12e322d37SHiroki Sato /*- 2*2321c474SPedro F. Giffuni * SPDX-License-Identifier: BSD-3-Clause 3*2321c474SPedro F. Giffuni * 42e322d37SHiroki Sato * Copyright (c) 2009, Sun Microsystems, Inc. 52e322d37SHiroki Sato * All rights reserved. 68360efbdSAlfred Perlstein * 72e322d37SHiroki Sato * Redistribution and use in source and binary forms, with or without 82e322d37SHiroki Sato * modification, are permitted provided that the following conditions are met: 92e322d37SHiroki Sato * - Redistributions of source code must retain the above copyright notice, 102e322d37SHiroki Sato * this list of conditions and the following disclaimer. 112e322d37SHiroki Sato * - Redistributions in binary form must reproduce the above copyright notice, 122e322d37SHiroki Sato * this list of conditions and the following disclaimer in the documentation 132e322d37SHiroki Sato * and/or other materials provided with the distribution. 142e322d37SHiroki Sato * - Neither the name of Sun Microsystems, Inc. nor the names of its 152e322d37SHiroki Sato * contributors may be used to endorse or promote products derived 162e322d37SHiroki Sato * from this software without specific prior written permission. 178360efbdSAlfred Perlstein * 182e322d37SHiroki Sato * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 192e322d37SHiroki Sato * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 202e322d37SHiroki Sato * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 212e322d37SHiroki Sato * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 222e322d37SHiroki Sato * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 232e322d37SHiroki Sato * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 242e322d37SHiroki Sato * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 252e322d37SHiroki Sato * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 262e322d37SHiroki Sato * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 272e322d37SHiroki Sato * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 282e322d37SHiroki Sato * POSSIBILITY OF SUCH DAMAGE. 298360efbdSAlfred Perlstein */ 308360efbdSAlfred Perlstein /* 318360efbdSAlfred Perlstein * auth_kerb.h, Protocol for Kerberos style authentication for RPC 328360efbdSAlfred Perlstein * 338360efbdSAlfred Perlstein * Copyright (C) 1986, Sun Microsystems, Inc. 348360efbdSAlfred Perlstein */ 358360efbdSAlfred Perlstein 368360efbdSAlfred Perlstein #ifndef _RPC_AUTH_KERB_H 378360efbdSAlfred Perlstein #define _RPC_AUTH_KERB_H 388360efbdSAlfred Perlstein 398360efbdSAlfred Perlstein #ifdef KERBEROS 408360efbdSAlfred Perlstein 418360efbdSAlfred Perlstein #include <kerberos/krb.h> 428360efbdSAlfred Perlstein #include <sys/socket.h> 438360efbdSAlfred Perlstein #include <sys/t_kuser.h> 448360efbdSAlfred Perlstein #include <netinet/in.h> 458360efbdSAlfred Perlstein #include <rpc/svc.h> 468360efbdSAlfred Perlstein 478360efbdSAlfred Perlstein /* 488360efbdSAlfred Perlstein * There are two kinds of "names": fullnames and nicknames 498360efbdSAlfred Perlstein */ 508360efbdSAlfred Perlstein enum authkerb_namekind { 518360efbdSAlfred Perlstein AKN_FULLNAME, 528360efbdSAlfred Perlstein AKN_NICKNAME 538360efbdSAlfred Perlstein }; 548360efbdSAlfred Perlstein /* 558360efbdSAlfred Perlstein * A fullname contains the ticket and the window 568360efbdSAlfred Perlstein */ 578360efbdSAlfred Perlstein struct authkerb_fullname { 588360efbdSAlfred Perlstein KTEXT_ST ticket; 598360efbdSAlfred Perlstein u_long window; /* associated window */ 608360efbdSAlfred Perlstein }; 618360efbdSAlfred Perlstein 628360efbdSAlfred Perlstein /* 638360efbdSAlfred Perlstein * cooked credential stored in rq_clntcred 648360efbdSAlfred Perlstein */ 658360efbdSAlfred Perlstein struct authkerb_clnt_cred { 668360efbdSAlfred Perlstein /* start of AUTH_DAT */ 678360efbdSAlfred Perlstein unsigned char k_flags; /* Flags from ticket */ 688360efbdSAlfred Perlstein char pname[ANAME_SZ]; /* Principal's name */ 698360efbdSAlfred Perlstein char pinst[INST_SZ]; /* His Instance */ 708360efbdSAlfred Perlstein char