2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * Revision 2.2 1990/09/27 13:51:37
12 * Declare (char *) returning function ka_timestr().
15 * Revision 2.1 90/08/07 19:11:51
16 * Start with clean version to sync test and dev trees.
25 #ifndef KAMAJORVERSION
26 /* just to be on the safe side, get these two first */
27 #include <sys/types.h>
30 /* get installed .h file only if not included already from local dir */
32 #include <afs/kauth.h>
38 #include <afs/cellconfig.h>
39 #include <afs/afsutil.h>
42 #define KA_TIMESTR_LEN 30
43 #define Date afs_uint32
46 * Public function prototypes
49 extern afs_int32 ka_GetAuthToken(char *name, char *instance, char *cell,
50 struct ktc_encryptionKey *key,
51 afs_int32 lifetime, afs_int32 * pwexpires);
53 extern afs_int32 ka_GetServerToken(char *name, char *instance, char *cell,
54 Date lifetime, struct ktc_token *token,
55 int newer, int dosetpag);
57 extern afs_int32 ka_GetAdminToken(char *name, char *instance, char *cell,
58 struct ktc_encryptionKey *key,
59 afs_int32 lifetime, struct ktc_token *token,
62 extern afs_int32 ka_VerifyUserToken(char *name, char *instance, char *cell,
63 struct ktc_encryptionKey *key);
65 extern void ka_ExplicitCell(char *cell, afs_uint32 serverList[]
68 extern afs_int32 ka_GetServers(char *cell, struct afsconf_cell *cellinfo);
70 extern afs_int32 ka_GetSecurity(int service, struct ktc_token *token,
71 struct rx_securityClass **scP, int *siP);
73 extern afs_int32 ka_SingleServerConn(char *cell, char *server, int service,
74 struct ktc_token *token,
75 struct ubik_client **conn);
77 extern afs_int32 ka_AuthSpecificServersConn(int service,
78 struct ktc_token *token,
79 struct afsconf_cell *cellinfo,
80 struct ubik_client **conn);
82 extern afs_int32 ka_AuthServerConn(char *cell, int service,
83 struct ktc_token *token,
84 struct ubik_client **conn);
86 extern afs_int32 ka_Authenticate(char *name, char *instance, char *cell,
87 struct ubik_client *conn, int service,
88 struct ktc_encryptionKey *key, Date start,
89 Date end, struct ktc_token *token,
90 afs_int32 * pwexpires);
92 extern afs_int32 ka_GetToken(char *name, char *instance, char *cell,
93 char *cname, char *cinst,
94 struct ubik_client *conn, Date start, Date end,
95 struct ktc_token *auth_token, char *auth_domain,
96 struct ktc_token *token);
98 extern afs_int32 ka_ChangePassword(char *name, char *instance,
99 struct ubik_client *conn,
100 struct ktc_encryptionKey *oldkey,
101 struct ktc_encryptionKey *newkey);
103 extern void ka_StringToKey(char *str, char *cell,
104 struct ktc_encryptionKey *key);
106 extern afs_int32 ka_ReadPassword(char *prompt, int verify, char *cell,
107 struct ktc_encryptionKey *key);
109 extern afs_int32 ka_ParseLoginName(char *login, char name[MAXKTCNAMELEN],
110 char inst[MAXKTCNAMELEN],
111 char cell[MAXKTCREALMLEN]
116 #endif /* _MFC_VER */
117 extern afs_int32 ka_Init(int flags);
120 #endif /* _MFC_VER */
121 extern int ka_CellConfig(const char *dir);
123 extern char *ka_LocalCell(void
126 extern int ka_ExpandCell(char *cell, char *fullCell, int *alocal);
128 extern int ka_CellToRealm(char *cell, char *realm, int *local);
130 extern void ka_PrintUserID(char *prefix, char *name, char *instance,
133 extern void ka_PrintBytes(char bs[], int bl);
135 extern int ka_ConvertBytes(char *ascii, int alen, char bs[], int bl);
137 extern int ka_ReadBytes(char *ascii, char *binary, int blen);
139 extern int umin(afs_uint32 a, afs_uint32 b);
141 extern afs_int32 ka_KeyCheckSum(char *key, afs_uint32 * cksumP);
143 extern int ka_KeyIsZero(char *akey, int alen);
145 extern void ka_timestr(afs_int32 time, char *tstr, afs_int32 tlen);
147 extern void ka_debugKeyCache(struct ka_debugInfo *info);
149 extern void save_principal(char *p, char *n, char *i, char *c);
151 extern afs_int32 ka_GetAFSTicket(char *name, char *instance, char *realm,
152 Date lifetime, afs_int32 flags);
154 extern afs_int32 ka_UserAuthenticateGeneral(afs_int32 flags, char *name,
155 char *instance, char *realm,
156 char *password, Date lifetime,
157 afs_int32 * password_expires,
158 afs_int32 spare2, char **reasonP);
