]>
Commit | Line | Data |
---|---|---|
0e014e3d | 1 | /* |
2 | * $Source$ | |
3 | * $Author$ | |
4 | * $Header$ | |
5 | * | |
6 | * Copyright 1987, 1988 by the Massachusetts Institute of Technology. | |
7 | * | |
8 | * For copying and distribution information, please see the file | |
9 | * <mit-copyright.h>. | |
10 | * | |
11 | * Include file for the Kerberos library. | |
12 | */ | |
13 | ||
14 | /* Only one time, please */ | |
15 | #ifndef KRB_DEFS | |
16 | #define KRB_DEFS | |
17 | ||
18 | #include <mit-copyright.h> | |
19 | ||
20 | /* Need some defs from des.h */ | |
21 | #include <des.h> | |
22 | ||
23 | /* Text describing error codes */ | |
24 | #define MAX_KRB_ERRORS 256 | |
25 | extern char *krb_err_txt[MAX_KRB_ERRORS]; | |
26 | ||
fae1c7a0 | 27 | /* |
28 | * These are not defined for at least SunOS 3.3, Ultrix 2.2, and A/UX 2.0 | |
29 | */ | |
30 | #if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40) || defined(_AUX_SOURCE) | |
31 | #define FD_ZERO(p) ((p)->fds_bits[0] = 0) | |
32 | #define FD_SET(n, p) ((p)->fds_bits[0] |= (1 << (n))) | |
33 | #define FD_ISSET(n, p) ((p)->fds_bits[0] & (1 << (n))) | |
34 | #endif | |
0e014e3d | 35 | |
36 | /* General definitions */ | |
37 | #define KSUCCESS 0 | |
38 | #define KFAILURE 255 | |
39 | ||
40 | #ifdef NO_UIDGID_T | |
41 | typedef unsigned short uid_t; | |
42 | typedef unsigned short gid_t; | |
43 | #endif /* NO_UIDGID_T */ | |
44 | ||
45 | /* | |
46 | * Kerberos specific definitions | |
47 | * | |
48 | * KRBLOG is the log file for the kerberos master server. KRB_CONF is | |
49 | * the configuration file where different host machines running master | |
50 | * and slave servers can be found. KRB_MASTER is the name of the | |
51 | * machine with the master database. The admin_server runs on this | |
52 | * machine, and all changes to the db (as opposed to read-only | |
53 | * requests, which can go to slaves) must go to it. KRB_HOST is the | |
54 | * default machine * when looking for a kerberos slave server. Other | |
55 | * possibilities are * in the KRB_CONF file. KRB_REALM is the name of | |
56 | * the realm. | |
57 | */ | |
58 | ||
59 | #ifdef notdef | |
60 | this is server - only, does not belong here; | |
61 | #define KRBLOG "/kerberos/kerberos.log" | |
62 | are these used anyplace '?'; | |
63 | #define VX_KRB_HSTFILE "/etc/krbhst" | |
64 | #define PC_KRB_HSTFILE "\\kerberos\\krbhst" | |
65 | #endif | |
66 | ||
fae1c7a0 | 67 | #define KRB_CONF "/etc/athena/krb.conf" |
68 | #define KRB_RLM_TRANS "/etc/athena/krb.realms" | |
0e014e3d | 69 | #define KRB_MASTER "kerberos" |
70 | #define KRB_HOST KRB_MASTER | |
71 | #define KRB_REALM "ATHENA.MIT.EDU" | |
72 | ||
73 | /* The maximum sizes for aname, realm, sname, and instance +1 */ | |
74 | #define ANAME_SZ 40 | |
75 | #define REALM_SZ 40 | |
76 | #define SNAME_SZ 40 | |
77 | #define INST_SZ 40 | |
78 | /* include space for '.' and '@' */ | |
79 | #define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2) | |
80 | #define KKEY_SZ 100 | |
81 | #define VERSION_SZ 1 | |
82 | #define MSG_TYPE_SZ 1 | |
83 | #define DATE_SZ 26 /* RTI date output */ | |
84 | ||
85 | #define MAX_HSTNM 100 | |
86 | ||
87 | #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ | |
fae1c7a0 | 88 | #define DEFAULT_TKT_LIFE 120 /* default lifetime 10 hrs */ |
0e014e3d | 89 | #endif |
90 | ||
91 | /* Definition of text structure used to pass text around */ | |
92 | #define MAX_KTXT_LEN 1250 | |
93 | ||
94 | struct ktext { | |
95 | int length; /* Length of the text */ | |
96 | unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ | |
97 | unsigned long mbz; /* zero to catch runaway strings */ | |
98 | }; | |
99 | ||
100 | typedef struct ktext *KTEXT; | |
101 | typedef struct ktext KTEXT_ST; | |
102 | ||
103 | ||
104 | /* Definitions for send_to_kdc */ | |
105 | #define CLIENT_KRB_TIMEOUT 4 /* time between retries */ | |
106 | #define CLIENT_KRB_RETRY 5 /* retry this many times */ | |
