|
OpenAFS
OpenAFS distributed network file system
|
|
OpenAFS
OpenAFS distributed network file system
|
00001 /* 00002 * Copyright 2000, International Business Machines Corporation and others. 00003 * All Rights Reserved. 00004 * 00005 * This software has been released under the terms of the IBM Public 00006 * License. For details, see the LICENSE file in the top-level source 00007 * directory or online at http://www.openafs.org/dl/license10.html 00008 */ 00009 00010 /* 00011 * Revision 2.2 1990/09/27 13:51:37 00012 * Declare (char *) returning function ka_timestr(). 00013 * Cleanups. 00014 * 00015 * Revision 2.1 90/08/07 19:11:51 00016 * Start with clean version to sync test and dev trees. 00017 * */ 00018 00019 #ifndef __KAUTILS__ 00020 #define __KAUTILS__ 00021 00022 #include <afs/auth.h> 00023 00024 #ifndef KAMAJORVERSION 00025 /* just to be on the safe side, get these two first */ 00026 #include <sys/types.h> 00027 #include <rx/xdr.h> 00028 00029 /* get installed .h file only if not included already from local dir */ 00030 #ifndef _RXGEN_KAUTH_ 00031 #include <afs/kauth.h> 00032 #endif 00033 00034 #endif 00035 00036 #include <ubik.h> 00037 #include <afs/cellconfig.h> 00038 #include <afs/afsutil.h> 00039 00040 00041 #define KA_TIMESTR_LEN 30 00042 #define Date afs_uint32 00043 00044 /* 00045 * Public function prototypes 00046 */ 00047 00048 extern afs_int32 ka_GetAuthToken(char *name, char *instance, char *cell, 00049 struct ktc_encryptionKey *key, 00050 afs_int32 lifetime, afs_int32 * pwexpires); 00051 00052 extern afs_int32 ka_GetServerToken(char *name, char *instance, char *cell, 00053 Date lifetime, struct ktc_token *token, 00054 int newer, int dosetpag); 00055 00056 extern afs_int32 ka_GetAdminToken(char *name, char *instance, char *cell, 00057 struct ktc_encryptionKey *key, 00058 afs_int32 lifetime, struct ktc_token *token, 00059 int newer); 00060 00061 extern afs_int32 ka_VerifyUserToken(char *name, char *instance, char *cell, 00062 struct ktc_encryptionKey *key); 00063 00064 extern void ka_ExplicitCell(char *cell, afs_uint32 serverList[] 00065 ); 00066 00067 extern afs_int32 ka_GetServers(char *cell, struct afsconf_cell *cellinfo); 00068 00069 extern afs_int32 ka_GetSecurity(int service, struct ktc_token *token, 00070 struct rx_securityClass **scP, int *siP); 00071 00072 extern afs_int32 ka_SingleServerConn(char *cell, char *server, int service, 00073 struct ktc_token *token, 00074 struct ubik_client **conn); 00075 00076 extern afs_int32 ka_AuthSpecificServersConn(int service, 00077 struct ktc_token *token, 00078 struct afsconf_cell *cellinfo, 00079 struct ubik_client **conn); 00080 00081 extern afs_int32 ka_AuthServerConn(char *cell, int service, 00082 struct ktc_token *token, 00083 struct ubik_client **conn); 00084 00085 extern afs_int32 ka_Authenticate(char *name, char *instance, char *cell, 00086 struct ubik_client *conn, int service, 00087 struct ktc_encryptionKey *key, Date start, 00088 Date end, struct ktc_token *token, 00089 afs_int32 * pwexpires); 00090 00091 extern afs_int32 ka_GetToken(char *name, char *instance, char *cell, 00092 char *cname, char *cinst, 00093 struct ubik_client *conn, Date start, Date end, 00094 struct ktc_token *auth_token, char *auth_domain, 00095 struct ktc_token *token); 00096 00097 extern afs_int32 ka_ChangePassword(char *name, char *instance, 00098 struct ubik_client *conn, 00099 struct ktc_encryptionKey *oldkey, 00100 struct ktc_encryptionKey *newkey); 00101 00102 extern void ka_StringToKey(char *str, char *cell, 00103 struct ktc_encryptionKey *key); 00104 00105 extern afs_int32 ka_ReadPassword(char *prompt, int verify, char *cell, 00106 struct ktc_encryptionKey *key); 00107 00108 extern afs_int32 ka_ParseLoginName(char *login, char name[MAXKTCNAMELEN], 00109 char inst[MAXKTCNAMELEN], 00110 char cell[MAXKTCREALMLEN] 00111 ); 00112 00113 #ifdef _MFC_VER 00114 extern "C" { 00115 #endif /* _MFC_VER */ 00116 extern afs_int32 ka_Init(int flags); 00117 #ifdef _MFC_VER 00118 } 00119 #endif /* _MFC_VER */ 00120 extern int ka_CellConfig(const char *dir); 00121 00122 extern char *ka_LocalCell(void 00123 ); 00124 00125 extern int ka_ExpandCell(char *cell, char *fullCell, int *alocal); 00126 00127 extern int ka_CellToRealm(char *cell, char *realm, int *local) AFS_NONNULL((2)); 00128 00129 extern void ka_PrintUserID(char *prefix, char *name, char *instance, 00130 char *postfix); 00131 00132 extern void ka_PrintBytes(char bs[], int bl); 00133 00134 extern int ka_ConvertBytes(char *ascii, int alen, char bs[], int bl); 00135 00136 extern int ka_ReadBytes(char *ascii, char *binary, int blen); 00137 00138 extern int umin(afs_uint32 a, afs_uint32 b); 00139 00140 extern afs_int32 ka_KeyCheckSum(char *key, afs_uint32 * cksumP); 00141 00142 extern int ka_KeyIsZero(char *akey, int alen); 00143 00144 extern void ka_timestr(afs_int32 time, char *tstr, afs_int32 tlen); 00145 00146 extern void ka_debugKeyCache(struct ka_debugInfo *info); 00147 00148 extern void save_principal(char *p, char *n, char *i, char *c); 00149 00150 extern afs_int32 ka_GetAFSTicket(char *name, char *instance, char *realm, 00151 Date lifetime, afs_int32 flags); 00152 00153 extern afs_int32 ka_UserAuthenticateGeneral(afs_int32 flags, char *name, 00154 char *instance, char *realm, 00155 char *password, Date lifetime, 00156 afs_int32 * password_expires, 00157 afs_int32 spare2, char **reasonP); 00158 00159 extern afs_int32 ka_UserAuthenticateGeneral2(afs_int32 flags, char *name, 00160 char *instance, char *realm, 00161 char *password, char *smbname, 00162 Date lifetime, 00163 afs_int32 * password_expires, 00164 afs_int32 spare2, 00165 char **reasonP); 00166 extern afs_int32 ka_UserAuthenticate(char *name, char *instance, char *realm, 00167 char *password, int doSetPAG, 00168 char **reasonP); 00169 00170 extern afs_int32 ka_UserReadPassword(char *prompt, char *password, int plen, 00171 char **reasonP); 00172 00173 extern afs_int32 ka_VerifyUserPassword(afs_int32 version, char *name, 00174 char *instance, char *realm, 00175 char *password, int spare, 00176 char **reasonP); 00177 #define KA_USERAUTH_VERSION 1 00178 #define KA_USERAUTH_VERSION_MASK 0x00ffff 00179 #define KA_USERAUTH_DOSETPAG 0x010000 00180 #define KA_USERAUTH_DOSETPAG2 0x020000 00181 #define KA_USERAUTH_ONLY_VERIFY 0x040000 00182 #define KA_USERAUTH_AUTHENT_LOGON 0x100000 00183 #define ka_UserAuthenticate(n,i,r,p,d,rP) \ 00184 ka_UserAuthenticateGeneral \ 00185 (KA_USERAUTH_VERSION + ((d) ? KA_USERAUTH_DOSETPAG : 0), \ 00186 n,i,r,p, /*lifetime*/0, /*spare1,2*/0,0, rP) 00187 #define ka_UserAuthenticateLife(f,n,i,r,p,l,rP) \ 00188 ka_UserAuthenticateGeneral \ 00189 (KA_USERAUTH_VERSION + (f), n,i,r,p,l, /*spare1,2*/0,0, rP) 00190 00191 #define KA_REUSEPW 1 00192 #define KA_NOREUSEPW 2 00193 #define KA_ISLOCKED 4 00194 00195 #define KA_AUTHENTICATION_SERVICE 731 00196 #define KA_TICKET_GRANTING_SERVICE 732 00197 #define KA_MAINTENANCE_SERVICE 733 00198 00199 #define RX_SCINDEX_NULL 0 /* No security */ 00200 #define RX_SCINDEX_VAB 1 /* vice tokens, with bcrypt */ 00201 #define RX_SCINDEX_KAD 2 /* Kerberos/DES */ 00202 00203 #define KA_TGS_NAME "krbtgt" 00204 /* realm is TGS instance */ 00205 #define KA_ADMIN_NAME "AuthServer" 00206 #define KA_ADMIN_INST "Admin" 00207 00208 #define KA_LABELSIZE 4 00209 #define KA_GETTGT_REQ_LABEL "gTGS" 00210 #define KA_GETTGT_ANS_LABEL "tgsT" 00211 #define KA_GETADM_REQ_LABEL "gADM" 00212 #define KA_GETADM_ANS_LABEL "admT" 00213 #define KA_CPW_REQ_LABEL "CPWl" 00214 #define KA_CPW_ANS_LABEL "Pass" 00215 #define KA_GETTICKET_ANS_LABEL "gtkt" 00216 00217 struct ka_gettgtRequest { /* format of request */ 00218 Date time; /* time of request */ 00219 char label[KA_LABELSIZE]; /* label to verify correct decrypt */ 00220 }; 00221 00222 /* old interface: see ka_ticketAnswer instead */ 00223 struct ka_gettgtAnswer { /* format of response */ 00224 Date time; /* the time of the request plus one */ 00225 struct ktc_encryptionKey 00226 sessionkey; /* the session key in the ticket */ 00227 afs_int32 kvno; /* version # of tkt encrypting key */ 00228 afs_int32 ticket_len; /* the ticket's length */ 00229 char ticket[MAXKTCTICKETLEN]; /* the ticket itself (no padding) */ 00230 char label[KA_LABELSIZE]; /* label to verify correct decrypt */ 00231 }; 00232 00233 struct ka_ticketAnswer { /* format of response */ 00234 afs_int32 cksum; /* function to be defined */ 00235 Date challenge; /* the time of the request plus one */ 00236 struct ktc_encryptionKey 00237 sessionKey; /* the session key in the ticket */ 00238 Date startTime; 00239 Date endTime; 00240 afs_int32 kvno; /* version of ticket encrypting key */ 00241 afs_int32 ticketLen; /* the ticket's length */ 00242 char name[MAXKTCNAMELEN]; 00243 char instance[MAXKTCNAMELEN]; 00244 char cell[MAXKTCNAMELEN]; 00245 char sname[MAXKTCNAMELEN]; 00246 char sinstance[MAXKTCNAMELEN]; 00247 char ticket[MAXKTCTICKETLEN]; /* the ticket (no extra chars) */ 00248 char label[KA_LABELSIZE]; /* for detecting decryption errors */ 00249 }; 00250 00251 struct ka_cpwRequest { /* format of request */ 00252 Date time; /* time of request */ 00253 struct ktc_encryptionKey 00254 newpw; /* new key */ 00255 afs_int32 kvno; /* version number of key */ 00256 afs_int32 spare; /* must be zero */ 00257 char label[KA_LABELSIZE]; /* label to verify correct decrypt */ 00258 }; 00259 00260 struct ka_cpwAnswer { /* format of response */ 00261 Date time; /* the time of the request plus one */ 00262 char label[KA_LABELSIZE]; /* label to verify correct decrypt */ 00263 }; 00264 00265 struct ka_getTicketTimes { 00266 Date start; 00267 Date end; 00268 }; 00269 00270 /* old interface: see ka_ticketAnswer instead */ 00271 struct ka_getTicketAnswer { 00272 struct ktc_encryptionKey sessionKey; 00273 Date startTime; 00274 Date endTime; 00275 afs_int32 kvno; 00276 afs_int32 ticketLen; 00277 char name[MAXKTCNAMELEN]; 00278 char instance[MAXKTCNAMELEN]; 00279 char cell[MAXKTCNAMELEN]; 00280 char sname[MAXKTCNAMELEN]; 00281 char sinstance[MAXKTCNAMELEN]; 00282 char ticket[MAXKTCTICKETLEN]; 00283 }; 00284 00285 #ifndef ERROR_TABLE_BASE_KA 00286 #define ka_ErrorString afs_error_message 00287 #undef KAMINERROR 00288 #define KAMINERROR ERROR_TABLE_BASE_KA 00289 #define KAMAXERROR (KAMINERROR+255) 00290 #endif 00291 00292 #endif
1.7.4 
