Context Navigation

source: trunk/third/cns/src/include/krb_driver.h @ 8789

Visit:

Revision 8789, 11.8 KB checked in by ghudson, 28 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r8788, which included commits to RCS files with non-trunk default branches.

Line
1	/*
2	* KrbDriver.h -- Application interface for Kerberos Macintosh Client
3	* (A mac system extension)
4	*
5	* This interface can be used as is or it can be accessed at a
6	* higher level using a library interface (kerberos.h?).
7	*
8	* Set the compiler def KRB_DEFS if you are also including krb.h
9	* in your code (this is only necessary for building the driver itself).
10	*
11	* Copyright 1992 by Cornell University
12	* FIXME: What COPYRIGHT terms and conditions from Cornell?
13	*
14	* Initial coding 1/92 by Peter Bosanko.
15	* Merged into multi-platform source tree by Julia Menapace and
16	* John Gilmore, Cygnus Support, May 1994.
17	*/
18
19	#ifndef Krb_Driver_h
20	#define Krb_Driver_h
21
22	/* Driver control block status/control bits */
23
24	#define dNeedLock 0x4000
25	#define dStatEnable 0x0800
26	#define dCtlEnable 0x0400
27
28
29	/* csCodes for Control Calls */
30	enum cKrbcsCodes {
31	cKrbKillIO = 1,
32
33	/* Low level routines, here for compatability with Brown Driver */
34	cKrbGetLocalRealm,
35	cKrbSetLocalRealm,
36
37	/* return the name of the Kerberos realm for the host.
38	-> host Host name
39	-> uRealm pointer to buffer that will receive realm name
40	*/
41	cKrbGetRealm,
42
43	cKrbAddRealmMap,
44	cKrbDeleteRealmMap,
45
46	/* yields the Nth mapping of a net or host to a Kerberos realm
47	-> itemNumber which mapping, traditionally the first
48	-> host host or net
49	-> uRealm pointer to buffer that will receive realm name
50	*/
51	cKrbGetNthRealmMap,
52
53	cKrbGetNthServer,
54	cKrbAddServerMap,
55	cKrbDeleteServerMap,
56	cKrbGetNthServerMap,
57	cKrbGetNumSessions,
58	cKrbGetNthSession,
59	cKrbDeleteSession,
60	cKrbGetCredentials,
61	cKrbAddCredentials,
62	cKrbDeleteCredentials,
63	cKrbGetNumCredentials,
64	cKrbGetNthCredentials,
65
66	/* High Level routines */
67	cKrbDeleteAllSessions,
68	/* Removes all credentials from storage. The user will be asked to
69	enter user name and password the next time a ticket is requested */
70
71	cKrbGetTicketForService,
72	/* Gets a ticket and returns it to application in buf
73	-> service Formal Kerberos name of service
74	-> buf Buffer to receive ticket
75	-> checksum checksum for this service
76	<-> buflen length of ticket buffer (must be at least
77	1258 bytes)
78	<- sessionKey for internal use
79	<- schedule for internal use */
80
81	cKrbGetAuthForService,
82	/* Similiar to cKrbGetTicketForService except it builds a kerberos
83	"SendAuth" style request (with SendAuth and application version
84	numbers preceeding the actual ticket)
85	-> service Formal Kerberos name of service
86	-> buf Buffer to receive ticket
87	-> checksum checksum for this service
88	-> applicationVersion version number of the application (8 byte
89	string)
90	<-> buflen length of ticket buffer (must be at least
91	1258 bytes)
92	<- sessionKey for internal use
93	<- schedule for internal use */
94
95	/* Use the same krbHiParmBlock for the routines below that you
96	used to get the ticket for the service. That way the session
97	key and schedule will get passed back to the driver. */
98
99	cKrbCheckServiceResponse,
100	/* Use the return code from this call to determine if the client
101	is properly authenticated
102	-> buf points to the begining of the server response
103	-> buflen length of the server response
104	-> sessionKey this was returned from cKrbGetTicketForService
105	-> schedule "
106	-> checksum left over from cKrbGetTicketForService call
107	-> lAddr addresses used for service validation...
108	-> lPort "
109	-> fAddr "
110	-> fPort " */
111
112	cKrbEncrypt,
113	/* Encrypt stream, High level version of cKrbMakePrivate
114	-> buf points to the begining of stream buffer
115	-> buflen length of the stream buffer
116	-> sessionKey this was returned from cKrbGetTicketForService
117	-> schedule "
118	-> lAddr server uses addresses to confirm who we are...
