2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * Revision 2.2 1990/09/27 13:51:37
12 * Declare (char *) returning function ka_timestr().
15 * Revision 2.1 90/08/07 19:11:51
16 * Start with clean version to sync test and dev trees.
26 #ifndef KAMAJORVERSION
27 /* just to be on the safe side, get these two first */
28 #include <sys/types.h>
31 /* get installed .h file only if not included already from local dir */
33 #include <afs/kauth.h>
39 #include <afs/cellconfig.h>
40 #include <afs/afsutil.h>
43 #include "../afs/ubik.h"
44 #include "../afs/auth.h"
45 #include "../afs/cellconfig.h"
46 #endif /* !defined(UKERNEL) */
49 #define KA_TIMESTR_LEN 30
50 #define Date afs_uint32
53 * Public function prototypes
56 extern afs_int32 ka_GetAuthToken (
60 struct ktc_encryptionKey *key,
65 extern afs_int32 ka_GetServerToken (
70 struct ktc_token *token,
75 extern afs_int32 ka_GetAdminToken (
79 struct ktc_encryptionKey *key,
81 struct ktc_token *token,
85 extern afs_int32 ka_VerifyUserToken(
89 struct ktc_encryptionKey *key
92 extern void ka_ExplicitCell (
94 afs_int32 serverList[]
97 extern afs_int32 ka_GetServers (
99 struct afsconf_cell *cellinfo
102 extern afs_int32 ka_GetSecurity (
104 struct ktc_token *token,
105 struct rx_securityClass **scP,
109 extern afs_int32 ka_SingleServerConn (
113 struct ktc_token *token,
114 struct ubik_client **conn
117 extern afs_int32 ka_AuthSpecificServersConn (
119 struct ktc_token *token,
120 struct afsconf_cell *cellinfo,
121 struct ubik_client **conn
124 extern afs_int32 ka_AuthServerConn (
127 struct ktc_token *token,
128 struct ubik_client **conn
131 extern afs_int32 ka_Authenticate (
135 struct ubik_client *conn,
137 struct ktc_encryptionKey *key,
140 struct ktc_token *token,
144 extern afs_int32 ka_GetToken (
150 struct ubik_client *conn,
153 struct ktc_token *auth_token,
155 struct ktc_token *token
158 extern afs_int32 ka_ChangePassword (
161 struct ubik_client *conn,
162 struct ktc_encryptionKey *oldkey,
163 struct ktc_encryptionKey *newkey
166 extern void ka_StringToKey (
169 struct ktc_encryptionKey *key
172 extern afs_int32 ka_ReadPassword (
176 struct ktc_encryptionKey *key
179 extern afs_int32 ka_ParseLoginName (
181 char name[MAXKTCNAMELEN],
182 char inst[MAXKTCNAMELEN],
183 char cell[MAXKTCREALMLEN]
188 #endif /* _MFC_VER */
189 extern afs_int32 ka_Init(
194 #endif /* _MFC_VER */
196 extern int ka_CellConfig (
200 extern char *ka_LocalCell (
204 extern int ka_ExpandCell (
210 extern int ka_CellToRealm (
216 extern void ka_PrintUserID (
223 extern void ka_PrintBytes (
228 extern int ka_ConvertBytes (
235 extern int ka_ReadBytes (
246 extern afs_int32 ka_KeyCheckSum (
251 extern int ka_KeyIsZero(
256 extern void ka_timestr (
262 extern afs_int32 ka_GetAFSTicket (
270 extern afs_int32 ka_UserAuthenticateGeneral (
277 afs_int32 *password_expires,
282 extern afs_int32 ka_UserAuthenticate (
291 extern afs_int32 ka_UserReadPassword (
298 extern afs_int32 ka_VerifyUserPassword(
307 #define KA_USERAUTH_VERSION 1
308 #define KA_USERAUTH_VERSION_MASK 0x00ffff
309 #define KA_USERAUTH_DOSETPAG 0x010000
310 #define KA_USERAUTH_DOSETPAG2 0x020000
311 #define KA_USERAUTH_ONLY_VERIFY 0x040000
312 #define KA_USERAUTH_AUTHENT_LOGON 0x100000
313 #define ka_UserAuthenticate(n,i,r,p,d,rP) \
314 ka_UserAuthenticateGeneral \
315 (KA_USERAUTH_VERSION + ((d) ? KA_USERAUTH_DOSETPAG : 0), \
316 n,i,r,p, /*lifetime*/0, /*spare1,2*/0,0, rP)
317 #define ka_UserAuthenticateLife(f,n,i,r,p,l,rP) \
318 ka_UserAuthenticateGeneral \
319 (KA_USERAUTH_VERSION + (f), n,i,r,p,l, /*spare1,2*/0,0, rP)
321 extern afs_int32 KAM_CreateUser();
322 extern afs_int32 KAM_DeleteUser();
323 extern afs_int32 KAA_ChangePassword();
324 extern afs_int32 KAM_SetPassword();
325 extern afs_int32 KAA_Authenticate(), KAA_AuthenticateV2();
326 extern afs_int32 KAT_GetTicket();
327 extern afs_int32 KAM_SetFields();
329 #define KA_NOREUSEPW 2
330 #define KA_ISLOCKED 4
332 extern afs_int32 KAM_GetEntry();
333 extern afs_int32 KAM_ListEntry();
334 extern afs_int32 KAM_GetStats();
335 extern afs_int32 KAM_GetPassword();
336 extern afs_int32 KAM_GetRandomKey();
337 extern afs_int32 KAM_Debug();
338 extern afs_int32 KAM_Unlock();
339 extern afs_int32 KAM_LockStatus();
341 #define KA_AUTHENTICATION_SERVICE 731
342 #define KA_TICKET_GRANTING_SERVICE 732
343 #define KA_MAINTENANCE_SERVICE 733
345 #define RX_SCINDEX_NULL 0 /* No security */
346 #define RX_SCINDEX_VAB 1 /* vice tokens, with bcrypt */
347 #define RX_SCINDEX_KAD 2 /* Kerberos/DES */
349 #define KA_TGS_NAME "krbtgt"
350 /* realm is TGS instance */
351 #define KA_ADMIN_NAME "AuthServer"
352 #define KA_ADMIN_INST "Admin"
354 #define KA_LABELSIZE 4
355 #define KA_GETTGT_REQ_LABEL "gTGS"
356 #define KA_GETTGT_ANS_LABEL "tgsT"
357 #define KA_GETADM_REQ_LABEL "gADM"
358 #define KA_GETADM_ANS_LABEL "admT"
359 #define KA_CPW_REQ_LABEL "CPWl"
360 #define KA_CPW_ANS_LABEL "Pass"
361 #define KA_GETTICKET_ANS_LABEL "gtkt"
363 struct ka_gettgtRequest { /* format of request */
364 Date time; /* time of request */
365 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
368 /* old interface: see ka_ticketAnswer instead */
369 struct ka_gettgtAnswer { /* format of response */
370 Date time; /* the time of the request plus one */
371 struct ktc_encryptionKey
372 sessionkey; /* the session key in the ticket */
373 afs_int32 kvno; /* version # of tkt encrypting key */
374 afs_int32 ticket_len; /* the ticket's length */
375 char ticket[MAXKTCTICKETLEN]; /* the ticket itself (no padding) */
376 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
379 struct ka_ticketAnswer { /* format of response */
380 afs_int32 cksum; /* function to be defined */
381 Date challenge; /* the time of the request plus one */
382 struct ktc_encryptionKey
383 sessionKey; /* the session key in the ticket */
386 afs_int32 kvno; /* version of ticket encrypting key */
387 afs_int32 ticketLen; /* the ticket's length */
388 char name[MAXKTCNAMELEN];
389 char instance[MAXKTCNAMELEN];
390 char cell[MAXKTCNAMELEN];
391 char sname[MAXKTCNAMELEN];
392 char sinstance[MAXKTCNAMELEN];
393 char ticket[MAXKTCTICKETLEN]; /* the ticket (no extra chars) */
394 char label[KA_LABELSIZE]; /* for detecting decryption errors */
397 struct ka_cpwRequest { /* format of request */
398 Date time; /* time of request */
399 struct ktc_encryptionKey
401 afs_int32 kvno; /* version number of key */
402 afs_int32 spare; /* must be zero */
403 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
406 struct ka_cpwAnswer { /* format of response */
407 Date time; /* the time of the request plus one */
408 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
411 struct ka_getTicketTimes {
416 /* old interface: see ka_ticketAnswer instead */
417 struct ka_getTicketAnswer {
418 struct ktc_encryptionKey sessionKey;
423 char name[MAXKTCNAMELEN];
424 char instance[MAXKTCNAMELEN];
425 char cell[MAXKTCNAMELEN];
426 char sname[MAXKTCNAMELEN];
427 char sinstance[MAXKTCNAMELEN];
428 char ticket[MAXKTCTICKETLEN];
431 #ifndef ERROR_TABLE_BASE_KA
432 #define ka_ErrorString error_message
434 #define KAMINERROR ERROR_TABLE_BASE_KA
435 #define KAMAXERROR (KAMINERROR+255)