![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to krb.h CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / include|
Return to krb.h CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / include |
1.1 ! root 1: /* ! 2: * $Source: /usr/src/kerberosIV/src/include/RCS/krb.h,v $ ! 3: * $Author: kfall $ ! 4: * $Header: /usr/src/kerberosIV/src/include/RCS/krb.h,v 4.27 90/05/12 00:04:07 kfall Exp $ ! 5: * ! 6: * Copyright 1987, 1988 by the Massachusetts Institute of Technology. ! 7: * ! 8: * For copying and distribution information, please see the file ! 9: * <mit-copyright.h>. ! 10: * ! 11: * Include file for the Kerberos library. ! 12: */ ! 13: ! 14: /* Only one time, please */ ! 15: #ifndef KRB_DEFS ! 16: #define KRB_DEFS ! 17: ! 18: #ifdef ATHENA ! 19: #include <mit-copyright.h> ! 20: ! 21: /* Need some defs from des.h */ ! 22: #include <des.h> ! 23: #endif ! 24: ! 25: /* Text describing error codes */ ! 26: #define MAX_KRB_ERRORS 256 ! 27: extern char *krb_err_txt[MAX_KRB_ERRORS]; ! 28: ! 29: /* These are not defined for at least SunOS 3.3 and Ultrix 2.2 */ ! 30: #if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40) ! 31: #define FD_ZERO(p) ((p)->fds_bits[0] = 0) ! 32: #define FD_SET(n, p) ((p)->fds_bits[0] |= (1 << (n))) ! 33: #define FD_ISSET(n, p) ((p)->fds_bits[0] & (1 << (n))) ! 34: #endif /* ULTRIX022 || SunOS */ ! 35: ! 36: /* General definitions */ ! 37: #define KSUCCESS 0 ! 38: #define KFAILURE 255 ! 39: ! 40: #ifdef NO_UIDGID_T ! 41: typedef unsigned short uid_t; ! 42: typedef unsigned short gid_t; ! 43: #endif /* NO_UIDGID_T */ ! 44: ! 45: /* ! 46: * Kerberos specific definitions ! 47: * ! 48: * KRBLOG is the log file for the kerberos master server. KRB_CONF is ! 49: * the configuration file where different host machines running master ! 50: * and slave servers can be found. KRB_MASTER is the name of the ! 51: * machine with the master database. The admin_server runs on this ! 52: * machine, and all changes to the db (as opposed to read-only ! 53: * requests, which can go to slaves) must go to it. KRB_HOST is the ! 54: * default machine * when looking for a kerberos slave server. Other ! 55: * possibilities are * in the KRB_CONF file. KRB_REALM is the name of ! 56: * the realm. ! 57: */ ! 58: ! 59: #ifdef notdef ! 60: this is server - only, does not belong here; ! 61: #define KRBLOG "/etc/kerberosIV/kerberos.log" ! 62: are these used anyplace '?'; ! 63: #define VX_KRB_HSTFILE "/etc/kerberosIV/krbhst" ! 64: #define PC_KRB_HSTFILE "\\kerberos\\krbhst" ! 65: #endif ! 66: ! 67: #define KRB_CONF "/etc/kerberosIV/krb.conf" ! 68: #define KRB_RLM_TRANS "/etc/kerberosIV/krb.realms" ! 69: #define KRB_MASTER "kerberos" ! 70: #define KRB_HOST KRB_MASTER ! 71: #define KRB_REALM "CS.BERKELEY.EDU" ! 72: ! 73: /* The maximum sizes for aname, realm, sname, and instance +1 */ ! 74: #define ANAME_SZ 40 ! 75: #define REALM_SZ 40 ! 76: #define SNAME_SZ 40 ! 77: #define INST_SZ 40 ! 78: /* include space for '.' and '@' */ ! 79: #define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2) ! 80: #define KKEY_SZ 100 ! 81: #define VERSION_SZ 1 ! 82: #define MSG_TYPE_SZ 1 ! 83: #define DATE_SZ 26 /* RTI date output */ ! 84: ! 85: #define MAX_HSTNM 100 ! 86: ! 87: #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ ! 88: #define DEFAULT_TKT_LIFE 96 /* default lifetime for krb_mk_req ! 89: & co., 8 hrs */ ! 90: #endif ! 91: ! 92: /* Definition of text structure used to pass text around */ ! 93: #define MAX_KTXT_LEN 1250 ! 94: ! 95: struct ktext { ! 96: int length; /* Length of the text */ ! 97: unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ ! 98: unsigned long mbz; /* zero to catch runaway strings */ ! 99: }; ! 100: ! 101: typedef struct ktext *KTEXT; ! 