119	-> lPort "
120	-> fAddr "
121	-> fPort "
122	-> encryptBuf output buffer, allow 26 more bytes than
123	input data
124	<- encryptLength actual length of output data */
125
126	cKrbDecrypt,
127	/* Decrypt stream, High level version of cKrbReadPrivate
128	-> buf points to the begining of stream buffer
129	-> buflen length of the stream buffer
130	-> sessionKey this was returned from cKrbGetTicketForService
131	-> schedule "
132	-> lAddr addresses used to confirm source of message...
133	-> lPort "
134	-> fAddr "
135	-> fPort "
136	<- decryptOffset offset in buf to beginning of application data
137	<- decryptLength actual length of decrypted data */
138
139	cKrbCacheInitialTicket,
140	/* Gets a ticket for the ticket granting service and optionally
141	another service that you specify.
142	This call always prompts the user for a password. The
143	ticket(s) are placed in the ticket cache but are not
144	returned. Use cKrbGetTicketForService to receive the
145	ticket. NOTE: This call is useful for getting a ticket for
146	the password changing service or any other service that
147	requires that the user be reauthenticated ( that needs an
148	initial ticket ).
149
150	-> service Formal Kerberos name of service
151	( NULL service is OK if you just want a
152	ticket granting ticket ) */
153
154	cKrbGetUserName,
155	/* Get the kerberos name of the user. If the user is not
156	logged in, returns error cKrbNotLoggedIn.
157
158	<- user Name that user typed in login dialog */
159
160	cKrbSetUserName,
161	/* Set the kerberos name of the user. If the user is logged
162	in, cKrbSetUserName logged the user out.
163
164	-> user Name that will be used as default in
165	login dialog */
166
167	cKrbSetPassword,
168	/* Sets the password which will be used the next time a
169	password is needed. This can be used to bypass the login
170	dialog. NOTE: Password is cleared from memory after it is
171	used once or whenever a cKrbSetUserName or cKrbDeleteAllSessions
172	call is made.
173	-> user contains password (of current user) */
174
175	cKrbGetDesPointers,
176	/* Returns a block of pointers to DES routines so the routines
177	can be called directly. */
178
179	/* Various routines added by Cygnus Mac kerberos driver interface */
180
181	cKrbKnameParse,
182	/*
183	takes a Kerberos name "fullname" of the form:
184	username[.instance][@realm] and returns the three components
185	("name", "instance", and "realm" in the example above) in the
186	given arguments. If successful, it returns KSUCCESS. If there
187	was an error, KNAME_FMT is returned. For proper operation, this
188	routine requires that the arguments be initialized, either
189	to null strings, or to default values of name, instance,
190	and realm. Low Call.
191	<- uName
192	<- uInstance
193	<- uRealm
194	-> fullname
195	*/
196
197	cKrbGetErrText,
198	/*
199	Given an error number returns the error text associated with
200	that error number. Low Call.
201	-> admin (the error number)
202	<- uName (the error text)
203	*/
204
205	cKrbGetPwInTkt,
206	/*
207	Takes the name of the server for which the initial ticket is to
208	be obtained, the name of the principal the ticket is for, the
209	desired lifetime of the ticket, and the user's password. It
210	gets the ticket, decrypts it using the password provided,
211	and stores it away for future use. It requires the caller to
212	supply a non-null password. Low Call.
213	-> uName
214	-> uInstance
215	-> uRealm
216	-> sName
217	-> sInstance
218	-> admin (ticket lifetime)
219	-> fullname (password)
220	*/
221
222	cKrbGetTfFullname,
223	/*
224	Given a ticket file name, return the principal's name, instance,
225	and realm. Currently there is only one tktfile/cache. Low Call.
