![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to krb.h CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / include|
Return to krb.h CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / include |
1.1 root 1: /*
2: * $Source: /usr/src/kerberosIV/src/include/RCS/krb.h,v $
3: * $Author: kfall $
4: * $Header: /usr/src/kerberosIV/src/include/RCS/krb.h,v 4.27 90/05/12 00:04:07 kfall Exp $
5: *
6: * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
7: *
8: * For copying and distribution information, please see the file
9: * <mit-copyright.h>.
10: *
11: * Include file for the Kerberos library.
12: */
13:
14: /* Only one time, please */
15: #ifndef KRB_DEFS
16: #define KRB_DEFS
17:
18: #ifdef ATHENA
19: #include <mit-copyright.h>
20:
21: /* Need some defs from des.h */
22: #include <des.h>
23: #endif
24:
25: /* Text describing error codes */
26: #define MAX_KRB_ERRORS 256
27: extern char *krb_err_txt[MAX_KRB_ERRORS];
28:
29: /* These are not defined for at least SunOS 3.3 and Ultrix 2.2 */
30: #if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)
31: #define FD_ZERO(p) ((p)->fds_bits[0] = 0)
32: #define FD_SET(n, p) ((p)->fds_bits[0] |= (1 << (n)))
33: #define FD_ISSET(n, p) ((p)->fds_bits[0] & (1 << (n)))
34: #endif /* ULTRIX022 || SunOS */
35:
36: /* General definitions */
37: #define KSUCCESS 0
38: #define KFAILURE 255
39:
40: #ifdef NO_UIDGID_T
41: typedef unsigned short uid_t;
42: typedef unsigned short gid_t;
43: #endif /* NO_UIDGID_T */
44:
45: /*
46: * Kerberos specific definitions
47: *
48: * KRBLOG is the log file for the kerberos master server. KRB_CONF is
49: * the configuration file where different host machines running master
50: * and slave servers can be found. KRB_MASTER is the name of the
51: * machine with the master database. The admin_server runs on this
52: * machine, and all changes to the db (as opposed to read-only
53: * requests, which can go to slaves) must go to it. KRB_HOST is the
54: * default machine * when looking for a kerberos slave server. Other
55: * possibilities are * in the KRB_CONF file. KRB_REALM is the name of
56: * the realm.
57: */
58:
59: #ifdef notdef
60: this is server - only, does not belong here;
61: #define KRBLOG "/etc/kerberosIV/kerberos.log"
62: are these used anyplace '?';
63: #define VX_KRB_HSTFILE "/etc/kerberosIV/krbhst"
64: #define PC_KRB_HSTFILE "\\kerberos\\krbhst"
65: #endif
66:
67: #define KRB_CONF "/etc/kerberosIV/krb.conf"
68: #define KRB_RLM_TRANS "/etc/kerberosIV/krb.realms"
69: #define KRB_MASTER "kerberos"
70: #define KRB_HOST KRB_MASTER
71: #define KRB_REALM "CS.BERKELEY.EDU"
72:
73: /* The maximum sizes for aname, realm, sname, and instance +1 */
74: #define ANAME_SZ 40
75: #define REALM_SZ 40
76: #define SNAME_SZ 40
77: #define INST_SZ 40
78: /* include space for '.' and '@' */
79: #define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
80: #define KKEY_SZ 100
81: #define VERSION_SZ 1
82: #define MSG_TYPE_SZ 1
83: #define DATE_SZ 26 /* RTI date output */
84:
85: #define MAX_HSTNM 100
86:
87: #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */
88: #define DEFAULT_TKT_LIFE 96 /* default lifetime for krb_mk_req
89: & co., 8 hrs */
90: #endif
91:
92: /* Definition of text structure used to pass text around */
93: #define MAX_KTXT_LEN 1250
94:
95: struct ktext {
96: int length; /* Length of the text */
97: unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
98: unsigned long mbz; /* zero to catch runaway strings */
99: };
100:
101: typedef struct ktext *KTEXT;
102: typedef struct ktext KTEXT_ST;