102: typedef struct ktext KTEXT_ST; ! 103: ! 104: ! 105: /* Definitions for send_to_kdc */ ! 106: #define CLIENT_KRB_TIMEOUT 4 /* time between retries */ ! 107: #define CLIENT_KRB_RETRY 5 /* retry this many times */ ! 108: #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ ! 109: ! 110: /* Definitions for ticket file utilities */ ! 111: #define R_TKT_FIL 0 ! 112: #define W_TKT_FIL 1 ! 113: ! 114: /* Definitions for cl_get_tgt */ ! 115: #ifdef PC ! 116: #define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts" ! 117: #else ! 118: #define CL_GTGT_INIT_FILE "/etc/kerberosIV/k_in_tkts" ! 119: #endif PC ! 120: ! 121: /* Parameters for rd_ap_req */ ! 122: /* Maximum alloable clock skew in seconds */ ! 123: #define CLOCK_SKEW 5*60 ! 124: /* Filename for readservkey */ ! 125: #define KEYFILE "/etc/kerberosIV/srvtab" ! 126: ! 127: /* Structure definition for rd_ap_req */ ! 128: ! 129: struct auth_dat { ! 130: unsigned char k_flags; /* Flags from ticket */ ! 131: char pname[ANAME_SZ]; /* Principal's name */ ! 132: char pinst[INST_SZ]; /* His Instance */ ! 133: char prealm[REALM_SZ]; /* His Realm */ ! 134: unsigned long checksum; /* Data checksum (opt) */ ! 135: C_Block session; /* Session Key */ ! 136: int life; /* Life of ticket */ ! 137: unsigned long time_sec; /* Time ticket issued */ ! 138: unsigned long address; /* Address in ticket */ ! 139: KTEXT_ST reply; /* Auth reply (opt) */ ! 140: }; ! 141: ! 142: typedef struct auth_dat AUTH_DAT; ! 143: ! 144: /* Structure definition for credentials returned by get_cred */ ! 145: ! 146: struct credentials { ! 147: char service[ANAME_SZ]; /* Service name */ ! 148: char instance[INST_SZ]; /* Instance */ ! 149: char realm[REALM_SZ]; /* Auth domain */ ! 150: C_Block session; /* Session key */ ! 151: int lifetime; /* Lifetime */ ! 152: int kvno; /* Key version number */ ! 153: KTEXT_ST ticket_st; /* The ticket itself */ ! 154: long issue_date; /* The issue time */ ! 155: char pname[ANAME_SZ]; /* Principal's name */ ! 156: char pinst[INST_SZ]; /* Principal's instance */ ! 157: }; ! 158: ! 159: typedef struct credentials CREDENTIALS; ! 160: ! 161: /* Structure definition for rd_private_msg and rd_safe_msg */ ! 162: ! 163: struct msg_dat { ! 164: unsigned char *app_data; /* pointer to appl data */ ! 165: unsigned long app_length; /* length of appl data */ ! 166: unsigned long hash; /* hash to lookup replay */ ! 167: int swap; /* swap bytes? */ ! 168: long time_sec; /* msg timestamp seconds */ ! 169: unsigned char time_5ms; /* msg timestamp 5ms units */ ! 170: }; ! 171: ! 172: typedef struct msg_dat MSG_DAT; ! 173: ! 174: ! 175: /* Location of ticket file for save_cred and get_cred */ ! 176: #ifdef PC ! 177: #define TKT_FILE "\\kerberos\\ticket.ses" ! 178: #else ! 179: #define TKT_FILE tkt_string() ! 180: #define TKT_ROOT "/tmp/tkt" ! 181: #endif PC ! 182: ! 183: /* Error codes returned from the KDC */ ! 184: #define KDC_OK 0 /* Request OK */ ! 185: #define KDC_NAME_EXP 1 /* Principal expired */ ! 186: #define KDC_SERVICE_EXP 2 /* Service expired */ ! 187: #define KDC_AUTH_EXP 3 /* Auth expired */ ! 188: #define KDC_PKT_VER 4 /* Protocol version unknown */ ! 189: #define KDC_P_MKEY_VER 5 /* Wrong master key version */ ! 190: #define KDC_S_MKEY_VER 6 /* Wrong master key version */ ! 191: #define KDC_BYTE_ORDER 7 /* Byte order unknown */ ! 192: #define KDC_PR_UNKNOWN 8 /* Principal unknown */ ! 193: #define KDC_PR_N_UNIQUE 9 /* Principal not unique */ ! 194: #define KDC_NULL_KEY 10 /* Principal has null key */ ! 195: #define KDC_GEN_ERR 20 /* Generic error from KDC */ ! 196: ! 197: ! 198: /* Values returned by get_credentials */ ! 199: #define GC_OK 0 /* Retrieve OK */ ! 200: #define RET_OK 0 /* Retrieve OK */ ! 