107 | #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ | |
108 | ||
109 | /* Definitions for ticket file utilities */ | |
110 | #define R_TKT_FIL 0 | |
111 | #define W_TKT_FIL 1 | |
112 | ||
113 | /* Definitions for cl_get_tgt */ | |
fae1c7a0 | 114 | #ifndef CL_GTGT_INIT_FILE |
0e014e3d | 115 | #ifdef PC |
116 | #define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts" | |
117 | #else | |
fae1c7a0 | 118 | #define CL_GTGT_INIT_FILE "/etc/athena/k_in_tkts" |
119 | #endif /* PC */ | |
120 | #endif /* CL_GTGT_INIT_FILE */ | |
0e014e3d | 121 | |
122 | /* Parameters for rd_ap_req */ | |
123 | /* Maximum alloable clock skew in seconds */ | |
124 | #define CLOCK_SKEW 5*60 | |
125 | /* Filename for readservkey */ | |
fae1c7a0 | 126 | #define KEYFILE "/etc/athena/srvtab" |
0e014e3d | 127 | |
128 | /* Structure definition for rd_ap_req */ | |
129 | ||
130 | struct auth_dat { | |
131 | unsigned char k_flags; /* Flags from ticket */ | |
132 | char pname[ANAME_SZ]; /* Principal's name */ | |
133 | char pinst[INST_SZ]; /* His Instance */ | |
134 | char prealm[REALM_SZ]; /* His Realm */ | |
135 | unsigned long checksum; /* Data checksum (opt) */ | |
136 | C_Block session; /* Session Key */ | |
137 | int life; /* Life of ticket */ | |
138 | unsigned long time_sec; /* Time ticket issued */ | |
139 | unsigned long address; /* Address in ticket */ | |
140 | KTEXT_ST reply; /* Auth reply (opt) */ | |
141 | }; | |
142 | ||
143 | typedef struct auth_dat AUTH_DAT; | |
144 | ||
145 | /* Structure definition for credentials returned by get_cred */ | |
146 | ||
147 | struct credentials { | |
148 | char service[ANAME_SZ]; /* Service name */ | |
149 | char instance[INST_SZ]; /* Instance */ | |
150 | char realm[REALM_SZ]; /* Auth domain */ | |
151 | C_Block session; /* Session key */ | |
152 | int lifetime; /* Lifetime */ | |
153 | int kvno; /* Key version number */ | |
154 | KTEXT_ST ticket_st; /* The ticket itself */ | |
155 | long issue_date; /* The issue time */ | |
156 | char pname[ANAME_SZ]; /* Principal's name */ | |
157 | char pinst[INST_SZ]; /* Principal's instance */ | |
158 | }; | |
159 | ||
160 | typedef struct credentials CREDENTIALS; | |
161 | ||
162 | /* Structure definition for rd_private_msg and rd_safe_msg */ | |
163 | ||
164 | struct msg_dat { | |
165 | unsigned char *app_data; /* pointer to appl data */ | |
166 | unsigned long app_length; /* length of appl data */ | |
167 | unsigned long hash; /* hash to lookup replay */ | |
168 | int swap; /* swap bytes? */ | |
169 | long time_sec; /* msg timestamp seconds */ | |
170 | unsigned char time_5ms; /* msg timestamp 5ms units */ | |
171 | }; | |
172 | ||
173 | typedef struct msg_dat MSG_DAT; | |
174 | ||
175 | ||
176 | /* Location of ticket file for save_cred and get_cred */ | |
177 | #ifdef PC | |
178 | #define TKT_FILE "\\kerberos\\ticket.ses" | |
179 | #else | |
180 | #define TKT_FILE tkt_string() | |
181 | #define TKT_ROOT "/tmp/tkt" | |
fae1c7a0 | 182 | #endif /* PC */ |
0e014e3d | 183 | |
184 | /* Error codes returned from the KDC */ | |
185 | #define KDC_OK 0 /* Request OK */ | |
186 | #define KDC_NAME_EXP 1 /* Principal expired */ | |
187 | #define KDC_SERVICE_EXP 2 /* Service expired */ | |
188 | #define KDC_AUTH_EXP 3 /* Auth expired */ | |
189 | #define KDC_PKT_VER 4 /* Protocol version unknown */ | |
190 | #define KDC_P_MKEY_VER 5 /* Wrong master key version */ | |
191 | #define KDC_S_MKEY_VER 6 /* Wrong master key version */ | |
192 | #define KDC_BYTE_ORDER 7 /* Byte order unknown */ | |
193 | #define KDC_PR_UNKNOWN 8 /* Principal unknown */ | |
194 | #define KDC_PR_N_UNIQUE 9 /* Principal not unique */ | |
195 | #define KDC_NULL_KEY 10 /* Principal has null key */ | |
196 | #define KDC_GEN_ERR 20 /* Generic error from KDC */ | |
197 | ||
198 | ||
199 | /* Values returned by get_credentials */ | |
200 | #define GC_OK 0 /* Retrieve OK */ | |
201 | #define RET_OK 0 /* Retrieve OK */ | |
202 | #define GC_TKFIL 21 /* Can't read ticket file */ | |