103:
104:
105: /* Definitions for send_to_kdc */
106: #define CLIENT_KRB_TIMEOUT 4 /* time between retries */
107: #define CLIENT_KRB_RETRY 5 /* retry this many times */
108: #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */
109:
110: /* Definitions for ticket file utilities */
111: #define R_TKT_FIL 0
112: #define W_TKT_FIL 1
113:
114: /* Definitions for cl_get_tgt */
115: #ifdef PC
116: #define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts"
117: #else
118: #define CL_GTGT_INIT_FILE "/etc/kerberosIV/k_in_tkts"
119: #endif PC
120:
121: /* Parameters for rd_ap_req */
122: /* Maximum alloable clock skew in seconds */
123: #define CLOCK_SKEW 5*60
124: /* Filename for readservkey */
125: #define KEYFILE "/etc/kerberosIV/srvtab"
126:
127: /* Structure definition for rd_ap_req */
128:
129: struct auth_dat {
130: unsigned char k_flags; /* Flags from ticket */
131: char pname[ANAME_SZ]; /* Principal's name */
132: char pinst[INST_SZ]; /* His Instance */
133: char prealm[REALM_SZ]; /* His Realm */
134: unsigned long checksum; /* Data checksum (opt) */
135: C_Block session; /* Session Key */
136: int life; /* Life of ticket */
137: unsigned long time_sec; /* Time ticket issued */
138: unsigned long address; /* Address in ticket */
139: KTEXT_ST reply; /* Auth reply (opt) */
140: };
141:
142: typedef struct auth_dat AUTH_DAT;
143:
144: /* Structure definition for credentials returned by get_cred */
145:
146: struct credentials {
147: char service[ANAME_SZ]; /* Service name */
148: char instance[INST_SZ]; /* Instance */
149: char realm[REALM_SZ]; /* Auth domain */
150: C_Block session; /* Session key */
151: int lifetime; /* Lifetime */
152: int kvno; /* Key version number */
153: KTEXT_ST ticket_st; /* The ticket itself */
154: long issue_date; /* The issue time */
155: char pname[ANAME_SZ]; /* Principal's name */
156: char pinst[INST_SZ]; /* Principal's instance */
157: };
158:
159: typedef struct credentials CREDENTIALS;
160:
161: /* Structure definition for rd_private_msg and rd_safe_msg */
162:
163: struct msg_dat {
164: unsigned char *app_data; /* pointer to appl data */
165: unsigned long app_length; /* length of appl data */
166: unsigned long hash; /* hash to lookup replay */
167: int swap; /* swap bytes? */
168: long time_sec; /* msg timestamp seconds */
169: unsigned char time_5ms; /* msg timestamp 5ms units */
170: };
171:
172: typedef struct msg_dat MSG_DAT;
173:
174:
175: /* Location of ticket file for save_cred and get_cred */
176: #ifdef PC
177: #define TKT_FILE "\\kerberos\\ticket.ses"
178: #else
179: #define TKT_FILE tkt_string()
180: #define TKT_ROOT "/tmp/tkt"
181: #endif PC
182:
183: /* Error codes returned from the KDC */
184: #define KDC_OK 0 /* Request OK */
185: #define KDC_NAME_EXP 1 /* Principal expired */
186: #define KDC_SERVICE_EXP 2 /* Service expired */
187: #define KDC_AUTH_EXP 3 /* Auth expired */
188: #define KDC_PKT_VER 4 /* Protocol version unknown */
189: #define KDC_P_MKEY_VER 5 /* Wrong master key version */
190: #define KDC_S_MKEY_VER 6 /* Wrong master key version */
191: #define KDC_BYTE_ORDER 7 /* Byte order unknown */
192: #define KDC_PR_UNKNOWN 8 /* Principal unknown */
193: #define KDC_PR_N_UNIQUE 9 /* Principal not unique */
194: #define KDC_NULL_KEY 10 /* Principal has null key */
195: #define KDC_GEN_ERR 20 /* Generic error from KDC */
196:
197:
198: /* Values returned by get_credentials */
199: #define GC_OK 0 /* Retrieve OK */
200: #define RET_OK 0 /* Retrieve OK */
201: #define GC_TKFIL 21 /* Can't read ticket file */
202: #define RET_TKFIL 21 /* Can't read ticket file */
203: #define GC_NOTKT 22 /* Can't find ticket or TGT */
204: #define RET_NOTKT 22 /* Can't find ticket or TGT */
205:
206:
207: /* Values returned by mk_ap_req */
208: #define MK_AP_OK 0 /* Success */
209: #define MK_AP_TGTEXP 26 /* TGT Expired */
210:
211: /* Values returned by rd_ap_req */
212: #define RD_AP_OK 0 /* Request authentic */
213: #define RD_AP_UNDEC 31 /* Can't decode authenticator */
214: #define RD_AP_EXP 32 /* Ticket expired */
215: #define RD_AP_NYV 33 /* Ticket not yet valid */
216: #define RD_AP_REPEAT 34 /* Repeated request */
217: #define RD_AP_NOT_US 35 /* The ticket isn't for us */
218: #define RD_AP_INCON 36 /* Request is inconsistent */
219: #define RD_AP_TIME 37 /* delta_t too big */
220: #define RD_AP_BADD 38 /* Incorrect net address */
221: #define RD_AP_VERSION 39 /* protocol version mismatch */
222: #define RD_AP_MSG_TYPE 40 /* invalid msg type */
223: #define RD_AP_MODIFIED 41 /* message stream modified */
224: #define RD_AP_ORDER 42 /* message out of order */
225: #define RD_AP_UNAUTHOR 43 /* unauthorized request */
226:
227: /* Values returned by get_pw_tkt */
228: #define GT_PW_OK 0 /* Got password changing tkt */
229: #define GT_PW_NULL 51 /* Current PW is null */
230: #define GT_PW_BADPW 52 /* Incorrect current password */
231: #define GT_PW_PROT 53 /* Protocol Error */
232: #define GT_PW_KDCERR 54 /* Error returned by KDC */
233: #define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */
234:
235:
236: /* Values returned by send_to_kdc */
237: #define SKDC_OK 0 /* Response received */
238: #define SKDC_RETRY 56 /* Retry count exceeded */
239: #define SKDC_CANT 57 /* Can't send request */
240:
241: /*
242: * Values returned by get_intkt
243: * (can also return SKDC_* and KDC errors)
244: */
245:
246: #define INTK_OK 0 /* Ticket obtained */
247: #define INTK_W_NOTALL 61 /* Not ALL tickets returned */
248: #define INTK_BADPW 62 /* Incorrect password */
249: #define INTK_PROT 63 /* Protocol Error */
250: #define INTK_ERR 70 /* Other error */
251:
252: /* Values returned by get_adtkt */
253: #define AD_OK 0 /* Ticket Obtained */
254: #define AD_NOTGT 71 /* Don't have tgt */
255:
256: /* Error codes returned by ticket file utilities */
257: #define NO_TKT_FIL 76 /* No ticket file found */
258: #define TKT_FIL_ACC 77 /* Couldn't access tkt file */
259: #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */
260: #define TKT_FIL_FMT 79 /* Bad ticket file format */
261: #define TKT_FIL_INI 80 /* tf_init not called first */
262:
263: /* Error code returned by kparse_name */
264: #define KNAME_FMT 81 /* Bad Kerberos name format */
265:
266: /* Error code returned by krb_mk_safe */
267: #define SAFE_PRIV_ERROR -1 /* syscall error */
268:
269: /*
270: * macros for byte swapping; also scratch space
271: * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0
272: * u_long 0-->3, 1-->2, 2-->1, 3-->0
273: * u_short 0-->1, 1-->0
274: */
275:
276: #define swap_u_16(x) {\
277: unsigned long _krb_swap_tmp[4];\
278: swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \
279: swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \
280: swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \
281: swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \
282: swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \
283: swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \
284: swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \
285: swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \
286: bcopy((char *)_krb_swap_tmp,(char *)x,16);\
287: }
288:
289: #define swap_u_12(x) {\
290: unsigned long _krb_swap_tmp[4];\
291: swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \
292: swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \
293: swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \
294: swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \
295: swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \
296: swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \
297: bcopy((char *)_krb_swap_tmp,(char *)x,12);\
298: }
299:
300: #define swap_C_Block(x) {\
301: unsigned long _krb_swap_tmp[4];\
302: swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \
303: swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \
304: swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \
305: swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \
306: bcopy((char *)_krb_swap_tmp,(char *)x,8);\
307: }
308: #define swap_u_quad(x) {\
309: unsigned long _krb_swap_tmp[4];\
310: swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \
311: swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \
312: swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \
313: swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \
314: bcopy((char *)_krb_swap_tmp,(char *)&x,8);\
315: }
316:
317: #define swap_u_long(x) {\
318: unsigned long _krb_swap_tmp[4];\
319: swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \
320: swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \
321: x = _krb_swap_tmp[0]; \
322: }
323:
324: #define swap_u_short(x) {\
325: unsigned short _krb_swap_sh_tmp; \
326: swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \
327: x = (unsigned short) _krb_swap_sh_tmp; \
328: }
329:
330: /* Kerberos ticket flag field bit definitions */
331: #define K_FLAG_ORDER 0 /* bit 0 --> lsb */
332: #define K_FLAG_1 /* reserved */
333: #define K_FLAG_2 /* reserved */
334: #define K_FLAG_3 /* reserved */
335: #define K_FLAG_4 /* reserved */
336: #define K_FLAG_5 /* reserved */
337: #define K_FLAG_6 /* reserved */
338: #define K_FLAG_7 /* reserved, bit 7 --> msb */
339:
340: #ifndef PC
341: char *tkt_string();
342: #endif PC
343:
344: #ifdef OLDNAMES
345: #define krb_mk_req mk_ap_req
346: #define krb_rd_req rd_ap_req
347: #define krb_kntoln an_to_ln
348: #define krb_set_key set_serv_key
349: #define krb_get_cred get_credentials
350: #define krb_mk_priv mk_private_msg
351: #define krb_rd_priv rd_private_msg
352: #define krb_mk_safe mk_safe_msg
353: #define krb_rd_safe rd_safe_msg
354: #define krb_mk_err mk_appl_err_msg
355: #define krb_rd_err rd_appl_err_msg
356: #define krb_ck_repl check_replay
357: #define krb_get_pw_in_tkt get_in_tkt
358: #define krb_get_svc_in_tkt get_svc_in_tkt
359: #define krb_get_pw_tkt get_pw_tkt
360: #define krb_realmofhost krb_getrealm
361: #define krb_get_phost get_phost
362: #define krb_get_krbhst get_krbhst
363: #define krb_get_lrealm get_krbrlm
364: #endif OLDNAMES
365:
366: /* Defines for krb_sendauth and krb_recvauth */
367:
368: #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */
369: #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */
370:
371: #define KOPT_DONT_CANON 0x00000004 /*
372: * don't canonicalize inst as
373: * a hostname
374: */
375:
376: #define KRB_SENDAUTH_VLEN 8 /* length for version strings */
377:
378: #ifdef ATHENA_COMPAT
379: #define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */
380: #endif ATHENA_COMPAT
381:
382: #endif KRB_DEFS
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.