201: #define GC_TKFIL 21 /* Can't read ticket file */ ! 202: #define RET_TKFIL 21 /* Can't read ticket file */ ! 203: #define GC_NOTKT 22 /* Can't find ticket or TGT */ ! 204: #define RET_NOTKT 22 /* Can't find ticket or TGT */ ! 205: ! 206: ! 207: /* Values returned by mk_ap_req */ ! 208: #define MK_AP_OK 0 /* Success */ ! 209: #define MK_AP_TGTEXP 26 /* TGT Expired */ ! 210: ! 211: /* Values returned by rd_ap_req */ ! 212: #define RD_AP_OK 0 /* Request authentic */ ! 213: #define RD_AP_UNDEC 31 /* Can't decode authenticator */ ! 214: #define RD_AP_EXP 32 /* Ticket expired */ ! 215: #define RD_AP_NYV 33 /* Ticket not yet valid */ ! 216: #define RD_AP_REPEAT 34 /* Repeated request */ ! 217: #define RD_AP_NOT_US 35 /* The ticket isn't for us */ ! 218: #define RD_AP_INCON 36 /* Request is inconsistent */ ! 219: #define RD_AP_TIME 37 /* delta_t too big */ ! 220: #define RD_AP_BADD 38 /* Incorrect net address */ ! 221: #define RD_AP_VERSION 39 /* protocol version mismatch */ ! 222: #define RD_AP_MSG_TYPE 40 /* invalid msg type */ ! 223: #define RD_AP_MODIFIED 41 /* message stream modified */ ! 224: #define RD_AP_ORDER 42 /* message out of order */ ! 225: #define RD_AP_UNAUTHOR 43 /* unauthorized request */ ! 226: ! 227: /* Values returned by get_pw_tkt */ ! 228: #define GT_PW_OK 0 /* Got password changing tkt */ ! 229: #define GT_PW_NULL 51 /* Current PW is null */ ! 230: #define GT_PW_BADPW 52 /* Incorrect current password */ ! 231: #define GT_PW_PROT 53 /* Protocol Error */ ! 232: #define GT_PW_KDCERR 54 /* Error returned by KDC */ ! 233: #define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ ! 234: ! 235: ! 236: /* Values returned by send_to_kdc */ ! 237: #define SKDC_OK 0 /* Response received */ ! 238: #define SKDC_RETRY 56 /* Retry count exceeded */ ! 239: #define SKDC_CANT 57 /* Can't send request */ ! 240: ! 241: /* ! 242: * Values returned by get_intkt ! 243: * (can also return SKDC_* and KDC errors) ! 244: */ ! 245: ! 246: #define INTK_OK 0 /* Ticket obtained */ ! 247: #define INTK_W_NOTALL 61 /* Not ALL tickets returned */ ! 248: #define INTK_BADPW 62 /* Incorrect password */ ! 249: #define INTK_PROT 63 /* Protocol Error */ ! 250: #define INTK_ERR 70 /* Other error */ ! 251: ! 252: /* Values returned by get_adtkt */ ! 253: #define AD_OK 0 /* Ticket Obtained */ ! 254: #define AD_NOTGT 71 /* Don't have tgt */ ! 255: ! 256: /* Error codes returned by ticket file utilities */ ! 257: #define NO_TKT_FIL 76 /* No ticket file found */ ! 258: #define TKT_FIL_ACC 77 /* Couldn't access tkt file */ ! 259: #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ ! 260: #define TKT_FIL_FMT 79 /* Bad ticket file format */ ! 261: #define TKT_FIL_INI 80 /* tf_init not called first */ ! 262: ! 263: /* Error code returned by kparse_name */ ! 264: #define KNAME_FMT 81 /* Bad Kerberos name format */ ! 265: ! 266: /* Error code returned by krb_mk_safe */ ! 267: #define SAFE_PRIV_ERROR -1 /* syscall error */ ! 268: ! 269: /* ! 270: * macros for byte swapping; also scratch space ! 271: * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 ! 272: * u_long 0-->3, 1-->2, 2-->1, 3-->0 ! 273: * u_short 0-->1, 1-->0 ! 274: */ ! 275: ! 276: #define swap_u_16(x) {\ ! 277: unsigned long _krb_swap_tmp[4];\ ! 278: swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \ ! 279: swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \ ! 280: swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \ ! 281: swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \ ! 282: swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \ ! 283: swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \ ! 284: swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \ ! 285: swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \ ! 