2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * Revision 2.2 1990/09/27 13:51:37
12 * Declare (char *) returning function ka_timestr().
15 * Revision 2.1 90/08/07 19:11:51
16 * Start with clean version to sync test and dev trees.
26 #ifndef KAMAJORVERSION
27 /* just to be on the safe side, get these two first */
28 #include <sys/types.h>
31 /* get installed .h file only if not included already from local dir */
33 #include <afs/kauth.h>
39 #include <afs/cellconfig.h>
40 #include <afs/afsutil.h>
43 #include "../afs/ubik.h"
44 #include "../afs/auth.h"
45 #include "../afs/cellconfig.h"
46 #endif /* !defined(UKERNEL) */
49 #define KA_TIMESTR_LEN 30
50 #define Date afs_uint32
53 * Public function prototypes
56 extern afs_int32 ka_GetAuthToken (
60 struct ktc_encryptionKey *key,
65 extern afs_int32 ka_GetServerToken (
70 struct ktc_token *token,
75 extern afs_int32 ka_GetAdminToken (
79 struct ktc_encryptionKey *key,
81 struct ktc_token *token,
85 extern afs_int32 ka_VerifyUserToken(
89 struct ktc_encryptionKey *key
92 extern void ka_ExplicitCell (
94 afs_int32 serverList[]
97 extern afs_int32 ka_GetServers (
99 struct afsconf_cell *cellinfo
102 extern afs_int32 ka_GetSecurity (
104 struct ktc_token *token,
105 struct rx_securityClass **scP,
109 extern afs_int32 ka_SingleServerConn (
113 struct ktc_token *token,
114 struct ubik_client **conn
117 extern afs_int32 ka_AuthSpecificServersConn (
119 struct ktc_token *token,
120 struct afsconf_cell *cellinfo,
121 struct ubik_client **conn
124 extern afs_int32 ka_AuthServerConn (
127 struct ktc_token *token,
128 struct ubik_client **conn
131 extern afs_int32 ka_Authenticate (
135 struct ubik_client *conn,
137 struct ktc_encryptionKey *key,
140 struct ktc_token *token,
144 extern afs_int32 ka_GetToken (
150 struct ubik_client *conn,
153 struct ktc_token *auth_token,
155 struct ktc_token *token
158 extern afs_int32 ka_ChangePassword (
161 struct ubik_client *conn,
162 struct ktc_encryptionKey *oldkey,
163 struct ktc_encryptionKey *newkey
166 extern void ka_StringToKey (
169 struct ktc_encryptionKey *key
172 extern afs_int32 ka_ReadPassword (
176 struct ktc_encryptionKey *key
179 extern afs_int32 ka_ParseLoginName (
181 char name[MAXKTCNAMELEN],
182 char inst[MAXKTCNAMELEN],
183 char cell[MAXKTCREALMLEN]
188 #endif /* _MFC_VER */
189 extern afs_int32 ka_Init(
194 #endif /* _MFC_VER */
196 extern int ka_CellConfig (
200 extern char *ka_LocalCell (
204 extern int ka_ExpandCell (
210 extern int ka_CellToRealm (
216 extern void ka_PrintUserID (
223 extern void ka_PrintBytes (
228 extern int ka_ConvertBytes (
235 extern int ka_ReadBytes (
246 extern afs_int32 ka_KeyCheckSum (
251 extern int ka_KeyIsZero(
256 extern void ka_timestr (
262 extern afs_int32 ka_GetAFSTicket (
270 extern afs_int32 ka_UserAuthenticateGeneral (
277 afs_int32 *password_expires,
282 extern afs_int32 ka_UserAuthenticateGeneral2 (
290 afs_int32 *password_expires,
294 extern afs_int32 ka_UserAuthenticate (
303 extern afs_int32 ka_UserReadPassword (
310 extern afs_int32 ka_VerifyUserPassword(
319 #define KA_USERAUTH_VERSION 1
320 #define KA_USERAUTH_VERSION_MASK 0x00ffff
321 #define KA_USERAUTH_DOSETPAG 0x010000
322 #define KA_USERAUTH_DOSETPAG2 0x020000
323 #define KA_USERAUTH_ONLY_VERIFY 0x040000
324 #define KA_USERAUTH_AUTHENT_LOGON 0x100000
325 #define ka_UserAuthenticate(n,i,r,p,d,rP) \
326 ka_UserAuthenticateGeneral \
327 (KA_USERAUTH_VERSION + ((d) ? KA_USERAUTH_DOSETPAG : 0), \
328 n,i,r,p, /*lifetime*/0, /*spare1,2*/0,0, rP)
329 #define ka_UserAuthenticateLife(f,n,i,r,p,l,rP) \
330 ka_UserAuthenticateGeneral \
