2 * $Id: krb.h,v 1.99 1999/11/16 14:02:47 bg Exp $
3 * $FreeBSD: src/crypto/kerberosIV/lib/krb/krb.h,v 1.6.2.2 2003/04/24 21:31:13 nectar Exp $
4 * $DragonFly: src/crypto/kerberosIV/lib/krb/Attic/krb.h,v 1.2 2003/06/17 04:24:36 dillon Exp $
6 * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
8 * For copying and distribution information, please see the file
11 * Include file for the Kerberos library.
14 #if !defined (__STDC__) && !defined(_MSC_VER)
19 #include <sys/types.h>
27 #if defined(__cplusplus)
28 #define __BEGIN_DECLS extern "C" {
29 #define __END_DECLS };
36 #if defined (__STDC__) || defined (_MSC_VER)
48 /* Need some defs from des.h */
49 #if !defined(NOPROTO) && !defined(__STDC__)
52 #ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
53 #define OPENSSL_DES_LIBDES_COMPATIBILITY
55 #include <openssl/des.h>
57 /* CNS compatibility ahead! */
59 #define KRB_INT32 int32_t
62 #define KRB_UINT32 u_int32_t
65 /* Global library variables. */
66 extern int krb_ignore_ip_address; /* To turn off IP address comparison */
67 extern int krb_no_long_lifetimes; /* To disable AFS compatible lifetimes */
69 #define HOST_BYTE_ORDER (* (char *) &krbONE)
72 extern int krb_ap_req_debug;
73 extern int krb_dns_debug;
76 /* Text describing error codes */
77 #define MAX_KRB_ERRORS 256
78 extern const char *krb_err_txt[MAX_KRB_ERRORS];
80 /* General definitions */
85 * Kerberos specific definitions
87 * KRBLOG is the log file for the kerberos master server. KRB_CONF is
88 * the configuration file where different host machines running master
89 * and slave servers can be found. KRB_MASTER is the name of the
90 * machine with the master database. The admin_server runs on this
91 * machine, and all changes to the db (as opposed to read-only
92 * requests, which can go to slaves) must go to it. KRB_HOST is the
93 * default machine * when looking for a kerberos slave server. Other
94 * possibilities are * in the KRB_CONF file. KRB_REALM is the name of
98 /* /etc/kerberosIV is only for backwards compatibility, don't use it! */
100 #define KRB_CONF "/etc/kerberosIV/krb.conf"
102 #ifndef KRB_RLM_TRANS
103 #define KRB_RLM_TRANS "/etc/kerberosIV/krb.realms"
105 #ifndef KRB_CNF_FILES
106 #define KRB_CNF_FILES { KRB_CONF, "/etc/krb.conf", 0}
108 #ifndef KRB_RLM_FILES
109 #define KRB_RLM_FILES { KRB_RLM_TRANS, "/etc/krb.realms", 0}
112 #define KRB_EQUIV "/etc/kerberosIV/krb.equiv"
114 #define KRB_MASTER "kerberos"
116 #define KRB_REALM (krb_get_default_realm())
119 /* The maximum sizes for aname, realm, sname, and instance +1 */
124 /* Leave space for quoting */
125 #define MAX_K_NAME_SZ (2*ANAME_SZ + 2*INST_SZ + 2*REALM_SZ - 3)
128 #define MSG_TYPE_SZ 1
129 #define DATE_SZ 26 /* RTI date output */
131 #define MAX_HSTNM 100 /* for compatibility */
133 typedef struct krb_principal{
135 char instance[INST_SZ];
136 char realm[REALM_SZ];
139 #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */
140 /* default lifetime for krb_mk_req & co., 10 hrs */
141 #define DEFAULT_TKT_LIFE 120
144 #define KRB_TICKET_GRANTING_TICKET "krbtgt"
146 /* Definition of text structure used to pass text around */
147 #define MAX_KTXT_LEN 1250
150 unsigned int length; /* Length of the text */
151 unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
152 u_int32_t mbz; /* zero to catch runaway strings */
