2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 /* The Kerberos Authenticated DES security object. */
13 #ifndef OPENAFS_RXKAD_RXKAD_H
14 #define OPENAFS_RXKAD_RXKAD_H
16 /* no ticket good for longer than 30 days */
17 #define MAXKTCTICKETLIFETIME (30*24*3600)
18 #define MINKTCTICKETLEN 32
20 #if defined(AFS_AIX52_ENV)
22 #define MAXKTCTICKETLEN 12000 /* was 344 */
24 #define MAXKTCTICKETLEN 344
27 #define MAXKTCTICKETLEN 12000 /* was 344 */
30 #define MAXKTCNAMELEN 64 /* name & inst should be 256 */
31 #define MAXKTCREALMLEN 64 /* should be 256 */
32 #define KTC_TIME_UNCERTAINTY (15*60) /* max skew bet. machines' clocks */
34 #define MAXRANDOMNAMELEN 16 /* length of random generated
35 * usernames used by afslog for high
36 * security must be < MAXKTCNAMELEN && < MAXSMBNAMELEN */
37 #define MAXSMBNAMELEN 256 /* max length of an SMB name */
39 #define LOGON_OPTION_INTEGRATED 1
40 #define LOGON_OPTION_HIGHSECURITY 2
43 * Define ticket types. For Kerberos V4 tickets, this is overloaded as
44 * the server key version number, so class numbers 0 through 255 are reserved
45 * for V4 tickets. For Kerberos V5, tickets have an in-the-clear portion
46 * containing the server key version, so we only use a single type number to
47 * identify those tickets. The ticket type is carried in the kvno field
48 * passed to/from ktc_[SG]etToken.
50 #define RXKAD_TKT_TYPE_KERBEROS_V5 256
51 #define RXKAD_TKT_TYPE_KERBEROS_V5_ENCPART_ONLY 213
53 #define MAXKRB5TICKETLEN MAXKTCTICKETLEN
56 * The AFS/DFS translator may also make use of additional ticket types in
57 * the range 257 through 511. DO NOT USE THESE FOR ANY OTHER PURPOSE.
59 #define RXKAD_TKT_TYPE_ADAPT_RESERVED_MIN 257
60 #define RXKAD_TKT_TYPE_ADAPT_RESERVED_MAX 511
62 struct ktc_encryptionKey {
66 struct ktc_principal {
67 char name[MAXKTCNAMELEN];
68 char instance[MAXKTCNAMELEN];
69 char cell[MAXKTCREALMLEN];
71 char smbname[MAXSMBNAMELEN];
76 #define NEVERDATE 0xffffffff
79 /* this function round a length to the correct encryption block size */
80 #define round_up_to_ebs(v) (((v) + 7) & (~7))
82 typedef char rxkad_type;
83 #define rxkad_client 1 /* bits definitions */
84 #define rxkad_server 2
86 typedef char rxkad_level;
87 #define rxkad_clear 0 /* send packets in the clear */
88 #define rxkad_auth 1 /* send encrypted sequence numbers */
89 #define rxkad_crypt 2 /* encrypt packet data */
91 /* many stats are kept per type and per level. These are encoded into an index
92 * from 0 to 5 by the StatIndex macro. */
94 #define rxkad_StatIndex(type,level) \
95 (((((type) == 1) || ((type) == 2)) && ((level) >= 0) && ((level) <= 2)) \
96 ? (((level)<<1)+(type)-1) : 0)
97 #define rxkad_LevelIndex(level) \
98 ((((level) >= 0) && ((level) <= 2)) ? (level) : 0)
99 #define rxkad_TypeIndex(type) \
100 ((((type) == 1) || ((type) == 2)) ? (type) : 0)
103 afs_uint32 connections[3]; /* client side only */
104 afs_uint32 destroyObject; /* client security objects */
105 afs_uint32 destroyClient; /* client connections */
106 afs_uint32 destroyUnused; /* unused server conn */
107 afs_uint32 destroyUnauth; /* unauthenticated server conn */
108 afs_uint32 destroyConn[3]; /* server conn per level */
109 afs_uint32 expired; /* server packets rejected */
110 afs_uint32 challengesSent; /* server challenges sent */
111 afs_uint32 challenges[3]; /* challenges seen by client */
112 afs_uint32 responses[3]; /* responses seen by server */
113 afs_uint32 preparePackets[6];
114 afs_uint32 checkPackets[6];
115 afs_uint32 bytesEncrypted[2]; /* index just by type */
116 afs_uint32 bytesDecrypted[2];
117 afs_uint32 fc_encrypts[2]; /* DECRYPT==0, ENCRYPT==1 */
118 afs_uint32 fc_key_scheds; /* key schedule creations */
119 afs_uint32 des_encrypts[2]; /* DECRYPT==0, ENCRYPT==1 */
120 afs_uint32 des_key_scheds; /* key schedule creations */
121 afs_uint32 des_randoms; /* random blocks generated */
125 #if defined(AFS_NT40_ENV) && defined(AFS_PTHREAD_ENV)
126 #ifndef RXKAD_STATS_DECLSPEC
127 #define RXKAD_STATS_DECLSPEC __declspec(dllimport) extern
130 #define RXKAD_STATS_DECLSPEC extern
132 RXKAD_STATS_DECLSPEC struct rxkad_stats rxkad_stats;
133 #ifdef AFS_PTHREAD_ENV
136 extern pthread_mutex_t rxkad_stats_mutex;
137 #define LOCK_RXKAD_STATS assert(pthread_mutex_lock(&rxkad_stats_mutex)==0)
138 #define UNLOCK_RXKAD_STATS assert(pthread_mutex_unlock(&rxkad_stats_mutex)==0)
140 #define LOCK_RXKAD_STATS
141 #define UNLOCK_RXKAD_STATS
145 /* gak! using up spares already! */
146 #define rxkad_stats_clientObjects (rxkad_stats.spares[0])
147 #define rxkad_stats_serverObjects (rxkad_stats.spares[1])
149 extern int rxkad_EpochWasSet; /* TRUE => we called rx_SetEpoch */
151 #include "rxkad_prototypes.h"
153 #endif /* OPENAFS_RXKAD_RXKAD_H */