/* KClient.h -- Application interface for KClient © Copyright 1994,95 by Project Mandarin Inc. Initial coding 8/94 Peter Bosanko. Added new routines 8/95 PCB Moved some constants from krbdriver.h ======================================================================== DES and Kerberos portions of this file are... ======================================================================== Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #ifndef _KCLIENT_ #define _KCLIENT_ #ifndef _TYPES_ #include #endif /* Error codes */ enum { cKrbCorruptedFile = -1024, /* couldn't find a needed resource */ cKrbNoKillIO, /* can't killIO because all calls sync */ cKrbBadSelector, /* csCode passed doesn't select a recognized function */ cKrbCantClose, /* we must always remain open */ cKrbMapDoesntExist, /* tried to access a map that doesn't exist (index too large, or criteria doesn't match anything) */ cKrbSessDoesntExist, /* tried to access a session that doesn't exist */ cKrbCredsDontExist, /* tried to access credentials that don't exist */ cKrbTCPunavailable, /* couldn't open MacTCP driver */ cKrbUserCancelled, /* user cancelled a log in operation */ cKrbConfigurationErr, /* Kerberos Preference file is not configured properly */ cKrbServerRejected, /* A server rejected our ticket */ cKrbServerImposter, /* Server appears to be a phoney */ cKrbServerRespIncomplete, /* Server response is not complete */ cKrbNotLoggedIn, /* Returned by cKrbGetUserName if user is not logged in */ cKrbOldDriver, /* old version of the driver */ cKrbDriverInUse, /* driver is not reentrant */ cKrbAppInBkgnd, /* driver won't put up password dialog when in background */ cKrbInvalidSession, /* invalid structure passed to KClient/KServer routine */ cKrbOptionNotDefined, /* returned from GetOption */ cKrbKerberosErrBlock = -20000 /* start of block of 256 kerberos error numbers */ }; #define LARGEST_DRIVER_ERROR cKrbOptionNotDefined typedef char KClientErrString[64]; enum { KClientLoggedIn, KClientNotLoggedIn }; /* Different kerberos name formats (for KServerGetUserName) */ enum { KClientLocalName, /* Don't specify realm */ KClientCommonName, /* Only specify realm if it isn't local */ KClientFullName /* Always specify realm */ }; /* Options */ enum { kclientOptionSaveName = 1, kclientOptionSynchTime, kclientOptionShowMenu, kclientOptionInstalled_1_6 }; struct KClientKey { unsigned char keyBytes[8]; }; typedef struct KClientKey KClientKey; struct KClientSessionInfo { char sessionBytes[256]; }; typedef struct KClientSessionInfo KClientSessionInfo; typedef KClientSessionInfo *KClientSessionPtr; /* Defines for obsolete function names */ #define KClientInitSession KClientNewSession #define KClientVerifySendAuth KClientVerifyReplyTicket /************************************/ /* Some includes from des.h & krb.h */ /************************************/ #if defined(powerc) || defined(__powerc) #pragma options align=mac68k #endif #ifndef DES_DEFS typedef unsigned char des_cblock[8]; /* crypto-block size */ /* Key schedule */ typedef struct des_ks_struct { des_cblock _; } des_key_schedule[16]; #endif /* DES_DEFS */ #ifndef KRB_DEFS #define C_Block des_cblock #define Key_schedule des_key_schedule /* The maximum sizes for aname, realm, sname, and instance +1 */ #define ANAME_SZ 40 #define REALM_SZ 40 #define SNAME_SZ 40 #define INST_SZ 40 /* Definition of text structure used to pass text around */ #define MAX_KTXT_LEN 1250 struct ktext { long length; /* Length of the text */ unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ unsigned long mbz; /* zero to catch runaway strings */ }; typedef struct ktext *KTEXT; typedef struct ktext KTEXT_ST; struct credentials { char service[ANAME_SZ]; /* Service name */ char instance[INST_SZ]; /* Instance */ char realm[REALM_SZ]; /* Auth domain */ C_Block session; /* Session key */ long lifetime; /* Lifetime */ long kvno; /* Key version number */ KTEXT_ST ticket_st; /* The ticket itself */ long issue_date; /* The issue time */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* Principal's instance */ }; typedef struct credentials CREDENTIALS; /* Structure definition for rd_private_msg and rd_safe_msg */ struct msg_dat { unsigned char *app_data; /* pointer to appl data */ unsigned long app_length; /* length of appl data */ unsigned long hash; /* hash to lookup replay */ long swap; /* swap bytes? */ long time_sec; /* msg timestamp seconds */ unsigned char time_5ms; /* msg timestamp 5ms units */ }; typedef struct msg_dat MSG_DAT; typedef unsigned long u_long; typedef unsigned short u_short; #define KRB_PASSWORD_SERVICE "changepw.kerberos" #endif /* KRB_DEFS */ #if defined(powerc) || defined(__powerc) #pragma options align=reset #endif #ifdef __cplusplus extern "C" { #endif /* * call into des ecb_encrypt */ /* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ int KClient_des_ecb_encrypt(KClientSessionInfo *session,des_cblock v1,des_cblock v2,int do_encrypt); /* * call into des pcbc_encrypt */ /* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ int KClient_des_pcbc_encrypt(KClientSessionInfo *session,des_cblock v1,des_cblock v2,long len,int do_encrypt); OSErr KClientNewSession(KClientSessionInfo *session, unsigned long lAddr,unsigned short lPort,unsigned long fAddr,unsigned short fPort); OSErr KClientDisposeSession(KClientSessionInfo *session); /* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ OSErr KClientGetTicketForServiceFull(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen,long cks); OSErr KClientGetTicketForService(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen); OSErr KClientLogin( KClientSessionInfo *session, KClientKey *privateKey ); OSErr KClientSetPrompt( KClientSessionInfo *session, char *prompt ); OSErr KClientPasswordLogin( KClientSessionInfo *session, char *password, KClientKey *privateKey ); OSErr KClientPasswordToKey( char *password, KClientKey *privateKey ); OSErr KClientKeyLogin( KClientSessionInfo *session, KClientKey *privateKey ); OSErr KClientLogout( void ); short KClientStatus( void ); OSErr KClientVersion( short *majorVersion, short *minorVersion, char *versionString ); OSErr KClientGetUserName(char *user); OSErr KClientGetSessionUserName(KClientSessionInfo *session, char *user, short nameType); OSErr KClientSetUserName(char *user); OSErr KClientCacheInitialTicket(KClientSessionInfo *session, char *service); OSErr KClientGetSessionKey(KClientSessionInfo *session, KClientKey *sessionKey); OSErr KClientMakeSendAuth(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen,long checksum, char *applicationVersion); OSErr KClientVerifyReplyTicket(KClientSessionInfo *session, void *buf,unsigned long *buflen ); OSErr KClientEncrypt(KClientSessionInfo *session, void *buf,unsigned long buflen,void *encryptBuf,unsigned long *encryptLength); OSErr KClientDecrypt(KClientSessionInfo *session, void *buf,unsigned long buflen,unsigned long *decryptOffset,unsigned long *decryptLength); void KClientErrorText(OSErr err, char *text); /* KServer calls */ OSErr KServerNewSession( KClientSessionInfo *session, char *service, unsigned long lAddr,unsigned short lPort,unsigned long fAddr,unsigned short fPort); OSErr KServerVerifyTicket( KClientSessionInfo *session, void *buf, char *keyFileName ); OSErr KServerGetReplyTicket( KClientSessionInfo *session, void *buf, unsigned long *buflen ); OSErr KServerGetKey( KClientSessionInfo *session, KClientKey *privateKey, char *service, long version, char *filename ); OSErr KServerAddKey( KClientSessionInfo *session, KClientKey *privateKey, char *service, long version, char *filename ); OSErr KServerGetSessionTimeRemaining( KClientSessionInfo *session, long *seconds ); /* Configuration routines */ OSErr KClientGetLocalRealm( char *realm ); OSErr KClientSetLocalRealm( char *realm ); OSErr KClientGetRealm( char *host, char *realm ); OSErr KClientAddRealmMap( char *host, char *realm ); OSErr KClientDeleteRealmMap( char *host ); OSErr KClientGetNthRealmMap( long n, char *host, char *realm ); OSErr KClientGetNthServer( long n, char *host, char *realm, Boolean admin ); OSErr KClientAddServerMap( char *host, char *realm, Boolean admin ); OSErr KClientDeleteServerMap( char *host, char *realm ); OSErr KClientGetNthServerMap( long n, char *host, char *realm, Boolean *admin ); OSErr KClientGetNthServerPort( long n, short *port ); OSErr KClientSetNthServerPort( long n, short port ); OSErr KClientGetNumSessions( long *n ); OSErr KClientGetNthSession( long n, char *name, char *instance, char *realm ); OSErr KClientDeleteSession( char *name, char *instance, char *realm ); OSErr KClientGetCredentials( char *name, char *instance, char *realm, CREDENTIALS *cred ); OSErr KClientAddCredentials( char *name, char *instance, char *realm, CREDENTIALS *cred ); OSErr KClientDeleteCredentials( char *name, char *instance, char *realm, char *sname, char *sinstance, char *srealm ); OSErr KClientGetNumCredentials( long *n, char *name, char *instance, char *realm ); OSErr KClientGetNthCredential( long n, char *name, char *instance, char *realm, char *sname, char *sinstance, char *srealm ); OSErr KClientAddSpecial( char *service, char *name ); OSErr KClientDeleteSpecial( char *service ); OSErr KClientGetNumSpecials( long *n ); OSErr KClientGetNthSpecial( long n, char *name, char *service ); OSErr KClientSetOption( short option, void *value ); OSErr KClientGetOption( short option, void *value ); #ifdef __cplusplus } #endif #endif