155 typedef struct ktext *KTEXT;
156 typedef struct ktext KTEXT_ST;
159 /* Definitions for send_to_kdc */
160 #define CLIENT_KRB_TIMEOUT 4 /* default time between retries */
161 #define CLIENT_KRB_RETRY 5 /* retry this many times */
162 #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */
164 /* Definitions for ticket file utilities */
168 /* Parameters for rd_ap_req */
169 /* Maximum alloable clock skew in seconds */
170 #define CLOCK_SKEW 5*60
171 /* Filename for readservkey */
173 #define KEYFILE (krb_get_default_keyfile())
176 /* Structure definition for rd_ap_req */
179 unsigned char k_flags; /* Flags from ticket */
180 char pname[ANAME_SZ]; /* Principal's name */
181 char pinst[INST_SZ]; /* His Instance */
182 char prealm[REALM_SZ]; /* His Realm */
183 u_int32_t checksum; /* Data checksum (opt) */
184 des_cblock session; /* Session Key */
185 int life; /* Life of ticket */
186 u_int32_t time_sec; /* Time ticket issued */
187 u_int32_t address; /* Address in ticket */
188 KTEXT_ST reply; /* Auth reply (opt) */
191 typedef struct auth_dat AUTH_DAT;
193 /* Structure definition for credentials returned by get_cred */
196 char service[ANAME_SZ]; /* Service name */
197 char instance[INST_SZ]; /* Instance */
198 char realm[REALM_SZ]; /* Auth domain */
199 des_cblock session; /* Session key */
200 int lifetime; /* Lifetime */
201 int kvno; /* Key version number */
202 KTEXT_ST ticket_st; /* The ticket itself */
203 int32_t issue_date; /* The issue time */
204 char pname[ANAME_SZ]; /* Principal's name */
205 char pinst[INST_SZ]; /* Principal's instance */
208 typedef struct credentials CREDENTIALS;
210 /* Structure definition for rd_private_msg and rd_safe_msg */
213 unsigned char *app_data; /* pointer to appl data */
214 u_int32_t app_length; /* length of appl data */
215 u_int32_t hash; /* hash to lookup replay */
216 int swap; /* swap bytes? */
217 int32_t time_sec; /* msg timestamp seconds */
218 unsigned char time_5ms; /* msg timestamp 5ms units */
221 typedef struct msg_dat MSG_DAT;
226 enum krb_host_proto { PROTO_UDP, PROTO_TCP, PROTO_HTTP } proto;
231 /* Location of ticket file for save_cred and get_cred */
232 #define TKT_FILE tkt_string()
234 #define TKT_ROOT (krb_get_default_tkt_root())
237 /* Error codes returned from the KDC */
238 #define KDC_OK 0 /* Request OK */
239 #define KDC_NAME_EXP 1 /* Principal expired */
240 #define KDC_SERVICE_EXP 2 /* Service expired */
241 #define KDC_AUTH_EXP 3 /* Auth expired */
242 #define KDC_PKT_VER 4 /* Protocol version unknown */
243 #define KDC_P_MKEY_VER 5 /* Wrong master key version */
244 #define KDC_S_MKEY_VER 6 /* Wrong master key version */
245 #define KDC_BYTE_ORDER 7 /* Byte order unknown */
246 #define KDC_PR_UNKNOWN 8 /* Principal unknown */
247 #define KDC_PR_N_UNIQUE 9 /* Principal not unique */
248 #define KDC_NULL_KEY 10 /* Principal has null key */
249 #define KDC_GEN_ERR 20 /* Generic error from KDC */
252 /* Values returned by get_credentials */
253 #define GC_OK 0 /* Retrieve OK */
254 #define RET_OK 0 /* Retrieve OK */
255 #define GC_TKFIL 21 /* Can't read ticket file */
256 #define RET_TKFIL 21 /* Can't read ticket file */
257 #define GC_NOTKT 22 /* Can't find ticket or TGT */
258 #define RET_NOTKT 22 /* Can't find ticket or TGT */
261 /* Values returned by mk_ap_req */
