18360efbdSAlfred Perlstein /* $FreeBSD$ */ 2*2e322d37SHiroki Sato /*- 3*2e322d37SHiroki Sato * Copyright (c) 2009, Sun Microsystems, Inc. 4*2e322d37SHiroki Sato * All rights reserved. 58360efbdSAlfred Perlstein * 6*2e322d37SHiroki Sato * Redistribution and use in source and binary forms, with or without 7*2e322d37SHiroki Sato * modification, are permitted provided that the following conditions are met: 8*2e322d37SHiroki Sato * - Redistributions of source code must retain the above copyright notice, 9*2e322d37SHiroki Sato * this list of conditions and the following disclaimer. 10*2e322d37SHiroki Sato * - Redistributions in binary form must reproduce the above copyright notice, 11*2e322d37SHiroki Sato * this list of conditions and the following disclaimer in the documentation 12*2e322d37SHiroki Sato * and/or other materials provided with the distribution. 13*2e322d37SHiroki Sato * - Neither the name of Sun Microsystems, Inc. nor the names of its 14*2e322d37SHiroki Sato * contributors may be used to endorse or promote products derived 15*2e322d37SHiroki Sato * from this software without specific prior written permission. 168360efbdSAlfred Perlstein * 17*2e322d37SHiroki Sato * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18*2e322d37SHiroki Sato * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19*2e322d37SHiroki Sato * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20*2e322d37SHiroki Sato * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21*2e322d37SHiroki Sato * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22*2e322d37SHiroki Sato * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23*2e322d37SHiroki Sato * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24*2e322d37SHiroki Sato * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25*2e322d37SHiroki Sato * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26*2e322d37SHiroki Sato * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27*2e322d37SHiroki Sato * POSSIBILITY OF SUCH DAMAGE. 288360efbdSAlfred Perlstein */ 298360efbdSAlfred Perlstein /* 308360efbdSAlfred Perlstein * auth_kerb.h, Protocol for Kerberos style authentication for RPC 318360efbdSAlfred Perlstein * 328360efbdSAlfred Perlstein * Copyright (C) 1986, Sun Microsystems, Inc. 338360efbdSAlfred Perlstein */ 348360efbdSAlfred Perlstein 358360efbdSAlfred Perlstein #ifndef _RPC_AUTH_KERB_H 368360efbdSAlfred Perlstein #define _RPC_AUTH_KERB_H 378360efbdSAlfred Perlstein 388360efbdSAlfred Perlstein #ifdef KERBEROS 398360efbdSAlfred Perlstein 408360efbdSAlfred Perlstein #include <kerberos/krb.h> 418360efbdSAlfred Perlstein #include <sys/socket.h> 428360efbdSAlfred Perlstein #include <sys/t_kuser.h> 438360efbdSAlfred Perlstein #include <netinet/in.h> 448360efbdSAlfred Perlstein #include <rpc/svc.h> 458360efbdSAlfred Perlstein 468360efbdSAlfred Perlstein /* 478360efbdSAlfred Perlstein * There are two kinds of "names": fullnames and nicknames 488360efbdSAlfred Perlstein */ 498360efbdSAlfred Perlstein enum authkerb_namekind { 508360efbdSAlfred Perlstein AKN_FULLNAME, 518360efbdSAlfred Perlstein AKN_NICKNAME 528360efbdSAlfred Perlstein }; 538360efbdSAlfred Perlstein /* 548360efbdSAlfred Perlstein * A fullname contains the ticket and the window 558360efbdSAlfred Perlstein */ 568360efbdSAlfred Perlstein struct authkerb_fullname { 578360efbdSAlfred Perlstein KTEXT_ST ticket; 588360efbdSAlfred Perlstein u_long window; /* associated window */ 598360efbdSAlfred Perlstein }; 608360efbdSAlfred Perlstein 618360efbdSAlfred Perlstein /* 628360efbdSAlfred Perlstein * cooked credential stored in rq_clntcred 638360efbdSAlfred Perlstein */ 648360efbdSAlfred Perlstein struct authkerb_clnt_cred { 658360efbdSAlfred Perlstein /* start of AUTH_DAT */ 668360efbdSAlfred Perlstein unsigned char k_flags; /* Flags from ticket */ 678360efbdSAlfred Perlstein char pname[ANAME_SZ]; /* Principal's name */ 688360efbdSAlfred Perlstein char pinst[INST_SZ]; /* His Instance */ 698360efbdSAlfred Perlstein char prealm[REALM_SZ]; /* His Realm */ 708360efbdSAlfred Perlstein unsigned long checksum; /* Data checksum (opt) */ 718360efbdSAlfred Perlstein C_Block session; /* Session Key */ 728360efbdSAlfred Perlstein int life; /* Life of ticket */ 738360efbdSAlfred Perlstein unsigned long time_sec; /* Time ticket issued */ 748360efbdSAlfred Perlstein unsigned long address; /* Address in ticket */ 758360efbdSAlfred Perlstein /* KTEXT_ST reply; Auth reply (opt) */ 768360efbdSAlfred Perlstein /* end of AUTH_DAT */ 778360efbdSAlfred Perlstein unsigned long expiry; /* time the ticket is expiring */ 788360efbdSAlfred Perlstein u_long nickname; /* Nickname into cache */ 798360efbdSAlfred Perlstein u_long window; /* associated window */ 808360efbdSAlfred Perlstein }; 818360efbdSAlfred Perlstein 828360efbdSAlfred Perlstein typedef struct authkerb_clnt_cred authkerb_clnt_cred; 838360efbdSAlfred Perlstein 848360efbdSAlfred Perlstein /* 858360efbdSAlfred Perlstein * A credential 868360efbdSAlfred Perlstein */ 878360efbdSAlfred Perlstein struct authkerb_cred { 888360efbdSAlfred Perlstein enum authkerb_namekind akc_namekind; 898360efbdSAlfred Perlstein struct authkerb_fullname akc_fullname; 908360efbdSAlfred Perlstein u_long akc_nickname; 918360efbdSAlfred Perlstein }; 928360efbdSAlfred Perlstein 938360efbdSAlfred Perlstein /* 948360efbdSAlfred Perlstein * A kerb authentication verifier 958360efbdSAlfred Perlstein */ 968360efbdSAlfred Perlstein struct authkerb_verf { 978360efbdSAlfred Perlstein union { 988360efbdSAlfred Perlstein struct timeval akv_ctime; /* clear time */ 998360efbdSAlfred Perlstein des_block akv_xtime; /* crypt time */ 1008360efbdSAlfred Perlstein } akv_time_u; 1018360efbdSAlfred Perlstein u_long akv_int_u; 1028360efbdSAlfred Perlstein }; 1038360efbdSAlfred Perlstein 1048360efbdSAlfred Perlstein /* 1058360efbdSAlfred Perlstein * des authentication verifier: client variety 1068360efbdSAlfred Perlstein * 1078360efbdSAlfred Perlstein * akv_timestamp is the current time. 1088360efbdSAlfred Perlstein * akv_winverf is the credential window + 1. 1098360efbdSAlfred Perlstein * Both are encrypted using the conversation key. 1108360efbdSAlfred Perlstein */ 1118360efbdSAlfred Perlstein #ifndef akv_timestamp 1128360efbdSAlfred Perlstein #define akv_timestamp akv_time_u.akv_ctime 1138360efbdSAlfred Perlstein #define akv_xtimestamp akv_time_u.akv_xtime 1148360efbdSAlfred Perlstein #define akv_winverf akv_int_u 1158360efbdSAlfred Perlstein #endif 1168360efbdSAlfred Perlstein /* 1178360efbdSAlfred Perlstein * des authentication verifier: server variety 1188360efbdSAlfred Perlstein * 1198360efbdSAlfred Perlstein * akv_timeverf is the client's timestamp + client's window 1208360efbdSAlfred Perlstein * akv_nickname is the server's nickname for the client. 1218360efbdSAlfred Perlstein * akv_timeverf is encrypted using the conversation key. 1228360efbdSAlfred Perlstein */ 1238360efbdSAlfred Perlstein #ifndef akv_timeverf 1248360efbdSAlfred Perlstein #define akv_timeverf akv_time_u.akv_ctime 1258360efbdSAlfred Perlstein #define akv_xtimeverf akv_time_u.akv_xtime 1268360efbdSAlfred Perlstein #define akv_nickname akv_int_u 1278360efbdSAlfred Perlstein #endif 1288360efbdSAlfred Perlstein 1298360efbdSAlfred Perlstein /* 1308360efbdSAlfred Perlstein * Register the service name, instance and realm. 1318360efbdSAlfred Perlstein */ 1328360efbdSAlfred Perlstein extern int authkerb_create(char *, char *, char *, u_int, 1338360efbdSAlfred Perlstein struct netbuf *, int *, dev_t, int, AUTH **); 1348360efbdSAlfred Perlstein extern bool_t xdr_authkerb_cred(XDR *, struct authkerb_cred *); 1358360efbdSAlfred Perlstein extern bool_t xdr_authkerb_verf(XDR *, struct authkerb_verf *); 1368360efbdSAlfred Perlstein extern int svc_kerb_reg(SVCXPRT *, char *, char *, char *); 1378360efbdSAlfred Perlstein extern enum auth_stat _svcauth_kerb(struct svc_req *, struct rpc_msg *); 1388360efbdSAlfred Perlstein 1398011e034SJens Schweikhardt #endif /* KERBEROS */ 1408360efbdSAlfred Perlstein #endif /* !_RPC_AUTH_KERB_H */ 141