prealm[REALM_SZ]; /* His Realm */ 718360efbdSAlfred Perlstein unsigned long checksum; /* Data checksum (opt) */ 728360efbdSAlfred Perlstein C_Block session; /* Session Key */ 738360efbdSAlfred Perlstein int life; /* Life of ticket */ 748360efbdSAlfred Perlstein unsigned long time_sec; /* Time ticket issued */ 758360efbdSAlfred Perlstein unsigned long address; /* Address in ticket */ 768360efbdSAlfred Perlstein /* KTEXT_ST reply; Auth reply (opt) */ 778360efbdSAlfred Perlstein /* end of AUTH_DAT */ 788360efbdSAlfred Perlstein unsigned long expiry; /* time the ticket is expiring */ 798360efbdSAlfred Perlstein u_long nickname; /* Nickname into cache */ 808360efbdSAlfred Perlstein u_long window; /* associated window */ 818360efbdSAlfred Perlstein }; 828360efbdSAlfred Perlstein 838360efbdSAlfred Perlstein typedef struct authkerb_clnt_cred authkerb_clnt_cred; 848360efbdSAlfred Perlstein 858360efbdSAlfred Perlstein /* 868360efbdSAlfred Perlstein * A credential 878360efbdSAlfred Perlstein */ 888360efbdSAlfred Perlstein struct authkerb_cred { 898360efbdSAlfred Perlstein enum authkerb_namekind akc_namekind; 908360efbdSAlfred Perlstein struct authkerb_fullname akc_fullname; 918360efbdSAlfred Perlstein u_long akc_nickname; 928360efbdSAlfred Perlstein }; 938360efbdSAlfred Perlstein 948360efbdSAlfred Perlstein /* 958360efbdSAlfred Perlstein * A kerb authentication verifier 968360efbdSAlfred Perlstein */ 978360efbdSAlfred Perlstein struct authkerb_verf { 988360efbdSAlfred Perlstein union { 998360efbdSAlfred Perlstein struct timeval akv_ctime; /* clear time */ 1008360efbdSAlfred Perlstein des_block akv_xtime; /* crypt time */ 1018360efbdSAlfred Perlstein } akv_time_u; 1028360efbdSAlfred Perlstein u_long akv_int_u; 1038360efbdSAlfred Perlstein }; 1048360efbdSAlfred Perlstein 1058360efbdSAlfred Perlstein /* 1068360efbdSAlfred Perlstein * des authentication verifier: client variety 1078360efbdSAlfred Perlstein * 1088360efbdSAlfred Perlstein * akv_timestamp is the current time. 1098360efbdSAlfred Perlstein * akv_winverf is the credential window + 1. 1108360efbdSAlfred Perlstein * Both are encrypted using the conversation key. 1118360efbdSAlfred Perlstein */ 1128360efbdSAlfred Perlstein #ifndef akv_timestamp 1138360efbdSAlfred Perlstein #define akv_timestamp akv_time_u.akv_ctime 1148360efbdSAlfred Perlstein #define akv_xtimestamp akv_time_u.akv_xtime 1158360efbdSAlfred Perlstein #define akv_winverf akv_int_u 1168360efbdSAlfred Perlstein #endif 1178360efbdSAlfred Perlstein /* 1188360efbdSAlfred Perlstein * des authentication verifier: server variety 1198360efbdSAlfred Perlstein * 1208360efbdSAlfred Perlstein * akv_timeverf is the client's timestamp + client's window 1218360efbdSAlfred Perlstein * akv_nickname is the server's nickname for the client. 1228360efbdSAlfred Perlstein * akv_timeverf is encrypted using the conversation key. 1238360efbdSAlfred Perlstein */ 1248360efbdSAlfred Perlstein #ifndef akv_timeverf 1258360efbdSAlfred Perlstein #define akv_timeverf akv_time_u.akv_ctime 1268360efbdSAlfred Perlstein #define akv_xtimeverf akv_time_u.akv_xtime 1278360efbdSAlfred Perlstein #define akv_nickname akv_int_u 1288360efbdSAlfred Perlstein #endif 1298360efbdSAlfred Perlstein 1308360efbdSAlfred Perlstein /* 1318360efbdSAlfred Perlstein * Register the service name, instance and realm. 1328360efbdSAlfred Perlstein */ 1338360efbdSAlfred Perlstein extern int authkerb_create(char *, char *, char *, u_int, 1348360efbdSAlfred Perlstein struct netbuf *, int *, dev_t, int, AUTH **); 1358360efbdSAlfred Perlstein extern bool_t xdr_authkerb_cred(XDR *, struct authkerb_cred *); 1368360efbdSAlfred Perlstein extern bool_t xdr_authkerb_verf(XDR *, struct authkerb_verf *); 1378360efbdSAlfred Perlstein extern int svc_kerb_reg(SVCXPRT *, char *, char *, char *); 1388360efbdSAlfred Perlstein extern enum auth_stat _svcauth_kerb(struct svc_req *, struct rpc_msg *); 1398360efbdSAlfred Perlstein 1408011e034SJens Schweikhardt #endif /* KERBEROS */ 1418360efbdSAlfred Perlstein #endif /* !_RPC_AUTH_KERB_H */ 142