2 * $Source: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/old_krb.h,v $
4 * $Header: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/old_krb.h,v 1.2 2001/12/04 02:06:06 rjs3 Exp $
6 * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
8 * For copying and distribution information, please see the file
11 * Include file for the Kerberos library.
14 #ifndef _KERBEROS_KRB_H
15 #define _KERBEROS_KRB_H
17 /* #pragma ident "@(#)krb.h 1.12 97/04/14 SMI" */
19 #include <kerberos/mit-copyright.h>
20 #include <kerberos/des.h>
26 /* Text describing error codes */
27 #define KRB_ERRORS_TABLE_SIZE 256
28 #define MAX_KRB_ERRORS (KRB_ERRORS_TABLE_SIZE-1)
29 extern char *krb_err_txt[KRB_ERRORS_TABLE_SIZE];
31 /* These are not defined for at least SunOS 3.3 and Ultrix 2.2 */
32 #if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)
33 #define FD_ZERO(p) ((p)->fds_bits[0] = 0)
34 #define FD_SET(n, p) ((p)->fds_bits[0] |= (1 << (n)))
35 #define FD_ISSET(n, p) ((p)->fds_bits[0] & (1 << (n)))
36 #endif /* ULTRIX022 || SunOS */
38 /* General definitions */
43 typedef unsigned short uid_t;
44 typedef unsigned short gid_t;
45 #endif /* NO_UIDGID_T */
48 * Kerberos specific definitions
50 * KRBLOG is the log file for the kerberos master server. KRB_CONF is
51 * the configuration file where different host machines running master
52 * and slave servers can be found. KRB_MASTER is the name of the
53 * machine with the master database. The admin_server runs on this
54 * machine, and all changes to the db (as opposed to read-only
55 * requests, which can go to slaves) must go to it. KRB_HOST is the
56 * default machine when looking for a kerberos slave server. Other
57 * possibilities are in the KRB_CONF file. KRB_REALM is the name of
62 this is server - only, does not belong here;
63 #define KRBLOG "/kerberos/kerberos.log"
64 are these used anyplace '?';
65 #define VX_KRB_HSTFILE "/etc/krbhst"
66 #define PC_KRB_HSTFILE "\\kerberos\\krbhst"
69 #define KRB_CONF "/etc/krb.conf"
70 #define KRB_RLM_TRANS "/etc/krb.realms"
71 #define KRB_MASTER "kerberos"
72 #define KRB_HOST KRB_MASTER
73 /* #define KRB_REALM "ATHENA.MIT.EDU" */
74 #define KRB_REALM krb_get_default_realm()
75 char *krb_get_default_realm();
78 /* defines for use with NIS service */
79 #define KRB_CONF_MAP "krb.conf" /* conf NIS map name */
80 #define KRB_REALM_DEFKEY "DEFAULT_REALM" /* key for default realm */
83 /* The maximum sizes for aname, realm, sname, and instance +1 */
88 /* include space for '.' and '@' */
89 #define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
93 #define DATE_SZ 26 /* RTI date output */
97 #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */
98 #define DEFAULT_TKT_LIFE 96 /* default lifetime for krb_mk_req */
102 /* Definition of text structure used to pass text around */
103 #define MAX_KTXT_LEN 1250
106 int length; /* Length of the text */
107 unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
108 unsigned long mbz; /* zero to catch runaway */
112 typedef struct ktext *KTEXT;
113 typedef struct ktext KTEXT_ST;
116 /* Definitions for send_to_kdc */
117 #define CLIENT_KRB_TIMEOUT 4 /* time between retries */
118 #define CLIENT_KRB_RETRY 5 /* retry this many times */
119 #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */
121 /* Definitions for ticket file utilities */
125 /* Definitions for cl_get_tgt */
127 #define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts"
129 #define CL_GTGT_INIT_FILE "/etc/k_in_tkts"
132 /* Parameters for rd_ap_req */
133 /* Maximum alloable clock skew in seconds */
134 #define CLOCK_SKEW 5*60
135 /* Filename for readservkey */
136 #define KEYFILE "/etc/srvtab"
138 /* Structure definition for rd_ap_req */
