diff options
| author | Thorsten Lockert <tholo@cvs.openbsd.org> | 1995-12-14 06:52:55 +0000 |
|---|---|---|
| committer | Thorsten Lockert <tholo@cvs.openbsd.org> | 1995-12-14 06:52:55 +0000 |
| commit | 8cf1f2a33575f93a2a1411591dea02dadfff25a0 (patch) | |
| tree | 546551ebd40f0dfbbb6016a6028d467641b4ed8b /kerberosIV/include | |
| parent | 02a248da23b192dd04bdb0fe2d61202086e9ceb3 (diff) | |
Kerberos IV code, based on a merge of fixed code from KTH and original
4.4BSD Lite code (international edition). Provides all functionality
from the original 4.4BSD code plus standard Kerberos elements that were
omitted in the 4.4BSD code.
Diffstat (limited to 'kerberosIV/include')
| -rw-r--r-- | kerberosIV/include/Makefile | 5 | ||||
| -rw-r--r-- | kerberosIV/include/adm_locl.h | 54 | ||||
| -rw-r--r-- | kerberosIV/include/kadm_locl.h | 86 | ||||
| -rw-r--r-- | kerberosIV/include/kadm_server.h | 57 | ||||
| -rw-r--r-- | kerberosIV/include/kdc.h | 32 | ||||
| -rw-r--r-- | kerberosIV/include/kerberosIV/Makefile | 18 | ||||
| -rw-r--r-- | kerberosIV/include/kerberosIV/acl.h | 15 | ||||
| -rw-r--r-- | kerberosIV/include/kerberosIV/com_err.h | 27 | ||||
| -rw-r--r-- | kerberosIV/include/kerberosIV/des.h | 86 | ||||
| -rw-r--r-- | kerberosIV/include/kerberosIV/kadm.h | 138 | ||||
| -rw-r--r-- | kerberosIV/include/kerberosIV/kafs.h | 47 | ||||
| -rw-r--r-- | kerberosIV/include/kerberosIV/kparse.h | 109 | ||||
| -rw-r--r-- | kerberosIV/include/kerberosIV/krb.h | 432 | ||||
| -rw-r--r-- | kerberosIV/include/kerberosIV/krb_db.h | 127 | ||||
| -rw-r--r-- | kerberosIV/include/kerberosIV/site.h | 46 | ||||
| -rw-r--r-- | kerberosIV/include/klog.h | 37 | ||||
| -rw-r--r-- | kerberosIV/include/kprop.h | 18 | ||||
| -rw-r--r-- | kerberosIV/include/kuser_locl.h | 19 | ||||
| -rw-r--r-- | kerberosIV/include/prot.h | 89 | ||||
| -rw-r--r-- | kerberosIV/include/slav_locl.h | 34 | ||||
| -rw-r--r-- | kerberosIV/include/ss/Makefile | 18 | ||||
| -rw-r--r-- | kerberosIV/include/ss/ss.h | 65 |
22 files changed, 1559 insertions, 0 deletions
diff --git a/kerberosIV/include/Makefile b/kerberosIV/include/Makefile new file mode 100644 index 00000000000..0edee405865 --- /dev/null +++ b/kerberosIV/include/Makefile @@ -0,0 +1,5 @@ +# $Id: Makefile,v 1.1 1995/12/14 06:52:34 tholo Exp $ + +SUBDIR= kerberosIV ss + +.include <bsd.subdir.mk> diff --git a/kerberosIV/include/adm_locl.h b/kerberosIV/include/adm_locl.h new file mode 100644 index 00000000000..3ddbf558b87 --- /dev/null +++ b/kerberosIV/include/adm_locl.h @@ -0,0 +1,54 @@ +/* $Id: adm_locl.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +/*- + * Copyright 1987, 1988 by the Student Information Processing Board + * of the Massachusetts Institute of Technology + * + * Permission to use, copy, modify, and distribute this software + * and its documentation for any purpose and without fee is + * hereby granted, provided that the above copyright notice + * appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, + * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be + * used in advertising or publicity pertaining to distribution + * of the software without specific, written prior permission. + * M.I.T. and the M.I.T. S.I.P.B. make no representations about + * the suitability of this software for any purpose. It is + * provided "as is" without express or implied warranty. + */ + +#ifndef __adm_locl_h +#define __adm_locl_h + +#define TRUE 1 +#define FALSE 0 + +#include <sys/cdefs.h> +#include <kerberosIV/site.h> + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include <sys/types.h> + +#include <sys/time.h> +#include <time.h> + +#include <unistd.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <signal.h> +#include <errno.h> + +#include <netinet/in.h> + +#include <kerberosIV/des.h> +#include <kerberosIV/krb.h> +#include <kerberosIV/krb_db.h> +#include "kdc.h" + +/* Utils */ +long maketime __P((struct tm *, int)); + +#endif /* __adm_locl_h */ diff --git a/kerberosIV/include/kadm_locl.h b/kerberosIV/include/kadm_locl.h new file mode 100644 index 00000000000..33e334abfb8 --- /dev/null +++ b/kerberosIV/include/kadm_locl.h @@ -0,0 +1,86 @@ +/* $Id: kadm_locl.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +/*- + * Copyright 1987, 1988 by the Student Information Processing Board + * of the Massachusetts Institute of Technology + * + * Permission to use, copy, modify, and distribute this software + * and its documentation for any purpose and without fee is + * hereby granted, provided that the above copyright notice + * appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, + * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be + * used in advertising or publicity pertaining to distribution + * of the software without specific, written prior permission. + * M.I.T. and the M.I.T. S.I.P.B. make no representations about + * the suitability of this software for any purpose. It is + * provided "as is" without express or implied warranty. + */ + +#include <sys/cdefs.h> +#include "kerberosIV/site.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <sys/types.h> + +#include <sys/time.h> +#include <time.h> + +#include <sys/stat.h> +#include <fcntl.h> + +#include <errno.h> +#include <signal.h> +#include <unistd.h> + +#include <sys/wait.h> +#include <pwd.h> + +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> + +#include <syslog.h> + +#include "kerberosIV/com_err.h" +#include <ss/ss.h> + +#include <kerberosIV/des.h> +#include <kerberosIV/krb.h> +#include "krb_err.h" +#include <kerberosIV/krb_db.h> +#include <kerberosIV/kadm.h> +#include "kadm_err.h" +#include "kerberosIV/acl.h" + +#include "kadm_server.h" + +/* GLOBALS */ +extern char *acldir; +extern Kadm_Server server_parm; + +/* Utils */ +int kadm_change __P((char *, char *, char *, des_cblock)); +int kadm_add_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *)); +int kadm_mod_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *, Kadm_vals *)); +int kadm_get_entry __P((char *, char *, char *, Kadm_vals *, u_char *, Kadm_vals *)); +int kadm_ser_cpw __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_add __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_mod __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_get __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_init __P((int inter, char realm[])); +int kadm_ser_in __P((u_char **, int *)); + +long maketime __P((struct tm *, int)); + +void change_password __P((int argc, char *argv[])); +void change_admin_password __P((int argc, char *argv[])); +void add_new_key __P((int argc, char *argv[])); +void get_entry __P((int argc, char *argv[])); +void mod_entry __P((int argc, char *argv[])); +void help __P((int argc, char *argv[])); +void clean_up __P((void)); +void quit __P((void)); diff --git a/kerberosIV/include/kadm_server.h b/kerberosIV/include/kadm_server.h new file mode 100644 index 00000000000..4d2fdb4e693 --- /dev/null +++ b/kerberosIV/include/kadm_server.h @@ -0,0 +1,57 @@ +/* $Id: kadm_server.