286: bcopy((char *)_krb_swap_tmp,(char *)x,16);\ ! 287: } ! 288: ! 289: #define swap_u_12(x) {\ ! 290: unsigned long _krb_swap_tmp[4];\ ! 291: swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \ ! 292: swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \ ! 293: swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \ ! 294: swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \ ! 295: swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \ ! 296: swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \ ! 297: bcopy((char *)_krb_swap_tmp,(char *)x,12);\ ! 298: } ! 299: ! 300: #define swap_C_Block(x) {\ ! 301: unsigned long _krb_swap_tmp[4];\ ! 302: swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \ ! 303: swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \ ! 304: swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \ ! 305: swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \ ! 306: bcopy((char *)_krb_swap_tmp,(char *)x,8);\ ! 307: } ! 308: #define swap_u_quad(x) {\ ! 309: unsigned long _krb_swap_tmp[4];\ ! 310: swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \ ! 311: swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \ ! 312: swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \ ! 313: swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \ ! 314: bcopy((char *)_krb_swap_tmp,(char *)&x,8);\ ! 315: } ! 316: ! 317: #define swap_u_long(x) {\ ! 318: unsigned long _krb_swap_tmp[4];\ ! 319: swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \ ! 320: swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \ ! 321: x = _krb_swap_tmp[0]; \ ! 322: } ! 323: ! 324: #define swap_u_short(x) {\ ! 325: unsigned short _krb_swap_sh_tmp; \ ! 326: swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \ ! 327: x = (unsigned short) _krb_swap_sh_tmp; \ ! 328: } ! 329: ! 330: /* Kerberos ticket flag field bit definitions */ ! 331: #define K_FLAG_ORDER 0 /* bit 0 --> lsb */ ! 332: #define K_FLAG_1 /* reserved */ ! 333: #define K_FLAG_2 /* reserved */ ! 334: #define K_FLAG_3 /* reserved */ ! 335: #define K_FLAG_4 /* reserved */ ! 336: #define K_FLAG_5 /* reserved */ ! 337: #define K_FLAG_6 /* reserved */ ! 338: #define K_FLAG_7 /* reserved, bit 7 --> msb */ ! 339: ! 340: #ifndef PC ! 341: char *tkt_string(); ! 342: #endif PC ! 343: ! 344: #ifdef OLDNAMES ! 345: #define krb_mk_req mk_ap_req ! 346: #define krb_rd_req rd_ap_req ! 347: #define krb_kntoln an_to_ln ! 348: #define krb_set_key set_serv_key ! 349: #define krb_get_cred get_credentials ! 350: #define krb_mk_priv mk_private_msg ! 351: #define krb_rd_priv rd_private_msg ! 352: #define krb_mk_safe mk_safe_msg ! 353: #define krb_rd_safe rd_safe_msg ! 354: #define krb_mk_err mk_appl_err_msg ! 355: #define krb_rd_err rd_appl_err_msg ! 356: #define krb_ck_repl check_replay ! 357: #define krb_get_pw_in_tkt get_in_tkt ! 358: #define krb_get_svc_in_tkt get_svc_in_tkt ! 359: #define krb_get_pw_tkt get_pw_tkt ! 360: #define krb_realmofhost krb_getrealm ! 361: #define krb_get_phost get_phost ! 362: #define krb_get_krbhst get_krbhst ! 363: #define krb_get_lrealm get_krbrlm ! 364: #endif OLDNAMES ! 365: ! 366: /* Defines for krb_sendauth and krb_recvauth */ ! 367: ! 368: #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ ! 369: #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ ! 370: ! 371: #define KOPT_DONT_CANON 0x00000004 /* ! 372: * don't canonicalize inst as ! 373: * a hostname ! 374: */ ! 375: ! 376: #define KRB_SENDAUTH_VLEN 8 /* length for version strings */ ! 377: ! 378: #ifdef ATHENA_COMPAT ! 379: #define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */ ! 380: #endif ATHENA_COMPAT ! 381: ! 382: #endif KRB_DEFS
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.