2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* The Kerberos Authenticated DES security object. */
13 #ifndef TRANSARC_RXKAD_RXKAD_H
14 #define TRANSARC_RXKAD_RXKAD_H
16 /* no ticket good for longer than 30 days */
17 #define MAXKTCTICKETLIFETIME (30*24*3600)
18 #define MINKTCTICKETLEN 32
19 #define MAXKTCTICKETLEN 344
20 #define MAXKTCNAMELEN 64 /* name & inst should be 256 */
21 #define MAXKTCREALMLEN 64 /* should be 256 */
22 #define KTC_TIME_UNCERTAINTY (15*60) /* max skew bet. machines' clocks */
24 #define MAXRANDOMNAMELEN 16 /* length of random generated
25 usernames used by afslog for high
26 security must be < MAXKTCNAMELEN */
27 #define LOGON_OPTION_INTEGRATED 1
28 #define LOGON_OPTION_HIGHSECURITY 2
31 * Define ticket types. For Kerberos V4 tickets, this is overloaded as
32 * the server key version number, so class numbers 0 through 255 are reserved
33 * for V4 tickets. For Kerberos V5, tickets have an in-the-clear portion
34 * containing the server key version, so we only use a single type number to
35 * identify those tickets. The ticket type is carried in the kvno field
36 * passed to/from ktc_[SG]etToken.
38 #define RXKAD_TKT_TYPE_KERBEROS_V5 256
39 #define RXKAD_TKT_TYPE_KERBEROS_V5_ENCPART_ONLY 213
41 #define MAXKRB5TICKETLEN 1024
44 * The AFS/DFS translator may also make use of additional ticket types in
45 * the range 257 through 511. DO NOT USE THESE FOR ANY OTHER PURPOSE.
47 #define RXKAD_TKT_TYPE_ADAPT_RESERVED_MIN 257
48 #define RXKAD_TKT_TYPE_ADAPT_RESERVED_MAX 511
50 struct ktc_encryptionKey {
54 struct ktc_principal {
55 char name[MAXKTCNAMELEN];
56 char instance[MAXKTCNAMELEN];
57 char cell[MAXKTCREALMLEN];
59 char smbname[MAXRANDOMNAMELEN];
64 #define NEVERDATE 0xffffffff
67 /* this function round a length to the correct encryption block size */
68 #define round_up_to_ebs(v) (((v) + 7) & (~7))
70 typedef char rxkad_type;
71 #define rxkad_client 1 /* bits definitions */
72 #define rxkad_server 2
74 typedef char rxkad_level;
75 #define rxkad_clear 0 /* send packets in the clear */
76 #define rxkad_auth 1 /* send encrypted sequence numbers */
77 #define rxkad_crypt 2 /* encrypt packet data */
79 /* many stats are kept per type and per level. These are encoded into an index
80 * from 0 to 5 by the StatIndex macro. */
82 #define rxkad_StatIndex(type,level) \
83 (((((type) == 1) || ((type) == 2)) && ((level) >= 0) && ((level) <= 2)) \
84 ? (((level)<<1)+(type)-1) : 0)
85 #define rxkad_LevelIndex(level) \
86 ((((level) >= 0) && ((level) <= 2)) ? (level) : 0)
87 #define rxkad_TypeIndex(type) \
88 ((((type) == 1) || ((type) == 2)) ? (type) : 0)
91 afs_uint32 connections[3]; /* client side only */
92 afs_uint32 destroyObject; /* client security objects */
93 afs_uint32 destroyClient; /* client connections */
94 afs_uint32 destroyUnused; /* unused server conn */
95 afs_uint32 destroyUnauth; /* unauthenticated server conn */
96 afs_uint32 destroyConn[3]; /* server conn per level */
97 afs_uint32 expired; /* server packets rejected */
98 afs_uint32 challengesSent; /* server challenges sent */
99 afs_uint32 challenges[3]; /* challenges seen by client */
100 afs_uint32 responses[3]; /* responses seen by server */
101 afs_uint32 preparePackets[6];
102 afs_uint32 checkPackets[6];
103 afs_uint32 bytesEncrypted[2]; /* index just by type */
104 afs_uint32 bytesDecrypted[2];
105 afs_uint32 fc_encrypts[2]; /* DECRYPT==0, ENCRYPT==1 */
106 afs_uint32 fc_key_scheds; /* key schedule creations */
107 afs_uint32 des_encrypts[2]; /* DECRYPT==0, ENCRYPT==1 */
108 afs_uint32 des_key_scheds; /* key schedule creations */
109 afs_uint32 des_randoms; /* random blocks generated */
113 #if defined(AFS_NT40_ENV) && defined(AFS_PTHREAD_ENV)
114 #ifndef RXKAD_STATS_DECLSPEC
115 #define RXKAD_STATS_DECLSPEC __declspec(dllimport) extern
118 #define RXKAD_STATS_DECLSPEC extern
120 RXKAD_STATS_DECLSPEC struct rxkad_stats rxkad_stats;
121 #ifdef AFS_PTHREAD_ENV
124 extern pthread_mutex_t rxkad_stats_mutex;
125 #define LOCK_RXKAD_STATS assert(pthread_mutex_lock(&rxkad_stats_mutex)==0);
126 #define UNLOCK_RXKAD_STATS assert(pthread_mutex_unlock(&rxkad_stats_mutex)==0);
128 #define LOCK_RXKAD_STATS
129 #define UNLOCK_RXKAD_STATS
133 /* gak! using up spares already! */
134 #define rxkad_stats_clientObjects (rxkad_stats.spares[0])
135 #define rxkad_stats_serverObjects (rxkad_stats.spares[1])
137 extern int rxkad_EpochWasSet; /* TRUE => we called rx_SetEpoch */
139 #include "rxkad_prototypes.h"
141 #endif /* TRANSARC_RXKAD_RXKAD_H */