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +/*- + * Copyright (C) 1989 by the Massachusetts Institute of Technology + * + * Export of this software from the United States of America is assumed + * to require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +/* + * Definitions for Kerberos administration server & client + */ + +#ifndef KADM_SERVER_DEFS +#define KADM_SERVER_DEFS + +/* + * kadm_server.h + * Header file for the fourth attempt at an admin server + * Doug Church, December 28, 1989, MIT Project Athena + * ps. Yes that means this code belongs to athena etc... + * as part of our ongoing attempt to copyright all greek names + */ + +#include <sys/types.h> +#include <kerberosIV/krb.h> +#include <kerberosIV/des.h> + +typedef struct { + struct sockaddr_in admin_addr; + struct sockaddr_in recv_addr; + int recv_addr_len; + int admin_fd; /* our link to clients */ + char sname[ANAME_SZ]; + char sinst[INST_SZ]; + char krbrlm[REALM_SZ]; + des_cblock master_key; + des_cblock session_key; + des_key_schedule master_key_schedule; + long master_key_version; +} Kadm_Server; + +#endif /* KADM_SERVER_DEFS */ diff --git a/kerberosIV/include/kdc.h b/kerberosIV/include/kdc.h new file mode 100644 index 00000000000..03c924c717d --- /dev/null +++ b/kerberosIV/include/kdc.h @@ -0,0 +1,32 @@ +/* $Id: kdc.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +/*- + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Include file for the Kerberos Key Distribution Center. + */ + +#ifndef KDC_DEFS +#define KDC_DEFS + +#define S_AD_SZ sizeof(struct sockaddr_in) + +#define max(a,b) (a>b ? a : b) +#define min(a,b) (a<b ? a : b) + +#define TRUE 1 +#define FALSE 0 + +#define KRB_PROG "./kerberos" + +#define ONE_MINUTE 60 +#define FIVE_MINUTES (5 * ONE_MINUTE) +#define ONE_HOUR (60 * ONE_MINUTE) +#define ONE_DAY (24 * ONE_HOUR) +#define THREE_DAYS (3 * ONE_DAY) + +#endif /* KDC_DEFS */ + diff --git a/kerberosIV/include/kerberosIV/Makefile b/kerberosIV/include/kerberosIV/Makefile new file mode 100644 index 00000000000..1e9452aa870 --- /dev/null +++ b/kerberosIV/include/kerberosIV/Makefile @@ -0,0 +1,18 @@ +# $Id: Makefile,v 1.1 1995/12/14 06:52:35 tholo Exp $ + +FILES= acl.h com_err.h des.h kadm.h kafs.h kparse.h krb.h krb_db.h site.h +NOOBJ= noobj + +all include clean cleandir depend lint tags: + +realinstall: + @echo installing ${FILES} + @-for i in ${FILES}; do \ + cmp -s $$i ${DESTDIR}/usr/include/kerberosIV/$$i || \ + install -c -m 444 $$i ${DESTDIR}/usr/include/kerberosIV/$$i; \ + done + +beforeinstall: + install -d -o ${BINOWN} -g ${BINGRP} -m 755 ${DESTDIR}/usr/include/kerberosIV + +.include <bsd.prog.mk> diff --git a/kerberosIV/include/kerberosIV/acl.h b/kerberosIV/include/kerberosIV/acl.h new file mode 100644 index 00000000000..652add4e004 --- /dev/null +++ b/kerberosIV/include/kerberosIV/acl.h @@ -0,0 +1,15 @@ +/* $Id: acl.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +#ifndef __ACL_H +#define __ACL_H + +#include <sys/cdefs.h> + +void acl_canonicalize_principal __P((char *principal, char *canon)); +int acl_initialize __P((char *acl_file, int perm)); +int acl_exact_match __P((char *acl, char *principal)); +int acl_check __P((char *acl, char *principal)); +int acl_add __P((char *acl, char *principal)); +int acl_delete __P((char *acl, char *principal)); + +#endif /* __ACL_H */ diff --git a/kerberosIV/include/kerberosIV/com_err.h b/kerberosIV/include/kerberosIV/com_err.h new file mode 100644 index 00000000000..e5dcd0c4aad --- /dev/null +++ b/kerberosIV/include/kerberosIV/com_err.h @@ -0,0 +1,27 @@ +/* $Id: com_err.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +/*- + * Header file for common error description library. + * + * Copyright 1988, Student Information Processing Board of the + * Massachusetts Institute of Technology. + * + * For copyright and distribution info, see the documentation supplied + * with this package. + */ + +#ifndef __COM_ERR_H +#define __COM_ERR_H + +#include <stdarg.h> + +/* ANSI C -- use prototypes etc */ +void com_err __P((const char *, long, const char *, ...)); +char const *error_message __P((long)); +void (*com_err_hook) __P((const char *, long, const char *, va_list)); +void (*set_com_err_hook __P((void (*) (const char *, long, const char *, va_list)))) + __P((const char *, long, const char *, va_list)); +void (*reset_com_err_hook __P((void))) + __P((const char *, long, const char *, va_list)); + +#endif /* ! defined(__COM_ERR_H) */ diff --git a/kerberosIV/include/kerberosIV/des.h b/kerberosIV/include/kerberosIV/des.h new file mode 100644 index 00000000000..da488af0e23 --- /dev/null +++ b/kerberosIV/include/kerberosIV/des.h @@ -0,0 +1,86 @@ +/* $Id: des.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +/* Copyright (C) 1993 Eric Young - see README for more details */ +#ifndef DES_DEFS +#define DES_DEFS + +#include <sys/cdefs.h> +#include <sys/types.h> + +typedef unsigned char des_cblock[8]; +typedef struct des_ks_struct { + union { + des_cblock _; + /* make sure things are correct size on machines with + * 8 byte longs */ + u_int32_t pad[2]; + } ks; +#define _ ks._ +} des_key_schedule[16]; + +#define DES_KEY_SZ (sizeof(des_cblock)) +#define DES_ENCRYPT 1 +#define DES_DECRYPT 0 + +#define DES_CBC_MODE 0 +#define DES_PCBC_MODE 1 + +#if !defined(NCOMPAT) +#define C_Block des_cblock +#define Key_schedule des_key_schedule +#define ENCRYPT DES_ENCRYPT +#define DECRYPT DES_DECRYPT +#define KEY_SZ DES_KEY_SZ +#define string_to_key des_string_to_key +#define read_pw_string des_read_pw_string +#define random_key des_random_key +#define pcbc_encrypt des_pcbc_encrypt +#define set_key des_set_key +#define key_sched des_key_sched +#define ecb_encrypt des_ecb_encrypt +#define cbc_encrypt des_cbc_encrypt +#define cbc_cksum des_cbc_cksum +#define quad_cksum des_quad_cksum + +/* For compatibility with the MIT lib - eay 20/05/92 */ +typedef struct des_ks_struct bit_64; +#endif + +extern int des_check_key; /* defaults to false */ +extern int des_rw_mode; /* defaults to DES_PCBC_MODE */ + +int des_3ecb_encrypt __P((des_cblock *input,des_cblock *output,des_key_schedule ks1,des_key_schedule ks2,int encrypt)); +int des_3cbc_encrypt __P((des_cblock *input,des_cblock *output,long length,des_key_schedule sk1,des_key_schedule sk2,des_cblock *ivec1,des_cblock *ivec2,int encrypt)); +u_int32_t des_cbc_cksum __P((des_cblock *input,des_cblock *output,long length,des_key_schedule schedule,des_cblock *ivec)); +int des_cbc_encrypt __P((des_cblock *input,des_cblock *output,long length,des_key_schedule schedule,des_cblock *ivec,int encrypt)); +int des_cfb_encrypt __P((unsigned char *in,unsigned char *out,int numbits,long length,des_key_schedule schedule,des_cblock *ivec,int encrypt)); +int des_ecb_encrypt __P((des_cblock *input,des_cblock *output,des_key_schedule ks,int encrypt)); +int des_encrypt __P((u_int32_t *input,u_int32_t *output,des_key_schedule ks, int encrypt)); +int des_enc_read __P((int fd,char *buf,int len,des_key_schedule sched,des_cblock *iv)); +int des_enc_write __P((int fd,char *buf,int len,des_key_schedule sched,des_cblock *iv)); +int des_ofb_encrypt __P((unsigned char *in,unsigned char *out,int numbits,long length,des_key_schedule schedule,des_cblock *ivec)); +int des_pcbc_encrypt __P((des_cblock *input,des_cblock *output,long length,des_key_schedule schedule,des_cblock *ivec,int encrypt)); + +void des_set_odd_parity __P((des_cblock *key)); +int des_is_weak_key __P((des_cblock *key)); +int des_set_key __P((des_cblock *key,des_key_schedule schedule)); +int des_key_sched __P((des_cblock *key,des_key_schedule schedule)); + +int des_string_to_key __P((char *str,des_cblock *key)); +int des_string_to_2keys __P((char *str,des_cblock *key1,des_cblock *key2)); + +void des_set_random_generator_seed __P((des_cblock *seed)); +int des_new_random_key __P((des_cblock *key)); +void des_init_random_number_generator __P((des_cblock *seed)); +void des_random_key __P((des_cblock ret)); +int des_read_password __P((des_cblock *key,char *prompt,int verify)); +int des_read_2passwords __P((des_cblock *key1,des_cblock *key2,char *prompt,int verify)); +int des_read_pw_string __P((char *buf,int length,char *prompt,int verify)); + +u_int32_t des_quad_cksum __P((des_cblock *input,des_cblock *output,long length,int out_count,des_cblock *seed)); + +/* MIT Link and source compatibility */ +void des_fixup_key_parity __P((des_cblock *key)); +#define des_fixup_key_parity des_set_odd_parity + +#endif /* DES_DEFS */ diff --git a/kerberosIV/include/kerberosIV/kadm.h b/kerberosIV/include/kerberosIV/kadm.h new file mode 100644 index 00000000000..5098c390ca2 --- /dev/null +++ b/kerberosIV/include/kerberosIV/kadm.h @@ -0,0 +1,138 @@ +/* $Id: kadm.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +/*- + * Copyright 1987, 1988 by the Student Information Processing Board + * of the Massachusetts Institute of Technology + * + * Permission to use, copy, modify, and distribute this software + * and its documentation for any purpose and without fee is + * hereby granted, provided that the above copyright notice + * appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, + * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be + * used in advertising or publicity pertaining to distribution + * of the software without specific, written prior permission. + * M.I.T. and the M.I.T. S.I.P.B. make no representations about + * the suitability of this software for any purpose. It is + * provided "as is" without express or implied warranty. + */ + +/* + * Definitions for Kerberos administration server & client + */ + +#ifndef KADM_DEFS +#define KADM_DEFS + +/* + * kadm.h + * Header file for the fourth attempt at an admin server + * Doug Church, December 28, 1989, MIT Project Athena + */ + +/* The global structures for the client and server */ +typedef struct { + struct sockaddr_in admin_addr; + struct sockaddr_in my_addr; + int my_addr_len; + int admin_fd; /* file descriptor for link to admin server */ + char sname[ANAME_SZ]; /* the service name */ + char sinst[INST_SZ]; /* the services instance */ + char krbrlm[REALM_SZ]; +} Kadm_Client; + +typedef struct { /* status of the server, i.e the parameters */ + int inter; /* Space for command line flags */ + char *sysfile; /* filename of server */ +} admin_params; /* Well... it's the admin's parameters */ + +/* Largest password length to be supported */ +#define MAX_KPW_LEN 128 + +/* Largest packet the admin server will ever allow itself to return */ +#define KADM_RET_MAX 2048 + +/* That's right, versions are 8 byte strings */ +#define KADM_VERSTR "KADM0.0A" +#define KADM_ULOSE "KYOULOSE" /* sent back when server can't + decrypt client's msg */ +#define KADM_VERSIZE strlen(KADM_VERSTR) + +/* the lookups for the server instances */ +#define PWSERV_NAME "changepw" +#define KADM_SNAME "kerberos_master" +#define KADM_SINST "kerberos" + +/* Attributes fields constants and macros */ +#define ALLOC 2 +#define RESERVED 3 +#define DEALLOC 4 +#define DEACTIVATED 5 +#define ACTIVE 6 + +/* Kadm_vals structure for passing db fields into the server routines */ +#define FLDSZ 4 + +typedef struct { + u_int8_t fields[FLDSZ]; /* The active fields in this struct */ + char name[ANAME_SZ]; + char instance[INST_SZ]; + u_int32_t key_low; + u_int32_t key_high; + u_int32_t exp_date; + u_int16_t attributes; + u_int8_t max_life; +} Kadm_vals; /* The basic values structure in Kadm */ + +/* Kadm_vals structure for passing db fields into the server routines */ +#define FLDSZ 4 + +/* Need to define fields types here */ +#define KADM_NAME 31 +#define KADM_INST 30 +#define KADM_EXPDATE 29 +#define KADM_ATTR 28 +#define KADM_MAXLIFE 27 +#define KADM_DESKEY 26 + +/* To set a field entry f in a fields structure d */ +#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8))) + +/* To set a field entry f in a fields structure d */ +#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8)))) + +/* Is field f in fields structure d */ +#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8))) + +/* Various return codes */ +#define KADM_SUCCESS 0 + +#define WILDCARD_STR "*" + +enum acl_types { +ADDACL, +GETACL, +MODACL +}; + +/* Various opcodes for the admin server's functions */ +#define CHANGE_PW 2 +#define ADD_ENT 3 +#define MOD_ENT 4 +#define GET_ENT 5 + +void prin_vals __P((Kadm_vals *)); +int stv_long __P((u_char *, u_int32_t *, int, int)); + +int stream_to_vals __P((u_char *, Kadm_vals *, int)); +int vals_to_stream __P((Kadm_vals *, u_char **)); + +int kadm_init_link __P((char *, char *, char *)); +int kadm_change_pw __P((unsigned char *)); +int kadm_mod __P((Kadm_vals *, Kadm_vals *)); +int kadm_get __P((Kadm_vals *, u_char *)); +int kadm_add __P((Kadm_vals *)); +void kadm_vals_to_prin __P((u_char *, Principal *, Kadm_vals *)); +void kadm_prin_to_vals __P((u_char *, Kadm_vals *, Principal *)); + +#endif /* KADM_DEFS */ diff --git a/kerberosIV/include/kerberosIV/kafs.h b/kerberosIV/include/kerberosIV/kafs.h new file mode 100644 index 00000000000..d085e8f98ad --- /dev/null +++ b/kerberosIV/include/kerberosIV/kafs.h @@ -0,0 +1,47 @@ +/* $Id: kafs.