauth and krb_recvauth */ |
| 368 | |
| 369 | #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ |
| 370 | #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ |
| 371 | |
| 372 | #define KOPT_DONT_CANON 0x00000004 /* |
| 373 | * don't canonicalize inst as |
| 374 | * a hostname |
| 375 | */ |
| 376 | |
| 377 | #define KRB_SENDAUTH_VLEN 8 /* length for version strings */ |
| 378 | |
| 379 | #ifdef ATHENA_COMPAT |
| 380 | #define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */ |
| fae1c7a0 |
381 | #endif /* ATHENA_COMPAT */ |
| 0e014e3d |
382 | |
| fae1c7a0 |
383 | #endif /* KRB_DEFS */ |
andersk / moira.git / blame