331 (KA_USERAUTH_VERSION + (f), n,i,r,p,l, /*spare1,2*/0,0, rP)
333 extern afs_int32 KAM_CreateUser();
334 extern afs_int32 KAM_DeleteUser();
335 extern afs_int32 KAA_ChangePassword();
336 extern afs_int32 KAM_SetPassword();
337 extern afs_int32 KAA_Authenticate(), KAA_AuthenticateV2();
338 extern afs_int32 KAT_GetTicket();
339 extern afs_int32 KAM_SetFields();
341 #define KA_NOREUSEPW 2
342 #define KA_ISLOCKED 4
344 extern afs_int32 KAM_GetEntry();
345 extern afs_int32 KAM_ListEntry();
346 extern afs_int32 KAM_GetStats();
347 extern afs_int32 KAM_GetPassword();
348 extern afs_int32 KAM_GetRandomKey();
349 extern afs_int32 KAM_Debug();
350 extern afs_int32 KAM_Unlock();
351 extern afs_int32 KAM_LockStatus();
353 #define KA_AUTHENTICATION_SERVICE 731
354 #define KA_TICKET_GRANTING_SERVICE 732
355 #define KA_MAINTENANCE_SERVICE 733
357 #define RX_SCINDEX_NULL 0 /* No security */
358 #define RX_SCINDEX_VAB 1 /* vice tokens, with bcrypt */
359 #define RX_SCINDEX_KAD 2 /* Kerberos/DES */
361 #define KA_TGS_NAME "krbtgt"
362 /* realm is TGS instance */
363 #define KA_ADMIN_NAME "AuthServer"
364 #define KA_ADMIN_INST "Admin"
366 #define KA_LABELSIZE 4
367 #define KA_GETTGT_REQ_LABEL "gTGS"
368 #define KA_GETTGT_ANS_LABEL "tgsT"
369 #define KA_GETADM_REQ_LABEL "gADM"
370 #define KA_GETADM_ANS_LABEL "admT"
371 #define KA_CPW_REQ_LABEL "CPWl"
372 #define KA_CPW_ANS_LABEL "Pass"
373 #define KA_GETTICKET_ANS_LABEL "gtkt"
375 struct ka_gettgtRequest { /* format of request */
376 Date time; /* time of request */
377 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
380 /* old interface: see ka_ticketAnswer instead */
381 struct ka_gettgtAnswer { /* format of response */
382 Date time; /* the time of the request plus one */
383 struct ktc_encryptionKey
384 sessionkey; /* the session key in the ticket */
385 afs_int32 kvno; /* version # of tkt encrypting key */
386 afs_int32 ticket_len; /* the ticket's length */
387 char ticket[MAXKTCTICKETLEN]; /* the ticket itself (no padding) */
388 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
391 struct ka_ticketAnswer { /* format of response */
392 afs_int32 cksum; /* function to be defined */
393 Date challenge; /* the time of the request plus one */
394 struct ktc_encryptionKey
395 sessionKey; /* the session key in the ticket */
398 afs_int32 kvno; /* version of ticket encrypting key */
399 afs_int32 ticketLen; /* the ticket's length */
400 char name[MAXKTCNAMELEN];
401 char instance[MAXKTCNAMELEN];
402 char cell[MAXKTCNAMELEN];
403 char sname[MAXKTCNAMELEN];
404 char sinstance[MAXKTCNAMELEN];
405 char ticket[MAXKTCTICKETLEN]; /* the ticket (no extra chars) */
406 char label[KA_LABELSIZE]; /* for detecting decryption errors */
409 struct ka_cpwRequest { /* format of request */
410 Date time; /* time of request */
411 struct ktc_encryptionKey
413 afs_int32 kvno; /* version number of key */
414 afs_int32 spare; /* must be zero */
415 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
418 struct ka_cpwAnswer { /* format of response */
419 Date time; /* the time of the request plus one */
420 char label[KA_LABELSIZE]; /* label to verify correct decrypt */
423 struct ka_getTicketTimes {
428 /* old interface: see ka_ticketAnswer instead */
429 struct ka_getTicketAnswer {
430 struct ktc_encryptionKey sessionKey;
435 char name[MAXKTCNAMELEN];
436 char instance[MAXKTCNAMELEN];
437 char cell[MAXKTCNAMELEN];
438 char sname[MAXKTCNAMELEN];
439 char sinstance[MAXKTCNAMELEN];
440 char ticket[MAXKTCTICKETLEN];
443 #ifndef ERROR_TABLE_BASE_KA
444 #define ka_ErrorString error_message
446 #define KAMINERROR ERROR_TABLE_BASE_KA
447 #define KAMAXERROR (KAMINERROR+255)