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +#ifndef __KAFS_H +#define __KAFS_H + +#define AFSCALL_PIOCTL 20 +#define AFSCALL_SETPAG 21 + +#ifndef _VICEIOCTL +#if defined(__STDC__) || defined(sgi) +#define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl)) +#else +#define _VICEIOCTL(id) ((unsigned int ) _IOW(V, id, struct ViceIoctl)) +#endif +#endif /* _VICEIOCTL */ + +#define VIOCSETTOK _VICEIOCTL(3) +#define VIOCUNLOG _VICEIOCTL(9) + +struct ViceIoctl { + caddr_t in, out; + short in_size; + short out_size; +}; + +struct ClearToken { + int32_t AuthHandle; + char HandShakeKey[8]; + int32_t ViceId; + int32_t BeginTimestamp; + int32_t EndTimestamp; +}; + +/* Use k_hasafs() to probe if the machine supports AFS syscalls. + The other functions will generate a SIGSYS if AFS is not supported */ + +int k_hasafs __P((void)); + +int k_afsklog __P((char *realm)); +int k_pioctl __P((char *a_path, + int o_opcode, + struct ViceIoctl *a_paramsP, + int a_followSymlinks)); +int k_unlog __P((void)); +int k_setpag __P((void)); + +#endif /* __KAFS_H */ diff --git a/kerberosIV/include/kerberosIV/kparse.h b/kerberosIV/include/kerberosIV/kparse.h new file mode 100644 index 00000000000..3c8effc46a2 --- /dev/null +++ b/kerberosIV/include/kerberosIV/kparse.h @@ -0,0 +1,109 @@ +/* $Id: kparse.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +/*- + * Copyright 1987, 1988 by the Student Information Processing Board + * of the Massachusetts Institute of Technology + * + * Permission to use, copy, modify, and distribute this software + * and its documentation for any purpose and without fee is + * hereby granted, provided that the above copyright notice + * appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, + * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be + * used in advertising or publicity pertaining to distribution + * of the software without specific, written prior permission. + * M.I.T. and the M.I.T. S.I.P.B. make no representations about + * the suitability of this software for any purpose. It is + * provided "as is" without express or implied warranty. + */ + +/* + * Include file for kparse routines. + */ + +#ifndef KPARSE_DEFS +#define KPARSE_DEFS + +/* + * values returned by fGetParameterSet() + */ + +#define PS_BAD_KEYWORD -2 /* unknown or duplicate keyword */ +#define PS_SYNTAX -1 /* syntax error */ +#define PS_OKAY 0 /* got a complete parameter set */ +#define PS_EOF 1 /* nothing more in the file */ + +/* + * values returned by fGetKeywordValue() + */ + +#define KV_SYNTAX -2 /* syntax error */ +#define KV_EOF -1 /* nothing more in the file */ +#define KV_OKAY 0 /* got a keyword/value pair */ +#define KV_EOL 1 /* nothing more on this line */ + +/* + * values returned by fGetToken() + */ + +#define GTOK_BAD_QSTRING -1 /* newline found in quoted string */ +#define GTOK_EOF 0 /* end of file encountered */ +#define GTOK_QSTRING 1 /* quoted string */ +#define GTOK_STRING 2 /* unquoted string */ +#define GTOK_NUMBER 3 /* one or more digits */ +#define GTOK_PUNK 4 /* punks are punctuation, newline, + * etc. */ +#define GTOK_WHITE 5 /* one or more whitespace chars */ + +/* + * extended character classification macros + */ + +#define ISOCTAL(CH) ( (CH>='0') && (CH<='7') ) +#define ISQUOTE(CH) ( (CH=='\"') || (CH=='\'') || (CH=='`') ) +#define ISWHITESPACE(C) ( (C==' ') || (C=='\t') ) +#define ISLINEFEED(C) ( (C=='\n') || (C=='\r') || (C=='\f') ) + +/* + * tokens consist of any printable charcacter except comma, equal, or + * whitespace + */ + +#define ISTOKENCHAR(C) ((C>040) && (C<0177) && (C != ',') && (C != '=')) + +/* + * the parameter table defines the keywords that will be recognized by + * fGetParameterSet, and their default values if not specified. + */ + +typedef struct { + char *keyword; + char *defvalue; + char *value; +} parmtable; + +#define PARMCOUNT(P) (sizeof(P)/sizeof(P[0])) + +extern int LineNbr; /* current line # in parameter file */ + +extern char ErrorMsg[]; /* + * meaningful only when KV_SYNTAX, + * PS_SYNTAX, or PS_BAD_KEYWORD is + * returned by fGetKeywordValue or + * fGetParameterSet + */ + +#include <stdio.h> + +int fGetParameterSet __P((FILE *fp, parmtable *parm, int parmcount)); +int ParmCompare __P((parmtable *parm, int parmcount, char *keyword, char *value)); +void FreeParameterSet __P((parmtable *parm, int parmcount)); +int fGetKeywordValue __P((FILE *fp, char *keyword, int klen, char *value, int vlen)); +int fGetToken __P((FILE *fp, char *dest, int maxlen)); +int fGetLiteral __P((FILE *fp)); +int fUngetChar __P((int ch, FILE *fp)); +int fGetChar __P((FILE *fp)); +char * strsave __P((char *p)); +char * strutol __P((char *start)); + +#endif /* KPARSE_DEFS */ diff --git a/kerberosIV/include/kerberosIV/krb.h b/kerberosIV/include/kerberosIV/krb.h new file mode 100644 index 00000000000..fb5b9ca4498 --- /dev/null +++ b/kerberosIV/include/kerberosIV/krb.h @@ -0,0 +1,432 @@ +/* $Id: krb.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +/*- + * Copyright 1987, 1988 by the Student Information Processing Board + * of the Massachusetts Institute of Technology + * + * Permission to use, copy, modify, and distribute this software + * and its documentation for any purpose and without fee is + * hereby granted, provided that the above copyright notice + * appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, + * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be + * used in advertising or publicity pertaining to distribution + * of the software without specific, written prior permission. + * M.I.T. and the M.I.T. S.I.P.B. make no representations about + * the suitability of this software for any purpose. It is + * provided "as is" without express or implied warranty. + */ + +/* + * Include file for the Kerberos library. + */ + +/* Only one time, please */ +#ifndef KRB_DEFS +#define KRB_DEFS + +#include <sys/cdefs.h> +#include <sys/types.h> + +/* Include site.h file to define paths */ +#include <kerberosIV/site.h> + +/* Need some defs from des.h */ +#include <kerberosIV/des.h> + +/* Global library variables. */ +extern int krbONE; +#define HOST_BYTE_ORDER (* (char *) &krbONE) +extern int private_msg_ver; /* in rd_priv.c */ +extern int req_act_vno; /* this is defined in the kerberos server code */ + + +/* Text describing error codes */ +#define MAX_KRB_ERRORS 256 +extern const char *krb_err_txt[MAX_KRB_ERRORS]; + +/* General definitions */ +#define KSUCCESS 0 +#define KFAILURE 255 + +/* + * Kerberos specific definitions + * + * KRBLOG is the log file for the kerberos master server. KRB_CONF is + * the configuration file where different host machines running master + * and slave servers can be found. KRB_MASTER is the name of the + * machine with the master database. The admin_server runs on this + * machine, and all changes to the db (as opposed to read-only + * requests, which can go to slaves) must go to it. KRB_HOST is the + * default machine * when looking for a kerberos slave server. Other + * possibilities are * in