141 unsigned char k_flags; /* Flags from ticket */
142 char pname[ANAME_SZ]; /* Principal's name */
143 char pinst[INST_SZ]; /* His Instance */
144 char prealm[REALM_SZ]; /* His Realm */
145 unsigned long checksum; /* Data checksum (opt) */
146 C_Block session; /* Session Key */
147 int life; /* Life of ticket */
148 unsigned long time_sec; /* Time ticket issued */
149 unsigned long address; /* Address in ticket */
150 KTEXT_ST reply; /* Auth reply (opt) */
153 typedef struct auth_dat AUTH_DAT;
155 /* Structure definition for credentials returned by get_cred */
158 char service[ANAME_SZ]; /* Service name */
159 char instance[INST_SZ]; /* Instance */
160 char realm[REALM_SZ]; /* Auth domain */
161 C_Block session; /* Session key */
162 int lifetime; /* Lifetime */
163 int kvno; /* Key version number */
164 KTEXT_ST ticket_st; /* The ticket itself */
165 long issue_date; /* The issue time */
166 char pname[ANAME_SZ]; /* Principal's name */
167 char pinst[INST_SZ]; /* Principal's instance */
170 typedef struct credentials CREDENTIALS;
172 /* Structure definition for rd_private_msg and rd_safe_msg */
175 unsigned char *app_data; /* pointer to appl data */
176 unsigned long app_length; /* length of appl data */
177 unsigned long hash; /* hash to lookup replay */
178 int swap; /* swap bytes? */
179 long time_sec; /* msg timestamp seconds */
180 unsigned char time_5ms; /* msg timestamp 5ms units */
183 typedef struct msg_dat MSG_DAT;
186 /* Location of ticket file for save_cred and get_cred */
188 #define TKT_FILE "\\kerberos\\ticket.ses"
190 #define TKT_FILE tkt_string()
191 #define TKT_ROOT "/tmp/tkt"
194 /* Error codes returned from the KDC */
195 #define KDC_OK 0 /* Request OK */
196 #define KDC_NAME_EXP 1 /* Principal expired */
197 #define KDC_SERVICE_EXP 2 /* Service expired */
198 #define KDC_AUTH_EXP 3 /* Auth expired */
199 #define KDC_PKT_VER 4 /* Protocol version unknown */
200 #define KDC_P_MKEY_VER 5 /* Wrong master key version */
201 #define KDC_S_MKEY_VER 6 /* Wrong master key version */
202 #define KDC_BYTE_ORDER 7 /* Byte order unknown */
203 #define KDC_PR_UNKNOWN 8 /* Principal unknown */
204 #define KDC_PR_N_UNIQUE 9 /* Principal not unique */
205 #define KDC_NULL_KEY 10 /* Principal has null key */
206 #define KDC_GEN_ERR 20 /* Generic error from KDC */
209 /* Values returned by get_credentials */
210 #define GC_OK 0 /* Retrieve OK */
211 #define RET_OK 0 /* Retrieve OK */
212 #define GC_TKFIL 21 /* Can't read ticket file */
213 #define RET_TKFIL 21 /* Can't read ticket file */
214 #define GC_NOTKT 22 /* Can't find ticket or TGT */
215 #define RET_NOTKT 22 /* Can't find ticket or TGT */
218 /* Values returned by mk_ap_req */
219 #define MK_AP_OK 0 /* Success */
220 #define MK_AP_TGTEXP 26 /* TGT Expired */
222 /* Values returned by rd_ap_req */
223 #define RD_AP_OK 0 /* Request authentic */
224 #define RD_AP_UNDEC 31 /* Can't decode authenticator */
225 #define RD_AP_EXP 32 /* Ticket expired */
226 #define RD_AP_NYV 33 /* Ticket not yet valid */
227 #define RD_AP_REPEAT 34 /* Repeated request */
228 #define RD_AP_NOT_US 35 /* The ticket isn't for us */
229 #define RD_AP_INCON 36 /* Request is inconsistent */
230 #define RD_AP_TIME 37 /* delta_t too big */
231 #define RD_AP_BADD 38 /* Incorrect net address */
232 #define RD_AP_VERSION 39 /* protocol version mismatch */
233 #define RD_AP_MSG_TYPE 40 /* invalid msg type */
234 #define RD_AP_MODIFIED 41 /* message stream modified */
235 #define RD_AP_ORDER 42 /* message out of order */
236 #define RD_AP_UNAUTHOR 43 /* unauthorized request */
238 /* Values returned by get_pw_tkt */
239 #define GT_PW_OK 0 /* Got password changing tkt */
240 #define GT_PW_NULL 51 /* Current PW is null */