160 extern afs_int32 ka_UserAuthenticateGeneral2(afs_int32 flags, char *name,
161 char *instance, char *realm,
162 char *password, char *smbname,
164 afs_int32 * password_expires,
167 extern afs_int32 ka_UserAuthenticate(char *name, char *instance, char *realm,
168 char *password, int doSetPAG,
171 extern afs_int32 ka_UserReadPassword(char *prompt, char *password, int plen,
174 extern afs_int32 ka_VerifyUserPassword(afs_int32 version, char *name,
175 char *instance, char *realm,
176 char *password, int spare,
178 #define KA_USERAUTH_VERSION 1
179 #define KA_USERAUTH_VERSION_MASK 0x00ffff
180 #define KA_USERAUTH_DOSETPAG 0x010000
181 #define KA_USERAUTH_DOSETPAG2 0x020000
182 #define KA_USERAUTH_ONLY_VERIFY 0x040000
183 #define KA_USERAUTH_AUTHENT_LOGON 0x100000
184 #define ka_UserAuthenticate(n,i,r,p,d,rP) \
185 ka_UserAuthenticateGeneral \
186 (KA_USERAUTH_VERSION + ((d) ? KA_USERAUTH_DOSETPAG : 0), \
187 n,i,r,p, /*lifetime*/0, /*spare1,2*/0,0, rP)
188 #define ka_UserAuthenticateLife(f,n,i,r,p,l,rP) \
189 ka_UserAuthenticateGeneral \
190 (KA_USERAUTH_VERSION + (f), n,i,r,p,l, /*spare1,2*/0,0, rP)
193 #define KA_NOREUSEPW 2
194 #define KA_ISLOCKED 4
196 #define KA_AUTHENTICATION_SERVICE 731
197 #define KA_TICKET_GRANTING_SERVICE 732
198 #define KA_MAINTENANCE_SERVICE 733
200 #define RX_SCINDEX_NULL 0 /* No security */
201 #define RX_SCINDEX_VAB 1 /* vice tokens, with bcrypt */
202 #define RX_SCINDEX_KAD 2 /* Kerberos/DES */
204 #define KA_TGS_NAME "krbtgt"
205 /* realm is TGS instance */
206 #define KA_ADMIN_NAME "AuthServer"
207 #define KA_ADMIN_INST "Admin"
209 #define KA_LABELSIZE 4
210 #define KA_GETTGT_REQ_LABEL "gTGS"
211 #define KA_GETTGT_ANS_LABEL "tgsT"
212 #define KA_GETADM_REQ_LABEL "gADM"
213 #define KA_GETADM_ANS_LABEL "admT"
214 #define KA_CPW_REQ_LABEL "CPWl"
215 #define KA_CPW_ANS_LABEL "Pass"
216 #define KA_GETTICKET_ANS_LABEL "gtkt"
218 struct ka_gettgtRequest { /* format of request */
219 Date time; /* time of request */
220 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
223 /* old interface: see ka_ticketAnswer instead */
224 struct ka_gettgtAnswer { /* format of response */
225 Date time; /* the time of the request plus one */
226 struct ktc_encryptionKey
227 sessionkey; /* the session key in the ticket */
228 afs_int32 kvno; /* version # of tkt encrypting key */
229 afs_int32 ticket_len; /* the ticket's length */
230 char ticket[MAXKTCTICKETLEN]; /* the ticket itself (no padding) */
231 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
234 struct ka_ticketAnswer { /* format of response */
235 afs_int32 cksum; /* function to be defined */
236 Date challenge; /* the time of the request plus one */
237 struct ktc_encryptionKey
238 sessionKey; /* the session key in the ticket */
241 afs_int32 kvno; /* version of ticket encrypting key */
242 afs_int32 ticketLen; /* the ticket's length */
243 char name[MAXKTCNAMELEN];
244 char instance[MAXKTCNAMELEN];
245 char cell[MAXKTCNAMELEN];
246 char sname[MAXKTCNAMELEN];
247 char sinstance[MAXKTCNAMELEN];
248 char ticket[MAXKTCTICKETLEN]; /* the ticket (no extra chars) */
249 char label[KA_LABELSIZE]; /* for detecting decryption errors */
252 struct ka_cpwRequest { /* format of request */
253 Date time; /* time of request */
254 struct ktc_encryptionKey
256 afs_int32 kvno; /* version number of key */
257 afs_int32 spare; /* must be zero */
258 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
261 struct ka_cpwAnswer { /* format of response */
262 Date time; /* the time of the request plus one */
263 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
266 struct ka_getTicketTimes {
271 /* old interface: see ka_ticketAnswer instead */
272 struct ka_getTicketAnswer {
273 struct ktc_encryptionKey sessionKey;
278 char name[MAXKTCNAMELEN];
279 char instance[MAXKTCNAMELEN];
280 char cell[MAXKTCNAMELEN];
281 char sname[MAXKTCNAMELEN];
282 char sinstance[MAXKTCNAMELEN];
283 char ticket[MAXKTCTICKETLEN];
286 #ifndef ERROR_TABLE_BASE_KA
287 #define ka_ErrorString afs_error_message
289 #define KAMINERROR ERROR_TABLE_BASE_KA
290 #define KAMAXERROR (KAMINERROR+255)