the KRB_CONF file. KRB_REALM is the name of + * the realm. + */ + +/* The maximum sizes for aname, realm, sname, and instance +1 */ +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 +/* include space for '.' and '@' */ +#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2) +#define KKEY_SZ 100 +#define VERSION_SZ 1 +#define MSG_TYPE_SZ 1 +#define DATE_SZ 26 /* RTI date output */ + +#define MAX_HSTNM 100 + +#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ +/* default lifetime for krb_mk_req & co., 10 hrs */ +#define DEFAULT_TKT_LIFE 120 +#endif + +/* Definition of text structure used to pass text around */ +#define MAX_KTXT_LEN 1250 + +struct ktext { + int length; /* Length of the text */ + unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ + u_int32_t mbz; /* zero to catch runaway strings */ +}; + +typedef struct ktext *KTEXT; +typedef struct ktext KTEXT_ST; + + +/* Definitions for send_to_kdc */ +#define CLIENT_KRB_TIMEOUT 4 /* time between retries */ +#define CLIENT_KRB_RETRY 5 /* retry this many times */ +#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ + +/* Definitions for ticket file utilities */ +#define R_TKT_FIL 0 +#define W_TKT_FIL 1 + +/* Parameters for rd_ap_req */ +/* Maximum alloable clock skew in seconds */ +#define CLOCK_SKEW 5*60 + +/* Structure definition for rd_ap_req */ + +struct auth_dat { + unsigned char k_flags; /* Flags from ticket */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* His Instance */ + char prealm[REALM_SZ]; /* His Realm */ + u_int32_t checksum; /* Data checksum (opt) */ + des_cblock session; /* Session Key */ + int life; /* Life of ticket */ + u_int32_t time_sec; /* Time ticket issued */ + u_int32_t address; /* Address in ticket */ + KTEXT_ST reply; /* Auth reply (opt) */ +}; + +typedef struct auth_dat AUTH_DAT; + +/* Structure definition for credentials returned by get_cred */ + +struct credentials { + char service[ANAME_SZ]; /* Service name */ + char instance[INST_SZ]; /* Instance */ + char realm[REALM_SZ]; /* Auth domain */ + des_cblock session; /* Session key */ + int lifetime; /* Lifetime */ + int kvno; /* Key version number */ + KTEXT_ST ticket_st; /* The ticket itself */ + int32_t issue_date; /* The issue time */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ +}; + +typedef struct credentials CREDENTIALS; + +/* Structure definition for rd_private_msg and rd_safe_msg */ + +struct msg_dat { + unsigned char *app_data; /* pointer to appl data */ + u_int32_t app_length; /* length of appl data */ + u_int32_t hash; /* hash to lookup replay */ + int swap; /* swap bytes? */ + int32_t time_sec; /* msg timestamp seconds */ + unsigned char time_5ms; /* msg timestamp 5ms units */ +}; + +typedef struct msg_dat MSG_DAT; + + +/* Location of ticket file for save_cred and get_cred */ +#define TKT_FILE tkt_string() +#define TKT_ROOT "/tmp/tkt" + +/* Error codes returned from the KDC */ +#define KDC_OK 0 /* Request OK */ +#define KDC_NAME_EXP 1 /* Principal expired */ +#define KDC_SERVICE_EXP 2 /* Service expired */ +#define KDC_AUTH_EXP 3 /* Auth expired */ +#define KDC_PKT_VER 4 /* Protocol version unknown */ +#define KDC_P_MKEY_VER 5 /* Wrong master key version */ +#define KDC_S_MKEY_VER 6 /* Wrong master key version */ +#define KDC_BYTE_ORDER 7 /* Byte order unknown */ +#define KDC_PR_UNKNOWN 8 /* Principal unknown */ +#define KDC_PR_N_UNIQUE 9 /* Principal not unique */ +#define KDC_NULL_KEY 10 /* Principal has null key */ +#define KDC_GEN_ERR 20 /* Generic error from KDC */ + + +/* Values returned by get_credentials */ +#define GC_OK 0 /* Retrieve OK */ +#define RET_OK 0 /* Retrieve OK */ +#define GC_TKFIL 21 /* Can't read ticket file */ +#define RET_TKFIL 21 /* Can't read ticket file */ +#define GC_NOTKT 22 /* Can't find ticket or TGT */ +#define RET_NOTKT 22 /* Can't find ticket or TGT */ + + +/* Values returned by mk_ap_req */ +#define MK_AP_OK 0 /* Success */ +#define MK_AP_TGTEXP 26 /* TGT Expired */ + +/* Values returned by rd_ap_req */ +#define RD_AP_OK 0 /* Request authentic */ +#define RD_AP_UNDEC 31 /* Can't decode authenticator */ +#define RD_AP_EXP 32 /* Ticket expired */ +#define RD_AP_NYV 33 /* Ticket not yet valid */ +#define RD_AP_REPEAT 34 /* Repeated request */ +#define RD_AP_NOT_US 35 /* The ticket isn't for us */ +#define RD_AP_INCON 36 /* Request is inconsistent */ +#define RD_AP_TIME 37 /* delta_t too big */ +#define RD_AP_BADD 38 /* Incorrect net address */ +#define RD_AP_VERSION 39 /* protocol version mismatch */ +#define RD_AP_MSG_TYPE 40 /* invalid msg type */ +#define RD_AP_MODIFIED 41 /* message stream modified */ +#define RD_AP_ORDER 42 /* message out of order */ +#define RD_AP_UNAUTHOR 43 /* unauthorized request */ + +/* Values returned by get_pw_tkt */ +#define GT_PW_OK 0 /* Got password changing tkt */ +#define GT_PW_NULL 51 /* Current PW is null */ +#define GT_PW_BADPW 52 /* Incorrect current password */ +#define GT_PW_PROT 53 /* Protocol Error */ +#define GT_PW_KDCERR 54 /* Error returned by KDC */ +#define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ + + +/* Values returned by send_to_kdc */ +#define SKDC_OK 0 /* Response received */ +#define SKDC_RETRY 56 /* Retry count exceeded */ +#define SKDC_CANT 57 /* Can't send request */ + +/* + * Values returned by get_intkt + * (can also return SKDC_* and KDC errors) + */ + +#define INTK_OK 0 /* Ticket obtained */ +#define INTK_W_NOTALL 61 /* Not ALL tickets returned */ +#define INTK_BADPW 62 /* Incorrect password */ +#define INTK_PROT 63 /* Protocol Error */ +#define INTK_ERR 70 /* Other error */ + +/* Values returned by get_adtkt */ +#define AD_OK 0 /* Ticket Obtained */ +#define AD_NOTGT 71 /* Don't have tgt */ + +/* Error codes returned by ticket file utilities */ +#define NO_TKT_FIL 76 /* No ticket file found */ +#define TKT_FIL_ACC 77 /* Couldn't access tkt file */ +#define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ +#define TKT_FIL_FMT 79 /* Bad ticket file format */ +#define TKT_FIL_INI 80 /* tf_init not called first */ + +/* Error code returned by kparse_name */ +#define KNAME_FMT 81 /* Bad Kerberos name format */ + +/* Error code returned by krb_mk_safe */ +#define SAFE_PRIV_ERROR -1 /* syscall error */ + +/* + * macros for byte swapping; also scratch space + * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 + * u_int32_t 0-->3, 1-->2, 2-->1, 3-->0 + * u_int16_t 0-->1, 1-->0 + */ + +#define swap_u_16(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \ + swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \ + swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \ + swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \ + swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \ + bcopy((char *)_krb_swap_tmp,(char *)x,16);\ + } + +#define swap_u_12(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \ + swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \ + swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \ + bcopy((char *)_krb_swap_tmp,(char *)x,12);\ + } + +#define swap_C_Block(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \ + bcopy((char *)_krb_swap_tmp,(char *)x,8);\ + } +#define swap_u_quad(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \ + bcopy((char *)_krb_swap_tmp,(char *)&x,8);\ + } + +#define swap_u_long(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \ + x = _krb_swap_tmp[0]; \ + } + +#define swap_u_short(x) {\ + u_int16_t _krb_swap_sh_tmp; \ + swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \ + x = (u_int16_t) _krb_swap_sh_tmp; \ + } +/* Kerberos ticket flag field bit definitions */ +#define K_FLAG_ORDER 0 /* bit 0 --> lsb */ +#define K_FLAG_1 /* reserved */ +#define K_FLAG_2 /* reserved */ +#define K_FLAG_3 /* reserved */ +#define K_FLAG_4 /* reserved */ +#define K_FLAG_5 /* reserved */ +#define K_FLAG_6 /* reserved */ +#define K_FLAG_7 /* reserved, bit 7 --> msb */ + +/* Defines for krb_sendauth and krb_recvauth */ + +#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ +#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ + +#define KOPT_DONT_CANON 0x00000004 /* + * don't canonicalize inst as + * a hostname + */ + +#define KRB_SENDAUTH_VLEN 8 /* length for version strings */ + +#ifdef ATHENA_COMPAT +#define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */ +#endif /* ATHENA_COMPAT */ + +struct tm; +struct tm *k_localtime __P((u_int32_t *)); + +/* --- Random prototypes */ +#include <sys/types.h> /* to get u_char */ + +/* Host address comparison */ +int krb_equiv __P((u_int32_t, u_int32_t)); + +/* Password conversion */ +void mit_string_to_key __P((char *str, char *cell, des_cblock *key)); +void afs_string_to_key __P((char *str, char *cell, des_cblock *key)); + +/* Lifetime conversion */ +u_int32_t krb_life_to_time __P((u_int32_t start, int life)); +int krb_time_to_life __P((u_int32_t start, u_int32_t end)); +char *krb_life_to_atime __P((int life)); +int krb_atime_to_life __P((char *atime)); + +/* Ticket manipulation */ +int tf_get_cred __P((CREDENTIALS *)); +int tf_get_pinst __P((char *)); +int tf_get_pname __P((char *)); +int tf_init __P((char *, int)); +int tf_save_cred __P((char *, char *, char *, unsigned char *, int , int , KTEXT ticket, u_int32_t)); +void tf_close __P((void)); + +/* Private communication */ +struct sockaddr_in; +int32_t krb_mk_priv __P((u_char *, u_char *, u_int32_t , struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *)); +int32_t krb_rd_priv __P((u_char *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); + +/* Misc */ +KTEXT create_auth_reply __P((char *, char *, char *, int32_t, int, u_int32_t, int, KTEXT)); + +char *krb_get_phost __P((char *)); +char *krb_realmofhost __P((char *)); +char *tkt_string __P((void)); + +int create_ciph __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t, int, KTEXT, u_int32_t, des_cblock *)); +int decomp_ticket __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t *, unsigned char *, int *, u_int32_t *, char *, char *, des_cblock *, struct des_ks_struct *)); +int dest_tkt __P((void)); +int get_ad_tkt __P((char *, char *, char *, int)); +int get_pw_tkt __P((char *, char *, char *, char *)); +int get_request __P((KTEXT, int, char **, char **)); +int get_request __P((KTEXT, int, char **, char **)); +int in_tkt __P((char *, char *)); +int k_isinst __P((char *)); +int k_isname __P((char *)); +int k_isrealm __P((char *)); +int kname_parse __P((char *, char *, char *, char *)); +int krb_create_ticket __P((KTEXT, unsigned char, char *, char *, char *, int32_t, char *, int16_t, int32_t, char *, char *, des_cblock *)); +int krb_get_admhst __P((char *, char *, int)); +int krb_get_admhst __P((char *, char *, int)); +int krb_get_cred __P((char *, char *, char *, CREDENTIALS *)); +int krb_get_in_tkt __P((char *, char *, char *, char *, char *, int , int (*key_proc) (/* ??? */), int (*decrypt_proc) (/* ??? */), char *)); +int krb_get_krbhst __P((char *, char *, int)); +int krb_get_krbhst __P((char *, char *, int)); +int krb_get_krbhst __P((char *, char *, int)); +int krb_get_lrealm __P((char *, int)); +int krb_get_pw_in_tkt __P((char *, char *, char *, char *, char *, int, char *)); +int krb_get_svc_in_tkt __P((char *, char *, char *, char *, char *, int, char *)); +int krb_get_tf_fullname __P((char *, char *, char *, char *)); +int krb_get_tf_realm __P((char *, char *)); +int krb_kntoln __P((AUTH_DAT *, char *)); +int krb_mk_req __P((KTEXT , char *, char *, char *, int32_t)); +int krb_net_read __P((int , char *, int)); +int krb_net_write __P((int , char *, int)); +int krb_rd_err __P((u_char *, u_int32_t, int32_t *, MSG_DAT *)); +int krb_rd_req __P((KTEXT , char *, char *, int32_t, AUTH_DAT *, char *)); +int krb_recvauth __P((int32_t, int, KTEXT, char *, char *, struct sockaddr_in *, struct sockaddr_in *, AUTH_DAT *, char *, struct des_ks_struct *, char *)); +int krb_sendauth __P((int32_t, int, KTEXT, char *, char *, char *, u_int32_t, MSG_DAT *, CREDENTIALS *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *, char *)); +int krb_set_key __P((char *, int)); +int krb_set_lifetime __P((int)); +int kuserok __P((AUTH_DAT *, char *)); +int read_service_key __P((char *, char *, char *, int , char *, char *)); +int save_credentials __P((char *, char *, char *, unsigned char *, int , int , KTEXT , int32_t)); +int send_to_kdc __P((KTEXT , KTEXT , char *)); + +int32_t krb_mk_err __P((u_char *, int32_t, char *)); +int32_t krb_mk_safe __P((u_char *, u_char *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *)); +int32_t krb_rd_safe __P((u_char *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); + +void ad_print __P((AUTH_DAT *)); +void cr_err_reply __P((KTEXT, char *, char *, char *, u_int32_t, u_int32_t, char *)); +void extract_ticket __P((KTEXT, int, char *, int *, int *, char *, KTEXT)); +void krb_set_tkt_string __P((char *)); + +void kset_logfile __P((char *)); +void set_logfile __P((char *)); + +void log (); +char *klog (); + +int getst __P((int, char *, int)); + + +#endif /* KRB_DEFS */ diff --git a/kerberosIV/include/kerberosIV/krb_db.h b/kerberosIV/include/kerberosIV/krb_db.h new file mode 100644 index 00000000000..3a007105317 --- /dev/null +++ b/kerberosIV/include/kerberosIV/krb_db.h @@ -0,0 +1,127 @@ +/* $Id: krb_db.h,v 1.1 1995/12/14 06:52:35 tholo Exp $ */ + +/*- + * Copyright 1987, 1988 by the Student Information Processing Board + * of the Massachusetts Institute of Technology + * + * Permission to use, copy, modify, and distribute this software + * and its documentation for any purpose and without fee is + * hereby granted, provided that the