203 | #define RET_TKFIL 21 /* Can't read ticket file */ | |
204 | #define GC_NOTKT 22 /* Can't find ticket or TGT */ | |
205 | #define RET_NOTKT 22 /* Can't find ticket or TGT */ | |
206 | ||
207 | ||
208 | /* Values returned by mk_ap_req */ | |
209 | #define MK_AP_OK 0 /* Success */ | |
210 | #define MK_AP_TGTEXP 26 /* TGT Expired */ | |
211 | ||
212 | /* Values returned by rd_ap_req */ | |
213 | #define RD_AP_OK 0 /* Request authentic */ | |
214 | #define RD_AP_UNDEC 31 /* Can't decode authenticator */ | |
215 | #define RD_AP_EXP 32 /* Ticket expired */ | |
216 | #define RD_AP_NYV 33 /* Ticket not yet valid */ | |
217 | #define RD_AP_REPEAT 34 /* Repeated request */ | |
218 | #define RD_AP_NOT_US 35 /* The ticket isn't for us */ | |
219 | #define RD_AP_INCON 36 /* Request is inconsistent */ | |
220 | #define RD_AP_TIME 37 /* delta_t too big */ | |
221 | #define RD_AP_BADD 38 /* Incorrect net address */ | |
222 | #define RD_AP_VERSION 39 /* protocol version mismatch */ | |
223 | #define RD_AP_MSG_TYPE 40 /* invalid msg type */ | |
224 | #define RD_AP_MODIFIED 41 /* message stream modified */ | |
225 | #define RD_AP_ORDER 42 /* message out of order */ | |
226 | #define RD_AP_UNAUTHOR 43 /* unauthorized request */ | |
227 | ||
228 | /* Values returned by get_pw_tkt */ | |
229 | #define GT_PW_OK 0 /* Got password changing tkt */ | |
230 | #define GT_PW_NULL 51 /* Current PW is null */ | |
231 | #define GT_PW_BADPW 52 /* Incorrect current password */ | |
232 | #define GT_PW_PROT 53 /* Protocol Error */ | |
233 | #define GT_PW_KDCERR 54 /* Error returned by KDC */ | |
234 | #define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ | |
235 | ||
236 | ||
237 | /* Values returned by send_to_kdc */ | |
238 | #define SKDC_OK 0 /* Response received */ | |
239 | #define SKDC_RETRY 56 /* Retry count exceeded */ | |
240 | #define SKDC_CANT 57 /* Can't send request */ | |
241 | ||
242 | /* | |
243 | * Values returned by get_intkt | |
244 | * (can also return SKDC_* and KDC errors) | |
245 | */ | |
246 | ||
247 | #define INTK_OK 0 /* Ticket obtained */ | |
248 | #define INTK_W_NOTALL 61 /* Not ALL tickets returned */ | |
249 | #define INTK_BADPW 62 /* Incorrect password */ | |
250 | #define INTK_PROT 63 /* Protocol Error */ | |
251 | #define INTK_ERR 70 /* Other error */ | |
252 | ||
253 | /* Values returned by get_adtkt */ | |
254 | #define AD_OK 0 /* Ticket Obtained */ | |
255 | #define AD_NOTGT 71 /* Don't have tgt */ | |
256 | ||
257 | /* Error codes returned by ticket file utilities */ | |
258 | #define NO_TKT_FIL 76 /* No ticket file found */ | |
259 | #define TKT_FIL_ACC 77 /* Couldn't access tkt file */ | |
260 | #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ | |
261 | #define TKT_FIL_FMT 79 /* Bad ticket file format */ | |
262 | #define TKT_FIL_INI 80 /* tf_init not called first */ | |
263 | ||
264 | /* Error code returned by kparse_name */ | |
265 | #define KNAME_FMT 81 /* Bad Kerberos name format */ | |
266 | ||
267 | /* Error code returned by krb_mk_safe */ | |
268 | #define SAFE_PRIV_ERROR -1 /* syscall error */ | |
269 | ||
270 | /* | |
271 | * macros for byte swapping; also scratch space | |
272 | * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 | |
273 | * u_long 0-->3, 1-->2, 2-->1, 3-->0 | |
274 | * u_short 0-->1, 1-->0 | |
275 | */ | |
276 | ||
277 | #define swap_u_16(x) {\ | |
278 | unsigned long _krb_swap_tmp[4];\ | |
279 | swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \ | |
280 | swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \ | |
281 | swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \ | |
282 | swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \ | |
283 | swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \ | |
284 | swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \ | |
285 | swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \ | |
286 | swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \ | |
287 | bcopy((char *)_krb_swap_tmp,(char *)x,16);\ | |
288 | } | |