262 #define MK_AP_OK 0 /* Success */
263 #define MK_AP_TGTEXP 26 /* TGT Expired */
265 /* Values returned by rd_ap_req */
266 #define RD_AP_OK 0 /* Request authentic */
267 #define RD_AP_UNDEC 31 /* Can't decode authenticator */
268 #define RD_AP_EXP 32 /* Ticket expired */
269 #define RD_AP_NYV 33 /* Ticket not yet valid */
270 #define RD_AP_REPEAT 34 /* Repeated request */
271 #define RD_AP_NOT_US 35 /* The ticket isn't for us */
272 #define RD_AP_INCON 36 /* Request is inconsistent */
273 #define RD_AP_TIME 37 /* delta_t too big */
274 #define RD_AP_BADD 38 /* Incorrect net address */
275 #define RD_AP_VERSION 39 /* protocol version mismatch */
276 #define RD_AP_MSG_TYPE 40 /* invalid msg type */
277 #define RD_AP_MODIFIED 41 /* message stream modified */
278 #define RD_AP_ORDER 42 /* message out of order */
279 #define RD_AP_UNAUTHOR 43 /* unauthorized request */
281 /* Values returned by get_pw_tkt */
282 #define GT_PW_OK 0 /* Got password changing tkt */
283 #define GT_PW_NULL 51 /* Current PW is null */
284 #define GT_PW_BADPW 52 /* Incorrect current password */
285 #define GT_PW_PROT 53 /* Protocol Error */
286 #define GT_PW_KDCERR 54 /* Error returned by KDC */
287 #define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */
290 /* Values returned by send_to_kdc */
291 #define SKDC_OK 0 /* Response received */
292 #define SKDC_RETRY 56 /* Retry count exceeded */
293 #define SKDC_CANT 57 /* Can't send request */
296 * Values returned by get_intkt
297 * (can also return SKDC_* and KDC errors)
300 #define INTK_OK 0 /* Ticket obtained */
301 #define INTK_W_NOTALL 61 /* Not ALL tickets returned */
302 #define INTK_BADPW 62 /* Incorrect password */
303 #define INTK_PROT 63 /* Protocol Error */
304 #define INTK_ERR 70 /* Other error */
306 /* Values returned by get_adtkt */
307 #define AD_OK 0 /* Ticket Obtained */
308 #define AD_NOTGT 71 /* Don't have tgt */
309 #define AD_INTR_RLM_NOTGT 72 /* Can't get inter-realm tgt */
311 /* Error codes returned by ticket file utilities */
312 #define NO_TKT_FIL 76 /* No ticket file found */
313 #define TKT_FIL_ACC 77 /* Couldn't access tkt file */
314 #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */
315 #define TKT_FIL_FMT 79 /* Bad ticket file format */
316 #define TKT_FIL_INI 80 /* tf_init not called first */
318 /* Error code returned by kparse_name */
319 #define KNAME_FMT 81 /* Bad Kerberos name format */
321 /* Error code returned by krb_mk_safe */
322 #define SAFE_PRIV_ERROR -1 /* syscall error */
324 /* Defines for krb_sendauth and krb_recvauth */
326 #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */
327 #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */
329 #define KOPT_DONT_CANON 0x00000004 /*
330 * don't canonicalize inst as
334 #define KOPT_IGNORE_PROTOCOL 0x0008
336 #define KRB_SENDAUTH_VLEN 8 /* length for version strings */
339 /* flags for krb_verify_user() */
340 #define KRB_VERIFY_NOT_SECURE 0
341 #define KRB_VERIFY_SECURE 1
342 #define KRB_VERIFY_SECURE_FAIL 2
344 extern char *krb4_version;
346 typedef int (*key_proc_t) __P((const char *name,
347 char *instance, /* INOUT parameter */
349 const void *password,
352 typedef int (*decrypt_proc_t) __P((const char *name,
353 const char *instance,
359 #include "krb-protos.h"
363 #endif /* __KRB_H__ */