above copyright notice + * appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, + * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be + * used in advertising or publicity pertaining to distribution + * of the software without specific, written prior permission. + * M.I.T. and the M.I.T. S.I.P.B. make no representations about + * the suitability of this software for any purpose. It is + * provided "as is" without express or implied warranty. + */ + +/* spm Project Athena 8/85 + * + * This file defines data structures for the kerberos + * authentication/authorization database. + * + * They MUST correspond to those defined in *.rel + */ + +#ifndef KRB_DB_DEFS +#define KRB_DB_DEFS + +#define KERB_M_NAME "K" /* Kerberos */ +#define KERB_M_INST "M" /* Master */ +#define KERB_DEFAULT_NAME "default" +#define KERB_DEFAULT_INST "" + +/* this also defines the number of queue headers */ +#define KERB_DB_HASH_MODULO 64 + + +/* Arguments to kerb_dbl_lock() */ + +#define KERB_DBL_EXCLUSIVE 1 +#define KERB_DBL_SHARED 0 + +/* arguments to kerb_db_set_lockmode() */ + +#define KERB_DBL_BLOCKING 0 +#define KERB_DBL_NONBLOCKING 1 + +/* Principal defines the structure of a principal's name */ + +typedef struct { + char name[ANAME_SZ]; + char instance[INST_SZ]; + + u_int32_t key_low; + u_int32_t key_high; + u_int32_t exp_date; + char exp_date_txt[DATE_SZ]; + u_int32_t mod_date; + char mod_date_txt[DATE_SZ]; + u_int16_t attributes; + u_int8_t max_life; + u_int8_t kdc_key_ver; + u_int8_t key_version; + + char mod_name[ANAME_SZ]; + char mod_instance[INST_SZ]; + char *old; /* cast to (Principal *); not in db, + * ptr to old vals */ +} + Principal; + +typedef struct { + int32_t cpu; + int32_t elapsed; + int32_t dio; + int32_t pfault; + int32_t t_stamp; + int32_t n_retrieve; + int32_t n_replace; + int32_t n_append; + int32_t n_get_stat; + int32_t n_put_stat; +} + DB_stat; + +/* Dba defines the structure of a database administrator */ + +typedef struct { + char name[ANAME_SZ]; + char instance[INST_SZ]; + u_int16_t attributes; + u_int32_t exp_date; + char exp_date_txt[DATE_SZ]; + char *old; /* + * cast to (Dba *); not in db, ptr to + * old vals + */ +} + Dba; + +int kerb_get_principal __P((char *, char *, Principal *, unsigned int, int *)); +int kerb_put_principal __P((Principal *, unsigned int)); +void kerb_db_get_stat __P((DB_stat *)); +void kerb_db_put_stat __P((DB_stat *)); +int kerb_get_dba __P((char *, char *, Dba *, unsigned int, int *)); +int kerb_db_get_dba __P(()); +int kerb_init __P((void)); +void kerb_fini __P((void)); +time_t kerb_get_db_age __P((void)); + +void kdb_encrypt_key __P((des_cblock *, des_cblock *, des_cblock *, des_key_schedule, int)); +int kerb_db_set_name __P((char *)); + +long kdb_get_master_key __P((int, des_cblock *, des_key_schedule)); + +#include <stdio.h> +long kdb_verify_master_key __P((des_cblock *, des_key_schedule, FILE *)); + +int kerb_db_create __P((char *db_name)); +int kerb_db_put_principal __P((Principal *, unsigned int)); +int kerb_db_iterate __P((int (*)(char *, Principal *), char *)); +int kerb_db_rename __P((char *, char *)); +int kerb_db_set_lockmode __P((int)); + +#endif /* KRB_DB_DEFS */ diff --git a/kerberosIV/include/kerberosIV/site.h b/kerberosIV/include/kerberosIV/site.h new file mode 100644 index 00000000000..e7066084a71 --- /dev/null +++ b/kerberosIV/include/kerberosIV/site.h @@ -0,0 +1,46 @@ +/* $Id: site.h,v 1.1 1995/12/14 06:52:35 tholo Exp $ */ + +/* + * Site-specific definitions. + */ + +#ifndef SITE_H +#define SITE_H + +/* + * Location of common files. + */ +#define KRB_CONF "/etc/kerberosIV/krb.conf" +#define KRB_RLM_TRANS "/etc/kerberosIV/krb.realms" +#define KRB_EQUIV "/etc/kerberosIV/krb.equiv" +#define KRB_ACL "/etc/kerberosIV/kerberos.acl" +#define MKEYFILE "/etc/kerberosIV/master_key" +#define KEYFILE "/etc/kerberosIV/srvtab" +#define DBM_FILE "/etc/kerberosIV/principal" + +#define K_LOGFIL "/var/log/kpropd.log" +#define KS_LOGFIL "/var/log/kerberos_slave.log" +#define KRBLOG "/var/log/kerberos.log" /* master server */ +#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* master (?) server */ + +#define KRB_MASTER "kerberos" +#define KRB_HOST "kowande.bu.oz.au" +#define KRB_REALM "KOWANDE.BU.OZ.AU" + +/* from: kadm_server.h */ +/* the default syslog file */ +#define KADM_SYSLOG "/var/log/admin_server.log" + +#define DEFAULT_ACL_DIR "/etc/kerberosIV/" +/* These get appended to DEFAULT_ACL_DIR */ +#define ADD_ACL_FILE "admin_acl.add" +#define GET_ACL_FILE "admin_acl.get" +#define MOD_ACL_FILE "admin_acl.mod" + +/* + * Set ORGANIZATION to be the desired organization string printed + * by the 'kinit' program. It may have spaces. + */ +#define ORGANIZATION "The OpenBSD Project" + +#endif diff --git a/kerberosIV/include/klog.h b/kerberosIV/include/klog.h new file mode 100644 index 00000000000..7053d77278e --- /dev/null +++ b/kerberosIV/include/klog.h @@ -0,0 +1,37 @@ +/* $Id: klog.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +/*- + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * This file defines the types of log messages logged by klog. Each + * type of message may be selectively turned on or off. + */ + +#ifndef KLOG_DEFS +#define KLOG_DEFS + +#define NLOGTYPE 100 /* Maximum number of log msg types */ + +#define L_NET_ERR 1 /* Error in network code */ +#define L_NET_INFO 2 /* Info on network activity */ +#define L_KRB_PERR 3 /* Kerberos protocol errors */ +#define L_KRB_PINFO 4 /* Kerberos protocol info */ +#define L_INI_REQ 5 /* Request for initial ticket */ +#define L_NTGT_INTK 6 /* Initial request not for TGT */ +#define L_DEATH_REQ 7 /* Request for server death */ +#define L_TKT_REQ 8 /* All ticket requests using a tgt */ +#define L_ERR_SEXP 9 /* Service expired */ +#define L_ERR_MKV 10 /* Master key version incorrect */ +#define L_ERR_NKY 11 /* User's key is null */ +#define L_ERR_NUN 12 /* Principal not unique */ +#define L_ERR_UNK 13 /* Principal Unknown */ +#define L_ALL_REQ 14 /* All requests */ +#define L_APPL_REQ 15 /* Application requests (using tgt) */ +#define L_KRB_PWARN 16 /* Protocol warning messages */ + +char *klog(); + +#endif /* KLOG_DEFS */ diff --git a/kerberosIV/include/kprop.h b/kerberosIV/include/kprop.h new file mode 100644 index 00000000000..a5a66670b5f --- /dev/null +++ b/kerberosIV/include/kprop.h @@ -0,0 +1,18 @@ +/* $Id: kprop.h,v 1.1 1995/12/14 06:52:33 tholo Exp $ */ + +/*- + * Copyright 1987 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, + * please see the file <mit-copyright.h>. + */ + +#define KPROP_SERVICE_NAME "rcmd" +#define KPROP_SRVTAB "/etc/srvtab" +#define TGT_SERVICE_NAME "krbtgt" +#define KPROP_PROT_VERSION_LEN 8 +#define KPROP_PROT_VERSION "kprop01" +#define KPROP_TRANSFER_PRIVATE 1 +#define KPROP_TRANSFER_SAFE 2 +#define KPROP_TRANSFER_CLEAR 3 +#define KPROP_BUFSIZ 32768 diff --git a/kerberosIV/include/kuser_locl.h b/kerberosIV/include/kuser_locl.h new file mode 100644 index 00000000000..15f24c285de --- /dev/null +++ b/kerberosIV/include/kuser_locl.h @@ -0,0 +1,19 @@ +/* $Id: kuser_locl.h,v 1.1 1995/12/14 06:52:33 tholo Exp $ */ + +#include "kerberosIV/site.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <sys/types.h> +#include <unistd.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <time.h> +#include <sys/file.h> + +#include <pwd.h> + +#include <kerberosIV/krb.h> +#include <prot.h> diff --git a/kerberosIV/include/prot.h b/kerberosIV/include/prot.h new file mode 100644 index 00000000000..4a0a29ae101 --- /dev/null +++ b/kerberosIV/include/prot.h @@ -0,0 +1,89 @@ +/* $Id: prot.h,v 1.1 1995/12/14 06:52:33 tholo Exp $ */ + +/*- + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Include file with authentication protocol information. + */ + +#ifndef PROT_DEFS +#define PROT_DEFS + +#define KRB_PORT 750 /* PC's don't have + * /etc/services */ +#define KRB_PROT_VERSION 4 +#define MAX_PKT_LEN 1000 +#define MAX_TXT_LEN 1000 +#define TICKET_GRANTING_TICKET "krbtgt" + +/* Macro's to obtain various fields from a packet */ + +#define pkt_version(packet) (unsigned int) *(packet->dat) +#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1) +#define pkt_a_name(packet) (packet->dat+2) +#define pkt_a_inst(packet) \ + (packet->dat+3+strlen((char *)pkt_a_name(packet))) +#define pkt_a_realm(packet) \ + (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet))) + +/* Macro to obtain realm from application request */ +#define apreq_realm(auth) (auth->dat + 3) + +#define pkt_time_ws(packet) (char *) \ + (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) + +#define pkt_no_req(packet) (unsigned short) \ + *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) +#define pkt_x_date(packet) (char *) \ + (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) +#define pkt_err_code(packet) ( (char *) \ + (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet)))) +#define pkt_err_text(packet) \ + (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) + +/* Routines to create and read packets may be found in prot.c */ + +KTEXT create_auth_reply(); +KTEXT create_death_packet(); + +/* Message types , always leave lsb for byte order */ + +#define AUTH_MSG_KDC_REQUEST 1<<1 +#define AUTH_MSG_KDC_REPLY 2<<1 +#define AUTH_MSG_APPL_REQUEST 3<<1 +#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1 +#define AUTH_MSG_ERR_REPLY 5<<1 +#define AUTH_MSG_PRIVATE 6<<1 +#define AUTH_MSG_SAFE 7<<1 +#define AUTH_MSG_APPL_ERR 8<<1 +#define AUTH_MSG_DIE 63<<1 + +/* values for kerb error codes */ + +#define KERB_ERR_OK 0 +#define KERB_ERR_NAME_EXP 1 +#define KERB_ERR_SERVICE_EXP 2 +#define KERB_ERR_AUTH_EXP 3 +#define KERB_ERR_PKT_VER 4 +#define KERB_ERR_NAME_MAST_KEY_VER 5 +#define KERB_ERR_SERV_MAST_KEY_VER 6 +#define KERB_ERR_BYTE_ORDER 7 +#define KERB_ERR_PRINCIPAL_UNKNOWN 8 +#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 +#define KERB_ERR_NULL_KEY 10 + +#endif /* PROT_DEFS */ diff --git a/kerberosIV/include/slav_locl.h b/kerberosIV/include/slav_locl.h new file mode 100644 index 00000000000..e7f752bdfcf --- /dev/null +++ b/kerberosIV/include/slav_locl.h @@ -0,0 +1,34 @@ +/* $Id: slav_locl.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */ + +#ifndef __slav_locl_h +#define __slav_locl_h + +#include "kerberosIV/site.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> + +#include <errno.h> +#include <unistd.h> + +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <time.h> +#include <sys/file.h> + +#include <netinet/in.h> +#include <arpa/inet.h> +#include <sys/socket.h> + +#include <netdb.h> + +#include <kerberosIV/krb.h> +#include <kerberosIV/krb_db.h> +#include "klog.h" +#include "prot.h" +#include "kdc.h" + +#endif /* __slav_locl_h */ diff --git a/kerberosIV/include/ss/Makefile b/kerberosIV/include/ss/Makefile new file mode 100644 index 00000000000..73708779445 --- /dev/null +++ b/kerberosIV/include/ss/Makefile @@ -0,0 +1,18 @@ +# $Id: Makefile,v 1.1 1995/12/14 06:52:35 tholo Exp $ + +FILES= ss.h +NOOBJ= noobj + +all include clean cleandir depend lint tags: + +realinstall: + @echo installing ${FILES} + @-for i in ${FILES}; do \ + cmp -s $$i ${DESTDIR}/usr/include/ss/$$i || \ + install -c -m 444 $$i ${DESTDIR}/usr/include/ss/$$i; \ + done + +beforeinstall: + install -d -o ${BINOWN} -g ${BINGRP} -m 755 ${DESTDIR}/usr/include/ss + +.include <bsd.prog.mk> diff --git a/kerberosIV/include/ss/ss.h b/kerberosIV/include/ss/ss.h new file mode 100644 index 00000000000..97521c9c1c8 --- /dev/null +++ b/kerberosIV/include/ss/ss.h @@ -0,0 +1,65 @@ +/* $Id: ss.h,v 1.1 1995/12/14 06:52:35 tholo Exp $ */ + +/*- + * Copyright 1987, 1988 by the Student Information Processing Board + * of the Massachusetts Institute of Technology + * + * Permission to use, copy, modify, and distribute this software + * and its documentation for any purpose and without fee is + * hereby granted, provided that the above copyright notice + * appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, + * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be + * used in advertising or publicity pertaining to distribution + * of the software without specific, written prior permission. + * M.I.T. and the M.I.T. S.I.P.B. make no representations about + * the suitability of this software for any purpose. It is + * provided "as is" without express or implied warranty. + */ + +#ifndef _SS_H +#define _SS_H + +#include <sys/cdefs.h> + +#ifndef NO_SS_ERR_H +#include <ss/ss_err.h> +#endif + +typedef const struct _ss_request_entry { + const char * const *command_names; /* whatever */ + void (* const function) __P((int, const char * const *, int, void *)); + const char * const info_string; /* NULL */ + int flags; /* 0 */ +} ss_request_entry; + +typedef const struct _ss_request_table { + int version; + ss_request_entry *requests; +} ss_request_table; + +#define SS_RQT_TBL_V2 2 + +typedef struct _ss_rp_options { /* DEFAULT VALUES */ + int version; /* SS_RP_V1 */ + void (*unknown) __P((int, const char * const *, int, void *)); /* call for unknown command */ + int allow_suspend; + int catch_int; +} ss_rp_options; + +#define SS_RP_V1 1 + +#define SS_OPT_DONT_LIST 0x0001 +#define SS_OPT_DONT_SUMMARIZE 0x0002 + +void ss_help __P((int, const char * const *, int, void *)); +char *ss_current_request(); +char *ss_name(); +void ss_error __P((int, long, char const *, ...)); +void ss_perror __P((int, long, char const *)); +int ss_create_invocation __P((char *, char *, char *, ss_request_table *, int *)); +int ss_listen(int); +void ss_abort_subsystem(); + +extern ss_request_table ss_std_requests; +#endif /* _SS_H */ |