226	<- uName
227	<- uInstance
228	-> fullname (ticket file/cache name)
229	*/
230
231	cKrbLAST_ONE};
232
233	/* Password changing service */
234
235	#define KRB_PASSWORD_SERVICE "changepw.kerberos"
236
237	/* Error codes */
238	enum cKrbErrs {
239	cKrbCorruptedFile = -1024, /* couldn't find a needed resource */
240	cKrbNoKillIO, /* can't killIO because all calls sync */
241	cKrbBadSelector, /* csCode passed doesn't select a
242	recognized function */
243	cKrbCantClose, /* we must always remain open */
244	cKrbMapDoesntExist, /* tried to access a map that doesn't exist
245	(index too large, or criteria doesn't
246	match anything) */
247	cKrbSessDoesntExist, /* tried to access session that doesn't exist */
248	cKrbCredsDontExist, /* tried to access creds that don't exist */
249	cKrbTCPunavailable, /* couldn't open MacTCP driver */
250	cKrbUserCancelled, /* user cancelled a log in operation */
251	cKrbConfigurationErr, /* Kerberos Preference file is not configured
252	properly */
253	cKrbServerRejected, /* A server rejected our ticket */
254	cKrbServerImposter, /* Server appears to be a phony */
255	cKrbServerRespIncomplete, /* Server response is not complete */
256	cKrbNotLoggedIn, /* Returned by cKrbGetUserName if user is
257	not logged in */
258	cKrbOldDriver, /* old version of the driver */
259
260	cKrbKerberosErrBlock = -20000 /* start block of 256 kerberos errors */
261	};
262
263	/* Parameter block for high level calls */
264	struct krbHiParmBlock {
265	/* full name -- combined service, instance, realm */
266	char *service;
267	char *buf;
268	unsigned long buflen;
269	long checksum;
270	unsigned long lAddr;
271	unsigned short lPort;
272	unsigned long fAddr;
273	unsigned short fPort;
274	unsigned long decryptOffset;
275	unsigned long decryptLength;
276	char *encryptBuf;
277	unsigned long encryptLength;
278	char applicationVersion; / Version string, must be
279	8 bytes long! */
280	char sessionKey[8]; /* for internal use */
281	char schedule[128]; /* for internal use */
282	char *user;
283	};
284
285	typedef struct krbHiParmBlock krbHiParmBlock;
286	typedef krbHiParmBlock *KrbParmPtr;
287	typedef KrbParmPtr *KrbParmHandle;
288
289	/* ********************************************************* */
290	/* The rest of these defs are for low level calls
291	/* ********************************************************* */
292	#ifndef KRB_DEFS
293	/* First some kerberos defs */
294
295	typedef unsigned char des_cblock[8]; /* crypto-block size */
296
297	/* Key schedule */
298	typedef struct des_ks_struct { des_cblock _; } des_key_schedule[16];
299
300	#define C_Block des_cblock
301	#define Key_schedule des_key_schedule
302
303	/* The maximum sizes for aname, realm, sname, and instance +1 */
304	#define ANAME_SZ 40
305	#define REALM_SZ 40
306	#define SNAME_SZ 40
307	#define INST_SZ 40
308
309	/* Definition of text structure used to pass text around */
310	#define MAX_KTXT_LEN 1250
311
312	struct ktext {
313	int length; /* Length of the text */
314	unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
315	unsigned long mbz; /* zero to catch runaway strings */
316	};
317
318	typedef struct ktext *KTEXT;
319	typedef struct ktext KTEXT_ST;
320
321	struct credentials {
322	char service[ANAME_SZ]; /* Service name */
323	char instance[INST_SZ]; /* Instance */
324	char realm[REALM_SZ]; /* Auth domain */
325	C_Block session; /* Session key */
326	int lifetime; /* Lifetime */
327	int kvno; /* Key version number */
328	KTEXT_ST ticket_st; /* The ticket itself */
329	long issue_date; /* The issue time */
330	char pname[ANAME_SZ]; /* Principal's name */
331	char pinst[INST_SZ]; /* Principal's instance */
332	};
333
334	typedef struct credentials CREDENTIALS;
335
336	/* Structure definition for rd_private_msg and rd_safe_msg */
337
338	struct msg_dat {
339	unsigned char app_data; / pointer to appl data */
340	unsigned long app_length; /* length of appl data */
341	unsigned long hash; /* hash to lookup replay */
342	int swap; /* swap bytes? */
343	long time_sec; /* msg timestamp seconds */
344	unsigned char time_5ms; /* msg timestamp 5ms units */
345	};
346
347	typedef struct msg_dat MSG_DAT;
348
349	#endif
350
351
352	/* Parameter block for low level calls */
353	struct krbParmBlock {
354	char *uName;
355	char *uInstance;
356	char uRealm; / also where local realm or mapping realm passed */
357	char *sName;
358	char *sInstance;
359	char *sRealm;
360	char host; / also netorhost */
361	int admin; /* isadmin, mustadmin */
362	int *itemNumber;
363	int adminReturn; / when it needs to be passed back */
364	CREDENTIALS *cred;
365	char fullname; / for kname_parse */
366	int result; /* general purpose integer return value */
367	};
368	typedef struct krbParmBlock krbParmBlock;
369
370	/*
371	* Mac_stubs.c exports a variable for communication with the Kerberos
372	* driver, for hardy souls using the driver interface.
373	*/
374	extern short mac_stubs_kdriver;
375	#endif /* Krb_Driver_h */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: