2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * Revision 2.2 1990/09/27 13:51:37
12 * Declare (char *) returning function ka_timestr().
15 * Revision 2.1 90/08/07 19:11:51
16 * Start with clean version to sync test and dev trees.
26 #ifndef KAMAJORVERSION
27 /* just to be on the safe side, get these two first */
28 #include <sys/types.h>
31 /* get installed .h file only if not included already from local dir */
33 #include <afs/kauth.h>
39 #include <afs/cellconfig.h>
40 #include <afs/afsutil.h>
45 #include "afs/cellconfig.h"
46 #endif /* !defined(UKERNEL) */
49 #define KA_TIMESTR_LEN 30
50 #define Date afs_uint32
53 * Public function prototypes
56 extern afs_int32 ka_GetAuthToken(char *name, char *instance, char *cell,
57 struct ktc_encryptionKey *key,
58 afs_int32 lifetime, afs_int32 * pwexpires);
60 extern afs_int32 ka_GetServerToken(char *name, char *instance, char *cell,
61 Date lifetime, struct ktc_token *token,
62 int newer, int dosetpag);
64 extern afs_int32 ka_GetAdminToken(char *name, char *instance, char *cell,
65 struct ktc_encryptionKey *key,
66 afs_int32 lifetime, struct ktc_token *token,
69 extern afs_int32 ka_VerifyUserToken(char *name, char *instance, char *cell,
70 struct ktc_encryptionKey *key);
72 extern void ka_ExplicitCell(char *cell, afs_int32 serverList[]
75 extern afs_int32 ka_GetServers(char *cell, struct afsconf_cell *cellinfo);
77 extern afs_int32 ka_GetSecurity(int service, struct ktc_token *token,
78 struct rx_securityClass **scP, int *siP);
80 extern afs_int32 ka_SingleServerConn(char *cell, char *server, int service,
81 struct ktc_token *token,
82 struct ubik_client **conn);
84 extern afs_int32 ka_AuthSpecificServersConn(int service,
85 struct ktc_token *token,
86 struct afsconf_cell *cellinfo,
87 struct ubik_client **conn);
89 extern afs_int32 ka_AuthServerConn(char *cell, int service,
90 struct ktc_token *token,
91 struct ubik_client **conn);
93 extern afs_int32 ka_Authenticate(char *name, char *instance, char *cell,
94 struct ubik_client *conn, int service,
95 struct ktc_encryptionKey *key, Date start,
96 Date end, struct ktc_token *token,
97 afs_int32 * pwexpires);
99 extern afs_int32 ka_GetToken(char *name, char *instance, char *cell,
100 char *cname, char *cinst,
101 struct ubik_client *conn, Date start, Date end,
102 struct ktc_token *auth_token, char *auth_domain,
103 struct ktc_token *token);
105 extern afs_int32 ka_ChangePassword(char *name, char *instance,
106 struct ubik_client *conn,
107 struct ktc_encryptionKey *oldkey,
108 struct ktc_encryptionKey *newkey);
110 extern void ka_StringToKey(char *str, char *cell,
111 struct ktc_encryptionKey *key);
113 extern afs_int32 ka_ReadPassword(char *prompt, int verify, char *cell,
114 struct ktc_encryptionKey *key);
116 extern afs_int32 ka_ParseLoginName(char *login, char name[MAXKTCNAMELEN],
117 char inst[MAXKTCNAMELEN],
118 char cell[MAXKTCREALMLEN]
123 #endif /* _MFC_VER */
124 extern afs_int32 ka_Init(int flags);
127 #endif /* _MFC_VER */
128 extern int ka_CellConfig(const char *dir);
130 extern char *ka_LocalCell(void
133 extern int ka_ExpandCell(char *cell, char *fullCell, int *alocal);
135 extern int ka_CellToRealm(char *cell, char *realm, int *local);
137 extern void ka_PrintUserID(char *prefix, char *name, char *instance,
140 extern void ka_PrintBytes(char bs[], int bl);
142 extern int ka_ConvertBytes(char *ascii, int alen, char bs[], int bl);
144 extern int ka_ReadBytes(char *ascii, char *binary, int blen);
146 extern int umin(afs_uint32 a, afs_uint32 b);
148 extern afs_int32 ka_KeyCheckSum(char *key, afs_uint32 * cksumP);
150 extern int ka_KeyIsZero(register char *akey, register int alen);
152 extern void ka_timestr(afs_int32 time, char *tstr, afs_int32 tlen);
154 extern afs_int32 ka_GetAFSTicket(char *name, char *instance, char *realm,
155 Date lifetime, afs_int32 flags);
157 extern afs_int32 ka_UserAuthenticateGeneral(afs_int32 flags, char *name,
158 char *instance, char *realm,
159 char *password, Date lifetime,
160 afs_int32 * password_expires,
161 afs_int32 spare2, char **reasonP);
163 extern afs_int32 ka_UserAuthenticateGeneral2(afs_int32 flags, char *name,
164 char *instance, char *realm,
165 char *password, char *smbname,
167 afs_int32 * password_expires,
170 extern afs_int32 ka_UserAuthenticate(char *name, char *instance, char *realm,
171 char *password, int doSetPAG,
174 extern afs_int32 ka_UserReadPassword(char *prompt, char *password, int plen,
177 extern afs_int32 ka_VerifyUserPassword(afs_int32 version, char *name,
178 char *instance, char *realm,
179 char *password, int spare,
181 #define KA_USERAUTH_VERSION 1
182 #define KA_USERAUTH_VERSION_MASK 0x00ffff
183 #define KA_USERAUTH_DOSETPAG 0x010000
184 #define KA_USERAUTH_DOSETPAG2 0x020000
185 #define KA_USERAUTH_ONLY_VERIFY 0x040000
186 #define KA_USERAUTH_AUTHENT_LOGON 0x100000
187 #define ka_UserAuthenticate(n,i,r,p,d,rP) \
188 ka_UserAuthenticateGeneral \
189 (KA_USERAUTH_VERSION + ((d) ? KA_USERAUTH_DOSETPAG : 0), \
190 n,i,r,p, /*lifetime*/0, /*spare1,2*/0,0, rP)
191 #define ka_UserAuthenticateLife(f,n,i,r,p,l,rP) \
192 ka_UserAuthenticateGeneral \
193 (KA_USERAUTH_VERSION + (f), n,i,r,p,l, /*spare1,2*/0,0, rP)
196 #define KA_NOREUSEPW 2
197 #define KA_ISLOCKED 4
199 #define KA_AUTHENTICATION_SERVICE 731
200 #define KA_TICKET_GRANTING_SERVICE 732
201 #define KA_MAINTENANCE_SERVICE 733
203 #define RX_SCINDEX_NULL 0 /* No security */
204 #define RX_SCINDEX_VAB 1 /* vice tokens, with bcrypt */
205 #define RX_SCINDEX_KAD 2 /* Kerberos/DES */
207 #define KA_TGS_NAME "krbtgt"
208 /* realm is TGS instance */
209 #define KA_ADMIN_NAME "AuthServer"
210 #define KA_ADMIN_INST "Admin"
212 #define KA_LABELSIZE 4
213 #define KA_GETTGT_REQ_LABEL "gTGS"
214 #define KA_GETTGT_ANS_LABEL "tgsT"
215 #define KA_GETADM_REQ_LABEL "gADM"
216 #define KA_GETADM_ANS_LABEL "admT"
217 #define KA_CPW_REQ_LABEL "CPWl"
218 #define KA_CPW_ANS_LABEL "Pass"
219 #define KA_GETTICKET_ANS_LABEL "gtkt"
221 struct ka_gettgtRequest { /* format of request */
222 Date time; /* time of request */
223 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
226 /* old interface: see ka_ticketAnswer instead */
227 struct ka_gettgtAnswer { /* format of response */
228 Date time; /* the time of the request plus one */
229 struct ktc_encryptionKey
230 sessionkey; /* the session key in the ticket */
231 afs_int32 kvno; /* version # of tkt encrypting key */
232 afs_int32 ticket_len; /* the ticket's length */
233 char ticket[MAXKTCTICKETLEN]; /* the ticket itself (no padding) */
234 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
237 struct ka_ticketAnswer { /* format of response */
238 afs_int32 cksum; /* function to be defined */
239 Date challenge; /* the time of the request plus one */
240 struct ktc_encryptionKey
241 sessionKey; /* the session key in the ticket */
244 afs_int32 kvno; /* version of ticket encrypting key */
245 afs_int32 ticketLen; /* the ticket's length */
246 char name[MAXKTCNAMELEN];
247 char instance[MAXKTCNAMELEN];
248 char cell[MAXKTCNAMELEN];
249 char sname[MAXKTCNAMELEN];
250 char sinstance[MAXKTCNAMELEN];
251 char ticket[MAXKTCTICKETLEN]; /* the ticket (no extra chars) */
252 char label[KA_LABELSIZE]; /* for detecting decryption errors */
255 struct ka_cpwRequest { /* format of request */
256 Date time; /* time of request */
257 struct ktc_encryptionKey
259 afs_int32 kvno; /* version number of key */
260 afs_int32 spare; /* must be zero */
261 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
264 struct ka_cpwAnswer { /* format of response */
265 Date time; /* the time of the request plus one */
266 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
269 struct ka_getTicketTimes {
274 /* old interface: see ka_ticketAnswer instead */
275 struct ka_getTicketAnswer {
276 struct ktc_encryptionKey sessionKey;
281 char name[MAXKTCNAMELEN];
282 char instance[MAXKTCNAMELEN];
283 char cell[MAXKTCNAMELEN];
284 char sname[MAXKTCNAMELEN];
285 char sinstance[MAXKTCNAMELEN];
286 char ticket[MAXKTCTICKETLEN];
289 #ifndef ERROR_TABLE_BASE_KA
290 #define ka_ErrorString error_message
292 #define KAMINERROR ERROR_TABLE_BASE_KA
293 #define KAMAXERROR (KAMINERROR+255)