241 #define GT_PW_BADPW 52 /* Incorrect current password */
242 #define GT_PW_PROT 53 /* Protocol Error */
243 #define GT_PW_KDCERR 54 /* Error returned by KDC */
244 #define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */
247 /* Values returned by send_to_kdc */
248 #define SKDC_OK 0 /* Response received */
249 #define SKDC_RETRY 56 /* Retry count exceeded */
250 #define SKDC_CANT 57 /* Can't send request */
253 * Values returned by get_intkt
254 * (can also return SKDC_* and KDC errors)
257 #define INTK_OK 0 /* Ticket obtained */
258 #define INTK_W_NOTALL 61 /* Not ALL tickets returned */
259 #define INTK_BADPW 62 /* Incorrect password */
260 #define INTK_PROT 63 /* Protocol Error */
261 #define INTK_ERR 70 /* Other error */
263 /* Values returned by get_adtkt */
264 #define AD_OK 0 /* Ticket Obtained */
265 #define AD_NOTGT 71 /* Don't have tgt */
267 /* Error codes returned by ticket file utilities */
268 #define NO_TKT_FIL 76 /* No ticket file found */
269 #define TKT_FIL_ACC 77 /* Couldn't access tkt file */
270 #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */
271 #define TKT_FIL_FMT 79 /* Bad ticket file format */
272 #define TKT_FIL_INI 80 /* tf_init not called first */
274 /* Error code returned by kparse_name */
275 #define KNAME_FMT 81 /* Bad Kerberos name format */
277 /* Error code returned by krb_mk_safe */
278 #define SAFE_PRIV_ERROR -1 /* syscall error */
281 * macros for byte swapping; also scratch space
282 * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0
283 * u_long 0-->3, 1-->2, 2-->1, 3-->0
284 * u_short 0-->1, 1-->0
287 #define swap_u_16(x) {\
288 unsigned long _krb_swap_tmp[4]; \
289 swab(((char *)x) +0, ((char *)_krb_swap_tmp) +14, 2); \
290 swab(((char *)x) +2, ((char *)_krb_swap_tmp) +12, 2); \
291 swab(((char *)x) +4, ((char *)_krb_swap_tmp) +10, 2); \
292 swab(((char *)x) +6, ((char *)_krb_swap_tmp) +8, 2); \
293 swab(((char *)x) +8, ((char *)_krb_swap_tmp) +6, 2); \
294 swab(((char *)x) +10, ((char *)_krb_swap_tmp) +4, 2); \
295 swab(((char *)x) +12, ((char *)_krb_swap_tmp) +2, 2); \
296 swab(((char *)x) +14, ((char *)_krb_swap_tmp) +0, 2); \
297 memcpy((char *)x, (char *)_krb_swap_tmp, 16); \
300 #define swap_u_12(x) {\
301 unsigned long _krb_swap_tmp[4]; \
302 swab(((char *)x) +0, ((char *)_krb_swap_tmp) +10, 2); \
303 swab(((char *)x) +2, ((char *)_krb_swap_tmp) +8, 2); \
304 swab(((char *)x) +4, ((char *)_krb_swap_tmp) +6, 2); \
305 swab(((char *)x) +6, ((char *)_krb_swap_tmp) +4, 2); \
306 swab(((char *)x) +8, ((char *)_krb_swap_tmp) +2, 2); \
307 swab(((char *)x) +10, ((char *)_krb_swap_tmp) +0, 2); \
308 memcpy((char *)x, (char *)_krb_swap_tmp, 12); \
311 #define swap_C_Block(x) {\
312 unsigned long _krb_swap_tmp[4]; \
313 swab(((char *)x) +0, ((char *)_krb_swap_tmp) +6, 2); \
314 swab(((char *)x) +2, ((char *)_krb_swap_tmp) +4, 2); \
315 swab(((char *)x) +4, ((char *)_krb_swap_tmp) +2, 2); \
316 swab(((char *)x) +6, ((char *)_krb_swap_tmp) +0, 2); \
317 memcpy((char *)x, (char *)_krb_swap_tmp, 8); \
320 #define swap_u_quad(x) {\
321 unsigned long _krb_swap_tmp[4]; \
322 swab(((char *)&x) +0, ((char *)_krb_swap_tmp) +6, 2); \
323 swab(((char *)&x) +2, ((char *)_krb_swap_tmp) +4, 2); \
324 swab(((char *)&x) +4, ((char *)_krb_swap_tmp) +2, 2); \
325 swab(((char *)&x) +6, ((char *)_krb_swap_tmp) +0, 2); \
326 memcpy((char *)&x, (char *)_krb_swap_tmp, 8); \
329 #define swap_u_long(x) { \
330 unsigned long _krb_swap_tmp[4]; \
331 swab(((char *)&x) +0, ((char *)_krb_swap_tmp) +2, 2); \
332 swab(((char *)&x) +2, ((char *)_krb_swap_tmp) +0, 2); \
333 x = _krb_swap_tmp[0]; \
336 #define swap_u_short(x) {\
337 unsigned short _krb_swap_sh_tmp; \
338 swab(((char *)&x), (&_krb_swap_sh_tmp), 2); \
339 x = (unsigned short) _krb_swap_sh_tmp; \
342 /* Kerberos ticket flag field bit definitions */
343 #define K_FLAG_ORDER 0 /* bit 0 --> lsb */
344 #define K_FLAG_1 /* reserved */
345 #define K_FLAG_2 /* reserved */
346 #define K_FLAG_3 /* reserved */
347 #define K_FLAG_4 /* reserved */
348 #define K_FLAG_5 /* reserved */
349 #define K_FLAG_6 /* reserved */
350 #define K_FLAG_7 /* reserved, bit 7 --> msb */
357 * forward declartion otherwise need to include netinet/in.h
363 #define krb_mk_req mk_ap_req
364 #define krb_rd_req rd_ap_req
365 #define krb_kntoln an_to_ln
366 #define krb_set_key set_serv_key
367 #define krb_get_cred get_credentials
368 #define krb_mk_priv mk_private_msg
369 #define krb_rd_priv rd_private_msg
370 #define krb_mk_safe mk_safe_msg
371 #define krb_rd_safe rd_safe_msg
372 #define krb_mk_err mk_appl_err_msg
373 #define krb_rd_err rd_appl_err_msg
374 #define krb_ck_repl check_replay
375 #define krb_get_pw_in_tkt get_in_tkt
376 #define krb_get_svc_in_tkt get_svc_in_tkt
377 #define krb_get_pw_tkt get_pw_tkt
378 #define krb_realmofhost krb_getrealm
379 #define krb_get_phost get_phost
380 #define krb_get_krbhst get_krbhst
381 #define krb_get_lrealm get_krbrlm
384 extern int krb_mk_req(KTEXT, char *, char *, char *, long);
385 extern int krb_rd_req(KTEXT, char *, char *, long, AUTH_DAT *, char *);
386 extern int krb_kntoln(AUTH_DAT *, char *);
387 extern int krb_set_key(char *, int);
388 extern int krb_get_cred(char *, char *, char *, CREDENTIALS *);
389 extern long krb_mk_safe(unsigned char *, unsigned char *, unsigned long,
390 C_Block *, struct sockaddr_in *, struct sockaddr_in *);
391 extern long krb_rd_safe(unsigned char *, unsigned long, C_Block *,
392 struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *);
393 extern long krb_mk_err(unsigned char *, long, char *);
394 extern int krb_rd_err(unsigned char *, unsigned long, long *, MSG_DAT *);
395 extern char *krb_realmofhost(char *);
396 extern char *krb_get_phost(char *);
397 extern int krb_get_krbhst(char *, char *, int);
398 extern int krb_get_admhst(char *, char *, int);
399 extern int krb_get_lrealm(char *realm, int n);
400 extern int krb_sendauth(long, int, KTEXT, char *, char *, char *, unsigned long,
401 MSG_DAT *, CREDENTIALS *, Key_schedule, struct sockaddr_in *,
402 struct sockaddr_in *, char *);
403 extern int krb_recvauth(long, int, KTEXT, char *, char *,
404 struct sockaddr_in *, struct sockaddr_in *,
405 AUTH_DAT *, char *, Key_schedule, char *);
406 extern int krb_net_write(int, char *, int);
407 extern int krb_net_read(int, char *, int);
408 extern void krb_set_tkt_string(char *);
410 extern int krb_mk_req();
411 extern int krb_rd_req();
412 extern int krb_kntoln();
413 extern int krb_set_key();
414 extern int krb_get_cred();
415 extern long krb_mk_safe();
416 extern long krb_rd_safe();
417 extern long krb_mk_err();
418 extern int krb_rd_err();
419 extern char *krb_realmofhost();
420 extern char *krb_get_phost();
421 extern int krb_get_krbhst();
422 extern int krb_get_admhst();
423 extern int krb_get_lrealm();
424 extern int krb_sendauth();
425 extern int krb_recvauth();
426 extern int krb_net_write();
427 extern int krb_net_read();
428 extern void krb_set_tkt_string();
429 #endif /* __STDC__ */
430 #endif /* OLDNAMES */
432 /* Defines for krb_sendauth and krb_recvauth */
434 #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */
435 #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */
436 #define KOPT_DONT_CANON 0x00000004 /* don't canonicalize inst */
439 #define KRB_SENDAUTH_VLEN 8 /* length for version strings */
442 #define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */
443 #endif /* ATHENA_COMPAT */
449 #endif /* _KERBEROS_KRB_H */