289 | ||
290 | #define swap_u_12(x) {\ | |
291 | unsigned long _krb_swap_tmp[4];\ | |
292 | swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \ | |
293 | swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \ | |
294 | swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \ | |
295 | swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \ | |
296 | swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \ | |
297 | swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \ | |
298 | bcopy((char *)_krb_swap_tmp,(char *)x,12);\ | |
299 | } | |
300 | ||
301 | #define swap_C_Block(x) {\ | |
302 | unsigned long _krb_swap_tmp[4];\ | |
303 | swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \ | |
304 | swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \ | |
305 | swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \ | |
306 | swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \ | |
307 | bcopy((char *)_krb_swap_tmp,(char *)x,8);\ | |
308 | } | |
309 | #define swap_u_quad(x) {\ | |
310 | unsigned long _krb_swap_tmp[4];\ | |
311 | swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \ | |
312 | swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \ | |
313 | swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \ | |
314 | swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \ | |
315 | bcopy((char *)_krb_swap_tmp,(char *)&x,8);\ | |
316 | } | |
317 | ||
318 | #define swap_u_long(x) {\ | |
319 | unsigned long _krb_swap_tmp[4];\ | |
320 | swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \ | |
321 | swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \ | |
322 | x = _krb_swap_tmp[0]; \ | |
323 | } | |
324 | ||
325 | #define swap_u_short(x) {\ | |
326 | unsigned short _krb_swap_sh_tmp; \ | |
327 | swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \ | |
328 | x = (unsigned short) _krb_swap_sh_tmp; \ | |
329 | } | |
330 | ||
331 | /* Kerberos ticket flag field bit definitions */ | |
332 | #define K_FLAG_ORDER 0 /* bit 0 --> lsb */ | |
333 | #define K_FLAG_1 /* reserved */ | |
334 | #define K_FLAG_2 /* reserved */ | |
335 | #define K_FLAG_3 /* reserved */ | |
336 | #define K_FLAG_4 /* reserved */ | |
337 | #define K_FLAG_5 /* reserved */ | |
338 | #define K_FLAG_6 /* reserved */ | |
339 | #define K_FLAG_7 /* reserved, bit 7 --> msb */ | |
340 | ||
341 | #ifndef PC | |
342 | char *tkt_string(); | |
fae1c7a0 | 343 | #endif /* PC */ |
0e014e3d | 344 | |
345 | #ifdef OLDNAMES | |
346 | #define krb_mk_req mk_ap_req | |
347 | #define krb_rd_req rd_ap_req | |
348 | #define krb_kntoln an_to_ln | |
349 | #define krb_set_key set_serv_key | |
350 | #define krb_get_cred get_credentials | |
351 | #define krb_mk_priv mk_private_msg | |
352 | #define krb_rd_priv rd_private_msg | |
353 | #define krb_mk_safe mk_safe_msg | |
354 | #define krb_rd_safe rd_safe_msg | |
355 | #define krb_mk_err mk_appl_err_msg | |
356 | #define krb_rd_err rd_appl_err_msg | |
357 | #define krb_ck_repl check_replay | |
358 | #define krb_get_pw_in_tkt get_in_tkt | |
359 | #define krb_get_svc_in_tkt get_svc_in_tkt | |
360 | #define krb_get_pw_tkt get_pw_tkt | |
361 | #define krb_realmofhost krb_getrealm | |
362 | #define krb_get_phost get_phost | |
363 | #define krb_get_krbhst get_krbhst | |
364 | #define krb_get_lrealm get_krbrlm | |
fae1c7a0 | 365 | #endif /* OLDNAMES */ |
0e014e3d | 366 | |
367 | /* Defines for krb_sendauth and krb_recvauth */ | |
368 | ||
369 | #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ | |
370 | #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ | |
371 | ||
372 | #define KOPT_DONT_CANON 0x00000004 /* | |
373 | * don't canonicalize inst as | |
374 | * a hostname | |
375 | */ | |
376 | ||
377 | #define KRB_SENDAUTH_VLEN 8 /* length for version strings */ | |
378 | ||
379 | #ifdef ATHENA_COMPAT | |
380 | #define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */ | |
fae1c7a0 | 381 | #endif /* ATHENA_COMPAT */ |
0e014e3d | 382 | |
fae1c7a0 | 383 | #endif /* KRB_DEFS */ |